Trojan.generic.291379, Comment le supprimer ?

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-27 22:52:10
Windows 5.1.2600 Service Pack 3
Running: v4q9tpsh.exe; Driver: C:\DOCUME~1\FEUCEN~1\LOCALS~1\Temp\uxldruog.sys


---- System - GMER 1.0.15 ----

SSDT            \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.)  ZwOpenProcess [0xB224CC90]
SSDT            \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.)  ZwOpenThread [0xB224CD7E]
SSDT            \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.)  ZwTerminateProcess [0xB224CBF4]
SSDT            \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.)  ZwTerminateThread [0xB224CEC4]

---- User code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\SearchIndexer.exe[1476] kernel32.dll!WriteFile                                                      7C810E27 7 Bytes  JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ntdll.dll!NtCreateFile + 5                                           7C91D0B3 10 Bytes  [68, 78, 2F, 40, 60, E9, C3, ...] {PUSH 0x60402f78; JMP 0xffffffffe36ef4cd}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ntdll.dll!NtCreateKey + 5                                            7C91D0F3 10 Bytes  [68, 70, 7E, 41, 60, E9, 83, ...] {PUSH 0x60417e70; JMP 0xffffffffe36ef48d}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ntdll.dll!NtCreateSection + 5                                        7C91D183 10 Bytes  [68, F0, 12, 41, 60, E9, F3, ...] {PUSH 0x604112f0; JMP 0xffffffffe36ef3fd}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ntdll.dll!NtDeleteValueKey + 5                                       7C91D273 10 Bytes  [68, 78, 40, 42, 60, E9, 03, ...] {PUSH 0x60424078; JMP 0xffffffffe36ef30d}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ntdll.dll!NtLoadDriver + 5                                           7C91D473 10 Bytes  [68, 60, 81, 40, 60, E9, 03, ...] {PUSH 0x60408160; JMP 0xffffffffe36ef10d}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ntdll.dll!NtMapViewOfSection + 5                                     7C91D523 10 Bytes  [68, D0, 73, 41, 60, E9, 53, ...] {PUSH 0x604173d0; JMP 0xffffffffe36ef05d}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ntdll.dll!NtOpenFile + 5                                             7C91D5A3 10 Bytes  [68, 10, 08, 41, 60, E9, D3, ...] {PUSH 0x60410810; JMP 0xffffffffe36eefdd}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ntdll.dll!NtOpenKey + 5                                              7C91D5D3 10 Bytes  [68, E0, 83, 41, 60, E9, A3, ...] {PUSH 0x604183e0; JMP 0xffffffffe36eefad}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ntdll.dll!NtOpenProcess + 5                                          7C91D603 10 Bytes  [68, F0, 68, 41, 60, E9, 73, ...] {PUSH 0x604168f0; JMP 0xffffffffe36eef7d}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ntdll.dll!NtQueueApcThread + 5                                       7C91D9A3 10 Bytes  [68, 60, 6E, 41, 60, E9, D3, ...] {PUSH 0x60416e60; JMP 0xffffffffe36eebdd}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ntdll.dll!NtSetValueKey + 5                                          7C91DDD3 10 Bytes  [68, 50, 71, 40, 60, E9, A3, ...] {PUSH 0x60407150; JMP 0xffffffffe36ee7ad}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ntdll.dll!NtWriteFile + 5                                            7C91DF83 10 Bytes  [68, 80, 0D, 41, 60, E9, F3, ...] {PUSH 0x60410d80; JMP 0xffffffffe36ee5fd}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ntdll.dll!LdrLoadDll + 1                                             7C9263C4 9 Bytes  JMP 6000C57C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ntdll.dll!RtlCreateProcessParameters                                 7C932E99 10 Bytes  [68, A0, C3, 40, 60, E9, DD, ...] {PUSH 0x6040c3a0; JMP 0xffffffffe36d96e7}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!LoadLibraryExW                                          7C801AF5 10 Bytes  CALL 65E05D3F 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!GetStartupInfoW                                         7C801E54 10 Bytes  [68, 40, A4, 41, 60, E9, 22, ...] {PUSH 0x6041a440; JMP 0xffffffffe380a72c}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!GetStartupInfoA                                         7C801EF2 10 Bytes  [68, D0, 9E, 41, 60, E9, 84, ...] {PUSH 0x60419ed0; JMP 0xffffffffe380a68e}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!WriteProcessMemory                                      7C802213 10 Bytes  [68, 10, 5E, 41, 60, E9, 63, ...] {PUSH 0x60415e10; JMP 0xffffffffe380a36d}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!CloseHandle                                             7C809BE7 10 Bytes  [68, 58, 3A, 40, 60, E9, 8F, ...] {PUSH 0x60403a58; JMP 0xffffffffe3802999}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!SetEvent                                                7C80A0B7 10 Bytes  [68, A8, 5B, 42, 60, E9, BF, ...] {PUSH 0x60425ba8; JMP 0xffffffffe38024c9}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!CreateEventW                                            7C80A749 10 Bytes  [68, B0, 8F, 40, 60, E9, 2D, ...] {PUSH 0x60408fb0; JMP 0xffffffffe3801e37}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!FreeLibrary                                             7C80AC7E 10 Bytes  [68, 38, 56, 42, 60, E9, F8, ...] {PUSH 0x60425638; JMP 0xffffffffe3801902}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!GetModuleFileNameA + DF                                 7C80B64E 10 Bytes  CALL 65E0F687 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!CreateMutexW                                            7C80E957 10 Bytes  [68, E0, 98, 40, 60, E9, 1F, ...] {PUSH 0x604098e0; JMP 0xffffffffe37fdc29}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!FindFirstFileExW                                        7C80EB1D 10 Bytes  CALL 65E12CAD 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!CreateRemoteThread + 1                                  7C8104CD 9 Bytes  JMP 6000C57C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!CreateThread                                            7C8106D7 10 Bytes  [68, B0, A9, 41, 60, E9, 9F, ...] {PUSH 0x6041a9b0; JMP 0xffffffffe37fbea9}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!CreateFileW                                             7C810800 10 Bytes  [68, 58, 79, 40, 60, E9, 76, ...] {PUSH 0x60407958; JMP 0xffffffffe37fbd80}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!CreateProcessInternalW + 1                              7C8197B1 9 Bytes  JMP 6000C57C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!ExitProcess                                             7C81CB12 10 Bytes  [68, C8, 50, 42, 60, E9, 64, ...] {PUSH 0x604250c8; JMP 0xffffffffe37efa6e}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!CopyFileExW                                             7C827B32 10 Bytes  [68, C8, 3F, 40, 60, E9, 44, ...] {PUSH 0x60403fc8; JMP 0xffffffffe37e4a4e}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!PulseEvent                                              7C82C06E 10 Bytes  [68, 18, 61, 42, 60, E9, 08, ...] {PUSH 0x60426118; JMP 0xffffffffe37e0512}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!CheckRemoteDebuggerPresent                              7C85AAF2 10 Bytes  [68, 00, B9, 40, 60, E9, 84, ...] {PUSH 0x6040b900; JMP 0xffffffffe37b1a8e}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!SetThreadContext                                        7C863C09 10 Bytes  [68, 80, 63, 41, 60, E9, 6D, ...] {PUSH 0x60416380; JMP 0xffffffffe37a8977}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!ReadConsoleA                                            7C872B5D 10 Bytes  [68, D0, F2, 40, 60, E9, 19, ...] {PUSH 0x6040f2d0; JMP 0xffffffffe3799a23}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!ReadConsoleW                                            7C872BAC 10 Bytes  [68, 40, F8, 40, 60, E9, CA, ...] {PUSH 0x6040f840; JMP 0xffffffffe37999d4}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!ReadConsoleInputA                                       7C874613 10 Bytes  [68, F0, E7, 40, 60, E9, 63, ...] {PUSH 0x6040e7f0; JMP 0xffffffffe3797f6d}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!ReadConsoleInputW                                       7C874636 10 Bytes  [68, 60, ED, 40, 60, E9, 40, ...] {PUSH 0x6040ed60; JMP 0xffffffffe3797f4a}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ADVAPI32.dll!RegQueryValueExW + 10C                                  77DA710B 10 Bytes  [68, 80, A3, 40, 60, E9, 6B, ...] {PUSH 0x6040a380; JMP 0xffffffffe8265475}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ADVAPI32.dll!OpenServiceW                                            77DB6FFD 10 Bytes  [68, F8, 1A, 41, 60, E9, 79, ...] {PUSH 0x60411af8; JMP 0xffffffffe8255583}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ADVAPI32.dll!ControlService                                          77DC4A09 10 Bytes  [68, 70, 28, 41, 60, E9, 6D, ...] {PUSH 0x60412870; JMP 0xffffffffe8247b77}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ADVAPI32.dll!OpenServiceA                                            77DC4C66 10 Bytes  [68, 68, 20, 41, 60, E9, 10, ...] {PUSH 0x60412068; JMP 0xffffffffe824791a}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ADVAPI32.dll!ChangeServiceConfigA                                    77E06E69 10 Bytes  [68, 50, 33, 41, 60, E9, 0D, ...] {PUSH 0x60413350; JMP 0xffffffffe8205717}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ADVAPI32.dll!ChangeServiceConfigW                                    77E07001 10 Bytes  [68, E0, 2D, 41, 60, E9, 75, ...] {PUSH 0x60412de0; JMP 0xffffffffe820557f}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ADVAPI32.dll!CreateServiceA                                          77E07211 10 Bytes  [68, F0, A8, 40, 60, E9, 65, ...] {PUSH 0x6040a8f0; JMP 0xffffffffe820536f}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] ADVAPI32.dll!CreateServiceW                                          77E073A9 10 Bytes  [68, 60, AE, 40, 60, E9, CD, ...] {PUSH 0x6040ae60; JMP 0xffffffffe82051d7}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] WS2_32.dll!WEP + FFFEF156                                            719F1273 10 Bytes  [68, F0, 93, 41, 60, E9, 03, ...] {PUSH 0x604193f0; JMP 0xffffffffee61b30d}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] WS2_32.dll!connect                                                   719F4A07 10 Bytes  [68, 50, C6, 41, 60, E9, 6F, ...] {PUSH 0x6041c650; JMP 0xffffffffee617b79}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] WS2_32.dll!send                                                      719F4C27 10 Bytes  [68, 48, BE, 41, 60, E9, 4F, ...] {PUSH 0x6041be48; JMP 0xffffffffee617959}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] WS2_32.dll!WSAStartup                                                719F6A55 10 Bytes  [68, 60, 99, 41, 60, E9, 21, ...] {PUSH 0x60419960; JMP 0xffffffffee615b2b}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] USER32.dll!GetMessageW                                               7E3991C6 10 Bytes  [68, A0, D7, 40, 60, E9, B0, ...] {PUSH 0x6040d7a0; JMP 0xffffffffe1c733ba}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] USER32.dll!PeekMessageW                                              7E39929B 10 Bytes  [68, 80, E2, 40, 60, E9, DB, ...] {PUSH 0x6040e280; JMP 0xffffffffe1c732e5}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] USER32.dll!GetMessageA                                               7E3A772B 10 Bytes  [68, 30, D2, 40, 60, E9, 4B, ...] {PUSH 0x6040d230; JMP 0xffffffffe1c64e55}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] USER32.dll!SetWindowsHookExW                                         7E3A820F 10 Bytes  [68, 50, 48, 41, 60, E9, 67, ...] {PUSH 0x60414850; JMP 0xffffffffe1c64371}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] USER32.dll!PeekMessageA                                              7E3AA340 10 Bytes  [68, 10, DD, 40, 60, E9, 36, ...] {PUSH 0x6040dd10; JMP 0xffffffffe1c62240}
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1692] USER32.dll!SetWindowsHookExA                                         7E3B1211 10 Bytes  [68, C0, 4D, 41, 60, E9, 65, ...] {PUSH 0x60414dc0; JMP 0xffffffffe1c5b36f}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ntdll.dll!NtCreateFile + 5                                  7C91D0B3 10 Bytes  [68, B0, 2F, 40, 60, E9, C3, ...] {PUSH 0x60402fb0; JMP 0xffffffffe36ef4cd}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ntdll.dll!NtCreateKey + 5                                   7C91D0F3 10 Bytes  [68, C8, 7E, 41, 60, E9, 83, ...] {PUSH 0x60417ec8; JMP 0xffffffffe36ef48d}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ntdll.dll!NtCreateSection + 5                               7C91D183 10 Bytes  [68, 48, 13, 41, 60, E9, F3, ...] {PUSH 0x60411348; JMP 0xffffffffe36ef3fd}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ntdll.dll!NtDeleteValueKey + 5                              7C91D273 10 Bytes  [68, D0, 39, 42, 60, E9, 03, ...] {PUSH 0x604239d0; JMP 0xffffffffe36ef30d}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ntdll.dll!NtLoadDriver + 5                                  7C91D473 10 Bytes  [68, C8, 81, 40, 60, E9, 03, ...] {PUSH 0x604081c8; JMP 0xffffffffe36ef10d}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ntdll.dll!NtMapViewOfSection + 5                            7C91D523 10 Bytes  [68, 28, 74, 41, 60, E9, 53, ...] {PUSH 0x60417428; JMP 0xffffffffe36ef05d}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ntdll.dll!NtOpenFile + 5                                    7C91D5A3 10 Bytes  [68, 68, 08, 41, 60, E9, D3, ...] {PUSH 0x60410868; JMP 0xffffffffe36eefdd}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ntdll.dll!NtOpenKey + 5                                     7C91D5D3 10 Bytes  [68, 38, 84, 41, 60, E9, A3, ...] {PUSH 0x60418438; JMP 0xffffffffe36eefad}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ntdll.dll!NtOpenProcess + 5                                 7C91D603 10 Bytes  [68, 48, 69, 41, 60, E9, 73, ...] {PUSH 0x60416948; JMP 0xffffffffe36eef7d}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ntdll.dll!NtQueueApcThread + 5                              7C91D9A3 10 Bytes  [68, B8, 6E, 41, 60, E9, D3, ...] {PUSH 0x60416eb8; JMP 0xffffffffe36eebdd}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ntdll.dll!NtSetValueKey + 5                                 7C91DDD3 10 Bytes  [68, B8, 71, 40, 60, E9, A3, ...] {PUSH 0x604071b8; JMP 0xffffffffe36ee7ad}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ntdll.dll!NtWriteFile + 5                                   7C91DF83 10 Bytes  [68, D8, 0D, 41, 60, E9, F3, ...] {PUSH 0x60410dd8; JMP 0xffffffffe36ee5fd}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ntdll.dll!LdrLoadDll + 1                                    7C9263C4 9 Bytes  JMP 6000C57C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ntdll.dll!RtlCreateProcessParameters                        7C932E99 10 Bytes  [68, F8, C3, 40, 60, E9, DD, ...] {PUSH 0x6040c3f8; JMP 0xffffffffe36d96e7}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!LoadLibraryExW                                 7C801AF5 10 Bytes  [68, 40, 3F, 42, 60, E9, 81, ...] {PUSH 0x60423f40; JMP 0xffffffffe380aa8b}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!GetStartupInfoW                                7C801E54 10 Bytes  [68, 18, A1, 41, 60, E9, 22, ...] {PUSH 0x6041a118; JMP 0xffffffffe380a72c}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!GetStartupInfoA                                7C801EF2 10 Bytes  [68, A8, 9B, 41, 60, E9, 84, ...] {PUSH 0x60419ba8; JMP 0xffffffffe380a68e}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!WriteProcessMemory                             7C802213 10 Bytes  [68, 68, 5E, 41, 60, E9, 63, ...] {PUSH 0x60415e68; JMP 0xffffffffe380a36d}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!CloseHandle                                    7C809BE7 10 Bytes  [68, 90, 3A, 40, 60, E9, 8F, ...] {PUSH 0x60403a90; JMP 0xffffffffe3802999}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!SetEvent                                       7C80A0B7 2 Bytes  [68, 00]
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!SetEvent + 3                                   7C80A0BA 7 Bytes  JMP 6000C57E C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!CreateEventW                                   7C80A749 10 Bytes  [68, 18, 90, 40, 60, E9, 2D, ...] {PUSH 0x60409018; JMP 0xffffffffe3801e37}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!FreeLibrary                                    7C80AC7E 10 Bytes  [68, 90, 4F, 42, 60, E9, F8, ...] {PUSH 0x60424f90; JMP 0xffffffffe3801902}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!GetModuleFileNameA + DF                        7C80B64E 10 Bytes  [68, 20, 35, 40, 60, E9, 28, ...] {PUSH 0x60403520; JMP 0xffffffffe3800f32}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!CreateMutexW                                   7C80E957 10 Bytes  [68, 38, 99, 40, 60, E9, 1F, ...] {PUSH 0x60409938; JMP 0xffffffffe37fdc29}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!FindFirstFileExW                               7C80EB1D 10 Bytes  [68, 40, 8C, 41, 60, E9, 59, ...] {PUSH 0x60418c40; JMP 0xffffffffe37fda63}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!CreateRemoteThread + 1                         7C8104CD 9 Bytes  JMP 6000C57C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!CreateThread                                   7C8106D7 10 Bytes  [68, 88, A6, 41, 60, E9, 9F, ...] {PUSH 0x6041a688; JMP 0xffffffffe37fbea9}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!CreateFileW                                    7C810800 10 Bytes  [68, C0, 79, 40, 60, E9, 76, ...] {PUSH 0x604079c0; JMP 0xffffffffe37fbd80}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!CreateProcessInternalW + 1                     7C8197B1 9 Bytes  JMP 6000C57C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!ExitProcess                                    7C81CB12 10 Bytes  [68, 20, 4A, 42, 60, E9, 64, ...] {PUSH 0x60424a20; JMP 0xffffffffe37efa6e}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!CopyFileExW                                    7C827B32 10 Bytes  [68, 08, 40, 40, 60, E9, 44, ...] {PUSH 0x60404008; JMP 0xffffffffe37e4a4e}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!PulseEvent                                     7C82C06E 10 Bytes  [68, 70, 5A, 42, 60, E9, 08, ...] {PUSH 0x60425a70; JMP 0xffffffffe37e0512}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!CheckRemoteDebuggerPresent                     7C85AAF2 10 Bytes  [68, 58, B9, 40, 60, E9, 84, ...] {PUSH 0x6040b958; JMP 0xffffffffe37b1a8e}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!SetThreadContext                               7C863C09 10 Bytes  [68, D8, 63, 41, 60, E9, 6D, ...] {PUSH 0x604163d8; JMP 0xffffffffe37a8977}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!ReadConsoleA                                   7C872B5D 10 Bytes  [68, 28, F3, 40, 60, E9, 19, ...] {PUSH 0x6040f328; JMP 0xffffffffe3799a23}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!ReadConsoleW                                   7C872BAC 10 Bytes  [68, 98, F8, 40, 60, E9, CA, ...] {PUSH 0x6040f898; JMP 0xffffffffe37999d4}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!ReadConsoleInputA                              7C874613 10 Bytes  CALL E070A658 
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] kernel32.dll!ReadConsoleInputW                              7C874636 10 Bytes  [68, B8, ED, 40, 60, E9, 40, ...] {PUSH 0x6040edb8; JMP 0xffffffffe3797f4a}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] USER32.dll!GetMessageW                                      7E3991C6 10 Bytes  [68, F8, D7, 40, 60, E9, B0, ...] {PUSH 0x6040d7f8; JMP 0xffffffffe1c733ba}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] USER32.dll!PeekMessageW                                     7E39929B 10 Bytes  [68, D8, E2, 40, 60, E9, DB, ...] {PUSH 0x6040e2d8; JMP 0xffffffffe1c732e5}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] USER32.dll!GetMessageA                                      7E3A772B 10 Bytes  [68, 88, D2, 40, 60, E9, 4B, ...] {PUSH 0x6040d288; JMP 0xffffffffe1c64e55}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] USER32.dll!SetWindowsHookExW                                7E3A820F 10 Bytes  [68, A8, 48, 41, 60, E9, 67, ...] {PUSH 0x604148a8; JMP 0xffffffffe1c64371}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] USER32.dll!PeekMessageA                                     7E3AA340 10 Bytes  [68, 68, DD, 40, 60, E9, 36, ...] {PUSH 0x6040dd68; JMP 0xffffffffe1c62240}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] USER32.dll!SetWindowsHookExA                                7E3B1211 10 Bytes  [68, 18, 4E, 41, 60, E9, 65, ...] {PUSH 0x60414e18; JMP 0xffffffffe1c5b36f}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ADVAPI32.dll!RegQueryValueExW + 10C                         77DA710B 10 Bytes  [68, D8, A3, 40, 60, E9, 6B, ...] {PUSH 0x6040a3d8; JMP 0xffffffffe8265475}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ADVAPI32.dll!OpenServiceW                                   77DB6FFD 10 Bytes  [68, 50, 1B, 41, 60, E9, 79, ...] {PUSH 0x60411b50; JMP 0xffffffffe8255583}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ADVAPI32.dll!ControlService                                 77DC4A09 10 Bytes  [68, C8, 28, 41, 60, E9, 6D, ...] {PUSH 0x604128c8; JMP 0xffffffffe8247b77}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ADVAPI32.dll!OpenServiceA                                   77DC4C66 10 Bytes  [68, C0, 20, 41, 60, E9, 10, ...] {PUSH 0x604120c0; JMP 0xffffffffe824791a}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ADVAPI32.dll!ChangeServiceConfigA                           77E06E69 10 Bytes  [68, A8, 33, 41, 60, E9, 0D, ...] {PUSH 0x604133a8; JMP 0xffffffffe8205717}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ADVAPI32.dll!ChangeServiceConfigW                           77E07001 10 Bytes  [68, 38, 2E, 41, 60, E9, 75, ...] {PUSH 0x60412e38; JMP 0xffffffffe820557f}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ADVAPI32.dll!CreateServiceA                                 77E07211 10 Bytes  [68, 48, A9, 40, 60, E9, 65, ...] {PUSH 0x6040a948; JMP 0xffffffffe820536f}
.text           C:\Program Files\Canon\ScanGear Toolbox CS\SGTBox.exe[3368] ADVAPI32.dll!CreateServiceW                                 77E073A9 10 Bytes  [68, B8, AE, 40, 60, E9, CD, ...] {PUSH 0x6040aeb8; JMP 0xffffffffe82051d7}

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                               bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                               bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                             bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                    
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                         0
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                      0x71 0x8A 0xB5 0x98 ...
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                         0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                    
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                         0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                      0x71 0x8A 0xB5 0x98 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                         0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                        
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x26 0x5A 0x78 0xF7 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                               
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x97 0xD8 0x48 0xBB ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                          
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x39 0xB3 0xD2 0x5F ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                    
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                         0
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                      0x26 0x5A 0x78 0xF7 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                         0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                         C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)           
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                             0x97 0xD8 0x48 0xBB ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)      
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                        0x39 0xB3 0xD2 0x5F ...
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                    
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                         0
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                      0x26 0x5A 0x78 0xF7 ...
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                         0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                         C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)           
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                             0x97 0xD8 0x48 0xBB ...
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)      
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                        0x39 0xB3 0xD2 0x5F ...
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                    
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                         0
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                      0x26 0x5A 0x78 0xF7 ...
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                         0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                         C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)           
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                             0x97 0xD8 0x48 0xBB ...
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)      
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                        0x39 0xB3 0xD2 0x5F ...

---- EOF - GMER 1.0.15 ----

 Fichier np-mswmp.dll reçu le 2010.01.30 23:18:37 (UTC)
Situation actuelle: terminé
Résultat: 0/40 (0.00%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus 	Version 	Dernière mise à jour 	Résultat
a-squared 	4.5.0.50 	2010.01.30 	-
AhnLab-V3 	5.0.0.2 	2010.01.30 	-
AntiVir 	7.9.1.154 	2010.01.29 	-
Antiy-AVL 	2.0.3.7 	2010.01.28 	-
Authentium 	5.2.0.5 	2010.01.30 	-
Avast 	4.8.1351.0 	2010.01.30 	-
AVG 	9.0.0.730 	2010.01.31 	-
BitDefender 	7.2 	2010.01.30 	-
CAT-QuickHeal 	10.00 	2010.01.30 	-
ClamAV 	0.96.0.0-git 	2010.01.30 	-
Comodo 	3765 	2010.01.30 	-
DrWeb 	5.0.1.12222 	2010.01.30 	-
eSafe 	7.0.17.0 	2010.01.28 	-
eTrust-Vet 	35.2.7271 	2010.01.29 	-
F-Prot 	4.5.1.85 	2010.01.30 	-
F-Secure 	9.0.15370.0 	2010.01.30 	-
Fortinet 	4.0.14.0 	2010.01.30 	-
GData 	19 	2010.01.30 	-
Ikarus 	T3.1.1.80.0 	2010.01.30 	-
Jiangmin 	13.0.900 	2010.01.28 	-
K7AntiVirus 	7.10.960 	2010.01.29 	-
Kaspersky 	7.0.0.125 	2010.01.31 	-
McAfee 	5877 	2010.01.30 	-
McAfee+Artemis 	5877 	2010.01.30 	-
McAfee-GW-Edition 	6.8.5 	2010.01.30 	-
Microsoft 	1.5406 	2010.01.31 	-
NOD32 	4821 	2010.01.30 	-
Norman 	6.04.03 	2010.01.30 	-
nProtect 	2009.1.8.0 	2010.01.30 	-
Panda 	10.0.2.2 	2010.01.30 	-
PCTools 	7.0.3.5 	2010.01.30 	-
Rising 	22.32.05.04 	2010.01.30 	-
Sophos 	4.50.0 	2010.01.30 	-
Sunbelt 	3.2.1858.2 	2010.01.30 	-
Symantec 	20091.2.0.41 	2010.01.30 	-
TheHacker 	6.5.1.0.173 	2010.01.30 	-
TrendMicro 	9.120.0.1004 	2010.01.30 	-
VBA32 	3.12.12.1 	2010.01.29 	-
ViRobot 	2010.1.30.2164 	2010.01.30 	-
VirusBuster 	5.0.21.0 	2010.01.30 	-
Information additionnelle
File size: 163256 bytes
MD5   : 99f97c9fe748c37528c338a423577fcb
SHA1  : 40d76ef18e457868d3e3695b8901f41db517c09d
SHA256: 8b688cc16cb9c64f30c42a844a92b49d76b9601cfb99b533da96f91aa0844fdf
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x41AD47
timedatestamp.....: 0x461C294A (Wed Apr 11 02:18:18 2007)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1FF0F 0x20000 6.42 c548af63ecc94034f35a497bd6646e7a
.data 0x21000 0x24F0 0x2000 2.68 7f5817b74946141e1c477c186bc4a307
.rsrc 0x24000 0x5C8 0x600 3.31 2b2533c15671c6e7336cfa728d39f7fa
.reloc 0x25000 0x2CA0 0x2E00 5.78 04797e3e674983a2d0c696c7911804a9

( 0 imports )


( 0 exports )
TrID  : File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
ssdeep: 3072:FpAHqv1/4MZomNAJeS9dpdhI1UP2x4rgaHb60RYv24IkyERB5y/paSy/EW:7AHqv1/4MZomMM48aHO0ehIjiBay5
PEiD  : -
RDS   : NSRL Reference Data Set

 Fichier ipuninst.exe reçu le 2010.02.01 14:23:56 (UTC)
Situation actuelle: terminé
Résultat: 0/40 (0.00%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus 	Version 	Dernière mise à jour 	Résultat
a-squared 	4.5.0.50 	2010.02.01 	-
AhnLab-V3 	5.0.0.2 	2010.01.31 	-
AntiVir 	7.9.1.154 	2010.02.01 	-
Antiy-AVL 	2.0.3.7 	2010.02.01 	-
Authentium 	5.2.0.5 	2010.01.31 	-
Avast 	4.8.1351.0 	2010.01.31 	-
AVG 	9.0.0.730 	2010.02.01 	-
BitDefender 	7.2 	2010.02.01 	-
CAT-QuickHeal 	10.00 	2010.02.01 	-
ClamAV 	0.96.0.0-git 	2010.02.01 	-
Comodo 	3783 	2010.02.01 	-
DrWeb 	5.0.1.12222 	2010.02.01 	-
eSafe 	7.0.17.0 	2010.01.31 	-
eTrust-Vet 	35.2.7274 	2010.02.01 	-
F-Prot 	4.5.1.85 	2010.01.31 	-
F-Secure 	9.0.15370.0 	2010.02.01 	-
Fortinet 	4.0.14.0 	2010.02.01 	-
GData 	19 	2010.02.01 	-
Ikarus 	T3.1.1.80.0 	2010.02.01 	-
Jiangmin 	13.0.900 	2010.01.28 	-
K7AntiVirus 	7.10.960 	2010.01.29 	-
Kaspersky 	7.0.0.125 	2010.02.01 	-
McAfee 	5878 	2010.01.31 	-
McAfee+Artemis 	5878 	2010.01.31 	-
McAfee-GW-Edition 	6.8.5 	2010.02.01 	-
Microsoft 	1.5406 	2010.02.01 	-
NOD32 	4824 	2010.02.01 	-
Norman 	6.04.03 	2010.01.31 	-
nProtect 	2009.1.8.0 	2010.02.01 	-
Panda 	10.0.2.2 	2010.01.31 	-
PCTools 	7.0.3.5 	2010.02.01 	-
Rising 	22.33.00.04 	2010.02.01 	-
Sophos 	4.50.0 	2010.02.01 	-
Sunbelt 	3.2.1858.2 	2010.01.31 	-
Symantec 	20091.2.0.41 	2010.02.01 	-
TheHacker 	6.5.1.0.175 	2010.02.01 	-
TrendMicro 	9.120.0.1004 	2010.02.01 	-
VBA32 	3.12.12.1 	2010.02.01 	-
ViRobot 	2010.2.1.2166 	2010.02.01 	-
VirusBuster 	5.0.21.0 	2010.02.01 	-
Information additionnelle
File size: 53248 bytes
MD5   : a2c8c9cccda4e2ec402e26c072a7f78b
SHA1  : 517b471eb6f8dc66bea96b1fbb273140f345bb33
SHA256: cbea5e1e1e78dcf975c9e0420fbf37809aab2130277c502c1a03cebae682aa19
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2590
timedatestamp.....: 0x3498B207 (Thu Dec 18 06:17:59 1997)
machinetype.......: 0x14C (Intel I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5E50 0x6000 6.33 86fcb884a79e60f221e2760b1e9ee8e5
.rdata 0x7000 0x3B7 0x400 4.91 4128707251e1e41df2c9ef7f34585ed2
.data 0x8000 0x2A28 0x1400 1.19 67aaaa34d51121ffdf354fb4e81c7a89
.idata 0xB000 0x726 0x800 4.76 8542db9f6298d99c179ee667114f984e
.rsrc 0xC000 0x4370 0x4400 4.39 5cf8e82fc60c0ab86794eb5185588adc
.reloc 0x11000 0x74A 0x800 5.50 cf0ee5bfcb468a872bd51ff90abd1437

( 4 imports )

> advapi32.dll: RegDeleteKeyA, RegEnumKeyA, RegOpenKeyExA, RegCloseKey
> comctl32.dll: -
> kernel32.dll: GetModuleHandleA, GetLastError, DeleteFileA, RemoveDirectoryA, GetVersion, WideCharToMultiByte, GetStringTypeW, LoadLibraryA, GetProcAddress, SetEndOfFile, ReadFile, LCMapStringW, CreateFileA, FlushFileBuffers, SetStdHandle, LCMapStringA, WriteFile, GetStdHandle, SetFilePointer, SetHandleCount, GetOEMCP, GetFileType, HeapAlloc, HeapReAlloc, HeapFree, GetStartupInfoA, GetCommandLineA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, CloseHandle, GetStringTypeA, UnhandledExceptionFilter, GetModuleFileNameA, MultiByteToWideChar, ExitProcess, TerminateProcess, GetCurrentProcess, RtlUnwind, GetCPInfo, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetACP
> user32.dll: SendMessageA, LoadIconA, MessageBoxA, GetWindowLongA, SetClassLongA, wsprintfA, EndDialog, ShowWindow, PostMessageA, SetWindowTextA, DialogBoxParamA, EnableWindow, SetFocus, GetDlgItem, SetDlgItemTextA, LoadStringA

( 0 exports )
TrID  : File type identification
Win32 Executable MS Visual C++ 4.x (48.0%)
Win64 Executable Generic (30.5%)
Win32 Executable MS Visual C++ (generic) (13.4%)
Win32 Executable Generic (3.0%)
Win32 Dynamic Link Library (generic) (2.7%)
ssdeep: 768:uvZO8rQVekzZsFGNW1LhCg9woZdWgtBoZ0OkiAjm6h4:uhNlkziINreZjtBzwAS
PEiD  : -
RDS   : NSRL Reference Data Set

 Fichier index.dat reçu le 2010.02.01 14:16:06 (UTC)
Situation actuelle: terminé
Résultat: 0/40 (0.00%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus 	Version 	Dernière mise à jour 	Résultat
a-squared 	4.5.0.50 	2010.02.01 	-
AhnLab-V3 	5.0.0.2 	2010.01.31 	-
AntiVir 	7.9.1.154 	2010.02.01 	-
Antiy-AVL 	2.0.3.7 	2010.02.01 	-
Authentium 	5.2.0.5 	2010.01.31 	-
Avast 	4.8.1351.0 	2010.01.31 	-
AVG 	9.0.0.730 	2010.02.01 	-
BitDefender 	7.2 	2010.02.01 	-
CAT-QuickHeal 	10.00 	2010.02.01 	-
ClamAV 	0.96.0.0-git 	2010.02.01 	-
Comodo 	3783 	2010.02.01 	-
DrWeb 	5.0.1.12222 	2010.02.01 	-
eSafe 	7.0.17.0 	2010.01.31 	-
eTrust-Vet 	35.2.7274 	2010.02.01 	-
F-Prot 	4.5.1.85 	2010.01.31 	-
F-Secure 	9.0.15370.0 	2010.02.01 	-
Fortinet 	4.0.14.0 	2010.02.01 	-
GData 	19 	2010.02.01 	-
Ikarus 	T3.1.1.80.0 	2010.02.01 	-
Jiangmin 	13.0.900 	2010.01.28 	-
K7AntiVirus 	7.10.960 	2010.01.29 	-
Kaspersky 	7.0.0.125 	2010.02.01 	-
McAfee 	5878 	2010.01.31 	-
McAfee+Artemis 	5878 	2010.01.31 	-
McAfee-GW-Edition 	6.8.5 	2010.02.01 	-
Microsoft 	1.5406 	2010.02.01 	-
NOD32 	4824 	2010.02.01 	-
Norman 	6.04.03 	2010.01.31 	-
nProtect 	2009.1.8.0 	2010.02.01 	-
Panda 	10.0.2.2 	2010.01.31 	-
PCTools 	7.0.3.5 	2010.02.01 	-
Rising 	22.33.00.04 	2010.02.01 	-
Sophos 	4.50.0 	2010.02.01 	-
Sunbelt 	3.2.1858.2 	2010.01.31 	-
Symantec 	20091.2.0.41 	2010.02.01 	-
TheHacker 	6.5.1.0.175 	2010.02.01 	-
TrendMicro 	9.120.0.1004 	2010.02.01 	-
VBA32 	3.12.12.1 	2010.02.01 	-
ViRobot 	2010.2.1.2166 	2010.02.01 	-
VirusBuster 	5.0.21.0 	2010.02.01 	-
Information additionnelle
File size: 76507 bytes
MD5   : dbfb34e5665876390ad554f5b8dcb45d
SHA1  : 4fc00afb67ec81f2782f87d294e78d05176c7649
SHA256: 9f62d01827b50c5c9e0c2217c24415f26445938c3a1c6afbd6cfb61fdfee3699
TrID  : File type identification
Unknown!
ssdeep: 768:M2HHG9yEKvRtd23wpW8QTX9AH7eHkZV3+FKBMHr0SQoGuS/:1HG9yEY23wu9AHzbBMHrQuu
PEiD  : -
RDS   : NSRL Reference Data Set

ComboFix 10-02-03.04 - Feu Central 03/02/2010  21:58:00.3.1 - x86
Microsoft Windows XP Édition familiale  5.1.2600.3.1252.33.1036.18.1023.574 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\Feu Central\Bureau\CF.exe
Commutateurs utilisés :: C:\Documents and Settings\Feu Central\Bureau\CFScript.txt
AV: Antivirus BitDefender  *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

file zipped: c:\rajout changelog.txt
.

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-06 21:42:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:71,8a,b5,98,f5,58,c6,f4,ee,2c,7c,9c,69,ee,19,fa,63,f2,e0,3d,11,..
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:71,8a,b5,98,f5,58,c6,f4,ee,2c,7c,9c,69,ee,19,fa,63,f2,e0,3d,11,..
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:26,5a,78,f7,f1,8c,92,6e,1c,c7,ac,94,40,75,b0,c4,7d,db,30,a3,ff,..
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,e7,37,45,55,7a,46,3d,09,b3,ed,9e,60,39,36,4b,8d,f9,..
"hdf12"=hex:97,d8,48,bb,7a,7b,fe,45,dc,39,19,4e,fe,bd,13,26,91,c6,1a,7d,29,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:39,b3,d2,5f,d4,5e,47,48,3f,b8,f9,38,cd,92,ac,fc,9c,0a,13,96,59,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:26,5a,78,f7,f1,8c,92,6e,1c,c7,ac,94,40,75,b0,c4,7d,db,30,a3,ff,..
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,e7,37,45,55,7a,46,3d,09,b3,ed,9e,60,39,36,4b,8d,f9,..
"hdf12"=hex:97,d8,48,bb,7a,7b,fe,45,dc,39,19,4e,fe,bd,13,26,91,c6,1a,7d,29,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:39,b3,d2,5f,d4,5e,47,48,3f,b8,f9,38,cd,92,ac,fc,9c,0a,13,96,59,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:26,5a,78,f7,f1,8c,92,6e,1c,c7,ac,94,40,75,b0,c4,7d,db,30,a3,ff,..
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,e7,37,45,55,7a,46,3d,09,b3,ed,9e,60,39,36,4b,8d,f9,..
"hdf12"=hex:97,d8,48,bb,7a,7b,fe,45,dc,39,19,4e,fe,bd,13,26,91,c6,1a,7d,29,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:39,b3,d2,5f,d4,5e,47,48,3f,b8,f9,38,cd,92,ac,fc,9c,0a,13,96,59,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:26,5a,78,f7,f1,8c,92,6e,1c,c7,ac,94,40,75,b0,c4,7d,db,30,a3,ff,..
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,e7,37,45,55,7a,46,3d,09,b3,ed,9e,60,39,36,4b,8d,f9,..
"hdf12"=hex:97,d8,48,bb,7a,7b,fe,45,dc,39,19,4e,fe,bd,13,26,91,c6,1a,7d,29,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:39,b3,d2,5f,d4,5e,47,48,3f,b8,f9,38,cd,92,ac,fc,9c,0a,13,96,59,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

List'em by g3n-h@ckm@n 1.2.4.0

User : Feu Central (Administrateurs) 
Update on 05/02/2010 by g3n-h@ckm@n ::::: 18.40 
Start at: 21:22:02 | 06/02/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

AMD Sempron(tm)   2400+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : Antivirus BitDefender  12.0 [ (!) Disabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 77,62 Go (46,63 Go free) | NTFS
D:\ -> Disque fixe local | 77,62 Go (77,56 Go free) | NTFS
E:\ -> Disque fixe local | 77,62 Go (77,56 Go free) | NTFS
F:\ -> Disque CD-ROM

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running 

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Feu Central\Local Settings\temp\189.tmp\pv.exe

======================
Keys "Run" 
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe	REG_SZ         	C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
BDAgent	REG_SZ         	"C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" 
BitDefender Antiphishing Helper	REG_SZ         	"C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" 
HPDJ Taskbar Utility	REG_SZ         	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe 
Adobe ARM	REG_SZ         	"C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" 
QuickTime Task	REG_SZ         	"C:\Program Files\QuickTime\qttask.exe" -atboottime 
SunJavaUpdateSched	REG_SZ         	"C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" 
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] 
dontdisplaylastusername	REG_DWORD      	0 (0x0) 
legalnoticecaption	REG_SZ         	 
legalnoticetext	REG_SZ         	 
shutdownwithoutlogon	REG_DWORD      	1 (0x1) 
undockwithoutlogon	REG_DWORD      	1 (0x1) 
DisableRegistryTools	REG_DWORD      	0 (0x0) 

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] 
NoDriveTypeAutoRun	REG_DWORD      	323 (0x143) 
NoDriveAutoRun	REG_DWORD      	67108863 (0x3ffffff) 
NoDrives	REG_DWORD      	0 (0x0) 

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] 
HonorAutoRunSetting	REG_DWORD      	1 (0x1) 
NoDriveAutoRun	REG_DWORD      	67108863 (0x3ffffff) 
NoDriveTypeAutoRun	REG_DWORD      	323 (0x143) 
NoDrives	REG_DWORD      	0 (0x0) 

=============== 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 
 AutoRestartShell	REG_DWORD      	1 (0x1) 
 DefaultDomainName	REG_SZ         	FEUCENTRAL 
 DefaultUserName	REG_SZ         	Feu Central 
 LegalNoticeCaption	REG_SZ         	 
 LegalNoticeText	REG_SZ         	 
 PowerdownAfterShutdown	REG_SZ         	0 
 ReportBootOk	REG_SZ         	1 
 Shell	REG_SZ         	Explorer.exe 
 ShutdownWithoutLogon	REG_SZ         	0 
 System	REG_SZ         	 
 Userinit	REG_SZ         	C:\WINDOWS\system32\userinit.exe, 
 VmApplet	REG_SZ         	rundll32 shell32,Control_RunDLL "sysdm.cpl" 
 SfcQuota	REG_DWORD      	-1 (0xffffffff) 
 allocatecdroms	REG_SZ         	0 
 allocatedasd	REG_SZ         	0 
 allocatefloppies	REG_SZ         	0 
 cachedlogonscount	REG_SZ         	10 
 forceunlocklogon	REG_DWORD      	0 (0x0) 
 passwordexpirywarning	REG_DWORD      	14 (0xe) 
 scremoveoption	REG_SZ         	0 
 AllowMultipleTSSessions	REG_DWORD      	0 (0x0) 
 UIHost	REG_EXPAND_SZ  	logonui.exe 
 LogonType	REG_DWORD      	1 (0x1) 
 DebugServerCommand	REG_SZ         	no 
 SFCDisable	REG_DWORD      	0 (0x0) 
 WinStationsDisabled	REG_SZ         	0 
 HibernationPreviouslyEnabled	REG_DWORD      	1 (0x1) 
 ShowLogonOptions	REG_DWORD      	1 (0x1) 
 AltDefaultUserName	REG_SZ         	Feu Central 
 AltDefaultDomainName	REG_SZ         	FEUCENTRAL 
 ChangePasswordUseKerberos	REG_DWORD      	1 (0x1) 
 AutoAdminLogon	REG_SZ         	0 
 Background	REG_SZ         	0 0 0 

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972}	REG_SZ         	 
{56F9679E-7826-4C84-81F3-532071A8BCC5}	REG_SZ         	 

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe	REG_SZ         	%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe	REG_SZ         	%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\uTorrent\uTorrent.exe	REG_SZ         	C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
C:\Program Files\eMule\emule.exe	REG_SZ         	C:\Program Files\eMule\emule.exe:*:Enabled:eMule
C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe	REG_SZ         	C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe	REG_SZ         	%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe	REG_SZ         	%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}

===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{CB58DED6-4AF3-4080-9DF1-DEE72075169F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Base Smart Card Crypto Provider Package
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{72AD53CC-CCC0-3757-8480-9EE176866A7C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EF289A85-8E57-408d-BE47-73B55609861A}

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	https://www.msn.com/fr-fr/?ocid=iehp

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	https://www.google.fr/?gws_rd=ssl

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services] 

Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )

=========
Atapi.sys
=========

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\Feu Central\Local Settings\temp\189.tmp
## C:\> hashdeep C:\WINDOWS\System32\Drivers\atapi.sys
## 
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\System32\Drivers\atapi.sys

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\Feu Central\Local Settings\temp\189.tmp
## C:\> hashdeep C:\WINDOWS\System32\DllCache\atapi.sys
## 
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\System32\DllCache\atapi.sys

Sources
======= 
 
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys  
C:\WINDOWS\ERDNT\cache\atapi.sys  
C:\WINDOWS\ServicePackFiles\i386\atapi.sys  
C:\WINDOWS\system32\dllcache\atapi.sys  
C:\WINDOWS\system32\drivers\atapi.sys  

Référence :
==========

Win XP_32b     : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b      : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b  : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b  : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b  : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b  : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b  : 02062C0B390B7729EDC9E69C680A6F3C
 
=======
Drive :
=======

Défragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse                 	 
    77,62 Go total,  46,64 Go libre (60%),  11% fragmenté (fragmentation du fichier 23%)

Vous devriez défragmenter ce volume. 	 

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\WINDOWS\mbr.exe  
Present !! : C:\Documents and Settings\Feu Central\Application Data\GDIPFONTCACHEV1.DAT  
Present !! : C:\Documents and Settings\Feu Central\Application Data\wklnhst.dat  
Present !! : C:\Documents and Settings\Feu Central\Application Data\GDIPFONTCACHEV1.DAT  
Present !! : C:\Documents and Settings\Feu Central\Application Data\wklnhst.dat  
 
¤¤¤¤¤¤¤¤¤¤ Keys : 

Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}  
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives  
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives  
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"  
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"  

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-06 21:42:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:71,8a,b5,98,f5,58,c6,f4,ee,2c,7c,9c,69,ee,19,fa,63,f2,e0,3d,11,..
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:71,8a,b5,98,f5,58,c6,f4,ee,2c,7c,9c,69,ee,19,fa,63,f2,e0,3d,11,..
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:26,5a,78,f7,f1,8c,92,6e,1c,c7,ac,94,40,75,b0,c4,7d,db,30,a3,ff,..
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,e7,37,45,55,7a,46,3d,09,b3,ed,9e,60,39,36,4b,8d,f9,..
"hdf12"=hex:97,d8,48,bb,7a,7b,fe,45,dc,39,19,4e,fe,bd,13,26,91,c6,1a,7d,29,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:39,b3,d2,5f,d4,5e,47,48,3f,b8,f9,38,cd,92,ac,fc,9c,0a,13,96,59,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:26,5a,78,f7,f1,8c,92,6e,1c,c7,ac,94,40,75,b0,c4,7d,db,30,a3,ff,..
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,e7,37,45,55,7a,46,3d,09,b3,ed,9e,60,39,36,4b,8d,f9,..
"hdf12"=hex:97,d8,48,bb,7a,7b,fe,45,dc,39,19,4e,fe,bd,13,26,91,c6,1a,7d,29,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:39,b3,d2,5f,d4,5e,47,48,3f,b8,f9,38,cd,92,ac,fc,9c,0a,13,96,59,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:26,5a,78,f7,f1,8c,92,6e,1c,c7,ac,94,40,75,b0,c4,7d,db,30,a3,ff,..
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,e7,37,45,55,7a,46,3d,09,b3,ed,9e,60,39,36,4b,8d,f9,..
"hdf12"=hex:97,d8,48,bb,7a,7b,fe,45,dc,39,19,4e,fe,bd,13,26,91,c6,1a,7d,29,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:39,b3,d2,5f,d4,5e,47,48,3f,b8,f9,38,cd,92,ac,fc,9c,0a,13,96,59,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:26,5a,78,f7,f1,8c,92,6e,1c,c7,ac,94,40,75,b0,c4,7d,db,30,a3,ff,..
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,e7,37,45,55,7a,46,3d,09,b3,ed,9e,60,39,36,4b,8d,f9,..
"hdf12"=hex:97,d8,48,bb,7a,7b,fe,45,dc,39,19,4e,fe,bd,13,26,91,c6,1a,7d,29,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:39,b3,d2,5f,d4,5e,47,48,3f,b8,f9,38,cd,92,ac,fc,9c,0a,13,96,59,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS 
kernel: MBR read successfully
user & kernel MBR OK 

==========
Programs
==========

Adobe
Apple Software Update
ATI Technologies
AvRack
BitDefender
Canon
CCleaner
ChessBase
ComPlus Applications
DAEMON Tools Lite
eMule
Exact Audio Copy
Fichiers communs
Hewlett-Packard
hp deskjet 840c series
InstallShield Installation Information
Internet Explorer
Inventel
Java
K-Lite Codec Pack
List_Kill'em
Malwarebytes' Anti-Malware
Messenger
microsoft frontpage
Microsoft Office
Microsoft Silverlight
Microsoft Works
Microsoft Works Suite 2005
Movie Maker
Mozilla Firefox
MSBuild
MSN
MSN Gaming Zone
MSXML 4.0
MSXML 6.0
NetMeeting
Outlook Express
QuickTime
Real Alternative
Realtek Sound Manager
Reference Assemblies
Services en ligne
Softwin
Spybot - Search & Destroy
TimeAdjuster
Uninstall Information
uTorrent
VIA
VIAudioi
Windows Desktop Search
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WinRAR
xerox
XnView-win

============
Drive C:
============

AUTOEXEC.BAT
Boot.bak
boot.ini
Bootfont.bin
cc930bf4229d606ec1207b1247
CF
cmdcons
cmldr
CONFIG.SYS
Documents and Settings
hiberfil.sys
IO.SYS
Kill'em
List'em.txt
MSDOS.SYS
NTDETECT.COM
ntldr
pagefile.sys
Program Files
Qoobox
RECYCLER
System Volume Information
WINDOWS
 
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials 
 
C:\Program Files\BitDefender\BitDefender 2009\BDInProcPatch.exe 
 
 
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Kill'em by g3n-h@ckm@n 1.2.4.0 
 
User : Feu Central (Administrateurs) 
Update on 05/02/2010 by g3n-h@ckm@n ::::: 18.40 
Start at: 10:46:00 | 08/02/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

AMD Sempron(tm)   2400+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : Antivirus BitDefender  12.0 [ (!) Disabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 77,62 Go (46,58 Go free) | NTFS
D:\ -> Disque fixe local | 77,62 Go (77,56 Go free) | NTFS
E:\ -> Disque fixe local | 77,62 Go (77,56 Go free) | NTFS
F:\ -> Disque CD-ROM
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
 
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Adobe\Updater6\Adobe_Updater.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Feu Central\Local Settings\temp\C4.tmp\ERUNT.EXE
C:\Documents and Settings\Feu Central\Local Settings\temp\C4.tmp\pv.exe
 
Detections : 
========== 
 

¤¤¤¤¤¤¤¤¤¤ Files/folders : 

Quarantined & Deleted !! : C:\WINDOWS\mbr.exe 
 
Quarantined & Deleted !! : C:\Documents and Settings\Feu Central\Application Data\GDIPFONTCACHEV1.DAT 
Quarantined & Deleted !! : C:\Documents and Settings\Feu Central\Application Data\wklnhst.dat 
Quarantined & Deleted !! : C:\Documents and Settings\Feu Central\LOCAL Settings\Temp\report.dat 
 
==============
host file OK !
==============

========
Registry
========

Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}  
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives  
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives  
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"  
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"  

Kill'em by g3n-h@ckm@n 1.2.4.0 
 
User : Feu Central (Administrateurs) 
Update on 05/02/2010 by g3n-h@ckm@n ::::: 18.40 
Start at: 08:22:27 | 09/02/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

AMD Sempron(tm)   2400+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : Antivirus BitDefender  12.0 [ (!) Disabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 77,62 Go (46,55 Go free) | NTFS
D:\ -> Disque fixe local | 77,62 Go (77,56 Go free) | NTFS
E:\ -> Disque fixe local | 77,62 Go (77,56 Go free) | NTFS
F:\ -> Disque CD-ROM
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
 
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Feu Central\Local Settings\temp\8E.tmp\ERUNT.EXE
C:\Documents and Settings\Feu Central\Local Settings\temp\8E.tmp\pv.exe
 
Detections : 
========== 
 

¤¤¤¤¤¤¤¤¤¤ Files/folders : 

 
 
==============
host file OK !
==============

========
Registry
========

========
Services
=========

 Ndisuio : Start = 3   
 EapHost : Start = 2   
 Ip6Fw : Start = 2   
 SharedAccess : Start = 2   
 wuauserv : Start = 2   
 wscsvc : Start = 2   

============
Disk Cleaned
============
 
================
Prefetch cleaned 
================
 
 
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤