Multiples problèmes

[Gof]

Oui, c'est normal. Le fichier que je te fais glisser-déposer sur ComboFix est un ensemble de commandes que l'outil va interpréter.

[maxou39]

Voila le dernier rapport généré par combofix après le glisser déposer.

 

ComboFix 09-04-14.09 - Maxime 2009-04-15 0:09.6 - NTFSx86

Lancé depuis: c:\down\ComboFix.exe

Commutateurs utilisés :: c:\down\CFScript.txt

 

FILE ::

C:\0xf9.exe

C:\1156295225

c:\docume~1\Maxime\LOCALS~1\Temp\3229876768.exe

C:\gyekuc.exe

C:\tm.exe

c:\windows\NsUpdate.exe

c:\windows\spool.exe

c:\windows\system32\1156295225.dat

c:\windows\system32\drivers\1c30c3b9.sys

c:\windows\system32\drivers\accdeb50.sys

c:\windows\system32\ds43g4nfjkn93.dll

c:\windows\system32\ftp_non_crp.exe

c:\windows\system32\hsf73ikmdf3f.dll

c:\windows\system32\rr.exe

c:\windows\system32\SelfDel.bat

c:\windows\TEMP\j3rvuau4me.exe

c:\windows\TEMP\ms1239172062.exe

c:\windows\TEMP\VRT2.tmp

C:\ytiva.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\0xf9.exe

C:\1156295225

c:\documents and settings\Maxime\Application Data\EoRezo

c:\documents and settings\Maxime\Application Data\EoRezo\cache

c:\documents and settings\Maxime\Application Data\EoRezo\cmhost.cyp

c:\documents and settings\Maxime\Application Data\EoRezo\ConfMedia.cyp

c:\documents and settings\Maxime\Application Data\EoRezo\ConfMedia.cyp.old

c:\documents and settings\Maxime\Application Data\EoRezo\db\cat.cyp

c:\documents and settings\Maxime\Application Data\EoRezo\eoDesktop\config.xml

c:\documents and settings\Maxime\Application Data\EoRezo\eoDesktop\eoDesktop.html

c:\documents and settings\Maxime\Application Data\EoRezo\eoDesktop\userConfig.xml

c:\documents and settings\Maxime\Application Data\EoRezo\eoStats\eoStats.txt

c:\documents and settings\Maxime\Application Data\EoRezo\host.cyp

c:\documents and settings\Maxime\Application Data\EoRezo\modules.cyp

c:\documents and settings\Maxime\Application Data\EoRezo\user.cyp

C:\gyekuc.exe

c:\program files\EoRezo

c:\program files\EoRezo\EoAdv\eoAdv.url

c:\program files\EoRezo\EoAdv\EoRezoBho.old

c:\program files\ThunMail

c:\program files\ThunMail\testabd.dll

c:\program files\ThunMail\testabd.ex_

C:\tm.exe

c:\windows\dhcp

c:\windows\NsUpdate.exe

c:\windows\system32\1156295225.dat

c:\windows\system32\drivers\1c30c3b9.sys

c:\windows\system32\drivers\accdeb50.sys

c:\windows\system32\ds43g4nfjkn93.dll

c:\windows\system32\ftp_non_crp.exe

c:\windows\system32\hsf73ikmdf3f.dll

c:\windows\system32\rr.exe

c:\windows\system32\SelfDel.bat

C:\ytiva.exe

 

c:\windows\system32\userinit.exe . . . est infecté!!

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_afisicx

-------\Legacy_dhcpsrv

-------\Legacy_sopidkc

-------\Legacy_tdctxte

-------\Service_1c30c3b9

-------\Service_accdeb50

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-03-14 au 2009-04-14 ))))))))))))))))))))))))))))))))))))

.

 

2009-04-14 19:27 . 2009-04-14 19:27 325 ----a-w c:\windows\KillProcess.INI

2009-04-14 16:47 . 2009-04-14 16:47 -------- d-----w C:\rsit

2009-04-14 16:46 . 2009-04-14 22:09 -------- d-----w C:\Down

2009-04-08 06:17 . 2009-04-08 06:17 213120 -c--a-w c:\windows\system32\dllcache\ndis.sys

2009-04-03 16:42 . 2008-04-14 02:33 54784 -c--a-w c:\windows\system32\dllcache\vfwwdm32.dll

2009-04-03 16:42 . 2008-04-14 02:33 54784 ----a-w c:\windows\system32\vfwwdm32.dll

2009-04-03 16:42 . 2003-03-19 10:44 45056 ----a-w c:\windows\system32\MFC71CHT.DLL

2009-04-03 16:41 . 2006-12-12 15:56 104 ----a-w c:\windows\system32\drivers\EC168Hid.dat

2009-04-03 16:41 . 2006-07-31 09:56 4096 ----a-w c:\windows\system32\HUCoInstaller.dll

2009-04-03 16:41 . 2007-05-18 11:18 67968 ----a-w c:\windows\system32\drivers\EC168BDA.sys

2009-04-03 16:41 . 2007-02-26 09:40 7107 ----a-w c:\windows\system32\drivers\EC168BDA.bin

2009-04-03 16:41 . 2009-04-03 16:41 -------- d-----w c:\program files\Genius

2009-04-03 09:18 . 2007-06-01 05:13 238848 ------r c:\windows\system32\drivers\BLKWGU.sys

2009-04-03 09:18 . 2009-04-03 09:18 21035 ----a-w c:\windows\system32\drivers\AegisP.sys

2009-04-03 09:17 . 2006-12-18 08:07 14523 ------w c:\windows\system32\drivers\string.ini

2009-04-03 09:17 . 2006-11-15 14:23 38144 ----a-w c:\windows\system32\drivers\EAPPkt.sys

2009-04-03 09:17 . 2009-04-03 09:17 -------- d-----w c:\program files\Belkin

2009-04-03 09:16 . 2009-04-03 09:16 -------- d-----w c:\documents and settings\Maxime\Application Data\InstallShield

2009-03-26 17:51 . 2009-03-26 17:54 -------- d-----w C:\32788R22FWJFW.0.tmp

2009-03-26 16:45 . 2009-03-26 16:45 -------- d-----w c:\program files\Trend Micro

2009-03-26 16:34 . 2009-03-26 16:33 311808 ----a-w c:\windows\sms.ex_

2009-03-26 16:33 . 2009-03-26 16:33 311808 ----a-w c:\windows\spool.ex_

2009-03-26 15:59 . 2009-03-26 15:59 -------- d-----w c:\documents and settings\Maxime\Application Data\Talkback

2009-03-23 13:54 . 2009-03-23 13:53 41472 --sh--r c:\windows\system32\advpack.dlln.exe

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-12 07:25 . 2009-04-03 16:50 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

2009-04-09 15:20 . 2005-01-15 17:12 -------- d-----w c:\program files\Budget Familial

2009-04-08 06:17 . 2003-01-26 12:57 213120 ----a-w c:\windows\system32\drivers\ndis.sys

2009-04-07 16:29 . 2005-01-28 17:20 -------- d-----w c:\program files\Budget Rotary

2009-04-03 16:41 . 2003-01-26 13:36 -------- d--h--w c:\program files\InstallShield Installation Information

2009-04-01 16:27 . 2006-11-04 14:34 -------- d-----w c:\documents and settings\Maxime\Application Data\Skype

2009-04-01 06:27 . 2008-07-18 12:35 -------- d-----w c:\program files\ItsLabel

2009-03-29 13:02 . 2003-01-26 12:57 49054 ----a-w c:\windows\system32\perfc00C.dat

2009-03-29 13:02 . 2003-01-26 12:57 368314 ----a-w c:\windows\system32\perfh00C.dat

2009-03-26 10:35 . 2008-06-28 13:03 -------- d-----w c:\program files\TomTom HOME 2

2009-03-05 10:16 . 2007-04-02 11:56 -------- d-----w c:\documents and settings\All Users\Application Data\EBP

2009-03-05 10:16 . 2005-02-22 07:33 -------- d-----w c:\documents and settings\Maxime\Application Data\EBP

2009-03-05 10:15 . 2009-03-05 10:13 -------- d--h--w c:\documents and settings\All Users\Application Data\{C95A54B6-9527-4037-8135-C31A156AA451}

2009-03-05 10:13 . 2003-05-13 17:16 -------- d-----w c:\program files\EBP

2009-02-14 15:26 . 2009-02-14 15:26 -------- d-----w c:\program files\Axis Communications

2009-02-09 14:05 . 2003-01-26 12:57 1846912 ----a-w c:\windows\system32\win32k.sys

2009-02-05 15:40 . 2009-03-05 10:15 3715072 ----a-w c:\windows\system32\cdintf300.dll

2008-09-30 17:09 . 2005-11-02 09:05 113128 ----a-w c:\documents and settings\Maxime\Application Data\GDIPFONTCACHEV1.DAT

2008-07-18 17:07 . 2003-05-09 16:34 116520 ----a-w c:\documents and settings\Maxime\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2006-02-17 18:35 . 2005-08-29 11:56 112632 ----a-w c:\documents and settings\Myriam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2006-01-16 19:55 . 2006-01-16 19:55 112632 ----a-w c:\documents and settings\Viviane\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2006-01-06 19:02 . 2006-01-06 18:52 278528 ----a-w c:\program files\Fichiers communs\FDEUnInstaller.exe

2003-09-25 23:24 . 2003-09-25 23:24 1187840 ----a-w c:\program files\Fichiers communs\vfp8rfra.dll

2003-09-25 20:36 . 2003-09-25 20:36 4300800 ----a-w c:\program files\Fichiers communs\vfp8r.dll

2003-09-25 19:47 . 2003-09-25 19:47 1150976 ----a-w c:\program files\Fichiers communs\VFP8RENU.DLL

2001-09-06 06:00 . 2001-09-06 06:00 1700352 ----a-w c:\program files\Fichiers communs\gdiplus.dll

1999-04-06 12:27 . 1999-04-06 12:27 99840 ----a-w c:\program files\Fichiers communs\IRAABOUT.DLL

1998-12-09 02:53 . 1998-12-09 02:53 70144 ----a-w c:\program files\Fichiers communs\IRAMDMTR.DLL

1998-12-09 02:53 . 1998-12-09 02:53 48640 ----a-w c:\program files\Fichiers communs\IRALPTTR.DLL

1998-12-09 02:53 . 1998-12-09 02:53 31744 ----a-w c:\program files\Fichiers communs\IRAWEBTR.DLL

1998-12-09 02:53 . 1998-12-09 02:53 186368 ----a-w c:\program files\Fichiers communs\IRAREG.DLL

1998-12-09 02:53 . 1998-12-09 02:53 17920 ----a-w c:\program files\Fichiers communs\IRASRIAL.DLL

2008-09-19 08:2008-09-19 08:27 27:20 . c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

2009-03-30 22:2008-08-11 08:31 04:36 . c:\program files\mozilla firefox\components\jar50.dll

2009-03-30 22:2008-08-11 08:31 04:37 . c:\program files\mozilla firefox\components\jsd3250.dll

2009-03-30 22:2008-08-11 08:31 04:40 . c:\program files\mozilla firefox\components\xpinstal.dll

.

 

------- Sigcheck -------

 

[-] 2004-08-19 23:10 33280 45FE14DDCE8397A69C7E5E20466846B3 c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 02:34 33280 01CB47180C9F341C0B82D615B946168E c:\windows\ServicePackFiles\i386\svchost.exe

[-] 2004-08-19 23:10 33280 0372B7ED085F9AB2A9B295732FB8955D c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\svchost.exe

[-] 2008-04-14 02:34 33280 285877C1C01408319DCF1A8CB0E9D88D c:\windows\system32\svchost.exe

 

[-] 2005-03-02 18:10 578048 0DF75FB73F705B011630159A43D7C354 c:\windows\$hf_mig$\KB890859\SP2GDR\user32.dll

[-] 2005-03-02 18:20 578048 C34920EB988CE98910BD6B0417F334EB c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[-] 2007-03-08 15:50 579072 4D88AAF39ADABFE45958EA1384E2C4FF c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll

[-] 2007-03-08 15:37 578560 753354F594809A9B96F73999B435A533 c:\windows\$NtServicePackUninstall$\user32.dll

[-] 2004-08-19 23:09 578048 61C8C283AD063BB697AE61A155C64A5A c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2002-11-22 11:29 529920 1467D0F30F0D88DD5DAF3B4C2EAC6034 c:\windows\$NtUninstallKB890859_0$\user32.dll

[-] 2005-03-02 18:10 578048 0DF75FB73F705B011630159A43D7C354 c:\windows\$NtUninstallKB925902$\user32.dll

[-] 2002-08-30 12:00 561152 0ABF2F5280940D32D1D52BD3500B0C37 c:\windows\$NtUninstallQ328310$\user32.dll

[-] 2008-04-14 02:33 579584 E853F84D3CE2FAA2A802E33CF89AC023 c:\windows\ServicePackFiles\i386\user32.dll

[-] 2004-08-19 23:09 578048 61C8C283AD063BB697AE61A155C64A5A c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\user32.dll

[-] 2008-04-14 02:33 579584 E853F84D3CE2FAA2A802E33CF89AC023 c:\windows\system32\user32.dll

 

[-] 2004-08-19 23:09 82944 EED74B969B2CA1ACC558FF60FB420E28 c:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 02:33 82432 FB836F9E62D82904C983AD21296A5D9C c:\windows\ServicePackFiles\i386\ws2_32.dll

[-] 2004-08-19 23:09 82944 EED74B969B2CA1ACC558FF60FB420E28 c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ws2_32.dll

[-] 2008-04-14 02:33 82432 FB836F9E62D82904C983AD21296A5D9C c:\windows\system32\ws2_32.dll

 

[-] 2005-05-02 20:58 663040 0996B57CC2ABCB271872296E98A18DB2 c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll

[-] 2005-09-03 00:08 664576 031CA1310E4CB23E5A4F747D763D0B49 c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll

[-] 2005-07-03 02:10 663552 39846B1AC2B99349272EE6E075C3B8AF c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll

[-] 2005-10-21 03:39 665600 D327378CEEF9A141C7352691FC30A0DA c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll

[-] 2006-03-04 04:00 667648 241DBC4C2714B2F39AFDED49459ED420 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll

[-] 2006-05-10 05:26 667648 44FCC339191ADB8892520DFA473C455F c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll

[-] 2006-06-23 11:25 668672 582953780721AC5D38F98CAB229EC7B9 c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll

[-] 2006-09-14 08:38 668672 B8B6F05885A6F42724E8D6BFEDE6BD3F c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll

[-] 2006-10-23 15:34 668672 EFA0C2870CBA1747809A13E09F35BF82 c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll

[-] 2007-03-23 09:29 823296 375B58A68A016546535A84060092325C c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll

[-] 2007-04-25 08:26 823808 47DDAD237F60729DEA2B9E0E2382B58F c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll

[-] 2007-06-27 14:14 824320 7201D19B81883B57D5FFE8EBB5A83E8B c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll

[-] 2007-08-20 09:49 825344 2DD1B0F579C80562EDCB8848FF7EA9F6 c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll

[-] 2007-10-10 23:22 825344 871AE10D6AE8877E9636AE5017953D52 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll

[-] 2007-12-07 01:42 825344 F4FD487241D3AC291046A22CEBD2CF71 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll

[-] 2008-03-01 12:34 827392 5A0093F59B505C008ED0CEE615563C72 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll

[-] 2008-04-23 07:19 827392 78D3D2B0BE6AD3E6D82CCB115CF74310 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll

[-] 2008-06-23 15:40 827904 52589BAE67DD9859724287372668690B c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll

[-] 2008-08-26 09:10 827904 4B0E70D44297877A313045BD059770E1 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll

[-] 2008-10-16 19:33 827904 37D1A1BFE3D9904F2C3D11592456F9C0 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll

[-] 2008-12-20 23:47 827904 4E192082A5FCE9EF19198A24CDEA3442 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll

[-] 2004-08-19 23:09 660480 4E958B97EFC3D801F49283D1820F48B7 c:\windows\$NtServicePackUninstall$\wininet.dll

[-] 2004-08-19 23:09 660480 4E958B97EFC3D801F49283D1820F48B7 c:\windows\$NtUninstallKB883939$\wininet.dll

[-] 2002-08-30 12:00 603136 CBC50D46257C4A75644230507B488050 c:\windows\$NtUninstallKB883939-IE6SP1-20050428.125228$\wininet.dll

[-] 2005-07-03 02:16 662528 E994E704303F07F331B03EE9ED6D9E2D c:\windows\$NtUninstallKB896688$\wininet.dll

[-] 2005-05-02 20:57 662016 FFE3E6FB8D52955A2DE4C6CC765B02BC c:\windows\$NtUninstallKB896727$\wininet.dll

[-] 2005-09-03 00:06 662528 A2DD7EC3AC1EAD13F65E2898FCABBD1A c:\windows\$NtUninstallKB905915$\wininet.dll

[-] 2005-10-21 03:41 662528 E41E8FDF62CF20F2E2B16D800D96EB51 c:\windows\$NtUninstallKB912812$\wininet.dll

[-] 2006-03-04 03:35 662528 19E1A21F21BC938A92EE8BE630994493 c:\windows\$NtUninstallKB916281$\wininet.dll

[-] 2006-05-10 05:24 662528 343FABBF09312842816E92947AACF73A c:\windows\$NtUninstallKB918899$\wininet.dll

[-] 2006-06-23 11:11 663040 4F343F414F05E81CF61B1001634FC6B7 c:\windows\$NtUninstallKB922760$\wininet.dll

[-] 2006-10-23 15:18 663040 6091FEE2B68974683D52119A98BE3564 c:\windows\$NtUninstallKB925454$\wininet.dll

[-] 2006-09-14 08:40 663040 B1E994472F3574DB141266F1AA905433 c:\windows\$NtUninstallKB925454_0$\wininet.dll

[-] 2006-10-23 15:34 668672 EFA0C2870CBA1747809A13E09F35BF82 c:\windows\ie7\wininet.dll

[-] 2006-11-07 20:03 818688 92995334F993E6E49C25C6D02EC04401 c:\windows\ie7updates\KB928090-IE7\wininet.dll

[-] 2007-01-12 08:27 822784 BE43D00D802C92F01C8CC952C6F483F8 c:\windows\ie7updates\KB931768-IE7\wininet.dll

[-] 2007-02-27 13:26 822784 75DE73E328E300CAED5965FAEA2F5D3F c:\windows\ie7updates\KB933566-IE7\wininet.dll

[-] 2007-04-25 07:40 822784 2C138AB59E2FFA06E8952AE656E443C5 c:\windows\ie7updates\KB937143-IE7\wininet.dll

[-] 2007-06-27 13:24 823808 2274862267D7445E7010D9AF826E89C3 c:\windows\ie7updates\KB939653-IE7\wininet.dll

[-] 2007-08-20 09:59 824832 F6DFCEED3A7AA4C9EEB966D3F1ADC70A c:\windows\ie7updates\KB942615-IE7\wininet.dll

[-] 2007-10-10 23:49 824832 BC5119C53BDD48DABC628D448A3BDCCB c:\windows\ie7updates\KB944533-IE7\wininet.dll

[-] 2007-12-07 02:08 824832 4FC90BECE54FAC81B0090B94E27BFB6B c:\windows\ie7updates\KB947864-IE7\wininet.dll

[-] 2008-03-01 12:58 826368 8E027981DDFFA690D456FE18B37415A0 c:\windows\ie7updates\KB950759-IE7\wininet.dll

[-] 2008-04-23 04:16 826368 02D6AABD5F5A32C61478B5CDFE50E4A8 c:\windows\ie7updates\KB953838-IE7\wininet.dll

[-] 2008-06-23 16:28 826368 AC0BD61DC2C64906FBFE50E005FEFA2C c:\windows\ie7updates\KB956390-IE7\wininet.dll

[-] 2008-08-26 08:11 826368 E30CACD98479B36A3DBFA3267BF62DD0 c:\windows\ie7updates\KB958215-IE7\wininet.dll

[-] 2008-10-16 20:18 826368 CFBFA47415E85018E2CDC509E5E3D011 c:\windows\ie7updates\KB961260-IE7\wininet.dll

[-] 2008-04-14 02:33 670208 4A6E04EA20F48D750D9BFED8600D516B c:\windows\ServicePackFiles\i386\wininet.dll

[-] 2006-10-23 15:18 663040 6091FEE2B68974683D52119A98BE3564 c:\windows\SoftwareDistribution\Download\4d1fd3346d9c5199d8c02e0a0384053a\sp2gdr\wininet.dll

[-] 2006-10-23 15:34 668672 EFA0C2870CBA1747809A13E09F35BF82 c:\windows\SoftwareDistribution\Download\4d1fd3346d9c5199d8c02e0a0384053a\sp2qfe\wininet.dll

[-] 2004-08-19 23:09 660480 4E958B97EFC3D801F49283D1820F48B7 c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\wininet.dll

[-] 2005-02-18 15:36 596992 C962156514A22D35A08C041FE9BBBC2E c:\windows\SoftwareDistribution\Download\d503d96f06aaba242a764e78c3ce887b\rtmgdr\wininet.dll

[-] 2005-02-19 02:11 586240 6B2B381F63DF2F293D118D4EB3D1ACA6 c:\windows\SoftwareDistribution\Download\d503d96f06aaba242a764e78c3ce887b\RTMQFE\wininet.dll

[-] 2008-12-20 22:47 826368 0551C946E305CEE0A79BA744DC141BFC c:\windows\system32\wininet.dll

[-] 2008-12-20 22:47 826368 0551C946E305CEE0A79BA744DC141BFC c:\windows\system32\dllcache\wininet.dll

 

[-] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$hf_mig$\KB893066\SP2GDR\tcpip.sys

[-] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys

[-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys

[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys

[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys

[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys

[-] 2004-08-04 06:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys

[-] 2002-08-30 12:00 332928 244A2F9816BC9B593957281EF577D976 c:\windows\$NtUninstallKB893066_0$\tcpip.sys

[-] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys

[-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys

[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys

[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys

[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys

[-] 2008-04-13 19:20 361344 ACCF5A9A1FFAA490F33DBA1C632B95E1 c:\windows\ServicePackFiles\i386\tcpip.sys

[-] 2005-02-23 02:00 339968 466CBD4831E80729173654AB2B8C0FEE c:\windows\SoftwareDistribution\Download\6de99da1687e4b34b1646d9e901a58e4\sp1qfe\tcpip.sys

[-] 2005-03-14 00:55 359808 0E66B538096A6529D1AC66E78EB0D5C8 c:\windows\SoftwareDistribution\Download\6de99da1687e4b34b1646d9e901a58e4\sp2gdr\tcpip.sys

[-] 2005-03-14 01:17 359936 6129E70F3D2F1E60860C930EBEAF92C2 c:\windows\SoftwareDistribution\Download\6de99da1687e4b34b1646d9e901a58e4\sp2qfe\tcpip.sys

[-] 2004-08-04 06:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\tcpip.sys

[-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\drivers\tcpip.sys

 

[-] 2004-08-19 23:10 525312 D48A55E5D4B051AA2359474FB7E2547C c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 02:34 530944 40C6EF828158B501F1070BBE25EB79F9 c:\windows\ServicePackFiles\i386\winlogon.exe

[-] 2004-08-19 23:10 525312 3BED5F7FE8B53DA76FAD113D07CF2042 c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\winlogon.exe

[-] 2008-04-14 02:34 512000 DD73D6B9F6B4CB630CF35B438B540174 c:\windows\system32\winlogon.exe

 

[-] 2004-08-04 06:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys

[-] 2004-08-04 06:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ndis.sys

[-] 2009-04-08 06:17 213120 F822B76094D2F27EE01A4399A64EF934 c:\windows\system32\dllcache\ndis.sys

[-] 2009-04-08 06:17 213120 F822B76094D2F27EE01A4399A64EF934 c:\windows\system32\drivers\ndis.sys

 

[-] 2004-08-04 06:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys

[-] 2004-08-04 06:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ip6fw.sys

[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys

 

[-] 2005-03-02 18:07 2058880 73FA9C95D235844A36968C7852C7DBDD c:\windows\$hf_mig$\KB890859\SP2GDR\ntkrnlpa.exe

[-] 2005-03-02 18:13 2059008 5311776074B6C13F983DC75BAEAC9C0C c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

[-] 2006-12-19 18:45 2061440 8B039EFBE4C9AA23F152FFA0E238B8FA c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe

[-] 2007-02-28 16:08 2061440 7A56A64EB50399613587E90292DD2AAB c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe

[-] 2008-08-14 13:39 2065024 DCBC1A6D150B5EE1BD6257186157B0F3 c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe

[-] 2008-08-14 13:23 2068096 8DA71F1900721E1E4FCB5B02D55FB771 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe

[-] 2008-08-14 17:26 2068096 755B50949D0DBC0F0136B0DB58765331 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe

[-] 2008-08-14 13:44 2059776 F9720D61DF1E3E47614C4FC891F3FE44 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe

[-] 2004-08-19 23:04 2058880 F252FAE094C54572ECE38A039F2103C4 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe

[-] 2002-08-30 12:00 1951488 4560381FA3425B16F5DF1A0DE4814DE7 c:\windows\$NtUninstallKB890859_0$\ntkrnlpa.exe

[-] 2005-03-02 18:07 2058880 73FA9C95D235844A36968C7852C7DBDD c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe

[-] 2006-12-19 18:22 2059648 06015D137B02542F07D5CD7B144DF942 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe

[-] 2008-04-14 02:07 2067968 B71A8F101CEFAF82FC5EC16130A54A3F c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe

[-] 2007-02-28 16:02 2059648 A1D5231403329478AE4FE2778C55C77F c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe

[-] 2008-08-14 13:23 2068096 8DA71F1900721E1E4FCB5B02D55FB771 c:\windows\Driver Cache\i386\ntkrnlpa.exe

[-] 2008-04-14 02:07 2067968 B71A8F101CEFAF82FC5EC16130A54A3F c:\windows\ServicePackFiles\i386\ntkrnlpa.exe

[-] 2004-08-19 23:04 2058880 F252FAE094C54572ECE38A039F2103C4 c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ntkrnlpa.exe

[-] 2008-08-14 13:23 2068096 8DA71F1900721E1E4FCB5B02D55FB771 c:\windows\system32\ntkrnlpa.exe

[-] 2008-08-14 13:23 2068096 8DA71F1900721E1E4FCB5B02D55FB771 c:\windows\system32\dllcache\ntkrnlpa.exe

 

[-] 2005-03-02 18:08 2181376 63729DD0F2AAE36CC52B89C05505146C c:\windows\$hf_mig$\KB890859\SP2GDR\ntoskrnl.exe

[-] 2005-03-02 18:13 2181632 3E2A0A4A0C0B19FC113618A9562A3B2A c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

[-] 2006-12-19 18:45 2184064 1F3FA2065E6E043A1D82A487B5DA309C c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe

[-] 2007-02-28 16:08 2184192 8E244108562E0E452EB68DFF64CB08A9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe

[-] 2008-08-14 13:39 2188032 C6649255E51F145B6E15C505AB68E459 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe

[-] 2008-08-14 13:23 2191232 C8D4D5974F9671DA0A37175650912960 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe

[-] 2008-08-14 17:26 2191232 D79210549BBF09B7638E860440504299 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe

[-] 2008-08-14 13:44 2182400 449566D74B5C261A3A54AA216F0C532B c:\windows\$NtServicePackUninstall$\ntoskrnl.exe

[-] 2004-08-19 23:04 2183040 7D38CE4398E6AA6339B4644FEADCC0D8 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe

[-] 2002-08-30 12:00 2045824 F58B3CE36566D6061A496DC595A8AAA3 c:\windows\$NtUninstallKB890859_0$\ntoskrnl.exe

[-] 2005-03-02 18:08 2181376 63729DD0F2AAE36CC52B89C05505146C c:\windows\$NtUninstallKB929338$\ntoskrnl.exe

[-] 2006-12-19 18:22 2182400 D27929DB7B7F92F9D0F8EC9BA01C601C c:\windows\$NtUninstallKB931784$\ntoskrnl.exe

[-] 2008-04-14 02:08 2191104 099D639DA1EF6968D4E41795BB507E6B c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

[-] 2007-02-28 16:02 2182400 7D6D19AAC51A4325F6039F083C22303C c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe

[-] 2008-08-14 13:23 2191232 C8D4D5974F9671DA0A37175650912960 c:\windows\Driver Cache\i386\ntoskrnl.exe

[-] 2008-04-14 02:08 2191104 099D639DA1EF6968D4E41795BB507E6B c:\windows\ServicePackFiles\i386\ntoskrnl.exe

[-] 2004-08-19 23:04 2183040 7D38CE4398E6AA6339B4644FEADCC0D8 c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ntoskrnl.exe

[-] 2008-08-14 13:23 2191232 C8D4D5974F9671DA0A37175650912960 c:\windows\system32\ntoskrnl.exe

[-] 2008-08-14 13:23 2191232 C8D4D5974F9671DA0A37175650912960 c:\windows\system32\dllcache\ntoskrnl.exe

 

[-] 2008-04-14 02:34 1056768 E4F0ACC3ACB11B2C6B5756D5468C74B0 c:\windows\explorer.exe

[-] 2007-06-13 13:10 1056256 F9D5AEC29315706E7050DB26813044DD c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[-] 2007-06-13 13:22 1056256 C23A1140035A3BB2CF7B643B838B9B46 c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2004-08-19 23:09 1055232 97F94389EE21AD29DA7D0DA544EEEB48 c:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2008-04-14 02:34 1056768 0D7790839C1321DEB268B8F921A1EF7F c:\windows\ServicePackFiles\i386\explorer.exe

[-] 2004-08-19 23:09 1055232 D55B24BB6AA4519A41E425DB3C7D9F62 c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\explorer.exe

 

[-] 2004-08-19 23:10 127488 D068B1FB2B65532B8776C195A39631FE c:\windows\$NtServicePackUninstall$\services.exe

[-] 2008-04-14 02:34 128000 EE7093B379E183673AA7AAD455EC70F0 c:\windows\ServicePackFiles\i386\services.exe

[-] 2004-08-19 23:10 127488 FF4F2C9B425B4837FB1FC216A7F6AD70 c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\services.exe

[-] 2008-04-14 02:34 109056 54CB50058851D95E56EC70D09F70857F c:\windows\system32\services.exe

 

[-] 2004-08-19 23:09 32256 13554EF0532A138B32728FFE109896BB c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-14 02:34 32256 433AB95A9DDBCF1652F41249DF54E793 c:\windows\ServicePackFiles\i386\lsass.exe

[-] 2004-08-19 23:09 32256 CFF9B712911EC3BCDF2E687E4268C3F6 c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\lsass.exe

[-] 2008-04-14 02:34 13312 91E6024D6D4DCDECDB36C43ECF9BBECB c:\windows\system32\lsass.exe

 

[-] 2004-08-19 23:09 34304 10895F5053252178AED17EC31E3636A7 c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 02:33 34304 BAECF79C8B9597E96F18294310EDC0A2 c:\windows\ServicePackFiles\i386\ctfmon.exe

[-] 2004-08-19 23:09 34304 1E7629F5FDA0D39DF9FE031A62025B6F c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ctfmon.exe

[-] 2008-04-14 02:33 34304 79E5BFF0CEEA58D818D3080BAE22F29C c:\windows\system32\ctfmon.exe

 

[-] 2005-06-11 00:17 76800 274A4D6A41C9D3A1ECEA334986F93AE0 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

[-] 2005-06-10 23:53 76800 403B06CB1D6FA686D9784090442F5742 c:\windows\$NtServicePackUninstall$\spoolsv.exe

[-] 2004-08-19 23:10 76800 D56641F457CFF469B0FBDD7679255DCC c:\windows\$NtUninstallKB896423$\spoolsv.exe

[-] 2008-04-14 02:34 76800 290C068F55876D7C473A5609236442C1 c:\windows\ServicePackFiles\i386\spoolsv.exe

[-] 2004-08-19 23:10 76800 B2D0D2BCB5A9127BBDF3DB7F670FCEF2 c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\spoolsv.exe

[-] 2008-04-14 02:34 76800 4142307107212D43B74208071E4C6071 c:\windows\system32\spoolsv.exe

 

[-] 2004-08-19 23:10 44032 D846D9B72BD1A269CE57A600C1258869 c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2008-04-14 02:34 45568 8C3319721A55194493D339FAF2FA2B6F c:\windows\ServicePackFiles\i386\userinit.exe

[-] 2004-08-19 23:10 44032 2C38365900FF7A1107143C08B3FB219D c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\userinit.exe

[-] 2008-04-14 02:34 45568 DE9B20501F7CC94B211E870E77609602 c:\windows\system32\userinit.exe

 

[-] 2004-08-19 23:09 297984 78F90C3E230AD122BCB116ABAD5FEFE9 c:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2008-04-14 02:33 297984 710BC85A8C22626EE094439E3EA0D38C c:\windows\ServicePackFiles\i386\termsrv.dll

[-] 2004-08-19 23:09 297984 78F90C3E230AD122BCB116ABAD5FEFE9 c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\termsrv.dll

[-] 2008-04-14 02:33 297984 710BC85A8C22626EE094439E3EA0D38C c:\windows\system32\termsrv.dll

 

[-] 2006-07-05 10:58 1050112 FB85EF2A6713E3A58A497E093626B93C c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll

[-] 2007-04-16 16:11 1051136 62E3F0E9ABFCBCEE62C51546F622C455 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll

[-] 2007-04-16 15:53 1049600 6F1FE2AE7B22EB9CED1BFF533C9455EA c:\windows\$NtServicePackUninstall$\kernel32.dll

[-] 2004-08-19 23:09 1048576 C88F74591579DBDE273C61312B2D3886 c:\windows\$NtUninstallKB917422$\kernel32.dll

[-] 2006-07-05 10:56 1049088 CE4AF1FA47A29ADF97CB107775CE395C c:\windows\$NtUninstallKB935839$\kernel32.dll

[-] 2008-04-14 02:33 1054720 3AC8886DFA5AB641417DF4D3B7F5512E c:\windows\ServicePackFiles\i386\kernel32.dll

[-] 2004-08-19 23:09 1048576 C88F74591579DBDE273C61312B2D3886 c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\kernel32.dll

[-] 2008-04-14 02:33 1054720 3AC8886DFA5AB641417DF4D3B7F5512E c:\windows\system32\kernel32.dll

 

[-] 2004-08-19 23:09 17408 29D5E58FB089C41898A81BD4C8970F22 c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 02:33 17408 9F2C862E39BF8E8FC51C3F6A6BCEB415 c:\windows\ServicePackFiles\i386\powrprof.dll

[-] 2004-08-19 23:09 17408 29D5E58FB089C41898A81BD4C8970F22 c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\powrprof.dll

[-] 2008-04-14 02:33 17408 9F2C862E39BF8E8FC51C3F6A6BCEB415 c:\windows\system32\powrprof.dll

 

[-] 2004-08-19 23:09 110080 E55DAFA1A354BD5CB69151563DC9748A c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2008-04-14 02:33 110080 0469B73DB32E5520F342C5E163AA3CCA c:\windows\ServicePackFiles\i386\imm32.dll

[-] 2004-08-19 23:09 110080 E55DAFA1A354BD5CB69151563DC9748A c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\imm32.dll

[-] 2008-04-14 02:33 110080 0469B73DB32E5520F342C5E163AA3CCA c:\windows\system32\imm32.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-04-14_20.44.29 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-04-14 22:16 . 2005-10-20 18:02 163328 c:\windows\ERDNT\subs\ERDNT.EXE

- 2009-04-14 20:40 . 2005-10-20 18:02 163328 c:\windows\ERDNT\subs\ERDNT.EXE

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 34304]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1714176]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

"DetectTray"="c:\program files\Genius\TVGo DVB-T02PRO\DetectTray.exe" [2007-09-21 151552]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 208896]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 434176]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"DataLayer"="c:\program files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 1125888]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-10-12 315392]

"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 172544]

"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-02 49152]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 34304]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Belkin Wireless G USB Adapter Client Utility.lnk - c:\program files\Belkin\F5D7050v5\Belkinwcui.exe [2009-4-3 1585152]

Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 48640]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 86068]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="c:\windows\explorer.exe,"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\ThunMail\testabd.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.PIM1"= pclepim1.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0stera

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Icône AOL.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Icône AOL.lnk

backup=c:\windows\pss\Icône AOL.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Kodak software updater.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Kodak software updater.lnk

backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk

backup=c:\windows\pss\Logiciel Kodak EasyShare.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Symantec Fax Starter Edition Port.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Symantec Fax Starter Edition Port.lnk

backup=c:\windows\pss\Symantec Fax Starter Edition Port.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WallADay.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\WallADay.lnk

backup=c:\windows\pss\WallADay.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Maxime^Menu Démarrer^Programmes^Démarrage^Pervasive.SQL Workgroup Engine.lnk]

path=c:\documents and settings\Maxime\Menu Démarrer\Programmes\Démarrage\Pervasive.SQL Workgroup Engine.lnk

backup=c:\windows\pss\Pervasive.SQL Workgroup Engine.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\load]

???? [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\run]

???? [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2005-06-23 19:33 57344 ----a-w c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN]

2003-03-11 16:06 126976 ----a-w c:\program files\Panda Software\Panda Antivirus Titanium\Apvxdwin.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2008-09-19 08:27 29744 ----a-w c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ItsTV]

2007-04-26 14:19 2928640 ----a-w c:\program files\ItsLabel\ItsTV.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]

2002-07-18 16:36 28672 ----a-w c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\moneyagent]

2002-07-17 10:00 225343 ----a-w c:\program files\Microsoft Money\System\mnyexpr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]

2008-08-11 08:33 69632 ----a-w c:\program files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

2005-03-22 07:39 167936 ----a-w c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]

2005-04-20 07:57 847872 ----a-w c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]

2003-12-04 11:34 406016 ----a-w c:\windows\system32\PSDrvCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2006-10-13 16:20 20058152 ----a-w c:\program files\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2006-09-14 05:57 155896 ----a-w c:\program files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbellexe]

2008-08-11 08:33 185896 ----a-w c:\program files\Fichiers communs\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2008-12-09 10:12 234856 ----a-w c:\program files\TomTom HOME 2\HOMERunner.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2002-11-18 23:00 65536 ----a-w c:\windows\SOUNDMAN.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"HidServ"=2 (0x2)

"gusvc"=3 (0x3)

"GoogleDesktopManager-061008-081103"=3 (0x3)

"PAVSRV"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=

"c:\\PVSW\\BIN\\w3dbsmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Documents and Settings\\Maxime\\Application Data\\Vijeo-Runtime\\192.42.172.67\\public\\bin\\Koohi.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

--- Autres Services/Pilotes en mémoire ---

 

*Deregistered* - AegisP

*Deregistered* - AFD

*Deregistered* - ALG

*Deregistered* - audstub

*Deregistered* - Beep

*Deregistered* - Browser

*Deregistered* - Cdfs

*Deregistered* - Compbatt

*Deregistered* - Dnscache

*Deregistered* - EAPPkt

*Deregistered* - ERSvc

*Deregistered* - EventSystem

*Deregistered* - Fastfat

*Deregistered* - FastUserSwitchingCompatibility

*Deregistered* - Fips

*Deregistered* - FltMgr

*Deregistered* - Ftdisk

*Deregistered* - Gpc

*Deregistered* - helpsvc

*Deregistered* - HTTP

*Deregistered* - ip6fw

*Deregistered* - IpNat

*Deregistered* - IPSec

*Deregistered* - irda

*Deregistered* - Irmon

*Deregistered* - KSecDD

*Deregistered* - lanmanserver

*Deregistered* - lanmanworkstation

*Deregistered* - LexBceS

*Deregistered* - LmHosts

*Deregistered* - mnmdd

*Deregistered* - MountMgr

*Deregistered* - MRxDAV

*Deregistered* - MRxSmb

*Deregistered* - Msfs

*Deregistered* - mssmbios

*Deregistered* - Mup

*Deregistered* - NDIS

*Deregistered* - NdisTapi

*Deregistered* - Ndisuio

*Deregistered* - NdisWan

*Deregistered* - NDProxy

*Deregistered* - NetBIOS

*Deregistered* - NetBT

*Deregistered* - Netman

*Deregistered* - Nla

*Deregistered* - Npfs

*Deregistered* - Ntfs

*Deregistered* - Null

*Deregistered* - PartMgr

*Deregistered* - ParVdm

*Deregistered* - PAVDRV

*Deregistered* - PolicyAgent

*Deregistered* - PptpMiniport

*Deregistered* - ProtectedStorage

*Deregistered* - PSched

*Deregistered* - RasAcd

*Deregistered* - Rasirda

*Deregistered* - Rasl2tp

*Deregistered* - RasMan

*Deregistered* - RasPppoe

*Deregistered* - Raspti

*Deregistered* - Rdbss

*Deregistered* - RDPCDD

*Deregistered* - RpcSs

*Deregistered* - SamSs

*Deregistered* - Schedule

*Deregistered* - ScsiAccess

*Deregistered* - seclogon

*Deregistered* - SENS

*Deregistered* - SharedAccess

*Deregistered* - ShellHWDetection

*Deregistered* - SLService

*Deregistered* - SlWdmSup

*Deregistered* - Spooler

*Deregistered* - sr

*Deregistered* - srservice

*Deregistered* - Srv

*Deregistered* - SSDPSRV

*Deregistered* - stisvc

*Deregistered* - swenum

*Deregistered* - TapiSrv

*Deregistered* - Tcpip

*Deregistered* - Tcpip6

*Deregistered* - TermDD

*Deregistered* - TermService

*Deregistered* - Themes

*Deregistered* - TrkWks

*Deregistered* - tunmp

*Deregistered* - UMWdf

*Deregistered* - Update

*Deregistered* - VgaSave

*Deregistered* - viaagp

*Deregistered* - VolSnap

*Deregistered* - W32Time

*Deregistered* - Wanarp

*Deregistered* - wanatw

*Deregistered* - WANMiniportService

*Deregistered* - WebClient

*Deregistered* - winmgmt

*Deregistered* - wscsvc

*Deregistered* - WZCSVC

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15b32896-8c3c-11dc-8a1e-00038a000015}]

\Shell\AutoRun\command - F:\InstallTomTomHOME.exe

.

Contenu du dossier 'Tâches planifiées'

 

2009-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 10:34]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = wmplayer.exe

uInternet Settings,ProxyServer = 192.42.172.254:80

uInternet Settings,ProxyOverride = *.local

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath -

 

---- PARAMETRES FIREFOX ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");

.

 

**************************************************************************

 

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-15 00:20

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITS]

"ImagePath"="Cf\WINDOWS\TEMP\VRT2.tmp"

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\0*2*ú%åw]

"DisplayName"=""

"DeviceDesc"=""

"ProviderName"="00"

"MFG"="???????????"

"ReinstallString"="???\16?\13\09"

"DeviceInstanceIds"=multi:"r\\2kxp_inf\\cx_06366.inf\00"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'explorer.exe'(7060)

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\eappprxy.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\lexbces.exE

c:\windows\system32\ScsiAccess.EXE

c:\windows\system32\slserv.exe

c:\windows\system32\wdfmgr.exe

c:\windows\wanmpsvc.exe

c:\test\CDPLAYER.EXE

c:\docume~1\NETWOR~1\LOCALS~1\temp\ncy79x08.exe

c:\docume~1\NETWOR~1\LOCALS~1\temp\1630038128.exe

c:\docume~1\NETWOR~1\LOCALS~1\temp\ncy79x08.exe

c:\test\CDPLAYER.EXE

c:\program files\Java\jre1.6.0_07\bin\jucheck.exe

.

**************************************************************************

.

Heure de fin: ~,10time:~,-3machine was rebootedCombobatch-by

ComboFix-quarantined-files.txt 2009-04-14 22:39

ComboFix2.txt 2009-04-14 20:56

ComboFix3.txt 2009-04-11 10:33

ComboFix4.txt 2009-04-01 18:03

ComboFix5.txt 2009-04-14 21:59

 

Avant-CF: 16,542,429,184 octets libres

Après-CF: 16,537,407,488 octets libres

 

619 --- E O F --- 2009-03-16 07:30

[maxou39]

Je vais aller rejoindre le royaume des songes.

Merci encore pour ton aide.

J'espère que nous pourrons continuer demain.

Bonne ZZzzzzzz !

[Gof]

Bonjour maxou39

 

Je ne serais pas là de la journée, et ne serais disponible qu'en soirée. D'ici là, voici les instructions à réaliser afin que je trouve les rapports en rentrant.

 

Télécharge WinFileReplace de Loup Blanc sur ton Bureau et exécute le.

• L'outil va travailler et vérifier que la version de l'OS, la langue d'installation, et le service pack installé sont bien pris en charge
  
• Le Bloc-notes va s'ouvrir.
  
• Copie-colle ce qui suit dans le Bloc-notes :
  

• c:\windows\system32\userinit.exe
  

• A la fermeture du Bloc-notes l'outil télécharge le service pack correspondant puis extrait les fichiers sélectionnés de celui-ci. 7
  
• Puis il devrait demander un redémarrage du PC en annonçant si le remplacement a pu être effectué.
  
• Il faudra me poster le rapport à l'issue
  

 

Relance une analyse ComboFix ensuite, juste en double-cliquant sur l'icône de l'outil. Poste le rapport après.

 

Et comme je ne serais pas là avant ce soir, d'ici là, génère une analyse MBAM comme ceci :

 

Télécharge Malwarebytes' Anti-Malware (MBAM)

 

• Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  
• Dans l'onglet "mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  
• Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  
• Branche tes supports amovibles (clés USB, lecteurs MP3, cartes Flash, etc.) sans les ouvrir.
  
• Sélectionne "Exécuter un examen complet"
  
• Clique sur "Rechercher"
  
• L'analyse démarre.
  
• A la fin de l'analyse, un message s'affiche :

  L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  
• Ferme tes navigateurs.
  
• Si des malwares ont été détectés, clique sur Afficher les résultats.
  Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  
• MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.
  

 

A ce soir avec les trois rapports.

[maxou39]

Bonjour Gof,

 

J'ai eu un souci avec WinFileReplace, j'ai suivi à la lettre ce que tu m'as indiqué, toutefois après avoir inscrit le fichier c:\windows\system32\userinit.exe dans le notepad un message d'erreur est apparu dans la fenêtre de WinFileReplace :

userinit.exe introuvable dans ce service pack (Il s'agit du service pack 3 de XP).

Puis après avoir validé le remplacement le message suivant : Aucun fichier n'a été

trouvé à l'emplacement prévu.

 

J'ai tout de même lancé combofix et Malwarebytes et voici les rapports générés :

 

ComboFix 09-04-14.09 - Maxime 2009-04-15 9:50.7 - NTFSx86

Lancé depuis: c:\down\ComboFix.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\userinit.exe . . . est infecté!!

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_restore

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-03-15 au 2009-04-15 ))))))))))))))))))))))))))))))))))))

.

 

2009-04-15 07:40 . 2006-03-02 22:42 73728 ----a-w C:\pv.exe

2009-04-15 07:29 . 2009-04-15 07:37 -------- d-----w C:\FR-files

2009-04-15 07:16 . 2009-04-15 07:37 -------- d-----w C:\WinFileReplace

2009-04-14 22:24 . 2009-04-14 22:25 -------- d-----w c:\documents and settings\NetworkService\Phone Browser

2009-04-14 22:24 . 2009-04-14 22:24 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer

2009-04-14 22:22 . 2009-04-14 22:24 -------- d-----r c:\documents and settings\NetworkService\Mes documents

2009-04-14 22:22 . 2009-04-14 22:24 -------- d-----r c:\documents and settings\NetworkService\Favoris

2009-04-14 22:22 . 2009-04-14 22:22 -------- d-----w c:\documents and settings\NetworkService\Menu Démarrer

2009-04-14 22:22 . 2009-04-14 22:22 -------- d-----w c:\documents and settings\NetworkService\Bureau

2009-04-14 19:27 . 2009-04-14 19:27 325 ----a-w c:\windows\KillProcess.INI

2009-04-14 16:47 . 2009-04-14 16:47 -------- d-----w C:\rsit

2009-04-14 16:46 . 2009-04-15 07:16 -------- d-----w C:\Down

2009-04-08 06:17 . 2009-04-08 06:17 213120 -c--a-w c:\windows\system32\dllcache\ndis.sys

2009-04-03 16:42 . 2008-04-14 02:33 54784 -c--a-w c:\windows\system32\dllcache\vfwwdm32.dll

2009-04-03 16:42 . 2008-04-14 02:33 54784 ----a-w c:\windows\system32\vfwwdm32.dll

2009-04-03 16:42 . 2003-03-19 10:44 45056 ----a-w c:\windows\system32\MFC71CHT.DLL

2009-04-03 16:41 . 2006-12-12 15:56 104 ----a-w c:\windows\system32\drivers\EC168Hid.dat

2009-04-03 16:41 . 2006-07-31 09:56 4096 ----a-w c:\windows\system32\HUCoInstaller.dll

2009-04-03 16:41 . 2007-05-18 11:18 67968 ----a-w c:\windows\system32\drivers\EC168BDA.sys

2009-04-03 16:41 . 2007-02-26 09:40 7107 ----a-w c:\windows\system32\drivers\EC168BDA.bin

2009-04-03 16:41 . 2009-04-03 16:41 -------- d-----w c:\program files\Genius

2009-04-03 09:18 . 2007-06-01 05:13 238848 ------r c:\windows\system32\drivers\BLKWGU.sys

2009-04-03 09:18 . 2009-04-03 09:18 21035 ----a-w c:\windows\system32\drivers\AegisP.sys

2009-04-03 09:17 . 2006-12-18 08:07 14523 ------w c:\windows\system32\drivers\string.ini

2009-04-03 09:17 . 2006-11-15 14:23 38144 ----a-w c:\windows\system32\drivers\EAPPkt.sys

2009-04-03 09:17 . 2009-04-03 09:17 -------- d-----w c:\program files\Belkin

2009-04-03 09:16 . 2009-04-03 09:16 -------- d-----w c:\documents and settings\Maxime\Application Data\InstallShield

2009-03-26 17:51 . 2009-03-26 17:54 -------- d-----w C:\32788R22FWJFW.0.tmp

2009-03-26 16:45 . 2009-03-26 16:45 -------- d-----w c:\program files\Trend Micro

2009-03-26 16:34 . 2009-03-26 16:33 311808 ----a-w c:\windows\sms.ex_

2009-03-26 16:33 . 2009-03-26 16:33 311808 ----a-w c:\windows\spool.ex_

2009-03-26 15:59 . 2009-03-26 15:59 -------- d-----w c:\documents and settings\Maxime\Application Data\Talkback

2009-03-23 13:54 . 2009-03-23 13:53 41472 --sh--r c:\windows\system32\advpack.dlln.exe

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-15 07:37 . 2009-04-15 07:29 415 ----a-w C:\rapport-WFR.txt

2009-04-12 07:25 . 2009-04-03 16:50 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

2009-04-09 15:20 . 2005-01-15 17:12 -------- d-----w c:\program files\Budget Familial

2009-04-08 06:17 . 2003-01-26 12:57 213120 ----a-w c:\windows\system32\drivers\ndis.sys

2009-04-07 16:29 . 2005-01-28 17:20 -------- d-----w c:\program files\Budget Rotary

2009-04-03 16:41 . 2003-01-26 13:36 -------- d--h--w c:\program files\InstallShield Installation Information

2009-04-01 16:27 . 2006-11-04 14:34 -------- d-----w c:\documents and settings\Maxime\Application Data\Skype

2009-04-01 06:27 . 2008-07-18 12:35 -------- d-----w c:\program files\ItsLabel

2009-03-29 13:02 . 2003-01-26 12:57 49054 ----a-w c:\windows\system32\perfc00C.dat

2009-03-29 13:02 . 2003-01-26 12:57 368314 ----a-w c:\windows\system32\perfh00C.dat

2009-03-26 10:35 . 2008-06-28 13:03 -------- d-----w c:\program files\TomTom HOME 2

2009-03-05 10:16 . 2007-04-02 11:56 -------- d-----w c:\documents and settings\All Users\Application Data\EBP

2009-03-05 10:16 . 2005-02-22 07:33 -------- d-----w c:\documents and settings\Maxime\Application Data\EBP

2009-03-05 10:15 . 2009-03-05 10:13 -------- d--h--w c:\documents and settings\All Users\Application Data\{C95A54B6-9527-4037-8135-C31A156AA451}

2009-03-05 10:13 . 2003-05-13 17:16 -------- d-----w c:\program files\EBP

2009-02-14 15:26 . 2009-02-14 15:26 -------- d-----w c:\program files\Axis Communications

2009-02-09 14:05 . 2003-01-26 12:57 1846912 ----a-w c:\windows\system32\win32k.sys

2009-02-05 15:40 . 2009-03-05 10:15 3715072 ----a-w c:\windows\system32\cdintf300.dll

2008-09-30 17:09 . 2005-11-02 09:05 113128 ----a-w c:\documents and settings\Maxime\Application Data\GDIPFONTCACHEV1.DAT

2008-07-18 17:07 . 2003-05-09 16:34 116520 ----a-w c:\documents and settings\Maxime\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2006-02-17 18:35 . 2005-08-29 11:56 112632 ----a-w c:\documents and settings\Myriam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2006-01-16 19:55 . 2006-01-16 19:55 112632 ----a-w c:\documents and settings\Viviane\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2006-01-06 19:02 . 2006-01-06 18:52 278528 ----a-w c:\program files\Fichiers communs\FDEUnInstaller.exe

2003-09-25 23:24 . 2003-09-25 23:24 1187840 ----a-w c:\program files\Fichiers communs\vfp8rfra.dll

2003-09-25 20:36 . 2003-09-25 20:36 4300800 ----a-w c:\program files\Fichiers communs\vfp8r.dll

2003-09-25 19:47 . 2003-09-25 19:47 1150976 ----a-w c:\program files\Fichiers communs\VFP8RENU.DLL

2001-09-06 06:00 . 2001-09-06 06:00 1700352 ----a-w c:\program files\Fichiers communs\gdiplus.dll

1999-04-06 12:27 . 1999-04-06 12:27 99840 ----a-w c:\program files\Fichiers communs\IRAABOUT.DLL

1998-12-09 02:53 . 1998-12-09 02:53 70144 ----a-w c:\program files\Fichiers communs\IRAMDMTR.DLL

1998-12-09 02:53 . 1998-12-09 02:53 48640 ----a-w c:\program files\Fichiers communs\IRALPTTR.DLL

1998-12-09 02:53 . 1998-12-09 02:53 31744 ----a-w c:\program files\Fichiers communs\IRAWEBTR.DLL

1998-12-09 02:53 . 1998-12-09 02:53 186368 ----a-w c:\program files\Fichiers communs\IRAREG.DLL

1998-12-09 02:53 . 1998-12-09 02:53 17920 ----a-w c:\program files\Fichiers communs\IRASRIAL.DLL

2008-09-19 08:2008-09-19 08:27 27:20 . c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

2009-03-30 22:2008-08-11 08:31 04:36 . c:\program files\mozilla firefox\components\jar50.dll

2009-03-30 22:2008-08-11 08:31 04:37 . c:\program files\mozilla firefox\components\jsd3250.dll

2009-03-30 22:2008-08-11 08:31 04:40 . c:\program files\mozilla firefox\components\xpinstal.dll

.

 

------- Sigcheck -------

 

[-] 2004-08-19 23:10 33280 45FE14DDCE8397A69C7E5E20466846B3 c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 02:34 33280 01CB47180C9F341C0B82D615B946168E c:\windows\ServicePackFiles\i386\svchost.exe

[-] 2004-08-19 23:10 33280 0372B7ED085F9AB2A9B295732FB8955D c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\svchost.exe

[-] 2008-04-14 02:34 33280 285877C1C01408319DCF1A8CB0E9D88D c:\windows\system32\svchost.exe

 

[-] 2005-03-02 18:10 578048 0DF75FB73F705B011630159A43D7C354 c:\windows\$hf_mig$\KB890859\SP2GDR\user32.dll

[-] 2005-03-02 18:20 578048 C34920EB988CE98910BD6B0417F334EB c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[-] 2007-03-08 15:50 579072 4D88AAF39ADABFE45958EA1384E2C4FF c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll

[-] 2007-03-08 15:37 578560 753354F594809A9B96F73999B435A533 c:\windows\$NtServicePackUninstall$\user32.dll

[-] 2004-08-19 23:09 578048 61C8C283AD063BB697AE61A155C64A5A c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2002-11-22 11:29 529920 1467D0F30F0D88DD5DAF3B4C2EAC6034 c:\windows\$NtUninstallKB890859_0$\user32.dll

[-] 2005-03-02 18:10 578048 0DF75FB73F705B011630159A43D7C354 c:\windows\$NtUninstallKB925902$\user32.dll

[-] 2002-08-30 12:00 561152 0ABF2F5280940D32D1D52BD3500B0C37 c:\windows\$NtUninstallQ328310$\user32.dll

[-] 2008-04-14 02:33 579584 E853F84D3CE2FAA2A802E33CF89AC023 c:\windows\ServicePackFiles\i386\user32.dll

[-] 2004-08-19 23:09 578048 61C8C283AD063BB697AE61A155C64A5A c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\user32.dll

[-] 2008-04-14 02:33 579584 E853F84D3CE2FAA2A802E33CF89AC023 c:\windows\system32\user32.dll

 

[-] 2004-08-19 23:09 82944 EED74B969B2CA1ACC558FF60FB420E28 c:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 02:33 82432 FB836F9E62D82904C983AD21296A5D9C c:\windows\ServicePackFiles\i386\ws2_32.dll

[-] 2004-08-19 23:09 82944 EED74B969B2CA1ACC558FF60FB420E28 c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ws2_32.dll

[-] 2008-04-14 02:33 82432 FB836F9E62D82904C983AD21296A5D9C c:\windows\system32\ws2_32.dll

 

[-] 2005-05-02 20:58 663040 0996B57CC2ABCB271872296E98A18DB2 c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll

[-] 2005-09-03 00:08 664576 031CA1310E4CB23E5A4F747D763D0B49 c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll

[-] 2005-07-03 02:10 663552 39846B1AC2B99349272EE6E075C3B8AF c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll

[-] 2005-10-21 03:39 665600 D327378CEEF9A141C7352691FC30A0DA c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll

[-] 2006-03-04 04:00 667648 241DBC4C2714B2F39AFDED49459ED420 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll

[-] 2006-05-10 05:26 667648 44FCC339191ADB8892520DFA473C455F c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll

[-] 2006-06-23 11:25 668672 582953780721AC5D38F98CAB229EC7B9 c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll

[-] 2006-09-14 08:38 668672 B8B6F05885A6F42724E8D6BFEDE6BD3F c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll

[-] 2006-10-23 15:34 668672 EFA0C2870CBA1747809A13E09F35BF82 c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll

[-] 2007-03-23 09:29 823296 375B58A68A016546535A84060092325C c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll

[-] 2007-04-25 08:26 823808 47DDAD237F60729DEA2B9E0E2382B58F c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll

[-] 2007-06-27 14:14 824320 7201D19B81883B57D5FFE8EBB5A83E8B c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll

[-] 2007-08-20 09:49 825344 2DD1B0F579C80562EDCB8848FF7EA9F6 c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll

[-] 2007-10-10 23:22 825344 871AE10D6AE8877E9636AE5017953D52 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll

[-] 2007-12-07 01:42 825344 F4FD487241D3AC291046A22CEBD2CF71 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll

[-] 2008-03-01 12:34 827392 5A0093F59B505C008ED0CEE615563C72 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll

[-] 2008-04-23 07:19 827392 78D3D2B0BE6AD3E6D82CCB115CF74310 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll

[-] 2008-06-23 15:40 827904 52589BAE67DD9859724287372668690B c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll

[-] 2008-08-26 09:10 827904 4B0E70D44297877A313045BD059770E1 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll

[-] 2008-10-16 19:33 827904 37D1A1BFE3D9904F2C3D11592456F9C0 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll

[-] 2008-12-20 23:47 827904 4E192082A5FCE9EF19198A24CDEA3442 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll

[-] 2004-08-19 23:09 660480 4E958B97EFC3D801F49283D1820F48B7 c:\windows\$NtServicePackUninstall$\wininet.dll

[-] 2004-08-19 23:09 660480 4E958B97EFC3D801F49283D1820F48B7 c:\windows\$NtUninstallKB883939$\wininet.dll

[-] 2002-08-30 12:00 603136 CBC50D46257C4A75644230507B488050 c:\windows\$NtUninstallKB883939-IE6SP1-20050428.125228$\wininet.dll

[-] 2005-07-03 02:16 662528 E994E704303F07F331B03EE9ED6D9E2D c:\windows\$NtUninstallKB896688$\wininet.dll

[-] 2005-05-02 20:57 662016 FFE3E6FB8D52955A2DE4C6CC765B02BC c:\windows\$NtUninstallKB896727$\wininet.dll

[-] 2005-09-03 00:06 662528 A2DD7EC3AC1EAD13F65E2898FCABBD1A c:\windows\$NtUninstallKB905915$\wininet.dll

[-] 2005-10-21 03:41 662528 E41E8FDF62CF20F2E2B16D800D96EB51 c:\windows\$NtUninstallKB912812$\wininet.dll

[-] 2006-03-04 03:35 662528 19E1A21F21BC938A92EE8BE630994493 c:\windows\$NtUninstallKB916281$\wininet.dll

[-] 2006-05-10 05:24 662528 343FABBF09312842816E92947AACF73A c:\windows\$NtUninstallKB918899$\wininet.dll

[-] 2006-06-23 11:11 663040 4F343F414F05E81CF61B1001634FC6B7 c:\windows\$NtUninstallKB922760$\wininet.dll

[-] 2006-10-23 15:18 663040 6091FEE2B68974683D52119A98BE3564 c:\windows\$NtUninstallKB925454$\wininet.dll

[-] 2006-09-14 08:40 663040 B1E994472F3574DB141266F1AA905433 c:\windows\$NtUninstallKB925454_0$\wininet.dll

[-] 2006-10-23 15:34 668672 EFA0C2870CBA1747809A13E09F35BF82 c:\windows\ie7\wininet.dll

[-] 2006-11-07 20:03 818688 92995334F993E6E49C25C6D02EC04401 c:\windows\ie7updates\KB928090-IE7\wininet.dll

[-] 2007-01-12 08:27 822784 BE43D00D802C92F01C8CC952C6F483F8 c:\windows\ie7updates\KB931768-IE7\wininet.dll

[-] 2007-02-27 13:26 822784 75DE73E328E300CAED5965FAEA2F5D3F c:\windows\ie7updates\KB933566-IE7\wininet.dll

[-] 2007-04-25 07:40 822784 2C138AB59E2FFA06E8952AE656E443C5 c:\windows\ie7updates\KB937143-IE7\wininet.dll

[-] 2007-06-27 13:24 823808 2274862267D7445E7010D9AF826E89C3 c:\windows\ie7updates\KB939653-IE7\wininet.dll

[-] 2007-08-20 09:59 824832 F6DFCEED3A7AA4C9EEB966D3F1ADC70A c:\windows\ie7updates\KB942615-IE7\wininet.dll

[-] 2007-10-10 23:49 824832 BC5119C53BDD48DABC628D448A3BDCCB c:\windows\ie7updates\KB944533-IE7\wininet.dll

[-] 2007-12-07 02:08 824832 4FC90BECE54FAC81B0090B94E27BFB6B c:\windows\ie7updates\KB947864-IE7\wininet.dll

[-] 2008-03-01 12:58 826368 8E027981DDFFA690D456FE18B37415A0 c:\windows\ie7updates\KB950759-IE7\wininet.dll

[-] 2008-04-23 04:16 826368 02D6AABD5F5A32C61478B5CDFE50E4A8 c:\windows\ie7updates\KB953838-IE7\wininet.dll

[-] 2008-06-23 16:28 826368 AC0BD61DC2C64906FBFE50E005FEFA2C c:\windows\ie7updates\KB956390-IE7\wininet.dll

[-] 2008-08-26 08:11 826368 E30CACD98479B36A3DBFA3267BF62DD0 c:\windows\ie7updates\KB958215-IE7\wininet.dll

[-] 2008-10-16 20:18 826368 CFBFA47415E85018E2CDC509E5E3D011 c:\windows\ie7updates\KB961260-IE7\wininet.dll

[-] 2008-04-14 02:33 670208 4A6E04EA20F48D750D9BFED8600D516B c:\windows\ServicePackFiles\i386\wininet.dll

[-] 2006-10-23 15:18 663040 6091FEE2B68974683D52119A98BE3564 c:\windows\SoftwareDistribution\Download\4d1fd3346d9c5199d8c02e0a0384053a\sp2gdr\wininet.dll

[-] 2006-10-23 15:34 668672 EFA0C2870CBA1747809A13E09F35BF82 c:\windows\SoftwareDistribution\Download\4d1fd3346d9c5199d8c02e0a0384053a\sp2qfe\wininet.dll

[-] 2004-08-19 23:09 660480 4E958B97EFC3D801F49283D1820F48B7 c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\wininet.dll

[-] 2005-02-18 15:36 596992 C962156514A22D35A08C041FE9BBBC2E c:\windows\SoftwareDistribution\Download\d503d96f06aaba242a764e78c3ce887b\rtmgdr\wininet.dll

[-] 2005-02-19 02:11 586240 6B2B381F63DF2F293D118D4EB3D1ACA6 c:\windows\SoftwareDistribution\Download\d503d96f06aaba242a764e78c3ce887b\RTMQFE\wininet.dll

[-] 2008-12-20 22:47 826368 0551C946E305CEE0A79BA744DC141BFC c:\windows\system32\wininet.dll

[-] 2008-12-20 22:47 826368 0551C946E305CEE0A79BA744DC141BFC c:\windows\system32\dllcache\wininet.dll

 

[-] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$hf_mig$\KB893066\SP2GDR\tcpip.sys

[-] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys

[-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys

[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys

[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys

[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys

[-] 2004-08-04 06:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys

[-] 2002-08-30 12:00 332928 244A2F9816BC9B593957281EF577D976 c:\windows\$NtUninstallKB893066_0$\tcpip.sys

[-] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys

[-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys

[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys

[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys

[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys

[-] 2008-04-13 19:20 361344 ACCF5A9A1FFAA490F33DBA1C632B95E1 c:\windows\ServicePackFiles\i386\tcpip.sys

[-] 2005-02-23 02:00 339968 466CBD4831E80729173654AB2B8C0FEE c:\windows\SoftwareDistribution\Download\6de99da1687e4b34b1646d9e901a58e4\sp1qfe\tcpip.sys

[-] 2005-03-14 00:55 359808 0E66B538096A6529D1AC66E78EB0D5C8 c:\windows\SoftwareDistribution\Download\6de99da1687e4b34b1646d9e901a58e4\sp2gdr\tcpip.sys

[-] 2005-03-14 01:17 359936 6129E70F3D2F1E60860C930EBEAF92C2 c:\windows\SoftwareDistribution\Download\6de99da1687e4b34b1646d9e901a58e4\sp2qfe\tcpip.sys

[-] 2004-08-04 06:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\tcpip.sys

[-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\drivers\tcpip.sys

 

[-] 2004-08-19 23:10 525312 D48A55E5D4B051AA2359474FB7E2547C c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 02:34 530944 40C6EF828158B501F1070BBE25EB79F9 c:\windows\ServicePackFiles\i386\winlogon.exe

[-] 2004-08-19 23:10 525312 3BED5F7FE8B53DA76FAD113D07CF2042 c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\winlogon.exe

[-] 2008-04-14 02:34 512000 DD73D6B9F6B4CB630CF35B438B540174 c:\windows\system32\winlogon.exe

 

[-] 2004-08-04 06:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys

[-] 2004-08-04 06:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ndis.sys

[-] 2009-04-08 06:17 213120 F822B76094D2F27EE01A4399A64EF934 c:\windows\system32\dllcache\ndis.sys

[-] 2009-04-08 06:17 213120 F822B76094D2F27EE01A4399A64EF934 c:\windows\system32\drivers\ndis.sys

 

[-] 2004-08-04 06:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys

[-] 2004-08-04 06:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ip6fw.sys

[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys

 

[-] 2005-03-02 18:07 2058880 73FA9C95D235844A36968C7852C7DBDD c:\windows\$hf_mig$\KB890859\SP2GDR\ntkrnlpa.exe

[-] 2005-03-02 18:13 2059008 5311776074B6C13F983DC75BAEAC9C0C c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

[-] 2006-12-19 18:45 2061440 8B039EFBE4C9AA23F152FFA0E238B8FA c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe

[-] 2007-02-28 16:08 2061440 7A56A64EB50399613587E90292DD2AAB c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe

[-] 2008-08-14 13:39 2065024 DCBC1A6D150B5EE1BD6257186157B0F3 c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe

[-] 2008-08-14 13:23 2068096 8DA71F1900721E1E4FCB5B02D55FB771 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe

[-] 2008-08-14 17:26 2068096 755B50949D0DBC0F0136B0DB58765331 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe

[-] 2008-08-14 13:44 2059776 F9720D61DF1E3E47614C4FC891F3FE44 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe

[-] 2004-08-19 23:04 2058880 F252FAE094C54572ECE38A039F2103C4 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe

[-] 2002-08-30 12:00 1951488 4560381FA3425B16F5DF1A0DE4814DE7 c:\windows\$NtUninstallKB890859_0$\ntkrnlpa.exe

[-] 2005-03-02 18:07 2058880 73FA9C95D235844A36968C7852C7DBDD c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe

[-] 2006-12-19 18:22 2059648 06015D137B02542F07D5CD7B144DF942 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe

[-] 2008-04-14 02:07 2067968 B71A8F101CEFAF82FC5EC16130A54A3F c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe

[-] 2007-02-28 16:02 2059648 A1D5231403329478AE4FE2778C55C77F c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe

[-] 2008-08-14 13:23 2068096 8DA71F1900721E1E4FCB5B02D55FB771 c:\windows\Driver Cache\i386\ntkrnlpa.exe

[-] 2008-04-14 02:07 2067968 B71A8F101CEFAF82FC5EC16130A54A3F c:\windows\ServicePackFiles\i386\ntkrnlpa.exe

[-] 2004-08-19 23:04 2058880 F252FAE094C54572ECE38A039F2103C4 c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ntkrnlpa.exe

[-] 2008-08-14 13:23 2068096 8DA71F1900721E1E4FCB5B02D55FB771 c:\windows\system32\ntkrnlpa.exe

[-] 2008-08-14 13:23 2068096 8DA71F1900721E1E4FCB5B02D55FB771 c:\windows\system32\dllcache\ntkrnlpa.exe

 

[-] 2005-03-02 18:08 2181376 63729DD0F2AAE36CC52B89C05505146C c:\windows\$hf_mig$\KB890859\SP2GDR\ntoskrnl.exe

[-] 2005-03-02 18:13 2181632 3E2A0A4A0C0B19FC113618A9562A3B2A c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

[-] 2006-12-19 18:45 2184064 1F3FA2065E6E043A1D82A487B5DA309C c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe

[-] 2007-02-28 16:08 2184192 8E244108562E0E452EB68DFF64CB08A9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe

[-] 2008-08-14 13:39 2188032 C6649255E51F145B6E15C505AB68E459 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe

[-] 2008-08-14 13:23 2191232 C8D4D5974F9671DA0A37175650912960 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe

[-] 2008-08-14 17:26 2191232 D79210549BBF09B7638E860440504299 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe

[-] 2008-08-14 13:44 2182400 449566D74B5C261A3A54AA216F0C532B c:\windows\$NtServicePackUninstall$\ntoskrnl.exe

[-] 2004-08-19 23:04 2183040 7D38CE4398E6AA6339B4644FEADCC0D8 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe

[-] 2002-08-30 12:00 2045824 F58B3CE36566D6061A496DC595A8AAA3 c:\windows\$NtUninstallKB890859_0$\ntoskrnl.exe

[-] 2005-03-02 18:08 2181376 63729DD0F2AAE36CC52B89C05505146C c:\windows\$NtUninstallKB929338$\ntoskrnl.exe

[-] 2006-12-19 18:22 2182400 D27929DB7B7F92F9D0F8EC9BA01C601C c:\windows\$NtUninstallKB931784$\ntoskrnl.exe

[-] 2008-04-14 02:08 2191104 099D639DA1EF6968D4E41795BB507E6B c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

[-] 2007-02-28 16:02 2182400 7D6D19AAC51A4325F6039F083C22303C c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe

[-] 2008-08-14 13:23 2191232 C8D4D5974F9671DA0A37175650912960 c:\windows\Driver Cache\i386\ntoskrnl.exe

[-] 2008-04-14 02:08 2191104 099D639DA1EF6968D4E41795BB507E6B c:\windows\ServicePackFiles\i386\ntoskrnl.exe

[-] 2004-08-19 23:04 2183040 7D38CE4398E6AA6339B4644FEADCC0D8 c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ntoskrnl.exe

[-] 2008-08-14 13:23 2191232 C8D4D5974F9671DA0A37175650912960 c:\windows\system32\ntoskrnl.exe

[-] 2008-08-14 13:23 2191232 C8D4D5974F9671DA0A37175650912960 c:\windows\system32\dllcache\ntoskrnl.exe

 

[-] 2008-04-14 02:34 1056768 E4F0ACC3ACB11B2C6B5756D5468C74B0 c:\windows\explorer.exe

[-] 2007-06-13 13:10 1056256 F9D5AEC29315706E7050DB26813044DD c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[-] 2007-06-13 13:22 1056256 C23A1140035A3BB2CF7B643B838B9B46 c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2004-08-19 23:09 1055232 97F94389EE21AD29DA7D0DA544EEEB48 c:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2008-04-14 02:34 1056768 0D7790839C1321DEB268B8F921A1EF7F c:\windows\ServicePackFiles\i386\explorer.exe

[-] 2004-08-19 23:09 1055232 D55B24BB6AA4519A41E425DB3C7D9F62 c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\explorer.exe

 

[-] 2004-08-19 23:10 127488 D068B1FB2B65532B8776C195A39631FE c:\windows\$NtServicePackUninstall$\services.exe

[-] 2008-04-14 02:34 128000 EE7093B379E183673AA7AAD455EC70F0 c:\windows\ServicePackFiles\i386\services.exe

[-] 2004-08-19 23:10 127488 FF4F2C9B425B4837FB1FC216A7F6AD70 c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\services.exe

[-] 2008-04-14 02:34 109056 54CB50058851D95E56EC70D09F70857F c:\windows\system32\services.exe

 

[-] 2004-08-19 23:09 32256 13554EF0532A138B32728FFE109896BB c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-14 02:34 32256 433AB95A9DDBCF1652F41249DF54E793 c:\windows\ServicePackFiles\i386\lsass.exe

[-] 2004-08-19 23:09 32256 CFF9B712911EC3BCDF2E687E4268C3F6 c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\lsass.exe

[-] 2008-04-14 02:34 13312 91E6024D6D4DCDECDB36C43ECF9BBECB c:\windows\system32\lsass.exe

 

[-] 2004-08-19 23:09 34304 10895F5053252178AED17EC31E3636A7 c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 02:33 34304 BAECF79C8B9597E96F18294310EDC0A2 c:\windows\ServicePackFiles\i386\ctfmon.exe

[-] 2004-08-19 23:09 34304 1E7629F5FDA0D39DF9FE031A62025B6F c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ctfmon.exe

[-] 2008-04-14 02:33 34304 79E5BFF0CEEA58D818D3080BAE22F29C c:\windows\system32\ctfmon.exe

 

[-] 2005-06-11 00:17 76800 274A4D6A41C9D3A1ECEA334986F93AE0 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

[-] 2005-06-10 23:53 76800 403B06CB1D6FA686D9784090442F5742 c:\windows\$NtServicePackUninstall$\spoolsv.exe

[-] 2004-08-19 23:10 76800 D56641F457CFF469B0FBDD7679255DCC c:\windows\$NtUninstallKB896423$\spoolsv.exe

[-] 2008-04-14 02:34 76800 290C068F55876D7C473A5609236442C1 c:\windows\ServicePackFiles\i386\spoolsv.exe

[-] 2004-08-19 23:10 76800 B2D0D2BCB5A9127BBDF3DB7F670FCEF2 c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\spoolsv.exe

[-] 2008-04-14 02:34 76800 4142307107212D43B74208071E4C6071 c:\windows\system32\spoolsv.exe

 

[-] 2004-08-19 23:10 44032 D846D9B72BD1A269CE57A600C1258869 c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2008-04-14 02:34 45568 8C3319721A55194493D339FAF2FA2B6F c:\windows\ServicePackFiles\i386\userinit.exe

[-] 2004-08-19 23:10 44032 2C38365900FF7A1107143C08B3FB219D c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\userinit.exe

[-] 2008-04-14 02:34 45568 DE9B20501F7CC94B211E870E77609602 c:\windows\system32\userinit.exe

 

[-] 2004-08-19 23:09 297984 78F90C3E230AD122BCB116ABAD5FEFE9 c:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2008-04-14 02:33 297984 710BC85A8C22626EE094439E3EA0D38C c:\windows\ServicePackFiles\i386\termsrv.dll

[-] 2004-08-19 23:09 297984 78F90C3E230AD122BCB116ABAD5FEFE9 c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\termsrv.dll

[-] 2008-04-14 02:33 297984 710BC85A8C22626EE094439E3EA0D38C c:\windows\system32\termsrv.dll

 

[-] 2006-07-05 10:58 1050112 FB85EF2A6713E3A58A497E093626B93C c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll

[-] 2007-04-16 16:11 1051136 62E3F0E9ABFCBCEE62C51546F622C455 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll

[-] 2007-04-16 15:53 1049600 6F1FE2AE7B22EB9CED1BFF533C9455EA c:\windows\$NtServicePackUninstall$\kernel32.dll

[-] 2004-08-19 23:09 1048576 C88F74591579DBDE273C61312B2D3886 c:\windows\$NtUninstallKB917422$\kernel32.dll

[-] 2006-07-05 10:56 1049088 CE4AF1FA47A29ADF97CB107775CE395C c:\windows\$NtUninstallKB935839$\kernel32.dll

[-] 2008-04-14 02:33 1054720 3AC8886DFA5AB641417DF4D3B7F5512E c:\windows\ServicePackFiles\i386\kernel32.dll

[-] 2004-08-19 23:09 1048576 C88F74591579DBDE273C61312B2D3886 c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\kernel32.dll

[-] 2008-04-14 02:33 1054720 3AC8886DFA5AB641417DF4D3B7F5512E c:\windows\system32\kernel32.dll

 

[-] 2004-08-19 23:09 17408 29D5E58FB089C41898A81BD4C8970F22 c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 02:33 17408 9F2C862E39BF8E8FC51C3F6A6BCEB415 c:\windows\ServicePackFiles\i386\powrprof.dll

[-] 2004-08-19 23:09 17408 29D5E58FB089C41898A81BD4C8970F22 c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\powrprof.dll

[-] 2008-04-14 02:33 17408 9F2C862E39BF8E8FC51C3F6A6BCEB415 c:\windows\system32\powrprof.dll

 

[-] 2004-08-19 23:09 110080 E55DAFA1A354BD5CB69151563DC9748A c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2008-04-14 02:33 110080 0469B73DB32E5520F342C5E163AA3CCA c:\windows\ServicePackFiles\i386\imm32.dll

[-] 2004-08-19 23:09 110080 E55DAFA1A354BD5CB69151563DC9748A c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\imm32.dll

[-] 2008-04-14 02:33 110080 0469B73DB32E5520F342C5E163AA3CCA c:\windows\system32\imm32.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-04-14_20.44.29 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-04-15 08:04 . 2005-10-20 18:02 163328 c:\windows\ERDNT\subs\ERDNT.EXE

- 2009-04-14 20:40 . 2005-10-20 18:02 163328 c:\windows\ERDNT\subs\ERDNT.EXE

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 34304]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1714176]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

"DetectTray"="c:\program files\Genius\TVGo DVB-T02PRO\DetectTray.exe" [2007-09-21 151552]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 208896]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 434176]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"DataLayer"="c:\program files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 1125888]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-10-12 315392]

"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 172544]

"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-02 49152]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 34304]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Belkin Wireless G USB Adapter Client Utility.lnk - c:\program files\Belkin\F5D7050v5\Belkinwcui.exe [2009-4-3 1585152]

Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 48640]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 86068]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="c:\windows\explorer.exe,"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\ThunMail\testabd.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.PIM1"= pclepim1.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0stera

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Icône AOL.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Icône AOL.lnk

backup=c:\windows\pss\Icône AOL.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Kodak software updater.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Kodak software updater.lnk

backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk

backup=c:\windows\pss\Logiciel Kodak EasyShare.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Symantec Fax Starter Edition Port.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Symantec Fax Starter Edition Port.lnk

backup=c:\windows\pss\Symantec Fax Starter Edition Port.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WallADay.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\WallADay.lnk

backup=c:\windows\pss\WallADay.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Maxime^Menu Démarrer^Programmes^Démarrage^Pervasive.SQL Workgroup Engine.lnk]

path=c:\documents and settings\Maxime\Menu Démarrer\Programmes\Démarrage\Pervasive.SQL Workgroup Engine.lnk

backup=c:\windows\pss\Pervasive.SQL Workgroup Engine.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\load]

???? [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\run]

???? [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2005-06-23 19:33 57344 ----a-w c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN]

2003-03-11 16:06 126976 ----a-w c:\program files\Panda Software\Panda Antivirus Titanium\Apvxdwin.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2008-09-19 08:27 29744 ----a-w c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ItsTV]

2007-04-26 14:19 2928640 ----a-w c:\program files\ItsLabel\ItsTV.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]

2002-07-18 16:36 28672 ----a-w c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\moneyagent]

2002-07-17 10:00 225343 ----a-w c:\program files\Microsoft Money\System\mnyexpr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]

2008-08-11 08:33 69632 ----a-w c:\program files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

2005-03-22 07:39 167936 ----a-w c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]

2005-04-20 07:57 847872 ----a-w c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]

2003-12-04 11:34 406016 ----a-w c:\windows\system32\PSDrvCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2006-10-13 16:20 20058152 ----a-w c:\program files\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2006-09-14 05:57 155896 ----a-w c:\program files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbellexe]

2008-08-11 08:33 185896 ----a-w c:\program files\Fichiers communs\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2008-12-09 10:12 234856 ----a-w c:\program files\TomTom HOME 2\HOMERunner.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2002-11-18 23:00 65536 ----a-w c:\windows\SOUNDMAN.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"HidServ"=2 (0x2)

"gusvc"=3 (0x3)

"GoogleDesktopManager-061008-081103"=3 (0x3)

"PAVSRV"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=

"c:\\PVSW\\BIN\\w3dbsmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Documents and Settings\\Maxime\\Application Data\\Vijeo-Runtime\\192.42.172.67\\public\\bin\\Koohi.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

R3 EC168BDA;TVGo DVB-T02PRO;c:\windows\system32\DRIVERS\EC168BDA.sys [2007-05-18 67968]

R3 restore;restore; [x]

R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2005-06-20 215040]

R4 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-19 29744]

S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys [2006-11-15 38144]

S3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\DRIVERS\BLKWGU.sys [2007-06-01 238848]

 

 

--- Autres Services/Pilotes en mémoire ---

 

*Deregistered* - AegisP

*Deregistered* - AFD

*Deregistered* - ALG

*Deregistered* - audstub

*Deregistered* - Beep

*Deregistered* - Browser

*Deregistered* - Cdfs

*Deregistered* - Compbatt

*Deregistered* - Dnscache

*Deregistered* - EAPPkt

*Deregistered* - ERSvc

*Deregistered* - EventSystem

*Deregistered* - Fastfat

*Deregistered* - FastUserSwitchingCompatibility

*Deregistered* - Fips

*Deregistered* - FltMgr

*Deregistered* - Ftdisk

*Deregistered* - Gpc

*Deregistered* - helpsvc

*Deregistered* - HTTP

*Deregistered* - ip6fw

*Deregistered* - IpNat

*Deregistered* - IPSec

*Deregistered* - irda

*Deregistered* - Irmon

*Deregistered* - KSecDD

*Deregistered* - lanmanserver

*Deregistered* - lanmanworkstation

*Deregistered* - LexBceS

*Deregistered* - LmHosts

*Deregistered* - mnmdd

*Deregistered* - MountMgr

*Deregistered* - MRxDAV

*Deregistered* - MRxSmb

*Deregistered* - Msfs

*Deregistered* - mssmbios

*Deregistered* - Mup

*Deregistered* - NDIS

*Deregistered* - NdisTapi

*Deregistered* - Ndisuio

*Deregistered* - NdisWan

*Deregistered* - NDProxy

*Deregistered* - NetBIOS

*Deregistered* - NetBT

*Deregistered* - Netman

*Deregistered* - Nla

*Deregistered* - Npfs

*Deregistered* - Ntfs

*Deregistered* - Null

*Deregistered* - PartMgr

*Deregistered* - ParVdm

*Deregistered* - PAVDRV

*Deregistered* - PolicyAgent

*Deregistered* - PptpMiniport

*Deregistered* - ProtectedStorage

*Deregistered* - PSched

*Deregistered* - RasAcd

*Deregistered* - Rasirda

*Deregistered* - Rasl2tp

*Deregistered* - RasMan

*Deregistered* - RasPppoe

*Deregistered* - Raspti

*Deregistered* - Rdbss

*Deregistered* - RDPCDD

*Deregistered* - RpcSs

*Deregistered* - SamSs

*Deregistered* - Schedule

*Deregistered* - ScsiAccess

*Deregistered* - seclogon

*Deregistered* - SENS

*Deregistered* - SharedAccess

*Deregistered* - ShellHWDetection

*Deregistered* - SLService

*Deregistered* - SlWdmSup

*Deregistered* - Spooler

*Deregistered* - sr

*Deregistered* - srservice

*Deregistered* - Srv

*Deregistered* - SSDPSRV

*Deregistered* - stisvc

*Deregistered* - swenum

*Deregistered* - TapiSrv

*Deregistered* - Tcpip

*Deregistered* - Tcpip6

*Deregistered* - TermDD

*Deregistered* - TermService

*Deregistered* - Themes

*Deregistered* - TrkWks

*Deregistered* - tunmp

*Deregistered* - UMWdf

*Deregistered* - Update

*Deregistered* - VgaSave

*Deregistered* - viaagp

*Deregistered* - VolSnap

*Deregistered* - W32Time

*Deregistered* - Wanarp

*Deregistered* - wanatw

*Deregistered* - WANMiniportService

*Deregistered* - WebClient

*Deregistered* - winmgmt

*Deregistered* - wscsvc

*Deregistered* - wuauserv

*Deregistered* - WZCSVC

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15b32896-8c3c-11dc-8a1e-00038a000015}]

\Shell\AutoRun\command - F:\InstallTomTomHOME.exe

.

Contenu du dossier 'Tâches planifiées'

 

2009-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 10:34]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = wmplayer.exe

uInternet Settings,ProxyServer = 192.42.172.254:80

uInternet Settings,ProxyOverride = *.local

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath -

 

---- PARAMETRES FIREFOX ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");

.

 

**************************************************************************

 

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-15 10:08

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\0*2*ú%åw]

"DisplayName"=""

"DeviceDesc"=""

"ProviderName"="00"

"MFG"="???????????"

"ReinstallString"="???\16?\13\09"

"DeviceInstanceIds"=multi:"r\\2kxp_inf\\cx_06366.inf\00"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'explorer.exe'(4332)

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\eappprxy.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\lexbces.exE

c:\windows\system32\ScsiAccess.EXE

c:\windows\system32\slserv.exe

c:\windows\system32\wdfmgr.exe

c:\windows\wanmpsvc.exe

c:\program files\Java\jre1.6.0_07\bin\jucheck.exe

.

**************************************************************************

.

Heure de fin: ~,10time:~,-3machine was rebootedCombobatch-by

ComboFix-quarantined-files.txt 2009-04-15 08:25

ComboFix2.txt 2009-04-14 22:41

ComboFix3.txt 2009-04-14 20:56

ComboFix4.txt 2009-04-11 10:33

ComboFix5.txt 2009-04-15 07:43

 

Avant-CF: 16,492,466,176 octets libres

Après-CF: 16,486,477,824 octets libres

 

569 --- E O F --- 2009-03-16 07:30

[maxou39]

Voici le rapport généré par Malwarebytes :

 

Malwarebytes' Anti-Malware 1.36

Version de la base de données: 1984

Windows 5.1.2600 Service Pack 3

 

2009-04-15 15:39:38

mbam-log-2009-04-15 (15-39-37).txt

 

Type de recherche: Examen complet (C:\|D:\|F:\|)

Eléments examinés: 224454

Temps écoulé: 3 hour(s), 31 minute(s), 6 second(s)

 

Processus mémoire infecté(s): 1

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 88

Valeur(s) du Registre infectée(s): 2

Elément(s) de données du Registre infecté(s): 2

Dossier(s) infecté(s): 4

Fichier(s) infecté(s): 23

 

Processus mémoire infecté(s):

C:\WINDOWS\temp\BN2.tmp (Trojan.Kobcka) -> Unloaded process successfully.

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\clientax.clientinstaller (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\clientax.clientinstaller.1 (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\clientax.requiredcomponent (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{5b6689b5-c2d4-4dc7-bfd1-24ac17e5fcda} (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{031cbf6a-c70e-4177-a0d4-c5268ee311fb} (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2b0eceac-f597-4858-a542-d966b49055b9} (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7fa8976f-d00c-4e98-8729-a66569233fb5} (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{bdddf1a5-51a9-4f51-b38d-4cd0ad831b31} (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{ddea2e1d-8555-45e5-af09-ec9aa4ea27ad} (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f1f1e775-1b21-454d-8d38-7c16519969e5} (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{0ac49246-419b-4ee0-8917-8818daad6a4e} (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{f31a5d11-bf0b-4a4e-90af-274f2090aaa6} (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f31a5d11-bf0b-4a4e-90af-274f2090aaa6} (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\clientax.requiredcomponent.1 (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\lmgr180.wmdrmax (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\lmgr180.wmdrmax.1 (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\seekmo.desktopflash (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\seekmo.desktopflash.1 (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\seekmoax.clientdetector (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\seekmoax.clientdetector.1 (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\seekmoax.userprofiles (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\seekmoax.userprofiles.1 (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{00b77587-be1b-4201-b8e9-09fcf50ab771} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{067c6a37-72ea-4437-863a-5be20c246f3c} (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1230cf51-6bc4-4a23-b3f1-c7cf0afed619} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1a2af056-1fe1-47ca-993d-5d09d18e674e} (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2b81f920-6660-4f76-93bf-b1c67bf5d1a0} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2e623b96-b166-4c70-8169-820761794299} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{34e29700-0d13-46aa-b9a5-ace68e21a091} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3661af2d-c27b-499c-9bcf-66c8502a3806} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3f0915b8-b238-4c2d-ad1e-60db1e14d27a} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{49155dae-c471-40fa-98ee-b2b3cad115ce} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{4d783385-0dda-4188-a529-c97dc3d67cbd} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{4e8b851b-05b0-4baf-b24d-d0dfe88dded3} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{50c3e2b3-4fd7-4cb9-91f9-641a6e6b3689} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{5a4737a8-b92a-4e54-970e-c2891d98ce3f} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{62b0b239-f9ac-4a5b-bfae-62c7a23f7627} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{6e10479b-31e8-4a3b-81b1-ddaf39097f19} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{726f0ab9-b842-4ae4-90c7-230e233e6a99} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{99123ac9-7dda-4c82-b252-44c2804bf392} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{ace99e77-aa2a-43c2-8c9d-caf2020fdf2b} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{b247f5bf-bd9d-4ecd-8fc1-365f36a1fda1} (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{b9cc2b92-5611-453f-8381-8b6f72d9c0b8} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{bbbfb891-98ae-4678-86f3-bd5a2eed86c9} (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{bd5258af-20ae-4bd3-b748-b2851aca7335} (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{c4543e64-1498-410d-8e72-4744eea99ab9} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e0fb1610-b25b-49f6-be20-751b2f230e6f} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{ea58c2ea-be26-49dd-9b9a-c8e4e5ca7791} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{fca28ac5-c1e1-4d67-a5ae-c44d6c374d9f} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{5b2e150d-4c8a-40e4-8c36-dd9c02771c67} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{627d894a-8a77-416e-b522-432eaf2c818e} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7138f250-5b72-48dd-adfb-9a83b429dd9e} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{8971cb48-9fca-445a-be77-e8e8a4cc9df7} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{b88e4484-3ff6-4ea9-815b-a54fe20d4387} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{bf1bf02c-5a86-4ecf-adac-472c54c4d21e} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{d2221ccb-f2bb-4858-aad4-57c754153603} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{ea0b6a1a-6a59-4a58-9c41-9966504898a5} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e313f5dc-cfe7-4568-84a4-c76653547571} (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{08755390-f46d-4d09-968c-3430166b3189} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{0923208c-e259-4ed5-a778-cb607da350ad} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{229d2451-a617-4b30-b5e8-8138694240cb} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{c23fa5a4-1fea-419f-8b14-f7465df062bc} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{ccc6e232-aa4c-4813-a019-9c14b27776b6} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{995e885e-3ff5-4f66-a107-8bfb3a0f8f12} (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{fbb40fdf-b715-4342-ab82-244ecc66e979} (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{4a40e8fc-c7e4-4f57-9fa4-85dd77402897} (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bfc08cff-c737-4433-bd5a-0ee7efcfee54} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e313f5dc-cfe7-4568-84a4-c76653547571} (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Features\9ee2330ae5f4470cac801baac83818c9 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\seekmo.desktopflash (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\seekmo.desktopflash.1 (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\seekmoax.clientdetector (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\seekmoax.clientdetector.1 (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\seekmoax.userprofiles (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\seekmoax.userprofiles.1 (Adware.Seekmo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

C:\Documents and Settings\Charles\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Delete on reboot.

C:\Documents and Settings\Charles\Application Data\WinAntiVirus Pro 2006\Logs (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

C:\Documents and Settings\Charles\Application Data\SystemDoctor 2006 Free (Rogue.SystemDoctor) -> Quarantined and deleted successfully.

C:\Documents and Settings\Charles\Application Data\SystemDoctor 2006 Free\Logs (Rogue.SystemDoctor) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\WINDOWS\temp\BN2.tmp (Trojan.Kobcka) -> Quarantined and deleted successfully.

C:\WINDOWS\Downloaded Program Files\ClientAX.dll (Adware.180Solutions) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\0xf9.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\gyekuc.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\ytiva.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\Documents and Settings\Maxime\Application Data\winantiviruspro2006freeinstall_fr[1].exe.vir (Rogue.Installer) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\ieocx.dll.vir (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\ds43g4nfjkn93.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\ftp_non_crp.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\hsf73ikmdf3f.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\1c30c3b9.sys.vir (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A0D12108-AE73-40C6-A5AD-8F8820A4F8CF}\RP1019\A0194451.dll (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A0D12108-AE73-40C6-A5AD-8F8820A4F8CF}\RP1019\A0194466.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A0D12108-AE73-40C6-A5AD-8F8820A4F8CF}\RP1022\A0197014.exe (Rogue.WinPcDefender) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A0D12108-AE73-40C6-A5AD-8F8820A4F8CF}\RP1028\A0198281.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A0D12108-AE73-40C6-A5AD-8F8820A4F8CF}\RP1028\A0198416.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A0D12108-AE73-40C6-A5AD-8F8820A4F8CF}\RP1028\A0198407.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A0D12108-AE73-40C6-A5AD-8F8820A4F8CF}\RP1028\A0198414.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Charles\Application Data\SystemDoctor 2006 Free\Logs\update.log (Rogue.SystemDoctor) -> Quarantined and deleted successfully.

C:\Documents and Settings\Maxime\Menu Démarrer\WinPC Defender.LNK (Rogue.WinPCDefender) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dpcxool64.sys (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Documents and Settings\Maxime\Application Data\config.cfg (Malware.Trace) -> Quarantined and deleted successfully.

[Gof]

Bonsoir maxou39

 

Navré des délais, j'ai eu peu de disponibilités cette semaine. Encore pas mal de travail sur ce système. Auparavant, effectue la manipulation suivante je te prie :

 

Assure toi d'avoir l'accès aux fichiers et dossiers cachés.

Pour afficher les fichiers et dossiers cachés du systéme :

• Démarrer, Poste de travail ou autre dossier, Menu Outils -> Option des dossiers -> onglet Affichage :
  
• Cocher la case : Afficher les fichiers et dossiers cachés
  
• Décocher la case : Masquer les extensions des fichiers dont le type est connu
  
• Décocher la case : Masquer les fichiers protégés du système d'exploitation
  ---> Répondre OUI à la demande de confirmation
  
• Cliquer Appliquer puis OK
  

 

Rends toi sur ce lien : Virus Total

• Clique sur Parcourir
  
• Rends toi jusque sur ce fichier si tu le trouves :
  

• c:\windows\system32\userinit.exe
  

• Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché. Si VirusTotal dit que le fichier a déjà été analysé, clique sur le bouton Reanalyse le fichier maintenant.
  
• Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
  
• Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
  
• Une nouvelle fenêtre de ton navigateur va apparaître
  
• Clique alors sur cette image :
  
• Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  
• Enfin colle le résultat dans ta prochaine réponse.
  Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
  

Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.

 

Renouvelle l'opération avec les fichiers suivants :

• c:\windows\ServicePackFiles\i386\userinit.exe
  c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\userinit.exe
  

 

A bientot.

[maxou39]

Bonjour Gof,

 

Heureux de te retrouver.

 

Voila le rapport du fichier : c:\windows\system32\userinit.exe

 

Fichier userinit.exe reçu le 2009.04.18 13:05:12 (CET)Antivirus Version Dernière mise à jour Résultat

a-squared 4.0.0.101 2009.04.18 -

AhnLab-V3 5.0.0.2 2009.04.17 -

AntiVir 7.9.0.143 2009.04.17 W32/Virut.Gen

Antiy-AVL 2.0.3.1 2009.04.17 -

Authentium 5.1.2.4 2009.04.18 W32/Virut.AI!Generic

Avast 4.8.1335.0 2009.04.17 Win32:Vitro

AVG 8.5.0.287 2009.04.17 Win32/Virut

BitDefender 7.2 2009.04.18 Win32.Virtob.Gen.12

CAT-QuickHeal 10.00 2009.04.18 W32.Virut.G

ClamAV 0.94.1 2009.04.18 -

Comodo 1120 2009.04.18 -

DrWeb 4.44.0.09170 2009.04.18 Win32.Virut.56

eSafe 7.0.17.0 2009.04.13 -

eTrust-Vet 31.6.6455 2009.04.14 Win32/Virut.17408

F-Prot 4.4.4.56 2009.04.17 W32/Virut.AI!Generic

F-Secure 8.0.14470.0 2009.04.18 Virus.Win32.Virut.ce

Fortinet 3.117.0.0 2009.04.18 W32/Virut.CE

GData 19 2009.04.18 Win32.Virtob.Gen.12

Ikarus T3.1.1.49.0 2009.04.18 -

K7AntiVirus 7.10.707 2009.04.17 -

Kaspersky 7.0.0.125 2009.04.18 Virus.Win32.Virut.ce

McAfee 5587 2009.04.17 W32/Virut.n.gen

McAfee+Artemis 5587 2009.04.17 W32/Virut.n.gen

McAfee-GW-Edition 6.7.6 2009.04.18 Win32.Virut.Gen

Microsoft 1.4502 2009.04.18 Virus:Win32/Virut.BM

NOD32 4018 2009.04.18 Win32/Virut.NBM

Norman 6.00.06 2009.04.17 W32/Virut.CF

nProtect 2009.1.8.0 2009.04.18 -

Panda 10.0.0.14 2009.04.17 -

PCTools 4.4.2.0 2009.04.17 -

Prevx1 V2 2009.04.18 -

Rising 21.25.52.00 2009.04.18 Win32.Virut.bm

Sophos 4.40.0 2009.04.18 W32/Scribble-B

Sunbelt 3.2.1858.2 2009.04.18 Virus.Win32.Virut.ce (v)

Symantec 1.4.4.12 2009.04.18 W32.Virut.CF

TheHacker 6.3.4.0.309 2009.04.16 -

TrendMicro 8.700.0.1004 2009.04.17 PE_VIRUX.F-1

VBA32 3.12.10.2 2009.04.12 -

ViRobot 2009.4.18.1685 2009.04.18 Win32.Virut.AL

VirusBuster 4.6.5.0 2009.04.17 -

 

Information additionnelle

File size: 45568 bytes

MD5...: de9b20501f7cc94b211e870e77609602

SHA1..: 3daac120cc3d7afc1161a67fe6bd5627740ccfed

SHA256: 94eddd19c1e78d5d009443d103ee881f6677db6e42aecc2d5bdaa4fae3c45c21

SHA512: 4acc425cf3a5752da4abcf4570af81934365903906d52553b4a4c3df05ea9761<BR>67ae36abb9099ff0d04c98a15d53ff1d857bda0b6f849bd8215359b6a2cafeaf

ssdeep: 768:wioJi8jDLIDSAaQFxfftjaLac1kLGKyGG5v0zPiOq9phN:w/JbDMDSA7Fxff<BR>JaLaRLGxGk8En<BR>

PEiD..: -

TrID..: File type identification<BR>Generic Win/DOS Executable (49.9%)<BR>DOS Executable Generic (49.8%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)

PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x54ad<BR>timedatestamp.....: 0x480251a8 (Sun Apr 13 18:32:08 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x520e 0x5400 5.95 9c59db4d806d26c8181b9cdae1a9f23f<BR>.data 0x7000 0x14c 0x200 1.86 0bb948f267e82975313a03d8c0e8a1cf<BR>.rsrc 0x8000 0x6e00 0x5800 6.06 001a4884f1d5f6a3881b8f80ae947346<BR><BR>( 9 imports ) <BR>> USER32.dll: CreateWindowExW, DestroyWindow, RegisterClassExW, DefWindowProcW, LoadRemoteFonts, wsprintfW, GetSystemMetrics, GetKeyboardLayout, SystemParametersInfoW, GetDesktopWindow, LoadStringW, MessageBoxW, ExitWindowsEx, CharNextW<BR>> ADVAPI32.dll: RegOpenKeyExA, ReportEventW, RegisterEventSourceW, DeregisterEventSource, OpenProcessToken, RegCreateKeyExW, RegSetValueExW, GetUserNameW, RegQueryValueExW, RegOpenKeyExW, RegQueryInfoKeyW, RegCloseKey, RegQueryValueExA<BR>> CRYPT32.dll: CryptProtectData<BR>> WINSPOOL.DRV: SpoolerInit<BR>> ntdll.dll: RtlLengthSid, RtlCopySid, _itow, RtlFreeUnicodeString, DbgPrint, wcslen, wcscpy, wcscat, wcscmp, RtlInitUnicodeString, NtOpenKey, NtClose, _wcsicmp, memmove, RtlConvertSidToUnicodeString, NtQueryInformationToken<BR>> NETAPI32.dll: DsGetDcNameW, NetApiBufferFree<BR>> WLDAP32.dll: -, -, -, -, -, -<BR>> msvcrt.dll: __setusermatherr, _initterm, __getmainargs, _acmdln, _adjust_fdiv, _XcptFilter, _exit, _c_exit, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, _cexit, exit<BR>> KERNEL32.dll: CompareFileTime, LoadLibraryW, GetProcAddress, FreeLibrary, lstrcpyW, CreateProcessW, lstrlenW, GetVersionExW, LocalFree, LocalAlloc, GetEnvironmentVariableW, CloseHandle, lstrcatW, WaitForSingleObject, DelayLoadFailureHook, GetStartupInfoA, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, LoadLibraryA, InterlockedCompareExchange, LocalReAlloc, GetSystemTime, lstrcmpW, GetCurrentThread, SetThreadPriority, ExpandEnvironmentStringsW, SearchPathW, GetLastError, CreateThread, GetFileAttributesExW, GetSystemDirectoryW, SetCurrentDirectoryW, FormatMessageW, lstrcmpiW, GetCurrentProcess, GetUserDefaultLangID, GetCurrentProcessId, SetEvent, OpenEventW, Sleep, SetEnvironmentVariableW<BR><BR>( 0 exports ) <BR>

RDS...: NSRL Reference Data Set<BR>-

 

Antivirus Version Dernière mise à jour Résultat

a-squared 4.0.0.101 2009.04.18 -

AhnLab-V3 5.0.0.2 2009.04.17 -

AntiVir 7.9.0.143 2009.04.17 W32/Virut.Gen

Antiy-AVL 2.0.3.1 2009.04.17 -

Authentium 5.1.2.4 2009.04.18 W32/Virut.AI!Generic

Avast 4.8.1335.0 2009.04.17 Win32:Vitro

AVG 8.5.0.287 2009.04.17 Win32/Virut

BitDefender 7.2 2009.04.18 Win32.Virtob.Gen.12

CAT-QuickHeal 10.00 2009.04.18 W32.Virut.G

ClamAV 0.94.1 2009.04.18 -

Comodo 1120 2009.04.18 -

DrWeb 4.44.0.09170 2009.04.18 Win32.Virut.56

eSafe 7.0.17.0 2009.04.13 -

eTrust-Vet 31.6.6455 2009.04.14 Win32/Virut.17408

F-Prot 4.4.4.56 2009.04.17 W32/Virut.AI!Generic

F-Secure 8.0.14470.0 2009.04.18 Virus.Win32.Virut.ce

Fortinet 3.117.0.0 2009.04.18 W32/Virut.CE

GData 19 2009.04.18 Win32.Virtob.Gen.12

Ikarus T3.1.1.49.0 2009.04.18 -

K7AntiVirus 7.10.707 2009.04.17 -

Kaspersky 7.0.0.125 2009.04.18 Virus.Win32.Virut.ce

McAfee 5587 2009.04.17 W32/Virut.n.gen

McAfee+Artemis 5587 2009.04.17 W32/Virut.n.gen

McAfee-GW-Edition 6.7.6 2009.04.18 Win32.Virut.Gen

Microsoft 1.4502 2009.04.18 Virus:Win32/Virut.BM

NOD32 4018 2009.04.18 Win32/Virut.NBM

Norman 6.00.06 2009.04.17 W32/Virut.CF

nProtect 2009.1.8.0 2009.04.18 -

Panda 10.0.0.14 2009.04.17 -

PCTools 4.4.2.0 2009.04.17 -

Prevx1 V2 2009.04.18 -

Rising 21.25.52.00 2009.04.18 Win32.Virut.bm

Sophos 4.40.0 2009.04.18 W32/Scribble-B

Sunbelt 3.2.1858.2 2009.04.18 Virus.Win32.Virut.ce (v)

Symantec 1.4.4.12 2009.04.18 W32.Virut.CF

TheHacker 6.3.4.0.309 2009.04.16 -

TrendMicro 8.700.0.1004 2009.04.17 PE_VIRUX.F-1

VBA32 3.12.10.2 2009.04.12 -

ViRobot 2009.4.18.1685 2009.04.18 Win32.Virut.AL

VirusBuster 4.6.5.0 2009.04.17 -

 

Information additionnelle

File size: 45568 bytes

MD5...: de9b20501f7cc94b211e870e77609602

SHA1..: 3daac120cc3d7afc1161a67fe6bd5627740ccfed

SHA256: 94eddd19c1e78d5d009443d103ee881f6677db6e42aecc2d5bdaa4fae3c45c21

SHA512: 4acc425cf3a5752da4abcf4570af81934365903906d52553b4a4c3df05ea9761<BR>67ae36abb9099ff0d04c98a15d53ff1d857bda0b6f849bd8215359b6a2cafeaf

ssdeep: 768:wioJi8jDLIDSAaQFxfftjaLac1kLGKyGG5v0zPiOq9phN:w/JbDMDSA7Fxff<BR>JaLaRLGxGk8En<BR>

PEiD..: -

TrID..: File type identification<BR>Generic Win/DOS Executable (49.9%)<BR>DOS Executable Generic (49.8%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)

PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x54ad<BR>timedatestamp.....: 0x480251a8 (Sun Apr 13 18:32:08 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x520e 0x5400 5.95 9c59db4d806d26c8181b9cdae1a9f23f<BR>.data 0x7000 0x14c 0x200 1.86 0bb948f267e82975313a03d8c0e8a1cf<BR>.rsrc 0x8000 0x6e00 0x5800 6.06 001a4884f1d5f6a3881b8f80ae947346<BR><BR>( 9 imports ) <BR>> USER32.dll: CreateWindowExW, DestroyWindow, RegisterClassExW, DefWindowProcW, LoadRemoteFonts, wsprintfW, GetSystemMetrics, GetKeyboardLayout, SystemParametersInfoW, GetDesktopWindow, LoadStringW, MessageBoxW, ExitWindowsEx, CharNextW<BR>> ADVAPI32.dll: RegOpenKeyExA, ReportEventW, RegisterEventSourceW, DeregisterEventSource, OpenProcessToken, RegCreateKeyExW, RegSetValueExW, GetUserNameW, RegQueryValueExW, RegOpenKeyExW, RegQueryInfoKeyW, RegCloseKey, RegQueryValueExA<BR>> CRYPT32.dll: CryptProtectData<BR>> WINSPOOL.DRV: SpoolerInit<BR>> ntdll.dll: RtlLengthSid, RtlCopySid, _itow, RtlFreeUnicodeString, DbgPrint, wcslen, wcscpy, wcscat, wcscmp, RtlInitUnicodeString, NtOpenKey, NtClose, _wcsicmp, memmove, RtlConvertSidToUnicodeString, NtQueryInformationToken<BR>> NETAPI32.dll: DsGetDcNameW, NetApiBufferFree<BR>> WLDAP32.dll: -, -, -, -, -, -<BR>> msvcrt.dll: __setusermatherr, _initterm, __getmainargs, _acmdln, _adjust_fdiv, _XcptFilter, _exit, _c_exit, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, _cexit, exit<BR>> KERNEL32.dll: CompareFileTime, LoadLibraryW, GetProcAddress, FreeLibrary, lstrcpyW, CreateProcessW, lstrlenW, GetVersionExW, LocalFree, LocalAlloc, GetEnvironmentVariableW, CloseHandle, lstrcatW, WaitForSingleObject, DelayLoadFailureHook, GetStartupInfoA, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, LoadLibraryA, InterlockedCompareExchange, LocalReAlloc, GetSystemTime, lstrcmpW, GetCurrentThread, SetThreadPriority, ExpandEnvironmentStringsW, SearchPathW, GetLastError, CreateThread, GetFileAttributesExW, GetSystemDirectoryW, SetCurrentDirectoryW, FormatMessageW, lstrcmpiW, GetCurrentProcess, GetUserDefaultLangID, GetCurrentProcessId, SetEvent, OpenEventW, Sleep, SetEnvironmentVariableW<BR><BR>( 0 exports ) <BR>

RDS...: NSRL Reference Data Set<BR>-

 

Voila le rapport du fichier : c:\windows\ServicePackFiles\i386\userinit.exe

 

Fichier userinit.exe reçu le 2009.04.18 18:36:52 (CET)Antivirus Version Dernière mise à jour Résultat

a-squared 4.0.0.101 2009.04.18 -

AhnLab-V3 5.0.0.2 2009.04.18 -

AntiVir 7.9.0.143 2009.04.17 W32/Virut.Gen

Antiy-AVL 2.0.3.1 2009.04.17 -

Authentium 5.1.2.4 2009.04.18 W32/Virut.AI!Generic

Avast 4.8.1335.0 2009.04.17 Win32:Vitro

AVG 8.5.0.287 2009.04.18 Win32/Virut

BitDefender 7.2 2009.04.18 Win32.Virtob.Gen.12

CAT-QuickHeal 10.00 2009.04.18 W32.Virut.G

ClamAV 0.94.1 2009.04.18 -

Comodo 1120 2009.04.18 -

DrWeb 4.44.0.09170 2009.04.18 Win32.Virut.56

eSafe 7.0.17.0 2009.04.13 -

eTrust-Vet 31.6.6455 2009.04.14 Win32/Virut.17408

F-Prot 4.4.4.56 2009.04.17 W32/Virut.AI!Generic

F-Secure 8.0.14470.0 2009.04.18 Virus.Win32.Virut.ce

Fortinet 3.117.0.0 2009.04.18 W32/Virut.CE

GData 19 2009.04.18 Win32.Virtob.Gen.12

Ikarus T3.1.1.49.0 2009.04.18 -

K7AntiVirus 7.10.707 2009.04.17 -

Kaspersky 7.0.0.125 2009.04.18 Virus.Win32.Virut.ce

McAfee 5588 2009.04.18 W32/Virut.n.gen

McAfee+Artemis 5588 2009.04.18 W32/Virut.n.gen

McAfee-GW-Edition 6.7.6 2009.04.18 Win32.Virut.Gen

Microsoft 1.4502 2009.04.18 Virus:Win32/Virut.BM

NOD32 4018 2009.04.18 Win32/Virut.NBM

Norman 6.00.06 2009.04.17 -

nProtect 2009.1.8.0 2009.04.18 -

Panda 10.0.0.14 2009.04.18 -

PCTools 4.4.2.0 2009.04.17 -

Rising 21.25.52.00 2009.04.18 Win32.Virut.bm

Sophos 4.40.0 2009.04.18 W32/Scribble-B

Sunbelt 3.2.1858.2 2009.04.18 Virus.Win32.Virut.ce (v)

Symantec 1.4.4.12 2009.04.18 W32.Virut.CF

TheHacker 6.3.4.0.309 2009.04.16 -

TrendMicro 8.700.0.1004 2009.04.17 PE_VIRUX.F-1

VBA32 3.12.10.2 2009.04.12 suspected of Virus.Win32.Virut.1

ViRobot 2009.4.18.1685 2009.04.18 Win32.Virut.AL

VirusBuster 4.6.5.0 2009.04.18 Win32.Virut.Y.Gen

 

Information additionnelle

File size: 45568 bytes

MD5...: 8c3319721a55194493d339faf2fa2b6f

SHA1..: 5dfb15a545be305702d3d3653ec1643aeddfff98

SHA256: 6204eabec2091970bef0683e32b1104dab7c85c40ec2926085cdc600b66454f2

SHA512: c631a87f1a118a60c51cea2e5b2c249d7d44c5668da9e6ad859e4ba60f1d87e3<BR>a3c2e719c93feab1e397ba571bc456d3feab24558ecb9287d5e0f80e6ee81c15

ssdeep: 768:wioJi8jDLIDSAaQFxfftjaLacZkLGKyGrRGnUIVykcQCeQ0til29Syk:w/Jb<BR>DMDSA7FxffJaLaRLGxGrRGnfVy9N<BR>

PEiD..: -

TrID..: File type identification<BR>Generic Win/DOS Executable (49.9%)<BR>DOS Executable Generic (49.8%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)

PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x54ad<BR>timedatestamp.....: 0x480251a8 (Sun Apr 13 18:32:08 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x520e 0x5400 5.95 a2f2885e8cb26776b6567b70367bdb44<BR>.data 0x7000 0x14c 0x200 1.86 0bb948f267e82975313a03d8c0e8a1cf<BR>.rsrc 0x8000 0x6e00 0x5800 5.78 ac3d1e758f0ab2c55794d018e441f39b<BR><BR>( 9 imports ) <BR>> USER32.dll: CreateWindowExW, DestroyWindow, RegisterClassExW, DefWindowProcW, LoadRemoteFonts, wsprintfW, GetSystemMetrics, GetKeyboardLayout, SystemParametersInfoW, GetDesktopWindow, LoadStringW, MessageBoxW, ExitWindowsEx, CharNextW<BR>> ADVAPI32.dll: RegOpenKeyExA, ReportEventW, RegisterEventSourceW, DeregisterEventSource, OpenProcessToken, RegCreateKeyExW, RegSetValueExW, GetUserNameW, RegQueryValueExW, RegOpenKeyExW, RegQueryInfoKeyW, RegCloseKey, RegQueryValueExA<BR>> CRYPT32.dll: CryptProtectData<BR>> WINSPOOL.DRV: SpoolerInit<BR>> ntdll.dll: RtlLengthSid, RtlCopySid, _itow, RtlFreeUnicodeString, DbgPrint, wcslen, wcscpy, wcscat, wcscmp, RtlInitUnicodeString, NtOpenKey, NtClose, _wcsicmp, memmove, RtlConvertSidToUnicodeString, NtQueryInformationToken<BR>> NETAPI32.dll: DsGetDcNameW, NetApiBufferFree<BR>> WLDAP32.dll: -, -, -, -, -, -<BR>> msvcrt.dll: __setusermatherr, _initterm, __getmainargs, _acmdln, _adjust_fdiv, _XcptFilter, _exit, _c_exit, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, _cexit, exit<BR>> KERNEL32.dll: CompareFileTime, LoadLibraryW, GetProcAddress, FreeLibrary, lstrcpyW, CreateProcessW, lstrlenW, GetVersionExW, LocalFree, LocalAlloc, GetEnvironmentVariableW, CloseHandle, lstrcatW, WaitForSingleObject, DelayLoadFailureHook, GetStartupInfoA, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, LoadLibraryA, InterlockedCompareExchange, LocalReAlloc, GetSystemTime, lstrcmpW, GetCurrentThread, SetThreadPriority, ExpandEnvironmentStringsW, SearchPathW, GetLastError, CreateThread, GetFileAttributesExW, GetSystemDirectoryW, SetCurrentDirectoryW, FormatMessageW, lstrcmpiW, GetCurrentProcess, GetUserDefaultLangID, GetCurrentProcessId, SetEvent, OpenEventW, Sleep, SetEnvironmentVariableW<BR><BR>( 0 exports ) <BR>

RDS...: NSRL Reference Data Set<BR>-

 

Antivirus Version Dernière mise à jour Résultat

a-squared 4.0.0.101 2009.04.18 -

AhnLab-V3 5.0.0.2 2009.04.18 -

AntiVir 7.9.0.143 2009.04.17 W32/Virut.Gen

Antiy-AVL 2.0.3.1 2009.04.17 -

Authentium 5.1.2.4 2009.04.18 W32/Virut.AI!Generic

Avast 4.8.1335.0 2009.04.17 Win32:Vitro

AVG 8.5.0.287 2009.04.18 Win32/Virut

BitDefender 7.2 2009.04.18 Win32.Virtob.Gen.12

CAT-QuickHeal 10.00 2009.04.18 W32.Virut.G

ClamAV 0.94.1 2009.04.18 -

Comodo 1120 2009.04.18 -

DrWeb 4.44.0.09170 2009.04.18 Win32.Virut.56

eSafe 7.0.17.0 2009.04.13 -

eTrust-Vet 31.6.6455 2009.04.14 Win32/Virut.17408

F-Prot 4.4.4.56 2009.04.17 W32/Virut.AI!Generic

F-Secure 8.0.14470.0 2009.04.18 Virus.Win32.Virut.ce

Fortinet 3.117.0.0 2009.04.18 W32/Virut.CE

GData 19 2009.04.18 Win32.Virtob.Gen.12

Ikarus T3.1.1.49.0 2009.04.18 -

K7AntiVirus 7.10.707 2009.04.17 -

Kaspersky 7.0.0.125 2009.04.18 Virus.Win32.Virut.ce

McAfee 5588 2009.04.18 W32/Virut.n.gen

McAfee+Artemis 5588 2009.04.18 W32/Virut.n.gen

McAfee-GW-Edition 6.7.6 2009.04.18 Win32.Virut.Gen

Microsoft 1.4502 2009.04.18 Virus:Win32/Virut.BM

NOD32 4018 2009.04.18 Win32/Virut.NBM

Norman 6.00.06 2009.04.17 -

nProtect 2009.1.8.0 2009.04.18 -

Panda 10.0.0.14 2009.04.18 -

PCTools 4.4.2.0 2009.04.17 -

Rising 21.25.52.00 2009.04.18 Win32.Virut.bm

Sophos 4.40.0 2009.04.18 W32/Scribble-B

Sunbelt 3.2.1858.2 2009.04.18 Virus.Win32.Virut.ce (v)

Symantec 1.4.4.12 2009.04.18 W32.Virut.CF

TheHacker 6.3.4.0.309 2009.04.16 -

TrendMicro 8.700.0.1004 2009.04.17 PE_VIRUX.F-1

VBA32 3.12.10.2 2009.04.12 suspected of Virus.Win32.Virut.1

ViRobot 2009.4.18.1685 2009.04.18 Win32.Virut.AL

VirusBuster 4.6.5.0 2009.04.18 Win32.Virut.Y.Gen

 

Information additionnelle

File size: 45568 bytes

MD5...: 8c3319721a55194493d339faf2fa2b6f

SHA1..: 5dfb15a545be305702d3d3653ec1643aeddfff98

SHA256: 6204eabec2091970bef0683e32b1104dab7c85c40ec2926085cdc600b66454f2

SHA512: c631a87f1a118a60c51cea2e5b2c249d7d44c5668da9e6ad859e4ba60f1d87e3<BR>a3c2e719c93feab1e397ba571bc456d3feab24558ecb9287d5e0f80e6ee81c15

ssdeep: 768:wioJi8jDLIDSAaQFxfftjaLacZkLGKyGrRGnUIVykcQCeQ0til29Syk:w/Jb<BR>DMDSA7FxffJaLaRLGxGrRGnfVy9N<BR>

PEiD..: -

TrID..: File type identification<BR>Generic Win/DOS Executable (49.9%)<BR>DOS Executable Generic (49.8%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)

PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x54ad<BR>timedatestamp.....: 0x480251a8 (Sun Apr 13 18:32:08 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x520e 0x5400 5.95 a2f2885e8cb26776b6567b70367bdb44<BR>.data 0x7000 0x14c 0x200 1.86 0bb948f267e82975313a03d8c0e8a1cf<BR>.rsrc 0x8000 0x6e00 0x5800 5.78 ac3d1e758f0ab2c55794d018e441f39b<BR><BR>( 9 imports ) <BR>> USER32.dll: CreateWindowExW, DestroyWindow, RegisterClassExW, DefWindowProcW, LoadRemoteFonts, wsprintfW, GetSystemMetrics, GetKeyboardLayout, SystemParametersInfoW, GetDesktopWindow, LoadStringW, MessageBoxW, ExitWindowsEx, CharNextW<BR>> ADVAPI32.dll: RegOpenKeyExA, ReportEventW, RegisterEventSourceW, DeregisterEventSource, OpenProcessToken, RegCreateKeyExW, RegSetValueExW, GetUserNameW, RegQueryValueExW, RegOpenKeyExW, RegQueryInfoKeyW, RegCloseKey, RegQueryValueExA<BR>> CRYPT32.dll: CryptProtectData<BR>> WINSPOOL.DRV: SpoolerInit<BR>> ntdll.dll: RtlLengthSid, RtlCopySid, _itow, RtlFreeUnicodeString, DbgPrint, wcslen, wcscpy, wcscat, wcscmp, RtlInitUnicodeString, NtOpenKey, NtClose, _wcsicmp, memmove, RtlConvertSidToUnicodeString, NtQueryInformationToken<BR>> NETAPI32.dll: DsGetDcNameW, NetApiBufferFree<BR>> WLDAP32.dll: -, -, -, -, -, -<BR>> msvcrt.dll: __setusermatherr, _initterm, __getmainargs, _acmdln, _adjust_fdiv, _XcptFilter, _exit, _c_exit, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, _cexit, exit<BR>> KERNEL32.dll: CompareFileTime, LoadLibraryW, GetProcAddress, FreeLibrary, lstrcpyW, CreateProcessW, lstrlenW, GetVersionExW, LocalFree, LocalAlloc, GetEnvironmentVariableW, CloseHandle, lstrcatW, WaitForSingleObject, DelayLoadFailureHook, GetStartupInfoA, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, LoadLibraryA, InterlockedCompareExchange, LocalReAlloc, GetSystemTime, lstrcmpW, GetCurrentThread, SetThreadPriority, ExpandEnvironmentStringsW, SearchPathW, GetLastError, CreateThread, GetFileAttributesExW, GetSystemDirectoryW, SetCurrentDirectoryW, FormatMessageW, lstrcmpiW, GetCurrentProcess, GetUserDefaultLangID, GetCurrentProcessId, SetEvent, OpenEventW, Sleep, SetEnvironmentVariableW<BR><BR>( 0 exports ) <BR>

RDS...: NSRL Reference Data Set<BR>-

 

Voila le rapport du fichier : c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\userinit.exe

 

Fichier userinit.exe reçu le 2009.04.18 20:48:53 (CET)Antivirus Version Dernière mise à jour Résultat

a-squared 4.0.0.101 2009.04.18 -

AhnLab-V3 5.0.0.2 2009.04.18 -

AntiVir 7.9.0.143 2009.04.17 W32/Virut.Gen

Antiy-AVL 2.0.3.1 2009.04.17 -

Authentium 5.1.2.4 2009.04.18 W32/Virut.AI!Generic

Avast 4.8.1335.0 2009.04.18 Win32:Vitro

AVG 8.5.0.287 2009.04.18 Win32/Virut

BitDefender 7.2 2009.04.18 Win32.Virtob.Gen.12

CAT-QuickHeal 10.00 2009.04.18 W32.Virut.G

ClamAV 0.94.1 2009.04.18 -

Comodo 1120 2009.04.18 -

DrWeb 4.44.0.09170 2009.04.18 Win32.Virut.56

eSafe 7.0.17.0 2009.04.13 -

eTrust-Vet 31.6.6455 2009.04.14 Win32/Virut.17408

F-Prot 4.4.4.56 2009.04.17 W32/Virut.AI!Generic

F-Secure 8.0.14470.0 2009.04.18 Virus.Win32.Virut.ce

Fortinet 3.117.0.0 2009.04.18 W32/Virut.CE

GData 19 2009.04.18 Win32.Virtob.Gen.12

Ikarus T3.1.1.49.0 2009.04.18 -

K7AntiVirus 7.10.707 2009.04.17 -

Kaspersky 7.0.0.125 2009.04.18 Virus.Win32.Virut.ce

McAfee 5588 2009.04.18 W32/Virut.n.gen

McAfee+Artemis 5588 2009.04.18 W32/Virut.n.gen

McAfee-GW-Edition 6.7.6 2009.04.18 Win32.Virut.Gen

Microsoft 1.4502 2009.04.18 Virus:Win32/Virut.BM

NOD32 4018 2009.04.18 Win32/Virut.NBM

Norman 6.00.06 2009.04.17 W32/Virut.CF

nProtect 2009.1.8.0 2009.04.18 -

Panda 10.0.0.14 2009.04.18 -

PCTools 4.4.2.0 2009.04.17 -

Rising 21.25.52.00 2009.04.18 Win32.Virut.bm

Sophos 4.40.0 2009.04.18 W32/Scribble-B

Sunbelt 3.2.1858.2 2009.04.18 Virus.Win32.Virut.ce (v)

Symantec 1.4.4.12 2009.04.18 W32.Virut.CF

TheHacker 6.3.4.0.309 2009.04.16 -

TrendMicro 8.700.0.1004 2009.04.17 PE_VIRUX.F-1

ViRobot 2009.4.18.1685 2009.04.18 Win32.Virut.AL

VirusBuster 4.6.5.0 2009.04.18 Win32.Virut.Y.Gen

 

Information additionnelle

File size: 44032 bytes

MD5...: 2c38365900ff7a1107143c08b3fb219d

SHA1..: e9ed4e57039b5dbb4e2c51b1b5dd2779084b5d0b

SHA256: cd362d0f66f0f28a89c39225778ba26a02ae5cb65b042554d6d1adc432ab5186

SHA512: 40caa2ecc4270f43686b09d3aa9dc80420cdd6d03a061a1a2a6785c802fc0704<BR>7c2d5e3f4404de1808cbd6201b0206b8ab86350fb51eb8f544e083a9f4082ccd

ssdeep: 768:rxJDUaxgu5YEVBxkjuv7wbaLaTPU4HP1t5Cyx7B+uQD:rxJHxIEVBvT2aLaT<BR>PU2P1t5CMNpQ<BR>

PEiD..: -

TrID..: File type identification<BR>Generic Win/DOS Executable (49.9%)<BR>DOS Executable Generic (49.8%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)

PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x50e5<BR>timedatestamp.....: 0x41107b78 (Wed Aug 04 06:00:24 2004)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x4db8 0x4e00 6.01 5ba86856b3aacc85667bbcefb014592f<BR>.data 0x6000 0x14c 0x200 1.86 cbb599f9267bf53209039d14a3574eb1<BR>.rsrc 0x7000 0x6e00 0x5800 6.12 e3eaeb59587e02c44ec181d8a79fd8e6<BR><BR>( 7 imports ) <BR>> USER32.dll: CreateWindowExW, DestroyWindow, RegisterClassExW, DefWindowProcW, LoadRemoteFonts, wsprintfW, GetSystemMetrics, GetKeyboardLayout, SystemParametersInfoW, GetDesktopWindow, LoadStringW, MessageBoxW, ExitWindowsEx, CharNextW<BR>> ADVAPI32.dll: RegOpenKeyExA, ReportEventW, RegisterEventSourceW, DeregisterEventSource, OpenProcessToken, RegCreateKeyExW, RegSetValueExW, GetUserNameW, RegQueryValueExW, RegOpenKeyExW, RegQueryInfoKeyW, RegCloseKey, RegQueryValueExA<BR>> CRYPT32.dll: CryptProtectData<BR>> WINSPOOL.DRV: SpoolerInit<BR>> ntdll.dll: RtlLengthSid, RtlCopySid, _itow, RtlFreeUnicodeString, DbgPrint, wcslen, wcscpy, wcscat, wcscmp, RtlInitUnicodeString, NtOpenKey, NtClose, _wcsicmp, memmove, NtQueryInformationToken, RtlConvertSidToUnicodeString<BR>> msvcrt.dll: _controlfp, _except_handler3, __set_app_type, __p__fmode, __p__commode, __setusermatherr, __getmainargs, _acmdln, exit, _cexit, _XcptFilter, _exit, _c_exit, _initterm, _adjust_fdiv<BR>> KERNEL32.dll: GetVersionExW, LocalFree, LocalAlloc, GetEnvironmentVariableW, SetEnvironmentVariableW, lstrlenW, lstrcpyW, FreeLibrary, GetProcAddress, LoadLibraryW, CompareFileTime, CloseHandle, lstrcatW, WaitForSingleObject, DelayLoadFailureHook, GetStartupInfoA, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, LoadLibraryA, InterlockedCompareExchange, LocalReAlloc, GetSystemTime, lstrcmpW, GetCurrentThread, SetThreadPriority, CreateThread, GetFileAttributesExW, GetSystemDirectoryW, SetCurrentDirectoryW, FormatMessageW, lstrcmpiW, GetCurrentProcess, GetUserDefaultLangID, GetCurrentProcessId, ExpandEnvironmentStringsW, SetEvent, OpenEventW, Sleep, GetLastError, SearchPathW, CreateProcessW<BR><BR>( 0 exports ) <BR>

RDS...: NSRL Reference Data Set<BR>-

 

Antivirus Version Dernière mise à jour Résultat

a-squared 4.0.0.101 2009.04.18 -

AhnLab-V3 5.0.0.2 2009.04.18 -

AntiVir 7.9.0.143 2009.04.17 W32/Virut.Gen

Antiy-AVL 2.0.3.1 2009.04.17 -

Authentium 5.1.2.4 2009.04.18 W32/Virut.AI!Generic

Avast 4.8.1335.0 2009.04.18 Win32:Vitro

AVG 8.5.0.287 2009.04.18 Win32/Virut

BitDefender 7.2 2009.04.18 Win32.Virtob.Gen.12

CAT-QuickHeal 10.00 2009.04.18 W32.Virut.G

ClamAV 0.94.1 2009.04.18 -

Comodo 1120 2009.04.18 -

DrWeb 4.44.0.09170 2009.04.18 Win32.Virut.56

eSafe 7.0.17.0 2009.04.13 -

eTrust-Vet 31.6.6455 2009.04.14 Win32/Virut.17408

F-Prot 4.4.4.56 2009.04.17 W32/Virut.AI!Generic

F-Secure 8.0.14470.0 2009.04.18 Virus.Win32.Virut.ce

Fortinet 3.117.0.0 2009.04.18 W32/Virut.CE

GData 19 2009.04.18 Win32.Virtob.Gen.12

Ikarus T3.1.1.49.0 2009.04.18 -

K7AntiVirus 7.10.707 2009.04.17 -

Kaspersky 7.0.0.125 2009.04.18 Virus.Win32.Virut.ce

McAfee 5588 2009.04.18 W32/Virut.n.gen

McAfee+Artemis 5588 2009.04.18 W32/Virut.n.gen

McAfee-GW-Edition 6.7.6 2009.04.18 Win32.Virut.Gen

Microsoft 1.4502 2009.04.18 Virus:Win32/Virut.BM

NOD32 4018 2009.04.18 Win32/Virut.NBM

Norman 6.00.06 2009.04.17 W32/Virut.CF

nProtect 2009.1.8.0 2009.04.18 -

Panda 10.0.0.14 2009.04.18 -

PCTools 4.4.2.0 2009.04.17 -

Rising 21.25.52.00 2009.04.18 Win32.Virut.bm

Sophos 4.40.0 2009.04.18 W32/Scribble-B

Sunbelt 3.2.1858.2 2009.04.18 Virus.Win32.Virut.ce (v)

Symantec 1.4.4.12 2009.04.18 W32.Virut.CF

TheHacker 6.3.4.0.309 2009.04.16 -

TrendMicro 8.700.0.1004 2009.04.17 PE_VIRUX.F-1

ViRobot 2009.4.18.1685 2009.04.18 Win32.Virut.AL

VirusBuster 4.6.5.0 2009.04.18 Win32.Virut.Y.Gen

 

Information additionnelle

File size: 44032 bytes

MD5...: 2c38365900ff7a1107143c08b3fb219d

SHA1..: e9ed4e57039b5dbb4e2c51b1b5dd2779084b5d0b

SHA256: cd362d0f66f0f28a89c39225778ba26a02ae5cb65b042554d6d1adc432ab5186

SHA512: 40caa2ecc4270f43686b09d3aa9dc80420cdd6d03a061a1a2a6785c802fc0704<BR>7c2d5e3f4404de1808cbd6201b0206b8ab86350fb51eb8f544e083a9f4082ccd

ssdeep: 768:rxJDUaxgu5YEVBxkjuv7wbaLaTPU4HP1t5Cyx7B+uQD:rxJHxIEVBvT2aLaT<BR>PU2P1t5CMNpQ<BR>

PEiD..: -

TrID..: File type identification<BR>Generic Win/DOS Executable (49.9%)<BR>DOS Executable Generic (49.8%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)

PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x50e5<BR>timedatestamp.....: 0x41107b78 (Wed Aug 04 06:00:24 2004)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x4db8 0x4e00 6.01 5ba86856b3aacc85667bbcefb014592f<BR>.data 0x6000 0x14c 0x200 1.86 cbb599f9267bf53209039d14a3574eb1<BR>.rsrc 0x7000 0x6e00 0x5800 6.12 e3eaeb59587e02c44ec181d8a79fd8e6<BR><BR>( 7 imports ) <BR>> USER32.dll: CreateWindowExW, DestroyWindow, RegisterClassExW, DefWindowProcW, LoadRemoteFonts, wsprintfW, GetSystemMetrics, GetKeyboardLayout, SystemParametersInfoW, GetDesktopWindow, LoadStringW, MessageBoxW, ExitWindowsEx, CharNextW<BR>> ADVAPI32.dll: RegOpenKeyExA, ReportEventW, RegisterEventSourceW, DeregisterEventSource, OpenProcessToken, RegCreateKeyExW, RegSetValueExW, GetUserNameW, RegQueryValueExW, RegOpenKeyExW, RegQueryInfoKeyW, RegCloseKey, RegQueryValueExA<BR>> CRYPT32.dll: CryptProtectData<BR>> WINSPOOL.DRV: SpoolerInit<BR>> ntdll.dll: RtlLengthSid, RtlCopySid, _itow, RtlFreeUnicodeString, DbgPrint, wcslen, wcscpy, wcscat, wcscmp, RtlInitUnicodeString, NtOpenKey, NtClose, _wcsicmp, memmove, NtQueryInformationToken, RtlConvertSidToUnicodeString<BR>> msvcrt.dll: _controlfp, _except_handler3, __set_app_type, __p__fmode, __p__commode, __setusermatherr, __getmainargs, _acmdln, exit, _cexit, _XcptFilter, _exit, _c_exit, _initterm, _adjust_fdiv<BR>> KERNEL32.dll: GetVersionExW, LocalFree, LocalAlloc, GetEnvironmentVariableW, SetEnvironmentVariableW, lstrlenW, lstrcpyW, FreeLibrary, GetProcAddress, LoadLibraryW, CompareFileTime, CloseHandle, lstrcatW, WaitForSingleObject, DelayLoadFailureHook, GetStartupInfoA, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, LoadLibraryA, InterlockedCompareExchange, LocalReAlloc, GetSystemTime, lstrcmpW, GetCurrentThread, SetThreadPriority, CreateThread, GetFileAttributesExW, GetSystemDirectoryW, SetCurrentDirectoryW, FormatMessageW, lstrcmpiW, GetCurrentProcess, GetUserDefaultLangID, GetCurrentProcessId, ExpandEnvironmentStringsW, SetEvent, OpenEventW, Sleep, GetLastError, SearchPathW, CreateProcessW<BR><BR>( 0 exports ) <BR>

RDS...: NSRL Reference Data Set<BR>-

 

bon courage

[Gof]

Bonsoir maxou39,

 

Eh bien... Encore beaucoup de travail, sans réelle garantie de résultats vu la nature de l'infection. Il faudra peut-être se contraindre à formater. Je te recommande de sauvegarder sur un autre support tes données personnelles importantes avant de poursuivre.

 

Quand c'est fait, essaie ceci : Fais un clic droit sur le lien suivant et choisis "Enregistrer la cible sous..." (sous FireFox >> "Enregistrer la cible du lien sous...") :

ftp://ftp.drweb.com/pub/drweb/cureit/launch.exe

• Lors de la sauvegarde du fichier, renomme le fichier en launch.com puis sauvegarde-le sur le Bureau
  
• Double clique launch.com et ensuite clique sur Commencer le scan;
  
• Clique Ok à l'invite de l'analyse rapide. Ce scan permet l'analyse des processus chargés en mémoire; s'il trouve des processus infectés, clique le bouton Oui à l'invite.
  **Note : une fenêtre s'ouvrira avec options pour "Commander" ou "50% de réduction"; vous pouvez quitter en cliquant le "X"
  
• L'analyse rapide se fait en quelques minutes seulement (progression affichée au bas)
  
• Lorsque l'analyse rapide sera terminée, coche/active le bouton "Analayse complète" (au haut à gauche) et clique sur le bouton avec flèche verte sur la droite et l'analyse complète débutera.
  
• S'il y a détections, l'outil te proposera des choix d'actions : clique "Oui pour tout" selon l'action proposée (réparation, quarantaine ou suppression).
  
• ** L'analyse complète est plutôt longue, donc il faut être patient. Il faut avoir la machine à l'oeil durant l'analyse, car l'outil stoppe sa progression lorsqu'il y a détection et attend votre choix d'action.
  
• *** Si tu soupçonnes qu'une détection semble être fausse (un faux-positif), alors clique "Non pour tout" et avise le bénévole qui t'aide en lui soumettant le nom et emplacement du fichier détecté.
  
• En fin d'analyse, il est possible que le bouton "Tout sélectionner" (au bas à gauche) soit disponible : ne pas cliquer dessus.
  
• Va maintenant dans le menu "Fichier" (au haut à gauche) et choisis "Enregistrer le rapport"; sauvegarde-le sur le Bureau. Il sera au format .csv (accessible par Excel ou programme similaire, sinon le Bloc-notes peut être utilisé).
  
• Copie/colle le contenu du rapport dans ta réponse. Ferme la fenêtre de l'outil en cliquant sur le "X". S'il y a invite "Souhaitez-vous vraiment fermer l'application ?"; clique "Oui".
  

[maxou39]

Bonsoir Gof,

 

Mon frangin est absent ce week-end et je ne sais pas ce qu'il veut sauvegarder sur son ordi.

Je ferais donc la manip Lundi après qu'il ait fait la sauvegarde.

Apparemment il est sévérement infecté d'après ce que tu me dis.

Bon week end à toi.