Virus sous Vista

poumpoum ...?

COUCOU...?

Voici,

Fichier cftmon.exe reçu le 2009.11.27 16:41:30 (UTC)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 8/40 (20%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 1.
L'heure estimée de démarrage est entre 40 et 57 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.43 2009.11.27 -
AhnLab-V3 5.0.0.2 2009.11.27 -
AntiVir 7.9.1.79 2009.11.27 -
Antiy-AVL 2.0.3.7 2009.11.27 -
Authentium 5.2.0.5 2009.11.26 -
Avast 4.8.1351.0 2009.11.27 -
AVG 8.5.0.426 2009.11.27 -
BitDefender 7.2 2009.11.27 Gen:Trojan.Heur.WC0auq@zmYni
CAT-QuickHeal 10.00 2009.11.27 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.11.27 PUA.Packed.ASPack212
Comodo 3057 2009.11.27 -
DrWeb 5.0.0.12182 2009.11.27 -
eSafe 7.0.17.0 2009.11.26 -
eTrust-Vet 35.1.7145 2009.11.27 -
F-Prot 4.5.1.85 2009.11.26 -
Fortinet 4.0.14.0 2009.11.27 -
GData 19 2009.11.27 Gen:Trojan.Heur.WC0auq@zmYni
Ikarus T3.1.1.74.0 2009.11.27 -
Jiangmin 11.0.800 2009.11.27 -
K7AntiVirus 7.10.906 2009.11.27 -
Kaspersky 7.0.0.125 2009.11.27 -
McAfee 5814 2009.11.26 Suspect-02!F50B1E738E9C
McAfee+Artemis 5814 2009.11.26 Suspect-02!F50B1E738E9C
McAfee-GW-Edition 6.8.5 2009.11.27 Heuristic.LooksLike.Win32.Suspicious.K
Microsoft 1.5302 2009.11.27 -
NOD32 4642 2009.11.27 -
Norman 6.03.02 2009.11.27 -
nProtect 2009.1.8.0 2009.11.27 -
Panda 10.0.2.2 2009.11.27 -
PCTools 7.0.3.5 2009.11.27 -
Prevx 3.0 2009.11.27 -
Rising 22.23.04.09 2009.11.27 -
Sophos 4.48.0 2009.11.27 Sus/Behav-1021
Sunbelt 3.2.1858.2 2009.11.26 -
Symantec 1.4.4.12 2009.11.27 -
TheHacker 6.5.0.2.079 2009.11.26 -
TrendMicro 9.100.0.1001 2009.11.27 -
VBA32 3.12.12.0 2009.11.27 -
ViRobot 2009.11.27.2058 2009.11.27 -
VirusBuster 5.0.21.0 2009.11.27 -
Information additionnelle
File size: 798720 bytes
MD5...: f50b1e738e9c0f507c399805e733606e
SHA1..: f70a61d58fee6b8b2e44009b5ff74bbe6c935eb1
SHA256: 1664ffa4bb6736e3945c3ca239e3cec1f31749941f755031d2dae6408424a0e4
ssdeep: 12288:fvlpHrKa7KxOGNcfZqMPL0mLkwEqRYqonzJDFwVG/RoIEGpzK6FSkFvjm1
PRfPhP:Xlhe7bcqMj0kkwDqJxTR35pzvjcPKRi
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000
timedatestamp.....: 0x4b0b97f8 (Tue Nov 24 08:23:20 2009)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
0x1000 0x159000 0x5d200 8.00 a0a3bdae061fa0a7fb0b5a5e16035b09
0x15a000 0x41000 0x10200 8.00 7e681ec24fbc6ac58e021d4c2481a4cc
0x19b000 0x14000 0x4000 7.99 f776566a14ea3260c2f313521b0aa71c
0x1af000 0x2000 0x1000 7.96 8b1d5759fc7ac5e4d6bf779e4c8c0c12
.rsrc 0x1b1000 0x2000 0x400 4.31 5c989d1bbe7e489ad2f179d7fe1f7ef6
.data 0x1b3000 0x50000 0x4f800 7.93 e9c1b80d4e088719e37606eb9c81416f
.adata 0x203000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

( 7 imports )
> kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA
> ws2_32.dll: -
> user32.dll: MessageBoxA
> gdi32.dll: CreateCompatibleDC
> advapi32.dll: ReportEventA
> oleaut32.dll: VariantChangeTypeEx
> kernel32.dll: RaiseException

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: CFT Loader
original name: CFTMON.EXE
internal name: CFTMON
file version.: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
packers (Kaspersky): PE_Patch, ASProtect
packers (F-Prot): Aspack


Pour
our vérifier ensuite colle un scan en ligne de chez bitdefender
http://www.bitdefender.com/scan_fr/scan8/ie.html
ça ne veut pas ce lancer...
J'ai un message
This site web is not autorized to host this ActivX control.....

Il se lance pas
Message This web site is not autorized to host this ActiveX Control .....

Voici,
;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-11-28 06:44:06
PROTECTIONS: 1
MALWARE: 15
SUSPECTS: 10
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee VirusScan Enterprise 8.5.0.781 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\users\yannick\appdata\roaming\microsoft\windows\cookies\yannick@trafficmp[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\default\appdata\roaming\microsoft\windows\cookies\system@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\yannick\appdata\roaming\microsoft\windows\cookies\yannick@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\default\appdata\roaming\microsoft\windows\cookies\system@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\yannick\appdata\roaming\microsoft\windows\cookies\yannick@atdmt[4].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\yannick\appdata\roaming\microsoft\windows\cookies\yannick@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\yannick\appdata\roaming\microsoft\windows\cookies\yannick@atdmt[3].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\yannick\appdata\roaming\microsoft\windows\cookies\yannick@atdmt[7].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\yannick\appdata\roaming\microsoft\windows\cookies\yannick@atdmt[6].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\yannick\appdata\roaming\microsoft\windows\cookies\yannick@atdmt[5].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\yannick\appdata\roaming\microsoft\windows\cookies\yannick@atdmt[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No c:\users\yannick\appdata\roaming\microsoft\windows\cookies\yannick@tradedoubler[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No c:\users\default\appdata\roaming\microsoft\windows\cookies\system@tradedoubler[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\default\appdata\roaming\microsoft\windows\cookies\system@247realmedia[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\yannick\appdata\roaming\microsoft\windows\cookies\yannick@mediaplex[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\users\yannick\appdata\roaming\microsoft\windows\cookies\yannick@xiti[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\users\yannick\appdata\roaming\microsoft\windows\cookies\yannick@xiti[4].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\users\yannick\appdata\roaming\microsoft\windows\cookies\yannick@xiti[3].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\users\yannick\appdata\roaming\microsoft\windows\cookies\yannick@xiti[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\default\appdata\roaming\microsoft\windows\cookies\system@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\yannick\appdata\roaming\microsoft\windows\cookies\yannick@ad.yieldmanager[4].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\yannick\appdata\roaming\microsoft\windows\cookies\yannick@ad.yieldmanager[3].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\yannick\appdata\roaming\microsoft\windows\cookies\yannick@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\yannick\appdata\roaming\microsoft\windows\cookies\yannick@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\yannick\appdata\roaming\microsoft\windows\cookies\yannick@ad.yieldmanager[6].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\yannick\appdata\roaming\microsoft\windows\cookies\yannick@ad.yieldmanager[7].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\yannick\appdata\roaming\microsoft\windows\cookies\yannick@apmebf[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\yannick\appdata\roaming\microsoft\windows\cookies\yannick@serving-sys[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No c:\users\yannick\appdata\roaming\microsoft\windows\cookies\yannick@weborama[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No c:\users\default\appdata\roaming\microsoft\windows\cookies\system@weborama[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\users\yannick\appdata\roaming\microsoft\windows\cookies\yannick@adtech[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\users\default\appdata\roaming\microsoft\windows\cookies\system@adtech[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\users\yannick\appdata\roaming\microsoft\windows\cookies\yannick@adtech[3].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\users\yannick\appdata\roaming\microsoft\windows\cookies\yannick@adtech[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\yannick\appdata\roaming\microsoft\windows\cookies\yannick@advertising[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\default\appdata\roaming\microsoft\windows\cookies\system@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\yannick\appdata\roaming\microsoft\windows\cookies\yannick@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\yannick\appdata\roaming\microsoft\windows\cookies\yannick@zedo[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\yannick\appdata\roaming\microsoft\windows\cookies\yannick@zedo[3].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\yannick\appdata\roaming\microsoft\windows\cookies\yannick@zedo[4].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\yannick\appdata\roaming\microsoft\windows\cookies\yannick@zedo[6].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No c:\users\yannick\appdata\roaming\microsoft\windows\cookies\yannick@smartadserver[1].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No c:\windows\temp\cftmon.exe
No c:\programdata\wordpad\{88888888-8888-8888-8888-888888888888}\cftmon.exe
No c:\users\yannick\downloads\adobe photoshop cs3 extended + patch fr.rar[adobe photoshop cs3 extended + patch fr\patch fr\traduction_us-fr.exe]
No c:\users\yannick\downloads\smartpcsol_123spywarefree_free_fr.exe
No c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\krvhylhs\cftmon[1].exe
No m:\recycler\s-1-5-21-1311559992-872628681-2229712402-1005\df34.exe
No m:\sh\ipscan32_292.exe
No n:\sauve clé\toto\autododo.exe
No n:\sauve clé\vmware6\keygen.exe
No n:\sauve clé\wifi\crack\winaircrack.zip[winaircrackpack/winaircrack.exe]
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

Voici,

############################## | UsbFix V6.058 |

User : Yannick (Administrateurs) # YANNICK
Update on 26/11/2009 by Chiquitine29, C_XX & Chimay8
Start at: 12:03:44 | 29/11/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 7.0.6002.18005
Windows Firewall Status : Enabled
AV : McAfee VirusScan Enterprise 8.5.0.781 [ Enabled | Updated ]

C:\ -> Disque fixe local # 360,1 Go (208,11 Go free) [HDD] # NTFS
D:\ -> Disque amovible
E:\ -> Disque amovible
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque CD-ROM
I:\ -> Disque CD-ROM
J:\ -> Disque fixe local # 97,66 Go (52 Go free) [DATAS] # NTFS
N:\ -> Disque fixe local # 931,51 Go (406,25 Go free) # NTFS

############################## | Processus actifs |

C:\Windows\System32\smss.exe 428
C:\Windows\system32\csrss.exe 512
C:\Windows\system32\wininit.exe 564
C:\Windows\system32\csrss.exe 576
C:\Windows\system32\services.exe 612
C:\Windows\system32\lsass.exe 624
C:\Windows\system32\lsm.exe 632
C:\Windows\system32\winlogon.exe 676
C:\Windows\system32\svchost.exe 816
C:\Windows\system32\svchost.exe 888
C:\Windows\System32\svchost.exe 952
C:\Windows\System32\svchost.exe 1024
C:\Windows\System32\svchost.exe 1080
C:\Windows\system32\svchost.exe 1096
C:\Windows\system32\SLsvc.exe 1216
C:\Windows\system32\rundll32.exe 1296
C:\Windows\system32\svchost.exe 1316
C:\Windows\system32\svchost.exe 1460
C:\Windows\System32\spoolsv.exe 1732
C:\Windows\system32\svchost.exe 1760
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 288
C:\Program Files\Bonjour\mDNSResponder.exe 348
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe 436
C:\Program Files\McAfee\Common Framework\FrameworkService.exe 968
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe 1388
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe 1476
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe 1604
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe 1924
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe 1168
C:\Windows\system32\svchost.exe 2084
C:\Windows\system32\svchost.exe 2104
C:\Program Files\TeamViewer3\TeamViewer_Host.exe 2144
C:\Windows\System32\svchost.exe 2300
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 2332
C:\Windows\system32\SearchIndexer.exe 2356
C:\Windows\system32\WUDFHost.exe 2404
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe 2684
C:\Windows\system32\taskeng.exe 3452
C:\Windows\system32\svchost.exe 2708
C:\Program Files\Windows Media Player\wmpnetwk.exe 3016
C:\Windows\system32\Dwm.exe 3404
C:\Windows\system32\taskeng.exe 1260
C:\Windows\System32\rundll32.exe 3784
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe 1360
C:\Windows\system32\wbem\wmiprvse.exe 4160
C:\ProgramData\WordPad\{11111111-1111-1111-1111-111111111111}\cftmon.exe 4408
C:\Windows\explorer.exe 5132
C:\Program Files\Windows Media Player\wmpnscfg.exe 5716
C:\Windows\system32\wbem\unsecapp.exe 4168
C:\Program Files\Windows Live\Mail\wlmail.exe 4300
C:\Program Files\Mozilla Firefox\firefox.exe 6048
C:\Windows\system32\notepad.exe 3244
c:\program files\windows defender\MpCmdRun.exe 3428
C:\Windows\System32\mobsync.exe 4804
C:\Windows\system32\SearchProtocolHost.exe 5300
C:\Windows\system32\SearchFilterHost.exe 1576
C:\Windows\system32\wbem\wmiprvse.exe 2704

################## | Fichiers # Dossiers infectieux |


################## | Registre # Clés infectieuses |

[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"

################## | Registre # Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{605be6d7-16bb-11de-9a8e-001d7d532f00}
shell\AutoRun\command =L:\Programs\nu2menu\nu2menu.exe

HKCU\..\..\Explorer\MountPoints2\{690dc333-c963-11de-87b2-001d7d532f00}
shell\AutoRun\command =L:\setupSNK.exe

HKCU\..\..\Explorer\MountPoints2\{690dc336-c963-11de-87b2-001d7d532f00}
shell\AutoRun\command =M:\setupSNK.exe

HKCU\..\..\Explorer\MountPoints2\{69350e04-37dc-11dd-a580-001d7d532f00}
shell\AutoRun\command =I:\autorun.exe

HKCU\..\..\Explorer\MountPoints2\{6e4258f3-5ba5-11dd-bfe9-001d7d532f00}
shell\AutoRun\command =L:\Programs\nu2menu\nu2menu.exe

HKCU\..\..\Explorer\MountPoints2\{d0d339aa-398e-11de-879e-001d7d532f00}
shell\AutoRun\command =L:\setupSNK.exe

HKCU\..\..\Explorer\MountPoints2\{d0d339ac-398e-11de-879e-001d7d532f00}
shell\AutoRun\command =M:\setupSNK.exe

################## | Cracks / Keygens / Serials |

"C:\_OTM\MovedFiles\11292009_112423\n_sauve cl‚\vmware6\keygen.exe"
09/05/2007 10:52 |Size 260096 |Crc32 35212fdc |Md5 3b1935e07d84f5139f6df03058f4eadb

"N:\Sauve Cl‚\CNP\perso\pebuilder3110a\plugin\crack\chntpw.exe"
21/07/2004 17:55 |Size 203307 |Crc32 ca4c1f2d |Md5 0a839bbec1899863fb7f67585d9e66ec

"N:\Sauve Cl‚\CNP\perso\pebuilder3110a\plugin\crack\files\chntpw.exe"
21/07/2004 17:55 |Size 203307 |Crc32 ca4c1f2d |Md5 0a839bbec1899863fb7f67585d9e66ec

"N:\Sauve Cl‚\Wifi\Crack\etherchange.exe"
02/09/2008 06:56 |Size 40960 |Crc32 1d1c9b30 |Md5 42b6736e08d9a48220f2aa3abbd02af4

"N:\Sauve Cl‚\Wifi\Crack\wlandrv.exe"
02/09/2008 07:35 |Size 440320 |Crc32 5fc44b14 |Md5 82d13d38f5acfbfcb562eef2bf585409

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\aircrack_2.1_win32\802ether.exe"
01/10/2004 20:30 |Size 49152 |Crc32 e37c4297 |Md5 b1a7d178e06bf348aab7c4e402fe3545

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\aircrack_2.1_win32\aircrack.exe"
01/10/2004 20:30 |Size 57344 |Crc32 09d1bcca |Md5 4ddd32657561447b7913ad8a819570be

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\aircrack_2.1_win32\airodump.exe"
01/10/2004 20:30 |Size 57344 |Crc32 fe8f9cde |Md5 08de2de3e9ff1eb0953f9f98c6072600

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\aircrack_2.1_win32\wzcook.exe"
01/10/2004 20:30 |Size 40960 |Crc32 571980d8 |Md5 daa74db95eb93e7493884fcb71f90617

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\AiroPeek NX v2.02\airopeeknx202\Setup.exe"
07/06/2004 13:04 |Size 950272 |Crc32 4bc29dd8 |Md5 3f863cfbb0cd8f829940a41947a691e8

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\AiroPeek NX v2.02\airopeeknx202\AiroPeekNX\Setup.exe"
07/06/2004 13:04 |Size 73728 |Crc32 c17e6cfe |Md5 71e6dd8a9de4a9baf89fca951768059a

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\AiroPeek NX v2.02\airopeeknx202\AiroPeekNX\_ISDel.exe"
07/06/2004 13:04 |Size 27648 |Crc32 72a82089 |Md5 51161bf79f25ff278912005078ad93d5

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\AiroPeek NX v2.02\airopeeknx202\iNetTools\Setup.exe"
07/06/2004 13:04 |Size 71680 |Crc32 d3b40b34 |Md5 1e013f8d89f59ce39c7fa9bc8bd3a166

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\AiroPeek NX v2.02\airopeeknx202\iNetTools\_ISDel.exe"
07/06/2004 13:04 |Size 27648 |Crc32 c26dc85b |Md5 17b2090fb102634bd1324342933856d3

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\airsnort_0.2.6_win32\airsnort.exe"
22/09/2004 00:35 |Size 135226 |Crc32 01e3d4a2 |Md5 ee16765b4ab74f87bb4804d0016e82ff

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\airsnort_0.2.6_win32\bin\envsubst.exe"
10/01/2004 09:03 |Size 20480 |Crc32 3fb65315 |Md5 dc9e28b54d228c3cf73a094dde990b9b

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\airsnort_0.2.6_win32\bin\gettext.exe"
10/01/2004 09:03 |Size 20480 |Crc32 0d8567cd |Md5 4fbb6ca3e50df3e5119adcc7e6b86b0f

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\airsnort_0.2.6_win32\bin\gspawn-win32-helper.exe"
04/08/2004 21:25 |Size 23790 |Crc32 0ad4a382 |Md5 10b7aaa2adca431a39880952d931c2b6

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\airsnort_0.2.6_win32\bin\iconv.exe"
23/05/2003 18:45 |Size 16384 |Crc32 be97b23f |Md5 d09d2bd6d52f5dfd39f81399149dfa3a

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\airsnort_0.2.6_win32\bin\ngettext.exe"
10/01/2004 09:03 |Size 20480 |Crc32 4fe3797d |Md5 9021558115d76c31f9bab7028d638249

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\Wifi Drivers (Must Install)\Agere\WCAGS48.EXE"
22/09/2003 11:17 |Size 57344 |Crc32 de565cdb |Md5 d8121145b82cb05bdb564ef767fda0cd

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\Wifi Drivers (Must Install)\Agere\WCAGS48B.EXE"
22/09/2003 11:18 |Size 57344 |Crc32 9673a155 |Md5 e74ac9891d66f48befa890f830bce13a

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\Wifi Drivers (Must Install)\Agere\WCAGS48C.EXE"
22/09/2003 11:18 |Size 57344 |Crc32 00296e65 |Md5 f33ba3558d153a1caf819229d75a9194

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\Wifi Drivers (Must Install)\Agere\WCAGS48D.EXE"
22/09/2003 11:18 |Size 57344 |Crc32 c732f334 |Md5 3a94ea55b8008070de586fe46d07fcba

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\Wifi Drivers (Must Install)\Agere\WCAGS51.EXE"
22/09/2003 11:18 |Size 57344 |Crc32 7502bf80 |Md5 648650a0d090ae6f67cc205ec01d5675

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\Wifi Drivers (Must Install)\Agere\WCAGS51B.EXE"
22/09/2003 11:18 |Size 57344 |Crc32 e64fccd4 |Md5 0cd72974c78f0fecbde7eed72c6aac72

"N:\Sauve Cl‚\Wifi\Crack\WinAircrack.zip"
-> Contain : WinAircrackPack\airdecap.exe

"N:\Sauve Cl‚\Wifi\Crack\WinAircrack.zip"
-> Contain : WinAircrackPack\airodump.exe

"N:\Sauve Cl‚\Wifi\Crack\WinAircrack.zip"
-> Contain : WinAircrackPack\Updater.exe

"N:\Sauve Cl‚\Wifi\Crack\WinAircrack.zip"
-> Contain : WinAircrackPack\WinAircrack.exe

"N:\Sauve Cl‚\Wifi\Crack\WinAircrack.zip"
-> Contain : WinAircrackPack\wzcook.exe


################## | ! Fin du rapport # UsbFix V6.058 ! |

OTM


All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder c:\programdata\wordpad\{88888888-8888-8888-8888-888888888888­­}\cftmon.exe not found.
File/Folder c:\users\yannick\downloads\adobe photoshop cs3 extended + patch fr.rar[adobe photoshop cs3 extended + patch fr\patch fr\traduction_us-fr.exe] not found.
File/Folder c:\users\yannick\downloads\smartpcsol_123spywarefree_free_fr­­.exe not found.
File/Folder c:\windows\system32\config\systemprofile\appdata\local\micro­­soft\windows\temporary internet files\content.ie5\krvhylhs\cftmon[1].exe not found.
File/Folder m:\recycler\s-1-5-21-1311559992-872628681-2229712402-1005\df­­34.exe not found.
File/Folder m:\sh\ipscan32_292.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: SUPERVISEUR
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Yannick
->Temp folder emptied: 1555145 bytes
->Temporary Internet Files folder emptied: 2944711 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42750220 bytes
->Apple Safari cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 930141 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 831959 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 46,74 mb


OTM by OldTimer - Version 3.1.2.0 log created on 11292009_180436

Files moved on Reboot...
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File C:\Windows\temp\WFVCE.tmp not found!

Registry entries deleted on Reboot...

USB Fix opt 2



############################## | UsbFix V6.058 |

User : Yannick (Administrateurs) # YANNICK
Update on 26/11/2009 by Chiquitine29, C_XX & Chimay8
Start at: 17:49:57 | 29/11/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 7.0.6002.18005
Windows Firewall Status : Enabled
AV : McAfee VirusScan Enterprise 8.5.0.781 [ Enabled | Updated ]

C:\ -> Disque fixe local # 360,1 Go (213,9 Go free) [HDD] # NTFS
D:\ -> Disque amovible
E:\ -> Disque amovible
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque CD-ROM
I:\ -> Disque CD-ROM
J:\ -> Disque fixe local # 97,66 Go (52 Go free) [DATAS] # NTFS
N:\ -> Disque fixe local # 931,51 Go (406,25 Go free) # NTFS

############################## | Processus actifs |

C:\Windows\System32\smss.exe 424
C:\Windows\system32\csrss.exe 556
C:\Windows\system32\wininit.exe 608
C:\Windows\system32\csrss.exe 620
C:\Windows\system32\services.exe 656
C:\Windows\system32\lsass.exe 668
C:\Windows\system32\lsm.exe 680
C:\Windows\system32\winlogon.exe 792
C:\Windows\system32\svchost.exe 876
C:\Windows\system32\nvvsvc.exe 920
C:\Windows\system32\svchost.exe 948
C:\Windows\System32\svchost.exe 984
C:\Windows\System32\svchost.exe 1076
C:\Windows\System32\svchost.exe 1144
C:\Windows\system32\svchost.exe 1184
C:\Windows\system32\SLsvc.exe 1284
C:\Windows\system32\svchost.exe 1332
C:\Windows\system32\rundll32.exe 1396
C:\Windows\system32\svchost.exe 1560
C:\Windows\System32\spoolsv.exe 1776
C:\Windows\system32\svchost.exe 1800
C:\Windows\system32\Dwm.exe 932
C:\Windows\Explorer.EXE 1324
C:\Windows\system32\runonce.exe 1484
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1532
C:\Program Files\Bonjour\mDNSResponder.exe 1040
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe 1200
C:\Program Files\McAfee\Common Framework\FrameworkService.exe 1668
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe 2104
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe 2144
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe 2152
C:\Windows\system32\taskeng.exe 2196
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe 2312
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe 2376
C:\ProgramData\WordPad\{11111111-1111-1111-1111-111111111111}\cftmon.exe 2428
C:\Windows\system32\svchost.exe 2504
C:\Windows\system32\svchost.exe 2532
C:\Program Files\TeamViewer3\TeamViewer_Host.exe 2552
C:\Windows\System32\svchost.exe 2672
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 2700
C:\Windows\system32\SearchIndexer.exe 2748
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe 2960
C:\Windows\system32\WUDFHost.exe 2976
C:\Windows\system32\wbem\wmiprvse.exe 3460

################## | Fichiers # Dossiers infectieux |


################## | Registre # Clés infectieuses |

Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"

################## | Registre # Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{605be6d7-16bb-11de-9a8e-001d7d532f00}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{690dc333-c963-11de-87b2-001d7d532f00}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{690dc336-c963-11de-87b2-001d7d532f00}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{69350e04-37dc-11dd-a580-001d7d532f00}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{6e4258f3-5ba5-11dd-bfe9-001d7d532f00}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{d0d339aa-398e-11de-879e-001d7d532f00}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{d0d339ac-398e-11de-879e-001d7d532f00}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[22/10/2009 22:58|--a------|95353] C:\01.jpg
[23/10/2009 05:23|--a------|178133] C:\07.jpg
[29/11/2009 17:49|--a------|4] C:\1.txt
[05/11/2009 18:33|--a------|12994] C:\120x60.gif
[29/11/2009 11:59|--a------|54948] C:\15.jpg
[29/11/2009 12:00|--a------|1421] C:\9060.jpg
[18/09/2006 22:43|--a------|24] C:\autoexec.bat
[11/04/2009 07:36|-rahs----|333257] C:\bootmgr
[16/07/2007 13:05|-ra-s----|8192] C:\BOOTSECT.BAK
[25/10/2009 19:20|--a------|8316] C:\BouquetTV_Orange_v2.3.m3u
[26/11/2009 06:22|--a------|1174] C:\cleannavi.txt
[18/09/2006 22:43|--a------|10] C:\config.sys
[22/11/2009 21:05|--a------|9217174] C:\Cyril.Lignac.Les.Enfants.vont.se.Regaler.pdf
[21/11/2009 18:58|-ra------|69962015] C:\dat-5808.zip
[?|?|?] C:\hiberfil.sys
[05/09/2008 21:46|-rahs----|0] C:\IO.SYS
[05/09/2008 21:46|-rahs----|0] C:\MSDOS.SYS
[?|?|?] C:\pagefile.sys
[24/11/2009 19:04|--a------|27] C:\stinger1001688.opt
[03/11/2009 21:17|--a------|0] C:\test.mpeg
[25/10/2009 20:09|--a------|30533] C:\text.xspf
[29/11/2009 17:53|--a------|5086] C:\UsbFix.txt
[21/11/2009 11:22|--ahs----|4096] C:\VSNAP.IDX
[09/11/2009 09:20|--a------|733954048] C:\WOLVERINE.avi
[26/11/2009 18:05|--a--c---|3889524] J:\TOTO 26-11-2009 18-05-11.zip
[09/09/2009 05:44|--ahs----|4096] J:\VSNAP.IDX
[16/06/2009 17:37|--a------|117] N:\access_control.php
[04/04/2009 07:54|--a------|5973] N:\gylogo.gif
[04/04/2009 07:54|--a------|2878] N:\gyslogo.gif
[02/04/2009 13:17|--a------|54578] N:\postguest.php
[04/04/2009 07:54|--a------|126821] N:\T1.gif
[04/04/2009 07:54|--a------|807] N:\trans.gif
[04/04/2009 07:54|--a------|16243] N:\TTT.gif
[04/04/2009 07:55|--a------|33222] N:\tttt.gif

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix.
# J:\autorun.inf -> Dossier créé par UsbFix.
# N:\autorun.inf -> Dossier créé par UsbFix.

################## | Suspect | https://www.virustotal.com/gui/ |


################## | Cracks / Keygens / Serials |

"C:\_OTM\MovedFiles\11292009_112423\n_sauve cl‚\vmware6\keygen.exe"
09/05/2007 10:52 |Size 260096 |Crc32 35212fdc |Md5 3b1935e07d84f5139f6df03058f4eadb

"N:\Sauve Cl‚\CNP\perso\pebuilder3110a\plugin\crack\chntpw.exe"
21/07/2004 17:55 |Size 203307 |Crc32 ca4c1f2d |Md5 0a839bbec1899863fb7f67585d9e66ec

"N:\Sauve Cl‚\CNP\perso\pebuilder3110a\plugin\crack\files\chntpw.exe"
21/07/2004 17:55 |Size 203307 |Crc32 ca4c1f2d |Md5 0a839bbec1899863fb7f67585d9e66ec

"N:\Sauve Cl‚\Wifi\Crack\etherchange.exe"
02/09/2008 06:56 |Size 40960 |Crc32 1d1c9b30 |Md5 42b6736e08d9a48220f2aa3abbd02af4

"N:\Sauve Cl‚\Wifi\Crack\wlandrv.exe"
02/09/2008 07:35 |Size 440320 |Crc32 5fc44b14 |Md5 82d13d38f5acfbfcb562eef2bf585409

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\aircrack_2.1_win32\802ether.exe"
01/10/2004 20:30 |Size 49152 |Crc32 e37c4297 |Md5 b1a7d178e06bf348aab7c4e402fe3545

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\aircrack_2.1_win32\aircrack.exe"
01/10/2004 20:30 |Size 57344 |Crc32 09d1bcca |Md5 4ddd32657561447b7913ad8a819570be

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\aircrack_2.1_win32\airodump.exe"
01/10/2004 20:30 |Size 57344 |Crc32 fe8f9cde |Md5 08de2de3e9ff1eb0953f9f98c6072600

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\aircrack_2.1_win32\wzcook.exe"
01/10/2004 20:30 |Size 40960 |Crc32 571980d8 |Md5 daa74db95eb93e7493884fcb71f90617

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\AiroPeek NX v2.02\airopeeknx202\Setup.exe"
07/06/2004 13:04 |Size 950272 |Crc32 4bc29dd8 |Md5 3f863cfbb0cd8f829940a41947a691e8

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\AiroPeek NX v2.02\airopeeknx202\AiroPeekNX\Setup.exe"
07/06/2004 13:04 |Size 73728 |Crc32 c17e6cfe |Md5 71e6dd8a9de4a9baf89fca951768059a

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\AiroPeek NX v2.02\airopeeknx202\AiroPeekNX\_ISDel.exe"
07/06/2004 13:04 |Size 27648 |Crc32 72a82089 |Md5 51161bf79f25ff278912005078ad93d5

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\AiroPeek NX v2.02\airopeeknx202\iNetTools\Setup.exe"
07/06/2004 13:04 |Size 71680 |Crc32 d3b40b34 |Md5 1e013f8d89f59ce39c7fa9bc8bd3a166

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\AiroPeek NX v2.02\airopeeknx202\iNetTools\_ISDel.exe"
07/06/2004 13:04 |Size 27648 |Crc32 c26dc85b |Md5 17b2090fb102634bd1324342933856d3

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\airsnort_0.2.6_win32\airsnort.exe"
22/09/2004 00:35 |Size 135226 |Crc32 01e3d4a2 |Md5 ee16765b4ab74f87bb4804d0016e82ff

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\airsnort_0.2.6_win32\bin\envsubst.exe"
10/01/2004 09:03 |Size 20480 |Crc32 3fb65315 |Md5 dc9e28b54d228c3cf73a094dde990b9b

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\airsnort_0.2.6_win32\bin\gettext.exe"
10/01/2004 09:03 |Size 20480 |Crc32 0d8567cd |Md5 4fbb6ca3e50df3e5119adcc7e6b86b0f

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\airsnort_0.2.6_win32\bin\gspawn-win32-helper.exe"
04/08/2004 21:25 |Size 23790 |Crc32 0ad4a382 |Md5 10b7aaa2adca431a39880952d931c2b6

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\airsnort_0.2.6_win32\bin\iconv.exe"
23/05/2003 18:45 |Size 16384 |Crc32 be97b23f |Md5 d09d2bd6d52f5dfd39f81399149dfa3a

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\airsnort_0.2.6_win32\bin\ngettext.exe"
10/01/2004 09:03 |Size 20480 |Crc32 4fe3797d |Md5 9021558115d76c31f9bab7028d638249

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\Wifi Drivers (Must Install)\Agere\WCAGS48.EXE"
22/09/2003 11:17 |Size 57344 |Crc32 de565cdb |Md5 d8121145b82cb05bdb564ef767fda0cd

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\Wifi Drivers (Must Install)\Agere\WCAGS48B.EXE"
22/09/2003 11:18 |Size 57344 |Crc32 9673a155 |Md5 e74ac9891d66f48befa890f830bce13a

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\Wifi Drivers (Must Install)\Agere\WCAGS48C.EXE"
22/09/2003 11:18 |Size 57344 |Crc32 00296e65 |Md5 f33ba3558d153a1caf819229d75a9194

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\Wifi Drivers (Must Install)\Agere\WCAGS48D.EXE"
22/09/2003 11:18 |Size 57344 |Crc32 c732f334 |Md5 3a94ea55b8008070de586fe46d07fcba

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\Wifi Drivers (Must Install)\Agere\WCAGS51.EXE"
22/09/2003 11:18 |Size 57344 |Crc32 7502bf80 |Md5 648650a0d090ae6f67cc205ec01d5675

"N:\Sauve Cl‚\Wifi\Crack\Windows Wifi Collection - aircrack airsnort airopeek\Wifi Drivers (Must Install)\Agere\WCAGS51B.EXE"
22/09/2003 11:18 |Size 57344 |Crc32 e64fccd4 |Md5 0cd72974c78f0fecbde7eed72c6aac72

"N:\Sauve Cl‚\Wifi\Crack\WinAircrack.zip"
-> Contain : WinAircrackPack\airdecap.exe

"N:\Sauve Cl‚\Wifi\Crack\WinAircrack.zip"
-> Contain : WinAircrackPack\airodump.exe

"N:\Sauve Cl‚\Wifi\Crack\WinAircrack.zip"
-> Contain : WinAircrackPack\Updater.exe

"N:\Sauve Cl‚\Wifi\Crack\WinAircrack.zip"
-> Contain : WinAircrackPack\WinAircrack.exe

"N:\Sauve Cl‚\Wifi\Crack\WinAircrack.zip"
-> Contain : WinAircrackPack\wzcook.exe


################## | ! Fin du rapport # UsbFix V6.058 ! |

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\cleannavi.txt: trouvé !
C:\UsbFix.txt: trouvé !
C:\FixWareOut: trouvé !
C:\_OTM: trouvé !
C:\UsbFix: trouvé !
C:\Rsit: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\Program Files\trend micro\HijackThis.exe: trouvé !
C:\Program Files\trend micro\hijackthis.log: trouvé !
C:\Users\Yannick\AppData\Roaming\Microsoft\Windows\Recent\UsbFix.lnk: trouvé !
C:\Users\Yannick\Downloads\OTM.exe: trouvé !
C:\Users\Yannick\Downloads\Navilog1.exe: trouvé !
C:\Users\Yannick\Downloads\HijackThis.exe: trouvé !
C:\Users\Yannick\Downloads\UsbFix.exe: trouvé !
C:\Users\Yannick\Downloads\Rsit.exe: trouvé !
C:\Windows\Gmer.exe: trouvé !

---------------------------------
--> Suppression:

C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\Program Files\trend micro\HijackThis.exe: supprimé !
C:\Users\Yannick\Downloads\OTM.exe: supprimé !
C:\Users\Yannick\Downloads\Navilog1.exe: supprimé !
C:\Users\Yannick\Downloads\HijackThis.exe: supprimé !
C:\Windows\Gmer.exe: supprimé !
C:\cleannavi.txt: supprimé !
C:\UsbFix.txt: supprimé !
C:\Program Files\trend micro\hijackthis.log: supprimé !
C:\Users\Yannick\AppData\Roaming\Microsoft\Windows\Recent\UsbFix.lnk: supprimé !
C:\Users\Yannick\Downloads\UsbFix.exe: supprimé !
C:\Users\Yannick\Downloads\Rsit.exe: supprimé !
C:\FixWareOut: supprimé !
C:\_OTM: supprimé !
C:\UsbFix: supprimé !
C:\Rsit: supprimé !
C:\Program Files\Navilog1: supprimé !


et


Logfile of random's system information tool 1.06 (written by random/random)
Run by Yannick at 2009-11-29 20:28:00
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 219 GB (59%) free of 369 GB
Total RAM: 3071 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:28:31, on 29/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Yannick\AppData\Local\Apps\2.0\4CAH6M4Z.79P\HERG679A.N0A\curs..tion_eee711038731a406_0004.0000_10385b9745e33e88\CurseClient.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe
C:\Users\Yannick\AppData\Local\Temp\~e5d141.tmp
C:\Users\Yannick\AppData\Local\Temp\~e5d141.tmp
C:\Windows\explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Yannick\Downloads\RSIT.exe
C:\Program Files\trend micro\Yannick.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: interdescargas-FR Toolbar - {31c322dc-5878-452e-a2d8-c4aab9973c9a} - C:\Program Files\interdescargas-FR\tbinte.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: interdescargas-FR Toolbar - {31c322dc-5878-452e-a2d8-c4aab9973c9a} - C:\Program Files\interdescargas-FR\tbinte.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: SafeIE Utility - {B5D4581D-ED6A-4905-A267-25BAF7BE79C1} - C:\Windows\system32\safeie.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [cftmon645] "C:\ProgramData\WordPad\{88888888-8888-8888-8888-888888888888}\cftmon.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: CurseClientStartup.ccip
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download all by WellGet - C:\Program Files\WellGet\nxall.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download by &WellGet - C:\Program Files\WellGet\nxcatch.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: WellGet - {35980F6E-A258-4E50-953D-813BB8556899} - C:\Program Files\WellGet\WellGet.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{728DD995-24EF-46AA-8C86-09C87E1FDDF6}: NameServer = 81.253.149.9,80.10.246.132
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Host.exe

Voici,

ComboFix 09-11-29.06 - Yannick 30/11/2009 17:54.1.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3071.1752 [GMT 1:00]
Lancé depuis: c:\users\Yannick\Downloads\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Yannick\AppData\Roaming\.#
c:\windows\patchw32.dll
c:\windows\pw32a.dll
c:\windows\system32\ealregsnapshot1.reg
c:\windows\system32\ndisapi.dll
c:\windows\system32\twain_32.dll
c:\windows\system32\wdbtnmgr .exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-10-28 au 2009-11-30 ))))))))))))))))))))))))))))))))))))
.

2009-11-30 17:11 . 2009-11-26 05:17 798720 ----a-w- c:\programdata\WordPad\{DDDDDDDD-DDDD-DDDD-DDDD-DDDDDDDDDDDD}\cftmon.exe
2009-11-30 17:07 . 2009-11-30 17:12 -------- d-----w- c:\users\Yannick\AppData\Local\temp
2009-11-29 19:28 . 2009-11-29 19:28 -------- d-----w- C:\rsit
2009-11-29 17:10 . 2009-11-26 05:17 798720 ----a-w- c:\programdata\WordPad\{CCCCCCCC-CCCC-CCCC-CCCC-CCCCCCCCCCCC}\cftmon.exe
2009-11-28 11:36 . 2009-11-26 05:17 798720 ----a-w- c:\programdata\WordPad\{11111111-1111-1111-1111-111111111111}\cftmon.exe
2009-11-28 07:19 . 2009-11-28 07:19 -------- d-----w- c:\users\Yannick\dwhelper
2009-11-28 07:17 . 2009-11-28 07:17 4096 d-----w- c:\program files\Flash Player Pro
2009-11-28 06:25 . 2009-11-28 06:25 -------- d-----w- c:\program files\ESET
2009-11-27 20:19 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-11-27 20:17 . 2009-11-27 20:17 -------- d-----w- c:\program files\Panda Security
2009-11-26 22:57 . 2009-11-26 23:08 4096 d-----w- c:\program files\WellGet
2009-11-26 19:02 . 2009-11-26 19:02 -------- d-----w- c:\users\Yannick\AppData\Local\Apps
2009-11-26 19:02 . 2009-11-30 17:00 -------- d-----w- c:\users\Yannick\AppData\Local\Deployment
2009-11-26 05:17 . 2009-11-26 05:17 798720 ----a-w- c:\programdata\WordPad\{88888888-8888-8888-8888-888888888888}\cftmon.exe
2009-11-25 21:21 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 20:45 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 20:45 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-25 19:44 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-25 19:44 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-25 19:44 . 2009-11-25 19:45 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-25 19:25 . 2006-11-30 07:50 64360 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2009-11-25 19:25 . 2006-11-30 07:50 52136 ----a-w- c:\windows\system32\drivers\mfetdik.sys
2009-11-25 19:24 . 2009-11-29 19:28 -------- d-----w- c:\program files\trend micro
2009-11-24 21:03 . 2009-11-27 19:28 4096 d-----w- c:\windows\BDOSCAN8
2009-11-24 17:25 . 2009-11-24 17:25 -------- d-----w- c:\users\SUPERVISEUR\AppData\Local\Google
2009-11-23 21:28 . 2009-11-23 21:28 4096 d-----w- C:\Windows AIK - Copie
2009-11-23 19:54 . 2009-11-23 21:27 4096 d-----w- C:\Windows AIK
2009-11-23 18:49 . 2009-11-23 21:32 -------- d-----w- C:\winbe4
2009-11-23 18:43 . 2009-11-23 19:48 -------- d-----w- C:\winbe2
2009-11-23 18:19 . 2009-11-23 18:20 -------- d-----w- C:\Source
2009-11-23 17:45 . 2009-11-23 20:20 -------- d-----w- C:\winbe
2009-11-21 17:59 . 2009-11-21 18:00 -------- d-----w- C:\DAT
2009-11-21 17:59 . 2009-11-21 17:58 69962015 ----a-r- C:\dat-5808.zip
2009-11-21 17:49 . 2009-11-21 17:49 -------- d-----w- c:\users\SUPERVISEUR\AppData\Roaming\PeerNetworking
2009-11-21 17:49 . 2009-11-21 17:49 -------- d-----w- c:\users\SUPERVISEUR\AppData\Roaming\Shareaza
2009-11-21 17:49 . 2009-11-21 17:49 -------- d-----w- c:\users\SUPERVISEUR\AppData\Local\Shareaza
2009-11-21 17:49 . 2009-11-21 17:49 -------- d-----w- c:\users\SUPERVISEUR\AppData\Local\Mozilla
2009-11-21 17:48 . 2009-11-21 17:48 -------- d-----w- c:\users\SUPERVISEUR\AppData\Roaming\Logitech
2009-11-18 20:38 . 2009-11-18 20:38 -------- d-----w- C:\sons
2009-11-18 19:35 . 2009-11-25 19:26 -------- d-----w- c:\program files\McAfee
2009-11-18 19:35 . 2009-11-18 19:35 -------- d-----w- c:\program files\Common Files\McAfee
2009-11-17 16:32 . 2009-11-17 16:32 -------- d-----w- c:\users\Default\AppData\Local\Google
2009-11-17 02:26 . 2009-11-17 02:26 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-17 02:07 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-17 02:07 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-17 02:07 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-17 02:05 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-11-17 02:05 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-11-17 02:05 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-11-17 02:05 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-11-17 02:05 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-11-17 02:05 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-11-17 02:05 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-11-17 02:05 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-11-17 02:05 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-11-17 02:05 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-11-17 02:05 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-11-17 02:05 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-11-17 02:02 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-17 02:01 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-17 02:01 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-16 05:13 . 2009-11-16 05:14 -------- d-----w- c:\users\Yannick\AppData\Roaming\dvdcss
2009-11-14 10:29 . 2009-11-14 10:45 4096 d-----w- c:\program files\EasyPHP 3.0
2009-11-12 20:35 . 2009-11-12 20:35 -------- d-----w- C:\blog2
2009-11-12 17:31 . 2009-11-12 17:31 -------- d-----w- C:\blog
2009-11-10 23:26 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-10 23:26 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-05 17:56 . 2009-11-13 23:43 -------- d-----w- C:\tgp
2009-11-03 19:37 . 2009-11-03 19:37 -------- d-----w- c:\program files\CoreAVC Pro
2009-11-03 19:22 . 2009-11-28 12:55 -------- d-----w- c:\users\Yannick\AppData\Roaming\vlc

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-30 17:11 . 2009-10-07 08:58 4096 d-----w- c:\programdata\WordPad
2009-11-28 11:29 . 2009-07-20 16:39 8192 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-28 07:41 . 2008-06-03 08:56 101496 ----a-w- c:\users\Yannick\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-28 06:15 . 2008-06-30 17:21 4096 d-----w- c:\users\Yannick\AppData\Roaming\CoreFTP
2009-11-26 19:07 . 2007-07-16 03:33 4096 d-----w- c:\program files\Roxio
2009-11-26 19:07 . 2007-07-16 03:33 4096 d-----w- c:\program files\Common Files\Roxio Shared
2009-11-26 19:06 . 2007-07-16 03:33 -------- d-----w- c:\programdata\Roxio
2009-11-26 18:00 . 2009-07-20 16:39 4096 d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-26 17:57 . 2007-07-16 03:21 8192 d--h--w- c:\program files\InstallShield Installation Information
2009-11-25 21:25 . 2008-08-22 18:51 4096 d-----w- c:\program files\Curse
2009-11-25 19:26 . 2007-07-16 12:09 681474 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-25 19:26 . 2007-07-16 12:09 128676 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-25 18:58 . 2008-11-26 17:39 4096 d-----w- c:\users\Yannick\AppData\Roaming\Notepad++
2009-11-25 18:58 . 2009-10-25 17:43 4096 d-----w- c:\program files\interdescargas-FR
2009-11-25 18:56 . 2009-10-25 17:43 -------- d-----w- c:\program files\Conduit
2009-11-20 07:24 . 2009-02-24 17:28 4096 d-----w- c:\program files\LG Electronics
2009-11-20 05:18 . 2007-07-16 03:21 4096 d-----w- c:\program files\Packard Bell
2009-11-18 20:40 . 2007-07-16 03:21 -------- d-----w- c:\program files\Realtek
2009-11-18 19:37 . 2008-06-04 10:12 4096 d-----w- c:\programdata\McAfee
2009-11-18 19:06 . 2007-07-16 03:15 -------- d-----w- c:\programdata\NVIDIA
2009-11-17 02:26 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 02:24 . 2009-11-17 02:24 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-15 22:08 . 2007-07-16 03:34 4096 d-----w- c:\program files\Google
2009-11-15 10:32 . 2008-11-26 17:39 4096 d-----w- c:\program files\Notepad++
2009-11-11 02:22 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-11 02:07 . 2007-07-16 03:40 24576 d-----w- c:\programdata\Microsoft Help
2009-11-09 19:06 . 2008-06-16 19:41 4096 d-----w- c:\program files\Java
2009-11-02 19:42 . 2009-10-03 10:01 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-01 09:40 . 2009-03-23 19:22 -------- d-----w- c:\users\Yannick\AppData\Roaming\DivX
2009-10-25 17:46 . 2009-10-25 17:46 -------- d-----w- c:\program files\VideoLAN
2009-10-24 16:12 . 2009-02-24 18:16 8192 d-----w- c:\program files\DivX
2009-10-24 16:11 . 2009-10-24 16:11 4096 d-----w- c:\program files\Common Files\DivX Shared
2009-10-24 11:16 . 2009-10-24 11:16 -------- d-----w- c:\program files\SiteAdvisor
2009-10-24 06:19 . 2009-10-24 06:19 -------- d-----w- c:\program files\Garmin GPS Plugin
2009-10-22 04:09 . 2009-10-22 04:09 253320 ----a-w- c:\users\Yannick\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlui.dll
2009-10-17 04:47 . 2008-07-13 21:43 49152 d-----w- c:\program files\LogMeIn
2009-10-14 19:33 . 2009-09-16 16:11 -------- d-----w- c:\programdata\eMule
2009-10-14 19:33 . 2009-09-16 16:10 4096 d-----w- c:\program files\eMule
2009-10-14 18:45 . 2008-11-25 21:43 4096 d-----w- c:\program files\EasyPHP 2.0b1
2009-10-11 20:05 . 2009-10-11 20:05 -------- d-----w- c:\program files\NCsoft2
2009-10-11 20:04 . 2009-10-11 18:39 -------- d-----w- c:\program files\NCsoft
2009-10-11 17:34 . 2009-10-11 17:34 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-10-11 13:52 . 2009-10-11 13:52 -------- d-----w- c:\program files\Common Files\Windows Live
2009-10-11 13:50 . 2009-10-11 13:50 -------- d-----w- c:\program files\Microsoft
2009-10-11 03:17 . 2008-12-03 19:15 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-08 04:20 . 2009-10-08 04:20 -------- d-----w- c:\programdata\SiteAdvisor
2009-10-07 10:12 . 2009-10-07 10:12 -------- d-----w- c:\programdata\WindowsSearch
2009-10-07 08:58 . 2009-10-07 08:58 797696 ------w- c:\programdata\WordPad\{3BB29DB4-C96E-F7DD-3F1E-64DAC58A5D72}\cftmon.exe
2009-10-05 19:55 . 2009-10-05 19:54 4096 d-----w- c:\program files\iTunes
2009-10-05 19:55 . 2009-10-05 19:54 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-05 19:54 . 2009-10-05 19:54 -------- d-----w- c:\program files\iPod
2009-10-05 19:54 . 2008-09-23 17:16 -------- d-----w- c:\program files\Common Files\Apple
2009-10-05 19:54 . 2009-10-05 19:27 -------- d-----w- c:\programdata\Apple Computer
2009-10-05 19:38 . 2009-10-05 19:38 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-10-05 19:27 . 2009-10-05 19:27 4096 d-----w- c:\program files\QuickTime
2009-10-03 04:48 . 2008-07-13 21:43 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-10-03 04:48 . 2008-07-13 21:43 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-10-03 04:48 . 2008-07-13 21:43 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-09-25 16:41 . 2009-09-25 16:41 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-25 02:10 . 2009-11-17 02:06 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-17 02:06 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-17 02:06 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-17 02:06 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-17 02:06 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-17 02:06 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-17 02:06 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-17 02:06 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-17 02:06 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-17 02:06 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-17 02:06 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-17 02:06 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-17 02:06 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-17 02:06 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-17 02:06 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-17 02:06 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-17 02:06 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-17 02:06 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-17 02:06 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-11-17 02:06 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-11-17 02:06 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-17 02:06 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-17 02:06 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-17 02:06 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-17 02:06 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-17 02:06 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-17 02:06 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-16 08:22 . 2009-10-24 11:12 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 08:22 . 2009-10-24 11:12 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 08:22 . 2009-10-24 11:12 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 08:22 . 2009-09-16 08:22 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 08:22 . 2009-10-24 11:10 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-14 09:29 . 2009-10-16 10:01 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 16:48 . 2009-10-16 10:04 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 14:59 . 2009-10-27 20:38 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2007-07-16 03:35 . 2007-07-16 03:35 157184 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2007-07-16 12:55 . 2007-07-16 12:16 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
[code]<pre>
c:\program files\Adobe\Reader 8.0\Reader\reader_sl .exe
c:\program files\Common Files\Adobe\CS4ServiceManager\cs4servicemanager .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\roxwatchtray9 .exe
c:\program files\Curse\curseclient .exe
c:\program files\Google\Google Desktop Search\googledesktop .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\McAfee\Common Framework\udaterui .exe
c:\program files\McAfee\VirusScan Enterprise\shstat .exe
c:\program files\Norton Ghost\Agent\vprotray .exe
c:\program files\Packard Bell\GOOGLE_EULA\eulalauncher .exe
c:\program files\Packard Bell\SetUpMyPC\smpsys .exe
c:\program files\Spybot - Search & Destroy\teatimer .exe
c:\program files\Western Digital\WD Drive Manager\wdbtnmgrui .exe
c:\windows\WindowsMobile\wmdsync .exe
</pre>/code

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{31c322dc-5878-452e-a2d8-c4aab9973c9a}"= "c:\program files\interdescargas-FR\tbinte.dll" [2009-10-01 2166296]

[HKEY_CLASSES_ROOT\clsid\{31c322dc-5878-452e-a2d8-c4aab9973c9a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c322dc-5878-452e-a2d8-c4aab9973c9a}]
2009-10-01 16:29 2166296 ----a-w- c:\program files\interdescargas-FR\tbinte.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"CurseClient"="c:\program files\Curse\CurseClient.exe" [N/A]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"PlayNC Launcher"="" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [N/A]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [N/A]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [N/A]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [N/A]
"Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [N/A]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [N/A]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [N/A]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [N/A]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"cftmon645"="c:\programdata\WordPad\{88888888-8888-8888-8888-888888888888}\cftmon.exe" [2009-11-26 798720]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-05-10 4468736]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-05-07 1826816]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
"WD Button Manager"="WDBtnMgr.exe" [N/A]

c:\users\Yannick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2009-11-26 0]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-9 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):87,1e,c2,1a,de,f0,c9,01

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [27/11/2009 21:19 28552]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [28/02/2008 14:31 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\System32\drivers\LMIRfsDriver.sys [13/07/2008 22:43 47640]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\programdata\WordPad\{CCCCCCCC-CCCC-CCCC-CCCC-CCCCCCCCCCCC}\cftmon.exe [29/11/2009 18:10 798720]
R2 TeamViewer;TeamViewer 3;c:\program files\TeamViewer3\TeamViewer_Host.exe [16/07/2008 12:50 181544]
S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [10/06/2008 19:05 21504]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr73.sys [11/05/2007 16:40 329728]
S3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [20/12/2007 16:13 1558000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'

2009-11-30 c:\windows\Tasks\Extension de garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2007-07-16 16:38]
.
.
------- Examen supplémentaire -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download all by WellGet - c:\program files\WellGet\nxall.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download by &WellGet - c:\program files\WellGet\nxcatch.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{35980F6E-A258-4E50-953D-813BB8556899} - c:\program files\WellGet\WellGet.exe
TCP: {728DD995-24EF-46AA-8C86-09C87E1FDDF6} = 81.253.149.9,80.10.246.132
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll
FF - ProfilePath - c:\users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\24ev9db8.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npornap.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHELINS SUPPRIMES - - - -

SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-NVIDIA Drivers - c:\windows\system32\nvuninst.exe UninstallGUI
AddRemove-PDFCreator Toolbar - c:\windows\PDFCreator_Toolbar_Uninstaller_3774.exe _?=c:\program files\PDFCreator Toolbar
AddRemove-PE Builder_is1 - c:\pebuilder3110a\unins000.exe
AddRemove-Live Search - c:\users\Yannick\AppData\Roaming\Microsoft\Live Search\Suppression-Live-Search.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-30 18:11
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-3433918814-1198598235-3678687002-1002\Software\SecuROM\License information*]
"datasecu"=hex:20,3a,f3,a5,99,de,64,13,3c,99,03,29,6d,ed,40,6c,42,fc,aa,4e,0e,
51,ea,b6,19,50,3f,91,0a,6b,19,b3,cd,ae,59,b9,85,c1,19,87,1b,92,8a,33,59,e6,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(472)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\programdata\WordPad\{11111111-1111-1111-1111-111111111111}\cftmon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\programdata\WordPad\{DDDDDDDD-DDDD-DDDD-DDDD-DDDDDDDDDDDD}\cftmon.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Windows Media Player\wmplayer.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Heure de fin: 2009-11-30 18:20 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-11-30 17:20

Avant-CF: 225 451 364 352 octets libres
Après-CF: 225 565 085 696 octets libres

- - End Of File - - A9969F9684C09ACED59C869FCC880242

Dans WordPad\{DDDDDDDD-DDDD-­DDDD-DDDD-DDDDDDDDDDDD}\


Fichier cftmon.exe reçu le 2009.11.30 17:43:49 (UTC)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 17/41 (41.47%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 2.
L'heure estimée de démarrage est entre 50 et 71 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.43 2009.11.30 Trojan.Win32.Scar!IK
AhnLab-V3 5.0.0.2 2009.11.30 -
AntiVir 7.9.1.79 2009.11.30 -
Antiy-AVL 2.0.3.7 2009.11.30 -
Authentium 5.2.0.5 2009.11.30 -
Avast 4.8.1351.0 2009.11.30 -
AVG 8.5.0.426 2009.11.30 SHeur2.BVER
BitDefender 7.2 2009.11.30 Gen:Trojan.Heur.WC0auq@zmYni
CAT-QuickHeal 10.00 2009.11.30 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.11.30 PUA.Packed.ASPack212
Comodo 3091 2009.11.30 Heur.Suspicious
DrWeb 5.0.0.12182 2009.11.30 -
eSafe 7.0.17.0 2009.11.30 Win32.Suspect
eTrust-Vet 35.1.7148 2009.11.30 -
F-Prot 4.5.1.85 2009.11.30 -
F-Secure 9.0.15370.0 2009.11.29 -
Fortinet 4.0.14.0 2009.11.30 W32/Scar.ATSW!tr
GData 19 2009.11.30 Gen:Trojan.Heur.WC0auq@zmYni
Ikarus T3.1.1.74.0 2009.11.30 Trojan.Win32.Scar
Jiangmin 11.0.800 2009.11.29 -
K7AntiVirus 7.10.906 2009.11.27 -
Kaspersky 7.0.0.125 2009.11.30 Trojan.Win32.Scar.atsw
McAfee 5818 2009.11.30 Suspect-02!F50B1E738E9C
McAfee+Artemis 5818 2009.11.30 Suspect-02!F50B1E738E9C
McAfee-GW-Edition 6.8.5 2009.11.30 Heuristic.LooksLike.Win32.Suspicious.K
Microsoft 1.5302 2009.11.30 -
NOD32 4650 2009.11.30 -
Norman 6.03.02 2009.11.30 -
nProtect 2009.1.8.0 2009.11.28 -
Panda 10.0.2.2 2009.11.30 Suspicious file
PCTools 7.0.3.5 2009.11.30 -
Prevx 3.0 2009.11.30 -
Rising 22.24.00.09 2009.11.30 -
Sophos 4.48.0 2009.11.30 Sus/Behav-1021
Sunbelt 3.2.1858.2 2009.11.29 Trojan.Win32.Generic!BT
Symantec 1.4.4.12 2009.11.30 -
TheHacker 6.5.0.2.081 2009.11.28 -
TrendMicro 9.100.0.1001 2009.11.30 -
VBA32 3.12.12.0 2009.11.30 -
ViRobot 2009.11.30.2062 2009.11.30 -
VirusBuster 5.0.21.0 2009.11.30 -
Information additionnelle
File size: 798720 bytes
MD5...: f50b1e738e9c0f507c399805e733606e
SHA1..: f70a61d58fee6b8b2e44009b5ff74bbe6c935eb1
SHA256: 1664ffa4bb6736e3945c3ca239e3cec1f31749941f755031d2dae6408424a0e4
ssdeep: 12288:fvlpHrKa7KxOGNcfZqMPL0mLkwEqRYqonzJDFwVG/RoIEGpzK6FSkFvjm1
PRfPhP:Xlhe7bcqMj0kkwDqJxTR35pzvjcPKRi
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000
timedatestamp.....: 0x4b0b97f8 (Tue Nov 24 08:23:20 2009)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
0x1000 0x159000 0x5d200 8.00 a0a3bdae061fa0a7fb0b5a5e16035b09
0x15a000 0x41000 0x10200 8.00 7e681ec24fbc6ac58e021d4c2481a4cc
0x19b000 0x14000 0x4000 7.99 f776566a14ea3260c2f313521b0aa71c
0x1af000 0x2000 0x1000 7.96 8b1d5759fc7ac5e4d6bf779e4c8c0c12
.rsrc 0x1b1000 0x2000 0x400 4.31 5c989d1bbe7e489ad2f179d7fe1f7ef6
.data 0x1b3000 0x50000 0x4f800 7.93 e9c1b80d4e088719e37606eb9c81416f
.adata 0x203000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

( 7 imports )
> kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA
> ws2_32.dll: -
> user32.dll: MessageBoxA
> gdi32.dll: CreateCompatibleDC
> advapi32.dll: ReportEventA
> oleaut32.dll: VariantChangeTypeEx
> kernel32.dll: RaiseException

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: CFT Loader
original name: CFTMON.EXE
internal name: CFTMON
file version.: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
packers (F-Prot): Aspack




Dans WordPad\{CCCCCCCC-CCCC-­CCCC-CCCC-CCCCCCCCCCCC}\



Fichier cftmon.exe reçu le 2009.11.30 17:52:31 (UTC)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 18/41 (43.91%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 9.
L'heure estimée de démarrage est entre 90 et 128 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.43 2009.11.30 Trojan.Win32.Scar!IK
AhnLab-V3 5.0.0.2 2009.11.30 -
AntiVir 7.9.1.79 2009.11.30 -
Antiy-AVL 2.0.3.7 2009.11.30 -
Authentium 5.2.0.5 2009.11.30 -
Avast 4.8.1351.0 2009.11.30 -
AVG 8.5.0.426 2009.11.30 SHeur2.BVER
BitDefender 7.2 2009.11.30 Gen:Trojan.Heur.WC0auq@zmYni
CAT-QuickHeal 10.00 2009.11.30 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.11.30 PUA.Packed.ASPack212
Comodo 3091 2009.11.30 Heur.Suspicious
DrWeb 5.0.0.12182 2009.11.30 -
eSafe 7.0.17.0 2009.11.30 Win32.Suspect
eTrust-Vet 35.1.7148 2009.11.30 -
F-Prot 4.5.1.85 2009.11.30 -
F-Secure 9.0.15370.0 2009.11.29 Gen:Trojan.Heur.WC0auq@zmYni
Fortinet 4.0.14.0 2009.11.30 W32/Scar.ATSW!tr
GData 19 2009.11.30 Gen:Trojan.Heur.WC0auq@zmYni
Ikarus T3.1.1.74.0 2009.11.30 Trojan.Win32.Scar
Jiangmin 11.0.800 2009.11.29 -
K7AntiVirus 7.10.906 2009.11.27 -
Kaspersky 7.0.0.125 2009.11.30 Trojan.Win32.Scar.atsw
McAfee 5818 2009.11.30 Suspect-02!F50B1E738E9C
McAfee+Artemis 5818 2009.11.30 Suspect-02!F50B1E738E9C
McAfee-GW-Edition 6.8.5 2009.11.30 Heuristic.LooksLike.Win32.Suspicious.K
Microsoft 1.5302 2009.11.30 -
NOD32 4650 2009.11.30 -
Norman 6.03.02 2009.11.30 -
nProtect 2009.1.8.0 2009.11.28 -
Panda 10.0.2.2 2009.11.30 Suspicious file
PCTools 7.0.3.5 2009.11.30 -
Prevx 3.0 2009.11.30 -
Rising 22.24.00.09 2009.11.30 -
Sophos 4.48.0 2009.11.30 Sus/Behav-1021
Sunbelt 3.2.1858.2 2009.11.29 Trojan.Win32.Generic!BT
Symantec 1.4.4.12 2009.11.30 -
TheHacker 6.5.0.2.082 2009.11.30 -
TrendMicro 9.100.0.1001 2009.11.30 -
VBA32 3.12.12.0 2009.11.30 -
ViRobot 2009.11.30.2062 2009.11.30 -
VirusBuster 5.0.21.0 2009.11.30 -
Information additionnelle
File size: 798720 bytes
MD5...: f50b1e738e9c0f507c399805e733606e
SHA1..: f70a61d58fee6b8b2e44009b5ff74bbe6c935eb1
SHA256: 1664ffa4bb6736e3945c3ca239e3cec1f31749941f755031d2dae6408424a0e4
ssdeep: 12288:fvlpHrKa7KxOGNcfZqMPL0mLkwEqRYqonzJDFwVG/RoIEGpzK6FSkFvjm1
PRfPhP:Xlhe7bcqMj0kkwDqJxTR35pzvjcPKRi
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000
timedatestamp.....: 0x4b0b97f8 (Tue Nov 24 08:23:20 2009)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
0x1000 0x159000 0x5d200 8.00 a0a3bdae061fa0a7fb0b5a5e16035b09
0x15a000 0x41000 0x10200 8.00 7e681ec24fbc6ac58e021d4c2481a4cc
0x19b000 0x14000 0x4000 7.99 f776566a14ea3260c2f313521b0aa71c
0x1af000 0x2000 0x1000 7.96 8b1d5759fc7ac5e4d6bf779e4c8c0c12
.rsrc 0x1b1000 0x2000 0x400 4.31 5c989d1bbe7e489ad2f179d7fe1f7ef6
.data 0x1b3000 0x50000 0x4f800 7.93 e9c1b80d4e088719e37606eb9c81416f
.adata 0x203000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

( 7 imports )
> kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA
> ws2_32.dll: -
> user32.dll: MessageBoxA
> gdi32.dll: CreateCompatibleDC
> advapi32.dll: ReportEventA
> oleaut32.dll: VariantChangeTypeEx
> kernel32.dll: RaiseException

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: CFT Loader
original name: CFTMON.EXE
internal name: CFTMON
file version.: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (F-Prot): Aspack




Dans WordPad\{11111111-1111-­1111-1111-111111111111}

Fichier cftmon.exe reçu le 2009.11.30 17:57:11 (UTC)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 18/41 (43.91%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 2.
L'heure estimée de démarrage est entre 50 et 71 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.43 2009.11.30 Trojan.Win32.Scar!IK
AhnLab-V3 5.0.0.2 2009.11.30 -
AntiVir 7.9.1.79 2009.11.30 -
Antiy-AVL 2.0.3.7 2009.11.30 -
Authentium 5.2.0.5 2009.11.30 -
Avast 4.8.1351.0 2009.11.30 -
AVG 8.5.0.426 2009.11.30 SHeur2.BVER
BitDefender 7.2 2009.11.30 Gen:Trojan.Heur.WC0auq@zmYni
CAT-QuickHeal 10.00 2009.11.30 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.11.30 PUA.Packed.ASPack212
Comodo 3091 2009.11.30 Heur.Suspicious
DrWeb 5.0.0.12182 2009.11.30 -
eSafe 7.0.17.0 2009.11.30 Win32.Suspect
eTrust-Vet 35.1.7148 2009.11.30 -
F-Prot 4.5.1.85 2009.11.30 -
F-Secure 9.0.15370.0 2009.11.29 Gen:Trojan.Heur.WC0auq@zmYni
Fortinet 4.0.14.0 2009.11.30 W32/Scar.ATSW!tr
GData 19 2009.11.30 Gen:Trojan.Heur.WC0auq@zmYni
Ikarus T3.1.1.74.0 2009.11.30 Trojan.Win32.Scar
Jiangmin 11.0.800 2009.11.29 -
K7AntiVirus 7.10.906 2009.11.27 -
Kaspersky 7.0.0.125 2009.11.30 Trojan.Win32.Scar.atsw
McAfee 5818 2009.11.30 Suspect-02!F50B1E738E9C
McAfee+Artemis 5818 2009.11.30 Suspect-02!F50B1E738E9C
McAfee-GW-Edition 6.8.5 2009.11.30 Heuristic.LooksLike.Win32.Suspicious.K
Microsoft 1.5302 2009.11.30 -
NOD32 4650 2009.11.30 -
Norman 6.03.02 2009.11.30 -
nProtect 2009.1.8.0 2009.11.28 -
Panda 10.0.2.2 2009.11.30 Suspicious file
PCTools 7.0.3.5 2009.11.30 -
Prevx 3.0 2009.11.30 -
Rising 22.24.00.09 2009.11.30 -
Sophos 4.48.0 2009.11.30 Sus/Behav-1021
Sunbelt 3.2.1858.2 2009.11.29 Trojan.Win32.Generic!BT
Symantec 1.4.4.12 2009.11.30 -
TheHacker 6.5.0.2.082 2009.11.30 -
TrendMicro 9.100.0.1001 2009.11.30 -
VBA32 3.12.12.0 2009.11.30 -
ViRobot 2009.11.30.2062 2009.11.30 -
VirusBuster 5.0.21.0 2009.11.30 -
Information additionnelle
File size: 798720 bytes
MD5...: f50b1e738e9c0f507c399805e733606e
SHA1..: f70a61d58fee6b8b2e44009b5ff74bbe6c935eb1
SHA256: 1664ffa4bb6736e3945c3ca239e3cec1f31749941f755031d2dae6408424a0e4
ssdeep: 12288:fvlpHrKa7KxOGNcfZqMPL0mLkwEqRYqonzJDFwVG/RoIEGpzK6FSkFvjm1
PRfPhP:Xlhe7bcqMj0kkwDqJxTR35pzvjcPKRi
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000
timedatestamp.....: 0x4b0b97f8 (Tue Nov 24 08:23:20 2009)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
0x1000 0x159000 0x5d200 8.00 a0a3bdae061fa0a7fb0b5a5e16035b09
0x15a000 0x41000 0x10200 8.00 7e681ec24fbc6ac58e021d4c2481a4cc
0x19b000 0x14000 0x4000 7.99 f776566a14ea3260c2f313521b0aa71c
0x1af000 0x2000 0x1000 7.96 8b1d5759fc7ac5e4d6bf779e4c8c0c12
.rsrc 0x1b1000 0x2000 0x400 4.31 5c989d1bbe7e489ad2f179d7fe1f7ef6
.data 0x1b3000 0x50000 0x4f800 7.93 e9c1b80d4e088719e37606eb9c81416f
.adata 0x203000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

( 7 imports )
> kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA
> ws2_32.dll: -
> user32.dll: MessageBoxA
> gdi32.dll: CreateCompatibleDC
> advapi32.dll: ReportEventA
> oleaut32.dll: VariantChangeTypeEx
> kernel32.dll: RaiseException

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: CFT Loader
original name: CFTMON.EXE
internal name: CFTMON
file version.: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (F-Prot): Aspack