Lutino

salut charles ingals voici le rapport servicefilter The script did not recognize the services listed below. This does not mean that they are a problem. To copy the entire contents of this document for posting: At the top of this window click "Edit" then "Select All" Next click "Edit" again then "Copy" Now right click in the forum post box then click "Paste" ######################################## ServiceFilter 1.1 by rand1038 Microsoft Windows 2000 Professionnel Version: 5.0.2195 Service Pack 4 avr. 4, 2007 22:24:54 ---> Begin Service Listing <--- Unknown Service # 1 Service Name: ACNLFCKLWIINLRTIAQINK Display Name: ACNLFCKLWIINLRTIAQINK Start Mode: Disabled Start Name: LocalSystem Description: ACNLFCKLWIINLRTIAQINK... Service Type: Own Process Path: c:\docume~1\admini~1\locals~1\temp\acnlfcklwiinlrtiaqink.exe State: Stopped Process ID: 0 Started: Faux Exit Code: 1077 Accept Pause: Faux Accept Stop: Faux Unknown Service # 2 Service Name: AVG Anti-Spyware Guard Display Name: AVG Anti-Spyware Guard Start Mode: Auto Start Name: LocalSystem Description: AVG Anti-Spyware ... Service Type: Own Process Path: d:\avg anti-spyware 7.5\guard.exe State: Running Process ID: 520 Started: Vrai Exit Code: 0 Accept Pause: Faux Accept Stop: Faux Unknown Service # 3 Service Name: bdss Display Name: BitDefender Scan Server Start Mode: Auto Start Name: LocalSystem Description: BitDefender Scan ... Service Type: Own Process Path: c:\program files\fichiers communs\softwin\bitdefender scan server\bdss.exe /service State: Running Process ID: 2120 Started: Vrai Exit Code: 0 Accept Pause: Faux Accept Stop: Vrai Unknown Service # 4 Service Name: gusvc Display Name: Google Updater Service Start Mode: Disabled Start Name: LocalSystem Description: Google Updater ... Service Type: Own Process Path: "c:\program files\google\common\google updater\googleupdaterservice.exe" State: Stopped Process ID: 0 Started: Faux Exit Code: 1077 Accept Pause: Faux Accept Stop: Faux Unknown Service # 5 Service Name: JZDEPB Display Name: JZDEPB Start Mode: Disabled Start Name: LocalSystem Description: JZDEPB... Service Type: Own Process Path: c:\docume~1\admini~1\locals~1\temp\jzdepb.exe State: Stopped Process ID: 0 Started: Faux Exit Code: 1077 Accept Pause: Faux Accept Stop: Faux Unknown Service # 6 Service Name: msnntlp Display Name: msnntlp Start Mode: Disabled Start Name: LocalSystem Description: msnntlp... Service Type: Own Process Path: "c:\winnt\system\msnntlp.exe" State: Stopped Process ID: 0 Started: Faux Exit Code: 1077 Accept Pause: Faux Accept Stop: Faux Unknown Service # 7 Service Name: MTZN Display Name: MTZN Start Mode: Disabled Start Name: LocalSystem Description: MTZN... Service Type: Own Process Path: c:\docume~1\admini~1\locals~1\temp\mtzn.exe State: Stopped Process ID: 0 Started: Faux Exit Code: 1077 Accept Pause: Faux Accept Stop: Faux Unknown Service # 8 Service Name: NJV Display Name: NJV Start Mode: Disabled Start Name: LocalSystem Description: NJV... Service Type: Own Process Path: c:\docume~1\admini~1\locals~1\temp\njv.exe State: Stopped Process ID: 0 Started: Faux Exit Code: 1077 Accept Pause: Faux Accept Stop: Faux Unknown Service # 9 Service Name: QYACU Display Name: QYACU Start Mode: Disabled Start Name: LocalSystem Description: QYACU... Service Type: Own Process Path: c:\docume~1\admini~1\locals~1\temp\qyacu.exe State: Stopped Process ID: 0 Started: Faux Exit Code: 1077 Accept Pause: Faux Accept Stop: Faux Unknown Service # 10 Service Name: StarWindService Display Name: StarWind iSCSI Service Start Mode: Auto Start Name: LocalSystem Description: StarWind iSCSI ... Service Type: Own Process Path: d:\alcohol 120\starwind\starwindservice.exe State: Running Process ID: 716 Started: Vrai Exit Code: 0 Accept Pause: Faux Accept Stop: Vrai Unknown Service # 11 Service Name: VSSERV Display Name: BitDefender Virus Shield Start Mode: Auto Start Name: LocalSystem Description: BitDefender Virus ... Service Type: Own Process Path: c:\program files\softwin\bitdefender8\vsserv.exe /service State: Running Process ID: 2024 Started: Vrai Exit Code: 0 Accept Pause: Faux Accept Stop: Vrai Unknown Service # 12 Service Name: Windows NT-Session Manager Display Name: Windows NT-Session Manager Start Mode: Disabled Start Name: LocalSystem Description: Windows NT-Session ... Service Type: Own Process Path: "c:\winnt\smss.exe" State: Stopped Process ID: 0 Started: Faux Exit Code: 1077 Accept Pause: Faux Accept Stop: Faux Unknown Service # 13 Service Name: WPQX Display Name: WPQX Start Mode: Disabled Start Name: LocalSystem Description: WPQX... Service Type: Own Process Path: c:\docume~1\admini~1\locals~1\temp\wpqx.exe State: Stopped Process ID: 0 Started: Faux Exit Code: 1077 Accept Pause: Faux Accept Stop: Faux Unknown Service # 14 Service Name: WWPSR Display Name: WWPSR Start Mode: Disabled Start Name: LocalSystem Description: WWPSR... Service Type: Own Process Path: c:\docume~1\admini~1\locals~1\temp\wwpsr.exe State: Stopped Process ID: 0 Started: Faux Exit Code: 1077 Accept Pause: Faux Accept Stop: Faux Unknown Service # 15 Service Name: XCOMM Display Name: BitDefender Communicator Start Mode: Auto Start Name: LocalSystem Description: BitDefender ... Service Type: Own Process Path: c:\program files\fichiers communs\softwin\bitdefender communicator\xcommsvr.exe /service State: Running Process ID: 860 Started: Vrai Exit Code: 0 Accept Pause: Faux Accept Stop: Vrai Unknown Service # 16 Service Name: Event Display Name: Events Log Start Mode: Auto Start Name: .\Administrateur Description: Events ... Service Type: Own Process Path: c:\winnt\system32\drivers\csrss.exe -k networkservice State: Stopped Process ID: 0 Started: Faux Exit Code: 0 Accept Pause: Faux Accept Stop: Faux ---> End Service Listing <--- There are 74 Win32 services on this machine. 16 were unrecognized. Script Execution Time: 4,390625 seconds. houlala j'en ai des bôs services stp est ce que tu peux me dire ce que je fais des fichiers trouvés par panda? si j'en fais qquechose merci ne sois pas désolé pour l'attente je me rend scompte de tout le monde que tu aides!!! je sais que vous etes benevoles mais j'espere quand meme que zebulon vous offre des tee shirts ou des voyages sur les îles...

ok c'est retipar pour un rapport panda Incident Statut Analyse Spyware:Cookie/WUpd No Désinfecté C:\Documents and Settings\Administrateur\Cookies\administrateur@revenue[2].txt Spyware:Cookie/Searchportal No Désinfecté C:\Documents and Settings\Administrateur\Cookies\administrateur@searchportal.information[1].txt Virus:W32/Sdbot.ftp.worm Désinfecté C:\WINNT\system32\i Outil indésirable:Application/Processor No Désinfecté C:\WINNT\system32\Process.exe Outil indésirable:Application/KillApp.B No Désinfecté D:\Mes documents\Programmes source\EasyDivX\softs\ck.exe est ce que j'essaye de virer tout ces fichiers ouu cookie en ModeSE? @ +

salut charles ingals bon j'ai lançé le scan panda ce matin car habituellement les scans en ligne prennent chez moi 3heures... et j'ai encore vérifié pas de csrss.exe dans C:\winnt\system32\drivers et j'ai bien tous les fichoiers qui apparaissent (meme les fichiers cachés) par contre avec une recherche vingt doses ce fichier aparrait aussi dans C:\winnt\system32\dllcache (qui est un dossier caché) celui là aussi est il légitime? (on dirait car il a une version microsoft ds les propriétés) je te souhaite une bonne journée et j'espère à +

Charles ingals j'ai une rude journée qui m'attends demain je vais me pieuter et reviens demain merci encore

bon virustotal est en train par contre pas de csrss.exe ds winnt\system32\drivers mais dans winnt\system32. et pas du tout de unvise32qt.exe nulle part... ah il a fini voila le rapport Complete scanning result of "csrss.exe", received in VirusTotal at 04.04.2007, 00:11:08 (CET). Antivirus Version Update Result AhnLab-V3 2007.4.4.0 04.03.2007 no virus found AntiVir 7.3.1.48 04.03.2007 no virus found Authentium 4.93.8 04.03.2007 no virus found Avast 4.7.936.0 04.03.2007 no virus found AVG 7.5.0.447 04.03.2007 no virus found BitDefender 7.2 04.03.2007 no virus found CAT-QuickHeal 9.00 04.03.2007 no virus found ClamAV devel-20070312 04.03.2007 no virus found DrWeb 4.33 04.03.2007 no virus found eSafe 7.0.15.0 04.03.2007 no virus found eTrust-Vet 30.6.3536 04.03.2007 no virus found Ewido 4.0 04.03.2007 no virus found FileAdvisor 1 04.04.2007 No threat detected Fortinet 2.85.0.0 04.03.2007 no virus found F-Prot 4.3.1.45 04.03.2007 no virus found F-Secure 6.70.13030.0 04.03.2007 no virus found Ikarus T3.1.1.3 04.03.2007 no virus found Kaspersky 4.0.2.24 04.03.2007 no virus found McAfee 4999 04.03.2007 no virus found Microsoft 1.2306 04.03.2007 no virus found NOD32v2 2167 04.03.2007 no virus found Norman 5.80.02 04.03.2007 no virus found Panda 9.0.0.4 04.03.2007 no virus found Prevx1 V2 04.04.2007 no virus found Sophos 4.16.0 03.30.2007 no virus found Sunbelt 2.2.907.0 04.03.2007 no virus found Symantec 10 04.03.2007 no virus found TheHacker 6.1.6.084 04.02.2007 no virus found VBA32 3.11.3 04.03.2007 no virus found VirusBuster 4.3.7:9 04.03.2007 no virus found Webwasher-Gateway 6.0.1 04.03.2007 no virus found Aditional Information File size: 5392 bytes MD5: 216216a63b36679fe0cb07b11e0bdb0c SHA1: 8bf8bd2dbffe79998821d4ccd83b13b5b6f68812 Bit9 info: http://fileadvisor.bit9.com/services/extin...0cb07b11e0bdb0c

et violi le rapport hijack : StartupList report, 03/04/2007, 23:44:34 StartupList version: 1.52.2 Started from : C:\Documents and Settings\Administrateur\Bureau\HijackThis.EXE Detected: Windows 2000 SP4 (WinNT 5.00.2195) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe d:\AVG Anti-Spyware 7.5\guard.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\MSTask.exe d:\Alcohol 120\StarWind\StarWindService.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Softwin\BitDefender8\vsserv.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\RUNDLL32.EXE C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe C:\Program Files\Softwin\BitDefender8\bdoesrv.exe C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe C:\WINNT\system32\rundll32.exe D:\AVG Anti-Spyware 7.5\avgas.exe D:\a-squared Anti-Malware\a2guard.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe D:\Spybot - Search & Destroy\TeaTimer.exe D:\PC Alert III\alert.exe D:\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage] Raccourci vers alert.lnk = D:\PC Alert III\alert.exe Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage] *No files* Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINNT\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run NvCplDaemon = RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup nwiz = nwiz.exe /install NvMediaCenter = RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit BDMCon = C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe BDOESRV = C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe BDNewsAgent = "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe" Synchronization Manager = mobsync.exe /logon PSDrvCheck = C:\WINNT\system32\PSDrvCheck.exe !AVG Anti-Spyware = "D:\AVG Anti-Spyware 7.5\avgas.exe" /minimized a-squared = "D:\a-squared Anti-Malware\a2guard.exe" SunJavaUpdateSched = "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run SpybotSD TeaTimer = d:\Spybot - Search & Destroy\TeaTimer.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\system32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] * StubPath = C:\WINNT\system32\setup\wmpocm.exe /HideWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = "C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigIE [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = "C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigOE [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\mplayer2.inf,PerUserStub.NT [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{6A5110B5-E14B-4268-A065-EF89FF33C325}] * StubPath = regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe [{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] * StubPath = %SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINNT\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll -------------------------------------------------- Shell & screensaver key from C:\WINNT\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINNT\system32\ssbezier.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINNT\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINNT\Explorer\Explorer.exe: not present C:\WINNT\System\Explorer.exe: not present C:\WINNT\System32\Explorer.exe: not present C:\WINNT\Command\Explorer.exe: not present C:\WINNT\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINNT - .reg open command is normal (regedit.exe %1) - Regedit.exe has no CompanyName property! It is either missing or named something else. - Regedit.exe has no OriginalFilename property! It is either missing or named something else. - Regedit.exe has no FileDescription property! It is either missing or named something else. Registry check failed! -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -------------------------------------------------- Enumerating Task Scheduler jobs: *No jobs found* -------------------------------------------------- Enumerating Download Program Files: [bDSCANONLINE Control] InProcServer32 = C:\WINNT\DOWNLO~1\oscan8.ocx CODEBASE = http://bitdefender.bwm-mediasoft.com/scan8/oscan8.cab [WUWebControl Class] InProcServer32 = C:\WINNT\system32\wuweb.dll CODEBASE = http://update.microsoft.com/windowsupdate/...b?1169836031859 [HouseCall Control] InProcServer32 = C:\WINNT\DOWNLO~1\xscan53.ocx CODEBASE = http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab [Java Plug-in 1.5.0_11] InProcServer32 = C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab [a-squared Scanner] InProcServer32 = C:\WINNT\DOWNLO~1\asquared.ocx CODEBASE = http://ax.emsisoft.com/asquared.cab [Java Plug-in 1.5.0_06] InProcServer32 = C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab [Java Plug-in 1.5.0_11] InProcServer32 = C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab [Java Plug-in 1.5.0_11] InProcServer32 = C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINNT\System32\rnr20.dll NameSpace #2: C:\WINNT\System32\winrnr.dll Protocol #1: C:\WINNT\system32\msafd.dll Protocol #2: C:\WINNT\system32\msafd.dll Protocol #3: C:\WINNT\system32\msafd.dll Protocol #4: C:\WINNT\system32\rsvpsp.dll Protocol #5: C:\WINNT\system32\rsvpsp.dll Protocol #6: C:\WINNT\system32\msafd.dll Protocol #7: C:\WINNT\system32\msafd.dll Protocol #8: C:\WINNT\system32\msafd.dll Protocol #9: C:\WINNT\system32\msafd.dll Protocol #10: C:\WINNT\system32\msafd.dll Protocol #11: C:\WINNT\system32\msafd.dll Protocol #12: C:\WINNT\system32\msafd.dll Protocol #13: C:\WINNT\system32\msafd.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services ACNLFCKLWIINLRTIAQINK: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ACNLFCKLWIINLRTIAQINK.exe (disabled) Pilote ACPI Microsoft: system32\DRIVERS\ACPI.sys (system) Environnement de prise en charge de réseau AFD: \SystemRoot\System32\drivers\afd.sys (autostart) Service for Avance AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start) Avertissement: %SystemRoot%\system32\services.exe (manual start) Gestion d'applications: %SystemRoot%\system32\services.exe (manual start) Pilote de média asynchrone RAS: system32\DRIVERS\asyncmac.sys (manual start) Contrôleur de disque dur IDE/ESDI standard: system32\DRIVERS\atapi.sys (system) atksgt: system32\DRIVERS\atksgt.sys (autostart) Protocole client ATM ARP: system32\DRIVERS\atmarpc.sys (manual start) Pilote audio Stub: system32\DRIVERS\audstub.sys (manual start) AVG Anti-Spyware Driver: \??\d:\AVG Anti-Spyware 7.5\guard.sys (system) AVG Anti-Spyware Guard: d:\AVG Anti-Spyware 7.5\guard.exe (autostart) AVG Anti-Spyware Clean Driver: System32\DRIVERS\AvgAsCln.sys (system) BitDefender Scan Server: C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe /service (autostart) Service de transfert intelligent en arrière-plan: %SystemRoot%\system32\svchost.exe -k BITSgroup (manual start) Explorateur d'ordinateur: %SystemRoot%\system32\services.exe (autostart) Décodeur sous-titre fermé: system32\drivers\ccdecode.sys (manual start) Pilote de CD-ROM: system32\DRIVERS\cdrom.sys (system) Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start) Gestionnaire de l'Album: %SystemRoot%\system32\clipsrv.exe (manual start) Client DHCP: %SystemRoot%\system32\services.exe (autostart) Pilote de disque: system32\DRIVERS\disk.sys (system) Service d'administration du Gestionnaire de disque logique: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) Pilote de Gestionnaire de disque logique: System32\drivers\dmio.sys (system) dmload: System32\drivers\dmload.sys (system) Gestionnaire de disque logique: %SystemRoot%\System32\services.exe (autostart) Synthé logiciel Microsoft DirectMusic (WDM): system32\drivers\DMusic.sys (manual start) Client DNS: %SystemRoot%\system32\services.exe (autostart) Events Log: %systemroot%\system32\drivers\csrss.exe -k NetworkService (autostart) Journal des événements: %SystemRoot%\system32\services.exe (autostart) Système d'événements de COM+: C:\WINNT\system32\svchost.exe -k netsvcs (manual start) Service de télécopie: %systemroot%\system32\faxsvc.exe (manual start) Carte réseau virtuelle FreeBox USB: system32\DRIVERS\fbxusb32.sys (manual start) Pilote de contrôleur de lecteur de disquettes: system32\DRIVERS\fdc.sys (manual start) FILESpy: \??\C:\Program Files\Softwin\BitDefender8\filespy.sys (autostart) Pilote de lecteur de disquettes: system32\DRIVERS\flpydisk.sys (manual start) FltMgr: system32\drivers\fltmgr.sys (system) Pilote du Gestionnaire de volume: system32\DRIVERS\ftdisk.sys (system) Game Port Enumerator: system32\DRIVERS\gameenum.sys (manual start) gmer: System32\DRIVERS\gmer.sys (manual start) GMSIPCI: \??\H:\INSTALL\GMSIPCI.SYS (manual start) Classificateur de paquets générique: system32\DRIVERS\msgpc.sys (manual start) Google Updater Service: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (disabled) Pilote de classe HID Microsoft: system32\DRIVERS\hidusb.sys (autostart) Pilote pour clavier i8042 et souris sur port PS/2: system32\DRIVERS\i8042prt.sys (system) Imagedrv: system32\DRIVERS\imagedrv.sys (system) Pilote de filtre de trafic IP: system32\DRIVERS\ipfltdrv.sys (manual start) Pilote de tunnelage IP dans IP: system32\DRIVERS\ipinip.sys (manual start) Traducteur d'adresses réseau IP: system32\DRIVERS\ipnat.sys (manual start) Pilote IPSEC: system32\DRIVERS\ipsec.sys (manual start) IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start) Pilote de bus Plug-and-Play ISA/EISA: system32\DRIVERS\isapnp.sys (system) JZDEPB: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JZDEPB.exe (disabled) Pilote de la classe Clavier: system32\DRIVERS\kbdclass.sys (system) Mélangeur audio Wave de noyau Microsoft: system32\drivers\kmixer.sys (manual start) Serveur: %SystemRoot%\system32\services.exe (autostart) Station de travail: %SystemRoot%\system32\services.exe (autostart) lirsgt: system32\DRIVERS\lirsgt.sys (autostart) Service d'application d'assistance TCP/IP NetBIOS: %SystemRoot%\system32\services.exe (autostart) Affichage des messages: %SystemRoot%\system32\services.exe (disabled) Partage de Bureau à distance NetMeeting: C:\WINNT\system32\mnmsrvc.exe (manual start) Pilote de la classe Souris: system32\DRIVERS\mouclass.sys (system) MRXSMB: system32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: C:\WINNT\system32\msdtc.exe (manual start) Windows Installer: C:\WINNT\system32\msiexec.exe /V (manual start) Proxy de service de répartition Microsoft: system32\drivers\MSKSSRV.sys (manual start) msnntlp: "C:\WINNT\system\msnntlp.exe" (disabled) Proxy d'horloge de répartition Microsoft: system32\drivers\MSPCLOCK.sys (manual start) Proxy de gestion de qualité de répartition Microsoft: system32\drivers\MSPQM.sys (manual start) Convertisseur en T/site-à-site de répartition Microsoft: system32\drivers\MSTEE.sys (manual start) MTZN: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MTZN.exe (disabled) NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start) Pilote TAPI NDIS d'accès à distance: system32\DRIVERS\ndistapi.sys (manual start) NDIS Protocole mode utilisateur E/S: system32\DRIVERS\ndisuio.sys (manual start) Pilote réseau étendu NDIS d'accès à distance: system32\DRIVERS\ndiswan.sys (manual start) Interface NetBIOS: system32\DRIVERS\netbios.sys (system) NetBIOS sur TCP/IP: system32\DRIVERS\netbt.sys (system) DDE réseau: %SystemRoot%\system32\netdde.exe (manual start) DSDM DDE réseau: %SystemRoot%\system32\netdde.exe (manual start) NetDetect: \SystemRoot\system32\drivers\netdtect.sys (manual start) Ouverture de session réseau: %SystemRoot%\system32\lsass.exe (manual start) Connexions réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) NJV: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NJV.exe (disabled) NetGroup Packet Filter Driver: system32\drivers\npf.sys (manual start) NTACCESS: \??\H:\NTACCESS.sys (manual start) Fournisseur de la prise en charge de sécurité LM NT: %SystemRoot%\system32\lsass.exe (manual start) Médias amovibles: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) nv: system32\DRIVERS\nv4_mini.sys (manual start) NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart) Pilote de filtre de trafic IPX: system32\DRIVERS\nwlnkflt.sys (manual start) Pilote de transfert de trafic IPX: system32\DRIVERS\nwlnkfwd.sys (manual start) Pilote de classe parallèle: system32\DRIVERS\parallel.sys (manual start) Pilote de port parallèle: system32\DRIVERS\parport.sys (system) PCAlertDriver: \??\D:\PC Alert III\NTGLM7X.sys (manual start) PCI Bus Driver: system32\DRIVERS\pci.sys (system) PCIIde: system32\DRIVERS\pciide.sys (system) Plug-and-Play: %SystemRoot%\system32\services.exe (autostart) Agent de stratégie IPSEC: %SystemRoot%\system32\lsass.exe (autostart) Miniport réseau étendu (PPTP): system32\DRIVERS\raspptp.sys (manual start) Emplacement protégé: %SystemRoot%\system32\services.exe (autostart) Pilote de liaison parallèle directe: system32\DRIVERS\ptilink.sys (manual start) PxHelp20: System32\Drivers\PxHelp20.sys (system) QYACU: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\QYACU.exe (disabled) Pilote de connexion automatique d'accès distant: system32\DRIVERS\rasacd.sys (system) Gestionnaire de connexion automatique d'accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Miniport réseau étendu (L2TP): system32\DRIVERS\rasl2tp.sys (manual start) Gestionnaire de connexions d'accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Parallèle direct: system32\DRIVERS\raspti.sys (manual start) Microsoft Streaming Network Raw Channel Access: system32\drivers\RCA.sys (manual start) Rdbss: system32\DRIVERS\rdbss.sys (system) Pilote de filtre de lecture digitale de CD audio: system32\DRIVERS\redbook.sys (system) REGSpy: \??\C:\Program Files\Softwin\BitDefender8\regspy.sys (autostart) Routage et accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled) Service d'accès à distance au Registre: %SystemRoot%\system32\regsvc.exe (disabled) Pinnacle WDM PCTV Audio Capture: system32\DRIVERS\rob_a.sys (autostart) Pinnacle WDM PCTV Video Capture: system32\drivers\rob_v.sys (autostart) Remote Packet Capture Protocol v.0 (experimental): "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" (disabled) Localisateur d'appels de procédure distante (RPC): %SystemRoot%\system32\locator.exe (manual start) Appel de procédure distante (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\system32\rsvp.exe -s (manual start) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139: system32\DRIVERS\RTL8139.SYS (manual start) Gestionnaire de comptes de sécurité: %SystemRoot%\system32\lsass.exe (autostart) Prise en charge des cartes à puces: %SystemRoot%\System32\SCardSvr.exe (manual start) Carte à puce: %SystemRoot%\System32\SCardSvr.exe (manual start) Planificateur de tâches: %SystemRoot%\system32\MSTask.exe (autostart) SecDrv: \??\C:\WINNT\system32\drivers\SECDRV.SYS (autostart) Service d'exécution par délégation: %SystemRoot%\system32\services.exe (autostart) Notification d'événement système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Pilote de filtre Serenum: system32\DRIVERS\serenum.sys (manual start) Pilote de port série: system32\DRIVERS\serial.sys (system) SetupNTGLM7X: \??\H:\NTGLM7X.sys (manual start) StarForce Protection Environment Driver (version 1.x): System32\drivers\sfdrv01.sys (system) StarForce Protection Helper Driver (version 2.x): System32\drivers\sfhlp02.sys (system) StarForce Protection Synchronization Driver (version 2.x): System32\drivers\sfsync02.sys (system) Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start) Spouleur d'impression: %SystemRoot%\system32\spoolsv.exe (autostart) sptd: System32\Drivers\sptd.sys (system) Srv: system32\DRIVERS\srv.sys (manual start) StarWind iSCSI Service: d:\Alcohol 120\StarWind\StarWindService.exe (autostart) Still Image Service: %systemroot%\system32\stisvc.exe (autostart) BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start) Pilote de bus logiciel: system32\DRIVERS\swenum.sys (manual start) Synthétiseur de table de sons GC noyau Microsoft: system32\drivers\swmidi.sys (manual start) Périphérique audio système Microsoft: system32\drivers\sysaudio.sys (manual start) Journaux et alertes de performance: %SystemRoot%\system32\smlogsvc.exe (manual start) Téléphonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote du protocole TCP/IP: system32\DRIVERS\tcpip.sys (system) Telnet: %SystemRoot%\system32\tlntsvr.exe (disabled) Client de suivi de lien distribué: %SystemRoot%\system32\services.exe (autostart) Pilote de contrôleur hôte universel USB Microsoft: system32\DRIVERS\uhcd.sys (manual start) Pilote de mise à jour du microcode: system32\DRIVERS\update.sys (manual start) Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start) Pilote de concentrateur standard USB Microsoft: system32\DRIVERS\usbhub.sys (manual start) Classe d'imprimantes USB Microsoft: system32\DRIVERS\usbprint.sys (manual start) Pilote de scanneur USB: system32\DRIVERS\usbscan.sys (manual start) Pilote de stockage de masse USB: system32\DRIVERS\USBSTOR.SYS (manual start) Gestionnaire d'utilitaires: %SystemRoot%\System32\UtilMan.exe (manual start) vaxscsi: \SystemRoot\System32\Drivers\vaxscsi.sys (manual start) VgaSave: \SystemRoot\System32\drivers\vga.sys (system) Filtre de bus AGP VIA: System32\DRIVERS\viaagp1.sys (system) VIA AGP Bus Filter : system32\DRIVERS\viaagp1.sys (system) VIA USB Filter: \SystemRoot\System32\Drivers\viausb.sys (manual start) viaide: system32\DRIVERS\viaide.sys (system) VIAPFD: \SystemRoot\System32\Drivers\VIAPFD.SYS (system) BitDefender Virus Shield: C:\Program Files\Softwin\BitDefender8\vsserv.exe /service (autostart) Horloge Windows: %SystemRoot%\System32\services.exe (manual start) Pilote ARP IP d'accès à distance: system32\DRIVERS\wanarp.sys (manual start) Pilote WINMM de compatibilité audio WDM Microsoft: system32\drivers\wdmaud.sys (manual start) Windows NT-Session Manager: "C:\WINNT\smss.exe" (disabled) Infrastructure de gestion Windows: %SystemRoot%\System32\WBEM\WinMgmt.exe (autostart) Extensions du pilote WMI: %SystemRoot%\system32\Services.exe (manual start) WPQX: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WPQX.exe (disabled) World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start) Mises à jour automatiques: %systemroot%\system32\svchost.exe -k wugroup (autostart) WWPSR: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WWPSR.exe (disabled) Configuration sans fil: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) BitDefender Communicator: C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe /service (autostart) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll WebCheck: C:\WINNT\system32\webcheck.dll SysTray: stobject.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- End of report, 31 796 bytes Report generated in 0,172 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only

yop ok voila déjà le rapport gmer GMER 1.0.12.12086 - http://www.gmer.net Rootkit scan 2007-04-03 23:43:11 Windows 5.0.2195 Service Pack 4 ---- System - GMER 1.0.12 ---- SSDT sptd.sys ZwCreateKey SSDT sptd.sys ZwEnumerateKey SSDT sptd.sys ZwEnumerateValueKey SSDT \??\C:\Program Files\Softwin\BitDefender8\filespy.sys ZwOpenFile SSDT sptd.sys ZwOpenKey SSDT \??\d:\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess SSDT sptd.sys ZwQueryKey SSDT sptd.sys ZwQueryValueKey SSDT sptd.sys ZwSetValueKey SSDT \??\d:\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess ---- Kernel code sections - GMER 1.0.12 ---- ? C:\WINNT\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus. ? C:\WINNT\System32\Drivers\SPTD5725.SYS Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus. ? C:\WINNT\System32\Drivers\vaxscsi.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus. ? C:\WINNT\system32\Drivers\mchInjDrv.sys Le fichier spécifié est introuvable. .text NTDLL.DLL!NtClose 784681F8 5 Bytes JMP 720342BA .text NTDLL.DLL!NtCreateProcess 78468308 5 Bytes JMP 72034445 .text NTDLL.DLL!NtCreateSection 78468328 5 Bytes JMP 720342D8 ---- User code sections - GMER 1.0.12 ---- .text C:\WINNT\system32\winlogon.exe[248] KERNEL32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 10003140 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\winlogon.exe[248] WS2_32.DLL!closesocket 74FB145E 5 Bytes JMP 10003110 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\winlogon.exe[248] WS2_32.DLL!send 74FB1BCC 5 Bytes JMP 10002B00 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\winlogon.exe[248] WS2_32.DLL!gethostbyname 74FB266D 5 Bytes JMP 10002DD0 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\winlogon.exe[248] WS2_32.DLL!sendto 74FB3454 5 Bytes JMP 10002D70 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\winlogon.exe[248] WS2_32.DLL!bind 74FB361B 5 Bytes JMP 100030D0 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\winlogon.exe[248] WS2_32.DLL!recvfrom 74FBA1EC 5 Bytes JMP 10002D00 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\winlogon.exe[248] WS2_32.DLL!connect 74FBC1B9 5 Bytes JMP 10002E00 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\winlogon.exe[248] WS2_32.DLL!listen 74FBC556 5 Bytes JMP 10002AC0 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\winlogon.exe[248] WS2_32.DLL!accept 74FBC9B7 5 Bytes JMP 10002FE0 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\services.exe[280] KERNEL32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 10003140 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\services.exe[280] WS2_32.DLL!closesocket 74FB145E 5 Bytes JMP 10003110 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\services.exe[280] WS2_32.DLL!send 74FB1BCC 5 Bytes JMP 10002B00 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\services.exe[280] WS2_32.DLL!gethostbyname 74FB266D 5 Bytes JMP 10002DD0 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\services.exe[280] WS2_32.DLL!sendto 74FB3454 5 Bytes JMP 10002D70 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\services.exe[280] WS2_32.DLL!bind 74FB361B 5 Bytes JMP 100030D0 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\services.exe[280] WS2_32.DLL!recvfrom 74FBA1EC 5 Bytes JMP 10002D00 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\services.exe[280] WS2_32.DLL!connect 74FBC1B9 5 Bytes JMP 10002E00 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\services.exe[280] WS2_32.DLL!listen 74FBC556 5 Bytes JMP 10002AC0 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\services.exe[280] WS2_32.DLL!accept 74FBC9B7 5 Bytes JMP 10002FE0 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\lsass.exe[292] KERNEL32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 10003140 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\lsass.exe[292] WS2_32.DLL!closesocket 74FB145E 5 Bytes JMP 10003110 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\lsass.exe[292] WS2_32.DLL!send 74FB1BCC 5 Bytes JMP 10002B00 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\lsass.exe[292] WS2_32.DLL!gethostbyname 74FB266D 5 Bytes JMP 10002DD0 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\lsass.exe[292] WS2_32.DLL!sendto 74FB3454 5 Bytes JMP 10002D70 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\lsass.exe[292] WS2_32.DLL!bind 74FB361B 5 Bytes JMP 100030D0 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\lsass.exe[292] WS2_32.DLL!recvfrom 74FBA1EC 5 Bytes JMP 10002D00 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\lsass.exe[292] WS2_32.DLL!connect 74FBC1B9 5 Bytes JMP 10002E00 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\lsass.exe[292] WS2_32.DLL!listen 74FBC556 5 Bytes JMP 10002AC0 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\lsass.exe[292] WS2_32.DLL!accept 74FBC9B7 5 Bytes JMP 10002FE0 C:\WINNT\system32\sockspy.dll .text d:\AVG Anti-Spyware 7.5\guard.exe[520] KERNEL32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 00543140 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\nvsvc32.exe[612] KERNEL32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 10003140 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\MSTask.exe[664] KERNEL32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 10003140 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\MSTask.exe[664] WS2_32.DLL!closesocket 74FB145E 5 Bytes JMP 10003110 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\MSTask.exe[664] WS2_32.DLL!send 74FB1BCC 5 Bytes JMP 10002B00 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\MSTask.exe[664] WS2_32.DLL!gethostbyname 74FB266D 5 Bytes JMP 10002DD0 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\MSTask.exe[664] WS2_32.DLL!sendto 74FB3454 5 Bytes JMP 10002D70 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\MSTask.exe[664] WS2_32.DLL!bind 74FB361B 5 Bytes JMP 100030D0 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\MSTask.exe[664] WS2_32.DLL!recvfrom 74FBA1EC 5 Bytes JMP 10002D00 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\MSTask.exe[664] WS2_32.DLL!connect 74FBC1B9 5 Bytes JMP 10002E00 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\MSTask.exe[664] WS2_32.DLL!listen 74FBC556 5 Bytes JMP 10002AC0 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\MSTask.exe[664] WS2_32.DLL!accept 74FBC9B7 5 Bytes JMP 10002FE0 C:\WINNT\system32\sockspy.dll .text d:\Alcohol 120\StarWind\StarWindService.exe[772] KERNEL32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 10003140 C:\WINNT\system32\sockspy.dll .text d:\Alcohol 120\StarWind\StarWindService.exe[772] WS2_32.dll!closesocket 74FB145E 5 Bytes JMP 10003110 C:\WINNT\system32\sockspy.dll .text d:\Alcohol 120\StarWind\StarWindService.exe[772] WS2_32.dll!send 74FB1BCC 5 Bytes JMP 10002B00 C:\WINNT\system32\sockspy.dll .text d:\Alcohol 120\StarWind\StarWindService.exe[772] WS2_32.dll!gethostbyname 74FB266D 5 Bytes JMP 10002DD0 C:\WINNT\system32\sockspy.dll .text d:\Alcohol 120\StarWind\StarWindService.exe[772] WS2_32.dll!sendto 74FB3454 5 Bytes JMP 10002D70 C:\WINNT\system32\sockspy.dll .text d:\Alcohol 120\StarWind\StarWindService.exe[772] WS2_32.dll!bind 74FB361B 5 Bytes JMP 100030D0 C:\WINNT\system32\sockspy.dll .text d:\Alcohol 120\StarWind\StarWindService.exe[772] WS2_32.dll!recvfrom 74FBA1EC 5 Bytes JMP 10002D00 C:\WINNT\system32\sockspy.dll .text d:\Alcohol 120\StarWind\StarWindService.exe[772] WS2_32.dll!connect 74FBC1B9 5 Bytes JMP 10002E00 C:\WINNT\system32\sockspy.dll .text d:\Alcohol 120\StarWind\StarWindService.exe[772] WS2_32.dll!listen 74FBC556 5 Bytes JMP 10002AC0 C:\WINNT\system32\sockspy.dll .text d:\Alcohol 120\StarWind\StarWindService.exe[772] WS2_32.dll!accept 74FBC9B7 5 Bytes JMP 10002FE0 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\stisvc.exe[796] KERNEL32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 10003140 C:\WINNT\system32\sockspy.dll .text C:\WINNT\System32\WBEM\WinMgmt.exe[828] KERNEL32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 10003140 C:\WINNT\system32\sockspy.dll .text C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe[880] KERNEL32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 00523140 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\rundll32.exe[976] KERNEL32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 10003140 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\rundll32.exe[976] KERNEL32.dll!LoadLibraryExW 77E90565 6 Bytes JMP 5F070F5A .text C:\WINNT\system32\rundll32.exe[976] KERNEL32.dll!CreateProcessW 77E96951 6 Bytes JMP 5F0A0F5A .text C:\WINNT\system32\rundll32.exe[976] KERNEL32.dll!OpenProcess 77E9697D 6 Bytes JMP 5F1C0F5A .text C:\WINNT\system32\rundll32.exe[976] KERNEL32.dll!WinExec 77E974FA 6 Bytes JMP 5F040F5A .text C:\WINNT\system32\rundll32.exe[976] KERNEL32.dll!WriteProcessMemory 77E97960 6 Bytes JMP 5F190F5A .text C:\WINNT\system32\rundll32.exe[976] ADVAPI32.dll!CreateServiceA 78F14B39 6 Bytes JMP 5F130F5A .text C:\WINNT\system32\rundll32.exe[976] ADVAPI32.dll!CreateServiceW 78F14CF9 6 Bytes JMP 5F160F5A .text C:\WINNT\system32\rundll32.exe[976] SHELL32.dll!Shell_NotifyIconW 7CEA80E4 6 Bytes JMP 5F220F5A .text C:\WINNT\system32\rundll32.exe[976] SHELL32.dll!Shell_NotifyIcon 7CEA81E3 6 Bytes JMP 5F1F0F5A .text C:\WINNT\system32\rundll32.exe[976] WS2_32.DLL!connect 74FBC1B9 6 Bytes JMP 5F0D0F5A .text C:\WINNT\system32\rundll32.exe[976] WS2_32.DLL!listen 74FBC556 6 Bytes JMP 5F100F5A .text C:\WINNT\Explorer.EXE[1068] ADVAPI32.DLL!CreateServiceA 78F14B39 6 Bytes JMP 5F150F5A .text C:\WINNT\Explorer.EXE[1068] ADVAPI32.DLL!CreateServiceW 78F14CF9 6 Bytes JMP 5F180F5A .text C:\WINNT\Explorer.EXE[1068] KERNEL32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 10003140 C:\WINNT\system32\sockspy.dll .text C:\WINNT\Explorer.EXE[1068] KERNEL32.dll!LoadLibraryExW 77E90565 6 Bytes JMP 5F070F5A .text C:\WINNT\Explorer.EXE[1068] KERNEL32.dll!CreateProcessW 77E96951 6 Bytes JMP 5F0A0F5A .text C:\WINNT\Explorer.EXE[1068] KERNEL32.dll!OpenProcess 77E9697D 6 Bytes JMP 5F1E0F5A .text C:\WINNT\Explorer.EXE[1068] KERNEL32.dll!WinExec 77E974FA 6 Bytes JMP 5F040F5A .text C:\WINNT\Explorer.EXE[1068] KERNEL32.dll!WriteProcessMemory 77E97960 6 Bytes JMP 5F1B0F5A .text C:\WINNT\Explorer.EXE[1068] SHELL32.dll!Shell_NotifyIconW 7CEA80E4 6 Bytes JMP 5F240F5A .text C:\WINNT\Explorer.EXE[1068] SHELL32.dll!Shell_NotifyIcon 7CEA81E3 6 Bytes JMP 5F210F5A .text C:\WINNT\Explorer.EXE[1068] WS2_32.DLL!closesocket 74FB145E 5 Bytes JMP 10003110 C:\WINNT\system32\sockspy.dll .text C:\WINNT\Explorer.EXE[1068] WS2_32.DLL!send 74FB1BCC 5 Bytes JMP 10002B00 C:\WINNT\system32\sockspy.dll .text C:\WINNT\Explorer.EXE[1068] WS2_32.DLL!gethostbyname 74FB266D 5 Bytes JMP 10002DD0 C:\WINNT\system32\sockspy.dll .text C:\WINNT\Explorer.EXE[1068] WS2_32.DLL!sendto 74FB3454 5 Bytes JMP 10002D70 C:\WINNT\system32\sockspy.dll .text C:\WINNT\Explorer.EXE[1068] WS2_32.DLL!bind 74FB361B 5 Bytes JMP 100030D0 C:\WINNT\system32\sockspy.dll .text C:\WINNT\Explorer.EXE[1068] WS2_32.DLL!recvfrom 74FBA1EC 5 Bytes JMP 10002D00 C:\WINNT\system32\sockspy.dll .text C:\WINNT\Explorer.EXE[1068] WS2_32.DLL!connect 74FBC1B9 5 Bytes JMP 10002E00 C:\WINNT\system32\sockspy.dll .text C:\WINNT\Explorer.EXE[1068] WS2_32.DLL!listen 74FBC556 5 Bytes JMP 10002AC0 C:\WINNT\system32\sockspy.dll .text C:\WINNT\Explorer.EXE[1068] WS2_32.DLL!accept 74FBC9B7 5 Bytes JMP 10002FE0 C:\WINNT\system32\sockspy.dll .text D:\Mozilla Firefox\firefox.exe[1096] ADVAPI32.dll!CreateServiceA 78F14B39 6 Bytes JMP 5F0D0F5A .text D:\Mozilla Firefox\firefox.exe[1096] ADVAPI32.dll!CreateServiceW 78F14CF9 6 Bytes JMP 5F100F5A .text D:\Mozilla Firefox\firefox.exe[1096] KERNEL32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 10003140 C:\WINNT\system32\sockspy.dll .text D:\Mozilla Firefox\firefox.exe[1096] KERNEL32.dll!LoadLibraryExW 77E90565 6 Bytes JMP 5F070F5A .text D:\Mozilla Firefox\firefox.exe[1096] KERNEL32.dll!FreeLibrary + 37 77E9089E 4 Bytes [ 9A, F7, 86, F9 ] .text D:\Mozilla Firefox\firefox.exe[1096] KERNEL32.dll!CreateProcessW 77E96951 6 Bytes JMP 5F0A0F5A .text D:\Mozilla Firefox\firefox.exe[1096] KERNEL32.dll!OpenProcess 77E9697D 6 Bytes JMP 5F160F5A .text D:\Mozilla Firefox\firefox.exe[1096] KERNEL32.dll!WinExec 77E974FA 6 Bytes JMP 5F040F5A .text D:\Mozilla Firefox\firefox.exe[1096] KERNEL32.dll!WriteProcessMemory 77E97960 6 Bytes JMP 5F130F5A .text D:\Mozilla Firefox\firefox.exe[1096] WS2_32.DLL!closesocket 74FB145E 5 Bytes JMP 10003110 C:\WINNT\system32\sockspy.dll .text D:\Mozilla Firefox\firefox.exe[1096] WS2_32.DLL!send 74FB1BCC 5 Bytes JMP 10002B00 C:\WINNT\system32\sockspy.dll .text D:\Mozilla Firefox\firefox.exe[1096] WS2_32.DLL!gethostbyname 74FB266D 5 Bytes JMP 10002DD0 C:\WINNT\system32\sockspy.dll .text D:\Mozilla Firefox\firefox.exe[1096] WS2_32.DLL!sendto 74FB3454 5 Bytes JMP 10002D70 C:\WINNT\system32\sockspy.dll .text D:\Mozilla Firefox\firefox.exe[1096] WS2_32.DLL!bind 74FB361B 5 Bytes JMP 100030D0 C:\WINNT\system32\sockspy.dll .text D:\Mozilla Firefox\firefox.exe[1096] WS2_32.DLL!recvfrom 74FBA1EC 5 Bytes JMP 10002D00 C:\WINNT\system32\sockspy.dll .text D:\Mozilla Firefox\firefox.exe[1096] WS2_32.DLL!connect 74FBC1B9 5 Bytes JMP 10002E00 C:\WINNT\system32\sockspy.dll .text D:\Mozilla Firefox\firefox.exe[1096] WS2_32.DLL!listen 74FBC556 5 Bytes JMP 10002AC0 C:\WINNT\system32\sockspy.dll .text D:\Mozilla Firefox\firefox.exe[1096] WS2_32.DLL!accept 74FBC9B7 5 Bytes JMP 10002FE0 C:\WINNT\system32\sockspy.dll .text D:\Mozilla Firefox\firefox.exe[1096] SHELL32.dll!Shell_NotifyIconW 7CEA80E4 6 Bytes JMP 5F1C0F5A .text D:\Mozilla Firefox\firefox.exe[1096] SHELL32.dll!Shell_NotifyIcon 7CEA81E3 6 Bytes JMP 5F190F5A .text D:\Spybot - Search & Destroy\TeaTimer.exe[1172] kernel32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 10003140 C:\WINNT\system32\sockspy.dll .text D:\Spybot - Search & Destroy\TeaTimer.exe[1172] kernel32.dll!LoadLibraryExW 77E90565 6 Bytes JMP 5F070F5A .text D:\Spybot - Search & Destroy\TeaTimer.exe[1172] kernel32.dll!CreateProcessW 77E96951 6 Bytes JMP 5F0A0F5A .text D:\Spybot - Search & Destroy\TeaTimer.exe[1172] kernel32.dll!OpenProcess 77E9697D 6 Bytes JMP 5F1C0F5A .text D:\Spybot - Search & Destroy\TeaTimer.exe[1172] kernel32.dll!WinExec 77E974FA 6 Bytes JMP 5F040F5A .text D:\Spybot - Search & Destroy\TeaTimer.exe[1172] kernel32.dll!WriteProcessMemory 77E97960 6 Bytes JMP 5F190F5A .text D:\Spybot - Search & Destroy\TeaTimer.exe[1172] advapi32.dll!CreateServiceA 78F14B39 6 Bytes JMP 5F130F5A .text D:\Spybot - Search & Destroy\TeaTimer.exe[1172] advapi32.dll!CreateServiceW 78F14CF9 6 Bytes JMP 5F160F5A .text D:\Spybot - Search & Destroy\TeaTimer.exe[1172] shell32.dll!Shell_NotifyIconW 7CEA80E4 6 Bytes JMP 5F220F5A .text D:\Spybot - Search & Destroy\TeaTimer.exe[1172] shell32.dll!Shell_NotifyIcon 7CEA81E3 6 Bytes JMP 5F1F0F5A .text D:\Spybot - Search & Destroy\TeaTimer.exe[1172] WS2_32.DLL!connect 74FBC1B9 6 Bytes JMP 5F0D0F5A .text D:\Spybot - Search & Destroy\TeaTimer.exe[1172] WS2_32.DLL!listen 74FBC556 6 Bytes JMP 5F100F5A .text D:\PC Alert III\alert.exe[1200] KERNEL32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 00943140 C:\WINNT\system32\sockspy.dll .text D:\PC Alert III\alert.exe[1200] KERNEL32.dll!LoadLibraryExW 77E90565 6 Bytes JMP 5F070F5A .text D:\PC Alert III\alert.exe[1200] KERNEL32.dll!CreateProcessW 77E96951 6 Bytes JMP 5F0A0F5A .text D:\PC Alert III\alert.exe[1200] KERNEL32.dll!OpenProcess 77E9697D 6 Bytes JMP 5F1E0F5A .text D:\PC Alert III\alert.exe[1200] KERNEL32.dll!WinExec 77E974FA 6 Bytes JMP 5F040F5A .text D:\PC Alert III\alert.exe[1200] KERNEL32.dll!WriteProcessMemory 77E97960 6 Bytes JMP 5F1B0F5A .text D:\PC Alert III\alert.exe[1200] ADVAPI32.dll!CreateServiceA 78F14B39 6 Bytes JMP 5F150F5A .text D:\PC Alert III\alert.exe[1200] ADVAPI32.dll!CreateServiceW 78F14CF9 6 Bytes JMP 5F180F5A .text D:\PC Alert III\alert.exe[1200] WS2_32.dll!closesocket 74FB145E 5 Bytes JMP 00943110 C:\WINNT\system32\sockspy.dll .text D:\PC Alert III\alert.exe[1200] WS2_32.dll!send 74FB1BCC 5 Bytes JMP 00942B00 C:\WINNT\system32\sockspy.dll .text D:\PC Alert III\alert.exe[1200] WS2_32.dll!gethostbyname 74FB266D 5 Bytes JMP 00942DD0 C:\WINNT\system32\sockspy.dll .text D:\PC Alert III\alert.exe[1200] WS2_32.dll!sendto 74FB3454 5 Bytes JMP 00942D70 C:\WINNT\system32\sockspy.dll .text D:\PC Alert III\alert.exe[1200] WS2_32.dll!bind 74FB361B 5 Bytes JMP 009430D0 C:\WINNT\system32\sockspy.dll .text D:\PC Alert III\alert.exe[1200] WS2_32.dll!recvfrom 74FBA1EC 5 Bytes JMP 00942D00 C:\WINNT\system32\sockspy.dll .text D:\PC Alert III\alert.exe[1200] WS2_32.dll!connect 74FBC1B9 5 Bytes JMP 00942E00 C:\WINNT\system32\sockspy.dll .text D:\PC Alert III\alert.exe[1200] WS2_32.dll!listen 74FBC556 5 Bytes JMP 00942AC0 C:\WINNT\system32\sockspy.dll .text D:\PC Alert III\alert.exe[1200] WS2_32.dll!accept 74FBC9B7 5 Bytes JMP 00942FE0 C:\WINNT\system32\sockspy.dll .text D:\PC Alert III\alert.exe[1200] SHELL32.DLL!Shell_NotifyIconW 7CEA80E4 6 Bytes JMP 5F240F5A .text D:\PC Alert III\alert.exe[1200] SHELL32.DLL!Shell_NotifyIcon 7CEA81E3 6 Bytes JMP 5F210F5A .text C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe[1232] KERNEL32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 10003140 C:\WINNT\system32\sockspy.dll .text C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe[1232] KERNEL32.dll!LoadLibraryExW 77E90565 6 Bytes JMP 5F070F5A .text C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe[1232] KERNEL32.dll!CreateProcessW 77E96951 6 Bytes JMP 5F0A0F5A .text C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe[1232] KERNEL32.dll!OpenProcess 77E9697D 6 Bytes JMP 5F160F5A .text C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe[1232] KERNEL32.dll!WinExec 77E974FA 6 Bytes JMP 5F040F5A .text C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe[1232] KERNEL32.dll!WriteProcessMemory 77E97960 6 Bytes JMP 5F130F5A .text C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe[1232] ADVAPI32.dll!CreateServiceA 78F14B39 6 Bytes JMP 5F0D0F5A .text C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe[1232] ADVAPI32.dll!CreateServiceW 78F14CF9 6 Bytes JMP 5F100F5A .text C:\WINNT\system32\RUNDLL32.EXE[1292] KERNEL32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 10003140 C:\WINNT\system32\sockspy.dll .text C:\WINNT\system32\RUNDLL32.EXE[1292] KERNEL32.dll!LoadLibraryExW 77E90565 6 Bytes JMP 5F070F5A .text C:\WINNT\system32\RUNDLL32.EXE[1292] KERNEL32.dll!CreateProcessW 77E96951 6 Bytes JMP 5F0A0F5A .text C:\WINNT\system32\RUNDLL32.EXE[1292] KERNEL32.dll!OpenProcess 77E9697D 6 Bytes JMP 5F1C0F5A .text C:\WINNT\system32\RUNDLL32.EXE[1292] KERNEL32.dll!WinExec 77E974FA 6 Bytes JMP 5F040F5A .text C:\WINNT\system32\RUNDLL32.EXE[1292] KERNEL32.dll!WriteProcessMemory 77E97960 6 Bytes JMP 5F190F5A .text C:\WINNT\system32\RUNDLL32.EXE[1292] ADVAPI32.dll!CreateServiceA 78F14B39 6 Bytes JMP 5F130F5A .text C:\WINNT\system32\RUNDLL32.EXE[1292] ADVAPI32.dll!CreateServiceW 78F14CF9 6 Bytes JMP 5F160F5A .text C:\WINNT\system32\RUNDLL32.EXE[1292] SHELL32.dll!Shell_NotifyIconW 7CEA80E4 6 Bytes JMP 5F220F5A .text C:\WINNT\system32\RUNDLL32.EXE[1292] SHELL32.dll!Shell_NotifyIcon 7CEA81E3 6 Bytes JMP 5F1F0F5A .text C:\WINNT\system32\RUNDLL32.EXE[1292] WS2_32.DLL!connect 74FBC1B9 6 Bytes JMP 5F0D0F5A .text C:\WINNT\system32\RUNDLL32.EXE[1292] WS2_32.DLL!listen 74FBC556 6 Bytes JMP 5F100F5A .text C:\Program Files\Softwin\BitDefender8\bdoesrv.exe[1340] KERNEL32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 10003140 C:\WINNT\system32\sockspy.dll .text C:\Program Files\Softwin\BitDefender8\bdoesrv.exe[1340] KERNEL32.dll!LoadLibraryExW 77E90565 6 Bytes JMP 5F070F5A .text C:\Program Files\Softwin\BitDefender8\bdoesrv.exe[1340] KERNEL32.dll!CreateProcessW 77E96951 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Softwin\BitDefender8\bdoesrv.exe[1340] KERNEL32.dll!OpenProcess 77E9697D 6 Bytes JMP 5F160F5A .text C:\Program Files\Softwin\BitDefender8\bdoesrv.exe[1340] KERNEL32.dll!WinExec 77E974FA 6 Bytes JMP 5F040F5A .text C:\Program Files\Softwin\BitDefender8\bdoesrv.exe[1340] KERNEL32.dll!WriteProcessMemory 77E97960 6 Bytes JMP 5F130F5A .text C:\Program Files\Softwin\BitDefender8\bdoesrv.exe[1340] ADVAPI32.dll!CreateServiceA 78F14B39 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Softwin\BitDefender8\bdoesrv.exe[1340] ADVAPI32.dll!CreateServiceW 78F14CF9 6 Bytes JMP 5F100F5A .text C:\Program Files\Softwin\BitDefender8\bdoesrv.exe[1340] SHELL32.dll!Shell_NotifyIconW 7CEA80E4 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Softwin\BitDefender8\bdoesrv.exe[1340] SHELL32.dll!Shell_NotifyIcon 7CEA81E3 6 Bytes JMP 5F190F5A .text C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe[1360] KERNEL32.dll!LoadLibraryExW 77E90565 6 Bytes JMP 5F070F5A .text C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe[1360] KERNEL32.dll!CreateProcessW 77E96951 6 Bytes JMP 5F0A0F5A .text C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe[1360] KERNEL32.dll!OpenProcess 77E9697D 6 Bytes JMP 5F1C0F5A .text C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe[1360] KERNEL32.dll!WinExec 77E974FA 6 Bytes JMP 5F040F5A .text C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe[1360] KERNEL32.dll!WriteProcessMemory 77E97960 6 Bytes JMP 5F190F5A .text C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe[1360] ADVAPI32.dll!CreateServiceA 78F14B39 6 Bytes JMP 5F130F5A .text C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe[1360] ADVAPI32.dll!CreateServiceW 78F14CF9 6 Bytes JMP 5F160F5A .text C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe[1360] SHELL32.dll!Shell_NotifyIconW 7CEA80E4 6 Bytes JMP 5F220F5A .text C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe[1360] SHELL32.dll!Shell_NotifyIcon 7CEA81E3 6 Bytes JMP 5F1F0F5A .text C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe[1360] WS2_32.dll!connect 74FBC1B9 6 Bytes JMP 5F0D0F5A .text C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe[1360] WS2_32.dll!listen 74FBC556 6 Bytes JMP 5F100F5A .text D:\AVG Anti-Spyware 7.5\avgas.exe[1384] KERNEL32.DLL!LoadLibraryA 77E9023D 5 Bytes JMP 00D93140 C:\WINNT\system32\sockspy.dll .text D:\AVG Anti-Spyware 7.5\avgas.exe[1384] KERNEL32.DLL!LoadLibraryExW 77E90565 6 Bytes JMP 5F070F5A .text D:\AVG Anti-Spyware 7.5\avgas.exe[1384] KERNEL32.DLL!CreateProcessW 77E96951 6 Bytes JMP 5F0A0F5A .text D:\AVG Anti-Spyware 7.5\avgas.exe[1384] KERNEL32.DLL!OpenProcess 77E9697D 6 Bytes JMP 5F1E0F5A .text D:\AVG Anti-Spyware 7.5\avgas.exe[1384] KERNEL32.DLL!WinExec 77E974FA 6 Bytes JMP 5F040F5A .text D:\AVG Anti-Spyware 7.5\avgas.exe[1384] KERNEL32.DLL!WriteProcessMemory 77E97960 6 Bytes JMP 5F1B0F5A .text D:\AVG Anti-Spyware 7.5\avgas.exe[1384] ADVAPI32.dll!CreateServiceA 78F14B39 6 Bytes JMP 5F150F5A .text D:\AVG Anti-Spyware 7.5\avgas.exe[1384] ADVAPI32.dll!CreateServiceW 78F14CF9 6 Bytes JMP 5F180F5A .text D:\AVG Anti-Spyware 7.5\avgas.exe[1384] SHELL32.DLL!Shell_NotifyIconW 7CEA80E4 6 Bytes JMP 5F240F5A .text D:\AVG Anti-Spyware 7.5\avgas.exe[1384] SHELL32.DLL!Shell_NotifyIcon 7CEA81E3 6 Bytes JMP 5F210F5A .text D:\AVG Anti-Spyware 7.5\avgas.exe[1384] WS2_32.DLL!closesocket 74FB145E 5 Bytes JMP 00D93110 C:\WINNT\system32\sockspy.dll .text D:\AVG Anti-Spyware 7.5\avgas.exe[1384] WS2_32.DLL!send 74FB1BCC 5 Bytes JMP 00D92B00 C:\WINNT\system32\sockspy.dll .text D:\AVG Anti-Spyware 7.5\avgas.exe[1384] WS2_32.DLL!gethostbyname 74FB266D 5 Bytes JMP 00D92DD0 C:\WINNT\system32\sockspy.dll .text D:\AVG Anti-Spyware 7.5\avgas.exe[1384] WS2_32.DLL!sendto 74FB3454 5 Bytes JMP 00D92D70 C:\WINNT\system32\sockspy.dll .text D:\AVG Anti-Spyware 7.5\avgas.exe[1384] WS2_32.DLL!bind 74FB361B 5 Bytes JMP 00D930D0 C:\WINNT\system32\sockspy.dll .text D:\AVG Anti-Spyware 7.5\avgas.exe[1384] WS2_32.DLL!recvfrom 74FBA1EC 5 Bytes JMP 00D92D00 C:\WINNT\system32\sockspy.dll .text D:\AVG Anti-Spyware 7.5\avgas.exe[1384] WS2_32.DLL!connect 74FBC1B9 5 Bytes JMP 00D92E00 C:\WINNT\system32\sockspy.dll .text D:\AVG Anti-Spyware 7.5\avgas.exe[1384] WS2_32.DLL!listen 74FBC556 5 Bytes JMP 00D92AC0 C:\WINNT\system32\sockspy.dll .text D:\AVG Anti-Spyware 7.5\avgas.exe[1384] WS2_32.DLL!accept 74FBC9B7 5 Bytes JMP 00D92FE0 C:\WINNT\system32\sockspy.dll .text D:\a-squared Anti-Malware\a2guard.exe[1396] KERNEL32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 10003140 C:\WINNT\system32\sockspy.dll .text D:\a-squared Anti-Malware\a2guard.exe[1396] KERNEL32.dll!CreateThread + 18 77E9B864 4 Bytes [ 68, 0F, 6E, 88 ] .text D:\a-squared Anti-Malware\a2guard.exe[1396] ws2_32.dll!closesocket 74FB145E 5 Bytes JMP 10003110 C:\WINNT\system32\sockspy.dll .text D:\a-squared Anti-Malware\a2guard.exe[1396] ws2_32.dll!send 74FB1BCC 5 Bytes JMP 10002B00 C:\WINNT\system32\sockspy.dll .text D:\a-squared Anti-Malware\a2guard.exe[1396] ws2_32.dll!gethostbyname 74FB266D 5 Bytes JMP 10002DD0 C:\WINNT\system32\sockspy.dll .text D:\a-squared Anti-Malware\a2guard.exe[1396] ws2_32.dll!sendto 74FB3454 5 Bytes JMP 10002D70 C:\WINNT\system32\sockspy.dll .text D:\a-squared Anti-Malware\a2guard.exe[1396] ws2_32.dll!bind 74FB361B 5 Bytes JMP 100030D0 C:\WINNT\system32\sockspy.dll .text D:\a-squared Anti-Malware\a2guard.exe[1396] ws2_32.dll!recvfrom 74FBA1EC 5 Bytes JMP 10002D00 C:\WINNT\system32\sockspy.dll .text D:\a-squared Anti-Malware\a2guard.exe[1396] ws2_32.dll!connect 74FBC1B9 5 Bytes JMP 10002E00 C:\WINNT\system32\sockspy.dll .text D:\a-squared Anti-Malware\a2guard.exe[1396] ws2_32.dll!listen 74FBC556 5 Bytes JMP 10002AC0 C:\WINNT\system32\sockspy.dll .text D:\a-squared Anti-Malware\a2guard.exe[1396] ws2_32.dll!accept 74FBC9B7 5 Bytes JMP 10002FE0 C:\WINNT\system32\sockspy.dll .text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[1416] ADVAPI32.dll!CreateServiceA 78F14B39 6 Bytes JMP 5F130F5A .text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[1416] ADVAPI32.dll!CreateServiceW 78F14CF9 6 Bytes JMP 5F160F5A .text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[1416] KERNEL32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 10003140 C:\WINNT\system32\sockspy.dll .text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[1416] KERNEL32.dll!LoadLibraryExW 77E90565 6 Bytes JMP 5F070F5A .text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[1416] KERNEL32.dll!CreateProcessW 77E96951 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[1416] KERNEL32.dll!OpenProcess 77E9697D 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[1416] KERNEL32.dll!WinExec 77E974FA 6 Bytes JMP 5F040F5A .text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[1416] KERNEL32.dll!WriteProcessMemory 77E97960 6 Bytes JMP 5F190F5A .text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[1416] SHELL32.dll!Shell_NotifyIconW 7CEA80E4 6 Bytes JMP 5F220F5A .text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[1416] SHELL32.dll!Shell_NotifyIcon 7CEA81E3 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[1416] WS2_32.DLL!connect 74FBC1B9 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe[1416] WS2_32.DLL!listen 74FBC556 6 Bytes JMP 5F100F5A .text C:\Documents and Settings\Administrateur\Bureau\gmer\gmer.exe[1624] KERNEL32.dll!LoadLibraryA 77E9023D 5 Bytes JMP 10003140 C:\WINNT\system32\sockspy.dll .text C:\Documents and Settings\Administrateur\Bureau\gmer\gmer.exe[1624] KERNEL32.dll!LoadLibraryExW 77E90565 6 Bytes JMP 5F070F5A .text C:\Documents and Settings\Administrateur\Bureau\gmer\gmer.exe[1624] KERNEL32.dll!FreeLibrary + 37 77E9089E 4 Bytes [ 9A, F7, 86, F9 ] .text C:\Documents and Settings\Administrateur\Bureau\gmer\gmer.exe[1624] KERNEL32.dll!CreateProcessW 77E96951 6 Bytes JMP 5F0A0F5A .text C:\Documents and Settings\Administrateur\Bureau\gmer\gmer.exe[1624] KERNEL32.dll!OpenProcess 77E9697D 6 Bytes JMP 5F160F5A .text C:\Documents and Settings\Administrateur\Bureau\gmer\gmer.exe[1624] KERNEL32.dll!WinExec 77E974FA 6 Bytes JMP 5F040F5A .text C:\Documents and Settings\Administrateur\Bureau\gmer\gmer.exe[1624] KERNEL32.dll!WriteProcessMemory 77E97960 6 Bytes JMP 5F130F5A .text C:\Documents and Settings\Administrateur\Bureau\gmer\gmer.exe[1624] ADVAPI32.dll!CreateServiceA 78F14B39 6 Bytes JMP 5F0D0F5A .text C:\Documents and Settings\Administrateur\Bureau\gmer\gmer.exe[1624] ADVAPI32.dll!CreateServiceW 78F14CF9 6 Bytes JMP 5F100F5A .text C:\Documents and Settings\Administrateur\Bureau\gmer\gmer.exe[1624] SHELL32.dll!Shell_NotifyIconW 7CEA80E4 6 Bytes JMP 5F1C0F5A .text C:\Documents and Settings\Administrateur\Bureau\gmer\gmer.exe[1624] SHELL32.dll!Shell_NotifyIcon 7CEA81E3 6 Bytes JMP 5F190F5A .text C:\Documents and Settings\Administrateur\Bureau\gmer\gmer.exe[1624] WS2_32.DLL!connect 74FBC1B9 6 Bytes JMP 5F220F5A .text C:\Documents and Settings\Administrateur\Bureau\gmer\gmer.exe[1624] WS2_32.DLL!listen 74FBC556 6 Bytes JMP 5F1F0F5A ---- Devices - GMER 1.0.12 ---- Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 827EC0E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 827EC0E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 827EC0E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 827EC0E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 827EC0E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 827EC0E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 827EC0E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 827EC0E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 827EC0E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 827EC0E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 827EC0E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 827EC0E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 827EC0E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 827EC0E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 827EC0E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 827EC0E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 827EC0E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 827EC0E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 827EC0E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 827EC0E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 827EC0E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 827EC0E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 827BBC68 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 827BBC68 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 827BBC68 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 827BBC68 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 827BBC68 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 827BBC68 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 827BBC68 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 827BBC68 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 827BBC68 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 827BBC68 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 827BBC68 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 827BBC68 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 827BBC68 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 827BBC68 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 827BBC68 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 827BBC68 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 827BBC68 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 827BBC68 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 827BBC68 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 827BBC68 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 827BBC68 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 827BBC68 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 827BBC68 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 827BBC68 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 827BBC68 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 827BBC68 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 827BBC68 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 827BBC68 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 827BBC68 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 827BBC68 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 827BBC68 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 827BBC68 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 827BBC68 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 827BBC68 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 827BBC68 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 827BBC68 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 827BBC68 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 827BBC68 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 827BBC68 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 827BBC68 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 827BBEA8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 826E7908 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 826E7908 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 826E7908 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 826E7908 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 826E7908 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 826E7908 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 826E7908 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 826E7908 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 826E7908 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 826E7908 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 826E7908 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 827BBEA8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 8247C728 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 8247C728 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 8247C728 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 8247C728 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 8247C728 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 8247C728 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 8247C728 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 8247C728 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 8247C728 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 8247C728 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 8247C728 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 8247C728 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 8247C728 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 8247C728 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 8247C728 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 8247C728 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 8247C728 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 8247C728 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 8247C728 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 8247C728 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 8247C728 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 8247C728 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 8247C728 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 8247C728 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 8247C728 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 8247C728 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 8247C728 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 826E7908 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 826E7908 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 826E7908 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 826E7908 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 826E7908 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 826E7908 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 826E7908 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 826E7908 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 826E7908 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 826E7908 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 826E7908 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 827BBEA8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 IRP_MJ_INTERNAL_DEVICE_CONTROL [EB690D60] sfsync02.sys Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL [EB690D60] sfsync02.sys Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL [EB690D60] sfsync02.sys Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL [EB690D60] sfsync02.sys Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-14 IRP_MJ_INTERNAL_DEVICE_CONTROL [EB690D60] sfsync02.sys Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 826E7908 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 826E7908 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 826E7908 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 826E7908 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 826E7908 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 826E7908 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 826E7908 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 826E7908 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 826E7908 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 826E7908 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 826E7908 Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CREATE 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_READ 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_WRITE 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_FLUSH_BUFFERS 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_DEVICE_CONTROL 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_INTERNAL_DEVICE_CONTROL 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SHUTDOWN 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CLEANUP 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_POWER 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_PNP 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_CREATE 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_READ 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_WRITE 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_FLUSH_BUFFERS 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_DEVICE_CONTROL 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_INTERNAL_DEVICE_CONTROL 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_SHUTDOWN 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_CLEANUP 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_POWER 827BBEA8 Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_PNP 827BBEA8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 824D20E8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 824D20E8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 824D20E8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 824D20E8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 824D20E8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_SYSTEM_CONTROL 824D20E8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 824D20E8 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 824D20E8 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 824D20E8 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 824D20E8 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 824D20E8 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 824D20E8 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_SYSTEM_CONTROL 824D20E8 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 824D20E8 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 827BB428 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 827BB428 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 827BB428 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 827BB428 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 827BB428 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 827BB428 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 827BB428 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 827BB428 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 827BB428 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 827BB428 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 827BB428 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 824793C8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 824793C8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 824793C8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 824793C8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 824793C8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 824793C8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 824793C8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 824793C8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 824793C8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 824793C8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 824793C8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 824793C8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 824793C8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 824793C8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 824793C8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 824793C8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 824793C8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 824793C8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 824793C8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 824793C8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 824793C8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 824793C8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 824793C8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 824793C8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 824793C8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 824793C8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 824793C8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 824793C8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 824793C8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 824793C8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 824793C8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 824793C8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 824793C8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 824793C8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 824793C8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 824793C8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 824793C8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 824793C8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 824793C8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 824793C8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 824793C8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 824793C8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 824793C8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 824793C8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 824793C8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 824793C8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 824793C8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 824793C8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 824793C8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 824793C8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 824793C8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 824793C8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 824793C8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 824793C8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 824793C8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 824793C8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 824D47A8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 824D47A8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 824D47A8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 824D47A8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 824D47A8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 824D47A8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 824D47A8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 824D47A8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 824D47A8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 824D47A8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 824D47A8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 824D47A8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 824D47A8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 824D47A8 Device \Driver000069 \Device000007 IRP_MJ_POWER [bFF3CEA8] sptd.sys Device \Driver000069 \Device000007 IRP_MJ_SYSTEM_CONTROL [bFF50A70] sptd.sys Device \Driver000069 \Device000007 IRP_MJ_PNP [bFF49728] sptd.sys Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 827BBEA8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 827BBEA8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 827BBEA8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 827BBEA8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 827BBEA8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 827BBEA8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 827BBEA8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 827BBEA8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 827BBEA8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 827BBEA8 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 824D40E8 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 824D40E8 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 824D40E8 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 824D40E8 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 824D40E8 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 824D40E8 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 824D40E8 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 824D40E8 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 824D40E8 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 824D40E8 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 824D40E8 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 824D40E8 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 824D40E8 Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_CREATE 826513E8 Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_CLOSE 826513E8 Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_DEVICE_CONTROL 826513E8 Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL [EB690D60] sfsync02.sys Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_POWER 826513E8 Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_SYSTEM_CONTROL 826513E8 Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_PNP 826513E8 Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE 826513E8 Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port3Path0Target0Lun0 IRP_MJ_CLOSE 826513E8 Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 826513E8 Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL [EB690D60] sfsync02.sys Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port3Path0Target0Lun0 IRP_MJ_POWER 826513E8 Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 826513E8 Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port3Path0Target0Lun0 IRP_MJ_PNP 826513E8 Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_CREATE 827BB9A8 Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_CREATE_NAMED_PIPE 827BB9A8 Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_CLOSE 827BB9A8 Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_READ 827BB9A8 Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_WRITE 827BB9A8 Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_QUERY_INFORMATION 827BB9A8 Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_SET_INFORMATION 827BB9A8 Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_QUERY_EA 827BB9A8 Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_SET_EA 827BB9A8 Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_FLUSH_BUFFERS 827BB9A8 Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_QUERY_VOLUME_INFORMATION 827BB9A8 Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_SET_VOLUME_INFORMATION 827BB9A8 Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_DIRECTORY_CONTROL 827BB9A8 Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_FILE_SYSTEM_CONTROL 827BB9A8 Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_DEVICE_CONTROL 827BB9A8 Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_INTERNAL_DEVICE_CONTROL 827BB9A8 Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_SHUTDOWN 827BB9A8 Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_LOCK_CONTROL 827BB9A8 Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_CLEANUP 827BB9A8 Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_CREATE_MAILSLOT 827BB9A8 Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_QUERY_SECURITY 827BB9A8 Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_SET_SECURITY 827BB9A8 Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_POWER 827BB9A8 Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_SYSTEM_CONTROL 827BB9A8 Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_DEVICE_CHANGE 827BB9A8 Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_QUERY_QUOTA 827BB9A8 Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_SET_QUOTA 827BB9A8 Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_PNP 827BB9A8 Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 821902A8 Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 821902A8 Device \FileSystem\Fastfat \Fat IRP_MJ_READ 821902A8 Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 821902A8 Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 821902A8 Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 821902A8 Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 821902A8 Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 821902A8 Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 821902A8 Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 821902A8 Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 821902A8 Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 821902A8 Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 821902A8 Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 821902A8 Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 821902A8 Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 821902A8 Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 821902A8 Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 821902A8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 8245EB68 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 8245EB68 Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 8245EB68 Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 8245EB68 Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 8245EB68 Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 8245EB68 Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 8245EB68 Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 8245EB68 Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 8245EB68 Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 8245EB68 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 8245EB68 Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 8245EB68 ---- EOF - GMER 1.0.12 ---- miam

ah oui j'oubliais j'ai vidé ma boite mail, mais le fait d'avoir des messages infectés me semble recent: les derneiers rapports n'en faisait pas cas je pense. thanks

Salut Charles ingals et merci bien pour ton aide 1) non je ne suis pas en réseau (ma boite est branchée sur ma carte réseau mais c'est tout) 2) j'ai lançé diaghelp mais le pc n'a pas redemarré (pb?) en tout cas voici le rapport C:\WINNT\System32/drivers\nwlnkcr.sys -->03/04/2007 22:23:11 C:\WINNT\System32/drivers\atksgt.sys -->03/02/2007 14:29:45 C:\WINNT\System32/drivers\lirsgt.sys -->03/02/2007 14:29:44 C:\WINNT\System32/drivers\npf.sys -->25/01/2007 19:31:34 C:\WINNT\System32/drivers\SECDRV.SYS -->25/01/2007 09:18:32 C:\WINNT\System32/drivers\vaxscsi.sys -->25/01/2007 09:10:44 C:\WINNT\System32/drivers\sptd5725.sys -->25/01/2007 09:07:32 C:\WINNT\System32\nvapps.xml -->03/04/2007 21:42:59 C:\WINNT\System32\jupdate-1.5.0_11-b03.log -->31/03/2007 08:47:54 C:\WINNT\System32\tmp.txt -->30/03/2007 18:51:34 C:\WINNT\System32\tmp.reg -->30/03/2007 18:51:34 C:\WINNT\System32\FNTCACHE.DAT -->29/03/2007 20:30:03 C:\WINNT\System32\Perflib_Perfdata_310.dat -->29/03/2007 19:19:26 C:\WINNT\System32\.exe -->29/03/2007 19:16:47 C:\WINNT\System32\Perflib_Perfdata_314.dat -->28/03/2007 20:46:52 C:\WINNT\System32\i -->28/03/2007 20:10:08 C:\WINNT\System32\dp.exe -->28/03/2007 12:12:16 C:\WINNT\System32\tj -->28/03/2007 12:12:13 C:\WINNT\System32\Perflib_Perfdata_234.dat -->27/03/2007 23:31:49 C:\WINNT\System32\Perflib_Perfdata_1c0.dat -->26/03/2007 18:53:43 C:\WINNT\System32\sfc.dll -->26/03/2007 18:35:49 C:\WINNT\System32\Perflib_Perfdata_31c.dat -->25/03/2007 20:22:28 C:\WINNT\System32\Perflib_Perfdata_5c8.dat -->25/03/2007 20:06:27 C:\WINNT\System32\Perflib_Perfdata_57c.dat -->25/03/2007 19:45:43 C:\WINNT\System32\Perflib_Perfdata_17c.dat -->25/03/2007 19:29:07 C:\WINNT\System32\Perflib_Perfdata_188.dat -->25/03/2007 19:24:49 C:\WINNT\System32\Perflib_Perfdata_5d8.dat -->22/03/2007 20:38:05 C:\WINNT\System32\Perflib_Perfdata_60c.dat -->22/03/2007 20:30:23 C:\WINNT\System32\irxgskvw.PIF -->22/03/2007 00:23:32 C:\WINNT\System32\bedgsly.bat -->20/03/2007 18:48:25 C:\WINNT\System32\xdll.bat -->20/03/2007 18:48:14 C:\WINNT\System32\Perflib_Perfdata_640.dat -->20/03/2007 18:43:27 C:\WINNT\WindowsUpdate.log -->03/04/2007 22:59:02 C:\WINNT\iis5.log -->03/04/2007 22:57:56 C:\WINNT\KB925902.log -->03/04/2007 22:57:55 C:\WINNT\imsins.log -->03/04/2007 22:57:55 C:\WINNT\comsetup.log -->03/04/2007 22:57:55 C:\WINNT\ockodak.log -->03/04/2007 22:57:54 C:\WINNT\ocgen.log -->03/04/2007 22:57:54 C:\WINNT\updspapi.log -->03/04/2007 22:57:44 C:\WINNT\win.ini -->03/04/2007 21:53:21 C:\WINNT\ShellIconCache -->02/04/2007 22:40:37 C:\WINNT\QTFont.qfn -->01/04/2007 09:38:21 C:\WINNT\mozver.dat -->31/03/2007 08:48:14 C:\WINNT\SchedLgU.Txt -->30/03/2007 21:51:56 C:\WINNT\QTFont.for -->30/03/2007 19:11:55 C:\WINNT\Setup1.exe -->30/03/2007 13:33:12 C:\WINNT\alcrmv.exe |24/01/2007 21:00:18 C:\WINNT\alcupd.exe |24/01/2007 21:00:18 C:\WINNT\bdoscandel.exe |04/03/2005 15:10:36 C:\WINNT\IsUn040c.exe |02/02/2007 10:14:04 C:\WINNT\IsUninst.exe |24/01/2007 20:55:54 C:\WINNT\meta4.exe |25/02/2007 13:35:09 C:\WINNT\MOTA113.exe |25/02/2007 13:35:09 C:\WINNT\PATCH.EXE |27/01/2007 13:25:04 C:\WINNT\runtsckl.exe |02/11/2005 19:07:12 C:\WINNT\tsc.exe |27/01/2007 13:30:15 C:\WINNT\twunk_16.exe |16/12/1999 10:00:00 C:\WINNT\twunk_32.exe |16/12/1999 10:00:00 C:\WINNT\War3Unin.exe |10/02/2007 18:12:03 C:\WINNT\x2.64.exe |25/02/2007 13:35:09 C:\WINNT\AuHCcup1.dll |23/07/1999 11:53:20 C:\WINNT\BPMNT.dll |27/01/2007 13:30:14 C:\WINNT\hcextoutput.dll |27/01/2007 13:30:15 C:\WINNT\loadhttp.dll |15/10/2002 15:29:40 C:\WINNT\patchw32.dll |14/12/2001 14:34:46 C:\WINNT\TMUPDATE.DLL |27/01/2007 13:25:04 C:\WINNT\twain.dll |16/12/1999 10:00:00 C:\WINNT\twain_32.dll |16/12/1999 10:00:00 C:\WINNT\UNZIP.DLL |27/01/2007 13:25:04 C:\WINNT\vsapi32.dll |27/01/2007 13:30:14 C:\WINNT\system32\.exe |28/03/2007 19:03:56 C:\WINNT\system32\append.exe |16/12/1999 10:00:00 C:\WINNT\system32\CNDNDlg.exe |07/03/2007 15:18:10 C:\WINNT\system32\debug.exe |16/12/1999 10:00:00 C:\WINNT\system32\dfrgfat.exe |19/06/2003 12:05:04 C:\WINNT\system32\dfrgntfs.exe |19/06/2003 12:05:04 C:\WINNT\system32\dmadmin.exe |19/06/2003 12:05:04 C:\WINNT\system32\dmremote.exe |19/06/2003 12:05:04 C:\WINNT\system32\dosx.exe |16/12/1999 10:00:00 C:\WINNT\system32\dp.exe |28/03/2007 12:12:16 C:\WINNT\system32\dumphive.exe |27/03/2007 19:14:13 C:\WINNT\system32\dvdplay.exe |15/12/1999 01:30:38 C:\WINNT\system32\edlin.exe |16/12/1999 10:00:00 C:\WINNT\system32\exe2bin.exe |16/12/1999 10:00:00 C:\WINNT\system32\fastopen.exe |16/12/1999 10:00:00 C:\WINNT\system32\java.exe |31/03/2007 08:47:58 C:\WINNT\system32\javaw.exe |31/03/2007 08:47:58 C:\WINNT\system32\javaws.exe |31/03/2007 08:47:58 C:\WINNT\system32\keystone.exe |22/10/2006 13:22:00 C:\WINNT\system32\massvc32.exe |18/03/2007 13:34:52 C:\WINNT\system32\mem.exe |16/12/1999 10:00:00 C:\WINNT\system32\mscdexnt.exe |16/12/1999 10:00:00 C:\WINNT\system32\msswchx.exe |19/06/2003 12:05:04 C:\WINNT\system32\NeroCheck.exe |29/01/2007 20:12:00 C:\WINNT\system32\nlsfunc.exe |16/12/1999 10:00:00 C:\WINNT\system32\nvappbar.exe |22/10/2006 13:22:00 C:\WINNT\system32\nvcolor.exe |22/10/2006 13:22:00 C:\WINNT\system32\nvcplui.exe |22/10/2006 13:22:00 C:\WINNT\system32\nvdspsch.exe |22/10/2006 13:22:00 C:\WINNT\system32\nvsvc32.exe |22/10/2006 13:22:00 C:\WINNT\system32\nvudisp.exe |24/01/2007 21:04:47 C:\WINNT\system32\NVUNINST.EXE |24/01/2007 21:04:39 C:\WINNT\system32\nw16.exe |16/12/1999 10:00:00 C:\WINNT\system32\nwiz.exe |22/10/2006 13:22:00 C:\WINNT\system32\Process.exe |27/03/2007 19:14:13 C:\WINNT\system32\PSDrvCheck.exe |23/02/2007 15:25:18 C:\WINNT\system32\pxhpinst.exe |11/03/2007 20:17:53 C:\WINNT\system32\redir.exe |16/12/1999 10:00:00 C:\WINNT\system32\setver.exe |16/12/1999 10:00:00 C:\WINNT\system32\share.exe |16/12/1999 10:00:00 C:\WINNT\system32\Shutdown.exe |24/03/2007 19:35:56 C:\WINNT\system32\SrchSTS.exe |27/03/2007 19:14:13 C:\WINNT\system32\swreg.exe |27/03/2007 19:14:13 C:\WINNT\system32\swsc.exe |27/03/2007 19:14:13 C:\WINNT\system32\swxcacls.exe |27/03/2007 19:14:13 C:\WINNT\system32\vwipxspx.exe |16/12/1999 10:00:00 C:\WINNT\system32\x.264.exe |25/02/2007 13:35:08 C:\WINNT\system32\amstream.dll |29/01/2007 21:22:26 C:\WINNT\system32\atmfd.dll |19/06/2003 12:05:04 C:\WINNT\system32\atmlib.dll |19/06/2003 12:05:04 C:\WINNT\system32\avisynth.dll |25/02/2007 13:35:08 C:\WINNT\system32\AVSredirect.dll |25/02/2007 13:35:09 C:\WINNT\system32\cbrowser.dll |24/01/2007 21:53:26 C:\WINNT\system32\CNDCK170.dll |07/03/2007 15:18:10 C:\WINNT\system32\CNDUK170.dll |07/03/2007 15:18:10 C:\WINNT\system32\ComLib.dll |24/01/2007 21:53:26 C:\WINNT\system32\devil.dll |25/02/2007 13:35:08 C:\WINNT\system32\dfrgres.dll |16/12/1999 10:00:00 C:\WINNT\system32\dfrgsnap.dll |19/06/2003 12:05:04 C:\WINNT\system32\dfrgui.dll |16/12/1999 10:00:00 C:\WINNT\system32\dgrpsetu.dll |24/01/2007 20:34:06 C:\WINNT\system32\dgsetup.dll |24/01/2007 20:34:06 C:\WINNT\system32\dmconfig.dll |19/06/2003 12:05:04 C:\WINNT\system32\dmintf.dll |19/06/2003 12:05:04 C:\WINNT\system32\dmserver.dll |19/06/2003 12:05:04 C:\WINNT\system32\dmutil.dll |19/06/2003 12:05:04 C:\WINNT\system32\efsadu.dll |16/12/1999 10:00:00 C:\WINNT\system32\EqnClass.Dll |24/01/2007 20:34:06 C:\WINNT\system32\flvDX.dll |25/02/2007 13:32:52 C:\WINNT\system32\hpzcoi08.dll |26/03/2003 08:21:58 C:\WINNT\system32\hpzcon08.dll |26/03/2003 08:23:10 C:\WINNT\system32\hpzlnt08.dll |26/03/2003 08:32:24 C:\WINNT\system32\hticons.dll |24/01/2007 20:40:35 C:\WINNT\system32\hypertrm.dll |24/01/2007 20:40:35 C:\WINNT\system32\i420vfw.dll |25/02/2007 13:35:08 C:\WINNT\system32\iccvid.dll |16/12/1999 10:00:00 C:\WINNT\system32\imagr5.dll |29/01/2007 20:12:05 C:\WINNT\system32\imagx5.dll |29/01/2007 20:12:05 C:\WINNT\system32\ImagXpr5.dll |29/01/2007 20:12:05 C:\WINNT\system32\imgcmn.dll |24/01/2007 20:40:37 C:\WINNT\system32\imgshl.dll |24/01/2007 20:40:37 C:\WINNT\system32\ir32_32.dll |16/12/1999 10:00:00 C:\WINNT\system32\ir41_qc.dll |16/12/1999 10:00:00 C:\WINNT\system32\ir41_qcx.dll |16/12/1999 10:00:00 C:\WINNT\system32\ir50_32.dll |16/12/1999 10:00:00 C:\WINNT\system32\ir50_qc.dll |16/12/1999 10:00:00 C:\WINNT\system32\ir50_qcx.dll |16/12/1999 10:00:00 C:\WINNT\system32\jpeg1x32.dll |24/01/2007 20:40:37 C:\WINNT\system32\jpeg2x32.dll |24/01/2007 20:40:37 C:\WINNT\system32\mciqtz32.dll |29/01/2007 21:22:26 C:\WINNT\system32\meter.dll |11/07/2002 11:38:14 C:\WINNT\system32\msdmo.dll |29/01/2007 21:22:27 C:\WINNT\system32\msencode.dll |30/08/2002 19:24:06 C:\WINNT\system32\msswch.dll |19/06/2003 12:05:04 C:\WINNT\system32\MusInputMod.dll |11/07/2002 11:39:36 C:\WINNT\system32\N067UFW.dll |24/01/2007 21:12:14 C:\WINNT\system32\NMOCOD.DLL |25/01/2007 09:27:08 C:\WINNT\system32\NMORENU.DLL |25/01/2007 09:27:09 C:\WINNT\system32\NMSCKN.DLL |25/01/2007 09:27:09 C:\WINNT\system32\NMW3VWN.DLL |25/01/2007 09:27:09 C:\WINNT\system32\nsp.dll |23/02/2007 15:25:13 C:\WINNT\system32\nspa6.dll |23/02/2007 15:25:17 C:\WINNT\system32\nspm5.dll |23/02/2007 15:25:19 C:\WINNT\system32\nspm6.dll |23/02/2007 15:25:19 C:\WINNT\system32\nspp6.dll |23/02/2007 15:25:18 C:\WINNT\system32\nsppx.dll |23/02/2007 15:25:16 C:\WINNT\system32\nspw7.dll |23/02/2007 15:25:13 C:\WINNT\system32\nv4_disp.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvapi.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvcod.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvcodins.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvcpl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvcpluir.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvdisps.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvdispsr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvexpbar.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvgames.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvgamesr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvhwvid.dll |22/10/2006 13:22:00 C:\WINNT\system32\nview.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvmccs.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvmccsrs.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvmccss.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvmccssr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvmctray.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvmobls.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvmoblsr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvnt4cpl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvoglnt.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsar.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrscs.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsda.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsde.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsel.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrseng.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrses.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsesm.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsfi.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsfr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrshe.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrshu.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsit.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsja.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsko.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsnl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsno.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrspl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrspt.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsptb.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsru.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrssk.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrssl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrssv.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrstr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrszhc.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrszht.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvshell.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvvitvs.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvvitvsr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwddi.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwdmcpl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwimg.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsar.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrscs.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsda.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsde.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsel.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrseng.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrses.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsesm.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsfi.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsfr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrshe.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrshu.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsit.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsja.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsko.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsnl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsno.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrspl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrspt.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsptb.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsru.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrssk.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrssl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrssv.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrstr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrszhc.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrszht.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwss.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwssr.dll |22/10/2006 13:22:00 C:\WINNT\system32\oieng400.dll |24/01/2007 20:40:34 C:\WINNT\system32\oiprt400.dll |24/01/2007 20:40:37 C:\WINNT\system32\oislb400.dll |24/01/2007 20:40:37 C:\WINNT\system32\oissq400.dll |24/01/2007 20:40:37 C:\WINNT\system32\oitwa400.dll |24/01/2007 20:40:37 C:\WINNT\system32\oiui400.dll |24/01/2007 20:40:34 C:\WINNT\system32\Packet.dll |25/01/2007 19:31:34 C:\WINNT\system32\picn20.dll |29/01/2007 20:12:05 C:\WINNT\system32\pncrt.dll |02/02/2007 10:34:38 C:\WINNT\system32\pndx5016.dll |02/02/2007 10:34:38 C:\WINNT\system32\pndx5032.dll |02/02/2007 10:34:38 C:\WINNT\system32\PSCLK170.dll |07/03/2007 15:18:10 C:\WINNT\system32\psisdecd.dll |02/02/2007 20:06:12 C:\WINNT\system32\pthreadVC.dll |25/01/2007 19:31:36 C:\WINNT\system32\px.dll |11/03/2007 20:17:53 C:\WINNT\system32\pxdrv.dll |11/03/2007 20:17:53 C:\WINNT\system32\pxmas.dll |11/03/2007 20:17:53 C:\WINNT\system32\pxwave.dll |11/03/2007 20:17:53 C:\WINNT\system32\qcut.dll |16/12/1999 10:00:00 C:\WINNT\system32\qedwipes.dll |29/01/2007 21:22:28 C:\WINNT\system32\rmoc3260.dll |02/02/2007 10:34:38 C:\WINNT\system32\SG62CPL.DLL |24/01/2007 21:12:14 C:\WINNT\system32\SG62UUD.DLL |24/01/2007 21:12:14 C:\WINNT\system32\Smab.dll |25/02/2007 13:35:07 C:\WINNT\system32\sockspy.dll |24/01/2007 21:32:13 C:\WINNT\system32\spxcoins.dll |24/01/2007 20:34:06 C:\WINNT\system32\tifflt.dll |24/01/2007 20:40:37 C:\WINNT\system32\tsbyuv.dll |15/12/1999 01:30:06 C:\WINNT\system32\tsd32.dll |16/12/1999 10:00:00 C:\WINNT\system32\UCS32P.DLL |24/01/2007 21:12:15 C:\WINNT\system32\vxblock.dll |11/03/2007 20:17:53 C:\WINNT\system32\WanPacket.dll |25/01/2007 19:31:34 C:\WINNT\system32\wavdest.dll |02/09/1998 10:24:30 C:\WINNT\system32\WBCustomizer.dll |08/01/2001 14:47:44 C:\WINNT\system32\win87em.dll |16/12/1999 10:00:00 C:\WINNT\system32\wpcap.dll |25/01/2007 19:31:36 C:\WINNT\system32\xcomm.dll |02/10/2003 13:15:34 C:\WINNT\system32\xiffr3_0.dll |24/01/2007 20:40:37 C:\WINNT\system32\xreglib.dll |06/12/2002 18:37:06 C:\WINNT\system32\yv12vfw.dll |25/02/2007 13:35:08 Le volume dans le lecteur C s'appelle Vingt Doses Le numéro de série du volume est F06D-02CC Répertoire de C:\WINNT\system32 19/06/2003 12:05 5 392 csrss.exe 1 fichier(s) 5 392 octets 0 Rép(s) 4 854 493 184 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C s'appelle Vingt Doses Le numéro de série du volume est F06D-02CC Répertoire de C:\WINNT\Downloaded Program Files 20/03/2007 23:55 <DIR> . 20/03/2007 23:55 <DIR> .. 13/11/2006 20:48 946 296 asquared.ocx 07/12/2004 17:07 32 bdcore.dll 01/03/2005 15:08 118 784 bdupd.dll 25/02/2007 13:31 65 desktop.ini 01/03/2005 15:08 53 248 ipsupd.dll 08/08/2006 12:45 576 kavwebscan.inf 16/03/2005 12:34 7 407 lang.ini 07/12/2004 17:07 32 libfn.dll 14/03/2005 14:38 126 live.ini 01/03/2005 12:15 1 246 oscan8.inf 16/03/2005 12:31 475 136 oscan8.ocx 14/03/2005 14:58 7 073 scanoptions.tsi 26/05/2005 05:19 291 wuweb.inf 02/11/2005 19:01 1 777 xscan.inf 02/11/2005 19:07 435 712 xscan53.ocx 15 fichier(s) 2 047 801 octets Total des fichiers listés : 15 fichier(s) 2 047 801 octets 2 Rép(s) 4 854 427 648 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Le volume dans le lecteur C s'appelle Vingt Doses Le numéro de série du volume est F06D-02CC Répertoire de C:\Program Files 30/03/2007 13:33 <DIR> . 30/03/2007 13:33 <DIR> .. 24/01/2007 20:40 <DIR> Accessoires 11/02/2007 13:23 <DIR> AddOnsOO2 25/01/2007 13:32 <DIR> Adobe 25/02/2007 13:35 <DIR> AviSynth 2.5 24/02/2007 20:44 <DIR> Common Files 24/01/2007 20:41 <DIR> ComPlus Applications 28/01/2007 20:21 <DIR> directx 20/03/2007 23:42 <DIR> Fichiers communs 11/03/2007 20:17 <DIR> Google 02/02/2007 10:16 <DIR> Hewlett-Packard 25/02/2007 13:28 <DIR> Internet Explorer 31/03/2007 08:47 <DIR> Java 24/01/2007 20:40 <DIR> Lecteur Windows Media 02/02/2007 10:39 <DIR> Media Player Classic 24/01/2007 23:20 <DIR> microsoft frontpage 24/01/2007 23:34 <DIR> Microsoft Office 28/03/2007 14:50 <DIR> NetMeeting 11/02/2007 13:24 <DIR> OOoHG 11/02/2007 13:19 <DIR> OpenOffice.org 2.0 30/03/2007 13:33 <DIR> Optimisation Windows 29/03/2007 20:07 <DIR> Outlook Express 14/03/2007 22:02 <DIR> Picasa2 23/02/2007 15:25 <DIR> Pinnacle 24/01/2007 21:22 <DIR> Softwin 23/02/2007 15:25 <DIR> VOB 29/03/2007 20:08 <DIR> Windows Media Player 24/01/2007 20:40 <DIR> Windows NT 21/02/2007 14:41 <DIR> WinPcap 26/02/2007 19:52 <DIR> Yahoo! 0 fichier(s) 0 octets 31 Rép(s) 4 854 558 720 octets libres Le volume dans le lecteur C s'appelle Vingt Doses Le numéro de série du volume est F06D-02CC Répertoire de C:\Program Files\fichiers communs 20/03/2007 23:42 <DIR> . 20/03/2007 23:42 <DIR> .. 25/01/2007 09:00 <DIR> Adobe 29/01/2007 20:12 <DIR> Ahead 07/03/2007 15:11 <DIR> InstallShield 11/02/2007 13:14 <DIR> Java 25/02/2007 13:31 <DIR> Microsoft Shared 02/02/2007 10:15 <DIR> MSSoap 24/01/2007 20:34 <DIR> ODBC 25/02/2007 13:31 <DIR> Services 24/01/2007 21:21 <DIR> Softwin 29/03/2007 20:07 <DIR> System 0 fichier(s) 0 octets 12 Rép(s) 4 854 558 720 octets libres Le volume dans le lecteur C s'appelle Vingt Doses Le numéro de série du volume est F06D-02CC Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 24/01/2007 23:53 <DIR> . 24/01/2007 23:53 <DIR> .. 04/11/1999 02:38 561 210 MSONSEXT.DLL 03/06/1999 21:09 122 937 MSOWS409.DLL 07/03/2001 16:00 127 033 MSOWS40c.DLL 3 fichier(s) 811 180 octets 2 Rép(s) 4 854 493 184 octets libres Le volume dans le lecteur C s'appelle Vingt Doses Le numéro de série du volume est F06D-02CC Répertoire de C:\Program Files\common files 24/02/2007 20:44 <DIR> . 24/02/2007 20:44 <DIR> .. 24/02/2007 20:53 <DIR> System 0 fichier(s) 0 octets 3 Rép(s) 4 854 554 624 octets libres Le volume dans le lecteur C s'appelle Vingt Doses Le numéro de série du volume est F06D-02CC Répertoire de C:\ 11/11/2001 00:00 68 096 diff.exe 27/08/2006 14:10 103 424 grep.exe 2 fichier(s) 171 520 octets 0 Rép(s) 4 854 554 624 octets libres c:\Documents and Settings\Administrateur\.housecall6.6\getMac.exe c:\Documents and Settings\Administrateur\.housecall6.6\patch.exe c:\Documents and Settings\Administrateur\.housecall6.6\tsc.exe c:\Documents and Settings\Administrateur\Bureau\a2AntiMalwareSetup.exe c:\Documents and Settings\Administrateur\Bureau\Antisasser-FR.exe c:\Documents and Settings\Administrateur\Bureau\ATF-Cleaner.exe c:\Documents and Settings\Administrateur\Bureau\avg-anti-spyware_avg_anti-spyware_francais_27645.exe c:\Documents and Settings\Administrateur\Bureau\BattleLANv04.exe c:\Documents and Settings\Administrateur\Bureau\BigFix1.6b.exe c:\Documents and Settings\Administrateur\Bureau\blbeta.exe c:\Documents and Settings\Administrateur\Bureau\clamwin-0.90.1-setup.exe c:\Documents and Settings\Administrateur\Bureau\ComboFix.exe c:\Documents and Settings\Administrateur\Bureau\HijackThis.exe c:\Documents and Settings\Administrateur\Bureau\mwav.exe c:\Documents and Settings\Administrateur\Bureau\sd4hide.exe c:\Documents and Settings\Administrateur\Bureau\spywarefighter.exe c:\Documents and Settings\Administrateur\Bureau\URLSnooper.exe c:\Documents and Settings\Administrateur\Bureau\Windows2000-KB828028-x86-FRA.EXE c:\Documents and Settings\Administrateur\Bureau\Windows2000-KB835732-x86-FRA(2).EXE c:\Documents and Settings\Administrateur\Bureau\Windows2000-KB835732-x86-FRA.EXE c:\Documents and Settings\Administrateur\Bureau\Windows2000-KB891861-v2-x86-FRA.EXE c:\Documents and Settings\Administrateur\Bureau\Arret_Demarrage\Arrêt programmé.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\catchme.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\diff.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\dumphive.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\Fport.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\grep.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\LFiles.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\pslist.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\streams.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\swreg.exe c:\Documents and Settings\Administrateur\Bureau\OptimisationWindows3-0-4\setup.exe c:\Documents and Settings\Administrateur\Bureau\RootkitRevealer\RootkitRevealer.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\Catchme.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\cliptext.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\download.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\LS.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\MD5File.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\MoveEx.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\RegDACL.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\RestartIt!.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\sc.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\SF.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\swreg.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\swsc.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\unzip.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\zip.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\Replace\W2K.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\Replace\XP.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups\attrib.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups\find.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups\findstr.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups\regedit.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old1\attrib.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old1\find.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old1\findstr.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old1\regedit.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old2\attrib.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old2\find.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old2\findstr.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old2\regedit.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old3\attrib.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old3\find.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old3\findstr.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old3\regedit.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old4\attrib.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old4\find.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old4\findstr.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old4\regedit.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer50x\x86win2k\com_microsoft.Q318089_W2K_IE5_5218\vbs51nfr.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer50x\x86win2k\com_microsoft.Q330994_OEPatch31_IE55SP2\q330994.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer50x\x86win2k\com_microsoft.Q822925_IE501_SP4\q822925.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer55x\x86win2k\com_microsoft.Q330994_OEPatch31_IE55SP2\q330994.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer55x\x86win2k\com_microsoft.Q822925_IE_55SP2\q822925.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer6x\x86win2k\com_microsoft.813951_urlmon_5995\q813951.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer6x\x86win2k\com_microsoft.Q318089_W2K_XP_IE6_5226\vbs56nfr.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer6x\x86win2k\com_microsoft.Q330994_OEPatch_IE6SP1_32\q330994.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer6x\x86win2k\com_microsoft.Q822925_IE6_SP1\q822925.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.817787_WMZ_MSRC_1640_WMP71\WindowsMedia71-KB817787-x86-FRA.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.819696_nonDirectX_9_0B_CRITICAL\DirectX9-KB819696-x86-FRA.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.823559_W2K_SP5_WinSE_48630\Windows2000-KB823559-x86-FRA.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.823980_W2K_SP5_WinSE_48715_Critical\Windows2000-KB823980-x86-FRA.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.824105_W2K_SP5_WinSE_48089_Critical\Windows2000-KB824105-x86-FRA.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.824146_W2K_SP5_WinSE_49650\Windows2000-KB824146-x86-FRA.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.IIS_SecPatch_IIS5_5415\Q321599_W2K.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Jscript_ win2K_55_6001\js55nfr.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Jscript_ win2K_XP_56_6003\js56nfr.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Jscript_Win2K_51_5999\js51nfr.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q261255_SP1_4094\q261255.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q270676_SP2_CORP_4127\Q270676.EXE c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q274372_SP2_W2k_CORP_4280\Q274372.EXE c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q280838_SP2_W2k_4305\Q280838.EXE c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q296185_W2K_SP3_CORP_4594\q296185_W2K.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q299553_W2K_SP3_CORP_4674\Q299553.EXE c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q311967_W2K_SP3_5304\Q311967.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q312897_VS_NET_JA_5433\NDP10_SP_Q321897_Ja.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q313450_W2K_Cons_5256\Q313450SP3.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q313829_W2K_5282\Q313829.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q314147_W2K_5265\Q314147_W2K.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q317244_XML40_5255\Q317244.exe c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.1.3.100\QuickTimeInstallerAdmin.exe 3) j'ai très souvent mais pas systematiquement un backdoor.sbot ou generic.sdbot que bitdefender bloque (avec un fichier style nimportequoi.exe) que je ne peux effacer qu'en mode ss echec mais qui revient à chaque fois. ') j'avais aussi, comme la personne que tu avais aidée, le dossier winnt en partage : j'ai fait la manip de registre que tu avais proposé et ça a disparu. voilà c'est grave doc?

salut je fais remonter le topic car je pense que mister bruce lee est parti en vacances, donc si qqun peut me filer un coup de main... merci d'avance

re, kasperski: Friday, March 30, 2007 9:46:54 PM Système d'exploitation : Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 30/03/2007 Enregistrements dans la base antivirus Kaspersky : 289246 Paramètres d'analyse Analyser avec la base antivirus suivante étendue Analyser les archives vrai Analyser les bases de messagerie vrai Cible de l'analyse Poste de travail A:\ C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ Statistiques de l'analyse Total d'objets analysés 50611 Nombre de virus trouvés 1 Nombre d'objets infectés 25 / 0 Nombre d'objets suspects 0 Durée de l'analyse 02:00:43 Nom de l'objet infecté Nom du virus Dernière action C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\nbygkzmq.default\cert8.db L'objet est verrouillé ignoré C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\nbygkzmq.default\formhistory.dat L'objet est verrouillé ignoré C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\nbygkzmq.default\history.dat L'objet est verrouillé ignoré C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\nbygkzmq.default\key3.db L'objet est verrouillé ignoré C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\nbygkzmq.default\parent.lock L'objet est verrouillé ignoré C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\nbygkzmq.default\search.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\nbygkzmq.default\urlclassifier2.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED/[From tuition ... /[From "BB&T" ][Date Fri, 2 Mar 2007 01:21:07 +0100 (added by postmaster@aliceadsl.fr)]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED/[From tuition ][D ... /[From "fl . ... /[From . ... /[From Ed ][Date Thu, 01 Mar 2007 22:44:03 +0300]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED/[From tuition ][D ... /[From "fl . ... /[From ... /[From skogheden" ][Date 1 Mar 2007 19:14:15 +0100]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED/[From tuition ][D ... /[From "fl . ... /[From "Bobbi BOFELOS" ][Date Thu, 1 Mar 2007 10:12:44 -0600]/text Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED/[From tuition ][D ... /[From "fl . ... /[From maxence777@hotmail.com.using.getitfree.net][Date Wed, 28 Feb 2007 12:41:23 -0800]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED/[From tuition ][D ... /[From "fl ... /[From Karim NAILI ][Date Tue, 27 Feb 2007 12:54:08 +0100 (CET)]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED/[From tuition ][D ... /[From "florence.ma ... /[From Adot ADOT ][Date Mon, 26 Feb 2007 18:22:45 +0100 (CET)]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED/[From tuition ][D ... /[From "florence.maixent@ono.com" ][Date Mon, 26 Feb 2007 16:34:42 +0100 (CET)]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED/[From tuition ][Date Fri, ... / ... /[From "DD32 /(Auch DD/)" ][Date 26 Feb 2007 06:52:37 -0800]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED/[From tuition ][Date Fri, ... /[Fro ... /[From Casseurs de pub ][Date Thu, 22 Feb 2007 10:35:39 +0100]/text Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED/[From tuition ][Date Fri, ... /[From Chaiwat Howannapakorn ][Date Sun, 18 Feb 2007 16:10:55 -0800 (PST)]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED/[From tuition ][Date Fri, ... /[From "Tyson Y ... /[ ... /[From Grimm" ][Date 18 Feb 2007 13:07:30 - ... /UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED/[From tuition ][Date Fri, ... /[From "Tyson Y ... /[ ... /[From Grimm" ][Date 18 Feb 2007 13:07:30 -0060]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED/[From tuition ][Date Fri, ... /[From "Tyson Y ... /[From Wild Lips ][Date Sun, 18 Feb 2007 04:52:33 PST]/text Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED/[From tuition ][Date Fri, ... /[From "Tyson YMarguerite" ][Date Sun, 18 Feb 2007 17:19:13 +0800]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED/[From tuition ][Date Fri, 16 Feb 2007 ... ... /[From 3Cams ][Date Sat, 17 Feb 2007 23:14:32 PST]/text Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED/[From tuition ][Date Fri, 16 Feb 2007 ... /[From scrutiny an ][Date Sun, 18 Feb 2007 14:34:43 +1000]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED/[From tuition ][Date Fri, 16 Feb 2007 18 ... /[From Angeline Redmond ][Date Sun, 18 Feb 2007 05:33:51 +0100]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED/[From tuition ][Date Fri, 16 Feb 2007 18:51:01 +0100 ... /[From lover ][Date Fri, 16 Feb 2007 18:57:28 +0100]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED/[From tuition ][Date Fri, 16 Feb 2007 18:51:01 +0100]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text/[From Ed ][Date Fri, 16 Feb 2007 18:52:01 +0300]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED/[From "Florence Ginestet" ][Date Thu, 25 Jan 2007 10:12:35 +0100]/text Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED/[From ][Date 24 Jan 2007 16:26:46 +0500]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox/[From "schwaar" ][Date Mon, 22 Jan 2007 23:34:11 +0100]/UNNAMED Infecté : Trojan-Spy.HTML.Bankfraud.ri ignoré C:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\9y9abrqu.default\Mail\Local Folders\Inbox Mail Berkeley mbox: infecté - 24 ignoré C:\Documents and Settings\Administrateur\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\nbygkzmq.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\nbygkzmq.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\nbygkzmq.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\nbygkzmq.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\MSHist012007033020070331\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Administrateur\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\Administrateur\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Program Files\Softwin\BitDefender8\asdict.dat L'objet est verrouillé ignoré C:\WINNT\CSC000001 L'objet est verrouillé ignoré C:\WINNT\Debug\ipsecpa.log L'objet est verrouillé ignoré C:\WINNT\Debug\oakley.log L'objet est verrouillé ignoré C:\WINNT\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINNT\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINNT\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINNT\Sti_Trace.log L'objet est verrouillé ignoré C:\WINNT\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINNT\system32\config\default L'objet est verrouillé ignoré C:\WINNT\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINNT\system32\config\SAM L'objet est verrouillé ignoré C:\WINNT\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINNT\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINNT\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINNT\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINNT\system32\config\software L'objet est verrouillé ignoré C:\WINNT\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINNT\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINNT\system32\config\system L'objet est verrouillé ignoré C:\WINNT\system32\config\SYSTEM.ALT L'objet est verrouillé ignoré C:\WINNT\system32\drivers\sptd.sys L'objet est verrouillé ignoré C:\WINNT\system32\drivers\sptd5725.sys L'objet est verrouillé ignoré C:\WINNT\system32\drivers\vaxscsi.sys L'objet est verrouillé ignoré C:\WINNT\temp\tmp000061f4\tmp00000000 L'objet est verrouillé ignoré C:\WINNT\WindowsUpdate.log L'objet est verrouillé ignoré D:\Alcohol 120\StarWind\logs\starwind.2007-03-30.18-28-50.log L'objet est verrouillé ignoré Analyse terminée. c'est mieux? ?

re j'ai viré les 3 reps de mon bureau puis au moment de virer age.exe, bitdefender s'est réveillé et a bloquué uun generic.sdbot c:\winnt\system32\age.exe donc j'ai pas pu le virer puisqu'il (bdefender) a du le mettre en quarantaine? et j'ai pu virer le.exe.mwt... Par contre j'ai un fichier, toujours dans system32, .exe (rien.exe) caché, qui me semble suspect: aucune version microsoft dans les proprietés et j'ai beau l'effacer il réapparait à chaque démarrage voili voilà @ + je lance kaspersky

salut Bruce Lee voici le rapport smitfraudix SmitFraudFix v2.157 Rapport fait à 18:51:29,85, ven. 30/03/2007 Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe d:\AVG Anti-Spyware 7.5\guard.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\MSTask.exe d:\Alcohol 120\StarWind\StarWindService.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\WINNT\Explorer.EXE C:\Program Files\Softwin\BitDefender8\vsserv.exe C:\WINNT\system32\RUNDLL32.EXE C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe C:\Program Files\Softwin\BitDefender8\bdoesrv.exe C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe C:\WINNT\system32\rundll32.exe D:\AVG Anti-Spyware 7.5\avgas.exe D:\Spybot - Search & Destroy\TeaTimer.exe D:\PC Alert III\alert.exe D:\Mozilla Firefox\firefox.exe C:\WINNT\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" sockspy.dll sockspy.dll" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Que penses tu de ces arrets intempestifs de windows dont je te parlais? bitdefender et avg sont quand meme bien plus calmes... plus d'alertes depuis hier soir à +

hola voici kaspersky Friday, March 30, 2007 6:53:58 AM Système d'exploitation : Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 29/03/2007 Enregistrements dans la base antivirus Kaspersky : 288786 Paramètres d'analyse Analyser avec la base antivirus suivante étendue Analyser les archives vrai Analyser les bases de messagerie vrai Cible de l'analyse Poste de travail A:\ C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ Statistiques de l'analyse Total d'objets analysés 50472 Nombre de virus trouvés 4 Nombre d'objets infectés 8 / 0 Nombre d'objets suspects 0 Durée de l'analyse 03:00:45 Nom de l'objet infecté Nom du virus Dernière action C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\nbygkzmq.default\cert8.db L'objet est verrouillé ignoré C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\nbygkzmq.default\history.dat L'objet est verrouillé ignoré C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\nbygkzmq.default\key3.db L'objet est verrouillé ignoré C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\nbygkzmq.default\parent.lock L'objet est verrouillé ignoré C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\nbygkzmq.default\search.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\nbygkzmq.default\urlclassifier2.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\Administrateur\Bureau\clean\pskill.exe Infecté : not-a-virus:RiskTool.Win32.PsKill.k ignoré C:\Documents and Settings\Administrateur\Bureau\clean.zip/clean/pskill.exe Infecté : not-a-virus:RiskTool.Win32.PsKill.k ignoré C:\Documents and Settings\Administrateur\Bureau\clean.zip ZIP: infecté - 1 ignoré C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\Reboot.exe Infecté : not-a-virus:RiskTool.Win32.Reboot.f ignoré C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infecté : not-a-virus:RiskTool.Win32.Reboot.f ignoré C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix.zip ZIP: infecté - 1 ignoré C:\Documents and Settings\Administrateur\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\nbygkzmq.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\nbygkzmq.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\nbygkzmq.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\nbygkzmq.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\MSHist012007032920070330\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Administrateur\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\Administrateur\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Program Files\Softwin\BitDefender8\asdict.dat L'objet est verrouillé ignoré C:\WINNT\CSC000001 L'objet est verrouillé ignoré C:\WINNT\Debug\ipsecpa.log L'objet est verrouillé ignoré C:\WINNT\Debug\oakley.log L'objet est verrouillé ignoré C:\WINNT\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINNT\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINNT\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINNT\Sti_Trace.log L'objet est verrouillé ignoré C:\WINNT\system32\age.exe Infecté : Trojan-PSW.Win32.LdPinch.bia ignoré C:\WINNT\system32\bxo.exe.mwt Infecté : Backdoor.Win32.SdBot.bek ignoré C:\WINNT\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINNT\system32\config\default L'objet est verrouillé ignoré C:\WINNT\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINNT\system32\config\SAM L'objet est verrouillé ignoré C:\WINNT\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINNT\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINNT\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINNT\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINNT\system32\config\software L'objet est verrouillé ignoré C:\WINNT\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINNT\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINNT\system32\config\system L'objet est verrouillé ignoré C:\WINNT\system32\config\SYSTEM.ALT L'objet est verrouillé ignoré C:\WINNT\system32\drivers\sptd.sys L'objet est verrouillé ignoré C:\WINNT\system32\drivers\sptd5725.sys L'objet est verrouillé ignoré C:\WINNT\system32\drivers\vaxscsi.sys L'objet est verrouillé ignoré C:\WINNT\system32\wbem\Repository\CIM.REP L'objet est verrouillé ignoré C:\WINNT\temp\tmp00001d2a\tmp00000000 L'objet est verrouillé ignoré C:\WINNT\WindowsUpdate.log L'objet est verrouillé ignoré D:\Alcohol 120\StarWind\logs\starwind.2007-03-29.21-28-21.log L'objet est verrouillé ignoré Analyse terminée.

re, j'ai un nouveau pb: arret intempestif de windows initié par autorité winnt\system32\services.exe code erreur 128 el le pc redemarre j'ai cherché sur gougle et j'ai trouvé un moyen d'arreter le process par un shutdown /A. sinon kaspersky est en cours et yen a pour un bout @ +

je fais remonter le topic pour pas ëtre abandonné Helppppppppppppp

re voila le rapport "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows 2000 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "SpybotSD TeaTimer" = "d:\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "NvCplDaemon" = "RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit" [MS] "BDMCon" = "C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" ["SOFTWIN S.R.L."] "BDOESRV" = "C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe" ["SOFTWIN SRL"] "BDNewsAgent" = ""C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"" [null data] "Synchronization Manager" = "mobsync.exe /logon" [MS] "PSDrvCheck" = "C:\WINNT\system32\PSDrvCheck.exe" [empty string] "!AVG Anti-Spyware" = ""D:\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."] "a-squared" = ""D:\a-squared Anti-Malware\a2guard.exe"" ["Emsi Software GmbH"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration" -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINNT\system32\hticons.dll" ["Hilgraeve, Inc."] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINNT\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINNT\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINNT\system32\nvshell.dll" ["NVIDIA Corporation"] "{D653647D-D607-4DF6-A5B8-48D2BA195F7B}" = "BitDefender Antivirus v8" -> {HKLM...CLSID} = "BitDefender Antivirus v8" \InProcServer32\(Default) = "C:\Program Files\Softwin\BitDefender8\bdshelxt.dll" ["SOFTWIN S.R.L."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\WinRAR\rarext.dll" [null data] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {HKLM...CLSID} = "AlcoholShellEx" \InProcServer32\(Default) = "d:\ALCOHO~1\axshlex.dll" ["Alcohol Soft Development Team"] "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail" -> {HKLM...CLSID} = "YMailShellExt Class" \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "d:\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <<!>> "AppInit_DLLs" = "ÚUsockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll" [file not found] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "d:\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."] BitDefender Antivirus v8\(Default) = "{D653647D-D607-4DF6-A5B8-48D2BA195F7B}" -> {HKLM...CLSID} = "BitDefender Antivirus v8" \InProcServer32\(Default) = "C:\Program Files\Softwin\BitDefender8\bdshelxt.dll" ["SOFTWIN S.R.L."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\WinRAR\rarext.dll" [null data] Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}" -> {HKLM...CLSID} = "YMailShellExt Class" \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "d:\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ BitDefender Antivirus v8\(Default) = "{D653647D-D607-4DF6-A5B8-48D2BA195F7B}" -> {HKLM...CLSID} = "BitDefender Antivirus v8" \InProcServer32\(Default) = "C:\Program Files\Softwin\BitDefender8\bdshelxt.dll" ["SOFTWIN S.R.L."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\WinRAR\rarext.dll" [null data] Default executables: -------------------- <<!>> HKLM\Software\Classes\htafile\shell\open\command\(Default) = "C:\WINDOWS\system32\mshta.exe "%1" %*" [file not found] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "DisableRegistryTools" = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System| Disable registry editing tools} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be enabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "D:\Mes documents\Mes images\SVI_0249.jpg" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINNT\system32\ssbezier.scr" [MS] Startup items in "Administrateur" & "All Users" startup folders: ---------------------------------------------------------------- C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage "Raccourci vers alert" -> shortcut to: "D:\PC Alert III\alert.exe" ["MICRO-STAR INT'L CO., LTD."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\msafd.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {85D1F590-48F4-11D9-9669-0800200C9A66}\ "MenuText" = "Uninstall BitDefender Online Scanner v8" "Exec" = "%windir%\bdoscandel.exe" [null data] Miscellaneous IE Hijack Points ------------------------------ C:\WINNT\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/" Missing lines (compared with English-language version): [strings]: 1 line Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "d:\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."] BitDefender Communicator, XCOMM, "C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe /service" ["Softwin"] BitDefender Scan Server, bdss, "C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe /service" [null data] BitDefender Virus Shield, VSSERV, "C:\Program Files\Softwin\BitDefender8\vsserv.exe /service" ["SOFTWIN S.R.L."] NVIDIA Display Driver Service, NVSvc, "C:\WINNT\system32\nvsvc32.exe" ["NVIDIA Corporation"] StarWind iSCSI Service, StarWindService, "d:\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"] Système d'événements de COM+, EventSystem, "C:\WINNT\system32\svchost.exe -k netsvcs" {"C:\WINNT\system32\es.dll" [null data]} Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzlnt08\Driver = "hpzlnt08.dll" ["HP"] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 37 seconds, including 8 seconds for message boxes) voili voila

Re bon le pc a tenu pêndant deux heures grosso merdo et là à nouveau bitdefender a bloqué generic.botget winnt\system32\i à nouveau!!! j'y ai cru pourtant que cette vermine était eradiqué. Qu'en dit tu spécialiste? merci encore

Ok Bruce Lee voila les rapports par contre pas de fichier windows\system32\blank.htm --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 18:15:03 28/03/2007 + Résultat de l'analyse: Rien à signaler. Fin du rapport Logfile of HijackThis v1.99.1 Scan saved at 18:20:16, on 28/03/2007 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe d:\AVG Anti-Spyware 7.5\guard.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\MSTask.exe d:\Alcohol 120\StarWind\StarWindService.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\WINNT\Explorer.EXE C:\Program Files\Softwin\BitDefender8\vsserv.exe C:\WINNT\system32\rundll32.exe C:\WINNT\system32\RUNDLL32.EXE C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe C:\Program Files\Softwin\BitDefender8\bdoesrv.exe C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe D:\AVG Anti-Spyware 7.5\avgas.exe D:\a-squared Anti-Malware\a2guard.exe D:\Spybot - Search & Destroy\TeaTimer.exe D:\PC Alert III\alert.exe D:\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [bDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe O4 - HKLM\..\Run: [bDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe O4 - HKLM\..\Run: [bDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe" O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [PSDrvCheck] C:\WINNT\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [a-squared] "D:\a-squared Anti-Malware\a2guard.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] d:\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Raccourci vers alert.lnk = D:\PC Alert III\alert.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://bitdefender.bwm-mediasoft.com/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1169836031859 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O20 - AppInit_DLLs: ÚUsockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll O23 - Service: ACNLFCKLWIINLRTIAQINK - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ACNLFCKLWIINLRTIAQINK.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - d:\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: QYACU - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\QYACU.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - d:\Alcohol 120\StarWind\StarWindService.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender8\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe ça semble redevenir normal? En tout cas plus trop d'affolements au demarrage (bitdefender + AVG restent tranquilles pour le moment...)

désolé bruce mais ce fix ne fonctionne que sous win xp (c'est ce qu'il m'affiche) @ +

re bruce lee et vraiment merci pour ton aide Logfile of HijackThis v1.99.1 Scan saved at 16:21:20, on 28/03/2007 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe d:\AVG Anti-Spyware 7.5\guard.exe C:\WINNT\system32\svchost.exe C:\WINNT\system\msnntlp.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\MSTask.exe d:\Alcohol 120\StarWind\StarWindService.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Softwin\BitDefender8\vsserv.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\RUNDLL32.EXE C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe C:\WINNT\system32\rundll32.exe C:\Program Files\Softwin\BitDefender8\bdoesrv.exe D:\AVG Anti-Spyware 7.5\avgas.exe D:\a-squared Anti-Malware\a2guard.exe D:\Spybot - Search & Destroy\TeaTimer.exe D:\PC Alert III\alert.exe C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [bDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe O4 - HKLM\..\Run: [bDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe O4 - HKLM\..\Run: [bDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe" O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [PSDrvCheck] C:\WINNT\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [a-squared] "D:\a-squared Anti-Malware\a2guard.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] d:\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Raccourci vers alert.lnk = D:\PC Alert III\alert.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://bitdefender.bwm-mediasoft.com/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1169836031859 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O20 - AppInit_DLLs: ÚUsockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll O23 - Service: ACNLFCKLWIINLRTIAQINK - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ACNLFCKLWIINLRTIAQINK.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - d:\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: msnntlp - Unknown owner - C:\WINNT\system\msnntlp.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: QYACU - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\QYACU.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - d:\Alcohol 120\StarWind\StarWindService.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender8\vsserv.exe O23 - Service: Windows NT-Session Manager - Unknown owner - C:\WINNT\smss.exe (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe Rapport sdfix SDFix: Version 1.73 Run by Administrateur - mer. 28/03/2007 - 16:14:27,07 Microsoft Windows 2000 [Version 5.00.2195] Running From: C:\Documents and Settings\Administrateur\Bureau\SDFix Safe Mode: Checking Services: Restoring Windows Registry Entries Restoring Default Hosts File Rebooting... Normal Mode: Checking Files: Below files will be copied to Backups folder then removed: C:\WINNT\system32\i - Deleted ADS Check: C:\WINNT\system32 No streams found. Final Check: Remaining Services: ------------------ Remaining Files: --------------- Checking For Files with Hidden Attributes : C:\WINNT\system32\flvDX.dll C:\Program Files\Picasa2\setup.exe C:\Program Files\Windows Media Player\mplayer2.exe C:\RECYCLER\S-1-5-21-1275210071-115176313-839522115-500\Dc10.exe C:\RECYCLER\S-1-5-21-1275210071-115176313-839522115-500\Dc11.exe C:\RECYCLER\S-1-5-21-1275210071-115176313-839522115-500\Dc5.exe C:\RECYCLER\S-1-5-21-1275210071-115176313-839522115-500\Dc6.exe C:\RECYCLER\S-1-5-21-1275210071-115176313-839522115-500\Dc7.exe C:\RECYCLER\S-1-5-21-1275210071-115176313-839522115-500\Dc8.exe C:\RECYCLER\S-1-5-21-1275210071-115176313-839522115-500\Dc9.exe C:\WINNT\system\msnntlp.exe C:\WINNT\system32\ouqhuuti.exe Finished De plus j'en ai profité pour effacer qques fichiers infectés decouverts lors de la precedente session (qui reviennent sans arret style ynhswvxh.exe) et nouveauté au démarrage avg a bloqué c:\winnt\system312\drivers\etc\hosts qui tente de modifier ledit fichier sympas ces bébettes... @ +

Désolé j'avais pas vu ce log au bas de la page Scanner Malware name AntiVir X ArcaVir X Avast Win32:Tibs-ADO AVG Antivirus X BitDefender X ClamAV Trojan.Spy-2868 Dr.Web X F-Prot Antivirus Possibly a new variant of W32/PWStealer.gen1 F-Secure Anti-Virus X Fortinet X Kaspersky Anti-Virus X NOD32 X Norman Virus Control X Panda Antivirus X VirusBuster X VBA32 MalwareScope.Worm.Viking.3

re bruce lee voila le rapport de scan Scan taken on 28 Mar 2007 13:33:52 (GMT) AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found Trojan-PSW.Win32.LdPinch.bia Fortinet Found nothing Kaspersky Anti-Virus Found Trojan-PSW.Win32.LdPinch.bia NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing A savoir qu'a chaque rdemarrage de mon PC ( et yen a souvent) les malware éradiqués en MSEchec réapparaissent: winnt\system32\i.exe par ex bit defender et avg malgré les eradications en mode ss echec continuent de detecter generic.sdbot ou backdoor.sdbot ou trojan.proxy.ranky voili voila

Salut bruce lee et merci pour ton aide... voila hijackthis Log Logfile of HijackThis v1.99.1 Scan saved at 14:19:01, on 28/03/2007 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe d:\AVG Anti-Spyware 7.5\guard.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\MSTask.exe d:\Alcohol 120\StarWind\StarWindService.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\WINNT\Explorer.EXE C:\Program Files\Softwin\BitDefender8\vsserv.exe C:\WINNT\system\msnntlp.exe C:\WINNT\system32\RUNDLL32.EXE C:\WINNT\system32\rundll32.exe C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe C:\Program Files\Softwin\BitDefender8\bdoesrv.exe C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe D:\AVG Anti-Spyware 7.5\avgas.exe D:\a-squared Anti-Malware\a2guard.exe D:\Spybot - Search & Destroy\TeaTimer.exe D:\PC Alert III\alert.exe C:\WINNT\system32\cmd.exe C:\WINNT\system32\age.exe C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [bDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe O4 - HKLM\..\Run: [bDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe O4 - HKLM\..\Run: [bDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe" O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [PSDrvCheck] C:\WINNT\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [a-squared] "D:\a-squared Anti-Malware\a2guard.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] d:\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Raccourci vers alert.lnk = D:\PC Alert III\alert.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://bitdefender.bwm-mediasoft.com/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1169836031859 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O20 - AppInit_DLLs: ÚUsockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll O23 - Service: ACNLFCKLWIINLRTIAQINK - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ACNLFCKLWIINLRTIAQINK.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - d:\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: msnntlp - Unknown owner - C:\WINNT\system\msnntlp.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: QYACU - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\QYACU.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - d:\Alcohol 120\StarWind\StarWindService.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender8\vsserv.exe O23 - Service: Windows NT-Session Manager - Unknown owner - C:\WINNT\smss.exe (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 11:42:25, on 28/03/2007 Platform: Windows 2000 SP4 (WinNT 5.00.2195) Boot mode: Safe mode Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\Documents and Settings\Administrateur\Bureau\RootkitRevealer\RootkitRevealer.exe C:\WINNT\explorer.exe D:\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrateur\Bureau\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [bDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe O4 - HKLM\..\Run: [bDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe O4 - HKLM\..\Run: [bDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe" O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [PSDrvCheck] C:\WINNT\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [a-squared] "D:\a-squared Anti-Malware\a2guard.exe" O4 - HKLM\..\Run: [Windows Logon Application] C:\WINNT\system32\winIogon.exe O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINNT\system32\duzdsjkw.exe O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINNT\system32\zxlruxjj.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] d:\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [Offices Monitorse] C:\WINNT\system32\algose32.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Startup: Raccourci vers alert.lnk = D:\PC Alert III\alert.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://bitdefender.bwm-mediasoft.com/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1169836031859 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O20 - AppInit_DLLs: ÚUsockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll O23 - Service: Avertissement (Alerter) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: Gestion d'applications (AppMgmt) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - d:\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: Explorateur d'ordinateur (Browser) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: Client DHCP (Dhcp) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINNT\System32\dmadmin.exe O23 - Service: Gestionnaire de disque logique (dmserver) - Unknown owner - C:\WINNT\System32\services.exe O23 - Service: Client DNS (Dnscache) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: Service de télécopie (Fax) - Unknown owner - C:\WINNT\system32\faxsvc.exe O23 - Service: JZDEPB - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JZDEPB.exe (file missing) O23 - Service: Serveur (lanmanserver) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: Station de travail (lanmanworkstation) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: Service d'application d'assistance TCP/IP NetBIOS (LmHosts) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINNT\system32\mnmsrvc.exe O23 - Service: MTZN - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MTZN.exe (file missing) O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINNT\system32\netdde.exe O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINNT\system32\netdde.exe O23 - Service: Ouverture de session réseau (Netlogon) - Unknown owner - C:\WINNT\system32\lsass.exe O23 - Service: NJV - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NJV.exe (file missing) O23 - Service: Fournisseur de la prise en charge de sécurité LM NT (NtLmSsp) - Unknown owner - C:\WINNT\system32\lsass.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: Agent de stratégie IPSEC (PolicyAgent) - Unknown owner - C:\WINNT\system32\lsass.exe O23 - Service: Emplacement protégé (ProtectedStorage) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: Gestionnaire de comptes de sécurité (SamSs) - Unknown owner - C:\WINNT\system32\lsass.exe O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINNT\System32\SCardSvr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINNT\System32\SCardSvr.exe O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINNT\system32\MSTask.exe O23 - Service: Service d'exécution par délégation (seclogon) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - d:\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Still Image Service (StiSvc) - Unknown owner - C:\WINNT\system32\stisvc.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINNT\system32\smlogsvc.exe O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINNT\system32\tlntsvr.exe O23 - Service: Client de suivi de lien distribué (TrkWks) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: Gestionnaire d'utilitaires (UtilMan) - Unknown owner - C:\WINNT\System32\UtilMan.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender8\vsserv.exe O23 - Service: Horloge Windows (W32Time) - Unknown owner - C:\WINNT\System32\services.exe O23 - Service: Windows NT-Session Manager - Unknown owner - C:\WINNT\smss.exe (file missing) O23 - Service: Infrastructure de gestion Windows (WinMgmt) - Unknown owner - C:\WINNT\System32\WBEM\WinMgmt.exe O23 - Service: Extensions du pilote WMI (Wmi) - Unknown owner - C:\WINNT\system32\Services.exe O23 - Service: WPQX - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WPQX.exe (file missing) O23 - Service: WWPSR - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WWPSR.exe (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 8241 bytes "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows 2000 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "SpybotSD TeaTimer" = "d:\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "NvCplDaemon" = "RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit" [MS] "BDMCon" = "C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" ["SOFTWIN S.R.L."] "BDOESRV" = "C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe" ["SOFTWIN SRL"] "BDNewsAgent" = ""C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"" [null data] "Synchronization Manager" = "mobsync.exe /logon" [MS] "PSDrvCheck" = "C:\WINNT\system32\PSDrvCheck.exe" [empty string] "!AVG Anti-Spyware" = ""D:\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."] "a-squared" = ""D:\a-squared Anti-Malware\a2guard.exe"" ["Emsi Software GmbH"] "Windows Logon Application" = "C:\WINNT\system32\winIogon.exe" [null data] "Advanced DHTML Enable" = "C:\WINNT\system32\duzdsjkw.exe" [null data] "Windows DLL Loader" = "C:\WINNT\system32\zxlruxjj.exe" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration" -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINNT\system32\hticons.dll" ["Hilgraeve, Inc."] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINNT\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINNT\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINNT\system32\nvshell.dll" ["NVIDIA Corporation"] "{D653647D-D607-4DF6-A5B8-48D2BA195F7B}" = "BitDefender Antivirus v8" -> {HKLM...CLSID} = "BitDefender Antivirus v8" \InProcServer32\(Default) = "C:\Program Files\Softwin\BitDefender8\bdshelxt.dll" ["SOFTWIN S.R.L."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\WinRAR\rarext.dll" [null data] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {HKLM...CLSID} = "AlcoholShellEx" \InProcServer32\(Default) = "d:\ALCOHO~1\axshlex.dll" ["Alcohol Soft Development Team"] "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail" -> {HKLM...CLSID} = "YMailShellExt Class" \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "d:\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <<!>> "AppInit_DLLs" = "ÚUsockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll" [file not found] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "d:\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."] BitDefender Antivirus v8\(Default) = "{D653647D-D607-4DF6-A5B8-48D2BA195F7B}" -> {HKLM...CLSID} = "BitDefender Antivirus v8" \InProcServer32\(Default) = "C:\Program Files\Softwin\BitDefender8\bdshelxt.dll" ["SOFTWIN S.R.L."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\WinRAR\rarext.dll" [null data] Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}" -> {HKLM...CLSID} = "YMailShellExt Class" \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "d:\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ BitDefender Antivirus v8\(Default) = "{D653647D-D607-4DF6-A5B8-48D2BA195F7B}" -> {HKLM...CLSID} = "BitDefender Antivirus v8" \InProcServer32\(Default) = "C:\Program Files\Softwin\BitDefender8\bdshelxt.dll" ["SOFTWIN S.R.L."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\WinRAR\rarext.dll" [null data] Default executables: -------------------- <<!>> HKLM\Software\Classes\htafile\shell\open\command\(Default) = "C:\WINDOWS\system32\mshta.exe "%1" %*" [file not found] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "DisableRegistryTools" = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System| Disable registry editing tools} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be enabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "D:\Mes documents\Mes images\SVI_0249.jpg" Startup items in "Administrateur" & "All Users" startup folders: ---------------------------------------------------------------- C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage "Raccourci vers alert" -> shortcut to: "D:\PC Alert III\alert.exe" ["MICRO-STAR INT'L CO., LTD."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\msafd.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {85D1F590-48F4-11D9-9669-0800200C9A66}\ "MenuText" = "Uninstall BitDefender Online Scanner v8" "Exec" = "%windir%\bdoscandel.exe" [null data] Miscellaneous IE Hijack Points ------------------------------ C:\WINNT\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/" Missing lines (compared with English-language version): [strings]: 1 line All Non-Disabled Services (Display Name, Service Name, Path {Service DLL}): --------------------------------------------------------------------------- AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "d:\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."] BitDefender Communicator, XCOMM, "C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe /service" ["Softwin"] BitDefender Scan Server, bdss, "C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe /service" [null data] BitDefender Virus Shield, VSSERV, "C:\Program Files\Softwin\BitDefender8\vsserv.exe /service" ["SOFTWIN S.R.L."] DSDM DDE réseau, NetDDEdsdm, "C:\WINNT\system32\netdde.exe" [MS] JZDEPB, JZDEPB, "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JZDEPB.exe" [file not found] MTZN, MTZN, "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MTZN.exe" [file not found] NJV, NJV, "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NJV.exe" [file not found] NVIDIA Display Driver Service, NVSvc, "C:\WINNT\system32\nvsvc32.exe" ["NVIDIA Corporation"] Service d'administration du Gestionnaire de disque logique, dmadmin, "C:\WINNT\System32\dmadmin.exe /com" ["VERITAS Software Corp."] StarWind iSCSI Service, StarWindService, "d:\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"] Système d'événements de COM+, EventSystem, "C:\WINNT\system32\svchost.exe -k netsvcs" {"C:\WINNT\system32\es.dll" [null data]} Windows NT-Session Manager, Windows NT-Session Manager, ""C:\WINNT\smss.exe"" [file not found] WPQX, WPQX, "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WPQX.exe" [file not found] WWPSR, WWPSR, "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WWPSR.exe" [file not found] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzlnt08\Driver = "hpzlnt08.dll" ["HP"] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 29 seconds, including 5 seconds for message boxes) SmitFraudFix v2.157 Rapport fait à 11:36:31,34, mer. 28/03/2007 Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.EXE C:\Documents and Settings\Administrateur\Bureau\RootkitRevealer\RootkitRevealer.exe C:\WINNT\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=hex(1):Da,00,55,00,14,00,73,00,6f,00,63,00,6b,00,73,00,70,00,79,\ »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin