Nicola.S

Membres

Afficher le profil Afficher son activité

Compteur de contenus
24
Inscription
le 12 février 2008
Dernière visite
le 21 février 2008

Type de contenu

Toute l’activité

Profils

Forums

Blogs

Tout ce qui a été posté par Nicola.S

[résolu][resolu] StorageProtector + Virtumonde

Nicola.S a répondu à un(e) sujet de Nicola.S dans Analyses et éradication malwares

Yep, je pense que la désinfection est bien effectuée (plus rien à signaler à part la croix) Sinon, j'ai aussi effectué les conseils de Zonk, merci Merci à vous de m'avoir aidé à désinfecter ce fichu pc, j'ai bien cru que reformater était la seule solution. Merci encore
- le 15 février 2008
- 48 réponses
[résolu][resolu] StorageProtector + Virtumonde

Nicola.S a répondu à un(e) sujet de Nicola.S dans Analyses et éradication malwares

Voila, j'ai branché la clé et j'ai effectué la manipulation (bon après je sais pas si ça a marché ) Par contre j'ai toujours la croix rouge (si ça a un rapport)
- le 15 février 2008
- 48 réponses
[résolu][resolu] StorageProtector + Virtumonde

Nicola.S a répondu à un(e) sujet de Nicola.S dans Analyses et éradication malwares

Je ne comprends pas à quoi correspond ce support ? Que dois-je brancher ?
- le 15 février 2008
- 48 réponses
[résolu][resolu] StorageProtector + Virtumonde

Nicola.S a répondu à un(e) sujet de Nicola.S dans Analyses et éradication malwares

Il ne semble plus y avoir de problèmes. Juste une chose étrange, le disque dur apparait toujours avec une croix rouge. Sinon, je suis conscient des risques de P2p, aussi j'essaie de minimiser les risques en ne téléchargeant pas n'importe quoi. Mais merci du conseil
- le 15 février 2008
- 48 réponses
[résolu][resolu] StorageProtector + Virtumonde

Nicola.S a répondu à un(e) sujet de Nicola.S dans Analyses et éradication malwares

Bonjour, bonjour, Voila les 2 rapports demandés __________________________________________________ ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: TrackingCookie.2o7 Path: :mozilla.39:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\got3iug5.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.40:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\got3iug5.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.41:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\got3iug5.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.42:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\got3iug5.default\cookies.txt Risk: Medium Name: TrackingCookie.Estat Path: :mozilla.135:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\got3iug5.default\cookies.txt Risk: Medium Name: TrackingCookie.Gemius Path: :mozilla.169:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\got3iug5.default\cookies.txt Risk: Medium Name: TrackingCookie.Gemius Path: :mozilla.171:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\got3iug5.default\cookies.txt Risk: Medium Name: TrackingCookie.Yadro Path: :mozilla.237:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\got3iug5.default\cookies.txt Risk: Medium Name: Not-A-Virus.Hacktool.EvID Path: C:\Program Files\eChanblard\config\last.zip/EvID4226Patch.exe Risk: Low Name: Not-A-Virus.Hacktool.EvID Path: C:\Program Files\eChanblard\EvID4226Patch.exe Risk: Low ComboFix 08-02-13.2 - Nicolas 2008-02-15 18:13:05.11 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1507 [GMT 1:00] Endroit: C:\Documents and Settings\Nicolas\Bureau\ComboFix(2).exe Command switches used :: C:\Documents and Settings\Nicolas\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\WINDOWS\system32\awtsp.exe C:\WINDOWS\system32\awvtqrs.dll C:\WINDOWS\system32\awvtrrs.dll C:\WINDOWS\system32\awvtu.exe C:\WINDOWS\system32\ddayxwt.dll C:\WINDOWS\system32\ddccb.exe C:\WINDOWS\system32\ddccy.exe C:\WINDOWS\system32\ddccywv.dll C:\WINDOWS\system32\gebcccy.dll C:\WINDOWS\system32\gebcy.exe C:\WINDOWS\system32\gebyaby.dll C:\WINDOWS\system32\gebyvvv.dll C:\WINDOWS\system32\gebyw.exe C:\WINDOWS\system32\geebyyy.dll C:\WINDOWS\system32\jkhfc.exe C:\WINDOWS\system32\jkhhe.exe C:\WINDOWS\system32\jkhhf.exe C:\WINDOWS\system32\jkhhh.exe C:\WINDOWS\system32\jkhhhhe.dll c:\windows\system32\jkkjg.exe C:\WINDOWS\system32\jkkjhgh.dll C:\WINDOWS\system32\jkkjjge.dll C:\WINDOWS\system32\jkklljk.dll C:\WINDOWS\system32\mljgfde.dll C:\WINDOWS\system32\mljiiih.dll C:\WINDOWS\system32\mljji.exe C:\WINDOWS\system32\mljjk.exe C:\WINDOWS\system32\mllji.exe C:\WINDOWS\system32\nelrtibi.dll C:\WINDOWS\system32\pmkhf.exe C:\WINDOWS\system32\pmkhfdd.dll C:\WINDOWS\system32\pmkhfde.dll C:\WINDOWS\system32\pmnlj.exe C:\WINDOWS\system32\pmnljgh.dll C:\WINDOWS\system32\qomljkj.dll C:\WINDOWS\system32\qtutv.ini C:\WINDOWS\system32\qtutv.ini2 C:\WINDOWS\system32\ssqro.exe C:\WINDOWS\system32\ssqrsrq.dll C:\WINDOWS\system32\sstqpmm.dll C:\WINDOWS\system32\sstqr.exe c:\windows\system32\sstts.exe C:\WINDOWS\system32\sstttqr.dll C:\WINDOWS\system32\ssttu.dll C:\WINDOWS\system32\ubiqbxiu.ini C:\WINDOWS\system32\uixbqibu.dll C:\WINDOWS\system32\uttss.ini C:\WINDOWS\system32\uttss.ini2 C:\WINDOWS\system32\vdqsqhdw.ini C:\WINDOWS\system32\vtsqq.exe C:\WINDOWS\system32\vtsqrop.dll C:\WINDOWS\system32\vtststs.dll C:\WINDOWS\system32\windows C:\WINDOWS\system32\WinSpooler.exe C:\WINDOWS\system32\WinUpdating.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\poof -------\poof ((((((((((((((((((((((((((((( Fichiers créés 2008-01-15 to 2008-02-15 )))))))))))))))))))))))))))))))))))) . 2008-02-14 19:13 . 2008-02-14 19:13 <REP> d-------- C:\Program Files\Avira 2008-02-14 19:13 . 2008-02-14 19:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-02-14 19:13 . 2008-02-14 19:19 61,632 --a------ C:\WINDOWS\system32\drivers\avipbb.sys 2008-02-14 19:13 . 2007-08-09 13:04 40,768 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys 2008-02-14 19:13 . 2007-03-01 10:34 28,352 --a------ C:\WINDOWS\system32\drivers\ssmdrv.sys 2008-02-14 19:13 . 2007-07-18 14:22 21,312 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys 2008-02-14 14:27 . 2008-02-14 16:21 60,416 --a------ C:\WINDOWS\system32\drivers\ComboFix.sys 2008-02-14 14:18 . 2007-12-14 01:59 139,264 --a------ C:\WINDOWS\system32\javaws.exe 2008-02-14 14:18 . 2007-12-14 00:57 135,168 --a------ C:\WINDOWS\system32\javaw.exe 2008-02-14 14:18 . 2007-12-14 00:57 135,168 --a------ C:\WINDOWS\system32\java.exe 2008-02-13 12:07 . 2008-02-13 12:08 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-02-12 19:07 . 2000-08-31 08:00 212,480 --a------ C:\WINDOWS\system32\swxcacls.exe 2008-02-12 19:07 . 2000-08-31 08:00 161,792 --a------ C:\WINDOWS\system32\swreg.exe 2008-02-12 19:07 . 2000-08-31 08:00 136,704 --a------ C:\WINDOWS\system32\swsc.exe 2008-02-12 16:43 . 2008-02-12 16:43 <REP> d-------- C:\Program Files\Trend Micro 2008-02-11 23:48 . 2004-08-20 00:09 400,896 --a------ C:\WINDOWS\system32\kmd.exe 2008-02-11 23:07 . 2008-02-11 23:07 3,964 --a------ C:\WINDOWS\system32\tmp.reg 2008-02-11 22:40 . 2008-02-11 22:40 128 --a------ C:\Documents 2008-02-11 20:13 . 2008-02-11 21:14 <REP> d-------- C:\WINDOWS\BDOSCAN8 2008-02-11 19:23 . 2008-02-14 19:43 <REP> d-------- C:\VundoFix Backups 2008-02-11 17:52 . 2008-02-15 18:12 <REP> d-------- C:\QooBox 2008-02-11 17:52 . 2000-08-31 08:00 98,816 --a------ C:\WINDOWS\system32\sed.exe 2008-02-11 17:52 . 2000-08-31 08:00 80,412 --a------ C:\WINDOWS\system32\grep.exe 2008-02-11 17:52 . 2000-08-31 08:00 73,728 --a------ C:\WINDOWS\system32\fdsv.exe 2008-02-11 17:52 . 2000-08-31 08:00 68,096 --a------ C:\WINDOWS\system32\zip.exe 2008-02-11 17:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe 2008-02-11 17:52 . 2000-08-31 08:00 49,152 --a------ C:\WINDOWS\system32\VFind.exe 2008-02-11 17:00 . 2008-02-11 17:00 <REP> d-------- C:\Program Files\Grisoft 2008-02-11 17:00 . 2008-02-11 17:00 <REP> d-------- C:\Documents and Settings\Nicolas\Application Data\Grisoft 2008-02-11 17:00 . 2008-02-11 17:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-11 17:00 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-02-11 13:44 . 2008-02-11 13:44 294 ---hs---- C:\WINDOWS\system32\bmhvcfoh.ini 2008-02-11 11:48 . 2008-02-11 13:44 354 ---hs---- C:\WINDOWS\system32\bpsnfgrb.ini 2008-02-10 14:48 . 2007-02-11 11:40 354 ---hs---- C:\WINDOWS\system32\ppmmvcbn.ini 2008-02-10 14:05 . 2008-02-12 16:41 650 --a------ C:\WINDOWS\wininit.ini 2008-02-06 11:12 . 2008-02-14 15:29 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-06 11:12 . 2008-02-10 13:45 37,888 --a------ C:\WINDOWS\system32\rar.exe 2008-02-02 19:01 . 2008-02-03 18:22 <REP> d-------- C:\Documents and Settings\PASCAL\Application Data\OpenOffice.org2 2008-01-27 18:14 . 2008-01-27 18:14 <REP> d-------- C:\Documents and Settings\PASCAL\Application Data\MSN6 2008-01-27 18:14 . 2008-01-27 18:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MSN6 2008-01-23 12:53 . 2008-01-23 12:53 <REP> d-------- C:\Program Files\Lavasoft 2008-01-23 12:53 . 2008-01-23 12:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-15 16:15 --------- d-----w C:\Program Files\Mozilla Firefox 2008-02-15 16:13 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\OpenOffice.org2 2008-02-15 16:11 2,145,386,496 --sha-w C:\pagefile.sys 2008-02-14 14:25 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-14 14:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-14 13:21 --------- d-----w C:\Program Files\Java 2008-02-14 11:52 --------- d-----w C:\Program Files\eChanblard 2008-02-13 17:09 4,364 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err 2008-02-13 11:08 --------- d-----w C:\Program Files\Internet Explorer 2008-02-11 17:54 --------- d-----w C:\Program Files\Fichiers communs 2008-02-09 22:15 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\teamspeak2 2008-02-09 17:55 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-02-09 17:55 --------- d-----w C:\Program Files\Adobe 2008-02-04 23:09 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe 2008-01-11 15:42 --------- d-----w C:\Program Files\Google 2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll 2008-01-09 15:13 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Sites 2008-01-09 15:13 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Classes de site 2008-01-08 17:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-01-08 14:37 --------- d-----w C:\Program Files\Windows Live 2008-01-08 14:37 --------- d-----w C:\Program Files\MSN Messenger 2008-01-08 14:37 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-01-08 12:50 --------- d-----w C:\Program Files\WorkoutLogger 2008-01-08 12:35 --------- d-----w C:\Program Files\nutri 2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll 2007-12-19 21:38 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys 2007-12-15 19:15 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Dynamique 2007-12-15 19:14 --------- d-----w C:\Program Files\Visicom Media 2007-12-15 19:14 --------- d-----w C:\Program Files\FileZilla Client 2007-12-15 19:14 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\FileZilla 2007-12-08 05:08 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll 2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-07 02:08 671,232 ----a-w C:\WINDOWS\system32\mstime.dll 2007-12-07 02:08 63,488 ----a-w C:\WINDOWS\system32\icardie.dll 2007-12-07 02:08 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll 2007-12-07 02:08 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll 2007-12-07 02:08 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll 2007-12-07 02:08 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll 2007-12-07 02:08 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll 2007-12-07 02:08 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll 2007-12-07 02:08 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll 2007-12-07 02:08 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll 2007-12-07 02:08 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll 2007-12-07 02:08 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll 2007-12-07 02:08 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll 2007-12-07 02:08 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll 2007-12-07 02:08 193,024 ----a-w C:\WINDOWS\system32\msrating.dll 2007-12-07 02:08 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll 2007-12-07 02:08 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll 2007-12-07 02:08 124,928 ----a-w C:\WINDOWS\system32\advpack.dll 2007-12-07 02:08 105,984 ----a-w C:\WINDOWS\system32\url.dll 2007-12-07 02:08 102,912 ----a-w C:\WINDOWS\system32\occache.dll 2007-12-07 02:08 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll 2007-12-06 11:02 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe 2007-12-06 11:00 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe 2007-12-06 04:59 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll 2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2006-06-23 06:48 32,768 -c--a-r C:\WINDOWS\inf\UpdateUSB.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 08:27 153136] "Steam"="C:\Program Files\Valve\Steam\\Steam.exe" [2007-12-01 14:32 1266936] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360] C:\Documents and Settings\PASCAL\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216] C:\Documents and Settings\Nicolas\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 15:51 192512] R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 09:21] R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 09:21] R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 07:36] S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 09:21] S3 BS_DEF;BS_DEF;C:\Program Files\ASUS\ASUSUpdate\BS_DEF.sys [] S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2005-06-13 04:57] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-15 18:16:06 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** .
- le 15 février 2008
- 48 réponses
[résolu][resolu] StorageProtector + Virtumonde

Nicola.S a répondu à un(e) sujet de Nicola.S dans Analyses et éradication malwares

Bon je viens de faire le test ComboFix. C'est bizarre, il dit lui même avoir crée un Combofix.txt dans C: mais pourtant il n'y a rien. J'avoue ne pas comprendre. Peut être supprimer les deux dossiers Combofix et Combofix (2) (oui car à un moment, je pouvais plus rien supprimer, du coup j'avais gardé deux versions de combofix) dans C: pour remettre tout à 0 ? je sais pas trop. Screen: Voila le nouveau rapport obtenu situé dans C:/Combofix(2)/Combofix.txt ComboFix 08-02-13.2 - Nicolas 2008-02-14 20:19:56.10 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1514 [GMT 1:00] Endroit: C:\Documents and Settings\Nicolas\Bureau\ComboFix(2).exe Command switches used :: C:\Documents and Settings\Nicolas\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE C:\WINDOWS\system32\awtsp.exe C:\WINDOWS\system32\awvtqrs.dll C:\WINDOWS\system32\awvtrrs.dll C:\WINDOWS\system32\awvtu.exe C:\WINDOWS\system32\ddayxwt.dll C:\WINDOWS\system32\ddccb.exe C:\WINDOWS\system32\ddccy.exe C:\WINDOWS\system32\ddccywv.dll C:\WINDOWS\system32\gebcccy.dll C:\WINDOWS\system32\gebcy.exe C:\WINDOWS\system32\gebyaby.dll C:\WINDOWS\system32\gebyvvv.dll C:\WINDOWS\system32\gebyw.exe C:\WINDOWS\system32\geebyyy.dll C:\WINDOWS\system32\jkhfc.exe C:\WINDOWS\system32\jkhhe.exe C:\WINDOWS\system32\jkhhf.exe C:\WINDOWS\system32\jkhhh.exe C:\WINDOWS\system32\jkhhhhe.dll C:\WINDOWS\system32\jkkjg.exe C:\WINDOWS\system32\jkkjhgh.dll C:\WINDOWS\system32\jkkjjge.dll C:\WINDOWS\system32\jkklljk.dll C:\WINDOWS\system32\mljgfde.dll C:\WINDOWS\system32\mljji.exe C:\WINDOWS\system32\mljjk.exe C:\WINDOWS\system32\mllji.exe C:\WINDOWS\system32\pmkhf.exe C:\WINDOWS\system32\pmkhfdd.dll C:\WINDOWS\system32\pmkhfde.dll C:\WINDOWS\system32\pmnlj.exe C:\WINDOWS\system32\pmnljgh.dll C:\WINDOWS\system32\ssqro.exe C:\WINDOWS\system32\ssqrsrq.dll C:\WINDOWS\system32\sstqpmm.dll C:\WINDOWS\system32\sstqr.exe C:\WINDOWS\system32\sstts.exe C:\WINDOWS\system32\sstttqr.dll C:\WINDOWS\system32\vtsqq.exe C:\WINDOWS\system32\vtsqrop.dll C:\WINDOWS\system32\vtststs.dll C:\WINDOWS\system32\WinSpooler.exe C:\WINDOWS\system32\WinUpdating.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\WINDOWS\system32\awtsp.exe C:\WINDOWS\system32\awvtqrs.dll C:\WINDOWS\system32\awvtrrs.dll C:\WINDOWS\system32\awvtu.exe C:\WINDOWS\system32\ddayxwt.dll C:\WINDOWS\system32\ddccb.exe C:\WINDOWS\system32\ddccy.exe C:\WINDOWS\system32\ddccywv.dll C:\WINDOWS\system32\gebcccy.dll C:\WINDOWS\system32\gebcy.exe C:\WINDOWS\system32\gebyaby.dll C:\WINDOWS\system32\gebyvvv.dll C:\WINDOWS\system32\gebyw.exe C:\WINDOWS\system32\geebyyy.dll C:\WINDOWS\system32\jkhfc.exe C:\WINDOWS\system32\jkhhe.exe C:\WINDOWS\system32\jkhhf.exe C:\WINDOWS\system32\jkhhh.exe C:\WINDOWS\system32\jkhhhhe.dll c:\windows\system32\jkkjg.exe C:\WINDOWS\system32\jkkjhgh.dll C:\WINDOWS\system32\jkkjjge.dll C:\WINDOWS\system32\jkklljk.dll C:\WINDOWS\system32\mljgfde.dll C:\WINDOWS\system32\mljiiih.dll C:\WINDOWS\system32\mljji.exe C:\WINDOWS\system32\mljjk.exe C:\WINDOWS\system32\mllji.exe C:\WINDOWS\system32\nelrtibi.dll C:\WINDOWS\system32\pmkhf.exe C:\WINDOWS\system32\pmkhfdd.dll C:\WINDOWS\system32\pmkhfde.dll C:\WINDOWS\system32\pmnlj.exe C:\WINDOWS\system32\pmnljgh.dll C:\WINDOWS\system32\qomljkj.dll C:\WINDOWS\system32\qtutv.ini C:\WINDOWS\system32\qtutv.ini2 C:\WINDOWS\system32\ssqro.exe C:\WINDOWS\system32\ssqrsrq.dll C:\WINDOWS\system32\sstqpmm.dll C:\WINDOWS\system32\sstqr.exe c:\windows\system32\sstts.exe C:\WINDOWS\system32\sstttqr.dll C:\WINDOWS\system32\ssttu.dll C:\WINDOWS\system32\ubiqbxiu.ini C:\WINDOWS\system32\uixbqibu.dll C:\WINDOWS\system32\uttss.ini C:\WINDOWS\system32\uttss.ini2 C:\WINDOWS\system32\vdqsqhdw.ini C:\WINDOWS\system32\vtsqq.exe C:\WINDOWS\system32\vtsqrop.dll C:\WINDOWS\system32\vtststs.dll C:\WINDOWS\system32\windows C:\WINDOWS\system32\WinSpooler.exe C:\WINDOWS\system32\WinUpdating.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\poof -------\poof ((((((((((((((((((((((((((((( Fichiers créés 2008-01-14 to 2008-02-14 )))))))))))))))))))))))))))))))))))) . 2008-02-14 19:13 . 2008-02-14 19:13 <REP> d-------- C:\Program Files\Avira 2008-02-14 19:13 . 2008-02-14 19:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-02-14 19:13 . 2008-02-14 19:19 61,632 --a------ C:\WINDOWS\system32\drivers\avipbb.sys 2008-02-14 19:13 . 2007-08-09 13:04 40,768 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys 2008-02-14 19:13 . 2007-03-01 10:34 28,352 --a------ C:\WINDOWS\system32\drivers\ssmdrv.sys 2008-02-14 19:13 . 2007-07-18 14:22 21,312 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys 2008-02-14 14:27 . 2008-02-14 16:21 60,416 --a------ C:\WINDOWS\system32\drivers\ComboFix.sys 2008-02-14 14:18 . 2007-12-14 01:59 139,264 --a------ C:\WINDOWS\system32\javaws.exe 2008-02-14 14:18 . 2007-12-14 00:57 135,168 --a------ C:\WINDOWS\system32\javaw.exe 2008-02-14 14:18 . 2007-12-14 00:57 135,168 --a------ C:\WINDOWS\system32\java.exe 2008-02-13 12:07 . 2008-02-13 12:08 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-02-12 19:07 . 2000-08-31 08:00 212,480 --a------ C:\WINDOWS\system32\swxcacls.exe 2008-02-12 19:07 . 2000-08-31 08:00 161,792 --a------ C:\WINDOWS\system32\swreg.exe 2008-02-12 19:07 . 2000-08-31 08:00 136,704 --a------ C:\WINDOWS\system32\swsc.exe 2008-02-12 16:43 . 2008-02-12 16:43 <REP> d-------- C:\Program Files\Trend Micro 2008-02-11 23:48 . 2004-08-20 00:09 400,896 --a------ C:\WINDOWS\system32\kmd.exe 2008-02-11 23:07 . 2008-02-11 23:07 3,964 --a------ C:\WINDOWS\system32\tmp.reg 2008-02-11 22:40 . 2008-02-11 22:40 128 --a------ C:\Documents 2008-02-11 20:13 . 2008-02-11 21:14 <REP> d-------- C:\WINDOWS\BDOSCAN8 2008-02-11 19:23 . 2008-02-14 19:43 <REP> d-------- C:\VundoFix Backups 2008-02-11 17:52 . 2008-02-14 20:19 <REP> d-------- C:\QooBox 2008-02-11 17:52 . 2000-08-31 08:00 98,816 --a------ C:\WINDOWS\system32\sed.exe 2008-02-11 17:52 . 2000-08-31 08:00 80,412 --a------ C:\WINDOWS\system32\grep.exe 2008-02-11 17:52 . 2000-08-31 08:00 73,728 --a------ C:\WINDOWS\system32\fdsv.exe 2008-02-11 17:52 . 2000-08-31 08:00 68,096 --a------ C:\WINDOWS\system32\zip.exe 2008-02-11 17:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe 2008-02-11 17:52 . 2000-08-31 08:00 49,152 --a------ C:\WINDOWS\system32\VFind.exe 2008-02-11 17:00 . 2008-02-11 17:00 <REP> d-------- C:\Program Files\Grisoft 2008-02-11 17:00 . 2008-02-11 17:00 <REP> d-------- C:\Documents and Settings\Nicolas\Application Data\Grisoft 2008-02-11 17:00 . 2008-02-11 17:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-11 17:00 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-02-11 13:44 . 2008-02-11 13:44 294 ---hs---- C:\WINDOWS\system32\bmhvcfoh.ini 2008-02-11 11:48 . 2008-02-11 13:44 354 ---hs---- C:\WINDOWS\system32\bpsnfgrb.ini 2008-02-10 14:48 . 2007-02-11 11:40 354 ---hs---- C:\WINDOWS\system32\ppmmvcbn.ini 2008-02-10 14:05 . 2008-02-12 16:41 650 --a------ C:\WINDOWS\wininit.ini 2008-02-06 11:12 . 2008-02-14 15:29 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-06 11:12 . 2008-02-10 13:45 37,888 --a------ C:\WINDOWS\system32\rar.exe 2008-02-02 19:01 . 2008-02-03 18:22 <REP> d-------- C:\Documents and Settings\PASCAL\Application Data\OpenOffice.org2 2008-01-27 18:14 . 2008-01-27 18:14 <REP> d-------- C:\Documents and Settings\PASCAL\Application Data\MSN6 2008-01-27 18:14 . 2008-01-27 18:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MSN6 2008-01-23 12:53 . 2008-01-23 12:53 <REP> d-------- C:\Program Files\Lavasoft 2008-01-23 12:53 . 2008-01-23 12:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-14 18:10 --------- d-----w C:\Program Files\Mozilla Firefox 2008-02-14 18:08 2,145,386,496 --sha-w C:\pagefile.sys 2008-02-14 18:08 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\OpenOffice.org2 2008-02-14 14:25 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-14 14:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-14 13:21 --------- d-----w C:\Program Files\Java 2008-02-14 11:52 --------- d-----w C:\Program Files\eChanblard 2008-02-13 17:09 4,364 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err 2008-02-13 11:08 --------- d-----w C:\Program Files\Internet Explorer 2008-02-11 17:54 --------- d-----w C:\Program Files\Fichiers communs 2008-02-09 22:15 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\teamspeak2 2008-02-09 17:55 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-02-09 17:55 --------- d-----w C:\Program Files\Adobe 2008-02-04 23:09 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe 2008-01-11 15:42 --------- d-----w C:\Program Files\Google 2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll 2008-01-09 15:13 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Sites 2008-01-09 15:13 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Classes de site 2008-01-08 17:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-01-08 14:37 --------- d-----w C:\Program Files\Windows Live 2008-01-08 14:37 --------- d-----w C:\Program Files\MSN Messenger 2008-01-08 14:37 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-01-08 12:50 --------- d-----w C:\Program Files\WorkoutLogger 2008-01-08 12:35 --------- d-----w C:\Program Files\nutri 2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll 2007-12-19 21:38 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys 2007-12-15 19:15 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Dynamique 2007-12-15 19:14 --------- d-----w C:\Program Files\Visicom Media 2007-12-15 19:14 --------- d-----w C:\Program Files\FileZilla Client 2007-12-15 19:14 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\FileZilla 2007-12-14 20:51 --------- d-----w C:\Program Files\RealMedia 2007-12-14 20:51 --------- d-----w C:\Program Files\OpenSource Flash Video Splitter 2007-12-14 20:51 --------- d-----w C:\Program Files\DScaler5 2007-12-14 20:51 --------- d-----w C:\Program Files\CD Audio Reader Filter 2007-12-14 20:50 --------- d-----w C:\Program Files\Haali 2007-12-14 20:50 --------- d-----w C:\Program Files\DirectVobSub 2007-12-08 05:08 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll 2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-07 02:08 671,232 ----a-w C:\WINDOWS\system32\mstime.dll 2007-12-07 02:08 63,488 ----a-w C:\WINDOWS\system32\icardie.dll 2007-12-07 02:08 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll 2007-12-07 02:08 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll 2007-12-07 02:08 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll 2007-12-07 02:08 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll 2007-12-07 02:08 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll 2007-12-07 02:08 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll 2007-12-07 02:08 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll 2007-12-07 02:08 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll 2007-12-07 02:08 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll 2007-12-07 02:08 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll 2007-12-07 02:08 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll 2007-12-07 02:08 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll 2007-12-07 02:08 193,024 ----a-w C:\WINDOWS\system32\msrating.dll 2007-12-07 02:08 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll 2007-12-07 02:08 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll 2007-12-07 02:08 124,928 ----a-w C:\WINDOWS\system32\advpack.dll 2007-12-07 02:08 105,984 ----a-w C:\WINDOWS\system32\url.dll 2007-12-07 02:08 102,912 ----a-w C:\WINDOWS\system32\occache.dll 2007-12-07 02:08 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll 2007-12-06 11:02 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe 2007-12-06 11:00 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe 2007-12-06 04:59 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll 2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2006-06-23 06:48 32,768 -c--a-r C:\WINDOWS\inf\UpdateUSB.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 08:27 153136] "Steam"="C:\Program Files\Valve\Steam\\Steam.exe" [2007-12-01 14:32 1266936] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360] C:\Documents and Settings\PASCAL\Menu Dâ€šmarrer\Programmes\Dâ€šmarrage\ OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216] C:\Documents and Settings\Nicolas\Menu Dâ€šmarrer\Programmes\Dâ€šmarrage\ OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 15:51 192512] "{25BE2418-6C95-418F-BE03-0D9B9354A167}"= C:\WINDOWS\system32\mljiiih.dll [ ] R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 09:21] R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 09:21] R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 07:36] S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 09:21] S3 BS_DEF;BS_DEF;C:\Program Files\ASUS\ASUSUpdate\BS_DEF.sys [] S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2005-06-13 04:57] *Newly Created Service* - ANTIVIRSCHEDULER *Newly Created Service* - ANTIVIRSERVICE *Newly Created Service* - AVGIO *Newly Created Service* - AVGNTFLT *Newly Created Service* - AVIPBB . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-14 20:22:52 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** .
- le 14 février 2008
- 48 réponses
[résolu][resolu] StorageProtector + Virtumonde

Nicola.S a répondu à un(e) sujet de Nicola.S dans Analyses et éradication malwares

J'aime bien Antivir, pendant l'analyse, il effectue un bip lorsqu'il trouve un trojan/virus. Je me suis cru dans la bataille finale de la Guerre des Etoiles tellement ça sonnait. Voila le Rapport d'antivir (celui de Combofix arrive dans un instant, le temps de le lancer) AntiVir PersonalEdition Classic Report file date: 2008-02-14 19:21 Scanning for 1109165 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: SYSTEM Computer name: DOCHE-0PKOS71KZ Version information: BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15 ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 18:19:50 ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 2008-02-08 18:19:50 ANTIVIR3.VDF : 7.0.2.139 181760 Bytes 2008-02-14 18:19:50 AVEWIN32.DLL : 7.6.0.65 3240448 Bytes 2008-02-14 18:19:50 AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-02-14 18:19:50 AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: F:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: 2008-02-14 19:21 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'soffice.bin' - '1' Module(s) have been scanned Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned Scan process 'soffice.exe' - '1' Module(s) have been scanned Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'guard.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 33 processes with 33 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'F:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '21' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\upload_moi_DOCHE-0PKOS71KZ.tar.gz [0] Archive type: GZ --> upload_moi.tar [1] Archive type: TAR (tape archiver) --> qoobox/Quarantine/C/WINDOWS/system32/cbxvvvw.dll.vir [DETECTION] Is the Trojan horse TR/Trash.Gen --> qoobox/Quarantine/C/WINDOWS/system32/ddabx.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen --> qoobox/Quarantine/C/WINDOWS/system32/jkkjg.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen --> qoobox/Quarantine/C/WINDOWS/system32/malcmicb.dll.vir [DETECTION] Is the Trojan horse TR/Trash.Gen --> qoobox/Quarantine/C/WINDOWS/system32/mljjg.dll.vir [DETECTION] Is the Trojan horse TR/Trash.Gen --> qoobox/Quarantine/C/WINDOWS/system32/sstts.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen --> qoobox/Quarantine/C/WINDOWS/system32/windows.vir [DETECTION] Is the Trojan horse TR/Zapchast.DT.1 --> WINDOWS/System32/WinSpooler.exe [DETECTION] Is the Trojan horse TR/Drop.Agent.cbo --> WINDOWS/System32/WinUpdating.exe [DETECTION] Is the Trojan horse TR/Agent.fgk.1 --> WINDOWS/System32/gebyw.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen --> WINDOWS/System32/ddccb.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen --> WINDOWS/System32/jkhhh.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen --> WINDOWS/System32/ddccy.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen --> WINDOWS/System32/mljgfde.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen --> WINDOWS/System32/sstttqr.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen --> WINDOWS/System32/gebcccy.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen --> WINDOWS/System32/jkkjjge.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen --> WINDOWS/System32/pmkhfdd.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen --> WINDOWS/System32/awvtqrs.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was moved to '48208746.qua'! C:\Documents and Settings\Nicolas\Bureau\SmitfraudFix.exe [DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.36 [iNFO] The file was moved to '481d8785.qua'! C:\Documents and Settings\Nicolas\Local Settings\Temp\runme.exe [DETECTION] Is the Trojan horse TR/Drop.Agent.cbo [iNFO] The file was moved to '482287ac.qua'! C:\Documents and Settings\Nicolas\Local Settings\Temp\TEMP01.rar [0] Archive type: CAB (Microsoft) --> runme.exe [DETECTION] Is the Trojan horse TR/Drop.Agent.cbo [iNFO] The file was moved to '48018788.qua'! C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\KO0NIYOT\tr[1] [DETECTION] Is the Trojan horse TR/Vundo.DWB [iNFO] The file was deleted! C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\TQ26IOJT\css4[1] [DETECTION] Is the Trojan horse TR/Vundo.gc [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\awtsp.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\awvtqrs.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\awvtrrs.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\awvtu.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\cbxvvvw.dll.vir [DETECTION] Is the Trojan horse TR/Trash.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\ddabx.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\ddayxwt.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\ddccb.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\ddccy.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\ddccywv.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\gebcccy.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\gebcy.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\gebyaby.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\gebyvvv.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\gebyw.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\geebyyy.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\jkhfc.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\jkhhe.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\jkhhf.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\jkhhh.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\jkhhhhe.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\jkkjg.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\jkkjhgh.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\jkkjjge.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\jkklljk.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\malcmicb.dll.vir [DETECTION] Is the Trojan horse TR/Trash.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\mljgfde.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\mljjg.dll.vir [DETECTION] Is the Trojan horse TR/Trash.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\mljji.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\mljjk.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\mllji.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\nelrtibi.dll.vir [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\pmkhf.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\pmkhfdd.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\pmkhfde.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\pmnlj.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\pmnljgh.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\ssqro.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\ssqrsrq.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\sstqpmm.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\sstqr.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\sstts.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\sstttqr.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\uixbqibu.dll.vir [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\vtsqq.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\vtsqrop.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\vtststs.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\windows.vir [DETECTION] Is the Trojan horse TR/Zapchast.DT.1 [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\WinSpooler.exe.vir [DETECTION] Is the Trojan horse TR/Drop.Agent.cbo [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\WinUpdating.exe.vir [DETECTION] Is the Trojan horse TR/Agent.fgk.1 [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP291\A0047046.exe [DETECTION] Contains detection pattern of the dropper DR/MegaSearch.N.25 [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP303\A0053654.exe [DETECTION] Is the Trojan horse TR/Drop.Agent.cbo [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP305\A0054904.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP308\A0055154.exe [DETECTION] Is the Trojan horse TR/Pakes.bzo [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP308\A0055175.dll [DETECTION] Is the Trojan horse TR/Vundo.gc [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP308\A0055176.dll [DETECTION] Is the Trojan horse TR/Vundo.DWB [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP308\A0055184.dll [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP308\A0055226.dll [DETECTION] Is the Trojan horse TR/Vundo.gc [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP308\A0055232.dll [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP308\A0055234.dll [DETECTION] Is the Trojan horse TR/Vundo.DWB [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP308\A0055242.dll [DETECTION] Is the Trojan horse TR/Vundo.DWB [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP309\A0056287.dll [DETECTION] Is the Trojan horse TR/Vundo.gc [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP309\A0056289.dll [DETECTION] Is the Trojan horse TR/Vundo.DWB [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP309\A0056506.dll [DETECTION] Is the Trojan horse TR/Vundo.DWB [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP309\A0056579.dll [DETECTION] Is the Trojan horse TR/Vundo.DWB [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP309\A0056582.dll [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP309\A0056597.dll [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP309\A0056598.dll [DETECTION] Is the Trojan horse TR/Vundo.gc [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP309\A0056599.dll [DETECTION] Is the Trojan horse TR/Vundo.DWB [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP318\A0058686.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP318\A0058687.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058884.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058885.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058886.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058887.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058888.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058889.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058890.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058891.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058892.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058893.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058894.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058895.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058896.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058897.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058898.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058899.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058900.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058901.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058902.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058903.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058904.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058905.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058906.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058907.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058908.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058909.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058910.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058911.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058912.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058913.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058914.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058915.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058916.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058917.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058918.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058919.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058920.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058921.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058922.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058923.exe [DETECTION] Is the Trojan horse TR/Drop.Agent.cbo [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058924.exe [DETECTION] Is the Trojan horse TR/Agent.fgk.1 [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058926.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058928.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP321\A0059316.exe [DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.36 [iNFO] The file was deleted! C:\VundoFix Backups\awvvu.dll.bad [DETECTION] Is the Trojan horse TR/Vundo.gc [iNFO] The file was deleted! C:\VundoFix Backups\degcwhrk.dll.bad [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen [iNFO] The file was deleted! C:\VundoFix Backups\dpmxctvy.dll.bad [DETECTION] Is the Trojan horse TR/Vundo.DWB [iNFO] The file was deleted! C:\VundoFix Backups\igkurnmj.dll.bad [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen [iNFO] The file was deleted! C:\VundoFix Backups\jkkjh.dll.bad [DETECTION] Is the Trojan horse TR/Vundo.gc [iNFO] The file was deleted! C:\VundoFix Backups\lidwufmt.dll.bad [DETECTION] Is the Trojan horse TR/Vundo.DWB [iNFO] The file was deleted! C:\VundoFix Backups\pmnll.dll.bad [DETECTION] Is the Trojan horse TR/Vundo.gc [iNFO] The file was deleted! C:\VundoFix Backups\spexysod.dll.bad [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen [iNFO] The file was deleted! C:\VundoFix Backups\tuvtcdnf.dll.bad [DETECTION] Is the Trojan horse TR/Vundo.DWB [iNFO] The file was deleted! C:\VundoFix Backups\vxrnndve.dll.bad [DETECTION] Is the Trojan horse TR/Vundo.DWB [iNFO] The file was deleted! C:\VundoFix Backups\wdhqsqdv.dll.bad [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen [iNFO] The file was deleted! C:\VundoFix Backups\xpybytff.dll.bad [DETECTION] Is the Trojan horse TR/Vundo.DWB [iNFO] The file was deleted! C:\VundoFix Backups\zjkpsyfy.dll.bad [DETECTION] Is the Trojan horse TR/Vundo.DWB [iNFO] The file was deleted! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'F:\' <Nouveau nom> End of the scan: 2008-02-14 20:10 Used time: 48:49 min The scan has been done completely. 8815 Scanning directories 678173 Files were scanned 157 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 132 files were deleted 0 files were repaired 4 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 678016 Files not concerned 3507 Archives were scanned 2 Warnings 0 Notes
- le 14 février 2008
- 48 réponses
[résolu][resolu] StorageProtector + Virtumonde

Nicola.S a répondu à un(e) sujet de Nicola.S dans Analyses et éradication malwares

Je m'en occupe dans un instant, le temps de finir l'analyse antivurs de Antivir (qui du coup, trouve beaucoup plus de chose que F-Secure, dont Vundo )
- le 14 février 2008
- 48 réponses
[résolu][resolu] StorageProtector + Virtumonde

Nicola.S a répondu à un(e) sujet de Nicola.S dans Analyses et éradication malwares

Malheureusement ça ne semble pas le cas. Je n'ai jamais eu de rapport dans C: directement, mais dans C:/Combofix/Combofix.txt. Je me doute que ce n'est pas normal mais c'est pourtant le cas. Rien n'est créé dans C: directement (contrairement aux rapports des autres logiciels tel que Genproc ou Vundofix) Par contre, un dossier Combofix est bien apparu, et dans celui ci figue un Combofix.txt (qui contient ce que j'ai cité précédement)
- le 14 février 2008
- 48 réponses
[résolu][resolu] StorageProtector + Virtumonde

Nicola.S a répondu à un(e) sujet de Nicola.S dans Analyses et éradication malwares

Le truc c'est que c'est le rapport complet Merci pour l'antivirus
- le 14 février 2008
- 48 réponses
[résolu][resolu] StorageProtector + Virtumonde

Nicola.S a répondu à un(e) sujet de Nicola.S dans Analyses et éradication malwares

Voila le rapport, par contre, problème, F Secure ne se lance plus. Du coup plus d'antivirus là. Quand je regarde les processus, je vois isass.exe, c'était pas un virus ? Voila le rapport, en attendant, je débranche internet. ComboFix 08-02-13.2 - Nicolas 2008-02-14 16:17:09.9 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1516 [GMT 1:00] Endroit: C:\Documents and Settings\Nicolas\Bureau\ComboFix(2).exe Command switches used :: C:\Documents and Settings\Nicolas\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE C:\WINDOWS\system32\awtsp.exe C:\WINDOWS\system32\awvtqrs.dll C:\WINDOWS\system32\awvtrrs.dll C:\WINDOWS\system32\awvtu.exe C:\WINDOWS\system32\ddayxwt.dll C:\WINDOWS\system32\ddccb.exe C:\WINDOWS\system32\ddccy.exe C:\WINDOWS\system32\ddccywv.dll C:\WINDOWS\system32\gebcccy.dll C:\WINDOWS\system32\gebcy.exe C:\WINDOWS\system32\gebyaby.dll C:\WINDOWS\system32\gebyvvv.dll C:\WINDOWS\system32\gebyw.exe C:\WINDOWS\system32\geebyyy.dll C:\WINDOWS\system32\jkhfc.exe C:\WINDOWS\system32\jkhhe.exe C:\WINDOWS\system32\jkhhf.exe C:\WINDOWS\system32\jkhhh.exe C:\WINDOWS\system32\jkhhhhe.dll C:\WINDOWS\system32\jkkjg.exe C:\WINDOWS\system32\jkkjhgh.dll C:\WINDOWS\system32\jkkjjge.dll C:\WINDOWS\system32\jkklljk.dll C:\WINDOWS\system32\mljgfde.dll C:\WINDOWS\system32\mljji.exe C:\WINDOWS\system32\mljjk.exe C:\WINDOWS\system32\mllji.exe C:\WINDOWS\system32\pmkhf.exe C:\WINDOWS\system32\pmkhfdd.dll C:\WINDOWS\system32\pmkhfde.dll C:\WINDOWS\system32\pmnlj.exe C:\WINDOWS\system32\pmnljgh.dll C:\WINDOWS\system32\ssqro.exe C:\WINDOWS\system32\ssqrsrq.dll C:\WINDOWS\system32\sstqpmm.dll C:\WINDOWS\system32\sstqr.exe C:\WINDOWS\system32\sstts.exe C:\WINDOWS\system32\sstttqr.dll C:\WINDOWS\system32\vtsqq.exe C:\WINDOWS\system32\vtsqrop.dll C:\WINDOWS\system32\vtststs.dll C:\WINDOWS\system32\WinSpooler.exe C:\WINDOWS\system32\WinUpdating.exe .
- le 14 février 2008
- 48 réponses
[résolu][resolu] StorageProtector + Virtumonde

Nicola.S a répondu à un(e) sujet de Nicola.S dans Analyses et éradication malwares

J'effectue cette manipulation alors ?
- le 14 février 2008
- 48 réponses
[résolu][resolu] StorageProtector + Virtumonde

Nicola.S a répondu à un(e) sujet de Nicola.S dans Analyses et éradication malwares

Ah tiens, je viens de constater, pendant ma navigation sur internet, qu'un second onglet s'est ouvert en popup sous firefox dirigeant vers "avsystemcare". Il ne me semble pas avoir eu cela auparavant
- le 14 février 2008
- 48 réponses
[résolu][resolu] StorageProtector + Virtumonde

Nicola.S a répondu à un(e) sujet de Nicola.S dans Analyses et éradication malwares

Le pc va déjà beaucoup mieux, grand merci à vous. Il reste cependant certaines petites choses: - Au démarrage du pc, un message d'erreur est parfois présent, indiquant l'absence d'une dll (toujours avec un nom bizarre du genre b1s5regxw4.dll) - Dans le poste de travail, l'icone du disque dur C: est remplacée par une croix rouge. (Pas spécialement dérangeant mais étrange, puisque cela semble lié à sotrageprotector) Sinon, j'ai moi aussi envie de désinstaller spybot afin de laisser tourner seulement AVG (moins "lourd" et plus simple d'utilisation), pas de contre-indication ? Encore merci pour toutes ces réponses
- le 14 février 2008
- 48 réponses
[résolu][resolu] StorageProtector + Virtumonde

Nicola.S a répondu à un(e) sujet de Nicola.S dans Analyses et éradication malwares

Merci pour la réponse. En ce qui concerne les antivirus etc, comme écrit dans la procédure, je les désactive (ainsi que la connexion internet) avant de lancer les différents logiciels de diagnostique. Sinon je possède F-Secure, Kerio, AVG, et spybot. Une question en passant puisqu'on en parle. Spybot est muni d'un système de surveillance (Tea time) surement très complet mais aussi difficile à comprendre. J'ai fréquemment des messages venant de celui-ci indiquant des modifications importantes dans le registre. Comment savoir quand il faut autoriser ou non la modification ? Sinon, voila le rapport Diaghelp: DiagHelp version v1.4 - http://www.malekal.com excute le 2008-02-14 à 14:35:57.38 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf -->2008-02-14 14:35:57 C:\WINDOWS\prefetch\CHCP.COM-17EDBDC9.pf -->2008-02-14 14:35:54 C:\WINDOWS\prefetch\BACKWEB-7681197.EXE-0CD34FA2.pf -->2008-02-14 14:35:53 C:\WINDOWS\prefetch\FSLAUNCH.EXE-1541820B.pf -->2008-02-14 14:35:48 C:\WINDOWS\prefetch\WSCNTFY.EXE-0B14C27D.pf -->2008-02-14 14:35:28 C:\WINDOWS\prefetch\VERCLSID.EXE-28F52AD2.pf -->2008-02-14 14:34:22 C:\WINDOWS\prefetch\FIREFOX.EXE-06188867.pf -->2008-02-14 14:34:12 C:\WINDOWS\prefetch\WUAUCLT.EXE-1360D60A.pf -->2008-02-14 14:34:08 C:\WINDOWS\prefetch\WINUPDATING.EXE-1BBB97B0.pf -->2008-02-14 14:34:08 C:\WINDOWS\prefetch\WINSPOOLER.EXE-212A566A.pf -->2008-02-14 14:34:08 C:\WINDOWS\System32\drivers\ComboFix.sys -->2008-02-14 14:27:07 C:\WINDOWS\System32\drivers\fwdrv.err -->2008-02-13 18:09:21 C:\WINDOWS\System32\drivers\sptd.sys -->2007-12-19 22:38:51 C:\WINDOWS\System32\drivers\mrxdav.sys -->2007-12-18 10:51:35 C:\WINDOWS\System32\drivers\yk51x86.sys -->2007-12-06 09:51:00 C:\WINDOWS\System32\drivers\secdrv.sys -->2007-11-13 11:25:54 C:\WINDOWS\System32\drivers\nv4_mini.sys -->2007-11-06 20:00:00 C:\WINDOWS\System32\wpa.dbl -->2008-02-14 14:33:14 C:\WINDOWS\System32\settingsbkup.sfm -->2008-02-14 14:31:56 C:\WINDOWS\System32\settings.sfm -->2008-02-14 14:31:56 C:\WINDOWS\System32\DVCState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx -->2008-02-14 14:31:56 C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx -->2008-02-14 14:31:56 C:\WINDOWS\System32\BMXState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx -->2008-02-14 14:31:56 C:\WINDOWS\System32\jupdate-1.6.0_04-b12.log -->2008-02-14 14:18:00 C:\WINDOWS\System32\tmp.txt -->2008-02-11 23:07:24 C:\WINDOWS\System32\tmp.reg -->2008-02-11 23:07:23 C:\WINDOWS\System32\bpsnfgrb.ini -->2008-02-11 13:44:51 C:\WINDOWS\System32\bmhvcfoh.ini -->2008-02-11 13:44:24 C:\WINDOWS\System32\rar.exe -->2008-02-10 13:45:18 C:\WINDOWS\System32\WinSpooler.exe -->2008-02-10 13:44:22 C:\WINDOWS\System32\WinUpdating.exe -->2008-02-10 11:57:57 C:\WINDOWS\System32\mljgfde.dll -->2008-02-07 12:18:57 C:\WINDOWS\System32\gebyw.exe -->2008-02-07 12:18:57 C:\WINDOWS\System32\sstttqr.dll -->2008-02-06 10:48:42 C:\WINDOWS\System32\gebcccy.dll -->2008-02-05 19:51:13 C:\WINDOWS\System32\ddccb.exe -->2008-02-05 19:51:13 C:\WINDOWS\System32\jkkjjge.dll -->2008-02-05 06:51:24 C:\WINDOWS\System32\jkhhh.exe -->2008-02-05 06:51:23 C:\WINDOWS\System32\MRT.exe -->2008-02-05 00:09:46 C:\WINDOWS\System32\pmkhfdd.dll -->2008-02-04 12:32:41 C:\WINDOWS\System32\ddccy.exe -->2008-02-04 12:32:41 C:\WINDOWS\System32\awvtqrs.dll -->2008-02-02 18:04:07 C:\WINDOWS.log -->2008-02-14 14:33:09 C:\WINDOWS\WindowsUpdate.log -->2008-02-14 14:33:05 C:\WINDOWS\bootstat.dat -->2008-02-14 14:32:50 C:\WINDOWS\SchedLgU.Txt -->2008-02-14 14:31:50 C:\WINDOWS\PSEXESVC.EXE -->2008-02-14 14:26:55 C:\WINDOWS\system.ini -->2008-02-14 12:19:19 C:\WINDOWS\MEMORY.DMP -->2008-02-13 19:52:57 C:\WINDOWS\ntbtlog.txt -->2008-02-13 18:09:32 C:\WINDOWS\tsoc.log -->2008-02-13 12:08:11 C:\WINDOWS\setupapi.log -->2008-02-13 12:08:11 C:\WINDOWS\ocmsn.log -->2008-02-13 12:08:11 C:\WINDOWS\ocgen.log -->2008-02-13 12:08:11 C:\WINDOWS\ntdtcsetup.log -->2008-02-13 12:08:11 C:\WINDOWS\msgsocm.log -->2008-02-13 12:08:11 C:\WINDOWS\KB946026.log -->2008-02-13 12:08:11 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 2356 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x44080000 0xcf000 7.00.6000.16608 C:\WINDOWS\system32\WININET.dll 0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x43e00000 0x45000 7.00.6000.16608 C:\WINDOWS\system32\iertutil.dll 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x00da0000 0x33000 1.04.0000.0001 C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL 0x00f90000 0x13000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll 0x44160000 0x127000 7.00.6000.16608 C:\WINDOWS\system32\urlmon.dll 0x44360000 0x5cd000 7.00.6000.16608 C:\WINDOWS\system32\ieframe.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x442b0000 0x3c000 7.00.6000.16608 C:\WINDOWS\system32\webcheck.dll 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll 0x01900000 0x171000 6.14.0010.11129 C:\WINDOWS\system32\nview.dll 0x02220000 0x50000 6.14.0010.11129 C:\WINDOWS\system32\NVWRSFR.DLL 0x02620000 0x2c000 1.04.0000.0002 C:\Program Files\MarkAny\ContentSafer\MaCSProHook.DLL 0x01e40000 0x6000 1.00.0000.0012 C:\WINDOWS\system32\ctagent.dll 0x02c60000 0x185000 1.05.0000.0011 C:\PROGRA~1\SPYBOT~1\SDHelper.dll 0x43ff0000 0xa000 7.00.6000.16608 C:\WINDOWS\system32\jsproxy.dll 0x03330000 0x15000 6.14.0011.6906 C:\WINDOWS\system32\nvwddi.dll 0x78130000 0x9b000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll 0x033e0000 0x1b9000 2.00.0000.0008 C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll 0x7c140000 0x103000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\Lib\MFC71.DLL 0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\Fichiers communs\Ahead\Lib\MSVCR71.dll 0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\Lib\MSVCP71.dll 0x62350000 0x53000 2.00.0500.0000 C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll 0x60400000 0x18000 2.00.0500.0000 C:\Program Files\OpenOffice.org 2.3\program\uwinapi.dll 0x61e70000 0x8e000 4.05.2003.0120 C:\Program Files\OpenOffice.org 2.3\program\stlport_vc7145.dll 0x036a0000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll 0x03710000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA 0x03270000 0x6000 6.01.0004.0058 C:\WINDOWS\TEMP\IadHide4.dll 0x60980000 0x7000 3.01.4000.1823 C:\WINDOWS\system32\MSISIP.DLL 0x74e10000 0x10000 5.06.0000.8820 C:\WINDOWS\System32\wshext.dll 0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL 0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL 0x59000000 0xe000 5.06.0000.6626 C:\WINDOWS\System32\wshFR.DLL ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 756 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x011e0000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 4876-1268 Répertoire de C:\WINDOWS\system32 2004-08-20 00:09 6,144 csrss.exe 1 fichier(s) 6,144 octets 0 Rép(s) 5,624,254,464 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 4876-1268 Répertoire de C:\WINDOWS\Downloaded Program Files 2008-02-11 20:13 <REP> . 2008-02-11 20:13 <REP> .. 2004-12-07 17:07 32 bdcore.dll 2006-05-25 01:21 118,784 bdupd.dll 2007-02-14 15:40 65 desktop.ini 2007-03-23 11:17 1,292 erma.inf 2006-05-25 01:21 53,248 ipsupd.dll 2005-03-16 12:34 7,407 lang.ini 2004-12-07 17:07 32 libfn.dll 2005-03-14 14:38 126 live.ini 2007-10-29 16:45 1,244 oscan8.inf 2007-10-25 16:54 471,040 oscan8.ocx 2005-03-14 14:58 7,073 scanoptions.tsi 2005-05-26 04:19 291 wuweb.inf 12 fichier(s) 660,634 octets Total des fichiers listés : 12 fichier(s) 660,634 octets 2 Rép(s) 5,624,254,464 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... 127.0.0.1 www.activexupdate.com 127.0.0.1 activexupdate.com 127.0.0.1 www.avpcheckupdate.com 127.0.0.1 avpcheckupdate.com 127.0.0.1 client.exeupdate.com 127.0.0.1 www.eupdatepage.com 127.0.0.1 eupdatepage.com 127.0.0.1 www.exeupdate.com 127.0.0.1 exeupdate.com 127.0.0.1 www.hotwinupdates.com 127.0.0.1 hotwinupdates.com 127.0.0.1 www.lavasoftupdate.com 127.0.0.1 lavasoftupdate.com 127.0.0.1 www.malwarewipeupdate.com 127.0.0.1 malwarewipeupdate.com 127.0.0.1 www.msupdate.net 127.0.0.1 msupdate.net 127.0.0.1 www.msupdater.net 127.0.0.1 msupdater.net 127.0.0.1 www.necessaryupdates.com 127.0.0.1 necessaryupdates.com 127.0.0.1 newupdates.lzio.com 127.0.0.1 redirect.msupdate.net 127.0.0.1 search.keyword.exeupdate.com 127.0.0.1 www.securityupdatesite.com 127.0.0.1 securityupdatesite.com 127.0.0.1 settings.updatemysettings.com 127.0.0.1 www.spyaxeupdate.com 127.0.0.1 spyaxeupdate.com 127.0.0.1 www.spyfalconupdate.com 127.0.0.1 spyfalconupdate.com 127.0.0.1 www.systemupdates.net 127.0.0.1 systemupdates.net 127.0.0.1 trial.updates.winsoftware.com 127.0.0.1 update.680180.net 127.0.0.1 www.updatemysettings.com 127.0.0.1 updatemysettings.com 127.0.0.1 updates.spywarequake.com 127.0.0.1 www.urgentsystemupdate.biz 127.0.0.1 urgentsystemupdate.biz 127.0.0.1 www.urgentsystemupdate.com 127.0.0.1 urgentsystemupdate.com 127.0.0.1 windupdates.com 127.0.0.1 www.pandaantivirus-2007.com 127.0.0.1 pandaantivirus-2007.com 127.0.0.1 www.pandadownload-now.com 127.0.0.1 pandadownload-now.com 127.0.0.1 www.panda-hq.com 127.0.0.1 panda-hq.com catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-14 14:36:52 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:db,0b,ab,40,77,60,0c,12,7b,2d,22,1b,46,50,6d,4a,c0,fd,be,ea,55,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:db,0b,ab,40,77,60,0c,12,7b,2d,22,1b,46,50,6d,4a,c0,fd,be,ea,55,.. scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:00000136 scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 176 - FSMA32.exe 732 - csrss.exe 756 - winlogon.exe 804 - services.exe 816 - lsass.exe 864 - FSLAUNCH.exe 976 - svchost.exe 1052 - svchost.exe 1092 - svchost.exe 1132 - svchost.exe 1180 - svchost.exe 1276 - svchost.exe 1368 - spoolsv.exe 1520 - guard.exe 1536 - SERVIC~1.EXE 1556 - mDNSResponder.e 1636 - fsgk32.exe 1692 - fssm32.exe 1712 - nvsvc32.exe 2108 - alg.exe 2296 - wscntfy.exe 2356 - explorer.exe 2844 - smax4pnp.exe 2872 - CtHelper.exe 2932 - Ctxfihlp.exe 2956 - CTxfispi.exe 2964 - CTSched.exe 3040 - FSLAUNCH.exe 3064 - rundll32.exe 3132 - rundll32.exe 3248 - backWeb-7681197 3264 - MaAgent.exe 3284 - reader_sl.exe 3304 - avgas.exe 3372 - ctfmon.exe 3416 - svchost.exe 3456 - NMBgMonitor.exe 3492 - NMIndexingServi 3552 - NMIndexStoreSvr 3752 - cmd.exe 4076 - wuauclt.exe Total number of processes = 42 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntkrnlpa.exe 806E2000 - \WINDOWS\system32\hal.dll BADA8000 - \WINDOWS\system32\KDCOM.DLL BACB8000 - \WINDOWS\system32\BOOTVID.dll BA6A9000 - spcc.sys BADAA000 - \WINDOWS\System32\Drivers\WMILIB.SYS BA691000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS BA662000 - ACPI.sys BA651000 - pci.sys BA8A8000 - ohci1394.sys BA8B8000 - \WINDOWS\System32\DRIVERS\1394BUS.SYS BA8C8000 - isapnp.sys BAE70000 - pciide.sys BAB28000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS BA8D8000 - MountMgr.sys BA632000 - ftdisk.sys BAB30000 - PartMgr.sys BA8E8000 - VolSnap.sys BA61A000 - atapi.sys BA8F8000 - jraid.sys BA908000 - disk.sys BA918000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS BA5FA000 - fltmgr.sys BA5E8000 - sr.sys BA5D1000 - KSecDD.sys BA5BE000 - WudfPf.sys BA531000 - Ntfs.sys BA504000 - NDIS.sys BA4F1000 - sfvfs02.sys BAB38000 - sfhlp02.sys BA4DF000 - sfdrv01.sys BA4C4000 - Mup.sys BADAC000 - JGOGO.sys BA9A8000 - \SystemRoot\System32\DRIVERS\intelppm.sys B9D66000 - \SystemRoot\System32\DRIVERS\nv4_mini.sys B9D52000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS BAB88000 - \SystemRoot\System32\DRIVERS\usbuhci.sys B9D2F000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS BAB90000 - \SystemRoot\System32\DRIVERS\usbehci.sys B9D0A000 - \SystemRoot\System32\DRIVERS\HDAudBus.sys BA9B8000 - \SystemRoot\System32\DRIVERS\cdrom.sys B9CC4000 - \SystemRoot\System32\DRIVERS\yk51x86.sys B9C46000 - \SystemRoot\system32\drivers\ctaud2k.sys B9C22000 - \SystemRoot\system32\drivers\portcls.sys BA9C8000 - \SystemRoot\system32\drivers\drmk.sys B9BFF000 - \SystemRoot\system32\drivers\ks.sys B9BCB000 - \SystemRoot\system32\drivers\ctoss2k.sys BABB8000 - \SystemRoot\system32\drivers\ctprxy2k.sys BA9D8000 - \SystemRoot\System32\DRIVERS\nic1394.sys B9BBA000 - \SystemRoot\System32\DRIVERS\serial.sys BAD64000 - \SystemRoot\System32\DRIVERS\serenum.sys BADB4000 - \SystemRoot\System32\DRIVERS\ASACPI.sys BA9E8000 - \SystemRoot\System32\DRIVERS\i8042prt.sys BABD8000 - \SystemRoot\System32\DRIVERS\kbdclass.sys BAFBC000 - \SystemRoot\System32\DRIVERS\audstub.sys BA9F8000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys BAD6C000 - \SystemRoot\System32\DRIVERS\ndistapi.sys B9B03000 - \SystemRoot\System32\DRIVERS\ndiswan.sys BAA08000 - \SystemRoot\System32\DRIVERS\raspppoe.sys BAA18000 - \SystemRoot\System32\DRIVERS\raspptp.sys BABF8000 - \SystemRoot\System32\DRIVERS\TDI.SYS B9AF2000 - \SystemRoot\System32\DRIVERS\psched.sys BAA28000 - \SystemRoot\System32\DRIVERS\msgpc.sys BAC08000 - \SystemRoot\System32\DRIVERS\ptilink.sys BAC18000 - \SystemRoot\System32\DRIVERS\raspti.sys BAA38000 - \SystemRoot\System32\DRIVERS\termdd.sys BAC28000 - \SystemRoot\System32\DRIVERS\mouclass.sys BADBA000 - \SystemRoot\System32\DRIVERS\swenum.sys B9A99000 - \SystemRoot\System32\DRIVERS\update.sys BAD80000 - \SystemRoot\System32\DRIVERS\mssmbios.sys BAA48000 - \SystemRoot\System32\Drivers\NDProxy.SYS BAA58000 - \SystemRoot\System32\DRIVERS\usbhub.sys BADC0000 - \SystemRoot\System32\DRIVERS\USBD.SYS B7934000 - \SystemRoot\system32\drivers\ADIHdAud.sys B791D000 - \SystemRoot\system32\drivers\AEAudio.sys B78BD000 - \SystemRoot\system32\drivers\Senfilt.sys B3576000 - \SystemRoot\system32\drivers\ha20x2k.sys B3547000 - \SystemRoot\system32\drivers\emupia2k.sys B351E000 - \SystemRoot\system32\drivers\ctsfm2k.sys B3482000 - \SystemRoot\system32\drivers\ctac32k.sys BADC6000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS BAEAB000 - \SystemRoot\System32\Drivers\Null.SYS BADCA000 - \SystemRoot\System32\Drivers\Beep.SYS BAEAD000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys BAC80000 - \SystemRoot\System32\drivers\vga.sys BADCE000 - \SystemRoot\System32\Drivers\mnmdd.SYS BADD2000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys B3419000 - \SystemRoot\system32\drivers\fwdrv.sys BAC90000 - \SystemRoot\System32\Drivers\Msfs.SYS BACA0000 - \SystemRoot\System32\Drivers\Npfs.SYS BA47C000 - \SystemRoot\System32\DRIVERS\rasacd.sys B3406000 - \SystemRoot\System32\DRIVERS\ipsec.sys B33AE000 - \SystemRoot\System32\DRIVERS\tcpip.sys B3365000 - \SystemRoot\System32\DRIVERS\ipnat.sys B333D000 - \SystemRoot\System32\DRIVERS\netbt.sys BAA88000 - \SystemRoot\System32\DRIVERS\wanarp.sys B331B000 - \SystemRoot\System32\drivers\afd.sys BAA98000 - \SystemRoot\System32\DRIVERS\arp1394.sys BAAA8000 - \SystemRoot\System32\DRIVERS\netbios.sys B3250000 - \SystemRoot\System32\DRIVERS\rdbss.sys B31E1000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys B31D0000 - \SystemRoot\system32\drivers\khips.sys BAD68000 - \SystemRoot\system32\DRIVERS\hidusb.sys BAAD8000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS BAB98000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS BAAF8000 - \SystemRoot\System32\Drivers\Fips.SYS BAF16000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys B9A91000 - \SystemRoot\System32\DRIVERS\mouhid.sys BAB18000 - \SystemRoot\System32\Drivers\Cdfs.SYS B31B8000 - \SystemRoot\System32\Drivers\dump_atapi.sys BADE4000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys B78B1000 - \SystemRoot\System32\drivers\Dxapi.sys BABE0000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys BAFC0000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32\nv4_disp.dll BFFA0000 - \SystemRoot\System32\ATMFD.DLL B2E80000 - \SystemRoot\System32\DRIVERS\ndisuio.sys B2C1C000 - \SystemRoot\System32\DRIVERS\mrxdav.sys B2CE8000 - \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys B2C98000 - \??\C:\Program Files\F-Secure\Common\FSPM.SYS B2972000 - \SystemRoot\System32\DRIVERS\srv.sys B2B2C000 - \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys B2CC8000 - \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys B277D000 - \SystemRoot\system32\drivers\wdmaud.sys B2B5C000 - \SystemRoot\system32\drivers\sysaudio.sys B1F34000 - \SystemRoot\System32\Drivers\HTTP.sys BAF0E000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 129 Liste des programmes installes Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe BridgeTalk Plugin CS3 Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color Common Settings Adobe Color EU Recommended Settings Adobe Color JA Extra Settings Adobe Color NA Extra Settings Adobe Creative Suite 3 Web Premium Adobe Default Language CS3 Adobe Device Central CS3 Adobe Dreamweaver CS3 Adobe ExtendScript Toolkit 2 Adobe ExtendScript Toolkit 2 Adobe Extension Manager CS3 Adobe Flash Player 9 ActiveX Adobe Flash Player ActiveX Adobe Flash Player Plugin Adobe Flash Video Encoder Adobe Fonts All Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe MotionPicture Color Files Adobe PDF Library Files Adobe Photoshop CS3 Adobe Reader 8.1.2 - Français Adobe Setup Adobe Setup Adobe Setup Adobe Shockwave Player Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe Version Cue CS3 Server {ko_KR} Adobe WAS CS3 Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 AHV content for Acrobat and Flash Ajouter ou supprimer Adobe Creative Suite 3 Web Premium Archiveur WinRAR ASUSUpdate AVG Anti-Spyware 7.5 Canon iP3300 Canon Setup Utility 2.3 Canon Utilities Easy-PhotoPrint Canon Utilities Easy-PrintToolBox CCleaner (remove only) CD Audio Reader Filter (remove only) Correctif pour Lecteur Windows Media 11 (KB939683) Correctif pour Windows XP (KB914440) Correctif Windows XP - KB873339 Correctif Windows XP - KB885835 Correctif Windows XP - KB885836 Correctif Windows XP - KB886185 Correctif Windows XP - KB887472 Correctif Windows XP - KB888302 Correctif Windows XP - KB890859 Correctif Windows XP - KB891781 Creative MediaSource 5 Creative Software AutoUpdate Creative System Information DataCastComponent DirectVobSub (remove only) DivX Content Uploader DivX Web Player DScaler 5 Mpeg Decoders Easy-WebPrint Enregistrement utilisateur de Canon iP3300 F-Secure Anti-Virus F-Secure BackWeb F-Secure Management Agent ffdshow [rev 1058+] [2007-03-22] Google Earth Half-Life® 2 High Definition Audio Driver Package - KB888111 HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.0 (KB932471) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) Java 6 Update 4 JRAID K-Lite Codec Pack 2.85 Full Lame ACM MP3 Codec Lecteur Windows Media 11 Marvell Miniport Driver Messenger Plus! Live Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Language Pack - FRA Microsoft .NET Framework 2.0 Service Pack 1 Microsoft .NET Framework 3.0 French Language Pack Microsoft .NET Framework 3.0 Service Pack 1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft User-Mode Driver Framework Feature Pack 1.0 Mise à jour de sécurité pour Lecteur Windows Media (KB911564) Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) Mise à jour de sécurité pour Lecteur Windows Media 8 (KB917734) Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533) Mise à jour de sécurité pour Windows XP (KB890046) Mise à jour de sécurité pour Windows XP (KB893756) Mise à jour de sécurité pour Windows XP (KB896358) Mise à jour de sécurité pour Windows XP (KB896423) Mise à jour de sécurité pour Windows XP (KB896424) Mise à jour de sécurité pour Windows XP (KB896428) Mise à jour de sécurité pour Windows XP (KB899587) Mise à jour de sécurité pour Windows XP (KB899591) Mise à jour de sécurité pour Windows XP (KB900725) Mise à jour de sécurité pour Windows XP (KB901017) Mise à jour de sécurité pour Windows XP (KB901214) Mise à jour de sécurité pour Windows XP (KB902400) Mise à jour de sécurité pour Windows XP (KB904706) Mise à jour de sécurité pour Windows XP (KB905414) Mise à jour de sécurité pour Windows XP (KB905749) Mise à jour de sécurité pour Windows XP (KB908519) Mise à jour de sécurité pour Windows XP (KB911562) Mise à jour de sécurité pour Windows XP (KB911927) Mise à jour de sécurité pour Windows XP (KB912919) Mise à jour de sécurité pour Windows XP (KB913580) Mise à jour de sécurité pour Windows XP (KB914388) Mise à jour de sécurité pour Windows XP (KB914389) Mise à jour de sécurité pour Windows XP (KB917344) Mise à jour de sécurité pour Windows XP (KB917422) Mise à jour de sécurité pour Windows XP (KB917953) Mise à jour de sécurité pour Windows XP (KB918118) Mise à jour de sécurité pour Windows XP (KB919007) Mise à jour de sécurité pour Windows XP (KB920213) Mise à jour de sécurité pour Windows XP (KB920670) Mise à jour de sécurité pour Windows XP (KB920683) Mise à jour de sécurité pour Windows XP (KB920685) Mise à jour de sécurité pour Windows XP (KB921398) Mise à jour de sécurité pour Windows XP (KB921503) Mise à jour de sécurité pour Windows XP (KB921883) Mise à jour de sécurité pour Windows XP (KB922616) Mise à jour de sécurité pour Windows XP (KB922819) Mise à jour de sécurité pour Windows XP (KB923191) Mise à jour de sécurité pour Windows XP (KB923414) Mise à jour de sécurité pour Windows XP (KB923689) Mise à jour de sécurité pour Windows XP (KB923694) Mise à jour de sécurité pour Windows XP (KB923980) Mise à jour de sécurité pour Windows XP (KB924191) Mise à jour de sécurité pour Windows XP (KB924270) Mise à jour de sécurité pour Windows XP (KB924496) Mise à jour de sécurité pour Windows XP (KB924667) Mise à jour de sécurité pour Windows XP (KB925902) Mise à jour de sécurité pour Windows XP (KB926255) Mise à jour de sécurité pour Windows XP (KB926436) Mise à jour de sécurité pour Windows XP (KB927779) Mise à jour de sécurité pour Windows XP (KB927802) Mise à jour de sécurité pour Windows XP (KB928090) Mise à jour de sécurité pour Windows XP (KB928255) Mise à jour de sécurité pour Windows XP (KB928843) Mise à jour de sécurité pour Windows XP (KB929123) Mise à jour de sécurité pour Windows XP (KB930178) Mise à jour de sécurité pour Windows XP (KB931261) Mise à jour de sécurité pour Windows XP (KB931784) Mise à jour de sécurité pour Windows XP (KB932168) Mise à jour de sécurité pour Windows XP (KB933729) Mise à jour de sécurité pour Windows XP (KB935839) Mise à jour de sécurité pour Windows XP (KB935840) Mise à jour de sécurité pour Windows XP (KB936021) Mise à jour de sécurité pour Windows XP (KB938829) Mise à jour de sécurité pour Windows XP (KB941202) Mise à jour de sécurité pour Windows XP (KB941568) Mise à jour de sécurité pour Windows XP (KB941569) Mise à jour de sécurité pour Windows XP (KB941644) Mise à jour de sécurité pour Windows XP (KB943055) Mise à jour de sécurité pour Windows XP (KB943460) Mise à jour de sécurité pour Windows XP (KB943485) Mise à jour de sécurité pour Windows XP (KB944653) Mise à jour de sécurité pour Windows XP (KB946026) Mise à jour pour Windows XP (KB898461) Mise à jour pour Windows XP (KB900485) Mise à jour pour Windows XP (KB904942) Mise à jour pour Windows XP (KB908531) Mise à jour pour Windows XP (KB910437) Mise à jour pour Windows XP (KB911280) Mise à jour pour Windows XP (KB916595) Mise à jour pour Windows XP (KB920342) Mise à jour pour Windows XP (KB920872) Mise à jour pour Windows XP (KB922582) Mise à jour pour Windows XP (KB925720) Mise à jour pour Windows XP (KB925876) Mise à jour pour Windows XP (KB927891) Mise à jour pour Windows XP (KB929338) Mise à jour pour Windows XP (KB930916) Mise à jour pour Windows XP (KB931836) Mise à jour pour Windows XP (KB933360) Mise à jour pour Windows XP (KB936357) Mise à jour pour Windows XP (KB938828) Mise à jour pour Windows XP (KB942763) Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0 Mozilla Firefox (2.0.0.12) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 6.0 Parser (KB933579) Nero 7 neroxml Neuf - Kit de connexion NVIDIA Drivers OpenOffice.org 2.3 OpenSource Flash Video Splitter (remove only) Package de base Microsoft de service de chiffrement pour cartes à puce PDF Settings RealMedia (remove only) Samsung Media Studio Sound Blaster X-Fi SoundMAX Spybot - Search & Destroy Steam Sunbelt Personal Firewall TeamSpeak 2 RC2 WebFldrs XP Windows Communication Foundation Language Pack - FRA Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live Messenger Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Format SDK Hotfix - KB891122 Windows Media Player 11 Windows Presentation Foundation Windows Presentation Foundation Language Pack (FRA) Windows Workflow Foundation FR Language Pack Windows XP Service Pack 2 XML Paper Specification Shared Components Language Pack 1.0 XML Paper Specification Shared Components Pack 1.0 XviD MPEG-4 Video Codec Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 4876-1268 Répertoire de C:\Program Files 2008-02-12 16:43 <REP> . 2008-02-12 16:43 <REP> .. 2008-02-09 18:55 <REP> Adobe 2007-02-14 15:59 <REP> Analog Devices 2007-02-15 11:55 <REP> ASUS 2007-11-25 17:18 <REP> Azureus 2007-07-21 17:10 <REP> Bonjour 2007-10-23 09:03 <REP> Canon 2008-02-11 23:05 <REP> CCleaner 2007-12-14 21:51 <REP> CD Audio Reader Filter 2007-02-14 15:38 <REP> ComPlus Applications 2007-02-14 16:21 <REP> Creative 2007-12-14 21:50 <REP> DirectVobSub 2007-07-23 12:09 <REP> DivX 2007-12-14 21:51 <REP> DScaler5 2008-02-14 12:52 <REP> eChanblard 2008-02-11 18:54 <REP> Fichiers communs 2007-12-15 20:14 <REP> FileZilla Client 2007-02-14 18:37 <REP> F-Secure 2008-01-11 16:42 <REP> Google 2008-02-11 17:00 <REP> Grisoft 2007-12-14 21:50 <REP> Haali 2007-02-14 15:46 <REP> Intel 2008-02-13 12:08 <REP> Internet Explorer 2008-02-14 14:21 <REP> Java 2007-03-25 16:41 <REP> K-Lite Codec Pack 2007-08-15 14:27 <REP> Lame MP3 Codec 2008-01-23 12:53 <REP> Lavasoft 2007-08-15 14:26 <REP> MarkAny 2007-02-14 16:04 <REP> Marvell 2007-02-14 20:30 <REP> Messenger 2008-01-08 15:37 <REP> Messenger Plus! Live 2007-02-14 15:41 <REP> microsoft frontpage 2007-02-14 19:43 <REP> Movie Maker 2008-02-14 14:34 <REP> Mozilla Firefox 2007-09-22 10:57 <REP> MSBuild 2007-02-14 15:38 <REP> MSN 2007-02-14 15:38 <REP> MSN Gaming Zone 2008-01-08 15:37 <REP> MSN Messenger 2007-07-05 10:11 <REP> MSXML 4.0 2007-09-22 10:59 <REP> MSXML 6.0 2007-07-04 11:22 <REP> Nero 2007-02-14 19:42 <REP> NetMeeting 2007-02-14 16:56 <REP> Neuf 2008-01-08 13:35 <REP> nutri 2007-12-01 13:34 <REP> OpenOffice.org 2.3 2007-12-14 21:51 <REP> OpenSource Flash Video Splitter 2007-06-19 18:13 <REP> Outlook Express 2007-07-21 17:35 <REP> QuickTime 2007-12-14 21:51 <REP> RealMedia 2007-09-22 10:55 <REP> Reference Assemblies 2007-08-15 14:26 <REP> Samsung 2007-02-14 15:38 <REP> Services en ligne 2008-02-12 12:20 <REP> Spybot - Search & Destroy 2007-02-14 16:59 <REP> Sunbelt Software 2007-09-23 18:11 <REP> Teamspeak2_RC2 2008-02-12 16:43 <REP> Trend Micro 2007-12-01 14:21 <REP> Valve 2007-12-15 20:14 <REP> Visicom Media 2007-07-17 15:17 <REP> Webteh 2008-01-08 15:37 <REP> Windows Live 2007-02-14 22:06 <REP> Windows Media Connect 2 2007-02-14 22:06 <REP> Windows Media Player 2007-02-14 19:41 <REP> Windows NT 2007-06-02 09:54 <REP> WinRAR 2008-01-08 13:50 <REP> WorkoutLogger 2007-02-14 15:41 <REP> xerox 2007-08-15 14:27 <REP> XviD 0 fichier(s) 0 octets 68 Rép(s) 5,624,160,256 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 4876-1268 Répertoire de C:\Program Files\fichiers communs 2008-02-11 18:54 <REP> . 2008-02-11 18:54 <REP> .. 2008-02-09 18:55 <REP> Adobe 2007-07-04 11:22 <REP> Ahead 2007-12-02 09:39 <REP> Blizzard Entertainment 2007-02-14 16:15 <REP> Creative 2007-02-15 11:54 <REP> InstallShield 2007-06-30 10:55 <REP> Java 2007-07-21 17:06 <REP> Macrovision Shared 2007-02-14 22:03 <REP> Microsoft Shared 2007-02-14 15:39 <REP> MSSoap 2007-02-14 15:27 <REP> ODBC 2007-02-14 15:39 <REP> Services 2007-02-14 15:27 <REP> SpeechEngines 2007-06-19 18:13 <REP> System 0 fichier(s) 0 octets 15 Rép(s) 5,624,160,256 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 4876-1268 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 2007-02-14 15:44 <REP> . 2007-02-14 15:44 <REP> .. 2001-05-18 17:57 561,209 MSONSEXT.DLL 1999-06-03 14:09 122,937 MSOWS409.DLL 2001-03-07 09:00 127,033 MSOWS40c.DLL 3 fichier(s) 811,179 octets 2 Rép(s) 5,624,160,256 octets libres c:\Documents and Settings\Nicolas\Application Data\Microsoft\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.exe c:\Documents and Settings\Nicolas\Bureau\ccsetup204.exe c:\Documents and Settings\Nicolas\Bureau\ComboFix(2).exe c:\Documents and Settings\Nicolas\Bureau\FxVundoB.exe c:\Documents and Settings\Nicolas\Bureau\HJTInstall(2).exe c:\Documents and Settings\Nicolas\Bureau\HJTInstall.exe c:\Documents and Settings\Nicolas\Bureau\jre-6u4-windows-i586-p.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix.exe c:\Documents and Settings\Nicolas\Bureau\spybotsd152.exe c:\Documents and Settings\Nicolas\Bureau\VirtumundoBeGone.exe c:\Documents and Settings\Nicolas\Bureau\VundoFix(2).exe c:\Documents and Settings\Nicolas\Bureau\VundoFix.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\catchme.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\diff.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\dumphive.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\find2.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\Fport.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\grep.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\gzip.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\KProcCheck.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\LFiles.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\md5sums.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\pslist.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\sigcheck.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\streams.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\swreg.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\tar.exe c:\Documents and Settings\Nicolas\Bureau\GenProc\GenProc\outil\swreg.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\dumphive.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\exit.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\GenericRenosFix.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\HostsChk.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\IEDFix.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\Process.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\Reboot.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\restart.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\SmiUpdate.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\SrchSTS.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\swreg.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\swsc.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\swxcacls.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\unzip.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\VACFix.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\VCCLSID.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\WS2Fix.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer1716\Setup.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer1716\redist\WindowsInstaller-KB893803-v2-x86.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer1716\redist\WindowsServer2003-KB898715-ia64-enu.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer1716\redist\WindowsServer2003-KB898715-x64-enu.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer1716\redist\WindowsServer2003-KB898715-x86-enu.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer1716\redist\WindowsXP-KB898715-x64-enu.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer388\Setup.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer388\redist\WindowsInstaller-KB893803-v2-x86.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer388\redist\WindowsServer2003-KB898715-ia64-enu.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer388\redist\WindowsServer2003-KB898715-x64-enu.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer388\redist\WindowsServer2003-KB898715-x86-enu.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer388\redist\WindowsXP-KB898715-x64-enu.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer4008\Setup.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer4008\redist\WindowsInstaller-KB893803-v2-x86.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer4008\redist\WindowsServer2003-KB898715-ia64-enu.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer4008\redist\WindowsServer2003-KB898715-x64-enu.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer4008\redist\WindowsServer2003-KB898715-x86-enu.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer4008\redist\WindowsXP-KB898715-x64-enu.exe c:\Documents and Settings\Nicolas\Local Settings\Temp\runme.exe c:\Documents and Settings\PASCAL\Bureau\Azureus_3.0.3.4_windows.exe c:\Documents and Settings\PASCAL\Bureau\google-earth_google_earth_4.2.0198_beta_francais_14783.exe c:\Documents and Settings\PASCAL\Bureau\installer-51883-17-Azureus-French.exe c:\Documents and Settings\PASCAL\Bureau\jre-6u3-windows-i586-p-iftw.exe c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules401\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules401\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules401\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules404\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules404\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules404\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules405\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules405\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules405\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules406\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules406\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules406\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules407\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules407\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules407\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules408\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules408\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules408\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules409\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules409\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules409\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40b\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40b\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40b\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40c\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40c\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40c\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40e\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40e\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40e\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules410\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules410\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules410\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules411\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules411\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules411\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules412\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules412\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules412\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules413\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules413\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules413\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules414\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules414\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules414\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules415\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules415\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules415\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules419\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules419\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules419\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41D\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41D\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41D\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41E\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41E\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41E\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41F\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41F\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41F\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules804\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules804\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules804\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules816\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules816\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules816\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModulesc0a\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModulesc0a\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModulesc0a\CNMur84.dll c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Nero\DrWeb\Drweb32.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll c:\Documents and Settings\Nicolas\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_DOCHE-0PKOS71KZ.tar.gz a l'adresse http://upload.malekal.com Merci d'avance.
- le 14 février 2008
- 48 réponses
[résolu][resolu] StorageProtector + Virtumonde

Nicola.S a répondu à un(e) sujet de Nicola.S dans Analyses et éradication malwares

Merci. Voila le rapport : DiagHelp version v1.4 - http://www.malekal.com excute le 2008-02-14 à 13:20:47.23 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\BACKWEB-7681197.EXE-0CD34FA2.pf -->2008-02-14 13:20:46 C:\WINDOWS\prefetch\CHCP.COM-17EDBDC9.pf -->2008-02-14 13:20:44 C:\WINDOWS\prefetch\FSLAUNCH.EXE-1541820B.pf -->2008-02-14 13:20:41 C:\WINDOWS\prefetch\WSCNTFY.EXE-0B14C27D.pf -->2008-02-14 13:20:22 C:\WINDOWS\prefetch\FIREFOX.EXE-06188867.pf -->2008-02-14 13:19:54 C:\WINDOWS\prefetch\VERCLSID.EXE-28F52AD2.pf -->2008-02-14 13:19:06 C:\WINDOWS\prefetch\WINRAR.EXE-0AA31BB9.pf -->2008-02-14 13:19:02 C:\WINDOWS\prefetch\EMULE.EXE-00D65C08.pf -->2008-02-14 12:52:07 C:\WINDOWS\prefetch\RUNDLL32.EXE-54023F1C.pf -->2008-02-14 12:39:06 C:\WINDOWS\prefetch\RUNDLL32.EXE-57C8756E.pf -->2008-02-14 12:39:05 C:\WINDOWS\System32\drivers\fwdrv.err -->2008-02-13 18:09:21 C:\WINDOWS\System32\drivers\sptd.sys -->2007-12-19 22:38:51 C:\WINDOWS\System32\drivers\mrxdav.sys -->2007-12-18 10:51:35 C:\WINDOWS\System32\drivers\yk51x86.sys -->2007-12-06 09:51:00 C:\WINDOWS\System32\drivers\secdrv.sys -->2007-11-13 11:25:54 C:\WINDOWS\System32\drivers\nv4_mini.sys -->2007-11-06 20:00:00 C:\WINDOWS\System32\drivers\tcpip.sys -->2007-10-30 18:20:55 C:\WINDOWS\System32\wpa.dbl -->2008-02-14 12:27:14 C:\WINDOWS\System32\settingsbkup.sfm -->2008-02-14 12:25:55 C:\WINDOWS\System32\settings.sfm -->2008-02-14 12:25:55 C:\WINDOWS\System32\DVCState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx -->2008-02-14 12:25:55 C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx -->2008-02-14 12:25:55 C:\WINDOWS\System32\BMXState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx -->2008-02-14 12:25:55 C:\WINDOWS\System32\tmp.txt -->2008-02-11 23:07:24 C:\WINDOWS\System32\tmp.reg -->2008-02-11 23:07:23 C:\WINDOWS\System32\bpsnfgrb.ini -->2008-02-11 13:44:51 C:\WINDOWS\System32\bmhvcfoh.ini -->2008-02-11 13:44:24 C:\WINDOWS\System32\rar.exe -->2008-02-10 13:45:18 C:\WINDOWS\System32\WinSpooler.exe -->2008-02-10 13:44:22 C:\WINDOWS\System32\WinUpdating.exe -->2008-02-10 11:57:57 C:\WINDOWS\System32\mljgfde.dll -->2008-02-07 12:18:57 C:\WINDOWS\System32\gebyw.exe -->2008-02-07 12:18:57 C:\WINDOWS\System32\sstttqr.dll -->2008-02-06 10:48:42 C:\WINDOWS\System32\sstts.exe -->2008-02-06 10:48:42 C:\WINDOWS\System32\gebcccy.dll -->2008-02-05 19:51:13 C:\WINDOWS\System32\ddccb.exe -->2008-02-05 19:51:13 C:\WINDOWS\System32\jkkjjge.dll -->2008-02-05 06:51:24 C:\WINDOWS\System32\jkhhh.exe -->2008-02-05 06:51:23 C:\WINDOWS\System32\MRT.exe -->2008-02-05 00:09:46 C:\WINDOWS\System32\pmkhfdd.dll -->2008-02-04 12:32:41 C:\WINDOWS\System32\ddccy.exe -->2008-02-04 12:32:41 C:\WINDOWS\System32\jkkjg.exe -->2008-02-02 18:04:07 C:\WINDOWS.log -->2008-02-14 12:27:08 C:\WINDOWS\WindowsUpdate.log -->2008-02-14 12:27:05 C:\WINDOWS\bootstat.dat -->2008-02-14 12:26:49 C:\WINDOWS\SchedLgU.Txt -->2008-02-14 12:25:49 C:\WINDOWS\system.ini -->2008-02-14 12:19:19 C:\WINDOWS\MEMORY.DMP -->2008-02-13 19:52:57 C:\WINDOWS\ntbtlog.txt -->2008-02-13 18:09:32 C:\WINDOWS\tsoc.log -->2008-02-13 12:08:11 C:\WINDOWS\setupapi.log -->2008-02-13 12:08:11 C:\WINDOWS\ocmsn.log -->2008-02-13 12:08:11 C:\WINDOWS\ocgen.log -->2008-02-13 12:08:11 C:\WINDOWS\ntdtcsetup.log -->2008-02-13 12:08:11 C:\WINDOWS\msgsocm.log -->2008-02-13 12:08:11 C:\WINDOWS\KB946026.log -->2008-02-13 12:08:11 C:\WINDOWS\imsins.log -->2008-02-13 12:08:11 winlogon.exe svchost.exe ws2_32.dll user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 2200 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x44080000 0xcf000 7.00.6000.16608 C:\WINDOWS\system32\WININET.dll 0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x43e00000 0x45000 7.00.6000.16608 C:\WINDOWS\system32\iertutil.dll 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x00da0000 0x33000 1.04.0000.0001 C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL 0x00f90000 0x13000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll 0x44160000 0x127000 7.00.6000.16608 C:\WINDOWS\system32\urlmon.dll 0x44360000 0x5cd000 7.00.6000.16608 C:\WINDOWS\system32\ieframe.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x442b0000 0x3c000 7.00.6000.16608 C:\WINDOWS\system32\webcheck.dll 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll 0x01cb0000 0x171000 6.14.0010.11129 C:\WINDOWS\system32\nview.dll 0x02220000 0x50000 6.14.0010.11129 C:\WINDOWS\system32\NVWRSFR.DLL 0x00be0000 0x2c000 1.04.0000.0002 C:\Program Files\MarkAny\ContentSafer\MaCSProHook.DLL 0x00c90000 0x6000 1.00.0000.0012 C:\WINDOWS\system32\ctagent.dll 0x02c00000 0x185000 1.05.0000.0011 C:\PROGRA~1\SPYBOT~1\SDHelper.dll 0x43ff0000 0xa000 7.00.6000.16608 C:\WINDOWS\system32\jsproxy.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x03430000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x03450000 0x15000 6.14.0011.6906 C:\WINDOWS\system32\nvwddi.dll 0x037b0000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA 0x013f0000 0x2c000 C:\Program Files\WinRAR\rarext.dll 0x03da0000 0x1e1000 2.09.0001.0000 C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll 0x7c140000 0x103000 7.10.3077.0000 C:\Program Files\Nero\Nero 7\Nero CoverDesigner\MFC71.DLL 0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\Nero\Nero 7\Nero CoverDesigner\MSVCR71.dll 0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Nero\Nero 7\Nero CoverDesigner\MSVCP71.dll 0x74da0000 0x6c000 5.30.0023.1228 C:\WINDOWS\system32\RICHED20.dll 0x02920000 0x2a000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll 0x018f0000 0x19000 2.09.0001.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll 0x04090000 0x102000 7.10.3077.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL 0x018d0000 0x9000 5.50.9200.0000 C:\Program Files\F-Secure\Common\fpshx.dll 0x17000000 0x16000 5.00.5420.0000 C:\Program Files\F-Secure\Common\FSMA32.dll 0x18000000 0x11000 5.00.5420.0000 C:\Program Files\F-Secure\Common\FSPMAPI.dll 0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll 0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL 0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL 0x78130000 0x9b000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll 0x041c0000 0x1b9000 2.00.0000.0008 C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll 0x62350000 0x53000 2.00.0500.0000 C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll 0x60400000 0x18000 2.00.0500.0000 C:\Program Files\OpenOffice.org 2.3\program\uwinapi.dll 0x61e70000 0x8e000 4.05.2003.0120 C:\Program Files\OpenOffice.org 2.3\program\stlport_vc7145.dll 0x04480000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll 0x10000000 0x6000 6.01.0004.0058 C:\WINDOWS\TEMP\IadHide4.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 756 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x011e0000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 4876-1268 Répertoire de C:\WINDOWS\system32 2004-08-20 00:09 6,144 csrss.exe 1 fichier(s) 6,144 octets 0 Rép(s) 5,792,583,680 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 4876-1268 Répertoire de C:\WINDOWS\Downloaded Program Files 2008-02-11 20:13 <REP> . 2008-02-11 20:13 <REP> .. 2004-12-07 17:07 32 bdcore.dll 2006-05-25 01:21 118,784 bdupd.dll 2007-02-14 15:40 65 desktop.ini 2007-03-23 11:17 1,292 erma.inf 2006-05-25 01:21 53,248 ipsupd.dll 2005-03-16 12:34 7,407 lang.ini 2004-12-07 17:07 32 libfn.dll 2005-03-14 14:38 126 live.ini 2007-10-29 16:45 1,244 oscan8.inf 2007-10-25 16:54 471,040 oscan8.ocx 2005-03-14 14:58 7,073 scanoptions.tsi 2005-05-26 04:19 291 wuweb.inf 12 fichier(s) 660,634 octets Total des fichiers listés : 12 fichier(s) 660,634 octets 2 Rép(s) 5,792,583,680 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... 127.0.0.1 www.activexupdate.com 127.0.0.1 activexupdate.com 127.0.0.1 www.avpcheckupdate.com 127.0.0.1 avpcheckupdate.com 127.0.0.1 client.exeupdate.com 127.0.0.1 www.eupdatepage.com 127.0.0.1 eupdatepage.com 127.0.0.1 www.exeupdate.com 127.0.0.1 exeupdate.com 127.0.0.1 www.hotwinupdates.com 127.0.0.1 hotwinupdates.com 127.0.0.1 www.lavasoftupdate.com 127.0.0.1 lavasoftupdate.com 127.0.0.1 www.malwarewipeupdate.com 127.0.0.1 malwarewipeupdate.com 127.0.0.1 www.msupdate.net 127.0.0.1 msupdate.net 127.0.0.1 www.msupdater.net 127.0.0.1 msupdater.net 127.0.0.1 www.necessaryupdates.com 127.0.0.1 necessaryupdates.com 127.0.0.1 newupdates.lzio.com 127.0.0.1 redirect.msupdate.net 127.0.0.1 search.keyword.exeupdate.com 127.0.0.1 www.securityupdatesite.com 127.0.0.1 securityupdatesite.com 127.0.0.1 settings.updatemysettings.com 127.0.0.1 www.spyaxeupdate.com 127.0.0.1 spyaxeupdate.com 127.0.0.1 www.spyfalconupdate.com 127.0.0.1 spyfalconupdate.com 127.0.0.1 www.systemupdates.net 127.0.0.1 systemupdates.net 127.0.0.1 trial.updates.winsoftware.com 127.0.0.1 update.680180.net 127.0.0.1 www.updatemysettings.com 127.0.0.1 updatemysettings.com 127.0.0.1 updates.spywarequake.com 127.0.0.1 www.urgentsystemupdate.biz 127.0.0.1 urgentsystemupdate.biz 127.0.0.1 www.urgentsystemupdate.com 127.0.0.1 urgentsystemupdate.com 127.0.0.1 windupdates.com 127.0.0.1 www.pandaantivirus-2007.com 127.0.0.1 pandaantivirus-2007.com 127.0.0.1 www.pandadownload-now.com 127.0.0.1 pandadownload-now.com 127.0.0.1 www.panda-hq.com 127.0.0.1 panda-hq.com catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-14 13:22:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:db,0b,ab,40,77,60,0c,12,7b,2d,22,1b,46,50,6d,4a,c0,fd,be,ea,55,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:db,0b,ab,40,77,60,0c,12,7b,2d,22,1b,46,50,6d,4a,c0,fd,be,ea,55,.. scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:00000156 scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 732 - csrss.exe 756 - winlogon.exe 804 - services.exe 816 - lsass.exe 964 - svchost.exe 1052 - svchost.exe 1092 - svchost.exe 1132 - svchost.exe 1180 - svchost.exe 1280 - svchost.exe 1452 - alg.exe 1520 - guard.exe 1556 - mDNSResponder.e 1636 - fsgk32.exe 1672 - fssm32.exe 1692 - nvsvc32.exe 1936 - cmd.exe 2200 - explorer.exe 2980 - CTSched.exe 3096 - rundll32.exe 3360 - ctfmon.exe 3388 - svchost.exe 3424 - NMBgMonitor.exe 3480 - NMIndexingServi 3528 - NMIndexStoreSvr 4012 - backWeb-7681197 Total number of processes = 27 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntkrnlpa.exe 806E2000 - \WINDOWS\system32\hal.dll BADA8000 - \WINDOWS\system32\KDCOM.DLL BACB8000 - \WINDOWS\system32\BOOTVID.dll BA6A9000 - spbr.sys BADAA000 - \WINDOWS\System32\Drivers\WMILIB.SYS BA691000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS BA662000 - ACPI.sys BA651000 - pci.sys BA8A8000 - ohci1394.sys BA8B8000 - \WINDOWS\System32\DRIVERS\1394BUS.SYS BA8C8000 - isapnp.sys BAE70000 - pciide.sys BAB28000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS BA8D8000 - MountMgr.sys BA632000 - ftdisk.sys BAB30000 - PartMgr.sys BA8E8000 - VolSnap.sys BA61A000 - atapi.sys BA8F8000 - jraid.sys BA908000 - disk.sys BA918000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS BA5FA000 - fltmgr.sys BA5E8000 - sr.sys BA5D1000 - KSecDD.sys BA5BE000 - WudfPf.sys BA531000 - Ntfs.sys BA504000 - NDIS.sys BA4F1000 - sfvfs02.sys BAB38000 - sfhlp02.sys BA4DF000 - sfdrv01.sys BA4C4000 - Mup.sys BADAC000 - JGOGO.sys BA9A8000 - \SystemRoot\System32\DRIVERS\intelppm.sys B9D66000 - \SystemRoot\System32\DRIVERS\nv4_mini.sys B9D52000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS BAB88000 - \SystemRoot\System32\DRIVERS\usbuhci.sys B9D2F000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS BAB90000 - \SystemRoot\System32\DRIVERS\usbehci.sys B9D0A000 - \SystemRoot\System32\DRIVERS\HDAudBus.sys BA9B8000 - \SystemRoot\System32\DRIVERS\cdrom.sys B9CC4000 - \SystemRoot\System32\DRIVERS\yk51x86.sys B9C46000 - \SystemRoot\system32\drivers\ctaud2k.sys B9C22000 - \SystemRoot\system32\drivers\portcls.sys BA9C8000 - \SystemRoot\system32\drivers\drmk.sys B9BFF000 - \SystemRoot\system32\drivers\ks.sys B9BCB000 - \SystemRoot\system32\drivers\ctoss2k.sys BABB8000 - \SystemRoot\system32\drivers\ctprxy2k.sys BA9D8000 - \SystemRoot\System32\DRIVERS\nic1394.sys B9BBA000 - \SystemRoot\System32\DRIVERS\serial.sys BAD64000 - \SystemRoot\System32\DRIVERS\serenum.sys BADB4000 - \SystemRoot\System32\DRIVERS\ASACPI.sys BA9E8000 - \SystemRoot\System32\DRIVERS\i8042prt.sys BABD8000 - \SystemRoot\System32\DRIVERS\kbdclass.sys BAFDF000 - \SystemRoot\System32\DRIVERS\audstub.sys BA9F8000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys BAD6C000 - \SystemRoot\System32\DRIVERS\ndistapi.sys B9B03000 - \SystemRoot\System32\DRIVERS\ndiswan.sys BAA08000 - \SystemRoot\System32\DRIVERS\raspppoe.sys BAA18000 - \SystemRoot\System32\DRIVERS\raspptp.sys BABF8000 - \SystemRoot\System32\DRIVERS\TDI.SYS B9AF2000 - \SystemRoot\System32\DRIVERS\psched.sys BAA28000 - \SystemRoot\System32\DRIVERS\msgpc.sys BAC08000 - \SystemRoot\System32\DRIVERS\ptilink.sys BAC18000 - \SystemRoot\System32\DRIVERS\raspti.sys BAA38000 - \SystemRoot\System32\DRIVERS\termdd.sys BAC28000 - \SystemRoot\System32\DRIVERS\mouclass.sys BADBA000 - \SystemRoot\System32\DRIVERS\swenum.sys B9A99000 - \SystemRoot\System32\DRIVERS\update.sys BAD80000 - \SystemRoot\System32\DRIVERS\mssmbios.sys BAA48000 - \SystemRoot\System32\Drivers\NDProxy.SYS BAA58000 - \SystemRoot\System32\DRIVERS\usbhub.sys BADC0000 - \SystemRoot\System32\DRIVERS\USBD.SYS B7934000 - \SystemRoot\system32\drivers\ADIHdAud.sys B791D000 - \SystemRoot\system32\drivers\AEAudio.sys B78BD000 - \SystemRoot\system32\drivers\Senfilt.sys B3576000 - \SystemRoot\system32\drivers\ha20x2k.sys B3547000 - \SystemRoot\system32\drivers\emupia2k.sys B351E000 - \SystemRoot\system32\drivers\ctsfm2k.sys B3482000 - \SystemRoot\system32\drivers\ctac32k.sys BADCA000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS BAEDE000 - \SystemRoot\System32\Drivers\Null.SYS BADCE000 - \SystemRoot\System32\Drivers\Beep.SYS BAEE0000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys BAC78000 - \SystemRoot\System32\drivers\vga.sys BADD2000 - \SystemRoot\System32\Drivers\mnmdd.SYS BADD6000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys B3419000 - \SystemRoot\system32\drivers\fwdrv.sys BAC88000 - \SystemRoot\System32\Drivers\Msfs.SYS BAC98000 - \SystemRoot\System32\Drivers\Npfs.SYS BA47C000 - \SystemRoot\System32\DRIVERS\rasacd.sys B3406000 - \SystemRoot\System32\DRIVERS\ipsec.sys B33AE000 - \SystemRoot\System32\DRIVERS\tcpip.sys B3365000 - \SystemRoot\System32\DRIVERS\ipnat.sys B333D000 - \SystemRoot\System32\DRIVERS\netbt.sys BAA98000 - \SystemRoot\System32\DRIVERS\wanarp.sys B331B000 - \SystemRoot\System32\drivers\afd.sys BAAA8000 - \SystemRoot\System32\DRIVERS\arp1394.sys BAAB8000 - \SystemRoot\System32\DRIVERS\netbios.sys B3250000 - \SystemRoot\System32\DRIVERS\rdbss.sys B31E1000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys B31D0000 - \SystemRoot\system32\drivers\khips.sys B9A95000 - \SystemRoot\system32\DRIVERS\hidusb.sys BAAF8000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS BAB80000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS BAB18000 - \SystemRoot\System32\Drivers\Fips.SYS BAF45000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys B9A89000 - \SystemRoot\System32\DRIVERS\mouhid.sys B9B9A000 - \SystemRoot\System32\Drivers\Cdfs.SYS B31B8000 - \SystemRoot\System32\Drivers\dump_atapi.sys BADEA000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys B78A9000 - \SystemRoot\System32\drivers\Dxapi.sys BABD0000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys BAFF0000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32\nv4_disp.dll BFFA0000 - \SystemRoot\System32\ATMFD.DLL B2E78000 - \SystemRoot\System32\DRIVERS\ndisuio.sys B2C1C000 - \SystemRoot\System32\DRIVERS\mrxdav.sys B2CEC000 - \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys B2CB8000 - \??\C:\Program Files\F-Secure\Common\FSPM.SYS B2A12000 - \SystemRoot\System32\DRIVERS\srv.sys B2B2C000 - \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys B2C58000 - \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys B277D000 - \SystemRoot\system32\drivers\wdmaud.sys B28C2000 - \SystemRoot\system32\drivers\sysaudio.sys B1F29000 - \SystemRoot\System32\Drivers\HTTP.sys BAFA8000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 129 Liste des programmes installes Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe BridgeTalk Plugin CS3 Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color Common Settings Adobe Color EU Recommended Settings Adobe Color JA Extra Settings Adobe Color NA Extra Settings Adobe Creative Suite 3 Web Premium Adobe Default Language CS3 Adobe Device Central CS3 Adobe Dreamweaver CS3 Adobe ExtendScript Toolkit 2 Adobe ExtendScript Toolkit 2 Adobe Extension Manager CS3 Adobe Flash Player 9 ActiveX Adobe Flash Player ActiveX Adobe Flash Player Plugin Adobe Flash Video Encoder Adobe Fonts All Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe MotionPicture Color Files Adobe PDF Library Files Adobe Photoshop CS3 Adobe Reader 8.1.2 - Français Adobe Setup Adobe Setup Adobe Setup Adobe Shockwave Player Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe Version Cue CS3 Server {ko_KR} Adobe WAS CS3 Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 AHV content for Acrobat and Flash Ajouter ou supprimer Adobe Creative Suite 3 Web Premium Archiveur WinRAR ASUSUpdate AVG Anti-Spyware 7.5 Canon iP3300 Canon Setup Utility 2.3 Canon Utilities Easy-PhotoPrint Canon Utilities Easy-PrintToolBox CCleaner (remove only) CD Audio Reader Filter (remove only) Correctif pour Lecteur Windows Media 11 (KB939683) Correctif pour Windows XP (KB914440) Correctif Windows XP - KB873339 Correctif Windows XP - KB885835 Correctif Windows XP - KB885836 Correctif Windows XP - KB886185 Correctif Windows XP - KB887472 Correctif Windows XP - KB888302 Correctif Windows XP - KB890859 Correctif Windows XP - KB891781 Creative MediaSource 5 Creative Software AutoUpdate Creative System Information DataCastComponent DirectVobSub (remove only) DivX Content Uploader DivX Web Player DScaler 5 Mpeg Decoders Easy-WebPrint Enregistrement utilisateur de Canon iP3300 F-Secure Anti-Virus F-Secure BackWeb F-Secure Management Agent ffdshow [rev 1058+] [2007-03-22] Google Earth Half-Life® 2 High Definition Audio Driver Package - KB888111 HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.0 (KB932471) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) Java 6 Update 2 Java 6 Update 3 Java SE Runtime Environment 6 Update 1 JRAID K-Lite Codec Pack 2.85 Full Lame ACM MP3 Codec Lecteur Windows Media 11 Marvell Miniport Driver Messenger Plus! Live Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Language Pack - FRA Microsoft .NET Framework 2.0 Service Pack 1 Microsoft .NET Framework 3.0 French Language Pack Microsoft .NET Framework 3.0 Service Pack 1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft User-Mode Driver Framework Feature Pack 1.0 Mise à jour de sécurité pour Lecteur Windows Media (KB911564) Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) Mise à jour de sécurité pour Lecteur Windows Media 8 (KB917734) Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533) Mise à jour de sécurité pour Windows XP (KB890046) Mise à jour de sécurité pour Windows XP (KB893756) Mise à jour de sécurité pour Windows XP (KB896358) Mise à jour de sécurité pour Windows XP (KB896423) Mise à jour de sécurité pour Windows XP (KB896424) Mise à jour de sécurité pour Windows XP (KB896428) Mise à jour de sécurité pour Windows XP (KB899587) Mise à jour de sécurité pour Windows XP (KB899591) Mise à jour de sécurité pour Windows XP (KB900725) Mise à jour de sécurité pour Windows XP (KB901017) Mise à jour de sécurité pour Windows XP (KB901214) Mise à jour de sécurité pour Windows XP (KB902400) Mise à jour de sécurité pour Windows XP (KB904706) Mise à jour de sécurité pour Windows XP (KB905414) Mise à jour de sécurité pour Windows XP (KB905749) Mise à jour de sécurité pour Windows XP (KB908519) Mise à jour de sécurité pour Windows XP (KB911562) Mise à jour de sécurité pour Windows XP (KB911927) Mise à jour de sécurité pour Windows XP (KB912919) Mise à jour de sécurité pour Windows XP (KB913580) Mise à jour de sécurité pour Windows XP (KB914388) Mise à jour de sécurité pour Windows XP (KB914389) Mise à jour de sécurité pour Windows XP (KB917344) Mise à jour de sécurité pour Windows XP (KB917422) Mise à jour de sécurité pour Windows XP (KB917953) Mise à jour de sécurité pour Windows XP (KB918118) Mise à jour de sécurité pour Windows XP (KB919007) Mise à jour de sécurité pour Windows XP (KB920213) Mise à jour de sécurité pour Windows XP (KB920670) Mise à jour de sécurité pour Windows XP (KB920683) Mise à jour de sécurité pour Windows XP (KB920685) Mise à jour de sécurité pour Windows XP (KB921398) Mise à jour de sécurité pour Windows XP (KB921503) Mise à jour de sécurité pour Windows XP (KB921883) Mise à jour de sécurité pour Windows XP (KB922616) Mise à jour de sécurité pour Windows XP (KB922819) Mise à jour de sécurité pour Windows XP (KB923191) Mise à jour de sécurité pour Windows XP (KB923414) Mise à jour de sécurité pour Windows XP (KB923689) Mise à jour de sécurité pour Windows XP (KB923694) Mise à jour de sécurité pour Windows XP (KB923980) Mise à jour de sécurité pour Windows XP (KB924191) Mise à jour de sécurité pour Windows XP (KB924270) Mise à jour de sécurité pour Windows XP (KB924496) Mise à jour de sécurité pour Windows XP (KB924667) Mise à jour de sécurité pour Windows XP (KB925902) Mise à jour de sécurité pour Windows XP (KB926255) Mise à jour de sécurité pour Windows XP (KB926436) Mise à jour de sécurité pour Windows XP (KB927779) Mise à jour de sécurité pour Windows XP (KB927802) Mise à jour de sécurité pour Windows XP (KB928090) Mise à jour de sécurité pour Windows XP (KB928255) Mise à jour de sécurité pour Windows XP (KB928843) Mise à jour de sécurité pour Windows XP (KB929123) Mise à jour de sécurité pour Windows XP (KB930178) Mise à jour de sécurité pour Windows XP (KB931261) Mise à jour de sécurité pour Windows XP (KB931784) Mise à jour de sécurité pour Windows XP (KB932168) Mise à jour de sécurité pour Windows XP (KB933729) Mise à jour de sécurité pour Windows XP (KB935839) Mise à jour de sécurité pour Windows XP (KB935840) Mise à jour de sécurité pour Windows XP (KB936021) Mise à jour de sécurité pour Windows XP (KB938829) Mise à jour de sécurité pour Windows XP (KB941202) Mise à jour de sécurité pour Windows XP (KB941568) Mise à jour de sécurité pour Windows XP (KB941569) Mise à jour de sécurité pour Windows XP (KB941644) Mise à jour de sécurité pour Windows XP (KB943055) Mise à jour de sécurité pour Windows XP (KB943460) Mise à jour de sécurité pour Windows XP (KB943485) Mise à jour de sécurité pour Windows XP (KB944653) Mise à jour de sécurité pour Windows XP (KB946026) Mise à jour pour Windows XP (KB898461) Mise à jour pour Windows XP (KB900485) Mise à jour pour Windows XP (KB904942) Mise à jour pour Windows XP (KB908531) Mise à jour pour Windows XP (KB910437) Mise à jour pour Windows XP (KB911280) Mise à jour pour Windows XP (KB916595) Mise à jour pour Windows XP (KB920342) Mise à jour pour Windows XP (KB920872) Mise à jour pour Windows XP (KB922582) Mise à jour pour Windows XP (KB925720) Mise à jour pour Windows XP (KB925876) Mise à jour pour Windows XP (KB927891) Mise à jour pour Windows XP (KB929338) Mise à jour pour Windows XP (KB930916) Mise à jour pour Windows XP (KB931836) Mise à jour pour Windows XP (KB933360) Mise à jour pour Windows XP (KB936357) Mise à jour pour Windows XP (KB938828) Mise à jour pour Windows XP (KB942763) Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0 Mozilla Firefox (2.0.0.12) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 6.0 Parser (KB933579) Nero 7 neroxml Neuf - Kit de connexion NVIDIA Drivers OpenOffice.org 2.3 OpenSource Flash Video Splitter (remove only) Package de base Microsoft de service de chiffrement pour cartes à puce PDF Settings RealMedia (remove only) Samsung Media Studio Sound Blaster X-Fi SoundMAX Spybot - Search & Destroy Steam Sunbelt Personal Firewall TeamSpeak 2 RC2 WebFldrs XP Windows Communication Foundation Language Pack - FRA Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live Messenger Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Format SDK Hotfix - KB891122 Windows Media Player 11 Windows Presentation Foundation Windows Presentation Foundation Language Pack (FRA) Windows Workflow Foundation FR Language Pack Windows XP Service Pack 2 XML Paper Specification Shared Components Language Pack 1.0 XML Paper Specification Shared Components Pack 1.0 XviD MPEG-4 Video Codec Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 4876-1268 Répertoire de C:\Program Files 2008-02-12 16:43 <REP> . 2008-02-12 16:43 <REP> .. 2008-02-09 18:55 <REP> Adobe 2007-02-14 15:59 <REP> Analog Devices 2007-02-15 11:55 <REP> ASUS 2007-11-25 17:18 <REP> Azureus 2007-07-21 17:10 <REP> Bonjour 2007-10-23 09:03 <REP> Canon 2008-02-11 23:05 <REP> CCleaner 2007-12-14 21:51 <REP> CD Audio Reader Filter 2007-02-14 15:38 <REP> ComPlus Applications 2007-02-14 16:21 <REP> Creative 2007-12-14 21:50 <REP> DirectVobSub 2007-07-23 12:09 <REP> DivX 2007-12-14 21:51 <REP> DScaler5 2008-02-14 12:52 <REP> eChanblard 2008-02-11 18:54 <REP> Fichiers communs 2007-12-15 20:14 <REP> FileZilla Client 2007-02-14 18:37 <REP> F-Secure 2008-01-11 16:42 <REP> Google 2008-02-11 17:00 <REP> Grisoft 2007-12-14 21:50 <REP> Haali 2007-02-14 15:46 <REP> Intel 2008-02-13 12:08 <REP> Internet Explorer 2007-10-19 18:08 <REP> Java 2007-03-25 16:41 <REP> K-Lite Codec Pack 2007-08-15 14:27 <REP> Lame MP3 Codec 2008-01-23 12:53 <REP> Lavasoft 2007-08-15 14:26 <REP> MarkAny 2007-02-14 16:04 <REP> Marvell 2007-02-14 20:30 <REP> Messenger 2008-01-08 15:37 <REP> Messenger Plus! Live 2007-02-14 15:41 <REP> microsoft frontpage 2007-02-14 19:43 <REP> Movie Maker 2008-02-14 13:19 <REP> Mozilla Firefox 2007-09-22 10:57 <REP> MSBuild 2007-02-14 15:38 <REP> MSN 2007-02-14 15:38 <REP> MSN Gaming Zone 2008-01-08 15:37 <REP> MSN Messenger 2007-07-05 10:11 <REP> MSXML 4.0 2007-09-22 10:59 <REP> MSXML 6.0 2007-07-04 11:22 <REP> Nero 2007-02-14 19:42 <REP> NetMeeting 2007-02-14 16:56 <REP> Neuf 2008-01-08 13:35 <REP> nutri 2007-12-01 13:34 <REP> OpenOffice.org 2.3 2007-12-14 21:51 <REP> OpenSource Flash Video Splitter 2007-06-19 18:13 <REP> Outlook Express 2007-07-21 17:35 <REP> QuickTime 2007-12-14 21:51 <REP> RealMedia 2007-09-22 10:55 <REP> Reference Assemblies 2007-08-15 14:26 <REP> Samsung 2007-02-14 15:38 <REP> Services en ligne 2008-02-12 12:20 <REP> Spybot - Search & Destroy 2007-02-14 16:59 <REP> Sunbelt Software 2007-09-23 18:11 <REP> Teamspeak2_RC2 2008-02-12 16:43 <REP> Trend Micro 2007-12-01 14:21 <REP> Valve 2007-12-15 20:14 <REP> Visicom Media 2007-07-17 15:17 <REP> Webteh 2008-01-08 15:37 <REP> Windows Live 2007-02-14 22:06 <REP> Windows Media Connect 2 2007-02-14 22:06 <REP> Windows Media Player 2007-02-14 19:41 <REP> Windows NT 2007-06-02 09:54 <REP> WinRAR 2008-01-08 13:50 <REP> WorkoutLogger 2007-02-14 15:41 <REP> xerox 2007-08-15 14:27 <REP> XviD 0 fichier(s) 0 octets 68 Rép(s) 5,780,762,624 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 4876-1268 Répertoire de C:\Program Files\fichiers communs 2008-02-11 18:54 <REP> . 2008-02-11 18:54 <REP> .. 2008-02-09 18:55 <REP> Adobe 2007-07-04 11:22 <REP> Ahead 2007-12-02 09:39 <REP> Blizzard Entertainment 2007-02-14 16:15 <REP> Creative 2007-02-15 11:54 <REP> InstallShield 2007-06-30 10:55 <REP> Java 2007-07-21 17:06 <REP> Macrovision Shared 2007-02-14 22:03 <REP> Microsoft Shared 2007-02-14 15:39 <REP> MSSoap 2007-02-14 15:27 <REP> ODBC 2007-02-14 15:39 <REP> Services 2007-02-14 15:27 <REP> SpeechEngines 2007-06-19 18:13 <REP> System 0 fichier(s) 0 octets 15 Rép(s) 5,780,762,624 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 4876-1268 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 2007-02-14 15:44 <REP> . 2007-02-14 15:44 <REP> .. 2001-05-18 17:57 561,209 MSONSEXT.DLL 1999-06-03 14:09 122,937 MSOWS409.DLL 2001-03-07 09:00 127,033 MSOWS40c.DLL 3 fichier(s) 811,179 octets 2 Rép(s) 5,780,762,624 octets libres c:\Documents and Settings\Nicolas\Application Data\Microsoft\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.exe c:\Documents and Settings\Nicolas\Bureau\ccsetup204.exe c:\Documents and Settings\Nicolas\Bureau\ComboFix(2).exe c:\Documents and Settings\Nicolas\Bureau\FxVundoB.exe c:\Documents and Settings\Nicolas\Bureau\HJTInstall(2).exe c:\Documents and Settings\Nicolas\Bureau\HJTInstall.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix.exe c:\Documents and Settings\Nicolas\Bureau\spybotsd152.exe c:\Documents and Settings\Nicolas\Bureau\VirtumundoBeGone.exe c:\Documents and Settings\Nicolas\Bureau\VundoFix(2).exe c:\Documents and Settings\Nicolas\Bureau\VundoFix.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\catchme.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\diff.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\dumphive.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\find2.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\Fport.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\grep.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\gzip.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\KProcCheck.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\LFiles.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\md5sums.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\pslist.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\sigcheck.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\streams.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\swreg.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\tar.exe c:\Documents and Settings\Nicolas\Bureau\GenProc\GenProc\outil\swreg.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\dumphive.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\exit.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\GenericRenosFix.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\HostsChk.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\IEDFix.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\Process.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\Reboot.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\restart.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\SmiUpdate.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\SrchSTS.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\swreg.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\swsc.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\swxcacls.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\unzip.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\VACFix.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\VCCLSID.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\WS2Fix.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer1716\Setup.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer1716\redist\WindowsInstaller-KB893803-v2-x86.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer1716\redist\WindowsServer2003-KB898715-ia64-enu.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer1716\redist\WindowsServer2003-KB898715-x64-enu.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer1716\redist\WindowsServer2003-KB898715-x86-enu.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer1716\redist\WindowsXP-KB898715-x64-enu.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer388\Setup.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer388\redist\WindowsInstaller-KB893803-v2-x86.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer388\redist\WindowsServer2003-KB898715-ia64-enu.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer388\redist\WindowsServer2003-KB898715-x64-enu.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer388\redist\WindowsServer2003-KB898715-x86-enu.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer388\redist\WindowsXP-KB898715-x64-enu.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer4008\Setup.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer4008\redist\WindowsInstaller-KB893803-v2-x86.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer4008\redist\WindowsServer2003-KB898715-ia64-enu.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer4008\redist\WindowsServer2003-KB898715-x64-enu.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer4008\redist\WindowsServer2003-KB898715-x86-enu.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer4008\redist\WindowsXP-KB898715-x64-enu.exe c:\Documents and Settings\Nicolas\Local Settings\Temp\runme.exe c:\Documents and Settings\PASCAL\Bureau\Azureus_3.0.3.4_windows.exe c:\Documents and Settings\PASCAL\Bureau\google-earth_google_earth_4.2.0198_beta_francais_14783.exe c:\Documents and Settings\PASCAL\Bureau\installer-51883-17-Azureus-French.exe c:\Documents and Settings\PASCAL\Bureau\jre-6u3-windows-i586-p-iftw.exe c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules401\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules401\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules401\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules404\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules404\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules404\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules405\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules405\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules405\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules406\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules406\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules406\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules407\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules407\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules407\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules408\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules408\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules408\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules409\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules409\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules409\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40b\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40b\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40b\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40c\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40c\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40c\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40e\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40e\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40e\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules410\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules410\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules410\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules411\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules411\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules411\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules412\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules412\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules412\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules413\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules413\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules413\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules414\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules414\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules414\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules415\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules415\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules415\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules419\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules419\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules419\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41D\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41D\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41D\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41E\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41E\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41E\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41F\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41F\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41F\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules804\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules804\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules804\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules816\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules816\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules816\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModulesc0a\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModulesc0a\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModulesc0a\CNMur84.dll c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Nero\DrWeb\Drweb32.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll c:\Documents and Settings\Nicolas\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_DOCHE-0PKOS71KZ.tar.gz a l'adresse http://upload.malekal.com
- le 14 février 2008
- 48 réponses
[résolu][resolu] StorageProtector + Virtumonde

Nicola.S a répondu à un(e) sujet de Nicola.S dans Analyses et éradication malwares

Merci pour les réponses. Voila le rapport obtenu: (qui ne se trouve pas dans C:/Combofix.txt mais C:/Combofix/Combofix.txt) ComboFix 08-02-13.2 - Nicolas 2008-02-14 12:16:17.7 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1589 [GMT 1:00] Endroit: C:\Documents and Settings\Nicolas\Bureau\ComboFix(2).exe Command switches used :: C:\Documents and Settings\Nicolas\Bureau\CFScript.txt.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE C:\WINDOWS\system32\awtqn.dll C:\WINDOWS\system32\awvvu.dll C:\WINDOWS\system32\ddcbaax.dll C:\WINDOWS\system32\geebx.dll C:\WINDOWS\system32\igkurnmj.dll C:\WINDOWS\system32\jkkjh.dll C:\WINDOWS\system32\mnotdkox.dll C:\WINDOWS\system32\pmnll.dll C:\WINDOWS\system32\vtutq.dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\WINDOWS\system32\qomljkj.dll C:\WINDOWS\system32\qtutv.ini C:\WINDOWS\system32\qtutv.ini2 C:\WINDOWS\system32\vdqsqhdw.ini C:\WINDOWS\system32\windows . ((((((((((((((((((((((((((((( Fichiers créés 2008-01-14 to 2008-02-14 )))))))))))))))))))))))))))))))))))) . 2008-02-13 12:07 . 2008-02-13 12:08 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-02-12 19:07 . 2000-08-31 08:00 212,480 --a------ C:\WINDOWS\system32\swxcacls.exe 2008-02-12 19:07 . 2000-08-31 08:00 161,792 --a------ C:\WINDOWS\system32\swreg.exe 2008-02-12 19:07 . 2000-08-31 08:00 136,704 --a------ C:\WINDOWS\system32\swsc.exe 2008-02-12 16:43 . 2008-02-12 16:43 <REP> d-------- C:\Program Files\Trend Micro 2008-02-11 23:48 . 2004-08-20 00:09 400,896 --a------ C:\WINDOWS\system32\kmd.exe 2008-02-11 23:07 . 2008-02-11 23:07 3,964 --a------ C:\WINDOWS\system32\tmp.reg 2008-02-11 23:05 . 2008-02-11 23:05 <REP> d-------- C:\Program Files\CCleaner 2008-02-11 22:40 . 2008-02-11 22:40 128 --a------ C:\Documents 2008-02-11 20:13 . 2008-02-11 21:14 <REP> d-------- C:\WINDOWS\BDOSCAN8 2008-02-11 19:23 . 2008-02-12 18:58 <REP> d-------- C:\VundoFix Backups 2008-02-11 17:52 . 2008-02-14 12:16 <REP> d-------- C:\QooBox 2008-02-11 17:52 . 2000-08-31 08:00 98,816 --a------ C:\WINDOWS\system32\sed.exe 2008-02-11 17:52 . 2000-08-31 08:00 80,412 --a------ C:\WINDOWS\system32\grep.exe 2008-02-11 17:52 . 2000-08-31 08:00 73,728 --a------ C:\WINDOWS\system32\fdsv.exe 2008-02-11 17:52 . 2000-08-31 08:00 68,096 --a------ C:\WINDOWS\system32\zip.exe 2008-02-11 17:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe 2008-02-11 17:52 . 2000-08-31 08:00 49,152 --a------ C:\WINDOWS\system32\VFind.exe 2008-02-11 17:00 . 2008-02-11 17:00 <REP> d-------- C:\Program Files\Grisoft 2008-02-11 17:00 . 2008-02-11 17:00 <REP> d-------- C:\Documents and Settings\Nicolas\Application Data\Grisoft 2008-02-11 17:00 . 2008-02-11 17:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-11 17:00 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-02-11 13:44 . 2008-02-11 13:44 294 ---hs---- C:\WINDOWS\system32\bmhvcfoh.ini 2008-02-11 11:48 . 2008-02-11 13:44 354 ---hs---- C:\WINDOWS\system32\bpsnfgrb.ini 2008-02-10 14:48 . 2007-02-11 11:40 354 ---hs---- C:\WINDOWS\system32\ppmmvcbn.ini 2008-02-10 14:05 . 2008-02-12 16:41 650 --a------ C:\WINDOWS\wininit.ini 2008-02-10 11:58 . 2008-02-10 13:44 1,466,368 --a------ C:\WINDOWS\system32\WinSpooler.exe 2008-02-07 12:18 . 2008-02-07 12:18 19,389 ---hs---- C:\WINDOWS\system32\gebyw.exe 2008-02-07 12:18 . 2008-02-07 12:18 12,434 --a------ C:\WINDOWS\system32\mljgfde.dll 2008-02-06 11:12 . 2008-02-14 11:19 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-06 11:12 . 2008-02-10 13:45 37,888 --a------ C:\WINDOWS\system32\rar.exe 2008-02-06 10:48 . 2008-02-06 10:48 19,389 ---hs---- C:\WINDOWS\system32\sstts.exe 2008-02-06 10:48 . 2008-02-06 10:48 12,434 --a------ C:\WINDOWS\system32\sstttqr.dll 2008-02-05 19:51 . 2008-02-05 19:51 19,389 ---hs---- C:\WINDOWS\system32\ddccb.exe 2008-02-05 19:51 . 2008-02-05 19:51 12,434 --a------ C:\WINDOWS\system32\gebcccy.dll 2008-02-05 06:51 . 2008-02-05 06:51 19,389 ---hs---- C:\WINDOWS\system32\jkhhh.exe 2008-02-05 06:51 . 2008-02-05 06:51 12,434 --a------ C:\WINDOWS\system32\jkkjjge.dll 2008-02-04 12:32 . 2008-02-04 12:32 19,389 ---hs---- C:\WINDOWS\system32\ddccy.exe 2008-02-04 12:32 . 2008-02-04 12:32 12,434 --a------ C:\WINDOWS\system32\pmkhfdd.dll 2008-02-02 19:01 . 2008-02-03 18:22 <REP> d-------- C:\Documents and Settings\PASCAL\Application Data\OpenOffice.org2 2008-02-02 18:04 . 2008-02-02 18:04 19,389 ---hs---- C:\WINDOWS\system32\jkkjg.exe 2008-02-02 18:04 . 2008-02-02 18:04 12,434 --a------ C:\WINDOWS\system32\awvtqrs.dll 2008-02-02 15:40 . 2008-02-02 15:40 19,389 ---hs---- C:\WINDOWS\system32\mllji.exe 2008-02-02 15:40 . 2008-02-02 15:40 12,434 --a------ C:\WINDOWS\system32\sstqpmm.dll 2008-02-02 03:35 . 2008-02-02 03:35 19,389 ---hs---- C:\WINDOWS\system32\mljjk.exe 2008-02-02 03:35 . 2008-02-02 03:35 12,434 --a------ C:\WINDOWS\system32\gebyaby.dll 2008-02-01 14:35 . 2008-02-01 14:35 12,434 --a------ C:\WINDOWS\system32\geebyyy.dll 2008-01-30 19:33 . 2008-01-30 19:33 19,389 ---hs---- C:\WINDOWS\system32\jkhhe.exe 2008-01-30 19:33 . 2008-01-30 19:33 12,434 --a------ C:\WINDOWS\system32\ddccywv.dll 2008-01-30 05:33 . 2008-01-30 05:33 19,389 ---hs---- C:\WINDOWS\system32\mljji.exe 2008-01-30 05:33 . 2008-01-30 05:33 12,434 --a------ C:\WINDOWS\system32\vtststs.dll 2008-01-28 15:32 . 2008-01-28 15:32 19,389 ---hs---- C:\WINDOWS\system32\awtsp.exe 2008-01-28 15:32 . 2008-01-28 15:32 12,434 --a------ C:\WINDOWS\system32\pmnljgh.dll 2008-01-27 18:14 . 2008-01-27 18:14 <REP> d-------- C:\Documents and Settings\PASCAL\Application Data\MSN6 2008-01-27 18:14 . 2008-01-27 18:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MSN6 2008-01-27 17:55 . 2008-01-27 17:55 19,389 ---hs---- C:\WINDOWS\system32\sstqr.exe 2008-01-27 17:55 . 2008-01-27 17:55 12,434 --a------ C:\WINDOWS\system32\vtsqrop.dll 2008-01-25 06:40 . 2008-01-25 06:40 19,389 ---hs---- C:\WINDOWS\system32\pmnlj.exe 2008-01-25 06:40 . 2008-01-25 06:40 12,434 --a------ C:\WINDOWS\system32\awvtrrs.dll 2008-01-24 13:33 . 2008-01-24 13:33 19,389 ---hs---- C:\WINDOWS\system32\jkhhf.exe 2008-01-24 13:33 . 2008-01-24 13:33 12,434 --a------ C:\WINDOWS\system32\jkkjhgh.dll 2008-01-23 20:52 . 2008-01-23 20:52 19,389 ---hs---- C:\WINDOWS\system32\vtsqq.exe 2008-01-23 20:52 . 2008-01-23 20:52 12,434 --a------ C:\WINDOWS\system32\jkhhhhe.dll 2008-01-23 18:52 . 2008-01-23 18:52 19,389 ---hs---- C:\WINDOWS\system32\ssqro.exe 2008-01-23 18:52 . 2008-01-23 18:52 12,434 --a------ C:\WINDOWS\system32\gebyvvv.dll 2008-01-23 17:52 . 2008-01-23 17:52 19,389 ---hs---- C:\WINDOWS\system32\awvtu.exe 2008-01-23 17:52 . 2008-01-23 17:52 12,434 --a------ C:\WINDOWS\system32\ssqrsrq.dll 2008-01-23 15:52 . 2008-01-23 15:52 19,389 ---hs---- C:\WINDOWS\system32\pmkhf.exe 2008-01-23 15:52 . 2008-01-23 15:52 12,434 --a------ C:\WINDOWS\system32\ddayxwt.dll 2008-01-23 13:03 . 2008-01-23 13:03 19,389 ---hs---- C:\WINDOWS\system32\jkhfc.exe 2008-01-23 13:03 . 2008-01-23 13:03 19,389 ---hs---- C:\WINDOWS\system32\gebcy.exe 2008-01-23 13:03 . 2008-01-23 13:03 12,434 --a------ C:\WINDOWS\system32\pmkhfde.dll 2008-01-23 13:03 . 2008-01-23 13:03 12,434 --a------ C:\WINDOWS\system32\jkklljk.dll 2008-01-23 12:53 . 2008-01-23 12:53 <REP> d-------- C:\Program Files\Lavasoft 2008-01-23 12:53 . 2008-01-23 12:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-14 11:14 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\OpenOffice.org2 2008-02-14 10:44 --------- d-----w C:\Program Files\Mozilla Firefox 2008-02-14 10:17 2,145,386,496 --sha-w C:\pagefile.sys 2008-02-13 17:09 4,364 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err 2008-02-13 11:08 --------- d-----w C:\Program Files\Internet Explorer 2008-02-12 15:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-12 11:20 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-11 17:54 --------- d-----w C:\Program Files\Fichiers communs 2008-02-11 16:57 --------- d-----w C:\Program Files\eChanblard 2008-02-10 10:57 741,376 ----a-w C:\WINDOWS\system32\WinUpdating.exe 2008-02-09 22:15 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\teamspeak2 2008-02-09 17:55 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-02-09 17:55 --------- d-----w C:\Program Files\Adobe 2008-02-04 23:09 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe 2008-01-11 15:42 --------- d-----w C:\Program Files\Google 2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll 2008-01-09 15:13 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Sites 2008-01-09 15:13 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Classes de site 2008-01-08 17:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-01-08 14:37 --------- d-----w C:\Program Files\Windows Live 2008-01-08 14:37 --------- d-----w C:\Program Files\MSN Messenger 2008-01-08 14:37 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-01-08 12:50 --------- d-----w C:\Program Files\WorkoutLogger 2008-01-08 12:35 --------- d-----w C:\Program Files\nutri 2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll 2007-12-19 21:38 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys 2007-12-15 19:15 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Dynamique 2007-12-15 19:14 --------- d-----w C:\Program Files\Visicom Media 2007-12-15 19:14 --------- d-----w C:\Program Files\FileZilla Client 2007-12-15 19:14 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\FileZilla 2007-12-14 20:51 --------- d-----w C:\Program Files\RealMedia 2007-12-14 20:51 --------- d-----w C:\Program Files\OpenSource Flash Video Splitter 2007-12-14 20:51 --------- d-----w C:\Program Files\DScaler5 2007-12-14 20:51 --------- d-----w C:\Program Files\CD Audio Reader Filter 2007-12-14 20:50 --------- d-----w C:\Program Files\Haali 2007-12-14 20:50 --------- d-----w C:\Program Files\DirectVobSub 2007-12-08 05:08 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll 2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-07 02:08 671,232 ----a-w C:\WINDOWS\system32\mstime.dll 2007-12-07 02:08 63,488 ----a-w C:\WINDOWS\system32\icardie.dll 2007-12-07 02:08 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll 2007-12-07 02:08 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll 2007-12-07 02:08 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll 2007-12-07 02:08 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll 2007-12-07 02:08 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll 2007-12-07 02:08 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll 2007-12-07 02:08 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll 2007-12-07 02:08 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll 2007-12-07 02:08 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll 2007-12-07 02:08 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll 2007-12-07 02:08 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll 2007-12-07 02:08 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll 2007-12-07 02:08 193,024 ----a-w C:\WINDOWS\system32\msrating.dll 2007-12-07 02:08 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll 2007-12-07 02:08 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll 2007-12-07 02:08 124,928 ----a-w C:\WINDOWS\system32\advpack.dll 2007-12-07 02:08 105,984 ----a-w C:\WINDOWS\system32\url.dll 2007-12-07 02:08 102,912 ----a-w C:\WINDOWS\system32\occache.dll 2007-12-07 02:08 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll 2007-12-06 11:02 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe 2007-12-06 11:00 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe 2007-12-06 04:59 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll 2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2006-06-23 06:48 32,768 -c--a-r C:\WINDOWS\inf\UpdateUSB.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 08:27 153136] "Steam"="C:\Program Files\Valve\Steam\\Steam.exe" [2007-12-01 14:32 1266936] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "SpybotDeletingC3108"="cmd /c del C:\WINDOWS\system32\vtutq.dll_old" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360] C:\Documents and Settings\PASCAL\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216] C:\Documents and Settings\Nicolas\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run] "Windows Printing Driver"= WinSpooler.exe "WinUpdating"= WinUpdating.exe [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 15:51 192512] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lhvmumhh] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qknjzgwi] qknjzgwi.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomljkj] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqpmki] urqpmki.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vxrnndve] R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 09:21] R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 09:21] R2 BackWeb Client - 7681197;F-Secure BackWeb;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2007-02-14 18:37] R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2003-11-14 17:52] R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys [2004-04-21 08:54] R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2003-02-06 12:32] R2 FSpm;F-Secure Policy Manager;C:\Program Files\F-Secure\Common\FSPM.SYS [2002-12-05 16:24] R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 07:36] S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 09:21] S3 BS_DEF;BS_DEF;C:\Program Files\ASUS\ASUSUpdate\BS_DEF.sys [] S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2005-06-13 04:57] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8a90748-a00e-11dc-b5dc-0018f3f600bb}] \Shell\AutoRun\command - E:\autorun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-14 12:19:23 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** .
- le 14 février 2008
- 48 réponses
[résolu][resolu] StorageProtector + Virtumonde

Nicola.S a répondu à un(e) sujet de Nicola.S dans Analyses et éradication malwares

Bonsoir, Je ne comprends pas à quel moment glisser le fichier car quand je lance Combofix, il enchaine les actions sans s'arrêter (scan+rapport) jusqu'à son arrêt et sa fermeture. Quand l'effectuer alors ?
- le 13 février 2008
- 48 réponses
[résolu][resolu] StorageProtector + Virtumonde

Nicola.S a répondu à un(e) sujet de Nicola.S dans Analyses et éradication malwares

Merci pour la réponse. Voici le rapport après avoir effectué la manipulation: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:14, on 2008-02-13 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Common\FSMB32.EXE C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\Creative\Shared Files\CTSched.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\F-Secure\Common\FSM32.EXE C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe C:\Program Files\MarkAny\ContentSafer\MAAgent.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Valve\Steam\Steam.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast2.com/index.php?rvs=hompag R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {23D44BCF-AA7A-41D6-8905-E808F16322EF} - (no file) O2 - BHO: (no name) - {372c9abc-1b60-43ea-b20c-dff54d64a49a} - (no file) O2 - BHO: (no name) - {4863EFFF-A3C9-4859-A1E2-ADBA58B4BB65} - C:\WINDOWS\system32\vtutq.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: {7bdcd769-de8c-759b-bb24-71f3559b52e5} - {5e25b955-3f17-42bb-b957-c8ed967dcdb7} - C:\WINDOWS\system32\mnotdkox.dll (file missing) O2 - BHO: (no name) - {672E33FF-4A43-4363-8994-0A8577B355E3} - C:\WINDOWS\system32\awvvu.dll (file missing) O2 - BHO: (no name) - {68F30D42-2903-4834-944F-7BF6BFB9FACC} - C:\WINDOWS\system32\pmnll.dll (file missing) O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7EC0EC13-C2AF-4EF8-BD0A-1B117E03045A} - C:\WINDOWS\system32\jkkjh.dll (file missing) O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file) O2 - BHO: (no name) - {C47479B1-0FE5-4EE9-9A64-5B0D4E25143F} - C:\WINDOWS\system32\awtqn.dll (file missing) O2 - BHO: (no name) - {D2678E01-1DF7-45E3-994D-FAB4C9587780} - C:\WINDOWS\system32\geebx.dll (file missing) O2 - BHO: (no name) - {F081A7F4-973C-4BDE-9B8E-CBA9D3D876A2} - (no file) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe boot O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [sMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat O4 - HKLM\..\Run: [487612c7] rundll32.exe "C:\WINDOWS\system32\igkurnmj.dll",b O4 - HKLM\..\RunOnce: [spybotDeletingC3108] cmd /c del "C:\WINDOWS\system32\vtutq.dll_old" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [steam] C:\Program Files\Valve\Steam\\Steam.exe -silent O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1171468687926 O20 - Winlogon Notify: lhvmumhh - C:\WINDOWS\ O20 - Winlogon Notify: qknjzgwi - qknjzgwi.dll (file missing) O20 - Winlogon Notify: qomljkj - C:\WINDOWS\ O20 - Winlogon Notify: urqpmki - urqpmki.dll (file missing) O20 - Winlogon Notify: vxrnndve - C:\WINDOWS\ O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe -- End of file - 12411 bytes
- le 13 février 2008
- 48 réponses
[résolu][resolu] StorageProtector + Virtumonde

Nicola.S a répondu à un(e) sujet de Nicola.S dans Analyses et éradication malwares

Bon j'ai effectué la procédure, cependant, il semble que quelque chose cloche puisque Combofix ne m'a pas affiché de rapport. (Il simplement analysé puis rebooté) Du coup je n'ai que le rapport de Vundofix et HijackThis: VundoFix V6.7.8 Checking Java version... Scan started at 19:23:31 11/02/2008 Listing files found while scanning.... C:\WINDOWS\system32\afrcaruq.dll C:\WINDOWS\system32\ddcbaax.dll C:\WINDOWS\system32\efcddef.dll C:\WINDOWS\system32\geebx.dll C:\WINDOWS\system32\malcmicb.dll C:\windows\system32\malcmicb.dllbox C:\WINDOWS\system32\pwdhhbqq.dll C:\WINDOWS\system32\qqbhhdwp.ini C:\WINDOWS\system32\urqopom.dll C:\windows\system32\xbeeg.ini C:\windows\system32\xbeeg.ini2 Beginning removal... Attempting to delete C:\WINDOWS\system32\afrcaruq.dll C:\WINDOWS\system32\afrcaruq.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ddcbaax.dll C:\WINDOWS\system32\ddcbaax.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\efcddef.dll C:\WINDOWS\system32\efcddef.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\geebx.dll C:\WINDOWS\system32\geebx.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\malcmicb.dll C:\WINDOWS\system32\malcmicb.dll Has been deleted! Attempting to delete C:\windows\system32\malcmicb.dllbox C:\windows\system32\malcmicb.dllbox Has been deleted! Attempting to delete C:\WINDOWS\system32\pwdhhbqq.dll C:\WINDOWS\system32\pwdhhbqq.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\qqbhhdwp.ini C:\WINDOWS\system32\qqbhhdwp.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\urqopom.dll C:\WINDOWS\system32\urqopom.dll Has been deleted! Attempting to delete C:\windows\system32\xbeeg.ini C:\windows\system32\xbeeg.ini Has been deleted! Attempting to delete C:\windows\system32\xbeeg.ini2 C:\windows\system32\xbeeg.ini2 Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\ddcbaax.dll C:\WINDOWS\system32\ddcbaax.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\geebx.dll C:\WINDOWS\system32\geebx.dll Has been deleted! _________________________________________________________________________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:16, on 2008-02-12 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Common\FSMB32.EXE C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program Files\Creative\Shared Files\CTSched.exe C:\Program Files\F-Secure\Common\FSM32.EXE C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe C:\Program Files\MarkAny\ContentSafer\MAAgent.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast2.com/index.php?rvs=hompag R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {23D44BCF-AA7A-41D6-8905-E808F16322EF} - (no file) O2 - BHO: (no name) - {372c9abc-1b60-43ea-b20c-dff54d64a49a} - (no file) O2 - BHO: (no name) - {4863EFFF-A3C9-4859-A1E2-ADBA58B4BB65} - C:\WINDOWS\system32\vtutq.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: {7bdcd769-de8c-759b-bb24-71f3559b52e5} - {5e25b955-3f17-42bb-b957-c8ed967dcdb7} - C:\WINDOWS\system32\mnotdkox.dll (file missing) O2 - BHO: (no name) - {672E33FF-4A43-4363-8994-0A8577B355E3} - C:\WINDOWS\system32\awvvu.dll (file missing) O2 - BHO: (no name) - {68F30D42-2903-4834-944F-7BF6BFB9FACC} - C:\WINDOWS\system32\pmnll.dll (file missing) O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7EC0EC13-C2AF-4EF8-BD0A-1B117E03045A} - C:\WINDOWS\system32\jkkjh.dll (file missing) O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file) O2 - BHO: (no name) - {C47479B1-0FE5-4EE9-9A64-5B0D4E25143F} - C:\WINDOWS\system32\awtqn.dll (file missing) O2 - BHO: (no name) - {D2678E01-1DF7-45E3-994D-FAB4C9587780} - C:\WINDOWS\system32\geebx.dll (file missing) O2 - BHO: (no name) - {F081A7F4-973C-4BDE-9B8E-CBA9D3D876A2} - (no file) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe boot O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [sMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [487612c7] rundll32.exe "C:\WINDOWS\system32\igkurnmj.dll",b O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat O4 - HKLM\..\RunOnce: [spybotDeletingC3108] cmd /c del "C:\WINDOWS\system32\vtutq.dll_old" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [steam] C:\Program Files\Valve\Steam\\Steam.exe -silent O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1171468687926 O20 - Winlogon Notify: lhvmumhh - C:\WINDOWS\ O20 - Winlogon Notify: qknjzgwi - qknjzgwi.dll (file missing) O20 - Winlogon Notify: qomljkj - C:\WINDOWS\ O20 - Winlogon Notify: urqpmki - urqpmki.dll (file missing) O20 - Winlogon Notify: vxrnndve - C:\WINDOWS\ O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe -- End of file - 12369 bytes ________________________________________________________________________________________ Note: Au démarrage du pc, j'ai quelques messages d'erreur comme quoi il manque certains fichiers. Bref, j'attends votre retour edit: a noter également que je n'ai plus les miliers de fichiers TMP
- le 12 février 2008
- 48 réponses
[résolu][resolu] StorageProtector + Virtumonde

Nicola.S a répondu à un(e) sujet de Nicola.S dans Analyses et éradication malwares

Une question encore. Dans la procédure de Pear, il est demandé de désactiver antivirus, pare feu etc... Je compte donc désactiver internet le temps de l'opération. Or je suis connecté automatiquement et je ne peux accédez au panneau de configuration afin de désactiver manuellement la connexion (à cause du malware). Que faire alors ? (Je ne vais tout de même pas tout désactiver en restant connecté à internet tout de même ? ) Edit: bon j'effectue les opérations avec le cable débranché.
- le 12 février 2008
- 48 réponses
[résolu][resolu] StorageProtector + Virtumonde

Nicola.S a répondu à un(e) sujet de Nicola.S dans Analyses et éradication malwares

Merci de la précision, j'execute donc les taches maintenant. A tout de suite
- le 12 février 2008
- 48 réponses
[résolu][resolu] StorageProtector + Virtumonde

Nicola.S a répondu à un(e) sujet de Nicola.S dans Analyses et éradication malwares

Merci pour la réponse Une question, je ne vois pas de case à cocher dans vundofix. Seules les icônes Scan for vundo et Remove vundo sont présentes. (Peut être ne se lance-t-il qu'au premier démarrage du logiciel ?) A noter également que je ne peux plus supprimer aucun fichier et que le "poste de travail" ainsi que le "panneau de configuration" ne s'ouvrent pas non plus (comme les dossiers en somme). Je n'avais pas fait attention à ça.
- le 12 février 2008
- 48 réponses
[résolu][resolu] StorageProtector + Virtumonde

Nicola.S a posté un sujet dans Analyses et éradication malwares

Bonjour à tous, Voila, depuis 2-3 jours, mon pc est infecté par un (ou plusieurs) spywares. A cela plusieurs conséquences: - Apparition de 2 icônes "Help and support Center" et "Windos update" qui ré-apparaissent quand on les supprimes. Après avoir regardé vers quoi ils pointent (clique droit / propriété), ils menent les deux à un site: "storageprotector". - Apparition fréquente de soi-disant messages d'erreurs systèmes un peu n'importe quand. (messages qui conseillent de se protéger chez storageblablabla...) Plus étrange: - Modification de l'icône du disque dur dans le poste de travail par une croix rouge. - Apparition de milliers de fichiers TMP dans mes documents et dans C: dont les noms sont du genre: pos2E5.TMP / pos2E6.TMp etc.. - les dossiers ne s'ouvrent plus. Bref un gros problème comme on aime. <_< Après quelques recherches, j'en suis venu à la conclusion que je suis infecté par Storageprotector couplé au spyware Virtumonde. J'ai utilisé divers logiciels tel que VundoFix, ComboFix, VirtumundoBeGone, Genproc ainsi que différentes analyses antivirus en ligne + Ad aware, AVG. A chaque fois, des fichiers sont supprimés et le virus est détecté mais jamais celui ci n'est éradiqué (les deux icônes sont toujours là, etc...) J'ai tenté de suivre cette procédure : http://www.commentcamarche.net/forum/affic...torageprotector Elle correspond exactement à mon problème. Simplement les réponses données sont propres aux rapports obtenus par les divers logiciels, du coup, je ne peux pas suivre la procédure telle quelle. (bien qu'ayant testé les logiciels évoqués) Bref, si certains parmis vous s'y connaissent bien la dedans, je vous écoute, car je commence à être perdu. Voila le rapport HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:00, on 2008-02-12 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\Explorer.EXE C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Common\FSMB32.EXE C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\Creative\Shared Files\CTSched.exe C:\Program Files\F-Secure\Common\FSM32.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe C:\Program Files\MarkAny\ContentSafer\MAAgent.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Valve\Steam\Steam.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast2.com/index.php?rvs=hompag R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe boot O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [sMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [487612c7] rundll32.exe "C:\WINDOWS\system32\igkurnmj.dll",b O4 - HKLM\..\RunOnce: [spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKLM\..\RunOnce: [spybotDeletingA3534] command /c del "C:\WINDOWS\system32\vtutq.dll_old" O4 - HKLM\..\RunOnce: [spybotDeletingC3108] cmd /c del "C:\WINDOWS\system32\vtutq.dll_old" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [steam] C:\Program Files\Valve\Steam\\Steam.exe -silent O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1171468687926 O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe -- End of file - 10771 bytes Merci d'avance.
- le 12 février 2008
- 48 réponses

Connexion

Nicola.S

Compteur de contenus

Inscription

Dernière visite

Type de contenu

Profils

Forums

Blogs

Tout ce qui a été posté par Nicola.S

[résolu][resolu] StorageProtector + Virtumonde

[résolu][resolu] StorageProtector + Virtumonde

[résolu][resolu] StorageProtector + Virtumonde

[résolu][resolu] StorageProtector + Virtumonde

[résolu][resolu] StorageProtector + Virtumonde

[résolu][resolu] StorageProtector + Virtumonde

[résolu][resolu] StorageProtector + Virtumonde

[résolu][resolu] StorageProtector + Virtumonde

[résolu][resolu] StorageProtector + Virtumonde

[résolu][resolu] StorageProtector + Virtumonde

[résolu][resolu] StorageProtector + Virtumonde

[résolu][resolu] StorageProtector + Virtumonde

[résolu][resolu] StorageProtector + Virtumonde

[résolu][resolu] StorageProtector + Virtumonde

[résolu][resolu] StorageProtector + Virtumonde

[résolu][resolu] StorageProtector + Virtumonde

[résolu][resolu] StorageProtector + Virtumonde

[résolu][resolu] StorageProtector + Virtumonde

[résolu][resolu] StorageProtector + Virtumonde

[résolu][resolu] StorageProtector + Virtumonde

[résolu][resolu] StorageProtector + Virtumonde

[résolu][resolu] StorageProtector + Virtumonde

[résolu][resolu] StorageProtector + Virtumonde

[résolu][resolu] StorageProtector + Virtumonde

Zebulon

Outils en ligne

Naviguer