Aller au contenu

dranoel

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    16

  • Inscription

  • Dernière visite

dranoel's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. dranoel
    Bonjour Loup blanc, alors voici le rapport combofix ComboFix 08-09-12.07 - LEO 2008-09-20 11:11:51.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.267 [GMT 2:00] Lancé depuis: C:\Documents and Settings\LEO\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\LEO\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe * Un nouveau point de restauration a été créé . ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-20 au 2008-09-20 )))))))))))))))))))))))))))))))))))) . 2008-09-18 21:39 . 2008-09-18 21:40 <REP> d-------- C:\Program Files\iTunes 2008-09-18 21:39 . 2008-09-18 21:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-09-18 21:38 . 2008-09-18 21:38 <REP> d-------- C:\Program Files\QuickTime 2008-09-18 21:34 . 2008-09-18 21:34 <REP> d-------- C:\Program Files\Bonjour 2008-09-11 10:28 . 2008-09-11 10:28 <REP> d-------- C:\Gmer 2008-09-11 10:28 . 2008-09-11 10:28 250 --a------ C:\WINDOWS\gmer.ini 2008-09-08 16:47 . 2008-09-08 17:30 <REP> d-------- C:\Program Files\NOS 2008-09-08 16:47 . 2008-09-08 17:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS 2008-09-06 19:23 . 2008-09-06 19:23 3,313,499 --a------ C:\upload_moi_LEO-BEEGA1ITBTM.tar.gz 2008-09-06 16:35 . 2008-09-06 16:35 <REP> d-------- C:\_OTMoveIt 2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-09-03 09:02 . 2008-09-03 09:02 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes 2008-09-03 08:58 . 2008-09-03 08:58 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-03 08:58 . 2008-09-03 08:58 <REP> d-------- C:\Documents and Settings\LEO\Application Data\Malwarebytes 2008-09-03 08:58 . 2008-09-03 08:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-03 08:58 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-03 08:58 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-02 23:18 . 2008-09-02 23:18 578,048 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll 2008-09-02 23:16 . 2008-09-02 23:16 <REP> d-------- C:\WINDOWS\ERUNT 2008-09-02 23:12 . 2008-09-02 23:45 <REP> d-------- C:\SDFix 2008-09-02 10:45 . 2008-09-02 10:45 <REP> d-------- C:\Program Files\Avira 2008-09-02 10:45 . 2008-09-02 10:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-08-31 12:19 . 2008-09-03 00:44 <REP> d-------- C:\SmitfraudFix 2008-08-31 12:16 . 2008-08-27 11:29 1,573,323 --a------ C:\SmitfraudFix.exe 2008-08-31 12:05 . 2008-09-03 00:42 3,952 --a------ C:\WINDOWS\system32\tmp.reg 2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\system32\dns-sd.exe 2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\WINDOWS\system32\dnssd.dll 2008-08-25 18:02 . 2005-08-27 11:38 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau 2008-08-25 18:02 . 2005-08-27 11:38 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-08-25 18:02 . 2005-08-27 10:43 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles 2008-08-25 18:02 . 2005-08-27 11:38 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents 2008-08-25 18:02 . 2005-08-27 11:38 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer 2008-08-25 18:02 . 2005-08-27 11:38 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris 2008-08-25 18:02 . 2008-09-13 13:54 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2008-08-25 18:02 . 2008-08-25 18:02 <REP> d-------- C:\Documents and Settings\Administrateur . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-19 22:37 --------- d-----w C:\Documents and Settings\LEO\Application Data\Azureus 2008-09-18 19:40 --------- d-----w C:\Program Files\iPod 2008-09-08 16:01 --------- d-----w C:\Program Files\Azureus 2008-09-08 15:34 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-08-07 19:34 --------- d-----w C:\Documents and Settings\LEO\Application Data\Apple Computer 2008-08-07 19:32 --------- d-----w C:\Program Files\Apple Software Update 2008-08-07 19:12 --------- d-----w C:\Program Files\Safari 2008-08-05 17:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-05 17:30 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-07-22 18:32 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll . ------- Sigcheck ------- 2002-09-07 02:00 520704 71820bc9ee6653c8748922459dfc384d C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe 2004-08-19 16:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe 2004-08-19 16:10 510464 78e8c6d90f8b390df97b1ae3e4da44e3 C:\WINDOWS\system32\winlogon.exe 2004-08-19 16:09 1038848 caff5bac700e241711e67b27f4e4f1c0 C:\WINDOWS\explorer.exe 2002-09-07 02:00 1008128 82fe0d400cb1ac937234467b927b867a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe 2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\ServicePackFiles\i386\explorer.exe 2002-09-07 02:00 101888 fc0691097471ee374907e1024edcbd43 C:\WINDOWS\$NtServicePackUninstall$\services.exe 2004-08-19 16:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\ServicePackFiles\i386\services.exe 2004-08-19 16:10 110592 90bfeb102ded1bb9c86fa9c083bf3912 C:\WINDOWS\system32\services.exe 2002-09-07 02:00 11776 b7b1c150aff59455db4df082815f88f5 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe 2004-08-19 16:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\ServicePackFiles\i386\lsass.exe 2004-08-19 16:09 14848 6e1421b48437bac4a07290eb50830c5a C:\WINDOWS\system32\lsass.exe 2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe 2002-09-07 02:00 51200 b1ce5287f096895d9be26eb86f4d5faf C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe 2004-08-19 16:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe 2004-08-19 16:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe 2005-06-11 01:53 58880 0d1417bcacddb7743d59bcf8ed355ada C:\WINDOWS\system32\spoolsv.exe . ((((((((((((((((((((((((((((( snapshot@2008-09-13_13.58.13.78 ))))))))))))))))))))))))))))))))))))))))) . + 2008-09-18 19:40:37 102,400 ----a-r C:\WINDOWS\Installer\{41B9E2CF-0B3F-442A-B5B3-592A4A355634}\iTunesIco.exe + 2008-09-18 19:34:32 86,016 ----a-r C:\WINDOWS\Installer\{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}\PrntWzrdIco.exe - 2008-01-29 10:01:28 16,168 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys + 2008-04-17 11:12:54 15,464 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys + 2008-04-17 11:12:54 107,368 -c--a-w C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspi.dll + 2008-04-17 11:12:54 15,464 -c--a-w C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspiWDM.sys - 2008-01-29 10:02:30 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll + 2008-04-17 11:12:54 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-04-27 77824] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-30 4603904] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-09-30 86016] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-10-05 180269] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975] "WatchDog"="C:\Program Files\mobile PhoneTools\WatchDog.exe" [2004-08-14 36864] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-11-01 221184] "LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2004-11-01 18:22 73728] "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 262144] "LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2004-11-01 217088] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696] "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576] "SoundMan"="SOUNDMAN.EXE" [2004-01-08 C:\WINDOWS\SOUNDMAN.EXE] "nwiz"="nwiz.exe" [2004-09-30 C:\WINDOWS\system32\nwiz.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 C:\WINDOWS\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15360] C:\Documents and Settings\LEO\Menu D‚marrer\Programmes\D‚marrage\ 802.11g USB 2.0 adapter Setting.lnk - C:\WINDOWS\system32\WiFiCfg.exe [2004-05-21 389120] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ BTTray.lnk - C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe [2004-11-30 565309] VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2005-08-27 561152] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm "VIDC.HFYU"= huffyuv.dll "vidc.i263"= C:\WINDOWS\system32\i263_32.drv "msacm.imc"= C:\WINDOWS\system32\imc32.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\BitComet\\BitComet.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\StubInstaller.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\mobile PhoneTools\\MMCenter.exe"= "C:\\Program Files\\ABC\\abc.exe"= "C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "13894:TCP"= 13894:TCP:BitComet 13894 TCP "13894:UDP"= 13894:UDP:BitComet 13894 UDP "52333:UDP"= 52333:UDP:azureus2 "52333:TCP"= 52333:TCP:azureus3 R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [2003-04-27 8704] R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-06-12 75904] R2 IrCOMM2kSvc;Virtual IR COM Port, Service Program;C:\WINDOWS\system32\ircomm2k.exe [2002-03-20 53248] R3 IrCOMM2k;Virtual IR COM Port;C:\WINDOWS\system32\DRIVERS\ircomm2k.sys [2002-03-25 16026] R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 99360] S3 getPlus® Helper;getPlus® Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [ ] S3 lvgaec;Logitech Kernel Audio Processing (AEC) Filter Driver;C:\WINDOWS\system32\drivers\lvgaec.sys [2004-11-01 884864] S3 lvsmflt;Logitech Kernel Audio Processing (Switch and Mute) Filter Driver;C:\WINDOWS\system32\drivers\lvsmflt.sys [2004-11-01 858880] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] . Contenu du dossier 'Tâches planifiées' . . ------- Examen supplémentaire ------- . FireFox -: Profile - C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\ji8hdqc1.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.atptennis.com/ FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava11.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava12.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava13.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava14.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava32.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPOJI610.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-20 11:13:42 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . Heure de fin: 2008-09-20 11:15:26 ComboFix-quarantined-files.txt 2008-09-20 09:14:47 ComboFix2.txt 2008-09-14 18:32:41 ComboFix3.txt 2008-09-13 11:58:54 Avant-CF: 4,545,593,344 octets libres Après-CF: 4,513,390,592 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn 210 ComboFix 08-09-12.07 - LEO 2008-09-20 11:11:51.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.267 [GMT 2:00] Lancé depuis: C:\Documents and Settings\LEO\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\LEO\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe * Un nouveau point de restauration a été créé . ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-20 au 2008-09-20 )))))))))))))))))))))))))))))))))))) . 2008-09-18 21:39 . 2008-09-18 21:40 <REP> d-------- C:\Program Files\iTunes 2008-09-18 21:39 . 2008-09-18 21:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-09-18 21:38 . 2008-09-18 21:38 <REP> d-------- C:\Program Files\QuickTime 2008-09-18 21:34 . 2008-09-18 21:34 <REP> d-------- C:\Program Files\Bonjour 2008-09-11 10:28 . 2008-09-11 10:28 <REP> d-------- C:\Gmer 2008-09-11 10:28 . 2008-09-11 10:28 250 --a------ C:\WINDOWS\gmer.ini 2008-09-08 16:47 . 2008-09-08 17:30 <REP> d-------- C:\Program Files\NOS 2008-09-08 16:47 . 2008-09-08 17:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS 2008-09-06 19:23 . 2008-09-06 19:23 3,313,499 --a------ C:\upload_moi_LEO-BEEGA1ITBTM.tar.gz 2008-09-06 16:35 . 2008-09-06 16:35 <REP> d-------- C:\_OTMoveIt 2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-09-03 09:02 . 2008-09-03 09:02 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes 2008-09-03 08:58 . 2008-09-03 08:58 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-03 08:58 . 2008-09-03 08:58 <REP> d-------- C:\Documents and Settings\LEO\Application Data\Malwarebytes 2008-09-03 08:58 . 2008-09-03 08:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-03 08:58 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-03 08:58 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-02 23:18 . 2008-09-02 23:18 578,048 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll 2008-09-02 23:16 . 2008-09-02 23:16 <REP> d-------- C:\WINDOWS\ERUNT 2008-09-02 23:12 . 2008-09-02 23:45 <REP> d-------- C:\SDFix 2008-09-02 10:45 . 2008-09-02 10:45 <REP> d-------- C:\Program Files\Avira 2008-09-02 10:45 . 2008-09-02 10:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-08-31 12:19 . 2008-09-03 00:44 <REP> d-------- C:\SmitfraudFix 2008-08-31 12:16 . 2008-08-27 11:29 1,573,323 --a------ C:\SmitfraudFix.exe 2008-08-31 12:05 . 2008-09-03 00:42 3,952 --a------ C:\WINDOWS\system32\tmp.reg 2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\system32\dns-sd.exe 2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\WINDOWS\system32\dnssd.dll 2008-08-25 18:02 . 2005-08-27 11:38 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau 2008-08-25 18:02 . 2005-08-27 11:38 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-08-25 18:02 . 2005-08-27 10:43 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles 2008-08-25 18:02 . 2005-08-27 11:38 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents 2008-08-25 18:02 . 2005-08-27 11:38 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer 2008-08-25 18:02 . 2005-08-27 11:38 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris 2008-08-25 18:02 . 2008-09-13 13:54 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2008-08-25 18:02 . 2008-08-25 18:02 <REP> d-------- C:\Documents and Settings\Administrateur . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-19 22:37 --------- d-----w C:\Documents and Settings\LEO\Application Data\Azureus 2008-09-18 19:40 --------- d-----w C:\Program Files\iPod 2008-09-08 16:01 --------- d-----w C:\Program Files\Azureus 2008-09-08 15:34 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-08-07 19:34 --------- d-----w C:\Documents and Settings\LEO\Application Data\Apple Computer 2008-08-07 19:32 --------- d-----w C:\Program Files\Apple Software Update 2008-08-07 19:12 --------- d-----w C:\Program Files\Safari 2008-08-05 17:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-05 17:30 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-07-22 18:32 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll . ------- Sigcheck ------- 2002-09-07 02:00 520704 71820bc9ee6653c8748922459dfc384d C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe 2004-08-19 16:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe 2004-08-19 16:10 510464 78e8c6d90f8b390df97b1ae3e4da44e3 C:\WINDOWS\system32\winlogon.exe 2004-08-19 16:09 1038848 caff5bac700e241711e67b27f4e4f1c0 C:\WINDOWS\explorer.exe 2002-09-07 02:00 1008128 82fe0d400cb1ac937234467b927b867a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe 2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\ServicePackFiles\i386\explorer.exe 2002-09-07 02:00 101888 fc0691097471ee374907e1024edcbd43 C:\WINDOWS\$NtServicePackUninstall$\services.exe 2004-08-19 16:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\ServicePackFiles\i386\services.exe 2004-08-19 16:10 110592 90bfeb102ded1bb9c86fa9c083bf3912 C:\WINDOWS\system32\services.exe 2002-09-07 02:00 11776 b7b1c150aff59455db4df082815f88f5 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe 2004-08-19 16:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\ServicePackFiles\i386\lsass.exe 2004-08-19 16:09 14848 6e1421b48437bac4a07290eb50830c5a C:\WINDOWS\system32\lsass.exe 2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe 2002-09-07 02:00 51200 b1ce5287f096895d9be26eb86f4d5faf C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe 2004-08-19 16:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe 2004-08-19 16:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe 2005-06-11 01:53 58880 0d1417bcacddb7743d59bcf8ed355ada C:\WINDOWS\system32\spoolsv.exe . ((((((((((((((((((((((((((((( snapshot@2008-09-13_13.58.13.78 ))))))))))))))))))))))))))))))))))))))))) . + 2008-09-18 19:40:37 102,400 ----a-r C:\WINDOWS\Installer\{41B9E2CF-0B3F-442A-B5B3-592A4A355634}\iTunesIco.exe + 2008-09-18 19:34:32 86,016 ----a-r C:\WINDOWS\Installer\{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}\PrntWzrdIco.exe - 2008-01-29 10:01:28 16,168 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys + 2008-04-17 11:12:54 15,464 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys + 2008-04-17 11:12:54 107,368 -c--a-w C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspi.dll + 2008-04-17 11:12:54 15,464 -c--a-w C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspiWDM.sys - 2008-01-29 10:02:30 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll + 2008-04-17 11:12:54 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-04-27 77824] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-30 4603904] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-09-30 86016] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-10-05 180269] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975] "WatchDog"="C:\Program Files\mobile PhoneTools\WatchDog.exe" [2004-08-14 36864] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-11-01 221184] "LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2004-11-01 18:22 73728] "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 262144] "LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2004-11-01 217088] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696] "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576] "SoundMan"="SOUNDMAN.EXE" [2004-01-08 C:\WINDOWS\SOUNDMAN.EXE] "nwiz"="nwiz.exe" [2004-09-30 C:\WINDOWS\system32\nwiz.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 C:\WINDOWS\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15360] C:\Documents and Settings\LEO\Menu D‚marrer\Programmes\D‚marrage\ 802.11g USB 2.0 adapter Setting.lnk - C:\WINDOWS\system32\WiFiCfg.exe [2004-05-21 389120] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ BTTray.lnk - C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe [2004-11-30 565309] VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2005-08-27 561152] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm "VIDC.HFYU"= huffyuv.dll "vidc.i263"= C:\WINDOWS\system32\i263_32.drv "msacm.imc"= C:\WINDOWS\system32\imc32.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\BitComet\\BitComet.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\StubInstaller.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\mobile PhoneTools\\MMCenter.exe"= "C:\\Program Files\\ABC\\abc.exe"= "C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "13894:TCP"= 13894:TCP:BitComet 13894 TCP "13894:UDP"= 13894:UDP:BitComet 13894 UDP "52333:UDP"= 52333:UDP:azureus2 "52333:TCP"= 52333:TCP:azureus3 R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [2003-04-27 8704] R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-06-12 75904] R2 IrCOMM2kSvc;Virtual IR COM Port, Service Program;C:\WINDOWS\system32\ircomm2k.exe [2002-03-20 53248] R3 IrCOMM2k;Virtual IR COM Port;C:\WINDOWS\system32\DRIVERS\ircomm2k.sys [2002-03-25 16026] R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 99360] S3 getPlus® Helper;getPlus® Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [ ] S3 lvgaec;Logitech Kernel Audio Processing (AEC) Filter Driver;C:\WINDOWS\system32\drivers\lvgaec.sys [2004-11-01 884864] S3 lvsmflt;Logitech Kernel Audio Processing (Switch and Mute) Filter Driver;C:\WINDOWS\system32\drivers\lvsmflt.sys [2004-11-01 858880] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] . Contenu du dossier 'Tâches planifiées' . . ------- Examen supplémentaire ------- . FireFox -: Profile - C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\ji8hdqc1.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.atptennis.com/ FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava11.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava12.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava13.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava14.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava32.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPOJI610.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-20 11:13:42 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . Heure de fin: 2008-09-20 11:15:26 ComboFix-quarantined-files.txt 2008-09-20 09:14:47 ComboFix2.txt 2008-09-14 18:32:41 ComboFix3.txt 2008-09-13 11:58:54 Avant-CF: 4,545,593,344 octets libres Après-CF: 4,513,390,592 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn 210 et maintenant le rapport Virus total, merci pour ton aide, ça devient inquietant :-/ Fichier winlogon.exe reçu le 2008.09.20 11:27:43 (CET) Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.9.19.2 2008.09.19 - AntiVir 7.8.1.34 2008.09.19 TR/Patched.AA.595 Authentium 5.1.0.4 2008.09.19 W32/Patched.A Avast 4.8.1195.0 2008.09.19 Win32:Patched-CK AVG 8.0.0.161 2008.09.19 Win32/PEPatch.AO BitDefender 7.2 2008.09.19 Trojan.Patched.U CAT-QuickHeal 9.50 2008.09.20 Trojan.Patched.AA ClamAV 0.93.1 2008.09.19 Trojan.Agent-5069 DrWeb 4.44.0.09170 2008.09.20 Trojan.Starter.384 eSafe 7.0.17.0 2008.09.18 - eTrust-Vet 31.6.6095 2008.09.19 - Ewido 4.0 2008.09.19 - F-Prot 4.4.4.56 2008.09.19 W32/Patched.A F-Secure 8.0.14332.0 2008.09.20 Trojan.Win32.Patched.cx Fortinet 3.113.0.0 2008.09.20 - GData 19 2008.09.20 Trojan.Win32.Patched.cx Ikarus T3.1.1.34.0 2008.09.19 Trojan.Win32.Patched.g K7AntiVirus 7.10.464 2008.09.19 - Kaspersky 7.0.0.125 2008.09.20 Trojan.Win32.Patched.cx McAfee 5388 2008.09.19 W32/PEPatcher.c Microsoft 1.3903 2008.09.20 TrojanDownloader:Win32/Donise.C!patched NOD32v2 3457 2008.09.19 Win32/TrojanProxy.Agent.NCI Norman 5.80.02 2008.09.19 W32/Patched.A Panda 9.0.0.4 2008.09.19 W32/PatchLog.gen PCTools 4.4.2.0 2008.09.19 - Prevx1 V2 2008.09.20 - Rising 20.62.50.00 2008.09.20 Trojan.Win32.Patched.aa Sophos 4.33.0 2008.09.20 W32/Liger-A Sunbelt 3.1.1651.1 2008.09.19 - Symantec 10 2008.09.19 Trojan.Patchep!inf TheHacker 6.3.0.9.089 2008.09.20 W32/PEPatcher.gen TrendMicro 8.700.0.1004 2008.09.20 PE_PATCHEP.A VBA32 3.12.8.5 2008.09.19 - ViRobot 2008.9.20.1384 2008.09.20 Win32.Patched.C VirusBuster 4.5.11.0 2008.09.19 Win32.Agent.IMP Webwasher-Gateway 6.6.2 2008.09.19 Trojan.Patched.AA.595 Information additionnelle File size: 510464 bytes MD5...: 78e8c6d90f8b390df97b1ae3e4da44e3 SHA1..: 3017e8a5701c502060d91987b9fe5a3e88975d69 SHA256: bf5dbcb660703b10640633d7980d17d4addd8068b5731419c40a3c2d92a4e461 SHA512: c113a79f9f14154bc8aab7fe81511206afe602764f2f78cd6deeb166c49b32a1<br>7b3338f6a5a735e52dd54b4f62819aa11e5f8853c850b3d1ee6e25ba63442d46 PEiD..: - TrID..: File type identification<br>Win64 Executable Generic (80.9%)<br>Win32 Executable Generic (8.0%)<br>Win32 Dynamic Link Library (generic) (7.1%)<br>Generic Win/DOS Executable (1.8%)<br>DOS Executable Generic (1.8%) PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1081000<br>timedatestamp.....: 0x41107edc (Wed Aug 04 06:14:52 2004)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x6f288 0x6f400 6.82 9aefa34e4ef8656cff4ae32aca092e29<br>.data 0x71000 0x4d90 0x2000 6.20 baa64d00a5f8a540a38a60d2aff66f30<br>.rsrc 0x76000 0xc000 0xb200 3.49 0345b0566682de741cdcc72c6eafcaee<br><br>( 20 imports ) <br>> ADVAPI32.dll: ConvertStringSecurityDescriptorToSecurityDescriptorA, A_SHAInit, A_SHAUpdate, A_SHAFinal, LsaStorePrivateData, LsaRetrievePrivateData, LsaNtStatusToWinError, CryptGetUserKey, CryptGetKeyParam, CryptEncrypt, CryptSetProvParam, CryptSignHashW, CryptDeriveKey, CryptGetProvParam, RegOpenCurrentUser, RegDeleteKeyW, AddAccessAllowedAceEx, RegSetKeySecurity, I_ScSendTSMessage, MD5Init, MD5Update, MD5Final, SetFileSecurityA, AllocateLocallyUniqueId, LsaOpenPolicy, LsaQueryInformationPolicy, LsaFreeMemory, LsaClose, RegNotifyChangeKeyValue, QueryServiceConfigW, SetKernelObjectSecurity, ConvertStringSecurityDescriptorToSecurityDescriptorW, RegEnumKeyExW, GetCurrentHwProfileW, RegCloseKey, RegQueryValueExW, RegOpenKeyW, FreeSid, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, AddAccessAllowedAce, InitializeAcl, GetLengthSid, AllocateAndInitializeSid, RegOpenKeyExW, CreateProcessAsUserW, DuplicateTokenEx, CloseServiceHandle, ControlService, StartServiceW, QueryServiceStatus, OpenServiceW, OpenSCManagerW, EqualSid, GetTokenInformation, RegSetValueExW, RegCreateKeyExW, CryptGenRandom, CryptDestroyHash, CryptVerifySignatureW, CryptSetHashParam, CryptGetHashParam, CryptHashData, CryptCreateHash, CryptDecrypt, ReportEventW, RegisterEventSourceW, CryptImportKey, CryptAcquireContextW, CryptReleaseContext, CryptDestroyKey, RegEnumValueW, RegQueryInfoKeyW, RegDeleteValueW, CredFree, CredDeleteW, CredEnumerateW, CopySid, GetSidLengthRequired, GetSidSubAuthority, GetSidSubAuthorityCount, GetUserNameW, OpenThreadToken, EnumServicesStatusW, ImpersonateLoggedOnUser, RegQueryValueExA, CheckTokenMembership, DeregisterEventSource, LsaGetUserName, RevertToSelf, LookupAccountSidW, IsValidSid, SetTokenInformation, LogonUserW, LookupAccountNameW, OpenProcessToken, SynchronizeWindows31FilesAndWindowsNTRegistry, QueryWindows31FilesMigration, AdjustTokenPrivileges, RegQueryInfoKeyA<br>> AUTHZ.dll: AuthzInitializeResourceManager, AuthzAccessCheck, AuthziFreeAuditEventType, AuthziInitializeAuditEvent, AuthziInitializeAuditParams, AuthziInitializeAuditEventType, AuthziLogAuditEvent, AuthzFreeAuditEvent, AuthzFreeResourceManager, AuthzFreeHandle<br>> CRYPT32.dll: CryptImportPublicKeyInfo, CryptVerifyMessageSignature, CertCreateCertificateContext, CertSetCertificateContextProperty, CertVerifyCertificateChainPolicy, CryptSignMessage, CertCloseStore, CertComparePublicKeyInfo, CryptExportPublicKeyInfo, CertFindExtension, CryptDecryptMessage, CertGetCertificateContextProperty, CertAddCertificateContextToStore, CertOpenStore, CertVerifySubjectCertificateContext, CertGetIssuerCertificateFromStore, CertDuplicateCertificateContext, CertFreeCertificateContext, CertEnumCertificatesInStore, CryptImportPublicKeyInfoEx<br>> GDI32.dll: RemoveFontResourceW, AddFontResourceW<br>> KERNEL32.dll: WTSGetActiveConsoleSessionId, GetTimeFormatW, GetUserDefaultLCID, FileTimeToSystemTime, FileTimeToLocalFileTime, GetProcAddress, LoadLibraryW, GetModuleHandleW, SystemTimeToFileTime, GetSystemTime, SetLastError, TerminateProcess, GetCurrentProcess, CreateTimerQueueTimer, CreateThread, lstrcpynW, GetShortPathNameW, GetProfileStringW, FreeLibrary, ReleaseSemaphore, CreateSemaphoreW, GetSystemInfo, GetComputerNameW, GetEnvironmentVariableW, WaitForSingleObjectEx, LoadResource, FindResourceW, SetThreadExecutionState, DeleteTimerQueueTimer, ResetEvent, GetSystemDirectoryW, TransactNamedPipe, SetNamedPipeHandleState, GetTickCount, CreateFileW, GlobalGetAtomNameW, VirtualLock, VirtualQuery, GetDriveTypeW, Beep, OpenMutexW, QueueUserWorkItem, LeaveCriticalSection, EnterCriticalSection, DisconnectNamedPipe, SearchPathW, lstrcatW, LocalReAlloc, ExpandEnvironmentStringsW, TerminateThread, ResumeThread, GetDiskFreeSpaceExW, GlobalMemoryStatusEx, DeleteFileW, WriteProfileStringW, ReadFile, FindVolumeClose, FindNextVolumeW, FindFirstVolumeW, FormatMessageW, SetPriorityClass, MoveFileExW, WaitForMultipleObjectsEx, GetExitCodeProcess, SleepEx, InterlockedExchange, FindClose, FindFirstFileW, GetWindowsDirectoryW, SetTimerQueueTimer, GetComputerNameA, GetVersionExW, VerSetConditionMask, WriteFile, WaitNamedPipeW, WaitForMultipleObjects, ConnectNamedPipe, DuplicateHandle, OpenProcess, GetOverlappedResult, GetVersionExA, lstrcmpW, SetEnvironmentVariableW, UnregisterWait, CreateNamedPipeW, CreateRemoteThread, CreateActCtxW, GetModuleFileNameW, ExitProcess, LoadLibraryExW, SetErrorMode, SetUnhandledExceptionFilter, GetPrivateProfileStringW, LocalSize, VirtualAlloc, VirtualQueryEx, DebugBreak, CreateFileA, InitializeCriticalSection, ProcessIdToSessionId, SetInformationJobObject, AssignProcessToJobObject, TerminateJobObject, PostQueuedCompletionStatus, PulseEvent, GetQueuedCompletionStatus, CreateIoCompletionPort, CreateJobObjectW, ActivateActCtx, DeactivateActCtx, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetSystemTimeAsFileTime, UnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, GetCurrentProcessId, SetThreadPriority, GetCurrentThreadId, lstrcmpiW, GetProfileIntW, LoadLibraryExA, lstrcpyW, lstrlenW, Sleep, LocalAlloc, CreateEventW, GetExitCodeThread, SetThreadAffinityMask, GetProcessAffinityMask, CreateWaitableTimerW, CreateMutexW, OpenEventW, RegisterWaitForSingleObject, WaitForSingleObject, CreateProcessW, SetWaitableTimer, ReleaseMutex, SetEvent, UnregisterWaitEx, CloseHandle, lstrlenA, lstrcpyA, MultiByteToWideChar, GetACP, WideCharToMultiByte, HeapAlloc, GetProcessHeap, HeapFree, lstrcpynA, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, lstrcmpiA, GetFileSize, SetFilePointer, GlobalAlloc, GlobalFree, GetLastError, LocalFree, lstrcatA, lstrcmpA, GetLogicalDriveStringsA, GetDriveTypeA, GetVolumeInformationW, GlobalMemoryStatus, CreateMutexA, FindResourceExW, LockResource, SizeofResource, VerifyVersionInfoW, GetSystemDirectoryA, GetCurrentThread, DelayLoadFailureHook, BaseInitAppcompatCacheSupport, OpenProfileUserMapping, CloseProfileUserMapping, BaseCleanupAppcompatCacheSupport, InitializeCriticalSectionAndSpinCount, VirtualProtect, CreateEventA, TlsSetValue, DeleteCriticalSection, TlsGetValue, TlsAlloc, VirtualFree, TlsFree<br>> msvcrt.dll: _vsnwprintf, wcslen, wcsncpy, wcsstr, atoi, wcstok, memmove, wcschr, swprintf, swscanf, _local_unwind2, _wcslwr, wcscmp, _snwprintf, malloc, _c_exit, _exit, _XcptFilter, _cexit, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __3@YAXPAX@Z, __2@YAPAXI@Z, __CxxFrameHandler, _itow, _snprintf, _wtol, _strnicmp, sscanf, wcstombs, sprintf, strchr, strncmp, atof, _ftol, isspace, __set_app_type, wcscpy, _controlfp, wcsncmp, _wcsupr, ceil, wcscat, _except_handler3, free, _wcsicmp<br>> NDdeApi.dll: -, -, -, -<br>> ntdll.dll: RtlAllocateHeap, NtPowerInformation, NtSetSystemPowerState, NtRaiseHardError, RtlDeleteCriticalSection, NtOpenSymbolicLinkObject, NtReplyPort, NtCompleteConnectPort, NtReplyWaitReceivePort, NtAcceptConnectPort, NtCreatePort, RtlConvertSidToUnicodeString, RtlFreeUnicodeString, NtLockProductActivationKeys, RtlTimeToTimeFields, NtUnmapViewOfSection, NtMapViewOfSection, NtOpenSection, NtQuerySymbolicLinkObject, NtQueryVolumeInformationFile, NtSetSecurityObject, RtlAdjustPrivilege, NtOpenFile, NtFsControlFile, RtlAllocateAndInitializeSid, RtlDestroyEnvironment, RtlFreeHeap, NtQueryInformationToken, NtShutdownSystem, RtlEnterCriticalSection, RtlLeaveCriticalSection, RtlInitializeCriticalSection, RtlCreateEnvironment, RtlQueryEnvironmentVariable_U, RtlSetEnvironmentVariable, RtlInitUnicodeString, NtOpenKey, NtQueryValueKey, RtlSubAuthoritySid, RtlInitializeSid, RtlLengthRequiredSid, NtAllocateLocallyUniqueId, RtlGetDaclSecurityDescriptor, RtlCopySid, RtlLengthSid, NtSetInformationThread, NtDuplicateToken, NtDuplicateObject, RtlEqualSid, RtlSetDaclSecurityDescriptor, NtClose, RtlOpenCurrentUser, RtlCreateSecurityDescriptor, RtlAddAce, RtlCreateAcl, RtlNtStatusToDosError, NtOpenDirectoryObject, NtQuerySystemInformation, NtCreateEvent, NtCreatePagingFile, RtlDosPathNameToNtPathName_U, RtlRegisterWait, NtSetValueKey, NtCreateKey, RtlTimeToSecondsSince1980, NtQuerySystemTime, NtPrivilegeObjectAuditAlarm, NtPrivilegeCheck, NtOpenThreadToken, NtOpenProcessToken, RtlUnhandledExceptionFilter, NtQueryInformationProcess, DbgBreakPoint, RtlCheckProcessParameters, RtlSetThreadIsCritical, RtlSetProcessIsCritical, RtlInitString, NtInitiatePowerAction, DbgPrint, NtFilterToken, NtQueryInformationJobObject, NtOpenEvent, RtlGetAce, RtlQueryInformationAcl, NtQuerySecurityObject, RtlCompareUnicodeString, NtSetInformationProcess<br>> PROFMAP.dll: InitializeProfileMappingApi, RemapAndMoveUserW<br>> PSAPI.DLL: EnumProcesses, EnumProcessModules, GetModuleBaseNameW<br>> REGAPI.dll: RegDefaultUserConfigQueryW, RegUserConfigQuery<br>> RPCRT4.dll: RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcImpersonateClient, I_RpcMapWin32Status, RpcServerRegisterIf, RpcGetAuthorizationContextForClient, RpcFreeAuthorizationContext, RpcServerListen, RpcRevertToSelf, NdrServerCall2, UuidCreate<br>> Secur32.dll: GetUserNameExW, LsaLookupAuthenticationPackage, LsaRegisterLogonProcess, LsaCallAuthenticationPackage<br>> SETUPAPI.dll: SetupDiDestroyDeviceInfoList, SetupDiEnumDeviceInfo, SetupDiGetClassDevsW, SetupDiGetDeviceRegistryPropertyW<br>> USER32.dll: SetFocus, EnumWindows, CreateWindowStationW, RegisterLogonProcess, RecordShutdownReason, LoadLocalFonts, UnhookWindowsHook, SetWindowsHookW, GetWindowTextW, CallNextHookEx, DialogBoxParamW, GetWindowPlacement, GetSystemMenu, DeleteMenu, SetWindowPlacement, SetUserObjectInformationW, GetAsyncKeyState, PostThreadMessageW, SetUserObjectSecurity, CreateDesktopW, KillTimer, GetMessageTime, SetLogonNotifyWindow, UnlockWindowStation, SetTimer, ReplyMessage, UnregisterHotKey, RegisterHotKey, OpenInputDesktop, GetUserObjectInformationW, CloseDesktop, RegisterDeviceNotificationW, SetThreadDesktop, CreateWindowExW, GetMessageW, TranslateMessage, RegisterWindowMessageW, SetCursor, DefWindowProcW, FindWindowW, MessageBoxW, SendNotifyMessageW, PostQuitMessage, MsgWaitForMultipleObjects, GetWindowRect, GetSystemMetrics, PeekMessageW, DispatchMessageW, SetProcessWindowStation, UpdateWindow, ShowWindow, SetWindowPos, PostMessageW, ExitWindowsEx, EnumDisplayMonitors, SystemParametersInfoW, GetDlgItem, SendMessageW, CreateDialogParamW, DestroyWindow, GetWindowLongW, GetDlgItemTextW, EndDialog, SetWindowLongW, LoadStringW, SetWindowTextW, SetDlgItemTextW, wsprintfW, wsprintfA, LockWindowStation, MBToWCSEx, SetWindowStationUser, UpdatePerUserSystemParameters, DialogBoxIndirectParamW, wvsprintfW, SetLastErrorEx, LoadCursorW, CheckDlgButton, IsDlgButtonChecked, RegisterClassW, CloseWindowStation, LoadImageW, GetParent, GetKeyState, GetDesktopWindow, SetForegroundWindow, SwitchDesktop, OpenDesktopW<br>> USERENV.dll: WaitForUserPolicyForegroundProcessing, GetAllUsersProfileDirectoryW, -, -, -, -, WaitForMachinePolicyForegroundProcessing, -, -, -, UnloadUserProfile, LoadUserProfileW, GetUserProfileDirectoryW, RegisterGPNotification, CreateEnvironmentBlock, DestroyEnvironmentBlock, UnregisterGPNotification, -<br>> VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW<br>> WINSTA.dll: WinStationRequestSessionsList, WinStationQueryLogonCredentialsW, WinStationIsHelpAssistantSession, WinStationAutoReconnect, _WinStationWaitForConnect, WinStationDisconnect, _WinStationCallback, WinStationNameFromLogonIdW, _WinStationFUSCanRemoteUserDisconnect, WinStationEnumerate_IndexedW, WinStationGetMachinePolicy, WinStationQueryInformationW, WinStationFreeMemory, WinStationReset, _WinStationNotifyDisconnectPipe, WinStationConnectW, WinStationSetInformationW, WinStationShutdownSystem, WinStationCheckLoopBack, _WinStationNotifyLogon, _WinStationNotifyLogoff<br>> WINTRUST.dll: CryptCATCatalogInfoFromContext, CryptCATAdminCalcHashFromFileHandle, CryptCATAdminAcquireContext, CryptCATAdminEnumCatalogFromHash, CryptCATAdminReleaseCatalogContext, WTHelperProvDataFromStateData, WinVerifyTrust, WTHelperGetProvSignerFromChain, CryptCATAdminReleaseContext<br>> WS2_32.dll: -, getaddrinfo, -<br><br>( 0 exports ) <br> Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.9.19.2 2008.09.19 - AntiVir 7.8.1.34 2008.09.19 TR/Patched.AA.595 Authentium 5.1.0.4 2008.09.19 W32/Patched.A Avast 4.8.1195.0 2008.09.19 Win32:Patched-CK AVG 8.0.0.161 2008.09.19 Win32/PEPatch.AO BitDefender 7.2 2008.09.19 Trojan.Patched.U CAT-QuickHeal 9.50 2008.09.20 Trojan.Patched.AA ClamAV 0.93.1 2008.09.19 Trojan.Agent-5069 DrWeb 4.44.0.09170 2008.09.20 Trojan.Starter.384 eSafe 7.0.17.0 2008.09.18 - eTrust-Vet 31.6.6095 2008.09.19 - Ewido 4.0 2008.09.19 - F-Prot 4.4.4.56 2008.09.19 W32/Patched.A F-Secure 8.0.14332.0 2008.09.20 Trojan.Win32.Patched.cx Fortinet 3.113.0.0 2008.09.20 - GData 19 2008.09.20 Trojan.Win32.Patched.cx Ikarus T3.1.1.34.0 2008.09.19 Trojan.Win32.Patched.g K7AntiVirus 7.10.464 2008.09.19 - Kaspersky 7.0.0.125 2008.09.20 Trojan.Win32.Patched.cx McAfee 5388 2008.09.19 W32/PEPatcher.c Microsoft 1.3903 2008.09.20 TrojanDownloader:Win32/Donise.C!patched NOD32v2 3457 2008.09.19 Win32/TrojanProxy.Agent.NCI Norman 5.80.02 2008.09.19 W32/Patched.A Panda 9.0.0.4 2008.09.19 W32/PatchLog.gen PCTools 4.4.2.0 2008.09.19 - Prevx1 V2 2008.09.20 - Rising 20.62.50.00 2008.09.20 Trojan.Win32.Patched.aa Sophos 4.33.0 2008.09.20 W32/Liger-A Sunbelt 3.1.1651.1 2008.09.19 - Symantec 10 2008.09.19 Trojan.Patchep!inf TheHacker 6.3.0.9.089 2008.09.20 W32/PEPatcher.gen TrendMicro 8.700.0.1004 2008.09.20 PE_PATCHEP.A VBA32 3.12.8.5 2008.09.19 - ViRobot 2008.9.20.1384 2008.09.20 Win32.Patched.C VirusBuster 4.5.11.0 2008.09.19 Win32.Agent.IMP Webwasher-Gateway 6.6.2 2008.09.19 Trojan.Patched.AA.595 Information additionnelle File size: 510464 bytes MD5...: 78e8c6d90f8b390df97b1ae3e4da44e3 SHA1..: 3017e8a5701c502060d91987b9fe5a3e88975d69 SHA256: bf5dbcb660703b10640633d7980d17d4addd8068b5731419c40a3c2d92a4e461 SHA512: c113a79f9f14154bc8aab7fe81511206afe602764f2f78cd6deeb166c49b32a1<br>7b3338f6a5a735e52dd54b4f62819aa11e5f8853c850b3d1ee6e25ba63442d46 PEiD..: - TrID..: File type identification<br>Win64 Executable Generic (80.9%)<br>Win32 Executable Generic (8.0%)<br>Win32 Dynamic Link Library (generic) (7.1%)<br>Generic Win/DOS Executable (1.8%)<br>DOS Executable Generic (1.8%) PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1081000<br>timedatestamp.....: 0x41107edc (Wed Aug 04 06:14:52 2004)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x6f288 0x6f400 6.82 9aefa34e4ef8656cff4ae32aca092e29<br>.data 0x71000 0x4d90 0x2000 6.20 baa64d00a5f8a540a38a60d2aff66f30<br>.rsrc 0x76000 0xc000 0xb200 3.49 0345b0566682de741cdcc72c6eafcaee<br><br>( 20 imports ) <br>> ADVAPI32.dll: ConvertStringSecurityDescriptorToSecurityDescriptorA, A_SHAInit, A_SHAUpdate, A_SHAFinal, LsaStorePrivateData, LsaRetrievePrivateData, LsaNtStatusToWinError, CryptGetUserKey, CryptGetKeyParam, CryptEncrypt, CryptSetProvParam, CryptSignHashW, CryptDeriveKey, CryptGetProvParam, RegOpenCurrentUser, RegDeleteKeyW, AddAccessAllowedAceEx, RegSetKeySecurity, I_ScSendTSMessage, MD5Init, MD5Update, MD5Final, SetFileSecurityA, AllocateLocallyUniqueId, LsaOpenPolicy, LsaQueryInformationPolicy, LsaFreeMemory, LsaClose, RegNotifyChangeKeyValue, QueryServiceConfigW, SetKernelObjectSecurity, ConvertStringSecurityDescriptorToSecurityDescriptorW, RegEnumKeyExW, GetCurrentHwProfileW, RegCloseKey, RegQueryValueExW, RegOpenKeyW, FreeSid, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, AddAccessAllowedAce, InitializeAcl, GetLengthSid, AllocateAndInitializeSid, RegOpenKeyExW, CreateProcessAsUserW, DuplicateTokenEx, CloseServiceHandle, ControlService, StartServiceW, QueryServiceStatus, OpenServiceW, OpenSCManagerW, EqualSid, GetTokenInformation, RegSetValueExW, RegCreateKeyExW, CryptGenRandom, CryptDestroyHash, CryptVerifySignatureW, CryptSetHashParam, CryptGetHashParam, CryptHashData, CryptCreateHash, CryptDecrypt, ReportEventW, RegisterEventSourceW, CryptImportKey, CryptAcquireContextW, CryptReleaseContext, CryptDestroyKey, RegEnumValueW, RegQueryInfoKeyW, RegDeleteValueW, CredFree, CredDeleteW, CredEnumerateW, CopySid, GetSidLengthRequired, GetSidSubAuthority, GetSidSubAuthorityCount, GetUserNameW, OpenThreadToken, EnumServicesStatusW, ImpersonateLoggedOnUser, RegQueryValueExA, CheckTokenMembership, DeregisterEventSource, LsaGetUserName, RevertToSelf, LookupAccountSidW, IsValidSid, SetTokenInformation, LogonUserW, LookupAccountNameW, OpenProcessToken, SynchronizeWindows31FilesAndWindowsNTRegistry, QueryWindows31FilesMigration, AdjustTokenPrivileges, RegQueryInfoKeyA<br>> AUTHZ.dll: AuthzInitializeResourceManager, AuthzAccessCheck, AuthziFreeAuditEventType, AuthziInitializeAuditEvent, AuthziInitializeAuditParams, AuthziInitializeAuditEventType, AuthziLogAuditEvent, AuthzFreeAuditEvent, AuthzFreeResourceManager, AuthzFreeHandle<br>> CRYPT32.dll: CryptImportPublicKeyInfo, CryptVerifyMessageSignature, CertCreateCertificateContext, CertSetCertificateContextProperty, CertVerifyCertificateChainPolicy, CryptSignMessage, CertCloseStore, CertComparePublicKeyInfo, CryptExportPublicKeyInfo, CertFindExtension, CryptDecryptMessage, CertGetCertificateContextProperty, CertAddCertificateContextToStore, CertOpenStore, CertVerifySubjectCertificateContext, CertGetIssuerCertificateFromStore, CertDuplicateCertificateContext, CertFreeCertificateContext, CertEnumCertificatesInStore, CryptImportPublicKeyInfoEx<br>> GDI32.dll: RemoveFontResourceW, AddFontResourceW<br>> KERNEL32.dll: WTSGetActiveConsoleSessionId, GetTimeFormatW, GetUserDefaultLCID, FileTimeToSystemTime, FileTimeToLocalFileTime, GetProcAddress, LoadLibraryW, GetModuleHandleW, SystemTimeToFileTime, GetSystemTime, SetLastError, TerminateProcess, GetCurrentProcess, CreateTimerQueueTimer, CreateThread, lstrcpynW, GetShortPathNameW, GetProfileStringW, FreeLibrary, ReleaseSemaphore, CreateSemaphoreW, GetSystemInfo, GetComputerNameW, GetEnvironmentVariableW, WaitForSingleObjectEx, LoadResource, FindResourceW, SetThreadExecutionState, DeleteTimerQueueTimer, ResetEvent, GetSystemDirectoryW, TransactNamedPipe, SetNamedPipeHandleState, GetTickCount, CreateFileW, GlobalGetAtomNameW, VirtualLock, VirtualQuery, GetDriveTypeW, Beep, OpenMutexW, QueueUserWorkItem, LeaveCriticalSection, EnterCriticalSection, DisconnectNamedPipe, SearchPathW, lstrcatW, LocalReAlloc, ExpandEnvironmentStringsW, TerminateThread, ResumeThread, GetDiskFreeSpaceExW, GlobalMemoryStatusEx, DeleteFileW, WriteProfileStringW, ReadFile, FindVolumeClose, FindNextVolumeW, FindFirstVolumeW, FormatMessageW, SetPriorityClass, MoveFileExW, WaitForMultipleObjectsEx, GetExitCodeProcess, SleepEx, InterlockedExchange, FindClose, FindFirstFileW, GetWindowsDirectoryW, SetTimerQueueTimer, GetComputerNameA, GetVersionExW, VerSetConditionMask, WriteFile, WaitNamedPipeW, WaitForMultipleObjects, ConnectNamedPipe, DuplicateHandle, OpenProcess, GetOverlappedResult, GetVersionExA, lstrcmpW, SetEnvironmentVariableW, UnregisterWait, CreateNamedPipeW, CreateRemoteThread, CreateActCtxW, GetModuleFileNameW, ExitProcess, LoadLibraryExW, SetErrorMode, SetUnhandledExceptionFilter, GetPrivateProfileStringW, LocalSize, VirtualAlloc, VirtualQueryEx, DebugBreak, CreateFileA, InitializeCriticalSection, ProcessIdToSessionId, SetInformationJobObject, AssignProcessToJobObject, TerminateJobObject, PostQueuedCompletionStatus, PulseEvent, GetQueuedCompletionStatus, CreateIoCompletionPort, CreateJobObjectW, ActivateActCtx, DeactivateActCtx, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetSystemTimeAsFileTime, UnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, GetCurrentProcessId, SetThreadPriority, GetCurrentThreadId, lstrcmpiW, GetProfileIntW, LoadLibraryExA, lstrcpyW, lstrlenW, Sleep, LocalAlloc, CreateEventW, GetExitCodeThread, SetThreadAffinityMask, GetProcessAffinityMask, CreateWaitableTimerW, CreateMutexW, OpenEventW, RegisterWaitForSingleObject, WaitForSingleObject, CreateProcessW, SetWaitableTimer, ReleaseMutex, SetEvent, UnregisterWaitEx, CloseHandle, lstrlenA, lstrcpyA, MultiByteToWideChar, GetACP, WideCharToMultiByte, HeapAlloc, GetProcessHeap, HeapFree, lstrcpynA, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, lstrcmpiA, GetFileSize, SetFilePointer, GlobalAlloc, GlobalFree, GetLastError, LocalFree, lstrcatA, lstrcmpA, GetLogicalDriveStringsA, GetDriveTypeA, GetVolumeInformationW, GlobalMemoryStatus, CreateMutexA, FindResourceExW, LockResource, SizeofResource, VerifyVersionInfoW, GetSystemDirectoryA, GetCurrentThread, DelayLoadFailureHook, BaseInitAppcompatCacheSupport, OpenProfileUserMapping, CloseProfileUserMapping, BaseCleanupAppcompatCacheSupport, InitializeCriticalSectionAndSpinCount, VirtualProtect, CreateEventA, TlsSetValue, DeleteCriticalSection, TlsGetValue, TlsAlloc, VirtualFree, TlsFree<br>> msvcrt.dll: _vsnwprintf, wcslen, wcsncpy, wcsstr, atoi, wcstok, memmove, wcschr, swprintf, swscanf, _local_unwind2, _wcslwr, wcscmp, _snwprintf, malloc, _c_exit, _exit, _XcptFilter, _cexit, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __3@YAXPAX@Z, __2@YAPAXI@Z, __CxxFrameHandler, _itow, _snprintf, _wtol, _strnicmp, sscanf, wcstombs, sprintf, strchr, strncmp, atof, _ftol, isspace, __set_app_type, wcscpy, _controlfp, wcsncmp, _wcsupr, ceil, wcscat, _except_handler3, free, _wcsicmp<br>> NDdeApi.dll: -, -, -, -<br>> ntdll.dll: RtlAllocateHeap, NtPowerInformation, NtSetSystemPowerState, NtRaiseHardError, RtlDeleteCriticalSection, NtOpenSymbolicLinkObject, NtReplyPort, NtCompleteConnectPort, NtReplyWaitReceivePort, NtAcceptConnectPort, NtCreatePort, RtlConvertSidToUnicodeString, RtlFreeUnicodeString, NtLockProductActivationKeys, RtlTimeToTimeFields, NtUnmapViewOfSection, NtMapViewOfSection, NtOpenSection, NtQuerySymbolicLinkObject, NtQueryVolumeInformationFile, NtSetSecurityObject, RtlAdjustPrivilege, NtOpenFile, NtFsControlFile, RtlAllocateAndInitializeSid, RtlDestroyEnvironment, RtlFreeHeap, NtQueryInformationToken, NtShutdownSystem, RtlEnterCriticalSection, RtlLeaveCriticalSection, RtlInitializeCriticalSection, RtlCreateEnvironment, RtlQueryEnvironmentVariable_U, RtlSetEnvironmentVariable, RtlInitUnicodeString, NtOpenKey, NtQueryValueKey, RtlSubAuthoritySid, RtlInitializeSid, RtlLengthRequiredSid, NtAllocateLocallyUniqueId, RtlGetDaclSecurityDescriptor, RtlCopySid, RtlLengthSid, NtSetInformationThread, NtDuplicateToken, NtDuplicateObject, RtlEqualSid, RtlSetDaclSecurityDescriptor, NtClose, RtlOpenCurrentUser, RtlCreateSecurityDescriptor, RtlAddAce, RtlCreateAcl, RtlNtStatusToDosError, NtOpenDirectoryObject, NtQuerySystemInformation, NtCreateEvent, NtCreatePagingFile, RtlDosPathNameToNtPathName_U, RtlRegisterWait, NtSetValueKey, NtCreateKey, RtlTimeToSecondsSince1980, NtQuerySystemTime, NtPrivilegeObjectAuditAlarm, NtPrivilegeCheck, NtOpenThreadToken, NtOpenProcessToken, RtlUnhandledExceptionFilter, NtQueryInformationProcess, DbgBreakPoint, RtlCheckProcessParameters, RtlSetThreadIsCritical, RtlSetProcessIsCritical, RtlInitString, NtInitiatePowerAction, DbgPrint, NtFilterToken, NtQueryInformationJobObject, NtOpenEvent, RtlGetAce, RtlQueryInformationAcl, NtQuerySecurityObject, RtlCompareUnicodeString, NtSetInformationProcess<br>> PROFMAP.dll: InitializeProfileMappingApi, RemapAndMoveUserW<br>> PSAPI.DLL: EnumProcesses, EnumProcessModules, GetModuleBaseNameW<br>> REGAPI.dll: RegDefaultUserConfigQueryW, RegUserConfigQuery<br>> RPCRT4.dll: RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcImpersonateClient, I_RpcMapWin32Status, RpcServerRegisterIf, RpcGetAuthorizationContextForClient, RpcFreeAuthorizationContext, RpcServerListen, RpcRevertToSelf, NdrServerCall2, UuidCreate<br>> Secur32.dll: GetUserNameExW, LsaLookupAuthenticationPackage, LsaRegisterLogonProcess, LsaCallAuthenticationPackage<br>> SETUPAPI.dll: SetupDiDestroyDeviceInfoList, SetupDiEnumDeviceInfo, SetupDiGetClassDevsW, SetupDiGetDeviceRegistryPropertyW<br>> USER32.dll: SetFocus, EnumWindows, CreateWindowStationW, RegisterLogonProcess, RecordShutdownReason, LoadLocalFonts, UnhookWindowsHook, SetWindowsHookW, GetWindowTextW, CallNextHookEx, DialogBoxParamW, GetWindowPlacement, GetSystemMenu, DeleteMenu, SetWindowPlacement, SetUserObjectInformationW, GetAsyncKeyState, PostThreadMessageW, SetUserObjectSecurity, CreateDesktopW, KillTimer, GetMessageTime, SetLogonNotifyWindow, UnlockWindowStation, SetTimer, ReplyMessage, UnregisterHotKey, RegisterHotKey, OpenInputDesktop, GetUserObjectInformationW, CloseDesktop, RegisterDeviceNotificationW, SetThreadDesktop, CreateWindowExW, GetMessageW, TranslateMessage, RegisterWindowMessageW, SetCursor, DefWindowProcW, FindWindowW, MessageBoxW, SendNotifyMessageW, PostQuitMessage, MsgWaitForMultipleObjects, GetWindowRect, GetSystemMetrics, PeekMessageW, DispatchMessageW, SetProcessWindowStation, UpdateWindow, ShowWindow, SetWindowPos, PostMessageW, ExitWindowsEx, EnumDisplayMonitors, SystemParametersInfoW, GetDlgItem, SendMessageW, CreateDialogParamW, DestroyWindow, GetWindowLongW, GetDlgItemTextW, EndDialog, SetWindowLongW, LoadStringW, SetWindowTextW, SetDlgItemTextW, wsprintfW, wsprintfA, LockWindowStation, MBToWCSEx, SetWindowStationUser, UpdatePerUserSystemParameters, DialogBoxIndirectParamW, wvsprintfW, SetLastErrorEx, LoadCursorW, CheckDlgButton, IsDlgButtonChecked, RegisterClassW, CloseWindowStation, LoadImageW, GetParent, GetKeyState, GetDesktopWindow, SetForegroundWindow, SwitchDesktop, OpenDesktopW<br>> USERENV.dll: WaitForUserPolicyForegroundProcessing, GetAllUsersProfileDirectoryW, -, -, -, -, WaitForMachinePolicyForegroundProcessing, -, -, -, UnloadUserProfile, LoadUserProfileW, GetUserProfileDirectoryW, RegisterGPNotification, CreateEnvironmentBlock, DestroyEnvironmentBlock, UnregisterGPNotification, -<br>> VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW<br>> WINSTA.dll: WinStationRequestSessionsList, WinStationQueryLogonCredentialsW, WinStationIsHelpAssistantSession, WinStationAutoReconnect, _WinStationWaitForConnect, WinStationDisconnect, _WinStationCallback, WinStationNameFromLogonIdW, _WinStationFUSCanRemoteUserDisconnect, WinStationEnumerate_IndexedW, WinStationGetMachinePolicy, WinStationQueryInformationW, WinStationFreeMemory, WinStationReset, _WinStationNotifyDisconnectPipe, WinStationConnectW, WinStationSetInformationW, WinStationShutdownSystem, WinStationCheckLoopBack, _WinStationNotifyLogon, _WinStationNotifyLogoff<br>> WINTRUST.dll: CryptCATCatalogInfoFromContext, CryptCATAdminCalcHashFromFileHandle, CryptCATAdminAcquireContext, CryptCATAdminEnumCatalogFromHash, CryptCATAdminReleaseCatalogContext, WTHelperProvDataFromStateData, WinVerifyTrust, WTHelperGetProvSignerFromChain, CryptCATAdminReleaseContext<br>> WS2_32.dll: -, getaddrinfo, -<br><br>( 0 exports ) <br>
  2. dranoel
    Bonsoir Loup blanc, Merci beaucoup de ton aide ! on a fini par le virer, mais reste-il d'autres infection ? Voilà j'ai un nouveau symptôme qui est apparu depuis la dernière manip combofix. Des le demarrage de windows mon Antivir s'affole toutes les 2 secondes pour un message d'alerte concernant le fichier suivant : C:/windows/system32/winlogon.exe je suis obligé de désactiver Antivir sinon je ne peux pas travailler ! Peut-tu m'aider à résoudre ce petit problème ?
  3. dranoel
    re alors j'ai fouillé un peu et j'ai trouvé le fichier suivant dans C:\QooBox\Quarantine [4][email protected] c'est peut-etre le fichier que tu recherches. je suis la procédure du MP.
  4. dranoel
    Bonsoir Loup blanc, alors voila le rapport combofix, par contre aucun fichier zip n'a été crée...j'ai bien suivi la procédure j'ai désactivé Antivir mais au redemarrage il s'est réactivé tout seul mais a chaque alerte j'ai cliqué ignorer. Alors peut-etre que ça a fait rater la procédure je ne sais pas. En tous cas j'ai cherché un peu partout le fichier zip mais sans résultat... ComboFix 08-09-12.07 - LEO 2008-09-14 20:23:11.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.303 [GMT 2:00] Lancé depuis: C:\Documents and Settings\LEO\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\LEO\Bureau\CFScript.txt * Un nouveau point de restauration a été créé AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\vg.dll . ((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-14 au 2008-09-14 )))))))))))))))))))))))))))))))))))) . 2008-09-11 10:28 . 2008-09-11 10:28 <REP> d-------- C:\Gmer 2008-09-11 10:28 . 2008-09-11 10:28 250 --a------ C:\WINDOWS\gmer.ini 2008-09-08 16:47 . 2008-09-08 17:30 <REP> d-------- C:\Program Files\NOS 2008-09-08 16:47 . 2008-09-08 17:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS 2008-09-06 19:23 . 2008-09-06 19:23 3,313,499 --a------ C:\upload_moi_LEO-BEEGA1ITBTM.tar.gz 2008-09-06 16:35 . 2008-09-06 16:35 <REP> d-------- C:\_OTMoveIt 2008-09-03 09:02 . 2008-09-03 09:02 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes 2008-09-03 08:58 . 2008-09-03 08:58 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-03 08:58 . 2008-09-03 08:58 <REP> d-------- C:\Documents and Settings\LEO\Application Data\Malwarebytes 2008-09-03 08:58 . 2008-09-03 08:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-03 08:58 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-03 08:58 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-02 23:18 . 2008-09-02 23:18 578,048 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll 2008-09-02 23:16 . 2008-09-02 23:16 <REP> d-------- C:\WINDOWS\ERUNT 2008-09-02 23:12 . 2008-09-02 23:45 <REP> d-------- C:\SDFix 2008-09-02 10:45 . 2008-09-02 10:45 <REP> d-------- C:\Program Files\Avira 2008-09-02 10:45 . 2008-09-02 10:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-08-31 12:19 . 2008-09-03 00:44 <REP> d-------- C:\SmitfraudFix 2008-08-31 12:16 . 2008-08-27 11:29 1,573,323 --a------ C:\SmitfraudFix.exe 2008-08-31 12:05 . 2008-09-03 00:42 3,952 --a------ C:\WINDOWS\system32\tmp.reg 2008-08-25 18:02 . 2005-08-27 11:38 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2008-08-25 18:02 . 2005-08-27 11:38 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-08-25 18:02 . 2005-08-27 10:43 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles 2008-08-25 18:02 . 2005-08-27 11:38 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents 2008-08-25 18:02 . 2005-08-27 11:38 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2008-08-25 18:02 . 2005-08-27 11:38 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris 2008-08-25 18:02 . 2008-09-13 13:54 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2008-08-25 18:02 . 2008-08-25 18:02 <REP> d-------- C:\Documents and Settings\Administrateur . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-13 11:47 --------- d-----w C:\Documents and Settings\LEO\Application Data\Azureus 2008-09-08 16:01 --------- d-----w C:\Program Files\Azureus 2008-09-08 15:34 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-08-07 19:34 --------- d-----w C:\Documents and Settings\LEO\Application Data\Apple Computer 2008-08-07 19:32 --------- d-----w C:\Program Files\Apple Software Update 2008-08-07 19:28 --------- d-----w C:\Program Files\iTunes 2008-08-07 19:28 --------- d-----w C:\Program Files\iPod 2008-08-07 19:26 --------- d-----w C:\Program Files\Bonjour 2008-08-07 19:25 --------- d-----w C:\Program Files\QuickTime 2008-08-07 19:12 --------- d-----w C:\Program Files\Safari 2008-08-05 17:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-05 17:30 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-07-22 18:32 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll . ------- Sigcheck ------- 2002-09-07 02:00 520704 71820bc9ee6653c8748922459dfc384d C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe 2004-08-19 16:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe 2004-08-19 16:10 510464 78e8c6d90f8b390df97b1ae3e4da44e3 C:\WINDOWS\system32\winlogon.exe 2004-08-19 16:09 1038848 caff5bac700e241711e67b27f4e4f1c0 C:\WINDOWS\explorer.exe 2002-09-07 02:00 1008128 82fe0d400cb1ac937234467b927b867a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe 2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\ServicePackFiles\i386\explorer.exe 2002-09-07 02:00 101888 fc0691097471ee374907e1024edcbd43 C:\WINDOWS\$NtServicePackUninstall$\services.exe 2004-08-19 16:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\ServicePackFiles\i386\services.exe 2004-08-19 16:10 110592 90bfeb102ded1bb9c86fa9c083bf3912 C:\WINDOWS\system32\services.exe 2002-09-07 02:00 11776 b7b1c150aff59455db4df082815f88f5 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe 2004-08-19 16:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\ServicePackFiles\i386\lsass.exe 2004-08-19 16:09 14848 6e1421b48437bac4a07290eb50830c5a C:\WINDOWS\system32\lsass.exe 2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe 2002-09-07 02:00 51200 b1ce5287f096895d9be26eb86f4d5faf C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe 2004-08-19 16:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe 2004-08-19 16:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe 2005-06-11 01:53 58880 0d1417bcacddb7743d59bcf8ed355ada C:\WINDOWS\system32\spoolsv.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-04-27 77824] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-30 4603904] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-09-30 86016] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-10-05 180269] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975] "WatchDog"="C:\Program Files\mobile PhoneTools\WatchDog.exe" [2004-08-14 36864] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-11-01 221184] "LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2004-11-01 18:22 73728] "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 262144] "LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2004-11-01 217088] "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "SoundMan"="SOUNDMAN.EXE" [2004-01-08 C:\WINDOWS\SOUNDMAN.EXE] "nwiz"="nwiz.exe" [2004-09-30 C:\WINDOWS\system32\nwiz.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 C:\WINDOWS\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm "VIDC.HFYU"= huffyuv.dll "vidc.i263"= C:\WINDOWS\system32\i263_32.drv "msacm.imc"= C:\WINDOWS\system32\imc32.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\BitComet\\BitComet.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\StubInstaller.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\mobile PhoneTools\\MMCenter.exe"= "C:\\Program Files\\ABC\\abc.exe"= "C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "13894:TCP"= 13894:TCP:BitComet 13894 TCP "13894:UDP"= 13894:UDP:BitComet 13894 UDP "52333:UDP"= 52333:UDP:azureus2 "52333:TCP"= 52333:TCP:azureus3 R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [2003-04-27 8704] R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-06-12 75904] R2 IrCOMM2kSvc;Virtual IR COM Port, Service Program;C:\WINDOWS\system32\ircomm2k.exe [2002-03-20 53248] R3 IrCOMM2k;Virtual IR COM Port;C:\WINDOWS\system32\DRIVERS\ircomm2k.sys [2002-03-25 16026] R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 99360] S3 getPlus® Helper;getPlus® Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [ ] S3 lvgaec;Logitech Kernel Audio Processing (AEC) Filter Driver;C:\WINDOWS\system32\drivers\lvgaec.sys [2004-11-01 884864] S3 lvsmflt;Logitech Kernel Audio Processing (Switch and Mute) Filter Driver;C:\WINDOWS\system32\drivers\lvsmflt.sys [2004-11-01 858880] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] . Contenu du dossier 'Tƒches planifi‚es' . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-14 20:28:09 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cach‚s ... Recherche d'‚l‚ments en d‚marrage automatique cach‚s ... Recherche de fichiers cach‚s ... Scan termin‚ avec succŠs Fichiers cach‚s: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\WINDOWS\system32\WiFiCfg.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2008-09-14 20:32:40 - La machine a red‚marr‚ ComboFix-quarantined-files.txt 2008-09-14 18:32:23 ComboFix2.txt 2008-09-13 11:58:54 Avant-CF: 5,776,887,808 octets libres Après-CF: 5,765,591,040 octets libres 187
  5. dranoel
    Bonjour Loup blanc, voici le rapport ComboFix, on va y arriver.... ComboFix 08-09-12.07 - LEO 2008-09-13 13:49:41.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.290 [GMT 2:00] Lancé depuis: C:\Documents and Settings\LEO\Bureau\ComboFix.exe * Un nouveau point de restauration a été créé AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . ADS - svchost.exe: deleted 68 bytes in 1 streams. ADS - ntoskrnl.exe: deleted 228 bytes in 1 streams. ADS - explorer.exe: deleted 132 bytes in 1 streams. (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\Documents and Settings\LEO\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk C:\Documents and Settings\LEO\Application Data\rhce7kj0e3ea ----- BITS: Il y a peut-ˆtre des sites infect‚s ----- http://pornotube8.net . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_poof ((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-13 au 2008-09-13 )))))))))))))))))))))))))))))))))))) . 2008-09-11 10:28 . 2008-09-11 10:28 <REP> d-------- C:\Gmer 2008-09-11 10:28 . 2008-09-11 10:28 250 --a------ C:\WINDOWS\gmer.ini 2008-09-08 16:47 . 2008-09-08 17:30 <REP> d-------- C:\Program Files\NOS 2008-09-08 16:47 . 2008-09-08 17:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS 2008-09-06 19:23 . 2008-09-06 19:23 3,313,499 --a------ C:\upload_moi_LEO-BEEGA1ITBTM.tar.gz 2008-09-06 16:35 . 2008-09-06 16:35 <REP> d-------- C:\_OTMoveIt 2008-09-03 09:02 . 2008-09-03 09:02 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes 2008-09-03 08:58 . 2008-09-03 08:58 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-03 08:58 . 2008-09-03 08:58 <REP> d-------- C:\Documents and Settings\LEO\Application Data\Malwarebytes 2008-09-03 08:58 . 2008-09-03 08:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-03 08:58 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-03 08:58 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-02 23:18 . 2008-09-02 23:18 578,048 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll 2008-09-02 23:16 . 2008-09-02 23:16 <REP> d-------- C:\WINDOWS\ERUNT 2008-09-02 23:12 . 2008-09-02 23:45 <REP> d-------- C:\SDFix 2008-09-02 10:45 . 2008-09-02 10:45 <REP> d-------- C:\Program Files\Avira 2008-09-02 10:45 . 2008-09-02 10:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-08-31 12:19 . 2008-09-03 00:44 <REP> d-------- C:\SmitfraudFix 2008-08-31 12:16 . 2008-08-27 11:29 1,573,323 --a------ C:\SmitfraudFix.exe 2008-08-31 12:05 . 2008-09-03 00:42 3,952 --a------ C:\WINDOWS\system32\tmp.reg 2008-08-25 18:02 . 2005-08-27 11:38 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2008-08-25 18:02 . 2005-08-27 11:38 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-08-25 18:02 . 2005-08-27 10:43 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles 2008-08-25 18:02 . 2005-08-27 11:38 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents 2008-08-25 18:02 . 2005-08-27 11:38 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2008-08-25 18:02 . 2005-08-27 11:38 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris 2008-08-25 18:02 . 2008-09-13 13:54 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2008-08-25 18:02 . 2008-08-25 18:02 <REP> d-------- C:\Documents and Settings\Administrateur . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-13 11:47 --------- d-----w C:\Documents and Settings\LEO\Application Data\Azureus 2008-09-08 16:01 --------- d-----w C:\Program Files\Azureus 2008-09-08 15:34 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-08-07 19:34 --------- d-----w C:\Documents and Settings\LEO\Application Data\Apple Computer 2008-08-07 19:32 --------- d-----w C:\Program Files\Apple Software Update 2008-08-07 19:28 --------- d-----w C:\Program Files\iTunes 2008-08-07 19:28 --------- d-----w C:\Program Files\iPod 2008-08-07 19:26 --------- d-----w C:\Program Files\Bonjour 2008-08-07 19:25 --------- d-----w C:\Program Files\QuickTime 2008-08-07 19:12 --------- d-----w C:\Program Files\Safari 2008-08-05 17:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-05 17:30 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-07-22 18:32 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll . ------- Sigcheck ------- 2002-09-07 02:00 520704 71820bc9ee6653c8748922459dfc384d C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe 2004-08-19 16:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe md5deep: C:\WINDOWS\system32\winlogon.exe: error at offset 0: Permission denied md5deep: C:\WINDOWS\explorer.exe: error at offset 0: Permission denied 2002-09-07 02:00 1008128 82fe0d400cb1ac937234467b927b867a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe 2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\ServicePackFiles\i386\explorer.exe 2002-09-07 02:00 101888 fc0691097471ee374907e1024edcbd43 C:\WINDOWS\$NtServicePackUninstall$\services.exe 2004-08-19 16:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\ServicePackFiles\i386\services.exe md5deep: C:\WINDOWS\system32\services.exe: error at offset 0: Permission denied 2002-09-07 02:00 11776 b7b1c150aff59455db4df082815f88f5 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe 2004-08-19 16:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\ServicePackFiles\i386\lsass.exe md5deep: C:\WINDOWS\system32\lsass.exe: error at offset 0: Permission denied 2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe 2002-09-07 02:00 51200 b1ce5287f096895d9be26eb86f4d5faf C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe 2004-08-19 16:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe 2004-08-19 16:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe md5deep: C:\WINDOWS\system32\spoolsv.exe: error at offset 0: Permission denied . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-04-27 77824] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-30 4603904] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-09-30 86016] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-10-05 180269] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975] "WatchDog"="C:\Program Files\mobile PhoneTools\WatchDog.exe" [2004-08-14 36864] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-11-01 221184] "LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2004-11-01 18:22 73728] "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 262144] "LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2004-11-01 217088] "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "SoundMan"="SOUNDMAN.EXE" [2004-01-08 C:\WINDOWS\SOUNDMAN.EXE] "nwiz"="nwiz.exe" [2004-09-30 C:\WINDOWS\system32\nwiz.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 C:\WINDOWS\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "oBtfVkS"= {D4E16665-7E4B-CCCF-2FE0-C8DAB406B604} - C:\WINDOWS\system32\vg.dll [2004-08-19 32768] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm "VIDC.HFYU"= huffyuv.dll "vidc.i263"= C:\WINDOWS\system32\i263_32.drv "msacm.imc"= C:\WINDOWS\system32\imc32.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\BitComet\\BitComet.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\StubInstaller.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\mobile PhoneTools\\MMCenter.exe"= "C:\\Program Files\\ABC\\abc.exe"= "C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "13894:TCP"= 13894:TCP:BitComet 13894 TCP "13894:UDP"= 13894:UDP:BitComet 13894 UDP "52333:UDP"= 52333:UDP:azureus2 "52333:TCP"= 52333:TCP:azureus3 R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [2003-04-27 8704] R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-06-12 75904] R2 IrCOMM2kSvc;Virtual IR COM Port, Service Program;C:\WINDOWS\system32\ircomm2k.exe [2002-03-20 53248] R3 IrCOMM2k;Virtual IR COM Port;C:\WINDOWS\system32\DRIVERS\ircomm2k.sys [2002-03-25 16026] R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 99360] S3 getPlus® Helper;getPlus® Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [ ] S3 lvgaec;Logitech Kernel Audio Processing (AEC) Filter Driver;C:\WINDOWS\system32\drivers\lvgaec.sys [2004-11-01 884864] S3 lvsmflt;Logitech Kernel Audio Processing (Switch and Mute) Filter Driver;C:\WINDOWS\system32\drivers\lvsmflt.sys [2004-11-01 858880] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] . Contenu du dossier 'Tƒches planifi‚es' . . ------- Examen suppl‚mentaire ------- . FireFox -: Profile - C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\ji8hdqc1.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.atptennis.com/ FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava11.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava12.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava13.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava14.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava32.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPOJI610.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-13 13:55:01 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cach‚s ... Recherche d'‚l‚ments en d‚marrage automatique cach‚s ... Recherche de fichiers cach‚s ... Scan termin‚ avec succŠs Fichiers cach‚s: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\WINDOWS\system32\WiFiCfg.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2008-09-13 13:58:53 - La machine a red‚marr‚ ComboFix-quarantined-files.txt 2008-09-13 11:58:38 Avant-CF: 5,820,129,280 octets libres Après-CF: 5,808,771,072 octets libres 214
  6. dranoel
    Bonjour Loup blanc, voilà le rapport Gmer, ça ne va pas etre très agréable à lire.... GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-09-11 10:53:49 Windows 5.1.2600 Service Pack 2 ---- Services - GMER 1.0.14 ---- Service .NET CLR Data Service .NET CLR Networking Service .NETFramework Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service C:\WINDOWS\System32\DRIVERS\ACPI.sys (Pilote ACPI pour NT/Microsoft Corporation) [bOOT] ACPI Service (Pilote de contrôleur intégré ACPI/Microsoft Corporation) [DISABLED] ACPIEC Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aec.sys (Microsoft Acoustic Echo Canceller/Microsoft Corporation) [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) [sYSTEM] AFD Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura WDM 3D Audio Driver/Sensaura Ltd) [MANUAL] ALCXSENS Service C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek AC'97 Audio Driver (WDM)/Realtek Semiconductor Corp.) [MANUAL] ALCXWDM Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] Alerter Service C:\WINDOWS\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) [MANUAL] ALG Service [DISABLED] AliIde Service C:\WINDOWS\System32\DRIVERS\amdk7.sys (Pilote de périphérique processeur/Microsoft Corporation) [sYSTEM] AmdK7 Service [DISABLED] amsint Service C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Antivirus Scheduler/Avira GmbH) [AUTO] AntiVirScheduler Service C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Antivirus On-Access Service/Avira GmbH) [AUTO] AntiVirService Service C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.) [AUTO] Apple Mobile Device Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] AppMgmt Service C:\WINDOWS\System32\DRIVERS\arp1394.sys (IP/1394 Arp Client/Microsoft Corporation) [MANUAL] Arp1394 Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service ASP.NET Service ASP.NET_1.1.4322 Service C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (aspnet_state.exe/Microsoft Corporation) [MANUAL] aspnet_state Service C:\WINDOWS\System32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) [MANUAL] AsyncMac Service C:\WINDOWS\System32\DRIVERS\atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) [bOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (Pilote de miniport ATI RAGE 128/ATI Technologies Inc.) [MANUAL] ati2mtag Service C:\WINDOWS\System32\DRIVERS\atmarpc.sys (IP/ATM Arp Client/Microsoft Corporation) [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] AudioSrv Service C:\WINDOWS\System32\DRIVERS\audstub.sys (AudStub Driver/Microsoft Corporation) [MANUAL] audstub Service C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH) [sYSTEM] avgio Service C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira Minifilter Driver/Avira GmbH) [MANUAL] avgntflt Service C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira Driver for RootKit Detection/Avira GmbH) [sYSTEM] avipbb Service BattC Service (BEEP Driver/Microsoft Corporation) [sYSTEM] Beep Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] BITS Service C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) [AUTO] Bonjour Service Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Browser Service C:\WINDOWS\system32\drivers\btaudio.sys (Bluetooth Audio Device/Broadcom Corporation) [MANUAL] btaudio Service C:\WINDOWS\system32\DRIVERS\btport.sys (Bluetooth BTPORT Driver for Windows 2000/Broadcom Corporation) [MANUAL] BTDriver Service C:\WINDOWS\system32\DRIVERS\BthEnum.sys (Bluetooth Bus Extender/Microsoft Corporation) [MANUAL] BthEnum Service C:\WINDOWS\system32\DRIVERS\bthpan.sys (Bluetooth Personal Area Networking/Microsoft Corporation) [MANUAL] BthPan Service C:\WINDOWS\System32\Drivers\BTHport.sys (Pilote de bus Bluetooth/Microsoft Corporation) [MANUAL] BTHPORT Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] BthServ Service C:\WINDOWS\System32\Drivers\BTHUSB.sys (Bluetooth Miniport Driver/Microsoft Corporation) [MANUAL] BTHUSB Service C:\WINDOWS\system32\drivers\btkrnl.sys (Bluetooth Protocol Driver for Windows 2000/Broadcom Corporation) [bOOT] BTKRNL Service C:\WINDOWS\system32\drivers\btserial.sys (Bluetooth Serial Driver for Windows 2000/Broadcom Corporation) [AUTO] BTSERIAL Service C:\WINDOWS\system32\drivers\btslbcsp.sys (Bluetooth Serial Driver for Windows 2000/Broadcom Corporation) [AUTO] BTSLBCSP Service C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe (Bluetooth Support Server/Broadcom Corporation) [AUTO] btwdins Service C:\WINDOWS\system32\DRIVERS\btwdndis.sys (Bluetooth LAN Access Server Driver/Broadcom Corporation) [MANUAL] BTWDNDIS Service C:\WINDOWS\System32\Drivers\btwusb.sys (Driver for Bluetooth USB Devices/Broadcom Corporation) [MANUAL] BTWUSB Service C:\WINDOWS\system32\DRIVERS\Camdrl.sys (Universal Serial Bus Camera Driver/Logitech Inc.) [MANUAL] CamDrL Service C:\DOCUME~1\LEO\LOCALS~1\Temp\catchme.sys [MANUAL] catchme Service (CardBus/PCMCIA IDE Miniport Driver/Microsoft Corporation) [DISABLED] cbidf2k Service C:\WINDOWS\system32\DRIVERS\CCDECODE.sys (WDM Closed Caption VBI Codec/Microsoft Corporation) [MANUAL] CCDECODE Service [DISABLED] cd20xrnt Service (CD-ROM Audio Filter Driver/Microsoft Corporation) [sYSTEM] Cdaudio Service (CD-ROM File System Driver/Microsoft Corporation) [DISABLED] Cdfs Service C:\WINDOWS\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) [sYSTEM] Cdrom Service [sYSTEM] Changer Service C:\WINDOWS\system32\cisvc.exe (Content Index service/Microsoft Corporation) [MANUAL] CiSvc Service Class Service C:\WINDOWS\system32\clipsrv.exe (Windows NT DDE Server/Microsoft Corporation) [DISABLED] ClipSrv Service [DISABLED] CmdIde Service C:\WINDOWS\System32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] CryptSvc Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] DcomLaunch Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Dhcp Service C:\WINDOWS\System32\DRIVERS\disk.sys (PnP Disk Driver/Microsoft Corporation) [bOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe (Processus du service Gestionnaire de disque logique/Microsoft Corp., Veritas Software) [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys (Pilote de démarrage du gestionnaire de disque NT/Microsoft Corp., Veritas Software) [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys (Pilote E/S du Gestionnaire de disques NT/Microsoft Corp., Veritas Software) [bOOT] dmio Service C:\WINDOWS\System32\drivers\dmload.sys (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software.) [bOOT] dmload Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys (Microsoft Kernel DLS Synthesizer/Microsoft Corporation) [MANUAL] DMusic Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Dnscache Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys (Microsoft Kernel DRM Audio Descrambler Filter/Microsoft Corporation) [MANUAL] drmkaud Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] ERSvc Service C:\WINDOWS\system32\services.exe (Applications Services et Contrôleur/Microsoft Corporation) [AUTO] Eventlog Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] EventSystem Service (Fast FAT File System Driver/Microsoft Corporation) [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] FastUserSwitchingCompatibility Service (Floppy Disk Controller Driver/Microsoft Corporation) [sYSTEM] Fdc Service (Pilote de cryptographie FIPS/Microsoft Corporation) [sYSTEM] Fips Service (Floppy Driver/Microsoft Corporation) [sYSTEM] Flpydisk Service C:\WINDOWS\system32\drivers\fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) [bOOT] FltMgr Service (File System Recognizer Driver/Microsoft Corporation) [sYSTEM] Fs_Rec Service C:\WINDOWS\System32\DRIVERS\ftdisk.sys (Pilote de disque à FT/Microsoft Corporation) [bOOT] Ftdisk Service C:\WINDOWS\System32\DRIVERS\gameenum.sys (Game Port Enumerator/Microsoft Corporation) [MANUAL] gameenum Service C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) [MANUAL] GEARAspiWDM Service C:\Program [MANUAL] getPlus® Helper Service C:\WINDOWS\System32\DRIVERS\gmer.sys (GMER Driver http://www.gmer.net/GMER) [MANUAL] gmer Service D:\INSTALL\GMSIPCI.SYS [MANUAL] GMSIPCI Service C:\WINDOWS\System32\DRIVERS\msgpc.sys (MS General Packet Classifier/Microsoft Corporation) [MANUAL] Gpc Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] HidServ Service C:\WINDOWS\system32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] HidUsb Service [DISABLED] hpn Service C:\WINDOWS\System32\Drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation) [MANUAL] HTTP Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] HTTPFilter Service [sYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\System32\DRIVERS\i8042prt.sys (Pilote de port i8042/Microsoft Corporation) [sYSTEM] i8042prt Service C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe (IDriverT Module/Macrovision Corporation) [MANUAL] IDriverT Service C:\WINDOWS\System32\DRIVERS\imapi.sys (IMAPI Kernel Driver/Microsoft Corporation) [sYSTEM] Imapi Service C:\WINDOWS\System32\imapi.exe (API Image Mastering/Microsoft Corporation) [MANUAL] ImapiService Service inetaccs Service [DISABLED] ini910u Service Inport Service [DISABLED] IntelIde Service C:\WINDOWS\system32\drivers\ip6fw.sys (IPv6 Windows Firewall Driver/Microsoft Corporation) [MANUAL] ip6fw Service C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys (IP FILTER DRIVER/Microsoft Corporation) [MANUAL] IpFilterDriver Service C:\WINDOWS\System32\DRIVERS\ipinip.sys (IP in IP Encapsulation Driver/Microsoft Corporation) [MANUAL] IpInIp Service C:\WINDOWS\System32\DRIVERS\ipnat.sys (IP Network Address Translator/Microsoft Corporation) [MANUAL] IpNat Service C:\Program Files\iPod\bin\iPodService.exe (iPodService Module/Apple Inc.) [MANUAL] iPod Service Service C:\WINDOWS\System32\DRIVERS\ipsec.sys (IPSec Driver/Microsoft Corporation) [sYSTEM] IPSec Service C:\WINDOWS\system32\DRIVERS\ircomm2k.sys (Virtual Infrared COM Port, Device Driver/Jan Kiszka) [MANUAL] IrCOMM2k Service C:\WINDOWS\system32\ircomm2k.exe (Virtual Infrared COM Port, Service Program/Jan Kiszka) [AUTO] IrCOMM2kSvc Service C:\WINDOWS\system32\DRIVERS\irda.sys (IRDA Protocol Driver/Microsoft Corporation) [AUTO] irda Service C:\WINDOWS\System32\DRIVERS\irenum.sys (Infra-Red Bus Enumerator/Microsoft Corporation) [MANUAL] IRENUM Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Irmon Service ISAPISearch Service C:\WINDOWS\System32\DRIVERS\isapnp.sys (Pilote de bus PNP ISA/Microsoft Corporation) [bOOT] isapnp Service C:\WINDOWS\System32\DRIVERS\kbdclass.sys (Pilote de la classe Clavier/Microsoft Corporation) [sYSTEM] Kbdclass Service C:\WINDOWS\system32\DRIVERS\kbdhid.sys (Pilote de filtre souris HID/Microsoft Corporation) [sYSTEM] kbdhid Service C:\WINDOWS\system32\drivers\kmixer.sys (Kernel Mode Audio Mixer/Microsoft Corporation) [MANUAL] kmixer Service (Kernel Security Support Provider Interface/Microsoft Corporation) [bOOT] KSecDD Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] lanmanserver Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] lanmanworkstation Service [sYSTEM] lbrtfdc Service ldap Service LicenseService Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] LmHosts Service C:\WINDOWS\system32\drivers\lvgaec.sys [MANUAL] lvgaec Service C:\WINDOWS\system32\drivers\lvsmflt.sys [MANUAL] lvsmflt Service C:\Program Files\Fichiers communs\Logitech\KAudP\srvLnch.exe [AUTO] LVSrvLauncher Service C:\WINDOWS\system32\drivers\lvusbsta.sys (USB Statistic Driver/Logitech Inc.) [MANUAL] LVUSBSta Service C:\WINDOWS\system32\DRIVERS\mdc8021x.sys (IEEE 802.1X Protocol Driver/Meetinghouse Data Communications) [AUTO] MDC8021X Service C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Machine Debug Manager/Microsoft Corporation) [AUTO] MDM Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] Messenger Service (Frame buffer simulator/Microsoft Corporation) [sYSTEM] mnmdd Service C:\WINDOWS\System32\mnmsrvc.exe (Partage de Bureau à distance NetMeeting/Microsoft Corporation) [MANUAL] mnmsrvc Service (Pilote de périphérique modem/Microsoft Corporation) [MANUAL] Modem Service C:\WINDOWS\System32\DRIVERS\mouclass.sys (Pilote de la classe Souris/Microsoft Corporation) [sYSTEM] Mouclass Service C:\WINDOWS\System32\DRIVERS\mouhid.sys (Pilote de filtre souris HID/Microsoft Corporation) [MANUAL] mouhid Service (Mount Manager/Microsoft Corporation) [bOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\System32\DRIVERS\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) [MANUAL] MRxDAV Service C:\WINDOWS\System32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) [sYSTEM] MRxSmb Service C:\WINDOWS\System32\msdtc.exe (MS DTC console program/Microsoft Corporation) [MANUAL] MSDTC Service (Mailslot driver/Microsoft Corporation) [sYSTEM] Msfs Service C:\WINDOWS\system32\msiexec.exe (Windows® installer/Microsoft Corporation) [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys (MS KS Server/Microsoft Corporation) [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys (MS Proxy Clock/Microsoft Corporation) [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys (MS Proxy Quality Manager/Microsoft Corporation) [MANUAL] MSPQM Service C:\WINDOWS\System32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [MANUAL] mssmbios Service C:\WINDOWS\system32\drivers\MSTEE.sys (WDM Tee/Communication Transform Filter /Microsoft Corporation) [MANUAL] MSTEE Service (Multiple UNC Provider driver/Microsoft Corporation) [bOOT] Mup Service C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys (WDM NABTS/FEC VBI Codec/Microsoft Corporation) [MANUAL] NABTSFEC Service (NDIS 5.1 wrapper driver/Microsoft Corporation) [bOOT] NDIS Service C:\WINDOWS\system32\DRIVERS\NdisIP.sys (Microsoft IP Driver/Microsoft Corporation) [MANUAL] NdisIP Service C:\WINDOWS\System32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) [MANUAL] NdisTapi Service C:\WINDOWS\System32\DRIVERS\ndisuio.sys (NDIS User mode I/O Driver/Microsoft Corporation) [MANUAL] Ndisuio Service C:\WINDOWS\System32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) [MANUAL] NdisWan Service (NDIS Proxy/Microsoft Corporation) [MANUAL] NDProxy Service C:\WINDOWS\System32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) [sYSTEM] NetBIOS Service C:\WINDOWS\System32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) [sYSTEM] NetBT Service C:\WINDOWS\system32\netdde.exe (DDE Réseau - Communication DDE/Microsoft Corporation) [DISABLED] NetDDE Service C:\WINDOWS\system32\netdde.exe (DDE Réseau - Communication DDE/Microsoft Corporation) [DISABLED] NetDDEdsdm Service C:\WINDOWS\System32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [MANUAL] Netlogon Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Netman Service C:\WINDOWS\System32\DRIVERS\nic1394.sys (IEEE1394 Ndis Miniport and Call Manager/Microsoft Corporation) [MANUAL] NIC1394 Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Nla Service (NPFS Driver/Microsoft Corporation) [sYSTEM] Npfs Service (NT File System Driver/Microsoft Corporation) [DISABLED] Ntfs Service C:\WINDOWS\System32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] NtmsSvc Service (NULL Driver/Microsoft Corporation) [sYSTEM] Null Service C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 66.81 /NVIDIA Corporation) [MANUAL] nv Service nv4 Service C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 66.81/NVIDIA Corporation) [AUTO] NVSvc Service C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys (NWLINK2 Traffic Filter Driver/Microsoft Corporation) [MANUAL] NwlnkFlt Service C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys (NWLINK2 Forwarder Driver/Microsoft Corporation) [MANUAL] NwlnkFwd Service C:\WINDOWS\System32\DRIVERS\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) [bOOT] ohci1394 Service C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Office Source Engine/Microsoft Corporation) [MANUAL] ose Service Outlook Service C:\WINDOWS\System32\DRIVERS\parport.sys (Pilote de port parallèle/Microsoft Corporation) [MANUAL] Parport Service (Partition Manager/Microsoft Corporation) [bOOT] PartMgr Service (Pilote parallèle VDM/Microsoft Corporation) [AUTO] ParVdm Service C:\WINDOWS\System32\DRIVERS\pci.sys (Énumérateur Plug-and-Play PCI pour NT/Microsoft Corporation) [bOOT] PCI Service [sYSTEM] PCIDump Service [DISABLED] PCIIde Service (Pilote de bus PCMCIA/Microsoft Corporation) [DISABLED] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\WINDOWS\system32\services.exe (Applications Services et Contrôleur/Microsoft Corporation) [AUTO] PlugPlay Service C:\WINDOWS\System32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] PolicyAgent Service poof Service C:\WINDOWS\System32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) [MANUAL] PptpMiniport Service C:\WINDOWS\system32\DRIVERS\PRISMA02.sys (PRISM Wireless NDIS 5.1 Driver/Conexant Systems, Inc.) [MANUAL] PRISM_A02 Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] ProtectedStorage Service C:\WINDOWS\System32\DRIVERS\psched.sys (MS QoS Packet Scheduler/Microsoft Corporation) [MANUAL] PSched Service C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink Service C:\WINDOWS\system32\DRIVERS\OVCD.sys (Video Minidriver/Microsoft Corporation) [MANUAL] QCDonner Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\System32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) [sYSTEM] RasAcd Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RasAuto Service C:\WINDOWS\System32\DRIVERS\rasirda.sys (IrDA WAN Miniport Driver/Microsoft Corporation) [MANUAL] Rasirda Service C:\WINDOWS\System32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Rasl2tp Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RasMan Service C:\WINDOWS\System32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) [MANUAL] RasPppoe Service C:\WINDOWS\System32\DRIVERS\raspti.sys (PTI DirectParallel® mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Raspti Service C:\WINDOWS\System32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) [sYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) [sYSTEM] RDPCDD Service RDPDD Service C:\WINDOWS\System32\DRIVERS\rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation) [MANUAL] rdpdr Service RDPNP Service (RDP Terminal Stack Driver (US/Canada Only, Not for Export)/Microsoft Corporation) [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe (Gestionnaire de session de l'aide sur le Bureau à distance de Microsoft®/Microsoft Corporation) [MANUAL] RDSessMgr Service C:\WINDOWS\System32\DRIVERS\redbook.sys (Pilote de filtre audio Livre rouge/Microsoft Corporation) [sYSTEM] redbook Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] RemoteAccess Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] RemoteRegistry Service C:\WINDOWS\system32\DRIVERS\rfcomm.sys (Bluetooth RFCOMM Driver/Microsoft Corporation) [MANUAL] RFCOMM Service C:\WINDOWS\System32\Drivers\RootMdm.sys (Legacy Non-Pnp Modem Device Driver/Microsoft Corporation) [MANUAL] ROOTMODEM Service C:\WINDOWS\System32\locator.exe (Rpc Locator/Microsoft Corporation) [MANUAL] RpcLocator Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] RpcSs Service C:\WINDOWS\System32\rsvp.exe (Microsoft RSVP/Microsoft Corporation) [MANUAL] RSVP Service C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys (Realtek 10/100/1000 NDIS 5.1 Driver /Realtek Semiconductor Corporation ) [MANUAL] RTL8023 Service C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek RTL8139 NDIS 5.0 Driver/Realtek Semiconductor Corporation) [MANUAL] rtl8139 Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] SamSs Service C:\WINDOWS\system32\DRIVERS\sbp2port.sys (SBP-2 Protocol Driver/Microsoft Corporation) [bOOT] sbp2port Service C:\WINDOWS\System32\SCardSvr.exe (Serveur de gestion de ressources des cartes à puce/Microsoft Corporation) [MANUAL] SCardSvr Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Schedule Service C:\WINDOWS\system32\drivers\scsiport.sys (SCSI Port Driver/Microsoft Corporation) ScsiPort Service C:\WINDOWS\System32\DRIVERS\secdrv.sys [MANUAL] Secdrv Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] seclogon Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SENS Service C:\WINDOWS\System32\DRIVERS\serenum.sys (Serial Port Enumerator/Microsoft Corporation) [MANUAL] serenum Service C:\WINDOWS\System32\DRIVERS\serial.sys (Pilote de périphérique série/Microsoft Corporation) [sYSTEM] Serial Service (SCSI Floppy Driver/Microsoft Corporation) [sYSTEM] Sfloppy Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SharedAccess Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] ShellHWDetection Service [DISABLED] Simbad Service C:\WINDOWS\system32\DRIVERS\SLIP.sys (Microsoft Slip Deframing Filter Minidriver/Microsoft Corporation) [MANUAL] SLIP Service [DISABLED] Sparrow Service C:\WINDOWS\system32\drivers\splitter.sys (Microsoft Kernel Audio Splitter/Microsoft Corporation) [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) [AUTO] Spooler Service C:\WINDOWS\System32\DRIVERS\sr.sys (Pilote de filtre de système de fichiers pour la restauration du système/Microsoft Corporation) [bOOT] sr Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] srservice Service C:\WINDOWS\System32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) [MANUAL] Srv Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] SSDPSRV Service C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) [sYSTEM] ssmdrv Service C:\WINDOWS\system32\DRIVERS\st3wolf.sys (SCSI miniport/ ) [MANUAL] st3wolf Service C:\WINDOWS\system32\DRIVERS\irstusb.sys (NDIS 5.0 USB Infra-Red Driver/SigmaTel, Inc.) [MANUAL] STIrUsb Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] stisvc Service C:\WINDOWS\system32\DRIVERS\StreamIP.sys (Microsoft IP Test Driver/Microsoft Corporation) [MANUAL] streamip Service C:\WINDOWS\system32\DRIVERS\stwlfbus.sys (PnP BIOS Extension/ ) [bOOT] stwlfbus Service C:\WINDOWS\System32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys (Microsoft GS Wavetable Synthesizer/Microsoft Corporation) [MANUAL] swmidi Service C:\WINDOWS\System32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] SwPrv Service swwd Service [DISABLED] symc810 Service [DISABLED] symc8xx Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\drivers\sysaudio.sys (System Audio WDM Filter/Microsoft Corporation) [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe (Service des alertes et des journaux de performance/Microsoft Corporation) [MANUAL] SysmonLog Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] TapiSrv Service C:\WINDOWS\System32\DRIVERS\tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation) [sYSTEM] Tcpip Service (Named Pipe Transport Driver/Microsoft Corporation) [MANUAL] TDPIPE Service (TCP Transport Driver/Microsoft Corporation) [MANUAL] TDTCP Service C:\WINDOWS\System32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) [sYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] TermService Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Themes Service C:\WINDOWS\System32\tlntsvr.exe (Telnet/Microsoft Corporation) [DISABLED] TlntSvr Service [DISABLED] TosIde Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] TrkWks Service TSDDD Service C:\WINDOWS\System32\DRIVERS\uagp35.sys (MS AGPv3.5 Filter/Microsoft Corporation) [bOOT] uagp35 Service (UDF File System Driver/Microsoft Corporation) [DISABLED] Udfs Service [DISABLED] ultra Service C:\WINDOWS\System32\DRIVERS\update.sys (Update Driver/Microsoft Corporation) [MANUAL] Update Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] upnphost Service C:\WINDOWS\System32\ups.exe (UPS Service/Microsoft Corporation) [MANUAL] UPS Service usb Service C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple Mobile Device USB Driver/Apple, Inc.) [MANUAL] USBAAPL Service C:\WINDOWS\system32\drivers\usbaudio.sys (USB Audio Class Driver/Microsoft Corporation) [MANUAL] usbaudio Service C:\WINDOWS\system32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) [MANUAL] usbccgp Service C:\WINDOWS\System32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) [MANUAL] usbehci Service C:\WINDOWS\System32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) [MANUAL] usbhub Service C:\WINDOWS\system32\DRIVERS\usbscan.sys (USB Scanner Driver/Microsoft Corporation) [MANUAL] usbscan Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) [MANUAL] USBSTOR Service C:\WINDOWS\System32\DRIVERS\usbuhci.sys (UHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbuhci Service C:\Program Files\MSN Messenger\usnsvc.exe (Messenger Sharing USN Journal Reader Service/Microsoft Corporation) [MANUAL] usnjsvc Service C:\WINDOWS\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [sYSTEM] VgaSave Service C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA NT AGP Filter/VIA Technologies, Inc.) [bOOT] viaagp1 Service C:\WINDOWS\System32\DRIVERS\viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [bOOT] ViaIde Service C:\WINDOWS\system32\DRIVERS\viasraid.sys (VIA Serial ATA RAID MINIPORT DRIVER FOR WINXP/VIA Technologies inc,.ltd) [bOOT] viasraid Service (Pilote de cliché instantané du volume/Microsoft Corporation) [bOOT] VolSnap Service C:\WINDOWS\System32\vssvc.exe (Service de cliché instantané de volumes Microsoft®/Microsoft Corporation) [MANUAL] VSS Service VXD Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] W32Time Service W3SVC Service C:\WINDOWS\System32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [MANUAL] Wanarp Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys (MMSYSTEM Wave/Midi API mapper/Microsoft Corporation) [MANUAL] wdmaud Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WebClient Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] winmgmt Service [MANUAL] Winsock Service WinSock2 Service WinTrust Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] WmdmPmSN Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Wmi Service WmiApRpl Service C:\WINDOWS\System32\wbem\wmiapsrv.exe (Service de la carte de performance WMI/Microsoft Corporation) [MANUAL] WmiApSrv Service C:\Program Files\Windows Media Player\WMPNetwk.exe (Service Partage réseau du Lecteur Windows Media/Microsoft Corporation) [MANUAL] WMPNetworkSvc Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] wscsvc Service C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS (WDM WST Codec Driver/Microsoft Corporation) [MANUAL] WSTCODEC Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] wuauserv Service C:\WINDOWS\system32\DRIVERS\WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation) [MANUAL] WudfPf Service C:\WINDOWS\system32\DRIVERS\wudfrd.sys (Windows Driver Foundation - User-mode Driver Framework Reflector/Microsoft Corporation) [MANUAL] WudfRd Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] WudfSvc Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WZCSVC Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] xmlprov Service {0C98830E-B02B-4E76-B177-0A94F6F2AB0B} Service {0F715617-850B-422A-9EBE-8230D844B92A} Service {2BF3C16B-F457-4703-9543-A986689087C4} Service {39047361-B3CF-4DF3-A601-461379DC6C34} Service {40587933-C501-4687-BC54-F760D801A400} Service {4E3BABC9-DF50-4C43-ADCC-8E6A06276E99} Service {78D6F1C4-9BDA-4B74-BBD8-3E41D8045FAE} Service {CA3CAE0B-C9F4-4F91-AB97-D830019C300A} ---- EOF - GMER 1.0.14 ----
  7. dranoel
    Salut Loup blanc, bien j'ai désinstallé Kaspersky j'ai fait la derniere manip hijackthis que tu m'as demandé de faire oui j'ai bien redemarré depuis le passage de OTmoveIt sinon il y a quelque chose de bizarre qui vient de se produire pendant que je mettais a jour Adobe reader... des "gens" de sont mis à parler...LOL non serieusement je crois que c'etait une sorte de radio ou podcast je sais pas, des gens qui discutent, qui apparait spontanément sans que mon ecran change (pas d'application qui s'ouvre). Les "voix" ont evidement disparu apres redemarrage... mon PC n'est pas infecté, il est POSSEDE !!!! J'attends ton post pour la suite des instructions.
  8. dranoel
    Voici le rapport DiagHelp : DiagHelp version v1.4 - http://www.malekal.com excute le 06/09/2008 à 19:17:40,10 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->06/09/2008 19:17:37 C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->06/09/2008 19:17:30 C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->06/09/2008 19:16:35 C:\WINDOWS\prefetch\AVWSC.EXE-347FCF75.pf -->06/09/2008 19:16:18 C:\WINDOWS\prefetch\ITUNES.EXE-1A268432.pf -->06/09/2008 19:08:54 C:\WINDOWS\prefetch\LOGONUI.EXE-0AF22957.pf -->06/09/2008 18:47:56 C:\WINDOWS\prefetch\AZUREUS.EXE-0561B197.pf -->06/09/2008 17:33:24 C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->06/09/2008 17:05:43 C:\WINDOWS\prefetch\FIREFOX.EXE-28641590.pf -->06/09/2008 16:56:36 C:\WINDOWS\prefetch\DISTNOTED.EXE-02950815.pf -->06/09/2008 16:55:24 C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->02/09/2008 00:16:46 C:\WINDOWS\System32\drivers\mbam.sys -->02/09/2008 00:16:40 C:\WINDOWS\System32\drivers\usbaapl.sys -->22/07/2008 20:32:44 C:\WINDOWS\System32\drivers\avipbb.sys -->27/06/2008 15:03:55 C:\WINDOWS\System32\drivers\avgntdd.sys -->09/05/2008 13:15:51 C:\WINDOWS\System32\drivers\GEARAspiWDM.sys -->29/01/2008 12:01:28 C:\WINDOWS\System32\drivers\avgntmgr.sys -->21/01/2008 18:11:28 C:\WINDOWS\System32\tmp.txt -->03/09/2008 00:42:48 C:\WINDOWS\System32\tmp.reg -->03/09/2008 00:42:48 C:\WINDOWS\System32\wpa.dbl -->01/09/2008 17:40:50 C:\WINDOWS\System32\cdm.dll -->18/07/2008 22:10:48 C:\WINDOWS\System32\wuauclt.exe -->18/07/2008 22:10:42 C:\WINDOWS\System32\wups2.dll -->18/07/2008 22:10:40 C:\WINDOWS\System32\wucltui.dll.mui -->18/07/2008 22:10:36 C:\WINDOWS\System32\wups.dll -->18/07/2008 22:10:20 C:\WINDOWS\System32\wuaucpl.cpl.mui -->18/07/2008 22:09:56 C:\WINDOWS\System32\wucltui.dll -->18/07/2008 22:09:46 C:\WINDOWS\System32\wuaucpl.cpl -->18/07/2008 22:09:46 C:\WINDOWS\System32\wuweb.dll -->18/07/2008 22:09:44 C:\WINDOWS\System32\wuapi.dll -->18/07/2008 22:09:44 C:\WINDOWS\System32\wuaueng.dll -->18/07/2008 22:09:42 C:\WINDOWS\System32\wuapi.dll.mui -->18/07/2008 22:09:14 C:\WINDOWS\System32\wuaueng.dll.mui -->18/07/2008 22:09:06 C:\WINDOWS\System32\QuickTimeVR.qtx -->27/05/2008 10:50:34 C:\WINDOWS\System32\QuickTime.qts -->27/05/2008 10:50:34 C:\WINDOWS\System32\PerfStringBackup.INI -->31/03/2008 00:22:45 C:\WINDOWS\System32\perfh00C.dat -->31/03/2008 00:22:45 C:\WINDOWS\System32\perfh009.dat -->31/03/2008 00:22:45 C:\WINDOWS\System32\perfc00C.dat -->31/03/2008 00:22:45 C:\WINDOWS\System32\perfc009.dat -->31/03/2008 00:22:45 C:\WINDOWS\System32\GEARAspi.dll -->29/01/2008 12:02:30 C:\WINDOWS\System32\FNTCACHE.DAT -->02/01/2008 21:42:58 C:\WINDOWS\WindowsUpdate.log -->06/09/2008 16:40:23 C:\WINDOWS\wiadebug.log -->06/09/2008 16:38:04 C:\WINDOWS\wiaservc.log -->06/09/2008 16:38:02 C:\WINDOWS\0.log -->06/09/2008 16:37:45 C:\WINDOWS\bootstat.dat -->06/09/2008 16:37:43 C:\WINDOWS\SchedLgU.Txt -->06/09/2008 16:36:52 C:\WINDOWS\wmsetup.log -->06/09/2008 15:53:51 C:\WINDOWS\msicpl.ini -->06/09/2008 15:53:49 C:\WINDOWS\setupapi.log -->05/09/2008 08:00:16 C:\WINDOWS\ntbtlog.txt -->03/09/2008 21:03:18 C:\WINDOWS\setupact.log -->03/09/2008 00:44:51 C:\WINDOWS\NeroDigital.ini -->02/09/2008 21:19:09 C:\WINDOWS\wininit.ini -->25/08/2008 18:37:08 C:\WINDOWS\tsoc.log -->25/08/2008 18:05:51 C:\WINDOWS\tabletoc.log -->25/08/2008 18:05:51 winlogon.exe svchost.exe ws2_32.dll user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 1968 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path *** Loaded C:\WINDOWS\system32\kernel32.dll differs from file image: *** File timestamp: Fri Aug 20 01:09:14 2004 *** Loaded image timestamp: Fri Aug 20 01:09:15 2004 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x01620000 0x2c6000 3.01.4000.2435 C:\WINDOWS\system32\msi.dll 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll 0x00bb0000 0x11000 3.00.0001.0915 C:\WINDOWS\system32\btncopy.dll 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x00b00000 0xc000 6.00.0001.1091 C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll 0x02340000 0x187000 1.06.0000.0012 C:\PROGRA~1\SPYBOT~1\SDHelper.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x02d90000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x03740000 0x8a000 1.09.0000.0305 C:\WINDOWS\system32\l3codeca.acm 0x15110000 0x25a000 11.00.5721.5145 C:\WINDOWS\system32\wmvcore.dll 0x11c70000 0x39000 11.00.5721.5145 C:\WINDOWS\system32\WMASF.DLL 0x03010000 0xf000 C:\Program Files\MSI\BToes Bluetooth Software\btkeyind.dll 0x01b70000 0x29000 C:\Program Files\WinRAR\rarext.dll 0x019c0000 0x12000 7.00.0000.0015 C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll 0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL 0x02b80000 0x56000 7.10.3052.0004 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll 0x01cb0000 0x12000 1.01.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll 0x020f0000 0x1f000 5.00.0142.0001 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll 0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 664 Command line: winlogon.exe Base Size Version Path 0x01000000 0x82000 \??\C:\WINDOWS\system32\winlogon.exe *** Loaded C:\WINDOWS\system32\kernel32.dll differs from file image: *** File timestamp: Fri Aug 20 01:09:14 2004 *** Loaded image timestamp: Fri Aug 20 01:09:15 2004 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll Le volume dans le lecteur C s'appelle Baggy Le numéro de série du volume est D4E1-6664 Répertoire de C:\WINDOWS\system32 19/08/2004 16:09 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 6 691 037 184 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C s'appelle Baggy Le numéro de série du volume est D4E1-6664 Répertoire de C:\WINDOWS\Downloaded Program Files 11/06/2007 16:45 <REP> . 11/06/2007 16:45 <REP> .. 27/08/2005 10:45 65 desktop.ini 14/10/1997 18:52 697 DirectAnimation Java Classes.osd 13/04/2007 15:27 367 LegitCheckControl.inf 20/01/2000 15:25 1 162 Microsoft XML Parser for Java.osd 27/03/2006 13:00 5 019 swflash.inf 5 fichier(s) 7 310 octets Total des fichiers listés : 5 fichier(s) 7 310 octets 2 Rép(s) 6 691 033 088 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui" "C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\mobile PhoneTools\\MMCenter.exe"="C:\\Program Files\\mobile PhoneTools\\MMCenter.exe:*:Enabled:MMCenter" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\ABC\\abc.exe"="C:\\Program Files\\ABC\\abc.exe:*:Enabled:abc" "C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"="C:\\Program Files\\QuickTime\\QuickTimePlayer.exe:*:Enabled:Fichier de ressources QuickTime" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-06 19:19:10 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000ea130c5d2] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000ea130c5d2] scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 2715 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 172 - kavsvc.exe 264 - iTunes.exe 280 - MDM.EXE 488 - svchost.exe 640 - csrss.exe 664 - winlogon.exe 716 - services.exe 728 - lsass.exe 892 - svchost.exe 920 - cmd.exe 948 - svchost.exe 1028 - Azureus.exe 1040 - svchost.exe 1236 - svchost.exe 1512 - sched.exe 1648 - avguard.exe 1660 - AppleMobileDevi 1680 - mDNSResponder.e 1908 - btwdins.exe 1968 - explorer.exe 3044 - kav.exe 3112 - rundll32.exe 3132 - LVCOMSX.EXE 3260 - iTunesHelper.ex 3292 - avgnt.exe 3344 - ctfmon.exe 3492 - BTTray.exe 3512 - raid_tool.exe 3524 - WiFiCfg.exe 3676 - iPodService.exe 3852 - firefox.exe Total number of processes = 32 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntoskrnl.exe 806EC000 - \WINDOWS\system32\hal.dll F8D0A000 - \WINDOWS\system32\KDCOM.DLL F8C1A000 - \WINDOWS\system32\BOOTVID.dll F87BA000 - ACPI.sys F8D0C000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS F87A9000 - pci.sys F880A000 - isapnp.sys F881A000 - ohci1394.sys F882A000 - \WINDOWS\System32\DRIVERS\1394BUS.SYS F8C1E000 - stwlfbus.sys F8D0E000 - viaide.sys F8A8A000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS F883A000 - MountMgr.sys F878A000 - ftdisk.sys F8D10000 - dmload.sys F8764000 - dmio.sys F8A92000 - PartMgr.sys F884A000 - VolSnap.sys F874C000 - atapi.sys F8739000 - viasraid.sys F8721000 - \WINDOWS\system32\DRIVERS\SCSIPORT.SYS F885A000 - disk.sys F886A000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS F8702000 - fltmgr.sys F86F0000 - sr.sys F86D9000 - KSecDD.sys F864C000 - Ntfs.sys F861F000 - NDIS.sys F887A000 - uagp35.sys F8A9A000 - viaagp1.sys F888A000 - sbp2port.sys F8604000 - Mup.sys F84D8000 - btkrnl.sys F8075000 - \SystemRoot\System32\DRIVERS\amdk7.sys F7F6E000 - \SystemRoot\system32\DRIVERS\ati2mtag.sys F7F5A000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F8065000 - \SystemRoot\System32\DRIVERS\imapi.sys F8055000 - \SystemRoot\System32\DRIVERS\cdrom.sys F8045000 - \SystemRoot\System32\DRIVERS\redbook.sys F7F37000 - \SystemRoot\System32\DRIVERS\ks.sys F8CD6000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys F8B5A000 - \SystemRoot\System32\DRIVERS\usbuhci.sys F7F14000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS F8B62000 - \SystemRoot\System32\DRIVERS\usbehci.sys F7E83000 - \SystemRoot\system32\drivers\ALCXWDM.SYS F7E5F000 - \SystemRoot\system32\drivers\portcls.sys F88CA000 - \SystemRoot\system32\drivers\drmk.sys F7DFF000 - \SystemRoot\system32\drivers\ALCXSENS.SYS F88DA000 - \SystemRoot\system32\DRIVERS\Rtlnic51.sys F88EA000 - \SystemRoot\System32\DRIVERS\nic1394.sys F7DEE000 - \SystemRoot\System32\DRIVERS\serial.sys F8CDE000 - \SystemRoot\System32\DRIVERS\serenum.sys F7DDA000 - \SystemRoot\System32\DRIVERS\parport.sys F88FA000 - \SystemRoot\System32\DRIVERS\i8042prt.sys F8B6A000 - \SystemRoot\System32\DRIVERS\kbdclass.sys F8CE2000 - \SystemRoot\System32\DRIVERS\gameenum.sys F8CE6000 - \SystemRoot\system32\DRIVERS\ircomm2k.sys F8B72000 - \SystemRoot\system32\drivers\btaudio.sys F8EDF000 - \SystemRoot\System32\DRIVERS\audstub.sys F8D50000 - \SystemRoot\System32\Drivers\RootMdm.sys F8B7A000 - \SystemRoot\System32\Drivers\Modem.SYS F8B82000 - \SystemRoot\System32\DRIVERS\rasirda.sys F8B8A000 - \SystemRoot\System32\DRIVERS\TDI.SYS F897A000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys F8CF2000 - \SystemRoot\System32\DRIVERS\ndistapi.sys F7D87000 - \SystemRoot\System32\DRIVERS\ndiswan.sys F898A000 - \SystemRoot\System32\DRIVERS\raspppoe.sys F899A000 - \SystemRoot\System32\DRIVERS\raspptp.sys F7D76000 - \SystemRoot\System32\DRIVERS\psched.sys F89AA000 - \SystemRoot\System32\DRIVERS\msgpc.sys F8B92000 - \SystemRoot\System32\DRIVERS\ptilink.sys F8B9A000 - \SystemRoot\System32\DRIVERS\raspti.sys F7D31000 - \SystemRoot\system32\DRIVERS\btwdndis.sys F8BA2000 - \SystemRoot\system32\DRIVERS\btport.sys F7D00000 - \SystemRoot\System32\DRIVERS\rdpdr.sys F89BA000 - \SystemRoot\System32\DRIVERS\termdd.sys F8BAA000 - \SystemRoot\System32\DRIVERS\mouclass.sys F8D52000 - \SystemRoot\System32\DRIVERS\swenum.sys F7CCC000 - \SystemRoot\System32\DRIVERS\update.sys F84B4000 - \SystemRoot\System32\DRIVERS\mssmbios.sys F7CB3000 - \SystemRoot\system32\DRIVERS\st3wolf.sys F89CA000 - \SystemRoot\System32\Drivers\NDProxy.SYS F89FA000 - \SystemRoot\System32\DRIVERS\usbhub.sys F8D58000 - \SystemRoot\System32\DRIVERS\USBD.SYS F8D5E000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F7962000 - \SystemRoot\System32\Drivers\Null.SYS F8D60000 - \SystemRoot\System32\Drivers\Beep.SYS F8BD2000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS F8BDA000 - \SystemRoot\System32\drivers\vga.sys F8D62000 - \SystemRoot\System32\Drivers\mnmdd.SYS F8D64000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F8BE2000 - \SystemRoot\System32\Drivers\Msfs.SYS F8BEA000 - \SystemRoot\System32\Drivers\Npfs.SYS F8CC6000 - \SystemRoot\System32\DRIVERS\rasacd.sys A2785000 - \SystemRoot\System32\DRIVERS\ipsec.sys A272D000 - \SystemRoot\System32\DRIVERS\tcpip.sys A2705000 - \SystemRoot\System32\DRIVERS\netbt.sys A26E3000 - \SystemRoot\System32\drivers\afd.sys F8A0A000 - \SystemRoot\System32\DRIVERS\netbios.sys F8BF2000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys A26B8000 - \SystemRoot\System32\DRIVERS\rdbss.sys A2649000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys F7D6A000 - \SystemRoot\System32\drivers\klmc.sys A2620000 - \SystemRoot\System32\drivers\klif.sys F8A1A000 - \SystemRoot\System32\Drivers\Fips.SYS A25FF000 - \SystemRoot\System32\DRIVERS\ipnat.sys F8A2A000 - \SystemRoot\System32\DRIVERS\wanarp.sys A24D6000 - \SystemRoot\system32\DRIVERS\avipbb.sys F8A3A000 - \SystemRoot\System32\DRIVERS\arp1394.sys F8D6C000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys A259F000 - \SystemRoot\system32\DRIVERS\hidusb.sys F8A5A000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS A259B000 - \SystemRoot\System32\DRIVERS\mouhid.sys F8A6A000 - \SystemRoot\System32\Drivers\Cdfs.SYS A2446000 - \SystemRoot\System32\Drivers\dump_atapi.sys F8D6E000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys A24C6000 - \SystemRoot\System32\drivers\Dxapi.sys F8C0A000 - \SystemRoot\System32\watchdog.sys BF000000 - \SystemRoot\System32\drivers\dxg.sys F8EE2000 - \SystemRoot\System32\drivers\dxgthk.sys BF012000 - \SystemRoot\System32\ati2dvag.dll BF048000 - \SystemRoot\System32\ati2cqag.dll BF080000 - \SystemRoot\System32\ati3duag.dll BF24E000 - \SystemRoot\System32\ativvaxx.dll A2368000 - \SystemRoot\system32\DRIVERS\irda.sys A27C8000 - \SystemRoot\system32\DRIVERS\mdc8021x.sys A27CC000 - \SystemRoot\System32\DRIVERS\ndisuio.sys A2133000 - \SystemRoot\System32\DRIVERS\mrxdav.sys F8DB8000 - \SystemRoot\System32\Drivers\ParVdm.SYS A2007000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys A1FCA000 - \SystemRoot\system32\drivers\wdmaud.sys A21A0000 - \SystemRoot\system32\drivers\sysaudio.sys F8AE2000 - \??\C:\WINDOWS\system32\drivers\btserial.sys A1F75000 - \??\C:\WINDOWS\system32\drivers\btslbcsp.sys A1C77000 - \SystemRoot\System32\DRIVERS\srv.sys A11B4000 - \SystemRoot\system32\drivers\kmixer.sys A1103000 - \SystemRoot\System32\Drivers\HTTP.sys F8E6B000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 140 Liste des programmes installes 802.11g USB 2.0 adapter ABC (remove only) Adobe Flash Player ActiveX Adobe Reader 6.0.1 Apple Mobile Device Support Apple Software Update AutoUpdate Avanquest update Avira AntiVir Personal - Free Antivirus AviSynth 2.5 Azureus BitComet 0.88 Bonjour Collab Correctif Windows XP - KB873333 Correctif Windows XP - KB873339 Correctif Windows XP - KB885250 Correctif Windows XP - KB885835 Correctif Windows XP - KB885836 Correctif Windows XP - KB886185 Correctif Windows XP - KB887472 Correctif Windows XP - KB887742 Correctif Windows XP - KB888113 Correctif Windows XP - KB888302 Correctif Windows XP - KB890859 Correctif Windows XP - KB891781 Correctif Windows XP - KB893086 DAEMON Tools DivX DivX Content Uploader DivX Media Codec 4.1.0 DivX Player DivX Web Player dvdSanta 4.00 EasyGPRS eMule Enable S3 for USB Device FL Studio 5 FL Studio 6 FLV Player Google Earth HijackThis 2.0.2 Hotfix for Windows XP (KB926239) Image Editor iPod for Windows 2005-09-06 iPod for Windows 2005-09-06 IrCOMM2k 1.2.1 iTunes J2SE Runtime Environment 5.0 Update 3 J2SE Runtime Environment 5.0 Update 6 Kaspersky Anti-Virus Personal Lecteur Windows Media 11 LimeWire 4.12.6 Logiciel ViewPort de Logitech Macromedia Flash Player 8 Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Office Professional Edition 2003 Microsoft User-Mode Driver Framework Feature Pack 1.0 Mise à jour de sécurité pour Lecteur Windows Media (KB911564) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) Mise à jour de sécurité pour Windows XP (KB890046) Mise à jour de sécurité pour Windows XP (KB893066) Mise à jour de sécurité pour Windows XP (KB893756) Mise à jour de sécurité pour Windows XP (KB896358) Mise à jour de sécurité pour Windows XP (KB896422) Mise à jour de sécurité pour Windows XP (KB896423) Mise à jour de sécurité pour Windows XP (KB896424) Mise à jour de sécurité pour Windows XP (KB896428) Mise à jour de sécurité pour Windows XP (KB896688) Mise à jour de sécurité pour Windows XP (KB899587) Mise à jour de sécurité pour Windows XP (KB899588) Mise à jour de sécurité pour Windows XP (KB899589) Mise à jour de sécurité pour Windows XP (KB899591) Mise à jour de sécurité pour Windows XP (KB900725) Mise à jour de sécurité pour Windows XP (KB901017) Mise à jour de sécurité pour Windows XP (KB901214) Mise à jour de sécurité pour Windows XP (KB902400) Mise à jour de sécurité pour Windows XP (KB904706) Mise à jour de sécurité pour Windows XP (KB905414) Mise à jour de sécurité pour Windows XP (KB905749) Mise à jour de sécurité pour Windows XP (KB905915) Mise à jour de sécurité pour Windows XP (KB908519) Mise à jour de sécurité pour Windows XP (KB911562) Mise à jour de sécurité pour Windows XP (KB911567) Mise à jour de sécurité pour Windows XP (KB911927) Mise à jour de sécurité pour Windows XP (KB912812) Mise à jour de sécurité pour Windows XP (KB912919) Mise à jour de sécurité pour Windows XP (KB913446) Mise à jour de sécurité pour Windows XP (KB913580) Mise à jour de sécurité pour Windows XP (KB914388) Mise à jour de sécurité pour Windows XP (KB914389) Mise à jour de sécurité pour Windows XP (KB916281) Mise à jour de sécurité pour Windows XP (KB917159) Mise à jour de sécurité pour Windows XP (KB917344) Mise à jour de sécurité pour Windows XP (KB917953) Mise à jour de sécurité pour Windows XP (KB918439) Mise à jour pour Windows XP (KB894391) Mise à jour pour Windows XP (KB896727) Mise à jour pour Windows XP (KB898461) Mise à jour pour Windows XP (KB900485) Mise à jour pour Windows XP (KB908531) Mise à jour pour Windows XP (KB910437) Mise à jour pour Windows XP (KB911280) Mise à jour pour Windows XP (KB916595) mobile PhoneTools Mozilla Firefox (3.0.1) Native Instruments Traktor DJ Studio 3 Nero 6 Ultra Edition NVIDIA Drivers Programme de gestion Camera de Logitech® PSP Video 9 1.74 QuickTime ratDVD 0.78.1444 RealPlayer Realtek AC'97 Audio REALTEK Gigabit and Fast Ethernet NIC Driver Safari Samsung PC Studio II Image Editor Samsung PC Studio PC Sync Samsung PC Studio Samples 2.0 Spybot - Search & Destroy Theorica Divx Codecs (remove only) VIA Integrated Setup Wizard VIA Integrated Setup Wizard VobSub v2.23 (Remove Only) WebFldrs XP WIDCOMM Bluetooth Software Windows Installer 3.1 (KB893803) Windows Live Messenger Windows Live Sign-in Assistant Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 2 WinRAR archiver WLAN Le volume dans le lecteur C s'appelle Baggy Le numéro de série du volume est D4E1-6664 Répertoire de C:\Program Files 03/09/2008 08:58 <REP> . 03/09/2008 08:58 <REP> .. 03/10/2005 17:38 <REP> 802.11g USB2.0 Adapter 10/12/2006 20:30 <REP> ABC 27/08/2005 13:04 <REP> Adobe 04/11/2005 18:58 <REP> Ahead 07/08/2008 21:32 <REP> Apple Software Update 02/09/2008 10:45 <REP> Avira 04/11/2005 19:03 <REP> AviSynth 2.5 21/03/2007 22:29 <REP> AvRack 02/11/2007 10:30 <REP> Azureus 28/05/2007 19:23 <REP> BitComet 07/08/2008 21:26 <REP> Bonjour 27/08/2005 10:44 <REP> ComPlus Applications 11/06/2006 22:18 <REP> DIFX 20/08/2007 13:12 <REP> DivX 27/08/2005 12:17 <REP> D-Tools 18/12/2006 22:11 <REP> dvdSanta 20/08/2007 11:12 <REP> eMule 22/12/2007 19:23 <REP> Fichiers communs 31/08/2007 19:13 <REP> FLV Player 08/02/2008 15:04 <REP> Gabest 27/08/2005 12:36 <REP> Gigabyte 13/06/2007 16:29 <REP> Google 18/09/2006 00:29 <REP> Image-Line 02/08/2006 00:59 <REP> Internet Explorer 07/08/2008 21:28 <REP> iPod 07/08/2008 21:28 <REP> iTunes 01/05/2006 19:42 <REP> Java 27/08/2005 12:30 <REP> Kaspersky Lab 27/12/2006 12:23 <REP> LimeWire 11/12/2007 01:35 <REP> LiveUpdate 27/09/2007 22:56 <REP> Logitech 03/09/2008 08:58 <REP> Malwarebytes' Anti-Malware 03/10/2005 18:55 <REP> Messenger 27/08/2005 10:46 <REP> microsoft frontpage 27/08/2005 12:20 <REP> Microsoft Office 27/08/2005 12:20 <REP> Microsoft Visual Studio 27/08/2005 12:20 <REP> Microsoft Works 27/08/2005 12:21 <REP> Microsoft.NET 11/12/2007 01:35 <REP> mobile PhoneTools 27/08/2005 12:03 <REP> Movie Maker 06/09/2008 16:41 <REP> Mozilla Firefox 30/04/2006 22:13 <REP> MSI 27/08/2005 10:43 <REP> MSN Gaming Zone 27/09/2007 23:38 <REP> MSN Messenger 25/05/2006 21:34 <REP> Native Instruments 27/08/2005 12:01 <REP> NetMeeting 01/05/2006 19:48 <REP> Outlook Express 04/11/2005 19:03 <REP> pspvideo9 07/08/2008 21:25 <REP> QuickTime 09/08/2006 23:16 <REP> ratDVD 05/10/2005 22:19 <REP> Real 27/08/2005 12:37 <REP> Realtek Sound Manager 07/08/2008 21:12 <REP> Safari 01/05/2006 00:11 <REP> Samsung 27/08/2005 10:45 <REP> Services en ligne 05/08/2008 19:30 <REP> Spybot - Search & Destroy 24/11/2005 21:30 <REP> Theorica Divx Codecs 27/08/2005 12:38 <REP> VIA 18/09/2006 00:30 <REP> VstPlugins 18/10/2007 16:11 <REP> Windows Media Connect 2 18/10/2007 16:11 <REP> Windows Media Player 11/06/2007 17:26 <REP> Windows NT 27/08/2005 11:41 <REP> WinRAR 27/08/2005 10:46 <REP> xerox 0 fichier(s) 0 octets 66 Rép(s) 6 667 243 520 octets libres Le volume dans le lecteur C s'appelle Baggy Le numéro de série du volume est D4E1-6664 Répertoire de C:\Program Files\fichiers communs 22/12/2007 19:23 <REP> . 22/12/2007 19:23 <REP> .. 06/10/2005 08:18 <REP> Adobe 04/11/2005 18:58 <REP> Ahead 22/12/2007 19:23 <REP> Apple 27/08/2005 12:20 <REP> DESIGNER 27/08/2005 12:56 <REP> InstallShield 30/04/2006 15:33 <REP> Java 27/09/2007 22:57 <REP> Logitech 11/06/2006 22:18 <REP> Microsoft Shared 27/08/2005 10:44 <REP> MSSoap 27/08/2005 11:39 <REP> ODBC 05/10/2005 22:20 <REP> Real 27/08/2005 10:44 <REP> Services 27/08/2005 11:39 <REP> SpeechEngines 01/05/2006 19:48 <REP> System 05/10/2005 22:20 <REP> xing shared 0 fichier(s) 0 octets 17 Rép(s) 6 667 239 424 octets libres Le volume dans le lecteur C s'appelle Baggy Le numéro de série du volume est D4E1-6664 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 27/08/2005 12:20 <REP> . 27/08/2005 12:20 <REP> .. 27/08/2005 12:20 <REP> 1033 27/08/2005 12:20 <REP> 1036 11/07/2003 10:15 1 292 872 MSONSEXT.DLL 15/07/2003 06:52 35 896 MSOSV.DLL 03/06/1999 14:09 122 937 MSOWS409.DLL 07/03/2001 09:00 127 033 MSOWS40c.DLL 11/07/2003 02:25 80 448 PKMWS.DLL 5 fichier(s) 1 659 186 octets 4 Rép(s) 6 667 239 424 octets libres Le volume dans le lecteur C s'appelle Baggy Le numéro de série du volume est D4E1-6664 Répertoire de C:\ 27/08/2008 11:29 1 573 323 SmitfraudFix.exe 31/10/2005 17:56 700 416 StubInstaller.exe 2 fichier(s) 2 273 739 octets 0 Rép(s) 6 667 239 424 octets libres c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.7.1.11\SetupAdmin.exe c:\Documents and Settings\LEO\.limewire\.NetworkShare\LimeWireWin4.16.6.exe c:\Documents and Settings\LEO\Application Data\Macromedia\Flash Player\#SharedObjects\TSWVFE9N\localhost\Program Files\FLV Player\FLVPlayer.exe c:\Documents and Settings\LEO\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe c:\Documents and Settings\LEO\Bureau\antivir_workstation_winu_en_h.exe c:\Documents and Settings\LEO\Bureau\cuteftp3p.exe c:\Documents and Settings\LEO\Bureau\HiJackThis.exe c:\Documents and Settings\LEO\Bureau\IE8-WindowsXP-x86-ENU.exe c:\Documents and Settings\LEO\Bureau\iTunesSetup.exe c:\Documents and Settings\LEO\Bureau\OTMoveIt2.exe c:\Documents and Settings\LEO\Bureau\SmitfraudFix.exe c:\Documents and Settings\LEO\Bureau\spybotsd160.exe c:\Documents and Settings\LEO\Bureau\VobSub_2.23.exe c:\Documents and Settings\LEO\Bureau\DiagHelp\catchme.exe c:\Documents and Settings\LEO\Bureau\DiagHelp\diff.exe c:\Documents and Settings\LEO\Bureau\DiagHelp\dumphive.exe c:\Documents and Settings\LEO\Bureau\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\LEO\Bureau\DiagHelp\find2.exe c:\Documents and Settings\LEO\Bureau\DiagHelp\Fport.exe c:\Documents and Settings\LEO\Bureau\DiagHelp\grep.exe c:\Documents and Settings\LEO\Bureau\DiagHelp\gzip.exe c:\Documents and Settings\LEO\Bureau\DiagHelp\KProcCheck.exe c:\Documents and Settings\LEO\Bureau\DiagHelp\LFiles.exe c:\Documents and Settings\LEO\Bureau\DiagHelp\LISTDLLS.exe c:\Documents and Settings\LEO\Bureau\DiagHelp\md5sums.exe c:\Documents and Settings\LEO\Bureau\DiagHelp\pslist.exe c:\Documents and Settings\LEO\Bureau\DiagHelp\sigcheck.exe c:\Documents and Settings\LEO\Bureau\DiagHelp\streams.exe c:\Documents and Settings\LEO\Bureau\DiagHelp\swreg.exe c:\Documents and Settings\LEO\Bureau\DiagHelp\tar.exe c:\Documents and Settings\LEO\Bureau\SmitfraudFix\404Fix.exe c:\Documents and Settings\LEO\Bureau\SmitfraudFix\AntiXPVSTFix.exe c:\Documents and Settings\LEO\Bureau\SmitfraudFix\dumphive.exe c:\Documents and Settings\LEO\Bureau\SmitfraudFix\exit.exe c:\Documents and Settings\LEO\Bureau\SmitfraudFix\GenericRenosFix.exe c:\Documents and Settings\LEO\Bureau\SmitfraudFix\HostsChk.exe c:\Documents and Settings\LEO\Bureau\SmitfraudFix\IEDFix.C.exe c:\Documents and Settings\LEO\Bureau\SmitfraudFix\IEDFix.exe c:\Documents and Settings\LEO\Bureau\SmitfraudFix\Policies.exe c:\Documents and Settings\LEO\Bureau\SmitfraudFix\Process.exe c:\Documents and Settings\LEO\Bureau\SmitfraudFix\Reboot.exe c:\Documents and Settings\LEO\Bureau\SmitfraudFix\restart.exe c:\Documents and Settings\LEO\Bureau\SmitfraudFix\SmiUpdate.exe c:\Documents and Settings\LEO\Bureau\SmitfraudFix\SrchSTS.exe c:\Documents and Settings\LEO\Bureau\SmitfraudFix\swreg.exe c:\Documents and Settings\LEO\Bureau\SmitfraudFix\swsc.exe c:\Documents and Settings\LEO\Bureau\SmitfraudFix\swxcacls.exe c:\Documents and Settings\LEO\Bureau\SmitfraudFix\UIFix.exe c:\Documents and Settings\LEO\Bureau\SmitfraudFix\unzip.exe c:\Documents and Settings\LEO\Bureau\SmitfraudFix\VACFix.exe c:\Documents and Settings\LEO\Bureau\SmitfraudFix\VCCLSID.exe c:\Documents and Settings\LEO\Bureau\SmitfraudFix\WS2Fix.exe c:\Documents and Settings\LEO\Local Settings\Temp\_ds5A.tmp\demo32.exe c:\Documents and Settings\LEO\Mes documents\Apps\20041030112032171_EasyGPRS_SETUP.exe c:\Documents and Settings\LEO\Mes documents\Apps\20050816162417437_Image_Editor.exe c:\Documents and Settings\LEO\Mes documents\Apps\20050816162417437_PIMS_File_Manager.exe c:\Documents and Settings\LEO\Mes documents\Apps\20060111160400218_Sample_Media.exe c:\Documents and Settings\LEO\Mes documents\Apps\20060208164822312_Image_Editor_Setup.exe c:\Documents and Settings\LEO\Mes documents\Apps\20060208164822312_PC_Sync_Setup.exe c:\Documents and Settings\LEO\Mes documents\Apps\ABC-win32-v3.1.exe c:\Documents and Settings\LEO\Mes documents\Apps\Azureus_2.5.0.4_Win32.setup.exe c:\Documents and Settings\LEO\Mes documents\Apps\BitComet_0.60_setup.exe c:\Documents and Settings\LEO\Mes documents\Apps\bitcomet_setup.exe c:\Documents and Settings\LEO\Mes documents\Apps\BitTornado-0.3.7-w32install.exe c:\Documents and Settings\LEO\Mes documents\Apps\daemon333.exe c:\Documents and Settings\LEO\Mes documents\Apps\DivXPlay.exe c:\Documents and Settings\LEO\Mes documents\Apps\dvdsanta.exe c:\Documents and Settings\LEO\Mes documents\Apps\eMule0.46c_Installer.exe c:\Documents and Settings\LEO\Mes documents\Apps\eMule0.47a-Installer.exe c:\Documents and Settings\LEO\Mes documents\Apps\GoogleEarthWin_EARE.exe c:\Documents and Settings\LEO\Mes documents\Apps\ie6setup.exe c:\Documents and Settings\LEO\Mes documents\Apps\IE7-WindowsXP-x86-fra.exe c:\Documents and Settings\LEO\Mes documents\Apps\Install_Messenger_Beta.exe c:\Documents and Settings\LEO\Mes documents\Apps\iTunesSetup.exe c:\Documents and Settings\LEO\Mes documents\Apps\LimeWireWin.exe c:\Documents and Settings\LEO\Mes documents\Apps\mbam-setup.exe c:\Documents and Settings\LEO\Mes documents\Apps\Nero-6.6.0.16.exe c:\Documents and Settings\LEO\Mes documents\Apps\pspVideo9_Install.exe c:\Documents and Settings\LEO\Mes documents\Apps\ratDVDSetup-0.78.1444.exe c:\Documents and Settings\LEO\Mes documents\Apps\SDFix.exe c:\Documents and Settings\LEO\Mes documents\Apps\WinRAR 3.0 With Key.EXE c:\Documents and Settings\LEO\Mes documents\Apps\20041030112032171_EasyGPRS_SETUP\EasyGPRS_SETUP\Setup.exe c:\Documents and Settings\LEO\Mes documents\Apps\20050816162417437_Image_Editor\Setup.exe c:\Documents and Settings\LEO\Mes documents\Apps\20050816162417437_PIMS_File_Manager\Setup.exe c:\Documents and Settings\LEO\Mes documents\Apps\avipreview_by_aj_026_alpha\AVIPreview.exe c:\Documents and Settings\LEO\Mes documents\Apps\codec\The-Codecs.exe c:\Documents and Settings\LEO\Mes documents\Apps\Fruity Loops Studio 6.0 Producer Edition 2005 + KEY\fl6.exe c:\Documents and Settings\LEO\Mes documents\Apps\Fruity Loops Studio 6.0 Producer Edition 2005 + KEY\Fruity.Loops.Studio.Producer.Edition.5.0.0.Inc.Crack+Extra.Sounds\FLStudio5_Install.exe c:\Documents and Settings\LEO\Mes documents\Apps\Fruity Loops Studio 6.0 Producer Edition 2005 + KEY\Fruity.Loops.Studio.Producer.Edition.5.0.0.Inc.Crack+Extra.Sounds\crack\FL.EXE c:\Documents and Settings\LEO\Mes documents\Apps\IrCOMM2k-1.2.1-eng\IrCOMM2k-eng\ircomm2k.exe c:\Documents and Settings\LEO\Mes documents\Apps\IrCOMM2k-1.2.1-eng\IrCOMM2k-eng\Setup.exe c:\Documents and Settings\LEO\Mes documents\Apps\Kapersky\kav5.0.142_personalfr.exe c:\Documents and Settings\LEO\Mes documents\Apps\Motorola Mobile Phone Tools Deluxe 4\(Win) Motorola Mobile Phone Tools Deluxe 3.11.exe c:\Documents and Settings\LEO\Mes documents\Apps\Traktor DJ Studio 3\TRAKTOR_DJ_STUDIO_3_KEYGEN.EXE c:\Documents and Settings\LEO\Mes documents\Apps\VirtualDub-1.6.11\auxsetup.exe c:\Documents and Settings\LEO\Mes documents\Apps\VirtualDub-1.6.11\vdub.exe c:\Documents and Settings\LEO\Mes documents\Apps\VirtualDub-1.6.11\VirtualDub.exe c:\Documents and Settings\LEO\Mes documents\Apps\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\CrackMediaPlayer.exe c:\Documents and Settings\LEO\Mes documents\Apps\Windows Media Player 11 Final with CRACK\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Windows Media Player 11 Final + CRACK it 100 % WOrking [zeem]\Setup.exe c:\Documents and Settings\LEO\Mes documents\Apps\WinMPG_VideoConvert\WinMPG_VideoConvert_Setup.EXE c:\Documents and Settings\LEO\Mes documents\WinRAR 3.0 With Key\wrar300.exe c:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\Bases\avcmhk.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_LEO-BEEGA1ITBTM.tar.gz a l'adresse http://upload.malekal.com et le rapport Hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:46:52, on 06/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ircomm2k.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\D-Tools\daemon.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\mobile PhoneTools\WatchDog.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\ElkCtrl.exe C:\Program Files\Logitech\Video\CameraAssistant.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\WINDOWS\system32\WiFiCfg.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\distnoted.exe C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe C:\WINDOWS\system32\WISPTIS.EXE C:\Documents and Settings\LEO\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {72A128E0-2240-40c8-9E92-5387D64F839E} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: 802.11g USB 2.0 adapter Setting.lnk = C:\WINDOWS\system32\WiFiCfg.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O21 - SSODL: oBtfVkS - {D4E16665-7E4B-CCCF-2FE0-C8DAB406B604} - C:\WINDOWS\system32\vg.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Virtual IR COM Port, Service Program (IrCOMM2kSvc) - Jan Kiszka - C:\WINDOWS\system32\ircomm2k.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: LVSrvLauncher - Unknown owner - C:\Program Files\Fichiers communs\Logitech\KAudP\srvLnch.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 8962 bytes en tous cas merci de ton aide Loup Blanc !
  9. dranoel
    Voila, je crois que ça n'a pas fonctionné.... DllUnregisterServer procedure not found in C:\WINDOWS\system32\vg.dll C:\WINDOWS\system32\vg.dll NOT unregistered. File move failed. C:\WINDOWS\system32\vg.dll scheduled to be moved on reboot. OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09062008_163529 Files moved on Reboot... DllUnregisterServer procedure not found in C:\WINDOWS\system32\vg.dll C:\WINDOWS\system32\vg.dll NOT unregistered. File move failed. C:\WINDOWS\system32\vg.dll scheduled to be moved on reboot. Mais c'est quoi au fait ce fichier vg.dll ???
  10. dranoel
    Salut Loup blanc j'ai fais ce que tu m'as dit de faire mais toujours la même chose il reste bloqué sur la page... sinon j'ai essayé aussi d'envoyer le fichier par mail mais pareil quand j'upload le fichier en piece jointe bah il travail sans vraiment l'uploader alors qu'il ne fait que 32ko...bizarre H E L P
  11. dranoel
    Bonsoir Loup Blanc ! Pour la 1ere partie c'est fait. (Hijackthis) J'ai un problème avec VirusTotal quand je charge le fichier vg.dll le site reste "bloqué" sur "envoi de fichier". J'ai tenté plusieurs fois malgré un service peu chargé (vert) et une bonne connexion...
  12. dranoel
    ouep tout de suite : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:44:29, on 03/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\ircomm2k.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\D-Tools\daemon.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\mobile PhoneTools\WatchDog.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\ElkCtrl.exe C:\Program Files\Logitech\Video\CameraAssistant.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\WINDOWS\system32\WiFiCfg.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\distnoted.exe C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\Documents and Settings\LEO\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {72A128E0-2240-40c8-9E92-5387D64F839E} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: 802.11g USB 2.0 adapter Setting.lnk = C:\WINDOWS\system32\WiFiCfg.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O21 - SSODL: oBtfVkS - {D4E16665-7E4B-CCCF-2FE0-C8DAB406B604} - C:\WINDOWS\system32\vg.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Virtual IR COM Port, Service Program (IrCOMM2kSvc) - Jan Kiszka - C:\WINDOWS\system32\ircomm2k.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: LVSrvLauncher - Unknown owner - C:\Program Files\Fichiers communs\Logitech\KAudP\srvLnch.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm -- End of file - 9113 bytes
  13. dranoel
    Hello Loup Blanc ! Voici le rapport malewarebyte : Malwarebytes' Anti-Malware 1.26 Database version: 1106 Windows 5.1.2600 Service Pack 2 03/09/2008 09:17:45 mbam-log-2008-09-03 (09-17-45).txt Scan type: Quick Scan Objects scanned: 41485 Time elapsed: 5 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{b1e68d42-02c4-465b-8368-5ed9b732e22d} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{6d0111e3-3060-4d23-b2bc-42ed86cbe9a3} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72a128e0-2240-40c8-9e92-5387d64f839e} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\rhce7kj0e3ea (Rogue.Multiple) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) J'espere qu'on est proche de la fin....!! En tous cas je remarque moins de nuisance...c cool
  14. dranoel
    Voila le rapport SmitFraudFix ! SmitFraudFix v2.339 Rapport fait à 0:42:39,93, 03/09/2008 Executé à partir de C:\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix AntiXPVSTFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{0F715617-850B-422A-9EBE-8230D844B92A}: DhcpNameServer=89.2.0.1 89.2.0.2 HKLM\SYSTEM\CCS\Services\Tcpip\..\{4E3BABC9-DF50-4C43-ADCC-8E6A06276E99}: DhcpNameServer=212.198.0.91 212.198.2.51 HKLM\SYSTEM\CS1\Services\Tcpip\..\{0F715617-850B-422A-9EBE-8230D844B92A}: DhcpNameServer=89.2.0.1 89.2.0.2 HKLM\SYSTEM\CS1\Services\Tcpip\..\{4E3BABC9-DF50-4C43-ADCC-8E6A06276E99}: DhcpNameServer=212.198.0.91 212.198.2.51 HKLM\SYSTEM\CS3\Services\Tcpip\..\{0F715617-850B-422A-9EBE-8230D844B92A}: DhcpNameServer=89.2.0.1 89.2.0.2 HKLM\SYSTEM\CS3\Services\Tcpip\..\{4E3BABC9-DF50-4C43-ADCC-8E6A06276E99}: DhcpNameServer=212.198.0.91 212.198.2.51 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin
  15. dranoel
    Salut Loup Blanc ! merci pour ton aide, voici mon rapport SDFix: SDFix: Version 1.220 Run by Administrateur on 02/09/2008 at 23:19 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Restoring Default HomePage Value Restoring Default Desktop Components Value Restoring Default Desktop Wallpaper Restoring Default ScreenSaver value Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\phca7kj0e3ea.bmp - Deleted C:\WINDOWS\system32\blphca7kj0e3ea.scr - Deleted C:\WINDOWS\EKTV.EXE - Deleted C:\WINDOWS\wnlmdakqosx.dll - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-02 23:30:24 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000ea130c5d2] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000ea130c5d2] scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:00000037 "TracesSuccessful"=dword:00000029 scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui" "C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\mobile PhoneTools\\MMCenter.exe"="C:\\Program Files\\mobile PhoneTools\\MMCenter.exe:*:Enabled:MMCenter" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\ABC\\abc.exe"="C:\\Program Files\\ABC\\abc.exe:*:Enabled:abc" "C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"="C:\\Program Files\\QuickTime\\QuickTimePlayer.exe:*:Enabled:Fichier de ressources QuickTime" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Thu 19 Aug 2004 93,184 A.SH. --- "C:\Program Files\Internet Explorer\iexplore.exe" Wed 13 Oct 2004 1,694,208 A.SH. --- "C:\Program Files\Messenger\msmsgs.exe" Thu 19 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe" Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Mon 7 Jul 2008 2,156,368 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Fri 4 Nov 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Mon 11 Jun 2007 5,823,256 A..H. --- "C:\Downloads\Virtua.Tennis.3-RELOADED\Skyler\Firefox Setup 2.0.0.4.exe" Thu 18 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp" Wed 19 Oct 2005 42,496 A..H. --- "C:\Documents and Settings\LEO\Mes documents\Txt\~WRL1048.tmp" Wed 19 Oct 2005 42,496 A..H. --- "C:\Documents and Settings\LEO\Mes documents\Txt\~WRL1618.tmp" Tue 18 Oct 2005 24,064 A..H. --- "C:\Documents and Settings\LEO\Mes documents\Txt\~WRL1939.tmp" Thu 4 May 2006 20,992 A..H. --- "C:\Documents and Settings\LEO\Mes documents\Txt\~WRL2124.tmp" Wed 19 Oct 2005 36,864 A..H. --- "C:\Documents and Settings\LEO\Mes documents\Txt\~WRL3391.tmp" Finished!
×
×
  • Créer...