Connection a internet avec internet explorer mais pas firefox

h8nter · Octobre 8, 2008, 11:25

Voici mon problème :

J’ai internet explorer et mozilla firefox. Avec internet explorer, j’arrive à me connecter sur internet. Avec mozilla firefox, je narrive pas à me connecter. Sa me met “La connexion a échoué”. J’ai désinstallé mozilla et je l’ai réinstallé. Mais, toujours se même problème.

Mes vérifications :

Mes pare-feux
Passer CCleaner
SmitfraudFix
Scaner avec Spybot - Search & Destroy
J’AI MEME FAIT “UN POINT DE RESTAURATION DU SYSTEME” DE 2 JOURS

Mon OS:
Vista

Version Mozilla:
Jai testé avec 3.0.1 et le 3.0.3 (la tout nouvelle)
Aucun ne marche

Si vous voulez plus renseignements ou quoi se soit pour m’aider, demander moi. (Je suis sur que j’ai oublié de motionner quelque chose.)

Merci

cricri58 · Octobre 8, 2008, 11:30

salut
poste un log hijackthis
www.trendsecure.com…
regarde generer un rapport
pagesperso-orange.fr…

Telecharges malwarebytes [www.clubic.com...](http://www.clubic.com/telecharger-fiche215092-malwarebytes-anti-malware.html) fais une Analyse Complete en MODE SANSECHEC +SUPPPRESSIONS des infections et poste le rapport [www.malekal.com...](http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php)

h8nter · Octobre 8, 2008, 12:37

Voici deja pour le raport du hijackthis : (je vais faire le malwarebytes plus tard)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:50, on 08.10.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www2.tsr.ch…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.hp.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: luciolis2.servegame.com 80.239.180.113
O1 - Hosts: luciolis2.servegame.com 91.121.124.125
O1 - Hosts: luciolis2.servegame.com 91.121.106.15
O1 - Hosts: luciolis2.servegame.com 91.121.69.136
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {280EE6F9-E414-4D35-8FEF-8180BB5AC916} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: (no name) - {3BF790FA-E3F6-4586-AC04-CF2E10F8A4F9} - (no file)
O2 - BHO: (no name) - {5D6A8F09-49FA-4B50-BBAC-D53C87DAE565} - (no file)
O2 - BHO: (no name) - {6EB0FAEE-B540-4673-A46B-4BE0863C7AB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8264DEBA-39F1-40E9-9383-38667FB9FDDB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {91244A2F-22FB-408C-896D-3E818F395E04} - (no file)
O2 - BHO: (no name) - {99F8C069-FF4C-4B4F-BED5-673964634D36} - (no file)
O2 - BHO: (no name) - {AA2C14BA-4D53-4DEB-A820-0C19ED842312} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: (no name) - {E5DFECB9-6E5A-4799-975E-49D8F686A393} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM…\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM…\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM…\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM…\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM…\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKLM…\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM…\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM…\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM…\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM…\Run: [PDF Complete] “C:\Program Files\PDF Complete\pdfsty.exe”
O4 - HKLM…\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM…\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU…\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU…\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE RÉSEAU’)
O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program… Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program… Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program… Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE…
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l’&image au périphérique Bluetooth… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra ‘Tools’ menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program… Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O13 - Gopher Prefix:
O15 - Trusted Zone: www.secuser.com…
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

–
End of file - 12063 bytes

cricri58 · Octobre 8, 2008, 12:44

Ok infections !!!
Fais comme dis Malwarebytes en MODE SANS ECHEC Analyse Complete +SUPPRESSIONS des Infections et poste le rapport

On Fixera des lignes plus tard !!

Un autre Membre prendra le relais je vais au taf !!! il seront la guigui14100 ,Lustu etc..:super:

h8nter · Octobre 8, 2008, 7:38

Bon, voici le rapport pour Malwarebytes :

Malwarebytes’ Anti-Malware 1.28
Version de la base de données: 1134
Windows 6.0.6001 Service Pack 1

08.10.2008 19:31:09
mbam-log-2008-10-08 (19-31-03).txt

Type de recherche: Examen complet (C:|E:|F:|)
Eléments examinés: 233930
Temps écoulé: 43 minute(s), 29 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Windows\System32\netrax03 (Trojan.Agent) -> No action taken.

Fichier(s) infecté(s):
C:\Windows\System32\pac.txt (Malware.Trace) -> No action taken.
C:\Windows\System32\clkcnt.txt (Trojan.Vundo) -> No action taken.

Apres avoir enlever les infection, j’arrive toujours pas a aller sur internet avec mozilla.
Edité le 08/10/2008 à 19:40

guigui14100 · Octobre 8, 2008, 8:31

Salut

h8nter:

Bon, voici le rapport pour Malwarebytes :

Malwarebytes’ Anti-Malware 1.28
Version de la base de données: 1134
Windows 6.0.6001 Service Pack 1

08.10.2008 19:31:09
mbam-log-2008-10-08 (19-31-03).txt

Type de recherche: Examen complet (C:|E:|F:|)
Eléments examinés: 233930
Temps écoulé: 43 minute(s), 29 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Windows\System32\netrax03 (Trojan.Agent) -> No action taken.

Fichier(s) infecté(s):
C:\Windows\System32\pac.txt (Malware.Trace) -> No action taken.
C:\Windows\System32\clkcnt.txt (Trojan.Vundo) -> No action taken.

Apres avoir enlever les infection, j’arrive toujours pas a aller sur internet avec mozilla.

Pas beaucoup de détection de vundo sa sent la nouvelle variante sa…

1°) Vide les dossier temporaire avec[ ATF cleaner[/url] [b][url=http://guigui14100.over-blog.fr/article-22937239.html](tutorial)](http://www.atribune.org/ccount/click.php?id=1)[/b]

2°)Utilise combofix laisse travailler et colle le rapport

h8nter · Octobre 8, 2008, 9:15

J’ai vider les dossier temporaire avec ATF cleaner.

Et voici se que c’est mis dans le rapport du combofix :

ComboFix 08-10-08.01 - Yee Wing 2008-10-08 20:57:34.1 - NTFSx86
Microsoft® Windows Vista Professionnel 6.0.6001.1.1252.1.1036.18.986 [GMT 2:00]
Lancé depuis: C:\Users\Yee Wing\Downloads\DL\ComboFix.exe

Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\aGjTDcdd.ini
C:\Windows\system32\EhgPWELm.ini
C:\Windows\system32\lorrXxyb.ini
C:\Windows\system32\MSINET.oca
C:\Windows\system32\nqqrrYay.ini
C:\Windows\system32\pac.txt
C:\Windows\system32\QAdedfii.ini
C:\Windows\system32\sruBLoYb.ini
C:\Windows\system32\tEgjRqss.ini
C:\Windows\system32\TsCdLoWa.ini
F:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-08 au 2008-10-08 ))))))))))))))))))))))))))))))))))))
.

2008-10-08 11:42 . 2008-10-08 11:42 d-------- C:\Users\Yee Wing\AppData\Roaming\Malwarebytes
2008-10-08 11:42 . 2008-10-08 11:42 d-------- C:\Users\All Users\Malwarebytes
2008-10-08 11:42 . 2008-10-08 11:42 d-------- C:\ProgramData\Malwarebytes
2008-10-08 11:42 . 2008-10-08 11:42 d-------- C:\Program Files\Malwarebytes’ Anti-Malware
2008-10-07 23:09 . 2008-10-07 23:09 d-------- C:\Users\Yee Wing\AppData\Roaming\Mozilla(100)
2008-10-04 18:18 . 2008-10-08 20:24 d-------- C:\Users\Yee Wing\AppData\Roaming\teamspeak2
2008-10-04 18:17 . 2008-10-04 18:17 34,064 --a------ C:\Windows\System32\lhacm.acm
2008-10-04 18:16 . 2008-10-04 18:18 d-------- C:\Program Files\Teamspeak2_RC2
2008-10-03 15:11 . 2008-10-03 20:27 8,224 --a------ C:\Windows\System32\GDIPFONTCACHEV1.DAT
2008-10-01 18:18 . 2008-10-08 20:24 d-------- C:\Program Files\WowCartographe
2008-09-29 19:40 . 2008-10-05 11:46 d-------- C:\Program Files\World of Warcraft
2008-09-29 19:34 . 2008-09-29 20:55 d-------- C:\Windows\Patch Darluok
2008-09-29 18:32 . 2008-09-29 18:32 d–h----- C:\Windows\PIF
2008-09-25 22:39 . 2008-09-25 22:39 42,675 --a------ C:\FRAGLIST.HTM
2008-09-24 07:15 . 2008-08-17 12:33 678,408 --a------ C:\Windows\System32\gpprefcl.dll
2008-09-19 22:58 . 2001-05-04 11:05 505,104 --a------ C:\Windows\System32\msxml.dll
2008-09-19 22:58 . 1998-06-18 00:00 89,360 --a------ C:\Windows\System32\VB5DB.DLL
2008-09-19 22:58 . 2000-03-17 07:21 69,632 --a------ C:\Windows\System32\xmltok.dll
2008-09-19 22:58 . 2000-03-17 07:21 36,864 --a------ C:\Windows\System32\xmlparse.dll
2008-09-19 22:58 . 2002-04-24 12:43 35,840 --a------ C:\Windows\System32\comdlg32.oca
2008-09-19 22:58 . 2001-05-04 11:05 28,432 --a------ C:\Windows\System32\msxmlr.dll
2008-09-19 22:58 . 2002-10-17 09:35 26,096 --a------ C:\Windows\System32\xmlinst.exe
2008-09-19 22:58 . 2002-01-07 14:30 24,576 --a------ C:\Windows\System32\msxml3a.dll
2008-09-19 22:40 . 2008-09-19 22:58 d-------- C:\Program Files\Ubisoft
2008-09-17 18:22 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-09-17 18:22 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-09-17 18:22 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-09-17 18:22 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-09-17 18:21 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-09-17 18:21 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-09-17 18:21 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-09-17 18:21 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-09-17 18:21 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-09-14 14:18 . 2008-10-08 20:24 d-------- C:\Program Files\EClea2_0
2008-09-13 22:45 . 2008-09-30 21:01 d-------- C:\Program Files\Rune Online
2008-09-11 18:30 . 2008-09-11 18:30 d-------- C:\Program Files\GIMP
2008-09-11 17:15 . 2008-09-11 17:15 d-------- C:\Program Files\Finitia-World
2008-09-10 07:11 . 2008-09-10 07:11 d-------- C:\Windows\CheckSur
2008-09-10 07:10 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-10 07:10 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-10 07:10 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-10 07:10 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-10 07:10 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-10 07:10 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-10 07:10 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-10 07:10 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-10 07:10 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-09 19:33 . 2008-09-09 19:33 143,713 --a------ C:\FRAGLIST.LUAR

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-08 18:24 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-10-08 18:24 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-10-08 18:24 --------- d-----w C:\ProgramData\Microsoft Help
2008-10-08 18:24 --------- d-----w C:\Program Files\Symantec
2008-10-08 18:24 --------- d-----w C:\Program Files\Norton Security Scan
2008-10-08 18:24 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-10-08 18:24 --------- d-----w C:\Program Files\Microsoft Synchronization Services
2008-10-08 18:24 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-10-08 18:24 --------- d-----w C:\Program Files\Lineage II
2008-10-08 18:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-08 18:01 --------- d-----w C:\ProgramData\Symantec
2008-10-08 17:59 --------- d-----w C:\Users\Yee Wing\AppData\Roaming\Mozilla(819)
2008-10-08 08:36 --------- d-----w C:\Users\Yee Wing\AppData\Roaming\Mozilla(785)
2008-10-06 08:24 65,536 ----a-w C:\Windows\system32\drivers\CnxE2FS.bin
2008-10-03 18:41 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-03 15:53 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-10-03 15:52 --------- d-----w C:\Program Files\No-IP
2008-10-03 13:01 --------- d-----w C:\Program Files\Norton Internet Security
2008-10-03 13:01 --------- d-----w C:\Program Files\Microsoft Works
2008-10-03 13:01 --------- d-----w C:\Program Files\Google
2008-09-30 04:46 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-09-21 14:02 --------- d-----w C:\Users\Yee Wing\AppData\Roaming\Skype
2008-09-19 20:42 --------- d-----w C:\Program Files\NCSoft
2008-09-16 15:11 --------- d-----w C:\Program Files\Hp
2008-09-12 11:10 --------- d-----w C:\Program Files\Gpotato.eu
2008-09-11 16:36 --------- d-----w C:\Users\Yee Wing\AppData\Roaming\gtk-2.0
2008-09-09 15:43 65,536 ----a-w C:\Windows\IFinst27.exe
2008-09-05 11:42 --------- d-----w C:\Program Files\BitComet
2008-09-01 17:32 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-30 17:11 --------- d-----w C:\Users\Yee Wing\AppData\Roaming\OpenOffice.org2
2008-08-20 05:47 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-13 14:12 --------- d-----w C:\ProgramData\ma-config.com
2008-08-13 14:12 --------- d-----w C:\Program Files\ma-config.com
2008-08-13 13:56 --------- d-----w C:\Program Files\Windows Mail
2008-08-12 18:44 130,208 ------r C:\Windows\bwUnin-8.1.1.87-8876480SL.exe
2008-08-12 17:03 --------- d-----w C:\Program Files\Common Files\Logitech
2008-08-12 17:03 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-08-12 16:50 127,034 ------r C:\Windows\bwUnin-8.1.1.50-8876480SL.exe
2008-08-12 16:50 --------- d-----w C:\Users\Yee Wing\AppData\Roaming\Logitech
2008-08-12 16:50 --------- d-----w C:\ProgramData\Logitech
2008-08-12 16:50 --------- d-----w C:\Program Files\Logitech
2008-08-12 16:49 0 —ha-w C:\Windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-08-12 16:46 --------- d-----w C:\ProgramData\LogiShrd
2008-08-08 08:57 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-08-07 12:37 24,880 ----a-w C:\Windows\System32\hpservice.exe
2008-08-07 12:33 14,640 ----a-w C:\Windows\System32\accelerometerdll.DLL
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-06-16 16:51 691 ----a-w C:\Users\Yee Wing\AppData\Roaming\GetValue.vbs
2008-06-16 16:51 35 ----a-w C:\Users\Yee Wing\AppData\Roaming\SetValue.bat
2008-05-14 13:39 174 --sha-w C:\Program Files\desktop.ini
2008-04-27 15:07 22,328 ----a-w C:\Users\Yee Wing\AppData\Roaming\PnkBstrK.sys
2008-02-24 12:03 32 ----a-w C:\Users\All Users\ezsid.dat
2008-02-24 12:03 32 ----a-w C:\ProgramData\ezsid.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe” [2008-01-19 1233920]
“LDM”=“C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe” [2008-08-12 91440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“PTHOSTTR”=“C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE” [2007-01-09 145184]
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2008-03-28 1045800]
“hpWirelessAssistant”=“C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe” [2007-03-01 472776]
“WAWifiMessage”=“C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe” [2007-01-10 317128]
“HP Health Check Scheduler”=“C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe” [2007-03-12 50696]
“ccApp”=“C:\Program Files\Common Files\Symantec Shared\ccApp.exe” [2007-01-09 115816]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 144784]
“QlbCtrl”=“C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe” [2007-05-02 163840]
“CognizanceTS”=“C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll” [2003-12-22 17920]
“SynTPStart”=“C:\Program Files\Synaptics\SynTP\SynTPStart.exe” [2007-09-15 102400]
“WatchDog”=“C:\Program Files\InterVideo\DVD Check\DVDCheck.exe” [2007-05-23 192512]
“Symantec PIF AlertEng”=“C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” [2008-01-29 583048]
“PDF Complete”=“C:\Program Files\PDF Complete\pdfsty.exe” [2007-05-08 331552]
“SoundMAXPnP”=“C:\Program Files\Analog Devices\Core\smax4pnp.exe” [2007-02-21 1183744]
“Kernel and Hardware Abstraction Layer”=“KHALMNPR.EXE” [2008-02-29 C:\Windows\KHALMNPR.Exe]

C:\Users\Yee Wing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Ubisoft register.lnk - C:\Program Files\Ubisoft\Register\schedule.exe [2008-09-19 28672]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 719664]
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2008-01-17 192512]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-08-12 91440]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-08-12 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableLUA”= 0 (0x0)
“PromptOnSecureDesktop”= 0 (0x0)
“EnableUIADesktopToggle”= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“VIDC.YV12”= yv12vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“UacDisableNotify”=dword:00000001
“InternetSettingsDisableNotify”=dword:00000001
“AutoUpdateDisableNotify”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
“C:\Program Files\NCsoft\Exteel\System\Exteel.exe”= C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel

[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
“{3FE66972-F637-4926-9F4A-ACB40D0C77E6}”= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
“{59A4E153-74CE-4F87-97A1-471D19004BFB}”= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
“TCP Query User{C66D9420-9E0E-4135-977D-4EC78DFA71BC}C:\program files\veoh networks\veoh\veohclient.exe”= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
“UDP Query User{FD112498-4373-4F4D-8D85-9D62F4356F25}C:\program files\veoh networks\veoh\veohclient.exe”= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
“TCP Query User{0137C282-A7DC-4575-8AF2-08DFA30A0A2C}C:\program files\real\realplayer\realplay.exe”= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
“UDP Query User{27AB923E-9EE0-4FBC-A0C8-54801971A036}C:\program files\real\realplayer\realplay.exe”= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
“TCP Query User{91E454C1-68B6-45CD-BC11-A5B19AAC60C2}C:\program files\internet explorer\iexplore.exe”= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
“UDP Query User{64E6F499-9F41-4DE2-973E-34CECC835F0E}C:\program files\internet explorer\iexplore.exe”= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
“TCP Query User{8510B5A3-EC42-45DA-9CC1-69903DAD0B69}C:\program files\mozilla firefox\firefox.exe”= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
“UDP Query User{1478CE57-F6ED-4360-9F96-E5A94248D973}C:\program files\mozilla firefox\firefox.exe”= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
“TCP Query User{3EC2BBA9-F821-4776-A4CA-9C762E08304A}C:\program files\k-lite codec pack\media player classic\mplayerc.exe”= UDP:C:\program files\k-lite codec pack\media player classic\mplayerc.exe:Media Player Classic
“UDP Query User{5CD7CA61-ED2D-46CA-AB64-81F004375D5B}C:\program files\k-lite codec pack\media player classic\mplayerc.exe”= TCP:C:\program files\k-lite codec pack\media player classic\mplayerc.exe:Media Player Classic
“{A9232EAF-1389-4BB3-8E48-7D692A7F12D8}”= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
“{B318721A-C295-4974-B6CA-D921B9F1CDCA}”= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
“TCP Query User{591B9427-71DC-44EE-B385-C3B3C16AE215}C:\program files\counter-strike source\hl2.exe”= UDP:C:\program files\counter-strike source\hl2.exe:hl2
“UDP Query User{A84632EF-E03B-4616-82D8-B8C14706C93B}C:\program files\counter-strike source\hl2.exe”= TCP:C:\program files\counter-strike source\hl2.exe:hl2
“{8308B0D8-D5FC-4793-BF94-FE5ED236D1A8}”= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
“{3729A430-C34B-4E3A-80E3-7856D22675DB}”= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
“{95546807-0F0C-413D-922B-093EF1A6E644}”= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
“{3EAE815E-E95A-4D14-BF84-82332F3F1946}”= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
“{5518156D-0628-41A3-BC5D-97543FBD587B}”= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
“{EF5B56F9-4A3D-49C8-B5F2-D48001164185}”= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
“{E4D24567-3586-4407-A934-F9896B600103}”= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
“{927BDE68-E57B-4390-8EE7-469E5EDD2C7E}”= UDP:C:\Program Files\AeriaGames\Project Torque\ProjectTorque.bin:Project Torque
“{EB42BA38-FBAE-41C8-B521-5F55826AC82D}”= TCP:C:\Program Files\AeriaGames\Project Torque\ProjectTorque.bin:Project Torque
“{3FEFA7DA-2BD4-4608-9280-C8041DFB257E}”= UDP:C:\Program Files\Lphant\eLePhantClient.exe:Lphant
“{F0686F61-1FD1-41DB-81A7-F0BAF8339759}”= TCP:C:\Program Files\Lphant\eLePhantClient.exe:Lphant
“{B1A055B8-90FA-44BE-8589-99152B40ED74}”= UDP:C:\Program Files\DNA\btdna.exe:DNA
“{5D4ADC66-8B4D-48CB-8AB3-C5032EBDF4B1}”= TCP:C:\Program Files\DNA\btdna.exe:DNA
“{D2498C47-89D3-4A28-BB34-6A9E5141FDDD}”= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
“{A4459DB7-B09A-4992-9BC1-9842C6C5DB22}”= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
“{620C144F-17DF-4B14-9104-B0052955A1ED}”= UDP:21455:BitComet 21455 TCP
“{7F0E4E22-4246-4F40-AD68-8B8B1A284E79}”= TCP:21455:BitComet 21455 UDP
“{B702DD95-E46D-4A14-B5B4-8864F6AC4F02}”= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
“{F42FC1C7-E944-4F39-ADD0-CF980B2B31EB}”= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
“{56ED4F8A-900A-4685-868D-07BC3A1D2A69}”= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
“{2B040D14-F9D7-41DD-B49C-AB274748F49E}”= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
“{BA1EA3A5-E397-4E5A-86AD-7C28EF09D186}”= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
“{4ED4D1E0-A459-4F6D-B209-EFA4B454B5F5}”= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
“{C8B581BB-25DD-4832-8235-1F75247452C1}”= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
“{AF5C6B21-C6A2-4A75-AEA8-C7B8BF7884F2}”= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
“{3EF35547-4FA1-4789-AB42-405DDA283521}”= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
“{8A55053E-3B40-43B3-A1E6-AA7BD2065479}”= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
“{04041D8F-43F5-4B1C-A036-53F634C3C898}”= UDP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
“{3700D2DC-77C1-476A-85AD-B0ADEDBB56E2}”= TCP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
“{649FDDCA-453C-40AE-AA2A-2DF0432921FD}”= UDP:21455:BitComet 21455 TCP
“{2022639C-141A-43A2-92C5-0C4B7BC7644E}”= TCP:21455:BitComet 21455 UDP
“TCP Query User{5E7AC18E-2A47-419F-80F6-9194DF71FBD7}C:\program files\bitcomet\bitcomet.exe”= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
“UDP Query User{A3598C5B-83FE-4327-B7B3-7A35EC6C5673}C:\program files\bitcomet\bitcomet.exe”= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client

[HKLM~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
“C:\Program Files\NCsoft\Exteel\System\Exteel.exe”= C:\Program Files\NCsoft\Exteel\System\Exteel.exe::Enabled:Exteel
“C:\Program Files\BitTorrent\bittorrent.exe”= C:\Program Files\BitTorrent\bittorrent.exe::Enabled:BitTorrent

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 7680]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080314.001\IDSvix86.sys [2008-02-13 261680]
R2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-02-06 69632]
R2 ASBroker;Courtier de session de connexion;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 ASChannel;Canal de communication local;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe [2008-08-07 24880]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF Complete\pdfsvc.exe [2007-05-08 540448]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-29 3544064]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-26 179712]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 37936]
S3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2007-05-11 79664]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-05-11 81200]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-05-11 16432]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-07-25 191656]
S3 ultradfg;ultradfg;C:\Windows\system32\DRIVERS\ultradfg.sys [2008-03-09 23040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel

Newly Created Service - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {990BA001-D69F-9DB2-56CE-88E0399B30FB} /qb

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
“C:\Program Files\Common Files\LightScribe\LSRunOnce.exe”
.
Contenu du dossier ‘Tâches planifiées’

2008-09-29 C:\Windows\Tasks\Norton Internet Security - Analyse système complète - Yee Wing.job

C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-13 19:09]

2008-10-08 C:\Windows\Tasks\User_Feed_Synchronization-{66E96ECC-F837-46A9-9D79-A34D820C4E52}.job

C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]
.
- - - ORPHELINS SUPPRIMES - - - -

BHO-{3BF790FA-E3F6-4586-AC04-CF2E10F8A4F9} - (no file)
BHO-{5D6A8F09-49FA-4B50-BBAC-D53C87DAE565} - (no file)
BHO-{6EB0FAEE-B540-4673-A46B-4BE0863C7AB3} - (no file)
BHO-{8264DEBA-39F1-40E9-9383-38667FB9FDDB} - (no file)
BHO-{91244A2F-22FB-408C-896D-3E818F395E04} - (no file)
BHO-{99F8C069-FF4C-4B4F-BED5-673964634D36} - (no file)
BHO-{AA2C14BA-4D53-4DEB-A820-0C19ED842312} - (no file)
BHO-{E5DFECB9-6E5A-4799-975E-49D8F686A393} - (no file)

.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Users\Yee Wing\AppData\Roaming\Mozilla\Firefox\Profiles\4kxbi805.default
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.ch…
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\ma-config.com\nphardwaredetection.dll
FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF -: plugin - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2008-10-08 21:04:39
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés …

Recherche d’éléments en démarrage automatique cachés …

Recherche de fichiers cachés …

Scan terminé avec succès
Fichiers cachés: 0

.
------------------------ Autres processus actifs ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\agrsmsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\System32\conime.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
.

.
Heure de fin: 2008-10-08 21:10:41 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-08 19:10:22

Avant-CF: 23’722’594’304 octets libres
Après-CF: 24,212,619,264 octets libres

330 — E O F — 2008-10-03 22:30:30

Mais, toujours le meme probleme

cricri58 · Octobre 8, 2008, 11:02

salut
en Mode Classique rends toi ici
Bitdefender online scanner avec Explorer
www.bitdefender.com…

Tu diras si il y a eu des suppressions
ensuite
On va utiliser Ccleaner
Télécharger CCleaner sur le bureau:
Ne le télécharge pas si tu l’as déjà !
www.ccleaner.com…
Une fois sur le bureau, clic sur l’install de CCleaner.

Mais avant de cliquer sur le bouton “installer”, décoche toutes les “options supplémentaires”.
Ensuite, clique sur “Options”, “Avancé” et décoche la case—
“Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures”.
Clique sur l’onglet “Nettoyeur” puis sur “Lancer le Nettoyage”.
-> Ensuite clique sur l’icone Registre, à droite, clique sur “Chercher des erreurs” puis sur “Réparer les erreurs sélectionnées”.

Accepte la sauvegarde, de la BDR (base de registre )qu’il propose .
Je te conseille de le repasser au moins deux fois,( jusqu’à qu’il ne trouve plus d’erreurs.)
redemarres ton PC

et poste un nouveau log hijackthis que l on regarde pour fixer des lignes et la suite a donner !!
:hello:

guigui14100 · Octobre 8, 2008, 11:08

Tu as encore des fichier infectieux je fini analyser ton rapport et je te dit quoi faire

guigui14100 · Octobre 8, 2008, 11:24

Upload sa sur [virustotal[/url] url=http://guigui14100.over-blog.fr/article-22971534.html](http://www.virustotal.com/fr/)
et colle le rapport

+1 pour bitdefender ;) [b][(Tutorial au cas ou)](http://guigui14100.over-blog.fr/article-22938285.html)[/b] Edité le 08/10/2008 à 23:25

h8nter · Octobre 9, 2008, 5:40

Je vais quand meme vous raconter quelque chose avant, je sais pas si sa peux resoudre se probleme. J’etais avec la version 3.0.2 du firefox. Ils m’ont proposer la mise a jour en 3.0.3 et je l’ai fait. Depuit, j’arrive plus a aller sur internet avec. et quand je vais sous "Rechercher les mise a jour… " il me dise “AUS : Fichier XML de mise à jour mal formé (200)” je suis aller chercher sur google. Et, je suis tomber sur cette page. J’ai essaier leur metode qui dit d’effacer tout trace de firefox et de le réinstaller. Mais toujours blocker.

Si non voici pour le rapport du hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30:36, on 09.10.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www2.tsr.ch…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM…\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM…\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM…\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM…\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKLM…\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM…\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM…\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM…\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM…\Run: [PDF Complete] “C:\Program Files\PDF Complete\pdfsty.exe”
O4 - HKLM…\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM…\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU…\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU…\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE RÉSEAU’)
O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program… Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program… Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program… Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE…
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l’&image au périphérique Bluetooth… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra ‘Tools’ menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program… Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O13 - Gopher Prefix:
O15 - Trusted Zone: www.secuser.com…
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com…
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

–
End of file - 11747 bytes

h8nter · Octobre 9, 2008, 5:59

Et voici les raports sur les fichier demander par guigui14100

Fichier xmlinst.exe reçu le 2008.07.04 00:17:34 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.7.4.0 2008.07.03 -
AntiVir 7.8.0.64 2008.07.03 -
Authentium 5.1.0.4 2008.07.03 -
Avast 4.8.1195.0 2008.07.03 -
AVG 7.5.0.516 2008.07.03 -
BitDefender 7.2 2008.07.03 -
CAT-QuickHeal 9.50 2008.07.03 -
ClamAV 0.93.1 2008.07.03 -
DrWeb 4.44.0.09170 2008.07.03 -
eSafe 7.0.17.0 2008.07.03 -
eTrust-Vet 31.6.5922 2008.07.02 -
Ewido 4.0 2008.07.03 -
F-Prot 4.4.4.56 2008.07.03 -
F-Secure 7.60.13501.0 2008.07.03 -
Fortinet 3.14.0.0 2008.07.04 -
GData 2.0.7306.1023 2008.07.03 -
Ikarus T3.1.1.26.0 2008.07.03 -
Kaspersky 7.0.0.125 2008.07.03 -
McAfee 5331 2008.07.03 -
Microsoft 1.3704 2008.07.03 -
NOD32v2 3239 2008.07.03 -
Norman 5.80.02 2008.07.03 -
Panda 9.0.0.4 2008.07.03 -
Prevx1 V2 2008.07.04 -
Rising 20.51.32.00 2008.07.03 -
Sophos 4.30.0 2008.07.03 -
Sunbelt 3.1.1509.1 2008.07.03 -
Symantec 10 2008.07.03 -
TheHacker 6.2.96.369 2008.07.03 -
TrendMicro 8.700.0.1004 2008.07.03 -
VBA32 3.12.6.8 2008.07.03 -
VirusBuster 4.5.11.0 2008.07.03 -
Webwasher-Gateway 6.6.2 2008.07.03 Win32.Malware.gen (suspicious)

Information additionnelle
File size: 26096 bytes
MD5…: 50122c134a785da65946b8b1eba2391e
SHA1…: 68e77870f30429ed9246415b7d63d0f69bdfb707
SHA256: f79b8eed63f2ba2a11e5d46248e0b762ff80c0f1621a642789af7faee19ae589
SHA512: bc3d4c9ecb1b9ed5621fb0a9f69e1a8498152c92b30a1a4c2a7bd1381dee252f
28204da79fc380c22bfee8a73c18646c837a569ccc870286ba03917e1b1c9bf2
PEiD…: InstallShield 2000
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10032e0
timedatestamp…: 0x3c3a4827 (Tue Jan 08 01:15:19 2002)
machinetype…: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2800 0x2800 6.14 9af374788a20e1ce364b0d61dc470299
.data 0x4000 0x7f0 0x400 3.30 90d9b0df2faa3b7568e27b12b311874f
.rsrc 0x5000 0x33f0 0x33f0 5.65 e4d4d26c03b7e96bf2ab747fe69a41a7

( 3 imports )
> MSVCRT.dll: __p__fmode, __set_app_type, __p__commode, _initterm, printf, __setusermatherr, _adjust_fdiv, _exit, _stricmp, __3@YAXPAX@Z, memmove, __2@YAPAXI@Z, _iob, fprintf, __getmainargs, __p___initenv, exit, _XcptFilter, _except_handler3, _controlfp
> ADVAPI32.dll: RegOpenKeyA, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyExA, RegCloseKey, RegDeleteKeyA
> KERNEL32.dll: LoadLibraryA, GetProcAddress, lstrlenA, lstrcpyA, GetCurrentDirectoryA, lstrlenW, GetModuleHandleW

( 0 exports )

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.7.4.0 2008.07.03 -
AntiVir 7.8.0.64 2008.07.03 -
Authentium 5.1.0.4 2008.07.03 -
Avast 4.8.1195.0 2008.07.03 -
AVG 7.5.0.516 2008.07.03 -
BitDefender 7.2 2008.07.03 -
CAT-QuickHeal 9.50 2008.07.03 -
ClamAV 0.93.1 2008.07.03 -
DrWeb 4.44.0.09170 2008.07.03 -
eSafe 7.0.17.0 2008.07.03 -
eTrust-Vet 31.6.5922 2008.07.02 -
Ewido 4.0 2008.07.03 -
F-Prot 4.4.4.56 2008.07.03 -
F-Secure 7.60.13501.0 2008.07.03 -
Fortinet 3.14.0.0 2008.07.04 -
GData 2.0.7306.1023 2008.07.03 -
Ikarus T3.1.1.26.0 2008.07.03 -
Kaspersky 7.0.0.125 2008.07.03 -
McAfee 5331 2008.07.03 -
Microsoft 1.3704 2008.07.03 -
NOD32v2 3239 2008.07.03 -
Norman 5.80.02 2008.07.03 -
Panda 9.0.0.4 2008.07.03 -
Prevx1 V2 2008.07.04 -
Rising 20.51.32.00 2008.07.03 -
Sophos 4.30.0 2008.07.03 -
Sunbelt 3.1.1509.1 2008.07.03 -
Symantec 10 2008.07.03 -
TheHacker 6.2.96.369 2008.07.03 -
TrendMicro 8.700.0.1004 2008.07.03 -
VBA32 3.12.6.8 2008.07.03 -
VirusBuster 4.5.11.0 2008.07.03 -
Webwasher-Gateway 6.6.2 2008.07.03 Win32.Malware.gen (suspicious)

Information additionnelle
File size: 26096 bytes
MD5…: 50122c134a785da65946b8b1eba2391e
SHA1…: 68e77870f30429ed9246415b7d63d0f69bdfb707
SHA256: f79b8eed63f2ba2a11e5d46248e0b762ff80c0f1621a642789af7faee19ae589
SHA512: bc3d4c9ecb1b9ed5621fb0a9f69e1a8498152c92b30a1a4c2a7bd1381dee252f
28204da79fc380c22bfee8a73c18646c837a569ccc870286ba03917e1b1c9bf2
PEiD…: InstallShield 2000
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10032e0
timedatestamp…: 0x3c3a4827 (Tue Jan 08 01:15:19 2002)
machinetype…: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2800 0x2800 6.14 9af374788a20e1ce364b0d61dc470299
.data 0x4000 0x7f0 0x400 3.30 90d9b0df2faa3b7568e27b12b311874f
.rsrc 0x5000 0x33f0 0x33f0 5.65 e4d4d26c03b7e96bf2ab747fe69a41a7

( 3 imports )
> MSVCRT.dll: __p__fmode, __set_app_type, __p__commode, _initterm, printf, __setusermatherr, _adjust_fdiv, _exit, _stricmp, __3@YAXPAX@Z, memmove, __2@YAPAXI@Z, _iob, fprintf, __getmainargs, __p___initenv, exit, _XcptFilter, _except_handler3, _controlfp
> ADVAPI32.dll: RegOpenKeyA, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyExA, RegCloseKey, RegDeleteKeyA
> KERNEL32.dll: LoadLibraryA, GetProcAddress, lstrlenA, lstrcpyA, GetCurrentDirectoryA, lstrlenW, GetModuleHandleW

( 0 exports )

Fichier bwUnin-8.1.1.50-8876480SL.exe_ reçu le 2008.10.05 18:19:42 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.3.2 2008.10.03 -
AntiVir 7.8.1.34 2008.10.04 -
Authentium 5.1.0.4 2008.10.05 -
Avast 4.8.1248.0 2008.10.04 -
AVG 8.0.0.161 2008.10.05 -
BitDefender 7.2 2008.10.05 -
CAT-QuickHeal 9.50 2008.10.04 -
ClamAV 0.93.1 2008.10.05 -
DrWeb 4.44.0.09170 2008.10.05 -
eSafe 7.0.17.0 2008.10.05 -
eTrust-Vet 31.6.6129 2008.10.04 -
Ewido 4.0 2008.10.05 -
F-Prot 4.4.4.56 2008.10.05 -
F-Secure 8.0.14332.0 2008.10.05 Suspicious:W32/Netsnake.n!Gemini
Fortinet 3.113.0.0 2008.10.04 -
GData 19 2008.10.05 -
Ikarus T3.1.1.34.0 2008.10.05 -
K7AntiVirus 7.10.484 2008.10.04 -
Kaspersky 7.0.0.125 2008.10.05 -
McAfee 5398 2008.10.04 -
Microsoft 1.4005 2008.10.05 -
NOD32 3495 2008.10.04 -
Norman 5.80.02 2008.10.03 -
Panda 9.0.0.4 2008.10.05 -
PCTools 4.4.2.0 2008.10.05 -
Prevx1 V2 2008.10.05 -
Rising 20.63.62.00 2008.09.28 -
SecureWeb-Gateway 6.7.6 2008.10.05 -
Sophos 4.34.0 2008.10.05 -
Sunbelt 3.1.1668.1 2008.09.24 -
Symantec 10 2008.10.05 -
TheHacker 6.3.1.0.101 2008.10.04 -
TrendMicro 8.700.0.1004 2008.10.03 -
VBA32 3.12.8.6 2008.10.05 -
ViRobot 2008.10.4.1406 2008.10.04 -
VirusBuster 4.5.11.0 2008.10.05 -

Information additionnelle
File size: 127034 bytes
MD5…: 21007bd289539a3ca0d0f3653dc11258
SHA1…: 3f748144d07cd7609dae51ae0588f46e994c73c4
SHA256: 072408c4c02de98c6dfcfa83b86f2dfebeadd1a085c371d2d8b78df9c9e670dc
SHA512: 1063aac29899b35575a6f6369033b4855dcfcddfe733b7690042cd7af9d692c5
ca62c73f4fbb12707abb4ed8be4215b4b369f5a55a34407309bb815bf51cf90b
PEiD…: Armadillo v1.71
TrID…: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40e536
timedatestamp…: 0x455910f7 (Tue Nov 14 00:42:31 2006)
machinetype…: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xe10e 0xf000 6.21 e916f8864e9c7b2fe0b96bef1e5f7e45
.rdata 0x10000 0x3c02 0x4000 5.35 5a9c9f9f9ff15ff15dcdd43eb0033aa1
.data 0x14000 0xb6e8 0x9000 4.90 fa1f2d7ab0d9fd1e4b379009d219da58
.rsrc 0x20000 0x1480 0x2000 3.33 5d1e5c5971a2cfe084c97dd0e154025e

( 8 imports )
> MSVCRT.dll: _except_handler3, _controlfp, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _XcptFilter, _exit, _onexit, __dllonexit, _chsize, fseek, fwrite, fread, _get_osfhandle, sscanf, _stat, swprintf, memset, strchr, realloc, atoi, fgets, _mbschr, _mbsdec, strncat, malloc, free, _purecall, ctime, fprintf, fflush, ftell, rename, memcpy, _iob, vfprintf, fopen, _unlink, _ftime, _strnicmp, memcmp, strrchr, _setmbcp, _snprintf, _mbslwr, strcpy, strlen, _errno, sprintf, _mbsrchr, __CxxFrameHandler, _mbsicmp, __3@YAXPAX@Z, strcat, strcmp, _rmdir, toupper, _ultoa, strncmp, _findnext, remove, strncpy, strstr, _findclose, __2@YAPAXI@Z, _chmod, _findfirst, _stricmp, fclose
> MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> KERNEL32.dll: ReleaseMutex, GetModuleHandleA, GetFileType, PeekNamedPipe, GetFileTime, GetFileSize, RemoveDirectoryA, LocalFree, OpenMutexA, Sleep, lstrlenW, WideCharToMultiByte, GetTickCount, MultiByteToWideChar, CreateDirectoryA, MoveFileExA, GetWindowsDirectoryA, GetCurrentThread, GetPrivateProfileSectionNamesA, GetPrivateProfileStringA, GetPrivateProfileSectionA, SetLastError, ExpandEnvironmentStringsA, GetEnvironmentVariableA, SetEnvironmentVariableA, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, GetCurrentThreadId, GetCurrentProcess, OpenProcess, TerminateProcess, GetSystemDirectoryA, WritePrivateProfileStringA, lstrcmpA, GetTempPathA, LoadLibraryExA, GetFileAttributesA, DeleteFileA, CopyFileA, GetLocaleInfoA, SetFileAttributesA, lstrcatA, SleepEx, FindResourceA, LoadResource, SearchPathA, GetShortPathNameA, GetModuleFileNameA, GetStartupInfoA, CreateProcessA, LoadLibraryA, GetProcAddress, FreeLibrary, CloseHandle, CreateMutexA, lstrlenA, GetLastError, lstrcpyA, GetVersionExA, WaitForSingleObject
> USER32.dll: GetClassNameA, SendMessageTimeoutA, FindWindowA, EnumWindows, GetLastActivePopup, IsWindow, PostMessageA, ExitWindowsEx, IsIconic, GetClientRect, DrawIcon, MessageBoxA, SystemParametersInfoA, UpdateWindow, KillTimer, SendMessageA, SetTimer, EnableWindow, LoadIconA, MsgWaitForMultipleObjects, PeekMessageA, GetSystemMetrics, DispatchMessageA, TranslateMessage, LoadStringA
> ADVAPI32.dll: RegEnumKeyA, RegDeleteKeyA, RegFlushKey, GetServiceKeyNameA, OpenSCManagerA, CloseServiceHandle, LookupPrivilegeValueA, AdjustTokenPrivileges, GetUserNameA, RegSetValueExA, RegEnumValueA, RegCloseKey, RegCreateKeyExA, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, OpenProcessToken, RegDeleteValueA, RegQueryInfoKeyA, RegOpenKeyExA, RegQueryValueExA
> SHELL32.dll: SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc
> ole32.dll: CoTaskMemFree, CoUninitialize, StringFromCLSID, CLSIDFromProgID, CoInitialize, CoCreateInstance
> OLEAUT32.dll: -, -

( 2 exports )
GetUninstallerPath, RemoveUnusedVersions

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.3.2 2008.10.03 -
AntiVir 7.8.1.34 2008.10.04 -
Authentium 5.1.0.4 2008.10.05 -
Avast 4.8.1248.0 2008.10.04 -
AVG 8.0.0.161 2008.10.05 -
BitDefender 7.2 2008.10.05 -
CAT-QuickHeal 9.50 2008.10.04 -
ClamAV 0.93.1 2008.10.05 -
DrWeb 4.44.0.09170 2008.10.05 -
eSafe 7.0.17.0 2008.10.05 -
eTrust-Vet 31.6.6129 2008.10.04 -
Ewido 4.0 2008.10.05 -
F-Prot 4.4.4.56 2008.10.05 -
F-Secure 8.0.14332.0 2008.10.05 Suspicious:W32/Netsnake.n!Gemini
Fortinet 3.113.0.0 2008.10.04 -
GData 19 2008.10.05 -
Ikarus T3.1.1.34.0 2008.10.05 -
K7AntiVirus 7.10.484 2008.10.04 -
Kaspersky 7.0.0.125 2008.10.05 -
McAfee 5398 2008.10.04 -
Microsoft 1.4005 2008.10.05 -
NOD32 3495 2008.10.04 -
Norman 5.80.02 2008.10.03 -
Panda 9.0.0.4 2008.10.05 -
PCTools 4.4.2.0 2008.10.05 -
Prevx1 V2 2008.10.05 -
Rising 20.63.62.00 2008.09.28 -
SecureWeb-Gateway 6.7.6 2008.10.05 -
Sophos 4.34.0 2008.10.05 -
Sunbelt 3.1.1668.1 2008.09.24 -
Symantec 10 2008.10.05 -
TheHacker 6.3.1.0.101 2008.10.04 -
TrendMicro 8.700.0.1004 2008.10.03 -
VBA32 3.12.8.6 2008.10.05 -
ViRobot 2008.10.4.1406 2008.10.04 -
VirusBuster 4.5.11.0 2008.10.05 -

Information additionnelle
File size: 127034 bytes
MD5…: 21007bd289539a3ca0d0f3653dc11258
SHA1…: 3f748144d07cd7609dae51ae0588f46e994c73c4
SHA256: 072408c4c02de98c6dfcfa83b86f2dfebeadd1a085c371d2d8b78df9c9e670dc
SHA512: 1063aac29899b35575a6f6369033b4855dcfcddfe733b7690042cd7af9d692c5
ca62c73f4fbb12707abb4ed8be4215b4b369f5a55a34407309bb815bf51cf90b
PEiD…: Armadillo v1.71
TrID…: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40e536
timedatestamp…: 0x455910f7 (Tue Nov 14 00:42:31 2006)
machinetype…: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xe10e 0xf000 6.21 e916f8864e9c7b2fe0b96bef1e5f7e45
.rdata 0x10000 0x3c02 0x4000 5.35 5a9c9f9f9ff15ff15dcdd43eb0033aa1
.data 0x14000 0xb6e8 0x9000 4.90 fa1f2d7ab0d9fd1e4b379009d219da58
.rsrc 0x20000 0x1480 0x2000 3.33 5d1e5c5971a2cfe084c97dd0e154025e

( 8 imports )
> MSVCRT.dll: _except_handler3, _controlfp, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _XcptFilter, _exit, _onexit, __dllonexit, _chsize, fseek, fwrite, fread, _get_osfhandle, sscanf, _stat, swprintf, memset, strchr, realloc, atoi, fgets, _mbschr, _mbsdec, strncat, malloc, free, _purecall, ctime, fprintf, fflush, ftell, rename, memcpy, _iob, vfprintf, fopen, _unlink, _ftime, _strnicmp, memcmp, strrchr, _setmbcp, _snprintf, _mbslwr, strcpy, strlen, _errno, sprintf, _mbsrchr, __CxxFrameHandler, _mbsicmp, __3@YAXPAX@Z, strcat, strcmp, _rmdir, toupper, _ultoa, strncmp, _findnext, remove, strncpy, strstr, _findclose, __2@YAPAXI@Z, _chmod, _findfirst, _stricmp, fclose
> MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> KERNEL32.dll: ReleaseMutex, GetModuleHandleA, GetFileType, PeekNamedPipe, GetFileTime, GetFileSize, RemoveDirectoryA, LocalFree, OpenMutexA, Sleep, lstrlenW, WideCharToMultiByte, GetTickCount, MultiByteToWideChar, CreateDirectoryA, MoveFileExA, GetWindowsDirectoryA, GetCurrentThread, GetPrivateProfileSectionNamesA, GetPrivateProfileStringA, GetPrivateProfileSectionA, SetLastError, ExpandEnvironmentStringsA, GetEnvironmentVariableA, SetEnvironmentVariableA, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, GetCurrentThreadId, GetCurrentProcess, OpenProcess, TerminateProcess, GetSystemDirectoryA, WritePrivateProfileStringA, lstrcmpA, GetTempPathA, LoadLibraryExA, GetFileAttributesA, DeleteFileA, CopyFileA, GetLocaleInfoA, SetFileAttributesA, lstrcatA, SleepEx, FindResourceA, LoadResource, SearchPathA, GetShortPathNameA, GetModuleFileNameA, GetStartupInfoA, CreateProcessA, LoadLibraryA, GetProcAddress, FreeLibrary, CloseHandle, CreateMutexA, lstrlenA, GetLastError, lstrcpyA, GetVersionExA, WaitForSingleObject
> USER32.dll: GetClassNameA, SendMessageTimeoutA, FindWindowA, EnumWindows, GetLastActivePopup, IsWindow, PostMessageA, ExitWindowsEx, IsIconic, GetClientRect, DrawIcon, MessageBoxA, SystemParametersInfoA, UpdateWindow, KillTimer, SendMessageA, SetTimer, EnableWindow, LoadIconA, MsgWaitForMultipleObjects, PeekMessageA, GetSystemMetrics, DispatchMessageA, TranslateMessage, LoadStringA
> ADVAPI32.dll: RegEnumKeyA, RegDeleteKeyA, RegFlushKey, GetServiceKeyNameA, OpenSCManagerA, CloseServiceHandle, LookupPrivilegeValueA, AdjustTokenPrivileges, GetUserNameA, RegSetValueExA, RegEnumValueA, RegCloseKey, RegCreateKeyExA, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, OpenProcessToken, RegDeleteValueA, RegQueryInfoKeyA, RegOpenKeyExA, RegQueryValueExA
> SHELL32.dll: SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc
> ole32.dll: CoTaskMemFree, CoUninitialize, StringFromCLSID, CLSIDFromProgID, CoInitialize, CoCreateInstance
> OLEAUT32.dll: -, -

( 2 exports )
GetUninstallerPath, RemoveUnusedVersions

Fichier bwUnin-8.1.1.87-8876480SL.exe reçu le 2008.10.05 12:37:43 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.3.2 2008.10.03 -
AntiVir 7.8.1.34 2008.10.04 -
Authentium 5.1.0.4 2008.10.04 -
Avast 4.8.1248.0 2008.10.04 -
AVG 8.0.0.161 2008.10.04 -
BitDefender 7.2 2008.10.05 -
CAT-QuickHeal 9.50 2008.10.04 -
ClamAV 0.93.1 2008.10.04 -
DrWeb 4.44.0.09170 2008.10.05 -
eSafe 7.0.17.0 2008.10.02 -
eTrust-Vet 31.6.6129 2008.10.04 -
Ewido 4.0 2008.10.05 -
F-Prot 4.4.4.56 2008.10.04 -
F-Secure 8.0.14332.0 2008.10.05 Suspicious:W32/Netsnake.n!Gemini
Fortinet 3.113.0.0 2008.10.04 -
GData 19 2008.10.05 -
Ikarus T3.1.1.34.0 2008.10.05 -
K7AntiVirus 7.10.484 2008.10.04 -
Kaspersky 7.0.0.125 2008.10.05 -
McAfee 5398 2008.10.04 -
Microsoft 1.4005 2008.10.05 -
NOD32 3495 2008.10.04 -
Norman 5.80.02 2008.10.03 -
Panda 9.0.0.4 2008.10.05 -
PCTools 4.4.2.0 2008.10.04 -
Prevx1 V2 2008.10.05 -
Rising 20.63.62.00 2008.09.28 -
SecureWeb-Gateway 6.7.6 2008.10.05 -
Sophos 4.34.0 2008.10.05 -
Sunbelt 3.1.1675.1 2008.09.27 -
Symantec 10 2008.10.05 -
TheHacker 6.3.1.0.101 2008.10.04 -
TrendMicro 8.700.0.1004 2008.10.03 -
VBA32 3.12.8.6 2008.10.04 -
ViRobot 2008.10.4.1406 2008.10.04 -
VirusBuster 4.5.11.0 2008.10.04 -

Information additionnelle
File size: 130208 bytes
MD5…: c84b25ae27af071a7fbad6bab574ec5d
SHA1…: c1b146c378e8b292f6fa42aad4702d38129eff43
SHA256: 17dd4f657a9ce9140362c485e4a261b54ef4ae51d97f4b990202b803c398f3e3
SHA512: 6f012e21149d989163f3909e124528d1e3d782e8fb48c310d0809f73e9bfb2b2
a2eacb55791a571e19045986068a8b928984baaac78a7d07f2b3d1fe525b5b48
PEiD…: Armadillo v1.71
TrID…: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40e536
timedatestamp…: 0x47e64e25 (Sun Mar 23 12:33:41 2008)
machinetype…: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xe116 0xf000 6.21 5cc4838c05a582ffe32700b762f2d085
.rdata 0x10000 0x3c02 0x4000 5.36 4e95d9eea8447cf0ec96c42d37a88f84
.data 0x14000 0xb718 0x9000 4.90 88029d506fe8c670961cc22c21a73fe8
.rsrc 0x20000 0x1480 0x2000 3.33 51821de9e562ddbcf3a639e2019ca827

( 8 imports )
> MSVCRT.dll: _except_handler3, _controlfp, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _XcptFilter, _exit, _onexit, __dllonexit, _chsize, fseek, fwrite, fread, _get_osfhandle, sscanf, _stat, swprintf, memset, strchr, realloc, atoi, fgets, _mbschr, _mbsdec, strncat, malloc, free, _purecall, ctime, fprintf, fflush, ftell, rename, memcpy, _iob, vfprintf, fopen, _unlink, _ftime, _strnicmp, memcmp, strrchr, _setmbcp, _snprintf, _mbslwr, strcpy, strlen, _errno, sprintf, _mbsrchr, __CxxFrameHandler, _mbsicmp, __3@YAXPAX@Z, strcat, strcmp, _rmdir, toupper, _ultoa, strncmp, _findnext, remove, strncpy, strstr, _findclose, __2@YAPAXI@Z, _chmod, _findfirst, _stricmp, fclose
> MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> KERNEL32.dll: ReleaseMutex, GetModuleHandleA, GetFileType, PeekNamedPipe, GetFileTime, GetFileSize, RemoveDirectoryA, LocalFree, OpenMutexA, Sleep, lstrlenW, WideCharToMultiByte, GetTickCount, MultiByteToWideChar, CreateDirectoryA, MoveFileExA, GetWindowsDirectoryA, GetCurrentThread, GetPrivateProfileSectionNamesA, GetPrivateProfileStringA, GetPrivateProfileSectionA, SetLastError, ExpandEnvironmentStringsA, GetEnvironmentVariableA, SetEnvironmentVariableA, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, GetCurrentThreadId, GetCurrentProcess, OpenProcess, TerminateProcess, GetSystemDirectoryA, WritePrivateProfileStringA, lstrcmpA, GetTempPathA, LoadLibraryExA, GetFileAttributesA, DeleteFileA, CopyFileA, GetLocaleInfoA, SetFileAttributesA, lstrcatA, SleepEx, FindResourceA, LoadResource, SearchPathA, GetShortPathNameA, GetModuleFileNameA, GetStartupInfoA, CreateProcessA, LoadLibraryA, GetProcAddress, FreeLibrary, CreateMutexA, WaitForSingleObject, GetLastError, lstrlenA, lstrcpyA, GetVersionExA, CloseHandle
> USER32.dll: GetClassNameA, SendMessageTimeoutA, FindWindowA, EnumWindows, GetLastActivePopup, IsWindow, PostMessageA, ExitWindowsEx, IsIconic, GetClientRect, DrawIcon, MessageBoxA, SystemParametersInfoA, UpdateWindow, KillTimer, SendMessageA, SetTimer, EnableWindow, LoadIconA, MsgWaitForMultipleObjects, PeekMessageA, GetSystemMetrics, DispatchMessageA, TranslateMessage, LoadStringA
> ADVAPI32.dll: RegEnumKeyA, RegDeleteKeyA, RegFlushKey, GetServiceKeyNameA, OpenSCManagerA, CloseServiceHandle, LookupPrivilegeValueA, AdjustTokenPrivileges, GetUserNameA, RegSetValueExA, RegEnumValueA, RegCloseKey, RegCreateKeyExA, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, OpenProcessToken, RegDeleteValueA, RegQueryInfoKeyA, RegOpenKeyExA, RegQueryValueExA
> SHELL32.dll: SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc
> ole32.dll: CoTaskMemFree, CoUninitialize, StringFromCLSID, CLSIDFromProgID, CoInitialize, CoCreateInstance
> OLEAUT32.dll: -, -

( 2 exports )
GetUninstallerPath, RemoveUnusedVersions

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.3.2 2008.10.03 -
AntiVir 7.8.1.34 2008.10.04 -
Authentium 5.1.0.4 2008.10.04 -
Avast 4.8.1248.0 2008.10.04 -
AVG 8.0.0.161 2008.10.04 -
BitDefender 7.2 2008.10.05 -
CAT-QuickHeal 9.50 2008.10.04 -
ClamAV 0.93.1 2008.10.04 -
DrWeb 4.44.0.09170 2008.10.05 -
eSafe 7.0.17.0 2008.10.02 -
eTrust-Vet 31.6.6129 2008.10.04 -
Ewido 4.0 2008.10.05 -
F-Prot 4.4.4.56 2008.10.04 -
F-Secure 8.0.14332.0 2008.10.05 Suspicious:W32/Netsnake.n!Gemini
Fortinet 3.113.0.0 2008.10.04 -
GData 19 2008.10.05 -
Ikarus T3.1.1.34.0 2008.10.05 -
K7AntiVirus 7.10.484 2008.10.04 -
Kaspersky 7.0.0.125 2008.10.05 -
McAfee 5398 2008.10.04 -
Microsoft 1.4005 2008.10.05 -
NOD32 3495 2008.10.04 -
Norman 5.80.02 2008.10.03 -
Panda 9.0.0.4 2008.10.05 -
PCTools 4.4.2.0 2008.10.04 -
Prevx1 V2 2008.10.05 -
Rising 20.63.62.00 2008.09.28 -
SecureWeb-Gateway 6.7.6 2008.10.05 -
Sophos 4.34.0 2008.10.05 -
Sunbelt 3.1.1675.1 2008.09.27 -
Symantec 10 2008.10.05 -
TheHacker 6.3.1.0.101 2008.10.04 -
TrendMicro 8.700.0.1004 2008.10.03 -
VBA32 3.12.8.6 2008.10.04 -
ViRobot 2008.10.4.1406 2008.10.04 -
VirusBuster 4.5.11.0 2008.10.04 -

Information additionnelle
File size: 130208 bytes
MD5…: c84b25ae27af071a7fbad6bab574ec5d
SHA1…: c1b146c378e8b292f6fa42aad4702d38129eff43
SHA256: 17dd4f657a9ce9140362c485e4a261b54ef4ae51d97f4b990202b803c398f3e3
SHA512: 6f012e21149d989163f3909e124528d1e3d782e8fb48c310d0809f73e9bfb2b2
a2eacb55791a571e19045986068a8b928984baaac78a7d07f2b3d1fe525b5b48
PEiD…: Armadillo v1.71
TrID…: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40e536
timedatestamp…: 0x47e64e25 (Sun Mar 23 12:33:41 2008)
machinetype…: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xe116 0xf000 6.21 5cc4838c05a582ffe32700b762f2d085
.rdata 0x10000 0x3c02 0x4000 5.36 4e95d9eea8447cf0ec96c42d37a88f84
.data 0x14000 0xb718 0x9000 4.90 88029d506fe8c670961cc22c21a73fe8
.rsrc 0x20000 0x1480 0x2000 3.33 51821de9e562ddbcf3a639e2019ca827

( 8 imports )
> MSVCRT.dll: _except_handler3, _controlfp, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _XcptFilter, _exit, _onexit, __dllonexit, _chsize, fseek, fwrite, fread, _get_osfhandle, sscanf, _stat, swprintf, memset, strchr, realloc, atoi, fgets, _mbschr, _mbsdec, strncat, malloc, free, _purecall, ctime, fprintf, fflush, ftell, rename, memcpy, _iob, vfprintf, fopen, _unlink, _ftime, _strnicmp, memcmp, strrchr, _setmbcp, _snprintf, _mbslwr, strcpy, strlen, _errno, sprintf, _mbsrchr, __CxxFrameHandler, _mbsicmp, __3@YAXPAX@Z, strcat, strcmp, _rmdir, toupper, _ultoa, strncmp, _findnext, remove, strncpy, strstr, _findclose, __2@YAPAXI@Z, _chmod, _findfirst, _stricmp, fclose
> MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> KERNEL32.dll: ReleaseMutex, GetModuleHandleA, GetFileType, PeekNamedPipe, GetFileTime, GetFileSize, RemoveDirectoryA, LocalFree, OpenMutexA, Sleep, lstrlenW, WideCharToMultiByte, GetTickCount, MultiByteToWideChar, CreateDirectoryA, MoveFileExA, GetWindowsDirectoryA, GetCurrentThread, GetPrivateProfileSectionNamesA, GetPrivateProfileStringA, GetPrivateProfileSectionA, SetLastError, ExpandEnvironmentStringsA, GetEnvironmentVariableA, SetEnvironmentVariableA, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, GetCurrentThreadId, GetCurrentProcess, OpenProcess, TerminateProcess, GetSystemDirectoryA, WritePrivateProfileStringA, lstrcmpA, GetTempPathA, LoadLibraryExA, GetFileAttributesA, DeleteFileA, CopyFileA, GetLocaleInfoA, SetFileAttributesA, lstrcatA, SleepEx, FindResourceA, LoadResource, SearchPathA, GetShortPathNameA, GetModuleFileNameA, GetStartupInfoA, CreateProcessA, LoadLibraryA, GetProcAddress, FreeLibrary, CreateMutexA, WaitForSingleObject, GetLastError, lstrlenA, lstrcpyA, GetVersionExA, CloseHandle
> USER32.dll: GetClassNameA, SendMessageTimeoutA, FindWindowA, EnumWindows, GetLastActivePopup, IsWindow, PostMessageA, ExitWindowsEx, IsIconic, GetClientRect, DrawIcon, MessageBoxA, SystemParametersInfoA, UpdateWindow, KillTimer, SendMessageA, SetTimer, EnableWindow, LoadIconA, MsgWaitForMultipleObjects, PeekMessageA, GetSystemMetrics, DispatchMessageA, TranslateMessage, LoadStringA
> ADVAPI32.dll: RegEnumKeyA, RegDeleteKeyA, RegFlushKey, GetServiceKeyNameA, OpenSCManagerA, CloseServiceHandle, LookupPrivilegeValueA, AdjustTokenPrivileges, GetUserNameA, RegSetValueExA, RegEnumValueA, RegCloseKey, RegCreateKeyExA, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, OpenProcessToken, RegDeleteValueA, RegQueryInfoKeyA, RegOpenKeyExA, RegQueryValueExA
> SHELL32.dll: SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc
> ole32.dll: CoTaskMemFree, CoUninitialize, StringFromCLSID, CLSIDFromProgID, CoInitialize, CoCreateInstance
> OLEAUT32.dll: -, -

( 2 exports )
GetUninstallerPath, RemoveUnusedVersions

Fichier GetValue.vbs reçu le 2008.08.30 12:47:30 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.8.29.0 2008.08.29 -
AntiVir 7.8.1.23 2008.08.29 -
Authentium 5.1.0.4 2008.08.30 -
Avast 4.8.1195.0 2008.08.29 -
AVG 8.0.0.161 2008.08.29 -
BitDefender 7.2 2008.08.30 -
CAT-QuickHeal 9.50 2008.08.29 -
ClamAV 0.93.1 2008.08.30 -
DrWeb 4.44.0.09170 2008.08.29 -
eSafe 7.0.17.0 2008.08.28 -
eTrust-Vet 31.6.6057 2008.08.29 -
Ewido 4.0 2008.08.30 -
F-Prot 4.4.4.56 2008.08.29 -
F-Secure 7.60.13501.0 2008.08.30 -
Fortinet 3.14.0.0 2008.08.30 -
GData 19 2008.08.30 -
Ikarus T3.1.1.34.0 2008.08.30 -
K7AntiVirus 7.10.432 2008.08.29 -
Kaspersky 7.0.0.125 2008.08.30 -
McAfee 5373 2008.08.29 -
Microsoft 1.3807 2008.08.25 -
NOD32v2 3401 2008.08.30 -
Norman 5.80.02 2008.08.29 -
Panda 9.0.0.4 2008.08.30 Suspicious file
PCTools 4.4.2.0 2008.08.29 -
Prevx1 V2 2008.08.30 -
Rising 20.59.51.00 2008.08.30 -
Sophos 4.33.0 2008.08.30 -
Sunbelt 3.1.1592.1 2008.08.30 -
Symantec 10 2008.08.30 -
TheHacker 6.3.0.6.068 2008.08.30 -
TrendMicro 8.700.0.1004 2008.08.29 -
VBA32 3.12.8.4 2008.08.29 -
ViRobot 2008.8.30.1357 2008.08.30 -
VirusBuster 4.5.11.0 2008.08.29 -
Webwasher-Gateway 6.6.2 2008.08.29 -

Information additionnelle
File size: 691 bytes
MD5…: ee346e0a4140ce77c96ff6fcb1cff076
SHA1…: f7e41c6a2a111c42e62e15639d25eb6f6a5d2126
SHA256: d257db13aebb16f1c936d4c7d912d02f4005389724aa47f559fa378f6a13e0f8
SHA512: feede2fd227f5db16cd8b49a4d8a7db2931f1d85d8b1a82d5e558086f3ae9719
75c698e99baaf57f6994ed36694d9863db2950e74d5fdff38446f1a743d8175e
PEiD…: -
TrID…: File type identification
file seems to be plain text/ASCII (0.0%)
PEInfo: -

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.8.29.0 2008.08.29 -
AntiVir 7.8.1.23 2008.08.29 -
Authentium 5.1.0.4 2008.08.30 -
Avast 4.8.1195.0 2008.08.29 -
AVG 8.0.0.161 2008.08.29 -
BitDefender 7.2 2008.08.30 -
CAT-QuickHeal 9.50 2008.08.29 -
ClamAV 0.93.1 2008.08.30 -
DrWeb 4.44.0.09170 2008.08.29 -
eSafe 7.0.17.0 2008.08.28 -
eTrust-Vet 31.6.6057 2008.08.29 -
Ewido 4.0 2008.08.30 -
F-Prot 4.4.4.56 2008.08.29 -
F-Secure 7.60.13501.0 2008.08.30 -
Fortinet 3.14.0.0 2008.08.30 -
GData 19 2008.08.30 -
Ikarus T3.1.1.34.0 2008.08.30 -
K7AntiVirus 7.10.432 2008.08.29 -
Kaspersky 7.0.0.125 2008.08.30 -
McAfee 5373 2008.08.29 -
Microsoft 1.3807 2008.08.25 -
NOD32v2 3401 2008.08.30 -
Norman 5.80.02 2008.08.29 -
Panda 9.0.0.4 2008.08.30 Suspicious file
PCTools 4.4.2.0 2008.08.29 -
Prevx1 V2 2008.08.30 -
Rising 20.59.51.00 2008.08.30 -
Sophos 4.33.0 2008.08.30 -
Sunbelt 3.1.1592.1 2008.08.30 -
Symantec 10 2008.08.30 -
TheHacker 6.3.0.6.068 2008.08.30 -
TrendMicro 8.700.0.1004 2008.08.29 -
VBA32 3.12.8.4 2008.08.29 -
ViRobot 2008.8.30.1357 2008.08.30 -
VirusBuster 4.5.11.0 2008.08.29 -
Webwasher-Gateway 6.6.2 2008.08.29 -

Information additionnelle
File size: 691 bytes
MD5…: ee346e0a4140ce77c96ff6fcb1cff076
SHA1…: f7e41c6a2a111c42e62e15639d25eb6f6a5d2126
SHA256: d257db13aebb16f1c936d4c7d912d02f4005389724aa47f559fa378f6a13e0f8
SHA512: feede2fd227f5db16cd8b49a4d8a7db2931f1d85d8b1a82d5e558086f3ae9719
75c698e99baaf57f6994ed36694d9863db2950e74d5fdff38446f1a743d8175e
PEiD…: -
TrID…: File type identification
file seems to be plain text/ASCII (0.0%)
PEInfo: -

Fichier SetValue.bat reçu le 2008.10.09 17:52:07 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.10.0 2008.10.09 -
AntiVir 7.8.1.34 2008.10.09 -
Authentium 5.1.0.4 2008.10.09 -
Avast 4.8.1248.0 2008.10.09 -
AVG 8.0.0.161 2008.10.09 -
BitDefender 7.2 2008.10.09 -
CAT-QuickHeal 9.50 2008.10.08 -
ClamAV 0.93.1 2008.10.09 -
DrWeb 4.44.0.09170 2008.10.09 -
eSafe 7.0.17.0 2008.10.08 -
eTrust-Vet 31.6.6137 2008.10.09 -
Ewido 4.0 2008.10.09 -
F-Prot 4.4.4.56 2008.10.08 -
F-Secure 8.0.14332.0 2008.10.09 -
Fortinet 3.113.0.0 2008.10.09 -
GData 19 2008.10.09 -
Ikarus T3.1.1.34.0 2008.10.09 -
K7AntiVirus 7.10.489 2008.10.09 -
Kaspersky 7.0.0.125 2008.10.09 -
McAfee 5401 2008.10.09 -
Microsoft 1.4005 2008.10.09 -
NOD32 3507 2008.10.09 -
Norman 5.80.02 2008.10.09 -
Panda 9.0.0.4 2008.10.09 -
PCTools 4.4.2.0 2008.10.09 -
Prevx1 V2 2008.10.09 -
Rising 20.65.32.00 2008.10.09 -
SecureWeb-Gateway 6.7.6 2008.10.09 -
Sophos 4.34.0 2008.10.09 -
Sunbelt 3.1.1708.1 2008.10.09 -
Symantec 10 2008.10.09 -
TheHacker 6.3.1.0.103 2008.10.07 -
TrendMicro 8.700.0.1004 2008.10.09 -
VBA32 3.12.8.6 2008.10.09 -
ViRobot 2008.10.9.1414 2008.10.09 -
VirusBuster 4.5.11.0 2008.10.09 -

Information additionnelle
File size: 35 bytes
MD5…: e152c2e083bb18df3770de4040e3f391
SHA1…: a7e1d3bdc5026cdc695a425e9ecaaf700e60e9e4
SHA256: d9971fb32726019c6ef56cad56018ca94a569b2fb1eb281b4d307f236d5ff7a3
SHA512: d370d2d0e03420e40457d3bb5dd7b71c67620ea9219bafd173651fcb9e342983
939630caae71c8da96d857ec7a07b3df1c3548325577b4710bcc05c3e3cf798e
PEiD…: -
TrID…: File type identification
Unknown!
PEInfo: -

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.10.0 2008.10.09 -
AntiVir 7.8.1.34 2008.10.09 -
Authentium 5.1.0.4 2008.10.09 -
Avast 4.8.1248.0 2008.10.09 -
AVG 8.0.0.161 2008.10.09 -
BitDefender 7.2 2008.10.09 -
CAT-QuickHeal 9.50 2008.10.08 -
ClamAV 0.93.1 2008.10.09 -
DrWeb 4.44.0.09170 2008.10.09 -
eSafe 7.0.17.0 2008.10.08 -
eTrust-Vet 31.6.6137 2008.10.09 -
Ewido 4.0 2008.10.09 -
F-Prot 4.4.4.56 2008.10.08 -
F-Secure 8.0.14332.0 2008.10.09 -
Fortinet 3.113.0.0 2008.10.09 -
GData 19 2008.10.09 -
Ikarus T3.1.1.34.0 2008.10.09 -
K7AntiVirus 7.10.489 2008.10.09 -
Kaspersky 7.0.0.125 2008.10.09 -
McAfee 5401 2008.10.09 -
Microsoft 1.4005 2008.10.09 -
NOD32 3507 2008.10.09 -
Norman 5.80.02 2008.10.09 -
Panda 9.0.0.4 2008.10.09 -
PCTools 4.4.2.0 2008.10.09 -
Prevx1 V2 2008.10.09 -
Rising 20.65.32.00 2008.10.09 -
SecureWeb-Gateway 6.7.6 2008.10.09 -
Sophos 4.34.0 2008.10.09 -
Sunbelt 3.1.1708.1 2008.10.09 -
Symantec 10 2008.10.09 -
TheHacker 6.3.1.0.103 2008.10.07 -
TrendMicro 8.700.0.1004 2008.10.09 -
VBA32 3.12.8.6 2008.10.09 -
ViRobot 2008.10.9.1414 2008.10.09 -
VirusBuster 4.5.11.0 2008.10.09 -

Information additionnelle
File size: 35 bytes
MD5…: e152c2e083bb18df3770de4040e3f391
SHA1…: a7e1d3bdc5026cdc695a425e9ecaaf700e60e9e4
SHA256: d9971fb32726019c6ef56cad56018ca94a569b2fb1eb281b4d307f236d5ff7a3
SHA512: d370d2d0e03420e40457d3bb5dd7b71c67620ea9219bafd173651fcb9e342983
939630caae71c8da96d857ec7a07b3df1c3548325577b4710bcc05c3e3cf798e
PEiD…: -
TrID…: File type identification
Unknown!
PEInfo: -

Fichier ezsid.dat reçu le 2008.10.09 17:55:31 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.10.0 2008.10.09 -
AntiVir 7.8.1.34 2008.10.09 -
Authentium 5.1.0.4 2008.10.09 -
Avast 4.8.1248.0 2008.10.09 -
AVG 8.0.0.161 2008.10.09 -
BitDefender 7.2 2008.10.09 -
CAT-QuickHeal 9.50 2008.10.08 -
ClamAV 0.93.1 2008.10.09 -
DrWeb 4.44.0.09170 2008.10.09 -
eSafe 7.0.17.0 2008.10.08 -
eTrust-Vet 31.6.6137 2008.10.09 -
Ewido 4.0 2008.10.09 -
F-Prot 4.4.4.56 2008.10.08 -
F-Secure 8.0.14332.0 2008.10.09 -
Fortinet 3.113.0.0 2008.10.09 -
GData 19 2008.10.09 -
Ikarus T3.1.1.34.0 2008.10.09 -
K7AntiVirus 7.10.489 2008.10.09 -
Kaspersky 7.0.0.125 2008.10.09 -
McAfee 5401 2008.10.09 -
Microsoft 1.4005 2008.10.09 -
NOD32 3507 2008.10.09 -
Norman 5.80.02 2008.10.09 -
Panda 9.0.0.4 2008.10.09 -
PCTools 4.4.2.0 2008.10.09 -
Prevx1 V2 2008.10.09 -
Rising 20.65.32.00 2008.10.09 -
SecureWeb-Gateway 6.7.6 2008.10.09 -
Sophos 4.34.0 2008.10.09 -
Sunbelt 3.1.1708.1 2008.10.09 -
Symantec 10 2008.10.09 -
TheHacker 6.3.1.0.103 2008.10.07 -
TrendMicro 8.700.0.1004 2008.10.09 -
VBA32 3.12.8.6 2008.10.09 -
ViRobot 2008.10.9.1414 2008.10.09 -
VirusBuster 4.5.11.0 2008.10.09 -

Information additionnelle
File size: 32 bytes
MD5…: 95c1e4bf208466501aa53ed06dee5d38
SHA1…: 49501ddf6e51fbae49e212a0d11ad50132060367
SHA256: a2246a62c50273d4a7b9c5ba29931430fce9905d03064a0d6eca0ba54a5d19d7
SHA512: a793655b4e57ee0e685c8036081f2a063246d2de3a1a8f678706c860f38129c1
e6f4b0bd5c882e6ccf6211e835706cf0cea5f908e8e26e33518ef558fb919ccf
PEiD…: -
TrID…: File type identification
Unknown!
PEInfo: -

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.10.0 2008.10.09 -
AntiVir 7.8.1.34 2008.10.09 -
Authentium 5.1.0.4 2008.10.09 -
Avast 4.8.1248.0 2008.10.09 -
AVG 8.0.0.161 2008.10.09 -
BitDefender 7.2 2008.10.09 -
CAT-QuickHeal 9.50 2008.10.08 -
ClamAV 0.93.1 2008.10.09 -
DrWeb 4.44.0.09170 2008.10.09 -
eSafe 7.0.17.0 2008.10.08 -
eTrust-Vet 31.6.6137 2008.10.09 -
Ewido 4.0 2008.10.09 -
F-Prot 4.4.4.56 2008.10.08 -
F-Secure 8.0.14332.0 2008.10.09 -
Fortinet 3.113.0.0 2008.10.09 -
GData 19 2008.10.09 -
Ikarus T3.1.1.34.0 2008.10.09 -
K7AntiVirus 7.10.489 2008.10.09 -
Kaspersky 7.0.0.125 2008.10.09 -
McAfee 5401 2008.10.09 -
Microsoft 1.4005 2008.10.09 -
NOD32 3507 2008.10.09 -
Norman 5.80.02 2008.10.09 -
Panda 9.0.0.4 2008.10.09 -
PCTools 4.4.2.0 2008.10.09 -
Prevx1 V2 2008.10.09 -
Rising 20.65.32.00 2008.10.09 -
SecureWeb-Gateway 6.7.6 2008.10.09 -
Sophos 4.34.0 2008.10.09 -
Sunbelt 3.1.1708.1 2008.10.09 -
Symantec 10 2008.10.09 -
TheHacker 6.3.1.0.103 2008.10.07 -
TrendMicro 8.700.0.1004 2008.10.09 -
VBA32 3.12.8.6 2008.10.09 -
ViRobot 2008.10.9.1414 2008.10.09 -
VirusBuster 4.5.11.0 2008.10.09 -

Information additionnelle
File size: 32 bytes
MD5…: 95c1e4bf208466501aa53ed06dee5d38
SHA1…: 49501ddf6e51fbae49e212a0d11ad50132060367
SHA256: a2246a62c50273d4a7b9c5ba29931430fce9905d03064a0d6eca0ba54a5d19d7
SHA512: a793655b4e57ee0e685c8036081f2a063246d2de3a1a8f678706c860f38129c1
e6f4b0bd5c882e6ccf6211e835706cf0cea5f908e8e26e33518ef558fb919ccf
PEiD…: -
TrID…: File type identification
Unknown!
PEInfo: -

Fichier ezsid.dat reçu le 2008.10.09 17:55:31 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.10.0 2008.10.09 -
AntiVir 7.8.1.34 2008.10.09 -
Authentium 5.1.0.4 2008.10.09 -
Avast 4.8.1248.0 2008.10.09 -
AVG 8.0.0.161 2008.10.09 -
BitDefender 7.2 2008.10.09 -
CAT-QuickHeal 9.50 2008.10.08 -
ClamAV 0.93.1 2008.10.09 -
DrWeb 4.44.0.09170 2008.10.09 -
eSafe 7.0.17.0 2008.10.08 -
eTrust-Vet 31.6.6137 2008.10.09 -
Ewido 4.0 2008.10.09 -
F-Prot 4.4.4.56 2008.10.08 -
F-Secure 8.0.14332.0 2008.10.09 -
Fortinet 3.113.0.0 2008.10.09 -
GData 19 2008.10.09 -
Ikarus T3.1.1.34.0 2008.10.09 -
K7AntiVirus 7.10.489 2008.10.09 -
Kaspersky 7.0.0.125 2008.10.09 -
McAfee 5401 2008.10.09 -
Microsoft 1.4005 2008.10.09 -
NOD32 3507 2008.10.09 -
Norman 5.80.02 2008.10.09 -
Panda 9.0.0.4 2008.10.09 -
PCTools 4.4.2.0 2008.10.09 -
Prevx1 V2 2008.10.09 -
Rising 20.65.32.00 2008.10.09 -
SecureWeb-Gateway 6.7.6 2008.10.09 -
Sophos 4.34.0 2008.10.09 -
Sunbelt 3.1.1708.1 2008.10.09 -
Symantec 10 2008.10.09 -
TheHacker 6.3.1.0.103 2008.10.07 -
TrendMicro 8.700.0.1004 2008.10.09 -
VBA32 3.12.8.6 2008.10.09 -
ViRobot 2008.10.9.1414 2008.10.09 -
VirusBuster 4.5.11.0 2008.10.09 -

Information additionnelle
File size: 32 bytes
MD5…: 95c1e4bf208466501aa53ed06dee5d38
SHA1…: 49501ddf6e51fbae49e212a0d11ad50132060367
SHA256: a2246a62c50273d4a7b9c5ba29931430fce9905d03064a0d6eca0ba54a5d19d7
SHA512: a793655b4e57ee0e685c8036081f2a063246d2de3a1a8f678706c860f38129c1
e6f4b0bd5c882e6ccf6211e835706cf0cea5f908e8e26e33518ef558fb919ccf
PEiD…: -
TrID…: File type identification
Unknown!
PEInfo: -

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.10.0 2008.10.09 -
AntiVir 7.8.1.34 2008.10.09 -
Authentium 5.1.0.4 2008.10.09 -
Avast 4.8.1248.0 2008.10.09 -
AVG 8.0.0.161 2008.10.09 -
BitDefender 7.2 2008.10.09 -
CAT-QuickHeal 9.50 2008.10.08 -
ClamAV 0.93.1 2008.10.09 -
DrWeb 4.44.0.09170 2008.10.09 -
eSafe 7.0.17.0 2008.10.08 -
eTrust-Vet 31.6.6137 2008.10.09 -
Ewido 4.0 2008.10.09 -
F-Prot 4.4.4.56 2008.10.08 -
F-Secure 8.0.14332.0 2008.10.09 -
Fortinet 3.113.0.0 2008.10.09 -
GData 19 2008.10.09 -
Ikarus T3.1.1.34.0 2008.10.09 -
K7AntiVirus 7.10.489 2008.10.09 -
Kaspersky 7.0.0.125 2008.10.09 -
McAfee 5401 2008.10.09 -
Microsoft 1.4005 2008.10.09 -
NOD32 3507 2008.10.09 -
Norman 5.80.02 2008.10.09 -
Panda 9.0.0.4 2008.10.09 -
PCTools 4.4.2.0 2008.10.09 -
Prevx1 V2 2008.10.09 -
Rising 20.65.32.00 2008.10.09 -
SecureWeb-Gateway 6.7.6 2008.10.09 -
Sophos 4.34.0 2008.10.09 -
Sunbelt 3.1.1708.1 2008.10.09 -
Symantec 10 2008.10.09 -
TheHacker 6.3.1.0.103 2008.10.07 -
TrendMicro 8.700.0.1004 2008.10.09 -
VBA32 3.12.8.6 2008.10.09 -
ViRobot 2008.10.9.1414 2008.10.09 -
VirusBuster 4.5.11.0 2008.10.09 -

Information additionnelle
File size: 32 bytes
MD5…: 95c1e4bf208466501aa53ed06dee5d38
SHA1…: 49501ddf6e51fbae49e212a0d11ad50132060367
SHA256: a2246a62c50273d4a7b9c5ba29931430fce9905d03064a0d6eca0ba54a5d19d7
SHA512: a793655b4e57ee0e685c8036081f2a063246d2de3a1a8f678706c860f38129c1
e6f4b0bd5c882e6ccf6211e835706cf0cea5f908e8e26e33518ef558fb919ccf
PEiD…: -
TrID…: File type identification
Unknown!
PEInfo: -

guigui14100 · Octobre 9, 2008, 8:28

Télécharge ce fichier puis fait le glisser sur l’application combofix.Il vas’ouvrir normalement et colle le rapport

h8nter · Octobre 9, 2008, 9:11

le premier redémarrage apres combofix, sa ma afficher un ecran bleu comme quoi il y a eu un crash. J’ai du l’eteindre manuellement mon pc. Si non, il c’est démarrager normalement.

Et voici le rapport

ComboFix 08-10-08.01 - Yee Wing 2008-10-09 20:52:02.3 - NTFSx86
Microsoft® Windows Vista Professionnel 6.0.6001.1.1252.1.1036.18.1078 [GMT 2:00]
Lancé depuis: C:\Users\Yee Wing\Downloads\DL\ComboFix.exe
Commutateurs utilisés :: C:\Users\Yee Wing\Desktop\CFScript.txt

Un nouveau point de restauration a été créé

FILE ::
C:\Windows\bwUnin-8.1.1.50-8876480SL.exe
C:\Windows\bwUnin-8.1.1.87-8876480SL.exe
C:\Windows\IFinst27.exe
C:\Windows\System32\xmlinst.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\bwUnin-8.1.1.50-8876480SL.exe
C:\Windows\bwUnin-8.1.1.87-8876480SL.exe
C:\Windows\IFinst27.exe
C:\Windows\System32\xmlinst.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-09 au 2008-10-09 ))))))))))))))))))))))))))))))))))))
.

2008-10-09 20:58 . 2008-10-09 20:58 234,457,285 --a------ C:\Windows\MEMORY.DMP
2008-10-09 10:57 . 2008-10-09 18:17 d-------- C:\Windows\BDOSCAN8
2008-10-09 10:40 . 2008-10-09 20:15 d-------- C:\Program Files\Firefox
2008-10-08 11:42 . 2008-10-08 11:42 d-------- C:\Users\Yee Wing\AppData\Roaming\Malwarebytes
2008-10-08 11:42 . 2008-10-08 11:42 d-------- C:\Users\All Users\Malwarebytes
2008-10-08 11:42 . 2008-10-08 11:42 d-------- C:\ProgramData\Malwarebytes
2008-10-08 11:42 . 2008-10-08 11:42 d-------- C:\Program Files\Malwarebytes’ Anti-Malware
2008-10-04 18:18 . 2008-10-08 20:24 d-------- C:\Users\Yee Wing\AppData\Roaming\teamspeak2
2008-10-04 18:17 . 2008-10-04 18:17 34,064 --a------ C:\Windows\System32\lhacm.acm
2008-10-04 18:16 . 2008-10-04 18:18 d-------- C:\Program Files\Teamspeak2_RC2
2008-10-03 15:11 . 2008-10-03 20:27 8,224 --a------ C:\Windows\System32\GDIPFONTCACHEV1.DAT
2008-10-01 18:18 . 2008-10-08 20:24 d-------- C:\Program Files\WowCartographe
2008-09-29 19:40 . 2008-10-05 11:46 d-------- C:\Program Files\World of Warcraft
2008-09-29 19:34 . 2008-09-29 20:55 d-------- C:\Windows\Patch Darluok
2008-09-29 18:32 . 2008-09-29 18:32 d–h----- C:\Windows\PIF
2008-09-25 22:39 . 2008-09-25 22:39 42,675 --a------ C:\FRAGLIST.HTM
2008-09-24 07:15 . 2008-08-17 12:33 678,408 --a------ C:\Windows\System32\gpprefcl.dll
2008-09-19 22:58 . 2001-05-04 11:05 505,104 --a------ C:\Windows\System32\msxml.dll
2008-09-19 22:58 . 1998-06-18 00:00 89,360 --a------ C:\Windows\System32\VB5DB.DLL
2008-09-19 22:58 . 2000-03-17 07:21 69,632 --a------ C:\Windows\System32\xmltok.dll
2008-09-19 22:58 . 2000-03-17 07:21 36,864 --a------ C:\Windows\System32\xmlparse.dll
2008-09-19 22:58 . 2002-04-24 12:43 35,840 --a------ C:\Windows\System32\comdlg32.oca
2008-09-19 22:58 . 2001-05-04 11:05 28,432 --a------ C:\Windows\System32\msxmlr.dll
2008-09-19 22:58 . 2002-01-07 14:30 24,576 --a------ C:\Windows\System32\msxml3a.dll
2008-09-19 22:40 . 2008-09-19 22:58 d-------- C:\Program Files\Ubisoft
2008-09-17 18:22 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-09-17 18:22 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-09-17 18:22 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-09-17 18:22 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-09-17 18:21 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-09-17 18:21 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-09-17 18:21 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-09-17 18:21 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-09-17 18:21 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-09-14 14:18 . 2008-10-08 20:24 d-------- C:\Program Files\EClea2_0
2008-09-13 22:45 . 2008-09-30 21:01 d-------- C:\Program Files\Rune Online
2008-09-11 18:30 . 2008-09-11 18:30 d-------- C:\Program Files\GIMP
2008-09-11 17:15 . 2008-09-11 17:15 d-------- C:\Program Files\Finitia-World
2008-09-10 07:11 . 2008-09-10 07:11 d-------- C:\Windows\CheckSur
2008-09-10 07:10 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-10 07:10 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-10 07:10 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-10 07:10 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-10 07:10 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-10 07:10 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-10 07:10 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-10 07:10 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-10 07:10 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-09 19:33 . 2008-09-09 19:33 143,713 --a------ C:\FRAGLIST.LUAR

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-09 18:59 65,536 ----a-w C:\Windows\system32\drivers\CnxE2FS.bin
2008-10-09 09:10 --------- d-----w C:\ProgramData\Symantec
2008-10-09 09:10 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-08 21:21 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-10-08 18:24 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-10-08 18:24 --------- d-----w C:\ProgramData\Microsoft Help
2008-10-08 18:24 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-10-03 18:41 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-03 15:53 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-10-03 13:01 --------- d-----w C:\Program Files\Norton Internet Security
2008-10-03 13:01 --------- d-----w C:\Program Files\Microsoft Works
2008-10-03 13:01 --------- d-----w C:\Program Files\Google
2008-09-30 04:46 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-09-21 14:02 --------- d-----w C:\Users\Yee Wing\AppData\Roaming\Skype
2008-09-19 20:42 --------- d-----w C:\Program Files\NCSoft
2008-09-16 15:11 --------- d-----w C:\Program Files\Hp
2008-09-12 11:10 --------- d-----w C:\Program Files\Gpotato.eu
2008-09-11 16:36 --------- d-----w C:\Users\Yee Wing\AppData\Roaming\gtk-2.0
2008-09-05 11:42 --------- d-----w C:\Program Files\BitComet
2008-09-01 17:32 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-30 17:11 --------- d-----w C:\Users\Yee Wing\AppData\Roaming\OpenOffice.org2
2008-08-20 05:47 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-13 14:12 --------- d-----w C:\ProgramData\ma-config.com
2008-08-13 14:12 --------- d-----w C:\Program Files\ma-config.com
2008-08-13 13:56 --------- d-----w C:\Program Files\Windows Mail
2008-08-12 17:03 --------- d-----w C:\Program Files\Common Files\Logitech
2008-08-12 17:03 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-08-12 16:50 --------- d-----w C:\Users\Yee Wing\AppData\Roaming\Logitech
2008-08-12 16:50 --------- d-----w C:\ProgramData\Logitech
2008-08-12 16:50 --------- d-----w C:\Program Files\Logitech
2008-08-12 16:49 0 —ha-w C:\Windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-08-12 16:46 --------- d-----w C:\ProgramData\LogiShrd
2008-08-07 12:37 24,880 ----a-w C:\Windows\System32\hpservice.exe
2008-08-07 12:33 14,640 ----a-w C:\Windows\System32\accelerometerdll.DLL
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-06-16 16:51 691 ----a-w C:\Users\Yee Wing\AppData\Roaming\GetValue.vbs
2008-06-16 16:51 35 ----a-w C:\Users\Yee Wing\AppData\Roaming\SetValue.bat
2008-05-14 13:39 174 --sha-w C:\Program Files\desktop.ini
2008-02-24 12:03 32 ----a-w C:\Users\All Users\ezsid.dat
2008-02-24 12:03 32 ----a-w C:\ProgramData\ezsid.dat
.

((((((((((((((((((((((((((((( snapshot@2008-10-09_20.47.21.86 )))))))))))))))))))))))))))))))))))))))))
.

2008-10-09 18:42:43 155,648 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

2008-10-09 18:59:10 155,648 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

2008-10-09 18:43:27 147,456 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

2008-10-09 18:59:10 147,456 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

2008-10-09 18:34:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-10-09 18:49:09 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-10-09 18:34:07 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-10-09 18:49:09 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-10-09 18:34:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

2008-10-09 18:49:09 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

2008-10-08 21:25:39 15,634 ----a-w C:\Windows\System32\WDI{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1520504282-3840762924-359223740-1006_UserData.bin

2008-10-09 18:44:09 15,650 ----a-w C:\Windows\System32\WDI{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1520504282-3840762924-359223740-1006_UserData.bin

2008-10-09 09:24:14 124,816 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

2008-10-09 18:44:09 124,894 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

2008-10-09 09:24:12 55,438 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

2008-10-09 18:44:05 55,438 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe” [2008-01-19 1233920]
“LDM”=“C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe” [2008-08-12 91440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“PTHOSTTR”=“C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE” [2007-01-09 145184]
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2008-03-28 1045800]
“hpWirelessAssistant”=“C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe” [2007-03-01 472776]
“WAWifiMessage”=“C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe” [2007-01-10 317128]
“HP Health Check Scheduler”=“C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe” [2007-03-12 50696]
“ccApp”=“C:\Program Files\Common Files\Symantec Shared\ccApp.exe” [2007-01-09 115816]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 144784]
“QlbCtrl”=“C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe” [2007-05-02 163840]
“CognizanceTS”=“C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll” [2003-12-22 17920]
“SynTPStart”=“C:\Program Files\Synaptics\SynTP\SynTPStart.exe” [2007-09-15 102400]
“WatchDog”=“C:\Program Files\InterVideo\DVD Check\DVDCheck.exe” [2007-05-23 192512]
“PDF Complete”=“C:\Program Files\PDF Complete\pdfsty.exe” [2007-05-08 331552]
“SoundMAXPnP”=“C:\Program Files\Analog Devices\Core\smax4pnp.exe” [2007-02-21 1183744]
“Kernel and Hardware Abstraction Layer”=“KHALMNPR.EXE” [2008-02-29 C:\Windows\KHALMNPR.Exe]