Aller au contenu
  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

generic sdbot


Lutino
 Partager

Messages recommandés

Bonjour

 

Sous win 2000,j'ai depuis 2 3 semaines quelques bébettes dont je n'arrive pas à me débarasser.

J'ai suivi un post qui date d'octobre de l'année derniere où qqun avait le même probleme que moi (generic sdbot, trojan proxy.ranky, backdoor sdbot) mais je me perds un peu dans les clés de registre infectées...

Bitdefender 8.0.200 me bloque les virus, avg aussi mais impossible de m'en débarasser vraiment puisqu'ils reviennent à chaque démarrage.

Plus de temps à autre le shutdown d'autorité\system\services.exe (shutdown /A n'y change rien...)

Je vais laisser dans qques posts successifs les log que j'ai.

 

Merci aux gens.

Lien vers le commentaire
Partager sur d’autres sites

Rapport Escan

 

File C:\WINNT\system32\bgnxbntx.exe infected by "Backdoor.Win32.PoeBot.j" Virus. Action Taken: File Renamed.

File C:\WINNT\system32\bxo.exe infected by "Backdoor.Win32.SdBot.bek" Virus. Action Taken: File Renamed.

File C:\WINNT\system32\efoii.exe infected by "Backdoor.Win32.Rbot.bnz" Virus. Action Taken: File Renamed.

File C:\WINNT\system32\iikf.exe infected by "Trojan-Dropper.Win32.Pakes" Virus. Action Taken: File Deleted.

File C:\WINNT\system32\iuee.exe infected by "Backdoor.Win32.VanBot.ax" Virus. Action Taken: File Renamed.

File C:\WINNT\system32\jcqgb.exe infected by "Backdoor.Win32.VanBot.ax" Virus. Action Taken: File Renamed.

File C:\WINNT\system32\jgeois.exe infected by "Backdoor.Win32.VanBot.ax" Virus. Action Taken: File Renamed.

File C:\WINNT\system32\jmwa.exe infected by "Backdoor.Win32.VanBot.ax" Virus. Action Taken: File Renamed.

File C:\WINNT\system32\juruktr.exe infected by "Backdoor.Win32.Rbot.bnz" Virus. Action Taken: File Renamed.

File C:\WINNT\system32\omllkrfy.exe infected by "Backdoor.Win32.VanBot.ax" Virus. Action Taken: File Renamed.

File C:\WINNT\system32\pcju.exe infected by "Backdoor.Win32.IRCBot.xo" Virus. Action Taken: File Renamed.

File C:\WINNT\system32\pohshqg.exe infected by "Backdoor.Win32.Rbot.bnz" Virus. Action Taken: File Renamed.

File C:\WINNT\system32\smyppy.exe infected by "Backdoor.Win32.VanBot.ax" Virus. Action Taken: File Renamed.

File C:\WINNT\system32\wsytl.exe infected by "Backdoor.Win32.VanBot.ax" Virus. Action Taken: File Renamed.

File C:\WINNT\system32\xewah.exe infected by "Backdoor.Win32.VanBot.ax" Virus. Action Taken: File Renamed.

File C:\WINNT\system32\xildt.exe infected by "Backdoor.Win32.PoeBot.c" Virus. Action Taken: File Renamed.

File C:\Documents and Settings\Administrateur\Bureau\clean\pskill.exe tagged as not-a-virus:RiskTool.Win32.PsKill.k. No Action Taken.

File C:\Documents and Settings\Administrateur\Bureau\clean.zip tagged as not-a-virus:RiskTool.Win32.PsKill.k. No Action Taken.

File C:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old1\backups.zip infected by "Net-Worm.Win32.Allaple.b" Virus. Action Taken: File Deleted.

File C:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old2\backups.zip infected by "Trojan-Downloader.BAT.Ftp.ab" Virus. Action Taken: File Deleted.

 

 

---------------------------------------------------------

AVG Anti-Spyware - Rapport d'analyse

---------------------------------------------------------

 

+ Créé à: 19:14:14 25/03/2007

 

+ Résultat de l'analyse:

 

 

 

C:\WINNT\system32\bgnxbntx.exe.mwt -> Backdoor.PoeBot.j : Nettoyé.

C:\WINNT\system32\jcqgb.exe.mwt -> Backdoor.PoeBot.o : Nettoyé.

C:\WINNT\system32\efoii.exe.mwt -> Backdoor.Rbot.bnz : Nettoyé.

C:\WINNT\system32\juruktr.exe.mwt -> Backdoor.Rbot.bnz : Nettoyé.

C:\WINNT\system32\pohshqg.exe.mwt -> Backdoor.Rbot.bnz : Nettoyé.

C:\WINNT\system32\smyppy.exe.mwt -> Backdoor.Rbot.bug : Nettoyé.

C:\WINNT\system32\pcju.exe.mwt -> Backdoor.VanBot.g : Nettoyé.

 

 

Fin du rapport

 

Rapport Diaghelp

 

C:\WINNT\System32/drivers\atksgt.sys -->03/02/2007 14:29:45

C:\WINNT\System32/drivers\lirsgt.sys -->03/02/2007 14:29:44

C:\WINNT\System32/drivers\npf.sys -->25/01/2007 19:31:34

C:\WINNT\System32/drivers\SECDRV.SYS -->25/01/2007 09:18:32

C:\WINNT\System32/drivers\vaxscsi.sys -->25/01/2007 09:10:44

C:\WINNT\System32/drivers\sptd5725.sys -->25/01/2007 09:07:32

C:\WINNT\System32/drivers\sptd.sys -->25/01/2007 09:07:32

 

C:\WINNT\System32\Perflib_Perfdata_1c4.dat -->28/03/2007 11:38:26

C:\WINNT\System32\tmp.txt -->28/03/2007 11:37:16

C:\WINNT\System32\tmp.reg -->28/03/2007 11:37:16

C:\WINNT\System32\nvapps.xml -->27/03/2007 23:59:08

C:\WINNT\System32\zxlruxjj.exe -->27/03/2007 23:57:43

C:\WINNT\System32\duzdsjkw.exe -->27/03/2007 23:54:43

C:\WINNT\System32\Perflib_Perfdata_234.dat -->27/03/2007 23:31:49

C:\WINNT\System32\.PIF -->26/03/2007 19:17:20

C:\WINNT\System32\Perflib_Perfdata_1c0.dat -->26/03/2007 18:53:43

C:\WINNT\System32\sfc.dll -->26/03/2007 18:35:49

C:\WINNT\System32\Perflib_Perfdata_31c.dat -->25/03/2007 20:22:28

C:\WINNT\System32\Perflib_Perfdata_5c8.dat -->25/03/2007 20:06:27

C:\WINNT\System32\Perflib_Perfdata_3d8.dat -->25/03/2007 19:59:10

C:\WINNT\System32\Perflib_Perfdata_57c.dat -->25/03/2007 19:45:43

C:\WINNT\System32\Perflib_Perfdata_17c.dat -->25/03/2007 19:29:07

C:\WINNT\System32\Perflib_Perfdata_188.dat -->25/03/2007 19:24:49

C:\WINNT\System32\bxo.exe.mwt -->24/03/2007 19:02:14

C:\WINNT\System32\Perflib_Perfdata_3b8.dat -->23/03/2007 19:32:59

C:\WINNT\System32\Perflib_Perfdata_5d8.dat -->22/03/2007 20:38:05

C:\WINNT\System32\Perflib_Perfdata_60c.dat -->22/03/2007 20:30:23

C:\WINNT\System32\irxgskvw.PIF -->22/03/2007 00:23:32

C:\WINNT\System32\FNTCACHE.DAT -->20/03/2007 23:37:46

C:\WINNT\System32\bedgsly.bat -->20/03/2007 18:48:25

C:\WINNT\System32\xdll.bat -->20/03/2007 18:48:14

C:\WINNT\System32\Perflib_Perfdata_640.dat -->20/03/2007 18:43:27

 

C:\WINNT\ntbtlog.txt -->28/03/2007 11:37:18

C:\WINNT\WindowsUpdate.log -->27/03/2007 23:54:34

C:\WINNT\ShellIconCache -->27/03/2007 20:32:34

C:\WINNT\KB835732.log -->27/03/2007 20:18:57

C:\WINNT\iis5.log -->27/03/2007 20:14:50

C:\WINNT\comsetup.log -->27/03/2007 20:14:50

C:\WINNT\KB828028.log -->27/03/2007 20:14:49

C:\WINNT\imsins.log -->27/03/2007 20:14:49

C:\WINNT\ockodak.log -->27/03/2007 20:14:47

C:\WINNT\ocgen.log -->27/03/2007 20:14:47

C:\WINNT\setuperr.log -->27/03/2007 20:14:42

C:\WINNT\setupact.log -->27/03/2007 20:14:42

C:\WINNT\SchedLgU.Txt -->27/03/2007 20:05:04

C:\WINNT\win.ini -->27/03/2007 19:20:01

C:\WINNT\system.ini -->26/03/2007 19:17:13

 

C:\WINNT\alcrmv.exe |24/01/2007 21:00:18

C:\WINNT\alcupd.exe |24/01/2007 21:00:18

C:\WINNT\bdoscandel.exe |04/03/2005 15:10:36

C:\WINNT\IsUn040c.exe |02/02/2007 10:14:04

C:\WINNT\IsUninst.exe |24/01/2007 20:55:54

C:\WINNT\meta4.exe |25/02/2007 13:35:09

C:\WINNT\MOTA113.exe |25/02/2007 13:35:09

C:\WINNT\PATCH.EXE |27/01/2007 13:25:04

C:\WINNT\runtsckl.exe |02/11/2005 19:07:12

C:\WINNT\tsc.exe |27/01/2007 13:30:15

C:\WINNT\twunk_16.exe |16/12/1999 10:00:00

C:\WINNT\twunk_32.exe |16/12/1999 10:00:00

C:\WINNT\War3Unin.exe |10/02/2007 18:12:03

C:\WINNT\x2.64.exe |25/02/2007 13:35:09

C:\WINNT\AuHCcup1.dll |23/07/1999 11:53:20

C:\WINNT\BPMNT.dll |27/01/2007 13:30:14

C:\WINNT\hcextoutput.dll |27/01/2007 13:30:15

C:\WINNT\loadhttp.dll |15/10/2002 15:29:40

C:\WINNT\patchw32.dll |14/12/2001 14:34:46

C:\WINNT\TMUPDATE.DLL |27/01/2007 13:25:04

C:\WINNT\twain.dll |16/12/1999 10:00:00

C:\WINNT\twain_32.dll |16/12/1999 10:00:00

C:\WINNT\UNZIP.DLL |27/01/2007 13:25:04

C:\WINNT\vsapi32.dll |27/01/2007 13:30:14

C:\WINNT\system32\append.exe |16/12/1999 10:00:00

C:\WINNT\system32\CNDNDlg.exe |07/03/2007 15:18:10

C:\WINNT\system32\debug.exe |16/12/1999 10:00:00

C:\WINNT\system32\dfrgfat.exe |19/06/2003 12:05:04

C:\WINNT\system32\dfrgntfs.exe |19/06/2003 12:05:04

C:\WINNT\system32\dmadmin.exe |19/06/2003 12:05:04

C:\WINNT\system32\dmremote.exe |19/06/2003 12:05:04

C:\WINNT\system32\dosx.exe |16/12/1999 10:00:00

C:\WINNT\system32\dumphive.exe |27/03/2007 19:14:13

C:\WINNT\system32\duzdsjkw.exe |27/03/2007 23:54:42

C:\WINNT\system32\dvdplay.exe |15/12/1999 01:30:38

C:\WINNT\system32\edlin.exe |16/12/1999 10:00:00

C:\WINNT\system32\exe2bin.exe |16/12/1999 10:00:00

C:\WINNT\system32\fastopen.exe |16/12/1999 10:00:00

C:\WINNT\system32\java.exe |11/02/2007 13:15:23

C:\WINNT\system32\javaw.exe |11/02/2007 13:15:23

C:\WINNT\system32\javaws.exe |11/02/2007 13:15:23

C:\WINNT\system32\keystone.exe |22/10/2006 13:22:00

C:\WINNT\system32\massvc32.exe |18/03/2007 13:34:52

C:\WINNT\system32\mem.exe |16/12/1999 10:00:00

C:\WINNT\system32\mscdexnt.exe |16/12/1999 10:00:00

C:\WINNT\system32\msswchx.exe |19/06/2003 12:05:04

C:\WINNT\system32\NeroCheck.exe |29/01/2007 20:12:00

C:\WINNT\system32\nlsfunc.exe |16/12/1999 10:00:00

C:\WINNT\system32\nvappbar.exe |22/10/2006 13:22:00

C:\WINNT\system32\nvcolor.exe |22/10/2006 13:22:00

C:\WINNT\system32\nvcplui.exe |22/10/2006 13:22:00

C:\WINNT\system32\nvdspsch.exe |22/10/2006 13:22:00

C:\WINNT\system32\nvsvc32.exe |22/10/2006 13:22:00

C:\WINNT\system32\nvudisp.exe |24/01/2007 21:04:47

C:\WINNT\system32\NVUNINST.EXE |24/01/2007 21:04:39

C:\WINNT\system32\nw16.exe |16/12/1999 10:00:00

C:\WINNT\system32\nwiz.exe |22/10/2006 13:22:00

C:\WINNT\system32\Process.exe |27/03/2007 19:14:13

C:\WINNT\system32\PSDrvCheck.exe |23/02/2007 15:25:18

C:\WINNT\system32\pxhpinst.exe |11/03/2007 20:17:53

C:\WINNT\system32\redir.exe |16/12/1999 10:00:00

C:\WINNT\system32\setver.exe |16/12/1999 10:00:00

C:\WINNT\system32\share.exe |16/12/1999 10:00:00

C:\WINNT\system32\Shutdown.exe |24/03/2007 19:35:56

C:\WINNT\system32\SrchSTS.exe |27/03/2007 19:14:13

C:\WINNT\system32\swreg.exe |27/03/2007 19:14:13

C:\WINNT\system32\swsc.exe |27/03/2007 19:14:13

C:\WINNT\system32\swxcacls.exe |27/03/2007 19:14:13

C:\WINNT\system32\vwipxspx.exe |16/12/1999 10:00:00

C:\WINNT\system32\winIogon.exe |19/06/2003 12:05:04

C:\WINNT\system32\x.264.exe |25/02/2007 13:35:08

C:\WINNT\system32\zxlruxjj.exe |27/03/2007 23:57:34

C:\WINNT\system32\amstream.dll |29/01/2007 21:22:26

C:\WINNT\system32\atmfd.dll |19/06/2003 12:05:04

C:\WINNT\system32\atmlib.dll |19/06/2003 12:05:04

C:\WINNT\system32\avisynth.dll |25/02/2007 13:35:08

C:\WINNT\system32\AVSredirect.dll |25/02/2007 13:35:09

C:\WINNT\system32\cbrowser.dll |24/01/2007 21:53:26

C:\WINNT\system32\CNDCK170.dll |07/03/2007 15:18:10

C:\WINNT\system32\CNDUK170.dll |07/03/2007 15:18:10

C:\WINNT\system32\ComLib.dll |24/01/2007 21:53:26

C:\WINNT\system32\devil.dll |25/02/2007 13:35:08

C:\WINNT\system32\dfrgres.dll |16/12/1999 10:00:00

C:\WINNT\system32\dfrgsnap.dll |19/06/2003 12:05:04

C:\WINNT\system32\dfrgui.dll |16/12/1999 10:00:00

C:\WINNT\system32\dgrpsetu.dll |24/01/2007 20:34:06

C:\WINNT\system32\dgsetup.dll |24/01/2007 20:34:06

C:\WINNT\system32\dmconfig.dll |19/06/2003 12:05:04

C:\WINNT\system32\dmintf.dll |19/06/2003 12:05:04

C:\WINNT\system32\dmserver.dll |19/06/2003 12:05:04

C:\WINNT\system32\dmutil.dll |19/06/2003 12:05:04

C:\WINNT\system32\efsadu.dll |16/12/1999 10:00:00

C:\WINNT\system32\EqnClass.Dll |24/01/2007 20:34:06

C:\WINNT\system32\flvDX.dll |25/02/2007 13:32:52

C:\WINNT\system32\hpzcoi08.dll |26/03/2003 08:21:58

C:\WINNT\system32\hpzcon08.dll |26/03/2003 08:23:10

C:\WINNT\system32\hpzlnt08.dll |26/03/2003 08:32:24

C:\WINNT\system32\hticons.dll |24/01/2007 20:40:35

C:\WINNT\system32\hypertrm.dll |24/01/2007 20:40:35

C:\WINNT\system32\i420vfw.dll |25/02/2007 13:35:08

C:\WINNT\system32\iccvid.dll |16/12/1999 10:00:00

C:\WINNT\system32\imagr5.dll |29/01/2007 20:12:05

C:\WINNT\system32\imagx5.dll |29/01/2007 20:12:05

C:\WINNT\system32\ImagXpr5.dll |29/01/2007 20:12:05

C:\WINNT\system32\imgcmn.dll |24/01/2007 20:40:37

C:\WINNT\system32\imgshl.dll |24/01/2007 20:40:37

C:\WINNT\system32\ir32_32.dll |16/12/1999 10:00:00

C:\WINNT\system32\ir41_qc.dll |16/12/1999 10:00:00

C:\WINNT\system32\ir41_qcx.dll |16/12/1999 10:00:00

C:\WINNT\system32\ir50_32.dll |16/12/1999 10:00:00

C:\WINNT\system32\ir50_qc.dll |16/12/1999 10:00:00

C:\WINNT\system32\ir50_qcx.dll |16/12/1999 10:00:00

C:\WINNT\system32\jpeg1x32.dll |24/01/2007 20:40:37

C:\WINNT\system32\jpeg2x32.dll |24/01/2007 20:40:37

C:\WINNT\system32\mciqtz32.dll |29/01/2007 21:22:26

C:\WINNT\system32\meter.dll |11/07/2002 11:38:14

C:\WINNT\system32\msdmo.dll |29/01/2007 21:22:27

C:\WINNT\system32\msencode.dll |30/08/2002 19:24:06

C:\WINNT\system32\msswch.dll |19/06/2003 12:05:04

C:\WINNT\system32\MusInputMod.dll |11/07/2002 11:39:36

C:\WINNT\system32\N067UFW.dll |24/01/2007 21:12:14

C:\WINNT\system32\NMOCOD.DLL |25/01/2007 09:27:08

C:\WINNT\system32\NMORENU.DLL |25/01/2007 09:27:09

C:\WINNT\system32\NMSCKN.DLL |25/01/2007 09:27:09

C:\WINNT\system32\NMW3VWN.DLL |25/01/2007 09:27:09

C:\WINNT\system32\nsp.dll |23/02/2007 15:25:13

C:\WINNT\system32\nspa6.dll |23/02/2007 15:25:17

C:\WINNT\system32\nspm5.dll |23/02/2007 15:25:19

C:\WINNT\system32\nspm6.dll |23/02/2007 15:25:19

C:\WINNT\system32\nspp6.dll |23/02/2007 15:25:18

C:\WINNT\system32\nsppx.dll |23/02/2007 15:25:16

C:\WINNT\system32\nspw7.dll |23/02/2007 15:25:13

C:\WINNT\system32\nv4_disp.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvapi.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvcod.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvcodins.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvcpl.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvcpluir.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvdisps.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvdispsr.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvexpbar.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvgames.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvgamesr.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvhwvid.dll |22/10/2006 13:22:00

C:\WINNT\system32\nview.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvmccs.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvmccsrs.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvmccss.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvmccssr.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvmctray.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvmobls.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvmoblsr.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvnt4cpl.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvoglnt.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrsar.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrscs.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrsda.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrsde.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrsel.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrseng.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrses.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrsesm.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrsfi.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrsfr.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrshe.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrshu.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrsit.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrsja.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrsko.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrsnl.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrsno.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrspl.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrspt.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrsptb.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrsru.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrssk.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrssl.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrssv.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrstr.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrszhc.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvrszht.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvshell.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvvitvs.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvvitvsr.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwddi.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwdmcpl.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwimg.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrsar.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrscs.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrsda.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrsde.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrsel.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrseng.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrses.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrsesm.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrsfi.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrsfr.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrshe.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrshu.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrsit.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrsja.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrsko.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrsnl.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrsno.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrspl.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrspt.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrsptb.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrsru.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrssk.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrssl.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrssv.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrstr.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrszhc.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwrszht.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwss.dll |22/10/2006 13:22:00

C:\WINNT\system32\nvwssr.dll |22/10/2006 13:22:00

C:\WINNT\system32\oieng400.dll |24/01/2007 20:40:34

C:\WINNT\system32\oiprt400.dll |24/01/2007 20:40:37

C:\WINNT\system32\oislb400.dll |24/01/2007 20:40:37

C:\WINNT\system32\oissq400.dll |24/01/2007 20:40:37

C:\WINNT\system32\oitwa400.dll |24/01/2007 20:40:37

C:\WINNT\system32\oiui400.dll |24/01/2007 20:40:34

C:\WINNT\system32\Packet.dll |25/01/2007 19:31:34

C:\WINNT\system32\picn20.dll |29/01/2007 20:12:05

C:\WINNT\system32\pncrt.dll |02/02/2007 10:34:38

C:\WINNT\system32\pndx5016.dll |02/02/2007 10:34:38

C:\WINNT\system32\pndx5032.dll |02/02/2007 10:34:38

C:\WINNT\system32\PSCLK170.dll |07/03/2007 15:18:10

C:\WINNT\system32\psisdecd.dll |02/02/2007 20:06:12

C:\WINNT\system32\pthreadVC.dll |25/01/2007 19:31:36

C:\WINNT\system32\px.dll |11/03/2007 20:17:53

C:\WINNT\system32\pxdrv.dll |11/03/2007 20:17:53

C:\WINNT\system32\pxmas.dll |11/03/2007 20:17:53

C:\WINNT\system32\pxwave.dll |11/03/2007 20:17:53

C:\WINNT\system32\qcut.dll |16/12/1999 10:00:00

C:\WINNT\system32\qedwipes.dll |29/01/2007 21:22:28

C:\WINNT\system32\rmoc3260.dll |02/02/2007 10:34:38

C:\WINNT\system32\SG62CPL.DLL |24/01/2007 21:12:14

C:\WINNT\system32\SG62UUD.DLL |24/01/2007 21:12:14

C:\WINNT\system32\Smab.dll |25/02/2007 13:35:07

C:\WINNT\system32\sockspy.dll |24/01/2007 21:32:13

C:\WINNT\system32\spxcoins.dll |24/01/2007 20:34:06

C:\WINNT\system32\tifflt.dll |24/01/2007 20:40:37

C:\WINNT\system32\tsbyuv.dll |15/12/1999 01:30:06

C:\WINNT\system32\tsd32.dll |16/12/1999 10:00:00

C:\WINNT\system32\UCS32P.DLL |24/01/2007 21:12:15

C:\WINNT\system32\vxblock.dll |11/03/2007 20:17:53

C:\WINNT\system32\WanPacket.dll |25/01/2007 19:31:34

C:\WINNT\system32\wavdest.dll |02/09/1998 10:24:30

C:\WINNT\system32\WBCustomizer.dll |08/01/2001 14:47:44

C:\WINNT\system32\win87em.dll |16/12/1999 10:00:00

C:\WINNT\system32\wpcap.dll |25/01/2007 19:31:36

C:\WINNT\system32\xcomm.dll |02/10/2003 13:15:34

C:\WINNT\system32\xiffr3_0.dll |24/01/2007 20:40:37

C:\WINNT\system32\xreglib.dll |06/12/2002 18:37:06

C:\WINNT\system32\yv12vfw.dll |25/02/2007 13:35:08

 

Le volume dans le lecteur C s'appelle Vingt Doses

Le numéro de série du volume est F06D-02CC

 

Répertoire de C:\WINNT\system32

 

19/06/2003 12:05 5 392 csrss.exe

1 fichier(s) 5 392 octets

0 Rép(s) 5 411 008 512 octets libres

 

Contenu de Downloaded Program Files

Le volume dans le lecteur C s'appelle Vingt Doses

Le numéro de série du volume est F06D-02CC

 

Répertoire de C:\WINNT\Downloaded Program Files

 

20/03/2007 23:55 <DIR> .

20/03/2007 23:55 <DIR> ..

13/11/2006 20:48 946 296 asquared.ocx

07/12/2004 17:07 32 bdcore.dll

01/03/2005 15:08 118 784 bdupd.dll

25/02/2007 13:31 65 desktop.ini

01/03/2005 15:08 53 248 ipsupd.dll

08/08/2006 12:45 576 kavwebscan.inf

16/03/2005 12:34 7 407 lang.ini

07/12/2004 17:07 32 libfn.dll

14/03/2005 14:38 126 live.ini

01/03/2005 12:15 1 246 oscan8.inf

16/03/2005 12:31 475 136 oscan8.ocx

14/03/2005 14:58 7 073 scanoptions.tsi

26/05/2005 05:19 291 wuweb.inf

02/11/2005 19:01 1 777 xscan.inf

02/11/2005 19:07 435 712 xscan53.ocx

15 fichier(s) 2 047 801 octets

 

Total des fichiers listés :

15 fichier(s) 2 047 801 octets

2 Rép(s) 5 410 942 976 octets libres

 

Recherche de rootkit! (Merci S!Ri)

 

Recherche d'infections connues

 

 

 

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006

http://www.gmer.net

 

scanning hidden processes ...

 

scanning hidden services ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

Le volume dans le lecteur C s'appelle Vingt Doses

Le numéro de série du volume est F06D-02CC

 

Répertoire de C:\Program Files

 

11/03/2007 20:17 <DIR> .

11/03/2007 20:17 <DIR> ..

24/01/2007 20:40 <DIR> Accessoires

11/02/2007 13:23 <DIR> AddOnsOO2

25/01/2007 13:32 <DIR> Adobe

25/02/2007 13:35 <DIR> AviSynth 2.5

24/02/2007 20:44 <DIR> Common Files

24/01/2007 20:41 <DIR> ComPlus Applications

28/01/2007 20:21 <DIR> directx

20/03/2007 23:42 <DIR> Fichiers communs

11/03/2007 20:17 <DIR> Google

02/02/2007 10:16 <DIR> Hewlett-Packard

25/02/2007 13:28 <DIR> Internet Explorer

11/02/2007 13:15 <DIR> Java

24/01/2007 20:40 <DIR> Lecteur Windows Media

02/02/2007 10:39 <DIR> Media Player Classic

24/01/2007 23:20 <DIR> microsoft frontpage

24/01/2007 23:34 <DIR> Microsoft Office

20/03/2007 23:34 <DIR> NetMeeting

11/02/2007 13:24 <DIR> OOoHG

11/02/2007 13:19 <DIR> OpenOffice.org 2.0

25/02/2007 13:31 <DIR> Outlook Express

14/03/2007 22:02 <DIR> Picasa2

23/02/2007 15:25 <DIR> Pinnacle

24/01/2007 21:22 <DIR> Softwin

23/02/2007 15:25 <DIR> VOB

23/02/2007 15:26 <DIR> Windows Media Player

24/01/2007 20:40 <DIR> Windows NT

21/02/2007 14:41 <DIR> WinPcap

26/02/2007 19:52 <DIR> Yahoo!

0 fichier(s) 0 octets

30 Rép(s) 5 411 078 144 octets libres

Le volume dans le lecteur C s'appelle Vingt Doses

Le numéro de série du volume est F06D-02CC

 

Répertoire de C:\Program Files\fichiers communs

 

20/03/2007 23:42 <DIR> .

20/03/2007 23:42 <DIR> ..

25/01/2007 09:00 <DIR> Adobe

29/01/2007 20:12 <DIR> Ahead

07/03/2007 15:11 <DIR> InstallShield

11/02/2007 13:14 <DIR> Java

25/02/2007 13:31 <DIR> Microsoft Shared

02/02/2007 10:15 <DIR> MSSoap

24/01/2007 20:34 <DIR> ODBC

25/02/2007 13:31 <DIR> Services

24/01/2007 21:21 <DIR> Softwin

25/02/2007 13:31 <DIR> System

0 fichier(s) 0 octets

12 Rép(s) 5 411 078 144 octets libres

Le volume dans le lecteur C s'appelle Vingt Doses

Le numéro de série du volume est F06D-02CC

 

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

 

24/01/2007 23:53 <DIR> .

24/01/2007 23:53 <DIR> ..

04/11/1999 02:38 561 210 MSONSEXT.DLL

03/06/1999 21:09 122 937 MSOWS409.DLL

07/03/2001 16:00 127 033 MSOWS40c.DLL

3 fichier(s) 811 180 octets

2 Rép(s) 5 411 012 608 octets libres

Le volume dans le lecteur C s'appelle Vingt Doses

Le numéro de série du volume est F06D-02CC

 

Répertoire de C:\Program Files\common files

 

24/02/2007 20:44 <DIR> .

24/02/2007 20:44 <DIR> ..

24/02/2007 20:53 <DIR> System

0 fichier(s) 0 octets

3 Rép(s) 5 411 074 048 octets libres

Le volume dans le lecteur C s'appelle Vingt Doses

Le numéro de série du volume est F06D-02CC

 

Répertoire de C:\

 

11/11/2001 00:00 68 096 diff.exe

27/08/2006 14:10 103 424 grep.exe

2 fichier(s) 171 520 octets

0 Rép(s) 5 411 074 048 octets libres

c:\Documents and Settings\Administrateur\.housecall6.6\getMac.exe

c:\Documents and Settings\Administrateur\.housecall6.6\patch.exe

c:\Documents and Settings\Administrateur\.housecall6.6\tsc.exe

c:\Documents and Settings\Administrateur\Bureau\a2AntiMalwareSetup.exe

c:\Documents and Settings\Administrateur\Bureau\Antisasser-FR.exe

c:\Documents and Settings\Administrateur\Bureau\ATF-Cleaner.exe

c:\Documents and Settings\Administrateur\Bureau\avg-anti-spyware_avg_anti-spyware_francais_27645.exe

c:\Documents and Settings\Administrateur\Bureau\BattleLANv04.exe

c:\Documents and Settings\Administrateur\Bureau\BigFix1.6b.exe

c:\Documents and Settings\Administrateur\Bureau\blbeta.exe

c:\Documents and Settings\Administrateur\Bureau\clamwin-0.90.1-setup.exe

c:\Documents and Settings\Administrateur\Bureau\ComboFix.exe

c:\Documents and Settings\Administrateur\Bureau\HiJackThis_v2.exe

c:\Documents and Settings\Administrateur\Bureau\mwav.exe

c:\Documents and Settings\Administrateur\Bureau\sd4hide.exe

c:\Documents and Settings\Administrateur\Bureau\spywarefighter.exe

c:\Documents and Settings\Administrateur\Bureau\URLSnooper.exe

c:\Documents and Settings\Administrateur\Bureau\Windows2000-KB828028-x86-FRA.EXE

c:\Documents and Settings\Administrateur\Bureau\Windows2000-KB835732-x86-FRA(2).EXE

c:\Documents and Settings\Administrateur\Bureau\Windows2000-KB835732-x86-FRA.EXE

c:\Documents and Settings\Administrateur\Bureau\Arret_Demarrage\Arrêt programmé.exe

c:\Documents and Settings\Administrateur\Bureau\clean\pskill.exe

c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\catchme.exe

c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\diff.exe

c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\dumphive.exe

c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe

c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\Fport.exe

c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\grep.exe

c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\LFiles.exe

c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe

c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\pslist.exe

c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\streams.exe

c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\swreg.exe

c:\Documents and Settings\Administrateur\Bureau\RootkitRevealer\RootkitRevealer.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\Catchme.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\cliptext.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\download.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\LS.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\MD5File.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\MoveEx.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\RegDACL.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\RestartIt!.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\sc.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\SF.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\swreg.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\swsc.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\unzip.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\zip.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\Replace\W2K.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\apps\Replace\XP.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\backups\attrib.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\backups\find.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\backups\findstr.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\backups\regedit.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old1\attrib.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old1\find.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old1\findstr.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old1\regedit.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old2\attrib.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old2\find.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old2\findstr.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old2\regedit.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old3\attrib.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old3\find.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old3\findstr.exe

c:\Documents and Settings\Administrateur\Bureau\SDFix\backups_old3\regedit.exe

c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\dumphive.exe

c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\GenericRenosFix.exe

c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\Process.exe

c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\Reboot.exe

c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\restart.exe

c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\SmiUpdate.exe

c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\SrchSTS.exe

c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\swreg.exe

c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\swsc.exe

c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\swxcacls.exe

c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\unzip.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer50x\x86win2k\com_microsoft.Q318089_W2K_IE5_5218\vbs51nfr.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer50x\x86win2k\com_microsoft.Q330994_OEPatch31_IE55SP2\q330994.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer50x\x86win2k\com_microsoft.Q822925_IE501_SP4\q822925.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer55x\x86win2k\com_microsoft.Q330994_OEPatch31_IE55SP2\q330994.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer55x\x86win2k\com_microsoft.Q822925_IE_55SP2\q822925.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer6x\x86win2k\com_microsoft.813951_urlmon_5995\q813951.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer6x\x86win2k\com_microsoft.Q318089_W2K_XP_IE6_5226\vbs56nfr.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer6x\x86win2k\com_microsoft.Q330994_OEPatch_IE6SP1_32\q330994.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.internetexplorer6x\x86win2k\com_microsoft.Q822925_IE6_SP1\q822925.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.817787_WMZ_MSRC_1640_WMP71\WindowsMedia71-KB817787-x86-FRA.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.819696_nonDirectX_9_0B_CRITICAL\DirectX9-KB819696-x86-FRA.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.823559_W2K_SP5_WinSE_48630\Windows2000-KB823559-x86-FRA.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.823980_W2K_SP5_WinSE_48715_Critical\Windows2000-KB823980-x86-FRA.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.824105_W2K_SP5_WinSE_48089_Critical\Windows2000-KB824105-x86-FRA.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.824146_W2K_SP5_WinSE_49650\Windows2000-KB824146-x86-FRA.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.IIS_SecPatch_IIS5_5415\Q321599_W2K.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Jscript_ win2K_55_6001\js55nfr.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Jscript_ win2K_XP_56_6003\js56nfr.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Jscript_Win2K_51_5999\js51nfr.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q261255_SP1_4094\q261255.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q270676_SP2_CORP_4127\Q270676.EXE

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q274372_SP2_W2k_CORP_4280\Q274372.EXE

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q280838_SP2_W2k_4305\Q280838.EXE

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q296185_W2K_SP3_CORP_4594\q296185_W2K.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q299553_W2K_SP3_CORP_4674\Q299553.EXE

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q311967_W2K_SP3_5304\Q311967.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q312897_VS_NET_JA_5433\NDP10_SP_Q321897_Ja.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q313450_W2K_Cons_5256\Q313450SP3.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q313829_W2K_5282\Q313829.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q314147_W2K_5265\Q314147_W2K.exe

c:\Documents and Settings\Administrateur\Bureau\Util\Wu\Win2k\1_Maj critiques\Fr\WU\Software\fr\com_microsoft.windows2000\x86win2k\com_microsoft.Q317244_XML40_5255\Q317244.exe

c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.1.3.100\QuickTimeInstallerAdmin.exe

Lien vers le commentaire
Partager sur d’autres sites

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 11:42:25, on 28/03/2007

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

Boot mode: Safe mode

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\Documents and Settings\Administrateur\Bureau\RootkitRevealer\RootkitRevealer.exe

C:\WINNT\explorer.exe

D:\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Administrateur\Bureau\HiJackThis_v2.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [bDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe

O4 - HKLM\..\Run: [bDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe

O4 - HKLM\..\Run: [bDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [PSDrvCheck] C:\WINNT\system32\PSDrvCheck.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [a-squared] "D:\a-squared Anti-Malware\a2guard.exe"

O4 - HKLM\..\Run: [Windows Logon Application] C:\WINNT\system32\winIogon.exe

O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINNT\system32\duzdsjkw.exe

O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINNT\system32\zxlruxjj.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] d:\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\Run: [Offices Monitorse] C:\WINNT\system32\algose32.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')

O4 - Startup: Raccourci vers alert.lnk = D:\PC Alert III\alert.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://bitdefender.bwm-mediasoft.com/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1169836031859

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O20 - AppInit_DLLs: ÚUsockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll

O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll

O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll

O23 - Service: Avertissement (Alerter) - Unknown owner - C:\WINNT\system32\services.exe

O23 - Service: Gestion d'applications (AppMgmt) - Unknown owner - C:\WINNT\system32\services.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - d:\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: Explorateur d'ordinateur (Browser) - Unknown owner - C:\WINNT\system32\services.exe

O23 - Service: Client DHCP (Dhcp) - Unknown owner - C:\WINNT\system32\services.exe

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINNT\System32\dmadmin.exe

O23 - Service: Gestionnaire de disque logique (dmserver) - Unknown owner - C:\WINNT\System32\services.exe

O23 - Service: Client DNS (Dnscache) - Unknown owner - C:\WINNT\system32\services.exe

O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINNT\system32\services.exe

O23 - Service: Service de télécopie (Fax) - Unknown owner - C:\WINNT\system32\faxsvc.exe

O23 - Service: JZDEPB - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JZDEPB.exe (file missing)

O23 - Service: Serveur (lanmanserver) - Unknown owner - C:\WINNT\system32\services.exe

O23 - Service: Station de travail (lanmanworkstation) - Unknown owner - C:\WINNT\system32\services.exe

O23 - Service: Service d'application d'assistance TCP/IP NetBIOS (LmHosts) - Unknown owner - C:\WINNT\system32\services.exe

O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINNT\system32\mnmsrvc.exe

O23 - Service: MTZN - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MTZN.exe (file missing)

O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINNT\system32\netdde.exe

O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINNT\system32\netdde.exe

O23 - Service: Ouverture de session réseau (Netlogon) - Unknown owner - C:\WINNT\system32\lsass.exe

O23 - Service: NJV - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NJV.exe (file missing)

O23 - Service: Fournisseur de la prise en charge de sécurité LM NT (NtLmSsp) - Unknown owner - C:\WINNT\system32\lsass.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe

O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINNT\system32\services.exe

O23 - Service: Agent de stratégie IPSEC (PolicyAgent) - Unknown owner - C:\WINNT\system32\lsass.exe

O23 - Service: Emplacement protégé (ProtectedStorage) - Unknown owner - C:\WINNT\system32\services.exe

O23 - Service: Gestionnaire de comptes de sécurité (SamSs) - Unknown owner - C:\WINNT\system32\lsass.exe

O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINNT\System32\SCardSvr.exe

O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINNT\System32\SCardSvr.exe

O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINNT\system32\MSTask.exe

O23 - Service: Service d'exécution par délégation (seclogon) - Unknown owner - C:\WINNT\system32\services.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - d:\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Still Image Service (StiSvc) - Unknown owner - C:\WINNT\system32\stisvc.exe

O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINNT\system32\smlogsvc.exe

O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINNT\system32\tlntsvr.exe

O23 - Service: Client de suivi de lien distribué (TrkWks) - Unknown owner - C:\WINNT\system32\services.exe

O23 - Service: Gestionnaire d'utilitaires (UtilMan) - Unknown owner - C:\WINNT\System32\UtilMan.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender8\vsserv.exe

O23 - Service: Horloge Windows (W32Time) - Unknown owner - C:\WINNT\System32\services.exe

O23 - Service: Windows NT-Session Manager - Unknown owner - C:\WINNT\smss.exe (file missing)

O23 - Service: Infrastructure de gestion Windows (WinMgmt) - Unknown owner - C:\WINNT\System32\WBEM\WinMgmt.exe

O23 - Service: Extensions du pilote WMI (Wmi) - Unknown owner - C:\WINNT\system32\Services.exe

O23 - Service: WPQX - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WPQX.exe (file missing)

O23 - Service: WWPSR - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WWPSR.exe (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

 

--

End of file - 8241 bytes

 

 

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows 2000

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"SpybotSD TeaTimer" = "d:\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"NvCplDaemon" = "RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit" [MS]

"BDMCon" = "C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" ["SOFTWIN S.R.L."]

"BDOESRV" = "C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe" ["SOFTWIN SRL"]

"BDNewsAgent" = ""C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"" [null data]

"Synchronization Manager" = "mobsync.exe /logon" [MS]

"PSDrvCheck" = "C:\WINNT\system32\PSDrvCheck.exe" [empty string]

"!AVG Anti-Spyware" = ""D:\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."]

"a-squared" = ""D:\a-squared Anti-Malware\a2guard.exe"" ["Emsi Software GmbH"]

"Windows Logon Application" = "C:\WINNT\system32\winIogon.exe" [null data]

"Advanced DHTML Enable" = "C:\WINNT\system32\duzdsjkw.exe" [null data]

"Windows DLL Loader" = "C:\WINNT\system32\zxlruxjj.exe" [null data]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"

-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINNT\system32\hticons.dll" ["Hilgraeve, Inc."]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {HKLM...CLSID} = "Desktop Explorer"

\InProcServer32\(Default) = "C:\WINNT\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINNT\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

\InProcServer32\(Default) = "C:\WINNT\system32\nvshell.dll" ["NVIDIA Corporation"]

"{D653647D-D607-4DF6-A5B8-48D2BA195F7B}" = "BitDefender Antivirus v8"

-> {HKLM...CLSID} = "BitDefender Antivirus v8"

\InProcServer32\(Default) = "C:\Program Files\Softwin\BitDefender8\bdshelxt.dll" ["SOFTWIN S.R.L."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "D:\WinRAR\rarext.dll" [null data]

"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"

-> {HKLM...CLSID} = "AlcoholShellEx"

\InProcServer32\(Default) = "d:\ALCOHO~1\axshlex.dll" ["Alcohol Soft Development Team"]

"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"

-> {HKLM...CLSID} = "YMailShellExt Class"

\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"

-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"

\InProcServer32\(Default) = "d:\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]

 

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\

<<!>> "AppInit_DLLs" = "ÚUsockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll" [file not found]

 

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

 

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

-> {HKLM...CLSID} = "CContextScan Object"

\InProcServer32\(Default) = "d:\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]

BitDefender Antivirus v8\(Default) = "{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"

-> {HKLM...CLSID} = "BitDefender Antivirus v8"

\InProcServer32\(Default) = "C:\Program Files\Softwin\BitDefender8\bdshelxt.dll" ["SOFTWIN S.R.L."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "D:\WinRAR\rarext.dll" [null data]

Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"

-> {HKLM...CLSID} = "YMailShellExt Class"

\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]

 

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

-> {HKLM...CLSID} = "CContextScan Object"

\InProcServer32\(Default) = "d:\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "D:\WinRAR\rarext.dll" [null data]

 

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

BitDefender Antivirus v8\(Default) = "{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"

-> {HKLM...CLSID} = "BitDefender Antivirus v8"

\InProcServer32\(Default) = "C:\Program Files\Softwin\BitDefender8\bdshelxt.dll" ["SOFTWIN S.R.L."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "D:\WinRAR\rarext.dll" [null data]

 

 

Default executables:

--------------------

 

<<!>> HKLM\Software\Classes\htafile\shell\open\command\(Default) = "C:\WINDOWS\system32\mshta.exe "%1" %*" [file not found]

 

 

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

 

Note: detected settings may not have any effect.

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

 

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|System|

Disable registry editing tools}

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

 

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

 

 

Active Desktop and Wallpaper:

-----------------------------

 

Active Desktop may be enabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

 

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "D:\Mes documents\Mes images\SVI_0249.jpg"

 

 

Startup items in "Administrateur" & "All Users" startup folders:

----------------------------------------------------------------

 

C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage

"Raccourci vers alert" -> shortcut to: "D:\PC Alert III\alert.exe" ["MICRO-STAR INT'L CO., LTD."]

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

 

Transport Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\msafd.dll [MS], 01 - 03, 06 - 13

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

 

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

 

Extensions (Tools menu items, main toolbar menu buttons)

 

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{85D1F590-48F4-11D9-9669-0800200C9A66}\

"MenuText" = "Uninstall BitDefender Online Scanner v8"

"Exec" = "%windir%\bdoscandel.exe" [null data]

 

 

Miscellaneous IE Hijack Points

------------------------------

 

C:\WINNT\INF\IERESET.INF (used to "Reset Web Settings")

 

Added lines (compared with English-language version):

[strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

 

Missing lines (compared with English-language version):

[strings]: 1 line

 

 

All Non-Disabled Services (Display Name, Service Name, Path {Service DLL}):

---------------------------------------------------------------------------

 

AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "d:\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]

BitDefender Communicator, XCOMM, "C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe /service" ["Softwin"]

BitDefender Scan Server, bdss, "C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe /service" [null data]

BitDefender Virus Shield, VSSERV, "C:\Program Files\Softwin\BitDefender8\vsserv.exe /service" ["SOFTWIN S.R.L."]

DSDM DDE réseau, NetDDEdsdm, "C:\WINNT\system32\netdde.exe" [MS]

JZDEPB, JZDEPB, "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JZDEPB.exe" [file not found]

MTZN, MTZN, "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MTZN.exe" [file not found]

NJV, NJV, "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NJV.exe" [file not found]

NVIDIA Display Driver Service, NVSvc, "C:\WINNT\system32\nvsvc32.exe" ["NVIDIA Corporation"]

Service d'administration du Gestionnaire de disque logique, dmadmin, "C:\WINNT\System32\dmadmin.exe /com" ["VERITAS Software Corp."]

StarWind iSCSI Service, StarWindService, "d:\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]

Système d'événements de COM+, EventSystem, "C:\WINNT\system32\svchost.exe -k netsvcs" {"C:\WINNT\system32\es.dll" [null data]}

Windows NT-Session Manager, Windows NT-Session Manager, ""C:\WINNT\smss.exe"" [file not found]

WPQX, WPQX, "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WPQX.exe" [file not found]

WWPSR, WWPSR, "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WWPSR.exe" [file not found]

 

 

Print Monitors:

---------------

 

HKLM\System\CurrentControlSet\Control\Print\Monitors\

hpzlnt08\Driver = "hpzlnt08.dll" ["HP"]

 

 

----------

<<!>>: Suspicious data at a malware launch point.

 

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 29 seconds, including 5 seconds for message boxes)

 

 

 

SmitFraudFix v2.157

 

Rapport fait à 11:36:31,34, mer. 28/03/2007

Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT

Le type du système de fichiers est NTFS

Fix executé en mode sans echec

 

»»»»»»»»»»»»»»»»»»»»»»»» Process

 

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\Explorer.EXE

C:\Documents and Settings\Administrateur\Bureau\RootkitRevealer\RootkitRevealer.exe

C:\WINNT\system32\cmd.exe

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=hex(1):Da,00,55,00,14,00,73,00,6f,00,63,00,6b,00,73,00,70,00,79,\

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Lien vers le commentaire
Partager sur d’autres sites

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

 Partager

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...