Aller au contenu

K38

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    96

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par K38

  1. K38
    Bonsoir, J'ai mon PC qui est très très lent depuis quelques jours et donc j'ai fait un scan qui a détecté quelques virus mais peut-être n'ont-ils pas tous été supprimé ??? Voici le rapport hijackthis... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:13:56, on 14/09/2009 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINNT\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINNT\system32\app2srv.exe C:\WINNT\system32\app2srv.exe C:\WINNT\system32\srvany.exe C:\WINNT\ccproxy.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\app2srv.exe C:\WINNT\system32\app2srv.exe C:\WINNT\ime\svchost.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\inf\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Mozilla Firefox\firefox.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing) O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [sWHelper] "C:\WINNT\system32\Macromed\Shockwave 10\PostUpdate.exe" 1013018 O4 - Global Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://intranet.upmf-grenoble.fr/qp2.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1132315772357 O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.1.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: CCProxy - Unknown owner - C:\WINNT\inf\svchost.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Net Client - Unknown owner - C:\WINNT\system32\app2srv.exe O23 - Service: Network_Server - Unknown owner - C:\WINNT\system32\srvany.exe O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINNT\system32\HPZipm12.exe O23 - Service: FireDaemon Service: QOS (QOS) - Unknown owner - c:\winnt\system32\microsoft\user\FireDaemon.EXE O23 - Service: System Server - Unknown owner - C:\WINNT\system32\app2srv.exe O23 - Service: Windows Genuine Update (WUpdate) - Unknown owner - c:\winnt\lsass.exe (file missing) -- End of file - 7135 bytes Merci pour votre aide.
  2. K38
    Bonsoir, Désolé de ne pas avoir répondu plus tôt. Tout a l'air nickel. Plus de problème !!! Merci pour votre aide.
  3. K38
    Bonsoir, Voici le rapport Antivir Avira AntiVir Personal Date de création du fichier de rapport : jeudi 19 février 2009 23:36 La recherche porte sur 1038808 souches de virus. Détenteur de la licence :Avira AntiVir PersonalEdition Classic Numéro de série : 0000149996-ADJIE-0001 Plateforme : Windows 2000 Version de Windows :(Service Pack 4) [5.0.2195] Mode Boot : Mode sans échec Identifiant : Karim Nom de l'ordinateur :PORTABLE Informations de version : BUILD.DAT : 8.2.0.52 16931 Bytes 02/12/2008 14:55:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:00 AVSCAN.DLL : 8.1.4.1 49921 Bytes 21/07/2008 13:44:27 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:16 LUKERES.DLL : 8.1.4.0 13057 Bytes 04/07/2008 07:30:27 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36 ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 16:57:13 ANTIVIR2.VDF : 7.1.0.89 221184 Bytes 16/11/2008 16:16:47 ANTIVIR3.VDF : 7.1.0.97 45056 Bytes 17/11/2008 16:38:59 Version du moteur: 8.2.0.31 AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 10:05:56 AESCRIPT.DLL : 8.1.1.15 332156 Bytes 11/11/2008 14:00:07 AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 15:06:41 AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38 AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 09:41:39 AEOFFICE.DLL : 8.1.0.30 196986 Bytes 07/11/2008 15:06:41 AEHEUR.DLL : 8.1.0.71 1487222 Bytes 07/11/2008 15:06:41 AEHELP.DLL : 8.1.1.3 119157 Bytes 07/11/2008 15:06:41 AEGEN.DLL : 8.1.1.0 319859 Bytes 07/11/2008 15:06:41 AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56 AECORE.DLL : 8.1.4.1 172405 Bytes 07/11/2008 15:06:41 AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:02 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:27:58 AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:37 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:19 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:46 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:36 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:07 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 04/07/2008 07:23:16 RCTEXT.DLL : 8.0.52.1 86273 Bytes 17/07/2008 10:08:43 Configuration pour la recherche actuelle : Nom de la tâche..................: Contrôle intégral du système Fichier de configuration.........: c:\program files\avira\antivir personaledition classic\sysscan.avp Documentation....................: bas Action principale................: réparer Action secondaire................: supprimer Recherche sur les secteurs d'amorçage maître: marche Recherche sur les secteurs d'amorçage: marche Secteurs d'amorçage..............: C:, D:, Recherche dans les programmes actifs: marche Recherche en cours sur l'enregistrement: marche Recherche de Rootkits............: marche Fichier mode de recherche........: Tous les fichiers Recherche sur les archives.......: marche Limiter la profondeur de récursivité: 20 Archive Smart Extensions.........: marche Heuristique de macrovirus........: marche Heuristique fichier..............: moyen Début de la recherche : jeudi 19 février 2009 23:36 La recherche d'objets cachés commence. Impossible d'initialiser le pilote. La recherche sur les processus démarrés commence : Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés Processus de recherche 'winmgmt.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'LSASS.EXE' - '1' module(s) sont contrôlés Processus de recherche 'SERVICES.EXE' - '1' module(s) sont contrôlés Processus de recherche 'WINLOGON.EXE' - '1' module(s) sont contrôlés Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés '10' processus ont été contrôlés avec '10' modules La recherche sur les secteurs d'amorçage maître commence : Secteur d'amorçage maître HD0 [iNFO] Aucun virus trouvé ! La recherche sur les secteurs d'amorçage commence : Secteur d'amorçage 'C:\' [iNFO] Aucun virus trouvé ! Secteur d'amorçage 'D:\' [iNFO] Aucun virus trouvé ! La recherche sur les renvois aux fichiers exécutables (registre) commence. Le registre a été contrôlé ( '42' fichiers). La recherche sur les fichiers sélectionnés commence : Recherche débutant dans 'C:\' <Système> C:\pagefile.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! Recherche débutant dans 'D:\' <Données> D:\pagefile.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! D:\Documents and Settings\Karim\Application Data\Microsoft\MSN Messenger\2445673883\Winks3\TFR22.dat [0] Type d'archive: CAB (Microsoft) --> bouncy_ball.png [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. D:\Documents and Settings\Karim\Application Data\Microsoft\MSN Messenger\3252780804\Winks3\TFR11B.dat [0] Type d'archive: CAB (Microsoft) --> bouncy_ball.png [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. D:\Documents and Settings\Karim\Application Data\Microsoft\MSN Messenger\3252780804\Winks3\TFR12.dat [0] Type d'archive: CAB (Microsoft) --> bouncy_ball.png [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. D:\Documents and Settings\Karim\Application Data\Microsoft\MSN Messenger\3252780804\Winks3\TFR31.dat [0] Type d'archive: CAB (Microsoft) --> bouncy_ball.png [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. D:\Documents and Settings\Karim\Application Data\Microsoft\MSN Messenger\3252780804\Winks3\TFR36.dat [0] Type d'archive: CAB (Microsoft) --> bouncy_ball.png [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. D:\Documents and Settings\Karim\Application Data\Microsoft\MSN Messenger\3252780804\Winks3\TFR77.dat [0] Type d'archive: CAB (Microsoft) --> bouncy_ball.png [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. D:\Documents and Settings\Karim\Application Data\Microsoft\MSN Messenger\3252780804\Winks3\TFRE5.dat [0] Type d'archive: CAB (Microsoft) --> bouncy_ball.png [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. D:\Documents and Settings\Karim\Application Data\Microsoft\MSN Messenger\651228626\Winks3\TFR5A.dat [0] Type d'archive: CAB (Microsoft) --> bouncy_ball.png [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. Fin de la recherche : vendredi 20 février 2009 00:21 Temps nécessaire: 45:36 Minute(s) La recherche a été effectuée intégralement 4026 Les répertoires ont été contrôlés 141469 Des fichiers ont été contrôlés 0 Des virus ou programmes indésirables ont été trouvés 0 Des fichiers ont été classés comme suspects 0 Des fichiers ont été supprimés 0 Des virus ou programmes indésirables ont été réparés 0 Les fichiers ont été déplacés dans la quarantaine 0 Les fichiers ont été renommés 2 Impossible de contrôler des fichiers 141467 Fichiers non infectés 874 Les archives ont été contrôlées 10 Avertissements 0 Consignes
  4. K38
    ComboFix 09-02-18.01 - Karim 19/02/2009 21:26:17.6 - NTFSx86 Microsoft Windows 2000 Professionnel 5.0.2195.4.1252.1.1036.18.191.113 [GMT 1:00] Lancé depuis: d:\documents and settings\Karim\Bureau\ComboFix.exe Commutateurs utilisés :: d:\documents and settings\Karim\Bureau\CFScript.txt AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe c:\winnt\system32\drivers\NirCmd.exe c:\winnt\system32\drivers\SbCtri.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NIRSOFT_SERVICE_CONTROLER -------\Service_NirSoft Service Controler ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-19 au 2009-02-19 )))))))))))))))))))))))))))))))))))) . 2009-02-19 21:31 . 09-02-19 21:31 16,384 --a----t- c:\winnt\system32\Perflib_Perfdata_228.dat 2009-02-18 21:57 . 09-02-18 22:13 <DIR> d-------- C:\Johanna 2009-02-16 23:24 . 09-02-11 10:19 38,496 --a------ c:\winnt\system32\drivers\mbamswissarmy.sys 2009-02-16 23:24 . 09-02-11 10:19 15,504 --a------ c:\winnt\system32\drivers\mbam.sys 2009-02-13 18:38 . 09-02-18 21:07 <DIR> d-------- c:\winnt\Favoris 2009-02-08 14:48 . 09-02-08 22:20 <DIR> d-------- c:\program files\RegScanner 2009-02-08 14:48 . 09-02-08 14:53 39,424 --a------ c:\winnt\zipinst.exe 2009-01-30 18:55 . 09-01-30 18:55 258,048 --a------ C:\photo moi.doc 2009-01-24 10:07 . 09-01-24 10:05 410,984 --a------ c:\winnt\system32\deploytk.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-18 18:15 --------- d-----w c:\program files\Google 2009-02-16 22:26 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-02-13 15:17 --------- d---a-w d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-13 15:03 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-02-08 21:41 --------- d-----w c:\program files\Java 2009-01-23 19:23 --------- d-----w c:\program files\Hackman 2009-01-21 19:36 97,072 ----a-w c:\winnt\system32\sfc.dll 2008-12-28 19:20 --------- d-----w c:\program files\VTech 2008-12-28 18:27 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-28 17:48 --------- d-----w c:\program files\7-Zip 2008-12-21 06:47 --------- d-----w c:\program files\eMule 2008-10-07 21:14 0 ---ha-w d:\documents and settings\Christine\hpothb07.dat 2006-08-18 16:22 302 ---ha-w c:\program files\hpothb07.dat 2006-08-18 16:20 513 ---ha-w c:\program files\hpothb07.tif 2006-06-10 09:09 164 -c-ha-w d:\documents and settings\All Users\hpothb07.dat 2006-06-10 09:09 0 -c-ha-w d:\documents and settings\Alain\hpothb07.dat 2006-03-31 22:14 0 -c-ha-w d:\documents and settings\Administrateur\hpothb07.dat 2005-11-16 21:50 271 ---h--w c:\program files\desktop.ini 2005-11-16 21:50 22,115 ---h--w c:\program files\folder.htt 2001-05-08 00:00 32,528 -c--a-w c:\winnt\inf\wbfirdma.sys 2005-07-23 02:25 230 --sha-w c:\winnt\system32\drivers\etc\config\addme.reg 2006-03-21 22:31 34 --sha-w c:\winnt\system32\drivers\etc\config\store.dll . ((((((((((((((((((((((((((((( SnapShot@mer. 18-02-2009_22.09.07,92 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 19:02:28 163,328 ----a-w c:\winnt\erdnt\subs\ERDNT.EXE . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [09-01-26 15:31 2144088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [02-04-17 10:42 69632] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [06-06-14 19:53 282624] "CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [02-10-07 00:23 90112] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [08-06-12 13:28 266497] "Synchronization Manager"="mobsync.exe" [03-06-19 11:05 111888 c:\winnt\system32\mobsync.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nwprovau] 06-09-01 06:49 143632 c:\winnt\system32\NWPROVAU.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"= mmdrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 R2 QOS;FireDaemon Service: QOS;c:\winnt\system32\microsoft\user\FireDaemon.EXE [04-05-16 13:06 81920] R3 EL3C574;Pilote pour périphérique FE574B-3Com 10/100 LAN PCCard;c:\winnt\system32\DRIVERS\el574nd4.sys [99-09-25 03:16 24848] R4 Service Controler;Service Controler; [x] S3 fbxusb;Carte réseau virtuelle FreeBox USB (32 bits);c:\winnt\system32\DRIVERS\fbxusb32.sys [07-08-27 14:12 31128] --- Autres Services/Pilotes en mémoire --- *Deregistered* - AFD *Deregistered* - ANIO *Deregistered* - ANIWZCSdService *Deregistered* - AntiVirScheduler *Deregistered* - AntiVirService *Deregistered* - audstub *Deregistered* - avgio *Deregistered* - avgntflt *Deregistered* - avipbb *Deregistered* - Beep *Deregistered* - Browser *Deregistered* - Cdfs *Deregistered* - Compbatt *Deregistered* - Dhcp *Deregistered* - Diskperf *Deregistered* - dmio *Deregistered* - dmload *Deregistered* - dmserver *Deregistered* - Dnscache *Deregistered* - EFS *Deregistered* - EventSystem *Deregistered* - Fastfat *Deregistered* - Fips *Deregistered* - FltMgr *Deregistered* - Ftdisk *Deregistered* - Gpc *Deregistered* - IpNat *Deregistered* - IPSEC *Deregistered* - JavaQuickStarterService *Deregistered* - KSecDD *Deregistered* - lanmanserver *Deregistered* - lanmanworkstation *Deregistered* - LmHosts *Deregistered* - mnmdd *Deregistered* - MountMgr *Deregistered* - MRxSmb *Deregistered* - Msfs *Deregistered* - Mup *Deregistered* - NDIS *Deregistered* - NdisWan *Deregistered* - NDProxy *Deregistered* - NetBIOS *Deregistered* - NetBT *Deregistered* - Netman *Deregistered* - Npfs *Deregistered* - Ntfs *Deregistered* - NtmsSvc *Deregistered* - Null *Deregistered* - NWCWorkstation *Deregistered* - NwlnkNb *Deregistered* - NwlnkSpx *Deregistered* - NWRDR *Deregistered* - Parallel *Deregistered* - PartMgr *Deregistered* - ParVdm *Deregistered* - Pml Driver HPZ12 *Deregistered* - PolicyAgent *Deregistered* - PptpMiniport *Deregistered* - ProtectedStorage *Deregistered* - QOS *Deregistered* - RasAcd *Deregistered* - RasAuto *Deregistered* - Rasl2tp *Deregistered* - RasMan *Deregistered* - Raspti *Deregistered* - Rdbss *Deregistered* - RpcSs *Deregistered* - SamSs *Deregistered* - seclogon *Deregistered* - SENS *Deregistered* - SharedAccess *Deregistered* - Spooler *Deregistered* - Srv *Deregistered* - ssmdrv *Deregistered* - StiSvc *Deregistered* - swenum *Deregistered* - TapiSrv *Deregistered* - Tcpip *Deregistered* - tmcomm *Deregistered* - TrkWks *Deregistered* - Update *Deregistered* - VgaSave *Deregistered* - Wanarp *Deregistered* - WinMgmt *Deregistered* - WMDM PMSP Service *Deregistered* - Wmi *Deregistered* - wuauserv [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{23KLN5J0-4OPM-11WE-AAX5-24EF1F387232}] c:\recycler\k-1-3542-4232123213-7676767-8888886\Wins.exe . Contenu du dossier 'Tâches planifiées' 2006-03-19 c:\winnt\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1132827445.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [03-04-06 00:52 ] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://fr.yahoo.com/ IE: &Traduire à partir de l'anglais - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html IE: Pages liées - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html IE: Pages similaires - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html IE: Recherche &Google - c:\program files\google\GoogleToolbar1.dll/cmsearch.html IE: Version de la page actuelle disponible dans le cache Google - c:\program files\google\GoogleToolbar1.dll/cmcache.html LSP: %SystemRoot%\system32\msafd.dll DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} - hxxp://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab FF - ProfilePath - d:\documents and settings\Karim\Application Data\Mozilla\Firefox\Profiles\xt0ii9fn.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-19 21:35:43 Windows 5.0.2195 Service Pack 4 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(200) c:\winnt\system32\wzcdlg.dll c:\winnt\system32\WZCSAPI.DLL - - - - - - - > 'explorer.exe'(300) c:\winnt\AppPatch\AcLayers.DLL c:\winnt\system32\SHDOCVW.DLL . Heure de fin: 2009-02-19 21:53:16 - La machine a redémarré [Karim] ComboFix-quarantined-files.txt 2009-02-19 20:52:53 ComboFix2.txt 2009-02-18 21:13:32 Avant-CF: 1 173 696 512 octets libres Après-CF: 1,109,950,464 octets libres 218 --- E O F --- 2009-02-17 00:02:02
  5. K38
    ComboFix 09-02-17.02 - Karim 18/02/2009 22:01:09.5 - NTFSx86 Microsoft Windows 2000 Professionnel 5.0.2195.4.1252.1.1036.18.191.39 [GMT 1:00] Lancé depuis: d:\documents and settings\Karim\Bureau\Johanna.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\winnt\IE4 Error Log.txt c:\winnt\system32\d3d8caps.dat . ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-18 au 2009-02-18 )))))))))))))))))))))))))))))))))))) . Pas de nouveau fichier créé dans ce laps de temps . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-18 18:15 --------- d-----w c:\program files\Google 2009-02-16 22:26 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-02-13 15:17 --------- d---a-w d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-13 15:03 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-02-11 09:19 38,496 ----a-w c:\winnt\system32\drivers\mbamswissarmy.sys 2009-02-11 09:19 15,504 ----a-w c:\winnt\system32\drivers\mbam.sys 2009-02-08 21:41 --------- d-----w c:\program files\Java 2009-02-08 21:20 --------- d-----w c:\program files\RegScanner 2009-02-08 13:53 39,424 ----a-w c:\winnt\zipinst.exe 2009-01-24 09:05 410,984 ----a-w c:\winnt\system32\deploytk.dll 2009-01-23 19:23 --------- d-----w c:\program files\Hackman 2009-01-21 19:36 97,072 ----a-w c:\winnt\system32\sfc.dll 2008-12-28 19:20 --------- d-----w c:\program files\VTech 2008-12-28 18:27 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-28 17:48 --------- d-----w c:\program files\7-Zip 2008-12-21 06:47 --------- d-----w c:\program files\eMule 2008-10-07 21:14 0 ---ha-w d:\documents and settings\Christine\hpothb07.dat 2006-08-18 16:22 302 ---ha-w c:\program files\hpothb07.dat 2006-08-18 16:20 513 ---ha-w c:\program files\hpothb07.tif 2006-06-10 09:09 164 -c-ha-w d:\documents and settings\All Users\hpothb07.dat 2006-06-10 09:09 0 -c-ha-w d:\documents and settings\Alain\hpothb07.dat 2006-03-31 22:14 0 -c-ha-w d:\documents and settings\Administrateur\hpothb07.dat 2005-11-16 21:50 271 ---h--w c:\program files\desktop.ini 2005-11-16 21:50 22,115 ---h--w c:\program files\folder.htt 2001-05-08 00:00 32,528 -c--a-w c:\winnt\inf\wbfirdma.sys 2005-07-23 02:25 230 --sha-w c:\winnt\system32\drivers\etc\config\addme.reg 2006-03-21 22:31 34 --sha-w c:\winnt\system32\drivers\etc\config\store.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [26/01/09 15:31 2144088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [17/04/02 10:42 69632] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [14/06/06 19:53 282624] "CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [07/10/02 00:23 90112] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [16/12/04 16:49 49152] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [12/06/08 13:28 266497] "Synchronization Manager"="mobsync.exe" [19/06/03 11:05 111888 c:\winnt\system32\mobsync.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nwprovau] 01/09/06 06:49 143632 c:\winnt\system32\NWPROVAU.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"= mmdrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 R3 fbxusb;Carte réseau virtuelle FreeBox USB (32 bits);c:\winnt\system32\drivers\fbxusb32.sys [2007-08-27 31128] S2 QOS;FireDaemon Service: QOS;c:\winnt\system32\Microsoft\user\firedaemon.exe [2008-12-07 81920] S3 EL3C574;Pilote pour périphérique FE574B-3Com 10/100 LAN PCCard;c:\winnt\system32\drivers\el574nd4.sys [2005-11-18 24848] S4 NirSoft Service Controler;NirSoft Service Controler;"c:\winnt\system32\drivers\NirCmd.exe" --> c:\winnt\system32\drivers\NirCmd.exe [?] S4 Service Controler;Service Controler;"c:\winnt\system32\drivers\SbCtri.exe" --> c:\winnt\system32\drivers\SbCtri.exe [?] --- Autres Services/Pilotes en mémoire --- *Deregistered* - wuauserv [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{23KLN5J0-4OPM-11WE-AAX5-24EF1F387232}] c:\recycler\k-1-3542-4232123213-7676767-8888886\Wins.exe . Contenu du dossier 'Tâches planifiées' 2006-03-19 c:\winnt\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1132827445.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [06/04/03 00:52 ] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://fr.yahoo.com/ IE: &Traduire à partir de l'anglais - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html IE: Pages liées - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html IE: Pages similaires - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html IE: Recherche &Google - c:\program files\google\GoogleToolbar1.dll/cmsearch.html IE: Version de la page actuelle disponible dans le cache Google - c:\program files\google\GoogleToolbar1.dll/cmcache.html LSP: %SystemRoot%\system32\msafd.dll DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} - hxxp://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab FF - ProfilePath - d:\documents and settings\Karim\Application Data\Mozilla\Firefox\Profiles\xt0ii9fn.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-18 22:08:05 Windows 5.0.2195 Service Pack 4 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(196) c:\winnt\system32\wzcdlg.dll c:\winnt\system32\WZCSAPI.DLL . Heure de fin: 18/02/2009 22:13:29 ComboFix-quarantined-files.txt 2009-02-18 21:12:38 Avant-CF: 1 172 381 696 octets libres Après-CF: 1,169,231,872 octets libres 115 --- E O F --- 2009-02-17 00:02:02
  6. K38
    Bonsoir, Voici le rapport Antivir Avira AntiVir Personal Report file date: mercredi 18 février 2009 19:23 Scanning for 1251469 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows 2000 Windows version: (Service Pack 4) [5.0.2195] Boot mode: Normally booted Username: SYSTEM Computer name: PORTABLE Version information: BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 25/11/2008 19:56:34 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 18:01:36 ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 22:52:32 ANTIVIR2.VDF : 7.1.2.13 2048 Bytes 11/02/2009 22:52:34 ANTIVIR3.VDF : 7.1.2.38 154624 Bytes 17/02/2009 23:55:01 Engineversion : 8.2.0.83 AEVDF.DLL : 8.1.1.0 106868 Bytes 31/01/2009 19:52:09 AESCRIPT.DLL : 8.1.1.47 348539 Bytes 13/02/2009 23:12:13 AESCN.DLL : 8.1.1.7 127347 Bytes 13/02/2009 23:12:11 AERDL.DLL : 8.1.1.3 438645 Bytes 06/11/2008 00:46:58 AEPACK.DLL : 8.1.3.8 397684 Bytes 04/02/2009 21:57:28 AEOFFICE.DLL : 8.1.0.33 196987 Bytes 11/12/2008 23:16:05 AEHEUR.DLL : 8.1.0.94 1606006 Bytes 17/02/2009 23:55:12 AEHELP.DLL : 8.1.2.0 119159 Bytes 18/11/2008 19:53:32 AEGEN.DLL : 8.1.1.17 332148 Bytes 17/02/2009 23:55:05 AEEMU.DLL : 8.1.0.9 393588 Bytes 25/10/2008 22:08:32 AECORE.DLL : 8.1.6.6 176501 Bytes 17/02/2009 23:55:03 AEBB.DLL : 8.1.0.3 53618 Bytes 25/10/2008 22:08:29 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 04/09/2008 21:38:34 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: mercredi 18 février 2009 19:23 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'hposts08.exe' - '1' Module(s) have been scanned Scan process 'hpoevm08.exe' - '1' Module(s) have been scanned Scan process 'hpotdd01.exe' - '1' Module(s) have been scanned Scan process 'hpohmr08.exe' - '1' Module(s) have been scanned Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'WZCSLDR2.exe' - '1' Module(s) have been scanned Scan process 'HpqCmon.exe' - '1' Module(s) have been scanned Scan process 'hpgs2wnf.exe' - '1' Module(s) have been scanned Scan process 'qttask.exe' - '1' Module(s) have been scanned Scan process 'hpgs2wnd.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'mspmspsv.exe' - '1' Module(s) have been scanned Scan process 'winmgmt.exe' - '1' Module(s) have been scanned Scan process 'stisvc.exe' - '1' Module(s) have been scanned Scan process 'jqs.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '0' Module(s) have been scanned Scan process 'sched.exe' - '0' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'LSASS.EXE' - '1' Module(s) have been scanned Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 27 processes with 27 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '43' files ). Starting the file scan: Begin scan in 'C:\' <Système> C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <Données> D:\pagefile.sys [WARNING] The file could not be opened! D:\Documents and Settings\Karim\vdshd.exe [DETECTION] Is the TR/ATRAPS.Gen Trojan [NOTE] The file was moved to '4a0f5fbf.qua'! D:\Documents and Settings\Karim\Application Data\Microsoft\MSN Messenger\2445673883\Winks3\TFR22.dat [0] Archive type: CAB (Microsoft) --> bouncy_ball.png [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Documents and Settings\Karim\Application Data\Microsoft\MSN Messenger\3252780804\Winks3\TFR11B.dat [0] Archive type: CAB (Microsoft) --> bouncy_ball.png [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Documents and Settings\Karim\Application Data\Microsoft\MSN Messenger\3252780804\Winks3\TFR12.dat [0] Archive type: CAB (Microsoft) --> bouncy_ball.png [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Documents and Settings\Karim\Application Data\Microsoft\MSN Messenger\3252780804\Winks3\TFR31.dat [0] Archive type: CAB (Microsoft) --> bouncy_ball.png [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Documents and Settings\Karim\Application Data\Microsoft\MSN Messenger\3252780804\Winks3\TFR36.dat [0] Archive type: CAB (Microsoft) --> bouncy_ball.png [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Documents and Settings\Karim\Application Data\Microsoft\MSN Messenger\3252780804\Winks3\TFR77.dat [0] Archive type: CAB (Microsoft) --> bouncy_ball.png [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Documents and Settings\Karim\Application Data\Microsoft\MSN Messenger\3252780804\Winks3\TFRE5.dat [0] Archive type: CAB (Microsoft) --> bouncy_ball.png [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Documents and Settings\Karim\Application Data\Microsoft\MSN Messenger\651228626\Winks3\TFR5A.dat [0] Archive type: CAB (Microsoft) --> bouncy_ball.png [WARNING] No further files can be extracted from this archive. The archive will be closed End of the scan: mercredi 18 février 2009 20:31 Used time: 1:11:20 Hour(s) The scan has been done completely. 4056 Scanning directories 142278 Files were scanned 1 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 3 Files cannot be scanned 142274 Files not concerned 893 Archives were scanned 11 Warnings 1 Notes
  7. K38
    OTScanIt2 logfile created on: 17/02/2009 23:55:52 - Run 1 OTScanIt2 by OldTimer - Version 1.0.7.1 Folder = d:\Documents and Settings\Karim\Bureau\OTScanIt2 Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation Internet Explorer (Version = 6.0.2800.1106) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 191,48 Mb Total Physical Memory | 29,70 Mb Available Physical Memory | 15,51% Memory free 747,82 Mb Paging File | 399,02 Mb Available in Paging File | 53,36% Paging File free Paging file location(s): C:\pagefile.sys 288 288;D:\pagefile.sys 288 288; %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files Drive C: | 9,09 Gb Total Space | 1,13 Gb Free Space | 12,46% Space Free | Partition Type: NTFS Drive D: | 9,53 Gb Total Space | 3,57 Gb Free Space | 37,48% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PORTABLE Current User Name: Karim Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Whitelist: On File Age = 90 Days [Processes - Safe List] avgnt.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe -> [2008/06/12 13:28:45 | 00,266,497 | ---- | M] (Avira GmbH) avguard.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> [2008/10/25 23:07:36 | 00,151,297 | ---- | M] (Avira GmbH) firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2009/02/05 20:58:23 | 00,307,704 | ---- | M] (Mozilla Corporation) hpgs2wnd.exe -> %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe -> [2002/04/17 10:42:56 | 00,069,632 | ---- | M] (Hewlett-Packard) hpgs2wnf.exe -> %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe -> [2002/04/17 10:49:16 | 00,077,824 | ---- | M] () hpoevm08.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe -> [2003/04/06 00:45:10 | 00,286,720 | ---- | M] (Hewlett-Packard Co.) hpohmr08.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe -> [2003/04/06 01:17:18 | 00,147,456 | ---- | M] (Hewlett-Packard Co.) hposts08.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hposts08.exe -> [2003/04/06 00:55:04 | 00,311,296 | ---- | M] (Hewlett-Packard Co.) hpotdd01.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> [2003/04/06 01:06:58 | 00,028,672 | ---- | M] (Hewlett-Packard) hpqcmon.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe -> [2002/10/07 00:23:20 | 00,090,112 | ---- | M] () jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/01/24 10:05:34 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2009/01/24 10:05:36 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) mspmspsv.exe -> %SystemRoot%\system32\mspmspsv.exe -> [2001/10/01 19:48:44 | 00,053,248 | ---- | M] (Microsoft Corporation) otscanit2.exe -> %UserProfile%\Bureau\OTScanIt2\OTScanIt2.exe -> [2009/01/26 12:13:22 | 00,485,376 | ---- | M] (OldTimer Tools) qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> [2006/06/14 19:53:55 | 00,282,624 | ---- | M] (Apple Computer, Inc.) sched.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> [2008/10/25 23:07:39 | 00,068,865 | ---- | M] (Avira GmbH) stisvc.exe -> %SystemRoot%\system32\stisvc.exe -> [2003/06/19 11:05:04 | 00,062,224 | ---- | M] (Microsoft Corporation) teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> [2009/01/26 15:31:16 | 02,144,088 | RHS- | M] (Safer Networking Limited) vdshd.exe -> %UserProfile%\vdshd.exe -> [2009/02/17 23:55:37 | 00,025,133 | ---- | M] (UTool) winmgmt.exe -> %SystemRoot%\system32\wbem\winmgmt.exe -> [2003/06/19 11:05:04 | 00,196,706 | ---- | M] (Microsoft Corporation) wzcsldr2.exe -> %ProgramFiles%\ANI\ANIWZCS2 Service\WZCSLDR2.exe -> [2004/12/16 16:49:14 | 00,049,152 | ---- | M] (Alpha Networks Inc.) [Win32 Services - Safe List] (ANIWZCSdService) ANIWZCSd Service [Win32_Shared | Auto | Stopped] -> %ProgramFiles%\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -> [2004/10/22 12:42:44 | 00,049,152 | ---- | M] (Alpha Networks Inc.) (AntiVirScheduler) Avira AntiVir Personal - Free Antivirus Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> [2008/10/25 23:07:39 | 00,068,865 | ---- | M] (Avira GmbH) (AntiVirService) Avira AntiVir Personal - Free Antivirus Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> [2008/10/25 23:07:36 | 00,151,297 | ---- | M] (Avira GmbH) (aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -> [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) (dmadmin) Service d'administration du Gestionnaire de disque logique [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> [2003/06/19 11:05:04 | 00,147,728 | ---- | M] (VERITAS Software Corp.) (Fax) Service de télécopie [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\faxsvc.exe -> [2003/06/19 11:05:04 | 00,096,016 | ---- | M] (Microsoft Corporation) (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) (JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2009/01/24 10:05:34 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) (NirSoft Service Controler) NirSoft Service Controler [Win32_Own | Disabled | Stopped] -> -> File not found (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\HPZipm12.exe -> [2003/03/09 05:31:02 | 00,065,795 | ---- | M] (HP) (QOS) FireDaemon Service: QOS [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\Microsoft\user\firedaemon.exe -> [2004/05/16 13:06:11 | 00,081,920 | ---- | M] () (RemoteRegistry) Service d'accès à distance au Registre [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\regsvc.exe -> [2003/06/19 11:05:04 | 00,068,368 | ---- | M] (Microsoft Corporation) (Service Controler) Service Controler [Win32_Own | Disabled | Stopped] -> -> File not found (StiSvc) Still Image Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\stisvc.exe -> [2003/06/19 11:05:04 | 00,062,224 | ---- | M] (Microsoft Corporation) (UtilMan) Gestionnaire d'utilitaires [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\utilman.exe -> [2003/06/19 11:05:04 | 00,022,800 | ---- | M] (Microsoft Corporation) (WinMgmt) Infrastructure de gestion Windows [Win32_Own | Auto | Running] -> %SystemRoot%\system32\wbem\winmgmt.exe -> [2003/06/19 11:05:04 | 00,196,706 | ---- | M] (Microsoft Corporation) (WMDM PMSP Service) WMDM PMSP Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\mspmspsv.exe -> [2001/10/01 19:48:44 | 00,053,248 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List] (AFS2K) AFS2K [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AFS2K.SYS -> [2005/11/18 15:09:53 | 00,082,380 | ---- | M] (Oak Technology Inc.) (ANIO) ANIO Service [Kernel | Auto | Running] -> %SystemRoot%\system32\ANIO.sys -> [2004/07/27 10:20:46 | 00,028,205 | ---- | M] (Alpha Networks Inc.) (atirage3) atirage3 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\atimpab.sys -> [1999/12/14 22:10:50 | 00,071,792 | ---- | M] (ATI Technologies Inc.) (avgio) avgio [Kernel | System | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgio.sys -> [2007/02/27 14:25:01 | 00,011,840 | ---- | M] (Avira GmbH) (avgntflt) avgntflt [File_System | On_Demand | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -> [2008/05/20 15:29:41 | 00,062,016 | ---- | M] (Avira GmbH) (avipbb) avipbb [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avipbb.sys -> [2008/11/25 20:56:34 | 00,075,072 | ---- | M] (Avira GmbH) (Cdr4_2K) Cdr4_2K [Kernel | System | Running] -> %SystemRoot%\system32\drivers\cdr4_2K.sys -> [2006/01/01 22:48:04 | 00,058,000 | ---- | M] (Roxio) (Cdralw2k) Cdralw2k [Kernel | System | Running] -> %SystemRoot%\system32\drivers\cdralw2k.sys -> [2006/01/01 22:48:04 | 00,023,420 | ---- | M] (Roxio) (Diskperf) Diskperf [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\diskperf.sys -> [2003/06/19 11:05:04 | 00,007,728 | ---- | M] (Microsoft Corporation) (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> [2003/06/19 11:05:04 | 00,369,104 | ---- | M] (VERITAS Software Corp.) (dmio) Pilote de Gestionnaire de disque logique [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> [2003/06/19 11:05:04 | 00,138,096 | ---- | M] (VERITAS Software Corp.) (dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> [2003/06/19 11:05:04 | 00,007,312 | ---- | M] (VERITAS Software Corp.) (ds1) Pilote audio DS1 YAMAHA (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ds1wdm.sys -> [1999/11/06 22:06:58 | 00,358,928 | ---- | M] (Microsoft Corporation) (EFS) EFS [File_System | Disabled | Running] -> %SystemRoot%\system32\drivers\efs.sys -> [2003/06/19 11:05:04 | 00,027,440 | ---- | M] (Microsoft Corporation) (EL3C574) Pilote pour périphérique FE574B-3Com 10/100 LAN PCCard [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\el574nd4.sys -> [1999/09/25 03:16:52 | 00,024,848 | ---- | M] (3Com Corporation) (fbxusb) Carte réseau virtuelle FreeBox USB (32 bits) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\fbxusb32.sys -> [2007/08/27 14:12:06 | 00,031,128 | ---- | M] (FreeBox SA) (gameenum) Port jeu pour Yamaha DS1 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\gameenum.sys -> [2003/06/19 12:05:04 | 00,009,808 | ---- | M] (Microsoft Corporation) (HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\hpzid412.sys -> [2003/03/09 05:31:00 | 00,051,024 | ---- | M] (HP) (HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZipr12.sys -> [2003/03/09 05:31:02 | 00,016,080 | ---- | M] (HP) (HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZius12.sys -> [2003/03/09 05:31:02 | 00,021,456 | ---- | M] (HP) (MPE) BDA MPE Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mpe.sys -> [2001/10/16 08:17:14 | 00,013,952 | ---- | M] (Microsoft Corporation) (NetDetect) NetDetect [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\netdtect.sys -> [2001/05/08 01:00:00 | 00,009,680 | ---- | M] (Microsoft Corporation) (NwlnkIpx) Protocole de transport compatible NWLink IPX/SPX/NetBIOS [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\nwlnkipx.sys -> [2003/06/19 11:05:04 | 00,091,408 | ---- | M] (Microsoft Corporation) (NwlnkNb) NWLink NetBIOS [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\nwlnknb.sys -> [2003/06/19 11:05:04 | 00,065,520 | ---- | M] (Microsoft Corporation) (NwlnkSpx) Protocole NWLink SPX/SPXII [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\nwlnkspx.sys -> [2001/05/08 01:00:00 | 00,058,480 | ---- | M] (Microsoft Corporation) (NWRDR) NetWare Rdr [File_System | On_Demand | Running] -> %SystemRoot%\system32\drivers\nwrdr.sys -> [2006/09/01 05:57:48 | 00,161,520 | ---- | M] (Microsoft Corporation) (P1131VID) Creative WebCam NX Pro (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\P1131Vid.sys -> [2004/03/26 03:55:12 | 00,091,241 | R--- | M] (Creative Technology Ltd.) (Parallel) Pilote de classe parallèle [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\parallel.sys -> [2003/06/19 11:05:04 | 00,060,368 | ---- | M] (Microsoft Corporation) (Ptilink) Pilote de liaison parallèle directe [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2003/06/19 11:05:04 | 00,017,680 | ---- | M] (Parallel Technologies, Inc.) (RCA) Microsoft Streaming Network Raw Channel Access [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\rca.sys -> [2001/05/08 01:00:00 | 00,021,712 | ---- | M] (Microsoft Corporation) (RT61) D-Link Wireless Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\rt61.sys -> [2005/06/04 19:07:56 | 00,319,104 | ---- | M] (Ralink Technology Inc.) (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RTL8139.sys -> [1999/09/25 03:17:18 | 00,018,704 | ---- | M] (Realtek Semiconductor Corporation ) (ssmdrv) ssmdrv [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ssmdrv.sys -> [2007/03/01 09:34:22 | 00,028,352 | ---- | M] (Avira GmbH) (tmcomm) tmcomm [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmcomm.sys -> [2008/07/27 00:28:17 | 00,102,664 | ---- | M] (Trend Micro Inc.) (uhcd) Pilote de contrôleur hôte universel USB Microsoft [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\uhcd.sys -> [2003/06/19 11:05:04 | 00,032,848 | ---- | M] (Microsoft Corporation) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\WINNT\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINNT\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\"Start Page" -> http://fr.yahoo.com/ -> HKEY_CURRENT_USER\: SearchURL\\"provider" -> yaho -> HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> < FireFox Settings [Default Profile] > -> d:\Documents and Settings\Karim\Application Data\Mozilla\FireFox\Profiles\xt0ii9fn.default\prefs.js -> browser.search.selectedEngine -> "Google" -> browser.startup.homepage_override.mstone -> "rv:1.9.0.6" -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 -> extensions.enabledItems -> jqs@sun.com:1.0 -> extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.6 -> < HOSTS File > (27 bytes and 1 lines) -> C:\WINNT\System32\drivers\etc\Hosts -> 127.0.0.1 localhost < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/01/12 20:38:22 | 00,063,128 | ---- | M] (Adobe Systems Incorporated) {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [SSVHelper Class] -> [2009/01/24 10:05:45 | 00,320,920 | ---- | M] (Sun Microsystems, Inc.) {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> [2006/02/14 19:06:06 | 01,171,456 | ---- | M] (Google Inc.) {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/01/24 10:05:32 | 00,034,816 | ---- | M] (Sun Microsystems, Inc.) {E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/01/24 10:05:48 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> [2006/02/14 19:06:06 | 01,171,456 | ---- | M] (Google Inc.) "{8E718888-423F-11D2-876E-00A0C9082467}" [HKLM] -> %SystemRoot%\system32\msdxm.ocx [@msdxmLC.dll,-1@1033,&Radio] -> [2005/06/03 11:31:08 | 00,848,656 | ---- | M] (Microsoft Corporation) "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar avec bloqueur de fenêtres pop-up] -> [2005/08/04 21:54:42 | 00,343,112 | ---- | M] (Yahoo! Inc.) < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> [2006/02/14 19:06:06 | 01,171,456 | ---- | M] (Google Inc.) WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar avec bloqueur de fenêtres pop-up] -> [2005/08/04 21:54:42 | 00,343,112 | ---- | M] (Yahoo! Inc.) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "ANIWZCS2Service" -> %ProgramFiles%\ANI\ANIWZCS2 Service\WZCSLDR2.exe [C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe] -> [2004/12/16 16:49:14 | 00,049,152 | ---- | M] (Alpha Networks Inc.) "avgnt" -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe ["C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min] -> [2008/06/12 13:28:45 | 00,266,497 | ---- | M] (Avira GmbH) "CamMonitor" -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe] -> [2002/10/07 00:23:20 | 00,090,112 | ---- | M] () "QuickTime Task" -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2006/06/14 19:53:55 | 00,282,624 | ---- | M] (Apple Computer, Inc.) "Share-to-Web Namespace Daemon" -> %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe] -> [2002/04/17 10:42:56 | 00,069,632 | ---- | M] (Hewlett-Packard) "SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/01/24 10:05:36 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) "Synchronization Manager" -> %SystemRoot%\system32\mobsync.exe [mobsync.exe /logon] -> [2003/06/19 11:05:04 | 00,111,888 | ---- | M] (Microsoft Corporation) < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "SpybotSD TeaTimer" -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> [2009/01/26 15:31:16 | 02,144,088 | RHS- | M] (Safer Networking Limited) < All Users Startup Folder > -> d:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage -> %AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\hp psc 1000 series.lnk -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe -> [2003/04/06 01:17:18 | 00,147,456 | ---- | M] (Hewlett-Packard Co.) %AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\hpoddt01.exe.lnk -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> [2003/04/06 01:06:58 | 00,028,672 | ---- | M] (Hewlett-Packard) %AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2005/09/23 22:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) %AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk -> %ProgramFiles%\Microsoft Office\Office\OSA9.EXE -> [1999/02/17 21:05:56 | 00,065,588 | ---- | M] (Microsoft Corporation) < Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveAutoRun" -> [67108863] -> File not found \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"NoDrives" -> [0] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"dontdisplaylastusername" -> [0] -> File not found \\"legalnoticecaption" -> [] -> File not found \\"legalnoticetext" -> [] -> File not found \\"shutdownwithoutlogon" -> [1] -> File not found \\"DisableRegistryTools" -> [0] -> File not found < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"CDRAutoRun" -> [0] -> File not found \\"NoDrives" -> [0] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found < CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"DisableRegistryTools" -> [0] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &Traduire à partir de l'anglais -> %ProgramFiles%\Google\GoogleToolbar1.dll [res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html] -> [2006/02/14 19:06:06 | 01,171,456 | ---- | M] (Google Inc.) Pages liées -> %ProgramFiles%\Google\GoogleToolbar1.dll [res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html] -> [2006/02/14 19:06:06 | 01,171,456 | ---- | M] (Google Inc.) Pages similaires -> %ProgramFiles%\Google\GoogleToolbar1.dll [res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html] -> [2006/02/14 19:06:06 | 01,171,456 | ---- | M] (Google Inc.) Recherche &Google -> %ProgramFiles%\Google\GoogleToolbar1.dll [res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html] -> [2006/02/14 19:06:06 | 01,171,456 | ---- | M] (Google Inc.) Version de la page actuelle disponible dans le cache Google -> %ProgramFiles%\Google\GoogleToolbar1.dll [res://c:\program files\google\GoogleToolbar1.dll/cmcache.html] -> [2006/02/14 19:06:06 | 01,171,456 | ---- | M] (Google Inc.) < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} [HKLM] -> %ProgramFiles%\Java\jre6\bin\npjpi160_11.dll [Menu: Console Java (Sun)] -> [2009/01/24 10:05:42 | 00,132,504 | ---- | M] (Sun Microsystems, Inc.) {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited) < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %ProgramFiles%\Java\jre6\bin\npjpi160_11.dll [Console Java (Sun)] -> [2009/01/24 10:05:42 | 00,132,504 | ---- | M] (Sun Microsystems, Inc.) CmdMapping\\"{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\"{c95fe080-8f5d-11d2-a20b-00aa003c157a}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited) < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Galerie de Microsoft ActiveX -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5264 domain(s) found. -> 48 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5264 domain(s) found. -> 48 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> http://www.apple.com/qtactivex/qtplugin.cab [QuickTime Object] -> {05D96F71-87C6-11D3-9BE4-00902742D6E0} [HKLM] -> http://intranet.upmf-grenoble.fr/qp2.cab [QuickPlace Class] -> {166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] -> {31564D57-0000-0010-8000-00AA00389B71} [HKLM] -> http://codecs.microsoft.com/codecs/i386/wmvax.cab [Reg Error: Key does not exist or could not be opened.] -> {33564D57-0000-0010-8000-00AA00389B71} [HKLM] -> http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB [Reg Error: Key does not exist or could not be opened.] -> {33564D57-9980-0010-8000-00AA00389B71} [HKLM] -> http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab [Reg Error: Key does not exist or could not be opened.] -> {6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132315772357 [WUWebControl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] -> {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} [HKLM] -> https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab [AdSignerLCContrl Class] -> {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} [HKLM] -> http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab [NsvPlayX Control] -> {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] -> {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {35E2F473-C88D-4CBF-9778-CBD383D2E10F} -> () -> {40C5AD3E-C075-4F31-8A58-B67466D98AB7} -> () -> {719FBCB3-DAC6-4606-BEE2-A436BACC03FC} -> (Carte PCI Fast Ethernet à base Realtek RTL8139(A)) -> {A5034744-89E3-4B35-BDB8-36B59F037B5A} -> (Carte FE574B-3Com 10/100 LAN PCCard-Fast Ethernet) -> {BE690D9F-5267-4918-86D6-9E197106D316} -> () -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> nwprovau -> %SystemRoot%\system32\NWPROVAU.DLL -> [2006/09/01 06:49:42 | 00,143,632 | ---- | M] (Microsoft Corporation) wzcnotif -> %SystemRoot%\system32\wzcdlg.dll -> [2003/06/19 11:05:04 | 00,053,520 | ---- | M] (Microsoft Corporation) < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{7007ACCF-3202-11D1-AAD2-00805FC1270E}" [HKLM] -> %SystemRoot%\system32\netshell.dll [Network.ConnectionTray] -> [2003/06/19 11:05:04 | 00,485,648 | ---- | M] (Microsoft Corporation) < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> "AlternateShell" -> cmd.exe -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> Pilote de CD-ROM -> "ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2003/06/19 11:05:04 | 00,027,984 | ---- | M] (Microsoft Corporation) < Drives with AutoRun files > -> -> C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2005/11/16 22:51:30 | 00,000,000 | -H-- | M] () [Registry - Additional Scans - Safe List] < ColumnHandlers - Folder [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ -> {66742402-F9B9-11D1-A202-0000F81FEDEE} [HKLM] -> %SystemRoot%\system32\docprop2.dll [Version Column Provider] -> [2001/05/08 01:00:00 | 00,307,472 | ---- | M] (Microsoft Corporation) {7f9609be-af9a-11d1-83e0-00c04fb6e984} [HKLM] -> %SystemRoot%\system32\faxshell.dll [Fax Tiff Data Column Provider] -> [2001/05/08 01:00:00 | 00,008,464 | ---- | M] (Microsoft Corporation) {884EA37B-37C0-11d2-BE3F-00A0C9A83DA1} [HKLM] -> %SystemRoot%\system32\docprop2.dll [ShAVColumnProvider class] -> [2001/05/08 01:00:00 | 00,307,472 | ---- | M] (Microsoft Corporation) {F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> [2004/12/14 02:20:02 | 00,110,592 | ---- | M] (Adobe Systems, Inc.) < Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 0 -> [Key] -> 0 -> FriendlyName = Ma page d'accueil -> 0 -> Source = About:Home -> 0 -> SubscribedURL = About:Home -> < Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> "bootini" -> 0 -> "services" -> 0 -> "startup" -> 0 -> "system.ini" -> 0 -> "win.ini" -> 0 -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> .bat [@ = batfile] -> "%1" %* -> .chm [@ = chm.file] -> %SystemRoot%\hh.exe -> [2005/04/15 02:08:24 | 00,010,752 | ---- | M] (Microsoft Corporation) .cmd [@ = cmdfile] -> "%1" %* -> .com [@ = ComFile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> .hlp [@ = hlpfile] -> %SystemRoot%\system32\winhlp32.exe -> [2003/06/19 11:05:04 | 00,008,976 | ---- | M] (Microsoft Corporation) .hta [@ = htafile] -> %SystemRoot%\system32\mshta.exe -> [2002/08/30 18:24:06 | 00,024,576 | ---- | M] (Microsoft Corporation) .html [@ = FirefoxHTML] -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2009/02/05 20:58:23 | 00,307,704 | ---- | M] (Mozilla Corporation) .inf [@ = inffile] -> %SystemRoot%\system32\notepad.exe -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation) .ini [@ = inifile] -> %SystemRoot%\system32\notepad.exe -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation) .js [@ = JSFile] -> %SystemRoot%\system32\wscript.exe -> [2001/06/26 17:53:50 | 00,118,834 | ---- | M] (Microsoft Corporation) .jse [@ = JSEFile] -> %SystemRoot%\system32\wscript.exe -> [2001/06/26 17:53:50 | 00,118,834 | ---- | M] (Microsoft Corporation) .pif [@ = piffile] -> "%1" %* -> .reg [@ = regfile] -> %SystemRoot%\regedit.exe -> [2003/06/19 11:05:04 | 00,076,560 | ---- | M] (Microsoft Corporation) .scr [@ = scrfile] -> "%1" /S -> .txt [@ = txtfile] -> %SystemRoot%\system32\notepad.exe -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation) .vbe [@ = VBEFile] -> %SystemRoot%\system32\wscript.exe -> [2001/06/26 17:53:50 | 00,118,834 | ---- | M] (Microsoft Corporation) .vbs [@ = VBSFile] -> %SystemRoot%\system32\wscript.exe -> [2001/06/26 17:53:50 | 00,118,834 | ---- | M] (Microsoft Corporation) .wsf [@ = WSFFile] -> %SystemRoot%\system32\wscript.exe -> [2001/06/26 17:53:50 | 00,118,834 | ---- | M] (Microsoft Corporation) .wsh [@ = WSHFile] -> %SystemRoot%\system32\wscript.exe -> [2001/06/26 17:53:50 | 00,118,834 | ---- | M] (Microsoft Corporation) < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> -> *netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs -> Ias -> [] -> Iprip -> [] -> Irmon -> [] -> Nwsapagent -> [] -> *MultiFile Done* -> -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKLM] -> No CLSID value ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[Microsoft OLE DB Moniker Binder for Internet Publishing] -> [2002/04/20 09:32:02 | 00,577,536 | ---- | M] (Microsoft Corporation) msdaipp: [HKLM] -> No CLSID value msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[Microsoft OLE DB Moniker Binder for Internet Publishing] -> [2002/04/20 09:32:02 | 00,577,536 | ---- | M] (Microsoft Corporation) msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[MSDAIPP.BINDER] -> [2002/04/20 09:32:02 | 00,577,536 | ---- | M] (Microsoft Corporation) vnd.ms.radio:{3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} [HKLM] -> %SystemRoot%\system32\msdxm.ocx[AsyncPProt Class] -> [2005/06/03 11:31:08 | 00,848,656 | ---- | M] (Microsoft Corporation) < Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center \\"antivirusoverride" -> [0] -> File not found \\"firewalldisablenotify" -> [1] -> File not found \\"UpdatesDisableNotify" -> [1] -> File not found \\"AntiVirusDisableNotify" -> [1] -> File not found \\"FirewallOverride" -> [0] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> < Session Manager Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager -> "BootExecute" -> autocheck autochk *; -> "ExcludeFromKnownDlls" -> -> *ObjectDirectories* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\ObjectDirectories -> \Windows -> -> File not found \RPC Control -> -> File not found *MultiFile Done* -> -> < Session Manager Environment Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment -> "ComSpec" -> C:\WINNT\system32\CMD.EXE -> [2005/06/03 11:24:02 | 00,249,616 | ---- | M] (Microsoft Corporation) "TEMP" -> %SystemRoot%\TEMP -> "TMP" -> %SystemRoot%\TEMP -> "windir" -> %SystemRoot% -> *Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path -> %systemroot%\system32 -> %SystemRoot%\system32 -> [2009/02/17 23:53:44 | 00,000,000 | RHSD | M] %systemroot% -> %SystemRoot% -> [2009/02/17 23:56:00 | 00,000,000 | RHSD | M] %systemroot%\system32\wbem -> %SystemRoot%\system32\wbem -> [2005/11/22 00:19:46 | 00,000,000 | ---D | M] C:\Program Files\Fichiers communs\Teleca Shared -> -> File not found *MultiFile Done* -> -> *PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT -> .COM -> -> File not found .EXE -> -> File not found .BAT -> -> File not found .CMD -> -> File not found .VBS -> -> File not found .VBE -> -> File not found .JS -> -> File not found .JSE -> -> File not found .WSF -> -> File not found .WSH -> -> File not found *MultiFile Done* -> -> < Session Manager FileRenameOperations Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations -> < Session Manager KnownDlls Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls -> "advapi32" -> C:\WINNT\system32\ADVAPI32.DLL -> [2005/06/03 11:30:50 | 00,401,168 | ---- | M] (Microsoft Corporation) "comdlg32" -> C:\WINNT\system32\comdlg32.dll -> [2003/06/19 11:05:04 | 00,244,496 | ---- | M] (Microsoft Corporation) "DllDirectory" -> C:\WINNT\system32 -> [2009/02/17 23:53:44 | 00,000,000 | RHSD | M] "gdi32" -> C:\WINNT\system32\GDI32.DLL -> [2008/10/23 06:27:54 | 00,237,840 | ---- | M] (Microsoft Corporation) "imagehlp" -> C:\WINNT\system32\imagehlp.dll -> [2003/06/19 11:05:04 | 00,128,784 | ---- | M] (Microsoft Corporation) "kernel32" -> C:\WINNT\system32\KERNEL32.DLL -> [2007/04/16 13:44:24 | 00,760,080 | ---- | M] (Microsoft Corporation) "lz32" -> C:\WINNT\system32\lz32.dll -> [2003/06/19 11:05:04 | 00,010,000 | ---- | M] (Microsoft Corporation) "ole32" -> C:\WINNT\system32\OLE32.DLL -> [2005/09/05 09:19:27 | 00,957,712 | ---- | M] (Microsoft Corporation) "oleaut32" -> C:\WINNT\system32\OLEAUT32.DLL -> [2007/12/05 11:40:18 | 00,631,056 | ---- | M] (Microsoft Corporation) "olecli32" -> C:\WINNT\system32\olecli32.dll -> [2005/09/05 09:19:28 | 00,069,904 | ---- | M] (Microsoft Corporation) "olecnv32" -> C:\WINNT\system32\OLECNV32.DLL -> [2005/09/05 09:19:28 | 00,036,624 | ---- | M] (Microsoft Corporation) "olesvr32" -> C:\WINNT\system32\olesvr32.dll -> [2001/05/08 01:00:00 | 00,022,800 | ---- | M] (Microsoft Corporation) "olethk32" -> C:\WINNT\system32\olethk32.dll -> [2003/06/19 11:05:04 | 00,070,928 | ---- | M] (Microsoft Corporation) "rpcrt4" -> C:\WINNT\system32\rpcrt4.dll -> [2007/07/17 07:43:10 | 00,439,056 | ---- | M] (Microsoft Corporation) "shell32" -> C:\WINNT\system32\SHELL32.DLL -> [2006/07/13 08:09:42 | 02,393,360 | ---- | M] (Microsoft Corporation) "url" -> C:\WINNT\system32\url.dll -> [2002/08/30 18:24:06 | 00,108,544 | ---- | M] (Microsoft Corporation) "urlmon" -> C:\WINNT\system32\URLMON.DLL -> [2008/10/16 10:50:14 | 00,464,384 | ---- | M] (Microsoft Corporation) "user32" -> C:\WINNT\system32\USER32.DLL -> [2007/03/06 12:18:04 | 00,381,712 | ---- | M] (Microsoft Corporation) "version" -> C:\WINNT\system32\version.dll -> [2003/06/19 11:05:04 | 00,016,144 | ---- | M] (Microsoft Corporation) "wininet" -> C:\WINNT\system32\WININET.DLL -> [2008/10/16 10:50:16 | 00,581,120 | ---- | M] (Microsoft Corporation) "wldap32" -> C:\WINNT\system32\WLDAP32.DLL -> [2005/06/03 11:30:52 | 00,146,704 | ---- | M] (Microsoft Corporation) < Session Manager SFC Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SFC -> "CommonFilesDir" -> C:\Program Files\Fichiers communs -> [2009/02/08 22:41:29 | 00,000,000 | ---D | M] "ProgramFilesDir" -> C:\Program Files -> [2009/02/08 14:48:05 | 00,000,000 | R--D | M] < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation) batfile [open] -> "%1" %* -> File not found batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation) chm.file [open] -> "%SystemRoot%\hh.exe" %1 -> [2005/04/15 02:08:24 | 00,010,752 | ---- | M] (Microsoft Corporation) cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation) cmdfile [open] -> "%1" %* -> File not found cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation) comfile [open] -> "%1" %* -> File not found exefile [open] -> "%1" %* -> File not found helpfile [open] -> winhlp32.exe %1 -> [2003/06/19 11:05:04 | 00,008,976 | ---- | M] (Microsoft Corporation) hlpfile [open] -> %SystemRoot%\System32\winhlp32.exe %1 -> [2003/06/19 11:05:04 | 00,008,976 | ---- | M] (Microsoft Corporation) htafile [open] -> %SystemRoot%\system32\mshta.exe "%1" %* -> [2002/08/30 18:24:06 | 00,024,576 | ---- | M] (Microsoft Corporation) htmlfile [edit] -> "%ProgramFiles%\Microsoft Office\Office\msohtmed.exe" %1 -> [1999/02/09 21:14:10 | 00,041,011 | ---- | M] (Microsoft Corporation) htmlfile [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" -nohome -> [2002/08/30 18:24:06 | 00,091,136 | ---- | M] (Microsoft Corporation) htmlfile [opennew] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" %1 -> [2002/08/30 18:24:06 | 00,091,136 | ---- | M] (Microsoft Corporation) http [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" -nohome -> [2002/08/30 18:24:06 | 00,091,136 | ---- | M] (Microsoft Corporation) https [open] -> "%ProgramFiles%\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" -> [2009/02/05 20:58:23 | 00,307,704 | ---- | M] (Mozilla Corporation) inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 -> [2001/05/08 01:00:00 | 00,010,000 | ---- | M] (Microsoft Corporation) inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation) inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation) inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation) inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation) jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation) jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> [2001/06/26 17:53:50 | 00,118,834 | ---- | M] (Microsoft Corporation) jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation) jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation) jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> [2001/06/26 17:53:50 | 00,118,834 | ---- | M] (Microsoft Corporation) jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation) piffile [open] -> "%1" %* -> File not found regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation) regfile [open] -> regedit.exe "%1" -> [2003/06/19 11:05:04 | 00,076,560 | ---- | M] (Microsoft Corporation) regfile [merge] -> Reg Error: Key does not exist or could not be opened. regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation) scrfile [config] -> %1 -> File not found scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2003/06/19 11:05:04 | 00,245,008 | ---- | M] (Microsoft Corporation) scrfile [open] -> "%1" /S -> File not found txtfile [edit] -> Reg Error: Key does not exist or could not be opened. txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation) txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation) txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation) vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation) vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> [2001/06/26 17:53:50 | 00,118,834 | ---- | M] (Microsoft Corporation) vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation) vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation) vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> [2001/06/26 17:53:50 | 00,118,834 | ---- | M] (Microsoft Corporation) vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation) wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation) wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> [2001/06/26 17:53:50 | 00,118,834 | ---- | M] (Microsoft Corporation) wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> [2001/05/08 01:00:00 | 00,051,984 | ---- | M] (Microsoft Corporation) wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> [2001/06/26 17:53:50 | 00,118,834 | ---- | M] (Microsoft Corporation) Directory [AddToPlaylistVLC] -> %ProgramFiles%\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" -> [2008/11/13 12:34:18 | 00,114,840 | ---- | M] () Directory [PlayWithVLC] -> %ProgramFiles%\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" -> [2008/11/13 12:34:18 | 00,114,840 | ---- | M] () Applications\iexplore.exe [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" %1 -> [2002/08/30 18:24:06 | 00,091,136 | ---- | M] (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "%programfiles%\internet explorer\iexplore.exe" -> [2002/08/30 18:24:06 | 00,091,136 | ---- | M] (Microsoft Corporation) < Tcpip Persistent Routes > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes -> < Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> {0001040C-78E1-11D2-B60F-006097C998E7} -> Microsoft Office 2000 Professional {01161F64-6897-4885-93A0-A9F7BE9A4253} -> hp psc 1100 series {18D10072035C4515918F7E37EAFAACFC} -> AutoUpdate {1E04F83B-2AB9-4301-9EF7-E86307F79C72} -> Google Earth {2318C2B1-4965-11d4-9B18-009027A5CD4F} -> Google Toolbar for Internet Explorer {26A24AE4-039D-4CA4-87B4-2F83216011FF} -> Java(TM) 6 Update 11 {30614D5F-58BB-4A76-8BC9-C763A815CFC4} -> Hackman Hex Editor {4BDFD2CE-6329-42E4-9801-9B3D1F10D79B} -> Adobe® Photoshop® Album Edition Découverte 3.0 {4C590030-7469-453E-8589-D15DA9D03F52} -> ANIWZCS2 Service {63569CE9-FA00-469C-AF5C-E5D4D93ACF91} -> Windows Genuine Advantage v1.3.0254.0 {6ECB39BD-73C2-44DD-B1A0-898207C58D8B} -> Photo et imagerie HP 2.0 - All-in-One Pilote {6F716DA0-398F-11D3-85E1-005004838609} -> WebFldrs {7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E} -> ANIO Service {7B63B2922B174135AFC0E1377DD81EC2} -> DivX {8ADFC4160D694100B5B8A22DE9DCABD9} -> DivX Player {8E397FED-07AB-439C-80C5-1DA3A1E4C827} -> PowerArchiver 2007 French {9867A917-5D17-40DE-83BA-BEA5293194B1} -> Photo et imagerie HP 2.0 - All-in-One {A023A2D1-8BD3-4B3D-8077-CD9DDA489CB5} -> HP Photo and Imaging 2.0 - Photosmart Cameras {A5CC2A09-E9D3-49EC-923D-03874BBD4C2C} -> Windows Defender Signatures {ABEB838C-A1A7-4C5D-B7E1-8B4314600820} -> MSN Messenger 7.0 {AC76BA86-7AD7-1036-7B44-A70500000002} -> Adobe Reader 7.0.7 - Français {B376402D-58EA-45EA-BD50-DD924EB67A70} -> Disque de souvenirs HP {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 -> Spybot - Search & Destroy {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1 Adobe Flash Player ActiveX -> Adobe Flash Player ActiveX Adobe Flash Player Plugin -> Adobe Flash Player 10 Plugin Adobe Shockwave Player -> Adobe Shockwave Player AdobeESD -> Adobe Download Manager 2.0 (Supprimer uniquement) AntiVir PersonalEdition Classic -> Avira AntiVir Personal - Free Antivirus Creative PC-CAM Center -> Creative PC-CAM Center Creative PD1131 -> Creative WebCam NX Pro Driver (1.03.03.0326) Creative WebCam Monitor -> Creative WebCam Monitor eMule -> eMule Free.fr -> Free - Kit de connexion FreePCvcR v0.5.3a -> FreePCvcR v0.5.3a FreePCvcR v0.6 -> FreePCvcR v0.6 Freeplayer -> Freeplayer Hattrick Control_is1 -> Hattrick Control 2.12 HijackThis -> HijackThis 2.0.2 HP PSC 1100 Series -> Photo et imagerie HP 2.0 - hp psc 1100 series IrfanView -> IrfanView (remove only) Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware Manuel d'utilisation de Creative WebCam NX Pro French -> Manuel d'utilisation de Creative WebCam NX Pro (Français) Microsoft .NET Framework 1.1 (1033) -> Microsoft .NET Framework 1.1 mIRC -> mIRC Mozilla Firefox (3.0.6) -> Mozilla Firefox (3.0.6) Q828026 -> Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations] Radmin Viewer 3.0 -> Radmin Viewer 3.0 RealPlayer 6.0 -> RealPlayer ShockwaveFlash -> Adobe Flash Player 9 ActiveX Skype_is1 -> Skype 2.0 SopCast -> SopCast 1.1.1 Update Rollup 1 -> Correctif cumulatif 1 pour Windows 2000 SP4 VLC media player -> VLC media player 0.9.6 WMP7 -> Mise à jour système du Lecteur Windows Media (Série 9) Yahoo! Companion -> Yahoo! Toolbar avec bloqueur de fenêtres pop-up Yahoo! Toolbar -> Yahoo! Toolbar < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> NameSpace_Catalog5\Catalog_Entries\000000000001 [TCP/IP] -> %SystemRoot%\system32\rnr20.dll -> [2003/06/19 11:05:04 | 00,036,624 | ---- | M] (Microsoft Corporation) NameSpace_Catalog5\Catalog_Entries\000000000003 [Protocole de transport compatible NWLink IPX/SPX/NetBIOS] -> %SystemRoot%\system32\NWPROVAU.DLL -> [2006/09/01 06:49:42 | 00,143,632 | ---- | M] (Microsoft Corporation) Protocol_Catalog9\Catalog_Entries\000000000001 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation) Protocol_Catalog9\Catalog_Entries\000000000002 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation) Protocol_Catalog9\Catalog_Entries\000000000003 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation) Protocol_Catalog9\Catalog_Entries\000000000004 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation) Protocol_Catalog9\Catalog_Entries\000000000005 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation) Protocol_Catalog9\Catalog_Entries\000000000006 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation) Protocol_Catalog9\Catalog_Entries\000000000007 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation) Protocol_Catalog9\Catalog_Entries\000000000008 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation) Protocol_Catalog9\Catalog_Entries\000000000009 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation) Protocol_Catalog9\Catalog_Entries\000000000010 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation) Protocol_Catalog9\Catalog_Entries\000000000011 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation) Protocol_Catalog9\Catalog_Entries\000000000012 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation) Protocol_Catalog9\Catalog_Entries\000000000013 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation) Protocol_Catalog9\Catalog_Entries\000000000014 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation) Protocol_Catalog9\Catalog_Entries\000000000015 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation) Protocol_Catalog9\Catalog_Entries\000000000016 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation) Protocol_Catalog9\Catalog_Entries\000000000017 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation) Protocol_Catalog9\Catalog_Entries\000000000018 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation) Protocol_Catalog9\Catalog_Entries\000000000019 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation) Protocol_Catalog9\Catalog_Entries\000000000020 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation) Protocol_Catalog9\Catalog_Entries\000000000021 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation) Protocol_Catalog9\Catalog_Entries\000000000022 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation) Protocol_Catalog9\Catalog_Entries\000000000023 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation) Protocol_Catalog9\Catalog_Entries\000000000024 -> %SystemRoot%\system32\msafd.dll -> [2008/06/25 10:42:08 | 00,105,744 | ---- | M] (Microsoft Corporation) < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Application [ Error ] 17/02/2009 08:18:32 Computer Name = PORTABLE | Source = Perflib | ID = 1015 -> Description = Le délai d'exécution de la fonction "PerfProc" de collecte de données de performance dans la bibliothèque "C:\WINNT\system32\perfproc.dll" a expiré. Il y a peut-être un problème pour ce compteur extensible ou le service dont il tire ses informations, ou le système était peut-être très occupé au moment où l'appel a été tenté. Application [ Error ] 17/02/2009 08:20:15 Computer Name = PORTABLE | Source = Perflib | ID = 1015 -> Description = Le délai d'exécution de la fonction "PerfProc" de collecte de données de performance dans la bibliothèque "C:\WINNT\system32\perfproc.dll" a expiré. Il y a peut-être un problème pour ce compteur extensible ou le service dont il tire ses informations, ou le système était peut-être très occupé au moment où l'appel a été tenté. Application [ Error ] 17/02/2009 08:21:25 Computer Name = PORTABLE | Source = Perflib | ID = 1015 -> Description = Le délai d'exécution de la fonction "PerfProc" de collecte de données de performance dans la bibliothèque "C:\WINNT\system32\perfproc.dll" a expiré. Il y a peut-être un problème pour ce compteur extensible ou le service dont il tire ses informations, ou le système était peut-être très occupé au moment où l'appel a été tenté. Application [ Error ] 17/02/2009 15:36:31 Computer Name = PORTABLE | Source = QOS | ID = 102 -> Description = The service failed to initialize due to subprocess could not be spawned. Error code: 2. Application [ Error ] 17/02/2009 15:36:31 Computer Name = PORTABLE | Source = QOS | ID = 103 -> Description = The service failed to start. Application [ Error ] 17/02/2009 15:36:55 Computer Name = PORTABLE | Source = Perflib | ID = 2002 -> Description = La procédure d'ouverture du service "PerfDisk" dans la bibliothèque "C:\WINNT\system32\perfdisk.dll" a pris plus longtemps que le délai imparti pour cette opération. Il y a peut- être un problème pour ce compteur extensible ou le service dont il tire ses informations, ou le système était peut-être très occupé au moment où l'appel a été tenté. Application [ Error ] 17/02/2009 15:39:16 Computer Name = PORTABLE | Source = Perflib | ID = 1015 -> Description = Le délai d'exécution de la fonction "PerfProc" de collecte de données de performance dans la bibliothèque "C:\WINNT\system32\perfproc.dll" a expiré. Il y a peut-être un problème pour ce compteur extensible ou le service dont il tire ses informations, ou le système était peut-être très occupé au moment où l'appel a été tenté. Application [ Error ] 17/02/2009 15:50:55 Computer Name = PORTABLE | Source = QOS | ID = 102 -> Description = The service failed to initialize due to subprocess could not be spawned. Error code: 2. Application [ Error ] 17/02/2009 15:50:55 Computer Name = PORTABLE | Source = QOS | ID = 103 -> Description = The service failed to start. Application [ Error ] 17/02/2009 15:51:17 Computer Name = PORTABLE | Source = Perflib | ID = 2002 -> Description = La procédure d'ouverture du service "PerfDisk" dans la bibliothèque "C:\WINNT\system32\perfdisk.dll" a pris plus longtemps que le délai imparti pour cette opération. Il y a peut- être un problème pour ce compteur extensible ou le service dont il tire ses informations, ou le système était peut-être très occupé au moment où l'appel a été tenté. System [ Error ] 17/02/2009 08:15:29 Computer Name = PORTABLE | Source = Service Control Manager | ID = 7023 -> Description = Le service FireDaemon Service: QOS s'est arrêté avec l'erreur : %%1 System [ Error ] 17/02/2009 08:17:42 Computer Name = PORTABLE | Source = Service Control Manager | ID = 7022 -> Description = Le service Avira AntiVir Personal - Free Antivirus Scheduler est en attente de démarrage. System [ Error ] 17/02/2009 15:36:17 Computer Name = PORTABLE | Source = Service Control Manager | ID = 7000 -> Description = Le service Protocole de transport compatible NWLink IPX/SPX/NetBIOS n'a pas pu démarrer en raison de l'erreur : %%87 System [ Error ] 17/02/2009 15:36:31 Computer Name = PORTABLE | Source = Service Control Manager | ID = 7023 -> Description = Le service Service client pour NetWare s'est arrêté avec l'erreur : %%2 System [ Error ] 17/02/2009 15:36:31 Computer Name = PORTABLE | Source = Service Control Manager | ID = 7000 -> Description = Le service Planificateur de tâches n'a pas pu démarrer en raison de l'erreur : %%1083 System [ Error ] 17/02/2009 15:36:31 Computer Name = PORTABLE | Source = Service Control Manager | ID = 7023 -> Description = Le service FireDaemon Service: QOS s'est arrêté avec l'erreur : %%1 System [ Error ] 17/02/2009 15:50:43 Computer Name = PORTABLE | Source = Service Control Manager | ID = 7000 -> Description = Le service Protocole de transport compatible NWLink IPX/SPX/NetBIOS n'a pas pu démarrer en raison de l'erreur : %%87 System [ Error ] 17/02/2009 15:50:55 Computer Name = PORTABLE | Source = Service Control Manager | ID = 7000 -> Description = Le service Planificateur de tâches n'a pas pu démarrer en raison de l'erreur : %%1083 System [ Error ] 17/02/2009 15:50:55 Computer Name = PORTABLE | Source = Service Control Manager | ID = 7023 -> Description = Le service Service client pour NetWare s'est arrêté avec l'erreur : %%2 System [ Error ] 17/02/2009 15:50:55 Computer Name = PORTABLE | Source = Service Control Manager | ID = 7023 -> Description = Le service FireDaemon Service: QOS s'est arrêté avec l'erreur : %%1 [Files/Folders - Created Within 90 Days] 4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> OTScanIt2 -> %UserProfile%\Bureau\OTScanIt2 -> [2009/02/17 23:51:58 | 00,000,000 | ---D | C] vdshd.exe -> %UserProfile%\vdshd.exe -> [2009/02/17 23:51:36 | 00,025,133 | ---- | C] (UTool) OTScanIt2.exe -> %UserProfile%\Bureau\OTScanIt2.exe -> [2009/02/17 23:51:20 | 00,656,714 | ---- | C] () Perflib_Perfdata_234.dat -> %SystemRoot%\System32\Perflib_Perfdata_234.dat -> [2009/02/17 20:50:53 | 00,016,384 | ---- | C] () Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Bureau\Malwarebytes' Anti-Malware.lnk -> [2009/02/16 23:24:54 | 00,000,458 | ---- | C] () mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/02/16 23:24:52 | 00,015,504 | ---- | C] (Malwarebytes Corporation) mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/02/16 23:24:48 | 00,038,496 | ---- | C] (Malwarebytes Corporation) Perflib_Perfdata_68c.dat -> %SystemRoot%\System32\Perflib_Perfdata_68c.dat -> [2009/02/16 08:58:54 | 00,016,384 | ---- | C] () Favoris -> %SystemRoot%\Favoris -> [2009/02/13 18:38:30 | 00,000,000 | ---D | C] CF20883.exe -> %SystemRoot%\System32\CF20883.exe -> [2009/02/08 20:46:40 | 00,249,616 | ---- | C] (Microsoft Corporation) CF20880.exe -> %SystemRoot%\System32\CF20880.exe -> [2009/02/08 20:46:40 | 00,249,616 | ---- | C] (Microsoft Corporation) Perflib_Perfdata_438.dat -> %SystemRoot%\System32\Perflib_Perfdata_438.dat -> [2009/02/08 15:44:05 | 00,016,384 | ---- | C] () zipinst.exe -> %SystemRoot%\zipinst.exe -> [2009/02/08 14:48:08 | 00,039,424 | ---- | C] (NirSoft) RegScanner -> %ProgramFiles%\RegScanner -> [2009/02/08 14:48:05 | 00,000,000 | ---D | C] Perflib_Perfdata_11c4.dat -> %SystemRoot%\System32\Perflib_Perfdata_11c4.dat -> [2009/02/07 20:28:21 | 00,016,384 | ---- | C] () Perflib_Perfdata_230.dat -> %SystemRoot%\System32\Perflib_Perfdata_230.dat -> [2009/02/07 01:15:09 | 00,016,384 | ---- | C] () RECYCLER -> %SystemDrive%\RECYCLER -> [2009/02/06 17:24:17 | 00,000,000 | RHSD | C] Perflib_Perfdata_22c.dat -> %SystemRoot%\System32\Perflib_Perfdata_22c.dat -> [2009/02/03 12:38:30 | 00,016,384 | ---- | C] () photo moi.doc -> %SystemDrive%\photo moi.doc -> [2009/01/30 18:55:31 | 00,258,048 | ---- | C] () temp -> %SystemRoot%\temp -> [2009/01/26 23:07:04 | 00,000,000 | ---D | C] Perflib_Perfdata_218.dat -> %SystemRoot%\System32\Perflib_Perfdata_218.dat -> [2009/01/26 22:18:19 | 00,016,384 | ---- | C] () REGIME.doc -> %UserProfile%\Mes documents\REGIME.doc -> [2009/01/22 20:58:40 | 00,202,752 | ---- | C] () Votre bilan personnel AVANT REGIME.doc -> %UserProfile%\Mes documents\Votre bilan personnel AVANT REGIME.doc -> [2009/01/22 20:26:58 | 00,050,688 | ---- | C] () VTech -> %ProgramFiles%\VTech -> [2008/12/28 20:20:35 | 00,000,000 | ---D | C] Lancement rapide d'Adobe Reader.lnk -> %AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk -> [2008/12/14 15:24:36 | 00,001,446 | ---- | C] () MSHTML.DLL -> %SystemRoot%\System32\MSHTML.DLL -> [2008/12/11 14:22:44 | 02,706,432 | ---- | C] (Microsoft Corporation) FONCIA REGLEMENT.xls -> %UserProfile%\Mes documents\FONCIA REGLEMENT.xls -> [2008/11/28 09:56:14 | 00,016,384 | ---- | C] () vlc -> %AppData%\vlc -> [2008/11/23 01:24:04 | 00,000,000 | ---D | C] VLC media player.lnk -> %AllUsersProfile%\Bureau\VLC media player.lnk -> [2008/11/23 00:46:20 | 00,000,495 | ---- | C] () VideoLAN -> %ProgramFiles%\VideoLAN -> [2008/11/22 22:39:50 | 00,000,000 | ---D | C] [Files/Folders - Modified Within 90 Days] 32 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> 4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> 1 d:\Documents and Settings\Karim\Local Settings\temp\is-PAE83.tmp\_isetup\*.tmp files -> d:\Documents and Settings\Karim\Local Settings\temp\is-PAE83.tmp\_isetup\*.tmp -> NTUSER.DAT -> %UserProfile%\NTUSER.DAT -> [2009/02/17 23:55:45 | 05,169,152 | -H-- | M] () vdshd.exe -> %UserProfile%\vdshd.exe -> [2009/02/17 23:55:37 | 00,025,133 | ---- | M] (UTool) OTScanIt2.exe -> %UserProfile%\Bureau\OTScanIt2.exe -> [2009/02/17 23:51:21 | 00,656,714 | ---- | M] () Perflib_Perfdata_234.dat -> %SystemRoot%\System32\Perflib_Perfdata_234.dat -> [2009/02/17 20:50:53 | 00,016,384 | ---- | M] () hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2009/02/17 20:50:33 | 20,078,5920 | -HS- | M] () ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/02/17 20:48:07 | 00,000,284 | -HS- | M] () hpfr3420.xml -> %SystemDrive%\hpfr3420.xml -> [2009/02/17 11:15:55 | 00,000,524 | ---- | M] () qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/02/17 00:38:16 | 00,004,617 | ---- | M] () qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/02/17 00:38:16 | 00,004,232 | ---- | M] () Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Bureau\Malwarebytes' Anti-Malware.lnk -> [2009/02/16 23:30:37 | 00,000,458 | ---- | M] () _shfoldr.dll -> %UserProfile%\Local Settings\temp\is-PAE83.tmp\_isetup\_shfoldr.dll -> [2009/02/16 23:23:54 | 00,023,312 | ---- | M] (Microsoft Corporation) Perflib_Perfdata_68c.dat -> %SystemRoot%\System32\Perflib_Perfdata_68c.dat -> [2009/02/16 08:58:54 | 00,016,384 | ---- | M] () Spybot - Search & Destroy.lnk -> %UserProfile%\Bureau\Spybot - Search & Destroy.lnk -> [2009/02/13 01:29:10 | 00,000,682 | ---- | M] () MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2009/02/12 05:56:17 | 21,244,872 | ---- | M] (Microsoft Corporation) mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) CF20883.exe -> %SystemRoot%\System32\CF20883.exe -> [2009/02/08 20:46:16 | 00,249,616 | ---- | M] (Microsoft Corporation) CF20880.exe -> %SystemRoot%\System32\CF20880.exe -> [2009/02/08 20:46:16 | 00,249,616 | ---- | M] (Microsoft Corporation) Perflib_Perfdata_438.dat -> %SystemRoot%\System32\Perflib_Perfdata_438.dat -> [2009/02/08 15:44:05 | 00,016,384 | ---- | M] () zipinst.exe -> %SystemRoot%\zipinst.exe -> [2009/02/08 14:53:13 | 00,039,424 | ---- | M] (NirSoft) Perflib_Perfdata_11c4.dat -> %SystemRoot%\System32\Perflib_Perfdata_11c4.dat -> [2009/02/07 20:28:21 | 00,016,384 | ---- | M] () Perflib_Perfdata_230.dat -> %SystemRoot%\System32\Perflib_Perfdata_230.dat -> [2009/02/07 01:15:09 | 00,016,384 | ---- | M] () Mozilla Firefox.lnk -> %UserProfile%\Bureau\Mozilla Firefox.lnk -> [2009/02/06 17:56:03 | 00,001,386 | ---- | M] () Perflib_Perfdata_22c.dat -> %SystemRoot%\System32\Perflib_Perfdata_22c.dat -> [2009/02/03 12:38:30 | 00,016,384 | ---- | M] () photo moi.doc -> %SystemDrive%\photo moi.doc -> [2009/01/30 18:55:32 | 00,258,048 | ---- | M] () system.ini -> %SystemRoot%\system.ini -> [2009/01/26 23:09:54 | 00,000,227 | ---- | M] () hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [2009/01/26 22:20:11 | 00,000,027 | ---- | M] () SystemSpool_dll.ocx -> %SystemRoot%\System32\SystemSpool_dll.ocx -> [2009/01/26 22:18:21 | 00,000,613 | ---- | M] () Perflib_Perfdata_218.dat -> %SystemRoot%\System32\Perflib_Perfdata_218.dat -> [2009/01/26 22:18:19 | 00,016,384 | ---- | M] () systemspool.ocx -> %SystemRoot%\System32\systemspool.ocx -> [2009/01/26 22:18:19 | 00,001,061 | ---- | M] () FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2009/01/26 19:19:35 | 00,149,992 | ---- | M] () REGIME.doc -> %UserProfile%\Mes documents\REGIME.doc -> [2009/01/22 20:58:41 | 00,202,752 | ---- | M] () Votre bilan personnel AVANT REGIME.doc -> %UserProfile%\Mes documents\Votre bilan personnel AVANT REGIME.doc -> [2009/01/22 20:26:59 | 00,050,688 | ---- | M] () sfc.dll -> %SystemRoot%\System32\sfc.dll -> [2009/01/21 20:36:25 | 00,097,072 | ---- | M] (Microsoft Corporation) imsins.BAK -> %SystemRoot%\imsins.BAK -> [2009/01/14 01:45:11 | 00,001,410 | ---- | M] () Lancement rapide d'Adobe Reader.lnk -> %AllUsersProfile%\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk -> [2008/12/14 15:24:36 | 00,001,446 | ---- | M] () MSHTML.DLL -> %SystemRoot%\System32\MSHTML.DLL -> [2008/12/11 14:22:44 | 02,706,432 | ---- | M] (Microsoft Corporation) MSHTML.DLL -> %SystemRoot%\System32\dllcache\MSHTML.DLL -> [2008/12/11 14:22:44 | 02,706,432 | ---- | M] (Microsoft Corporation) SRV.SYS -> %SystemRoot%\System32\drivers\SRV.SYS -> [2008/12/11 13:09:40 | 00,239,472 | ---- | M] (Microsoft Corporation) srv.sys -> %SystemRoot%\System32\dllcache\srv.sys -> [2008/12/11 13:09:40 | 00,239,472 | ---- | M] (Microsoft Corporation) FONCIA REGLEMENT.xls -> %UserProfile%\Mes documents\FONCIA REGLEMENT.xls -> [2008/11/28 10:56:08 | 00,016,384 | ---- | M] () avipbb.sys -> %SystemRoot%\System32\drivers\avipbb.sys -> [2008/11/25 20:56:34 | 00,075,072 | ---- | M] (Avira GmbH) VLC media player.lnk -> %AllUsersProfile%\Bureau\VLC media player.lnk -> [2008/11/23 00:46:21 | 00,000,495 | ---- | M] () [Files/Folders - Unicode - All] ? -> C:\WINNT\㘠 -> [2007/01/20 17:55:13 | 00,000,146 | ---- | M] () ? -> C:\WINNT\˨ -> [2007/04/11 22:29:00 | 00,000,146 | ---- | M] () ? -> C:\WINNT\㢼 -> [2007/09/06 01:49:41 | 00,000,146 | ---- | M] () ? -> C:\WINNT\૸ -> [2008/01/22 00:45:34 | 00,003,494 | ---- | M] () ? -> C:\WINNT\ -> [2008/07/05 07:51:14 | 00,003,973 | ---- | M] () ? -> C:\WINNT\Є -> [2006/06/10 17:47:32 | 00,000,146 | ---- | M] () ? -> C:\WINNT\Й -> [2006/08/23 23:25:08 | 00,000,987 | ---- | M] () ? -> C:\WINNT\质 -> [2007/05/14 17:34:15 | 00,001,695 | ---- | M] () ? -> C:\WINNT\邘 -> [2007/05/14 17:34:15 | 00,000,146 | ---- | M] () [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 < Document and Settings folder & sub folders > scanning hidden files ... d:\Documents and Settings\Karim\Mes documents\Mes images\2006-11 (nov.)\IM000079.JPG:Q30lsldxJoudresxAaaqpcawXc 7336 bytes d:\Documents and Settings\Karim\Mes documents\Mes images\2006-11 (nov.)\IM000079.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes d:\Documents and Settings\Karim\Mes documents\Mes images\2006-11 (nov.)\IM000080.JPG:Q30lsldxJoudresxAaaqpcawXc 7476 bytes d:\Documents and Settings\Karim\Mes documents\Mes images\2006-11 (nov.)\IM000080.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes d:\Documents and Settings\Karim\Mes documents\Mes images\2006-11 (nov.)\IM000081.JPG:Q30lsldxJoudresxAaaqpcawXc 7268 bytes d:\Documents and Settings\Karim\Mes documents\Mes images\2006-11 (nov.)\IM000081.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes d:\Documents and Settings\Karim\Mes documents\Mes images\PHOTO A IMPRIMER\IM000080.JPG:Q30lsldxJoudresxAaaqpcawXc 7476 bytes d:\Documents and Settings\Karim\Mes documents\Mes images\PHOTO A IMPRIMER\IM000080.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes d:\Documents and Settings\Karim\Mes documents\Mes images\PHOTO A IMPRIMER\IM000081.JPG:Q30lsldxJoudresxAaaqpcawXc 7268 bytes d:\Documents and Settings\Karim\Mes documents\Mes images\PHOTO A IMPRIMER\IM000081.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes d:\Documents and Settings\Karim\Mes documents\Mes images\PHOTO A IMPRIMER\IM000079.JPG:Q30lsldxJoudresxAaaqpcawXc 7336 bytes d:\Documents and Settings\Karim\Mes documents\Mes images\PHOTO A IMPRIMER\IM000079.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes d:\Documents and Settings\Karim\Mes documents\Mes images\christine beauté.htm:Q30lsldxJoudresxAaaqpcawXc 9500 bytes d:\Documents and Settings\Karim\Mes documents\Mes images\christine beauté.htm:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes d:\Documents and Settings\Karim\Mes documents\Mes images\christine coquine.htm:Q30lsldxJoudresxAaaqpcawXc 9240 bytes d:\Documents and Settings\Karim\Mes documents\Mes images\christine coquine.htm:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes scan completed successfully hidden files: 16 < End of report >
  8. K38
    Bon j'ai enfin pu faire l'analyse mais il n'a rien trouvé !!! Malwarebytes' Anti-Malware 1.34 Version de la base de données: 1749 Windows 5.0.2195 Service Pack 4 17/02/2009 15:34:07 mbam-log-2009-02-17 (15-34-06).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 121199 Temps écoulé: 1 hour(s), 46 minute(s), 18 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)
  9. K38
    Impossible de lancer MBAM. J'ai pourtant désinstallé puis réinstallé mais rien y fait. J'ai le message d'erreur suivant : Erreur de chargement de la base de données. Ligne : #51046 (0)
  10. K38
    Bonsoir, Tout d'abord lorsque j'allume mon PC, j'ai un message d'erreur me disant que C:\WINNT\system32\drivers\NirCmd.exe est introuvable. Ensuite j'ai 2 trojans (vdshd.exe et x6cdshd.exe) que AntirVir détecte toutes les 2 minutes sans pouvoir les supprimer automatiquement ce qui fait que les fenêtres de détection s'ouvrent les unes derrière les autres !!! Voici un rapport HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:00:48, on 16/02/2009 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINNT\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: Shell=Explorer.exe %windir%\system32\drivers\NirCmd.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://intranet.upmf-grenoble.fr/qp2.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1132315772357 O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.1.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe O23 - Service: FireDaemon Service: QOS (QOS) - Unknown owner - c:\winnt\system32\microsoft\user\FireDaemon.EXE -- End of file - 7557 bytes
  11. K38
    Ok encore merci pour tout !!!
  12. K38
    Ok ça a l'air d'être nickel maintenant !!! Sinon je n'utilise plus IE mais plutôt Firefox. Merci pour tous ces conseils. P.S : Qu'est ce que je fais de regscanner ? Est ce que je peux le supprimer ou pas ?
  13. K38
    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:17:07, on 08/02/2009 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINNT\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINNT\system32\drivers\NirCmd.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINNT\system32\drwtsn32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: Shell=Explorer.exe %windir%\system32\drivers\NirCmd.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://intranet.upmf-grenoble.fr/qp2.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1132315772357 O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.1.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NirSoft Service Controler - Unknown owner - C:\WINNT\system32\drivers\NirCmd.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe O23 - Service: FireDaemon Service: QOS (QOS) - Unknown owner - c:\winnt\system32\microsoft\user\FireDaemon.EXE -- End of file - 7333 bytes
  14. K38
    ================================================== Registry Key : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\* Name : g Type : REG_SZ Data : C:\WINNT\system32\mscdt.exe Key Modified Time : 02/02/2009 22:06:03 Data Length : 28 ================================================== ================================================== Registry Key : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe Name : f Type : REG_SZ Data : C:\WINNT\system32\mscdt.exe Key Modified Time : 25/01/2009 23:37:17 Data Length : 28 ================================================== ================================================== Registry Key : HKLM\SYSTEM\ControlSet001\Services\MSpool Name : ImagePath Type : REG_EXPAND_SZ Data : C:\WINNT\system32\mscdt.exe Key Modified Time : 15/09/2008 21:43:44 Data Length : 28 ================================================== ================================================== Registry Key : HKLM\SYSTEM\ControlSet002\Services\MSpool Name : ImagePath Type : REG_EXPAND_SZ Data : C:\WINNT\system32\mscdt.exe Key Modified Time : 15/09/2008 21:43:44 Data Length : 28 ================================================== ================================================== Registry Key : HKLM\SYSTEM\CurrentControlSet\Services\MSpool Name : ImagePath Type : REG_EXPAND_SZ Data : C:\WINNT\system32\mscdt.exe Key Modified Time : 15/09/2008 21:43:44 Data Length : 28 ================================================== ================================================== Registry Key : HKU\S-1-5-21-1547161642-2111687655-1957994488-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\* Name : g Type : REG_SZ Data : C:\WINNT\system32\mscdt.exe Key Modified Time : 02/02/2009 22:06:03 Data Length : 28 ================================================== ================================================== Registry Key : HKU\S-1-5-21-1547161642-2111687655-1957994488-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe Name : f Type : REG_SZ Data : C:\WINNT\system32\mscdt.exe Key Modified Time : 25/01/2009 23:37:17 Data Length : 28 ==================================================
  15. K38
    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:18:09, on 08/02/2009 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINNT\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINNT\system32\drivers\NirCmd.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe d:\Documents and Settings\Karim\x6cdshd.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: Shell=Explorer.exe %windir%\system32\drivers\NirCmd.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://intranet.upmf-grenoble.fr/qp2.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1132315772357 O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.1.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MS System Spooler (MSpool) - Unknown owner - C:\WINNT\system32\mscdt.exe (file missing) O23 - Service: NirSoft Service Controler - Unknown owner - C:\WINNT\system32\drivers\NirCmd.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe O23 - Service: FireDaemon Service: QOS (QOS) - Unknown owner - c:\winnt\system32\microsoft\user\FireDaemon.EXE -- End of file - 7450 bytes
  16. K38
    Il me dit que sc delete MSpool n'est pas reconnu en tant que commande interne ou externe, un programme exécutable ou un fichier de commandes.
  17. K38
    Up
  18. K38
    Lorsque j'exécute sc delete MSpool, j'ai le message d'erreur suivant : Le fichier 'sc' (ou un des composants) est introuvable. Vérifiez que le chemin et le nom de fichier sont corrects, et que toutes les bibliothèques requises sont disponibles. Rapport HijackThis ---> Rien n'a changé apparemment Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:23:35, on 27/01/2009 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINNT\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://intranet.upmf-grenoble.fr/qp2.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1132315772357 O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.1.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MS System Spooler (MSpool) - Unknown owner - C:\WINNT\system32\mscdt.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe O23 - Service: FireDaemon Service: QOS (QOS) - Unknown owner - c:\winnt\system32\microsoft\user\FireDaemon.EXE -- End of file - 7192 bytes
  19. K38
    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:09:27, on 27/01/2009 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINNT\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://intranet.upmf-grenoble.fr/qp2.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1132315772357 O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.1.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MS System Spooler (MSpool) - Unknown owner - C:\WINNT\system32\mscdt.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe O23 - Service: FireDaemon Service: QOS (QOS) - Unknown owner - c:\winnt\system32\microsoft\user\FireDaemon.EXE -- End of file - 7192 bytes
  20. K38
    ComboFix 09-01-21.04 - Karim 26/01/2009 23:01:56.4 - NTFSx86 Microsoft Windows 2000 Professionnel 5.0.2195.4.1252.1.1036.18.191.101 [GMT 1:00] LancÚ depuis: d:\documents and settings\Karim\Bureau\ComboFix.exe Commutateurs utilisÚs :: d:\documents and settings\Karim\Bureau\CFScript.txt AVERTISSEMENT - LA CONSOLE DE R+CUP+RATION N'EST PAS INSTALL+E SUR CETTE MACHINE !! FILE :: c:\winnt\Installer\{9DE006A5-B484-4ADE-A760-0F217136B8EA}\system.exe c:\winnt\system32\microsoft\user\dll39.exe c:\winnt\system32\mscdt.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\winnt\system32\microsoft\user\dll39.exe c:\winnt\system32\mscdt.exe . ((((((((((((((((((((((((((((( Fichiers crÚÚs du 2008-12-26 au 2009-01-26 )))))))))))))))))))))))))))))))))))) . Pas de nouveau fichier crÚÚ dans ce laps de temps . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-24 22:24 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-01-24 09:05 410,984 ----a-w c:\winnt\system32\deploytk.dll 2009-01-24 09:04 --------- d-----w c:\program files\Java 2009-01-23 19:23 --------- d-----w c:\program files\Hackman 2009-01-21 19:36 97,072 ----a-w c:\winnt\system32\sfc.dll 2009-01-14 15:11 38,496 ----a-w c:\winnt\system32\drivers\mbamswissarmy.sys 2009-01-14 15:11 15,504 ----a-w c:\winnt\system32\drivers\mbam.sys 2008-12-28 19:20 --------- d-----w c:\program files\VTech 2008-12-28 18:27 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-28 17:48 --------- d-----w c:\program files\7-Zip 2008-12-21 06:47 --------- d-----w c:\program files\eMule 2008-12-11 12:09 239,472 ----a-w c:\winnt\system32\drivers\SRV.SYS 2008-11-30 22:47 --------- d-----w d:\documents and settings\Karim\Application Data\dvdcss 2008-10-07 21:14 0 ---ha-w d:\documents and settings\Christine\hpothb07.dat 2006-08-18 16:22 302 ---ha-w c:\program files\hpothb07.dat 2006-08-18 16:20 513 ---ha-w c:\program files\hpothb07.tif 2006-06-10 09:09 164 -c-ha-w d:\documents and settings\All Users\hpothb07.dat 2006-06-10 09:09 0 -c-ha-w d:\documents and settings\Alain\hpothb07.dat 2006-03-31 22:14 0 -c-ha-w d:\documents and settings\Administrateur\hpothb07.dat 2005-11-16 21:50 271 ---h--w c:\program files\desktop.ini 2005-11-16 21:50 22,115 ---h--w c:\program files\folder.htt 2001-05-08 00:00 32,528 -c--a-w c:\winnt\inf\wbfirdma.sys 2005-07-23 02:25 230 --sha-w c:\winnt\system32\drivers\etc\config\addme.reg 2006-03-21 22:31 34 --sha-w c:\winnt\system32\drivers\etc\config\store.dll . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\winnt\Installer\{9DE006A5-B484-4ADE-A760-0F217136B8EA} ---- 09-01-25 23:52 3012899 --a------ c:\winnt\Installer\{9DE006A5-B484-4ADE-A760-0F217136B8EA}\system.log 08-09-17 21:55 320 --a------ c:\winnt\Installer\{9DE006A5-B484-4ADE-A760-0F217136B8EA}\system.ini 07-08-02 20:20 648 --a------ c:\winnt\Installer\{9DE006A5-B484-4ADE-A760-0F217136B8EA}\env.bat 07-08-02 18:58 969 --a------ c:\winnt\Installer\{9DE006A5-B484-4ADE-A760-0F217136B8EA}\xdcc.ini ((((((((((((((((((((((((((((( snapshot@lun. 2009-01-26_22.26.56.87 ))))))))))))))))))))))))))))))))))))))))) . + 2009-01-26 22:00:24 16,384 ----atw c:\winnt\system32\Perflib_Perfdata_d4.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ÚlÚments vides & les ÚlÚments initiaux lÚgitimes ne sont pas listÚs REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [24/01/09 10:05 136600] "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [17/04/02 10:42 69632] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [14/06/06 19:53 282624] "CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [07/10/02 00:23 90112] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [16/12/04 16:49 49152] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [12/06/08 13:28 266497] "Synchronization Manager"="mobsync.exe" [19/06/03 11:05 111888 c:\winnt\system32\mobsync.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "internat.exe"="internat.exe" [08/05/01 01:00 20752 c:\winnt\system32\internat.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [19/06/03 11:05 189712] d:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456] hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672] Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nwprovau] 01/09/06 06:49 143632 c:\winnt\system32\NWPROVAU.DLL [HKEY_LOCAL_MACHINE\software\microsoft\security center] "antivirusoverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 R3 fbxusb;Carte réseau virtuelle FreeBox USB (32 bits);c:\winnt\system32\drivers\fbxusb32.sys [2007-08-27 31128] R4 QOS;FireDaemon Service: QOS;c:\winnt\system32\Microsoft\user\firedaemon.exe [2008-12-07 81920] S3 EL3C574;Pilote pour périphérique FE574B-3Com 10/100 LAN PCCard;c:\winnt\system32\drivers\el574nd4.sys [2005-11-18 24848] S4 MSpool;MS System Spooler;c:\winnt\system32\mscdt.exe --> c:\winnt\system32\mscdt.exe [?] S4 Service Controler;Service Controler;"c:\winnt\system32\drivers\SbCtri.exe" --> c:\winnt\system32\drivers\SbCtri.exe [?] . Contenu du dossier 'TÔches planifiÚes' 2006-03-19 c:\winnt\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1132827445.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [06/04/03 00:52 ] . . ------- Examen supplÚmentaire ------- . uStart Page = hxxp://fr.yahoo.com/ IE: &Traduire à partir de l'anglais - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html IE: Pages liées - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html IE: Pages similaires - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html IE: Recherche &Google - c:\program files\google\GoogleToolbar1.dll/cmsearch.html IE: Version de la page actuelle disponible dans le cache Google - c:\program files\google\GoogleToolbar1.dll/cmcache.html LSP: %SystemRoot%\system32\msafd.dll DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} - hxxp://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab FF - ProfilePath - d:\documents and settings\Karim\Application Data\Mozilla\Firefox\Profiles\xt0ii9fn.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll . ************************************************************************** Recherche de processus cachÚs ... Recherche d'ÚlÚments en dÚmarrage automatique cachÚs ... Recherche de fichiers cachÚs ... Scan terminÚ avec succÞs Fichiers cachÚs: ************************************************************************** . --------------------- DLLs chargÚes dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(200) c:\winnt\system32\wzcdlg.dll c:\winnt\system32\WZCSAPI.DLL . Heure de fin: 26/01/2009 23:15:05 ComboFix-quarantined-files.txt 2009-01-26 22:13:38 ComboFix2.txt 2009-01-26 21:31:27 Avant-CF: 1 020 334 080 octets libres AprÞs-CF: 1,014,013,952 octets libres 130 --- E O F --- 2009-01-14 00:45:18 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:36:07, on 26/01/2009 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINNT\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://intranet.upmf-grenoble.fr/qp2.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1132315772357 O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.1.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MS System Spooler (MSpool) - Unknown owner - C:\WINNT\system32\mscdt.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe O23 - Service: FireDaemon Service: QOS (QOS) - Unknown owner - c:\winnt\system32\microsoft\user\FireDaemon.EXE -- End of file - 7192 bytes
  21. K38
    ComboFix 09-01-21.04 - Karim 26/01/2009 21:58:14.3 - NTFSx86 Microsoft Windows 2000 Professionnel 5.0.2195.4.1252.1.1036.18.191.101 [GMT 1:00] Lancé depuis: d:\documents and settings\Karim\Bureau\ComboFix.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SYSTEM -------\Legacy_WGAREG -------\Legacy_WGAVM -------\Service_system ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-26 au 2009-01-26 )))))))))))))))))))))))))))))))))))) . 2009-01-26 22:18 . 09-01-26 22:18 16,384 --a----t- c:\winnt\system32\Perflib_Perfdata_218.dat 2009-01-26 21:53 . 09-01-26 21:54 <DIR> d-------- C:\32788R22FWJFW 2009-01-24 22:41 . 09-01-24 22:42 <DIR> d-------- C:\rsit 2009-01-24 10:07 . 09-01-24 10:05 410,984 --a------ c:\winnt\system32\deploytk.dll 2008-12-28 20:20 . 08-12-28 20:20 <DIR> d-------- c:\program files\VTech . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-24 22:24 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-01-24 09:04 --------- d-----w c:\program files\Java 2009-01-23 19:23 --------- d-----w c:\program files\Hackman 2009-01-21 19:36 97,072 ----a-w c:\winnt\system32\sfc.dll 2009-01-14 15:11 38,496 ----a-w c:\winnt\system32\drivers\mbamswissarmy.sys 2009-01-14 15:11 15,504 ----a-w c:\winnt\system32\drivers\mbam.sys 2008-12-28 18:27 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-28 17:48 --------- d-----w c:\program files\7-Zip 2008-12-21 06:47 --------- d-----w c:\program files\eMule 2008-12-11 12:09 239,472 ----a-w c:\winnt\system32\drivers\SRV.SYS 2008-11-30 22:47 --------- d-----w d:\documents and settings\Karim\Application Data\dvdcss 2008-10-07 21:14 0 ---ha-w d:\documents and settings\Christine\hpothb07.dat 2006-08-18 16:22 302 ---ha-w c:\program files\hpothb07.dat 2006-08-18 16:20 513 ---ha-w c:\program files\hpothb07.tif 2006-06-10 09:09 164 -c-ha-w d:\documents and settings\All Users\hpothb07.dat 2006-06-10 09:09 0 -c-ha-w d:\documents and settings\Alain\hpothb07.dat 2006-03-31 22:14 0 -c-ha-w d:\documents and settings\Administrateur\hpothb07.dat 2005-11-16 21:50 271 ---h--w c:\program files\desktop.ini 2005-11-16 21:50 22,115 ---h--w c:\program files\folder.htt 2001-05-08 00:00 32,528 -c--a-w c:\winnt\inf\wbfirdma.sys 2005-07-23 02:25 230 --sha-w c:\winnt\system32\drivers\etc\config\addme.reg 2006-03-21 22:31 34 --sha-w c:\winnt\system32\drivers\etc\config\store.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [08-07-07 08:42 2156368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [09-01-24 10:05 136600] "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [02-04-17 10:42 69632] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [06-06-14 19:53 282624] "CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [02-10-07 00:23 90112] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [04-12-16 16:49 49152] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [08-06-12 13:28 266497] "Synchronization Manager"="mobsync.exe" [03-06-19 11:05 111888 c:\winnt\system32\mobsync.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "internat.exe"="internat.exe" [01-05-08 01:00 20752 c:\winnt\system32\internat.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 11:05 189712] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nwprovau] 06-09-01 06:49 143632 c:\winnt\system32\NWPROVAU.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"= mmdrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "antivirusoverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 R3 EL3C574;Pilote pour périphérique FE574B-3Com 10/100 LAN PCCard;c:\winnt\system32\DRIVERS\el574nd4.sys [99-09-25 03:16 24848] R4 Service Controler;Service Controler; [x] S2 MSpool;MS System Spooler;c:\winnt\system32\mscdt.exe [05-08-04 23:00 603136] S2 QOS;FireDaemon Service: QOS;c:\winnt\system32\microsoft\user\FireDaemon.EXE [04-05-16 13:06 81920] S3 fbxusb;Carte réseau virtuelle FreeBox USB (32 bits);c:\winnt\system32\DRIVERS\fbxusb32.sys [07-08-27 14:12 31128] --- Autres Services/Pilotes en mémoire --- *Deregistered* - ANIWZCSdService *Deregistered* - AntiVirScheduler *Deregistered* - AntiVirService *Deregistered* - Browser *Deregistered* - Dhcp *Deregistered* - dmserver *Deregistered* - Dnscache *Deregistered* - EventSystem *Deregistered* - JavaQuickStarterService *Deregistered* - lanmanserver *Deregistered* - lanmanworkstation *Deregistered* - LmHosts *Deregistered* - MSpool *Deregistered* - Netman *Deregistered* - NtmsSvc *Deregistered* - NWCWorkstation *Deregistered* - NwlnkNb *Deregistered* - NwlnkSpx *Deregistered* - NWRDR *Deregistered* - Parallel *Deregistered* - PartMgr *Deregistered* - ParVdm *Deregistered* - Pml Driver HPZ12 *Deregistered* - PolicyAgent *Deregistered* - PptpMiniport *Deregistered* - ProtectedStorage *Deregistered* - QOS *Deregistered* - RasAcd *Deregistered* - RasAuto *Deregistered* - Rasl2tp *Deregistered* - RasMan *Deregistered* - Raspti *Deregistered* - Rdbss *Deregistered* - RpcSs *Deregistered* - SamSs *Deregistered* - seclogon *Deregistered* - SENS *Deregistered* - SharedAccess *Deregistered* - Spooler *Deregistered* - Srv *Deregistered* - ssmdrv *Deregistered* - StiSvc *Deregistered* - swenum *Deregistered* - TapiSrv *Deregistered* - Tcpip *Deregistered* - tmcomm *Deregistered* - TrkWks *Deregistered* - Update *Deregistered* - VgaSave *Deregistered* - Wanarp *Deregistered* - WinMgmt *Deregistered* - WMDM PMSP Service *Deregistered* - Wmi *Deregistered* - wuauserv . Contenu du dossier 'Tâches planifiées' 2006-03-19 c:\winnt\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1132827445.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [03-04-06 00:52 ] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://fr.yahoo.com/ IE: &Traduire à partir de l'anglais - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html IE: Pages liées - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html IE: Pages similaires - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html IE: Recherche &Google - c:\program files\google\GoogleToolbar1.dll/cmsearch.html IE: Version de la page actuelle disponible dans le cache Google - c:\program files\google\GoogleToolbar1.dll/cmcache.html LSP: %SystemRoot%\system32\msafd.dll DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} - hxxp://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab FF - ProfilePath - d:\documents and settings\Karim\Application Data\Mozilla\Firefox\Profiles\xt0ii9fn.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll . ************************************************************************** Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(200) c:\winnt\system32\wzcdlg.dll c:\winnt\system32\WZCSAPI.DLL - - - - - - - > 'explorer.exe'(1012) c:\winnt\AppPatch\AcLayers.DLL c:\winnt\system32\SHDOCVW.DLL . Heure de fin: 2009-01-26 22:31:21 - La machine a redémarré ComboFix-quarantined-files.txt 2009-01-26 21:30:24 Avant-CF: 1ÿ078ÿ046ÿ720 octets libres AprÞs-CF: 1,015,062,528 octets libres 176 --- E O F --- 2009-01-14 00:45:18
  22. K38
    ========== PROCESSES ========== Process explorer.exe killed successfully. ========== FILES ========== File move failed. c:\winnt\system32\microsoft\user\dll39.exe scheduled to be moved on reboot. File move failed. C:\WINNT\system32\mscdt.exe scheduled to be moved on reboot. C:\WINNT\Installer\{9DE006A5-B484-4ADE-A760-0F217136B8EA}\system.exe moved successfully. ========== COMMANDS ========== Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01252009_235545 Files moved on Reboot... File move failed. c:\winnt\system32\microsoft\user\dll39.exe scheduled to be moved on reboot. File move failed. C:\WINNT\system32\mscdt.exe scheduled to be moved on reboot.
  23. K38
    Fichier dll39.exe reçu le 2009.01.25 23:36:55 (CET) Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.73 2009.01.25 Riskware.Server-FTP.Win32.Serv-U.25.e!IK AhnLab-V3 5.0.0.2 2009.01.25 - AntiVir 7.9.0.60 2009.01.25 SPR/Serv-U.25.D Authentium 5.1.0.4 2009.01.25 W32/HackTool.KQ Avast 4.8.1281.0 2009.01.25 Win32:Trojan-gen {Other} AVG 8.0.0.229 2009.01.25 ServU.JP BitDefender 7.2 2009.01.25 - CAT-QuickHeal 10.00 2009.01.24 - ClamAV 0.94.1 2009.01.25 - Comodo 946 2009.01.25 ApplicUnsaf.Win32.ServU-Daemon DrWeb 4.44.0.09170 2009.01.25 - eSafe 7.0.17.0 2009.01.25 - eTrust-Vet 31.6.6325 2009.01.24 - F-Prot 4.4.4.56 2009.01.25 W32/HackTool.KQ F-Secure 8.0.14470.0 2009.01.25 Server-FTP.Win32.Serv-U.25.d Fortinet 3.117.0.0 2009.01.25 ServU GData 19 2009.01.25 Win32:Trojan-gen {Other} Ikarus T3.1.1.45.0 2009.01.25 not-a-virus:Server-FTP.Win32.Serv-U.25.e K7AntiVirus 7.10.604 2009.01.24 Non-Virus:Server-FTP.Win32.Serv-U.25.d Kaspersky 7.0.0.125 2009.01.25 not-a-virus:Server-FTP.Win32.Serv-U.25.d McAfee 5506 2009.01.25 potentially unwanted program ServU-Daemon McAfee+Artemis 5506 2009.01.25 potentially unwanted program ServU-Daemon Microsoft 1.4205 2009.01.25 - NOD32 3798 2009.01.25 Win32/ServU-Daemon Norman 5.93.01 2009.01.23 - nProtect 2009.1.8.0 2009.01.23 Backdoor/W32.ServU.1015296 Panda 9.5.1.2 2009.01.25 Application/ServUBased.A PCTools 4.4.2.0 2009.01.25 Backdoor.ServU-based.CB Prevx1 V2 2009.01.25 Malicious Software Rising 21.13.42.00 2009.01.23 Backdoor.ServU-based.kz SecureWeb-Gateway 6.7.6 2009.01.25 Riskware.Serv-U.25.D Sophos 4.37.0 2009.01.25 - Sunbelt 3.2.1835.2 2009.01.16 Backdoor.Servu.AZ Symantec 10 2009.01.25 - TheHacker 6.3.1.5.229 2009.01.25 Aplicacion/Serv-U.25.d TrendMicro 8.700.0.1004 2009.01.24 - VBA32 3.12.8.11 2009.01.25 - ViRobot 2009.1.23.1576 2009.01.23 - VirusBuster 4.5.11.0 2009.01.25 Backdoor.ServU-based.CB Information additionnelle File size: 1015296 bytes MD5...: 9a27dbdff798e5c71015eff3ff696821 SHA1..: 6c454c6abdbd9d352f004c95c9f4dda1aa8b1943 SHA256: 390d4ea3c7b63a9d8532ba0796a4cc9ac8e764f74f233da7e402194212bffec7 SHA512: 7a1041eae97b0229a88c1e25d01fc601e419ed780441d98088e93f0d9d30836b<br>5d5e4fe65a2f237135320c2d095cf09b35770cacf8a52641fabed9ed243dc866<br> ssdeep: 12288:z4aaOI9dOVRbFH6pDmAzjQn9fkJYijrkQLS2S+bEYp3yYF7CXlq/KFhXXE<br>vqANm9:M9OI9dOVRBapZOtkJYOrjG4p3yY6/<br> PEiD..: - TrID..: File type identification<br>InstallShield setup (47.3%)<br>Win32 Executable Delphi generic (16.1%)<br>DOS Executable Borland C++ (14.3%)<br>Win32 Executable Generic (9.3%)<br>Win32 Dynamic Link Library (generic) (8.3%) PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x401000<br>timedatestamp.....: 0x52aa284e (Thu Dec 12 21:19:10 2013)<br>machinetype.......: 0x14c (I386)<br><br>( 8 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xaa000 0xa9400 6.48 4dc058b620ee8feaf8e77595311849ed<br>.data 0xab000 0x2c000 0x25e00 4.48 8e5e3151059afbdbb25d942252260f0c<br>.tls 0xd7000 0x1000 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b<br>.rdata 0xd8000 0x1000 0x200 0.21 6cab5b7066c2af54b972946eb7c273cc<br>.idata 0xd9000 0x3000 0x2a00 5.32 e49d35d22dc40801bc8a4e4c7693eef3<br>.edata 0xdc000 0x1000 0x200 4.19 bc434e612fbd73c656b49690f52c5b81<br>.rsrc 0xdd000 0x1c000 0x1be00 4.25 810803d117f9e17e52a76824d6d1c6d2<br>.reloc 0xf9000 0xa000 0x9800 6.61 197035d7b2e7a9d10c9cdba1662aae59<br><br>( 7 imports ) <br>> ADVAPI32.dll: RegCloseKey, RegCreateKeyExA, RegDeleteValueA, RegOpenKeyExA, RegQueryValueExA, RegSetValueExA<br>> KERNEL32.dll: CloseHandle, CreateDirectoryA, CreateEventA, CreateFileA, CreateMutexA, CreateThread, DeleteCriticalSection, DeleteFileA, DosDateTimeToFileTime, DuplicateHandle, EnterCriticalSection, ExitProcess, ExitThread, ExpandEnvironmentStringsA, FileTimeToDosDateTime, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, FindCloseChangeNotification, FindFirstChangeNotificationA, FindFirstFileA, FindNextFileA, FindResourceA, FreeLibrary, FreeResource, GetACP, GetCPInfo, GetCommandLineA, GetCurrentDirectoryA, GetCurrentProcess, GetCurrentProcessId, GetCurrentThread, GetCurrentThreadId, GetDateFormatA, GetDiskFreeSpaceA, GetDriveTypeA, GetEnvironmentStrings, GetEnvironmentVariableA, GetExitCodeThread, GetFileAttributesA, GetFileSize, GetFileTime, GetFileType, GetFullPathNameA, GetLastError, GetLocalTime, GetLogicalDrives, GetModuleFileNameA, GetModuleHandleA, GetPrivateProfileStringA, GetProcAddress, GetStartupInfoA, GetStdHandle, GetStringTypeW, GetSystemInfo, GetTickCount, GetTimeZoneInformation, GetVersion, GetVersionExA, GetVolumeInformationA, GetWindowsDirectoryA, GlobalAlloc, GlobalFree, GlobalLock, GlobalMemoryStatus, GlobalUnlock, InitializeCriticalSection, LCMapStringA, LeaveCriticalSection, LoadLibraryA, LoadResource, LocalAlloc, LocalFileTimeToFileTime, LocalFree, LocalHandle, LocalLock, LocalReAlloc, LocalUnlock, LockResource, MoveFileA, MulDiv, MultiByteToWideChar, OpenFile, PulseEvent, RaiseException, ReadFile, ReleaseMutex, ReleaseSemaphore, RemoveDirectoryA, ResumeThread, RtlUnwind, SetConsoleCtrlHandler, SetCurrentDirectoryA, SetEndOfFile, SetEnvironmentVariableA, SetErrorMode, SetFileAttributesA, SetFilePointer, SetFileTime, SetHandleCount, SetThreadPriority, Sleep, SuspendThread, SystemTimeToFileTime, TerminateThread, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, UnhandledExceptionFilter, VirtualAlloc, VirtualFree, VirtualQuery, WaitForMultipleObjects, WaitForMultipleObjectsEx, WaitForSingleObject, WaitForSingleObjectEx, WideCharToMultiByte, WinExec, WriteFile, WritePrivateProfileStringA, lstrcmpA, lstrcmpiA, lstrlenA<br>> WSOCK32.dll: WSAAsyncGetHostByAddr, WSAAsyncGetHostByName, WSAAsyncSelect, WSACancelAsyncRequest, WSACleanup, WSAGetLastError, WSASetBlockingHook, WSAStartup, WSAUnhookBlockingHook, accept, closesocket, connect, gethostbyname, gethostname, getpeername, getsockname, getsockopt, htonl, htons, inet_addr, inet_ntoa, ioctlsocket, listen, ntohl, ntohs, recv, recvfrom, select, send, sendto, setsockopt, shutdown, socket, bind<br>> COMDLG32.dll: ChooseFontA, CommDlgExtendedError, GetOpenFileNameA, GetSaveFileNameA<br>> GDI32.dll: BitBlt, CombineRgn, CopyEnhMetaFileA, CopyMetaFileA, CreateBitmap, CreateBitmapIndirect, CreateBrushIndirect, CreateCompatibleBitmap, CreateCompatibleDC, CreateDCA, CreateDIBPatternBrush, CreateDIBitmap, CreateDiscardableBitmap, CreateEllipticRgnIndirect, CreateFontA, CreateFontIndirectA, CreateHatchBrush, CreateICA, CreatePalette, CreatePatternBrush, CreatePen, CreatePenIndirect, CreatePolyPolygonRgn, CreatePolygonRgn, CreateRectRgn, CreateRectRgnIndirect, CreateRoundRectRgn, CreateSolidBrush, DPtoLP, DeleteDC, DeleteEnhMetaFile, DeleteMetaFile, DeleteObject, Ellipse, ExtCreatePen, ExtTextOutA, GetClipRgn, GetCurrentObject, GetDIBits, GetDeviceCaps, GetEnhMetaFileA, GetMetaFileA, GetMetaFileBitsEx, GetObjectA, GetPaletteEntries, GetStockObject, GetSystemPaletteEntries, GetTextExtentPointA, GetTextMetricsA, GetViewportOrgEx, IntersectClipRect, LineTo, MoveToEx, OffsetViewportOrgEx, OffsetWindowOrgEx, PatBlt, PlayEnhMetaFile, PlayMetaFile, RealizePalette, ResetDCA, RestoreDC, SaveDC, ScaleViewportExtEx, ScaleWindowExtEx, SelectClipRgn, SelectObject, SelectPalette, SetBkColor, SetBkMode, SetDIBitsToDevice, SetEnhMetaFileBits, SetMapMode, SetMetaFileBitsEx, SetPixel, SetTextColor, SetViewportExtEx, SetViewportOrgEx, SetWindowExtEx, SetWindowOrgEx, StretchDIBits, TextOutA<br>> SHELL32.dll: ExtractIconA, ShellExecuteA, Shell_NotifyIconA<br>> USER32.dll: AdjustWindowRectEx, AppendMenuA, BeginDeferWindowPos, BeginPaint, BringWindowToTop, CallWindowProcA, CheckMenuItem, CheckMenuRadioItem, ChildWindowFromPoint, ClientToScreen, CloseClipboard, CopyIcon, CreateCursor, CreateDialogParamA, CreateIcon, CreateIconFromResource, CreateIconIndirect, CreateMenu, CreatePopupMenu, CreateWindowExA, DefFrameProcA, DefMDIChildProcA, DefWindowProcA, DeferWindowPos, DeleteMenu, DestroyCursor, DestroyIcon, DestroyMenu, DestroyWindow, DialogBoxParamA, DispatchMessageA, DrawEdge, DrawFocusRect, DrawFrameControl, DrawIcon, DrawMenuBar, DrawStateA, DrawTextA, EnableMenuItem, EnableWindow, EndDeferWindowPos, EndDialog, EndPaint, EnumClipboardFormats, EnumThreadWindows, FillRect, FindWindowA, FrameRect, GetActiveWindow, GetCapture, GetClassInfoA, GetClassNameA, GetClientRect, GetClipboardData, GetCursorPos, GetDC, GetDesktopWindow, GetDialogBaseUnits, GetDlgCtrlID, GetDlgItem, GetDlgItemInt, GetFocus, GetKeyState, GetMenu, GetMenuDefaultItem, GetMenuItemCount, GetMenuItemID, GetMenuItemInfoA, GetMenuState, GetMenuStringA, GetParent, GetScrollInfo, GetSubMenu, GetSysColor, GetSystemMenu, GetSystemMetrics, GetTabbedTextExtentA, GetUpdateRgn, GetWindow, GetWindowDC, GetWindowLongA, GetWindowPlacement, GetWindowRect, GetWindowTextA, GetWindowTextLengthA, GetWindowThreadProcessId, GrayStringA, InsertMenuA, InsertMenuItemA, InvalidateRect, IsChild, IsClipboardFormatAvailable, IsDialogMessageA, IsIconic, IsMenu, IsWindow, IsWindowEnabled, IsWindowVisible, IsZoomed, KillTimer, LoadAcceleratorsA, LoadBitmapA, LoadCursorA, LoadIconA, LoadImageA, LoadMenuA, LoadMenuIndirectA, LoadStringA, MapWindowPoints, MessageBeep, MessageBoxA, MessageBoxExA, ModifyMenuA, MoveWindow, MsgWaitForMultipleObjects, OpenClipboard, PeekMessageA, PostMessageA, PostQuitMessage, PostThreadMessageA, RegisterClassA, RegisterWindowMessageA, ReleaseCapture, ReleaseDC, RemoveMenu, ScreenToClient, ScrollWindow, SendDlgItemMessageA, SendMessageA, SetActiveWindow, SetCapture, SetClipboardData, SetCursor, SetFocus, SetForegroundWindow, SetMenu, SetMenuDefaultItem, SetMenuItemInfoA, SetMessageQueue, SetParent, SetScrollInfo, SetTimer, SetWindowContextHelpId, SetWindowLongA, SetWindowPlacement, SetWindowPos, SetWindowTextA, ShowScrollBar, ShowWindow, SystemParametersInfoA, TabbedTextOutA, TrackPopupMenu, TranslateAcceleratorA, TranslateMDISysAccel, TranslateMessage, UnregisterClassA, UpdateWindow, WaitMessage, WinHelpA, WindowFromPoint<br><br>( 8 exports ) <br>@RTrayIcon@TimerProc$qqsp6HWND__uiuil, @RWinSocket@BlockingHookProc$qqsv, @RWinSocket@DispatchProc$qqsp6HWND__uiuil, @__lockDebuggerData$qv, @__unlockDebuggerData$qv, __DebuggerHookData, __GetExceptDLLinfo, ___CPPdebugHook<br> Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=0832E1DB0074A0827E3A0F37D111E900E4B7B774''>http://info.prevx.com/aboutprogramtext.asp?PX5=0832E1DB0074A0827E3A0F37D111E900E4B7B774' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=0832E1DB0074A0827E3A0F37D111E900E4B7B774</a>'>http://info.prevx.com/aboutprogramtext.asp?PX5=0832E1DB0074A0827E3A0F37D111E900E4B7B774</a> Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.73 2009.01.25 Riskware.Server-FTP.Win32.Serv-U.25.e!IK AhnLab-V3 5.0.0.2 2009.01.25 - AntiVir 7.9.0.60 2009.01.25 SPR/Serv-U.25.D Authentium 5.1.0.4 2009.01.25 W32/HackTool.KQ Avast 4.8.1281.0 2009.01.25 Win32:Trojan-gen {Other} AVG 8.0.0.229 2009.01.25 ServU.JP BitDefender 7.2 2009.01.25 - CAT-QuickHeal 10.00 2009.01.24 - ClamAV 0.94.1 2009.01.25 - Comodo 946 2009.01.25 ApplicUnsaf.Win32.ServU-Daemon DrWeb 4.44.0.09170 2009.01.25 - eSafe 7.0.17.0 2009.01.25 - eTrust-Vet 31.6.6325 2009.01.24 - F-Prot 4.4.4.56 2009.01.25 W32/HackTool.KQ F-Secure 8.0.14470.0 2009.01.25 Server-FTP.Win32.Serv-U.25.d Fortinet 3.117.0.0 2009.01.25 ServU GData 19 2009.01.25 Win32:Trojan-gen {Other} Ikarus T3.1.1.45.0 2009.01.25 not-a-virus:Server-FTP.Win32.Serv-U.25.e K7AntiVirus 7.10.604 2009.01.24 Non-Virus:Server-FTP.Win32.Serv-U.25.d Kaspersky 7.0.0.125 2009.01.25 not-a-virus:Server-FTP.Win32.Serv-U.25.d McAfee 5506 2009.01.25 potentially unwanted program ServU-Daemon McAfee+Artemis 5506 2009.01.25 potentially unwanted program ServU-Daemon Microsoft 1.4205 2009.01.25 - NOD32 3798 2009.01.25 Win32/ServU-Daemon Norman 5.93.01 2009.01.23 - nProtect 2009.1.8.0 2009.01.23 Backdoor/W32.ServU.1015296 Panda 9.5.1.2 2009.01.25 Application/ServUBased.A PCTools 4.4.2.0 2009.01.25 Backdoor.ServU-based.CB Prevx1 V2 2009.01.25 Malicious Software Rising 21.13.42.00 2009.01.23 Backdoor.ServU-based.kz SecureWeb-Gateway 6.7.6 2009.01.25 Riskware.Serv-U.25.D Sophos 4.37.0 2009.01.25 - Sunbelt 3.2.1835.2 2009.01.16 Backdoor.Servu.AZ Symantec 10 2009.01.25 - TheHacker 6.3.1.5.229 2009.01.25 Aplicacion/Serv-U.25.d TrendMicro 8.700.0.1004 2009.01.24 - VBA32 3.12.8.11 2009.01.25 - ViRobot 2009.1.23.1576 2009.01.23 - VirusBuster 4.5.11.0 2009.01.25 Backdoor.ServU-based.CB Information additionnelle File size: 1015296 bytes MD5...: 9a27dbdff798e5c71015eff3ff696821 SHA1..: 6c454c6abdbd9d352f004c95c9f4dda1aa8b1943 SHA256: 390d4ea3c7b63a9d8532ba0796a4cc9ac8e764f74f233da7e402194212bffec7 SHA512: 7a1041eae97b0229a88c1e25d01fc601e419ed780441d98088e93f0d9d30836b<br>5d5e4fe65a2f237135320c2d095cf09b35770cacf8a52641fabed9ed243dc866<br> ssdeep: 12288:z4aaOI9dOVRbFH6pDmAzjQn9fkJYijrkQLS2S+bEYp3yYF7CXlq/KFhXXE<br>vqANm9:M9OI9dOVRBapZOtkJYOrjG4p3yY6/<br> PEiD..: - TrID..: File type identification<br>InstallShield setup (47.3%)<br>Win32 Executable Delphi generic (16.1%)<br>DOS Executable Borland C++ (14.3%)<br>Win32 Executable Generic (9.3%)<br>Win32 Dynamic Link Library (generic) (8.3%) PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x401000<br>timedatestamp.....: 0x52aa284e (Thu Dec 12 21:19:10 2013)<br>machinetype.......: 0x14c (I386)<br><br>( 8 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xaa000 0xa9400 6.48 4dc058b620ee8feaf8e77595311849ed<br>.data 0xab000 0x2c000 0x25e00 4.48 8e5e3151059afbdbb25d942252260f0c<br>.tls 0xd7000 0x1000 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b<br>.rdata 0xd8000 0x1000 0x200 0.21 6cab5b7066c2af54b972946eb7c273cc<br>.idata 0xd9000 0x3000 0x2a00 5.32 e49d35d22dc40801bc8a4e4c7693eef3<br>.edata 0xdc000 0x1000 0x200 4.19 bc434e612fbd73c656b49690f52c5b81<br>.rsrc 0xdd000 0x1c000 0x1be00 4.25 810803d117f9e17e52a76824d6d1c6d2<br>.reloc 0xf9000 0xa000 0x9800 6.61 197035d7b2e7a9d10c9cdba1662aae59<br><br>( 7 imports ) <br>> ADVAPI32.dll: RegCloseKey, RegCreateKeyExA, RegDeleteValueA, RegOpenKeyExA, RegQueryValueExA, RegSetValueExA<br>> KERNEL32.dll: CloseHandle, CreateDirectoryA, CreateEventA, CreateFileA, CreateMutexA, CreateThread, DeleteCriticalSection, DeleteFileA, DosDateTimeToFileTime, DuplicateHandle, EnterCriticalSection, ExitProcess, ExitThread, ExpandEnvironmentStringsA, FileTimeToDosDateTime, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, FindCloseChangeNotification, FindFirstChangeNotificationA, FindFirstFileA, FindNextFileA, FindResourceA, FreeLibrary, FreeResource, GetACP, GetCPInfo, GetCommandLineA, GetCurrentDirectoryA, GetCurrentProcess, GetCurrentProcessId, GetCurrentThread, GetCurrentThreadId, GetDateFormatA, GetDiskFreeSpaceA, GetDriveTypeA, GetEnvironmentStrings, GetEnvironmentVariableA, GetExitCodeThread, GetFileAttributesA, GetFileSize, GetFileTime, GetFileType, GetFullPathNameA, GetLastError, GetLocalTime, GetLogicalDrives, GetModuleFileNameA, GetModuleHandleA, GetPrivateProfileStringA, GetProcAddress, GetStartupInfoA, GetStdHandle, GetStringTypeW, GetSystemInfo, GetTickCount, GetTimeZoneInformation, GetVersion, GetVersionExA, GetVolumeInformationA, GetWindowsDirectoryA, GlobalAlloc, GlobalFree, GlobalLock, GlobalMemoryStatus, GlobalUnlock, InitializeCriticalSection, LCMapStringA, LeaveCriticalSection, LoadLibraryA, LoadResource, LocalAlloc, LocalFileTimeToFileTime, LocalFree, LocalHandle, LocalLock, LocalReAlloc, LocalUnlock, LockResource, MoveFileA, MulDiv, MultiByteToWideChar, OpenFile, PulseEvent, RaiseException, ReadFile, ReleaseMutex, ReleaseSemaphore, RemoveDirectoryA, ResumeThread, RtlUnwind, SetConsoleCtrlHandler, SetCurrentDirectoryA, SetEndOfFile, SetEnvironmentVariableA, SetErrorMode, SetFileAttributesA, SetFilePointer, SetFileTime, SetHandleCount, SetThreadPriority, Sleep, SuspendThread, SystemTimeToFileTime, TerminateThread, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, UnhandledExceptionFilter, VirtualAlloc, VirtualFree, VirtualQuery, WaitForMultipleObjects, WaitForMultipleObjectsEx, WaitForSingleObject, WaitForSingleObjectEx, WideCharToMultiByte, WinExec, WriteFile, WritePrivateProfileStringA, lstrcmpA, lstrcmpiA, lstrlenA<br>> WSOCK32.dll: WSAAsyncGetHostByAddr, WSAAsyncGetHostByName, WSAAsyncSelect, WSACancelAsyncRequest, WSACleanup, WSAGetLastError, WSASetBlockingHook, WSAStartup, WSAUnhookBlockingHook, accept, closesocket, connect, gethostbyname, gethostname, getpeername, getsockname, getsockopt, htonl, htons, inet_addr, inet_ntoa, ioctlsocket, listen, ntohl, ntohs, recv, recvfrom, select, send, sendto, setsockopt, shutdown, socket, bind<br>> COMDLG32.dll: ChooseFontA, CommDlgExtendedError, GetOpenFileNameA, GetSaveFileNameA<br>> GDI32.dll: BitBlt, CombineRgn, CopyEnhMetaFileA, CopyMetaFileA, CreateBitmap, CreateBitmapIndirect, CreateBrushIndirect, CreateCompatibleBitmap, CreateCompatibleDC, CreateDCA, CreateDIBPatternBrush, CreateDIBitmap, CreateDiscardableBitmap, CreateEllipticRgnIndirect, CreateFontA, CreateFontIndirectA, CreateHatchBrush, CreateICA, CreatePalette, CreatePatternBrush, CreatePen, CreatePenIndirect, CreatePolyPolygonRgn, CreatePolygonRgn, CreateRectRgn, CreateRectRgnIndirect, CreateRoundRectRgn, CreateSolidBrush, DPtoLP, DeleteDC, DeleteEnhMetaFile, DeleteMetaFile, DeleteObject, Ellipse, ExtCreatePen, ExtTextOutA, GetClipRgn, GetCurrentObject, GetDIBits, GetDeviceCaps, GetEnhMetaFileA, GetMetaFileA, GetMetaFileBitsEx, GetObjectA, GetPaletteEntries, GetStockObject, GetSystemPaletteEntries, GetTextExtentPointA, GetTextMetricsA, GetViewportOrgEx, IntersectClipRect, LineTo, MoveToEx, OffsetViewportOrgEx, OffsetWindowOrgEx, PatBlt, PlayEnhMetaFile, PlayMetaFile, RealizePalette, ResetDCA, RestoreDC, SaveDC, ScaleViewportExtEx, ScaleWindowExtEx, SelectClipRgn, SelectObject, SelectPalette, SetBkColor, SetBkMode, SetDIBitsToDevice, SetEnhMetaFileBits, SetMapMode, SetMetaFileBitsEx, SetPixel, SetTextColor, SetViewportExtEx, SetViewportOrgEx, SetWindowExtEx, SetWindowOrgEx, StretchDIBits, TextOutA<br>> SHELL32.dll: ExtractIconA, ShellExecuteA, Shell_NotifyIconA<br>> USER32.dll: AdjustWindowRectEx, AppendMenuA, BeginDeferWindowPos, BeginPaint, BringWindowToTop, CallWindowProcA, CheckMenuItem, CheckMenuRadioItem, ChildWindowFromPoint, ClientToScreen, CloseClipboard, CopyIcon, CreateCursor, CreateDialogParamA, CreateIcon, CreateIconFromResource, CreateIconIndirect, CreateMenu, CreatePopupMenu, CreateWindowExA, DefFrameProcA, DefMDIChildProcA, DefWindowProcA, DeferWindowPos, DeleteMenu, DestroyCursor, DestroyIcon, DestroyMenu, DestroyWindow, DialogBoxParamA, DispatchMessageA, DrawEdge, DrawFocusRect, DrawFrameControl, DrawIcon, DrawMenuBar, DrawStateA, DrawTextA, EnableMenuItem, EnableWindow, EndDeferWindowPos, EndDialog, EndPaint, EnumClipboardFormats, EnumThreadWindows, FillRect, FindWindowA, FrameRect, GetActiveWindow, GetCapture, GetClassInfoA, GetClassNameA, GetClientRect, GetClipboardData, GetCursorPos, GetDC, GetDesktopWindow, GetDialogBaseUnits, GetDlgCtrlID, GetDlgItem, GetDlgItemInt, GetFocus, GetKeyState, GetMenu, GetMenuDefaultItem, GetMenuItemCount, GetMenuItemID, GetMenuItemInfoA, GetMenuState, GetMenuStringA, GetParent, GetScrollInfo, GetSubMenu, GetSysColor, GetSystemMenu, GetSystemMetrics, GetTabbedTextExtentA, GetUpdateRgn, GetWindow, GetWindowDC, GetWindowLongA, GetWindowPlacement, GetWindowRect, GetWindowTextA, GetWindowTextLengthA, GetWindowThreadProcessId, GrayStringA, InsertMenuA, InsertMenuItemA, InvalidateRect, IsChild, IsClipboardFormatAvailable, IsDialogMessageA, IsIconic, IsMenu, IsWindow, IsWindowEnabled, IsWindowVisible, IsZoomed, KillTimer, LoadAcceleratorsA, LoadBitmapA, LoadCursorA, LoadIconA, LoadImageA, LoadMenuA, LoadMenuIndirectA, LoadStringA, MapWindowPoints, MessageBeep, MessageBoxA, MessageBoxExA, ModifyMenuA, MoveWindow, MsgWaitForMultipleObjects, OpenClipboard, PeekMessageA, PostMessageA, PostQuitMessage, PostThreadMessageA, RegisterClassA, RegisterWindowMessageA, ReleaseCapture, ReleaseDC, RemoveMenu, ScreenToClient, ScrollWindow, SendDlgItemMessageA, SendMessageA, SetActiveWindow, SetCapture, SetClipboardData, SetCursor, SetFocus, SetForegroundWindow, SetMenu, SetMenuDefaultItem, SetMenuItemInfoA, SetMessageQueue, SetParent, SetScrollInfo, SetTimer, SetWindowContextHelpId, SetWindowLongA, SetWindowPlacement, SetWindowPos, SetWindowTextA, ShowScrollBar, ShowWindow, SystemParametersInfoA, TabbedTextOutA, TrackPopupMenu, TranslateAcceleratorA, TranslateMDISysAccel, TranslateMessage, UnregisterClassA, UpdateWindow, WaitMessage, WinHelpA, WindowFromPoint<br><br>( 8 exports ) <br>@RTrayIcon@TimerProc$qqsp6HWND__uiuil, @RWinSocket@BlockingHookProc$qqsv, @RWinSocket@DispatchProc$qqsp6HWND__uiuil, @__lockDebuggerData$qv, @__unlockDebuggerData$qv, __DebuggerHookData, __GetExceptDLLinfo, ___CPPdebugHook<br> Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=0832E1DB0074A0827E3A0F37D111E900E4B7B774' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=0832E1DB0074A0827E3A0F37D111E900E4B7B774</a>
  24. K38
    Fichier mscdt.exe reçu le 2008.12.01 10:02:54 (CET) Antivirus Version Dernière mise à jour Résultat AhnLab-V3 - - Win-AppCare/ServU.603136 AntiVir - - SPR/Serv-U.Gen Authentium - - W32/Backdoor.SUC Avast - - Win32:ServU-BQ AVG - - ServU.AIO BitDefender - - Generic.ServU.072821F0 CAT-QuickHeal - - - ClamAV - - Trojan.Servu.1 DrWeb - - BackDoor.Servu.4100 eSafe - - Win32.ServU-based eTrust-Vet - - Win32/IRCFlood Ewido - - - F-Prot - - W32/Backdoor.SUC F-Secure - - Backdoor.Win32.ServU-based Fortinet - - HackerTool/ServU GData - - Generic.ServU.072821F0 Ikarus - - not-a-virus:Server-FTP.Win32.Serv-U.4100 K7AntiVirus - - Backdoor.Win32.ServU-based Kaspersky - - Backdoor.Win32.ServU-based McAfee - - potentially unwanted program ServU-Daemon McAfee+Artemis - - potentially unwanted program ServU-Daemon Microsoft - - Backdoor:Win32/Agent NOD32 - - Win32/ServU-Daemon Norman - - W32/ServU.4_1D Panda - - Bck/ServU.AC PCTools - - Backdoor.ServU-based!sd5 Prevx1 - - System Back Door Rising - - Backdoor.ServU-based.d SecureWeb-Gateway - - Riskware.Serv-U.Gen Sophos - - Troj/ServU-Gen Sunbelt - - Backdoor.Win32.ServU-based Symantec - - Backdoor.Trojan TheHacker - - Backdoor/ServU-based TrendMicro - - - VBA32 - - suspected of Backdoor.XiaoBird.29 (paranoid heuristics) ViRobot - - Backdoor.Win32.SdBot.603136 VirusBuster - - Backdoor.Agent.AJYZ Information additionnelle MD5: 74c94beeb95cbc854648dd0c12d0ba32 SHA1: 1e95b1080cf272557be95028c8214080a8a82fe1 SHA256: ac85298e73baefe9ccd742b917d11ffa6cca4750fab3b49556d991dfae871ef7 SHA512: 5b5241d96d2c098e8be20b18c82dc41af47831659ab66987e0ec105bc9ddec2d3a176e24d6076b65 392143543051f55e8516357c9b94fd36238acc02dddce527 Antivirus Version Dernière mise à jour Résultat AhnLab-V3 - - Win-AppCare/ServU.603136 AntiVir - - SPR/Serv-U.Gen Authentium - - W32/Backdoor.SUC Avast - - Win32:ServU-BQ AVG - - ServU.AIO BitDefender - - Generic.ServU.072821F0 CAT-QuickHeal - - - ClamAV - - Trojan.Servu.1 DrWeb - - BackDoor.Servu.4100 eSafe - - Win32.ServU-based eTrust-Vet - - Win32/IRCFlood Ewido - - - F-Prot - - W32/Backdoor.SUC F-Secure - - Backdoor.Win32.ServU-based Fortinet - - HackerTool/ServU GData - - Generic.ServU.072821F0 Ikarus - - not-a-virus:Server-FTP.Win32.Serv-U.4100 K7AntiVirus - - Backdoor.Win32.ServU-based Kaspersky - - Backdoor.Win32.ServU-based McAfee - - potentially unwanted program ServU-Daemon McAfee+Artemis - - potentially unwanted program ServU-Daemon Microsoft - - Backdoor:Win32/Agent NOD32 - - Win32/ServU-Daemon Norman - - W32/ServU.4_1D Panda - - Bck/ServU.AC PCTools - - Backdoor.ServU-based!sd5 Prevx1 - - System Back Door Rising - - Backdoor.ServU-based.d SecureWeb-Gateway - - Riskware.Serv-U.Gen Sophos - - Troj/ServU-Gen Sunbelt - - Backdoor.Win32.ServU-based Symantec - - Backdoor.Trojan TheHacker - - Backdoor/ServU-based TrendMicro - - - VBA32 - - suspected of Backdoor.XiaoBird.29 (paranoid heuristics) ViRobot - - Backdoor.Win32.SdBot.603136 VirusBuster - - Backdoor.Agent.AJYZ Information additionnelle MD5: 74c94beeb95cbc854648dd0c12d0ba32 SHA1: 1e95b1080cf272557be95028c8214080a8a82fe1 SHA256: ac85298e73baefe9ccd742b917d11ffa6cca4750fab3b49556d991dfae871ef7 SHA512: 5b5241d96d2c098e8be20b18c82dc41af47831659ab66987e0ec105bc9ddec2d3a176e24d6076b65 392143543051f55e8516357c9b94fd36238acc02dddce527
  25. K38
    Fichier system.exe reçu le 2009.01.25 00:50:30 (CET) Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.73 2009.01.25 Backdoor.Win32.Iroffer!IK AhnLab-V3 5.0.0.2 2009.01.24 - AntiVir 7.9.0.60 2009.01.24 APPL/NTsvc.A Authentium 5.1.0.4 2009.01.24 - Avast 4.8.1281.0 2009.01.24 - AVG 8.0.0.229 2009.01.24 - BitDefender 7.2 2009.01.25 - CAT-QuickHeal 10.00 2009.01.24 - ClamAV 0.94.1 2009.01.24 - Comodo 944 2009.01.24 ApplicUnsaf.Win32.NTsvc DrWeb 4.44.0.09170 2009.01.25 Tool.Starter eSafe 7.0.17.0 2009.01.22 - eTrust-Vet 31.6.6325 2009.01.24 - F-Prot 4.4.4.56 2009.01.24 - F-Secure 8.0.14470.0 2009.01.24 - Fortinet 3.117.0.0 2009.01.24 - GData 19 2009.01.24 - Ikarus T3.1.1.45.0 2009.01.24 Backdoor.Win32.Iroffer K7AntiVirus 7.10.604 2009.01.24 Trojan.Win32.Malware.1 Kaspersky 7.0.0.125 2009.01.24 - McAfee 5505 2009.01.24 - McAfee+Artemis 5505 2009.01.24 - Microsoft 1.4205 2009.01.24 - NOD32 3797 2009.01.25 Win32/NTsvc Norman 5.93.01 2009.01.23 - nProtect 2009.1.8.0 2009.01.23 - Panda 9.5.1.2 2009.01.24 - PCTools 4.4.2.0 2009.01.24 Backdoor.IRC.Flood Prevx1 V2 2009.01.25 Worm Rising 21.13.42.00 2009.01.23 - SecureWeb-Gateway 6.7.6 2009.01.24 Riskware.NTsvc.A Sophos 4.37.0 2009.01.24 - Sunbelt 3.2.1835.2 2009.01.16 - Symantec 10 2009.01.25 - TheHacker 6.3.1.5.228 2009.01.24 - TrendMicro 8.700.0.1004 2009.01.24 - VBA32 3.12.8.11 2009.01.24 - ViRobot 2009.1.23.1576 2009.01.23 - VirusBuster 4.5.11.0 2009.01.24 - Information additionnelle File size: 53760 bytes MD5...: ea2e9e72f5bc8ac2549b325a757d321d SHA1..: 82968811c3329c44edf796acaaf3f04618f99d97 SHA256: 0a01c68ae7b981ac52dd86b91daa1443f0fd95e3151b64223d7d4f5a5954ff48 SHA512: 6acae9b5da3757384c350b7800085948b7302ddb0386150304db3fbdeeedf9e0<br>66da29d8c4bd769c88446326ab5c32e81639021b14a83d5b77039b2855c6ef07<br> ssdeep: 768:JicUaMcxl/On8MiHhbtlEXSgtr40CgE1so+ojHOg:tUaBxl/UMBbtlEXSgOf<br>l11Dyg<br> PEiD..: InstallShield 2000 TrID..: File type identification<br>Win32 Executable MS Visual C++ (generic) (62.9%)<br>Win32 Executable Generic (14.2%)<br>Win32 Dynamic Link Library (generic) (12.6%)<br>Win16/32 Executable Delphi generic (3.4%)<br>Generic Win/DOS Executable (3.3%) PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x4025e0<br>timedatestamp.....: 0x4040a9fd (Sat Feb 28 14:47:25 2004)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x7cf2 0x7e00 6.45 e9a2d64471b6f50675c4699123511bf3<br>.rdata 0x9000 0xafd 0xc00 4.65 ea3a22f708a9282520ed45bb02af5397<br>.data 0xa000 0x5744 0x3a00 1.81 2193cbdd1bd1e6949ee865a45dc43a65<br>.idata 0x10000 0x806 0xa00 4.55 7616fe7eb72e521eefe6e7f87a2e1a78<br><br>( 3 imports ) <br>> KERNEL32.dll: InitializeCriticalSection, GetModuleFileNameA, DeleteCriticalSection, GetExitCodeProcess, TerminateProcess, GetPrivateProfileStringA, CreateProcessA, Sleep, GetLastError, EnterCriticalSection, LeaveCriticalSection, ResumeThread, CreateThread, TlsSetValue, ExitThread, CloseHandle, GetCommandLineA, GetVersion, ExitProcess, HeapFree, GetCurrentThreadId, TlsAlloc, SetLastError, TlsGetValue, HeapAlloc, GetCurrentProcess, UnhandledExceptionFilter, RtlUnwind, InterlockedDecrement, InterlockedIncrement, FreeEnvironmentStringsA, MultiByteToWideChar, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, WideCharToMultiByte, GetCPInfo, GetACP, GetOEMCP, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, HeapDestroy, HeapCreate, VirtualFree, WriteFile, VirtualAlloc, SetStdHandle, FlushFileBuffers, CreateFileA, GetStringTypeA, GetStringTypeW, SetFilePointer, LCMapStringA, LCMapStringW, GetProcAddress, LoadLibraryA, SetEndOfFile, ReadFile, GetLocaleInfoA, GetLocaleInfoW<br>> USER32.dll: PostThreadMessageA<br>> ADVAPI32.dll: CreateServiceA, DeleteService, RegisterServiceCtrlHandlerA, SetServiceStatus, StartServiceA, OpenSCManagerA, OpenServiceA, CloseServiceHandle, ControlService, StartServiceCtrlDispatcherA<br><br>( 0 exports ) <br> ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=ea2e9e72f5bc8ac2549b325a757d321d''>http://www.threatexpert.com/report.aspx?md5=ea2e9e72f5bc8ac2549b325a757d321d' target='_blank'>http://www.threatexpert.com/report.aspx?md5=ea2e9e72f5bc8ac2549b325a757d321d</a>'>http://www.threatexpert.com/report.aspx?md5=ea2e9e72f5bc8ac2549b325a757d321d</a> Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=2D2A5DE700227D6DD27B0006D8CB6700B3F5FF02''>http://info.prevx.com/aboutprogramtext.asp?PX5=2D2A5DE700227D6DD27B0006D8CB6700B3F5FF02' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=2D2A5DE700227D6DD27B0006D8CB6700B3F5FF02</a>'>http://info.prevx.com/aboutprogramtext.asp?PX5=2D2A5DE700227D6DD27B0006D8CB6700B3F5FF02</a> CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=ea2e9e72f5bc8ac2549b325a757d321d''>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=ea2e9e72f5bc8ac2549b325a757d321d' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=ea2e9e72f5bc8ac2549b325a757d321d</a>'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=ea2e9e72f5bc8ac2549b325a757d321d</a> Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.73 2009.01.25 Backdoor.Win32.Iroffer!IK AhnLab-V3 5.0.0.2 2009.01.24 - AntiVir 7.9.0.60 2009.01.24 APPL/NTsvc.A Authentium 5.1.0.4 2009.01.24 - Avast 4.8.1281.0 2009.01.24 - AVG 8.0.0.229 2009.01.24 - BitDefender 7.2 2009.01.25 - CAT-QuickHeal 10.00 2009.01.24 - ClamAV 0.94.1 2009.01.24 - Comodo 944 2009.01.24 ApplicUnsaf.Win32.NTsvc DrWeb 4.44.0.09170 2009.01.25 Tool.Starter eSafe 7.0.17.0 2009.01.22 - eTrust-Vet 31.6.6325 2009.01.24 - F-Prot 4.4.4.56 2009.01.24 - F-Secure 8.0.14470.0 2009.01.24 - Fortinet 3.117.0.0 2009.01.24 - GData 19 2009.01.24 - Ikarus T3.1.1.45.0 2009.01.24 Backdoor.Win32.Iroffer K7AntiVirus 7.10.604 2009.01.24 Trojan.Win32.Malware.1 Kaspersky 7.0.0.125 2009.01.24 - McAfee 5505 2009.01.24 - McAfee+Artemis 5505 2009.01.24 - Microsoft 1.4205 2009.01.24 - NOD32 3797 2009.01.25 Win32/NTsvc Norman 5.93.01 2009.01.23 - nProtect 2009.1.8.0 2009.01.23 - Panda 9.5.1.2 2009.01.24 - PCTools 4.4.2.0 2009.01.24 Backdoor.IRC.Flood Prevx1 V2 2009.01.25 Worm Rising 21.13.42.00 2009.01.23 - SecureWeb-Gateway 6.7.6 2009.01.24 Riskware.NTsvc.A Sophos 4.37.0 2009.01.24 - Sunbelt 3.2.1835.2 2009.01.16 - Symantec 10 2009.01.25 - TheHacker 6.3.1.5.228 2009.01.24 - TrendMicro 8.700.0.1004 2009.01.24 - VBA32 3.12.8.11 2009.01.24 - ViRobot 2009.1.23.1576 2009.01.23 - VirusBuster 4.5.11.0 2009.01.24 - Information additionnelle File size: 53760 bytes MD5...: ea2e9e72f5bc8ac2549b325a757d321d SHA1..: 82968811c3329c44edf796acaaf3f04618f99d97 SHA256: 0a01c68ae7b981ac52dd86b91daa1443f0fd95e3151b64223d7d4f5a5954ff48 SHA512: 6acae9b5da3757384c350b7800085948b7302ddb0386150304db3fbdeeedf9e0<br>66da29d8c4bd769c88446326ab5c32e81639021b14a83d5b77039b2855c6ef07<br> ssdeep: 768:JicUaMcxl/On8MiHhbtlEXSgtr40CgE1so+ojHOg:tUaBxl/UMBbtlEXSgOf<br>l11Dyg<br> PEiD..: InstallShield 2000 TrID..: File type identification<br>Win32 Executable MS Visual C++ (generic) (62.9%)<br>Win32 Executable Generic (14.2%)<br>Win32 Dynamic Link Library (generic) (12.6%)<br>Win16/32 Executable Delphi generic (3.4%)<br>Generic Win/DOS Executable (3.3%) PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x4025e0<br>timedatestamp.....: 0x4040a9fd (Sat Feb 28 14:47:25 2004)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x7cf2 0x7e00 6.45 e9a2d64471b6f50675c4699123511bf3<br>.rdata 0x9000 0xafd 0xc00 4.65 ea3a22f708a9282520ed45bb02af5397<br>.data 0xa000 0x5744 0x3a00 1.81 2193cbdd1bd1e6949ee865a45dc43a65<br>.idata 0x10000 0x806 0xa00 4.55 7616fe7eb72e521eefe6e7f87a2e1a78<br><br>( 3 imports ) <br>> KERNEL32.dll: InitializeCriticalSection, GetModuleFileNameA, DeleteCriticalSection, GetExitCodeProcess, TerminateProcess, GetPrivateProfileStringA, CreateProcessA, Sleep, GetLastError, EnterCriticalSection, LeaveCriticalSection, ResumeThread, CreateThread, TlsSetValue, ExitThread, CloseHandle, GetCommandLineA, GetVersion, ExitProcess, HeapFree, GetCurrentThreadId, TlsAlloc, SetLastError, TlsGetValue, HeapAlloc, GetCurrentProcess, UnhandledExceptionFilter, RtlUnwind, InterlockedDecrement, InterlockedIncrement, FreeEnvironmentStringsA, MultiByteToWideChar, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, WideCharToMultiByte, GetCPInfo, GetACP, GetOEMCP, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, HeapDestroy, HeapCreate, VirtualFree, WriteFile, VirtualAlloc, SetStdHandle, FlushFileBuffers, CreateFileA, GetStringTypeA, GetStringTypeW, SetFilePointer, LCMapStringA, LCMapStringW, GetProcAddress, LoadLibraryA, SetEndOfFile, ReadFile, GetLocaleInfoA, GetLocaleInfoW<br>> USER32.dll: PostThreadMessageA<br>> ADVAPI32.dll: CreateServiceA, DeleteService, RegisterServiceCtrlHandlerA, SetServiceStatus, StartServiceA, OpenSCManagerA, OpenServiceA, CloseServiceHandle, ControlService, StartServiceCtrlDispatcherA<br><br>( 0 exports ) <br> ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=ea2e9e72f5bc8ac2549b325a757d321d' target='_blank'>http://www.threatexpert.com/report.aspx?md5=ea2e9e72f5bc8ac2549b325a757d321d</a> Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=2D2A5DE700227D6DD27B0006D8CB6700B3F5FF02' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=2D2A5DE700227D6DD27B0006D8CB6700B3F5FF02</a> CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=ea2e9e72f5bc8ac2549b325a757d321d' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=ea2e9e72f5bc8ac2549b325a757d321d</a>
×
×
  • Créer...