Le virus Host
miloudov
Messages postés
21
Statut
Membre
-
miloudov Messages postés 21 Statut Membre -
miloudov Messages postés 21 Statut Membre -
Bonjour,
J'ai un problème dans mon PC que je souhaite éxposer en souhaitant avoir une réponse ;mon problème consiste dans un virus que ne sais où je l'ai chopé ,quand je démare mon pc il écone qui s'affiche 'alios' qui ouvre des dossiers vides partout ,des images ,des musiques .......ect ,j'ai essaye plusieurs Anivir en vains !! ,merci de me répondre .
J'ai un problème dans mon PC que je souhaite éxposer en souhaitant avoir une réponse ;mon problème consiste dans un virus que ne sais où je l'ai chopé ,quand je démare mon pc il écone qui s'affiche 'alios' qui ouvre des dossiers vides partout ,des images ,des musiques .......ect ,j'ai essaye plusieurs Anivir en vains !! ,merci de me répondre .
A voir également:
- Windowsdesktop-runtime-6.0.27-win-x64
- Host file - Guide
- Virus mcafee - Accueil - Piratage
- Softonic virus ✓ - Forum Virus
- Virus facebook demande d'amis - Accueil - Facebook
- Artemis virus - Forum Virus
21 réponses
2009-05-24 11:02 . 2009-05-24 11:02 -------- d-----w c:\documents and settings\All Users\Application Data\1CEA
2009-05-24 10:45 . 2009-05-24 10:45 -------- d-----w c:\documents and settings\All Users\Application Data\Bandoo
2009-05-24 10:45 . 2009-05-24 12:03 -------- d-----w c:\program files\Bandoo
2009-05-23 22:43 . 2009-05-24 11:27 -------- d-----w c:\documents and settings\IMAD\Local Settings\Application Data\BearShare
2009-05-23 22:43 . 2009-05-24 11:49 -------- d-----w c:\program files\BearShare Applications
2009-05-23 22:13 . 2009-05-24 11:52 -------- d-----w c:\documents and settings\IMAD\Local Settings\Application Data\Screamer Radio
2009-05-23 21:46 . 2009-05-23 21:59 -------- d-----w c:\program files\adslTV
2009-05-23 16:46 . 2009-05-24 12:43 -------- d-----w c:\program files\Fichiers communs\Windows Live
2009-05-23 09:42 . 2009-05-24 12:43 -------- d-----w c:\documents and settings\IMAD\Application Data\Malwarebytes
2009-05-23 09:42 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-23 09:42 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-23 09:42 . 2009-05-24 12:43 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-23 09:42 . 2009-05-23 11:53 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-23 07:49 . 2009-05-24 12:43 -------- d-----w c:\documents and settings\IMAD\Local Settings\Application Data\The Weather Channel
2009-05-22 23:23 . 2009-05-24 12:43 -------- d-----w c:\documents and settings\IMAD\Application Data\Sammsoft
2009-05-22 23:23 . 2009-05-24 12:43 -------- d-----w c:\program files\AskBarDis
2009-05-22 23:23 . 2009-05-24 12:43 -------- d-----w c:\program files\Advanced Registry Optimizer
2009-05-22 21:30 . 2009-05-24 12:43 -------- d-----w c:\documents and settings\IMAD\Application Data\SolwaySoftware
2009-05-22 21:21 . 2009-05-24 12:43 -------- d-----w C:\DriveKey
2009-05-22 19:58 . 2009-05-24 12:43 -------- d-----w c:\program files\trend micro
2009-05-22 19:58 . 2009-05-24 12:43 -------- d-----w C:\rsit
2009-05-22 19:34 . 2009-05-24 12:43 -------- d-----w c:\documents and settings\IMAD\Application Data\URSoft
2009-05-22 19:34 . 2009-05-24 12:43 -------- d-----w c:\program files\Your Uninstaller 2008
2009-05-22 19:22 . 2009-05-24 12:43 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-05-22 19:22 . 2009-05-24 12:43 -------- d-----w c:\documents and settings\IMAD\Application Data\Yahoo!
2009-05-22 19:22 . 2009-05-24 12:43 -------- d-----w c:\program files\Yahoo!
2009-05-21 17:46 . 2008-04-13 17:33 221184 ----a-w c:\windows\system32\wmpns.dll
2009-05-21 14:35 . 2009-05-24 12:43 -------- d-----w c:\windows\Sun
2009-05-21 09:05 . 2009-02-09 11:24 2191104 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-21 09:05 . 2009-02-09 11:23 2147328 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-21 09:05 . 2009-02-09 11:23 2025984 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-21 08:11 . 2008-06-14 17:33 272768 -c----w c:\windows\system32\dllcache\bthport.sys
2009-05-21 08:11 . 2008-06-14 17:33 272768 ------w c:\windows\system32\drivers\bthport.sys
2009-05-21 07:16 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-05-21 01:00 . 2007-07-27 07:41 26488 ----a-w c:\windows\system32\spupdsvc.exe
2009-05-21 00:49 . 2009-05-24 12:43 -------- d-----w c:\program files\AGI
2009-05-21 00:16 . 2009-05-21 01:04 86576 ----a-w c:\documents and settings\IMAD\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
2009-05-21 00:16 . 2009-05-21 01:04 392728 ----a-w c:\documents and settings\IMAD\Application Data\Microsoft\Services Windows Live\Services Windows Live.dll
2009-05-21 00:16 . 2009-05-21 01:04 132672 ----a-w c:\documents and settings\IMAD\Application Data\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
2009-05-20 23:28 . 2009-05-21 01:10 143360 ----a-w c:\documents and settings\IMAD\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
2009-05-20 23:28 . 2009-05-21 01:10 132096 ----a-w c:\documents and settings\IMAD\Application Data\Microsoft\Live Search\Suppression-Live-Search.exe
2009-05-20 23:28 . 2009-05-21 01:10 125440 ----a-w c:\documents and settings\IMAD\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
2009-05-20 22:13 . 2009-05-24 12:43 -------- d-sh--w C:\found.000
2009-05-18 22:42 . 2009-05-24 12:43 -------- d-----w c:\documents and settings\IMAD\Local Settings\Application Data\Identities
2009-05-18 22:38 . 2009-05-24 12:43 -------- d-----w c:\documents and settings\IMAD\Local Settings\Application Data\Adobe
2009-05-18 22:32 . 2009-05-24 12:43 -------- d-----w c:\program files\MSECache
2009-05-18 22:14 . 2009-05-24 12:43 -------- d-----w c:\documents and settings\IMAD\Application Data\dvdcss
2009-05-18 22:12 . 2009-05-24 12:43 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-24 12:45 . 2009-05-18 21:21 -------- d-----w c:\program files\SuperCopier2
2009-05-23 13:54 . 2008-02-21 15:53 1761120 ----a-w c:\documents and settings\IMAD\Application Data\IDM\DwnlData\IMAD\DFX2BETA_1736_9\DFX2BETA_1736.exe
2009-05-18 21:37 . 2009-05-18 21:37 120240 ----a-w c:\documents and settings\IMAD\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
2009-05-18 21:34 . 2009-05-18 21:34 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-05-18 21:34 . 2009-05-18 21:34 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-05-18 21:31 . 2009-05-18 21:31 57344 ----a-w c:\documents and settings\IMAD\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-55694a9f-n\Decora-SSE.dll
2009-05-18 21:30 . 2009-05-18 21:30 24064 ----a-w c:\documents and settings\IMAD\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-46b51e4f-n\Decora-D3D.dll
2009-05-18 21:30 . 2009-05-18 21:30 315392 ----a-w c:\documents and settings\IMAD\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-329123bb-n\jogl.dll
2009-05-18 21:30 . 2009-05-18 21:30 20480 ----a-w c:\documents and settings\IMAD\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-329123bb-n\jogl_awt.dll
2009-05-18 21:30 . 2009-05-18 21:30 114688 ----a-w c:\documents and settings\IMAD\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-329123bb-n\jogl_cg.dll
2009-05-18 21:30 . 2009-05-18 21:30 20480 ----a-w c:\documents and settings\IMAD\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-601542d3-n\gluegen-rt.dll
2009-05-18 21:30 . 2009-05-18 21:30 499712 ----a-w c:\documents and settings\IMAD\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-4647c794-n\msvcp71.dll
2009-05-18 21:30 . 2009-05-18 21:30 499712 ----a-w c:\documents and settings\IMAD\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-4647c794-n\jmc.dll
2009-05-18 21:30 . 2009-05-18 21:30 348160 ----a-w c:\documents and settings\IMAD\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-4647c794-n\msvcr71.dll
2009-05-18 21:25 . 2009-05-18 21:24 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-18 19:50 . 2009-05-18 19:50 315392 ----a-w c:\windows\HideWin.exe
2009-05-18 19:40 . 2009-05-18 19:40 21892 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-06 14:20 . 2008-04-13 17:33 286720 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:13 . 2008-03-01 12:58 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 17:10 . 2008-05-09 21:28 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-10 17:06 . 2008-04-13 19:07 2068096 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 14:05 . 2008-04-13 16:58 1846912 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:24 . 2008-04-13 17:08 2191104 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:23 . 2008-04-13 17:34 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:53 . 2008-04-13 17:33 735744 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:53 . 2008-04-13 17:33 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:53 . 2008-04-13 17:33 685568 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:53 . 2008-04-13 17:33 739840 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2001-08-28 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:58 . 2008-04-13 17:33 56832 ----a-w c:\windows\system32\secur32.dll
2008-12-20 22:14 . 2008-04-13 17:33 1294336 ----a-w c:\windows\system32\quartz.dll
2008-12-16 12:31 . 2008-04-13 17:33 354304 ----a-w c:\windows\system32\winhttp.dll
2008-12-11 10:57 . 2008-04-13 10:15 333952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-05 06:57 . 2008-04-13 17:33 144896 ----a-w c:\windows\system32\schannel.dll
2008-10-30 08:21 . 2009-05-18 21:15 75072 ----a-w c:\windows\system32\drivers\avipbb.sys
2008-10-24 11:21 . 2008-04-13 10:17 455296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 . 2008-04-13 17:33 286720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 13:13 . 2009-05-18 19:41 202776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 . 2009-05-18 19:41 1809944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 . 2009-05-18 19:41 323608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 . 2009-05-18 19:41 561688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:09 . 2009-05-18 19:41 51224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 . 2008-10-16 13:09 43544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:09 . 2008-04-13 17:33 92696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:08 . 2009-05-18 19:41 34328 ----a-w c:\windows\system32\wups.dll
2008-10-03 10:03 . 2008-04-13 17:33 247326 ----a-w c:\windows\system32\strmdll.dll
2008-09-10 01:15 . 2008-04-13 17:33 1307648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:16 . 2008-04-13 17:33 1106944 ----a-w c:\windows\system32\msxml3.dll
2008-08-14 10:04 . 2008-04-13 10:19 138496 ----a-w c:\windows\system32\drivers\afd.sys
2008-07-07 20:28 . 2008-04-13 17:33 253952 ----a-w c:\windows\system32\es.dll
2008-06-24 16:44 . 2008-04-13 17:33 74240 ----a-w c:\windows\system32\mscms.dll
2008-06-24 16:12 . 2008-05-09 21:26 295936 ----a-w c:\windows\system32\wmpeffects.dll
2008-06-20 17:47 . 2008-04-13 17:33 247808 ----a-w c:\windows\system32\mswsock.dll
2008-06-20 11:51 . 2008-04-13 10:20 361600 ----a-w c:\windows\system32\drivers\tcpip.sys
2008-06-20 11:08 . 2008-04-13 10:00 225856 ----a-w c:\windows\system32\drivers\tcpip6.sys
2008-06-18 03:03 . 2008-05-09 21:27 938496 ----a-w c:\windows\system32\WMNetmgr.dll
2008-06-17 23:09 . 2008-05-09 21:27 100864 ----a-w c:\windows\system32\logagent.exe
2008-06-12 14:22 . 2009-05-18 19:39 956928 ----a-w c:\windows\system32\msdtctm.dll
2008-06-12 14:22 . 2009-05-18 19:39 91648 ----a-w c:\windows\system32\mtxoci.dll
2008-06-12 14:22 . 2009-05-18 19:39 428032 ----a-w c:\windows\system32\msdtcprx.dll
2008-06-12 14:22 . 2009-05-18 19:39 161792 ----a-w c:\windows\system32\msdtcuiu.dll
2008-06-12 14:22 . 2008-04-13 17:33 66560 ----a-w c:\windows\system32\mtxclu.dll
2008-06-12 14:22 . 2009-05-18 19:39 58880 ----a-w c:\windows\system32\msdtclog.dll
2008-05-21 17:00 . 2008-02-20 10:58 76432 ----a-w c:\documents and settings\IMAD\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-05-09 21:32 . 2008-05-09 21:32 1571840 ----a-w c:\windows\system32\sfcfiles.dll
2008-05-09 21:32 . 2008-05-09 21:32 1013248 ----a-w c:\windows\system32\syssetup.dll
2008-05-09 21:30 . 2008-05-09 21:30 211456 ----a-w c:\windows\system32\qasf.dll
2008-05-09 21:30 . 2008-05-09 21:30 63488 ----a-w c:\windows\system32\wpdmtpus.dll
2008-05-09 21:30 . 2008-05-09 21:30 229376 ----a-w c:\windows\system32\cewmdm.dll
2008-05-09 21:30 . 2008-05-09 21:30 175616 ----a-w c:\windows\system32\mspmsp.dll
2008-05-09 21:30 . 2008-05-09 21:30 1329152 ----a-w c:\windows\system32\wmspdmoe.dll
2008-05-09 21:29 . 2008-05-09 21:29 1117696 ----a-w c:\windows\system32\wmadmoe.dll
2008-05-09 21:29 . 2008-05-09 21:29 534528 ----a-w c:\windows\system32\wmdrmsdk.dll
2008-05-09 21:29 . 2008-05-09 21:29 991744 ----a-w c:\windows\system32\drmv2clt.dll
2008-05-09 21:29 . 2008-05-09 21:29 348672 ----a-w c:\windows\system32\wmdrmnet.dll
2008-05-09 21:29 . 2008-05-09 21:29 24576 ----a-w c:\windows\system32\nlsdl.dll
2008-05-09 21:29 . 2008-05-09 21:29 23552 ----a-w c:\windows\system32\normaliz.dll
2008-05-09 21:29 . 2008-05-09 21:29 26112 ----a-w c:\windows\system32\idndl.dll
2008-05-09 21:29 . 2008-05-09 21:29 48128 ----a-w c:\windows\system32\mshtmler.dll
2008-05-09 21:29 . 2008-05-09 21:29 156160 ----a-w c:\windows\system32\msls31.dll
2008-05-09 21:29 . 2008-05-09 21:29 45568 ----a-w c:\windows\system32\mshta.exe
2008-05-09 21:29 . 2008-05-09 21:29 40960 ----a-w c:\windows\system32\licmgr10.dll
2008-05-09 21:28 . 2008-05-09 21:28 36352 ----a-w c:\windows\system32\imgutil.dll
2008-05-09 21:28 . 2008-05-09 21:28 55296 ----a-w c:\windows\system32\iesetup.dll
2008-05-09 21:28 . 2008-05-09 21:28 71680 ----a-w c:\windows\system32\admparse.dll
2008-05-09 21:28 . 2008-05-09 21:28 17408 ----a-w c:\windows\system32\corpol.dll
2008-05-09 21:28 . 2008-05-09 21:28 4096 ----a-w c:\windows\system32\wmvdmoe2.dll
2008-05-09 21:28 . 2008-05-09 21:28 4096 ----a-w c:\windows\system32\wmvdmod.dll
2008-05-09 21:28 . 2008-05-09 21:28 603648 ----a-w c:\windows\system32\wmspdmod.dll
2008-05-09 21:28 . 2008-05-09 21:28 99840 ----a-w c:\windows\system32\wmpshell.dll
2008-05-09 21:28 . 2008-05-09 21:28 8292352 ----a-w c:\windows\system32\wmploc.dll
2008-05-09 21:28 . 2008-05-09 21:28 4096 ----a-w c:\windows\system32\wmsdmoe2.dll
2008-05-09 21:28 . 2008-05-09 21:28 4096 ----a-w c:\windows\system32\wmsdmod.dll
2008-05-09 21:26 . 2008-05-09 21:26 4096 ----a-w c:\windows\system32\wmvadve.dll
2008-05-09 10:55 . 2008-04-13 17:33 90112 ----a-w c:\windows\system32\wshext.dll
2008-05-09 10:55 . 2008-04-13 17:33 430080 ----a-w c:\windows\system32\vbscript.dll
2008-05-09 10:55 . 2008-04-13 17:33 180224 ----a-w c:\windows\system32\scrobj.dll
2008-05-09 10:55 . 2008-04-13 17:33 172032 ----a-w c:\windows\system32\scrrun.dll
2008-05-09 10:15 . 2009-05-18 21:15 45376 ----a-w c:\windows\system32\drivers\avgntdd.sys
2008-05-08 14:02 . 2008-04-13 09:55 203136 ----a-w c:\windows\system32\drivers\rmcast.sys
.
------- Sigcheck -------
[-] 2008-05-09 21:32 1571840 33578A738C564B4F84D906EFD91025E5 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 13:20 279944 ----a-w c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-18 2594224]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"E09FXLRD_1170125"="c:\program files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" [2008-05-28 351000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-18 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-04 81920]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-05-18 185872]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-04 1626112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage.exe [2002-1-5 53248]
c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage.exe [2002-1-5 53248]
c:\documents and settings\IMAD\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage.exe [2002-1-5 53248]
Outil de notification Live Search.lnk - c:\documents and settings\IMAD\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2009-5-21 143360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage.exe [2002-1-5 53248]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Encyclopaedia Universalis\\Encyclopaedia Universalis\\starter.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
S3 ALLOW-IO;ALLOW-IO;\??\f:\allow-io.sys --> f:\ALLOW-IO.sys [?]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - mchInjDrv
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-DriverInstall - f:\drivers\QInstall.exe
HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
HKLM-Run-issat - c:\windows\system32\issat.exe
HKLM-Run-SystemInit - (no file)
HKLM-Run-Karen - (no file)
HKLM-Run-raVe - (no file)
HKLM-Run-Win32BaseServiceMOD - (no file)
HKLM-Run-startIE - (no file)
SafeBoot-procexp90.Sys
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.dz/
IE: &Search
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {E25942F9-9B4E-4DA1-9A1F-AC7EAAAECFFB} = 192.168.0.1
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.
.
------- Associations de fichier -------
.
txtfile=NOTEPAD %1
vbefile\shell\edit\command=%SystemRoot%\System32\Notepad.exe %1
vbsfile\shell\edit\command=c:\windows\Notepad.exe %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 13:45
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\IMAD\LOCALS~1\Temp\mc2B.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):45,28,94,3d,76,84,58,72,24,0a,08,89,91,1a,42,5b,a9,b6,2c,16,16,
4f,7f,ce,a7,65,5c,99,58,e2,05,33,d4,e8,29,f1,ae,9e,7a,4f,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{a87fede7-a80c-4eac-ac2e-1fb82af60de6}]
@Denied: (Full) (Everyone)
"Model"=dword:0000008b
"Therad"=dword:00000016
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(2936)
c:\program files\SuperCopier2\SC2Hook.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\system32\rundll32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\documents and settings\IMAD\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
c:\windows\system32\UAService7.exe
c:\progra~1\Bandoo\Bandoo.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
*************************************************************************
2009-05-24 10:45 . 2009-05-24 10:45 -------- d-----w c:\documents and settings\All Users\Application Data\Bandoo
2009-05-24 10:45 . 2009-05-24 12:03 -------- d-----w c:\program files\Bandoo
2009-05-23 22:43 . 2009-05-24 11:27 -------- d-----w c:\documents and settings\IMAD\Local Settings\Application Data\BearShare
2009-05-23 22:43 . 2009-05-24 11:49 -------- d-----w c:\program files\BearShare Applications
2009-05-23 22:13 . 2009-05-24 11:52 -------- d-----w c:\documents and settings\IMAD\Local Settings\Application Data\Screamer Radio
2009-05-23 21:46 . 2009-05-23 21:59 -------- d-----w c:\program files\adslTV
2009-05-23 16:46 . 2009-05-24 12:43 -------- d-----w c:\program files\Fichiers communs\Windows Live
2009-05-23 09:42 . 2009-05-24 12:43 -------- d-----w c:\documents and settings\IMAD\Application Data\Malwarebytes
2009-05-23 09:42 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-23 09:42 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-23 09:42 . 2009-05-24 12:43 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-23 09:42 . 2009-05-23 11:53 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-23 07:49 . 2009-05-24 12:43 -------- d-----w c:\documents and settings\IMAD\Local Settings\Application Data\The Weather Channel
2009-05-22 23:23 . 2009-05-24 12:43 -------- d-----w c:\documents and settings\IMAD\Application Data\Sammsoft
2009-05-22 23:23 . 2009-05-24 12:43 -------- d-----w c:\program files\AskBarDis
2009-05-22 23:23 . 2009-05-24 12:43 -------- d-----w c:\program files\Advanced Registry Optimizer
2009-05-22 21:30 . 2009-05-24 12:43 -------- d-----w c:\documents and settings\IMAD\Application Data\SolwaySoftware
2009-05-22 21:21 . 2009-05-24 12:43 -------- d-----w C:\DriveKey
2009-05-22 19:58 . 2009-05-24 12:43 -------- d-----w c:\program files\trend micro
2009-05-22 19:58 . 2009-05-24 12:43 -------- d-----w C:\rsit
2009-05-22 19:34 . 2009-05-24 12:43 -------- d-----w c:\documents and settings\IMAD\Application Data\URSoft
2009-05-22 19:34 . 2009-05-24 12:43 -------- d-----w c:\program files\Your Uninstaller 2008
2009-05-22 19:22 . 2009-05-24 12:43 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-05-22 19:22 . 2009-05-24 12:43 -------- d-----w c:\documents and settings\IMAD\Application Data\Yahoo!
2009-05-22 19:22 . 2009-05-24 12:43 -------- d-----w c:\program files\Yahoo!
2009-05-21 17:46 . 2008-04-13 17:33 221184 ----a-w c:\windows\system32\wmpns.dll
2009-05-21 14:35 . 2009-05-24 12:43 -------- d-----w c:\windows\Sun
2009-05-21 09:05 . 2009-02-09 11:24 2191104 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-21 09:05 . 2009-02-09 11:23 2147328 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-21 09:05 . 2009-02-09 11:23 2025984 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-21 08:11 . 2008-06-14 17:33 272768 -c----w c:\windows\system32\dllcache\bthport.sys
2009-05-21 08:11 . 2008-06-14 17:33 272768 ------w c:\windows\system32\drivers\bthport.sys
2009-05-21 07:16 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-05-21 01:00 . 2007-07-27 07:41 26488 ----a-w c:\windows\system32\spupdsvc.exe
2009-05-21 00:49 . 2009-05-24 12:43 -------- d-----w c:\program files\AGI
2009-05-21 00:16 . 2009-05-21 01:04 86576 ----a-w c:\documents and settings\IMAD\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
2009-05-21 00:16 . 2009-05-21 01:04 392728 ----a-w c:\documents and settings\IMAD\Application Data\Microsoft\Services Windows Live\Services Windows Live.dll
2009-05-21 00:16 . 2009-05-21 01:04 132672 ----a-w c:\documents and settings\IMAD\Application Data\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
2009-05-20 23:28 . 2009-05-21 01:10 143360 ----a-w c:\documents and settings\IMAD\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
2009-05-20 23:28 . 2009-05-21 01:10 132096 ----a-w c:\documents and settings\IMAD\Application Data\Microsoft\Live Search\Suppression-Live-Search.exe
2009-05-20 23:28 . 2009-05-21 01:10 125440 ----a-w c:\documents and settings\IMAD\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
2009-05-20 22:13 . 2009-05-24 12:43 -------- d-sh--w C:\found.000
2009-05-18 22:42 . 2009-05-24 12:43 -------- d-----w c:\documents and settings\IMAD\Local Settings\Application Data\Identities
2009-05-18 22:38 . 2009-05-24 12:43 -------- d-----w c:\documents and settings\IMAD\Local Settings\Application Data\Adobe
2009-05-18 22:32 . 2009-05-24 12:43 -------- d-----w c:\program files\MSECache
2009-05-18 22:14 . 2009-05-24 12:43 -------- d-----w c:\documents and settings\IMAD\Application Data\dvdcss
2009-05-18 22:12 . 2009-05-24 12:43 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-24 12:45 . 2009-05-18 21:21 -------- d-----w c:\program files\SuperCopier2
2009-05-23 13:54 . 2008-02-21 15:53 1761120 ----a-w c:\documents and settings\IMAD\Application Data\IDM\DwnlData\IMAD\DFX2BETA_1736_9\DFX2BETA_1736.exe
2009-05-18 21:37 . 2009-05-18 21:37 120240 ----a-w c:\documents and settings\IMAD\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
2009-05-18 21:34 . 2009-05-18 21:34 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-05-18 21:34 . 2009-05-18 21:34 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-05-18 21:31 . 2009-05-18 21:31 57344 ----a-w c:\documents and settings\IMAD\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-55694a9f-n\Decora-SSE.dll
2009-05-18 21:30 . 2009-05-18 21:30 24064 ----a-w c:\documents and settings\IMAD\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-46b51e4f-n\Decora-D3D.dll
2009-05-18 21:30 . 2009-05-18 21:30 315392 ----a-w c:\documents and settings\IMAD\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-329123bb-n\jogl.dll
2009-05-18 21:30 . 2009-05-18 21:30 20480 ----a-w c:\documents and settings\IMAD\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-329123bb-n\jogl_awt.dll
2009-05-18 21:30 . 2009-05-18 21:30 114688 ----a-w c:\documents and settings\IMAD\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-329123bb-n\jogl_cg.dll
2009-05-18 21:30 . 2009-05-18 21:30 20480 ----a-w c:\documents and settings\IMAD\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-601542d3-n\gluegen-rt.dll
2009-05-18 21:30 . 2009-05-18 21:30 499712 ----a-w c:\documents and settings\IMAD\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-4647c794-n\msvcp71.dll
2009-05-18 21:30 . 2009-05-18 21:30 499712 ----a-w c:\documents and settings\IMAD\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-4647c794-n\jmc.dll
2009-05-18 21:30 . 2009-05-18 21:30 348160 ----a-w c:\documents and settings\IMAD\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-4647c794-n\msvcr71.dll
2009-05-18 21:25 . 2009-05-18 21:24 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-18 19:50 . 2009-05-18 19:50 315392 ----a-w c:\windows\HideWin.exe
2009-05-18 19:40 . 2009-05-18 19:40 21892 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-06 14:20 . 2008-04-13 17:33 286720 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:13 . 2008-03-01 12:58 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 17:10 . 2008-05-09 21:28 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-10 17:06 . 2008-04-13 19:07 2068096 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 14:05 . 2008-04-13 16:58 1846912 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:24 . 2008-04-13 17:08 2191104 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:23 . 2008-04-13 17:34 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:53 . 2008-04-13 17:33 735744 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:53 . 2008-04-13 17:33 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:53 . 2008-04-13 17:33 685568 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:53 . 2008-04-13 17:33 739840 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2001-08-28 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:58 . 2008-04-13 17:33 56832 ----a-w c:\windows\system32\secur32.dll
2008-12-20 22:14 . 2008-04-13 17:33 1294336 ----a-w c:\windows\system32\quartz.dll
2008-12-16 12:31 . 2008-04-13 17:33 354304 ----a-w c:\windows\system32\winhttp.dll
2008-12-11 10:57 . 2008-04-13 10:15 333952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-05 06:57 . 2008-04-13 17:33 144896 ----a-w c:\windows\system32\schannel.dll
2008-10-30 08:21 . 2009-05-18 21:15 75072 ----a-w c:\windows\system32\drivers\avipbb.sys
2008-10-24 11:21 . 2008-04-13 10:17 455296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 . 2008-04-13 17:33 286720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 13:13 . 2009-05-18 19:41 202776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 . 2009-05-18 19:41 1809944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 . 2009-05-18 19:41 323608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 . 2009-05-18 19:41 561688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:09 . 2009-05-18 19:41 51224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 . 2008-10-16 13:09 43544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:09 . 2008-04-13 17:33 92696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:08 . 2009-05-18 19:41 34328 ----a-w c:\windows\system32\wups.dll
2008-10-03 10:03 . 2008-04-13 17:33 247326 ----a-w c:\windows\system32\strmdll.dll
2008-09-10 01:15 . 2008-04-13 17:33 1307648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:16 . 2008-04-13 17:33 1106944 ----a-w c:\windows\system32\msxml3.dll
2008-08-14 10:04 . 2008-04-13 10:19 138496 ----a-w c:\windows\system32\drivers\afd.sys
2008-07-07 20:28 . 2008-04-13 17:33 253952 ----a-w c:\windows\system32\es.dll
2008-06-24 16:44 . 2008-04-13 17:33 74240 ----a-w c:\windows\system32\mscms.dll
2008-06-24 16:12 . 2008-05-09 21:26 295936 ----a-w c:\windows\system32\wmpeffects.dll
2008-06-20 17:47 . 2008-04-13 17:33 247808 ----a-w c:\windows\system32\mswsock.dll
2008-06-20 11:51 . 2008-04-13 10:20 361600 ----a-w c:\windows\system32\drivers\tcpip.sys
2008-06-20 11:08 . 2008-04-13 10:00 225856 ----a-w c:\windows\system32\drivers\tcpip6.sys
2008-06-18 03:03 . 2008-05-09 21:27 938496 ----a-w c:\windows\system32\WMNetmgr.dll
2008-06-17 23:09 . 2008-05-09 21:27 100864 ----a-w c:\windows\system32\logagent.exe
2008-06-12 14:22 . 2009-05-18 19:39 956928 ----a-w c:\windows\system32\msdtctm.dll
2008-06-12 14:22 . 2009-05-18 19:39 91648 ----a-w c:\windows\system32\mtxoci.dll
2008-06-12 14:22 . 2009-05-18 19:39 428032 ----a-w c:\windows\system32\msdtcprx.dll
2008-06-12 14:22 . 2009-05-18 19:39 161792 ----a-w c:\windows\system32\msdtcuiu.dll
2008-06-12 14:22 . 2008-04-13 17:33 66560 ----a-w c:\windows\system32\mtxclu.dll
2008-06-12 14:22 . 2009-05-18 19:39 58880 ----a-w c:\windows\system32\msdtclog.dll
2008-05-21 17:00 . 2008-02-20 10:58 76432 ----a-w c:\documents and settings\IMAD\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-05-09 21:32 . 2008-05-09 21:32 1571840 ----a-w c:\windows\system32\sfcfiles.dll
2008-05-09 21:32 . 2008-05-09 21:32 1013248 ----a-w c:\windows\system32\syssetup.dll
2008-05-09 21:30 . 2008-05-09 21:30 211456 ----a-w c:\windows\system32\qasf.dll
2008-05-09 21:30 . 2008-05-09 21:30 63488 ----a-w c:\windows\system32\wpdmtpus.dll
2008-05-09 21:30 . 2008-05-09 21:30 229376 ----a-w c:\windows\system32\cewmdm.dll
2008-05-09 21:30 . 2008-05-09 21:30 175616 ----a-w c:\windows\system32\mspmsp.dll
2008-05-09 21:30 . 2008-05-09 21:30 1329152 ----a-w c:\windows\system32\wmspdmoe.dll
2008-05-09 21:29 . 2008-05-09 21:29 1117696 ----a-w c:\windows\system32\wmadmoe.dll
2008-05-09 21:29 . 2008-05-09 21:29 534528 ----a-w c:\windows\system32\wmdrmsdk.dll
2008-05-09 21:29 . 2008-05-09 21:29 991744 ----a-w c:\windows\system32\drmv2clt.dll
2008-05-09 21:29 . 2008-05-09 21:29 348672 ----a-w c:\windows\system32\wmdrmnet.dll
2008-05-09 21:29 . 2008-05-09 21:29 24576 ----a-w c:\windows\system32\nlsdl.dll
2008-05-09 21:29 . 2008-05-09 21:29 23552 ----a-w c:\windows\system32\normaliz.dll
2008-05-09 21:29 . 2008-05-09 21:29 26112 ----a-w c:\windows\system32\idndl.dll
2008-05-09 21:29 . 2008-05-09 21:29 48128 ----a-w c:\windows\system32\mshtmler.dll
2008-05-09 21:29 . 2008-05-09 21:29 156160 ----a-w c:\windows\system32\msls31.dll
2008-05-09 21:29 . 2008-05-09 21:29 45568 ----a-w c:\windows\system32\mshta.exe
2008-05-09 21:29 . 2008-05-09 21:29 40960 ----a-w c:\windows\system32\licmgr10.dll
2008-05-09 21:28 . 2008-05-09 21:28 36352 ----a-w c:\windows\system32\imgutil.dll
2008-05-09 21:28 . 2008-05-09 21:28 55296 ----a-w c:\windows\system32\iesetup.dll
2008-05-09 21:28 . 2008-05-09 21:28 71680 ----a-w c:\windows\system32\admparse.dll
2008-05-09 21:28 . 2008-05-09 21:28 17408 ----a-w c:\windows\system32\corpol.dll
2008-05-09 21:28 . 2008-05-09 21:28 4096 ----a-w c:\windows\system32\wmvdmoe2.dll
2008-05-09 21:28 . 2008-05-09 21:28 4096 ----a-w c:\windows\system32\wmvdmod.dll
2008-05-09 21:28 . 2008-05-09 21:28 603648 ----a-w c:\windows\system32\wmspdmod.dll
2008-05-09 21:28 . 2008-05-09 21:28 99840 ----a-w c:\windows\system32\wmpshell.dll
2008-05-09 21:28 . 2008-05-09 21:28 8292352 ----a-w c:\windows\system32\wmploc.dll
2008-05-09 21:28 . 2008-05-09 21:28 4096 ----a-w c:\windows\system32\wmsdmoe2.dll
2008-05-09 21:28 . 2008-05-09 21:28 4096 ----a-w c:\windows\system32\wmsdmod.dll
2008-05-09 21:26 . 2008-05-09 21:26 4096 ----a-w c:\windows\system32\wmvadve.dll
2008-05-09 10:55 . 2008-04-13 17:33 90112 ----a-w c:\windows\system32\wshext.dll
2008-05-09 10:55 . 2008-04-13 17:33 430080 ----a-w c:\windows\system32\vbscript.dll
2008-05-09 10:55 . 2008-04-13 17:33 180224 ----a-w c:\windows\system32\scrobj.dll
2008-05-09 10:55 . 2008-04-13 17:33 172032 ----a-w c:\windows\system32\scrrun.dll
2008-05-09 10:15 . 2009-05-18 21:15 45376 ----a-w c:\windows\system32\drivers\avgntdd.sys
2008-05-08 14:02 . 2008-04-13 09:55 203136 ----a-w c:\windows\system32\drivers\rmcast.sys
.
------- Sigcheck -------
[-] 2008-05-09 21:32 1571840 33578A738C564B4F84D906EFD91025E5 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 13:20 279944 ----a-w c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-18 2594224]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"E09FXLRD_1170125"="c:\program files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" [2008-05-28 351000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-18 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-04 81920]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-05-18 185872]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-04 1626112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage.exe [2002-1-5 53248]
c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage.exe [2002-1-5 53248]
c:\documents and settings\IMAD\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage.exe [2002-1-5 53248]
Outil de notification Live Search.lnk - c:\documents and settings\IMAD\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2009-5-21 143360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage.exe [2002-1-5 53248]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Encyclopaedia Universalis\\Encyclopaedia Universalis\\starter.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
S3 ALLOW-IO;ALLOW-IO;\??\f:\allow-io.sys --> f:\ALLOW-IO.sys [?]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - mchInjDrv
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-DriverInstall - f:\drivers\QInstall.exe
HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
HKLM-Run-issat - c:\windows\system32\issat.exe
HKLM-Run-SystemInit - (no file)
HKLM-Run-Karen - (no file)
HKLM-Run-raVe - (no file)
HKLM-Run-Win32BaseServiceMOD - (no file)
HKLM-Run-startIE - (no file)
SafeBoot-procexp90.Sys
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.dz/
IE: &Search
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {E25942F9-9B4E-4DA1-9A1F-AC7EAAAECFFB} = 192.168.0.1
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.
.
------- Associations de fichier -------
.
txtfile=NOTEPAD %1
vbefile\shell\edit\command=%SystemRoot%\System32\Notepad.exe %1
vbsfile\shell\edit\command=c:\windows\Notepad.exe %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 13:45
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\IMAD\LOCALS~1\Temp\mc2B.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):45,28,94,3d,76,84,58,72,24,0a,08,89,91,1a,42,5b,a9,b6,2c,16,16,
4f,7f,ce,a7,65,5c,99,58,e2,05,33,d4,e8,29,f1,ae,9e,7a,4f,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{a87fede7-a80c-4eac-ac2e-1fb82af60de6}]
@Denied: (Full) (Everyone)
"Model"=dword:0000008b
"Therad"=dword:00000016
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(2936)
c:\program files\SuperCopier2\SC2Hook.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\system32\rundll32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\documents and settings\IMAD\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
c:\windows\system32\UAService7.exe
c:\progra~1\Bandoo\Bandoo.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
*************************************************************************
