Salut la zone !
Je ne viens pas souvent par ici, mais c’est à chaque fois avec la confiance dans votre capacité à résoudre mes problèmes
(assez de flagornerie, passons au problème)
Le pc qui je cherche à nettoyer est très capricieux.
Il m’est impossible d’aller sur des sites comme hijackthis, avast, d’autres sites simlaires, Malwarebytes’ Anti-Malware etc…
(non seulement ça, mais je ne peux pas accèder à la page de réponse de google à une recherche sur hijackthis par exemple… c’est chiadé leur truc !)
J’essaye tout de même d’installer malwarebytes, ou hijackthis, et ici aussi problème, l’installation se lance à peine et ferme immédiatement.
Du coup, j’ai cherché un peu, et j’ai utilisé d’abord zhpdiag, sdfix et smitfraudfix . Je ne suis pas sur de ce qu’ils font, du coup, j’ai ici trois rapports que je poste dans l’espoir que quelqu’un me donnera une marche à suivre pour la suite.
Jusqu’à présent, l’ordi tourne sans firewall (eh oui), avec une connexion derrière une neufbox, et spybot est installé et a nettoyé ce qu’il pouvait le pauvre.
Voici les rapports, dans des couleurs différentes pour pas abimer vos yeux :
Rapport ZHPDIAG :
Rapport de ZHPDiag v1.16.6 par Nicolas Coolman
Enregistré le 24/03/2009 17:59:03
Platform : Microsoft Windows XP (5.1.2600) Service Pack 2
MSIE: Internet Explorer v7.0.5730.11
MFIE: Mozilla Firefox (3.0.7)
—\ Processus lancés
RTHDCPL.EXE
ALCMTR.EXE
C:\Program Files\VistaDrives\vsdrv.exe
C:\WINDOWS\system32\bgswitch.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\fast.exe
C:\WINDOWS\System32\reader_s.exe
Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Documents and Settings\Good\reader_s.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\spoolsv.exe
—\ Pages de recherche de Mozilla Firefox (M1)
M1 - SPR:Search Page Redirection - C:\Program Files\Mozilla FireFox\extensions\splash@aldreneo.com
—\ Pages de démarrage d’Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
—\ Pages de recherche d’Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
—\ Browser Helper Objects de navigateur (O2)
O2 - BHO: {7250238b-0052-79d9-ae94-e37d84784b80} - {08b48748-d73e-49ea-9d97-2500b8320527} - C:\WINDOWS\system32\wztoid.dll
O2 - BHO: DDSMEkl - {2502BBD0-D73B-11DD-B4EC-CEBF56D89593} - C:\WINDOWS\system32\vumer.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {75861926-55c4-401f-8d8b-40ec37609c17} - C:\WINDOWS\system32\badaliyo.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - C:\WINDOWS\system32\badaliyo.dll
O2 - BHO: ORBta - {ADA8C222-95D2-47B5-950B-AEBC0A508839} - C:\WINDOWS\system32\badaliyo.dll
—\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM…\Run: [Vistadrv] C:\Program Files\VistaDrives\vsdrv.exe
O4 - HKLM…\Run: [BackgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe
O4 - HKLM…\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM…\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM…\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM…\Run: [waganefite] Rundll32.exe “C:\WINDOWS\system32\hufufoga.dll”,s
O4 - HKLM…\Run: [CPMa3fe7f41] Rundll32.exe “c:\windows\system32\derinade.dll”,a
O4 - HKLM…\RunOnce: [SpybotDeletingA6907] command.com /c del "c:\windows\system32\derinade.dll_old"
O4 - HKLM…\RunOnce: [SpybotDeletingC4982] cmd.exe /c del "c:\windows\system32\derinade.dll_old"
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU…\Run: [reader_s] C:\Documents and Settings\Good\reader_s.exe
O4 - HKCU…\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU…\RunOnce: [SpybotDeletingB6474] command.com /c del "c:\windows\system32\derinade.dll_old"
O4 - HKCU…\RunOnce: [SpybotDeletingD1545] cmd.exe /c del "c:\windows\system32\derinade.dll_old"
O4 - HKLM…\policies\Explorer: [HonorAutoRunSetting] Data=“1”
—\ Lignes supplémentaires dans le menu contextuel d’Internet Explorer (O8)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
—\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFBARH.ICO
—\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc…ash/swflash.cab
—\ Protocole additionnel et piratage de protocole (O18)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
—\ Valeur de registre AppInit_DLLs et sous-clés Winlogon Notify (O20)
O20 - Winlogon Notify: sup - C:\WINDOWS\system32\fabdceefee.dll
O20 - Winlogon Notify: WLEventStartup - C:\WINDOWS\System32\WgaLogon.dll
O20 - AppInit_DLLs:C:\WINDOWS\system32\wuleluzu.dll c:\windows\system32\boliraka.dll wztoid.dll c:\windows\system32\derinade.dll
—\ Clé de Registre autorun SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
—\ Services NT non Microsoft et non désactivés (O23)
O23 - Service: InteractiveLogon (InteractiveLogon) - C:\WINDOWS\system32\Fast.exe -service
O23 - Service: Pml Driver HPZ12 (Pml Driver HPZ12) - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SbPF.Launcher (SbPF.Launcher) - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Spouleur d’impression (Spooler) - C:\WINDOWS\system32\spoolsv.exe
—\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: IE7 Uninstall Stub - <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
O40 - ASIC: Microsoft Windows Media Player - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - {26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
O40 - ASIC: Personnalisation du navigateur - {60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Outlook Express - {881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
O40 - ASIC: (no name) - Microsoft Base Smart Card Crypto Provider Package - (not file)
O40 - ASIC: Security Update for Microsoft .NET Framework 2.0 (KB922770) - {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} - (not file)
O40 - ASIC: Rendu VML (Vector Graphics Rendering) - {10072CEC-8CC1-11D1-986E-00A0C955B42F} - (not file)
O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: Microsoft Windows Media Player 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: DirectAnimation - {283807B5-2C60-11D0-A31D-00AA00B92C03} - C:\WINDOWS\system32\danim.dll
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll
O40 - ASIC: Liaison de données Dynamic HTML pour Java - {36f8ec70-c29a-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Uniscribe - {3bf42070-b3b1-11d1-b5c5-0000f8051515} - (not file)
O40 - ASIC: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) - {411EDCF7-755D-414E-A74B-3DCD6583F589} - (not file)
O40 - ASIC: Création avancée - {4278c270-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - “%ProgramFiles%\Outlook Express\setup50.exe” /APP:OE /CALLER:WINNT /user /install
O40 - ASIC: DirectShow - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Classes Java DirectAnimation - {4f216970-c90c-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.7 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Mise à jour de sécurité pour Windows XP (KB923789) - {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - (not file)
O40 - ASIC: (no name) - {5A8D6EE0-3E18-11D0-821E-444553540000} - (not file)
O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: .NET Framework - {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - (not file)
O40 - ASIC: Web Folders - {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Carnet d’adresses 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} - “%ProgramFiles%\Outlook Express\setup50.exe” /APP:WAB /CALLER:WINNT /user /install
O40 - ASIC: Mise à jour du Bureau Windows - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
O40 - ASIC: Microsoft .NET Framework 1.1 Hotfix (KB928366) - {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - (not file)
O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: Security Update for Microsoft .NET Framework 2.0 (KB917283) - {967B098A-042D-4367-BAC9-8BC11684174F} - (not file)
O40 - ASIC: (no name) - {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - (not file)
O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: .NET Framework - {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - (not file)
O40 - ASIC: Planificateur de tâches - {CC2A9BA0-3BDD-11D0-821E-444553540000} - (not file)
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx
O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)
—\ Pilotes lancés au démarrage (O41)
O41 - Driver: Suppresseur d’écho acoustique (Noyau Microsoft) (aec) - C:\WINDOWS\system32\drivers\aec.sys
O41 - Driver: Pilote de média asynchrone RAS (AsyncMac) - C:\WINDOWS\system32\DRIVERS\asyncmac.sys
O41 - Driver: Protocole client ATM ARP (Atmarpc) - C:\WINDOWS\system32\DRIVERS\atmarpc.sys
O41 - Driver: Pilote audio Stub (audstub) - C:\WINDOWS\system32\DRIVERS\audstub.sys
O41 - Driver: Broadcom NetXtreme Gigabit Ethernet (b57w2k) - C:\WINDOWS\system32\DRIVERS\b57xp32.sys
O41 - Driver: Décodeur sous-titre fermé (CCDECODE) - C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
O41 - Driver: Pilote d’adaptateur secteur Microsoft (CmBatt) - C:\WINDOWS\system32\DRIVERS\CmBatt.sys
O41 - Driver: Pilote de batterie composite Microsoft (Compbatt) - C:\WINDOWS\system32\DRIVERS\compbatt.sys
O41 - Driver: (no object) (dmboot) - C:\WINDOWS\System32\drivers\dmboot.sys
O41 - Driver: Pilote de Gestionnaire de disque logique (dmio) - C:\WINDOWS\System32\drivers\dmio.sys
O41 - Driver: (no object) (dmload) - C:\WINDOWS\System32\drivers\dmload.sys
O41 - Driver: Synthétiseur DLS du noyau Microsoft (DMusic) - C:\WINDOWS\system32\drivers\DMusic.sys
O41 - Driver: Filtre de décodeur DRM (Noyau Microsoft) (drmkaud) - C:\WINDOWS\system32\drivers\drmkaud.sys
O41 - Driver: FltMgr (FltMgr) - C:\WINDOWS\system32\DRIVERS\fltMgr.sys
O41 - Driver: Classificateur de paquets générique (Gpc) - C:\WINDOWS\system32\DRIVERS\msgpc.sys
O41 - Driver: Microsoft UAA Bus Driver for High Definition Audio (HDAudBus) - C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
O41 - Driver: Pilote de classe HID Microsoft (HidUsb) - C:\WINDOWS\system32\DRIVERS\hidusb.sys
O41 - Driver: IEEE-1284.4 Driver HPZid412 (HPZid412) - C:\WINDOWS\system32\DRIVERS\HPZid412.sys
O41 - Driver: Print Class Driver for IEEE-1284.4 HPZipr12 (HPZipr12) - C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
O41 - Driver: USB to IEEE-1284.4 Translation Driver HPZius12 (HPZius12) - C:\WINDOWS\system32\DRIVERS\HPZius12.sys
O41 - Driver: Pilote pour clavier i8042 et souris sur port PS/2 (i8042prt) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys
O41 - Driver: Service for Realtek HD Audio (WDM) (IntcAzAudAddService) - C:\WINDOWS\system32\drivers\RtkHDAud.sys
O41 - Driver: Pilote de processeur Intel (intelppm) - C:\WINDOWS\system32\DRIVERS\intelppm.sys
O41 - Driver: Pilote du pare-feu Windows IPv6 (Ip6Fw) - C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
O41 - Driver: Pilote de filtre de trafic IP (IpFilterDriver) - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
O41 - Driver: Pilote de tunnelage IP dans IP (IpInIp) - C:\WINDOWS\system32\DRIVERS\ipinip.sys
O41 - Driver: Pilote IPSEC (IPSec) - C:\WINDOWS\system32\DRIVERS\ipsec.sys
O41 - Driver: Service énumérateur IR (IRENUM) - C:\WINDOWS\system32\DRIVERS\irenum.sys
O41 - Driver: Mélangeur audio Wave de noyau Microsoft (kmixer) - C:\WINDOWS\system32\drivers\kmixer.sys
O41 - Driver: Pilote HID de souris (mouhid) - C:\WINDOWS\system32\DRIVERS\mouhid.sys
O41 - Driver: Redirecteur client WebDav (MRxDAV) - C:\WINDOWS\system32\DRIVERS\mrxdav.sys
O41 - Driver: MRXSMB (MRxSmb) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
O41 - Driver: Proxy de service de répartition Microsoft (MSKSSRV) - C:\WINDOWS\system32\drivers\MSKSSRV.sys
O41 - Driver: Proxy d’horloge de répartition Microsoft (MSPCLOCK) - C:\WINDOWS\system32\drivers\MSPCLOCK.sys
O41 - Driver: Proxy de gestion de qualité de répartition Microsoft (MSPQM) - C:\WINDOWS\system32\drivers\MSPQM.sys
O41 - Driver: Pilote BIOS de gestion de systèmes Microsoft (mssmbios) - C:\WINDOWS\system32\DRIVERS\mssmbios.sys
O41 - Driver: Codec NABTS/FEC VBI (NABTSFEC) - C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
O41 - Driver: Connection TV/vidéo Microsoft (NdisIP) - C:\WINDOWS\system32\DRIVERS\NdisIP.sys
O41 - Driver: Pilote TAPI NDIS d’accès distant (NdisTapi) - C:\WINDOWS\system32\DRIVERS\ndistapi.sys
O41 - Driver: NDIS mode utilisateur E/S Protocole (Ndisuio) - C:\WINDOWS\system32\DRIVERS\ndisuio.sys
O41 - Driver: Pilote réseau étendu NDIS d’accès distant (NdisWan) - C:\WINDOWS\system32\DRIVERS\ndiswan.sys
O41 - Driver: Interface NetBIOS (NetBIOS) - C:\WINDOWS\system32\DRIVERS\netbios.sys
O41 - Driver: NetBIOS sur TCP/IP (NetBT) - C:\WINDOWS\system32\DRIVERS\netbt.sys
O41 - Driver: Pilote de carte réseau Intel® PRO/Wireless 3945ABG pour Windows XP 32 bits (NETw3x32) - C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
O41 - Driver: Pilote de filtre de trafic IPX (NwlnkFlt) - C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
O41 - Driver: Pilote de transfert de trafic IPX (NwlnkFwd) - C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
O41 - Driver: Miniport réseau étendu (PPTP) (PptpMiniport) - C:\WINDOWS\system32\DRIVERS\raspptp.sys
O41 - Driver: Planificateur de paquets QoS (PSched) - C:\WINDOWS\system32\DRIVERS\psched.sys
O41 - Driver: Pilote de liaison parallèle directe (Ptilink) - C:\WINDOWS\system32\DRIVERS\ptilink.sys
O41 - Driver: Pilote de connexion automatique d’accès distant (RasAcd) - C:\WINDOWS\system32\DRIVERS\rasacd.sys
O41 - Driver: Miniport réseau étendu (L2TP) (Rasl2tp) - C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
O41 - Driver: Pilote PPPOE d’accès à distance (RasPppoe) - C:\WINDOWS\system32\DRIVERS\raspppoe.sys
O41 - Driver: Parallèle direct (Raspti) - C:\WINDOWS\system32\DRIVERS\raspti.sys
O41 - Driver: Rdbss (Rdbss) - C:\WINDOWS\system32\DRIVERS\rdbss.sys
O41 - Driver: Pilote de redirecteur de périphérique Terminal Server (rdpdr) - C:\WINDOWS\system32\DRIVERS\rdpdr.sys
O41 - Driver: Pilote de filtre de lecture digitale de CD audio (redbook) - C:\WINDOWS\system32\DRIVERS\redbook.sys
O41 - Driver: (no object) (restore) - C:\WINDOWS\system32\drivers\restore.sys
O41 - Driver: SbFw (SbFw) - C:\WINDOWS\system32\drivers\SbFw.sys
O41 - Driver: Sunbelt Software Firewall NDIS IM Filter Miniport (SBFWIMCL) - C:\WINDOWS\system32\DRIVERS\sbfwim.sys
O41 - Driver: Secdrv (Secdrv) - C:\WINDOWS\system32\DRIVERS\secdrv.sys
O41 - Driver: Détrameur décalage BDA (SLIP) - C:\WINDOWS\system32\DRIVERS\SLIP.sys
O41 - Driver: Splitter audio du noyau Microsoft (splitter) - C:\WINDOWS\system32\drivers\splitter.sys
O41 - Driver: (no object) (sptd) - C:\WINDOWS\System32\Drivers\sptd.sys
O41 - Driver: Pilote de filtre de restauration système (sr) - C:\WINDOWS\system32\DRIVERS\sr.sys
O41 - Driver: Srv (Srv) - C:\WINDOWS\system32\DRIVERS\srv.sys
O41 - Driver: BDA IPSink (streamip) - C:\WINDOWS\system32\DRIVERS\StreamIP.sys
O41 - Driver: Pilote de bus logiciel (swenum) - C:\WINDOWS\system32\DRIVERS\swenum.sys
O41 - Driver: Synthétiseur de table de sons GC noyau Microsoft (swmidi) - C:\WINDOWS\system32\drivers\swmidi.sys
O41 - Driver: Périphérique audio système du noyau Microsoft (sysaudio) - C:\WINDOWS\system32\drivers\sysaudio.sys
O41 - Driver: Pilote du protocole TCP/IP (Tcpip) - C:\WINDOWS\system32\DRIVERS\tcpip.sys
O41 - Driver: Pilote de mise à jour microcode (Update) - C:\WINDOWS\system32\DRIVERS\update.sys
O41 - Driver: Pilote parent générique USB Microsoft (usbccgp) - C:\WINDOWS\system32\DRIVERS\usbccgp.sys
O41 - Driver: Pilote miniport de contrôleur d’hôte amélioré Microsoft USB 2.0 (usbehci) - C:\WINDOWS\system32\DRIVERS\usbehci.sys
O41 - Driver: Concentrateur USB2 (usbhub) - C:\WINDOWS\system32\DRIVERS\usbhub.sys
O41 - Driver: Classe d’imprimantes USB Microsoft (usbprint) - C:\WINDOWS\system32\DRIVERS\usbprint.sys
O41 - Driver: Pilote de scanneur USB (usbscan) - C:\WINDOWS\system32\DRIVERS\usbscan.sys
O41 - Driver: Pilote de stockage de masse USB (usbstor) - C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
O41 - Driver: Pilote miniport de contrôleur hôte universel USB Microsoft (usbuhci) - C:\WINDOWS\system32\DRIVERS\usbuhci.sys
O41 - Driver: Périphérique vidéo USB (WDM) (usbvideo) - C:\WINDOWS\System32\Drivers\usbvideo.sys
O41 - Driver: Pilote ARP IP d’accès distant (Wanarp) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O41 - Driver: Pilote WINMM de compatibilité audio WDM Microsoft (wdmaud) - C:\WINDOWS\system32\drivers\wdmaud.sys
O41 - Driver: Interface de gestion Microsoft Windows pour ACPI (WmiAcpi) - C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
O41 - Driver: WpdUsb (WpdUsb) - C:\WINDOWS\system32\DRIVERS\wpdusb.sys
O41 - Driver: Codec Teletext standard (WSTCODEC) - C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
O41 - Driver: Windows Driver Foundation - User-mode Driver Framework Platform Driver (WudfPf) - C:\WINDOWS\system32\DRIVERS\WudfPf.sys
O41 - Driver: Windows Driver Foundation - User-mode Driver Framework Reflector (WudfRd) - C:\WINDOWS\system32\DRIVERS\wudfrd.sys
—\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player 10 ActiveX
O42 - Logiciel: Eleusis
O42 - Logiciel: Foxit Reader
O42 - Logiciel: Génex
O42 - Logiciel: HP Image Zone 4.7
O42 - Logiciel: Security Update pour Microsoft .NET Framework 2.0 (KB917283)
O42 - Logiciel: Security Update pour Microsoft .NET Framework 2.0 (KB922770)
O42 - Logiciel: Hotfix for Windows XP (KB926239)
O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399)
O42 - Logiciel: K-Lite Mega Codec Pack 1.62
O42 - Logiciel: Microsoft .NET Framework 1.1 Hotfix (KB928366)
O42 - Logiciel: Messenger Plus! Live
O42 - Logiciel: Microsoft .NET Framework 1.1
O42 - Logiciel: Microsoft .NET Framework 2.0
O42 - Logiciel: Microsoft .NET Framework 3.0
O42 - Logiciel: Mozilla Firefox (3.0.7)
O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP
O42 - Logiciel: PictImages
O42 - Logiciel: Pictop
O42 - Logiciel: Microsoft Office Professional Plus 2007
O42 - Logiciel: SuperCopier2
O42 - Logiciel: Trousse Géo Tracé TGT
O42 - Logiciel: µTorrent
O42 - Logiciel: VideoLAN VLC media player 0.8.6
O42 - Logiciel: Vopt 8.06
O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474)
O42 - Logiciel: Windows Imaging Component
O42 - Logiciel: Windows Media Format 11 runtime
O42 - Logiciel: Lecteur Windows Media 11
O42 - Logiciel: WinRAR archiver
O42 - Logiciel: Windows Media Player 11
O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0
O42 - Logiciel: XML Paper Specification Shared Components Pack 1.0
O42 - Logiciel: ArtRage 2 Starter Edition
O42 - Logiciel: Windows Communication Foundation
O42 - Logiciel: HP PSC & OfficeJet 4.7
O42 - Logiciel: Powertoys For Windows XP
O42 - Logiciel: Windows Workflow Foundation
O42 - Logiciel: Paint.NET v3.0
O42 - Logiciel: Sunbelt Personal Firewall
O42 - Logiciel: Update for Outlook 2007 Junk Email Filter (kb962871)
O42 - Logiciel: Security Update for Microsoft Office Word 2007 (KB956358)
O42 - Logiciel: Update for Microsoft Office Outlook 2007 (KB952142)
O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB951338)
O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB954326)
O42 - Logiciel: Security Update for Microsoft Office Excel 2007 (KB958437)
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB958439)
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB951944)
O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB956828)
O42 - Logiciel: Update for Office 2007 (KB946691)
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB951550)
O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 1 (SP1)
O42 - Logiciel: Security Update for Microsoft Office Publisher 2007 (KB950114)
O42 - Logiciel: Microsoft Office Access MUI (French) 2007
O42 - Logiciel: Microsoft Office Excel MUI (French) 2007
O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007
O42 - Logiciel: Microsoft Office Publisher MUI (French) 2007
O42 - Logiciel: Microsoft Office Outlook MUI (French) 2007
O42 - Logiciel: Microsoft Office Word MUI (French) 2007
O42 - Logiciel: Microsoft Office Proof (Arabic) 2007
O42 - Logiciel: Microsoft Office Proof (German) 2007
O42 - Logiciel: Microsoft Office Proof (English) 2007
O42 - Logiciel: Microsoft Office Proof (French) 2007
O42 - Logiciel: Microsoft Office Proof (Dutch) 2007
O42 - Logiciel: Microsoft Office Proof (Spanish) 2007
O42 - Logiciel: Microsoft Office Proofing (French) 2007
O42 - Logiciel: Microsoft Office InfoPath MUI (French) 2007
O42 - Logiciel: Microsoft Office Shared MUI (French) 2007
O42 - Logiciel: Microsoft Office Language Pack 2007 Service Pack 1 (SP1)
O42 - Logiciel: MSXML 6 Service Pack 2 (KB954459)
O42 - Logiciel: Spybot - Search & Destroy
O42 - Logiciel: Windows Live Messenger
O42 - Logiciel: Windows Presentation Foundation
O42 - Logiciel: Microsoft .NET Framework 1.1 SP1 with KB886903 Hotfix
O42 - Logiciel: INDEX EDUCATION - Client PRONOTE 2008
O42 - Logiciel: Realtek High Definition Audio Driver
—\ Contenu des dossiers Fichiers Communs (O43)
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\DESIGNER
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Hewlett-Packard
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Microsoft Shared
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\MSSoap
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\ODBC
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Services
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\SpeechEngines
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\System
O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\WindowsLiveInstaller
—\ Derniers fichiers modifiés ou crées sous System32 (O44)
O44 - LFC:Last File Created - C:\WINDOWS\System32$winnt$.inf -->02/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\amcompat.tlb -->02/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\BuzzingBee.wav -->02/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\cdplayer.exe.manifest -->02/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\CONFIG.NT -->02/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\d3d8caps.dat -->03/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\d3d9caps.dat -->23/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\emptyregdb.dat -->02/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\FNTCACHE.DAT -->11/03/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\fozehuka.dll -->23/03/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\gahipewo.dll -->20/03/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\girujofi -->24/03/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\h323log.txt -->02/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ikhcore.log -->24/03/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\kalahavi.dll -->24/03/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\knhjrg.dll -->23/03/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\logonui.exe.manifest -->02/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\LoopyMusic.wav -->02/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\mshtml.dll -->16/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ncpa.cpl.manifest -->02/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\neduwozi.dll -->20/03/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nscompat.tlb -->02/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\nwc.cpl.manifest -->02/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ovfsthjiuwshgtlnrqptqsmctvlswlgdfekydw.dat -->20/03/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ovfsthnsevdennbhpstpbnetacxjjttnyhmtab.dll -->20/03/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ovfsthohpvxvqmrcsamecdxryusvmwgwyqmpiw.dat -->20/03/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ovfsthqmqpuxtowfhxfxakwbgfqbljwpirfvxc.dll -->20/03/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\ovfsthwuvsbpttieabqtfxmvnepolnkqobacnm.dll -->20/03/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfc009.dat -->24/03/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfc00C.dat -->24/03/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfh009.dat -->24/03/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfh00C.dat -->24/03/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\PerfStringBackup.INI -->24/03/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\reader_s.exe -->20/03/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\sapi.cpl.manifest -->02/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\sdkinst.log -->24/03/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\TZLog.log -->03/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\vumer.dll -->24/03/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\win32k.sys -->09/02/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\WindowsLogon.manifest -->02/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\wpa.dbl -->23/03/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\wuaucpl.cpl.manifest -->02/01/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\wztoid.dll -->24/03/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\xxxlfe.dll -->20/03/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\zipavagi.dll -->24/03/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\zllictbl.dat -->23/03/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\ndis.sys -->20/03/2009
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\ovfsth.sys -->21/03/2009
—\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\38400CF7F7144724831D42A4DBC36-2DA8E85D.pf -->24/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ALCMTR.EXE-01A7139B.pf -->23/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ALG.EXE-275708CF.pf -->23/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AUSECOURSORDIPOURRI.EXE-1C1A2020.pf -->24/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AU_.EXE-3561EEB5.pf -->23/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\B3E963EDADCF6DF74907B522892C1-061A4574.pf -->24/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CMD.EXE-034B0549.pf -->24/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\D5E656BCA872156B69091AE0945A5-3521A0B5.pf -->24/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DRWTSN32.EXE-01DDCF15.pf -->24/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DUMPREP.EXE-0AF2BF67.pf -->24/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DWWIN.EXE-2C373FB7.pf -->24/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\F6A3C9DCD8E480660D7533CC1EDBB-36B5F894.pf -->24/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FAST.EXE-33390184.pf -->23/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FIREFOX.EXE-06188867.pf -->24/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FLASHGOT.EXE-35404143.pf -->20/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FXSTELLER.EXE-2AC73241.pf -->23/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\GLB1A2B.EXE-101A8AA4.pf -->24/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HIJACKTHIS_HIJACKTHIS_2.02_AN-2E769E60.pf -->24/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HIJACKTHIS_HIJACKTHIS_2.02_AN-34C2F72B.pf -->24/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf -->24/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\Layout.ini -->23/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LOGON.SCR-24ADF392.pf -->23/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LOGONUI.EXE-312BE1BF.pf -->24/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSIEXEC.EXE-330626DC.pf -->24/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSNMSGR.EXE-0EBDBC56.pf -->23/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NEED4SOFTWARELAUNCHER.EXE-14BA69A6.pf -->23/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NEED4YOUTUBEDOWNLOAD.EXE-2107C52B.pf -->23/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NET.EXE-151FD66D.pf -->24/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NET1.EXE-02C3403D.pf -->24/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NOTEPAD.EXE-2DAE2DE6.pf -->23/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf -->24/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NTVDM.EXE-0A81AB7B.pf -->23/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\READER_S.EXE-0876AF8A.pf -->23/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\READER_S.EXE-096760EC.pf -->23/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REGSVR32.EXE-396DEA2C.pf -->24/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RTHDCPL.EXE-005A6E31.pf -->23/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-3F659A15.pf -->24/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-405F9C02.pf -->24/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-43A28A93.pf -->23/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-4EE39BB6.pf -->23/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-58FC9059.pf -->24/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-5E72AB64.pf -->23/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-6CF7C616.pf -->23/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-6DF739B2.pf -->24/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-6E8D4657.pf -->23/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNONCE.EXE-01CA3A2F.pf -->24/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SBPFCL.EXE-3030507E.pf -->24/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SBPFLNCH.EXE-2B0719A1.pf -->24/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SDHELP.EXE-0C8683D2.pf -->24/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SDK_INST.EXE-2FC0D8A8.pf -->24/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SETUP_WM.EXE-02751BCA.pf -->23/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SUNBELT-PERSONAL-FIREWALL-EX–000049F8.pf -->24/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SUPERCOPIER2.EXE-0D938940.pf -->23/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SVCHOST.EXE-2D5FBD18.pf -->24/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SWDOCTOR.EXE-038959C6.pf -->24/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\TASKMGR.EXE-06144C13.pf -->24/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\TEATIMER.EXE-0390E8A7.pf -->23/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNINS000.EXE-258D4CFB.pf -->24/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNREGAAW.EXE-29870057.pf -->24/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UNWISE.EXE-1665B615.pf -->24/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UPDCLIENT.EXE-06442ED2.pf -->23/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\USNSVC.EXE-05B86444.pf -->23/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\VERCLSID.EXE-28F52AD2.pf -->23/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\VLC.EXE-02F29DFD.pf -->21/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\VSDRV.EXE-01D530AE.pf -->23/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WGATRAY.EXE-350D4455.pf -->23/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINWORD.EXE-15ED065E.pf -->23/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WLLOGINPROXY.EXE-090074F0.pf -->23/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMIADAP.EXE-32F99497.pf -->24/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMIPRVSE.EXE-0D449B4F.pf -->24/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMPLAYER.EXE-1ACCF80A.pf -->23/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WSCNTFY.EXE-0B14C27D.pf -->24/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WUAUCLT.EXE-1360D60A.pf -->20/03/2009
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch_IU14D2N.TMP-0DC98135.pf -->24/03/2009
—\ ShellExecuteHooks, Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
—\ Export de clé d’application autorisée (O47)
O47 - AAKE:Key Export - “%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000"
O47 - AAKE:Key Export - “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export - “C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE::Enabled:Microsoft Office Outlook"
O47 - AAKE:Key Export - “C:\Program Files\Windows Live\Messenger\msnmsgr.exe”="C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger"
O47 - AAKE:Key Export - “C:\Program Files\Windows Live\Messenger\livecall.exe”="C:\Program Files\Windows Live\Messenger\livecall.exe::Enabled:Windows Live Messenger (Phone)"
O47 - AAKE:Key Export - “C:\WINDOWS\system32\winlogon.exe”="C:\WINDOWS\system32\winlogon.exe::Enabled:winlogon"
O47 - AAKE:Key Export - “C:\WINDOWS\system32\lsass.exe”="C:\WINDOWS\system32\lsass.exe::Enabled:lsass"
O47 - AAKE:Key Export - “C:\WINDOWS\system32\HPZipm12.exe”="C:\WINDOWS\system32\HPZipm12.exe::Enabled:HPZipm12"
O47 - AAKE:Key Export - “C:\WINDOWS\system32\services.exe”=“C:\WINDOWS\system32\services.exe::Enabled:services"
O47 - AAKE:Key Export - “C:\WINDOWS\system32\wbem\wmiprvse.exe”="C:\WINDOWS\system32\wbem\wmiprvse.exe::Enabled:wmiprvse"
O47 - AAKE:Key Export - “%windir%\Network Diagnostic\xpnetdiag.exe”=”%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000"
O47 - AAKE:Key Export - “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export - “C:\Program Files\Windows Live\Messenger\msnmsgr.exe”=“C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger"
O47 - AAKE:Key Export - “C:\Program Files\Windows Live\Messenger\livecall.exe”="C:\Program Files\Windows Live\Messenger\livecall.exe::Enabled:Windows Live Messenger (Phone)”
—\ Déni du service Local Security Authority (LSA) (O48)
O48 - LSA:Local Security Authority Authentication Packages - C:\WINDOWS\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages - C:\WINDOWS\System32\scecli.dll
—\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM…\CCS\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM…\CCS\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM…\CCS\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM…\CCS\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM…\CCS\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM…\CCS\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM…\CCS\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM…\CCS\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM…\CCS\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM…\CCS\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM…\CCS\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM…\CCS\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM…\CCS\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM…\CCS\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM…\CCS\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM…\CCS\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM…\CCS\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM…\CCS\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM…\CCS\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM…\CCS\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM…\CCS\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM…\CS1\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM…\CS1\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM…\CS1\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM…\CS1\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM…\CS1\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM…\CS1\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM…\CS1\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM…\CS1\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM…\CS1\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM…\CS1\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM…\CS1\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM…\CS1\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM…\CS1\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM…\CS1\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM…\CS1\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM…\CS1\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM…\CS1\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM…\CS1\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM…\CS1\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM…\CS1\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM…\CS1\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM…\CS3\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM…\CS3\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM…\CS3\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM…\CS3\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM…\CS3\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM…\CS3\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM…\CS3\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM…\CS3\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM…\CS3\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM…\CS3\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM…\CS3\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM…\CS3\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM…\CS3\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM…\CS3\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM…\CS3\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM…\CS3\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM…\CS3\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM…\CS3\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM…\CS3\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM…\CS3\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM…\CS3\Network\vgasave.sys
—\ Image File Execution Options (IEFO) (O50)
O50 - IEFO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
End of the scan:
Rapport SDFix :
SDFix: Version 1.240
Run by Good on 24/03/2009 at 18:37
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Name :
restore
Path :
??\C:\WINDOWS\system32\drivers\restore.sys
restore - Deleted
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\DOCUME~1\Good\LOCALS~1\Temp\TMP2.tmp - Deleted
C:\DOCUME~1\Good\LOCALS~1\Temp\TMP3.tmp - Deleted
C:\DOCUME~1\Good\LOCALS~1\Temp\TMP4.tmp - Deleted
C:\DOCUME~1\Good\LOCALS~1\Temp\TMP5.tmp - Deleted
C:\DOCUME~1\Good\LOCALS~1\Temp\TMP6.tmp - Deleted
C:\DOCUME~1\Good\LOCALS~1\Temp\TMP61.tmp - Deleted
C:\DOCUME~1\Good\LOCALS~1\Temp\TMP64.tmp - Deleted
C:\DOCUME~1\Good\LOCALS~1\Temp\TMP7.tmp - Deleted
C:\DOCUME~1\Good\LOCALS~1\Temp\TMP7F.tmp - Deleted
C:\DOCUME~1\Good\LOCALS~1\Temp\TMP8.tmp - Deleted
C:\DOCUME~1\Good\LOCALS~1\Temp\TMP9.tmp - Deleted
C:\DOCUME~1\Good\LOCALS~1\Temp\TMPA.tmp - Deleted
C:\DOCUME~1\Good\LOCALS~1\Temp\TMPC.tmp - Deleted
C:\DOCUME~1\Good\LOCALS~1\Temp\TMPF.tmp - Deleted
Removing Temp Files
ADS Check :
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-24 18:42:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes …
IPC error: 2 Le fichier spécifié est introuvable.
scanning hidden services & system hive …
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EF6695D1DECE8B0AEAD3EF931BCA5435]
“NextInstance”=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EF6695D1DECE8B0AEAD3EF931BCA5435\0000]
“Service”=“ef6695d1dece8b0aead3ef931bca5435"
“Legacy”=dword:00000001
"ConfigFlags”=dword:00000000
"Class"=“LegacyDriver”
“ClassGUID”="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
“DeviceDesc”=“ef6695d1dece8b0aead3ef931bca5435"
“Capabilities”=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ef6695d1dece8b0aead3ef931bca5435]
“c”=”®istry_path=\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\ef6695d1dece8b0aead3ef931bca5435&download_period=846000&first_download_delay=180&version=2&ip_0=586742989&port_0=7000&max_fails_0=5&ip_1=704183501&port_1=8300&max_fails_1=5&ip_2=2241985741&port_2=9002&max_fails_2=2&ip_3=1512966353&port_3=11234&max_fails_3=2&ips_count=4&name=ef6695d1dece8b0aead3ef931bca5435&path=system32\ef6695d1dece8b0aead3ef931bca5435.sys&wmid=Dcl993&idate=2009-03-20 22:15:04:000&last_download_time=2009-3-20 22:18:9.46&first_skip=1"
“Type”=dword:00000001
"Start"=dword:00000000
"ErrorControl"=dword:00000000
"Tag"=dword:00000007
"ImagePath"=str(2):“system32\ef6695d1dece8b0aead3ef931bca5435.sys”
“DisplayName”="ef6695d1dece8b0aead3ef931bca5435"
“Group”=“System Bus Extender”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ef6695d1dece8b0aead3ef931bca5435\Security]
“Security”=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,…
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ovfsthbedxidviuypruxdkpalqielemtmpbyjb]
“start”=dword:00000001
"type"=dword:00000001
"group"=“file system”
“imagepath”=str(2):"\systemroot\system32\drivers\ovfsthdyoophuebswoeknopibabkxnqqveiuvj.sys"
“inst”=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ovfsthbedxidviuypruxdkpalqielemtmpbyjb\main]
“ver”="icv170309"
“cid”="01"
“bid”="2697809010-1454471165-926492609-839522115"
“aid”="303369"
“sid”=“16"
“feed”=hex:22,64,78,36,3c,2e,3b,29,39,3b,3b,3a,04,4f,01,0c,09,65
"cmddelay”=dword:00003841
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ovfsthbedxidviuypruxdkpalqielemtmpbyjb\modules]
“ovfsth.dll”="\systemroot\system32\ovfsthqmqpuxtowfhxfxakwbgfqbljwpirfvxc.dll"
“ovfsth.sys”="\systemroot\system32\drivers\ovfsthdyoophuebswoeknopibabkxnqqveiuvj.sys"
“ovfsthlog.dat”="\systemroot\system32\ovfsthohpvxvqmrcsamecdxryusvmwgwyqmpiw.dat"
“ovfsthwi.dll”="\systemroot\system32\ovfsthnsevdennbhpstpbnetacxjjttnyhmtab.dll"
“ovfsthff.dll”="\systemroot\system32\ovfsthwuvsbpttieabqtfxmvnepolnkqobacnm.dll"
“ovfsth.dat”="\systemroot\system32\ovfsthjiuwshgtlnrqptqsmctvlswlgdfekydw.dat"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_EF6695D1DECE8B0AEAD3EF931BCA5435]
“NextInstance”=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_EF6695D1DECE8B0AEAD3EF931BCA5435\0000]
“Service”=“ef6695d1dece8b0aead3ef931bca5435"
“Legacy”=dword:00000001
"ConfigFlags”=dword:00000000
"Class"=“LegacyDriver”
“ClassGUID”="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
“DeviceDesc”=“ef6695d1dece8b0aead3ef931bca5435"
“Capabilities”=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ef6695d1dece8b0aead3ef931bca5435]
“c”=”®istry_path=\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\ef6695d1dece8b0aead3ef931bca5435&download_period=846000&first_download_delay=180&version=2&ip_0=586742989&port_0=7000&max_fails_0=5&ip_1=704183501&port_1=8300&max_fails_1=5&ip_2=2241985741&port_2=9002&max_fails_2=2&ip_3=1512966353&port_3=11234&max_fails_3=2&ips_count=4&name=ef6695d1dece8b0aead3ef931bca5435&path=system32\ef6695d1dece8b0aead3ef931bca5435.sys&wmid=Dcl993&idate=2009-03-20 22:15:04:000&last_download_time=2009-3-20 22:18:9.46&first_skip=1"
“Type”=dword:00000001
"Start"=dword:00000000
"ErrorControl"=dword:00000000
"Tag"=dword:00000007
"ImagePath"=str(2):“system32\ef6695d1dece8b0aead3ef931bca5435.sys”
“DisplayName”="ef6695d1dece8b0aead3ef931bca5435"
“Group”=“System Bus Extender”
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ef6695d1dece8b0aead3ef931bca5435\Security]
“Security”=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,…
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ovfsthbedxidviuypruxdkpalqielemtmpbyjb]
“start”=dword:00000001
"type"=dword:00000001
"group"=“file system”
“imagepath”=str(2):"\systemroot\system32\drivers\ovfsthdyoophuebswoeknopibabkxnqqveiuvj.sys"
“inst”=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ovfsthbedxidviuypruxdkpalqielemtmpbyjb\main]
“ver”="icv170309"
“cid”="01"
“bid”="2697809010-1454471165-926492609-839522115"
“aid”="303369"
“sid”=“16"
“feed”=hex:22,64,78,36,3c,2e,3b,29,39,3b,3b,3a,04,4f,01,0c,09,65
"cmddelay”=dword:00003841
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ovfsthbedxidviuypruxdkpalqielemtmpbyjb\modules]
“ovfsth.dll”="\systemroot\system32\ovfsthqmqpuxtowfhxfxakwbgfqbljwpirfvxc.dll"
“ovfsth.sys”="\systemroot\system32\drivers\ovfsthdyoophuebswoeknopibabkxnqqveiuvj.sys"
“ovfsthlog.dat”="\systemroot\system32\ovfsthohpvxvqmrcsamecdxryusvmwgwyqmpiw.dat"
“ovfsthwi.dll”="\systemroot\system32\ovfsthnsevdennbhpstpbnetacxjjttnyhmtab.dll"
“ovfsthff.dll”="\systemroot\system32\ovfsthwuvsbpttieabqtfxmvnepolnkqobacnm.dll"
“ovfsth.dat”="\systemroot\system32\ovfsthjiuwshgtlnrqptqsmctvlswlgdfekydw.dat"
scanning hidden registry entries …
scanning hidden files …
C:\WINDOWS\system32\ef6695d1dece8b0aead3ef931bca5435.sys 39936 bytes executable
scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 1
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE::Enabled:Microsoft Office Outlook"
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”="C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger”
“C:\Program Files\Windows Live\Messenger\livecall.exe”=“C:\Program Files\Windows Live\Messenger\livecall.exe::Enabled:Windows Live Messenger (Phone)"
“C:\WINDOWS\system32\winlogon.exe”="C:\WINDOWS\system32\winlogon.exe::Enabled:winlogon”
“C:\WINDOWS\system32\lsass.exe”="C:\WINDOWS\system32\lsass.exe::Enabled:lsass"
“C:\WINDOWS\system32\HPZipm12.exe”="C:\WINDOWS\system32\HPZipm12.exe::Enabled:HPZipm12"
“C:\WINDOWS\system32\services.exe”=“C:\WINDOWS\system32\services.exe::Enabled:services"
“C:\WINDOWS\system32\wbem\wmiprvse.exe”="C:\WINDOWS\system32\wbem\wmiprvse.exe::Enabled:wmiprvse”
“C:\WINDOWS\explorer.exe”=“C:\WINDOWS\explorer.exe::Enabled:Explorer"
“C:\WINDOWS\system32\Fast.exe”="C:\WINDOWS\system32\Fast.exe::Enabled:Fast”
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”=“C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger"
“C:\Program Files\Windows Live\Messenger\livecall.exe”="C:\Program Files\Windows Live\Messenger\livecall.exe::Enabled:Windows Live Messenger (Phone)”
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Fri 20 Mar 2009 48,690 …SHR — "C:\WINDOWS\fxsteller.exe"
Thu 5 Mar 2009 2,260,480 A.SHR — "C:\Program Files\Spybot - Search & Destroy\is-7HRH4.tmp"
Mon 26 Jan 2009 1,740,632 A.SHR — "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 26 Jan 2009 5,365,592 A.SHR — “C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe”
— 48,640 A.SH. — "C:\WINDOWS\system32\badaliyo.dll"
Mon 23 Mar 2009 122,880 A.SH. — "C:\WINDOWS\system32\fozehuka.dll"
Fri 20 Mar 2009 122,880 A.SH. — “C:\WINDOWS\system32\gahipewo.dll”
— 48,640 A.SH. — "C:\WINDOWS\system32\hufufoga.dll"
Tue 24 Mar 2009 122,880 A.SH. — “C:\WINDOWS\system32\kalahavi.dll”
— 122,144 A.SH. — "C:\WINDOWS\system32\kipiheba.dll"
Mon 23 Mar 2009 122,880 A.SH. — "C:\WINDOWS\system32\knhjrg.dll"
Fri 20 Mar 2009 86,016 A.SH. — “C:\WINDOWS\system32\neduwozi.dll”
— 80,865 A.SH. — “C:\WINDOWS\system32\rarunuku.dll”
— 48,640 A.SH. — "C:\WINDOWS\system32\wuleluzu.dll"
Tue 24 Mar 2009 122,880 A.SH. — "C:\WINDOWS\system32\wztoid.dll"
Fri 20 Mar 2009 122,880 A.SH. — “C:\WINDOWS\system32\xxxlfe.dll”
— 85,985 A.SH. — "C:\WINDOWS\system32\yusawafa.dll"
Tue 24 Mar 2009 28,320 A.SH. — “C:\WINDOWS\system32\zipavagi.dll”
Finished!
Enfin le rapport de smitfraudfix :
SmitFraudFix v2.405
Rapport fait à 19:24:48,31, 24/03/2009
Executé à partir de C:\Documents and Settings\Good\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Fast.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\fast.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Good\reader_s.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Good\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Good
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Good\LOCALS~1\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Good\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Good\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
“Source”=“About:Home”
“SubscribedURL”=“About:Home”
“FriendlyName”=“Ma page d’accueil”
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler’s .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"=“STS”
[HKEY_CLASSES_ROOT\CLSID{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InProcServer32]
@=“c:\windows\system32\derinade.dll”
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InProcServer32]
@=“c:\windows\system32\derinade.dll”
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“AppInit_DLLs”=“C:\WINDOWS\system32\wuleluzu.dll c:\windows\system32\boliraka.dll wztoid.dll c:\windows\system32\derinade.dll”
“LoadAppInit_DLLs”=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
“Userinit”=“C:\WINDOWS\system32\userinit.exe,”
“System”=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Broadcom NetLink ™ Gigabit Ethernet - Miniport d’ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip…{415AA791-D41D-4F7E-A371-1E16EC6E2335}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip…{415AA791-D41D-4F7E-A371-1E16EC6E2335}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip…{415AA791-D41D-4F7E-A371-1E16EC6E2335}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Voilà, voilà, ca en faisait de la lecture. Et maintenant, que puis-je faire ?
Merci d’avance, mais alors vraiment merci, si vous avez une solution