Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

SEPTICEMIE dans mon PC !!

dranoel

Par dranoel
dans Analyses et éradication malwares

 Partager

Messages recommandés

dranoel Junior Member

dranoel

Posté(e)
  • Auteur
Posté(e)

Bonjour Loup blanc,

 

alors voici le rapport combofix

 

ComboFix 08-09-12.07 - LEO 2008-09-20 11:11:51.3 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.267 [GMT 2:00]

Lancé depuis: C:\Documents and Settings\LEO\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\LEO\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

* Un nouveau point de restauration a été créé

.

 

((((((((((((((((((((((((((((( Fichiers créés du 2008-08-20 au 2008-09-20 ))))))))))))))))))))))))))))))))))))

.

 

2008-09-18 21:39 . 2008-09-18 21:40 <REP> d-------- C:\Program Files\iTunes

2008-09-18 21:39 . 2008-09-18 21:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-09-18 21:38 . 2008-09-18 21:38 <REP> d-------- C:\Program Files\QuickTime

2008-09-18 21:34 . 2008-09-18 21:34 <REP> d-------- C:\Program Files\Bonjour

2008-09-11 10:28 . 2008-09-11 10:28 <REP> d-------- C:\Gmer

2008-09-11 10:28 . 2008-09-11 10:28 250 --a------ C:\WINDOWS\gmer.ini

2008-09-08 16:47 . 2008-09-08 17:30 <REP> d-------- C:\Program Files\NOS

2008-09-08 16:47 . 2008-09-08 17:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS

2008-09-06 19:23 . 2008-09-06 19:23 3,313,499 --a------ C:\upload_moi_LEO-BEEGA1ITBTM.tar.gz

2008-09-06 16:35 . 2008-09-06 16:35 <REP> d-------- C:\_OTMoveIt

2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

2008-09-03 09:02 . 2008-09-03 09:02 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes

2008-09-03 08:58 . 2008-09-03 08:58 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-09-03 08:58 . 2008-09-03 08:58 <REP> d-------- C:\Documents and Settings\LEO\Application Data\Malwarebytes

2008-09-03 08:58 . 2008-09-03 08:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-09-03 08:58 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-09-03 08:58 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-09-02 23:18 . 2008-09-02 23:18 578,048 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll

2008-09-02 23:16 . 2008-09-02 23:16 <REP> d-------- C:\WINDOWS\ERUNT

2008-09-02 23:12 . 2008-09-02 23:45 <REP> d-------- C:\SDFix

2008-09-02 10:45 . 2008-09-02 10:45 <REP> d-------- C:\Program Files\Avira

2008-09-02 10:45 . 2008-09-02 10:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-08-31 12:19 . 2008-09-03 00:44 <REP> d-------- C:\SmitfraudFix

2008-08-31 12:16 . 2008-08-27 11:29 1,573,323 --a------ C:\SmitfraudFix.exe

2008-08-31 12:05 . 2008-09-03 00:42 3,952 --a------ C:\WINDOWS\system32\tmp.reg

2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\system32\dns-sd.exe

2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\WINDOWS\system32\dnssd.dll

2008-08-25 18:02 . 2005-08-27 11:38 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau

2008-08-25 18:02 . 2005-08-27 11:38 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression

2008-08-25 18:02 . 2005-08-27 10:43 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles

2008-08-25 18:02 . 2005-08-27 11:38 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents

2008-08-25 18:02 . 2005-08-27 11:38 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer

2008-08-25 18:02 . 2005-08-27 11:38 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris

2008-08-25 18:02 . 2008-09-13 13:54 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau

2008-08-25 18:02 . 2008-08-25 18:02 <REP> d-------- C:\Documents and Settings\Administrateur

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-19 22:37 --------- d-----w C:\Documents and Settings\LEO\Application Data\Azureus

2008-09-18 19:40 --------- d-----w C:\Program Files\iPod

2008-09-08 16:01 --------- d-----w C:\Program Files\Azureus

2008-09-08 15:34 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-08-07 19:34 --------- d-----w C:\Documents and Settings\LEO\Application Data\Apple Computer

2008-08-07 19:32 --------- d-----w C:\Program Files\Apple Software Update

2008-08-07 19:12 --------- d-----w C:\Program Files\Safari

2008-08-05 17:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-08-05 17:30 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-07-22 18:32 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys

2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

.

 

------- Sigcheck -------

 

2002-09-07 02:00 520704 71820bc9ee6653c8748922459dfc384d C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

2004-08-19 16:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

2004-08-19 16:10 510464 78e8c6d90f8b390df97b1ae3e4da44e3 C:\WINDOWS\system32\winlogon.exe

 

2004-08-19 16:09 1038848 caff5bac700e241711e67b27f4e4f1c0 C:\WINDOWS\explorer.exe

2002-09-07 02:00 1008128 82fe0d400cb1ac937234467b927b867a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\ServicePackFiles\i386\explorer.exe

 

2002-09-07 02:00 101888 fc0691097471ee374907e1024edcbd43 C:\WINDOWS\$NtServicePackUninstall$\services.exe

2004-08-19 16:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\ServicePackFiles\i386\services.exe

2004-08-19 16:10 110592 90bfeb102ded1bb9c86fa9c083bf3912 C:\WINDOWS\system32\services.exe

 

2002-09-07 02:00 11776 b7b1c150aff59455db4df082815f88f5 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe

2004-08-19 16:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\ServicePackFiles\i386\lsass.exe

2004-08-19 16:09 14848 6e1421b48437bac4a07290eb50830c5a C:\WINDOWS\system32\lsass.exe

 

2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

2002-09-07 02:00 51200 b1ce5287f096895d9be26eb86f4d5faf C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe

2004-08-19 16:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe

2004-08-19 16:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe

2005-06-11 01:53 58880 0d1417bcacddb7743d59bcf8ed355ada C:\WINDOWS\system32\spoolsv.exe

.

((((((((((((((((((((((((((((( snapshot@2008-09-13_13.58.13.78 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-09-18 19:40:37 102,400 ----a-r C:\WINDOWS\Installer\{41B9E2CF-0B3F-442A-B5B3-592A4A355634}\iTunesIco.exe

+ 2008-09-18 19:34:32 86,016 ----a-r C:\WINDOWS\Installer\{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}\PrntWzrdIco.exe

- 2008-01-29 10:01:28 16,168 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

+ 2008-04-17 11:12:54 15,464 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

+ 2008-04-17 11:12:54 107,368 -c--a-w C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspi.dll

+ 2008-04-17 11:12:54 15,464 -c--a-w C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspiWDM.sys

- 2008-01-29 10:02:30 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll

+ 2008-04-17 11:12:54 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-04-27 77824]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-30 4603904]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-09-30 86016]

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-10-05 180269]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]

"WatchDog"="C:\Program Files\mobile PhoneTools\WatchDog.exe" [2004-08-14 36864]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-11-01 221184]

"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2004-11-01 18:22 73728]

"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 262144]

"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2004-11-01 217088]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]

"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]

"SoundMan"="SOUNDMAN.EXE" [2004-01-08 C:\WINDOWS\SOUNDMAN.EXE]

"nwiz"="nwiz.exe" [2004-09-30 C:\WINDOWS\system32\nwiz.exe]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 C:\WINDOWS\system32\bthprops.cpl]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15360]

 

C:\Documents and Settings\LEO\Menu D‚marrer\Programmes\D‚marrage\

802.11g USB 2.0 adapter Setting.lnk - C:\WINDOWS\system32\WiFiCfg.exe [2004-05-21 389120]

 

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

BTTray.lnk - C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe [2004-11-30 565309]

VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2005-08-27 561152]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.DIV3"= DivXc32.dll

"vidc.DIV4"= DivXc32f.dll

"msacm.divxa32"= DivXa32.acm

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= C:\WINDOWS\system32\i263_32.drv

"msacm.imc"= C:\WINDOWS\system32\imc32.acm

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\BitComet\\BitComet.exe"=

"C:\\Program Files\\eMule\\emule.exe"=

"C:\\StubInstaller.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\mobile PhoneTools\\MMCenter.exe"=

"C:\\Program Files\\ABC\\abc.exe"=

"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\Azureus\\Azureus.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"13894:TCP"= 13894:TCP:BitComet 13894 TCP

"13894:UDP"= 13894:UDP:BitComet 13894 UDP

"52333:UDP"= 52333:UDP:azureus2

"52333:TCP"= 52333:TCP:azureus3

 

R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [2003-04-27 8704]

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-06-12 75904]

R2 IrCOMM2kSvc;Virtual IR COM Port, Service Program;C:\WINDOWS\system32\ircomm2k.exe [2002-03-20 53248]

R3 IrCOMM2k;Virtual IR COM Port;C:\WINDOWS\system32\DRIVERS\ircomm2k.sys [2002-03-25 16026]

R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 99360]

S3 getPlus® Helper;getPlus® Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [ ]

S3 lvgaec;Logitech Kernel Audio Processing (AEC) Filter Driver;C:\WINDOWS\system32\drivers\lvgaec.sys [2004-11-01 884864]

S3 lvsmflt;Logitech Kernel Audio Processing (Switch and Mute) Filter Driver;C:\WINDOWS\system32\drivers\lvsmflt.sys [2004-11-01 858880]

S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

.

Contenu du dossier 'Tâches planifiées'

.

.

------- Examen supplémentaire -------

.

FireFox -: Profile - C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\ji8hdqc1.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.atptennis.com/

FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll

FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava11.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava12.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava13.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava14.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava32.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPOJI610.dll

FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-20 11:13:42

Windows 5.1.2600 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

Heure de fin: 2008-09-20 11:15:26

ComboFix-quarantined-files.txt 2008-09-20 09:14:47

ComboFix2.txt 2008-09-14 18:32:41

ComboFix3.txt 2008-09-13 11:58:54

 

Avant-CF: 4,545,593,344 octets libres

Après-CF: 4,513,390,592 octets libres

 

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn

 

210

 

 

 

ComboFix 08-09-12.07 - LEO 2008-09-20 11:11:51.3 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.267 [GMT 2:00]

Lancé depuis: C:\Documents and Settings\LEO\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\LEO\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

* Un nouveau point de restauration a été créé

.

 

((((((((((((((((((((((((((((( Fichiers créés du 2008-08-20 au 2008-09-20 ))))))))))))))))))))))))))))))))))))

.

 

2008-09-18 21:39 . 2008-09-18 21:40 <REP> d-------- C:\Program Files\iTunes

2008-09-18 21:39 . 2008-09-18 21:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-09-18 21:38 . 2008-09-18 21:38 <REP> d-------- C:\Program Files\QuickTime

2008-09-18 21:34 . 2008-09-18 21:34 <REP> d-------- C:\Program Files\Bonjour

2008-09-11 10:28 . 2008-09-11 10:28 <REP> d-------- C:\Gmer

2008-09-11 10:28 . 2008-09-11 10:28 250 --a------ C:\WINDOWS\gmer.ini

2008-09-08 16:47 . 2008-09-08 17:30 <REP> d-------- C:\Program Files\NOS

2008-09-08 16:47 . 2008-09-08 17:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS

2008-09-06 19:23 . 2008-09-06 19:23 3,313,499 --a------ C:\upload_moi_LEO-BEEGA1ITBTM.tar.gz

2008-09-06 16:35 . 2008-09-06 16:35 <REP> d-------- C:\_OTMoveIt

2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

2008-09-03 09:02 . 2008-09-03 09:02 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes

2008-09-03 08:58 . 2008-09-03 08:58 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-09-03 08:58 . 2008-09-03 08:58 <REP> d-------- C:\Documents and Settings\LEO\Application Data\Malwarebytes

2008-09-03 08:58 . 2008-09-03 08:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-09-03 08:58 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-09-03 08:58 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-09-02 23:18 . 2008-09-02 23:18 578,048 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll

2008-09-02 23:16 . 2008-09-02 23:16 <REP> d-------- C:\WINDOWS\ERUNT

2008-09-02 23:12 . 2008-09-02 23:45 <REP> d-------- C:\SDFix

2008-09-02 10:45 . 2008-09-02 10:45 <REP> d-------- C:\Program Files\Avira

2008-09-02 10:45 . 2008-09-02 10:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-08-31 12:19 . 2008-09-03 00:44 <REP> d-------- C:\SmitfraudFix

2008-08-31 12:16 . 2008-08-27 11:29 1,573,323 --a------ C:\SmitfraudFix.exe

2008-08-31 12:05 . 2008-09-03 00:42 3,952 --a------ C:\WINDOWS\system32\tmp.reg

2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\system32\dns-sd.exe

2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\WINDOWS\system32\dnssd.dll

2008-08-25 18:02 . 2005-08-27 11:38 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau

2008-08-25 18:02 . 2005-08-27 11:38 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression

2008-08-25 18:02 . 2005-08-27 10:43 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles

2008-08-25 18:02 . 2005-08-27 11:38 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents

2008-08-25 18:02 . 2005-08-27 11:38 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer

2008-08-25 18:02 . 2005-08-27 11:38 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris

2008-08-25 18:02 . 2008-09-13 13:54 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau

2008-08-25 18:02 . 2008-08-25 18:02 <REP> d-------- C:\Documents and Settings\Administrateur

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-19 22:37 --------- d-----w C:\Documents and Settings\LEO\Application Data\Azureus

2008-09-18 19:40 --------- d-----w C:\Program Files\iPod

2008-09-08 16:01 --------- d-----w C:\Program Files\Azureus

2008-09-08 15:34 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-08-07 19:34 --------- d-----w C:\Documents and Settings\LEO\Application Data\Apple Computer

2008-08-07 19:32 --------- d-----w C:\Program Files\Apple Software Update

2008-08-07 19:12 --------- d-----w C:\Program Files\Safari

2008-08-05 17:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-08-05 17:30 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-07-22 18:32 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys

2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

.

 

------- Sigcheck -------

 

2002-09-07 02:00 520704 71820bc9ee6653c8748922459dfc384d C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

2004-08-19 16:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

2004-08-19 16:10 510464 78e8c6d90f8b390df97b1ae3e4da44e3 C:\WINDOWS\system32\winlogon.exe

 

2004-08-19 16:09 1038848 caff5bac700e241711e67b27f4e4f1c0 C:\WINDOWS\explorer.exe

2002-09-07 02:00 1008128 82fe0d400cb1ac937234467b927b867a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\ServicePackFiles\i386\explorer.exe

 

2002-09-07 02:00 101888 fc0691097471ee374907e1024edcbd43 C:\WINDOWS\$NtServicePackUninstall$\services.exe

2004-08-19 16:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\ServicePackFiles\i386\services.exe

2004-08-19 16:10 110592 90bfeb102ded1bb9c86fa9c083bf3912 C:\WINDOWS\system32\services.exe

 

2002-09-07 02:00 11776 b7b1c150aff59455db4df082815f88f5 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe

2004-08-19 16:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\ServicePackFiles\i386\lsass.exe

2004-08-19 16:09 14848 6e1421b48437bac4a07290eb50830c5a C:\WINDOWS\system32\lsass.exe

 

2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

2002-09-07 02:00 51200 b1ce5287f096895d9be26eb86f4d5faf C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe

2004-08-19 16:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe

2004-08-19 16:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe

2005-06-11 01:53 58880 0d1417bcacddb7743d59bcf8ed355ada C:\WINDOWS\system32\spoolsv.exe

.

((((((((((((((((((((((((((((( snapshot@2008-09-13_13.58.13.78 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-09-18 19:40:37 102,400 ----a-r C:\WINDOWS\Installer\{41B9E2CF-0B3F-442A-B5B3-592A4A355634}\iTunesIco.exe

+ 2008-09-18 19:34:32 86,016 ----a-r C:\WINDOWS\Installer\{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}\PrntWzrdIco.exe

- 2008-01-29 10:01:28 16,168 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

+ 2008-04-17 11:12:54 15,464 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

+ 2008-04-17 11:12:54 107,368 -c--a-w C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspi.dll

+ 2008-04-17 11:12:54 15,464 -c--a-w C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspiWDM.sys

- 2008-01-29 10:02:30 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll

+ 2008-04-17 11:12:54 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-04-27 77824]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-30 4603904]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-09-30 86016]

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-10-05 180269]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]

"WatchDog"="C:\Program Files\mobile PhoneTools\WatchDog.exe" [2004-08-14 36864]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-11-01 221184]

"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2004-11-01 18:22 73728]

"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 262144]

"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2004-11-01 217088]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]

"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]

"SoundMan"="SOUNDMAN.EXE" [2004-01-08 C:\WINDOWS\SOUNDMAN.EXE]

"nwiz"="nwiz.exe" [2004-09-30 C:\WINDOWS\system32\nwiz.exe]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 C:\WINDOWS\system32\bthprops.cpl]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15360]

 

C:\Documents and Settings\LEO\Menu D‚marrer\Programmes\D‚marrage\

802.11g USB 2.0 adapter Setting.lnk - C:\WINDOWS\system32\WiFiCfg.exe [2004-05-21 389120]

 

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

BTTray.lnk - C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe [2004-11-30 565309]

VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2005-08-27 561152]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.DIV3"= DivXc32.dll

"vidc.DIV4"= DivXc32f.dll

"msacm.divxa32"= DivXa32.acm

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= C:\WINDOWS\system32\i263_32.drv

"msacm.imc"= C:\WINDOWS\system32\imc32.acm

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\BitComet\\BitComet.exe"=

"C:\\Program Files\\eMule\\emule.exe"=

"C:\\StubInstaller.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\mobile PhoneTools\\MMCenter.exe"=

"C:\\Program Files\\ABC\\abc.exe"=

"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\Azureus\\Azureus.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"13894:TCP"= 13894:TCP:BitComet 13894 TCP

"13894:UDP"= 13894:UDP:BitComet 13894 UDP

"52333:UDP"= 52333:UDP:azureus2

"52333:TCP"= 52333:TCP:azureus3

 

R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [2003-04-27 8704]

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-06-12 75904]

R2 IrCOMM2kSvc;Virtual IR COM Port, Service Program;C:\WINDOWS\system32\ircomm2k.exe [2002-03-20 53248]

R3 IrCOMM2k;Virtual IR COM Port;C:\WINDOWS\system32\DRIVERS\ircomm2k.sys [2002-03-25 16026]

R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 99360]

S3 getPlus® Helper;getPlus® Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [ ]

S3 lvgaec;Logitech Kernel Audio Processing (AEC) Filter Driver;C:\WINDOWS\system32\drivers\lvgaec.sys [2004-11-01 884864]

S3 lvsmflt;Logitech Kernel Audio Processing (Switch and Mute) Filter Driver;C:\WINDOWS\system32\drivers\lvsmflt.sys [2004-11-01 858880]

S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

.

Contenu du dossier 'Tâches planifiées'

.

.

------- Examen supplémentaire -------

.

FireFox -: Profile - C:\Documents and Settings\LEO\Application Data\Mozilla\Firefox\Profiles\ji8hdqc1.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.atptennis.com/

FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll

FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava11.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava12.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava13.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava14.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava32.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll

FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPOJI610.dll

FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-20 11:13:42

Windows 5.1.2600 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

Heure de fin: 2008-09-20 11:15:26

ComboFix-quarantined-files.txt 2008-09-20 09:14:47

ComboFix2.txt 2008-09-14 18:32:41

ComboFix3.txt 2008-09-13 11:58:54

 

Avant-CF: 4,545,593,344 octets libres

Après-CF: 4,513,390,592 octets libres

 

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn

 

210

 

 

 

et maintenant le rapport Virus total, merci pour ton aide, ça devient inquietant :-/

 

 

Fichier winlogon.exe reçu le 2008.09.20 11:27:43 (CET)

Antivirus Version Dernière mise à jour Résultat

AhnLab-V3 2008.9.19.2 2008.09.19 -

AntiVir 7.8.1.34 2008.09.19 TR/Patched.AA.595

Authentium 5.1.0.4 2008.09.19 W32/Patched.A

Avast 4.8.1195.0 2008.09.19 Win32:Patched-CK

AVG 8.0.0.161 2008.09.19 Win32/PEPatch.AO

BitDefender 7.2 2008.09.19 Trojan.Patched.U

CAT-QuickHeal 9.50 2008.09.20 Trojan.Patched.AA

ClamAV 0.93.1 2008.09.19 Trojan.Agent-5069

DrWeb 4.44.0.09170 2008.09.20 Trojan.Starter.384

eSafe 7.0.17.0 2008.09.18 -

eTrust-Vet 31.6.6095 2008.09.19 -

Ewido 4.0 2008.09.19 -

F-Prot 4.4.4.56 2008.09.19 W32/Patched.A

F-Secure 8.0.14332.0 2008.09.20 Trojan.Win32.Patched.cx

Fortinet 3.113.0.0 2008.09.20 -

GData 19 2008.09.20 Trojan.Win32.Patched.cx

Ikarus T3.1.1.34.0 2008.09.19 Trojan.Win32.Patched.g

K7AntiVirus 7.10.464 2008.09.19 -

Kaspersky 7.0.0.125 2008.09.20 Trojan.Win32.Patched.cx

McAfee 5388 2008.09.19 W32/PEPatcher.c

Microsoft 1.3903 2008.09.20 TrojanDownloader:Win32/Donise.C!patched

NOD32v2 3457 2008.09.19 Win32/TrojanProxy.Agent.NCI

Norman 5.80.02 2008.09.19 W32/Patched.A

Panda 9.0.0.4 2008.09.19 W32/PatchLog.gen

PCTools 4.4.2.0 2008.09.19 -

Prevx1 V2 2008.09.20 -

Rising 20.62.50.00 2008.09.20 Trojan.Win32.Patched.aa

Sophos 4.33.0 2008.09.20 W32/Liger-A

Sunbelt 3.1.1651.1 2008.09.19 -

Symantec 10 2008.09.19 Trojan.Patchep!inf

TheHacker 6.3.0.9.089 2008.09.20 W32/PEPatcher.gen

TrendMicro 8.700.0.1004 2008.09.20 PE_PATCHEP.A

VBA32 3.12.8.5 2008.09.19 -

ViRobot 2008.9.20.1384 2008.09.20 Win32.Patched.C

VirusBuster 4.5.11.0 2008.09.19 Win32.Agent.IMP

Webwasher-Gateway 6.6.2 2008.09.19 Trojan.Patched.AA.595

Information additionnelle

File size: 510464 bytes

MD5...: 78e8c6d90f8b390df97b1ae3e4da44e3

SHA1..: 3017e8a5701c502060d91987b9fe5a3e88975d69

SHA256: bf5dbcb660703b10640633d7980d17d4addd8068b5731419c40a3c2d92a4e461

SHA512: c113a79f9f14154bc8aab7fe81511206afe602764f2f78cd6deeb166c49b32a1<br>7b3338f6a5a735e52dd54b4f62819aa11e5f8853c850b3d1ee6e25ba63442d46

PEiD..: -

TrID..: File type identification<br>Win64 Executable Generic (80.9%)<br>Win32 Executable Generic (8.0%)<br>Win32 Dynamic Link Library (generic) (7.1%)<br>Generic Win/DOS Executable (1.8%)<br>DOS Executable Generic (1.8%)

PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1081000<br>timedatestamp.....: 0x41107edc (Wed Aug 04 06:14:52 2004)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x6f288 0x6f400 6.82 9aefa34e4ef8656cff4ae32aca092e29<br>.data 0x71000 0x4d90 0x2000 6.20 baa64d00a5f8a540a38a60d2aff66f30<br>.rsrc 0x76000 0xc000 0xb200 3.49 0345b0566682de741cdcc72c6eafcaee<br><br>( 20 imports ) <br>> ADVAPI32.dll: ConvertStringSecurityDescriptorToSecurityDescriptorA, A_SHAInit, A_SHAUpdate, A_SHAFinal, LsaStorePrivateData, LsaRetrievePrivateData, LsaNtStatusToWinError, CryptGetUserKey, CryptGetKeyParam, CryptEncrypt, CryptSetProvParam, CryptSignHashW, CryptDeriveKey, CryptGetProvParam, RegOpenCurrentUser, RegDeleteKeyW, AddAccessAllowedAceEx, RegSetKeySecurity, I_ScSendTSMessage, MD5Init, MD5Update, MD5Final, SetFileSecurityA, AllocateLocallyUniqueId, LsaOpenPolicy, LsaQueryInformationPolicy, LsaFreeMemory, LsaClose, RegNotifyChangeKeyValue, QueryServiceConfigW, SetKernelObjectSecurity, ConvertStringSecurityDescriptorToSecurityDescriptorW, RegEnumKeyExW, GetCurrentHwProfileW, RegCloseKey, RegQueryValueExW, RegOpenKeyW, FreeSid, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, AddAccessAllowedAce, InitializeAcl, GetLengthSid, AllocateAndInitializeSid, RegOpenKeyExW, CreateProcessAsUserW, DuplicateTokenEx, CloseServiceHandle, ControlService, StartServiceW, QueryServiceStatus, OpenServiceW, OpenSCManagerW, EqualSid, GetTokenInformation, RegSetValueExW, RegCreateKeyExW, CryptGenRandom, CryptDestroyHash, CryptVerifySignatureW, CryptSetHashParam, CryptGetHashParam, CryptHashData, CryptCreateHash, CryptDecrypt, ReportEventW, RegisterEventSourceW, CryptImportKey, CryptAcquireContextW, CryptReleaseContext, CryptDestroyKey, RegEnumValueW, RegQueryInfoKeyW, RegDeleteValueW, CredFree, CredDeleteW, CredEnumerateW, CopySid, GetSidLengthRequired, GetSidSubAuthority, GetSidSubAuthorityCount, GetUserNameW, OpenThreadToken, EnumServicesStatusW, ImpersonateLoggedOnUser, RegQueryValueExA, CheckTokenMembership, DeregisterEventSource, LsaGetUserName, RevertToSelf, LookupAccountSidW, IsValidSid, SetTokenInformation, LogonUserW, LookupAccountNameW, OpenProcessToken, SynchronizeWindows31FilesAndWindowsNTRegistry, QueryWindows31FilesMigration, AdjustTokenPrivileges, RegQueryInfoKeyA<br>> AUTHZ.dll: AuthzInitializeResourceManager, AuthzAccessCheck, AuthziFreeAuditEventType, AuthziInitializeAuditEvent, AuthziInitializeAuditParams, AuthziInitializeAuditEventType, AuthziLogAuditEvent, AuthzFreeAuditEvent, AuthzFreeResourceManager, AuthzFreeHandle<br>> CRYPT32.dll: CryptImportPublicKeyInfo, CryptVerifyMessageSignature, CertCreateCertificateContext, CertSetCertificateContextProperty, CertVerifyCertificateChainPolicy, CryptSignMessage, CertCloseStore, CertComparePublicKeyInfo, CryptExportPublicKeyInfo, CertFindExtension, CryptDecryptMessage, CertGetCertificateContextProperty, CertAddCertificateContextToStore, CertOpenStore, CertVerifySubjectCertificateContext, CertGetIssuerCertificateFromStore, CertDuplicateCertificateContext, CertFreeCertificateContext, CertEnumCertificatesInStore, CryptImportPublicKeyInfoEx<br>> GDI32.dll: RemoveFontResourceW, AddFontResourceW<br>> KERNEL32.dll: WTSGetActiveConsoleSessionId, GetTimeFormatW, GetUserDefaultLCID, FileTimeToSystemTime, FileTimeToLocalFileTime, GetProcAddress, LoadLibraryW, GetModuleHandleW, SystemTimeToFileTime, GetSystemTime, SetLastError, TerminateProcess, GetCurrentProcess, CreateTimerQueueTimer, CreateThread, lstrcpynW, GetShortPathNameW, GetProfileStringW, FreeLibrary, ReleaseSemaphore, CreateSemaphoreW, GetSystemInfo, GetComputerNameW, GetEnvironmentVariableW, WaitForSingleObjectEx, LoadResource, FindResourceW, SetThreadExecutionState, DeleteTimerQueueTimer, ResetEvent, GetSystemDirectoryW, TransactNamedPipe, SetNamedPipeHandleState, GetTickCount, CreateFileW, GlobalGetAtomNameW, VirtualLock, VirtualQuery, GetDriveTypeW, Beep, OpenMutexW, QueueUserWorkItem, LeaveCriticalSection, EnterCriticalSection, DisconnectNamedPipe, SearchPathW, lstrcatW, LocalReAlloc, ExpandEnvironmentStringsW, TerminateThread, ResumeThread, GetDiskFreeSpaceExW, GlobalMemoryStatusEx, DeleteFileW, WriteProfileStringW, ReadFile, FindVolumeClose, FindNextVolumeW, FindFirstVolumeW, FormatMessageW, SetPriorityClass, MoveFileExW, WaitForMultipleObjectsEx, GetExitCodeProcess, SleepEx, InterlockedExchange, FindClose, FindFirstFileW, GetWindowsDirectoryW, SetTimerQueueTimer, GetComputerNameA, GetVersionExW, VerSetConditionMask, WriteFile, WaitNamedPipeW, WaitForMultipleObjects, ConnectNamedPipe, DuplicateHandle, OpenProcess, GetOverlappedResult, GetVersionExA, lstrcmpW, SetEnvironmentVariableW, UnregisterWait, CreateNamedPipeW, CreateRemoteThread, CreateActCtxW, GetModuleFileNameW, ExitProcess, LoadLibraryExW, SetErrorMode, SetUnhandledExceptionFilter, GetPrivateProfileStringW, LocalSize, VirtualAlloc, VirtualQueryEx, DebugBreak, CreateFileA, InitializeCriticalSection, ProcessIdToSessionId, SetInformationJobObject, AssignProcessToJobObject, TerminateJobObject, PostQueuedCompletionStatus, PulseEvent, GetQueuedCompletionStatus, CreateIoCompletionPort, CreateJobObjectW, ActivateActCtx, DeactivateActCtx, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetSystemTimeAsFileTime, UnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, GetCurrentProcessId, SetThreadPriority, GetCurrentThreadId, lstrcmpiW, GetProfileIntW, LoadLibraryExA, lstrcpyW, lstrlenW, Sleep, LocalAlloc, CreateEventW, GetExitCodeThread, SetThreadAffinityMask, GetProcessAffinityMask, CreateWaitableTimerW, CreateMutexW, OpenEventW, RegisterWaitForSingleObject, WaitForSingleObject, CreateProcessW, SetWaitableTimer, ReleaseMutex, SetEvent, UnregisterWaitEx, CloseHandle, lstrlenA, lstrcpyA, MultiByteToWideChar, GetACP, WideCharToMultiByte, HeapAlloc, GetProcessHeap, HeapFree, lstrcpynA, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, lstrcmpiA, GetFileSize, SetFilePointer, GlobalAlloc, GlobalFree, GetLastError, LocalFree, lstrcatA, lstrcmpA, GetLogicalDriveStringsA, GetDriveTypeA, GetVolumeInformationW, GlobalMemoryStatus, CreateMutexA, FindResourceExW, LockResource, SizeofResource, VerifyVersionInfoW, GetSystemDirectoryA, GetCurrentThread, DelayLoadFailureHook, BaseInitAppcompatCacheSupport, OpenProfileUserMapping, CloseProfileUserMapping, BaseCleanupAppcompatCacheSupport, InitializeCriticalSectionAndSpinCount, VirtualProtect, CreateEventA, TlsSetValue, DeleteCriticalSection, TlsGetValue, TlsAlloc, VirtualFree, TlsFree<br>> msvcrt.dll: _vsnwprintf, wcslen, wcsncpy, wcsstr, atoi, wcstok, memmove, wcschr, swprintf, swscanf, _local_unwind2, _wcslwr, wcscmp, _snwprintf, malloc, _c_exit, _exit, _XcptFilter, _cexit, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __3@YAXPAX@Z, __2@YAPAXI@Z, __CxxFrameHandler, _itow, _snprintf, _wtol, _strnicmp, sscanf, wcstombs, sprintf, strchr, strncmp, atof, _ftol, isspace, __set_app_type, wcscpy, _controlfp, wcsncmp, _wcsupr, ceil, wcscat, _except_handler3, free, _wcsicmp<br>> NDdeApi.dll: -, -, -, -<br>> ntdll.dll: RtlAllocateHeap, NtPowerInformation, NtSetSystemPowerState, NtRaiseHardError, RtlDeleteCriticalSection, NtOpenSymbolicLinkObject, NtReplyPort, NtCompleteConnectPort, NtReplyWaitReceivePort, NtAcceptConnectPort, NtCreatePort, RtlConvertSidToUnicodeString, RtlFreeUnicodeString, NtLockProductActivationKeys, RtlTimeToTimeFields, NtUnmapViewOfSection, NtMapViewOfSection, NtOpenSection, NtQuerySymbolicLinkObject, NtQueryVolumeInformationFile, NtSetSecurityObject, RtlAdjustPrivilege, NtOpenFile, NtFsControlFile, RtlAllocateAndInitializeSid, RtlDestroyEnvironment, RtlFreeHeap, NtQueryInformationToken, NtShutdownSystem, RtlEnterCriticalSection, RtlLeaveCriticalSection, RtlInitializeCriticalSection, RtlCreateEnvironment, RtlQueryEnvironmentVariable_U, RtlSetEnvironmentVariable, RtlInitUnicodeString, NtOpenKey, NtQueryValueKey, RtlSubAuthoritySid, RtlInitializeSid, RtlLengthRequiredSid, NtAllocateLocallyUniqueId, RtlGetDaclSecurityDescriptor, RtlCopySid, RtlLengthSid, NtSetInformationThread, NtDuplicateToken, NtDuplicateObject, RtlEqualSid, RtlSetDaclSecurityDescriptor, NtClose, RtlOpenCurrentUser, RtlCreateSecurityDescriptor, RtlAddAce, RtlCreateAcl, RtlNtStatusToDosError, NtOpenDirectoryObject, NtQuerySystemInformation, NtCreateEvent, NtCreatePagingFile, RtlDosPathNameToNtPathName_U, RtlRegisterWait, NtSetValueKey, NtCreateKey, RtlTimeToSecondsSince1980, NtQuerySystemTime, NtPrivilegeObjectAuditAlarm, NtPrivilegeCheck, NtOpenThreadToken, NtOpenProcessToken, RtlUnhandledExceptionFilter, NtQueryInformationProcess, DbgBreakPoint, RtlCheckProcessParameters, RtlSetThreadIsCritical, RtlSetProcessIsCritical, RtlInitString, NtInitiatePowerAction, DbgPrint, NtFilterToken, NtQueryInformationJobObject, NtOpenEvent, RtlGetAce, RtlQueryInformationAcl, NtQuerySecurityObject, RtlCompareUnicodeString, NtSetInformationProcess<br>> PROFMAP.dll: InitializeProfileMappingApi, RemapAndMoveUserW<br>> PSAPI.DLL: EnumProcesses, EnumProcessModules, GetModuleBaseNameW<br>> REGAPI.dll: RegDefaultUserConfigQueryW, RegUserConfigQuery<br>> RPCRT4.dll: RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcImpersonateClient, I_RpcMapWin32Status, RpcServerRegisterIf, RpcGetAuthorizationContextForClient, RpcFreeAuthorizationContext, RpcServerListen, RpcRevertToSelf, NdrServerCall2, UuidCreate<br>> Secur32.dll: GetUserNameExW, LsaLookupAuthenticationPackage, LsaRegisterLogonProcess, LsaCallAuthenticationPackage<br>> SETUPAPI.dll: SetupDiDestroyDeviceInfoList, SetupDiEnumDeviceInfo, SetupDiGetClassDevsW, SetupDiGetDeviceRegistryPropertyW<br>> USER32.dll: SetFocus, EnumWindows, CreateWindowStationW, RegisterLogonProcess, RecordShutdownReason, LoadLocalFonts, UnhookWindowsHook, SetWindowsHookW, GetWindowTextW, CallNextHookEx, DialogBoxParamW, GetWindowPlacement, GetSystemMenu, DeleteMenu, SetWindowPlacement, SetUserObjectInformationW, GetAsyncKeyState, PostThreadMessageW, SetUserObjectSecurity, CreateDesktopW, KillTimer, GetMessageTime, SetLogonNotifyWindow, UnlockWindowStation, SetTimer, ReplyMessage, UnregisterHotKey, RegisterHotKey, OpenInputDesktop, GetUserObjectInformationW, CloseDesktop, RegisterDeviceNotificationW, SetThreadDesktop, CreateWindowExW, GetMessageW, TranslateMessage, RegisterWindowMessageW, SetCursor, DefWindowProcW, FindWindowW, MessageBoxW, SendNotifyMessageW, PostQuitMessage, MsgWaitForMultipleObjects, GetWindowRect, GetSystemMetrics, PeekMessageW, DispatchMessageW, SetProcessWindowStation, UpdateWindow, ShowWindow, SetWindowPos, PostMessageW, ExitWindowsEx, EnumDisplayMonitors, SystemParametersInfoW, GetDlgItem, SendMessageW, CreateDialogParamW, DestroyWindow, GetWindowLongW, GetDlgItemTextW, EndDialog, SetWindowLongW, LoadStringW, SetWindowTextW, SetDlgItemTextW, wsprintfW, wsprintfA, LockWindowStation, MBToWCSEx, SetWindowStationUser, UpdatePerUserSystemParameters, DialogBoxIndirectParamW, wvsprintfW, SetLastErrorEx, LoadCursorW, CheckDlgButton, IsDlgButtonChecked, RegisterClassW, CloseWindowStation, LoadImageW, GetParent, GetKeyState, GetDesktopWindow, SetForegroundWindow, SwitchDesktop, OpenDesktopW<br>> USERENV.dll: WaitForUserPolicyForegroundProcessing, GetAllUsersProfileDirectoryW, -, -, -, -, WaitForMachinePolicyForegroundProcessing, -, -, -, UnloadUserProfile, LoadUserProfileW, GetUserProfileDirectoryW, RegisterGPNotification, CreateEnvironmentBlock, DestroyEnvironmentBlock, UnregisterGPNotification, -<br>> VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW<br>> WINSTA.dll: WinStationRequestSessionsList, WinStationQueryLogonCredentialsW, WinStationIsHelpAssistantSession, WinStationAutoReconnect, _WinStationWaitForConnect, WinStationDisconnect, _WinStationCallback, WinStationNameFromLogonIdW, _WinStationFUSCanRemoteUserDisconnect, WinStationEnumerate_IndexedW, WinStationGetMachinePolicy, WinStationQueryInformationW, WinStationFreeMemory, WinStationReset, _WinStationNotifyDisconnectPipe, WinStationConnectW, WinStationSetInformationW, WinStationShutdownSystem, WinStationCheckLoopBack, _WinStationNotifyLogon, _WinStationNotifyLogoff<br>> WINTRUST.dll: CryptCATCatalogInfoFromContext, CryptCATAdminCalcHashFromFileHandle, CryptCATAdminAcquireContext, CryptCATAdminEnumCatalogFromHash, CryptCATAdminReleaseCatalogContext, WTHelperProvDataFromStateData, WinVerifyTrust, WTHelperGetProvSignerFromChain, CryptCATAdminReleaseContext<br>> WS2_32.dll: -, getaddrinfo, -<br><br>( 0 exports ) <br>

 

Antivirus Version Dernière mise à jour Résultat

AhnLab-V3 2008.9.19.2 2008.09.19 -

AntiVir 7.8.1.34 2008.09.19 TR/Patched.AA.595

Authentium 5.1.0.4 2008.09.19 W32/Patched.A

Avast 4.8.1195.0 2008.09.19 Win32:Patched-CK

AVG 8.0.0.161 2008.09.19 Win32/PEPatch.AO

BitDefender 7.2 2008.09.19 Trojan.Patched.U

CAT-QuickHeal 9.50 2008.09.20 Trojan.Patched.AA

ClamAV 0.93.1 2008.09.19 Trojan.Agent-5069

DrWeb 4.44.0.09170 2008.09.20 Trojan.Starter.384

eSafe 7.0.17.0 2008.09.18 -

eTrust-Vet 31.6.6095 2008.09.19 -

Ewido 4.0 2008.09.19 -

F-Prot 4.4.4.56 2008.09.19 W32/Patched.A

F-Secure 8.0.14332.0 2008.09.20 Trojan.Win32.Patched.cx

Fortinet 3.113.0.0 2008.09.20 -

GData 19 2008.09.20 Trojan.Win32.Patched.cx

Ikarus T3.1.1.34.0 2008.09.19 Trojan.Win32.Patched.g

K7AntiVirus 7.10.464 2008.09.19 -

Kaspersky 7.0.0.125 2008.09.20 Trojan.Win32.Patched.cx

McAfee 5388 2008.09.19 W32/PEPatcher.c

Microsoft 1.3903 2008.09.20 TrojanDownloader:Win32/Donise.C!patched

NOD32v2 3457 2008.09.19 Win32/TrojanProxy.Agent.NCI

Norman 5.80.02 2008.09.19 W32/Patched.A

Panda 9.0.0.4 2008.09.19 W32/PatchLog.gen

PCTools 4.4.2.0 2008.09.19 -

Prevx1 V2 2008.09.20 -

Rising 20.62.50.00 2008.09.20 Trojan.Win32.Patched.aa

Sophos 4.33.0 2008.09.20 W32/Liger-A

Sunbelt 3.1.1651.1 2008.09.19 -

Symantec 10 2008.09.19 Trojan.Patchep!inf

TheHacker 6.3.0.9.089 2008.09.20 W32/PEPatcher.gen

TrendMicro 8.700.0.1004 2008.09.20 PE_PATCHEP.A

VBA32 3.12.8.5 2008.09.19 -

ViRobot 2008.9.20.1384 2008.09.20 Win32.Patched.C

VirusBuster 4.5.11.0 2008.09.19 Win32.Agent.IMP

Webwasher-Gateway 6.6.2 2008.09.19 Trojan.Patched.AA.595

 

Information additionnelle

File size: 510464 bytes

MD5...: 78e8c6d90f8b390df97b1ae3e4da44e3

SHA1..: 3017e8a5701c502060d91987b9fe5a3e88975d69

SHA256: bf5dbcb660703b10640633d7980d17d4addd8068b5731419c40a3c2d92a4e461

SHA512: c113a79f9f14154bc8aab7fe81511206afe602764f2f78cd6deeb166c49b32a1<br>7b3338f6a5a735e52dd54b4f62819aa11e5f8853c850b3d1ee6e25ba63442d46

PEiD..: -

TrID..: File type identification<br>Win64 Executable Generic (80.9%)<br>Win32 Executable Generic (8.0%)<br>Win32 Dynamic Link Library (generic) (7.1%)<br>Generic Win/DOS Executable (1.8%)<br>DOS Executable Generic (1.8%)

PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1081000<br>timedatestamp.....: 0x41107edc (Wed Aug 04 06:14:52 2004)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x6f288 0x6f400 6.82 9aefa34e4ef8656cff4ae32aca092e29<br>.data 0x71000 0x4d90 0x2000 6.20 baa64d00a5f8a540a38a60d2aff66f30<br>.rsrc 0x76000 0xc000 0xb200 3.49 0345b0566682de741cdcc72c6eafcaee<br><br>( 20 imports ) <br>> ADVAPI32.dll: ConvertStringSecurityDescriptorToSecurityDescriptorA, A_SHAInit, A_SHAUpdate, A_SHAFinal, LsaStorePrivateData, LsaRetrievePrivateData, LsaNtStatusToWinError, CryptGetUserKey, CryptGetKeyParam, CryptEncrypt, CryptSetProvParam, CryptSignHashW, CryptDeriveKey, CryptGetProvParam, RegOpenCurrentUser, RegDeleteKeyW, AddAccessAllowedAceEx, RegSetKeySecurity, I_ScSendTSMessage, MD5Init, MD5Update, MD5Final, SetFileSecurityA, AllocateLocallyUniqueId, LsaOpenPolicy, LsaQueryInformationPolicy, LsaFreeMemory, LsaClose, RegNotifyChangeKeyValue, QueryServiceConfigW, SetKernelObjectSecurity, ConvertStringSecurityDescriptorToSecurityDescriptorW, RegEnumKeyExW, GetCurrentHwProfileW, RegCloseKey, RegQueryValueExW, RegOpenKeyW, FreeSid, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, AddAccessAllowedAce, InitializeAcl, GetLengthSid, AllocateAndInitializeSid, RegOpenKeyExW, CreateProcessAsUserW, DuplicateTokenEx, CloseServiceHandle, ControlService, StartServiceW, QueryServiceStatus, OpenServiceW, OpenSCManagerW, EqualSid, GetTokenInformation, RegSetValueExW, RegCreateKeyExW, CryptGenRandom, CryptDestroyHash, CryptVerifySignatureW, CryptSetHashParam, CryptGetHashParam, CryptHashData, CryptCreateHash, CryptDecrypt, ReportEventW, RegisterEventSourceW, CryptImportKey, CryptAcquireContextW, CryptReleaseContext, CryptDestroyKey, RegEnumValueW, RegQueryInfoKeyW, RegDeleteValueW, CredFree, CredDeleteW, CredEnumerateW, CopySid, GetSidLengthRequired, GetSidSubAuthority, GetSidSubAuthorityCount, GetUserNameW, OpenThreadToken, EnumServicesStatusW, ImpersonateLoggedOnUser, RegQueryValueExA, CheckTokenMembership, DeregisterEventSource, LsaGetUserName, RevertToSelf, LookupAccountSidW, IsValidSid, SetTokenInformation, LogonUserW, LookupAccountNameW, OpenProcessToken, SynchronizeWindows31FilesAndWindowsNTRegistry, QueryWindows31FilesMigration, AdjustTokenPrivileges, RegQueryInfoKeyA<br>> AUTHZ.dll: AuthzInitializeResourceManager, AuthzAccessCheck, AuthziFreeAuditEventType, AuthziInitializeAuditEvent, AuthziInitializeAuditParams, AuthziInitializeAuditEventType, AuthziLogAuditEvent, AuthzFreeAuditEvent, AuthzFreeResourceManager, AuthzFreeHandle<br>> CRYPT32.dll: CryptImportPublicKeyInfo, CryptVerifyMessageSignature, CertCreateCertificateContext, CertSetCertificateContextProperty, CertVerifyCertificateChainPolicy, CryptSignMessage, CertCloseStore, CertComparePublicKeyInfo, CryptExportPublicKeyInfo, CertFindExtension, CryptDecryptMessage, CertGetCertificateContextProperty, CertAddCertificateContextToStore, CertOpenStore, CertVerifySubjectCertificateContext, CertGetIssuerCertificateFromStore, CertDuplicateCertificateContext, CertFreeCertificateContext, CertEnumCertificatesInStore, CryptImportPublicKeyInfoEx<br>> GDI32.dll: RemoveFontResourceW, AddFontResourceW<br>> KERNEL32.dll: WTSGetActiveConsoleSessionId, GetTimeFormatW, GetUserDefaultLCID, FileTimeToSystemTime, FileTimeToLocalFileTime, GetProcAddress, LoadLibraryW, GetModuleHandleW, SystemTimeToFileTime, GetSystemTime, SetLastError, TerminateProcess, GetCurrentProcess, CreateTimerQueueTimer, CreateThread, lstrcpynW, GetShortPathNameW, GetProfileStringW, FreeLibrary, ReleaseSemaphore, CreateSemaphoreW, GetSystemInfo, GetComputerNameW, GetEnvironmentVariableW, WaitForSingleObjectEx, LoadResource, FindResourceW, SetThreadExecutionState, DeleteTimerQueueTimer, ResetEvent, GetSystemDirectoryW, TransactNamedPipe, SetNamedPipeHandleState, GetTickCount, CreateFileW, GlobalGetAtomNameW, VirtualLock, VirtualQuery, GetDriveTypeW, Beep, OpenMutexW, QueueUserWorkItem, LeaveCriticalSection, EnterCriticalSection, DisconnectNamedPipe, SearchPathW, lstrcatW, LocalReAlloc, ExpandEnvironmentStringsW, TerminateThread, ResumeThread, GetDiskFreeSpaceExW, GlobalMemoryStatusEx, DeleteFileW, WriteProfileStringW, ReadFile, FindVolumeClose, FindNextVolumeW, FindFirstVolumeW, FormatMessageW, SetPriorityClass, MoveFileExW, WaitForMultipleObjectsEx, GetExitCodeProcess, SleepEx, InterlockedExchange, FindClose, FindFirstFileW, GetWindowsDirectoryW, SetTimerQueueTimer, GetComputerNameA, GetVersionExW, VerSetConditionMask, WriteFile, WaitNamedPipeW, WaitForMultipleObjects, ConnectNamedPipe, DuplicateHandle, OpenProcess, GetOverlappedResult, GetVersionExA, lstrcmpW, SetEnvironmentVariableW, UnregisterWait, CreateNamedPipeW, CreateRemoteThread, CreateActCtxW, GetModuleFileNameW, ExitProcess, LoadLibraryExW, SetErrorMode, SetUnhandledExceptionFilter, GetPrivateProfileStringW, LocalSize, VirtualAlloc, VirtualQueryEx, DebugBreak, CreateFileA, InitializeCriticalSection, ProcessIdToSessionId, SetInformationJobObject, AssignProcessToJobObject, TerminateJobObject, PostQueuedCompletionStatus, PulseEvent, GetQueuedCompletionStatus, CreateIoCompletionPort, CreateJobObjectW, ActivateActCtx, DeactivateActCtx, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetSystemTimeAsFileTime, UnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, GetCurrentProcessId, SetThreadPriority, GetCurrentThreadId, lstrcmpiW, GetProfileIntW, LoadLibraryExA, lstrcpyW, lstrlenW, Sleep, LocalAlloc, CreateEventW, GetExitCodeThread, SetThreadAffinityMask, GetProcessAffinityMask, CreateWaitableTimerW, CreateMutexW, OpenEventW, RegisterWaitForSingleObject, WaitForSingleObject, CreateProcessW, SetWaitableTimer, ReleaseMutex, SetEvent, UnregisterWaitEx, CloseHandle, lstrlenA, lstrcpyA, MultiByteToWideChar, GetACP, WideCharToMultiByte, HeapAlloc, GetProcessHeap, HeapFree, lstrcpynA, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, lstrcmpiA, GetFileSize, SetFilePointer, GlobalAlloc, GlobalFree, GetLastError, LocalFree, lstrcatA, lstrcmpA, GetLogicalDriveStringsA, GetDriveTypeA, GetVolumeInformationW, GlobalMemoryStatus, CreateMutexA, FindResourceExW, LockResource, SizeofResource, VerifyVersionInfoW, GetSystemDirectoryA, GetCurrentThread, DelayLoadFailureHook, BaseInitAppcompatCacheSupport, OpenProfileUserMapping, CloseProfileUserMapping, BaseCleanupAppcompatCacheSupport, InitializeCriticalSectionAndSpinCount, VirtualProtect, CreateEventA, TlsSetValue, DeleteCriticalSection, TlsGetValue, TlsAlloc, VirtualFree, TlsFree<br>> msvcrt.dll: _vsnwprintf, wcslen, wcsncpy, wcsstr, atoi, wcstok, memmove, wcschr, swprintf, swscanf, _local_unwind2, _wcslwr, wcscmp, _snwprintf, malloc, _c_exit, _exit, _XcptFilter, _cexit, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __3@YAXPAX@Z, __2@YAPAXI@Z, __CxxFrameHandler, _itow, _snprintf, _wtol, _strnicmp, sscanf, wcstombs, sprintf, strchr, strncmp, atof, _ftol, isspace, __set_app_type, wcscpy, _controlfp, wcsncmp, _wcsupr, ceil, wcscat, _except_handler3, free, _wcsicmp<br>> NDdeApi.dll: -, -, -, -<br>> ntdll.dll: RtlAllocateHeap, NtPowerInformation, NtSetSystemPowerState, NtRaiseHardError, RtlDeleteCriticalSection, NtOpenSymbolicLinkObject, NtReplyPort, NtCompleteConnectPort, NtReplyWaitReceivePort, NtAcceptConnectPort, NtCreatePort, RtlConvertSidToUnicodeString, RtlFreeUnicodeString, NtLockProductActivationKeys, RtlTimeToTimeFields, NtUnmapViewOfSection, NtMapViewOfSection, NtOpenSection, NtQuerySymbolicLinkObject, NtQueryVolumeInformationFile, NtSetSecurityObject, RtlAdjustPrivilege, NtOpenFile, NtFsControlFile, RtlAllocateAndInitializeSid, RtlDestroyEnvironment, RtlFreeHeap, NtQueryInformationToken, NtShutdownSystem, RtlEnterCriticalSection, RtlLeaveCriticalSection, RtlInitializeCriticalSection, RtlCreateEnvironment, RtlQueryEnvironmentVariable_U, RtlSetEnvironmentVariable, RtlInitUnicodeString, NtOpenKey, NtQueryValueKey, RtlSubAuthoritySid, RtlInitializeSid, RtlLengthRequiredSid, NtAllocateLocallyUniqueId, RtlGetDaclSecurityDescriptor, RtlCopySid, RtlLengthSid, NtSetInformationThread, NtDuplicateToken, NtDuplicateObject, RtlEqualSid, RtlSetDaclSecurityDescriptor, NtClose, RtlOpenCurrentUser, RtlCreateSecurityDescriptor, RtlAddAce, RtlCreateAcl, RtlNtStatusToDosError, NtOpenDirectoryObject, NtQuerySystemInformation, NtCreateEvent, NtCreatePagingFile, RtlDosPathNameToNtPathName_U, RtlRegisterWait, NtSetValueKey, NtCreateKey, RtlTimeToSecondsSince1980, NtQuerySystemTime, NtPrivilegeObjectAuditAlarm, NtPrivilegeCheck, NtOpenThreadToken, NtOpenProcessToken, RtlUnhandledExceptionFilter, NtQueryInformationProcess, DbgBreakPoint, RtlCheckProcessParameters, RtlSetThreadIsCritical, RtlSetProcessIsCritical, RtlInitString, NtInitiatePowerAction, DbgPrint, NtFilterToken, NtQueryInformationJobObject, NtOpenEvent, RtlGetAce, RtlQueryInformationAcl, NtQuerySecurityObject, RtlCompareUnicodeString, NtSetInformationProcess<br>> PROFMAP.dll: InitializeProfileMappingApi, RemapAndMoveUserW<br>> PSAPI.DLL: EnumProcesses, EnumProcessModules, GetModuleBaseNameW<br>> REGAPI.dll: RegDefaultUserConfigQueryW, RegUserConfigQuery<br>> RPCRT4.dll: RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcImpersonateClient, I_RpcMapWin32Status, RpcServerRegisterIf, RpcGetAuthorizationContextForClient, RpcFreeAuthorizationContext, RpcServerListen, RpcRevertToSelf, NdrServerCall2, UuidCreate<br>> Secur32.dll: GetUserNameExW, LsaLookupAuthenticationPackage, LsaRegisterLogonProcess, LsaCallAuthenticationPackage<br>> SETUPAPI.dll: SetupDiDestroyDeviceInfoList, SetupDiEnumDeviceInfo, SetupDiGetClassDevsW, SetupDiGetDeviceRegistryPropertyW<br>> USER32.dll: SetFocus, EnumWindows, CreateWindowStationW, RegisterLogonProcess, RecordShutdownReason, LoadLocalFonts, UnhookWindowsHook, SetWindowsHookW, GetWindowTextW, CallNextHookEx, DialogBoxParamW, GetWindowPlacement, GetSystemMenu, DeleteMenu, SetWindowPlacement, SetUserObjectInformationW, GetAsyncKeyState, PostThreadMessageW, SetUserObjectSecurity, CreateDesktopW, KillTimer, GetMessageTime, SetLogonNotifyWindow, UnlockWindowStation, SetTimer, ReplyMessage, UnregisterHotKey, RegisterHotKey, OpenInputDesktop, GetUserObjectInformationW, CloseDesktop, RegisterDeviceNotificationW, SetThreadDesktop, CreateWindowExW, GetMessageW, TranslateMessage, RegisterWindowMessageW, SetCursor, DefWindowProcW, FindWindowW, MessageBoxW, SendNotifyMessageW, PostQuitMessage, MsgWaitForMultipleObjects, GetWindowRect, GetSystemMetrics, PeekMessageW, DispatchMessageW, SetProcessWindowStation, UpdateWindow, ShowWindow, SetWindowPos, PostMessageW, ExitWindowsEx, EnumDisplayMonitors, SystemParametersInfoW, GetDlgItem, SendMessageW, CreateDialogParamW, DestroyWindow, GetWindowLongW, GetDlgItemTextW, EndDialog, SetWindowLongW, LoadStringW, SetWindowTextW, SetDlgItemTextW, wsprintfW, wsprintfA, LockWindowStation, MBToWCSEx, SetWindowStationUser, UpdatePerUserSystemParameters, DialogBoxIndirectParamW, wvsprintfW, SetLastErrorEx, LoadCursorW, CheckDlgButton, IsDlgButtonChecked, RegisterClassW, CloseWindowStation, LoadImageW, GetParent, GetKeyState, GetDesktopWindow, SetForegroundWindow, SwitchDesktop, OpenDesktopW<br>> USERENV.dll: WaitForUserPolicyForegroundProcessing, GetAllUsersProfileDirectoryW, -, -, -, -, WaitForMachinePolicyForegroundProcessing, -, -, -, UnloadUserProfile, LoadUserProfileW, GetUserProfileDirectoryW, RegisterGPNotification, CreateEnvironmentBlock, DestroyEnvironmentBlock, UnregisterGPNotification, -<br>> VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW<br>> WINSTA.dll: WinStationRequestSessionsList, WinStationQueryLogonCredentialsW, WinStationIsHelpAssistantSession, WinStationAutoReconnect, _WinStationWaitForConnect, WinStationDisconnect, _WinStationCallback, WinStationNameFromLogonIdW, _WinStationFUSCanRemoteUserDisconnect, WinStationEnumerate_IndexedW, WinStationGetMachinePolicy, WinStationQueryInformationW, WinStationFreeMemory, WinStationReset, _WinStationNotifyDisconnectPipe, WinStationConnectW, WinStationSetInformationW, WinStationShutdownSystem, WinStationCheckLoopBack, _WinStationNotifyLogon, _WinStationNotifyLogoff<br>> WINTRUST.dll: CryptCATCatalogInfoFromContext, CryptCATAdminCalcHashFromFileHandle, CryptCATAdminAcquireContext, CryptCATAdminEnumCatalogFromHash, CryptCATAdminReleaseCatalogContext, WTHelperProvDataFromStateData, WinVerifyTrust, WTHelperGetProvSignerFromChain, CryptCATAdminReleaseContext<br>> WS2_32.dll: -, getaddrinfo, -<br><br>( 0 exports ) <br>

Loup blanc Godlike Member

Loup blanc

Posté(e)
Posté(e) (modifié)

Bonjouor Dranoel,

 

On va devoir remplacer plusieurs fichiers qui ont effectivement été patchés.

 

As-tu un "vrai" CD de XP PRO SP2 à ta disposition ? (par vrai j'entends un CD d'installation, pas un CD de restauration).

Si oui, donne moi la lettre de ton lecteur CD pour que je te prépare la suite.

 

Edit : Pense aussi à m'envoyer le fichier VG.dl avec le lien que je t'ai envoyé, merci d'avance.

Modifié par Loup blanc

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...