Lutino

Rapport Escan File C:\WINNT\system32\bgnxbntx.exe infected by "Backdoor.Win32.PoeBot.j" Virus. Action Taken: File Renamed. File C:\WINNT\system32\bxo.exe infected by "Backdoor.Win32.SdBot.bek" Virus. Action Taken: File Renamed. File C:\WINNT\system32\efoii.exe infected by "Backdoor.Win32.Rbot.bnz" Virus. Action Taken: File Renamed. File C:\WINNT\system32\iikf.exe infected by "Trojan-Dropper.Win32.Pakes" Virus. Action Taken: File Deleted. File C:\WINNT\system32\iuee.exe infected by "Backdoor.Win32.VanBot.ax" Virus. Action Taken: File Renamed. File C:\WINNT\system32\jcqgb.exe infected by "Backdoor.Win32.VanBot.ax" Virus. Action Taken: File Renamed. File C:\WINNT\system32\jgeois.exe infected by "Backdoor.Win32.VanBot.ax" Virus. Action Taken: File Renamed. File C:\WINNT\system32\jmwa.exe infected by "Backdoor.Win32.VanBot.ax" Virus. Action Taken: File Renamed. File C:\WINNT\system32\juruktr.exe infected by "Backdoor.Win32.Rbot.bnz" Virus. Action Taken: File Renamed. File C:\WINNT\system32\omllkrfy.exe infected by "Backdoor.Win32.VanBot.ax" Virus. Action Taken: File Renamed. File C:\WINNT\system32\pcju.exe infected by "Backdoor.Win32.IRCBot.xo" Virus. Action Taken: File Renamed. File C:\WINNT\system32\pohshqg.exe infected by "Backdoor.Win32.Rbot.bnz" Virus. Action Taken: File Renamed. File C:\WINNT\system32\smyppy.exe infected by "Backdoor.Win32.VanBot.ax" Virus. Action Taken: File Renamed. File C:\WINNT\system32\wsytl.exe infected by "Backdoor.Win32.VanBot.ax" Virus. Action Taken: File Renamed. File C:\WINNT\system32\xewah.exe infected by "Backdoor.Win32.VanBot.ax" Virus. Action Taken: File Renamed. File C:\WINNT\system32\xildt.exe infected by "Backdoor.Win32.PoeBot.c" Virus. Action Taken: File Renamed. File C:\Documents and Settings\Administrateur\Bureau\clean\pskill.exe tagged as not-a-virus:RiskTool.Win32.PsKill.k. No Action Taken. File C:\Documents and Settings\Administrateur\Bureau\clean.zip tagged as not-a-virus:RiskTool.Win32.PsKill.k. No Action Taken. File C:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old1\backups.zip infected by "Net-Worm.Win32.Allaple.b" Virus. Action Taken: File Deleted. File C:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old2\backups.zip infected by "Trojan-Downloader.BAT.Ftp.ab" Virus. Action Taken: File Deleted. --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 19:14:14 25/03/2007 + Résultat de l'analyse: C:\WINNT\system32\bgnxbntx.exe.mwt -> Backdoor.PoeBot.j : Nettoyé. C:\WINNT\system32\jcqgb.exe.mwt -> Backdoor.PoeBot.o : Nettoyé. C:\WINNT\system32\efoii.exe.mwt -> Backdoor.Rbot.bnz : Nettoyé. C:\WINNT\system32\juruktr.exe.mwt -> Backdoor.Rbot.bnz : Nettoyé. C:\WINNT\system32\pohshqg.exe.mwt -> Backdoor.Rbot.bnz : Nettoyé. C:\WINNT\system32\smyppy.exe.mwt -> Backdoor.Rbot.bug : Nettoyé. C:\WINNT\system32\pcju.exe.mwt -> Backdoor.VanBot.g : Nettoyé. Fin du rapport Rapport Diaghelp C:\WINNT\System32/drivers\atksgt.sys -->03/02/2007 14:29:45 C:\WINNT\System32/drivers\lirsgt.sys -->03/02/2007 14:29:44 C:\WINNT\System32/drivers\npf.sys -->25/01/2007 19:31:34 C:\WINNT\System32/drivers\SECDRV.SYS -->25/01/2007 09:18:32 C:\WINNT\System32/drivers\vaxscsi.sys -->25/01/2007 09:10:44 C:\WINNT\System32/drivers\sptd5725.sys -->25/01/2007 09:07:32 C:\WINNT\System32/drivers\sptd.sys -->25/01/2007 09:07:32 C:\WINNT\System32\Perflib_Perfdata_1c4.dat -->28/03/2007 11:38:26 C:\WINNT\System32\tmp.txt -->28/03/2007 11:37:16 C:\WINNT\System32\tmp.reg -->28/03/2007 11:37:16 C:\WINNT\System32\nvapps.xml -->27/03/2007 23:59:08 C:\WINNT\System32\zxlruxjj.exe -->27/03/2007 23:57:43 C:\WINNT\System32\duzdsjkw.exe -->27/03/2007 23:54:43 C:\WINNT\System32\Perflib_Perfdata_234.dat -->27/03/2007 23:31:49 C:\WINNT\System32\.PIF -->26/03/2007 19:17:20 C:\WINNT\System32\Perflib_Perfdata_1c0.dat -->26/03/2007 18:53:43 C:\WINNT\System32\sfc.dll -->26/03/2007 18:35:49 C:\WINNT\System32\Perflib_Perfdata_31c.dat -->25/03/2007 20:22:28 C:\WINNT\System32\Perflib_Perfdata_5c8.dat -->25/03/2007 20:06:27 C:\WINNT\System32\Perflib_Perfdata_3d8.dat -->25/03/2007 19:59:10 C:\WINNT\System32\Perflib_Perfdata_57c.dat -->25/03/2007 19:45:43 C:\WINNT\System32\Perflib_Perfdata_17c.dat -->25/03/2007 19:29:07 C:\WINNT\System32\Perflib_Perfdata_188.dat -->25/03/2007 19:24:49 C:\WINNT\System32\bxo.exe.mwt -->24/03/2007 19:02:14 C:\WINNT\System32\Perflib_Perfdata_3b8.dat -->23/03/2007 19:32:59 C:\WINNT\System32\Perflib_Perfdata_5d8.dat -->22/03/2007 20:38:05 C:\WINNT\System32\Perflib_Perfdata_60c.dat -->22/03/2007 20:30:23 C:\WINNT\System32\irxgskvw.PIF -->22/03/2007 00:23:32 C:\WINNT\System32\FNTCACHE.DAT -->20/03/2007 23:37:46 C:\WINNT\System32\bedgsly.bat -->20/03/2007 18:48:25 C:\WINNT\System32\xdll.bat -->20/03/2007 18:48:14 C:\WINNT\System32\Perflib_Perfdata_640.dat -->20/03/2007 18:43:27 C:\WINNT\ntbtlog.txt -->28/03/2007 11:37:18 C:\WINNT\WindowsUpdate.log -->27/03/2007 23:54:34 C:\WINNT\ShellIconCache -->27/03/2007 20:32:34 C:\WINNT\KB835732.log -->27/03/2007 20:18:57 C:\WINNT\iis5.log -->27/03/2007 20:14:50 C:\WINNT\comsetup.log -->27/03/2007 20:14:50 C:\WINNT\KB828028.log -->27/03/2007 20:14:49 C:\WINNT\imsins.log -->27/03/2007 20:14:49 C:\WINNT\ockodak.log -->27/03/2007 20:14:47 C:\WINNT\ocgen.log -->27/03/2007 20:14:47 C:\WINNT\setuperr.log -->27/03/2007 20:14:42 C:\WINNT\setupact.log -->27/03/2007 20:14:42 C:\WINNT\SchedLgU.Txt -->27/03/2007 20:05:04 C:\WINNT\win.ini -->27/03/2007 19:20:01 C:\WINNT\system.ini -->26/03/2007 19:17:13 C:\WINNT\alcrmv.exe |24/01/2007 21:00:18 C:\WINNT\alcupd.exe |24/01/2007 21:00:18 C:\WINNT\bdoscandel.exe |04/03/2005 15:10:36 C:\WINNT\IsUn040c.exe |02/02/2007 10:14:04 C:\WINNT\IsUninst.exe |24/01/2007 20:55:54 C:\WINNT\meta4.exe |25/02/2007 13:35:09 C:\WINNT\MOTA113.exe |25/02/2007 13:35:09 C:\WINNT\PATCH.EXE |27/01/2007 13:25:04 C:\WINNT\runtsckl.exe |02/11/2005 19:07:12 C:\WINNT\tsc.exe |27/01/2007 13:30:15 C:\WINNT\twunk_16.exe |16/12/1999 10:00:00 C:\WINNT\twunk_32.exe |16/12/1999 10:00:00 C:\WINNT\War3Unin.exe |10/02/2007 18:12:03 C:\WINNT\x2.64.exe |25/02/2007 13:35:09 C:\WINNT\AuHCcup1.dll |23/07/1999 11:53:20 C:\WINNT\BPMNT.dll |27/01/2007 13:30:14 C:\WINNT\hcextoutput.dll |27/01/2007 13:30:15 C:\WINNT\loadhttp.dll |15/10/2002 15:29:40 C:\WINNT\patchw32.dll |14/12/2001 14:34:46 C:\WINNT\TMUPDATE.DLL |27/01/2007 13:25:04 C:\WINNT\twain.dll |16/12/1999 10:00:00 C:\WINNT\twain_32.dll |16/12/1999 10:00:00 C:\WINNT\UNZIP.DLL |27/01/2007 13:25:04 C:\WINNT\vsapi32.dll |27/01/2007 13:30:14 C:\WINNT\system32\append.exe |16/12/1999 10:00:00 C:\WINNT\system32\CNDNDlg.exe |07/03/2007 15:18:10 C:\WINNT\system32\debug.exe |16/12/1999 10:00:00 C:\WINNT\system32\dfrgfat.exe |19/06/2003 12:05:04 C:\WINNT\system32\dfrgntfs.exe |19/06/2003 12:05:04 C:\WINNT\system32\dmadmin.exe |19/06/2003 12:05:04 C:\WINNT\system32\dmremote.exe |19/06/2003 12:05:04 C:\WINNT\system32\dosx.exe |16/12/1999 10:00:00 C:\WINNT\system32\dumphive.exe |27/03/2007 19:14:13 C:\WINNT\system32\duzdsjkw.exe |27/03/2007 23:54:42 C:\WINNT\system32\dvdplay.exe |15/12/1999 01:30:38 C:\WINNT\system32\edlin.exe |16/12/1999 10:00:00 C:\WINNT\system32\exe2bin.exe |16/12/1999 10:00:00 C:\WINNT\system32\fastopen.exe |16/12/1999 10:00:00 C:\WINNT\system32\java.exe |11/02/2007 13:15:23 C:\WINNT\system32\javaw.exe |11/02/2007 13:15:23 C:\WINNT\system32\javaws.exe |11/02/2007 13:15:23 C:\WINNT\system32\keystone.exe |22/10/2006 13:22:00 C:\WINNT\system32\massvc32.exe |18/03/2007 13:34:52 C:\WINNT\system32\mem.exe |16/12/1999 10:00:00 C:\WINNT\system32\mscdexnt.exe |16/12/1999 10:00:00 C:\WINNT\system32\msswchx.exe |19/06/2003 12:05:04 C:\WINNT\system32\NeroCheck.exe |29/01/2007 20:12:00 C:\WINNT\system32\nlsfunc.exe |16/12/1999 10:00:00 C:\WINNT\system32\nvappbar.exe |22/10/2006 13:22:00 C:\WINNT\system32\nvcolor.exe |22/10/2006 13:22:00 C:\WINNT\system32\nvcplui.exe |22/10/2006 13:22:00 C:\WINNT\system32\nvdspsch.exe |22/10/2006 13:22:00 C:\WINNT\system32\nvsvc32.exe |22/10/2006 13:22:00 C:\WINNT\system32\nvudisp.exe |24/01/2007 21:04:47 C:\WINNT\system32\NVUNINST.EXE |24/01/2007 21:04:39 C:\WINNT\system32\nw16.exe |16/12/1999 10:00:00 C:\WINNT\system32\nwiz.exe |22/10/2006 13:22:00 C:\WINNT\system32\Process.exe |27/03/2007 19:14:13 C:\WINNT\system32\PSDrvCheck.exe |23/02/2007 15:25:18 C:\WINNT\system32\pxhpinst.exe |11/03/2007 20:17:53 C:\WINNT\system32\redir.exe |16/12/1999 10:00:00 C:\WINNT\system32\setver.exe |16/12/1999 10:00:00 C:\WINNT\system32\share.exe |16/12/1999 10:00:00 C:\WINNT\system32\Shutdown.exe |24/03/2007 19:35:56 C:\WINNT\system32\SrchSTS.exe |27/03/2007 19:14:13 C:\WINNT\system32\swreg.exe |27/03/2007 19:14:13 C:\WINNT\system32\swsc.exe |27/03/2007 19:14:13 C:\WINNT\system32\swxcacls.exe |27/03/2007 19:14:13 C:\WINNT\system32\vwipxspx.exe |16/12/1999 10:00:00 C:\WINNT\system32\winIogon.exe |19/06/2003 12:05:04 C:\WINNT\system32\x.264.exe |25/02/2007 13:35:08 C:\WINNT\system32\zxlruxjj.exe |27/03/2007 23:57:34 C:\WINNT\system32\amstream.dll |29/01/2007 21:22:26 C:\WINNT\system32\atmfd.dll |19/06/2003 12:05:04 C:\WINNT\system32\atmlib.dll |19/06/2003 12:05:04 C:\WINNT\system32\avisynth.dll |25/02/2007 13:35:08 C:\WINNT\system32\AVSredirect.dll |25/02/2007 13:35:09 C:\WINNT\system32\cbrowser.dll |24/01/2007 21:53:26 C:\WINNT\system32\CNDCK170.dll |07/03/2007 15:18:10 C:\WINNT\system32\CNDUK170.dll |07/03/2007 15:18:10 C:\WINNT\system32\ComLib.dll |24/01/2007 21:53:26 C:\WINNT\system32\devil.dll |25/02/2007 13:35:08 C:\WINNT\system32\dfrgres.dll |16/12/1999 10:00:00 C:\WINNT\system32\dfrgsnap.dll |19/06/2003 12:05:04 C:\WINNT\system32\dfrgui.dll |16/12/1999 10:00:00 C:\WINNT\system32\dgrpsetu.dll |24/01/2007 20:34:06 C:\WINNT\system32\dgsetup.dll |24/01/2007 20:34:06 C:\WINNT\system32\dmconfig.dll |19/06/2003 12:05:04 C:\WINNT\system32\dmintf.dll |19/06/2003 12:05:04 C:\WINNT\system32\dmserver.dll |19/06/2003 12:05:04 C:\WINNT\system32\dmutil.dll |19/06/2003 12:05:04 C:\WINNT\system32\efsadu.dll |16/12/1999 10:00:00 C:\WINNT\system32\EqnClass.Dll |24/01/2007 20:34:06 C:\WINNT\system32\flvDX.dll |25/02/2007 13:32:52 C:\WINNT\system32\hpzcoi08.dll |26/03/2003 08:21:58 C:\WINNT\system32\hpzcon08.dll |26/03/2003 08:23:10 C:\WINNT\system32\hpzlnt08.dll |26/03/2003 08:32:24 C:\WINNT\system32\hticons.dll |24/01/2007 20:40:35 C:\WINNT\system32\hypertrm.dll |24/01/2007 20:40:35 C:\WINNT\system32\i420vfw.dll |25/02/2007 13:35:08 C:\WINNT\system32\iccvid.dll |16/12/1999 10:00:00 C:\WINNT\system32\imagr5.dll |29/01/2007 20:12:05 C:\WINNT\system32\imagx5.dll |29/01/2007 20:12:05 C:\WINNT\system32\ImagXpr5.dll |29/01/2007 20:12:05 C:\WINNT\system32\imgcmn.dll |24/01/2007 20:40:37 C:\WINNT\system32\imgshl.dll |24/01/2007 20:40:37 C:\WINNT\system32\ir32_32.dll |16/12/1999 10:00:00 C:\WINNT\system32\ir41_qc.dll |16/12/1999 10:00:00 C:\WINNT\system32\ir41_qcx.dll |16/12/1999 10:00:00 C:\WINNT\system32\ir50_32.dll |16/12/1999 10:00:00 C:\WINNT\system32\ir50_qc.dll |16/12/1999 10:00:00 C:\WINNT\system32\ir50_qcx.dll |16/12/1999 10:00:00 C:\WINNT\system32\jpeg1x32.dll |24/01/2007 20:40:37 C:\WINNT\system32\jpeg2x32.dll |24/01/2007 20:40:37 C:\WINNT\system32\mciqtz32.dll |29/01/2007 21:22:26 C:\WINNT\system32\meter.dll |11/07/2002 11:38:14 C:\WINNT\system32\msdmo.dll |29/01/2007 21:22:27 C:\WINNT\system32\msencode.dll |30/08/2002 19:24:06 C:\WINNT\system32\msswch.dll |19/06/2003 12:05:04 C:\WINNT\system32\MusInputMod.dll |11/07/2002 11:39:36 C:\WINNT\system32\N067UFW.dll |24/01/2007 21:12:14 C:\WINNT\system32\NMOCOD.DLL |25/01/2007 09:27:08 C:\WINNT\system32\NMORENU.DLL |25/01/2007 09:27:09 C:\WINNT\system32\NMSCKN.DLL |25/01/2007 09:27:09 C:\WINNT\system32\NMW3VWN.DLL |25/01/2007 09:27:09 C:\WINNT\system32\nsp.dll |23/02/2007 15:25:13 C:\WINNT\system32\nspa6.dll |23/02/2007 15:25:17 C:\WINNT\system32\nspm5.dll |23/02/2007 15:25:19 C:\WINNT\system32\nspm6.dll |23/02/2007 15:25:19 C:\WINNT\system32\nspp6.dll |23/02/2007 15:25:18 C:\WINNT\system32\nsppx.dll |23/02/2007 15:25:16 C:\WINNT\system32\nspw7.dll |23/02/2007 15:25:13 C:\WINNT\system32\nv4_disp.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvapi.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvcod.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvcodins.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvcpl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvcpluir.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvdisps.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvdispsr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvexpbar.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvgames.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvgamesr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvhwvid.dll |22/10/2006 13:22:00 C:\WINNT\system32\nview.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvmccs.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvmccsrs.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvmccss.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvmccssr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvmctray.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvmobls.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvmoblsr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvnt4cpl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvoglnt.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsar.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrscs.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsda.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsde.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsel.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrseng.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrses.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsesm.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsfi.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsfr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrshe.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrshu.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsit.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsja.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsko.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsnl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsno.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrspl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrspt.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsptb.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsru.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrssk.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrssl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrssv.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrstr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrszhc.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrszht.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvshell.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvvitvs.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvvitvsr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwddi.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwdmcpl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwimg.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsar.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrscs.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsda.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsde.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsel.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrseng.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrses.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsesm.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsfi.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsfr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrshe.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrshu.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsit.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsja.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsko.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsnl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsno.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrspl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrspt.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsptb.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsru.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrssk.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrssl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrssv.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrstr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrszhc.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrszht.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwss.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwssr.dll |22/10/2006 13:22:00 C:\WINNT\system32\oieng400.dll |24/01/2007 20:40:34 C:\WINNT\system32\oiprt400.dll |24/01/2007 20:40:37 C:\WINNT\system32\oislb400.dll |24/01/2007 20:40:37 C:\WINNT\system32\oissq400.dll |24/01/2007 20:40:37 C:\WINNT\system32\oitwa400.dll |24/01/2007 20:40:37 C:\WINNT\system32\oiui400.dll |24/01/2007 20:40:34 C:\WINNT\system32\Packet.dll |25/01/2007 19:31:34 C:\WINNT\system32\picn20.dll |29/01/2007 20:12:05 C:\WINNT\system32\pncrt.dll |02/02/2007 10:34:38 C:\WINNT\system32\pndx5016.dll |02/02/2007 10:34:38 C:\WINNT\system32\pndx5032.dll |02/02/2007 10:34:38 C:\WINNT\system32\PSCLK170.dll |07/03/2007 15:18:10 C:\WINNT\system32\psisdecd.dll |02/02/2007 20:06:12 C:\WINNT\system32\pthreadVC.dll |25/01/2007 19:31:36 C:\WINNT\system32\px.dll |11/03/2007 20:17:53 C:\WINNT\system32\pxdrv.dll |11/03/2007 20:17:53 C:\WINNT\system32\pxmas.dll |11/03/2007 20:17:53 C:\WINNT\system32\pxwave.dll |11/03/2007 20:17:53 C:\WINNT\system32\qcut.dll |16/12/1999 10:00:00 C:\WINNT\system32\qedwipes.dll |29/01/2007 21:22:28 C:\WINNT\system32\rmoc3260.dll |02/02/2007 10:34:38 C:\WINNT\system32\SG62CPL.DLL |24/01/2007 21:12:14 C:\WINNT\system32\SG62UUD.DLL |24/01/2007 21:12:14 C:\WINNT\system32\Smab.dll |25/02/2007 13:35:07 C:\WINNT\system32\sockspy.dll |24/01/2007 21:32:13 C:\WINNT\system32\spxcoins.dll |24/01/2007 20:34:06 C:\WINNT\system32\tifflt.dll |24/01/2007 20:40:37 C:\WINNT\system32\tsbyuv.dll |15/12/1999 01:30:06 C:\WINNT\system32\tsd32.dll |16/12/1999 10:00:00 C:\WINNT\system32\UCS32P.DLL |24/01/2007 21:12:15 C:\WINNT\system32\vxblock.dll |11/03/2007 20:17:53 C:\WINNT\system32\WanPacket.dll |25/01/2007 19:31:34 C:\WINNT\system32\wavdest.dll |02/09/1998 10:24:30 C:\WINNT\system32\WBCustomizer.dll |08/01/2001 14:47:44 C:\WINNT\system32\win87em.dll |16/12/1999 10:00:00 C:\WINNT\system32\wpcap.dll |25/01/2007 19:31:36 C:\WINNT\system32\xcomm.dll |02/10/2003 13:15:34 C:\WINNT\system32\xiffr3_0.dll |24/01/2007 20:40:37 C:\WINNT\system32\xreglib.dll |06/12/2002 18:37:06 C:\WINNT\system32\yv12vfw.dll |25/02/2007 13:35:08 Le volume dans le lecteur C s'appelle Vingt Doses Le numéro de série du volume est F06D-02CC Répertoire de C:\WINNT\system32 19/06/2003 12:05 5 392 csrss.exe 1 fichier(s) 5 392 octets 0 Rép(s) 5 411 008 512 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C s'appelle Vingt Doses Le numéro de série du volume est F06D-02CC Répertoire de C:\WINNT\Downloaded Program Files 20/03/2007 23:55 <DIR> . 20/03/2007 23:55 <DIR> .. 13/11/2006 20:48 946 296 asquared.ocx 07/12/2004 17:07 32 bdcore.dll 01/03/2005 15:08 118 784 bdupd.dll 25/02/2007 13:31 65 desktop.ini 01/03/2005 15:08 53 248 ipsupd.dll 08/08/2006 12:45 576 kavwebscan.inf 16/03/2005 12:34 7 407 lang.ini 07/12/2004 17:07 32 libfn.dll 14/03/2005 14:38 126 live.ini 01/03/2005 12:15 1 246 oscan8.inf 16/03/2005 12:31 475 136 oscan8.ocx 14/03/2005 14:58 7 073 scanoptions.tsi 26/05/2005 05:19 291 wuweb.inf 02/11/2005 19:01 1 777 xscan.inf 02/11/2005 19:07 435 712 xscan53.ocx 15 fichier(s) 2 047 801 octets Total des fichiers listés : 15 fichier(s) 2 047 801 octets 2 Rép(s) 5 410 942 976 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Le volume dans le lecteur C s'appelle Vingt Doses Le numéro de série du volume est F06D-02CC Répertoire de C:\Program Files 11/03/2007 20:17 <DIR> . 11/03/2007 20:17 <DIR> .. 24/01/2007 20:40 <DIR> Accessoires 11/02/2007 13:23 <DIR> AddOnsOO2 25/01/2007 13:32 <DIR> Adobe 25/02/2007 13:35 <DIR> AviSynth 2.5 24/02/2007 20:44 <DIR> Common Files 24/01/2007 20:41 <DIR> ComPlus Applications 28/01/2007 20:21 <DIR> directx 20/03/2007 23:42 <DIR> Fichiers communs 11/03/2007 20:17 <DIR> Google 02/02/2007 10:16 <DIR> Hewlett-Packard 25/02/2007 13:28 <DIR> Internet Explorer 11/02/2007 13:15 <DIR> Java 24/01/2007 20:40 <DIR> Lecteur Windows Media 02/02/2007 10:39 <DIR> Media Player Classic 24/01/2007 23:20 <DIR> microsoft frontpage 24/01/2007 23:34 <DIR> Microsoft Office 20/03/2007 23:34 <DIR> NetMeeting 11/02/2007 13:24 <DIR> OOoHG 11/02/2007 13:19 <DIR> OpenOffice.org 2.0 25/02/2007 13:31 <DIR> Outlook Express 14/03/2007 22:02 <DIR> Picasa2 23/02/2007 15:25 <DIR> Pinnacle 24/01/2007 21:22 <DIR> Softwin 23/02/2007 15:25 <DIR> VOB 23/02/2007 15:26 <DIR> Windows Media Player 24/01/2007 20:40 <DIR> Windows NT 21/02/2007 14:41 <DIR> WinPcap 26/02/2007 19:52 <DIR> Yahoo! 0 fichier(s) 0 octets 30 Rép(s) 5 411 078 144 octets libres Le volume dans le lecteur C s'appelle Vingt Doses Le numéro de série du volume est F06D-02CC Répertoire de C:\Program Files\fichiers communs 20/03/2007 23:42 <DIR> . 20/03/2007 23:42 <DIR> .. 25/01/2007 09:00 <DIR> Adobe 29/01/2007 20:12 <DIR> Ahead 07/03/2007 15:11 <DIR> InstallShield 11/02/2007 13:14 <DIR> Java 25/02/2007 13:31 <DIR> Microsoft Shared 02/02/2007 10:15 <DIR> MSSoap 24/01/2007 20:34 <DIR> ODBC 25/02/2007 13:31 <DIR> Services 24/01/2007 21:21 <DIR> Softwin 25/02/2007 13:31 <DIR> System 0 fichier(s) 0 octets 12 Rép(s) 5 411 078 144 octets libres Le volume dans le lecteur C s'appelle Vingt Doses Le numéro de série du volume est F06D-02CC Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 24/01/2007 23:53 <DIR> . 24/01/2007 23:53 <DIR> .. 04/11/1999 02:38 561 210 MSONSEXT.DLL 03/06/1999 21:09 122 937 MSOWS409.DLL 07/03/2001 16:00 127 033 MSOWS40c.DLL 3 fichier(s) 811 180 octets 2 Rép(s) 5 411 012 608 octets libres Le volume dans le lecteur C s'appelle Vingt Doses Le numéro de série du volume est F06D-02CC Répertoire de C:\Program Files\common files 24/02/2007 20:44 <DIR> . 24/02/2007 20:44 <DIR> .. 24/02/2007 20:53 <DIR> System 0 fichier(s) 0 octets 3 Rép(s) 5 411 074 048 octets libres Le volume dans le lecteur C s'appelle Vingt Doses Le numéro de série du volume est F06D-02CC Répertoire de C:\ 11/11/2001 00:00 68 096 diff.exe 27/08/2006 14:10 103 424 grep.exe 2 fichier(s) 171 520 octets 0 Rép(s) 5 411 074 048 octets libres c:\Documents and Settings\Administrateur\.housecall6.6\getMac.exe c:\Documents and Settings\Administrateur\.housecall6.6\patch.exe c:\Documents and Settings\Administrateur\.housecall6.6\tsc.exe c:\Documents and Settings\Administrateur\Bureau\a2AntiMalwareSetup.exe c:\Documents and Settings\Administrateur\Bureau\Antisasser-FR.exe c:\Documents and Settings\Administrateur\Bureau\ATF-Cleaner.exe c:\Documents and Settings\Administrateur\Bureau\avg-anti-spyware_avg_anti-spyware_francais_27645.exe c:\Documents and Settings\Administrateur\Bureau\BattleLANv04.exe c:\Documents and Settings\Administrateur\Bureau\BigFix1.6b.exe c:\Documents and Settings\Administrateur\Bureau\blbeta.exe c:\Documents and Settings\Administrateur\Bureau\clamwin-0.90.1-setup.exe c:\Documents and Settings\Administrateur\Bureau\ComboFix.exe c:\Documents and Settings\Administrateur\Bureau\HiJackThis_v2.exe c:\Documents and Settings\Administrateur\Bureau\mwav.exe c:\Documents and Settings\Administrateur\Bureau\sd4hide.exe c:\Documents and Settings\Administrateur\Bureau\spywarefighter.exe c:\Documents and Settings\Administrateur\Bureau\URLSnooper.exe c:\Documents and Settings\Administrateur\Bureau\Windows2000-KB828028-x86-FRA.EXE c:\Documents and Settings\Administrateur\Bureau\Windows2000-KB835732-x86-FRA(2).EXE c:\Documents and Settings\Administrateur\Bureau\Windows2000-KB835732-x86-FRA.EXE c:\Documents and Settings\Administrateur\Bureau\Arret_Demarrage\Arrêt programmé.exe c:\Documents and Settings\Administrateur\Bureau\clean\pskill.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\catchme.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\diff.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\dumphive.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\Fport.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\grep.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\LFiles.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\pslist.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\streams.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\swreg.exe c:\Documents and Settings\Administrateur\Bureau\RootkitRevealer\RootkitRevealer.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\Catchme.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\cliptext.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\download.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\LS.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\MD5File.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\MoveEx.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\RegDACL.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\RestartIt!.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\sc.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\SF.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\swreg.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\swsc.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\unzip.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\zip.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\Replace\W2K.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\Replace\XP.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups\attrib.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups\find.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups\findstr.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups\regedit.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old1\attrib.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old1\find.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old1\findstr.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old1\regedit.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old2\attrib.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old2\find.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old2\findstr.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old2\regedit.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old3\attrib.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old3\find.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old3\findstr.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old3\regedit.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\dumphive.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\GenericRenosFix.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\Process.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\Reboot.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\restart.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\SmiUpdate.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\SrchSTS.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\swreg.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\swsc.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\swxcacls.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\unzip.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer50x\x86win2k\com_microsoft.Q318089_W2K_IE5_5218\vbs51nfr.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer50x\x86win2k\com_microsoft.Q330994_OEPatch31_IE55SP2\q330994.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer50x\x86win2k\com_microsoft.Q822925_IE501_SP4\q822925.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer55x\x86win2k\com_microsoft.Q330994_OEPatch31_IE55SP2\q330994.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer55x\x86win2k\com_microsoft.Q822925_IE_55SP2\q822925.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer6x\x86win2k\com_microsoft.813951_urlmon_5995\q813951.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer6x\x86win2k\com_microsoft.Q318089_W2K_XP_IE6_5226\vbs56nfr.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer6x\x86win2k\com_microsoft.Q330994_OEPatch_IE6SP1_32\q330994.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer6x\x86win2k\com_microsoft.Q822925_IE6_SP1\q822925.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.817787_WMZ_MSRC_1640_WMP71\WindowsMedia71-KB817787-x86-FRA.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.819696_nonDirectX_9_0B_CRITICAL\DirectX9-KB819696-x86-FRA.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.823559_W2K_SP5_WinSE_48630\Windows2000-KB823559-x86-FRA.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.823980_W2K_SP5_WinSE_48715_Critical\Windows2000-KB823980-x86-FRA.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.824105_W2K_SP5_WinSE_48089_Critical\Windows2000-KB824105-x86-FRA.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.824146_W2K_SP5_WinSE_49650\Windows2000-KB824146-x86-FRA.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.IIS_SecPatch_IIS5_5415\Q321599_W2K.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Jscript_ win2K_55_6001\js55nfr.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Jscript_ win2K_XP_56_6003\js56nfr.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Jscript_Win2K_51_5999\js51nfr.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q261255_SP1_4094\q261255.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q270676_SP2_CORP_4127\Q270676.EXE c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q274372_SP2_W2k_CORP_4280\Q274372.EXE c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q280838_SP2_W2k_4305\Q280838.EXE c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q296185_W2K_SP3_CORP_4594\q296185_W2K.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q299553_W2K_SP3_CORP_4674\Q299553.EXE c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q311967_W2K_SP3_5304\Q311967.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q312897_VS_NET_JA_5433\NDP10_SP_Q321897_Ja.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q313450_W2K_Cons_5256\Q313450SP3.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q313829_W2K_5282\Q313829.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q314147_W2K_5265\Q314147_W2K.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q317244_XML40_5255\Q317244.exe c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.1.3.100\QuickTimeInstallerAdmin.exe

Rapport Escan File C:\WINNT\system32\bgnxbntx.exe infected by "Backdoor.Win32.PoeBot.j" Virus. Action Taken: File Renamed. File C:\WINNT\system32\bxo.exe infected by "Backdoor.Win32.SdBot.bek" Virus. Action Taken: File Renamed. File C:\WINNT\system32\efoii.exe infected by "Backdoor.Win32.Rbot.bnz" Virus. Action Taken: File Renamed. File C:\WINNT\system32\iikf.exe infected by "Trojan-Dropper.Win32.Pakes" Virus. Action Taken: File Deleted. File C:\WINNT\system32\iuee.exe infected by "Backdoor.Win32.VanBot.ax" Virus. Action Taken: File Renamed. File C:\WINNT\system32\jcqgb.exe infected by "Backdoor.Win32.VanBot.ax" Virus. Action Taken: File Renamed. File C:\WINNT\system32\jgeois.exe infected by "Backdoor.Win32.VanBot.ax" Virus. Action Taken: File Renamed. File C:\WINNT\system32\jmwa.exe infected by "Backdoor.Win32.VanBot.ax" Virus. Action Taken: File Renamed. File C:\WINNT\system32\juruktr.exe infected by "Backdoor.Win32.Rbot.bnz" Virus. Action Taken: File Renamed. File C:\WINNT\system32\omllkrfy.exe infected by "Backdoor.Win32.VanBot.ax" Virus. Action Taken: File Renamed. File C:\WINNT\system32\pcju.exe infected by "Backdoor.Win32.IRCBot.xo" Virus. Action Taken: File Renamed. File C:\WINNT\system32\pohshqg.exe infected by "Backdoor.Win32.Rbot.bnz" Virus. Action Taken: File Renamed. File C:\WINNT\system32\smyppy.exe infected by "Backdoor.Win32.VanBot.ax" Virus. Action Taken: File Renamed. File C:\WINNT\system32\wsytl.exe infected by "Backdoor.Win32.VanBot.ax" Virus. Action Taken: File Renamed. File C:\WINNT\system32\xewah.exe infected by "Backdoor.Win32.VanBot.ax" Virus. Action Taken: File Renamed. File C:\WINNT\system32\xildt.exe infected by "Backdoor.Win32.PoeBot.c" Virus. Action Taken: File Renamed. File C:\Documents and Settings\Administrateur\Bureau\clean\pskill.exe tagged as not-a-virus:RiskTool.Win32.PsKill.k. No Action Taken. File C:\Documents and Settings\Administrateur\Bureau\clean.zip tagged as not-a-virus:RiskTool.Win32.PsKill.k. No Action Taken. File C:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old1\backups.zip infected by "Net-Worm.Win32.Allaple.b" Virus. Action Taken: File Deleted. File C:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old2\backups.zip infected by "Trojan-Downloader.BAT.Ftp.ab" Virus. Action Taken: File Deleted. --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 19:14:14 25/03/2007 + Résultat de l'analyse: C:\WINNT\system32\bgnxbntx.exe.mwt -> Backdoor.PoeBot.j : Nettoyé. C:\WINNT\system32\jcqgb.exe.mwt -> Backdoor.PoeBot.o : Nettoyé. C:\WINNT\system32\efoii.exe.mwt -> Backdoor.Rbot.bnz : Nettoyé. C:\WINNT\system32\juruktr.exe.mwt -> Backdoor.Rbot.bnz : Nettoyé. C:\WINNT\system32\pohshqg.exe.mwt -> Backdoor.Rbot.bnz : Nettoyé. C:\WINNT\system32\smyppy.exe.mwt -> Backdoor.Rbot.bug : Nettoyé. C:\WINNT\system32\pcju.exe.mwt -> Backdoor.VanBot.g : Nettoyé. Fin du rapport Rapport Diaghelp C:\WINNT\System32/drivers\atksgt.sys -->03/02/2007 14:29:45 C:\WINNT\System32/drivers\lirsgt.sys -->03/02/2007 14:29:44 C:\WINNT\System32/drivers\npf.sys -->25/01/2007 19:31:34 C:\WINNT\System32/drivers\SECDRV.SYS -->25/01/2007 09:18:32 C:\WINNT\System32/drivers\vaxscsi.sys -->25/01/2007 09:10:44 C:\WINNT\System32/drivers\sptd5725.sys -->25/01/2007 09:07:32 C:\WINNT\System32/drivers\sptd.sys -->25/01/2007 09:07:32 C:\WINNT\System32\Perflib_Perfdata_1c4.dat -->28/03/2007 11:38:26 C:\WINNT\System32\tmp.txt -->28/03/2007 11:37:16 C:\WINNT\System32\tmp.reg -->28/03/2007 11:37:16 C:\WINNT\System32\nvapps.xml -->27/03/2007 23:59:08 C:\WINNT\System32\zxlruxjj.exe -->27/03/2007 23:57:43 C:\WINNT\System32\duzdsjkw.exe -->27/03/2007 23:54:43 C:\WINNT\System32\Perflib_Perfdata_234.dat -->27/03/2007 23:31:49 C:\WINNT\System32\.PIF -->26/03/2007 19:17:20 C:\WINNT\System32\Perflib_Perfdata_1c0.dat -->26/03/2007 18:53:43 C:\WINNT\System32\sfc.dll -->26/03/2007 18:35:49 C:\WINNT\System32\Perflib_Perfdata_31c.dat -->25/03/2007 20:22:28 C:\WINNT\System32\Perflib_Perfdata_5c8.dat -->25/03/2007 20:06:27 C:\WINNT\System32\Perflib_Perfdata_3d8.dat -->25/03/2007 19:59:10 C:\WINNT\System32\Perflib_Perfdata_57c.dat -->25/03/2007 19:45:43 C:\WINNT\System32\Perflib_Perfdata_17c.dat -->25/03/2007 19:29:07 C:\WINNT\System32\Perflib_Perfdata_188.dat -->25/03/2007 19:24:49 C:\WINNT\System32\bxo.exe.mwt -->24/03/2007 19:02:14 C:\WINNT\System32\Perflib_Perfdata_3b8.dat -->23/03/2007 19:32:59 C:\WINNT\System32\Perflib_Perfdata_5d8.dat -->22/03/2007 20:38:05 C:\WINNT\System32\Perflib_Perfdata_60c.dat -->22/03/2007 20:30:23 C:\WINNT\System32\irxgskvw.PIF -->22/03/2007 00:23:32 C:\WINNT\System32\FNTCACHE.DAT -->20/03/2007 23:37:46 C:\WINNT\System32\bedgsly.bat -->20/03/2007 18:48:25 C:\WINNT\System32\xdll.bat -->20/03/2007 18:48:14 C:\WINNT\System32\Perflib_Perfdata_640.dat -->20/03/2007 18:43:27 C:\WINNT\ntbtlog.txt -->28/03/2007 11:37:18 C:\WINNT\WindowsUpdate.log -->27/03/2007 23:54:34 C:\WINNT\ShellIconCache -->27/03/2007 20:32:34 C:\WINNT\KB835732.log -->27/03/2007 20:18:57 C:\WINNT\iis5.log -->27/03/2007 20:14:50 C:\WINNT\comsetup.log -->27/03/2007 20:14:50 C:\WINNT\KB828028.log -->27/03/2007 20:14:49 C:\WINNT\imsins.log -->27/03/2007 20:14:49 C:\WINNT\ockodak.log -->27/03/2007 20:14:47 C:\WINNT\ocgen.log -->27/03/2007 20:14:47 C:\WINNT\setuperr.log -->27/03/2007 20:14:42 C:\WINNT\setupact.log -->27/03/2007 20:14:42 C:\WINNT\SchedLgU.Txt -->27/03/2007 20:05:04 C:\WINNT\win.ini -->27/03/2007 19:20:01 C:\WINNT\system.ini -->26/03/2007 19:17:13 C:\WINNT\alcrmv.exe |24/01/2007 21:00:18 C:\WINNT\alcupd.exe |24/01/2007 21:00:18 C:\WINNT\bdoscandel.exe |04/03/2005 15:10:36 C:\WINNT\IsUn040c.exe |02/02/2007 10:14:04 C:\WINNT\IsUninst.exe |24/01/2007 20:55:54 C:\WINNT\meta4.exe |25/02/2007 13:35:09 C:\WINNT\MOTA113.exe |25/02/2007 13:35:09 C:\WINNT\PATCH.EXE |27/01/2007 13:25:04 C:\WINNT\runtsckl.exe |02/11/2005 19:07:12 C:\WINNT\tsc.exe |27/01/2007 13:30:15 C:\WINNT\twunk_16.exe |16/12/1999 10:00:00 C:\WINNT\twunk_32.exe |16/12/1999 10:00:00 C:\WINNT\War3Unin.exe |10/02/2007 18:12:03 C:\WINNT\x2.64.exe |25/02/2007 13:35:09 C:\WINNT\AuHCcup1.dll |23/07/1999 11:53:20 C:\WINNT\BPMNT.dll |27/01/2007 13:30:14 C:\WINNT\hcextoutput.dll |27/01/2007 13:30:15 C:\WINNT\loadhttp.dll |15/10/2002 15:29:40 C:\WINNT\patchw32.dll |14/12/2001 14:34:46 C:\WINNT\TMUPDATE.DLL |27/01/2007 13:25:04 C:\WINNT\twain.dll |16/12/1999 10:00:00 C:\WINNT\twain_32.dll |16/12/1999 10:00:00 C:\WINNT\UNZIP.DLL |27/01/2007 13:25:04 C:\WINNT\vsapi32.dll |27/01/2007 13:30:14 C:\WINNT\system32\append.exe |16/12/1999 10:00:00 C:\WINNT\system32\CNDNDlg.exe |07/03/2007 15:18:10 C:\WINNT\system32\debug.exe |16/12/1999 10:00:00 C:\WINNT\system32\dfrgfat.exe |19/06/2003 12:05:04 C:\WINNT\system32\dfrgntfs.exe |19/06/2003 12:05:04 C:\WINNT\system32\dmadmin.exe |19/06/2003 12:05:04 C:\WINNT\system32\dmremote.exe |19/06/2003 12:05:04 C:\WINNT\system32\dosx.exe |16/12/1999 10:00:00 C:\WINNT\system32\dumphive.exe |27/03/2007 19:14:13 C:\WINNT\system32\duzdsjkw.exe |27/03/2007 23:54:42 C:\WINNT\system32\dvdplay.exe |15/12/1999 01:30:38 C:\WINNT\system32\edlin.exe |16/12/1999 10:00:00 C:\WINNT\system32\exe2bin.exe |16/12/1999 10:00:00 C:\WINNT\system32\fastopen.exe |16/12/1999 10:00:00 C:\WINNT\system32\java.exe |11/02/2007 13:15:23 C:\WINNT\system32\javaw.exe |11/02/2007 13:15:23 C:\WINNT\system32\javaws.exe |11/02/2007 13:15:23 C:\WINNT\system32\keystone.exe |22/10/2006 13:22:00 C:\WINNT\system32\massvc32.exe |18/03/2007 13:34:52 C:\WINNT\system32\mem.exe |16/12/1999 10:00:00 C:\WINNT\system32\mscdexnt.exe |16/12/1999 10:00:00 C:\WINNT\system32\msswchx.exe |19/06/2003 12:05:04 C:\WINNT\system32\NeroCheck.exe |29/01/2007 20:12:00 C:\WINNT\system32\nlsfunc.exe |16/12/1999 10:00:00 C:\WINNT\system32\nvappbar.exe |22/10/2006 13:22:00 C:\WINNT\system32\nvcolor.exe |22/10/2006 13:22:00 C:\WINNT\system32\nvcplui.exe |22/10/2006 13:22:00 C:\WINNT\system32\nvdspsch.exe |22/10/2006 13:22:00 C:\WINNT\system32\nvsvc32.exe |22/10/2006 13:22:00 C:\WINNT\system32\nvudisp.exe |24/01/2007 21:04:47 C:\WINNT\system32\NVUNINST.EXE |24/01/2007 21:04:39 C:\WINNT\system32\nw16.exe |16/12/1999 10:00:00 C:\WINNT\system32\nwiz.exe |22/10/2006 13:22:00 C:\WINNT\system32\Process.exe |27/03/2007 19:14:13 C:\WINNT\system32\PSDrvCheck.exe |23/02/2007 15:25:18 C:\WINNT\system32\pxhpinst.exe |11/03/2007 20:17:53 C:\WINNT\system32\redir.exe |16/12/1999 10:00:00 C:\WINNT\system32\setver.exe |16/12/1999 10:00:00 C:\WINNT\system32\share.exe |16/12/1999 10:00:00 C:\WINNT\system32\Shutdown.exe |24/03/2007 19:35:56 C:\WINNT\system32\SrchSTS.exe |27/03/2007 19:14:13 C:\WINNT\system32\swreg.exe |27/03/2007 19:14:13 C:\WINNT\system32\swsc.exe |27/03/2007 19:14:13 C:\WINNT\system32\swxcacls.exe |27/03/2007 19:14:13 C:\WINNT\system32\vwipxspx.exe |16/12/1999 10:00:00 C:\WINNT\system32\winIogon.exe |19/06/2003 12:05:04 C:\WINNT\system32\x.264.exe |25/02/2007 13:35:08 C:\WINNT\system32\zxlruxjj.exe |27/03/2007 23:57:34 C:\WINNT\system32\amstream.dll |29/01/2007 21:22:26 C:\WINNT\system32\atmfd.dll |19/06/2003 12:05:04 C:\WINNT\system32\atmlib.dll |19/06/2003 12:05:04 C:\WINNT\system32\avisynth.dll |25/02/2007 13:35:08 C:\WINNT\system32\AVSredirect.dll |25/02/2007 13:35:09 C:\WINNT\system32\cbrowser.dll |24/01/2007 21:53:26 C:\WINNT\system32\CNDCK170.dll |07/03/2007 15:18:10 C:\WINNT\system32\CNDUK170.dll |07/03/2007 15:18:10 C:\WINNT\system32\ComLib.dll |24/01/2007 21:53:26 C:\WINNT\system32\devil.dll |25/02/2007 13:35:08 C:\WINNT\system32\dfrgres.dll |16/12/1999 10:00:00 C:\WINNT\system32\dfrgsnap.dll |19/06/2003 12:05:04 C:\WINNT\system32\dfrgui.dll |16/12/1999 10:00:00 C:\WINNT\system32\dgrpsetu.dll |24/01/2007 20:34:06 C:\WINNT\system32\dgsetup.dll |24/01/2007 20:34:06 C:\WINNT\system32\dmconfig.dll |19/06/2003 12:05:04 C:\WINNT\system32\dmintf.dll |19/06/2003 12:05:04 C:\WINNT\system32\dmserver.dll |19/06/2003 12:05:04 C:\WINNT\system32\dmutil.dll |19/06/2003 12:05:04 C:\WINNT\system32\efsadu.dll |16/12/1999 10:00:00 C:\WINNT\system32\EqnClass.Dll |24/01/2007 20:34:06 C:\WINNT\system32\flvDX.dll |25/02/2007 13:32:52 C:\WINNT\system32\hpzcoi08.dll |26/03/2003 08:21:58 C:\WINNT\system32\hpzcon08.dll |26/03/2003 08:23:10 C:\WINNT\system32\hpzlnt08.dll |26/03/2003 08:32:24 C:\WINNT\system32\hticons.dll |24/01/2007 20:40:35 C:\WINNT\system32\hypertrm.dll |24/01/2007 20:40:35 C:\WINNT\system32\i420vfw.dll |25/02/2007 13:35:08 C:\WINNT\system32\iccvid.dll |16/12/1999 10:00:00 C:\WINNT\system32\imagr5.dll |29/01/2007 20:12:05 C:\WINNT\system32\imagx5.dll |29/01/2007 20:12:05 C:\WINNT\system32\ImagXpr5.dll |29/01/2007 20:12:05 C:\WINNT\system32\imgcmn.dll |24/01/2007 20:40:37 C:\WINNT\system32\imgshl.dll |24/01/2007 20:40:37 C:\WINNT\system32\ir32_32.dll |16/12/1999 10:00:00 C:\WINNT\system32\ir41_qc.dll |16/12/1999 10:00:00 C:\WINNT\system32\ir41_qcx.dll |16/12/1999 10:00:00 C:\WINNT\system32\ir50_32.dll |16/12/1999 10:00:00 C:\WINNT\system32\ir50_qc.dll |16/12/1999 10:00:00 C:\WINNT\system32\ir50_qcx.dll |16/12/1999 10:00:00 C:\WINNT\system32\jpeg1x32.dll |24/01/2007 20:40:37 C:\WINNT\system32\jpeg2x32.dll |24/01/2007 20:40:37 C:\WINNT\system32\mciqtz32.dll |29/01/2007 21:22:26 C:\WINNT\system32\meter.dll |11/07/2002 11:38:14 C:\WINNT\system32\msdmo.dll |29/01/2007 21:22:27 C:\WINNT\system32\msencode.dll |30/08/2002 19:24:06 C:\WINNT\system32\msswch.dll |19/06/2003 12:05:04 C:\WINNT\system32\MusInputMod.dll |11/07/2002 11:39:36 C:\WINNT\system32\N067UFW.dll |24/01/2007 21:12:14 C:\WINNT\system32\NMOCOD.DLL |25/01/2007 09:27:08 C:\WINNT\system32\NMORENU.DLL |25/01/2007 09:27:09 C:\WINNT\system32\NMSCKN.DLL |25/01/2007 09:27:09 C:\WINNT\system32\NMW3VWN.DLL |25/01/2007 09:27:09 C:\WINNT\system32\nsp.dll |23/02/2007 15:25:13 C:\WINNT\system32\nspa6.dll |23/02/2007 15:25:17 C:\WINNT\system32\nspm5.dll |23/02/2007 15:25:19 C:\WINNT\system32\nspm6.dll |23/02/2007 15:25:19 C:\WINNT\system32\nspp6.dll |23/02/2007 15:25:18 C:\WINNT\system32\nsppx.dll |23/02/2007 15:25:16 C:\WINNT\system32\nspw7.dll |23/02/2007 15:25:13 C:\WINNT\system32\nv4_disp.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvapi.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvcod.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvcodins.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvcpl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvcpluir.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvdisps.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvdispsr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvexpbar.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvgames.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvgamesr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvhwvid.dll |22/10/2006 13:22:00 C:\WINNT\system32\nview.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvmccs.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvmccsrs.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvmccss.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvmccssr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvmctray.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvmobls.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvmoblsr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvnt4cpl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvoglnt.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsar.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrscs.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsda.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsde.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsel.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrseng.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrses.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsesm.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsfi.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsfr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrshe.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrshu.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsit.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsja.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsko.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsnl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsno.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrspl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrspt.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsptb.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrsru.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrssk.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrssl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrssv.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrstr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrszhc.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvrszht.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvshell.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvvitvs.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvvitvsr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwddi.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwdmcpl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwimg.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsar.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrscs.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsda.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsde.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsel.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrseng.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrses.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsesm.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsfi.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsfr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrshe.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrshu.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsit.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsja.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsko.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsnl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsno.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrspl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrspt.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsptb.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrsru.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrssk.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrssl.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrssv.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrstr.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrszhc.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwrszht.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwss.dll |22/10/2006 13:22:00 C:\WINNT\system32\nvwssr.dll |22/10/2006 13:22:00 C:\WINNT\system32\oieng400.dll |24/01/2007 20:40:34 C:\WINNT\system32\oiprt400.dll |24/01/2007 20:40:37 C:\WINNT\system32\oislb400.dll |24/01/2007 20:40:37 C:\WINNT\system32\oissq400.dll |24/01/2007 20:40:37 C:\WINNT\system32\oitwa400.dll |24/01/2007 20:40:37 C:\WINNT\system32\oiui400.dll |24/01/2007 20:40:34 C:\WINNT\system32\Packet.dll |25/01/2007 19:31:34 C:\WINNT\system32\picn20.dll |29/01/2007 20:12:05 C:\WINNT\system32\pncrt.dll |02/02/2007 10:34:38 C:\WINNT\system32\pndx5016.dll |02/02/2007 10:34:38 C:\WINNT\system32\pndx5032.dll |02/02/2007 10:34:38 C:\WINNT\system32\PSCLK170.dll |07/03/2007 15:18:10 C:\WINNT\system32\psisdecd.dll |02/02/2007 20:06:12 C:\WINNT\system32\pthreadVC.dll |25/01/2007 19:31:36 C:\WINNT\system32\px.dll |11/03/2007 20:17:53 C:\WINNT\system32\pxdrv.dll |11/03/2007 20:17:53 C:\WINNT\system32\pxmas.dll |11/03/2007 20:17:53 C:\WINNT\system32\pxwave.dll |11/03/2007 20:17:53 C:\WINNT\system32\qcut.dll |16/12/1999 10:00:00 C:\WINNT\system32\qedwipes.dll |29/01/2007 21:22:28 C:\WINNT\system32\rmoc3260.dll |02/02/2007 10:34:38 C:\WINNT\system32\SG62CPL.DLL |24/01/2007 21:12:14 C:\WINNT\system32\SG62UUD.DLL |24/01/2007 21:12:14 C:\WINNT\system32\Smab.dll |25/02/2007 13:35:07 C:\WINNT\system32\sockspy.dll |24/01/2007 21:32:13 C:\WINNT\system32\spxcoins.dll |24/01/2007 20:34:06 C:\WINNT\system32\tifflt.dll |24/01/2007 20:40:37 C:\WINNT\system32\tsbyuv.dll |15/12/1999 01:30:06 C:\WINNT\system32\tsd32.dll |16/12/1999 10:00:00 C:\WINNT\system32\UCS32P.DLL |24/01/2007 21:12:15 C:\WINNT\system32\vxblock.dll |11/03/2007 20:17:53 C:\WINNT\system32\WanPacket.dll |25/01/2007 19:31:34 C:\WINNT\system32\wavdest.dll |02/09/1998 10:24:30 C:\WINNT\system32\WBCustomizer.dll |08/01/2001 14:47:44 C:\WINNT\system32\win87em.dll |16/12/1999 10:00:00 C:\WINNT\system32\wpcap.dll |25/01/2007 19:31:36 C:\WINNT\system32\xcomm.dll |02/10/2003 13:15:34 C:\WINNT\system32\xiffr3_0.dll |24/01/2007 20:40:37 C:\WINNT\system32\xreglib.dll |06/12/2002 18:37:06 C:\WINNT\system32\yv12vfw.dll |25/02/2007 13:35:08 Le volume dans le lecteur C s'appelle Vingt Doses Le numéro de série du volume est F06D-02CC Répertoire de C:\WINNT\system32 19/06/2003 12:05 5 392 csrss.exe 1 fichier(s) 5 392 octets 0 Rép(s) 5 411 008 512 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C s'appelle Vingt Doses Le numéro de série du volume est F06D-02CC Répertoire de C:\WINNT\Downloaded Program Files 20/03/2007 23:55 <DIR> . 20/03/2007 23:55 <DIR> .. 13/11/2006 20:48 946 296 asquared.ocx 07/12/2004 17:07 32 bdcore.dll 01/03/2005 15:08 118 784 bdupd.dll 25/02/2007 13:31 65 desktop.ini 01/03/2005 15:08 53 248 ipsupd.dll 08/08/2006 12:45 576 kavwebscan.inf 16/03/2005 12:34 7 407 lang.ini 07/12/2004 17:07 32 libfn.dll 14/03/2005 14:38 126 live.ini 01/03/2005 12:15 1 246 oscan8.inf 16/03/2005 12:31 475 136 oscan8.ocx 14/03/2005 14:58 7 073 scanoptions.tsi 26/05/2005 05:19 291 wuweb.inf 02/11/2005 19:01 1 777 xscan.inf 02/11/2005 19:07 435 712 xscan53.ocx 15 fichier(s) 2 047 801 octets Total des fichiers listés : 15 fichier(s) 2 047 801 octets 2 Rép(s) 5 410 942 976 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Le volume dans le lecteur C s'appelle Vingt Doses Le numéro de série du volume est F06D-02CC Répertoire de C:\Program Files 11/03/2007 20:17 <DIR> . 11/03/2007 20:17 <DIR> .. 24/01/2007 20:40 <DIR> Accessoires 11/02/2007 13:23 <DIR> AddOnsOO2 25/01/2007 13:32 <DIR> Adobe 25/02/2007 13:35 <DIR> AviSynth 2.5 24/02/2007 20:44 <DIR> Common Files 24/01/2007 20:41 <DIR> ComPlus Applications 28/01/2007 20:21 <DIR> directx 20/03/2007 23:42 <DIR> Fichiers communs 11/03/2007 20:17 <DIR> Google 02/02/2007 10:16 <DIR> Hewlett-Packard 25/02/2007 13:28 <DIR> Internet Explorer 11/02/2007 13:15 <DIR> Java 24/01/2007 20:40 <DIR> Lecteur Windows Media 02/02/2007 10:39 <DIR> Media Player Classic 24/01/2007 23:20 <DIR> microsoft frontpage 24/01/2007 23:34 <DIR> Microsoft Office 20/03/2007 23:34 <DIR> NetMeeting 11/02/2007 13:24 <DIR> OOoHG 11/02/2007 13:19 <DIR> OpenOffice.org 2.0 25/02/2007 13:31 <DIR> Outlook Express 14/03/2007 22:02 <DIR> Picasa2 23/02/2007 15:25 <DIR> Pinnacle 24/01/2007 21:22 <DIR> Softwin 23/02/2007 15:25 <DIR> VOB 23/02/2007 15:26 <DIR> Windows Media Player 24/01/2007 20:40 <DIR> Windows NT 21/02/2007 14:41 <DIR> WinPcap 26/02/2007 19:52 <DIR> Yahoo! 0 fichier(s) 0 octets 30 Rép(s) 5 411 078 144 octets libres Le volume dans le lecteur C s'appelle Vingt Doses Le numéro de série du volume est F06D-02CC Répertoire de C:\Program Files\fichiers communs 20/03/2007 23:42 <DIR> . 20/03/2007 23:42 <DIR> .. 25/01/2007 09:00 <DIR> Adobe 29/01/2007 20:12 <DIR> Ahead 07/03/2007 15:11 <DIR> InstallShield 11/02/2007 13:14 <DIR> Java 25/02/2007 13:31 <DIR> Microsoft Shared 02/02/2007 10:15 <DIR> MSSoap 24/01/2007 20:34 <DIR> ODBC 25/02/2007 13:31 <DIR> Services 24/01/2007 21:21 <DIR> Softwin 25/02/2007 13:31 <DIR> System 0 fichier(s) 0 octets 12 Rép(s) 5 411 078 144 octets libres Le volume dans le lecteur C s'appelle Vingt Doses Le numéro de série du volume est F06D-02CC Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 24/01/2007 23:53 <DIR> . 24/01/2007 23:53 <DIR> .. 04/11/1999 02:38 561 210 MSONSEXT.DLL 03/06/1999 21:09 122 937 MSOWS409.DLL 07/03/2001 16:00 127 033 MSOWS40c.DLL 3 fichier(s) 811 180 octets 2 Rép(s) 5 411 012 608 octets libres Le volume dans le lecteur C s'appelle Vingt Doses Le numéro de série du volume est F06D-02CC Répertoire de C:\Program Files\common files 24/02/2007 20:44 <DIR> . 24/02/2007 20:44 <DIR> .. 24/02/2007 20:53 <DIR> System 0 fichier(s) 0 octets 3 Rép(s) 5 411 074 048 octets libres Le volume dans le lecteur C s'appelle Vingt Doses Le numéro de série du volume est F06D-02CC Répertoire de C:\ 11/11/2001 00:00 68 096 diff.exe 27/08/2006 14:10 103 424 grep.exe 2 fichier(s) 171 520 octets 0 Rép(s) 5 411 074 048 octets libres c:\Documents and Settings\Administrateur\.housecall6.6\getMac.exe c:\Documents and Settings\Administrateur\.housecall6.6\patch.exe c:\Documents and Settings\Administrateur\.housecall6.6\tsc.exe c:\Documents and Settings\Administrateur\Bureau\a2AntiMalwareSetup.exe c:\Documents and Settings\Administrateur\Bureau\Antisasser-FR.exe c:\Documents and Settings\Administrateur\Bureau\ATF-Cleaner.exe c:\Documents and Settings\Administrateur\Bureau\avg-anti-spyware_avg_anti-spyware_francais_27645.exe c:\Documents and Settings\Administrateur\Bureau\BattleLANv04.exe c:\Documents and Settings\Administrateur\Bureau\BigFix1.6b.exe c:\Documents and Settings\Administrateur\Bureau\blbeta.exe c:\Documents and Settings\Administrateur\Bureau\clamwin-0.90.1-setup.exe c:\Documents and Settings\Administrateur\Bureau\ComboFix.exe c:\Documents and Settings\Administrateur\Bureau\HiJackThis_v2.exe c:\Documents and Settings\Administrateur\Bureau\mwav.exe c:\Documents and Settings\Administrateur\Bureau\sd4hide.exe c:\Documents and Settings\Administrateur\Bureau\spywarefighter.exe c:\Documents and Settings\Administrateur\Bureau\URLSnooper.exe c:\Documents and Settings\Administrateur\Bureau\Windows2000-KB828028-x86-FRA.EXE c:\Documents and Settings\Administrateur\Bureau\Windows2000-KB835732-x86-FRA(2).EXE c:\Documents and Settings\Administrateur\Bureau\Windows2000-KB835732-x86-FRA.EXE c:\Documents and Settings\Administrateur\Bureau\Arret_Demarrage\Arrêt programmé.exe c:\Documents and Settings\Administrateur\Bureau\clean\pskill.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\catchme.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\diff.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\dumphive.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\Fport.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\grep.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\LFiles.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\pslist.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\streams.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\swreg.exe c:\Documents and Settings\Administrateur\Bureau\RootkitRevealer\RootkitRevealer.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\Catchme.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\cliptext.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\download.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\LS.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\MD5File.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\MoveEx.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\RegDACL.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\RestartIt!.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\sc.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\SF.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\swreg.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\swsc.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\unzip.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\zip.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\Replace\W2K.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\Replace\XP.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups\attrib.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups\find.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups\findstr.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups\regedit.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old1\attrib.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old1\find.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old1\findstr.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old1\regedit.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old2\attrib.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old2\find.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old2\findstr.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old2\regedit.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old3\attrib.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old3\find.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old3\findstr.exe c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old3\regedit.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\dumphive.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\GenericRenosFix.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\Process.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\Reboot.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\restart.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\SmiUpdate.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\SrchSTS.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\swreg.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\swsc.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\swxcacls.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\unzip.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer50x\x86win2k\com_microsoft.Q318089_W2K_IE5_5218\vbs51nfr.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer50x\x86win2k\com_microsoft.Q330994_OEPatch31_IE55SP2\q330994.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer50x\x86win2k\com_microsoft.Q822925_IE501_SP4\q822925.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer55x\x86win2k\com_microsoft.Q330994_OEPatch31_IE55SP2\q330994.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer55x\x86win2k\com_microsoft.Q822925_IE_55SP2\q822925.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer6x\x86win2k\com_microsoft.813951_urlmon_5995\q813951.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer6x\x86win2k\com_microsoft.Q318089_W2K_XP_IE6_5226\vbs56nfr.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer6x\x86win2k\com_microsoft.Q330994_OEPatch_IE6SP1_32\q330994.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer6x\x86win2k\com_microsoft.Q822925_IE6_SP1\q822925.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.817787_WMZ_MSRC_1640_WMP71\WindowsMedia71-KB817787-x86-FRA.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.819696_nonDirectX_9_0B_CRITICAL\DirectX9-KB819696-x86-FRA.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.823559_W2K_SP5_WinSE_48630\Windows2000-KB823559-x86-FRA.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.823980_W2K_SP5_WinSE_48715_Critical\Windows2000-KB823980-x86-FRA.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.824105_W2K_SP5_WinSE_48089_Critical\Windows2000-KB824105-x86-FRA.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.824146_W2K_SP5_WinSE_49650\Windows2000-KB824146-x86-FRA.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.IIS_SecPatch_IIS5_5415\Q321599_W2K.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Jscript_ win2K_55_6001\js55nfr.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Jscript_ win2K_XP_56_6003\js56nfr.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Jscript_Win2K_51_5999\js51nfr.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q261255_SP1_4094\q261255.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q270676_SP2_CORP_4127\Q270676.EXE c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q274372_SP2_W2k_CORP_4280\Q274372.EXE c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q280838_SP2_W2k_4305\Q280838.EXE c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q296185_W2K_SP3_CORP_4594\q296185_W2K.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q299553_W2K_SP3_CORP_4674\Q299553.EXE c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q311967_W2K_SP3_5304\Q311967.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q312897_VS_NET_JA_5433\NDP10_SP_Q321897_Ja.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q313450_W2K_Cons_5256\Q313450SP3.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q313829_W2K_5282\Q313829.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q314147_W2K_5265\Q314147_W2K.exe c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q317244_XML40_5255\Q317244.exe c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.1.3.100\QuickTimeInstallerAdmin.exe Encore Merci!!

Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 11:42:25, on 28/03/2007 Platform: Windows 2000 SP4 (WinNT 5.00.2195) Boot mode: Safe mode Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\Documents and Settings\Administrateur\Bureau\RootkitRevealer\RootkitRevealer.exe C:\WINNT\explorer.exe D:\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrateur\Bureau\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [bDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe O4 - HKLM\..\Run: [bDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe O4 - HKLM\..\Run: [bDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe" O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [PSDrvCheck] C:\WINNT\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [a-squared] "D:\a-squared Anti-Malware\a2guard.exe" O4 - HKLM\..\Run: [Windows Logon Application] C:\WINNT\system32\winIogon.exe O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINNT\system32\duzdsjkw.exe O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINNT\system32\zxlruxjj.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] d:\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [Offices Monitorse] C:\WINNT\system32\algose32.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Startup: Raccourci vers alert.lnk = D:\PC Alert III\alert.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://bitdefender.bwm-mediasoft.com/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1169836031859 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O20 - AppInit_DLLs: ÚUsockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll O23 - Service: Avertissement (Alerter) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: Gestion d'applications (AppMgmt) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - d:\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: Explorateur d'ordinateur (Browser) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: Client DHCP (Dhcp) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINNT\System32\dmadmin.exe O23 - Service: Gestionnaire de disque logique (dmserver) - Unknown owner - C:\WINNT\System32\services.exe O23 - Service: Client DNS (Dnscache) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: Service de télécopie (Fax) - Unknown owner - C:\WINNT\system32\faxsvc.exe O23 - Service: JZDEPB - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JZDEPB.exe (file missing) O23 - Service: Serveur (lanmanserver) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: Station de travail (lanmanworkstation) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: Service d'application d'assistance TCP/IP NetBIOS (LmHosts) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINNT\system32\mnmsrvc.exe O23 - Service: MTZN - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MTZN.exe (file missing) O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINNT\system32\netdde.exe O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINNT\system32\netdde.exe O23 - Service: Ouverture de session réseau (Netlogon) - Unknown owner - C:\WINNT\system32\lsass.exe O23 - Service: NJV - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NJV.exe (file missing) O23 - Service: Fournisseur de la prise en charge de sécurité LM NT (NtLmSsp) - Unknown owner - C:\WINNT\system32\lsass.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: Agent de stratégie IPSEC (PolicyAgent) - Unknown owner - C:\WINNT\system32\lsass.exe O23 - Service: Emplacement protégé (ProtectedStorage) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: Gestionnaire de comptes de sécurité (SamSs) - Unknown owner - C:\WINNT\system32\lsass.exe O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINNT\System32\SCardSvr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINNT\System32\SCardSvr.exe O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINNT\system32\MSTask.exe O23 - Service: Service d'exécution par délégation (seclogon) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - d:\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Still Image Service (StiSvc) - Unknown owner - C:\WINNT\system32\stisvc.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINNT\system32\smlogsvc.exe O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINNT\system32\tlntsvr.exe O23 - Service: Client de suivi de lien distribué (TrkWks) - Unknown owner - C:\WINNT\system32\services.exe O23 - Service: Gestionnaire d'utilitaires (UtilMan) - Unknown owner - C:\WINNT\System32\UtilMan.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender8\vsserv.exe O23 - Service: Horloge Windows (W32Time) - Unknown owner - C:\WINNT\System32\services.exe O23 - Service: Windows NT-Session Manager - Unknown owner - C:\WINNT\smss.exe (file missing) O23 - Service: Infrastructure de gestion Windows (WinMgmt) - Unknown owner - C:\WINNT\System32\WBEM\WinMgmt.exe O23 - Service: Extensions du pilote WMI (Wmi) - Unknown owner - C:\WINNT\system32\Services.exe O23 - Service: WPQX - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WPQX.exe (file missing) O23 - Service: WWPSR - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WWPSR.exe (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 8241 bytes "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows 2000 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "SpybotSD TeaTimer" = "d:\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "NvCplDaemon" = "RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit" [MS] "BDMCon" = "C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" ["SOFTWIN S.R.L."] "BDOESRV" = "C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe" ["SOFTWIN SRL"] "BDNewsAgent" = ""C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"" [null data] "Synchronization Manager" = "mobsync.exe /logon" [MS] "PSDrvCheck" = "C:\WINNT\system32\PSDrvCheck.exe" [empty string] "!AVG Anti-Spyware" = ""D:\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."] "a-squared" = ""D:\a-squared Anti-Malware\a2guard.exe"" ["Emsi Software GmbH"] "Windows Logon Application" = "C:\WINNT\system32\winIogon.exe" [null data] "Advanced DHTML Enable" = "C:\WINNT\system32\duzdsjkw.exe" [null data] "Windows DLL Loader" = "C:\WINNT\system32\zxlruxjj.exe" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration" -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINNT\system32\hticons.dll" ["Hilgraeve, Inc."] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINNT\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINNT\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINNT\system32\nvshell.dll" ["NVIDIA Corporation"] "{D653647D-D607-4DF6-A5B8-48D2BA195F7B}" = "BitDefender Antivirus v8" -> {HKLM...CLSID} = "BitDefender Antivirus v8" \InProcServer32\(Default) = "C:\Program Files\Softwin\BitDefender8\bdshelxt.dll" ["SOFTWIN S.R.L."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\WinRAR\rarext.dll" [null data] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {HKLM...CLSID} = "AlcoholShellEx" \InProcServer32\(Default) = "d:\ALCOHO~1\axshlex.dll" ["Alcohol Soft Development Team"] "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail" -> {HKLM...CLSID} = "YMailShellExt Class" \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "d:\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <<!>> "AppInit_DLLs" = "ÚUsockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll" [file not found] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "d:\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."] BitDefender Antivirus v8\(Default) = "{D653647D-D607-4DF6-A5B8-48D2BA195F7B}" -> {HKLM...CLSID} = "BitDefender Antivirus v8" \InProcServer32\(Default) = "C:\Program Files\Softwin\BitDefender8\bdshelxt.dll" ["SOFTWIN S.R.L."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\WinRAR\rarext.dll" [null data] Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}" -> {HKLM...CLSID} = "YMailShellExt Class" \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "d:\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ BitDefender Antivirus v8\(Default) = "{D653647D-D607-4DF6-A5B8-48D2BA195F7B}" -> {HKLM...CLSID} = "BitDefender Antivirus v8" \InProcServer32\(Default) = "C:\Program Files\Softwin\BitDefender8\bdshelxt.dll" ["SOFTWIN S.R.L."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\WinRAR\rarext.dll" [null data] Default executables: -------------------- <<!>> HKLM\Software\Classes\htafile\shell\open\command\(Default) = "C:\WINDOWS\system32\mshta.exe "%1" %*" [file not found] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "DisableRegistryTools" = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System| Disable registry editing tools} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be enabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "D:\Mes documents\Mes images\SVI_0249.jpg" Startup items in "Administrateur" & "All Users" startup folders: ---------------------------------------------------------------- C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage "Raccourci vers alert" -> shortcut to: "D:\PC Alert III\alert.exe" ["MICRO-STAR INT'L CO., LTD."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\msafd.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {85D1F590-48F4-11D9-9669-0800200C9A66}\ "MenuText" = "Uninstall BitDefender Online Scanner v8" "Exec" = "%windir%\bdoscandel.exe" [null data] Miscellaneous IE Hijack Points ------------------------------ C:\WINNT\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/" Missing lines (compared with English-language version): [strings]: 1 line All Non-Disabled Services (Display Name, Service Name, Path {Service DLL}): --------------------------------------------------------------------------- AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "d:\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."] BitDefender Communicator, XCOMM, "C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe /service" ["Softwin"] BitDefender Scan Server, bdss, "C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe /service" [null data] BitDefender Virus Shield, VSSERV, "C:\Program Files\Softwin\BitDefender8\vsserv.exe /service" ["SOFTWIN S.R.L."] DSDM DDE réseau, NetDDEdsdm, "C:\WINNT\system32\netdde.exe" [MS] JZDEPB, JZDEPB, "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JZDEPB.exe" [file not found] MTZN, MTZN, "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MTZN.exe" [file not found] NJV, NJV, "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NJV.exe" [file not found] NVIDIA Display Driver Service, NVSvc, "C:\WINNT\system32\nvsvc32.exe" ["NVIDIA Corporation"] Service d'administration du Gestionnaire de disque logique, dmadmin, "C:\WINNT\System32\dmadmin.exe /com" ["VERITAS Software Corp."] StarWind iSCSI Service, StarWindService, "d:\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"] Système d'événements de COM+, EventSystem, "C:\WINNT\system32\svchost.exe -k netsvcs" {"C:\WINNT\system32\es.dll" [null data]} Windows NT-Session Manager, Windows NT-Session Manager, ""C:\WINNT\smss.exe"" [file not found] WPQX, WPQX, "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WPQX.exe" [file not found] WWPSR, WWPSR, "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WWPSR.exe" [file not found] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzlnt08\Driver = "hpzlnt08.dll" ["HP"] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 29 seconds, including 5 seconds for message boxes) SmitFraudFix v2.157 Rapport fait à 11:36:31,34, mer. 28/03/2007 Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.EXE C:\Documents and Settings\Administrateur\Bureau\RootkitRevealer\RootkitRevealer.exe C:\WINNT\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=hex(1),00,55,00,14,00,73,00,6f,00,63,00,6b,00,73,00,70,00,79,\ »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin

Bonjour Sous win 2000,j'ai depuis 2 3 semaines quelques bébettes dont je n'arrive pas à me débarasser. J'ai suivi un post qui date d'octobre de l'année derniere où qqun avait le même probleme que moi (generic sdbot, trojan proxy.ranky, backdoor sdbot) mais je me perds un peu dans les clés de registre infectées... Bitdefender 8.0.200 me bloque les virus, avg aussi mais impossible de m'en débarasser vraiment puisqu'ils reviennent à chaque démarrage. Plus de temps à autre le shutdown d'autorité\system\services.exe (shutdown /A n'y change rien...) Je vais laisser dans qques posts successifs les log que j'ai. Merci aux gens.