Cheval de Troie 1037824.12
Résolu/Fermé
A voir également:
- Cheval de Troie 1037824.12
- Comment supprimer cheval de troie gratuitement - Télécharger - Antivirus & Antimalwares
- Ordinateur bloqué cheval de troie - Accueil - Arnaque
- Cheval de troie virus - Accueil - Virus
- Message cheval de troie - Forum Virus
- Skyrim cheval perdu - Forum Jeux PC
26 réponses
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
4 nov. 2010 à 10:00
4 nov. 2010 à 10:00
slt colle le rapport de ton logiciel de désinfection
puis
Télécharge ZHPDiag ( de Nicolas coolman ).
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
(outil de diagnostic)
Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )
Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin ( vista )
Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.
Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.
Rend toi sur Cjoint : http://www.cijoint.fr/
Clique sur "Parcourir " dans la partie " Joindre un fichier[...] "
Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau
Clique ensuite sur "Cliquez ici pour déposer le fichier " et copie/colle le lien dans ton prochain message
puis
Télécharge ZHPDiag ( de Nicolas coolman ).
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
(outil de diagnostic)
Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )
Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin ( vista )
Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.
Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.
Rend toi sur Cjoint : http://www.cijoint.fr/
Clique sur "Parcourir " dans la partie " Joindre un fichier[...] "
Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau
Clique ensuite sur "Cliquez ici pour déposer le fichier " et copie/colle le lien dans ton prochain message
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
4 nov. 2010 à 11:11
4 nov. 2010 à 11:11
ok analyse ces fichiers en gras sur virus total et colle le rapport
C:\Windows\Explorer.exe
ici:
https://www.virustotal.com/gui/
relance zhpdiag puis clique sur les jumelles en haut pour lancer Zhpsearch
puis dans Zhpsearch
1) Sélectionner "Trojan.Batimal" dans la liste déroulante
2) Cliquer sur le bouton "Loupe" pour lancer la recherche
3) En fin de recherche, cliquer sur le bouton "Afficher le rapport"
4) Poster le rapport
C:\Windows\Explorer.exe
ici:
https://www.virustotal.com/gui/
relance zhpdiag puis clique sur les jumelles en haut pour lancer Zhpsearch
puis dans Zhpsearch
1) Sélectionner "Trojan.Batimal" dans la liste déroulante
2) Cliquer sur le bouton "Loupe" pour lancer la recherche
3) En fin de recherche, cliquer sur le bouton "Afficher le rapport"
4) Poster le rapport
Rapport de virustotal :
Antivirus Version Last update Result
AhnLab-V3 2010.11.04.03 2010.11.04 -
AntiVir 7.10.13.134 2010.11.04 TR/Spy.1037824.12
Antiy-AVL 2.0.3.7 2010.11.04 -
Authentium 5.2.0.5 2010.11.04 -
Avast 4.8.1351.0 2010.11.03 -
Avast5 5.0.594.0 2010.11.03 -
AVG 9.0.0.851 2010.11.03 -
BitDefender 7.2 2010.11.04 Gen:Trojan.Heur.TP.@q0@b8d1HMh
CAT-QuickHeal 11.00 2010.11.04 -
ClamAV 0.96.2.0-git 2010.11.04 -
Comodo 6613 2010.11.04 TrojWare.Win32.Patched.kl
DrWeb 5.0.2.03300 2010.11.04 -
Emsisoft 5.0.0.50 2010.11.04 Virus.Win32.Bamital!IK
eSafe 7.0.17.0 2010.11.03 -
eTrust-Vet 36.1.7955 2010.11.04 -
F-Prot 4.6.2.117 2010.11.03 -
F-Secure 9.0.16160.0 2010.11.04 Gen:Trojan.Heur.TP.@q0@b8d1HMh
Fortinet 4.2.249.0 2010.11.04 W32/Pached.KL!tr
GData 21 2010.11.04 Gen:Trojan.Heur.TP.@q0@b8d1HMh
Ikarus T3.1.1.90.0 2010.11.04 Virus.Win32.Bamital
Jiangmin 13.0.900 2010.11.04 -
K7AntiVirus 9.67.2903 2010.11.03 -
Kaspersky 7.0.0.125 2010.11.04 -
McAfee 5.400.0.1158 2010.11.04 -
McAfee-GW-Edition 2010.1C 2010.11.04 -
Microsoft 1.6301 2010.11.04 -
NOD32 5589 2010.11.03 Win32/Bamital.EQ
Norman 6.06.10 2010.11.04 -
nProtect 2010-11-04.02 2010.11.04 -
Panda 10.0.2.7 2010.11.03 -
PCTools 7.0.3.5 2010.11.04 -
Prevx 3.0 2010.11.04 -
Rising 22.72.02.04 2010.11.04 Trojan.Win32.Generic.52425727
Sophos 4.59.0 2010.11.04 Troj/Patched-O
Sunbelt 7213 2010.11.04 -
SUPERAntiSpyware 4.40.0.1006 2010.11.04 -
TheHacker 6.7.0.1.076 2010.11.04 -
TrendMicro 9.120.0.1004 2010.11.04 -
TrendMicro-HouseCall 9.120.0.1004 2010.11.04 -
VBA32 3.12.14.1 2010.11.03 -
ViRobot 2010.10.4.4074 2010.11.04 -
VirusBuster 12.71.4.0 2010.11.03 -
MD5: 1c0b75959417852d82270945826a815d
SHA1: 0fd9be67de3d3de615c6294fc1e8d6df0fc726cc
SHA256: 3d7c0431237891d2c3bbf961918857f2eefa3d05e8008241553ca2c231d2d90f
File size: 1037824 bytes
Scan date: 2010-11-04 10:25:51 (UTC)
Et le rapport ZHP :
Rapport de ZHPSearch 1.23.04 par Nicolas Coolman, Update du 30/10/2010
Run by Famille Miéville at 04/11/2010 11:41:55
Windows XP Home Edition Service Pack 3 (Build 2600)
---\\ Elément(s) de recherche
- Trojan.Batimal
---\\ Liste des Fichiers & Dossiers:
[MD5.00000000000000000000000000000000] 14/04/2008 23:00:00 | ---A- | -- C:\WINDOWS\explorer.exe [1037824]
[MD5.7E3E19944FC04DC01FD73FDD832CF1E2] - (.Microsoft Corporation.) 14/04/2008 04:34:28 | ---A- | -- C:\Windows\System32\winlogon.exe [512000] => Fichier inconnu
---\\ Bilan de la recherche
Mode de recherche : Fichiers, Dossiers
Elément(s) trouvé(s) : 2
Nombre de fichiers analysés : 33934
Nombre de clés, valeurs ou données analysées : 0
Mode : Recherche complète
End of the scan (00mn 49s)
Antivirus Version Last update Result
AhnLab-V3 2010.11.04.03 2010.11.04 -
AntiVir 7.10.13.134 2010.11.04 TR/Spy.1037824.12
Antiy-AVL 2.0.3.7 2010.11.04 -
Authentium 5.2.0.5 2010.11.04 -
Avast 4.8.1351.0 2010.11.03 -
Avast5 5.0.594.0 2010.11.03 -
AVG 9.0.0.851 2010.11.03 -
BitDefender 7.2 2010.11.04 Gen:Trojan.Heur.TP.@q0@b8d1HMh
CAT-QuickHeal 11.00 2010.11.04 -
ClamAV 0.96.2.0-git 2010.11.04 -
Comodo 6613 2010.11.04 TrojWare.Win32.Patched.kl
DrWeb 5.0.2.03300 2010.11.04 -
Emsisoft 5.0.0.50 2010.11.04 Virus.Win32.Bamital!IK
eSafe 7.0.17.0 2010.11.03 -
eTrust-Vet 36.1.7955 2010.11.04 -
F-Prot 4.6.2.117 2010.11.03 -
F-Secure 9.0.16160.0 2010.11.04 Gen:Trojan.Heur.TP.@q0@b8d1HMh
Fortinet 4.2.249.0 2010.11.04 W32/Pached.KL!tr
GData 21 2010.11.04 Gen:Trojan.Heur.TP.@q0@b8d1HMh
Ikarus T3.1.1.90.0 2010.11.04 Virus.Win32.Bamital
Jiangmin 13.0.900 2010.11.04 -
K7AntiVirus 9.67.2903 2010.11.03 -
Kaspersky 7.0.0.125 2010.11.04 -
McAfee 5.400.0.1158 2010.11.04 -
McAfee-GW-Edition 2010.1C 2010.11.04 -
Microsoft 1.6301 2010.11.04 -
NOD32 5589 2010.11.03 Win32/Bamital.EQ
Norman 6.06.10 2010.11.04 -
nProtect 2010-11-04.02 2010.11.04 -
Panda 10.0.2.7 2010.11.03 -
PCTools 7.0.3.5 2010.11.04 -
Prevx 3.0 2010.11.04 -
Rising 22.72.02.04 2010.11.04 Trojan.Win32.Generic.52425727
Sophos 4.59.0 2010.11.04 Troj/Patched-O
Sunbelt 7213 2010.11.04 -
SUPERAntiSpyware 4.40.0.1006 2010.11.04 -
TheHacker 6.7.0.1.076 2010.11.04 -
TrendMicro 9.120.0.1004 2010.11.04 -
TrendMicro-HouseCall 9.120.0.1004 2010.11.04 -
VBA32 3.12.14.1 2010.11.03 -
ViRobot 2010.10.4.4074 2010.11.04 -
VirusBuster 12.71.4.0 2010.11.03 -
MD5: 1c0b75959417852d82270945826a815d
SHA1: 0fd9be67de3d3de615c6294fc1e8d6df0fc726cc
SHA256: 3d7c0431237891d2c3bbf961918857f2eefa3d05e8008241553ca2c231d2d90f
File size: 1037824 bytes
Scan date: 2010-11-04 10:25:51 (UTC)
Et le rapport ZHP :
Rapport de ZHPSearch 1.23.04 par Nicolas Coolman, Update du 30/10/2010
Run by Famille Miéville at 04/11/2010 11:41:55
Windows XP Home Edition Service Pack 3 (Build 2600)
---\\ Elément(s) de recherche
- Trojan.Batimal
---\\ Liste des Fichiers & Dossiers:
[MD5.00000000000000000000000000000000] 14/04/2008 23:00:00 | ---A- | -- C:\WINDOWS\explorer.exe [1037824]
[MD5.7E3E19944FC04DC01FD73FDD832CF1E2] - (.Microsoft Corporation.) 14/04/2008 04:34:28 | ---A- | -- C:\Windows\System32\winlogon.exe [512000] => Fichier inconnu
---\\ Bilan de la recherche
Mode de recherche : Fichiers, Dossiers
Elément(s) trouvé(s) : 2
Nombre de fichiers analysés : 33934
Nombre de clés, valeurs ou données analysées : 0
Mode : Recherche complète
End of the scan (00mn 49s)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
4 nov. 2010 à 12:02
4 nov. 2010 à 12:02
ok
c'est bien l'infection Bamital
ne supprime pas les fichiers infectés surtout sinon le pc ne demarrera pas
analyse ce fichier sur virus total et colle le rapport
C:\Windows\System32\winlogon.exe
c'est bien l'infection Bamital
ne supprime pas les fichiers infectés surtout sinon le pc ne demarrera pas
analyse ce fichier sur virus total et colle le rapport
C:\Windows\System32\winlogon.exe
Voilà le rapport :
AhnLab-V3 2010.11.04.03 2010.11.04 -
AntiVir 7.10.13.136 2010.11.04 -
Antiy-AVL 2.0.3.7 2010.11.04 Trojan/Win32.Small.gen
Authentium 5.2.0.5 2010.11.04 -
Avast 4.8.1351.0 2010.11.04 -
Avast5 5.0.594.0 2010.11.04 -
AVG 9.0.0.851 2010.11.03 -
BitDefender 7.2 2010.11.04 Gen:Trojan.Heur.TP.Fm0@baJHH0l
CAT-QuickHeal 11.00 2010.11.04 -
ClamAV 0.96.2.0-git 2010.11.04 -
Comodo 6613 2010.11.04 TrojWare.Win32.Patched.kl
DrWeb 5.0.2.03300 2010.11.04 -
Emsisoft 5.0.0.50 2010.11.04 -
eSafe 7.0.17.0 2010.11.03 -
eTrust-Vet 36.1.7955 2010.11.04 -
F-Prot 4.6.2.117 2010.11.03 -
F-Secure 9.0.16160.0 2010.11.04 Gen:Trojan.Heur.TP.Fm0@baJHH0l
Fortinet 4.2.249.0 2010.11.04 W32/Pached.KL!tr
GData 21 2010.11.04 Gen:Trojan.Heur.TP.Fm0@baJHH0l
Ikarus T3.1.1.90.0 2010.11.04 -
Jiangmin 13.0.900 2010.11.04 -
K7AntiVirus 9.67.2903 2010.11.03 -
Kaspersky 7.0.0.125 2010.11.04 -
McAfee 5.400.0.1158 2010.11.04 -
McAfee-GW-Edition 2010.1C 2010.11.04 -
Microsoft 1.6301 2010.11.04 -
NOD32 5590 2010.11.04 Win32/Bamital.EQ
Norman 6.06.10 2010.11.04 -
nProtect 2010-11-04.02 2010.11.04 Trojan-Downloader/W32.Small.512000.B
Panda 10.0.2.7 2010.11.03 -
PCTools 7.0.3.5 2010.11.04 -
Prevx 3.0 2010.11.04 Medium Risk Malware
Rising 22.72.02.04 2010.11.04 Trojan.Win32.Generic.5241FCE0
Sophos 4.59.0 2010.11.04 Troj/Patched-O
Sunbelt 7213 2010.11.04 -
SUPERAntiSpyware 4.40.0.1006 2010.11.04 -
Symantec 20101.2.0.161 2010.11.04 -
TheHacker 6.7.0.1.076 2010.11.04 -
TrendMicro 9.120.0.1004 2010.11.04 -
TrendMicro-HouseCall 9.120.0.1004 2010.11.04 -
VBA32 3.12.14.1 2010.11.03 -
ViRobot 2010.10.4.4074 2010.11.04 -
VirusBuster 12.71.4.0 2010.11.03 -
MD5: 7e3e19944fc04dc01fd73fdd832cf1e2
SHA1: a4ebb4cf396aabf5efa0fe80508fe65a11a038be
SHA256: 787fc9508c3aef3c854198e950a2113de6ce60ea34afcde7b39f8d1c7f9d80b1
File size: 512000 bytes
Scan date: 2010-11-04 11:27:13 (UTC)
AhnLab-V3 2010.11.04.03 2010.11.04 -
AntiVir 7.10.13.136 2010.11.04 -
Antiy-AVL 2.0.3.7 2010.11.04 Trojan/Win32.Small.gen
Authentium 5.2.0.5 2010.11.04 -
Avast 4.8.1351.0 2010.11.04 -
Avast5 5.0.594.0 2010.11.04 -
AVG 9.0.0.851 2010.11.03 -
BitDefender 7.2 2010.11.04 Gen:Trojan.Heur.TP.Fm0@baJHH0l
CAT-QuickHeal 11.00 2010.11.04 -
ClamAV 0.96.2.0-git 2010.11.04 -
Comodo 6613 2010.11.04 TrojWare.Win32.Patched.kl
DrWeb 5.0.2.03300 2010.11.04 -
Emsisoft 5.0.0.50 2010.11.04 -
eSafe 7.0.17.0 2010.11.03 -
eTrust-Vet 36.1.7955 2010.11.04 -
F-Prot 4.6.2.117 2010.11.03 -
F-Secure 9.0.16160.0 2010.11.04 Gen:Trojan.Heur.TP.Fm0@baJHH0l
Fortinet 4.2.249.0 2010.11.04 W32/Pached.KL!tr
GData 21 2010.11.04 Gen:Trojan.Heur.TP.Fm0@baJHH0l
Ikarus T3.1.1.90.0 2010.11.04 -
Jiangmin 13.0.900 2010.11.04 -
K7AntiVirus 9.67.2903 2010.11.03 -
Kaspersky 7.0.0.125 2010.11.04 -
McAfee 5.400.0.1158 2010.11.04 -
McAfee-GW-Edition 2010.1C 2010.11.04 -
Microsoft 1.6301 2010.11.04 -
NOD32 5590 2010.11.04 Win32/Bamital.EQ
Norman 6.06.10 2010.11.04 -
nProtect 2010-11-04.02 2010.11.04 Trojan-Downloader/W32.Small.512000.B
Panda 10.0.2.7 2010.11.03 -
PCTools 7.0.3.5 2010.11.04 -
Prevx 3.0 2010.11.04 Medium Risk Malware
Rising 22.72.02.04 2010.11.04 Trojan.Win32.Generic.5241FCE0
Sophos 4.59.0 2010.11.04 Troj/Patched-O
Sunbelt 7213 2010.11.04 -
SUPERAntiSpyware 4.40.0.1006 2010.11.04 -
Symantec 20101.2.0.161 2010.11.04 -
TheHacker 6.7.0.1.076 2010.11.04 -
TrendMicro 9.120.0.1004 2010.11.04 -
TrendMicro-HouseCall 9.120.0.1004 2010.11.04 -
VBA32 3.12.14.1 2010.11.03 -
ViRobot 2010.10.4.4074 2010.11.04 -
VirusBuster 12.71.4.0 2010.11.03 -
MD5: 7e3e19944fc04dc01fd73fdd832cf1e2
SHA1: a4ebb4cf396aabf5efa0fe80508fe65a11a038be
SHA256: 787fc9508c3aef3c854198e950a2113de6ce60ea34afcde7b39f8d1c7f9d80b1
File size: 512000 bytes
Scan date: 2010-11-04 11:27:13 (UTC)
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
Modifié par jlpjlp le 4/11/2010 à 12:50
Modifié par jlpjlp le 4/11/2010 à 12:50
analyse aussi le fichier
c.windows.system32/wininit.exe
c.windows.system32/wininit.exe
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
4 nov. 2010 à 13:28
4 nov. 2010 à 13:28
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications. sans debrancher la connexion internet
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions et installe la console de récupération
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications. sans debrancher la connexion internet
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions et installe la console de récupération
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
J'ai suivi tes instructions et le programme s'est bien lancé. Dans la fenêtre bleue il y a même eu le message que le virus avait été détecté et le fichier restauré... Mais là, je m'inquiète un peu parce que depuis quelques minutes il y a mon fond d'écran mais plus la fenêtre bleue de ComboFix. C'est normal ? Je n'ose rien toucher de peur de tout bloquer... mais je me demande si ce n'est pas déjà bloqué ! :(
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
4 nov. 2010 à 18:52
4 nov. 2010 à 18:52
redemarre le pc si cela bloque
Bon alors... Après au moins 30 minutes d'écran figé, ne pouvant rien faire, j'ai rebooté mon pc. Et là, en rallumant le pc, la fenêtre de combofix est réapparue et le processus s'est terminé jusqu'au rapport... Mais mon antivirus détecte toujours la présence du cheval de Troie. Le fait d'avoir rebooté au milieu fausse sans doute les choses... Je colle le rapport ci-dessous quand même !
ComboFix 10-11-03.03 - Famille Miéville 04/11/2010 17:34:17.1.1 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.447.212 [GMT 1:00]
Lancé depuis: c:\documents and settings\Famille Miéville\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Documents\Server\admin.txt
c:\documents and settings\All Users\Menu Démarrer\Programmes\InternetGameBox
c:\documents and settings\All Users\Menu Démarrer\Programmes\InternetGameBox\Conditions générales.url
c:\documents and settings\All Users\Menu Démarrer\Programmes\InternetGameBox\Confidentialité.url
c:\documents and settings\All Users\Menu Démarrer\Programmes\InternetGameBox\Désinstaller.lnk
c:\documents and settings\All Users\Menu Démarrer\Programmes\InternetGameBox\InternetGameBox.lnk
c:\documents and settings\All Users\Menu Démarrer\Programmes\InternetGameBox\Website.url
c:\documents and settings\Famille Miéville\Application Data\MessengerSkinner
c:\documents and settings\Famille Miéville\Application Data\MessengerSkinner\Userdata\languages_v2.xml
c:\documents and settings\Famille Miéville\Application Data\MessengerSkinner\Userdata\pack1.cab
c:\documents and settings\Famille Miéville\Menu Démarrer\Programmes\InternetGameBox
c:\documents and settings\Famille Miéville\Menu Démarrer\Programmes\InternetGameBox\Conditions générales.lnk
c:\documents and settings\Famille Miéville\Menu Démarrer\Programmes\InternetGameBox\Confidentialité.lnk
c:\documents and settings\Famille Miéville\Menu Démarrer\Programmes\InternetGameBox\InternetGameBox.lnk
c:\documents and settings\Famille Miéville\Menu Démarrer\Programmes\InternetGameBox\Uninstall.lnk
c:\documents and settings\Famille Miéville\Menu Démarrer\Programmes\InternetGameBox\Website.lnk
c:\documents and settings\Famille Miéville\Menu Démarrer\Programmes\MessengerSkinner
c:\documents and settings\Famille Miéville\Menu Démarrer\Programmes\MessengerSkinner\Conditions générales.lnk
c:\documents and settings\Famille Miéville\Menu Démarrer\Programmes\MessengerSkinner\Confidentialité.lnk
c:\documents and settings\Famille Miéville\Menu Démarrer\Programmes\MessengerSkinner\MessengerSkinner.lnk
c:\documents and settings\Famille Miéville\Menu Démarrer\Programmes\MessengerSkinner\Website.lnk
c:\program files\internetgamebox
c:\program files\internetgamebox\Conditions générales.url
c:\program files\internetgamebox\Confidentialité.url
c:\program files\internetgamebox\InternetGameBox.url
c:\program files\internetgamebox\language
c:\program files\internetgamebox\ressources\AttenteOff.html
c:\program files\internetgamebox\ressources\AttenteOn.html
c:\program files\internetgamebox\ressources\configv2_en.xml
c:\program files\internetgamebox\ressources\configv2_es.xml
c:\program files\internetgamebox\ressources\configv2_fr.xml
c:\program files\internetgamebox\ressources\favoris\defaultv2.swf
c:\program files\internetgamebox\skins\skinv2.skn
c:\program files\internetgamebox\Website.url
c:\program files\messengerskinner
c:\program files\messengerskinner\Conditions générales.url
c:\program files\messengerskinner\Confidentialité.url
c:\program files\messengerskinner\download\defaultPack.cab
c:\program files\messengerskinner\resources\appconfig.xml
c:\program files\messengerskinner\resources\btn.rgn
c:\program files\messengerskinner\resources\btnBnr.rgn
c:\program files\messengerskinner\resources\btnIn.rgn
c:\program files\messengerskinner\resources\btnInNormal.bmp
c:\program files\messengerskinner\resources\btnInOver.bmp
c:\program files\messengerskinner\resources\btnNormal.bmp
c:\program files\messengerskinner\resources\btnNormal.gif
c:\program files\messengerskinner\resources\btnNormalBnr.bmp
c:\program files\messengerskinner\resources\btnNormalBnr.gif
c:\program files\messengerskinner\resources\btnOver.bmp
c:\program files\messengerskinner\resources\btnOver.gif
c:\program files\messengerskinner\resources\btnOverBnr.bmp
c:\program files\messengerskinner\resources\btnOverBnr.gif
c:\program files\messengerskinner\resources\languages_v2.xml
c:\program files\messengerskinner\Website.url
c:\windows\clofghls.dll
c:\windows\system32\mmbsbd.dat
c:\windows\system32\mmbsbd_nav.dat
c:\windows\system32\mmbsbd_navps.dat
c:\windows\system32\STEC3.sys
c:\windows\system32\winlogon.exe . . . est infecté!! . . .Failed to restore. Attempting to replace on reboot
Une copie infectée de c:\windows\explorer.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_STEC3
-------\Service_STEC3
((((((((((((((((((((((((((((( Fichiers créés du 2010-10-04 au 2010-11-04 ))))))))))))))))))))))))))))))))))))
.
2010-11-04 10:24 . 2010-11-04 10:24 -------- d-----w- c:\program files\VirusTotalUploader2
2010-11-04 09:06 . 2010-11-04 09:06 -------- d-----w- c:\program files\ZHPDiag
2010-11-04 07:50 . 2010-11-04 07:50 -------- d-----w- c:\documents and settings\chloé\Application Data\Simply Super Software
2010-11-03 22:49 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-11-03 22:49 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-11-03 22:49 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-11-03 22:49 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-11-03 22:49 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-11-03 22:49 . 2010-11-03 22:49 -------- d-----w- c:\program files\Trojan Remover
2010-11-03 22:49 . 2010-11-03 22:49 -------- d-----w- c:\documents and settings\Famille Miéville\Application Data\Simply Super Software
2010-11-03 22:49 . 2010-11-03 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-11-03 21:18 . 2010-11-03 21:18 -------- d-----w- c:\documents and settings\Famille Miéville\Application Data\thecleaner
2010-11-03 21:16 . 2010-11-03 21:16 -------- d-----w- c:\program files\The Cleaner
2010-11-03 19:28 . 2010-11-03 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-11-03 13:39 . 2010-11-03 13:39 -------- d-----w- c:\program files\CCleaner
2010-10-24 15:49 . 2010-10-24 15:49 -------- d-----w- c:\documents and settings\Famille Miéville\Application Data\VirginMega.DownloadManager.v3.4AE6D9B37411D7D7A2C457954142B8FA4EE6E198.1
2010-10-24 15:48 . 2010-10-24 15:48 -------- d-----w- c:\program files\VirginMega DownloadManager v3
2010-10-24 15:48 . 2010-10-24 15:48 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR
2010-10-13 11:12 . 2010-08-23 17:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-13 10:43 . 2010-09-18 07:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 10:43 . 2010-09-18 07:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-20 12:31 . 2010-09-20 12:31 443910 ----a-w- c:\windows\Enjoy 5e Uninstaller.exe
2010-09-18 11:23 . 2004-08-05 04:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 07:53 . 2004-08-05 04:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 07:53 . 2004-08-05 04:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 07:53 . 2004-08-05 04:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:34 . 2005-07-03 02:16 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:34 . 2004-08-05 04:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 14:34 . 2004-08-05 04:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 14:34 . 2004-08-05 04:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 16:57 . 2004-08-05 04:00 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 12:51 . 2004-08-05 04:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 08:55 . 2005-03-02 18:07 1852928 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 09:02 . 2004-08-05 04:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 06:58 . 2004-12-07 19:34 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 02:43 . 2008-05-05 06:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 14:39 . 2005-05-10 00:17 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 17:12 . 2004-08-05 04:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 14:17 . 2005-06-10 23:53 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 09:44 . 2004-08-05 04:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.
------- Sigcheck -------
[-] 2008-04-14 . 4222B3C490BA0571D6525688B93C5028 . 512000 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-14 . DD73D6B9F6B4CB630CF35B438B540174 . 512000 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2004-08-05 . D2DE785AEAB0BB8CA4C14A8A199DBE4E . 506368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 . E3702D74DC5D8F61095FA8A7F8DB47A1 . 1037824 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . D0288319660EDCFED07C7E74C4EA38A5 . 1037312 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2007-06-13 . B795475444D6D57A572C14B9E1A29839 . 1037312 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[7] 2004-08-05 . 4C33E5B9A6197B6ED215F6CFBA0A2DAA . 1036288 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\Famille Miéville\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-20 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-07-30 202256]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-08-02 1167808]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk
backup=c:\windows\pss\DSLMON.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utility Tray.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Utility Tray.lnk
backup=c:\windows\pss\Utility Tray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WiFi Station.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\WiFi Station.lnk
backup=c:\windows\pss\WiFi Station.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Famille Miéville^Menu Démarrer^Programmes^Démarrage^HotSync Manager.lnk]
path=c:\documents and settings\Famille Miéville\Menu Démarrer\Programmes\Démarrage\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Famille Miéville^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\Famille Miéville\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Famille Miéville^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Famille Miéville\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-09-10 23:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
1999-04-27 01:00 18944 ----a-w- c:\program files\Creative\WebCam Control\CamTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:34 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
2005-11-16 16:00 397312 ----a-w- c:\acer\Empowering Technology\eRecovery\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-12-15 10:18 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-05 04:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2002-07-17 10:00 204863 ----a-w- c:\program files\Microsoft Money\System\mnyexpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-05 04:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
2005-05-11 17:15 45056 ----a-w- c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-05 04:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-05 04:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-09-01 14:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
2005-07-13 01:55 49152 ----a-w- c:\windows\system32\SiSPower.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-08-17 10:39 90112 ----a-w- c:\windows\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 04:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-07-30 10:13 202256 ----a-w- c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 15:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [18/05/2009 11:03 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21/06/2008 04:54 66600]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [31/07/2009 12:10 108289]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31/10/2008 07:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31/10/2008 07:24 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [18/05/2009 11:03 65576]
S3 CTL518;Video Blaster WebCam (WDM);c:\windows\system32\drivers\wcvid.sys [20/10/2000 14:00 178408]
S3 WN4501HLFZZ(Technology Corporation);802.11g Wireless USB Adapter(Technology Corporation);c:\windows\system32\DRIVERS\O4501U.sys --> c:\windows\system32\DRIVERS\O4501U.sys [?]
.
Contenu du dossier 'Tâches planifiées'
2009-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]
2010-10-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3128837567-1174875597-2259545778-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]
2010-11-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3128837567-1174875597-2259545778-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.msn.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.tiscali.fr/
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
FF - ProfilePath - c:\documents and settings\Famille Miéville\Application Data\Mozilla\Firefox\Profiles\sgvx75m4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.fr/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
.
------- Associations de fichier -------
.
.reg=Regedit.Document
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-messengerskinner - c:\program files\MessengerSkinner\MessengerSkinner.exe
MSConfigStartUp-mmbsbd - c:\windows\system32\mmbsbd.exe
MSConfigStartUp-OPTENET_GUI - c:\program files\Telecom Italia France\Securite Enfants\bin\OPTGui.exe
AddRemove-Creative Video Blaster WebCam - c:\windows\CtDrvIns.exe -uninstall usb\vid_05A9&pid_0518 -plugin Wcpin.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-04 18:40
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(900)
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2010-11-04 18:48:49 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-11-04 17:48
Avant-CF: 30 421 614 592 octets libres
Après-CF: 31 240 355 840 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
- - End Of File - - 319873FF59E78D28A944952B5EA4F1C9
ComboFix 10-11-03.03 - Famille Miéville 04/11/2010 17:34:17.1.1 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.447.212 [GMT 1:00]
Lancé depuis: c:\documents and settings\Famille Miéville\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Documents\Server\admin.txt
c:\documents and settings\All Users\Menu Démarrer\Programmes\InternetGameBox
c:\documents and settings\All Users\Menu Démarrer\Programmes\InternetGameBox\Conditions générales.url
c:\documents and settings\All Users\Menu Démarrer\Programmes\InternetGameBox\Confidentialité.url
c:\documents and settings\All Users\Menu Démarrer\Programmes\InternetGameBox\Désinstaller.lnk
c:\documents and settings\All Users\Menu Démarrer\Programmes\InternetGameBox\InternetGameBox.lnk
c:\documents and settings\All Users\Menu Démarrer\Programmes\InternetGameBox\Website.url
c:\documents and settings\Famille Miéville\Application Data\MessengerSkinner
c:\documents and settings\Famille Miéville\Application Data\MessengerSkinner\Userdata\languages_v2.xml
c:\documents and settings\Famille Miéville\Application Data\MessengerSkinner\Userdata\pack1.cab
c:\documents and settings\Famille Miéville\Menu Démarrer\Programmes\InternetGameBox
c:\documents and settings\Famille Miéville\Menu Démarrer\Programmes\InternetGameBox\Conditions générales.lnk
c:\documents and settings\Famille Miéville\Menu Démarrer\Programmes\InternetGameBox\Confidentialité.lnk
c:\documents and settings\Famille Miéville\Menu Démarrer\Programmes\InternetGameBox\InternetGameBox.lnk
c:\documents and settings\Famille Miéville\Menu Démarrer\Programmes\InternetGameBox\Uninstall.lnk
c:\documents and settings\Famille Miéville\Menu Démarrer\Programmes\InternetGameBox\Website.lnk
c:\documents and settings\Famille Miéville\Menu Démarrer\Programmes\MessengerSkinner
c:\documents and settings\Famille Miéville\Menu Démarrer\Programmes\MessengerSkinner\Conditions générales.lnk
c:\documents and settings\Famille Miéville\Menu Démarrer\Programmes\MessengerSkinner\Confidentialité.lnk
c:\documents and settings\Famille Miéville\Menu Démarrer\Programmes\MessengerSkinner\MessengerSkinner.lnk
c:\documents and settings\Famille Miéville\Menu Démarrer\Programmes\MessengerSkinner\Website.lnk
c:\program files\internetgamebox
c:\program files\internetgamebox\Conditions générales.url
c:\program files\internetgamebox\Confidentialité.url
c:\program files\internetgamebox\InternetGameBox.url
c:\program files\internetgamebox\language
c:\program files\internetgamebox\ressources\AttenteOff.html
c:\program files\internetgamebox\ressources\AttenteOn.html
c:\program files\internetgamebox\ressources\configv2_en.xml
c:\program files\internetgamebox\ressources\configv2_es.xml
c:\program files\internetgamebox\ressources\configv2_fr.xml
c:\program files\internetgamebox\ressources\favoris\defaultv2.swf
c:\program files\internetgamebox\skins\skinv2.skn
c:\program files\internetgamebox\Website.url
c:\program files\messengerskinner
c:\program files\messengerskinner\Conditions générales.url
c:\program files\messengerskinner\Confidentialité.url
c:\program files\messengerskinner\download\defaultPack.cab
c:\program files\messengerskinner\resources\appconfig.xml
c:\program files\messengerskinner\resources\btn.rgn
c:\program files\messengerskinner\resources\btnBnr.rgn
c:\program files\messengerskinner\resources\btnIn.rgn
c:\program files\messengerskinner\resources\btnInNormal.bmp
c:\program files\messengerskinner\resources\btnInOver.bmp
c:\program files\messengerskinner\resources\btnNormal.bmp
c:\program files\messengerskinner\resources\btnNormal.gif
c:\program files\messengerskinner\resources\btnNormalBnr.bmp
c:\program files\messengerskinner\resources\btnNormalBnr.gif
c:\program files\messengerskinner\resources\btnOver.bmp
c:\program files\messengerskinner\resources\btnOver.gif
c:\program files\messengerskinner\resources\btnOverBnr.bmp
c:\program files\messengerskinner\resources\btnOverBnr.gif
c:\program files\messengerskinner\resources\languages_v2.xml
c:\program files\messengerskinner\Website.url
c:\windows\clofghls.dll
c:\windows\system32\mmbsbd.dat
c:\windows\system32\mmbsbd_nav.dat
c:\windows\system32\mmbsbd_navps.dat
c:\windows\system32\STEC3.sys
c:\windows\system32\winlogon.exe . . . est infecté!! . . .Failed to restore. Attempting to replace on reboot
Une copie infectée de c:\windows\explorer.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_STEC3
-------\Service_STEC3
((((((((((((((((((((((((((((( Fichiers créés du 2010-10-04 au 2010-11-04 ))))))))))))))))))))))))))))))))))))
.
2010-11-04 10:24 . 2010-11-04 10:24 -------- d-----w- c:\program files\VirusTotalUploader2
2010-11-04 09:06 . 2010-11-04 09:06 -------- d-----w- c:\program files\ZHPDiag
2010-11-04 07:50 . 2010-11-04 07:50 -------- d-----w- c:\documents and settings\chloé\Application Data\Simply Super Software
2010-11-03 22:49 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-11-03 22:49 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-11-03 22:49 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-11-03 22:49 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-11-03 22:49 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-11-03 22:49 . 2010-11-03 22:49 -------- d-----w- c:\program files\Trojan Remover
2010-11-03 22:49 . 2010-11-03 22:49 -------- d-----w- c:\documents and settings\Famille Miéville\Application Data\Simply Super Software
2010-11-03 22:49 . 2010-11-03 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-11-03 21:18 . 2010-11-03 21:18 -------- d-----w- c:\documents and settings\Famille Miéville\Application Data\thecleaner
2010-11-03 21:16 . 2010-11-03 21:16 -------- d-----w- c:\program files\The Cleaner
2010-11-03 19:28 . 2010-11-03 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-11-03 13:39 . 2010-11-03 13:39 -------- d-----w- c:\program files\CCleaner
2010-10-24 15:49 . 2010-10-24 15:49 -------- d-----w- c:\documents and settings\Famille Miéville\Application Data\VirginMega.DownloadManager.v3.4AE6D9B37411D7D7A2C457954142B8FA4EE6E198.1
2010-10-24 15:48 . 2010-10-24 15:48 -------- d-----w- c:\program files\VirginMega DownloadManager v3
2010-10-24 15:48 . 2010-10-24 15:48 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR
2010-10-13 11:12 . 2010-08-23 17:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-13 10:43 . 2010-09-18 07:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 10:43 . 2010-09-18 07:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-20 12:31 . 2010-09-20 12:31 443910 ----a-w- c:\windows\Enjoy 5e Uninstaller.exe
2010-09-18 11:23 . 2004-08-05 04:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 07:53 . 2004-08-05 04:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 07:53 . 2004-08-05 04:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 07:53 . 2004-08-05 04:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:34 . 2005-07-03 02:16 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:34 . 2004-08-05 04:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 14:34 . 2004-08-05 04:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 14:34 . 2004-08-05 04:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 16:57 . 2004-08-05 04:00 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 12:51 . 2004-08-05 04:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 08:55 . 2005-03-02 18:07 1852928 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 09:02 . 2004-08-05 04:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 06:58 . 2004-12-07 19:34 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 02:43 . 2008-05-05 06:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 14:39 . 2005-05-10 00:17 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 17:12 . 2004-08-05 04:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 14:17 . 2005-06-10 23:53 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 09:44 . 2004-08-05 04:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.
------- Sigcheck -------
[-] 2008-04-14 . 4222B3C490BA0571D6525688B93C5028 . 512000 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-14 . DD73D6B9F6B4CB630CF35B438B540174 . 512000 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2004-08-05 . D2DE785AEAB0BB8CA4C14A8A199DBE4E . 506368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 . E3702D74DC5D8F61095FA8A7F8DB47A1 . 1037824 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . D0288319660EDCFED07C7E74C4EA38A5 . 1037312 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2007-06-13 . B795475444D6D57A572C14B9E1A29839 . 1037312 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[7] 2004-08-05 . 4C33E5B9A6197B6ED215F6CFBA0A2DAA . 1036288 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\Famille Miéville\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-20 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-07-30 202256]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-08-02 1167808]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk
backup=c:\windows\pss\DSLMON.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utility Tray.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Utility Tray.lnk
backup=c:\windows\pss\Utility Tray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WiFi Station.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\WiFi Station.lnk
backup=c:\windows\pss\WiFi Station.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Famille Miéville^Menu Démarrer^Programmes^Démarrage^HotSync Manager.lnk]
path=c:\documents and settings\Famille Miéville\Menu Démarrer\Programmes\Démarrage\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Famille Miéville^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\Famille Miéville\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Famille Miéville^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Famille Miéville\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-09-10 23:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
1999-04-27 01:00 18944 ----a-w- c:\program files\Creative\WebCam Control\CamTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:34 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
2005-11-16 16:00 397312 ----a-w- c:\acer\Empowering Technology\eRecovery\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-12-15 10:18 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-05 04:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2002-07-17 10:00 204863 ----a-w- c:\program files\Microsoft Money\System\mnyexpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-05 04:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
2005-05-11 17:15 45056 ----a-w- c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-05 04:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-05 04:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-09-01 14:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
2005-07-13 01:55 49152 ----a-w- c:\windows\system32\SiSPower.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-08-17 10:39 90112 ----a-w- c:\windows\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 04:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-07-30 10:13 202256 ----a-w- c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 15:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [18/05/2009 11:03 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21/06/2008 04:54 66600]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [31/07/2009 12:10 108289]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31/10/2008 07:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31/10/2008 07:24 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [18/05/2009 11:03 65576]
S3 CTL518;Video Blaster WebCam (WDM);c:\windows\system32\drivers\wcvid.sys [20/10/2000 14:00 178408]
S3 WN4501HLFZZ(Technology Corporation);802.11g Wireless USB Adapter(Technology Corporation);c:\windows\system32\DRIVERS\O4501U.sys --> c:\windows\system32\DRIVERS\O4501U.sys [?]
.
Contenu du dossier 'Tâches planifiées'
2009-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]
2010-10-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3128837567-1174875597-2259545778-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]
2010-11-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3128837567-1174875597-2259545778-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.msn.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.tiscali.fr/
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
FF - ProfilePath - c:\documents and settings\Famille Miéville\Application Data\Mozilla\Firefox\Profiles\sgvx75m4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.fr/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
.
------- Associations de fichier -------
.
.reg=Regedit.Document
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-messengerskinner - c:\program files\MessengerSkinner\MessengerSkinner.exe
MSConfigStartUp-mmbsbd - c:\windows\system32\mmbsbd.exe
MSConfigStartUp-OPTENET_GUI - c:\program files\Telecom Italia France\Securite Enfants\bin\OPTGui.exe
AddRemove-Creative Video Blaster WebCam - c:\windows\CtDrvIns.exe -uninstall usb\vid_05A9&pid_0518 -plugin Wcpin.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-04 18:40
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(900)
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2010-11-04 18:48:49 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-11-04 17:48
Avant-CF: 30 421 614 592 octets libres
Après-CF: 31 240 355 840 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
- - End Of File - - 319873FF59E78D28A944952B5EA4F1C9
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
Modifié par jlpjlp le 4/11/2010 à 19:24
Modifié par jlpjlp le 4/11/2010 à 19:24
ok
il y a ceci dans le rapport
c:\windows\system32\winlogon.exe . . . est infecté!! . . .Failed to restore. Attempting to replace on reboot
donc un souci pour remettre ce fichier infecté
pour vérifier analyse sur virus total le fichier et colle le rapport
c:\windows\system32\winlogon.exe
______
antivir trouve quel fichier infecté?
______
et aussi faire ceci:
télécharge SEAF http://www.teamxscript.org/too/SEAF.exe
puis recherche ceci winlogon
et coche toutes les options de recherche
il y a ceci dans le rapport
c:\windows\system32\winlogon.exe . . . est infecté!! . . .Failed to restore. Attempting to replace on reboot
donc un souci pour remettre ce fichier infecté
pour vérifier analyse sur virus total le fichier et colle le rapport
c:\windows\system32\winlogon.exe
______
antivir trouve quel fichier infecté?
______
et aussi faire ceci:
télécharge SEAF http://www.teamxscript.org/too/SEAF.exe
puis recherche ceci winlogon
et coche toutes les options de recherche
Rapport de virustotal pour c:\windows\system32\winlogon.exe :
AhnLab-V3 2010.11.04.03 2010.11.04 -
AntiVir 7.10.13.139 2010.11.04 -
Antiy-AVL 2.0.3.7 2010.11.04 Trojan/Win32.Small.gen
Authentium 5.2.0.5 2010.11.04 -
Avast 4.8.1351.0 2010.11.04 -
Avast5 5.0.594.0 2010.11.04 -
AVG 9.0.0.851 2010.11.04 -
BitDefender 7.2 2010.11.04 Gen:Trojan.Heur.TP.Fm0@baJHH0l
CAT-QuickHeal 11.00 2010.11.04 -
ClamAV 0.96.2.0-git 2010.11.04 -
Comodo 6617 2010.11.04 TrojWare.Win32.Patched.kl
DrWeb 5.0.2.03300 2010.11.04 -
Emsisoft 5.0.0.50 2010.11.04 -
eSafe 7.0.17.0 2010.11.04 -
eTrust-Vet 36.1.7955 2010.11.04 -
F-Prot 4.6.2.117 2010.11.03 -
F-Secure 9.0.16160.0 2010.11.04 Gen:Trojan.Heur.TP.Fm0@baJHH0l
Fortinet 4.2.249.0 2010.11.04 W32/Pached.KL!tr
GData 21 2010.11.04 Gen:Trojan.Heur.TP.Fm0@baJHH0l
Ikarus T3.1.1.90.0 2010.11.04 -
Jiangmin 13.0.900 2010.11.04 -
K7AntiVirus 9.67.2903 2010.11.03 -
Kaspersky 7.0.0.125 2010.11.04 -
McAfee 5.400.0.1158 2010.11.04 -
McAfee-GW-Edition 2010.1C 2010.11.04 -
Microsoft 1.6301 2010.11.04 -
NOD32 5591 2010.11.04 Win32/Bamital.EQ
Norman 6.06.10 2010.11.04 -
nProtect 2010-11-04.02 2010.11.04 Trojan-Downloader/W32.Small.512000.B
Panda 10.0.2.7 2010.11.04 -
PCTools 7.0.3.5 2010.11.04 -
Prevx 3.0 2010.11.04 Medium Risk Malware
Rising 22.72.02.04 2010.11.04 Trojan.Win32.Generic.5241FCE0
Sophos 4.59.0 2010.11.04 Troj/Patched-O
Sunbelt 7216 2010.11.04 -
SUPERAntiSpyware 4.40.0.1006 2010.11.04 -
Symantec 20101.2.0.161 2010.11.04 -
TheHacker 6.7.0.1.076 2010.11.04 -
TrendMicro 9.120.0.1004 2010.11.04 -
TrendMicro-HouseCall 9.120.0.1004 2010.11.04 -
VBA32 3.12.14.1 2010.11.03 -
ViRobot 2010.10.4.4074 2010.11.04 -
VirusBuster 12.71.5.1 2010.11.04 -
MD5: 4222b3c490ba0571d6525688b93c5028
SHA1: fa574a02140957db1ccb2a8bee8999d5c83a8e8b
SHA256: 448815880e20a9ca84892442d2755cd7eeb22da0f288e115d8b05c532c9fc688
File size: 512000 bytes
Scan date: 2010-11-04 18:00:21 (UTC)
-----
Antivir décèle toujours explorer.exe infecté. D'ailleurs, j'ai refait une analyse avec virustotal et voici le rapport (le fichier est visiblement toujours infecté... est-ce que ça peut être lié au redémarrage du pc avant la fin ?) :
AhnLab-V3 2010.11.04.03 2010.11.04 -
AntiVir 7.10.13.139 2010.11.04 TR/Spy.1037824.12
Antiy-AVL 2.0.3.7 2010.11.04 -
Authentium 5.2.0.5 2010.11.04 -
Avast 4.8.1351.0 2010.11.04 -
Avast5 5.0.594.0 2010.11.04 -
AVG 9.0.0.851 2010.11.04 -
BitDefender 7.2 2010.11.04 Gen:Trojan.Heur.TP.@q0@b8d1HMh
CAT-QuickHeal 11.00 2010.11.04 -
ClamAV 0.96.2.0-git 2010.11.04 -
Comodo 6617 2010.11.04 TrojWare.Win32.Patched.kl
DrWeb 5.0.2.03300 2010.11.04 -
Emsisoft 5.0.0.50 2010.11.04 Virus.Win32.Bamital!IK
eSafe 7.0.17.0 2010.11.04 -
eTrust-Vet 36.1.7955 2010.11.04 -
F-Prot 4.6.2.117 2010.11.04 -
F-Secure 9.0.16160.0 2010.11.04 Gen:Trojan.Heur.TP.@q0@b8d1HMh
Fortinet 4.2.249.0 2010.11.04 W32/Pached.KL!tr
GData 21 2010.11.04 Gen:Trojan.Heur.TP.@q0@b8d1HMh
Ikarus T3.1.1.90.0 2010.11.04 Virus.Win32.Bamital
Jiangmin 13.0.900 2010.11.04 -
K7AntiVirus 9.67.2903 2010.11.03 -
Kaspersky 7.0.0.125 2010.11.04 -
McAfee 5.400.0.1158 2010.11.04 -
McAfee-GW-Edition 2010.1C 2010.11.04 -
Microsoft 1.6301 2010.11.04 -
NOD32 5592 2010.11.04 Win32/Bamital.EQ
Norman 6.06.10 2010.11.04 -
nProtect 2010-11-04.02 2010.11.04 -
Panda 10.0.2.7 2010.11.04 Suspicious file
PCTools 7.0.3.5 2010.11.04 -
Prevx 3.0 2010.11.04 -
Rising 22.72.02.04 2010.11.04 Trojan.Win32.Generic.52425727
Sophos 4.59.0 2010.11.04 Troj/Patched-O
Sunbelt 7216 2010.11.04 -
SUPERAntiSpyware 4.40.0.1006 2010.11.04 -
Symantec 20101.2.0.161 2010.11.04 Suspicious.Mystic
TheHacker 6.7.0.1.076 2010.11.04 -
TrendMicro 9.120.0.1004 2010.11.04 -
TrendMicro-HouseCall 9.120.0.1004 2010.11.04 -
VBA32 3.12.14.1 2010.11.03 -
ViRobot 2010.10.4.4074 2010.11.04 -
VirusBuster 12.71.5.1 2010.11.04 -
MD5: e3702d74dc5d8f61095fa8a7f8db47a1
SHA1: 866f7221d56455e5b5efdf7817a1c18de9b12dde
SHA256: 7ecd7648a3cde65dbd1207f7fd94eef5cca7a31a631fe25e89b84d73be664a7f
File size: 1037824 bytes
Scan date: 2010-11-04 18:34:38 (UTC)
-----
Le résultat pour SEAF et winlogon :
1. ========================= SEAF 1.0.1.0 - C_XX
2.
3. Commencé à: 19:38:38 le 04/11/2010
4.
5. Valeur(s) recherchée(s):
6. winlogon
7.
8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès
9.
10. (!) --- Informations supplémentaires
11. (!) --- Affichage des ADS
12. (!) --- Affichage des dossiers
13. (!) --- Recherche registre
14.
15. ====== Fichier(s) ======
16.
17.
18. "C:\i386\WINLOGON.EX_" [ ARCHIVE | 261 Ko ]
19. TC: 05/08/2004,05:00:00 | TM: 05/08/2004,05:00:00 | DA: 04/11/2010,00:00:00
20.
21.
22. =========================
23.
24.
25. "C:\WINDOWS\system32\winlogon.exe" [ ARCHIVE | 512 Ko ]
26. TC: 05/08/2004,05:00:00 | TM: 14/04/2008,04:34:28 | DA: 04/11/2010,00:00:00
27.
28. CompanyName: Microsoft Corporation
29. ProductName: Système d'exploitation Microsoft® Windows®
30. InternalName: winlogon
31. OriginalFileName: WINLOGON.EXE
32. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
33. ProductVersion: 5.1.2600.5512
34. FileVersion: 5.1.2600.5512 (xpsp.080413-2113)
35.
36. =========================
37.
38.
39. "C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe" [ NORMAL | 506 Ko ]
40. TC: 30/08/2008,10:16:19 | TM: 05/08/2004,05:00:00 | DA: 04/11/2010,00:00:00
41.
42. CompanyName: Microsoft Corporation
43. ProductName: Système d'exploitation Microsoft® Windows®
44. InternalName: winlogon
45. OriginalFileName: WINLOGON.EXE
46. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
47. ProductVersion: 5.1.2600.2180
48. FileVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
49.
50. =========================
51.
52.
53. "C:\WINDOWS\ServicePackFiles\i386\winlogon.exe" [ NORMAL | 512 Ko ]
54. TC: 14/04/2008,04:34:28 | TM: 14/04/2008,04:34:28 | DA: 04/11/2010,00:00:00
55.
56. CompanyName: Microsoft Corporation
57. ProductName: Système d'exploitation Microsoft® Windows®
58. InternalName: winlogon
59. OriginalFileName: WINLOGON.EXE
60. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
61. ProductVersion: 5.1.2600.5512
62. FileVersion: 5.1.2600.5512 (xpsp.080413-2113)
63.
64. =========================
65.
66.
67. "C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon.exe.vir" [ ARCHIVE | 512 Ko ]
68. TC: 05/08/2004,05:00:00 | TM: 14/04/2008,04:34:28 | DA: 04/11/2010,00:00:00
69.
70. CompanyName: Microsoft Corporation
71. ProductName: Système d'exploitation Microsoft® Windows®
72. InternalName: winlogon
73. OriginalFileName: WINLOGON.EXE
74. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
75. ProductVersion: 5.1.2600.5512
76. FileVersion: 5.1.2600.5512 (xpsp.080413-2113)
77.
78. =========================
79.
80.
81.
82. ====== Entrée(s) du registre ======
83.
84.
85. [HKLM\Software\Microsoft\ESENT\Process\winlogon]
86. DA: 02/02/2010 08:19:38
87.
88. [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\StartMenuLogoff\Policy\LogonType]
89. "RegKey"="Software\Microsoft\Windows NT\CurrentVersion\Winlogon" (REG_SZ)
90.
91. [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\boot]
92. "Shell"="SYS:Microsoft\Windows NT\CurrentVersion\Winlogon" (REG_SZ)
93.
94. [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]
95. "Winlogon"="SYS:Microsoft\Windows NT\CurrentVersion\Winlogon" (REG_SZ)
96.
97. [HKLM\Software\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/AllocateCDRoms]
98. DA: 30/08/2008 12:59:25
99.
100. [HKLM\Software\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/AllocateDASD]
101. DA: 30/08/2008 12:59:25
102.
103. [HKLM\Software\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/AllocateFloppies]
104. DA: 30/08/2008 12:59:25
105.
106. [HKLM\Software\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/CachedLogonsCount]
107. DA: 30/08/2008 12:59:25
108.
109. [HKLM\Software\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/ForceUnlockLogon]
110. DA: 30/08/2008 12:59:25
111.
112. [HKLM\Software\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/PasswordExpiryWarning]
113. DA: 30/08/2008 12:59:25
114.
115. [HKLM\Software\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/ScRemoveOption]
116. DA: 30/08/2008 12:59:25
117.
118. [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
119. DA: 04/11/2010 18:48:58
120.
121. [HKLM\System\ControlSet001\Control\BackupRestore\FilesNotToBackup]
122. "Winlogon debug"="%WINDIR%\debug\*" (REG_MULTI_SZ)
123.
124. [HKLM\System\ControlSet001\Control\Terminal Server\SysProcs]
125. "winlogon.exe"="0" (REG_DWORD)
126.
127. [HKLM\System\ControlSet001\Services\Eventlog\Application]
128. "Sources"="WSH
129. WMIAdapter
130. WMI.NET Provider Extension
131. WmdmPmSN
132. WinMgmt
133. Winlogon
134. Windows Product Activation
135. Windows Media Encoder
136. Windows 3.1 Migration
137. WebClient
138. VSS
139. VBRuntime
140. Userinit
141. Userenv
142. System.ServiceModel.Install 3.0.0.0
143. System.ServiceModel 3.0.0.0
144. System.Runtime.Serialization 3.0.0.0
145. System.IO.Log 3.0.0.0
146. System.IdentityModel 3.0.0.0
147. SysmonLog
148. Starter
149. SpoolerCtrs
150. Software Restriction Policies
151. Software Installation
152. ServiceModel Audit 3.0.0.0
153. SecurityCenter
154. SeaPort
155. SclgNtfy
156. SceSrv
157. SceCli
158. safrslv
159. SAFrdms
160. RPC
161. Remote Assistance
162. PerfProc
163. PerfOS
164. PerfNet
165. Perfmon
166. Perflib
167. PerfDisk
168. Perfctrs
169. Offline Files
170. Oakley
171. ntbackup
172. NDP1.1sp1-KB979906-X86
173. NDP1.1sp1-KB953297-X86
174. NDP1.1sp1-KB2416447-X86
175. MSSQLSERVER/MSDE
176. MSSHA
177. MsiInstaller
178. MSDTC Client
179. MSDTC
180. mnmsrvc
181. Microsoft.Transactions.Bridge 3.0.0.0
182. Microsoft H.323 Telephony Service Provider
183. Microsoft Fax
184. Microsoft (R) Visual C# 2005 Compiler
185. LoadPerf
186. JavaQuickStarterService
187. HotFixInstaller
188. HelpSvc
189. fsssvc
190. Folder Redirection
191. File Deployment
192. Family Safety Service
193. EventSystem
194. ESENT
195. DrWatson
196. Dot3Svc
197. DiskQuota
198. crypt32
199. COM+
200. COM
201. Ci
202. Chkdsk
203. CardSpace 3.0.0.0
204. Avira AntiVir
205. AutoEnrollment
206. Autochk
207. ASP.NET 2.0.50727.0
208. ASP.NET 1.1.4322.0
209. Application Management
210. Application Hang
211. Application Error
212. apphelp
213. AegisP
214. AdobePlatform
215. Adobe Active File Monitor 6.0
216. .NET Runtime Optimization Service
217. .NET Runtime 2.0 Error Reporting
218. .NET Runtime
219. Application" (REG_MULTI_SZ)
220.
221. [HKLM\System\ControlSet001\Services\Eventlog\Application\Autochk]
222. "EventMessageFile"="%SystemRoot%\System32\winlogon.exe" (REG_EXPAND_SZ)
223.
224. [HKLM\System\ControlSet001\Services\Eventlog\Application\Winlogon]
225. DA: 04/11/2010 18:40:31
226.
227. [HKLM\System\ControlSet002\Control\BackupRestore\FilesNotToBackup]
228. "Winlogon debug"="%WINDIR%\debug\*" (REG_MULTI_SZ)
229.
230. [HKLM\System\ControlSet002\Control\Terminal Server\SysProcs]
231. "winlogon.exe"="0" (REG_DWORD)
232.
233. [HKLM\System\ControlSet002\Services\Eventlog\Application]
234. "Sources"="WSH
235. WMIAdapter
236. WMI.NET Provider Extension
237. WmdmPmSN
238. WinMgmt
239. Winlogon
240. Windows Product Activation
241. Windows Media Encoder
242. Windows 3.1 Migration
243. WebClient
244. VSS
245. VBRuntime
246. Userinit
247. Userenv
248. System.ServiceModel.Install 3.0.0.0
249. System.ServiceModel 3.0.0.0
250. System.Runtime.Serialization 3.0.0.0
251. System.IO.Log 3.0.0.0
252. System.IdentityModel 3.0.0.0
253. SysmonLog
254. Starter
255. SpoolerCtrs
256. Software Restriction Policies
257. Software Installation
258. ServiceModel Audit 3.0.0.0
259. SecurityCenter
260. SeaPort
261. SclgNtfy
262. SceSrv
263. SceCli
264. safrslv
265. SAFrdms
266. RPC
267. Remote Assistance
268. PerfProc
269. PerfOS
270. PerfNet
271. Perfmon
272. Perflib
273. PerfDisk
274. Perfctrs
275. Offline Files
276. Oakley
277. ntbackup
278. NDP1.1sp1-KB979906-X86
279. NDP1.1sp1-KB953297-X86
280. NDP1.1sp1-KB2416447-X86
281. MSSQLSERVER/MSDE
282. MSSHA
283. MsiInstaller
284. MSDTC Client
285. MSDTC
286. mnmsrvc
287. Microsoft.Transactions.Bridge 3.0.0.0
288. Microsoft H.323 Telephony Service Provider
289. Microsoft Fax
290. Microsoft (R) Visual C# 2005 Compiler
291. LoadPerf
292. JavaQuickStarterService
293. HotFixInstaller
294. HelpSvc
295. fsssvc
296. Folder Redirection
297. File Deployment
298. Family Safety Service
299. EventSystem
300. ESENT
301. DrWatson
302. Dot3Svc
303. DiskQuota
304. crypt32
305. COM+
306. COM
307. Ci
308. Chkdsk
309. CardSpace 3.0.0.0
310. Avira AntiVir
311. AutoEnrollment
312. Autochk
313. ASP.NET 2.0.50727.0
314. ASP.NET 1.1.4322.0
315. Application Management
316. Application Hang
317. Application Error
318. apphelp
319. AegisP
320. AdobePlatform
321. Adobe Active File Monitor 6.0
322. .NET Runtime Optimization Service
323. .NET Runtime 2.0 Error Reporting
324. .NET Runtime
325. Application" (REG_MULTI_SZ)
326.
327. [HKLM\System\ControlSet002\Services\Eventlog\Application\Autochk]
328. "EventMessageFile"="%SystemRoot%\System32\winlogon.exe" (REG_EXPAND_SZ)
329.
330. [HKLM\System\ControlSet002\Services\Eventlog\Application\Winlogon]
331. DA: 04/11/2010 18:40:15
332.
333. [HKLM\System\CurrentControlSet\Control\BackupRestore\FilesNotToBackup]
334. "Winlogon debug"="%WINDIR%\debug\*" (REG_MULTI_SZ)
335.
336. [HKLM\System\CurrentControlSet\Control\Terminal Server\SysProcs]
337. "winlogon.exe"="0" (REG_DWORD)
338.
339. [HKLM\System\CurrentControlSet\Services\Eventlog\Application]
340. "Sources"="WSH
341. WMIAdapter
342. WMI.NET Provider Extension
343. WmdmPmSN
344. WinMgmt
345. Winlogon
346. Windows Product Activation
347. Windows Media Encoder
348. Windows 3.1 Migration
349. WebClient
350. VSS
351. VBRuntime
352. Userinit
353. Userenv
354. System.ServiceModel.Install 3.0.0.0
355. System.ServiceModel 3.0.0.0
356. System.Runtime.Serialization 3.0.0.0
357. System.IO.Log 3.0.0.0
358. System.IdentityModel 3.0.0.0
359. SysmonLog
360. Starter
361. SpoolerCtrs
362. Software Restriction Policies
363. Software Installation
364. ServiceModel Audit 3.0.0.0
365. SecurityCenter
366. SeaPort
367. SclgNtfy
368. SceSrv
369. SceCli
370. safrslv
371. SAFrdms
372. RPC
373. Remote Assistance
374. PerfProc
375. PerfOS
376. PerfNet
377. Perfmon
378. Perflib
379. PerfDisk
380. Perfctrs
381. Offline Files
382. Oakley
383. ntbackup
384. NDP1.1sp1-KB979906-X86
385. NDP1.1sp1-KB953297-X86
386. NDP1.1sp1-KB2416447-X86
387. MSSQLSERVER/MSDE
388. MSSHA
389. MsiInstaller
390. MSDTC Client
391. MSDTC
392. mnmsrvc
393. Microsoft.Transactions.Bridge 3.0.0.0
394. Microsoft H.323 Telephony Service Provider
395. Microsoft Fax
396. Microsoft (R) Visual C# 2005 Compiler
397. LoadPerf
398. JavaQuickStarterService
399. HotFixInstaller
400. HelpSvc
401. fsssvc
402. Folder Redirection
403. File Deployment
404. Family Safety Service
405. EventSystem
406. ESENT
407. DrWatson
408. Dot3Svc
409. DiskQuota
410. crypt32
411. COM+
412. COM
413. Ci
414. Chkdsk
415. CardSpace 3.0.0.0
416. Avira AntiVir
417. AutoEnrollment
418. Autochk
419. ASP.NET 2.0.50727.0
420. ASP.NET 1.1.4322.0
421. Application Management
422. Application Hang
423. Application Error
424. apphelp
425. AegisP
426. AdobePlatform
427. Adobe Active File Monitor 6.0
428. .NET Runtime Optimization Service
429. .NET Runtime 2.0 Error Reporting
430. .NET Runtime
431. Application" (REG_MULTI_SZ)
432.
433. [HKLM\System\CurrentControlSet\Services\Eventlog\Application\Autochk]
434. "EventMessageFile"="%SystemRoot%\System32\winlogon.exe" (REG_EXPAND_SZ)
435.
436. [HKLM\System\CurrentControlSet\Services\Eventlog\Application\Winlogon]
437. DA: 04/11/2010 18:40:31
438.
439. [HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
440. DA: 30/08/2008 12:57:12
441.
442. [HKU\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
443. DA: 02/11/2005 15:56:29
444.
445. [HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
446. DA: 02/11/2005 15:56:28
447.
448. [HKU\S-1-5-21-3128837567-1174875597-2259545778-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
449. "d"="C:\WINDOWS\system32\winlogon.exe" (REG_SZ)
450.
451. [HKU\S-1-5-21-3128837567-1174875597-2259545778-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe]
452. "b"="C:\WINDOWS\system32\winlogon.exe" (REG_SZ)
453.
454. [HKU\S-1-5-21-3128837567-1174875597-2259545778-1006\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
455. DA: 04/11/2010 17:47:04
456.
457. [HKU\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
458. DA: 30/08/2008 12:57:12
459.
460. =========================
461.
462. Fin à: 19:43:27 le 04/11/2010
463. 310077 Éléments analysés
464.
465. =========================
466. E.O.F
Du coup, j'ai fait la même chose pour explorer, au cas où :
1. ========================= SEAF 1.0.1.0 - C_XX
2.
3. Commencé à: 19:45:34 le 04/11/2010
4.
5. Valeur(s) recherchée(s):
6. explorer
7.
8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès
9.
10. (!) --- Informations supplémentaires
11. (!) --- Affichage des ADS
12. (!) --- Affichage des dossiers
13.
14. ====== Fichier(s) ======
15.
16.
17. "C:\i386\EXPLORER.EX_" [ ARCHIVE | 351 Ko ]
18. TC: 05/08/2004,05:00:00 | TM: 05/08/2004,05:00:00 | DA: 04/11/2010,00:00:00
19.
20.
21. =========================
22.
23.
24. "C:\i386\EXPLORER.SC_" [ ARCHIVE | 181 o ]
25. TC: 05/08/2004,05:00:00 | TM: 05/08/2004,05:00:00 | DA: 04/11/2010,00:00:00
26.
27.
28. =========================
29.
30.
31. "C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Internet Explorer.lnk" [ ARCHIVE | 675 o ]
32. TC: 23/08/2006,15:08:48 | TM: 02/11/2005,16:01:54 | DA: 04/11/2010,00:00:00
33.
34.
35. =========================
36.
37.
38. "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer" [ DIRECTORY ]
39. TC: 02/11/2005,15:53:06 | TM: 02/11/2005,15:53:06 | DA: 02/11/2005,00:00:00
40.
41. =========================
42.
43.
44. "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk" [ ARCHIVE | 687 o ]
45. TC: 23/08/2006,15:08:48 | TM: 02/11/2005,16:01:54 | DA: 04/11/2010,00:00:00
46.
47.
48. =========================
49.
50.
51. "C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe" [ NORMAL | 1037 Ko ]
52. TC: 13/06/2007,15:10:53 | TM: 13/06/2007,15:10:54 | DA: 04/11/2010,00:00:00
53.
54. CompanyName: Microsoft Corporation
55. ProductName: Système d'exploitation Microsoft® Windows®
56. InternalName: explorer
57. OriginalFileName: EXPLORER.EXE
58. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
59. ProductVersion: 6.00.2900.3156
60. FileVersion: 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)
61.
62. =========================
63.
64.
65. "C:\WINDOWS\explorer.scf" [ ARCHIVE | 80 o ]
66. TC: 05/08/2004,05:00:00 | TM: 05/08/2004,05:00:00 | DA: 04/11/2010,00:00:00
67.
68.
69. =========================
70.
71.
72. "C:\WINDOWS\explorer.exe" [ ARCHIVE | 1038 Ko ]
73. TC: 05/08/2004,05:00:00 | TM: 14/04/2008,04:34:04 | DA: 04/11/2010,00:00:00
74.
75. CompanyName: Microsoft Corporation
76. ProductName: Système d'exploitation Microsoft® Windows®
77. InternalName: explorer
78. OriginalFileName: EXPLORER.EXE
79. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
80. ProductVersion: 6.00.2900.5512
81. FileVersion: 6.00.2900.5512 (xpsp.080413-2105)
82.
83. =========================
84.
85.
86. "C:\WINDOWS\$NtUninstallKB938828$\explorer.exe" [ NORMAL | 1036 Ko ]
87. TC: 15/08/2007,12:06:44 | TM: 05/08/2004,05:00:00 | DA: 04/11/2010,00:00:00
88.
89. CompanyName: Microsoft Corporation
90. ProductName: Système d'exploitation Microsoft® Windows®
91. InternalName: explorer
92. OriginalFileName: EXPLORER.EXE
93. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
94. ProductVersion: 6.00.2900.2180
95. FileVersion: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
96.
97. =========================
98.
99.
100. "C:\WINDOWS\$NtServicePackUninstall$\explorer.exe" [ NORMAL | 1037 Ko ]
101. TC: 30/08/2008,10:17:11 | TM: 13/06/2007,15:22:28 | DA: 04/11/2010,00:00:00
102.
103. CompanyName: Microsoft Corporation
104. ProductName: Système d'exploitation Microsoft® Windows®
105. InternalName: explorer
106. OriginalFileName: EXPLORER.EXE
107. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
108. ProductVersion: 6.00.2900.3156
109. FileVersion: 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)
110.
111. =========================
112.
113.
114. "C:\WINDOWS\ServicePackFiles\i386\explorer.exe" [ NORMAL | 1038 Ko ]
115. TC: 14/04/2008,04:34:03 | TM: 14/04/2008,04:34:04 | DA: 04/11/2010,00:00:00
116.
117. CompanyName: Microsoft Corporation
118. ProductName: Système d'exploitation Microsoft® Windows®
119. InternalName: explorer
120. OriginalFileName: EXPLORER.EXE
121. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
122. ProductVersion: 6.00.2900.5512
123. FileVersion: 6.00.2900.5512 (xpsp.080413-2105)
124.
125. =========================
126.
127.
128. "C:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf" [ ARCHIVE | 49 Ko ]
129. TC: 04/11/2010,18:47:39 | TM: 04/11/2010,18:47:40 | DA: 04/11/2010,00:00:00
130.
131.
132. =========================
133.
134.
135. "C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer" [ DIRECTORY ]
136. TC: 02/11/2005,15:53:06 | TM: 02/11/2005,15:53:06 | DA: 02/11/2005,00:00:00
137.
138. =========================
139.
140.
141. "C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk" [ ARCHIVE | 687 o ]
142. TC: 23/08/2006,15:08:44 | TM: 02/11/2005,16:01:54 | DA: 03/11/2010,00:00:00
143.
144.
145. =========================
146.
147.
148. "C:\Documents and Settings\Default User\Menu Démarrer\Programmes\Internet Explorer.lnk" [ ARCHIVE | 675 o ]
149. TC: 23/08/2006,15:08:44 | TM: 02/11/2005,16:01:54 | DA: 03/11/2010,00:00:00
150.
151.
152. =========================
153.
154.
155. "C:\Documents and Settings\All Users\Application Data\Microsoft\Windows\GameExplorer" [ DIRECTORY ]
156. TC: 23/05/2008,12:59:29 | TM: 23/05/2008,12:59:30 | DA: 23/05/2008,00:00:00
157.
158. =========================
159.
160.
161. "C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\hawaiianexplorerpearl" [ DIRECTORY ]
162. TC: 29/12/2009,14:03:41 | TM: 29/12/2009,14:03:42 | DA: 29/12/2009,00:00:00
163.
164. =========================
165.
166.
167. "C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\wc80hawaiianexplorerpearl" [ DIRECTORY ]
168. TC: 29/12/2009,14:04:26 | TM: 29/12/2009,14:04:28 | DA: 29/12/2009,00:00:00
169.
170. =========================
171.
172.
173. "C:\Documents and Settings\NetworkService\Application Data\Microsoft\Internet Explorer" [ DIRECTORY ]
174. TC: 02/11/2005,15:53:06 | TM: 02/11/2005,15:53:06 | DA: 02/11/2005,00:00:00
175.
176. =========================
177.
178.
179. "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Internet Explorer" [ DIRECTORY ]
180. TC: 03/11/2010,17:58:25 | TM: 03/11/2010,17:58:26 | DA: 03/11/2010,00:00:00
181.
182. =========================
183.
184.
185. "C:\Documents and Settings\LocalService\Application Data\Microsoft\Internet Explorer" [ DIRECTORY ]
186. TC: 02/11/2005,15:53:06 | TM: 02/11/2005,15:53:06 | DA: 02/11/2005,00:00:00
187.
188. =========================
189.
190.
191. "C:\Documents and Settings\Famille Miéville\Local Settings\Application Data\Microsoft\Internet Explorer" [ DIRECTORY ]
192. TC: 23/08/2006,15:51:59 | TM: 23/08/2006,15:52:00 | DA: 23/08/2006,00:00:00
193.
194. =========================
195.
196.
197. "C:\Documents and Settings\Famille Miéville\Menu Démarrer\Programmes\Accessoires\Outils système\Internet Explorer (sans module complémentaire).lnk" [ ARCHIVE | 741 o ]
198. TC: 20/12/2006,09:45:43 | TM: 20/12/2006,09:45:46 | DA: 04/11/2010,00:00:00
199.
200.
201. =========================
202.
203.
204. "C:\Documents and Settings\Famille Miéville\Menu Démarrer\Programmes\Internet Explorer.lnk" [ ARCHIVE | 711 o ]
205. TC: 20/12/2006,09:45:45 | TM: 20/12/2006,09:45:46 | DA: 04/11/2010,00:00:00
206.
207.
208. =========================
209.
210.
211. "C:\Documents and Settings\Famille Miéville\Mes documents\Aurélie\ecole\Enjoy 4e\path\data\media\explorer.mp3" [ NORMAL | 10 Ko ]
212. TC: 12/03/2008,18:50:13 | TM: 12/03/2008,18:50:14 | DA: 22/09/2009,00:00:00
213.
214.
215. =========================
216.
217.
218. "C:\Documents and Settings\Famille Miéville\Favoris\Sites Web Microsoft\Internet Explorer 7 - Présentation rapide.url" [ ARCHIVE | 133 o ]
219. TC: 20/12/2006,09:46:07 | TM: 20/12/2006,09:46:08 | DA: 31/07/2009,00:00:00
220.
221.
222. =========================
223.
224.
225. "C:\Documents and Settings\Famille Miéville\Favoris\Sites Web Microsoft\Site Internet Explorer sur Microsoft.com.url" [ ARCHIVE | 133 o ]
226. TC: 20/12/2006,09:46:07 | TM: 20/12/2006,09:46:08 | DA: 31/07/2009,00:00:00
227.
228.
229. =========================
230.
231.
232. "C:\Documents and Settings\Famille Miéville\Application Data\Microsoft\Internet Explorer" [ DIRECTORY ]
233. TC: 23/08/2006,15:09:30 | TM: 02/11/2005,15:53:06 | DA: 23/08/2006,00:00:00
234.
235. =========================
236.
237.
238. "C:\Documents and Settings\Famille Miéville\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk" [ ARCHIVE | 723 o ]
239. TC: 23/08/2006,15:09:31 | TM: 20/12/2006,09:45:48 | DA: 03/11/2010,00:00:00
240.
241.
242. =========================
243.
244.
245. "C:\Documents and Settings\lalinette\Local Settings\Application Data\Microsoft\Internet Explorer" [ DIRECTORY ]
246. TC: 17/03/2008,19:47:05 | TM: 17/03/2008,19:47:06 | DA: 17/03/2008,00:00:00
247.
248. =========================
249.
250.
251. "C:\Documents and Settings\lalinette\Menu Démarrer\Programmes\Accessoires\Outils système\Internet Explorer (sans module complémentaire).lnk" [ ARCHIVE | 741 o ]
252. TC: 17/03/2008,19:47:04 | TM: 17/03/2008,19:47:06 | DA: 04/01/2010,00:00:00
253.
254.
255. =========================
256.
257.
258. "C:\Documents and Settings\lalinette\Menu Démarrer\Programmes\Internet Explorer.lnk" [ ARCHIVE | 711 o ]
259. TC: 17/03/2008,19:47:04 | TM: 17/03/2008,19:47:06 | DA: 04/01/2010,00:00:00
260.
261.
262. =========================
263.
264.
265. "C:\Documents and Settings\lalinette\Favoris\Sites Web Microsoft\Internet Explorer 7 - Présentation rapide.url" [ ARCHIVE | 133 o ]
266. TC: 17/03/2008,19:47:05 | TM: 17/03/2008,19:47:08 | DA: 31/07/2009,00:00:00
267.
268.
269. =========================
270.
271.
272. "C:\Documents and Settings\lalinette\Favoris\Sites Web Microsoft\Site Internet Explorer sur Microsoft.com.url" [ ARCHIVE | 133 o ]
273. TC: 17/03/2008,19:47:05 | TM: 17/03/2008,19:47:08 | DA: 31/07/2009,00:00:00
274.
275.
276. =========================
277.
278.
279. "C:\Documents and Settings\lalinette\Application Data\Microsoft\Internet Explorer" [ DIRECTORY ]
280. TC: 17/03/2008,19:46:33 | TM: 02/11/2005,15:53:06 | DA: 17/03/2008,00:00:00
281.
282. =========================
283.
284.
285. "C:\Documents and Settings\lalinette\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk" [ ARCHIVE | 723 o ]
286. TC: 17/03/2008,19:46:34 | TM: 17/03/2008,19:47:06 | DA: 13/10/2010,00:00:00
287.
288.
289. =========================
290.
291.
292. "C:\Documents and Settings\chloé\Local Settings\Application Data\Microsoft\Internet Explorer" [ DIRECTORY ]
293. TC: 18/03/2008,11:43:32 | TM: 18/03/2008,11:43:34 | DA: 18/03/2008,00:00:00
294.
295. =========================
296.
297.
298. "C:\Documents and Settings\chloé\Menu Démarrer\Programmes\Accessoires\Outils système\Internet Explorer (sans module complémentaire).lnk" [ ARCHIVE | 741 o ]
299. TC: 18/03/2008,11:43:30 | TM: 18/03/2008,11:43:32 | DA: 04/11/2010,00:00:00
300.
301.
302. =========================
303.
304.
305. "C:\Documents and Settings\chloé\Menu Démarrer\Programmes\Internet Explorer.lnk" [ ARCHIVE | 711 o ]
306. TC: 18/03/2008,11:43:30 | TM: 18/03/2008,11:43:32 | DA: 04/11/2010,00:00:00
307.
308.
309. =========================
310.
311.
312. "C:\Documents and Settings\chloé\Favoris\Sites Web Microsoft\Internet Explorer 7 - Présentation rapide.url" [ ARCHIVE | 133 o ]
313. TC: 18/03/2008,11:43:32 | TM: 18/03/2008,11:43:34 | DA: 31/07/2009,00:00:00
314.
315.
316. =========================
317.
318.
319. "C:\Documents and Settings\chloé\Favoris\Sites Web Microsoft\Site Internet Explorer sur Microsoft.com.url" [ ARCHIVE | 133 o ]
320. TC: 18/03/2008,11:43:32 | TM: 18/03/2008,11:43:34 | DA: 31/07/2009,00:00:00
321.
322.
323. =========================
324.
325.
326. "C:\Documents and Settings\chloé\Application Data\Microsoft\Internet Explorer" [ DIRECTORY ]
327. TC: 18/03/2008,11:42:57 | TM: 02/11/2005,15:53:06 | DA: 18/03/2008,00:00:00
328.
329. =========================
330.
331.
332. "C:\Documents and Settings\chloé\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk" [ ARCHIVE | 723 o ]
333. TC: 18/03/2008,11:42:58 | TM: 18/03/2008,11:43:32 | DA: 13/10/2010,00:00:00
334.
335.
336. =========================
337.
338.
339. "C:\Program Files\Online Services\Utilisez MSN Explorer pour vous abonnez et avoir accès à Internet (US seulement).lnk" [ ARCHIVE | 2 Ko ]
340. TC: 02/11/2005,15:51:26 | TM: 02/11/2005,15:51:26 | DA: 31/07/2009,00:00:00
341.
342.
343. =========================
344.
345.
346. "C:\Program Files\Internet Explorer" [ DIRECTORY ]
347. TC: 02/11/2005,15:52:10 | TM: 02/11/2005,15:52:10 | DA: 02/11/2005,00:00:00
348.
349. =========================
350.
351.
352. "C:\Program Files\Wesnoth2\data\campaigns\Under_the_Burning_Suns\images\dwarf-explorer-attack1.png" [ ARCHIVE | 4 Ko ]
353. TC: 29/12/2006,13:39:41 | TM: 30/11/2006,02:22:04 | DA: 31/07/2009,00:00:00
354.
355.
356. =========================
357.
358.
359. "C:\Program Files\Wesnoth2\data\campaigns\Under_the_Burning_Suns\images\dwarf-explorer-attack2.png" [ ARCHIVE | 5 Ko ]
360. TC: 29/12/2006,13:39:41 | TM: 30/11/2006,02:22:04 | DA: 31/07/2009,00:00:00
361.
362.
363. =========================
364.
365.
366. "C:\Program Files\Wesnoth2\data\campaigns\Under_the_Burning_Suns\images\dwarf-explorer-attack3.png" [ ARCHIVE | 5 Ko ]
367. TC: 29/12/2006,13:39:41 | TM: 30/11/2006,02:22:04 | DA: 31/07/2009,00:00:00
368.
369.
370. =========================
371.
372.
373. "C:\Program Files\Wesnoth2\data\campaigns\Under_the_Burning_Suns\images\dwarf-explorer-attack4.png" [ ARCHIVE | 6 Ko ]
374. TC: 29/12/2006,13:39:41 | TM: 30/11/2006,02:22:04 | DA: 31/07/2009,00:00:00
375.
376.
377. =========================
378.
379.
380. "C:\Program Files\Wesnoth2\data\campaigns\Under_the_Burning_Suns\images\dwarf-explorer-defend.png" [ ARCHIVE | 6 Ko ]
381. TC: 29/12/2006,13:39:41 | TM: 30/11/2006,02:22:04 | DA: 31/07/2009,00:00:00
382.
383.
384. =========================
385.
386.
387. "C:\Program Files\Wesnoth2\data\campaigns\Under_the_Burning_Suns\images\dwarf-explorer-ranged1.png" [ ARCHIVE | 5 Ko ]
388. TC: 29/12/2006,13:39:41 | TM: 30/11/2006,02:22:04 | DA: 31/07/2009,00:00:00
389.
390.
391. =========================
392.
393.
394. "C:\Program Files\Wesnoth2\data\campaigns\Under_the_Burning_Suns\images\dwarf-explorer-ranged2.png" [ ARCHIVE | 4 Ko ]
395. TC: 29/12/2006,13:39:41 | TM: 30/11/2006,02:22:04 | DA: 31/07/2009,00:00:00
396.
397.
398. =========================
399.
400.
401. "C:\Program Files\Wesnoth2\data\campaigns\Under_the_Burning_Suns\images\dwarf-explorer-ranged3.png" [ ARCHIVE | 3 Ko ]
402. TC: 29/12/2006,13:39:41 | TM: 30/11/2006,02:22:04 | DA: 31/07/2009,00:00:00
403.
404.
405. =========================
406.
407.
408. "C:\Program Files\Wesnoth2\data\campaigns\Under_the_Burning_Suns\images\dwarf-explorer-ranged4.png" [ ARCHIVE | 5 Ko ]
409. TC: 29/12/2006,13:39:41 | TM: 30/11/2006,02:22:04 | DA: 31/07/2009,00:00:00
410.
411.
412. =========================
413.
414.
415. "C:\Program Files\Wesnoth2\data\campaigns\Under_the_Burning_Suns\images\dwarf-explorer.png" [ ARCHIVE | 6 Ko ]
416. TC: 29/12/2006,13:39:41 | TM: 06/10/2006,12:16:42 | DA: 31/07/2009,00:00:00
417.
418.
419. =========================
420.
421.
422. "C:\Program Files\Wesnoth2\data\campaigns\Under_the_Burning_Suns\units\Dwarvish_Explorer.cfg" [ ARCHIVE | 3 Ko ]
423. TC: 29/12/2006,13:39:45 | TM: 20/11/2006,17:37:36 | DA: 31/07/2009,00:00:00
424.
425.
426. =========================
427.
428.
429. "C:\Program Files\Wesnoth 1.4\data\campaigns\Under_the_Burning_Suns\images\units\dwarves\explorer-attack1.png" [ ARCHIVE | 4 Ko ]
430. TC: 07/04/2008,19:56:22 | TM: 29/04/2007,17:15:04 | DA: 31/07/2009,00:00:00
431.
432.
433. =========================
434.
435.
436. "C:\Program Files\Wesnoth 1.4\data\campaigns\Under_the_Burning_Suns\images\units\dwarves\explorer-attack2.png" [ ARCHIVE | 5 Ko ]
437. TC: 07/04/2008,19:56:22 | TM: 29/04/2007,17:15:04 | DA: 31/07/2009,00:00:00
438.
439.
440. =========================
441.
442.
443. "C:\Program Files\Wesnoth 1.4\data\campaigns\Under_the_Burning_Suns\images\units\dwarves\explorer-attack3.png" [ ARCHIVE | 5 Ko ]
444. TC: 07/04/2008,19:56:22 | TM: 29/04/2007,17:15:04 | DA: 31/07/2009,00:00:00
445.
446.
447. =========================
448.
449.
450. "C:\Program Files\Wesnoth 1.4\data\campaigns\Under_the_Burning_Suns\images\units\dwarves\explorer-attack4.png" [ ARCHIVE | 6 Ko ]
451. TC: 07/04/2008,19:56:22 | TM: 29/04/2007,17:15:04 | DA: 31/07/2009,00:00:00
452.
453.
454. =========================
455.
456.
457. "C:\Program Files\Wesnoth 1.4\data\campaigns\Under_the_Burning_Suns\images\units\dwarves\explorer-defend.png" [ ARCHIVE | 6 Ko ]
458. TC: 07/04/2008,19:56:22 | TM: 29/04/2007,17:15:04 | DA: 31/07/2009,00:00:00
459.
460.
461. =========================
462.
463.
464. "C:\Program Files\Wesnoth 1.4\data\campaigns\Under_the_Burning_Suns\images\units\dwarves\explorer-ranged1.png" [ ARCHIVE | 5 Ko ]
465. TC: 07/04/2008,19:56:22 | TM: 29/04/2007,17:15:04 | DA: 31/07/2009,00:00:00
466.
467.
468. =========================
469.
470.
471. "C:\Program Files\Wesnoth 1.4\data\campaigns\Under_the_Burning_Suns\images\units\dwarves\explorer-ranged2.png" [ ARCHIVE | 4 Ko ]
472. TC: 07/04/2008,19:56:22 | TM: 29/04/2007,17:15:04 | DA: 31/07/2009,00:00:00
473.
474.
475. =========================
476.
477.
478. "C:\Program Files\Wesnoth 1.4\data\campaigns\Under_the_Burning_Suns\images\units\dwarves\explorer-ranged3.png" [ ARCHIVE | 3 Ko ]
479. TC: 07/04/2008,19:56:22 | TM: 29/04/2007,17:15:04 | DA: 31/07/2009,00:00:00
480.
481.
482. =========================
483.
484.
485. "C:\Program Files\Wesnoth 1.4\data\campaigns\Under_the_Burning_Suns\images\units\dwarves\explorer-ranged4.png" [ ARCHIVE | 5 Ko ]
486. TC: 07/04/2008,19:56:22 | TM: 29/04/2007,17:15:04 | DA: 31/07/2009,00:00:00
487.
488.
489. =========================
490.
491.
492. "C:\Program Files\Wesnoth 1.4\data\campaigns\Under_the_Burning_Suns\images\units\dwarves\explorer.png" [ ARCHIVE | 6 Ko ]
493. TC: 07/04/2008,19:56:22 | TM: 29/04/2007,17:15:04 | DA: 31/07/2009,00:00:00
494.
495.
496. =========================
497.
498.
499. "C:\Program Files\Wesnoth 1.4\data\campaigns\Under_the_Burning_Suns\units\Dwarvish_Explorer.cfg" [ ARCHIVE | 4 Ko ]
500. TC: 07/04/2008,19:56:25 | TM: 11/02/2008,13:55:30 | DA: 31/07/2009,00:00:00
501.
502.
503. =========================
504.
505.
506. "C:\Program Files\Epson Software\Easy Photo Print\ThumbnailExplorer.dll" [ ARCHIVE | 139 Ko ]
507. TC: 05/09/2009,15:43:05 | TM: 11/04/2008,14:36:40 | DA: 05/09/2009,00:00:00
508.
509. CompanyName: SEIKO EPSON CORPORATION
510. ProductName: ThumbnailExplorer
511. LegalCopyright: Copyright (C) SEIKO EPSON CORPORATION 2004-2008, All rights reserved.
512. ProductVersion: 2.00
513. FileVersion: 2, 0, 0, 0
514.
515. =========================
516.
517.
518. "C:\Program Files\Battle for Wesnoth 1.6.5\data\campaigns\Under_the_Burning_Suns\images\units\dwarves\explorer-attack1.png" [ ARCHIVE | 4 Ko ]
519. TC: 06/09/2009,18:22:14 | TM: 06/09/2009,18:22:14 | DA: 24/06/2010,00:00:00
520.
521.
522. =========================
523.
524.
525. "C:\Program Files\Battle for Wesnoth 1.6.5\data\campaigns\Under_the_Burning_Suns\images\units\dwarves\explorer-attack2.png" [ ARCHIVE | 4 Ko ]
526. TC: 06/09/2009,18:22:14 | TM: 06/09/2009,18:22:14 | DA: 24/06/2010,00:00:00
527.
528.
529. =========================
530.
531.
532. "C:\Program Files\Battle for Wesnoth 1.6.5\data\campaigns\Under_the_Burning_Suns\images\units\dwarves\explorer-attack3.png" [ ARCHIVE | 5 Ko ]
533. TC: 06/09/2009,18:22:14 | TM: 06/09/2009,18:22:14 | DA: 24/06/2010,00:00:00
534.
535.
536. =========================
537.
538.
539. "C:\Program Files\Battle for Wesnoth 1.6.5\data\campaigns\Under_the_Burning_Suns\images\units\dwarves\explorer-attack4.png" [ ARCHIVE | 6 Ko ]
540. TC: 06/09/2009,18:22:14 | TM: 06/09/2009,18:22:14 | DA: 24/06/2010,00:00:00
541.
542.
543. =========================
544.
545.
546. "C:\Program Files\Battle for Wesnoth 1.6.5\data\campaigns\Under_the_Burning_Suns\images\units\dwarves\explorer-defend.png" [ ARCHIVE | 6 Ko ]
547. TC: 06/09/2009,18:22:14 | TM: 06/09/2009,18:22:14 | DA: 24/06/2010,00:00:00
548.
549.
550. =========================
551.
552.
553. "C:\Program Files\Battle for Wesnoth 1.6.5\data\campaigns\Under_the_Burning_Suns\images\units\dwarves\explorer-ranged1.png" [ ARCHIVE | 5 Ko ]
554. TC: 06/09/2009,18:22:14 | TM: 06/09/2009,18:22:14 | DA: 24/06/2010,00:00:00
555.
556.
557. =========================
558.
559.
560. "C:\Program Files\Battle for Wesnoth 1.6.5\data\campaigns\Under_the_Burning_Suns\images\units\dwarves\explorer-ranged2.png" [ ARCHIVE | 4 Ko ]
561. TC: 06/09/2009,18:22:14 | TM: 06/09/2009,18:22:14 | DA: 24/06/2010,00:00:00
562.
563.
564. =========================
565.
566.
567. "C:\Program Files\Battle for Wesnoth 1.6.5\data\campaigns\Under_the_Burning_Suns\images\units\dwarves\explorer-ranged3.png" [ ARCHIVE | 3 Ko ]
568. TC: 06/09/2009,18:22:14 | TM: 06/09/2009,18:22:14 | DA: 24/06/2010,00:00:00
569.
570.
571. =========================
572.
573.
574. "C:\Program Files\Battle for Wesnoth 1.6.5\data\campaigns\Under_the_Burning_Suns\images\units\dwarves\explorer-ranged4.png" [ ARCHIVE | 5 Ko ]
575. TC: 06/09/2009,18:22:14 | TM: 06/09/2009,18:22:14 | DA: 24/06/2010,00:00:00
576.
577.
578. =========================
579.
580.
581. "C:\Program Files\Battle for Wesnoth 1.6.5\data\campaigns\Under_the_Burning_Suns\images\units\dwarves\explorer.png" [ ARCHIVE | 6 Ko ]
582. TC: 06/09/2009,18:22:14 | TM: 06/09/2009,18:22:14 | DA: 24/06/2010,00:00:00
583.
584.
585. =========================
586.
587.
588. "C:\Program Files\Battle for Wesnoth 1.6.5\data\campaigns\Under_the_Burning_Suns\units\Dwarvish_Explorer.cfg" [ ARCHIVE | 4 Ko ]
589. TC: 06/09/2009,18:22:14 | TM: 06/09/2009,18:22:14 | DA: 06/06/2010,00:00:00
590.
591.
592. =========================
593.
594.
595. "C:\Qoobox\Quarantine\C\WINDOWS\explorer.exe.vir" [ ARCHIVE | 1038 Ko ]
596. TC: 05/08/2004,05:00:00 | TM: 14/04/2008,04:34:04 | DA: 04/11/2010,00:00:00
597.
598. CompanyName: Microsoft Corporation
599. ProductName: Système d'exploitation Microsoft® Windows®
600. InternalName: explorer
601. OriginalFileName: EXPLORER.EXE
602. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
603. ProductVersion: 6.00.2900.5512
604. FileVersion: 6.00.2900.5512 (xpsp.080413-2105)
605.
606. =========================
607.
608.
609. =========================
610.
611. Fin à: 19:46:47 le 04/11/2010
612. 177180 Éléments analysés
613.
614. =========================
615. E.O.F
AhnLab-V3 2010.11.04.03 2010.11.04 -
AntiVir 7.10.13.139 2010.11.04 -
Antiy-AVL 2.0.3.7 2010.11.04 Trojan/Win32.Small.gen
Authentium 5.2.0.5 2010.11.04 -
Avast 4.8.1351.0 2010.11.04 -
Avast5 5.0.594.0 2010.11.04 -
AVG 9.0.0.851 2010.11.04 -
BitDefender 7.2 2010.11.04 Gen:Trojan.Heur.TP.Fm0@baJHH0l
CAT-QuickHeal 11.00 2010.11.04 -
ClamAV 0.96.2.0-git 2010.11.04 -
Comodo 6617 2010.11.04 TrojWare.Win32.Patched.kl
DrWeb 5.0.2.03300 2010.11.04 -
Emsisoft 5.0.0.50 2010.11.04 -
eSafe 7.0.17.0 2010.11.04 -
eTrust-Vet 36.1.7955 2010.11.04 -
F-Prot 4.6.2.117 2010.11.03 -
F-Secure 9.0.16160.0 2010.11.04 Gen:Trojan.Heur.TP.Fm0@baJHH0l
Fortinet 4.2.249.0 2010.11.04 W32/Pached.KL!tr
GData 21 2010.11.04 Gen:Trojan.Heur.TP.Fm0@baJHH0l
Ikarus T3.1.1.90.0 2010.11.04 -
Jiangmin 13.0.900 2010.11.04 -
K7AntiVirus 9.67.2903 2010.11.03 -
Kaspersky 7.0.0.125 2010.11.04 -
McAfee 5.400.0.1158 2010.11.04 -
McAfee-GW-Edition 2010.1C 2010.11.04 -
Microsoft 1.6301 2010.11.04 -
NOD32 5591 2010.11.04 Win32/Bamital.EQ
Norman 6.06.10 2010.11.04 -
nProtect 2010-11-04.02 2010.11.04 Trojan-Downloader/W32.Small.512000.B
Panda 10.0.2.7 2010.11.04 -
PCTools 7.0.3.5 2010.11.04 -
Prevx 3.0 2010.11.04 Medium Risk Malware
Rising 22.72.02.04 2010.11.04 Trojan.Win32.Generic.5241FCE0
Sophos 4.59.0 2010.11.04 Troj/Patched-O
Sunbelt 7216 2010.11.04 -
SUPERAntiSpyware 4.40.0.1006 2010.11.04 -
Symantec 20101.2.0.161 2010.11.04 -
TheHacker 6.7.0.1.076 2010.11.04 -
TrendMicro 9.120.0.1004 2010.11.04 -
TrendMicro-HouseCall 9.120.0.1004 2010.11.04 -
VBA32 3.12.14.1 2010.11.03 -
ViRobot 2010.10.4.4074 2010.11.04 -
VirusBuster 12.71.5.1 2010.11.04 -
MD5: 4222b3c490ba0571d6525688b93c5028
SHA1: fa574a02140957db1ccb2a8bee8999d5c83a8e8b
SHA256: 448815880e20a9ca84892442d2755cd7eeb22da0f288e115d8b05c532c9fc688
File size: 512000 bytes
Scan date: 2010-11-04 18:00:21 (UTC)
-----
Antivir décèle toujours explorer.exe infecté. D'ailleurs, j'ai refait une analyse avec virustotal et voici le rapport (le fichier est visiblement toujours infecté... est-ce que ça peut être lié au redémarrage du pc avant la fin ?) :
AhnLab-V3 2010.11.04.03 2010.11.04 -
AntiVir 7.10.13.139 2010.11.04 TR/Spy.1037824.12
Antiy-AVL 2.0.3.7 2010.11.04 -
Authentium 5.2.0.5 2010.11.04 -
Avast 4.8.1351.0 2010.11.04 -
Avast5 5.0.594.0 2010.11.04 -
AVG 9.0.0.851 2010.11.04 -
BitDefender 7.2 2010.11.04 Gen:Trojan.Heur.TP.@q0@b8d1HMh
CAT-QuickHeal 11.00 2010.11.04 -
ClamAV 0.96.2.0-git 2010.11.04 -
Comodo 6617 2010.11.04 TrojWare.Win32.Patched.kl
DrWeb 5.0.2.03300 2010.11.04 -
Emsisoft 5.0.0.50 2010.11.04 Virus.Win32.Bamital!IK
eSafe 7.0.17.0 2010.11.04 -
eTrust-Vet 36.1.7955 2010.11.04 -
F-Prot 4.6.2.117 2010.11.04 -
F-Secure 9.0.16160.0 2010.11.04 Gen:Trojan.Heur.TP.@q0@b8d1HMh
Fortinet 4.2.249.0 2010.11.04 W32/Pached.KL!tr
GData 21 2010.11.04 Gen:Trojan.Heur.TP.@q0@b8d1HMh
Ikarus T3.1.1.90.0 2010.11.04 Virus.Win32.Bamital
Jiangmin 13.0.900 2010.11.04 -
K7AntiVirus 9.67.2903 2010.11.03 -
Kaspersky 7.0.0.125 2010.11.04 -
McAfee 5.400.0.1158 2010.11.04 -
McAfee-GW-Edition 2010.1C 2010.11.04 -
Microsoft 1.6301 2010.11.04 -
NOD32 5592 2010.11.04 Win32/Bamital.EQ
Norman 6.06.10 2010.11.04 -
nProtect 2010-11-04.02 2010.11.04 -
Panda 10.0.2.7 2010.11.04 Suspicious file
PCTools 7.0.3.5 2010.11.04 -
Prevx 3.0 2010.11.04 -
Rising 22.72.02.04 2010.11.04 Trojan.Win32.Generic.52425727
Sophos 4.59.0 2010.11.04 Troj/Patched-O
Sunbelt 7216 2010.11.04 -
SUPERAntiSpyware 4.40.0.1006 2010.11.04 -
Symantec 20101.2.0.161 2010.11.04 Suspicious.Mystic
TheHacker 6.7.0.1.076 2010.11.04 -
TrendMicro 9.120.0.1004 2010.11.04 -
TrendMicro-HouseCall 9.120.0.1004 2010.11.04 -
VBA32 3.12.14.1 2010.11.03 -
ViRobot 2010.10.4.4074 2010.11.04 -
VirusBuster 12.71.5.1 2010.11.04 -
MD5: e3702d74dc5d8f61095fa8a7f8db47a1
SHA1: 866f7221d56455e5b5efdf7817a1c18de9b12dde
SHA256: 7ecd7648a3cde65dbd1207f7fd94eef5cca7a31a631fe25e89b84d73be664a7f
File size: 1037824 bytes
Scan date: 2010-11-04 18:34:38 (UTC)
-----
Le résultat pour SEAF et winlogon :
1. ========================= SEAF 1.0.1.0 - C_XX
2.
3. Commencé à: 19:38:38 le 04/11/2010
4.
5. Valeur(s) recherchée(s):
6. winlogon
7.
8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès
9.
10. (!) --- Informations supplémentaires
11. (!) --- Affichage des ADS
12. (!) --- Affichage des dossiers
13. (!) --- Recherche registre
14.
15. ====== Fichier(s) ======
16.
17.
18. "C:\i386\WINLOGON.EX_" [ ARCHIVE | 261 Ko ]
19. TC: 05/08/2004,05:00:00 | TM: 05/08/2004,05:00:00 | DA: 04/11/2010,00:00:00
20.
21.
22. =========================
23.
24.
25. "C:\WINDOWS\system32\winlogon.exe" [ ARCHIVE | 512 Ko ]
26. TC: 05/08/2004,05:00:00 | TM: 14/04/2008,04:34:28 | DA: 04/11/2010,00:00:00
27.
28. CompanyName: Microsoft Corporation
29. ProductName: Système d'exploitation Microsoft® Windows®
30. InternalName: winlogon
31. OriginalFileName: WINLOGON.EXE
32. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
33. ProductVersion: 5.1.2600.5512
34. FileVersion: 5.1.2600.5512 (xpsp.080413-2113)
35.
36. =========================
37.
38.
39. "C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe" [ NORMAL | 506 Ko ]
40. TC: 30/08/2008,10:16:19 | TM: 05/08/2004,05:00:00 | DA: 04/11/2010,00:00:00
41.
42. CompanyName: Microsoft Corporation
43. ProductName: Système d'exploitation Microsoft® Windows®
44. InternalName: winlogon
45. OriginalFileName: WINLOGON.EXE
46. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
47. ProductVersion: 5.1.2600.2180
48. FileVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
49.
50. =========================
51.
52.
53. "C:\WINDOWS\ServicePackFiles\i386\winlogon.exe" [ NORMAL | 512 Ko ]
54. TC: 14/04/2008,04:34:28 | TM: 14/04/2008,04:34:28 | DA: 04/11/2010,00:00:00
55.
56. CompanyName: Microsoft Corporation
57. ProductName: Système d'exploitation Microsoft® Windows®
58. InternalName: winlogon
59. OriginalFileName: WINLOGON.EXE
60. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
61. ProductVersion: 5.1.2600.5512
62. FileVersion: 5.1.2600.5512 (xpsp.080413-2113)
63.
64. =========================
65.
66.
67. "C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon.exe.vir" [ ARCHIVE | 512 Ko ]
68. TC: 05/08/2004,05:00:00 | TM: 14/04/2008,04:34:28 | DA: 04/11/2010,00:00:00
69.
70. CompanyName: Microsoft Corporation
71. ProductName: Système d'exploitation Microsoft® Windows®
72. InternalName: winlogon
73. OriginalFileName: WINLOGON.EXE
74. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
75. ProductVersion: 5.1.2600.5512
76. FileVersion: 5.1.2600.5512 (xpsp.080413-2113)
77.
78. =========================
79.
80.
81.
82. ====== Entrée(s) du registre ======
83.
84.
85. [HKLM\Software\Microsoft\ESENT\Process\winlogon]
86. DA: 02/02/2010 08:19:38
87.
88. [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\StartMenuLogoff\Policy\LogonType]
89. "RegKey"="Software\Microsoft\Windows NT\CurrentVersion\Winlogon" (REG_SZ)
90.
91. [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\boot]
92. "Shell"="SYS:Microsoft\Windows NT\CurrentVersion\Winlogon" (REG_SZ)
93.
94. [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]
95. "Winlogon"="SYS:Microsoft\Windows NT\CurrentVersion\Winlogon" (REG_SZ)
96.
97. [HKLM\Software\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/AllocateCDRoms]
98. DA: 30/08/2008 12:59:25
99.
100. [HKLM\Software\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/AllocateDASD]
101. DA: 30/08/2008 12:59:25
102.
103. [HKLM\Software\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/AllocateFloppies]
104. DA: 30/08/2008 12:59:25
105.
106. [HKLM\Software\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/CachedLogonsCount]
107. DA: 30/08/2008 12:59:25
108.
109. [HKLM\Software\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/ForceUnlockLogon]
110. DA: 30/08/2008 12:59:25
111.
112. [HKLM\Software\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/PasswordExpiryWarning]
113. DA: 30/08/2008 12:59:25
114.
115. [HKLM\Software\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/ScRemoveOption]
116. DA: 30/08/2008 12:59:25
117.
118. [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
119. DA: 04/11/2010 18:48:58
120.
121. [HKLM\System\ControlSet001\Control\BackupRestore\FilesNotToBackup]
122. "Winlogon debug"="%WINDIR%\debug\*" (REG_MULTI_SZ)
123.
124. [HKLM\System\ControlSet001\Control\Terminal Server\SysProcs]
125. "winlogon.exe"="0" (REG_DWORD)
126.
127. [HKLM\System\ControlSet001\Services\Eventlog\Application]
128. "Sources"="WSH
129. WMIAdapter
130. WMI.NET Provider Extension
131. WmdmPmSN
132. WinMgmt
133. Winlogon
134. Windows Product Activation
135. Windows Media Encoder
136. Windows 3.1 Migration
137. WebClient
138. VSS
139. VBRuntime
140. Userinit
141. Userenv
142. System.ServiceModel.Install 3.0.0.0
143. System.ServiceModel 3.0.0.0
144. System.Runtime.Serialization 3.0.0.0
145. System.IO.Log 3.0.0.0
146. System.IdentityModel 3.0.0.0
147. SysmonLog
148. Starter
149. SpoolerCtrs
150. Software Restriction Policies
151. Software Installation
152. ServiceModel Audit 3.0.0.0
153. SecurityCenter
154. SeaPort
155. SclgNtfy
156. SceSrv
157. SceCli
158. safrslv
159. SAFrdms
160. RPC
161. Remote Assistance
162. PerfProc
163. PerfOS
164. PerfNet
165. Perfmon
166. Perflib
167. PerfDisk
168. Perfctrs
169. Offline Files
170. Oakley
171. ntbackup
172. NDP1.1sp1-KB979906-X86
173. NDP1.1sp1-KB953297-X86
174. NDP1.1sp1-KB2416447-X86
175. MSSQLSERVER/MSDE
176. MSSHA
177. MsiInstaller
178. MSDTC Client
179. MSDTC
180. mnmsrvc
181. Microsoft.Transactions.Bridge 3.0.0.0
182. Microsoft H.323 Telephony Service Provider
183. Microsoft Fax
184. Microsoft (R) Visual C# 2005 Compiler
185. LoadPerf
186. JavaQuickStarterService
187. HotFixInstaller
188. HelpSvc
189. fsssvc
190. Folder Redirection
191. File Deployment
192. Family Safety Service
193. EventSystem
194. ESENT
195. DrWatson
196. Dot3Svc
197. DiskQuota
198. crypt32
199. COM+
200. COM
201. Ci
202. Chkdsk
203. CardSpace 3.0.0.0
204. Avira AntiVir
205. AutoEnrollment
206. Autochk
207. ASP.NET 2.0.50727.0
208. ASP.NET 1.1.4322.0
209. Application Management
210. Application Hang
211. Application Error
212. apphelp
213. AegisP
214. AdobePlatform
215. Adobe Active File Monitor 6.0
216. .NET Runtime Optimization Service
217. .NET Runtime 2.0 Error Reporting
218. .NET Runtime
219. Application" (REG_MULTI_SZ)
220.
221. [HKLM\System\ControlSet001\Services\Eventlog\Application\Autochk]
222. "EventMessageFile"="%SystemRoot%\System32\winlogon.exe" (REG_EXPAND_SZ)
223.
224. [HKLM\System\ControlSet001\Services\Eventlog\Application\Winlogon]
225. DA: 04/11/2010 18:40:31
226.
227. [HKLM\System\ControlSet002\Control\BackupRestore\FilesNotToBackup]
228. "Winlogon debug"="%WINDIR%\debug\*" (REG_MULTI_SZ)
229.
230. [HKLM\System\ControlSet002\Control\Terminal Server\SysProcs]
231. "winlogon.exe"="0" (REG_DWORD)
232.
233. [HKLM\System\ControlSet002\Services\Eventlog\Application]
234. "Sources"="WSH
235. WMIAdapter
236. WMI.NET Provider Extension
237. WmdmPmSN
238. WinMgmt
239. Winlogon
240. Windows Product Activation
241. Windows Media Encoder
242. Windows 3.1 Migration
243. WebClient
244. VSS
245. VBRuntime
246. Userinit
247. Userenv
248. System.ServiceModel.Install 3.0.0.0
249. System.ServiceModel 3.0.0.0
250. System.Runtime.Serialization 3.0.0.0
251. System.IO.Log 3.0.0.0
252. System.IdentityModel 3.0.0.0
253. SysmonLog
254. Starter
255. SpoolerCtrs
256. Software Restriction Policies
257. Software Installation
258. ServiceModel Audit 3.0.0.0
259. SecurityCenter
260. SeaPort
261. SclgNtfy
262. SceSrv
263. SceCli
264. safrslv
265. SAFrdms
266. RPC
267. Remote Assistance
268. PerfProc
269. PerfOS
270. PerfNet
271. Perfmon
272. Perflib
273. PerfDisk
274. Perfctrs
275. Offline Files
276. Oakley
277. ntbackup
278. NDP1.1sp1-KB979906-X86
279. NDP1.1sp1-KB953297-X86
280. NDP1.1sp1-KB2416447-X86
281. MSSQLSERVER/MSDE
282. MSSHA
283. MsiInstaller
284. MSDTC Client
285. MSDTC
286. mnmsrvc
287. Microsoft.Transactions.Bridge 3.0.0.0
288. Microsoft H.323 Telephony Service Provider
289. Microsoft Fax
290. Microsoft (R) Visual C# 2005 Compiler
291. LoadPerf
292. JavaQuickStarterService
293. HotFixInstaller
294. HelpSvc
295. fsssvc
296. Folder Redirection
297. File Deployment
298. Family Safety Service
299. EventSystem
300. ESENT
301. DrWatson
302. Dot3Svc
303. DiskQuota
304. crypt32
305. COM+
306. COM
307. Ci
308. Chkdsk
309. CardSpace 3.0.0.0
310. Avira AntiVir
311. AutoEnrollment
312. Autochk
313. ASP.NET 2.0.50727.0
314. ASP.NET 1.1.4322.0
315. Application Management
316. Application Hang
317. Application Error
318. apphelp
319. AegisP
320. AdobePlatform
321. Adobe Active File Monitor 6.0
322. .NET Runtime Optimization Service
323. .NET Runtime 2.0 Error Reporting
324. .NET Runtime
325. Application" (REG_MULTI_SZ)
326.
327. [HKLM\System\ControlSet002\Services\Eventlog\Application\Autochk]
328. "EventMessageFile"="%SystemRoot%\System32\winlogon.exe" (REG_EXPAND_SZ)
329.
330. [HKLM\System\ControlSet002\Services\Eventlog\Application\Winlogon]
331. DA: 04/11/2010 18:40:15
332.
333. [HKLM\System\CurrentControlSet\Control\BackupRestore\FilesNotToBackup]
334. "Winlogon debug"="%WINDIR%\debug\*" (REG_MULTI_SZ)
335.
336. [HKLM\System\CurrentControlSet\Control\Terminal Server\SysProcs]
337. "winlogon.exe"="0" (REG_DWORD)
338.
339. [HKLM\System\CurrentControlSet\Services\Eventlog\Application]
340. "Sources"="WSH
341. WMIAdapter
342. WMI.NET Provider Extension
343. WmdmPmSN
344. WinMgmt
345. Winlogon
346. Windows Product Activation
347. Windows Media Encoder
348. Windows 3.1 Migration
349. WebClient
350. VSS
351. VBRuntime
352. Userinit
353. Userenv
354. System.ServiceModel.Install 3.0.0.0
355. System.ServiceModel 3.0.0.0
356. System.Runtime.Serialization 3.0.0.0
357. System.IO.Log 3.0.0.0
358. System.IdentityModel 3.0.0.0
359. SysmonLog
360. Starter
361. SpoolerCtrs
362. Software Restriction Policies
363. Software Installation
364. ServiceModel Audit 3.0.0.0
365. SecurityCenter
366. SeaPort
367. SclgNtfy
368. SceSrv
369. SceCli
370. safrslv
371. SAFrdms
372. RPC
373. Remote Assistance
374. PerfProc
375. PerfOS
376. PerfNet
377. Perfmon
378. Perflib
379. PerfDisk
380. Perfctrs
381. Offline Files
382. Oakley
383. ntbackup
384. NDP1.1sp1-KB979906-X86
385. NDP1.1sp1-KB953297-X86
386. NDP1.1sp1-KB2416447-X86
387. MSSQLSERVER/MSDE
388. MSSHA
389. MsiInstaller
390. MSDTC Client
391. MSDTC
392. mnmsrvc
393. Microsoft.Transactions.Bridge 3.0.0.0
394. Microsoft H.323 Telephony Service Provider
395. Microsoft Fax
396. Microsoft (R) Visual C# 2005 Compiler
397. LoadPerf
398. JavaQuickStarterService
399. HotFixInstaller
400. HelpSvc
401. fsssvc
402. Folder Redirection
403. File Deployment
404. Family Safety Service
405. EventSystem
406. ESENT
407. DrWatson
408. Dot3Svc
409. DiskQuota
410. crypt32
411. COM+
412. COM
413. Ci
414. Chkdsk
415. CardSpace 3.0.0.0
416. Avira AntiVir
417. AutoEnrollment
418. Autochk
419. ASP.NET 2.0.50727.0
420. ASP.NET 1.1.4322.0
421. Application Management
422. Application Hang
423. Application Error
424. apphelp
425. AegisP
426. AdobePlatform
427. Adobe Active File Monitor 6.0
428. .NET Runtime Optimization Service
429. .NET Runtime 2.0 Error Reporting
430. .NET Runtime
431. Application" (REG_MULTI_SZ)
432.
433. [HKLM\System\CurrentControlSet\Services\Eventlog\Application\Autochk]
434. "EventMessageFile"="%SystemRoot%\System32\winlogon.exe" (REG_EXPAND_SZ)
435.
436. [HKLM\System\CurrentControlSet\Services\Eventlog\Application\Winlogon]
437. DA: 04/11/2010 18:40:31
438.
439. [HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
440. DA: 30/08/2008 12:57:12
441.
442. [HKU\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
443. DA: 02/11/2005 15:56:29
444.
445. [HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
446. DA: 02/11/2005 15:56:28
447.
448. [HKU\S-1-5-21-3128837567-1174875597-2259545778-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
449. "d"="C:\WINDOWS\system32\winlogon.exe" (REG_SZ)
450.
451. [HKU\S-1-5-21-3128837567-1174875597-2259545778-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe]
452. "b"="C:\WINDOWS\system32\winlogon.exe" (REG_SZ)
453.
454. [HKU\S-1-5-21-3128837567-1174875597-2259545778-1006\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
455. DA: 04/11/2010 17:47:04
456.
457. [HKU\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
458. DA: 30/08/2008 12:57:12
459.
460. =========================
461.
462. Fin à: 19:43:27 le 04/11/2010
463. 310077 Éléments analysés
464.
465. =========================
466. E.O.F
Du coup, j'ai fait la même chose pour explorer, au cas où :
1. ========================= SEAF 1.0.1.0 - C_XX
2.
3. Commencé à: 19:45:34 le 04/11/2010
4.
5. Valeur(s) recherchée(s):
6. explorer
7.
8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès
9.
10. (!) --- Informations supplémentaires
11. (!) --- Affichage des ADS
12. (!) --- Affichage des dossiers
13.
14. ====== Fichier(s) ======
15.
16.
17. "C:\i386\EXPLORER.EX_" [ ARCHIVE | 351 Ko ]
18. TC: 05/08/2004,05:00:00 | TM: 05/08/2004,05:00:00 | DA: 04/11/2010,00:00:00
19.
20.
21. =========================
22.
23.
24. "C:\i386\EXPLORER.SC_" [ ARCHIVE | 181 o ]
25. TC: 05/08/2004,05:00:00 | TM: 05/08/2004,05:00:00 | DA: 04/11/2010,00:00:00
26.
27.
28. =========================
29.
30.
31. "C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Internet Explorer.lnk" [ ARCHIVE | 675 o ]
32. TC: 23/08/2006,15:08:48 | TM: 02/11/2005,16:01:54 | DA: 04/11/2010,00:00:00
33.
34.
35. =========================
36.
37.
38. "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer" [ DIRECTORY ]
39. TC: 02/11/2005,15:53:06 | TM: 02/11/2005,15:53:06 | DA: 02/11/2005,00:00:00
40.
41. =========================
42.
43.
44. "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk" [ ARCHIVE | 687 o ]
45. TC: 23/08/2006,15:08:48 | TM: 02/11/2005,16:01:54 | DA: 04/11/2010,00:00:00
46.
47.
48. =========================
49.
50.
51. "C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe" [ NORMAL | 1037 Ko ]
52. TC: 13/06/2007,15:10:53 | TM: 13/06/2007,15:10:54 | DA: 04/11/2010,00:00:00
53.
54. CompanyName: Microsoft Corporation
55. ProductName: Système d'exploitation Microsoft® Windows®
56. InternalName: explorer
57. OriginalFileName: EXPLORER.EXE
58. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
59. ProductVersion: 6.00.2900.3156
60. FileVersion: 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)
61.
62. =========================
63.
64.
65. "C:\WINDOWS\explorer.scf" [ ARCHIVE | 80 o ]
66. TC: 05/08/2004,05:00:00 | TM: 05/08/2004,05:00:00 | DA: 04/11/2010,00:00:00
67.
68.
69. =========================
70.
71.
72. "C:\WINDOWS\explorer.exe" [ ARCHIVE | 1038 Ko ]
73. TC: 05/08/2004,05:00:00 | TM: 14/04/2008,04:34:04 | DA: 04/11/2010,00:00:00
74.
75. CompanyName: Microsoft Corporation
76. ProductName: Système d'exploitation Microsoft® Windows®
77. InternalName: explorer
78. OriginalFileName: EXPLORER.EXE
79. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
80. ProductVersion: 6.00.2900.5512
81. FileVersion: 6.00.2900.5512 (xpsp.080413-2105)
82.
83. =========================
84.
85.
86. "C:\WINDOWS\$NtUninstallKB938828$\explorer.exe" [ NORMAL | 1036 Ko ]
87. TC: 15/08/2007,12:06:44 | TM: 05/08/2004,05:00:00 | DA: 04/11/2010,00:00:00
88.
89. CompanyName: Microsoft Corporation
90. ProductName: Système d'exploitation Microsoft® Windows®
91. InternalName: explorer
92. OriginalFileName: EXPLORER.EXE
93. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
94. ProductVersion: 6.00.2900.2180
95. FileVersion: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
96.
97. =========================
98.
99.
100. "C:\WINDOWS\$NtServicePackUninstall$\explorer.exe" [ NORMAL | 1037 Ko ]
101. TC: 30/08/2008,10:17:11 | TM: 13/06/2007,15:22:28 | DA: 04/11/2010,00:00:00
102.
103. CompanyName: Microsoft Corporation
104. ProductName: Système d'exploitation Microsoft® Windows®
105. InternalName: explorer
106. OriginalFileName: EXPLORER.EXE
107. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
108. ProductVersion: 6.00.2900.3156
109. FileVersion: 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)
110.
111. =========================
112.
113.
114. "C:\WINDOWS\ServicePackFiles\i386\explorer.exe" [ NORMAL | 1038 Ko ]
115. TC: 14/04/2008,04:34:03 | TM: 14/04/2008,04:34:04 | DA: 04/11/2010,00:00:00
116.
117. CompanyName: Microsoft Corporation
118. ProductName: Système d'exploitation Microsoft® Windows®
119. InternalName: explorer
120. OriginalFileName: EXPLORER.EXE
121. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
122. ProductVersion: 6.00.2900.5512
123. FileVersion: 6.00.2900.5512 (xpsp.080413-2105)
124.
125. =========================
126.
127.
128. "C:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf" [ ARCHIVE | 49 Ko ]
129. TC: 04/11/2010,18:47:39 | TM: 04/11/2010,18:47:40 | DA: 04/11/2010,00:00:00
130.
131.
132. =========================
133.
134.
135. "C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer" [ DIRECTORY ]
136. TC: 02/11/2005,15:53:06 | TM: 02/11/2005,15:53:06 | DA: 02/11/2005,00:00:00
137.
138. =========================
139.
140.
141. "C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk" [ ARCHIVE | 687 o ]
142. TC: 23/08/2006,15:08:44 | TM: 02/11/2005,16:01:54 | DA: 03/11/2010,00:00:00
143.
144.
145. =========================
146.
147.
148. "C:\Documents and Settings\Default User\Menu Démarrer\Programmes\Internet Explorer.lnk" [ ARCHIVE | 675 o ]
149. TC: 23/08/2006,15:08:44 | TM: 02/11/2005,16:01:54 | DA: 03/11/2010,00:00:00
150.
151.
152. =========================
153.
154.
155. "C:\Documents and Settings\All Users\Application Data\Microsoft\Windows\GameExplorer" [ DIRECTORY ]
156. TC: 23/05/2008,12:59:29 | TM: 23/05/2008,12:59:30 | DA: 23/05/2008,00:00:00
157.
158. =========================
159.
160.
161. "C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\hawaiianexplorerpearl" [ DIRECTORY ]
162. TC: 29/12/2009,14:03:41 | TM: 29/12/2009,14:03:42 | DA: 29/12/2009,00:00:00
163.
164. =========================
165.
166.
167. "C:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\UI\htdocs2\Common\product\wc80hawaiianexplorerpearl" [ DIRECTORY ]
168. TC: 29/12/2009,14:04:26 | TM: 29/12/2009,14:04:28 | DA: 29/12/2009,00:00:00
169.
170. =========================
171.
172.
173. "C:\Documents and Settings\NetworkService\Application Data\Microsoft\Internet Explorer" [ DIRECTORY ]
174. TC: 02/11/2005,15:53:06 | TM: 02/11/2005,15:53:06 | DA: 02/11/2005,00:00:00
175.
176. =========================
177.
178.
179. "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Internet Explorer" [ DIRECTORY ]
180. TC: 03/11/2010,17:58:25 | TM: 03/11/2010,17:58:26 | DA: 03/11/2010,00:00:00
181.
182. =========================
183.
184.
185. "C:\Documents and Settings\LocalService\Application Data\Microsoft\Internet Explorer" [ DIRECTORY ]
186. TC: 02/11/2005,15:53:06 | TM: 02/11/2005,15:53:06 | DA: 02/11/2005,00:00:00
187.
188. =========================
189.
190.
191. "C:\Documents and Settings\Famille Miéville\Local Settings\Application Data\Microsoft\Internet Explorer" [ DIRECTORY ]
192. TC: 23/08/2006,15:51:59 | TM: 23/08/2006,15:52:00 | DA: 23/08/2006,00:00:00
193.
194. =========================
195.
196.
197. "C:\Documents and Settings\Famille Miéville\Menu Démarrer\Programmes\Accessoires\Outils système\Internet Explorer (sans module complémentaire).lnk" [ ARCHIVE | 741 o ]
198. TC: 20/12/2006,09:45:43 | TM: 20/12/2006,09:45:46 | DA: 04/11/2010,00:00:00
199.
200.
201. =========================
202.
203.
204. "C:\Documents and Settings\Famille Miéville\Menu Démarrer\Programmes\Internet Explorer.lnk" [ ARCHIVE | 711 o ]
205. TC: 20/12/2006,09:45:45 | TM: 20/12/2006,09:45:46 | DA: 04/11/2010,00:00:00
206.
207.
208. =========================
209.
210.
211. "C:\Documents and Settings\Famille Miéville\Mes documents\Aurélie\ecole\Enjoy 4e\path\data\media\explorer.mp3" [ NORMAL | 10 Ko ]
212. TC: 12/03/2008,18:50:13 | TM: 12/03/2008,18:50:14 | DA: 22/09/2009,00:00:00
213.
214.
215. =========================
216.
217.
218. "C:\Documents and Settings\Famille Miéville\Favoris\Sites Web Microsoft\Internet Explorer 7 - Présentation rapide.url" [ ARCHIVE | 133 o ]
219. TC: 20/12/2006,09:46:07 | TM: 20/12/2006,09:46:08 | DA: 31/07/2009,00:00:00
220.
221.
222. =========================
223.
224.
225. "C:\Documents and Settings\Famille Miéville\Favoris\Sites Web Microsoft\Site Internet Explorer sur Microsoft.com.url" [ ARCHIVE | 133 o ]
226. TC: 20/12/2006,09:46:07 | TM: 20/12/2006,09:46:08 | DA: 31/07/2009,00:00:00
227.
228.
229. =========================
230.
231.
232. "C:\Documents and Settings\Famille Miéville\Application Data\Microsoft\Internet Explorer" [ DIRECTORY ]
233. TC: 23/08/2006,15:09:30 | TM: 02/11/2005,15:53:06 | DA: 23/08/2006,00:00:00
234.
235. =========================
236.
237.
238. "C:\Documents and Settings\Famille Miéville\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk" [ ARCHIVE | 723 o ]
239. TC: 23/08/2006,15:09:31 | TM: 20/12/2006,09:45:48 | DA: 03/11/2010,00:00:00
240.
241.
242. =========================
243.
244.
245. "C:\Documents and Settings\lalinette\Local Settings\Application Data\Microsoft\Internet Explorer" [ DIRECTORY ]
246. TC: 17/03/2008,19:47:05 | TM: 17/03/2008,19:47:06 | DA: 17/03/2008,00:00:00
247.
248. =========================
249.
250.
251. "C:\Documents and Settings\lalinette\Menu Démarrer\Programmes\Accessoires\Outils système\Internet Explorer (sans module complémentaire).lnk" [ ARCHIVE | 741 o ]
252. TC: 17/03/2008,19:47:04 | TM: 17/03/2008,19:47:06 | DA: 04/01/2010,00:00:00
253.
254.
255. =========================
256.
257.
258. "C:\Documents and Settings\lalinette\Menu Démarrer\Programmes\Internet Explorer.lnk" [ ARCHIVE | 711 o ]
259. TC: 17/03/2008,19:47:04 | TM: 17/03/2008,19:47:06 | DA: 04/01/2010,00:00:00
260.
261.
262. =========================
263.
264.
265. "C:\Documents and Settings\lalinette\Favoris\Sites Web Microsoft\Internet Explorer 7 - Présentation rapide.url" [ ARCHIVE | 133 o ]
266. TC: 17/03/2008,19:47:05 | TM: 17/03/2008,19:47:08 | DA: 31/07/2009,00:00:00
267.
268.
269. =========================
270.
271.
272. "C:\Documents and Settings\lalinette\Favoris\Sites Web Microsoft\Site Internet Explorer sur Microsoft.com.url" [ ARCHIVE | 133 o ]
273. TC: 17/03/2008,19:47:05 | TM: 17/03/2008,19:47:08 | DA: 31/07/2009,00:00:00
274.
275.
276. =========================
277.
278.
279. "C:\Documents and Settings\lalinette\Application Data\Microsoft\Internet Explorer" [ DIRECTORY ]
280. TC: 17/03/2008,19:46:33 | TM: 02/11/2005,15:53:06 | DA: 17/03/2008,00:00:00
281.
282. =========================
283.
284.
285. "C:\Documents and Settings\lalinette\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk" [ ARCHIVE | 723 o ]
286. TC: 17/03/2008,19:46:34 | TM: 17/03/2008,19:47:06 | DA: 13/10/2010,00:00:00
287.
288.
289. =========================
290.
291.
292. "C:\Documents and Settings\chloé\Local Settings\Application Data\Microsoft\Internet Explorer" [ DIRECTORY ]
293. TC: 18/03/2008,11:43:32 | TM: 18/03/2008,11:43:34 | DA: 18/03/2008,00:00:00
294.
295. =========================
296.
297.
298. "C:\Documents and Settings\chloé\Menu Démarrer\Programmes\Accessoires\Outils système\Internet Explorer (sans module complémentaire).lnk" [ ARCHIVE | 741 o ]
299. TC: 18/03/2008,11:43:30 | TM: 18/03/2008,11:43:32 | DA: 04/11/2010,00:00:00
300.
301.
302. =========================
303.
304.
305. "C:\Documents and Settings\chloé\Menu Démarrer\Programmes\Internet Explorer.lnk" [ ARCHIVE | 711 o ]
306. TC: 18/03/2008,11:43:30 | TM: 18/03/2008,11:43:32 | DA: 04/11/2010,00:00:00
307.
308.
309. =========================
310.
311.
312. "C:\Documents and Settings\chloé\Favoris\Sites Web Microsoft\Internet Explorer 7 - Présentation rapide.url" [ ARCHIVE | 133 o ]
313. TC: 18/03/2008,11:43:32 | TM: 18/03/2008,11:43:34 | DA: 31/07/2009,00:00:00
314.
315.
316. =========================
317.
318.
319. "C:\Documents and Settings\chloé\Favoris\Sites Web Microsoft\Site Internet Explorer sur Microsoft.com.url" [ ARCHIVE | 133 o ]
320. TC: 18/03/2008,11:43:32 | TM: 18/03/2008,11:43:34 | DA: 31/07/2009,00:00:00
321.
322.
323. =========================
324.
325.
326. "C:\Documents and Settings\chloé\Application Data\Microsoft\Internet Explorer" [ DIRECTORY ]
327. TC: 18/03/2008,11:42:57 | TM: 02/11/2005,15:53:06 | DA: 18/03/2008,00:00:00
328.
329. =========================
330.
331.
332. "C:\Documents and Settings\chloé\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk" [ ARCHIVE | 723 o ]
333. TC: 18/03/2008,11:42:58 | TM: 18/03/2008,11:43:32 | DA: 13/10/2010,00:00:00
334.
335.
336. =========================
337.
338.
339. "C:\Program Files\Online Services\Utilisez MSN Explorer pour vous abonnez et avoir accès à Internet (US seulement).lnk" [ ARCHIVE | 2 Ko ]
340. TC: 02/11/2005,15:51:26 | TM: 02/11/2005,15:51:26 | DA: 31/07/2009,00:00:00
341.
342.
343. =========================
344.
345.
346. "C:\Program Files\Internet Explorer" [ DIRECTORY ]
347. TC: 02/11/2005,15:52:10 | TM: 02/11/2005,15:52:10 | DA: 02/11/2005,00:00:00
348.
349. =========================
350.
351.
352. "C:\Program Files\Wesnoth2\data\campaigns\Under_the_Burning_Suns\images\dwarf-explorer-attack1.png" [ ARCHIVE | 4 Ko ]
353. TC: 29/12/2006,13:39:41 | TM: 30/11/2006,02:22:04 | DA: 31/07/2009,00:00:00
354.
355.
356. =========================
357.
358.
359. "C:\Program Files\Wesnoth2\data\campaigns\Under_the_Burning_Suns\images\dwarf-explorer-attack2.png" [ ARCHIVE | 5 Ko ]
360. TC: 29/12/2006,13:39:41 | TM: 30/11/2006,02:22:04 | DA: 31/07/2009,00:00:00
361.
362.
363. =========================
364.
365.
366. "C:\Program Files\Wesnoth2\data\campaigns\Under_the_Burning_Suns\images\dwarf-explorer-attack3.png" [ ARCHIVE | 5 Ko ]
367. TC: 29/12/2006,13:39:41 | TM: 30/11/2006,02:22:04 | DA: 31/07/2009,00:00:00
368.
369.
370. =========================
371.
372.
373. "C:\Program Files\Wesnoth2\data\campaigns\Under_the_Burning_Suns\images\dwarf-explorer-attack4.png" [ ARCHIVE | 6 Ko ]
374. TC: 29/12/2006,13:39:41 | TM: 30/11/2006,02:22:04 | DA: 31/07/2009,00:00:00
375.
376.
377. =========================
378.
379.
380. "C:\Program Files\Wesnoth2\data\campaigns\Under_the_Burning_Suns\images\dwarf-explorer-defend.png" [ ARCHIVE | 6 Ko ]
381. TC: 29/12/2006,13:39:41 | TM: 30/11/2006,02:22:04 | DA: 31/07/2009,00:00:00
382.
383.
384. =========================
385.
386.
387. "C:\Program Files\Wesnoth2\data\campaigns\Under_the_Burning_Suns\images\dwarf-explorer-ranged1.png" [ ARCHIVE | 5 Ko ]
388. TC: 29/12/2006,13:39:41 | TM: 30/11/2006,02:22:04 | DA: 31/07/2009,00:00:00
389.
390.
391. =========================
392.
393.
394. "C:\Program Files\Wesnoth2\data\campaigns\Under_the_Burning_Suns\images\dwarf-explorer-ranged2.png" [ ARCHIVE | 4 Ko ]
395. TC: 29/12/2006,13:39:41 | TM: 30/11/2006,02:22:04 | DA: 31/07/2009,00:00:00
396.
397.
398. =========================
399.
400.
401. "C:\Program Files\Wesnoth2\data\campaigns\Under_the_Burning_Suns\images\dwarf-explorer-ranged3.png" [ ARCHIVE | 3 Ko ]
402. TC: 29/12/2006,13:39:41 | TM: 30/11/2006,02:22:04 | DA: 31/07/2009,00:00:00
403.
404.
405. =========================
406.
407.
408. "C:\Program Files\Wesnoth2\data\campaigns\Under_the_Burning_Suns\images\dwarf-explorer-ranged4.png" [ ARCHIVE | 5 Ko ]
409. TC: 29/12/2006,13:39:41 | TM: 30/11/2006,02:22:04 | DA: 31/07/2009,00:00:00
410.
411.
412. =========================
413.
414.
415. "C:\Program Files\Wesnoth2\data\campaigns\Under_the_Burning_Suns\images\dwarf-explorer.png" [ ARCHIVE | 6 Ko ]
416. TC: 29/12/2006,13:39:41 | TM: 06/10/2006,12:16:42 | DA: 31/07/2009,00:00:00
417.
418.
419. =========================
420.
421.
422. "C:\Program Files\Wesnoth2\data\campaigns\Under_the_Burning_Suns\units\Dwarvish_Explorer.cfg" [ ARCHIVE | 3 Ko ]
423. TC: 29/12/2006,13:39:45 | TM: 20/11/2006,17:37:36 | DA: 31/07/2009,00:00:00
424.
425.
426. =========================
427.
428.
429. "C:\Program Files\Wesnoth 1.4\data\campaigns\Under_the_Burning_Suns\images\units\dwarves\explorer-attack1.png" [ ARCHIVE | 4 Ko ]
430. TC: 07/04/2008,19:56:22 | TM: 29/04/2007,17:15:04 | DA: 31/07/2009,00:00:00
431.
432.
433. =========================
434.
435.
436. "C:\Program Files\Wesnoth 1.4\data\campaigns\Under_the_Burning_Suns\images\units\dwarves\explorer-attack2.png" [ ARCHIVE | 5 Ko ]
437. TC: 07/04/2008,19:56:22 | TM: 29/04/2007,17:15:04 | DA: 31/07/2009,00:00:00
438.
439.
440. =========================
441.
442.
443. "C:\Program Files\Wesnoth 1.4\data\campaigns\Under_the_Burning_Suns\images\units\dwarves\explorer-attack3.png" [ ARCHIVE | 5 Ko ]
444. TC: 07/04/2008,19:56:22 | TM: 29/04/2007,17:15:04 | DA: 31/07/2009,00:00:00
445.
446.
447. =========================
448.
449.
450. "C:\Program Files\Wesnoth 1.4\data\campaigns\Under_the_Burning_Suns\images\units\dwarves\explorer-attack4.png" [ ARCHIVE | 6 Ko ]
451. TC: 07/04/2008,19:56:22 | TM: 29/04/2007,17:15:04 | DA: 31/07/2009,00:00:00
452.
453.
454. =========================
455.
456.
457. "C:\Program Files\Wesnoth 1.4\data\campaigns\Under_the_Burning_Suns\images\units\dwarves\explorer-defend.png" [ ARCHIVE | 6 Ko ]
458. TC: 07/04/2008,19:56:22 | TM: 29/04/2007,17:15:04 | DA: 31/07/2009,00:00:00
459.
460.
461. =========================
462.
463.
464. "C:\Program Files\Wesnoth 1.4\data\campaigns\Under_the_Burning_Suns\images\units\dwarves\explorer-ranged1.png" [ ARCHIVE | 5 Ko ]
465. TC: 07/04/2008,19:56:22 | TM: 29/04/2007,17:15:04 | DA: 31/07/2009,00:00:00
466.
467.
468. =========================
469.
470.
471. "C:\Program Files\Wesnoth 1.4\data\campaigns\Under_the_Burning_Suns\images\units\dwarves\explorer-ranged2.png" [ ARCHIVE | 4 Ko ]
472. TC: 07/04/2008,19:56:22 | TM: 29/04/2007,17:15:04 | DA: 31/07/2009,00:00:00
473.
474.
475. =========================
476.
477.
478. "C:\Program Files\Wesnoth 1.4\data\campaigns\Under_the_Burning_Suns\images\units\dwarves\explorer-ranged3.png" [ ARCHIVE | 3 Ko ]
479. TC: 07/04/2008,19:56:22 | TM: 29/04/2007,17:15:04 | DA: 31/07/2009,00:00:00
480.
481.
482. =========================
483.
484.
485. "C:\Program Files\Wesnoth 1.4\data\campaigns\Under_the_Burning_Suns\images\units\dwarves\explorer-ranged4.png" [ ARCHIVE | 5 Ko ]
486. TC: 07/04/2008,19:56:22 | TM: 29/04/2007,17:15:04 | DA: 31/07/2009,00:00:00
487.
488.
489. =========================
490.
491.
492. "C:\Program Files\Wesnoth 1.4\data\campaigns\Under_the_Burning_Suns\images\units\dwarves\explorer.png" [ ARCHIVE | 6 Ko ]
493. TC: 07/04/2008,19:56:22 | TM: 29/04/2007,17:15:04 | DA: 31/07/2009,00:00:00
494.
495.
496. =========================
497.
498.
499. "C:\Program Files\Wesnoth 1.4\data\campaigns\Under_the_Burning_Suns\units\Dwarvish_Explorer.cfg" [ ARCHIVE | 4 Ko ]
500. TC: 07/04/2008,19:56:25 | TM: 11/02/2008,13:55:30 | DA: 31/07/2009,00:00:00
501.
502.
503. =========================
504.
505.
506. "C:\Program Files\Epson Software\Easy Photo Print\ThumbnailExplorer.dll" [ ARCHIVE | 139 Ko ]
507. TC: 05/09/2009,15:43:05 | TM: 11/04/2008,14:36:40 | DA: 05/09/2009,00:00:00
508.
509. CompanyName: SEIKO EPSON CORPORATION
510. ProductName: ThumbnailExplorer
511. LegalCopyright: Copyright (C) SEIKO EPSON CORPORATION 2004-2008, All rights reserved.
512. ProductVersion: 2.00
513. FileVersion: 2, 0, 0, 0
514.
515. =========================
516.
517.
518. "C:\Program Files\Battle for Wesnoth 1.6.5\data\campaigns\Under_the_Burning_Suns\images\units\dwarves\explorer-attack1.png" [ ARCHIVE | 4 Ko ]
519. TC: 06/09/2009,18:22:14 | TM: 06/09/2009,18:22:14 | DA: 24/06/2010,00:00:00
520.
521.
522. =========================
523.
524.
525. "C:\Program Files\Battle for Wesnoth 1.6.5\data\campaigns\Under_the_Burning_Suns\images\units\dwarves\explorer-attack2.png" [ ARCHIVE | 4 Ko ]
526. TC: 06/09/2009,18:22:14 | TM: 06/09/2009,18:22:14 | DA: 24/06/2010,00:00:00
527.
528.
529. =========================
530.
531.
532. "C:\Program Files\Battle for Wesnoth 1.6.5\data\campaigns\Under_the_Burning_Suns\images\units\dwarves\explorer-attack3.png" [ ARCHIVE | 5 Ko ]
533. TC: 06/09/2009,18:22:14 | TM: 06/09/2009,18:22:14 | DA: 24/06/2010,00:00:00
534.
535.
536. =========================
537.
538.
539. "C:\Program Files\Battle for Wesnoth 1.6.5\data\campaigns\Under_the_Burning_Suns\images\units\dwarves\explorer-attack4.png" [ ARCHIVE | 6 Ko ]
540. TC: 06/09/2009,18:22:14 | TM: 06/09/2009,18:22:14 | DA: 24/06/2010,00:00:00
541.
542.
543. =========================
544.
545.
546. "C:\Program Files\Battle for Wesnoth 1.6.5\data\campaigns\Under_the_Burning_Suns\images\units\dwarves\explorer-defend.png" [ ARCHIVE | 6 Ko ]
547. TC: 06/09/2009,18:22:14 | TM: 06/09/2009,18:22:14 | DA: 24/06/2010,00:00:00
548.
549.
550. =========================
551.
552.
553. "C:\Program Files\Battle for Wesnoth 1.6.5\data\campaigns\Under_the_Burning_Suns\images\units\dwarves\explorer-ranged1.png" [ ARCHIVE | 5 Ko ]
554. TC: 06/09/2009,18:22:14 | TM: 06/09/2009,18:22:14 | DA: 24/06/2010,00:00:00
555.
556.
557. =========================
558.
559.
560. "C:\Program Files\Battle for Wesnoth 1.6.5\data\campaigns\Under_the_Burning_Suns\images\units\dwarves\explorer-ranged2.png" [ ARCHIVE | 4 Ko ]
561. TC: 06/09/2009,18:22:14 | TM: 06/09/2009,18:22:14 | DA: 24/06/2010,00:00:00
562.
563.
564. =========================
565.
566.
567. "C:\Program Files\Battle for Wesnoth 1.6.5\data\campaigns\Under_the_Burning_Suns\images\units\dwarves\explorer-ranged3.png" [ ARCHIVE | 3 Ko ]
568. TC: 06/09/2009,18:22:14 | TM: 06/09/2009,18:22:14 | DA: 24/06/2010,00:00:00
569.
570.
571. =========================
572.
573.
574. "C:\Program Files\Battle for Wesnoth 1.6.5\data\campaigns\Under_the_Burning_Suns\images\units\dwarves\explorer-ranged4.png" [ ARCHIVE | 5 Ko ]
575. TC: 06/09/2009,18:22:14 | TM: 06/09/2009,18:22:14 | DA: 24/06/2010,00:00:00
576.
577.
578. =========================
579.
580.
581. "C:\Program Files\Battle for Wesnoth 1.6.5\data\campaigns\Under_the_Burning_Suns\images\units\dwarves\explorer.png" [ ARCHIVE | 6 Ko ]
582. TC: 06/09/2009,18:22:14 | TM: 06/09/2009,18:22:14 | DA: 24/06/2010,00:00:00
583.
584.
585. =========================
586.
587.
588. "C:\Program Files\Battle for Wesnoth 1.6.5\data\campaigns\Under_the_Burning_Suns\units\Dwarvish_Explorer.cfg" [ ARCHIVE | 4 Ko ]
589. TC: 06/09/2009,18:22:14 | TM: 06/09/2009,18:22:14 | DA: 06/06/2010,00:00:00
590.
591.
592. =========================
593.
594.
595. "C:\Qoobox\Quarantine\C\WINDOWS\explorer.exe.vir" [ ARCHIVE | 1038 Ko ]
596. TC: 05/08/2004,05:00:00 | TM: 14/04/2008,04:34:04 | DA: 04/11/2010,00:00:00
597.
598. CompanyName: Microsoft Corporation
599. ProductName: Système d'exploitation Microsoft® Windows®
600. InternalName: explorer
601. OriginalFileName: EXPLORER.EXE
602. LegalCopyright: © Microsoft Corporation. Tous droits réservés.
603. ProductVersion: 6.00.2900.5512
604. FileVersion: 6.00.2900.5512 (xpsp.080413-2105)
605.
606. =========================
607.
608.
609. =========================
610.
611. Fin à: 19:46:47 le 04/11/2010
612. 177180 Éléments analysés
613.
614. =========================
615. E.O.F
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
Modifié par jlpjlp le 4/11/2010 à 21:38
Modifié par jlpjlp le 4/11/2010 à 21:38
repasse combofix et colle le rapport
pour tenter de restaurer les fichiers d'origine,
sinon on cherchera dans ton pc des fichiers de remplacement sains ou depuis un autre pc ou sinon de faire ce qui est sur ce lien
pour te faire une idée sur ton infection : https://forum.malekal.com/viewtopic.php?t=28779&start=
pour tenter de restaurer les fichiers d'origine,
sinon on cherchera dans ton pc des fichiers de remplacement sains ou depuis un autre pc ou sinon de faire ce qui est sur ce lien
pour te faire une idée sur ton infection : https://forum.malekal.com/viewtopic.php?t=28779&start=
Bon, apparemment il y a de l'espoir alors ;)
J'ai repassé combofix mais il s'est passé la même chose : au moment ou combofix veut redémarrer le pc, il se bloque. J'ai du l'éteindre et le rallumer manuellement. Ensuite, le processus s'est terminé, avec succès selon le rapport... mais mon antivirus me signale toujours le virus dans explorer.exe... J'ai vérifié sur virustotal et les deux fichiers explorer et winlogon sont toujours infectés.
Voici le rapport de combofix :
ComboFix 10-11-03.04 - Famille Miéville 04/11/2010 22:32:33.2.1 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.447.165 [GMT 1:00]
Lancé depuis: c:\documents and settings\Famille Miéville\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
Une copie infectée de c:\windows\system32\winlogon.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\winlogon.exe
Une copie infectée de c:\windows\explorer.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\system volume information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP1\A0000515.EXE
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-10-04 au 2010-11-04 ))))))))))))))))))))))))))))))))))))
.
2010-11-04 18:36 . 2010-11-04 18:36 -------- d-----w- c:\program files\SEAF
2010-11-04 10:24 . 2010-11-04 10:24 -------- d-----w- c:\program files\VirusTotalUploader2
2010-11-04 09:06 . 2010-11-04 09:06 -------- d-----w- c:\program files\ZHPDiag
2010-11-04 07:50 . 2010-11-04 07:50 -------- d-----w- c:\documents and settings\chloé\Application Data\Simply Super Software
2010-11-03 22:49 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-11-03 22:49 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-11-03 22:49 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-11-03 22:49 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-11-03 22:49 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-11-03 22:49 . 2010-11-03 22:49 -------- d-----w- c:\program files\Trojan Remover
2010-11-03 22:49 . 2010-11-03 22:49 -------- d-----w- c:\documents and settings\Famille Miéville\Application Data\Simply Super Software
2010-11-03 22:49 . 2010-11-03 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-11-03 21:18 . 2010-11-03 21:18 -------- d-----w- c:\documents and settings\Famille Miéville\Application Data\thecleaner
2010-11-03 21:16 . 2010-11-03 21:16 -------- d-----w- c:\program files\The Cleaner
2010-11-03 19:28 . 2010-11-03 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-11-03 13:39 . 2010-11-03 13:39 -------- d-----w- c:\program files\CCleaner
2010-10-24 15:49 . 2010-10-24 15:49 -------- d-----w- c:\documents and settings\Famille Miéville\Application Data\VirginMega.DownloadManager.v3.4AE6D9B37411D7D7A2C457954142B8FA4EE6E198.1
2010-10-24 15:48 . 2010-10-24 15:48 -------- d-----w- c:\program files\VirginMega DownloadManager v3
2010-10-24 15:48 . 2010-10-24 15:48 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR
2010-10-13 11:12 . 2010-08-23 17:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-13 10:43 . 2010-09-18 07:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 10:43 . 2010-09-18 07:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-20 12:31 . 2010-09-20 12:31 443910 ----a-w- c:\windows\Enjoy 5e Uninstaller.exe
2010-09-18 11:23 . 2004-08-05 04:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 07:53 . 2004-08-05 04:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 07:53 . 2004-08-05 04:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 07:53 . 2004-08-05 04:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:34 . 2005-07-03 02:16 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:34 . 2004-08-05 04:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 14:34 . 2004-08-05 04:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 14:34 . 2004-08-05 04:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 16:57 . 2004-08-05 04:00 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 12:51 . 2004-08-05 04:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 08:55 . 2005-03-02 18:07 1852928 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 09:02 . 2004-08-05 04:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 06:58 . 2004-12-07 19:34 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 02:43 . 2008-05-05 06:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 14:39 . 2005-05-10 00:17 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 17:12 . 2004-08-05 04:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 14:17 . 2005-06-10 23:53 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 09:44 . 2004-08-05 04:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-11-04_17.41.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-04 21:24 . 2010-11-04 21:24 16384 c:\windows\temp\Perflib_Perfdata_588.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\Famille Miéville\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-20 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-07-30 202256]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-08-02 1167808]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk
backup=c:\windows\pss\DSLMON.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utility Tray.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Utility Tray.lnk
backup=c:\windows\pss\Utility Tray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WiFi Station.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\WiFi Station.lnk
backup=c:\windows\pss\WiFi Station.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Famille Miéville^Menu Démarrer^Programmes^Démarrage^HotSync Manager.lnk]
path=c:\documents and settings\Famille Miéville\Menu Démarrer\Programmes\Démarrage\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Famille Miéville^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\Famille Miéville\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Famille Miéville^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Famille Miéville\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-09-10 23:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
1999-04-27 01:00 18944 ----a-w- c:\program files\Creative\WebCam Control\CamTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:34 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
2005-11-16 16:00 397312 ----a-w- c:\acer\Empowering Technology\eRecovery\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-12-15 10:18 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-05 04:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2002-07-17 10:00 204863 ----a-w- c:\program files\Microsoft Money\System\mnyexpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-05 04:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
2005-05-11 17:15 45056 ----a-w- c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-05 04:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-05 04:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-09-01 14:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
2005-07-13 01:55 49152 ----a-w- c:\windows\system32\SiSPower.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-08-17 10:39 90112 ----a-w- c:\windows\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 04:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-07-30 10:13 202256 ----a-w- c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 15:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [31/07/2009 12:10 108289]
S3 CTL518;Video Blaster WebCam (WDM);c:\windows\system32\drivers\wcvid.sys [20/10/2000 14:00 178408]
S3 WN4501HLFZZ(Technology Corporation);802.11g Wireless USB Adapter(Technology Corporation);c:\windows\system32\DRIVERS\O4501U.sys --> c:\windows\system32\DRIVERS\O4501U.sys [?]
.
Contenu du dossier 'Tâches planifiées'
2009-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]
2010-10-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3128837567-1174875597-2259545778-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]
2010-11-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3128837567-1174875597-2259545778-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.msn.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.tiscali.fr/
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
FF - ProfilePath - c:\documents and settings\Famille Miéville\Application Data\Mozilla\Firefox\Profiles\sgvx75m4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.fr/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
.
------- Associations de fichier -------
.
.reg=Regedit.Document
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-04 22:47
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(2764)
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2010-11-04 22:55:03 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-11-04 21:55
ComboFix2.txt 2010-11-04 17:48
Avant-CF: 31 173 607 424 octets libres
Après-CF: 31 159 123 968 octets libres
- - End Of File - - F13917CCA6C58DAAF5FA17173EF6B2B4
J'ai repassé combofix mais il s'est passé la même chose : au moment ou combofix veut redémarrer le pc, il se bloque. J'ai du l'éteindre et le rallumer manuellement. Ensuite, le processus s'est terminé, avec succès selon le rapport... mais mon antivirus me signale toujours le virus dans explorer.exe... J'ai vérifié sur virustotal et les deux fichiers explorer et winlogon sont toujours infectés.
Voici le rapport de combofix :
ComboFix 10-11-03.04 - Famille Miéville 04/11/2010 22:32:33.2.1 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.447.165 [GMT 1:00]
Lancé depuis: c:\documents and settings\Famille Miéville\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
Une copie infectée de c:\windows\system32\winlogon.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\winlogon.exe
Une copie infectée de c:\windows\explorer.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\system volume information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP1\A0000515.EXE
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-10-04 au 2010-11-04 ))))))))))))))))))))))))))))))))))))
.
2010-11-04 18:36 . 2010-11-04 18:36 -------- d-----w- c:\program files\SEAF
2010-11-04 10:24 . 2010-11-04 10:24 -------- d-----w- c:\program files\VirusTotalUploader2
2010-11-04 09:06 . 2010-11-04 09:06 -------- d-----w- c:\program files\ZHPDiag
2010-11-04 07:50 . 2010-11-04 07:50 -------- d-----w- c:\documents and settings\chloé\Application Data\Simply Super Software
2010-11-03 22:49 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-11-03 22:49 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-11-03 22:49 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-11-03 22:49 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-11-03 22:49 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-11-03 22:49 . 2010-11-03 22:49 -------- d-----w- c:\program files\Trojan Remover
2010-11-03 22:49 . 2010-11-03 22:49 -------- d-----w- c:\documents and settings\Famille Miéville\Application Data\Simply Super Software
2010-11-03 22:49 . 2010-11-03 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-11-03 21:18 . 2010-11-03 21:18 -------- d-----w- c:\documents and settings\Famille Miéville\Application Data\thecleaner
2010-11-03 21:16 . 2010-11-03 21:16 -------- d-----w- c:\program files\The Cleaner
2010-11-03 19:28 . 2010-11-03 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-11-03 13:39 . 2010-11-03 13:39 -------- d-----w- c:\program files\CCleaner
2010-10-24 15:49 . 2010-10-24 15:49 -------- d-----w- c:\documents and settings\Famille Miéville\Application Data\VirginMega.DownloadManager.v3.4AE6D9B37411D7D7A2C457954142B8FA4EE6E198.1
2010-10-24 15:48 . 2010-10-24 15:48 -------- d-----w- c:\program files\VirginMega DownloadManager v3
2010-10-24 15:48 . 2010-10-24 15:48 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR
2010-10-13 11:12 . 2010-08-23 17:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-13 10:43 . 2010-09-18 07:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 10:43 . 2010-09-18 07:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-20 12:31 . 2010-09-20 12:31 443910 ----a-w- c:\windows\Enjoy 5e Uninstaller.exe
2010-09-18 11:23 . 2004-08-05 04:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 07:53 . 2004-08-05 04:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 07:53 . 2004-08-05 04:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 07:53 . 2004-08-05 04:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:34 . 2005-07-03 02:16 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:34 . 2004-08-05 04:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 14:34 . 2004-08-05 04:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 14:34 . 2004-08-05 04:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 16:57 . 2004-08-05 04:00 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 12:51 . 2004-08-05 04:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 08:55 . 2005-03-02 18:07 1852928 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 09:02 . 2004-08-05 04:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 06:58 . 2004-12-07 19:34 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 02:43 . 2008-05-05 06:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 14:39 . 2005-05-10 00:17 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 17:12 . 2004-08-05 04:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 14:17 . 2005-06-10 23:53 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 09:44 . 2004-08-05 04:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-11-04_17.41.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-04 21:24 . 2010-11-04 21:24 16384 c:\windows\temp\Perflib_Perfdata_588.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\Famille Miéville\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-20 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-07-30 202256]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-08-02 1167808]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk
backup=c:\windows\pss\DSLMON.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utility Tray.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Utility Tray.lnk
backup=c:\windows\pss\Utility Tray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WiFi Station.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\WiFi Station.lnk
backup=c:\windows\pss\WiFi Station.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Famille Miéville^Menu Démarrer^Programmes^Démarrage^HotSync Manager.lnk]
path=c:\documents and settings\Famille Miéville\Menu Démarrer\Programmes\Démarrage\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Famille Miéville^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\Famille Miéville\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Famille Miéville^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Famille Miéville\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-09-10 23:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
1999-04-27 01:00 18944 ----a-w- c:\program files\Creative\WebCam Control\CamTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:34 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
2005-11-16 16:00 397312 ----a-w- c:\acer\Empowering Technology\eRecovery\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-12-15 10:18 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-05 04:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2002-07-17 10:00 204863 ----a-w- c:\program files\Microsoft Money\System\mnyexpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-05 04:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
2005-05-11 17:15 45056 ----a-w- c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-05 04:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-05 04:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-09-01 14:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
2005-07-13 01:55 49152 ----a-w- c:\windows\system32\SiSPower.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-08-17 10:39 90112 ----a-w- c:\windows\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 04:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-07-30 10:13 202256 ----a-w- c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 15:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [31/07/2009 12:10 108289]
S3 CTL518;Video Blaster WebCam (WDM);c:\windows\system32\drivers\wcvid.sys [20/10/2000 14:00 178408]
S3 WN4501HLFZZ(Technology Corporation);802.11g Wireless USB Adapter(Technology Corporation);c:\windows\system32\DRIVERS\O4501U.sys --> c:\windows\system32\DRIVERS\O4501U.sys [?]
.
Contenu du dossier 'Tâches planifiées'
2009-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]
2010-10-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3128837567-1174875597-2259545778-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]
2010-11-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3128837567-1174875597-2259545778-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.msn.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.tiscali.fr/
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
FF - ProfilePath - c:\documents and settings\Famille Miéville\Application Data\Mozilla\Firefox\Profiles\sgvx75m4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.fr/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
.
------- Associations de fichier -------
.
.reg=Regedit.Document
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-04 22:47
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(2764)
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2010-11-04 22:55:03 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-11-04 21:55
ComboFix2.txt 2010-11-04 17:48
Avant-CF: 31 173 607 424 octets libres
Après-CF: 31 159 123 968 octets libres
- - End Of File - - F13917CCA6C58DAAF5FA17173EF6B2B4
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
5 nov. 2010 à 09:31
5 nov. 2010 à 09:31
ok cette fois les deux fichiers ont été nettoyés
antivir trouve encore les infections?
analyse de nouveau les deux fichiers sur virus total et colle les rapports
c:\windows\system32\winlogon.exe
c:\windows\explorer.exe
antivir trouve encore les infections?
analyse de nouveau les deux fichiers sur virus total et colle les rapports
c:\windows\system32\winlogon.exe
c:\windows\explorer.exe
Ben oui :( Voilà les deux rapports :
Pour explorer.exe :
AhnLab-V3 2010.11.04.03 2010.11.04 -
AntiVir 7.10.13.138 2010.11.04 TR/Spy.1037824.12
Antiy-AVL 2.0.3.7 2010.11.04 -
Authentium 5.2.0.5 2010.11.04 -
Avast 4.8.1351.0 2010.11.04 -
Avast5 5.0.594.0 2010.11.04 -
AVG 9.0.0.851 2010.11.04 -
BitDefender 7.2 2010.11.04 Gen:Trojan.Heur.TP.@q0@b8d1HMh
CAT-QuickHeal 11.00 2010.11.04 -
ClamAV 0.96.2.0-git 2010.11.04 -
Comodo 6615 2010.11.04 TrojWare.Win32.Patched.kl
DrWeb 5.0.2.03300 2010.11.04 -
Emsisoft 5.0.0.50 2010.11.04 Virus.Win32.Bamital!IK
eSafe 7.0.17.0 2010.11.03 -
eTrust-Vet 36.1.7955 2010.11.04 -
F-Prot 4.6.2.117 2010.11.03 -
F-Secure 9.0.16160.0 2010.11.04 Gen:Trojan.Heur.TP.@q0@b8d1HMh
Fortinet 4.2.249.0 2010.11.04 W32/Pached.KL!tr
GData 21 2010.11.04 Gen:Trojan.Heur.TP.@q0@b8d1HMh
Ikarus T3.1.1.90.0 2010.11.04 Virus.Win32.Bamital
Jiangmin 13.0.900 2010.11.04 -
K7AntiVirus 9.67.2903 2010.11.03 -
Kaspersky 7.0.0.125 2010.11.04 -
McAfee 5.400.0.1158 2010.11.04 Artemis!E3702D74DC5D
McAfee-GW-Edition 2010.1C 2010.11.04 Artemis!E3702D74DC5D
Microsoft 1.6301 2010.11.04 -
NOD32 5591 2010.11.04 Win32/Bamital.EQ
Norman 6.06.10 2010.11.04 -
nProtect 2010-11-04.02 2010.11.04 -
Panda 10.0.2.7 2010.11.04 Suspicious file
PCTools 7.0.3.5 2010.11.04 -
Prevx 3.0 2010.11.05 -
Rising 22.72.02.04 2010.11.04 Trojan.Win32.Generic.52425727
Sophos 4.59.0 2010.11.04 Troj/Patched-O
Sunbelt 7214 2010.11.04 -
SUPERAntiSpyware 4.40.0.1006 2010.11.04 -
Symantec 20101.2.0.161 2010.11.04 Suspicious.Mystic
TheHacker 6.7.0.1.076 2010.11.04 -
TrendMicro 9.120.0.1004 2010.11.04 -
TrendMicro-HouseCall 9.120.0.1004 2010.11.04 -
VBA32 3.12.14.1 2010.11.03 -
ViRobot 2010.10.4.4074 2010.11.04 -
VirusBuster 12.71.4.0 2010.11.03 -
MD5: e3702d74dc5d8f61095fa8a7f8db47a1
SHA1: 866f7221d56455e5b5efdf7817a1c18de9b12dde
SHA256: 7ecd7648a3cde65dbd1207f7fd94eef5cca7a31a631fe25e89b84d73be664a7f
File size: 1037824 bytes
Scan date: 2010-11-05 08:43:22 (UTC)
Et pour winlogon.exe :
AhnLab-V3 2010.11.04.03 2010.11.04 -
AntiVir 7.10.13.138 2010.11.04 -
Antiy-AVL 2.0.3.7 2010.11.04 Trojan/Win32.Small.gen
Authentium 5.2.0.5 2010.11.04 -
Avast 4.8.1351.0 2010.11.04 -
Avast5 5.0.594.0 2010.11.04 -
AVG 9.0.0.851 2010.11.04 -
BitDefender 7.2 2010.11.04 Gen:Trojan.Heur.TP.Fm0@baJHH0l
CAT-QuickHeal 11.00 2010.11.04 -
ClamAV 0.96.2.0-git 2010.11.04 -
Comodo 6615 2010.11.04 TrojWare.Win32.Patched.kl
DrWeb 5.0.2.03300 2010.11.04 -
Emsisoft 5.0.0.50 2010.11.04 -
eSafe 7.0.17.0 2010.11.03 -
eTrust-Vet 36.1.7955 2010.11.04 -
F-Prot 4.6.2.117 2010.11.03 -
F-Secure 9.0.16160.0 2010.11.04 Gen:Trojan.Heur.TP.Fm0@baJHH0l
Fortinet 4.2.249.0 2010.11.04 W32/Pached.KL!tr
GData 21 2010.11.04 Gen:Trojan.Heur.TP.Fm0@baJHH0l
Ikarus T3.1.1.90.0 2010.11.04 -
Jiangmin 13.0.900 2010.11.04 -
K7AntiVirus 9.67.2903 2010.11.03 -
Kaspersky 7.0.0.125 2010.11.04 -
McAfee 5.400.0.1158 2010.11.04 Artemis!4222B3C490BA
McAfee-GW-Edition 2010.1C 2010.11.04 Artemis!4222B3C490BA
Microsoft 1.6301 2010.11.04 -
NOD32 5591 2010.11.04 Win32/Bamital.EQ
nProtect 2010-11-04.02 2010.11.04 Trojan-Downloader/W32.Small.512000.B
Panda 10.0.2.7 2010.11.04 Suspicious file
PCTools 7.0.3.5 2010.11.04 -
Prevx 3.0 2010.11.05 Medium Risk Malware
Rising 22.72.02.04 2010.11.04 Trojan.Win32.Generic.5241FCE0
Sophos 4.59.0 2010.11.04 Troj/Patched-O
Sunbelt 7214 2010.11.04 -
SUPERAntiSpyware 4.40.0.1006 2010.11.04 -
Symantec 20101.2.0.161 2010.11.04 -
TheHacker 6.7.0.1.076 2010.11.04 -
TrendMicro 9.120.0.1004 2010.11.04 -
TrendMicro-HouseCall 9.120.0.1004 2010.11.04 -
ViRobot 2010.10.4.4074 2010.11.04 -
VirusBuster 12.71.4.0 2010.11.03 -
MD5: 4222b3c490ba0571d6525688b93c5028
SHA1: fa574a02140957db1ccb2a8bee8999d5c83a8e8b
SHA256: 448815880e20a9ca84892442d2755cd7eeb22da0f288e115d8b05c532c9fc688
File size: 512000 bytes
Scan date: 2010-11-05 08:46:05 (UTC)
Pour explorer.exe :
AhnLab-V3 2010.11.04.03 2010.11.04 -
AntiVir 7.10.13.138 2010.11.04 TR/Spy.1037824.12
Antiy-AVL 2.0.3.7 2010.11.04 -
Authentium 5.2.0.5 2010.11.04 -
Avast 4.8.1351.0 2010.11.04 -
Avast5 5.0.594.0 2010.11.04 -
AVG 9.0.0.851 2010.11.04 -
BitDefender 7.2 2010.11.04 Gen:Trojan.Heur.TP.@q0@b8d1HMh
CAT-QuickHeal 11.00 2010.11.04 -
ClamAV 0.96.2.0-git 2010.11.04 -
Comodo 6615 2010.11.04 TrojWare.Win32.Patched.kl
DrWeb 5.0.2.03300 2010.11.04 -
Emsisoft 5.0.0.50 2010.11.04 Virus.Win32.Bamital!IK
eSafe 7.0.17.0 2010.11.03 -
eTrust-Vet 36.1.7955 2010.11.04 -
F-Prot 4.6.2.117 2010.11.03 -
F-Secure 9.0.16160.0 2010.11.04 Gen:Trojan.Heur.TP.@q0@b8d1HMh
Fortinet 4.2.249.0 2010.11.04 W32/Pached.KL!tr
GData 21 2010.11.04 Gen:Trojan.Heur.TP.@q0@b8d1HMh
Ikarus T3.1.1.90.0 2010.11.04 Virus.Win32.Bamital
Jiangmin 13.0.900 2010.11.04 -
K7AntiVirus 9.67.2903 2010.11.03 -
Kaspersky 7.0.0.125 2010.11.04 -
McAfee 5.400.0.1158 2010.11.04 Artemis!E3702D74DC5D
McAfee-GW-Edition 2010.1C 2010.11.04 Artemis!E3702D74DC5D
Microsoft 1.6301 2010.11.04 -
NOD32 5591 2010.11.04 Win32/Bamital.EQ
Norman 6.06.10 2010.11.04 -
nProtect 2010-11-04.02 2010.11.04 -
Panda 10.0.2.7 2010.11.04 Suspicious file
PCTools 7.0.3.5 2010.11.04 -
Prevx 3.0 2010.11.05 -
Rising 22.72.02.04 2010.11.04 Trojan.Win32.Generic.52425727
Sophos 4.59.0 2010.11.04 Troj/Patched-O
Sunbelt 7214 2010.11.04 -
SUPERAntiSpyware 4.40.0.1006 2010.11.04 -
Symantec 20101.2.0.161 2010.11.04 Suspicious.Mystic
TheHacker 6.7.0.1.076 2010.11.04 -
TrendMicro 9.120.0.1004 2010.11.04 -
TrendMicro-HouseCall 9.120.0.1004 2010.11.04 -
VBA32 3.12.14.1 2010.11.03 -
ViRobot 2010.10.4.4074 2010.11.04 -
VirusBuster 12.71.4.0 2010.11.03 -
MD5: e3702d74dc5d8f61095fa8a7f8db47a1
SHA1: 866f7221d56455e5b5efdf7817a1c18de9b12dde
SHA256: 7ecd7648a3cde65dbd1207f7fd94eef5cca7a31a631fe25e89b84d73be664a7f
File size: 1037824 bytes
Scan date: 2010-11-05 08:43:22 (UTC)
Et pour winlogon.exe :
AhnLab-V3 2010.11.04.03 2010.11.04 -
AntiVir 7.10.13.138 2010.11.04 -
Antiy-AVL 2.0.3.7 2010.11.04 Trojan/Win32.Small.gen
Authentium 5.2.0.5 2010.11.04 -
Avast 4.8.1351.0 2010.11.04 -
Avast5 5.0.594.0 2010.11.04 -
AVG 9.0.0.851 2010.11.04 -
BitDefender 7.2 2010.11.04 Gen:Trojan.Heur.TP.Fm0@baJHH0l
CAT-QuickHeal 11.00 2010.11.04 -
ClamAV 0.96.2.0-git 2010.11.04 -
Comodo 6615 2010.11.04 TrojWare.Win32.Patched.kl
DrWeb 5.0.2.03300 2010.11.04 -
Emsisoft 5.0.0.50 2010.11.04 -
eSafe 7.0.17.0 2010.11.03 -
eTrust-Vet 36.1.7955 2010.11.04 -
F-Prot 4.6.2.117 2010.11.03 -
F-Secure 9.0.16160.0 2010.11.04 Gen:Trojan.Heur.TP.Fm0@baJHH0l
Fortinet 4.2.249.0 2010.11.04 W32/Pached.KL!tr
GData 21 2010.11.04 Gen:Trojan.Heur.TP.Fm0@baJHH0l
Ikarus T3.1.1.90.0 2010.11.04 -
Jiangmin 13.0.900 2010.11.04 -
K7AntiVirus 9.67.2903 2010.11.03 -
Kaspersky 7.0.0.125 2010.11.04 -
McAfee 5.400.0.1158 2010.11.04 Artemis!4222B3C490BA
McAfee-GW-Edition 2010.1C 2010.11.04 Artemis!4222B3C490BA
Microsoft 1.6301 2010.11.04 -
NOD32 5591 2010.11.04 Win32/Bamital.EQ
nProtect 2010-11-04.02 2010.11.04 Trojan-Downloader/W32.Small.512000.B
Panda 10.0.2.7 2010.11.04 Suspicious file
PCTools 7.0.3.5 2010.11.04 -
Prevx 3.0 2010.11.05 Medium Risk Malware
Rising 22.72.02.04 2010.11.04 Trojan.Win32.Generic.5241FCE0
Sophos 4.59.0 2010.11.04 Troj/Patched-O
Sunbelt 7214 2010.11.04 -
SUPERAntiSpyware 4.40.0.1006 2010.11.04 -
Symantec 20101.2.0.161 2010.11.04 -
TheHacker 6.7.0.1.076 2010.11.04 -
TrendMicro 9.120.0.1004 2010.11.04 -
TrendMicro-HouseCall 9.120.0.1004 2010.11.04 -
ViRobot 2010.10.4.4074 2010.11.04 -
VirusBuster 12.71.4.0 2010.11.03 -
MD5: 4222b3c490ba0571d6525688b93c5028
SHA1: fa574a02140957db1ccb2a8bee8999d5c83a8e8b
SHA256: 448815880e20a9ca84892442d2755cd7eeb22da0f288e115d8b05c532c9fc688
File size: 512000 bytes
Scan date: 2010-11-05 08:46:05 (UTC)
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
Modifié par jlpjlp le 5/11/2010 à 11:45
Modifié par jlpjlp le 5/11/2010 à 11:45
aie cela persiste ...
bon il va falloir passer à OTLPE !
Grave ce CD : https://forum.malekal.com/viewtopic.php?t=23453&start=
Tu démarre sur le cd OTLPE.
puis :
copie et remplace
C:\WINDOWS\ServicePackFiles\i386\explorer.exe
vers c:\windows\explorer.exe
et
copie et remplace c:\windows\ServicePackFiles\i386\winlogon.exe vers C:\Windows\system32\winlogon.exe
Ensuite tu redémarres.
Tu scannes à nouveau c:\windows\explorer.exe et C:\Windows\system32\winlogon.exe sur https://www.virustotal.com/gui/ et tu donnes les liens ici.
bon il va falloir passer à OTLPE !
Grave ce CD : https://forum.malekal.com/viewtopic.php?t=23453&start=
Tu démarre sur le cd OTLPE.
puis :
copie et remplace
C:\WINDOWS\ServicePackFiles\i386\explorer.exe
vers c:\windows\explorer.exe
et
copie et remplace c:\windows\ServicePackFiles\i386\winlogon.exe vers C:\Windows\system32\winlogon.exe
Ensuite tu redémarres.
Tu scannes à nouveau c:\windows\explorer.exe et C:\Windows\system32\winlogon.exe sur https://www.virustotal.com/gui/ et tu donnes les liens ici.
Bon, j'ai l'impression qu'on tient le bon bout :)
Voilà le rapport pour explorer :
AhnLab-V3 2010.11.04.03 2010.11.04 -
AntiVir 7.10.13.138 2010.11.04 -
Antiy-AVL 2.0.3.7 2010.11.04 -
Authentium 5.2.0.5 2010.11.04 -
Avast 4.8.1351.0 2010.11.04 -
Avast5 5.0.594.0 2010.11.04 -
AVG 9.0.0.851 2010.11.04 -
BitDefender 7.2 2010.11.04 -
CAT-QuickHeal 11.00 2010.11.04 -
ClamAV 0.96.2.0-git 2010.11.04 -
Comodo 6615 2010.11.04 -
DrWeb 5.0.2.03300 2010.11.04 -
Emsisoft 5.0.0.50 2010.11.04 -
eSafe 7.0.17.0 2010.11.03 -
eTrust-Vet 36.1.7955 2010.11.04 -
F-Prot 4.6.2.117 2010.11.03 -
F-Secure 9.0.16160.0 2010.11.04 -
Fortinet 4.2.249.0 2010.11.04 -
GData 21 2010.11.04 -
Ikarus T3.1.1.90.0 2010.11.04 -
Jiangmin 13.0.900 2010.11.04 -
K7AntiVirus 9.67.2903 2010.11.03 -
Kaspersky 7.0.0.125 2010.11.04 -
McAfee 5.400.0.1158 2010.11.04 -
McAfee-GW-Edition 2010.1C 2010.11.04 -
Microsoft 1.6301 2010.11.04 -
NOD32 5591 2010.11.04 -
Norman 6.06.10 2010.11.04 -
nProtect 2010-11-04.02 2010.11.04 -
Panda 10.0.2.7 2010.11.04 -
PCTools 7.0.3.5 2010.11.04 -
Prevx 3.0 2010.11.05 -
Rising 22.72.02.04 2010.11.04 -
Sophos 4.59.0 2010.11.04 -
Sunbelt 7214 2010.11.04 -
SUPERAntiSpyware 4.40.0.1006 2010.11.04 -
Symantec 20101.2.0.161 2010.11.04 -
TheHacker 6.7.0.1.076 2010.11.04 -
TrendMicro 9.120.0.1004 2010.11.04 -
TrendMicro-HouseCall 9.120.0.1004 2010.11.04 -
VBA32 3.12.14.1 2010.11.03 -
ViRobot 2010.10.4.4074 2010.11.04 -
VirusBuster 12.71.4.0 2010.11.03 -
MD5: f2317622d29f9ff0f88aeecd5f60f0dd
SHA1: d54b0b83de6ee5922dd90db1446872bf32062b25
SHA256: 1ab74a4ae472156a5d2c6714e2e1a60e3b32ceb4996f923887a12b6a27315d13
File size: 1037824 bytes
Scan date: 2010-11-05 10:43:09 (UTC)
Et voilà le rapport pour winlogon :
AhnLab-V3 2010.11.04.03 2010.11.04 -
AntiVir 7.10.13.138 2010.11.04 -
Antiy-AVL 2.0.3.7 2010.11.04 -
Authentium 5.2.0.5 2010.11.04 -
Avast 4.8.1351.0 2010.11.04 -
Avast5 5.0.594.0 2010.11.04 -
AVG 9.0.0.851 2010.11.04 -
BitDefender 7.2 2010.11.04 -
CAT-QuickHeal 11.00 2010.11.04 -
ClamAV 0.96.2.0-git 2010.11.04 -
Comodo 6615 2010.11.04 -
DrWeb 5.0.2.03300 2010.11.04 -
Emsisoft 5.0.0.50 2010.11.04 -
eSafe 7.0.17.0 2010.11.03 -
eTrust-Vet 36.1.7955 2010.11.04 -
F-Prot 4.6.2.117 2010.11.03 -
F-Secure 9.0.16160.0 2010.11.04 -
Fortinet 4.2.249.0 2010.11.04 -
GData 21 2010.11.04 -
Ikarus T3.1.1.90.0 2010.11.04 -
Jiangmin 13.0.900 2010.11.04 -
K7AntiVirus 9.67.2903 2010.11.03 -
Kaspersky 7.0.0.125 2010.11.04 -
McAfee 5.400.0.1158 2010.11.04 -
McAfee-GW-Edition 2010.1C 2010.11.04 -
Microsoft 1.6301 2010.11.04 -
NOD32 5591 2010.11.04 -
Norman 6.06.10 2010.11.04 -
nProtect 2010-11-04.02 2010.11.04 Trojan-Downloader/W32.Small.512000.B
Panda 10.0.2.7 2010.11.04 -
PCTools 7.0.3.5 2010.11.04 -
Prevx 3.0 2010.11.05 -
Rising 22.72.02.04 2010.11.04 -
Sophos 4.59.0 2010.11.04 -
Sunbelt 7214 2010.11.04 -
SUPERAntiSpyware 4.40.0.1006 2010.11.04 -
Symantec 20101.2.0.161 2010.11.04 -
TheHacker 6.7.0.1.076 2010.11.04 -
TrendMicro 9.120.0.1004 2010.11.04 -
TrendMicro-HouseCall 9.120.0.1004 2010.11.04 -
VBA32 3.12.14.1 2010.11.03 -
ViRobot 2010.10.4.4074 2010.11.04 -
VirusBuster 12.71.4.0 2010.11.03 -
Additional informationShow all
MD5 : dd73d6b9f6b4cb630cf35b438b540174
SHA1 : 2904328b7e27f004042d4f83440c50659d64018b
SHA256: ecef5a07dbc72e99adcb82af4dab143f5a2bad3812ccbfa87ea5e82e29e133fa
Voilà le rapport pour explorer :
AhnLab-V3 2010.11.04.03 2010.11.04 -
AntiVir 7.10.13.138 2010.11.04 -
Antiy-AVL 2.0.3.7 2010.11.04 -
Authentium 5.2.0.5 2010.11.04 -
Avast 4.8.1351.0 2010.11.04 -
Avast5 5.0.594.0 2010.11.04 -
AVG 9.0.0.851 2010.11.04 -
BitDefender 7.2 2010.11.04 -
CAT-QuickHeal 11.00 2010.11.04 -
ClamAV 0.96.2.0-git 2010.11.04 -
Comodo 6615 2010.11.04 -
DrWeb 5.0.2.03300 2010.11.04 -
Emsisoft 5.0.0.50 2010.11.04 -
eSafe 7.0.17.0 2010.11.03 -
eTrust-Vet 36.1.7955 2010.11.04 -
F-Prot 4.6.2.117 2010.11.03 -
F-Secure 9.0.16160.0 2010.11.04 -
Fortinet 4.2.249.0 2010.11.04 -
GData 21 2010.11.04 -
Ikarus T3.1.1.90.0 2010.11.04 -
Jiangmin 13.0.900 2010.11.04 -
K7AntiVirus 9.67.2903 2010.11.03 -
Kaspersky 7.0.0.125 2010.11.04 -
McAfee 5.400.0.1158 2010.11.04 -
McAfee-GW-Edition 2010.1C 2010.11.04 -
Microsoft 1.6301 2010.11.04 -
NOD32 5591 2010.11.04 -
Norman 6.06.10 2010.11.04 -
nProtect 2010-11-04.02 2010.11.04 -
Panda 10.0.2.7 2010.11.04 -
PCTools 7.0.3.5 2010.11.04 -
Prevx 3.0 2010.11.05 -
Rising 22.72.02.04 2010.11.04 -
Sophos 4.59.0 2010.11.04 -
Sunbelt 7214 2010.11.04 -
SUPERAntiSpyware 4.40.0.1006 2010.11.04 -
Symantec 20101.2.0.161 2010.11.04 -
TheHacker 6.7.0.1.076 2010.11.04 -
TrendMicro 9.120.0.1004 2010.11.04 -
TrendMicro-HouseCall 9.120.0.1004 2010.11.04 -
VBA32 3.12.14.1 2010.11.03 -
ViRobot 2010.10.4.4074 2010.11.04 -
VirusBuster 12.71.4.0 2010.11.03 -
MD5: f2317622d29f9ff0f88aeecd5f60f0dd
SHA1: d54b0b83de6ee5922dd90db1446872bf32062b25
SHA256: 1ab74a4ae472156a5d2c6714e2e1a60e3b32ceb4996f923887a12b6a27315d13
File size: 1037824 bytes
Scan date: 2010-11-05 10:43:09 (UTC)
Et voilà le rapport pour winlogon :
AhnLab-V3 2010.11.04.03 2010.11.04 -
AntiVir 7.10.13.138 2010.11.04 -
Antiy-AVL 2.0.3.7 2010.11.04 -
Authentium 5.2.0.5 2010.11.04 -
Avast 4.8.1351.0 2010.11.04 -
Avast5 5.0.594.0 2010.11.04 -
AVG 9.0.0.851 2010.11.04 -
BitDefender 7.2 2010.11.04 -
CAT-QuickHeal 11.00 2010.11.04 -
ClamAV 0.96.2.0-git 2010.11.04 -
Comodo 6615 2010.11.04 -
DrWeb 5.0.2.03300 2010.11.04 -
Emsisoft 5.0.0.50 2010.11.04 -
eSafe 7.0.17.0 2010.11.03 -
eTrust-Vet 36.1.7955 2010.11.04 -
F-Prot 4.6.2.117 2010.11.03 -
F-Secure 9.0.16160.0 2010.11.04 -
Fortinet 4.2.249.0 2010.11.04 -
GData 21 2010.11.04 -
Ikarus T3.1.1.90.0 2010.11.04 -
Jiangmin 13.0.900 2010.11.04 -
K7AntiVirus 9.67.2903 2010.11.03 -
Kaspersky 7.0.0.125 2010.11.04 -
McAfee 5.400.0.1158 2010.11.04 -
McAfee-GW-Edition 2010.1C 2010.11.04 -
Microsoft 1.6301 2010.11.04 -
NOD32 5591 2010.11.04 -
Norman 6.06.10 2010.11.04 -
nProtect 2010-11-04.02 2010.11.04 Trojan-Downloader/W32.Small.512000.B
Panda 10.0.2.7 2010.11.04 -
PCTools 7.0.3.5 2010.11.04 -
Prevx 3.0 2010.11.05 -
Rising 22.72.02.04 2010.11.04 -
Sophos 4.59.0 2010.11.04 -
Sunbelt 7214 2010.11.04 -
SUPERAntiSpyware 4.40.0.1006 2010.11.04 -
Symantec 20101.2.0.161 2010.11.04 -
TheHacker 6.7.0.1.076 2010.11.04 -
TrendMicro 9.120.0.1004 2010.11.04 -
TrendMicro-HouseCall 9.120.0.1004 2010.11.04 -
VBA32 3.12.14.1 2010.11.03 -
ViRobot 2010.10.4.4074 2010.11.04 -
VirusBuster 12.71.4.0 2010.11.03 -
Additional informationShow all
MD5 : dd73d6b9f6b4cb630cf35b438b540174
SHA1 : 2904328b7e27f004042d4f83440c50659d64018b
SHA256: ecef5a07dbc72e99adcb82af4dab143f5a2bad3812ccbfa87ea5e82e29e133fa