Sujet Précédent Sujet Suivant

Virus system32 + autre

Résolu/Fermé
feshme Messages postés 94 Date d'inscription lundi 17 août 2009 Statut Membre Dernière intervention 21 août 2009 - 17 août 2009 à 16:18
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 - 21 août 2009 à 15:44
Bonjour,

Depuis quelques jours l'antivirus detecte des fichiers contaminés. Voici ce que Spyware Terminator fait apparaitre.

- Hoax.Renos.bcz.2 : dans WINDOWS\system32\wisdstr.exe
WINDOWS\system32\braviax.exe
-Liste noire : Local Setting\Temp\BNE8.tmp

De plus en bas dans la barre des elements actifs, un icone representant une croix blanche dans un rond rouge affiche un message Your computer is infected!

J'ai télécharger Hijackthis, mais je n'arrive pas à ouvrir le logiciel.

Que dois je faire pour retrouver un pc sans virus? ?

MERCI D'avance pour l'aide
A voir également:

128 réponses

Précédent
Réponse 41 / 128
feshme Messages postés 94 Date d'inscription lundi 17 août 2009 Statut Membre Dernière intervention 21 août 2009
18 août 2009 à 21:07
FICHIER : C:\WINDOWS\orun32.ini


Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.18 -
AhnLab-V3 5.0.0.2 2009.08.18 -
AntiVir 7.9.1.3 2009.08.18 -
Antiy-AVL 2.0.3.7 2009.08.18 -
Authentium 5.1.2.4 2009.08.18 -
Avast 4.8.1335.0 2009.08.17 -
AVG 8.5.0.406 2009.08.18 -
BitDefender 7.2 2009.08.18 -
CAT-QuickHeal 10.00 2009.08.18 -
ClamAV 0.94.1 2009.08.18 -
Comodo 2014 2009.08.18 -
DrWeb 5.0.0.12182 2009.08.18 -
eSafe 7.0.17.0 2009.08.18 -
eTrust-Vet 31.6.6685 2009.08.18 -
F-Prot 4.4.4.56 2009.08.18 -
F-Secure 8.0.14470.0 2009.08.18 -
Fortinet 3.120.0.0 2009.08.18 -
GData 19 2009.08.18 -
Ikarus T3.1.1.68.0 2009.08.18 -
Jiangmin 11.0.800 2009.08.18 -
K7AntiVirus 7.10.821 2009.08.18 -
Kaspersky 7.0.0.125 2009.08.18 -
McAfee 5713 2009.08.18 -
McAfee+Artemis 5713 2009.08.18 -
McAfee-GW-Edition 6.8.5 2009.08.18 -
Microsoft 1.4903 2009.08.18 -
NOD32 4346 2009.08.18 -
Norman 6.01.09 2009.08.18 -
nProtect 2009.1.8.0 2009.08.18 -
Panda 10.0.0.14 2009.08.18 -
PCTools 4.4.2.0 2009.08.18 -
Prevx 3.0 2009.08.18 -
Rising 21.43.14.00 2009.08.18 -
Sophos 4.44.0 2009.08.18 -
Sunbelt 3.2.1858.2 2009.08.18 -
Symantec 1.4.4.12 2009.08.18 -
TheHacker 6.3.4.3.383 2009.08.13 -
TrendMicro 8.950.0.1094 2009.08.18 -
VBA32 3.12.10.9 2009.08.18 -
ViRobot 2009.8.18.1889 2009.08.18 -
VirusBuster 4.6.5.0 2009.08.18 -
Information additionnelle
File size: 829 bytes
MD5...: c37c34c60ee28049f7237d48cce53a0e
SHA1..: 63d02fb2f8b27c41c3fb894708e91e9a07a13851
SHA256: 1d41b6ed9ace2be326ec9fedbad902153ec760963004f3f5ab519c384752d57f
ssdeep: 24:LSQIn3h8H3h82up3h883h8VcSOxcM7M3KC5Twvh8KHw:uTG4plKc5r7M3RmrQ

PEiD..: -
TrID..: File type identification
Generic INI configuration (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-
0
Réponse 42 / 128
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
18 août 2009 à 21:14
Fait la procedure
0
Réponse 43 / 128
feshme Messages postés 94 Date d'inscription lundi 17 août 2009 Statut Membre Dernière intervention 21 août 2009
18 août 2009 à 21:14
J'ai lancé l'etape 1 alors que le restaurateur est desativer est ce grave? puisje continuer
0
Réponse 44 / 128
feshme Messages postés 94 Date d'inscription lundi 17 août 2009 Statut Membre Dernière intervention 21 août 2009
18 août 2009 à 21:24
Pardon la restauration systeme est desactiver
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 128
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
18 août 2009 à 21:38
laisse comme sa, si tu as un soucis tu as la console de recuperation suit exactement la procedure et bien dans l'ordre surtout
0
feshme Messages postés 94 Date d'inscription lundi 17 août 2009 Statut Membre Dernière intervention 21 août 2009
18 août 2009 à 22:49
J'ai suivi la procédure 1 et le pc c éteint et a redemarrer, probleme, je n'ai plus d'adresse IP, c'est à dire plus de connection internet sur le pc concerné, que faire? URGENT
Je narrive plsu a me connecter avec la neufbox
0
Réponse 46 / 128
feshme Messages postés 94 Date d'inscription lundi 17 août 2009 Statut Membre Dernière intervention 21 août 2009
18 août 2009 à 23:54
lorsque je fait executer, cmd entrée puis ipconfig :
Resultat :

Carte Ethernet Connexion réseau sans fil :
Statut du média : déconnecté

Carte Ethernet connexion au réseau local :
Suffixe DNS propre à la connexion
Adresse IP 0.0.0.0
Masque de sous-réseau: 0.0.0.0
Passerelle par defaut
0
Réponse 47 / 128
feshme Messages postés 94 Date d'inscription lundi 17 août 2009 Statut Membre Dernière intervention 21 août 2009
19 août 2009 à 08:44
Connexion internet réparée, comme neuve. Ce matin le pc marche super bien, et terminator à juste trouver deux cookies infectés que j'ai tout de suite supprimé.

voici le log de l'étape 1, maid epuis j'ai fait pas mal de manipulation.
ComboFix 09-08-10.06 - Nuno 18/08/2009 21:35.2.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.758.300 [GMT 2:00]
Running from: c:\documents and settings\Nuno\Bureau\CF.exe
Command switches used :: c:\documents and settings\Nuno\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
AV: Spyware Terminator *On-access scanning enabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Drivers\lkpc.sys
c:\windows\system32\sfcfiles.dll



.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_inbsiev


((((((((((((((((((((((((( Files Created from 2009-07-18 to 2009-08-18 )))))))))))))))))))))))))))))))
.

2009-08-18 19:44 . 2004-08-05 13:00 1548288 ----a-w- c:\windows\system32\sfcfiles.dll
2009-08-18 19:44 . 2004-08-05 13:00 1548288 ----a-w- c:\windows\system32\dllcache\sfcfiles.dll
2009-08-18 14:53 . 2009-08-18 14:53 152576 ----a-w- c:\documents and settings\Nuno\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-18 11:51 . 2009-08-18 14:54 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-18 10:49 . 2009-08-18 10:49 -------- d-----w- c:\documents and settings\Nuno\Application Data\Malwarebytes
2009-08-18 10:48 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-18 10:48 . 2009-08-18 10:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-18 10:48 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-18 10:48 . 2009-08-18 10:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-18 06:06 . 2009-08-18 08:27 -------- d-----w- C:\UsbFix
2009-08-17 19:19 . 2009-08-17 19:20 -------- d-----w- C:\rsit
2009-08-17 13:29 . 2009-08-18 11:02 -------- d-----w- c:\program files\Trend Micro
2009-08-17 11:24 . 2009-08-17 11:36 -------- d-----w- c:\program files\a-squared Free
2009-08-15 16:22 . 2009-08-15 16:22 -------- d-----w- c:\program files\The Learning Company
2009-08-15 14:35 . 2009-08-15 14:35 -------- d-----w- c:\program files\Blender Foundation
2009-08-14 16:34 . 2009-08-14 16:34 -------- d-----w- C:\Python25
2009-08-13 05:06 . 2009-08-17 08:17 -------- d-----w- c:\program files\WinClamAVShield
2009-08-13 05:03 . 2009-08-13 05:03 -------- d-----w- c:\program files\Crawler
2009-08-13 05:03 . 2009-08-13 05:03 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2009-08-13 05:03 . 2009-08-13 05:03 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2009-08-13 05:03 . 2009-08-13 05:03 142592 ------w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-08-13 05:03 . 2009-08-18 16:56 -------- d-----w- c:\documents and settings\Nuno\Application Data\Spyware Terminator
2009-08-13 05:03 . 2009-08-17 13:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-08-13 05:03 . 2009-08-17 12:46 -------- d-----w- c:\program files\Spyware Terminator
2009-08-12 20:18 . 2009-08-13 04:52 -------- d-----w- c:\windows\BDOSCAN8
2009-08-12 18:33 . 2003-07-01 14:49 69632 ------w- c:\windows\system32\MtxPreview.dll
2009-08-12 18:33 . 2003-07-01 14:49 49152 ------w- c:\windows\system32\MtxParhBFXPreview.dll
2009-08-12 18:33 . 2003-06-26 08:04 237568 ------w- c:\windows\system32\qtmlClient.dll
2009-08-12 18:33 . 2003-01-20 07:08 49152 ------w- c:\windows\system32\CvoAPI.dll
2009-08-12 18:32 . 2009-08-15 14:34 -------- d-----w- c:\program files\Boris FX, Inc
2009-08-12 04:56 . 2009-08-15 12:37 -------- d-----w- c:\program files\Fichiers communs\Reallusion
2009-08-11 19:16 . 2009-08-15 16:02 -------- d-----w- C:\tmp
2009-08-11 18:58 . 2009-08-11 19:11 -------- d-----w- C:\3dsmax9Trial
2009-08-11 14:31 . 2008-03-30 16:55 1213784 ----a-w- c:\documents and settings\Nuno\Application Data\HouseCall 6.6\vsapi32.dll
2009-08-11 14:31 . 2006-11-22 15:48 91744 ----a-w- c:\documents and settings\Nuno\Application Data\HouseCall 6.6\BPMNT.dll
2009-08-11 14:31 . 2007-12-24 15:37 138384 ----a-w- c:\documents and settings\Nuno\Application Data\HouseCall 6.6\tmcomm.sys
2009-08-11 14:31 . 2007-12-24 15:37 138384 ------w- c:\windows\system32\drivers\tmcomm.sys
2009-08-11 14:31 . 2006-07-07 14:29 1197584 ----a-w- c:\documents and settings\Nuno\Application Data\HouseCall 6.6\ssapi32.dll
2009-08-11 14:31 . 2009-03-27 15:38 366344 ----a-w- c:\documents and settings\Nuno\Application Data\HouseCall 6.6\tsc.exe
2009-08-11 14:30 . 2009-08-11 14:34 -------- d-----w- c:\documents and settings\Nuno\Application Data\HouseCall 6.6
2009-08-11 14:30 . 2009-08-11 14:30 -------- d-----w- c:\windows\system32\HouseCall 6.6
2009-08-09 09:35 . 2009-08-09 09:35 -------- d-----w- c:\program files\PopCap Games
2009-08-09 09:35 . 2009-08-09 09:36 -------- d-----w- c:\program files\Zuma Deluxe
2009-08-08 18:42 . 2009-08-18 13:51 10 ----a-w- c:\windows\popcinfo.dat
2009-08-08 17:40 . 2009-08-08 17:40 -------- d-----w- c:\program files\GameHouse
2009-08-08 17:16 . 2009-08-08 17:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Zylom
2009-08-08 09:58 . 2009-08-08 09:58 -------- d-----w- c:\program files\Microsoft Works
2009-08-08 09:58 . 2009-08-08 09:58 -------- d-----w- c:\program files\MSBuild
2009-08-08 09:55 . 2009-08-08 09:55 -------- d-----w- c:\program files\Microsoft.NET
2009-08-08 09:48 . 2009-08-08 09:48 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-08-08 09:47 . 2009-08-08 09:47 -------- d-----w- c:\documents and settings\Nuno\Local Settings\Application Data\Microsoft Help
2009-08-08 09:46 . 2009-08-08 10:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-08 08:35 . 2009-08-08 08:35 -------- d-----w- c:\program files\VirtualDJ
2009-08-07 22:47 . 2009-08-07 22:47 -------- d-----w- c:\documents and settings\Nuno\Application Data\DivX
2009-08-07 22:44 . 2009-08-07 22:44 -------- d-----w- c:\documents and settings\Nuno\Local Settings\Application Data\Downloaded Installations
2009-08-07 22:44 . 2009-08-07 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle Studio Ultimate
2009-08-07 18:10 . 2009-08-07 18:10 -------- d-----w- c:\program files\Smart Projects
2009-08-07 11:16 . 2009-08-07 11:16 -------- d-----w- c:\program files\SFR
2009-08-05 20:50 . 2009-08-05 20:50 -------- d-----w- c:\program files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-18 19:47 . 2008-09-14 12:32 12 ----a-w- c:\windows\bthservsdp.dat
2009-08-18 14:54 . 2005-01-26 21:07 -------- d-----w- c:\program files\Java
2009-08-17 08:14 . 2005-01-26 21:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-15 16:55 . 2008-10-20 20:34 -------- d-----w- c:\documents and settings\Nuno\Application Data\BitTorrent
2009-08-15 14:33 . 2008-01-06 21:57 -------- d-----w- c:\program files\Pinnacle
2009-08-15 11:42 . 2004-08-17 09:31 76582 ------w- c:\windows\system32\perfc00C.dat
2009-08-15 11:42 . 2004-08-17 09:31 471484 ------w- c:\windows\system32\perfh00C.dat
2009-08-12 18:11 . 2008-05-01 14:17 131744 ----a-w- c:\documents and settings\Nuno\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-12 17:29 . 2004-08-05 08:00 619200 -c----w- c:\windows\system32\drivers\ntfs.sys
2009-08-08 11:17 . 2008-05-17 10:36 -------- d-----w- c:\documents and settings\Nuno\Application Data\proDAD
2009-08-08 11:12 . 2008-08-31 18:23 -------- d-----w- c:\program files\palmOne
2009-08-08 11:10 . 2005-07-24 01:07 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-08-05 20:39 . 2008-05-01 17:12 -------- d-----w- c:\documents and settings\Nuno\Application Data\LimeWire
2009-06-01 08:27 . 2009-06-01 08:27 603904 ------w- c:\windows\system32\TUProgSt.exe
2009-06-01 08:27 . 2009-06-01 08:27 362240 ------w- c:\windows\system32\TuneUpDefragService.exe
.

------- Sigcheck -------

[-] 2008-04-14 02:34 14336 E4BDF223CD75478BF44567B4D5C2634D c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\svchost.exe
[-] 2004-08-05 08:00 14336 1BD6C2F707A275CB7C16FD99FE0F31CA c:\windows\system32\svchost.exe
[-] 2004-08-05 08:00 14336 1BD6C2F707A275CB7C16FD99FE0F31CA c:\windows\system32\dllcache\cache\svchost.exe

[-] 2008-04-14 02:33 579584 E853F84D3CE2FAA2A802E33CF89AC023 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\user32.dll
[-] 2005-03-02 18:10 578048 0DF75FB73F705B011630159A43D7C354 c:\windows\SoftwareDistribution\Download\46faa4cd5c82200be099d1b1e8a12eed\sp2gdr\user32.dll
[-] 2005-03-02 18:20 578048 C34920EB988CE98910BD6B0417F334EB c:\windows\SoftwareDistribution\Download\46faa4cd5c82200be099d1b1e8a12eed\sp2qfe\user32.dll
[-] 2004-08-05 08:00 578048 E46FB493E3B33704F0715020CF52106B c:\windows\system32\user32.dll
[-] 2004-08-05 08:00 578048 E46FB493E3B33704F0715020CF52106B c:\windows\system32\dllcache\cache\user32.dll

[-] 2008-04-14 02:33 82432 FB836F9E62D82904C983AD21296A5D9C c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ws2_32.dll
[-] 2004-08-05 08:00 82944 BC41F51A39D3B255805FDB759B7814AE c:\windows\system32\ws2_32.dll
[-] 2004-08-05 08:00 82944 BC41F51A39D3B255805FDB759B7814AE c:\windows\system32\dllcache\cache\ws2_32.dll

[-] 2008-06-23 16:15 671232 8CA18FD7CCCABFF7E84702BC1BBF5DCB c:\windows\$hf_mig$\KB953838\SP2QFE\wininet.dll
[-] 2008-06-23 15:10 670208 D2177655BC338A07B99913F6A4BED52D c:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll
[-] 2008-06-23 14:56 670720 4E00327DA458BEFFEA8F4B222F466B20 c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll
[-] 2008-08-20 05:33 671744 AEF39AC3BCBAFE971155D0073191B5A6 c:\windows\$hf_mig$\KB956390\SP2QFE\wininet.dll
[-] 2008-08-20 05:10 670208 50D19E569C83A9C1AE7EFAEF6A93BC50 c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll
[-] 2008-08-20 05:07 670720 96D50ACA60DA22ADBD253F2825C98D1A c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll
[-] 2004-08-05 08:00 660480 58FE94EF42E074F4CAD8BF02E70E6478 c:\windows\$NtUninstallKB953838$\wininet.dll
[-] 2008-06-23 15:40 663552 95D92788889B847309C63E2EC287D1C0 c:\windows\$NtUninstallKB956390$\wininet.dll
[-] 2008-04-14 02:33 670208 4A6E04EA20F48D750D9BFED8600D516B c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\wininet.dll
[-] 2008-08-20 05:37 663552 ADBB0BDB81EB0013942D907E9418AB8B c:\windows\system32\wininet.dll
[-] 2008-08-20 05:37 663552 ADBB0BDB81EB0013942D907E9418AB8B c:\windows\system32\dllcache\wininet.dll
[-] 2008-08-20 05:37 663552 ADBB0BDB81EB0013942D907E9418AB8B c:\windows\system32\dllcache\cache\wininet.dll

[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2004-08-05 08:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\dllcache\cache\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-14 02:34 512000 DD73D6B9F6B4CB630CF35B438B540174 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\winlogon.exe
[-] 2004-08-05 08:00 506368 D2DE785AEAB0BB8CA4C14A8A199DBE4E c:\windows\system32\winlogon.exe
[-] 2004-08-05 08:00 506368 D2DE785AEAB0BB8CA4C14A8A199DBE4E c:\windows\system32\dllcache\cache\winlogon.exe

[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ndis.sys
[-] 2004-08-05 08:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\dllcache\ndis.sys
[-] 2004-08-05 08:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\dllcache\cache\ndis.sys
[-] 2004-08-05 08:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys

[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ip6fw.sys
[-] 2004-08-05 08:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\dllcache\ip6fw.sys
[-] 2004-08-05 08:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\dllcache\cache\ip6fw.sys
[-] 2004-08-05 08:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys

[-] 2008-08-14 13:39 2065024 DCBC1A6D150B5EE1BD6257186157B0F3 c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 13:23 2068096 8DA71F1900721E1E4FCB5B02D55FB771 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 17:26 2068096 755B50949D0DBC0F0136B0DB58765331 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2004-08-05 08:00 2058880 F252FAE094C54572ECE38A039F2103C4 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2008-08-14 13:44 2059776 F9720D61DF1E3E47614C4FC891F3FE44 c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-04-14 02:07 2067968 B71A8F101CEFAF82FC5EC16130A54A3F c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ntkrnlpa.exe
[-] 2005-03-02 18:13 2059008 5311776074B6C13F983DC75BAEAC9C0C c:\windows\SoftwareDistribution\Download\46faa4cd5c82200be099d1b1e8a12eed\sp2qfe\ntkrnlpa.exe
[-] 2008-08-14 13:44 2059776 F9720D61DF1E3E47614C4FC891F3FE44 c:\windows\system32\ntkrnlpa.exe
[-] 2008-08-14 13:44 2059776 F9720D61DF1E3E47614C4FC891F3FE44 c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2008-08-14 13:44 2059776 F9720D61DF1E3E47614C4FC891F3FE44 c:\windows\system32\dllcache\cache\ntkrnlpa.exe

[-] 2008-08-14 13:39 2188032 C6649255E51F145B6E15C505AB68E459 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 13:23 2191232 C8D4D5974F9671DA0A37175650912960 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 17:26 2191232 D79210549BBF09B7638E860440504299 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2004-08-05 08:00 2183040 7D38CE4398E6AA6339B4644FEADCC0D8 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2008-08-14 13:44 2182400 449566D74B5C261A3A54AA216F0C532B c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-04-14 02:08 2191104 099D639DA1EF6968D4E41795BB507E6B c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ntoskrnl.exe
[-] 2005-03-02 18:13 2181632 3E2A0A4A0C0B19FC113618A9562A3B2A c:\windows\SoftwareDistribution\Download\46faa4cd5c82200be099d1b1e8a12eed\sp2qfe\ntoskrnl.exe
[-] 2008-08-14 13:44 2182400 449566D74B5C261A3A54AA216F0C532B c:\windows\system32\ntoskrnl.exe
[-] 2008-08-14 13:44 2182400 449566D74B5C261A3A54AA216F0C532B c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2008-08-14 13:44 2182400 449566D74B5C261A3A54AA216F0C532B c:\windows\system32\dllcache\cache\ntoskrnl.exe

[-] 2004-08-05 08:00 1036288 4C33E5B9A6197B6ED215F6CFBA0A2DAA c:\windows\explorer.exe
[-] 2008-04-14 02:34 1037824 F2317622D29F9FF0F88AEECD5F60F0DD c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\explorer.exe
[-] 2004-08-05 08:00 1036288 4C33E5B9A6197B6ED215F6CFBA0A2DAA c:\windows\SoftwareDistribution\Download\813a989071c1720c8fca52f421b7b9e5\backup\sp2gdr\explorer.exe
[-] 2004-08-05 08:00 1036288 4C33E5B9A6197B6ED215F6CFBA0A2DAA c:\windows\system32\dllcache\cache\explorer.exe

[-] 2008-04-14 02:34 109056 54CB50058851D95E56EC70D09F70857F c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\services.exe
[-] 2004-08-05 08:00 108544 732E0B1ABAACE15D80EC19056B0A2AF9 c:\windows\system32\services.exe
[-] 2004-08-05 08:00 108544 732E0B1ABAACE15D80EC19056B0A2AF9 c:\windows\system32\dllcache\cache\services.exe

[-] 2008-04-14 02:34 13312 91E6024D6D4DCDECDB36C43ECF9BBECB c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\lsass.exe
[-] 2004-08-05 08:00 13312 9F3744A5C6F49291A7A685040A013399 c:\windows\system32\lsass.exe
[-] 2004-08-05 08:00 13312 9F3744A5C6F49291A7A685040A013399 c:\windows\system32\dllcache\cache\lsass.exe

[-] 2008-04-14 02:33 15360 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ctfmon.exe
[-] 2004-08-05 08:00 15360 5584247B568C2E53934873F4B655FE6A c:\windows\system32\ctfmon.exe
[-] 2004-08-05 08:00 15360 5584247B568C2E53934873F4B655FE6A c:\windows\system32\dllcache\cache\ctfmon.exe

[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\SoftwareDistribution\Download\4088a68d0a8934555c37417459b6507e\sp2gdr\spoolsv.exe
[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\SoftwareDistribution\Download\4088a68d0a8934555c37417459b6507e\sp2qfe\spoolsv.exe
[-] 2008-04-14 02:34 57856 460E4CE148BD07218DA0B6A3D31885A9 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\spoolsv.exe
[-] 2004-08-05 08:00 57856 B4EF928E4FAD79364A80ACBA6D999934 c:\windows\system32\spoolsv.exe
[-] 2004-08-05 08:00 57856 B4EF928E4FAD79364A80ACBA6D999934 c:\windows\system32\dllcache\cache\spoolsv.exe

[-] 2008-04-14 02:34 26624 E74DDB12188C2FF57A78624DBF7332FC c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\userinit.exe
[-] 2004-08-05 08:00 25088 D6D65EA32B190401B57EDB6706F29669 c:\windows\system32\userinit.exe
[-] 2004-08-05 08:00 25088 D6D65EA32B190401B57EDB6706F29669 c:\windows\system32\dllcache\cache\userinit.exe

[-] 2008-04-14 02:33 297984 710BC85A8C22626EE094439E3EA0D38C c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\termsrv.dll
[-] 2004-08-05 08:00 297984 7D521B8CF926459E270D18C559323815 c:\windows\system32\termsrv.dll
[-] 2004-08-05 08:00 297984 7D521B8CF926459E270D18C559323815 c:\windows\system32\dllcache\cache\termsrv.dll

[-] 2008-04-14 02:33 1054720 3AC8886DFA5AB641417DF4D3B7F5512E c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\kernel32.dll
[-] 2007-04-16 15:53 1049600 6F1FE2AE7B22EB9CED1BFF533C9455EA c:\windows\SoftwareDistribution\Download\4a30d9e5adbf7a3398756dd0ea6f4e72\sp2gdr\kernel32.dll
[-] 2007-04-16 16:11 1051136 62E3F0E9ABFCBCEE62C51546F622C455 c:\windows\SoftwareDistribution\Download\4a30d9e5adbf7a3398756dd0ea6f4e72\sp2qfe\kernel32.dll
[-] 2004-08-05 08:00 1048576 7830E20C74611281B1BDAE5888CD50F5 c:\windows\system32\kernel32.dll
[-] 2004-08-05 08:00 1048576 7830E20C74611281B1BDAE5888CD50F5 c:\windows\system32\dllcache\cache\kernel32.dll

[-] 2008-04-14 02:33 17408 9F2C862E39BF8E8FC51C3F6A6BCEB415 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\powrprof.dll
[-] 2004-08-05 08:00 17408 B02E4DDBE0E98F42F3B61292DDB3A104 c:\windows\system32\powrprof.dll
[-] 2004-08-05 08:00 17408 B02E4DDBE0E98F42F3B61292DDB3A104 c:\windows\system32\dllcache\cache\powrprof.dll

[-] 2008-04-14 02:33 110080 0469B73DB32E5520F342C5E163AA3CCA c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\imm32.dll
[-] 2004-08-05 08:00 110080 39EE5FAF56260EBB8D77A08F525EBBB4 c:\windows\system32\imm32.dll
[-] 2004-08-05 08:00 110080 39EE5FAF56260EBB8D77A08F525EBBB4 c:\windows\system32\dllcache\cache\imm32.dll


[-] 2008-06-23 16:15 3088384 A9D7198AAAC327D413D7941B2C0046A4 c:\windows\$hf_mig$\KB953838\SP2QFE\mshtml.dll
[-] 2008-06-23 15:10 3088384 DB0D7FB7B08ED1A861ACDD3A684049DD c:\windows\$hf_mig$\KB953838\SP3GDR\mshtml.dll
[-] 2008-06-25 07:56 3088896 8758CE41A129C23B1A1BD7C9FEE2CCCB c:\windows\$hf_mig$\KB953838\SP3QFE\mshtml.dll
[-] 2008-08-20 05:33 3088384 EB2B003122AA714FE93979CFA4EEAA55 c:\windows\$hf_mig$\KB956390\SP2QFE\mshtml.dll
[-] 2008-08-20 05:10 3088896 E1772442035064C97BA6B4D60BDA1BB9 c:\windows\$hf_mig$\KB956390\SP3GDR\mshtml.dll
[-] 2008-08-20 05:07 3088896 4229C8960DE4DC5B6C326E2B65175E9F c:\windows\$hf_mig$\KB956390\SP3QFE\mshtml.dll
[-] 2004-08-05 08:00 3003392 3FE8D0C4C2F3B928192BD06DCEE34B32 c:\windows\$NtUninstallKB953838$\mshtml.dll
[-] 2008-06-23 15:40 3080704 FAA707F1143B2CB58ED7BD4F0758BADE c:\windows\$NtUninstallKB956390$\mshtml.dll
[-] 2008-04-14 02:33 3066880 C4153F037157C7BE7C54FD88887F027D c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\mshtml.dll
[-] 2008-08-20 05:37 3081216 7CCBC169EFCB0284781139ADB7E26F51 c:\windows\system32\mshtml.dll
[-] 2008-08-20 05:37 3081216 7CCBC169EFCB0284781139ADB7E26F51 c:\windows\system32\dllcache\mshtml.dll
[-] 2008-08-20 05:37 3081216 7CCBC169EFCB0284781139ADB7E26F51 c:\windows\system32\dllcache\cache\mshtml.dll

[-] 2008-04-14 02:05 25216 16813155807C6881F4BFBF6657424659 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\kbdclass.sys
[-] 2004-08-03 23:45 25216 E798705E8DC7FAB596EF6BFDF167E007 c:\windows\system32\dllcache\kbdclass.sys
[-] 2004-08-03 23:45 25216 E798705E8DC7FAB596EF6BFDF167E007 c:\windows\system32\dllcache\cache\kbdclass.sys
[-] 2004-08-03 23:45 25216 E798705E8DC7FAB596EF6BFDF167E007 c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-05 08:00 25216 E798705E8DC7FAB596EF6BFDF167E007 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\kbdclass.sys

[-] 2008-04-14 02:33 851968 F4B7146C7EED6C4E158DCD9B5266C25A c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\comres.dll
[-] 2004-08-05 08:00 851968 19428638D8F4440F67519BD03A623BBB c:\windows\system32\comres.dll
[-] 2004-08-05 08:00 851968 19428638D8F4440F67519BD03A623BBB c:\windows\system32\dllcache\cache\comres.dll

[-] 2008-04-14 02:33 22016 982B2C204337C3B12211E1E1D9BA8C9C c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\lpk.dll
[-] 2004-08-05 08:00 22016 8C97E0E3DAA99659D4F4B44CC1F282A6 c:\windows\system32\lpk.dll
[-] 2004-08-05 08:00 22016 8C97E0E3DAA99659D4F4B44CC1F282A6 c:\windows\system32\dllcache\cache\lpk.dll

[-] 2004-08-05 13:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\beep.sys
[-] 2004-08-05 13:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\cache\beep.sys
[-] 2004-08-05 13:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\drivers\beep.sys

[-] 2004-08-05 08:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\dllcache\cache\null.sys
[-] 2004-08-05 08:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\drivers\null.sys

[-] 2008-04-13 16:39 142592 8BED39E3C35D6A489438B8141717A557 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\aec.sys
[-] 2004-08-03 21:39 142464 841F385C6CFAF66B58FBD898722BB4F0 c:\windows\SoftwareDistribution\Download\ef76b58e91ae8084bf0833c90d4b9382\backup\sp2gdr\aec.sys
[-] 2004-08-03 20:39 142464 841F385C6CFAF66B58FBD898722BB4F0 c:\windows\SoftwareDistribution\Download\ef76b58e91ae8084bf0833c90d4b9382\backup\sp2qfe\aec.sys
[-] 2004-08-03 21:39 142464 841F385C6CFAF66B58FBD898722BB4F0 c:\windows\system32\dllcache\cache\aec.sys
[-] 2004-08-03 21:39 142464 841F385C6CFAF66B58FBD898722BB4F0 c:\windows\system32\drivers\aec.sys

[-] 2008-04-14 02:33 927504 CE21FE79AD3B913A79E0C742BED6BF85 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\mfc40u.dll
[-] 2006-11-01 19:18 927504 FCD58951B3B2392007E0EE34D2CF944F c:\windows\SoftwareDistribution\Download\514c80746ae952e9ebadfb936253a166\sp2qfe\mfc40u.dll
[-] 2004-08-05 08:00 924432 E1A34560BF6CE7C703BB67EC4FA70F43 c:\windows\system32\mfc40u.dll
[-] 2004-08-05 08:00 924432 E1A34560BF6CE7C703BB67EC4FA70F43 c:\windows\system32\dllcache\cache\mfc40u.dll

[-] 2008-04-14 02:33 399360 3D65EB82E1FA6DB15A33E024C9E03CAB c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\rpcss.dll
[-] 2005-07-26 04:40 397824 CB7D37602638369A516757E994CBB31D c:\windows\SoftwareDistribution\Download\520cbe0ea5d1df1dc8d5c0c4548a90f7\sp2gdr\rpcss.dll
[-] 2005-07-26 04:29 398336 B38D431ACE730452CD1FEE4FB7ECD6E2 c:\windows\SoftwareDistribution\Download\520cbe0ea5d1df1dc8d5c0c4548a90f7\sp2qfe\rpcss.dll
[-] 2005-04-28 19:32 395776 D0F724BDF4A0647F1A52985FD629EFCE c:\windows\SoftwareDistribution\Download\7c43cf31471ac5c8600409a70e40c22f\sp2gdr\rpcss.dll
[-] 2005-04-28 19:36 396288 FD292BFE003558F4C39AA3D44F420AC7 c:\windows\SoftwareDistribution\Download\7c43cf31471ac5c8600409a70e40c22f\sp2qfe\rpcss.dll
[-] 2004-08-05 08:00 395776 2477917B158327410E615C582A3A4C0B c:\windows\system32\rpcss.dll
[-] 2004-08-05 08:00 395776 2477917B158327410E615C582A3A4C0B c:\windows\system32\dllcache\cache\rpcss.dll

[-] 2008-04-14 02:33 33792 E67A66A3781C1A483F0F8992664CBE0D c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\msgsvc.dll
[-] 2004-08-05 08:00 33792 97939358ED4487CBB4A0D743CE958266 c:\windows\system32\msgsvc.dll
[-] 2004-08-05 08:00 33792 97939358ED4487CBB4A0D743CE958266 c:\windows\system32\dllcache\cache\msgsvc.dll

[-] 2006-08-25 15:54 925184 9724ECD4529AF317DD5BD6194EB6428C c:\windows\SoftwareDistribution\Download\3b9bbc7d361970b826a6eb88174757a3\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2006-08-25 15:51 617472 5BBCD65CFD7610F36BCA96B72BBAED4B c:\windows\SoftwareDistribution\Download\3b9bbc7d361970b826a6eb88174757a3\sp2qfe\comctl32.dll
[-] 2006-08-25 15:51 1054208 47ABF878B9AEC81B23BA5F89DE597B3A c:\windows\SoftwareDistribution\Download\3b9bbc7d361970b826a6eb88174757a3\sp2qfe\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2008-04-14 02:33 617472 B4AA331468315B6A174C3F0D5B3BC135 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\comctl32.dll
[-] 2008-04-14 02:30 1054208 F92E6BEA9349D49341383F8403B4DFE5 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2006-03-17 05:04 925184 83F339913E0DC8CC16566D48C8310B13 c:\windows\SoftwareDistribution\Download\a124f301bc107cfa919de4d98c0ac25b\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2005-08-31 16:50 925184 7BCD276EEE605DF05B160DBD265DEB05 c:\windows\SoftwareDistribution\Download\a20dc986c94132560aec16a0ce3c192a\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2004-08-05 08:00 611328 A53B48B5AB9A5DA76ED247D61B0B0ADD c:\windows\system32\comctl32.dll
[-] 2004-08-05 08:00 611328 A53B48B5AB9A5DA76ED247D61B0B0ADD c:\windows\system32\dllcache\cache\comctl32.dll
[-] 2004-08-05 08:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-05 08:00 1050624 97668958194B82F5B88EABC88ACA5AE1 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[-] 2004-08-05 08:00 12032 E4ABC1212B70BB03D35E60681C447210 c:\windows\system32\dllcache\acpiec.sys
[-] 2004-08-05 08:00 12032 E4ABC1212B70BB03D35E60681C447210 c:\windows\system32\dllcache\cache\acpiec.sys
[-] 2004-08-05 08:00 12032 E4ABC1212B70BB03D35E60681C447210 c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-14 02:33 5120 9A4E7ECBB5B7FB86F3B926AB039F4FEC c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\sfc.dll
[-] 2004-08-05 08:00 5120 94559DE281DADCB58E6A3919C7EAC0B4 c:\windows\system32\sfc.dll
[-] 2004-08-05 08:00 5120 94559DE281DADCB58E6A3919C7EAC0B4 c:\windows\system32\dllcache\cache\sfc.dll

[-] 2008-04-14 02:33 407040 04821179C3171554C1BD1F9888A113E2 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\netlogon.dll
[-] 2004-08-05 08:00 407040 FAF07FDCDE76000621A28D19F8E2E8EB c:\windows\system32\netlogon.dll
[-] 2004-08-05 08:00 407040 FAF07FDCDE76000621A28D19F8E2E8EB c:\windows\system32\dllcache\cache\netlogon.dll

[-] 2008-04-14 02:33 409088 BAA0B6E647C1AD593E9BAE5CC31BCFFB c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\qmgr.dll
[-] 2004-08-05 08:00 382464 87424817F82CF6A7F55DAC01A20111A3 c:\windows\system32\qmgr.dll
[-] 2004-08-05 08:00 382464 87424817F82CF6A7F55DAC01A20111A3 c:\windows\system32\dllcache\cache\qmgr.dll

[-] 2008-04-14 02:33 187392 973B36634C544948C663E8269AA1B3A3 c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\scecli.dll
[-] 2004-08-05 08:00 186368 DEC0397F35D027874804EC72979D03CC c:\windows\system32\scecli.dll
[-] 2004-08-05 08:00 186368 DEC0397F35D027874804EC72979D03CC c:\windows\system32\dllcache\cache\scecli.dll

[-] 2008-04-13 18:57 14336 B153AFFAC761E7F5FCFA822B9C4E97BC c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\asyncmac.sys
[-] 2004-08-05 08:00 14336 02000ABF34AF4C218C35D257024807D6 c:\windows\system32\dllcache\asyncmac.sys
[-] 2004-08-05 08:00 14336 02000ABF34AF4C218C35D257024807D6 c:\windows\system32\dllcache\cache\asyncmac.sys
[-] 2004-08-05 08:00 14336 02000ABF34AF4C218C35D257024807D6 c:\windows\system32\drivers\asyncmac.sys

[-] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ntfs.sys
[-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\SoftwareDistribution\Download\e3bd9b90b867ba67afdd4c29dc49177c\sp2gdr\ntfs.sys
[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\SoftwareDistribution\Download\e3bd9b90b867ba67afdd4c29dc49177c\sp2qfe\ntfs.sys
[-] 2009-08-12 17:29 619200 8DFD93810E8FE310F513842D72B410C2 c:\windows\system32\dllcache\ntfs.sys
[-] 2009-08-12 17:29 619200 8DFD93810E8FE310F513842D72B410C2 c:\windows\system32\drivers\ntfs.sys

[-] 2008-04-14 02:33 171520 6ED29124A1C83BD0CF6B26BD01CA6F6F c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\srsvc.dll
[-] 2004-08-05 08:00 171008 6469C53F4D16FA6055CCA265BC03DB66 c:\windows\system32\srsvc.dll
[-] 2004-08-05 08:00 171008 6469C53F4D16FA6055CCA265BC03DB66 c:\windows\system32\dllcache\cache\srsvc.dll

[-] 2008-04-14 02:34 13824 02DA31AB433A6C1110A736C85701DECA c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\wscntfy.exe
[-] 2004-08-05 08:00 13824 54CDDAD404557ED98433D6ECBFC92691 c:\windows\system32\wscntfy.exe
[-] 2004-08-05 08:00 13824 54CDDAD404557ED98433D6ECBFC92691 c:\windows\system32\dllcache\cache\wscntfy.exe

c:\windows\system32\appmgmts.dll ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2009-08-18_09.22.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-18 19:51 . 2009-08-18 19:51 16384 c:\windows\temp\Perflib_Perfdata_15c.dat
+ 2009-08-18 19:46 . 2009-08-18 19:46 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-18 19:46 . 2009-08-18 19:46 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2009-08-18 14:54 . 2009-08-18 14:54 149280 c:\windows\system32\javaws.exe
+ 2009-08-18 14:54 . 2009-08-18 14:54 145184 c:\windows\system32\javaw.exe
+ 2009-08-18 14:54 . 2009-08-18 14:54 145184 c:\windows\system32\java.exe
+ 2009-08-18 14:54 . 2009-08-18 14:54 537600 c:\windows\Installer\12c5bb6.msi
+ 2009-08-18 19:46 . 2009-08-18 19:46 737280 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
+ 2009-08-18 19:46 . 2009-08-18 19:46 233472 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
+ 2009-08-18 19:46 . 2009-08-18 19:46 229376 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-18 19:46 . 2009-08-18 19:46 5570560 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PMCRemote"="c:\program files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2007-02-12 253000]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"SpywareTerminatorUpdate"="c:\progra~1\SPYWAR~2\SpywareTerminatorUpdate.exe" [2009-08-13 3055616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-11-23 163840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-01-26 98304]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-11-01 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-09-07 213054]
"hpWirelessAssistant"="c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-12-08 790528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"ChangeFilterMerit"="c:\program files\NewSoft\Presto! PVR\ChangeFilterMerit.exe" [2007-06-08 51280]
"Presto! PVR Monitor"="c:\program files\NewSoft\Presto! PVR\Monitor.exe" [2007-07-02 149328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SpywareTerminator"="c:\progra~1\SPYWAR~2\SpywareTerminatorShield.exe" [2009-08-13 2171904]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-18 149280]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-08-24 88363]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-05 110592]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"c:\\Program Files\\Messenger\\msmsgs.exe"= c:\program files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"c:\\WINDOWS\\system32\\dplaysvr.exe"= c:\windows\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= c:\program files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"= 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP"= 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP"= 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"3389:TCP"= 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

R1 FNETDEVI;FNETDEVI;c:\windows\system32\drivers\FNETDEVI.SYS [25/10/2008 14:15 19572]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [13/08/2009 07:03 142592]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [01/06/2009 10:27 603904]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe --> c:\program files\MAGIX\Common\Database\bin\fbserver.exe [?]
S3 MODRC;DiBcom Infrared Receiver;c:\windows\system32\drivers\modrc.sys [06/09/2008 19:58 13056]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
Alerter
LmHosts

.
Contents of the 'Scheduled Tasks' folder

2009-08-18 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 14:28]

2009-08-07 c:\windows\Tasks\Norton AntiVirus - Analyser mon ordinateur - MANUE.job
- c:\progra~1\NORTON~1\Navw32.exe [2004-08-24 23:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q105&bd=pavilion&pf=laptop
IE: Crawler Search - tbr:iemenu
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-18 21:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????,????|?P???? ???B???????????????B? ??????

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10a.exe"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,22,6a,97,f2,46,
7c,75,95,c8,28,51,af,b0,29,a3,98,e7,22,de,bc,86,cd,8e,d8,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,1e,22,a1,5b,80,
eb,a2,de,71,3b,04,66,8b,46,0d,96,28,99,e4,d6,fa,4b,49,6e,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,93,ea,e3,1b,ed,
f6,49,e9,25,da,ec,7e,55,20,c9,26,e1,bf,0f,a6,c6,cd,09,f6,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,ea,45,38,a8,70,
5e,13,69,3e,1e,9e,e0,57,5a,93,61,ec,e7,c7,64,44,3c,8b,1e,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,be,6e,c7,8f,1a,
c4,e8,ea,cd,44,cd,b9,a6,33,6c,cd,dd,6b,d4,fb,df,29,68,e3,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{8D8763AB-E93B-4812-964E-F04E0008FD50}\Version]
@Denied: (A) (Everyone)
"GlobalState"=hex:05,88,a4,a3,4f,8e,77,a8,30,37,90,38,f2,28,e4,d2,62,5b,7d,59

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,bb,55,8a,54,dc,
b7,64,f5,b0,18,ed,a7,3f,8d,37,a4,12,5e,3d,20,22,04,7a,09,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,51,d9,d1,b3,68,
0f,28,55,31,77,e1,ba,b1,f8,68,02,3d,ac,52,8f,7c,e1,9e,1c,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10a.ocx, 1"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10a.ocx, 1"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,34,8b,93,e6,d4,
e8,f9,47,83,6c,56,8b,a0,85,96,ab,35,ea,a3,9b,7c,03,03,31,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,a5,77,cc,8b,a4,
a5,c7,79,51,fa,6e,91,28,9e,14,cc,a0,fc,2b,a7,da,8a,f0,aa,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,d9,63,51,07,22,
8c,b6,7f,b1,cd,45,5a,a8,c4,f8,b9,63,77,4e,71,4c,e9,6f,3c,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,fd,c5,85,22,6a,
ef,53,25,e3,0e,66,d5,eb,bc,2f,6b,57,0e,fa,8f,5b,24,44,00,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,22,de,d6,8e,19,
a3,35,90,fa,ea,66,7f,d4,3b,6b,70,3f,8e,e6,09,c3,c6,a5,9b,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"

[HKEY_LOCAL_MACHINE\softwareSoftware\Microsoft\Windows NT\CurrentVersion\Windows]
@Denied: (Full) (Everyone)
@Denied: (Full) (Everyone)
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\rundll32.exe
c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
c:\program files\Apoint2K\ApntEx.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Norton AntiVirus\navapsvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\HPQ\Shared\hpqwmi.exe
.
**************************************************************************
.
Completion time: 2009-08-18 21:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-18 19:58
ComboFix2.txt 2009-08-18 09:27

Pre-Run: 19 359 109 120 octets libres
Post-Run: 19 365 269 504 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

562 --- E O F --- 2008-10-23 17:32
0
Réponse 48 / 128
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
19 août 2009 à 08:46
c'est combofix qui a fait sa, tu doit redemarré ton PC, sa reviendra tout seul (internet)

par contre tu me postera un RSIT AVANT de faire l'etape 3 pour voir si le virus s'est recrée, j'avais pas pensé que combfix t'aurai demandé de redemarré pour la console
0
Réponse 49 / 128
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
19 août 2009 à 08:48
TU NE DOIT PAS FAIRE DE MANIPULATION A PART CE QUE JE TE DEMANDE STP

attends la suite
0
Réponse 50 / 128
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
19 août 2009 à 09:03
tu referas la manip des remplacement de fichier avec cette fois ci ceci copier coller dans le blocnote

c:\windows\system32\appmgmts.dll

ensuite si sa te demande de redemarré ton PC fait le et poste moi un RSIt après


Fait analyser ces fichiers pour voir si ils sont de nouveau infecté:

c:\windows\system32\sfcfiles.dll
c:\windows\system32\dllcache\sfcfiles­.dll
c:\windows\sys­tem32\dllcache\ntfs.sys
c:\windows\sys­tem32\drivers\ntfs.sys
c:\windows\sys­tem32\dllcache\beep.sys
c:\windows\sys­tem32\drivers\beep.sys

ensuite:

refait un scan avec malwarebyte et poste le rapport et réessaye un scan en ligne

je suis de retour en milieu d'aprés midi
0
Réponse 51 / 128
feshme Messages postés 94 Date d'inscription lundi 17 août 2009 Statut Membre Dernière intervention 21 août 2009
19 août 2009 à 09:03
Pour internet, j'ai du réinstaler le protocole. Donc là c'est bon,je lance l'etape 2?
0
Réponse 52 / 128
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
19 août 2009 à 09:06
tu as fait ou pas le poste 51 avec les 3 etapes ou juste tu as fait juste la premiere ?
0
Réponse 53 / 128
feshme Messages postés 94 Date d'inscription lundi 17 août 2009 Statut Membre Dernière intervention 21 août 2009
19 août 2009 à 09:10
Pour le 51, j'ai réaliser l'étape une, le pc c éteint automatiquement et a redemarrer, ensuite j'avais le probleme de connection donc hier j'avais redemarrer une deuxieme fois le pc et j'ai laisser tomber, ce matin j'ai allumer le pc et j'ai fait le truc avec le protocole TCP/IP ou un truc comme ca et maintenant c bon, mais hier soir je ne pouvais pas acceder au lien c pour cela que j'ai pas continuer l'etape 2 du posté 51.

QUe faire : l'étape 2 du posté 51 je pense????A me confirmer
0
Réponse 54 / 128
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
19 août 2009 à 09:14
ok bien tant mieux alors :)

ne redemarre pas ton PC de la journée et fait ceci le teps que je rentre :

Fait analyser ces fichiers pour voir si ils sont de nouveau infecté:

c:\windows\system32\sfcfiles.dll
c:\windows\system32\dllcache\sfcfiles­.dll
c:\windows\sys­tem32\dllcache\ntfs.sys
c:\windows\sys­tem32\drivers\ntfs.sys
c:\windows\sys­tem32\dllcache\beep.sys
c:\windows\sys­tem32\drivers\beep.sys

ensuite:

refait un scan avec malwarebyte et poste le rapport et réessaye un scan en ligne

je suis de retour en milieu d'aprés midi
0
Réponse 55 / 128
feshme Messages postés 94 Date d'inscription lundi 17 août 2009 Statut Membre Dernière intervention 21 août 2009
19 août 2009 à 09:16
oki ca marche, je fais ca
a toute a lheure merci beaucoup
0
Réponse 56 / 128
feshme Messages postés 94 Date d'inscription lundi 17 août 2009 Statut Membre Dernière intervention 21 août 2009
19 août 2009 à 09:26
FICHIER : c:\windows\system32\sfcfiles.dll


Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.19 -
AhnLab-V3 5.0.0.2 2009.08.19 -
AntiVir 7.9.1.3 2009.08.18 -
Antiy-AVL 2.0.3.7 2009.08.18 -
Authentium 5.1.2.4 2009.08.18 -
Avast 4.8.1335.0 2009.08.18 -
AVG 8.5.0.406 2009.08.18 -
BitDefender 7.2 2009.08.19 -
CAT-QuickHeal 10.00 2009.08.18 -
ClamAV 0.94.1 2009.08.19 -
Comodo 2019 2009.08.19 -
DrWeb 5.0.0.12182 2009.08.19 -
eSafe 7.0.17.0 2009.08.18 -
eTrust-Vet 31.6.6686 2009.08.19 -
F-Prot 4.4.4.56 2009.08.18 -
F-Secure 8.0.14470.0 2009.08.19 -
Fortinet 3.120.0.0 2009.08.19 -
GData 19 2009.08.19 -
Ikarus T3.1.1.68.0 2009.08.19 -
Jiangmin 11.0.800 2009.08.19 -
K7AntiVirus 7.10.821 2009.08.18 -
Kaspersky 7.0.0.125 2009.08.19 -
McAfee 5713 2009.08.18 -
McAfee+Artemis 5713 2009.08.18 -
McAfee-GW-Edition 6.8.5 2009.08.19 -
Microsoft 1.4903 2009.08.19 -
NOD32 4346 2009.08.18 -
Norman 6.01.09 2009.08.18 -
nProtect 2009.1.8.0 2009.08.18 -
Panda 10.0.0.14 2009.08.18 -
PCTools 4.4.2.0 2009.08.18 -
Prevx 3.0 2009.08.19 -
Rising 21.43.21.00 2009.08.19 -
Sophos 4.44.0 2009.08.19 -
Sunbelt 3.2.1858.2 2009.08.19 -
Symantec 1.4.4.12 2009.08.19 -
TheHacker 6.3.4.3.383 2009.08.13 -
TrendMicro 8.950.0.1094 2009.08.19 -
VBA32 3.12.10.9 2009.08.19 -
ViRobot 2009.8.19.1890 2009.08.19 -
VirusBuster 4.6.5.0 2009.08.18 -
Information additionnelle
File size: 1548288 bytes
MD5...: acf04fb3448d2c2cd3a851c138ec8ab6
SHA1..: 6ed1cd55f58adbae1acb497fd51119f31bd4c554
SHA256: cf839371596e69085c61d7470f9662a689472dd3087dda4927c96f22d579c1b5
ssdeep: 3072:LG98o8gaaP3ZeRduqCC/ziAR8z4yDx8wawRd5X+diU9uXh2vWFDe:LabaE6
Lzi9DxT5yb

PEiD..: -
TrID..: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x120d
timedatestamp.....: 0x41107c30 (Wed Aug 04 06:03:28 2004)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xcbf 0xe00 5.90 62996122096364362b8bbbbb76ba9d44
.data 0x2000 0x16ebe0 0x16ec00 3.27 1d0ff0ef6df15dad76688431ef90c012
.rsrc 0x171000 0x418 0x600 2.54 c123fdd41b8b0efeb7beb0a0084a77f0
.reloc 0x172000 0x9a6c 0x9c00 5.76 1a3c3f7a1bcfc6f766599709205664f2

( 1 imports )
> ntdll.dll: LdrDisableThreadCalloutsForDll, NtClose, NtQueryValueKey, NtOpenKey, RtlInitUnicodeString, RtlGetVersion, NtTerminateProcess, RtlUnhandledExceptionFilter, RtlUnwind, NtQueryVirtualMemory

( 1 exports )
SfcGetFiles

PDFiD.: -
RDS...: NSRL Reference Data Set

( Microsoft )

> MSDN Disc 2439.8: sfcfiles.dll
> MSDN Disc 2439.7: sfcfiles.dll
> MSDN Disc 2439.6: sfcfiles.dll
0
Réponse 57 / 128
feshme Messages postés 94 Date d'inscription lundi 17 août 2009 Statut Membre Dernière intervention 21 août 2009
19 août 2009 à 09:30
c:\windows\system32\dllcache\sfcfiles­.dll

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.19 -
AhnLab-V3 5.0.0.2 2009.08.19 -
AntiVir 7.9.1.3 2009.08.18 -
Antiy-AVL 2.0.3.7 2009.08.18 -
Authentium 5.1.2.4 2009.08.18 -
Avast 4.8.1335.0 2009.08.18 -
AVG 8.5.0.406 2009.08.18 -
BitDefender 7.2 2009.08.19 -
CAT-QuickHeal 10.00 2009.08.18 -
ClamAV 0.94.1 2009.08.19 -
Comodo 2019 2009.08.19 -
DrWeb 5.0.0.12182 2009.08.19 -
eSafe 7.0.17.0 2009.08.18 -
eTrust-Vet 31.6.6686 2009.08.19 -
F-Prot 4.4.4.56 2009.08.18 -
F-Secure 8.0.14470.0 2009.08.19 -
Fortinet 3.120.0.0 2009.08.19 -
GData 19 2009.08.19 -
Ikarus T3.1.1.68.0 2009.08.19 -
Jiangmin 11.0.800 2009.08.19 -
K7AntiVirus 7.10.821 2009.08.18 -
Kaspersky 7.0.0.125 2009.08.19 -
McAfee 5713 2009.08.18 -
McAfee+Artemis 5713 2009.08.18 -
McAfee-GW-Edition 6.8.5 2009.08.19 -
Microsoft 1.4903 2009.08.19 -
NOD32 4346 2009.08.18 -
Norman 6.01.09 2009.08.18 -
nProtect 2009.1.8.0 2009.08.18 -
Panda 10.0.0.14 2009.08.18 -
PCTools 4.4.2.0 2009.08.18 -
Prevx 3.0 2009.08.19 -
Rising 21.43.21.00 2009.08.19 -
Sophos 4.44.0 2009.08.19 -
Sunbelt 3.2.1858.2 2009.08.19 -
Symantec 1.4.4.12 2009.08.19 -
TheHacker 6.3.4.3.383 2009.08.13 -
TrendMicro 8.950.0.1094 2009.08.19 -
VBA32 3.12.10.9 2009.08.19 -
ViRobot 2009.8.19.1890 2009.08.19 -
VirusBuster 4.6.5.0 2009.08.18 -
Information additionnelle
File size: 1548288 bytes
MD5...: acf04fb3448d2c2cd3a851c138ec8ab6
SHA1..: 6ed1cd55f58adbae1acb497fd51119f31bd4c554
SHA256: cf839371596e69085c61d7470f9662a689472dd3087dda4927c96f22d579c1b5
ssdeep: 3072:LG98o8gaaP3ZeRduqCC/ziAR8z4yDx8wawRd5X+diU9uXh2vWFDe:LabaE6
Lzi9DxT5yb

PEiD..: -
TrID..: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x120d
timedatestamp.....: 0x41107c30 (Wed Aug 04 06:03:28 2004)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xcbf 0xe00 5.90 62996122096364362b8bbbbb76ba9d44
.data 0x2000 0x16ebe0 0x16ec00 3.27 1d0ff0ef6df15dad76688431ef90c012
.rsrc 0x171000 0x418 0x600 2.54 c123fdd41b8b0efeb7beb0a0084a77f0
.reloc 0x172000 0x9a6c 0x9c00 5.76 1a3c3f7a1bcfc6f766599709205664f2

( 1 imports )
> ntdll.dll: LdrDisableThreadCalloutsForDll, NtClose, NtQueryValueKey, NtOpenKey, RtlInitUnicodeString, RtlGetVersion, NtTerminateProcess, RtlUnhandledExceptionFilter, RtlUnwind, NtQueryVirtualMemory

( 1 exports )
SfcGetFiles

PDFiD.: -
RDS...: NSRL Reference Data Set

( Microsoft )

> MSDN Disc 2439.8: sfcfiles.dll
> MSDN Disc 2439.7: sfcfiles.dll
> MSDN Disc 2439.6: sfcfiles.dll
0
Réponse 58 / 128
feshme Messages postés 94 Date d'inscription lundi 17 août 2009 Statut Membre Dernière intervention 21 août 2009
19 août 2009 à 09:32
FICHIER : c:\windows\sys­tem32\dllcache\ntfs.sys

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.19 Riskware.WinNT.Cutwail!IK
AhnLab-V3 5.0.0.2 2009.08.19 -
AntiVir 7.9.1.3 2009.08.18 -
Antiy-AVL 2.0.3.7 2009.08.18 Virus/Win32.Protector.gen
Authentium 5.1.2.4 2009.08.18 -
Avast 4.8.1335.0 2009.08.18 -
AVG 8.5.0.406 2009.08.18 Rootkit-Pakes.M
BitDefender 7.2 2009.08.19 Rootkit.Kobcka.Patched.Gen
CAT-QuickHeal 10.00 2009.08.18 W32.Protector.C
ClamAV 0.94.1 2009.08.19 -
Comodo 2019 2009.08.19 -
DrWeb 5.0.0.12182 2009.08.19 BackDoor.Bulknet.404
eSafe 7.0.17.0 2009.08.18 -
eTrust-Vet 31.6.6686 2009.08.19 -
F-Prot 4.4.4.56 2009.08.18 -
F-Secure 8.0.14470.0 2009.08.19 Virus.Win32.Protector.c
Fortinet 3.120.0.0 2009.08.19 -
GData 19 2009.08.19 Rootkit.Kobcka.Patched.Gen
Ikarus T3.1.1.68.0 2009.08.19 VirTool.WinNT.Cutwail
Jiangmin 11.0.800 2009.08.19 -
K7AntiVirus 7.10.821 2009.08.18 -
Kaspersky 7.0.0.125 2009.08.19 Virus.Win32.Protector.c
McAfee 5713 2009.08.18 Cutwail.gen.e
McAfee+Artemis 5713 2009.08.18 Cutwail.gen.e
McAfee-GW-Edition 6.8.5 2009.08.19 -
Microsoft 1.4903 2009.08.19 VirTool:WinNT/Cutwail.L
NOD32 4346 2009.08.18 Win32/Wigon.LX
Norman 6.01.09 2009.08.18 -
nProtect 2009.1.8.0 2009.08.19 -
Panda 10.0.0.14 2009.08.18 Suspicious file
PCTools 4.4.2.0 2009.08.18 -
Prevx 3.0 2009.08.19 Medium Risk Malware
Rising 21.43.21.00 2009.08.19 -
Sophos 4.44.0 2009.08.19 Troj/NTFSKit-B
Sunbelt 3.2.1858.2 2009.08.19 -
Symantec 1.4.4.12 2009.08.19 -
TheHacker 6.3.4.3.383 2009.08.13 -
TrendMicro 8.950.0.1094 2009.08.19 -
VBA32 3.12.10.9 2009.08.19 Rootkit.Win32.8141236
ViRobot 2009.8.19.1890 2009.08.19 -
VirusBuster 4.6.5.0 2009.08.18 -
Information additionnelle
File size: 619200 bytes
MD5...: 8dfd93810e8fe310f513842d72b410c2
SHA1..: 753ce4957bfeb796d65662f8df3d016f951a89d2
SHA256: 0a78cd7106a833e4547878e0d30c61ffaea222e054259a71d2ff4ce8b06a4e6e
ssdeep: 6144:qYvlJCuNJ3Loj+sr/rwFSrS8yXtiwOxHzlxFR0Pd4s3BSCx4PTaQrkvH0jp
d7:bJCC+H+SO8gdoEBRSCyba8Pj

PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xe1a
timedatestamp.....: 0x4a801be2 (Mon Aug 10 13:08:50 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x280 0xc44 0xc60 5.81 7c66eae0aa185a1d1e23190a98f8975f
.rdata 0xee0 0x8 0x20 0.40 53bc69c7adc744494f3d55825e7d5c47
.data 0xf00 0x19 0x20 2.17 09023b0586a11b5dd790a88206791533
INIT 0xf20 0x4c 0x60 2.31 5d563cf002ad3c2ac3b51fb9d4bf721c
.reloc 0xf80 0x96322 0x96340 6.73 5dcbe4ae0dc06959341f337dab7c4e0b

( 1 imports )
> hal.dll: KeGetCurrentIrql

( 0 exports )

PDFiD.: -
RDS...: NSRL Reference Data Set
-
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=50DD053EC0F10BCF7260099B6EFE1E0027E2B411' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=50DD053EC0F10BCF7260099B6EFE1E0027E2B411</a>
0
Réponse 59 / 128
feshme Messages postés 94 Date d'inscription lundi 17 août 2009 Statut Membre Dernière intervention 21 août 2009
19 août 2009 à 09:35
FICHIER : c:\windows\sys­tem32\drivers\ntfs.sys

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.19 Riskware.WinNT.Cutwail!IK
AhnLab-V3 5.0.0.2 2009.08.19 -
AntiVir 7.9.1.3 2009.08.18 -
Antiy-AVL 2.0.3.7 2009.08.18 Virus/Win32.Protector.gen
Authentium 5.1.2.4 2009.08.18 -
Avast 4.8.1335.0 2009.08.18 -
AVG 8.5.0.406 2009.08.18 Rootkit-Pakes.M
BitDefender 7.2 2009.08.19 Rootkit.Kobcka.Patched.Gen
CAT-QuickHeal 10.00 2009.08.18 W32.Protector.C
ClamAV 0.94.1 2009.08.19 -
Comodo 2019 2009.08.19 -
DrWeb 5.0.0.12182 2009.08.19 BackDoor.Bulknet.404
eSafe 7.0.17.0 2009.08.18 -
eTrust-Vet 31.6.6686 2009.08.19 -
F-Prot 4.4.4.56 2009.08.18 -
F-Secure 8.0.14470.0 2009.08.19 Virus.Win32.Protector.c
Fortinet 3.120.0.0 2009.08.19 -
GData 19 2009.08.19 Rootkit.Kobcka.Patched.Gen
Ikarus T3.1.1.68.0 2009.08.19 VirTool.WinNT.Cutwail
Jiangmin 11.0.800 2009.08.19 -
K7AntiVirus 7.10.821 2009.08.18 -
Kaspersky 7.0.0.125 2009.08.19 Virus.Win32.Protector.c
McAfee 5713 2009.08.18 Cutwail.gen.e
McAfee+Artemis 5713 2009.08.18 Cutwail.gen.e
McAfee-GW-Edition 6.8.5 2009.08.19 -
Microsoft 1.4903 2009.08.19 VirTool:WinNT/Cutwail.L
NOD32 4346 2009.08.18 Win32/Wigon.LX
Norman 6.01.09 2009.08.18 -
nProtect 2009.1.8.0 2009.08.19 -
Panda 10.0.0.14 2009.08.18 Suspicious file
PCTools 4.4.2.0 2009.08.18 -
Prevx 3.0 2009.08.19 Medium Risk Malware
Rising 21.43.21.00 2009.08.19 -
Sophos 4.44.0 2009.08.19 Troj/NTFSKit-B
Sunbelt 3.2.1858.2 2009.08.19 -
Symantec 1.4.4.12 2009.08.19 -
TheHacker 6.3.4.3.383 2009.08.13 -
TrendMicro 8.950.0.1094 2009.08.19 -
VBA32 3.12.10.9 2009.08.19 Rootkit.Win32.8141236
ViRobot 2009.8.19.1890 2009.08.19 -
VirusBuster 4.6.5.0 2009.08.18 -
Information additionnelle
File size: 619200 bytes
MD5...: 8dfd93810e8fe310f513842d72b410c2
SHA1..: 753ce4957bfeb796d65662f8df3d016f951a89d2
SHA256: 0a78cd7106a833e4547878e0d30c61ffaea222e054259a71d2ff4ce8b06a4e6e
ssdeep: 6144:qYvlJCuNJ3Loj+sr/rwFSrS8yXtiwOxHzlxFR0Pd4s3BSCx4PTaQrkvH0jp
d7:bJCC+H+SO8gdoEBRSCyba8Pj

PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xe1a
timedatestamp.....: 0x4a801be2 (Mon Aug 10 13:08:50 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x280 0xc44 0xc60 5.81 7c66eae0aa185a1d1e23190a98f8975f
.rdata 0xee0 0x8 0x20 0.40 53bc69c7adc744494f3d55825e7d5c47
.data 0xf00 0x19 0x20 2.17 09023b0586a11b5dd790a88206791533
INIT 0xf20 0x4c 0x60 2.31 5d563cf002ad3c2ac3b51fb9d4bf721c
.reloc 0xf80 0x96322 0x96340 6.73 5dcbe4ae0dc06959341f337dab7c4e0b

( 1 imports )
> hal.dll: KeGetCurrentIrql

( 0 exports )

PDFiD.: -
RDS...: NSRL Reference Data Set
-
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=50DD053EC0F10BCF7260099B6EFE1E0027E2B411' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=50DD053EC0F10BCF7260099B6EFE1E0027E2B411</a>
0
Réponse 60 / 128
feshme Messages postés 94 Date d'inscription lundi 17 août 2009 Statut Membre Dernière intervention 21 août 2009
19 août 2009 à 09:37
FICHIER : c:\windows\sys­tem32\dllcache\beep.sys

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.19 -
AhnLab-V3 5.0.0.2 2009.08.19 -
AntiVir 7.9.1.3 2009.08.18 -
Antiy-AVL 2.0.3.7 2009.08.18 -
Authentium 5.1.2.4 2009.08.18 -
Avast 4.8.1335.0 2009.08.18 -
AVG 8.5.0.406 2009.08.18 -
BitDefender 7.2 2009.08.19 -
CAT-QuickHeal 10.00 2009.08.18 -
ClamAV 0.94.1 2009.08.19 -
Comodo 2019 2009.08.19 -
DrWeb 5.0.0.12182 2009.08.19 -
eSafe 7.0.17.0 2009.08.18 Win32.Banker
eTrust-Vet 31.6.6686 2009.08.19 -
F-Prot 4.4.4.56 2009.08.18 -
F-Secure 8.0.14470.0 2009.08.19 -
Fortinet 3.120.0.0 2009.08.19 -
GData 19 2009.08.19 -
Ikarus T3.1.1.68.0 2009.08.19 -
Jiangmin 11.0.800 2009.08.19 -
K7AntiVirus 7.10.821 2009.08.18 -
Kaspersky 7.0.0.125 2009.08.19 -
McAfee 5713 2009.08.18 -
McAfee+Artemis 5713 2009.08.18 -
McAfee-GW-Edition 6.8.5 2009.08.19 -
Microsoft 1.4903 2009.08.19 -
NOD32 4346 2009.08.18 -
Norman 6.01.09 2009.08.18 -
nProtect 2009.1.8.0 2009.08.19 -
Panda 10.0.0.14 2009.08.18 -
PCTools 4.4.2.0 2009.08.18 -
Prevx 3.0 2009.08.19 -
Rising 21.43.21.00 2009.08.19 -
Sophos 4.44.0 2009.08.19 -
Sunbelt 3.2.1858.2 2009.08.19 -
Symantec 1.4.4.12 2009.08.19 -
TheHacker 6.3.4.3.383 2009.08.13 -
TrendMicro 8.950.0.1094 2009.08.19 -
VBA32 3.12.10.9 2009.08.19 -
ViRobot 2009.8.19.1890 2009.08.19 -
VirusBuster 4.6.5.0 2009.08.18 -
Information additionnelle
File size: 4224 bytes
MD5...: da1f27d85e0d1525f6621372e7b685e9
SHA1..: e3d2dc5eb273fa701de8af13b60d6baac7629260
SHA256: 5a81a46a3bdd19dafc6c87d277267a5d44f3a1b5302f2cc1111d84b7bad5610d
ssdeep: 48:qvsINlblgYeU/DtYrmVimGxIBqOopSDKGV7Co+sjIZWQ7q2ue5WwGD+:ilbd/
DKrmLGWBqhev7X+MEWKLu+Ww8

PEiD..: -
TrID..: File type identification
Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x66c
timedatestamp.....: 0x3b7d82e5 (Fri Aug 17 20:47:33 2001)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x424 0x480 5.77 64f775a399d212649b5b58a280791c2d
.rdata 0x780 0xad 0x100 2.62 0ace5f365131534c66de4137833221ad
INIT 0x880 0x284 0x300 4.44 13a9d0bea8490140305ffa9291acfd99
.rsrc 0xb80 0x3c8 0x400 3.22 9b654fc1759147ff04b147754f347be4
.reloc 0xf80 0x9a 0x100 2.80 5c4742feb834ca0995d1e806fe06cc57

( 2 imports )
> ntoskrnl.exe: MmLockPagableDataSection, KeCancelTimer, MmUnlockPagableImageSection, IoStartNextPacket, KeSetTimer, _allmul, IoStartPacket, KeInitializeEvent, KeInitializeTimer, KeInitializeDpc, IoCreateDevice, RtlInitUnicodeString, IoAcquireCancelSpinLock, KeRemoveDeviceQueue, KeRemoveEntryDeviceQueue, IoReleaseCancelSpinLock, IoDeleteDevice, IofCompleteRequest
> HAL.dll: ExReleaseFastMutex, KfRaiseIrql, KfLowerIrql, HalMakeBeep, ExAcquireFastMutex

( 0 exports )

PDFiD.: -
RDS...: NSRL Reference Data Set

( Topics Entertainment )

> Instant Home Design: beep.sys

( Symantec )

> Norton SystemWorks 2005: BEEP.SYS

( Compaq )

> Compaq Operating System CD: beep.sys

( NewTech Infosystems Inc. )

> CD-Maker Plus Edition: beep.sys

( The Learning Company Inc. )

> Reader Rabbits Toddler: beep.sys

( Dell )

> Reinstallation CD Microsoft Windows XP Professional: beep.sys

( Microsoft )

> Operating System Reinstallation CD Microsoft Windows XP Professional Service Pack 2: beep.sys
> MSDN Disc 2466.2: beep.sys
> MSDN Disc 2466.1: beep.sys
> MSDN Disc 2466.4: beep.sys
> MSDN Disc 2465: beep.sys
> MSDN Disc 2464: beep.sys
> MSDN Disc 2466: beep.sys
> Windows XP: beep.sys
> Microsoft TechNet Trial Software 2002 Volume 1: beep.sys
> MSDN Disc2389: beep.sys
> MSDN disc 2455.2: beep.sys
> Windows 98 Versions: beep.sys
> MSDN MSIE 6.0, IE 6.0 SP1, Windows 2000 Advanced Server, Windows 2000 Professional, Windows 2000 Server, Windows 98 Second ed., Windows ME, Win XP Pro: beep.sys
> MSDN Disc 2438.7: beep.sys
> MSDN Disc 2438.2: beep.sys
> MSDN Disc 2438.1: beep.sys
> MSDN Disc 3264: beep.sys
> MSDN Disc 2455: beep.sys
> MSDN Disc 2438.8: beep.sys
> MSDN Disc 2428.1: beep.sys
> MSDN Disc 2428.2: beep.sys
> MSDN Disc 2428.5: beep.sys
> MSDN Disc 2428.4: beep.sys
> MSDN Disc 2428.8: beep.sys
> Platforms, SDK/DDK: beep.sys
> Internet Explorer Versions: beep.sys
> Virtual PC for Mac Windows XP Professional Edition: beep.sys
> Platforms: beep.sys
> MSDN DISC 2438.3: beep.sys
> Platforms SDKs/DDKs: beep.sys
> MSDN Disc 2053: beep.sys
> MSDN Disc 2444: beep.sys
> MSDN Disc 2443: beep.sys
> MSDN Disc 2442: beep.sys
> MSDN Disc 2441: beep.sys
> Internet Explorer: beep.sys
> MSDN Disc2428.3: beep.sys
> MSDN Disc 1550: beep.sys
> MSDN Disc 2455.6: beep.sys
> MSDN Disc 2455.1: beep.sys
> MSDN Disc 2476.1: beep.sys
> MSDN Disc 2476.2: beep.sys
> 2262A: Supporting Users Running Applications on a Microsoft Windows XP Operating System: beep.sys
> Disc 2438.5: beep.sys
> 2261A: Supporting Users Running the Microsoft Windows XP Operating System: beep.sys
> MSDN Disc 2041: beep.sys
> MSDN Disc 2439.3: beep.sys
> MSDN Disc 2439.2: beep.sys
> MSDN Disc 2439.1: beep.sys
> MSDN Disc 2439.7: beep.sys
> MSDN Disc 2439.6: beep.sys
> MSDN Disc 2438: beep.sys
> MSDN Disc 2439: beep.sys
> MSDN Disc 2465.4: beep.sys
> MSDN Disc 2465.5: beep.sys
> MSDN Disc 2465.2: beep.sys
> Windows XP Professional: beep.sys
> MSDN Disc 2364: beep.sys
> Office XP Professional with FrontPage: beep.sys
> Microsoft Windows XP Professional: beep.sys
> Windows XP Professional 2002 Service Pack 1: beep.sys
> MSDN Disc 2443.1: beep.sys
> MSDN Disc 2443.2: beep.sys
> MSDN Disc 2443.4: beep.sys
> MSDN disc 2465.3: beep.sys
> MSDN Disc 2441.1: beep.sys
> MSDN Disc 2441.6: beep.sys
> MSDN Disc 2441.7: beep.sys
> MSDN Disc 2441.5: beep.sys
> MSDN Disc 2428: beep.sys
> MSDN Disc 2477.2: beep.sys
> Windows XP Home Edition: beep.sys
> Windows CE .NET Evaluation Software: beep.sys
> MSDN Disc 2307: beep.sys
> Implementing and Supporting Microsoft Windows XP Professional: beep.sys
> MSDN Disc 2464.1: beep.sys
> MSDN Disc 2464.5: beep.sys
> MSDN Disc 2439.8: beep.sys
> MSDN Disc 2440.5: beep.sys
> MSDN Disc 2440.4: beep.sys
> MSDN Disc 2440.3: beep.sys
> MSDN Disc2365: beep.sys
> MDSN Disc 2441.2: beep.sys
> Platforms, SDK/DDK, Developer Tools: beep.sys
> MSDN disc 2390: beep.sys
> MSDN Disc 2476.4: beep.sys
> Microsoft Security Resource Kit: beep.sys
> Windows 2000 Versions: beep.sys
> MSDN Disc 2444.3: beep.sys
> MSDN Disc 2444.1: beep.sys
> MSDN Disc 2444.6: beep.sys
> MSDN Disc 2444.4: beep.sys
> Virtual PC for Mac Windows XP Home Edition: beep.sys
> Windows XP eMbedded Evaluation Software: beep.sys
> MSDN Disc 2476: beep.sys
> MSDN Disc 2442.4: beep.sys
> MSDN Disc 2442.6: beep.sys
> MSDN Disc 2442.1: beep.sys
> Applications, Platforms, Servers: beep.sys
> MSDN Disc 2442.3: beep.sys
> MSDN Disc 2442.2: beep.sys
> Windows XP Tablet PC Edition: beep.sys
> Applications, Platforms: beep.sys

( Sony )

> Sony VAIO Recover CDs: BEEP.SYS

( Gateway )

> Gateway Operating System Windows XP Pro Edition SP2: BEEP.SYS,beep.sys


ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=da1f27d85e0d1525f6621372e7b685e9' target='_blank'>https://www.symantec.com?md5=da1f27d85e0d1525f6621372e7b685e9</a>
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
Windows bloqué --> x:\windows\system32>
MO34 -
MisteryBean -

9 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses