Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Résolu : Aide Analyse Rapport hijackthis

noctoresse

Par noctoresse
dans Analyses et éradication malwares

 Partager

Messages recommandés

noctoresse Junior Member

noctoresse

Posté(e)
Posté(e) (modifié)

Bonsoir,

Je viens de déverminer au mieux ce PC. J'ai vu que beaucoup parlaient de "hijackthis", alors je vous propose mon rapport afin que vous me donniez votre avis sur le résultat et surtout sur ce qu'il me reste à nettoyer.

J'ai installé ZoneAlarm et Avast, en lieu et place du pare-feu Windows associé à E-Trust antivirus.

Merci par avance de votre aide expérimentée.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:59:25, on 28/07/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Safe mode

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\WINDOWS\system32\dllcache\winlogon.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141893295953

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 3850 bytes

Modifié par noctoresse

  • Modérateurs
Gof Devil Member !

Gof

Posté(e)
  • Modérateurs
Posté(e)

Bonsoir noctoresse :P

 

Messages: 1
Bienvenue sur les forums de Zebulon.

 

Quelques liens pour t'aider à commencer :

 

Comment as-tu déverminer ce pc, avec quels outils ?

 

Peux tu me dire quelles ont été les infections de révélées, ou peut-être as tu conservé des rapports ?

 

Il faudrait que tu repostes un rapport HijackThis, mais en mode normal, pas en sans échec. A bientôt.

noctoresse Junior Member

noctoresse

Posté(e)
  • Auteur
Posté(e)

Merci pour une réponse si rapide.

J'ai tout d'abord utilisé E-Trust qui était installé; il ne voyait presque rien et pour cause mise à jour impossible (du au virus ?).

Ensuite Ad-aware puis avg-antivirus (+ de 20 virus différents et une cetaine de fichiers infectés).

Un petit coup sur la base de registre avec Windows Registry Repair Pro (environ 600 corrections).

Ensuite Avast (encore une soixantaine d'attaques trojan).

J'ai fini par faire une restauration XP, suivie de ComboFix (surtout contre Vundo) en sans échec.

 

Voici le rapport ComboFix :

 

ComboFix 08-07-27.5 - Administrateur 2008-07-28 13:39:52.1 - NTFSx86 MINIMAL

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.386 [GMT 2:00]

Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Administrateur\Application Data\DriveCleaner Free

C:\Documents and Settings\Administrateur\Application Data\DriveCleaner Free\Logs\update.log

c:\Documents and Settings\Administrateur\Local Settings\Application Data\ckiyy.dat

c:\documents and settings\administrateur\local settings\application data\ckiyy.exe

c:\Documents and Settings\Administrateur\Local Settings\Application Data\ckiyy_nav.dat

c:\Documents and Settings\Administrateur\Local Settings\Application Data\ckiyy_navps.dat

C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007

C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\Abbr

C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ActivationCode

C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ProductCode

C:\WINDOWS\BM5f054028.txt

C:\WINDOWS\cookies.ini

C:\WINDOWS\mainms.vpi

C:\WINDOWS\megavid.cdt

C:\WINDOWS\muotr.so

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\6358\27744.dll

C:\WINDOWS\system32\abcjugdi.ini

C:\WINDOWS\system32\adfkumds.ini

C:\WINDOWS\system32\aktknwej.ini

C:\WINDOWS\system32\aojxqgbv.dll

C:\WINDOWS\system32\clbinit.dll

C:\WINDOWS\system32\conmawjf.ini

C:\WINDOWS\system32\eyebdpyh.ini

C:\WINDOWS\system32\fbumcxrm.dll

C:\WINDOWS\system32\geBsTkiH.dll

C:\WINDOWS\system32\gmcksxqi.dll

C:\WINDOWS\system32\idjthiqq.ini

C:\WINDOWS\system32\Jihhknpo.ini

C:\WINDOWS\system32\Jihhknpo.ini2

C:\WINDOWS\system32\jjeeancf.ini

C:\WINDOWS\system32\kdreknla.ini

C:\WINDOWS\system32\kfewmekd.ini

C:\WINDOWS\system32\khfGxWqP.dll

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\mfhcgkhq.ini

C:\WINDOWS\system32\mgremxix.ini

C:\WINDOWS\system32\mkrqggxn.dll

C:\WINDOWS\system32\MSINET.oca

C:\WINDOWS\system32\msnav32.ax

C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe

C:\WINDOWS\system32\nvs2.inf

C:\WINDOWS\system32\orgzpl.dll

C:\WINDOWS\system32\owcvjg.dll

C:\WINDOWS\system32\pac.txt

C:\WINDOWS\system32\sdmukfda.dll

C:\WINDOWS\system32\stera.job

C:\WINDOWS\system32\stera.log

C:\WINDOWS\system32\tuvUlkJb.dll

C:\WINDOWS\system32\vhphyasm.dll

C:\WINDOWS\system32\vtUmlLDw.dll

C:\WINDOWS\system32\winpfz33.sys

C:\WINDOWS\system32\xtfgseqp.ini

C:\WINDOWS\system32\xxywxXOF.dll

C:\WINDOWS\system32\zxdnt3d.cfg

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_CLBDRIVER

-------\Legacy_MSSECURITY1.209.4

-------\Service_clbdriver

 

 

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-28 to 2008-07-28 ))))))))))))))))))))))))))))))))))))

.

 

2008-07-28 13:20 . 2008-07-28 13:20 <REP> d-------- C:\Program Files\Trend Micro

2008-07-28 12:25 . 2008-07-28 12:25 1,374 --a------ C:\WINDOWS\system32\wpa.bak

2008-07-28 12:15 . 2004-08-05 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll

2008-07-28 12:14 . 2004-08-05 14:00 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll

2008-07-28 12:12 . 2008-07-28 12:12 749 -rah----- C:\WINDOWS\WindowsShell.Manifest

2008-07-28 12:12 . 2008-07-28 12:12 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest

2008-07-28 12:12 . 2008-07-28 12:12 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest

2008-07-28 12:12 . 2008-07-28 12:12 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest

2008-07-28 12:12 . 2008-07-28 12:12 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest

2008-07-28 12:12 . 2008-07-28 12:12 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest

2008-07-28 12:04 . 2004-08-05 14:00 1,086,058 -ra------ C:\WINDOWS\SET54.tmp

2008-07-28 12:04 . 2004-08-05 14:00 1,014,836 -ra------ C:\WINDOWS\SET51.tmp

2008-07-28 12:04 . 2004-08-05 14:00 14,043 -ra------ C:\WINDOWS\SET60.tmp

2008-07-25 16:05 . 2008-07-25 16:05 230 --a------ C:\WINDOWS\system32\spupdsvc.inf

2008-07-25 16:02 . 2006-11-17 20:28 66,048 --a------ C:\WINDOWS\ieResetIcons.exe

2008-07-25 15:31 . 2008-07-25 15:31 <REP> d-------- C:\Program Files\3B Software

2008-07-25 14:30 . 2008-07-25 14:30 0 --a------ C:\WINDOWS\nsreg.dat

2008-07-25 13:22 . 2008-07-25 13:22 <REP> d-------- C:\Program Files\AVG

2008-07-25 13:22 . 2008-07-25 13:22 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll.install_backup

2008-07-23 07:32 . 2008-07-23 07:32 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SAMSUNG

2008-07-23 07:13 . 2008-07-27 18:19 <REP> d-------- C:\WINDOWS\system32\kBin02

2008-07-21 07:28 . 2008-07-21 07:28 <REP> d-------- C:\WINDOWS\system32\carH18

2008-07-10 07:15 . 2008-07-25 16:59 111,567 --a------ C:\WINDOWS\BM5f054028.xml

2008-07-10 07:14 . 2008-07-28 13:41 <REP> d-------- C:\WINDOWS\system32\6358

2008-07-09 15:59 . 2008-07-25 15:14 <REP> d-------- C:\WINDOWS\system32\ver

2008-07-09 15:59 . 2008-07-26 00:33 <REP> d-------- C:\WINDOWS\system32\olixds18

2008-07-09 15:59 . 2008-07-25 15:12 <REP> d-------- C:\WINDOWS\system32\ole

2008-07-09 15:59 . 2008-07-26 00:30 <REP> d-------- C:\WINDOWS\system32\IP3

2008-07-09 15:59 . 2008-07-09 15:59 <REP> d-------- C:\WINDOWS\system32\dapi

2008-07-09 15:59 . 2008-07-25 16:18 <REP> d-------- C:\Temp

2008-07-09 15:59 . 2008-07-09 15:59 152,191 --a------ C:\WINDOWS\system32\g42.exe

2008-07-09 15:59 . 2004-08-05 04:00 4,224 --a------ C:\WINDOWS\system32\beep.sys

2008-07-04 14:26 . 2008-07-04 14:26 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\vlc

2008-07-04 14:25 . 2008-07-04 14:25 <REP> d-------- C:\Program Files\VLC

2008-07-04 14:23 . 2008-07-04 14:23 9,730,075 --a------ C:\Program Files\vlc-0.8.6f-win32.exe

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-28 11:31 --------- d-----w C:\Program Files\CA

2008-07-25 14:18 --------- d-----w C:\Program Files\Windows Media Connect 2

2008-07-25 14:13 --------- d-----w C:\Program Files\Altiris

2008-07-25 07:07 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\AdobeUM

2008-07-18 15:31 --------- d-----w C:\Program Files\Google

2008-05-30 14:25 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\ntr

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-06 15:22 524800]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-14 12:52 413696]

"Windows Logon Applicationedc"="C:\WINDOWS\system32\dllcache\winlogon.exe" [2004-08-05 14:00 506368]

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Deewoo.lnk]

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^DW_Start.lnk]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cuuso

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{67-73-31-1B-DW}

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srmclean]

--a------ 2001-07-24 23:34 36864 C:\cpqs\scom\srmclean.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\StubInstaller.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

S0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys []

S1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys []

S2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys []

S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00]

.

- - - - ORPHANS REMOVED - - - -

 

HKLM-Run-BM5f054028 - C:\WINDOWS\system32\mkrqggxn.dll

MSConfigStartUp-5c3673b4 - C:\WINDOWS\system32\sdmukfda.dll

MSConfigStartUp-BM5f054028 - C:\WINDOWS\system32\mkrqggxn.dll

MSConfigStartUp-ckiyy - c:\documents and settings\administrateur\local settings\application data\ckiyy.exe

 

 

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.orange.fr/

R0 -: HKLM-Main,Search Bar = hxxp://go.compaq.com/1Q00CDT/040C/bl8.asp

O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O17 -: HKLM\CCS\Interface\{A577A9F2-33E6-4EE2-904D-E63767CF5176}: NameServer = 85.255.115.62,85.255.112.100

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-28 13:44:11

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Calc.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-07-28 13:46:42 - machine was rebooted

ComboFix-quarantined-files.txt 2008-07-28 11:46:39

 

Pre-Run: 42,387,697,664 octets libres

Post-Run: 42,332,749,824 octets libres

 

183 --- E O F --- 2007-12-12 16:00:11

 

 

Et le nouveau rapport hijackthis_Normal :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:09:52, on 29/07/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" //mailurl:mailto:?body=http%3A%2F%2Fforum.zebulon.fr%2Fpre-nettoyage-d-un-pc-infecte-t83986.html&subject=Pr%C3%A9-Nettoyage%20d'un%20PC%20infect%C3%A9%20-%20Forums%20Zebulon.fr

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\WINDOWS\system32\dllcache\winlogon.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141893295953

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 4826 bytes

  • Modérateurs
Gof Devil Member !

Gof

Posté(e)
  • Modérateurs
Posté(e)

Re :P

 

Combofix est le dernier outil utilisé, ou tu en as encore utilisé derrière ?

 

Télécharge DiagHelp.zip de Malekal_morte sur ton bureau.

  • Décompresse le, sur ton bureau par exemple.
  • Un nouveau dossier chercher va être créé DiagHelp.
  • Ouvre le et double-clique sur go.cmd (le .cmd peut ne pas apparaître)
  • Une fenêtre va s'ouvrir, choisis l'option 1
  • L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur les touches quand on te le demande
  • Une fenêtre internet va s'ouvrir, suis les consignes. Que cela fonctionne ou non, ferme la fenêtre, un rapport va s'ouvrir
  • Copie/colle le contenu du bloc-note qui s'ouvre et joins le à ta prochaine réponse.

(il et possible que l'antivirus s'affole lors de l'analyse avec diaghelp, c'est un faux positif, il faut ignorer les alertes. )

noctoresse Junior Member

noctoresse

Posté(e)
  • Auteur
Posté(e)
Re :P

 

Combofix est le dernier outil utilisé, ou tu en as encore utilisé derrière ?

 

Télécharge DiagHelp.zip de Malekal_morte sur ton bureau.

  • Décompresse le, sur ton bureau par exemple.
  • Un nouveau dossier chercher va être créé DiagHelp.
  • Ouvre le et double-clique sur go.cmd (le .cmd peut ne pas apparaître)
  • Une fenêtre va s'ouvrir, choisis l'option 1
  • L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur les touches quand on te le demande
  • Une fenêtre internet va s'ouvrir, suis les consignes. Que cela fonctionne ou non, ferme la fenêtre, un rapport va s'ouvrir
  • Copie/colle le contenu du bloc-note qui s'ouvre et joins le à ta prochaine réponse.

(il et possible que l'antivirus s'affole lors de l'analyse avec diaghelp, c'est un faux positif, il faut ignorer les alertes. )

 

 

Tu peux supprimer Diaghelp.zip et le répertoire dans lequel tu l'as décompressé (sur ton bureau). Pense à supprimer les fichiers se trouvant sous C:\ : Diff.exe, grep.exe, ntbtlog_check.txt, et reboot.cmd.

 

 

Bonjour,

A part le scan d'Avast, puis celui de ZoneAlarm lors de l'install pas d'autre outil.

 

 

Voici le rapport DiagHelp :

 

 

DiagHelp version v1.4 - http://www.malekal.com

excute le 29/07/2008 à 7:34:23.68

 

 

Liste des derniers fichies modifies/crees dans windir\system32 et prefetch

C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->29/07/2008 07:33:35

C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->29/07/2008 07:32:48

C:\WINDOWS\prefetch\UPDCLIENT.EXE-215FC96B.pf -->29/07/2008 07:30:42

C:\WINDOWS\prefetch\UNINSTALL.EXE-0E8174C7.pf -->29/07/2008 07:28:50

C:\WINDOWS\prefetch\WRAR371FR.EXE-120BB124.pf -->29/07/2008 07:28:44

C:\WINDOWS\prefetch\RUNDLL32.EXE-451FC2C0.pf -->29/07/2008 07:28:17

C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf -->29/07/2008 07:27:58

C:\WINDOWS\prefetch\RUNDLL32.EXE-4489B61B.pf -->29/07/2008 07:27:57

C:\WINDOWS\prefetch\UPDATE.EXE-3AA868B4.pf -->29/07/2008 07:22:31

C:\WINDOWS\prefetch\UPDATE.EXE-2C47AD8E.pf -->29/07/2008 07:22:22

 

C:\WINDOWS\System32\drivers\fidbox.dat -->29/07/2008 07:30:41

C:\WINDOWS\System32\drivers\fidbox.idx -->29/07/2008 00:35:17

C:\WINDOWS\System32\drivers\aswFsBlk.sys -->19/07/2008 16:37:42

C:\WINDOWS\System32\drivers\aswmon2.sys -->19/07/2008 16:37:21

C:\WINDOWS\System32\drivers\aswSP.sys -->19/07/2008 16:35:18

C:\WINDOWS\System32\drivers\aswRdr.sys -->19/07/2008 16:33:42

C:\WINDOWS\System32\drivers\aswTdi.sys -->19/07/2008 16:32:36

 

C:\WINDOWS\System32\vsconfig.xml -->29/07/2008 07:14:17

C:\WINDOWS\System32\jupdate-1.6.0_07-b06.log -->28/07/2008 22:40:25

C:\WINDOWS\System32\wpa.dbl -->28/07/2008 22:33:21

C:\WINDOWS\System32\zllictbl.dat -->28/07/2008 22:33:01

C:\WINDOWS\System32\FNTCACHE.DAT -->28/07/2008 16:27:29

C:\WINDOWS\System32\PerfStringBackup.INI -->28/07/2008 16:14:36

C:\WINDOWS\System32\perfh00C.dat -->28/07/2008 16:14:36

C:\WINDOWS\System32\perfh009.dat -->28/07/2008 16:14:36

C:\WINDOWS\System32\perfc00C.dat -->28/07/2008 16:14:36

C:\WINDOWS\System32\perfc009.dat -->28/07/2008 16:14:36

C:\WINDOWS\System32\CONFIG.NT -->28/07/2008 14:04:37

C:\WINDOWS\System32\wpa.bak -->28/07/2008 12:25:19

C:\WINDOWS\System32\$winnt$.inf -->28/07/2008 12:17:16

C:\WINDOWS\System32\nscompat.tlb -->28/07/2008 12:13:51

C:\WINDOWS\System32\amcompat.tlb -->28/07/2008 12:13:51

C:\WINDOWS\System32\WindowsLogon.manifest -->28/07/2008 12:12:49

C:\WINDOWS\System32\logonui.exe.manifest -->28/07/2008 12:12:49

C:\WINDOWS\System32\wuaucpl.cpl.manifest -->28/07/2008 12:12:43

C:\WINDOWS\System32\sapi.cpl.manifest -->28/07/2008 12:12:43

C:\WINDOWS\System32\nwc.cpl.manifest -->28/07/2008 12:12:43

C:\WINDOWS\System32\ncpa.cpl.manifest -->28/07/2008 12:12:43

C:\WINDOWS\System32\cdplayer.exe.manifest -->28/07/2008 12:12:43

C:\WINDOWS\System32\emptyregdb.dat -->28/07/2008 12:11:45

C:\WINDOWS\System32\mapisvc.inf -->28/07/2008 12:11:22

C:\WINDOWS\System32\spupdsvc.inf -->25/07/2008 16:05:48

 

C:\WINDOWS\WindowsUpdate.log -->29/07/2008 07:28:21

C:\WINDOWS\KB951698.log -->29/07/2008 07:22:31

C:\WINDOWS\KB951748.log -->29/07/2008 07:22:21

C:\WINDOWS\KB950749.log -->29/07/2008 07:22:15

C:\WINDOWS\setupapi.log -->29/07/2008 07:15:42

C:\WINDOWS\0.log -->29/07/2008 07:14:15

C:\WINDOWS\wiadebug.log -->29/07/2008 07:14:14

C:\WINDOWS\ModemLog_Best Data Data Fax Modem.txt -->29/07/2008 07:14:14

C:\WINDOWS\wiaservc.log -->29/07/2008 07:14:09

C:\WINDOWS\SchedLgU.Txt -->29/07/2008 07:14:04

C:\WINDOWS\bootstat.dat -->29/07/2008 07:13:54

C:\WINDOWS\ntbtlog.txt -->28/07/2008 22:58:49

C:\WINDOWS\setupact.log -->28/07/2008 22:55:04

C:\WINDOWS\ODBC.INI -->28/07/2008 22:25:17

C:\WINDOWS\wmsetup.log -->28/07/2008 16:30:23

 

winlogon.exe

Verified: Signed

svchost.exe

Verified: Signed

ws2_32.dll

Verified: Signed

user32.dll

Verified: Signed

tcpip.sys

Verified: Signed

ndis.sys

Verified: Signed

null.sys

Verified: Signed

 

 

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

------------------------------------------------------------------------------

explorer.exe pid: 1620

Command line: C:\WINDOWS\Explorer.EXE

 

Base Size Version Path

0x76f80000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL

0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll

0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL

0x7d200000 0x2b2000 3.00.3790.2180 C:\WINDOWS\system32\msi.dll

0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll

0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll

0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll

0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll

0x00c60000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll

0x10000000 0xb000 6.00.0000.0878 C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll

 

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

------------------------------------------------------------------------------

winlogon.exe pid: 672

Command line: winlogon.exe

 

Base Size Version Path

0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe

0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll

0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll

0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL

0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll

0x76f80000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL

 

 

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 5C36-731B

 

Répertoire de C:\WINDOWS\system32

 

05/08/2004 14:00 6 144 csrss.exe

1 fichier(s) 6 144 octets

0 Rép(s) 41 900 986 368 octets libres

 

Contenu de Downloaded Program Files

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 5C36-731B

 

Répertoire de C:\WINDOWS\Downloaded Program Files

 

14/05/2008 12:52 <REP> .

14/05/2008 12:52 <REP> ..

28/07/2008 12:12 65 desktop.ini

28/03/2008 21:33 144 QTPlugin.inf

02/12/2005 11:55 5 101 swflash.inf

26/05/2005 05:19 291 wuweb.inf

4 fichier(s) 5 601 octets

 

Total des fichiers listés :

4 fichier(s) 5 601 octets

2 Rép(s) 41 900 986 368 octets libres

 

Recherche de rootkit! (Merci S!Ri)

 

Recherche d'infections connues

 

Export des clefs sensibles..

 

 

Liste des fichiers en exception sur le pare-feu XP SP2

 

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

 

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

 

Export de la clef SharedTaskScheduler

 

[sharedTaskScheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

 

 

 

exports des policies

REGEDIT4

 

[system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

"DisableRegistryTools"=dword:00000000

"HideLegacyLogonScripts"=dword:00000000

"HideLogoffScripts"=dword:00000000

"RunLogonScriptSync"=dword:00000001

"RunStartupScriptSync"=dword:00000000

"HideStartupScripts"=dword:00000000

 

 

 

Export des clefs sensibles..

Rechercher adresses sensibles dans le fichier HOSTS...

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-29 07:35:28

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden services & system hive ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden services: 0

hidden files: 0

 

 

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

 

Process list by traversal of KiWaitListHead

 

4 - System

180 - cisvc.exe

228 - MDM.EXE

648 - csrss.exe

672 - winlogon.exe

716 - services.exe

728 - lsass.exe

836 - cmd.exe

872 - svchost.exe

940 - svchost.exe

980 - svchost.exe

1024 - svchost.exe

1236 - svchost.exe

1260 - svchost.exe

1300 - vsmon.exe

1536 - ashServ.exe

1612 - ashMaiSv.exe

1620 - explorer.exe

1792 - ashDisp.exe

1800 - zlclient.exe

2036 - ashWebSv.exe

2268 - alg.exe

2452 - firefox.exe

3032 - cidaemon.exe

 

Total number of processes = 24

NOTE: Under WinXP, this will not show all processes.

 

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

 

Driver/Module list by traversal of PsLoadedModuleList

 

804D7000 - \WINDOWS\system32\ntoskrnl.exe

806EC000 - \WINDOWS\system32\hal.dll

F8A42000 - \WINDOWS\system32\KDCOM.DLL

F8952000 - \WINDOWS\system32\BOOTVID.dll

F84F2000 - ACPI.sys

F8A44000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS

F84E1000 - pci.sys

F8542000 - isapnp.sys

F8B0A000 - pciide.sys

F87C2000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

F8552000 - MountMgr.sys

F84C2000 - ftdisk.sys

F8A46000 - dmload.sys

F849C000 - dmio.sys

F87CA000 - PartMgr.sys

F8562000 - VolSnap.sys

F8484000 - atapi.sys

F8572000 - disk.sys

F8582000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

F8465000 - fltMgr.sys

F8453000 - sr.sys

F843C000 - KSecDD.sys

F8429000 - WudfPf.sys

F839C000 - Ntfs.sys

F836F000 - NDIS.sys

F835B000 - srescan.sys

F8340000 - Mup.sys

F86E2000 - \SystemRoot\system32\DRIVERS\intelppm.sys

F82E1000 - \SystemRoot\system32\DRIVERS\ialmnt5.sys

F82CD000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

F883A000 - \SystemRoot\system32\DRIVERS\usbuhci.sys

F82AA000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS

F8842000 - \SystemRoot\system32\DRIVERS\usbehci.sys

F81CC000 - \SystemRoot\system32\DRIVERS\HCF_MSFT.sys

F884A000 - \SystemRoot\System32\Drivers\Modem.SYS

F81A8000 - \SystemRoot\system32\DRIVERS\e100b325.sys

F8197000 - \SystemRoot\system32\DRIVERS\serial.sys

F89E2000 - \SystemRoot\system32\DRIVERS\serenum.sys

F8183000 - \SystemRoot\system32\DRIVERS\parport.sys

F86F2000 - \SystemRoot\system32\DRIVERS\i8042prt.sys

F8852000 - \SystemRoot\system32\DRIVERS\kbdclass.sys

F8702000 - \SystemRoot\system32\DRIVERS\imapi.sys

F8712000 - \SystemRoot\system32\DRIVERS\cdrom.sys

F8722000 - \SystemRoot\system32\DRIVERS\redbook.sys

F8160000 - \SystemRoot\system32\DRIVERS\ks.sys

F80D2000 - \SystemRoot\system32\drivers\smwdm.sys

F80AE000 - \SystemRoot\system32\drivers\portcls.sys

F8732000 - \SystemRoot\system32\drivers\drmk.sys

F8A5E000 - \SystemRoot\system32\drivers\aeaudio.sys

F8BAB000 - \SystemRoot\system32\DRIVERS\audstub.sys

F8742000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys

F89EA000 - \SystemRoot\system32\DRIVERS\ndistapi.sys

F8097000 - \SystemRoot\system32\DRIVERS\ndiswan.sys

F8752000 - \SystemRoot\system32\DRIVERS\raspppoe.sys

F8762000 - \SystemRoot\system32\DRIVERS\raspptp.sys

F885A000 - \SystemRoot\system32\DRIVERS\TDI.SYS

F8086000 - \SystemRoot\system32\DRIVERS\psched.sys

F8772000 - \SystemRoot\system32\DRIVERS\msgpc.sys

F886A000 - \SystemRoot\system32\DRIVERS\ptilink.sys

F8872000 - \SystemRoot\system32\DRIVERS\raspti.sys

F8055000 - \SystemRoot\system32\DRIVERS\rdpdr.sys

F8782000 - \SystemRoot\system32\DRIVERS\termdd.sys

F887A000 - \SystemRoot\system32\DRIVERS\mouclass.sys

F8A64000 - \SystemRoot\system32\DRIVERS\swenum.sys

F7FF9000 - \SystemRoot\system32\DRIVERS\update.sys

F8A0E000 - \SystemRoot\system32\DRIVERS\mssmbios.sys

F8792000 - \SystemRoot\System32\Drivers\NDProxy.SYS

EFF45000 - \SystemRoot\system32\drivers\ialmkchw.sys

EFF27000 - \SystemRoot\system32\drivers\ialmsbw.sys

F87B2000 - \SystemRoot\system32\DRIVERS\usbhub.sys

F8A6A000 - \SystemRoot\system32\DRIVERS\USBD.SYS

F8A36000 - \SystemRoot\system32\drivers\MODEMCSA.sys

EFE3C000 - \SystemRoot\system32\DRIVERS\klif.sys

F8310000 - \SystemRoot\system32\DRIVERS\hidusb.sys

F85E2000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

F888A000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

F8A90000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS

F8C7F000 - \SystemRoot\System32\Drivers\Null.SYS

F8A92000 - \SystemRoot\System32\Drivers\Beep.SYS

F8892000 - \SystemRoot\System32\drivers\vga.sys

F8A94000 - \SystemRoot\System32\Drivers\mnmdd.SYS

F8A96000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys

F889A000 - \SystemRoot\System32\Drivers\Msfs.SYS

F88A2000 - \SystemRoot\System32\Drivers\Npfs.SYS

F830C000 - \SystemRoot\system32\DRIVERS\rasacd.sys

EFA6F000 - \SystemRoot\system32\DRIVERS\ipsec.sys

EFA17000 - \SystemRoot\system32\DRIVERS\tcpip.sys

F85F2000 - \SystemRoot\System32\Drivers\aswTdi.SYS

EF9EF000 - \SystemRoot\system32\DRIVERS\netbt.sys

EF98F000 - \SystemRoot\System32\vsdatant.sys

EF96D000 - \SystemRoot\System32\drivers\afd.sys

F8602000 - \SystemRoot\system32\DRIVERS\netbios.sys

EF94C000 - \SystemRoot\system32\DRIVERS\ipnat.sys

F8612000 - \SystemRoot\system32\DRIVERS\wanarp.sys

F88AA000 - \SystemRoot\System32\Drivers\StarOpen.SYS

EF920000 - \SystemRoot\system32\DRIVERS\rdbss.sys

EF889000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys

F8632000 - \SystemRoot\System32\Drivers\Fips.SYS

EF872000 - \SystemRoot\System32\Drivers\aswSP.SYS

F89DE000 - \SystemRoot\system32\DRIVERS\mouhid.sys

F88D2000 - \SystemRoot\System32\Drivers\Aavmker4.SYS

EFEE7000 - \SystemRoot\System32\Drivers\Cdfs.SYS

EF7BA000 - \SystemRoot\System32\Drivers\dump_atapi.sys

F8ABA000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS

BF800000 - \SystemRoot\System32\win32k.sys

F892A000 - \SystemRoot\System32\watchdog.sys

EFE6B000 - \SystemRoot\System32\drivers\Dxapi.sys

BF9C1000 - \SystemRoot\System32\drivers\dxg.sys

F8B7C000 - \SystemRoot\System32\drivers\dxgthk.sys

BF9E1000 - \SystemRoot\System32\ialmdnt5.dll

BF9D3000 - \SystemRoot\System32\ialmrnt5.dll

BFA03000 - \SystemRoot\System32\ialmdev5.DLL

BFA34000 - \SystemRoot\System32\ialmdd5.DLL

F87EA000 - \SystemRoot\system32\DRIVERS\aswFsBlk.sys

EF76E000 - \SystemRoot\system32\DRIVERS\ndisuio.sys

EF394000 - \SystemRoot\System32\Drivers\aswMon2.SYS

EF137000 - \SystemRoot\system32\DRIVERS\mrxdav.sys

EF0FA000 - \SystemRoot\system32\drivers\wdmaud.sys

EFF07000 - \SystemRoot\system32\drivers\sysaudio.sys

EEED0000 - \SystemRoot\system32\DRIVERS\fallback.sys

EEEB4000 - \SystemRoot\system32\DRIVERS\fsksnt.sys

EEE54000 - \SystemRoot\system32\DRIVERS\k56nt.sys

EEE01000 - \SystemRoot\system32\DRIVERS\srv.sys

EF24C000 - \SystemRoot\system32\DRIVERS\mdmxsdk.sys

EEDA9000 - \SystemRoot\system32\DRIVERS\faxnt.sys

EF4C2000 - \SystemRoot\system32\DRIVERS\tonesnt.sys

EEC67000 - \SystemRoot\system32\DRIVERS\v124nt.sys

EEA1E000 - \SystemRoot\System32\Drivers\HTTP.sys

EEB0F000 - \SystemRoot\System32\Drivers\aswRdr.SYS

EE79C000 - \SystemRoot\system32\drivers\kmixer.sys

F890A000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS

EE779000 - \SystemRoot\System32\Drivers\Fastfat.SYS

F8C01000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

 

Total number of drivers = 133

 

Liste des programmes installes

 

Adobe Flash Player 9 ActiveX

Adobe Flash Player ActiveX

Adobe Reader 6.0 - Français

Archiveur WinRAR

avast! Antivirus

Canon i550

Catalogue PL Würth France

Colin McRae Rally 3

DeepBurner v1.8.0.224

Google Earth

HijackThis 2.0.2

i-minitel ADSL

Intel® Extreme Graphics 2 Driver

Intel® PRO Network Adapters and Drivers

J2SE Runtime Environment 5.0 Update 8

Java 2 Runtime Environment, SE v1.4.2_01

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

K-Lite Codec Pack 2.81 Full

Lecteur Windows Media 10

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 French Language Pack

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft Office Basic Edition 2003

Microsoft Visual C++ 2005 Redistributable

Mozilla Firefox (3.0.1)

OLITEC PCI V92 Ready V2 Data,Fax Modem

Registry Repair Pro

SAMSUNG Mobile Modem Driver Set

Samsung Mobile phone USB driver Software

SAMSUNG Mobile USB Modem 1.0 Software

SAMSUNG Mobile USB Modem Software

Samsung PC Studio 3

Samsung PC Studio 3

Samsung PC Studio 3 USB Driver Installer

Samsung Samples Installer

SoundMAX

VideoLAN VLC media player 0.8.6f

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool

Windows Media Format 11 runtime

Windows Media Format Runtime

Windows Media Player 11

ZoneAlarm

 

 

 

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 5C36-731B

 

Répertoire de C:\Program Files

 

28/07/2008 14:56 <REP> .

28/07/2008 14:56 <REP> ..

25/07/2008 15:31 <REP> 3B Software

09/03/2006 18:20 <REP> Adobe

25/07/2008 16:13 <REP> Altiris

28/07/2008 14:04 <REP> Alwil Software

09/03/2006 18:20 <REP> Analog Devices

13/12/2006 13:23 <REP> Astonsoft

25/07/2008 13:22 <REP> AVG

28/07/2008 13:31 <REP> CA

19/10/2007 16:48 <REP> Canon_i550x

27/02/2007 13:20 <REP> Codemasters

31/10/2007 09:01 <REP> Common Files

09/03/2006 18:20 <REP> Compaq

09/03/2006 18:20 <REP> ComPlus Applications

30/03/2006 11:18 <REP> CONEXANT

28/07/2008 13:54 <REP> Fichiers communs

18/07/2008 17:31 <REP> Google

28/07/2008 12:12 <REP> Internet Explorer

28/07/2008 22:40 <REP> Java

13/02/2007 08:32 <REP> K-Lite Codec Pack

26/03/2008 13:20 <REP> LimeWire

09/03/2006 18:59 <REP> Messenger

09/03/2006 18:20 <REP> microsoft frontpage

30/03/2006 11:38 <REP> Microsoft Office

30/03/2006 11:38 <REP> Microsoft Visual Studio

30/03/2006 11:38 <REP> Microsoft Works

30/03/2006 11:38 <REP> Microsoft.NET

03/01/2008 10:04 <REP> MinitelADSL

09/03/2006 18:20 <REP> Movie Maker

29/07/2008 07:14 <REP> Mozilla Firefox

09/03/2006 18:20 <REP> MSN

28/07/2008 12:14 <REP> msn gaming zone

09/03/2006 18:20 <REP> NetMeeting

28/07/2008 12:12 <REP> Outlook Express

14/05/2008 12:52 <REP> QuickTime

09/03/2006 10:29 <REP> Raccourcis de programmes

14/09/2006 07:34 <REP> Rockstar Games

27/05/2008 13:06 <REP> Samsung

09/03/2006 18:20 <REP> Services en ligne

28/07/2008 13:20 <REP> Trend Micro

04/07/2008 14:25 <REP> VLC

04/07/2008 14:23 9 730 075 vlc-0.8.6f-win32.exe

25/07/2008 16:18 <REP> Windows Media Connect 2

28/07/2008 12:14 <REP> Windows Media Player

09/03/2006 18:20 <REP> Windows NT

29/07/2008 07:29 <REP> WinRAR

25/04/2006 15:17 <REP> Wurth

09/03/2006 18:20 <REP> xerox

28/07/2008 14:56 <REP> Zone Labs

1 fichier(s) 9 730 075 octets

49 Rép(s) 41 896 206 336 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 5C36-731B

 

Répertoire de C:\Program Files\fichiers communs

 

28/07/2008 13:54 <REP> .

28/07/2008 13:54 <REP> ..

31/03/2006 10:50 <REP> Adobe

30/03/2006 11:38 <REP> DESIGNER

22/08/2006 13:22 <REP> InstallShield

09/03/2006 18:20 <REP> Java

25/07/2008 13:21 <REP> Microsoft Shared

09/03/2006 18:20 <REP> MSSoap

09/03/2006 18:20 <REP> ODBC

09/03/2006 18:20 <REP> Services

09/03/2006 18:20 <REP> SpeechEngines

28/07/2008 12:12 <REP> System

0 fichier(s) 0 octets

12 Rép(s) 41 896 202 240 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 5C36-731B

 

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

 

30/03/2006 11:38 <REP> .

30/03/2006 11:38 <REP> ..

30/03/2006 11:38 <REP> 1033

30/03/2006 11:38 <REP> 1036

11/07/2003 10:15 1 292 872 MSONSEXT.DLL

15/07/2003 06:52 35 896 MSOSV.DLL

03/06/1999 07:09 122 937 MSOWS409.DLL

07/03/2001 02:00 127 033 MSOWS40c.DLL

11/07/2003 02:25 80 448 PKMWS.DLL

5 fichier(s) 1 659 186 octets

4 Rép(s) 41 896 202 240 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 5C36-731B

 

Répertoire de C:\Program Files\common files

 

31/10/2007 09:01 <REP> .

31/10/2007 09:01 <REP> ..

25/07/2008 14:22 <REP> Companion Wizard

0 fichier(s) 0 octets

3 Rép(s) 41 896 202 240 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 5C36-731B

 

Répertoire de C:\

 

31/10/2005 17:56 700 416 StubInstaller.exe

1 fichier(s) 700 416 octets

0 Rép(s) 41 896 202 240 octets libres

 

 

 

 

c:\Documents and Settings\Administrateur\Application Data\FrostWire\.NetworkShare\LimeWireWin4.16.6.exe

c:\Documents and Settings\Administrateur\Bureau\ComboFix_SansEchec.exe

c:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Calc.exe

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Inst2\Cnmvsa.exe

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Inst2\helpkicker.exe

c:\Documents and Settings\PLS-FOS\.limewire\.NetworkShare\LimeWireWin4.16.6.exe

c:\Documents and Settings\PLS-FOS\Local Settings\Temp\072808221218\z4barSpInstall.exe

c:\Documents and Settings\PLS-FOS\Local Settings\Temporary Internet Files\Content.IE5\C1MNKDQB\zlsSetup_70_483_000_fr[1].exe

c:\Documents and Settings\PLS-FOS\Mes documents\codec.exe

c:\Documents and Settings\PLS-FOS\Mes documents\GoogleEarthWin.exe

c:\Documents and Settings\PLS-FOS\Mes documents\install_flash_player.exe

c:\Documents and Settings\PLS-FOS\Mes documents\klcodec281f.exe

c:\Documents and Settings\PLS-FOS\Mes documents\vlc-0.8.6f-win32.exe

c:\Documents and Settings\PLS-FOS\Mes documents\zaSetup_fr.exe

c:\Documents and Settings\PLS-FOS\Mes documents\Anti-Virus\ComboFix_SansEchec.exe

c:\Documents and Settings\PLS-FOS\Mes documents\Anti-Virus\Nouveau dossier\DiagHelp\catchme.exe

c:\Documents and Settings\PLS-FOS\Mes documents\Anti-Virus\Nouveau dossier\DiagHelp\diff.exe

c:\Documents and Settings\PLS-FOS\Mes documents\Anti-Virus\Nouveau dossier\DiagHelp\dumphive.exe

c:\Documents and Settings\PLS-FOS\Mes documents\Anti-Virus\Nouveau dossier\DiagHelp\FilesInfoCmd.exe

c:\Documents and Settings\PLS-FOS\Mes documents\Anti-Virus\Nouveau dossier\DiagHelp\find2.exe

c:\Documents and Settings\PLS-FOS\Mes documents\Anti-Virus\Nouveau dossier\DiagHelp\Fport.exe

c:\Documents and Settings\PLS-FOS\Mes documents\Anti-Virus\Nouveau dossier\DiagHelp\grep.exe

c:\Documents and Settings\PLS-FOS\Mes documents\Anti-Virus\Nouveau dossier\DiagHelp\gzip.exe

c:\Documents and Settings\PLS-FOS\Mes documents\Anti-Virus\Nouveau dossier\DiagHelp\KProcCheck.exe

c:\Documents and Settings\PLS-FOS\Mes documents\Anti-Virus\Nouveau dossier\DiagHelp\LFiles.exe

c:\Documents and Settings\PLS-FOS\Mes documents\Anti-Virus\Nouveau dossier\DiagHelp\LISTDLLS.exe

c:\Documents and Settings\PLS-FOS\Mes documents\Anti-Virus\Nouveau dossier\DiagHelp\md5sums.exe

c:\Documents and Settings\PLS-FOS\Mes documents\Anti-Virus\Nouveau dossier\DiagHelp\pslist.exe

c:\Documents and Settings\PLS-FOS\Mes documents\Anti-Virus\Nouveau dossier\DiagHelp\sigcheck.exe

c:\Documents and Settings\PLS-FOS\Mes documents\Anti-Virus\Nouveau dossier\DiagHelp\streams.exe

c:\Documents and Settings\PLS-FOS\Mes documents\Anti-Virus\Nouveau dossier\DiagHelp\swreg.exe

c:\Documents and Settings\PLS-FOS\Mes documents\Anti-Virus\Nouveau dossier\DiagHelp\tar.exe

c:\Documents and Settings\PLS-FOS\Mes documents\Cedric\GoogleEarthWin.exe

c:\Documents and Settings\PLS-FOS\Mes documents\Cedric\MARIAGE\docu0018.EXE

c:\Documents and Settings\PLS-FOS\Mes documents\Mes images\iTunesSetup.exe

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0404\CNMlr49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0404\CNMsr49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0404\CNMur49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0405\CNMlr49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0405\CNMsr49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0405\CNMur49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0406\CNMlr49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0406\CNMsr49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0406\CNMur49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0407\CNMlr49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0407\CNMsr49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0407\CNMur49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0408\CNMlr49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0408\CNMsr49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0408\CNMur49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0409\CNMlr49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0409\CNMsr49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0409\CNMur49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\040b\CNMlr49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\040b\CNMsr49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\040b\CNMur49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\040c\CNMlr49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\040c\CNMsr49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\040c\CNMur49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\040e\CNMlr49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\040e\CNMsr49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\040e\CNMur49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0410\CNMlr49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0410\CNMsr49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0410\CNMur49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0412\CNMlr49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0412\CNMsr49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0412\CNMur49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0413\CNMlr49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0413\CNMsr49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0413\CNMur49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0414\CNMlr49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0414\CNMsr49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0414\CNMur49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0415\CNMlr49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0415\CNMsr49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0415\CNMur49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0419\CNMlr49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0419\CNMsr49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0419\CNMur49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\041D\CNMlr49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\041D\CNMsr49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\041D\CNMur49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\041E\CNMlr49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\041E\CNMsr49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\041E\CNMur49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0804\CNMlr49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0804\CNMsr49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0804\CNMur49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0816\CNMlr49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0816\CNMsr49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0816\CNMur49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0c0a\CNMlr49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0c0a\CNMsr49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0c0a\CNMur49.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMBR153.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMDRV.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMDUMP4.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMFUS.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMI550.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMINST.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLMON2.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLR.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLRCN.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLRCZ.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLRDE.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLRDK.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLRES.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLRFI.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLRFR.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLRGR.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLRHU.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLRIT.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLRKR.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLRNL.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLRNO.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLRPL.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLRPT.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLRRU.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLRSE.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLRTH.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLRTW.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMO153.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMP_153.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMPCOMM.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMPD.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMPP.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMPV.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMQUEUE.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSMSD.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSR.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSRCN.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSRCZ.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSRDE.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSRDK.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSRES.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSRFI.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSRFR.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSRGR.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSRHU.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSRIT.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSRKR.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSRNL.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSRNO.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSRPL.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSRPT.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSRRU.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSRSE.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSRTH.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSRTW.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSTMN.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMUI.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMUR.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMURCN.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMURCZ.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMURDE.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMURDK.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMURES.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMURFI.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMURFR.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMURGR.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMURHU.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMURIT.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMURKR.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMURNL.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMURNO.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMURPL.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMURPT.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMURRU.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMURSE.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMURTH.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMURTW.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMVS.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMW3.DLL

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Inst2\cnmi040c.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Inst2\cnminst2.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Inst2\cnmis.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Inst2\cnmis4.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Inst2\cnmis5.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Inst2\devid.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0401\CNMlr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0401\CNMsr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0401\CNMur87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0404\CNMlr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0404\CNMsr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0404\CNMur87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0405\CNMlr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0405\CNMsr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0405\CNMur87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0406\CNMlr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0406\CNMsr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0406\CNMur87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0407\CNMlr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0407\CNMsr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0407\CNMur87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0408\CNMlr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0408\CNMsr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0408\CNMur87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0409\CNMlr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0409\CNMsr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0409\CNMur87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\040b\CNMlr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\040b\CNMsr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\040b\CNMur87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\040c\CNMlr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\040c\CNMsr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\040c\CNMur87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\040e\CNMlr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\040e\CNMsr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\040e\CNMur87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0410\CNMlr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0410\CNMsr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0410\CNMur87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0411\CNMlr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0411\CNMsr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0411\CNMur87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0412\CNMlr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0412\CNMsr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0412\CNMur87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0413\CNMlr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0413\CNMsr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0413\CNMur87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0414\CNMlr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0414\CNMsr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0414\CNMur87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0415\CNMlr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0415\CNMsr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0415\CNMur87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0419\CNMlr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0419\CNMsr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0419\CNMur87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\041D\CNMlr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\041D\CNMsr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\041D\CNMur87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\041E\CNMlr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\041E\CNMsr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\041E\CNMur87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\041F\CNMlr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\041F\CNMsr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\041F\CNMur87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0804\CNMlr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0804\CNMsr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0804\CNMur87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0816\CNMlr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0816\CNMsr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0816\CNMur87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0c0a\CNMlr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0c0a\CNMsr87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0c0a\CNMur87.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0401\CNMlr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0401\CNMsr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0401\CNMur93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0404\CNMlr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0404\CNMsr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0404\CNMur93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0405\CNMlr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0405\CNMsr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0405\CNMur93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0406\CNMlr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0406\CNMsr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0406\CNMur93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0407\CNMlr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0407\CNMsr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0407\CNMur93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0408\CNMlr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0408\CNMsr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0408\CNMur93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0409\CNMlr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0409\CNMsr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0409\CNMur93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\040b\CNMlr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\040b\CNMsr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\040b\CNMur93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\040c\CNMlr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\040c\CNMsr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\040c\CNMur93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\040e\CNMlr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\040e\CNMsr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\040e\CNMur93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0410\CNMlr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0410\CNMsr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0410\CNMur93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0411\CNMlr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0411\CNMsr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0411\CNMur93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0412\CNMlr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0412\CNMsr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0412\CNMur93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0413\CNMlr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0413\CNMsr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0413\CNMur93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0414\CNMlr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0414\CNMsr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0414\CNMur93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0415\CNMlr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0415\CNMsr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0415\CNMur93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0419\CNMlr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0419\CNMsr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0419\CNMur93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\041D\CNMlr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\041D\CNMsr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\041D\CNMur93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\041E\CNMlr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\041E\CNMsr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\041E\CNMur93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\041F\CNMlr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\041F\CNMsr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\041F\CNMur93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0421\CNMlr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0421\CNMsr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0421\CNMur93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0804\CNMlr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0804\CNMsr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0804\CNMur93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0816\CNMlr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0816\CNMsr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0816\CNMur93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0c0a\CNMlr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0c0a\CNMsr93.dll

c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0c0a\CNMur93.dll

c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

 

****** Fin du rapport DiagHelp

Veuillez svp envoyer le fichier C:\upload_moi_PC-FOS.tar.gz a l'adresse http://upload.malekal.com

  • Modérateurs
Gof Devil Member !

Gof

Posté(e)
  • Modérateurs
Posté(e)

Bonjour Noctoresse,

 

Bon, il y a ou il y a eu de tout sur ce système : du smitfraud, magicagent, wareout, vundo.... Une vraie usine à gaz ce système : Limewire n'y est sans doute pas étranger. Ce qui est ennuyeux, c'est que je ne sais pas ce que vaut le dernier rapport Combofix vu qu'il y a eu encore des passages d'outils derrière. De plus, certains outils spécifiques à des infections particulières peuvent ne plus fonctionner car d'autres ont partiellement traité ces infections n'en laissant pas suffisamment pour que ces dernières soient traitées par les outils adaptés.

On va donc dans un premier temps ignorer la rapport combofix et lancer une analyse avec les outils spécifiques histoire de voir où on en est. Avast devrait réagir à ces outils, il faut le désactiver ou ignorer les alertes.

 

 

flechedroite.png Télécharge SmitfraudFix sur ton bureau.

  • Décompresse totalité de l'archive smitfraudfix.zip dans un dossier dédié sur ton bureau.
  • Double-clique sur smitfraudfix.cmd
  • Sélectionne 1 pour créer un rapport des fichiers responsables de l'infection.
  • Poste le rapport sur le forum dans ta prochaine réponse.
    Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

 

flechedroite.png Télécharge Navilog1 de Il-Mafioso et enregistre-le sur ton bureau.

  • Ensuite double clique sur navilog1.exe pour lancer l'installation.
  • Une fois l'installation terminée, le fix s'exécutera automatiquement.
    (Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
  • Laisse-toi guider. Au menu principal, choisis 1 et valide.
    Patiente jusqu'au message : *** Analyse Termine le ..... ***
  • Appuie sur une touche comme demandé, le bloc-notes va s'ouvrir.
  • Copie-colle l'intégralité dans ta prochaine réponse. Referme le bloc-notes.
    Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

 

flechedroite.png Télécharge le FixWareout (LonnyRJones) sur le Bureau.

**Si le lien ne fonctionne pas, clique ici**

 

Lance le fix (FixWareout.exe), clique sur Next puis Install.

Assure-toi que Run fixit soit bien activé puis clique sur Finish.

Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le.

Ton système mettra un peu plus de temps au démarrage, c'est normal.

noctoresse Junior Member

noctoresse

Posté(e)
  • Auteur
Posté(e)

Voici les rapports demandés.

Encore merci pour toute l'équipe qui se donne tant de mal pour nous sauver pauvres ignares que nous sommes.

 

Rapport SmitfraudFix :

 

SmitFraudFix v2.331

 

Rapport fait à 15:13:24.57, 29/07/2008

Executé à partir de F:\Virus\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Le type du système de fichiers est NTFS

Fix executé en mode normal

 

»»»»»»»»»»»»»»»»»»»»»»»» Process

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\cmd.exe

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\PLS-FOS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\PLS-FOS\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PLS-FOS\Favoris

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Ma page d'accueil"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{56BCF159-EBC0-4405-86C2-25B1E4F67E48}: DhcpNameServer=85.255.115.62,85.255.112.100

HKLM\SYSTEM\CS1\Services\Tcpip\..\{56BCF159-EBC0-4405-86C2-25B1E4F67E48}: DhcpNameServer=85.255.115.62,85.255.112.100

HKLM\SYSTEM\CS2\Services\Tcpip\..\{56BCF159-EBC0-4405-86C2-25B1E4F67E48}: DhcpNameServer=85.255.115.62,85.255.112.100

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin

 

 

Rapport Navilog1 :

 

 

Search Navipromo version 3.6.1 commencé le 29/07/2008 à 15:19:02.42

 

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!

!!! Postez ce rapport sur le forum pour le faire analyser !!!

!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

 

Outil exécuté depuis C:\Program Files\navilog1

Session actuelle : "PLS-FOS"

 

Mise à jour le 19.07.2008 à 20h00 par IL-MAFIOSO

 

 

Microsoft Windows XP [version 5.1.2600]

Internet Explorer : 6.0.2900.2180

Système de fichiers : NTFS

 

Recherche executé en mode normal

 

*** Recherche Programmes installés ***

 

 

*** Recherche dossiers dans "C:\WINDOWS" ***

 

 

*** Recherche dossiers dans "C:\Program Files" ***

 

 

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

 

 

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***

 

 

*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

 

 

*** Recherche dossiers dans "C:\Documents and Settings\PLS-FOS\applic~1" ***

 

 

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***

 

 

*** Recherche dossiers dans "C:\Documents and Settings\PLS-FOS\locals~1\applic~1" ***

 

 

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***

 

 

*** Recherche dossiers dans "C:\Documents and Settings\PLS-FOS\menudm~1\progra~1" ***

 

 

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***

 

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***

pour + d'infos : http://www.gmer.net

 

Aucun Fichier Navipromo trouvé

 

 

*** Recherche avec GenericNaviSearch ***

!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!

!!! A vérifier impérativement avant toute suppression manuelle !!!

 

* Recherche dans "C:\WINDOWS\system32" *

 

* Recherche dans "C:\Documents and Settings\PLS-FOS\locals~1\applic~1" *

 

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

 

 

 

*** Recherche fichiers ***

 

 

 

*** Recherche clés spécifiques dans le Registre ***

 

 

*** Module de Recherche complémentaire ***

(Recherche fichiers spécifiques)

 

1)Recherche nouveaux fichiers Instant Access :

 

 

2)Recherche Heuristique :

 

* Dans "C:\WINDOWS\system32" :

 

 

* Dans "C:\Documents and Settings\PLS-FOS\locals~1\applic~1" :

 

 

* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :

 

 

3)Recherche Certificats :

 

Certificat Egroup absent !

Certificat Electronic-Group absent !

Certificat OOO-Favorit absent !

Certificat Sunny-Day-Design-Ltd absent !

 

4)Recherche fichiers connus :

 

 

 

*** Analyse terminée le 29/07/2008 à 15:21:57.73 ***

 

 

Rapport Fixwareout :

 

 

Username "PLS-FOS" - 29/07/2008 15:35:35 [Fixwareout edited 9/01/2007]

 

~~~~~ Prerun check

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{56BCF159-EBC0-4405-86C2-25B1E4F67E48}

"DhcpNameServer"="85.255.115.62,85.255.112.100" <Value cleared.

 

Cache de résolution DNS vidé.

System was rebooted successfully.

 

~~~~~ Postrun check

HKLM\SOFTWARE\~\Winlogon\ "System"=""

....

....

~~~~~ Misc files.

....

~~~~~ Checking for older varients.

....

 

~~~~~ Current runs (hklm hkcu "run" Keys Only)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe\""

"SetRefresh"="C:\\Program Files\\Compaq\\SetRefresh\\SetRefresh.exe"

"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

"Windows Logon Applicationedc"="C:\\WINDOWS\\system32\\dllcache\\winlogon.exe"

"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

....

Hosts file was reset, If you use a custom hosts file please replace it...

~~~~~ End report ~~~~~

  • Modérateurs
Gof Devil Member !

Gof

Posté(e)
  • Modérateurs
Posté(e)

Bonsoir noctoresse :P

 

Les infections identifiées précédemment ne sont plus actives. Poste moi un nouveau rapport Combofix qu'on y voit plus clair.

noctoresse Junior Member

noctoresse

Posté(e)
  • Auteur
Posté(e)

Bonsoir Gof,

 

Pour info, les trois rapports de cet après-midi ont été lancés sans connexion avec internet (important ?).

 

Voici le dernier rapport ComboFix :

 

ComboFix 08-07-27.5 - PLS-FOS 2008-07-29 23:20:30.3 - NTFSx86 MINIMAL

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.389 [GMT 2:00]

Endroit: C:\Documents and Settings\PLS-FOS\Bureau\ComboFix.exe

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Administrateur\err.log

C:\Documents and Settings\Administrateur\ResErrors.log

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_poof

 

 

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-28 to 2008-07-29 ))))))))))))))))))))))))))))))))))))

.

 

2008-07-29 16:48 . 2008-07-29 16:48 <REP> d-------- C:\Documents and Settings\PLS-FOS\Application Data\AdobeUM

2008-07-29 15:35 . 2008-07-29 15:47 <REP> d-------- C:\fixwareout

2008-07-29 15:17 . 2008-07-29 15:32 <REP> d-------- C:\Program Files\Navilog1

2008-07-29 15:13 . 2008-07-29 15:27 1,984 --a------ C:\WINDOWS\system32\tmp.reg

2008-07-28 22:32 . 2008-07-29 23:17 591,904 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-07-28 22:32 . 2008-07-29 23:17 7,136 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-07-28 22:29 . 2008-07-28 22:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier

2008-07-28 22:29 . 2008-07-09 09:05 75,248 --a------ C:\WINDOWS\zllsputility.exe

2008-07-28 22:29 . 2008-07-09 09:05 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll

2008-07-28 22:29 . 2008-07-09 09:05 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll

2008-07-28 22:29 . 2008-07-09 09:05 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll

2008-07-28 22:29 . 2008-07-09 09:05 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll

2008-07-28 16:27 . 2006-03-09 18:20 <REP> d--h----- C:\Documents and Settings\PLS-FOS\Voisinage r‚seau

2008-07-28 16:27 . 2006-03-09 18:20 <REP> d--h----- C:\Documents and Settings\PLS-FOS\Voisinage d'impression

2008-07-28 16:27 . 2008-07-28 11:57 <REP> d--h----- C:\Documents and Settings\PLS-FOS\ModŠles

2008-07-28 16:27 . 2008-07-29 17:22 <REP> dr------- C:\Documents and Settings\PLS-FOS\Mes documents

2008-07-28 16:27 . 2006-03-09 18:20 <REP> dr------- C:\Documents and Settings\PLS-FOS\Menu D‚marrer

2008-07-28 16:27 . 2008-07-28 22:20 <REP> dr------- C:\Documents and Settings\PLS-FOS\Favoris

2008-07-28 16:27 . 2008-07-29 23:19 <REP> d-------- C:\Documents and Settings\PLS-FOS\Bureau

2008-07-28 16:27 . 2008-07-29 17:32 <REP> d-------- C:\Documents and Settings\PLS-FOS

2008-07-28 16:19 . 2008-07-28 16:20 <REP> d-------- C:\WINDOWS\system32\NtmsData

2008-07-28 16:18 . 2008-07-28 16:18 <REP> d-------- C:\Documents and Settings\LocalService\Bureau

2008-07-28 14:57 . 2008-07-28 22:33 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat

2008-07-28 14:56 . 2008-07-28 14:56 <REP> d-------- C:\Program Files\Zone Labs

2008-07-28 14:55 . 2008-07-29 23:25 <REP> d-------- C:\WINDOWS\Internet Logs

2008-07-28 14:04 . 2008-07-28 14:04 <REP> d-------- C:\Program Files\Alwil Software

2008-07-28 13:20 . 2008-07-28 13:20 <REP> d-------- C:\Program Files\Trend Micro

2008-07-28 12:25 . 2008-07-28 12:25 1,374 --a------ C:\WINDOWS\system32\wpa.bak

2008-07-28 12:15 . 2004-08-05 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll

2008-07-28 12:14 . 2004-08-05 14:00 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll

2008-07-28 12:12 . 2008-07-28 12:12 749 -rah----- C:\WINDOWS\WindowsShell.Manifest

2008-07-28 12:12 . 2008-07-28 12:12 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest

2008-07-28 12:12 . 2008-07-28 12:12 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest

2008-07-28 12:12 . 2008-07-28 12:12 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest

2008-07-28 12:12 . 2008-07-28 12:12 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest

2008-07-28 12:12 . 2008-07-28 12:12 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest

2008-07-28 12:04 . 2004-08-05 14:00 1,086,058 -ra------ C:\WINDOWS\SET54.tmp

2008-07-28 12:04 . 2004-08-05 14:00 1,014,836 -ra------ C:\WINDOWS\SET51.tmp

2008-07-28 12:04 . 2004-08-05 14:00 14,043 -ra------ C:\WINDOWS\SET60.tmp

2008-07-25 16:05 . 2008-07-25 16:05 230 --a------ C:\WINDOWS\system32\spupdsvc.inf

2008-07-25 16:02 . 2006-11-17 20:28 66,048 --a------ C:\WINDOWS\ieResetIcons.exe

2008-07-25 15:31 . 2008-07-25 15:31 <REP> d-------- C:\Program Files\3B Software

2008-07-25 14:30 . 2008-07-25 14:30 0 --a------ C:\WINDOWS\nsreg.dat

2008-07-25 13:22 . 2008-07-25 13:22 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll.install_backup

2008-07-23 07:32 . 2008-07-23 07:32 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SAMSUNG

2008-07-23 07:13 . 2008-07-27 18:19 <REP> d-------- C:\WINDOWS\system32\kBin02

2008-07-21 07:28 . 2008-07-21 07:28 <REP> d-------- C:\WINDOWS\system32\carH18

2008-07-10 07:14 . 2008-07-28 13:41 <REP> d-------- C:\WINDOWS\system32\6358

2008-07-09 15:59 . 2008-07-25 15:14 <REP> d-------- C:\WINDOWS\system32\ver

2008-07-09 15:59 . 2008-07-26 00:33 <REP> d-------- C:\WINDOWS\system32\olixds18

2008-07-09 15:59 . 2008-07-25 15:12 <REP> d-------- C:\WINDOWS\system32\ole

2008-07-09 15:59 . 2008-07-26 00:30 <REP> d-------- C:\WINDOWS\system32\IP3

2008-07-09 15:59 . 2008-07-09 15:59 <REP> d-------- C:\WINDOWS\system32\dapi

2008-07-09 15:59 . 2008-07-25 16:18 <REP> d-------- C:\Temp

2008-07-09 15:59 . 2008-07-09 15:59 152,191 --a------ C:\WINDOWS\system32\g42.exe

2008-07-09 15:59 . 2004-08-05 04:00 4,224 --a------ C:\WINDOWS\system32\beep.sys

2008-07-04 14:26 . 2008-07-04 14:26 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\vlc

2008-07-04 14:25 . 2008-07-04 14:25 <REP> d-------- C:\Program Files\VLC

2008-07-04 14:23 . 2008-07-04 14:23 9,730,075 --a------ C:\Program Files\vlc-0.8.6f-win32.exe

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-29 15:32 91,648 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp

2008-07-28 20:40 --------- d-----w C:\Program Files\Java

2008-07-25 14:18 --------- d-----w C:\Program Files\Windows Media Connect 2

2008-07-25 14:13 --------- d-----w C:\Program Files\Altiris

2008-07-25 07:07 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\AdobeUM

2008-07-18 15:31 --------- d-----w C:\Program Files\Google

2008-07-09 07:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll

2008-05-30 14:25 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\ntr

.

 

((((((((((((((((((((((((((((( snapshot@2008-07-28_13.46.28.06 )))))))))))))))))))))))))))))))))))))))))

.

- 2006-03-30 09:39:04 12,288 ----a-r C:\WINDOWS\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2008-07-28 20:25:15 12,288 ----a-r C:\WINDOWS\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe

- 2006-03-30 09:39:04 135,168 ----a-r C:\WINDOWS\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2008-07-28 20:25:15 135,168 ----a-r C:\WINDOWS\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2006-03-30 09:39:04 11,264 ----a-r C:\WINDOWS\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2008-07-28 20:25:15 11,264 ----a-r C:\WINDOWS\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2006-03-30 09:39:04 27,136 ----a-r C:\WINDOWS\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2008-07-28 20:25:15 27,136 ----a-r C:\WINDOWS\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2006-03-30 09:39:04 4,096 ----a-r C:\WINDOWS\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2008-07-28 20:25:15 4,096 ----a-r C:\WINDOWS\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe

- 2006-03-30 09:39:04 794,624 ----a-r C:\WINDOWS\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2008-07-28 20:25:15 794,624 ----a-r C:\WINDOWS\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\outicon.exe

- 2006-03-30 09:39:04 23,040 ----a-r C:\WINDOWS\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe

+ 2008-07-28 20:25:15 23,040 ----a-r C:\WINDOWS\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2006-03-30 09:39:04 286,720 ----a-r C:\WINDOWS\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2008-07-28 20:25:15 286,720 ----a-r C:\WINDOWS\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2006-03-30 09:39:04 409,600 ----a-r C:\WINDOWS\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2008-07-28 20:25:15 409,600 ----a-r C:\WINDOWS\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2008-07-19 14:43:08 1,163,960 ----a-w C:\WINDOWS\system32\aswBoot.exe

+ 2008-07-19 14:30:53 94,392 ----a-w C:\WINDOWS\system32\AvastSS.scr

- 2004-08-05 12:00:00 66,560 ----a-w C:\WINDOWS\system32\cdm.dll

+ 2007-07-30 17:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

- 2004-08-05 12:00:00 66,560 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll

+ 2007-07-30 17:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll

- 2004-08-05 12:00:00 432,640 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll

+ 2007-07-30 17:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll

- 2004-08-05 12:00:00 112,640 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe

+ 2007-07-30 17:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe

- 2004-08-05 12:00:00 1,134,592 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll

+ 2007-07-30 17:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll

- 2004-08-05 12:00:00 114,176 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll

+ 2007-07-30 17:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll

- 2004-08-05 12:00:00 36,864 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll

+ 2007-07-30 17:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll

- 2004-08-05 12:00:00 120,320 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll

+ 2007-07-30 17:19:28 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll

+ 2008-07-19 14:32:15 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

+ 2008-07-19 14:37:42 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys

+ 2008-01-17 16:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

+ 2008-07-19 14:37:21 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

+ 2008-07-19 14:33:42 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

+ 2008-07-19 14:35:18 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys

+ 2008-07-19 14:32:36 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

+ 2007-07-19 13:10:28 127,768 ----a-w C:\WINDOWS\system32\drivers\klif.sys

- 2008-07-28 10:18:18 112,584 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

+ 2008-07-29 21:11:30 117,360 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

- 2008-02-21 23:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe

+ 2008-06-09 23:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe

- 2008-02-21 23:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe

+ 2008-06-09 23:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe

- 2008-02-22 00:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe

+ 2008-06-10 00:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe

+ 2008-07-09 07:05:08 796,048 ----a-w C:\WINDOWS\system32\libeay32_0.9.6l.dll

- 2008-07-28 11:31:17 55,120 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-07-28 14:14:36 55,120 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-07-28 11:31:17 66,300 ----a-w C:\WINDOWS\system32\perfc00C.dat

+ 2008-07-28 14:14:36 66,300 ----a-w C:\WINDOWS\system32\perfc00C.dat

- 2008-07-28 11:31:17 386,030 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-07-28 14:14:36 386,030 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2008-07-28 11:31:17 450,936 ----a-w C:\WINDOWS\system32\perfh00C.dat

+ 2008-07-28 14:14:36 450,936 ----a-w C:\WINDOWS\system32\perfh00C.dat

+ 2003-06-18 23:31:44 758,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll

+ 2003-06-18 23:31:46 35,328 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll

+ 2008-07-09 07:05:10 83,432 ----a-w C:\WINDOWS\system32\vsdata.dll

+ 2008-07-09 07:05:22 394,952 ----a-w C:\WINDOWS\system32\vsdatant.sys

+ 2008-07-09 07:05:10 157,160 ----a-w C:\WINDOWS\system32\vsinit.dll

+ 2008-07-09 07:05:10 103,912 ----a-w C:\WINDOWS\system32\vsmonapi.dll

+ 2008-07-09 07:05:10 275,944 ----a-w C:\WINDOWS\system32\vspubapi.dll

+ 2008-07-09 07:05:10 71,144 ----a-w C:\WINDOWS\system32\vsregexp.dll

+ 2008-07-09 07:05:12 472,552 ----a-w C:\WINDOWS\system32\vsutil.dll

+ 2008-07-09 07:05:12 46,568 ----a-w C:\WINDOWS\system32\vswmi.dll

+ 2008-07-09 07:05:12 99,816 ------w C:\WINDOWS\system32\vsxml.dll

- 2004-08-05 12:00:00 432,640 ----a-w C:\WINDOWS\system32\wuapi.dll

+ 2007-07-30 17:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

- 2004-08-05 12:00:00 112,640 ----a-w C:\WINDOWS\system32\wuauclt.exe

+ 2007-07-30 17:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

- 2004-08-05 12:00:00 1,134,592 ----a-w C:\WINDOWS\system32\wuaueng.dll

+ 2007-07-30 17:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll

- 2004-08-05 12:00:00 114,176 ----a-w C:\WINDOWS\system32\wucltui.dll

+ 2007-07-30 17:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

- 2004-08-05 12:00:00 36,864 ----a-w C:\WINDOWS\system32\wups.dll

+ 2007-07-30 17:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll

- 2004-08-05 12:00:00 120,320 ----a-w C:\WINDOWS\system32\wuweb.dll

+ 2007-07-30 17:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

+ 2008-07-09 07:05:12 83,432 ----a-w C:\WINDOWS\system32\zlcomm.dll

+ 2008-07-09 07:05:12 71,144 ----a-w C:\WINDOWS\system32\zlcommdb.dll

+ 2008-07-09 07:05:06 370,208 ----a-w C:\WINDOWS\system32\ZoneLabs\av.dll

+ 2008-07-09 07:05:36 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\av_loc040c.dll

+ 2007-05-30 22:03:30 65,248 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\aphish.dat

+ 2006-06-30 12:47:36 21,568 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk4.dll

+ 2007-05-30 22:03:30 1,628 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\pdmkl.dat

+ 2007-05-30 22:03:16 77,824 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHComm.dll

+ 2007-05-30 22:03:16 110,592 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHrule.dll

+ 2007-05-30 22:03:16 331,776 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHUM.dll

+ 2007-05-30 22:03:16 38,400 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll

+ 2006-09-19 21:12:14 208,960 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll

+ 2007-12-03 12:53:58 282,624 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\kave.dll

+ 2006-12-19 16:13:52 1,093,632 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll

+ 2007-05-30 22:03:20 548,864 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcp80.dll

+ 2007-05-30 22:03:20 626,688 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcr80.dll

+ 2007-05-30 22:03:18 184,320 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll

+ 2007-05-30 22:03:22 90,112 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prremote.dll

+ 2007-12-03 12:53:58 139,264 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe

+ 2006-12-19 16:13:52 200,704 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ssleay32.dll

+ 2008-07-09 07:05:06 99,816 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd.dll

+ 2008-07-09 07:05:36 17,808 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd_loc040c.dll

+ 2004-01-30 10:35:08 813,568 ----a-w C:\WINDOWS\system32\ZoneLabs\dbghelp.dll

+ 2008-07-09 07:05:08 128,480 ----a-w C:\WINDOWS\system32\ZoneLabs\fbl.dll

+ 2008-07-09 07:05:08 38,376 ----a-w C:\WINDOWS\system32\ZoneLabs\featuremap.dll

+ 2008-07-09 07:05:08 321,016 ----a-w C:\WINDOWS\system32\ZoneLabs\imsecure.dll

+ 2008-07-09 07:05:42 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\imsecure_loc040c.dll

+ 2008-07-09 07:05:38 288,144 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard_loc040c.zip.dll

+ 2008-07-09 07:05:42 152,976 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\LicenseUI_loc040c.zip.dll

+ 2008-07-09 07:05:24 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll

+ 2008-07-09 07:05:24 1,361,296 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll

+ 2008-07-09 07:05:24 71,056 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll

+ 2008-07-09 07:06:26 30,184 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll

+ 2008-07-09 07:06:26 30,216 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll

+ 2008-02-27 01:10:26 714,208 ----a-w C:\WINDOWS\system32\ZoneLabs\qrbase.dll

+ 2008-02-27 01:10:28 792,032 ----a-w C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll

+ 2008-07-09 07:05:08 173,544 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler.dll

+ 2008-07-09 07:05:44 17,808 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler_loc040c.dll

+ 2008-07-28 20:11:38 9,956,040 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat

+ 2008-07-28 20:11:16 9,472,739 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware0.dat

+ 2008-02-27 01:10:32 1,504,736 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.dll

+ 2008-02-27 01:10:44 51,176 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.sys

+ 2008-07-09 07:05:10 456,168 ----a-w C:\WINDOWS\system32\ZoneLabs\ssleay32.dll

+ 2008-07-09 07:06:26 214,528 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll

+ 2008-07-09 07:06:30 3,266,040 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll

+ 2008-07-09 07:05:42 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp_loc040c.dll

+ 2006-09-04 18:59:14 503,875 ----a-w C:\WINDOWS\system32\ZoneLabs\upd_core.dll

+ 2007-10-11 14:50:32 832,984 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll

+ 2008-07-09 07:05:18 144,936 ----a-w C:\WINDOWS\system32\ZoneLabs\updclient.exe

+ 2008-07-09 07:05:44 75,152 ----a-w C:\WINDOWS\system32\ZoneLabs\updClient_loc040c.dll

+ 2007-01-11 15:31:06 286,787 ----a-w C:\WINDOWS\system32\ZoneLabs\updtrsdk.dll

+ 2008-07-09 07:05:10 108,008 ----a-w C:\WINDOWS\system32\ZoneLabs\vsavpro.dll

+ 2008-07-09 07:05:10 83,432 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb.dll

+ 2008-07-09 07:05:44 17,808 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb_loc040c.dll

+ 2008-07-09 07:05:18 75,304 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon.exe

+ 2008-07-09 07:05:44 46,480 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon_loc040c.dll

+ 2008-07-09 07:05:10 2,029,032 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmondll.dll

+ 2008-07-09 07:05:12 1,361,384 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb.dll

+ 2008-07-09 07:05:44 198,032 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb_loc040c.dll

+ 2008-07-09 07:05:12 239,080 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault.dll

+ 2008-07-09 07:05:44 17,808 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault_loc040c.dll

+ 2008-01-21 06:34:36 7,603,688 ----a-w C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat

+ 2008-07-09 07:05:12 177,640 ----a-w C:\WINDOWS\system32\ZoneLabs\zlparser.dll

+ 2008-07-09 07:05:12 79,344 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll

+ 2008-07-09 07:05:44 17,808 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine_loc040c.dll

+ 2008-07-09 07:05:14 382,440 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre.dll

+ 2008-07-09 07:05:44 21,904 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre_loc040c.dll

+ 2008-07-09 07:05:14 120,296 ----a-w C:\WINDOWS\system32\ZoneLabs\zlupdate.dll

+ 2008-07-29 21:23:47 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_704.dat

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-06 15:22 524800]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-14 12:52 413696]

"Windows Logon Applicationedc"="C:\WINDOWS\system32\dllcache\winlogon.exe" [2004-08-05 14:00 506368]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]

"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016]

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Deewoo.lnk]

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^DW_Start.lnk]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cuuso

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{67-73-31-1B-DW}

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srmclean]

--a------ 2001-07-24 23:34 36864 C:\cpqs\scom\srmclean.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\StubInstaller.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]

S0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys []

S1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys []

S2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys []

S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00]

.

.

------- Supplementary Scan -------

.

R0 -: HKLM-Main,Search Bar = hxxp://go.compaq.com/1Q00CDT/040C/bl8.asp

R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://upload.malekal.com/

O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-29 23:24:21

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-07-29 23:26:51 - machine was rebooted

ComboFix-quarantined-files.txt 2008-07-29 21:26:45

ComboFix2.txt 2008-07-28 11:46:43

 

Pre-Run: 42,514,305,024 octets libres

Post-Run: 42,499,936,256 octets libres

 

317 --- E O F --- 2008-07-29 15:32:26

noctoresse Junior Member

noctoresse

Posté(e)
  • Auteur
Posté(e)

Post Scriptum :

 

Lors du redémarrage de PC pendant l'analyse de ComboFix, j'ai eu le Pop Up suivant :

 

Winlogon - Erreur d'application

L'application n'a pas réussi à s'initialiser correctement (0xC0000005)

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...