TrojanC virtumonde.sdn

Elle vien peut-etre de la partition fat32 de 8Go!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:25:26, on 10/11/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Wireless Select Switch\WLSS.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe
C:\Program Files\Compal\Smart Battery\SMBTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [WLSS] C:\Program Files\Wireless Select Switch\WLSS.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [Wow Video&Audio] C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe
O4 - HKLM\..\Run: [SMBTray] C:\Program Files\Compal\Smart Battery\SMBTray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

il me donne vituemonde.sdn trojanC et me demande de corriger les problemes. Depuis le formatage je n'ais pas corrigé de probleme.

-- Search result list ---
Le conseil du jour: Cliquez sur la barre située à droite pour voir plus d'informations! ()


Virtumonde.sdn: [SBI $DA1AFDD3] Bibliothèque (Fichier, nothing done)
C:\WINDOWS\system32\psqlpwd.dll

DoubleClick: Cookie traceur (Internet Explorer: geoffrey) (Cookie, nothing done)


MediaPlex: Cookie traceur (Internet Explorer: geoffrey) (Cookie, nothing done)


MediaPlex: Cookie traceur (Internet Explorer: geoffrey) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-09-16 TeaTimer.exe (1.6.3.25)
2008-11-10 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-10-22 advcheck.dll (1.6.2.13)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2008-11-04 Includes\Adware.sbi (*)
2008-11-05 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-09-02 Includes\Dialer.sbi (*)
2008-09-09 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-09-02 Includes\Hijackers.sbi (*)
2008-10-28 Includes\HijackersC.sbi (*)
2008-09-09 Includes\Keyloggers.sbi (*)
2008-11-04 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-11-04 Includes\Malware.sbi (*)
2008-11-04 Includes\MalwareC.sbi (*)
2008-11-03 Includes\PUPS.sbi (*)
2008-11-04 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-10-23 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-11-04 Includes\Spyware.sbi (*)
2008-11-04 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-11-04 Includes\Trojans.sbi (*)
2008-11-04 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 1 (5.1.2600)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)


--- Startup entries list ---
Located: HK_LM:Run, Alcmtr
command: ALCMTR.EXE
file: C:\WINDOWS\ALCMTR.EXE
size: 69632
MD5: 8B4CBBA1EA526830C7F97E7822E2493A

Located: HK_LM:Run, avgnt
command: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
file: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
size: 266497
MD5: 6E812818306D460D62B4ABEA9FDC6679

Located: HK_LM:Run, IntelWireless
command: "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
file: C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
size: 974848
MD5: 287C76D06B7FBAD32FA064B007F17AC1

Located: HK_LM:Run, IntelZeroConfig
command: "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
file: C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
size: 823296
MD5: 8EB1CB906CA03ECCFBBE0217113C154A

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
file: C:\WINDOWS\System32\NvCpl.dll
size: 8462336
MD5: 58EC5D6C2CF673CDD8095851D72C1E91

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
file: C:\WINDOWS\System32\NVMCTRAY.DLL
size: 81920
MD5: A4C7B740878E32E46C21928320DD3723

Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 1626112
MD5: 7FABC0C107761DC69760C2109850D62F

Located: HK_LM:Run, PSQLLauncher
command: "C:\Program Files\Protector Suite QL\launcher.exe" /startup
file: C:\Program Files\Protector Suite QL\launcher.exe
size: 49168
MD5: 6163A347F988E9C94C94ACB9818485DD

Located: HK_LM:Run, RTHDCPL
command: RTHDCPL.EXE
file: C:\WINDOWS\RTHDCPL.EXE
size: 16342528
MD5: E6721391BD329F53B2854386DC4CA577

Located: HK_LM:Run, SMBTray
command: C:\Program Files\Compal\Smart Battery\SMBTray.exe
file: C:\Program Files\Compal\Smart Battery\SMBTray.exe
size: 521776
MD5: 32C973E68E3DF5831638337503738E62

Located: HK_LM:Run, SMSERIAL
command: C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
file: C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
size: 630784
MD5: 3D575898E4C727C794A24C4196FC0BE4

Located: HK_LM:Run, WLSS
command: C:\Program Files\Wireless Select Switch\WLSS.exe
file: C:\Program Files\Wireless Select Switch\WLSS.exe
size: 189736
MD5: B46AD6DA002004FBD5BBBB07D914086E

Located: HK_LM:Run, Wow Video&Audio
command: C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe
file: C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe
size: 951856
MD5: FCC1AA5E59F0373E9BA214437D583127

Located: HK_LM:Run, ZoneAlarm Client
command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 919016
MD5: 8800130156B0642B15ECB75E7CC7E6F1

Located: HK_LM:RunOnce, Spybot - Search & Destroy
command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4891472
MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855

Located: HK_CU:Run, CTFMON.EXE
where: .DEFAULT...
command: C:\WINDOWS\System32\CTFMON.EXE
file: C:\WINDOWS\System32\CTFMON.EXE
size: 13312
MD5: 2C856908EE61424238772508E9FBCBC8

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-19...
command: C:\WINDOWS\System32\CTFMON.EXE
file: C:\WINDOWS\System32\CTFMON.EXE
size: 13312
MD5: 2C856908EE61424238772508E9FBCBC8

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-20...
command: C:\WINDOWS\System32\CTFMON.EXE
file: C:\WINDOWS\System32\CTFMON.EXE
size: 13312
MD5: 2C856908EE61424238772508E9FBCBC8

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1409082233-842925246-725345543-1003...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1833296
MD5: 63B3FF83B87AFCEBA89CED54695DA0F6

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-18...
command: C:\WINDOWS\System32\CTFMON.EXE
file: C:\WINDOWS\System32\CTFMON.EXE
size: 13312
MD5: 2C856908EE61424238772508E9FBCBC8

Located: Démarrage (tous utilisateurs), BTTray.lnk
where: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage...
command: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
file: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
size: 561213
MD5: 9E5677225FB50E40650E7AE1F3A7883B

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, psfus
command: C:\WINDOWS\System32\psqlpwd.dll
file: C:\WINDOWS\System32\psqlpwd.dll
size: 90112
MD5: C9F5FE2EC1972532E61BE06C3C5F09AB

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---


--- ActiveX list ---
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\dajava.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla

Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla



--- Process list ---
PID: 0 ( 0) [System]
PID: 876 ( 4) \SystemRoot\System32\smss.exe
size: 45568
PID: 956 ( 876) \??\C:\WINDOWS\system32\csrss.exe
size: 4096
PID: 988 ( 876) \??\C:\WINDOWS\system32\winlogon.exe
size: 520704
PID: 1032 ( 988) C:\WINDOWS\system32\services.exe
size: 101888
MD5: FC0691097471EE374907E1024EDCBD43
PID: 1044 ( 988) C:\WINDOWS\system32\lsass.exe
size: 11776
MD5: B7B1C150AFF59455DB4DF082815F88F5
PID: 1232 (1032) C:\WINDOWS\system32\svchost.exe
size: 12800
MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
PID: 1380 (1032) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
PID: 1408 (1032) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
size: 266295
MD5: BF0F5AEA72F73D5017B179C03D32B8F3
PID: 1460 (1032) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
size: 987136
MD5: EC2DF69EC26EE3D7E4C4D100256EB523
PID: 1668 (1032) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
PID: 1700 (1032) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
PID: 1808 (1032) C:\WINDOWS\system32\ZoneLabs\vsmon.exe
size: 75304
MD5: 4ABE946715D5E17C013D70FABB9E9780
PID: 504 ( 468) C:\WINDOWS\Explorer.EXE
size: 1008128
MD5: 82FE0D400CB1AC937234467B927B867A
PID: 736 (1032) C:\WINDOWS\system32\spoolsv.exe
size: 51200
MD5: B1CE5287F096895D9BE26EB86F4D5FAF
PID: 780 (1032) C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
size: 68865
MD5: D6C8942BEA3698A2E7559BD423BFA5D7
PID: 1740 (1032) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
size: 151297
MD5: 335A142923FE7F97E8C8388ACD067568
PID: 1764 (1032) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
size: 647168
MD5: F98BBFDC4BACCC8ECB8839A11B4DF1AF
PID: 1820 (1032) C:\WINDOWS\System32\nvsvc32.exe
size: 155716
MD5: A09FEA175902A6B2FEFA4438F37DBA7D
PID: 180 (1032) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
size: 327680
MD5: 796D6727F09AC61536EFB90DF68F5132
PID: 2176 ( 504) C:\WINDOWS\System32\RUNDLL32.EXE
size: 32256
MD5: AC0F912EA7571E9C1AD7B64C83F72BD9
PID: 2228 ( 504) C:\WINDOWS\RTHDCPL.EXE
size: 16342528
MD5: E6721391BD329F53B2854386DC4CA577
PID: 2248 ( 504) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
size: 630784
MD5: 3D575898E4C727C794A24C4196FC0BE4
PID: 2332 ( 504) C:\Program Files\Wireless Select Switch\WLSS.exe
size: 189736
MD5: B46AD6DA002004FBD5BBBB07D914086E
PID: 2340 ( 504) C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
size: 823296
MD5: 8EB1CB906CA03ECCFBBE0217113C154A
PID: 2344 ( 504) C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
size: 974848
MD5: 287C76D06B7FBAD32FA064B007F17AC1
PID: 2364 ( 504) C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe
size: 951856
MD5: FCC1AA5E59F0373E9BA214437D583127
PID: 2376 ( 504) C:\Program Files\Compal\Smart Battery\SMBTray.exe
size: 521776
MD5: 32C973E68E3DF5831638337503738E62
PID: 2272 ( 504) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 919016
MD5: 8800130156B0642B15ECB75E7CC7E6F1
PID: 2148 ( 504) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
size: 266497
MD5: 6E812818306D460D62B4ABEA9FDC6679
PID: 2188 ( 504) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1833296
MD5: 63B3FF83B87AFCEBA89CED54695DA0F6
PID: 2584 ( 504) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
size: 561213
MD5: 9E5677225FB50E40650E7AE1F3A7883B
PID: 2284 (2352) C:\Program Files\Protector Suite QL\psqltray.exe
size: 53776
MD5: 90FFD1796BB4DD45825FE7A9E9FFF0F7
PID: 3624 ( 504) C:\Program Files\Internet Explorer\iexplore.exe
size: 91136
MD5: 9DB9CEF1BF78C4ECC8366C1DC959AC89
PID: 2000 (1380) C:\WINDOWS\System32\wuauclt.exe
size: 142848
MD5: 9882731639C71C93BF88E445ADD89ABA
PID: 3468 ( 504) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4891472
MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855
PID: 1096 ( 504) C:\Program Files\Internet Explorer\iexplore.exe
size: 91136
MD5: 9DB9CEF1BF78C4ECC8366C1DC959AC89
PID: 3856 (1232) C:\WINDOWS\System32\wbem\wmiprvse.exe
size: 203776
MD5: F0B1A3EB7B6C7758296B09CA6538E2B3
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 10/11/2008 20:34:00

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
https://www.google.com/?gws_rd=ssl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---


--- Uninstall list ---
(AddressBook)

Avira AntiVir Personal - Free Antivirus (AntiVir PersonalEdition Classic)
uninstall cmd: C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
publisher: Avira GmbH
help link: http://www.avira.com/classic-support

(Branding)

(Connection Manager)

(DirectAnimation)

(DirectDrawEx)

(Fontcore)

HijackThis 2.0.2 2.0.2 (HijackThis)
uninstall cmd: "C:\HijackThis\HijackThis.exe" /uninstall
publisher: TrendMicro

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(InstallShield Uninstall Information)

Wireless Select Switch 2.0.0.1 (InstallShield_{065A7AFE-195D-4DFB-A4B2-A83842C0F79F})
version: 33554432
version (major): 2
estimated size: 216
install date: 20081110
install location: C:\Program Files\Wireless Select Switch\
install source: C:\WINDOWS\Downloaded Installations\{5025C20A-826B-4F90-9F99-A15098A24E75}\
uninstall cmd: C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{065A7AFE-195D-4DFB-A4B2-A83842C0F79F}

Smart Battery 1.0.0.10 (InstallShield_{449A16C4-83B3-426C-AA4A-00A34E80C093})
version: 16777216
version (major): 1
estimated size: 5397
install date: 20081110
install location: C:\DOCUME~1\geoffrey\LOCALS~1\Temp\SMB_Vista32\
install source: C:\WINDOWS\Downloaded Installations\{8360D9A3-FB69-4A68-A0BC-259DB1DAE716}\
uninstall cmd: C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{449A16C4-83B3-426C-AA4A-00A34E80C093}
publisher: Compal Electronics, Inc.
comments: N/A
contact: N/A
help link: www.compal.com
help telephone: N/A
readme: N/A

Wow Video&Audio utility 1.0.0.5 (InstallShield_{F408DA6B-DA75-4D95-B87D-49AFF0B4EBB0})
version: 16777216
version (major): 1
estimated size: 8713
install date: 20081110
install location: C:\Program Files\Compal\Wow Video&Audio\
install source: C:\WINDOWS\Downloaded Installations\{D62A97F3-340E-4580-9A32-805CAF0EA1D2}\
uninstall cmd: C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{F408DA6B-DA75-4D95-B87D-49AFF0B4EBB0}
publisher: Compal Electronics, Inc.

(InstallShield_{FEF06E73-A519-4510-8CF3-B66041B91D8A})

(KB884016)

High Definition Audio Driver Package - KB888111 20040219.000000 (KB888111WXP)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB888111WXP$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us

(KB893803)

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/893803/windows-installer-3-1-v2-3-1-4000-2435-is-available

(Microsoft NetShow Player 2.0)

(MobileOptionPack)

(MPlayer2)

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

(MsJavaVM)

(NetMeeting)

NVIDIA Drivers (NVIDIA Drivers)
uninstall cmd: C:\WINDOWS\System32\nvudisp.exe UninstallGUI

(OutlookExpress)

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Logiciel Intel(R) PROSet/Wireless 11.1.1.0 (ProInst)
install location: C:\WINDOWS\Installer\iProInst.exe
uninstall cmd: C:\WINDOWS\Installer\iProInst.exe
publisher: Intel Corporation
comments: Progiciel d'installation Intel(R) PROSet/Wireless
contact: Assistance à la clientèle Intel
help link: https://www.intel.com/content/www/us/en/support.html

(SchedulingAgent)

Motorola SM56 Data Fax Modem (SMSERIAL)
uninstall cmd: rundll32.exe sm56co6a.dll,SM56UnInstaller

(Wdf01000)

(Wdf01001)

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Wdf01005)
install date: 20081110
uninstall cmd: "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
publisher: Microsoft Corporation

ZoneAlarm 7.0.483.000 (ZoneAlarm)
uninstall cmd: C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
publisher: Check Point, Inc
help link: C:\Program Files\Zone Labs\ZoneAlarm\Aide\zaclients.chm

Wireless Select Switch 2.0.0.1 ({065A7AFE-195D-4DFB-A4B2-A83842C0F79F})
version: 33554432
version (major): 2
estimated size: 216
install date: 20081110
install location: C:\Program Files\Wireless Select Switch\
install source: C:\WINDOWS\Downloaded Installations\{5025C20A-826B-4F90-9F99-A15098A24E75}\

mLogView 9.22.0000 ({0E2B0B41-7E08-4F9F-B21F-41C4133F43B7})
version: 152436736
version (major): 9
version (minor): 22
estimated size: 812
install date: 20081110
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: https://www.intel.com/content/www/us/en/support.html
help telephone: +1 (800) 538-3373

mProSafe 9.00.0000 ({23FB368F-1399-4EAC-817C-4B83ECBE3D83})
version: 150994944
version (major): 9
estimated size: 464
install date: 20081110
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
publisher: Intel
comments: Pseudo NCS Install
contact: Customer Support Department
help link: https://www.intel.fr/content/www/fr/fr/homepage.html
help telephone: 1-555-555-4505

WebFldrs XP 9.50.6513 ({350C940c-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154278257
version (major): 9
version (minor): 50
estimated size: 2652
install date: 20081110
install source: C:\WINDOWS\System32\
publisher: Microsoft Corporation
help link: https://www.microsoft.com/en-us/windows/

USB Video Device 5.8.9.000 ({399C37FB-08AF-493B-BFED-20FBD85EDF7F})
version: 84410377
install date: 20081110
install location: C:\Program Files\Sonix\USB Video Device
install source: D:\driverx\Camera\setup.exe
uninstall cmd: C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x0009 -removeonly
publisher: Sonix

mIWA 9.22.0000 ({3E9D596A-61D4-4239-BD19-2DB984D2A16F})
version: 152436736
version (major): 9
version (minor): 22
estimated size: 1741
install date: 20081110
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: https://www.intel.com/content/www/us/en/support.html
help telephone: +1 (800) 538-3373

Smart Battery 1.0.0.10 ({449A16C4-83B3-426C-AA4A-00A34E80C093})
version: 16777216
version (major): 1
estimated size: 5397
install date: 20081110
install location: C:\DOCUME~1\geoffrey\LOCALS~1\Temp\SMB_Vista32\
install source: C:\WINDOWS\Downloaded Installations\{8360D9A3-FB69-4A68-A0BC-259DB1DAE716}\
publisher: Compal Electronics, Inc.
comments: N/A
contact: N/A
help link: www.compal.com
help telephone: N/A
readme: N/A

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 3.51.01 ({59F6A514-9813-47A3-948C-8A155460CC2A})
version: 53673985
install location: C:\DOCUME~1\geoffrey\LOCALS~1\Temp\{2EEEA02E-8ACF-4774-8816-92DE8AD37BA4}\{59F6A514-9813-47A3-948C-8A155460CC2A}\
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x40c anything

mSCfg 9.22.0000 ({829CD169-E692-48E8-9BDE-A3E8D8B65538})
version: 152436736
version (major): 9
version (minor): 22
estimated size: 530
install date: 20081110
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: https://www.intel.com/content/www/us/en/support.html
help telephone: +1 (800) 538-3373

WIDCOMM Bluetooth Software 5.1.0.2800 ({84814E6B-2581-46EC-926A-823BD1C670F6})
version: 83951616
version (major): 5
version (minor): 1
estimated size: 17470
install date: 20081110
install source: D:\driverx\Bluetooth\Win32\
uninstall cmd: MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
publisher: WIDCOMM, Inc.
help link:
help telephone:

mPfMgr 9.22.0000 ({8B928BA1-EDEC-4227-A2DA-DD83026C36F5})
version: 152436736
version (major): 9
version (minor): 22
estimated size: 2008
install date: 20081110
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: https://www.intel.com/content/www/us/en/support.html
help telephone: +1 (800) 538-3373

mHelp 9.22.0000 ({8C6BB412-D3A8-4AAE-A01B-35B681789D68})
version: 152436736
version (major): 9
version (minor): 22
estimated size: 304
install date: 20081110
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
publisher: Intel
comments: Help Files
contact: Customer Support Department
help link: https://www.intel.fr/content/www/fr/fr/homepage.html
help telephone: 1-555-555-4505

mPfWiz 9.22.0000 ({90B0D222-8C21-4B35-9262-53B042F18AF9})
version: 152436736
version (major): 9
version (minor): 22
estimated size: 1128
install date: 20081110
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: https://www.intel.com/content/www/us/en/support.html
help telephone: +1 (800) 538-3373

mZConfig 9.22.0000 ({94658027-9F16-4509-BBD7-A59FE57C3023})
version: 152436736
version (major): 9
version (minor): 22
estimated size: 842
install date: 20081110
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: https://www.intel.com/content/www/us/en/support.html
help telephone: +1 (800) 538-3373

mDriver 9.22.0000 ({A0F925BF-5C55-44C2-A4E7-5A4C59791C29})
version: 152436736
version (major): 9
version (minor): 22
estimated size: 17112
install date: 20081110
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
publisher: Intel
comments: Intel Wireless Adapter driver installation
contact: Customer Support Department
help link: https://www.intel.fr/content/www/fr/fr/homepage.html
help telephone: 1-555-555-4505

Protector Suite QL 5.6 5.6.2.3447 ({A2289997-10A3-48F2-AA03-99180D761661})
version: 84279298
version (major): 5
version (minor): 6
estimated size: 50326
install date: 20081110
install source: C:\Documents and Settings\All Users\Application Data\UIB\{A2289997-10A3-48F2-AA03-99180D761661}\
uninstall cmd: MsiExec.exe /I{A2289997-10A3-48F2-AA03-99180D761661}
publisher: UPEK Inc.
help link: http://www.upek.com/

MSXML 6.0 Parser 6.00.3883.8 ({AEB9948B-4FF2-47C9-990E-47014492A0FE})
version: 100667179
version (major): 6
estimated size: 1340
install date: 20081110
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=52156

Spybot - Search & Destroy 1.6.0 ({B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1)
install date: 20081110
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited
help link: https://www.safer-networking.org/?page=support

Broadcom Gigabit Integrated Controller 10.15.13 ({D3B3B9B2-FE73-44CB-8C0A-F737D92F991B})
version: 168755213
version (major): 10
version (minor): 15
estimated size: 500
install date: 20081110
install location: C:\Program Files\Broadcom\
install source: D:\driverx\LAN\DrvInst\IA32\
uninstall cmd: MsiExec.exe /X{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}
publisher: Broadcom Corporation
contact: Broadcom Support
help link: https://www.broadcom.com/

mCore 9.22.0000 ({E81667C6-2856-46D6-ABEA-6A2F42166779})
version: 152436736
version (major): 9
version (minor): 22
estimated size: 10756
install date: 20081110
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: https://www.intel.com/content/www/us/en/support.html
help telephone: +1 (800) 538-3373

mMHouse 9.22.0000 ({F0BFC7EF-9CF8-44EE-91B0-158884CD87C5})
version: 152436736
version (major): 9
version (minor): 22
estimated size: 2100
install date: 20081110
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: https://www.intel.com/content/www/us/en/support.html
help telephone: +1 (800) 538-3373

Realtek High Definition Audio Driver 5.10.0.5413 ({F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC})
version: 35651584
install date: 20081110
install location: C:\Program Files\Realtek\InstallShield\
install source: D:\driverx\Audio\
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
publisher: Realtek Semiconductor Corp.

Wow Video&Audio utility 1.0.0.5 ({F408DA6B-DA75-4D95-B87D-49AFF0B4EBB0})
version: 16777216
version (major): 1
estimated size: 8713
install date: 20081110
install location: C:\Program Files\Compal\Wow Video&Audio\
install source: C:\WINDOWS\Downloaded Installations\{D62A97F3-340E-4580-9A32-805CAF0EA1D2}\
publisher: Compal Electronics, Inc.

mDrWiFi 9.09.0000 ({F6090A17-0967-4A8A-B3C3-422A1B514D49})
version: 151584768
version (major): 9
version (minor): 9
estimated size: 780
install date: 20081110
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: https://www.intel.com/content/www/us/en/support.html
help telephone: +1 (800) 538-3373

mWlsSafe 9.00.0000 ({FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4})
version: 150994944
version (major): 9
estimated size: 464
install date: 20081110
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
publisher: Intel
comments: Pseudo NCS Install
contact: Customer Support Department
help link: https://www.intel.fr/content/www/fr/fr/homepage.html
help telephone: 1-555-555-4505

EMSC 0.0.0.8C ({FEF06E73-A519-4510-8CF3-B66041B91D8A})
estimated size: 5956
install date: 20081110
install location: C:\Documents and Settings\All Users\Application Data\
install source: C:\DOCUME~1\geoffrey\LOCALS~1\Temp\_isCA\
publisher: Compal Electronics, Inc.



--- System Services ---
Service (registry key): Abiosdsk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0

Service (registry key): abp480n5
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): ACPI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote ACPI Microsoft
Image path: System32\DRIVERS\ACPI.sys
Image size: 180224
Image MD5: FFDEF54A7A4519CF7117536D43DEEFAB
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): ACPIEC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote de contrôleur intégré Microsoft
Image path: System32\DRIVERS\ACPIEC.sys
Image size: 12032
Image MD5: E4ABC1212B70BB03D35E60681C447210
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): adpu160m
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): aec
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Suppresseur d'écho acoustique (Noyau Microsoft)
Image path: system32\drivers\aec.sys
Image size: 142208
Image MD5: FF773FEDA15E8BD97FD54FE87A0ACDBE
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): AegisP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AEGIS Protocol (IEEE 802.1x) v3.7.4.0
Description: AEGIS Protocol (IEEE 802.1x) v3.7.4.0
Image path: System32\DRIVERS\AegisP.sys
Image size: 21393
Image MD5: A1AD1A4A9F18D900CA9C93FA3EFDCB56
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1

Service (registry key): AFD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Environnement de prise en charge de réseau AFD
Image path: \SystemRoot\System32\drivers\afd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1

Service (registry key): Aha154x
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78u2
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Alerter
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Avertissement
Description: Informe les utilisateurs et les ordinateurs sélectionnés des alertes administratives. Si ce service est arrêté, les programmes qui utilisent les alertes administratives ne les recevront pas. Si ce service est désactivé, les services qui en dépendent ne pourront pas démarrer.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 12800
Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): ALG
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Service de la passerelle de la couche Application
Description: Fournit la prise en charge des plugins de protocoles tiers pour le partage de connexion Internet et le pare-feu Internet.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 41984
Image MD5: 292FBA8E83DB606519D45DD1FCBBD3B8
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): AliIde
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): amsint
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): AntiVirScheduler
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Avira AntiVir Personal - Free Antivirus Scheduler
Description: Service to schedule Avira AntiVir Personal - Free Antivirus jobs and updates.
Object name: LocalSystem
Image path: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
Image size: 68865
Image MD5: D6C8942BEA3698A2E7559BD423BFA5D7
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1

Service (registry key): AntiVirService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Avira AntiVir Personal - Free Antivirus Guard
Description: Offers permanent protection against viruses and malware with the AntiVir search engine.
Object name: LocalSystem
Image path: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
Image size: 151297
Image MD5: 335A142923FE7F97E8C8388ACD067568
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1

Service (registry key): AppMgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Gestion d'applications
Description: Fournit des services d'installation de logiciels tels que Attribuer, Publier et Supprimer.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): Arp1394
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Protocole client ARP 1394
Description: Protocole client ARP 1394
Image path: System32\DRIVERS\arp1394.sys
Image size: 57344
Image MD5: E47AE30589D7195BB044847FBB63A06E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): asc
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3350p
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3550
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): AsyncMac
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote de média asynchrone RAS
Description: Pilote de média asynchrone RAS
Image path: System32\DRIVERS\asyncmac.sys
Image size: 13568
Image MD5: 03F403B07A884FC2AA54A0916C410931
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): atapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Contrôleur de disque dur IDE/ESDI standard
Image path: System32\DRIVERS\atapi.sys
Image size: 86912
Image MD5: 95B858761A00E1D4F81F79A0DA019ACA
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): Atdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0

Service (registry key): Atmarpc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Protocole client ATM ARP
Description: Protocole client ATM ARP
Image path: System32\DRIVERS\atmarpc.sys
Image size: 57216
Image MD5: 8D735CA1CBDB0081B0E3B9FF0EB222D0
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): AudioSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Audio Windows
Description: Gère les périphériques audio pour les programmes basés sur Windows. Si ce service est arrêté, les périphériques et les effets audio ne fonctionneront pas correctement. Si ce service est désactivé, les services en dépendant explicitement ne démarreront pas.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): audstub
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote audio Stub
Image path: System32\DRIVERS\audstub.sys
Image size: 3072
Image MD5: D9F724AA26C010A217C97606B160ED68
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): avgntdd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avgntdd
Image path: SYSTEM32\DRIVERS\avgntdd.sys
Image size: 45376
Image MD5: 7CC15D8DE7838734833AF9A3C2A2AF44
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Depends On services: avgntmgr

Service (registry key): avgntmgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avgntmgr
Image path: SYSTEM32\DRIVERS\avgntmgr.sys
Image size: 22336
Image MD5: 0E529566454158CEC5A65DE16D9AAB10
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1

Service (registry key): avipbb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avipbb
Description: Avira's Driver for RootKit Detection
Image path: System32\DRIVERS\avipbb.sys
Image size: 75072
Image MD5: B46BEF440AB5C0935F4C777AC7CD2179
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): b57w2k
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Broadcom NetXtreme Gigabit Ethernet
Image path: System32\DRIVERS\b57xp32.sys
Image size: 160256
Image MD5: F96038AA1EC4013A93D2420FC689D1E9
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BattC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Beep
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): BITS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Service de transfert intelligent en arrière-plan
Description: Utilise la bande passante réseau inactive pour transférer des données.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,RpcSs

Service (registry key): Browser
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Explorateur d'ordinateur
Description: Tient à jour une liste des ordinateurs présents sur le réseau et fournit cette liste aux ordinateurs désignés comme navigateurs. Si ce service est arrêté, la liste ne sera pas mise ou tenue à jour. Si ce service est désactivé, les services qui en dépendent ne pourront pas démarrer.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer

Service (registry key): btaudio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Périphérique audio Bluetooth
Image path: system32\drivers\btaudio.sys
Image size: 329901
Image MD5: 0F249BE872F618AABA8D641E81AA3D21
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BTDriver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote de communications virtuelles Bluetooth
Image path: System32\DRIVERS\btport.sys
Image size: 30459
Image MD5: 07F0A66CFA550B13AD0674AE09E3CBA0
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): BTKRNL
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Enumérateur de bus Bluetooth
Image path: System32\DRIVERS\btkrnl.sys
Image size: 863402
Image MD5: ADE37AB15C958F5DB2F85431CCA8763A
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): btwdins
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth Service
Description: Gère l'installation et la suppression des périphériques Bluetooth.
Object name: LocalSystem
Image path: C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
Image size: 266295
Image MD5: BF0F5AEA72F73D5017B179C03D32B8F3
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1

Service (registry key): BTWDNDIS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Serveur d'accès au réseau local Bluetooth
Image path: System32\DRIVERS\btwdndis.sys
Image size: 149123
Image MD5: B1D350F3F13CF340FCE93912D2BA1EBF
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): btwhid
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DRIVERS\btwhid.sys
Image size: 47907
Image MD5: 6BEB0ADAA3D2B80E6515EEC5D03B7540
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): cbidf2k
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): cd20xrnt
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Cdaudio
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): Cdfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"

Service (registry key): Cdrom
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote de CD-ROM
Image path: System32\DRIVERS\cdrom.sys
Image size: 47488
Image MD5: 6506E033AD04CFEC9EE56DBEFD1083DD
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"

Service (registry key): Changer
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): CiSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Service d'indexation
Description: Construit un index des contenus et des propriétés des fichiers sur les ordinateurs locaux et distants ; fournit un accès rapide aux fichiers par le biais d'un langage d'interrogation flexible.
Object name: LocalSystem
Image path: %SystemRoot%\system32\cisvc.exe
Image size: 5120
Image MD5: 7901AF03767C140467671C7CEEB2C3FE
Control Set: CurrentControlSet
Start: 3
Type: 288
Error Control: 1
Depends On services: RPCSS

Service (registry key): ClipSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Gestionnaire de l'Album
Description: Active le Gestionnaire de l'Album afin de stocker les informations et les partager avec des ordinateurs à distance. Si le service est arrêté, le Gestionnaire de l'Album ne pourra pas partager les informations avec des ordinateurs à distance. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas.
Object name: LocalSystem
Image path: %SystemRoot%\system32\clipsrv.exe
Image size: 30720
Image MD5: 3D1AAB2963FABCAFEB507B5C9D67BFBC
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: NetDDE

Service (registry key): CmBatt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote pour Batterie à méthode de contrôle ACPI Microsoft
Image path: System32\DRIVERS\CmBatt.sys
Image size: 13184
Image MD5: 8E7F784ABF6CD9482FBFECB9B53912AA
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): CmdIde
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Compbatt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote de batterie composite Microsoft
Image path: System32\DRIVERS\compbatt.sys
Image size: 9344
Image MD5: DF1B1A24BF52D0EBC01ED4ECE8979F50
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): COMSysApp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Application système COM+
Description: Gère la configuration et le suivi des composants de base COM+ (Component Object Model) . Si le service est arrêté, la plupart des composants de base COM+ ne fonctionneront pas correctement. Si ce service est désactivé, les services qui en dépendent de manière explicite ne pourront pas démarrer.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Image size: 4608
Image MD5: 17681E6109A67F3AEA66AD6AAE2434E6
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: rpcss

Service (registry key): ContentFilter
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): ContentIndex
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Cpqarray
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): CryptSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Services de cryptographie
Description: Fournit trois services de gestion : le service de base de données de catalogue, qui confirme la signature des fichiers Windows; le service de racine protégée, qui ajoute et supprime des certificats d'autorité de certification de racine approuvés et le service Clé, qui fournit une aide dans l'inscription de cet ordinateur pour les certificats. Si ce service est arrêté, ces services de gestion ne fonctionneront pas correctement. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): dac2w2k
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0

Service (registry key): dac960nt
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Dhcp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Client DHCP
Description: Gère la configuration réseau en inscrivant et en mettant à jour les adresses IP et les noms DNS.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd,NetBT

Service (registry key): Disk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote de disque
Image path: System32\DRIVERS\disk.sys
Image size: 33792
Image MD5: D1B16340CEACEECBF52340

oui

[11/10/2008, 20:51:50] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\geoffrey\Bureau\VirtumundoBeGone.exe" )
[11/10/2008, 20:52:00] - Detected System Information:
[11/10/2008, 20:52:00] - Windows Version: 5.1.2600, Service Pack 1
[11/10/2008, 20:52:00] - Current Username: geoffrey (Admin)
[11/10/2008, 20:52:00] - Windows is in NORMAL mode.
[11/10/2008, 20:52:00] - Searching for Browser Helper Objects:
[11/10/2008, 20:52:00] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[11/10/2008, 20:52:00] - Finished Searching Browser Helper Objects
[11/10/2008, 20:52:00] - Finishing up...
[11/10/2008, 20:52:00] - Nothing found! Exiting...

La marque du laptop est compal avec lecteur biometric.

Fichier psqlpwd.dll reçu le 2008.11.06 11:37:23 (CET)
Situation actuelle: terminé

Résultat: 0/36 (0.00%)
Formaté Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.5.3 2008.11.06 -
AntiVir 7.9.0.26 2008.11.06 -
Authentium 5.1.0.4 2008.11.06 -
Avast 4.8.1248.0 2008.11.05 -
AVG 8.0.0.161 2008.11.06 -
BitDefender 7.2 2008.11.06 -
CAT-QuickHeal 9.50 2008.11.04 -
ClamAV 0.94.1 2008.11.06 -
DrWeb 4.44.0.09170 2008.11.06 -
eSafe 7.0.17.0 2008.11.05 -
eTrust-Vet 31.6.6194 2008.11.06 -
Ewido 4.0 2008.11.05 -
F-Prot 4.4.4.56 2008.11.06 -
F-Secure 8.0.14332.0 2008.11.06 -
Fortinet 3.117.0.0 2008.11.05 -
GData 19 2008.11.06 -
Ikarus T3.1.1.45.0 2008.11.06 -
K7AntiVirus 7.10.517 2008.11.05 -
Kaspersky 7.0.0.125 2008.11.06 -
McAfee 5425 2008.11.05 -
Microsoft 1.4005 2008.11.06 -
NOD32 3590 2008.11.06 -
Norman 5.80.02 2008.11.05 -
Panda 9.0.0.4 2008.11.05 -
PCTools 4.4.2.0 2008.11.05 -
Prevx1 V2 2008.11.06 -
Rising 21.02.32.00 2008.11.06 -
SecureWeb-Gateway 6.7.6 2008.11.06 -
Sophos 4.35.0 2008.11.06 -
Sunbelt 3.1.1783.2 2008.11.05 -
Symantec 10 2008.11.06 -
TheHacker 6.3.1.1.141 2008.11.05 -
TrendMicro 8.700.0.1004 2008.11.06 -
VBA32 3.12.8.9 2008.11.05 -
ViRobot 2008.11.6.1455 2008.11.06 -
VirusBuster 4.5.11.0 2008.11.05 -
Information additionnelle
File size: 90112 bytes
MD5...: c9f5fe2ec1972532e61be06c3c5f09ab
SHA1..: f83664ed9f110c685053c362146687479bc584e5
SHA256: c9064ef4efeab22a7305450182c2a94033e5647612bb23b48d62f23452d21ed3
SHA512: 473194c4c1928df125cbbd8d0749657678dcd6e553e314a162626993b8255def
25b988e2673bc34ef7045d2439ae880d23d6a5bce900dbc927b1e961e95521b5
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x316e5541
timedatestamp.....: 0x460aa9ea (Wed Mar 28 17:46:18 2007)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xddba 0xde00 6.68 ccaec11c1de2ab9de282f58b08c451fc
.rdata 0xf000 0x473b 0x4800 5.23 f2bec9ce279d412d9f8f25b0f44b57f0
.data 0x14000 0x2dc4 0x1200 2.65 a85d5d3850293af43758b6f87abd1330
.rsrc 0x17000 0x5a4 0x600 4.59 d8b7a1ebcec9c8eeee74bfb4ecd5df33
.reloc 0x18000 0x1c32 0x1e00 4.24 17c97b7de052aa11f410b7bedaf398f8

( 2 imports )
> KERNEL32.dll: LoadLibraryW, OutputDebugStringA, LoadLibraryExW, MultiByteToWideChar, GetModuleFileNameW, GetLastError, GetUserDefaultLangID, WideCharToMultiByte, FormatMessageW, GetCurrentThreadId, GetCommandLineA, HeapFree, GetVersionExA, HeapAlloc, GetProcessHeap, RaiseException, RtlUnwind, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, InterlockedDecrement, Sleep, HeapSize, ExitProcess, SetLastError, GetStdHandle, GetModuleFileNameA, SetHandleCount, GetFileType, GetStartupInfoA, DeleteCriticalSection, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, LeaveCriticalSection, EnterCriticalSection, GetCPInfo, GetACP, GetOEMCP, HeapReAlloc, VirtualAlloc, LoadLibraryA, InitializeCriticalSection, GetLocaleInfoA, GetStringTypeA, GetStringTypeW, LCMapStringA, LCMapStringW, GetTickCount, GetVersion, GetFileAttributesW, GetProcAddress, GetModuleHandleW, WriteFile, GetModuleHandleA, SetFilePointer, GetConsoleCP, GetConsoleMode, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, CloseHandle, FlushFileBuffers
> ADVAPI32.dll: RegEnumValueW, RegSetValueExW, RegCreateKeyExW, RegQueryInfoKeyW, RegDeleteValueW, RegOpenKeyExW, RegQueryValueExW, RegCloseKey

( 10 exports )
InitializeChangeNotify, LockEvent, LogoffEvent, LogonEvent, PasswordChangeNotify, PasswordFilter, ShellStartEvent, ShutdownEvent, StartupEvent, UnlockEvent



ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.

T trop fort!!
On ne peut changer l'homme pour la machine!!

y a pas de virus??

Finalement c quoi C:\WINDOWS\system32\psqlpwd.dll ?

Merci grandement et VIVA Destrio5