Passez sur notre nouveau site : http://www.donnemoilinfo.com
Passez sur notre nouveau site : http://www.donnemoilinfo.com
Vous souhaitez réagir à ce message ? Créez un compte en quelques clics ou connectez-vous pour continuer.


 
 
AccueilDernières imagesRechercherS'enregistrerConnexionPlan
Ce forum n'est plus mis à jour, passez sur notre site http://www.donnemoilinfo.com/ Pour des raisons de confidentialité tous les comptes ont été supprimés.
-55%
Le deal à ne pas rater :
Friteuse sans huile – PHILIPS – Airfryer HD9200/90 Série 3000
49.99 € 109.99 €
Voir le deal

 

 HBO virus

Aller en bas 
AuteurMessage
Invité
Invité
Anonymous



HBO virus Empty
MessageSujet: HBO virus   HBO virus EmptyVen 14 Sep 2007, 00:45

bonjour
voici la prmiere partie du rapport systemscan
SystemScan - www.suspectfile.com - ver. 3.2.0

Running on: Windows XP PROFESSIONAL Edition, Service Pack 1 (2600.5.1)
System directory: C:\WINDOWS

Date: 13/09/2007
Time: 23:09:05

Output limited to:
-Recent files
-Registry Run Keys

===================== Recent files (60 days old)=====================

----- recent files in C:\
22/07/2007 11:42:17 (DIR) 0 byte 53 days old -- System Volume Information
02/09/2007 18:02:46 (DIR) 0 byte 11 days old -- Config.Msi
04/09/2007 19:16:12 (DIR) 0 byte 9 days old -- _OTMoveIt
06/09/2007 00:14:28 0 byte 7 days old -- cleanup.txt
07/09/2007 23:18:33 (DIR) 0 byte 6 days old -- Program Files
13/09/2007 22:53:52 703832064 byte 0 days old -- pagefile.sys
13/09/2007 22:54:42 (DIR) 0 byte 0 days old -- WINDOWS
13/09/2007 22:58:29 (DIR) 0 byte 0 days old -- $VAULT$.AVG
13/09/2007 23:09:04 (DIR) 0 byte 0 days old -- suspectfile

----- recent files in C:\WINDOWS\
02/09/2007 17:59:51 (DIR) 0 byte 11 days old -- Installer
02/09/2007 18:05:37 (DIR) 0 byte 11 days old -- system
05/09/2007 23:53:34 (DIR) 0 byte 8 days old -- system32
13/09/2007 21:35:52 32558 byte 0 days old -- SchedLgU.Txt
13/09/2007 22:53:55 2048 byte 0 days old -- bootstat.dat
13/09/2007 22:54:04 (DIR) 0 byte 0 days old -- Debug
13/09/2007 22:54:10 51 byte 0 days old -- wiaservc.log
13/09/2007 22:54:16 159 byte 0 days old -- wiadebug.log
13/09/2007 22:54:17 391163 byte 0 days old -- WindowsUpdate.log
13/09/2007 22:54:37 (DIR) 0 byte 0 days old -- Temp
13/09/2007 23:04:01 (DIR) 0 byte 0 days old -- Prefetch

----- recent files in C:\WINDOWS\Downloaded Program Files\

----- recent files in C:\WINDOWS\system\

----- recent files in C:\WINDOWS\system32\
22/07/2007 11:42:17 (DIR) 0 byte 53 days old -- Restore
30/08/2007 12:02:39 3284 byte 14 days old -- ANIWZCS{179A9B69-AA7C-473D-B96B-FDC63942DCFC}
31/08/2007 18:59:53 128512 byte 13 days old -- hljwnhxf.dll.bak
31/08/2007 18:59:55 45056 byte 13 days old -- ydaldafp.dll.bak
31/08/2007 18:59:56 101376 byte 13 days old -- ontinihc.dll.bak
31/08/2007 19:00:03 756224 byte 13 days old -- ubkqzuiu.dll.bak
31/08/2007 19:00:06 66560 byte 13 days old -- jsegmmbv.dll.bak
31/08/2007 19:00:08 47104 byte 13 days old -- ifdkjqks.dll.bak
01/09/2007 19:27:47 78848 byte 12 days old -- jjbajjb.dll.bak
02/09/2007 18:12:22 78848 byte 11 days old -- jjbajjb.dll
07/09/2007 22:57:02 (DIR) 0 byte 6 days old -- drivers
12/09/2007 09:47:56 2206 byte 1 days old -- wpa.dbl
13/09/2007 19:53:24 (DIR) 0 byte 0 days old -- CatRoot2

----- recent files in C:\WINDOWS\system32\drivers\
30/08/2007 11:00:20 2945 byte 14 days old -- fwdrv.err
31/08/2007 19:00:02 17280 byte 13 days old -- wnimjutr.sys
02/09/2007 18:06:48 27776 byte 11 days old -- avg7rsxp.sys
02/09/2007 18:06:49 19904 byte 11 days old -- avgmfx86.sys
04/09/2007 13:17:09 821600 byte 9 days old -- avg7core.sys
07/09/2007 23:20:49 (DIR) 0 byte 6 days old -- etc

----- recent files in C:\WINDOWS\temp\

----- recent files in C:\Program Files\
02/09/2007 18:06:21 (DIR) 0 byte 11 days old -- Grisoft
07/09/2007 23:13:20 (DIR) 0 byte 6 days old -- Google

----- recent files in C:\Program Files\Common Files\

----- recent files in C:\Documents and Settings\Christian\Application Data\
13/09/2007 12:10:06 (DIR) 0 byte 0 days old -- AVG7

----- recent files in C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\
12/09/2007 09:48:26 0 byte 1 days old -- vga4.tmp
12/09/2007 20:41:21 0 byte 1 days old -- vga5.tmp
13/09/2007 12:09:52 0 byte 0 days old -- vga6.tmp
13/09/2007 13:10:22 0 byte 0 days old -- vga1.tmp
13/09/2007 19:51:39 0 byte 0 days old -- vga2.tmp
13/09/2007 22:54:25 0 byte 0 days old -- vga3.tmp
13/09/2007 22:57:32 (DIR) 0 byte 0 days old -- Google Toolbar
13/09/2007 23:03:52 16384 byte 0 days old -- ~DFBD81.tmp
13/09/2007 23:03:52 (DIR) 0 byte 0 days old -- nsv5.tmp

===================== REGISTRY SCAN =====================


-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe"
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe"
"QuickTime Task"="\"C:\Program Files\QuickTime\qttask.exe\" -atboottime"
"SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe"
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP"

[Run\OptionalComponents]
@=""

[Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
@=""

[Run\OptionalComponents\MSFS]
"Installed"="1"
@=""

-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"msnmsgr"="\"C:\Program Files\MSN Messenger\msnmsgr.exe\" /background"
"ccleaner"="\"C:\Program Files\CCleaner\ccleaner.exe\" /AUTO"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----

[Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE"
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe"
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

[run]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----

[Windows]
"AppInit_DLLs"=""

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----

[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"%SystemRoot%\System32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\System32\stobject.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----

[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
#### HKCR\CLSID\{57B86673-276A-48B2-BAE7-C6DBB3020EB8}\InprocServer32 @="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"
Revenir en haut Aller en bas
Invité
Invité
Anonymous



HBO virus Empty
MessageSujet: HBO virus   HBO virus EmptyVen 14 Sep 2007, 00:48

bonjour,
suite de la premeire partie du rapport systemscan

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"Shell"="Explorer.exe"
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"
"system"=""

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
"@="Wireless"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
"@="Folder Redirection"
"DllName"=expand:"fdeploy.dll"

[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Microsoft Disk Quota"
"DllName"=expand:"dskquota.dll"

[Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
"@="QoS Packet Scheduler"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
"@="Scripts"
"DllName"=expand:"gptext.dll"

[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="Security"

[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"=expand:"iedkcs32.dll"
"@="Internet Explorer Branding"

[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"

[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"@="Software Installation"
"DllName"=expand:"appmgmts.dll"

[Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
"@="IP Security"
"DllName"=expand:"gptext.dll"

[Winlogon\Notify]

[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"

[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"

[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"StartShell"="WinlogonStartShellEvent"

[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001

[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"DllName"=expand:"sclgntfy.dll"

[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"

[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"

[Winlogon\Notify\yozyahnn]
"DLLName"="jjbajjb.dll"
"Logoff"="WLEventLogoff"
"Logon"="WLEventLogon"

[Winlogon\SCLogon]

[Winlogon\SpecialAccounts]

[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

[Winlogon]
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Local Settings;Temporary Internet Files;History;Temp;Local Settings\Application Data\Microsoft\Outlook"
"BuildNumber"=dword:00000a28
Revenir en haut Aller en bas
Invité
Invité
Anonymous



HBO virus Empty
MessageSujet: HBO virus   HBO virus EmptyVen 14 Sep 2007, 00:49

suite 2 de la premiere partie du rapport systemscan

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----

[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"

-----HKLM\System\CurrentControlSet\Control\Session Manager\-----

[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"

[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----

[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"

-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

[RunOnceEx]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----

[RunServices]

-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

[RunServicesOnce]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

[RunOnce]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

[RunOnceEx]

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----

[RunServices]

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----

-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

[RunServicesOnce]

-----HKLM\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Command Processor\Autorun-----

-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----

-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----

-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----

-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"

-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----

[Browser Helper Objects]

[Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
@=""

[Browser Helper Objects\{6DE8FD7F-0F11-4FA1-A407-56189967D5EA}]

[Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
#### HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32 @="c:\program files\google\googletoolbar2.dll"

[Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
#### HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32 @="C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll"

-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----

[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @=expand:"%SystemRoot%\System32\shdocvw.dll"

-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder-----

[startupfolder]

-----HKCU\Control Panel\Desktop\-----

[Desktop]
"SCRNSAVE.EXE"="C:\WINDOWS\System32\logon.scr"

[Desktop\WindowMetrics]

-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----

[command]
@="\"%1\" %*"

-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----

[command]
@="\"%1\" /S"

-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----

[Command]
@="C:\WINDOWS\System32\mshta.exe \"%1\" %*"

-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----

[URL]

[URL\DefaultPrefix]
@="http://"

[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----

[Lsa]
"Authentication Packages"=multi:"msv1_0\00\00"
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=multi:"kerberos\00msv1_0\00schannel\00wdigest\00\00"
"LsaPid"=dword:00000308
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=multi:"scecli\00\00"

[Lsa\AccessProviders]
"ProviderOrder"=multi:"Windows NT Access Provider\00\00"

[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

[Lsa\Data]
@Class="e2ae14bb"
"Pattern"=hex:fd,17,bb,d0,df,fb,db,09,56,a0,da,d9,9b,d1,87,70,65,32,61,65,31,\
34,62,62,00,68,07,00,01,00,00,00,d8,00,00,00,dc,00,00,00,48,fa,06,00,d6,48,\
5a,74,04,00,00,00,a0,fd,06,00,b8,fd,06,00,eb,f3,e0,a3

[Lsa\GBG]
@Class="eb98cc93"
"GrafBlumGroup"=hex:86,d0,82,f1,c4,af,93,b6,9a

[Lsa\JD]
@Class="2f6fa3d4"
"Lookup"=hex:08,fe,94,a3,91,47

[Lsa\Kerberos]

[Lsa\Kerberos\Domains]

[Lsa\Kerberos\SidCache]

[Lsa\MSV1_0]
"Auth132"="IISSUBA"
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[Lsa\Skew1]
@Class="e0f325d3"
"SkewMatrix"=hex:42,84,f2,8c,46,e9,49,e8,47,5a,6e,b7,73,62,06,7f

[Lsa\SSO]

[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[Lsa\SspiCache]
"Time"=hex:1a,07,0f,9e,69,7a,c4,01

[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,00,f1,f4,ae,87,c3,01
"Type"=dword:00000031

[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,00,f1,f4,ae,87,c3,01
"Type"=dword:00000031

[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,00,f1,f4,ae,87,c3,01
"Type"=dword:00000031
Revenir en haut Aller en bas
Invité
Invité
Anonymous



HBO virus Empty
MessageSujet: HBO virus   HBO virus EmptyVen 14 Sep 2007, 00:51

suite 3 de la premiere partie du rapport systemscan
-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----

[SharedAccess]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"DisplayName"="Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)"
"DependOnService"=multi:"Netman\00NLA\00RasMan\00ALG\00\00"
"DependOnGroup"=multi:"\00"
"ObjectName"="LocalSystem"
"Description"="Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network."

[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

[SharedAccess\Parameters\FirewallPolicy]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----

-----HKLM\Software\Microsoft\Ole-----

[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\
00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\
5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\
5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00
"EnableDCOM"="Y"

[Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""

-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----

[Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----

[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000
"RestoreStatus"=dword:00000001
"RestoreSafeModeStatus"=dword:00000000

[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{94C6F6D7-628C-4DAD-9476-A32B078B7DF8}"

[SystemRestore\SnapshotCallbacks]
@=""

-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----

[VB and VBA Program Settings]

[VB and VBA Program Settings\CCleaner]

[VB and VBA Program Settings\CCleaner\Options]

[VB and VBA Program Settings\DBCDD4]

[VB and VBA Program Settings\DBCDD4\ClipartInfo]

[VB and VBA Program Settings\DBCDD4\Settings]

[VB and VBA Program Settings\DBCDD4\TemplateInfo]

-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----

[MountPoints2]

[MountPoints2\A]
"BaseClass"="Drive"

[MountPoints2\C]
"BaseClass"="Drive"

[MountPoints2\D]
"BaseClass"="Drive"

[MountPoints2\E]
"BaseClass"="Drive"

[MountPoints2\F]
"BaseClass"="Drive"

[MountPoints2\G]
"BaseClass"="Drive"

[MountPoints2\H]
"BaseClass"="Drive"

[MountPoints2\I]
"BaseClass"="Drive"

[MountPoints2\J]
"BaseClass"="Drive"

[MountPoints2\K]
"BaseClass"="Drive"

[MountPoints2\L]
"BaseClass"="Drive"

[MountPoints2\{198cb330-919b-11d9-8070-000c767f3a80}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
df,df,df,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,00,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,10,00,00,08,\
02,00,00

[MountPoints2\{198cb330-919b-11d9-8070-000c767f3a80}\shell]
@="None"

[MountPoints2\{198cb330-919b-11d9-8070-000c767f3a80}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{198cb330-919b-11d9-8070-000c767f3a80}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{2838285d-e660-11d8-bdb7-000c767f3a80}]
"BaseClass"="Drive"

[MountPoints2\{39a519e9-f29e-11db-b1f0-00138ffa13b9}]
"BaseClass"="Drive"

[MountPoints2\{60431742-e59f-11d8-bb64-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,01,00,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,20,00,00,00,0a,\
00,00,00

[MountPoints2\{60431743-e59f-11d8-bb64-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,e0,00,00,00,09,\
00,00,00

[MountPoints2\{60431744-e59f-11d8-bb64-806d6172696f}]
"BaseClass"="Drive"

[MountPoints2\{60431745-e59f-11d8-bb64-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
df,df,df,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,cf,5f,5f,5f,\
cf,cf,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,5f,5f,5f,5f,5f,00,00,00,00,10,00,00,00,\
00,00,00

[MountPoints2\{60431746-e59f-11d8-bb64-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
df,df,df,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,cf,5f,5f,5f,\
cf,cf,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,5f,5f,5f,5f,5f,00,00,00,00,10,00,00,00,\
00,00,00

[MountPoints2\{60431747-e59f-11d8-bb64-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
df,df,df,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,cf,5f,5f,5f,\
cf,cf,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,5f,5f,5f,5f,5f,00,00,00,00,10,00,00,00,\
00,00,00

[MountPoints2\{60431748-e59f-11d8-bb64-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,10,00,00,08,\
00,00,00

[MountPoints2\{a9b80116-f2a2-11db-8b1e-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,cf,cf,5f,5f,\
cf,cf,cf,5f,5f,cf,cf,cf,5f,5f,cf,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,cf,5f,5f,5f,\
01,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,20,00,00,00,08,\
00,00,00

[MountPoints2\{a9b80117-f2a2-11db-8b1e-806d6172696f}]
"BaseClass"="Drive"

[MountPoints2\{aa323065-c7c0-11db-a66b-00195b3c04d5}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
df,df,df,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,01,00,ee,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,10,00,00,08,\
02,00,00

[MountPoints2\{aa323065-c7c0-11db-a66b-00195b3c04d5}\shell]
@="None"

[MountPoints2\{aa323065-c7c0-11db-a66b-00195b3c04d5}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[MountPoints2\{aa323065-c7c0-11db-a66b-00195b3c04d5}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"

[MountPoints2\{aa323b35-c7c0-11db-a66b-00195b3c04d5}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
df,df,df,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,01,00,ee,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,10,00,00,08,\
02,00,00

[MountPoints2\{cc75494c-e5a6-11d8-b21b-806d6172696f}]
"BaseClass"="Drive"
Revenir en haut Aller en bas
Invité
Invité
Anonymous



HBO virus Empty
MessageSujet: HBO virus   HBO virus EmptyVen 14 Sep 2007, 00:55

suite 4 du rapport systemscan
desole, j ai du le tyrancher en tranches fines pour l envoyer
merci


-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

[AdvancedOptions]

-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

-----HKLM\Software\Microsoft\Active Setup\Installed Components-----

[Installed Components]

[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\System32\wmpdxm.dll"
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
"@="Microsoft Windows Media Player"
"ComponentID"="WMPACCESS"

[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE"

[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
"@="Browser Customizations"
"ComponentID"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
"@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"

[Installed Components\{02f78298-8af6-495c-9ecb-b6ae68678186}]
"@="KB867282"
"ComponentID"="KB867282"

[Installed Components\{04d6265d-6b5d-41c3-9e7c-48be15919643}]
"@="KB890923"
"ComponentID"="KB890923"

[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
"@="Microsoft VM"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\WINDOWS\System32\msjava.dll"

[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608555}]
"@="Internet Explorer Classes for Java"
"ComponentID"="IEJAVA"

[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
"@="Vector Graphics Rendering (VML)"
"ComponentID"="MSVML"

[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\System32\wmpdxm.dll"
"ComponentID"="NetShow"
"StubPath"=""

[Installed Components\{2298d453-bcae-4519-bf33-1cbf3faf1524}]
"@="Q867801"
"ComponentID"="Q867801"

[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\System32\wmpdxm.dll"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"=""
"@="Microsoft Windows Media Player 6.4"

[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
#### HKCR\CLSID\{283807B5-2C60-11D0-A31D-00AA00B92C03}\InprocServer32 @="C:\WINDOWS\System32\danim.dll"
"@="DirectAnimation"
"ComponentID"="DirectAnimation"

[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"

[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
"@="Dynamic HTML Data Binding for Java"
"ComponentID"="TridataJava"

[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"@="Offline Browsing Pack"
"ComponentID"="MobilePk"

[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
"@="Uniscribe"
"ComponentID"="USP10"

[Installed Components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
"ComponentID"="S867460"
"@="Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)"

[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
"@="Advanced Authoring"
"ComponentID"="AdvAuth"

[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"

[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
"@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"

[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"@="DirectShow"
"ComponentID"="activemovie"

[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft DirectX"

[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
"@="DirectDrawEx"
"ComponentID"="DirectDrawEx"

[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
"@="Internet Explorer Help"
"ComponentID"="HelpCont"

[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
"@="DirectAnimation Java Classes"
"ComponentID"="DAJava"

[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"

[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"KeyFileName"="C:\Program Files\Messenger\msmsgs.exe"
"ComponentID"="Messenger"
"StubPath"=expand:"rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser"
"@="Windows Messenger 4.7"

[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"

[Installed Components\{5f3c70b3-ac2f-432c-8f9c-1624df61f54f}]
"@="Microsoft Data Access Components KB870669"
"ComponentID"="KB870669"

[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
"@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"

[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\System32\msieftp.dll"

[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\System32\wmp.dll"
"@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub"

[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
"@="MSN Site Access"
"ComponentID"="MSN_Auth"

[Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
"@="Web Folders"
"ComponentID"="WebFolders"
"StubPath"=""

[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"@="Address Book 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"

[Installed Components\{839117ee-2132-4bae-a56a-42b50204c9b9}]
"@="KB889293"
"ComponentID"="KB889293"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"@="Windows Desktop Update"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"@="Internet Explorer 6"
"ComponentID"="BASEIE40_W2K"
"StubPath"=expand:"%SystemRoot%\system32\ie4uinit.exe"

[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]

[Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"ComponentID"="DOTNETFRAMEWORKS"
"StubPath"="C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install"

[Installed Components\{8EFA4753-7169-4CC3-A28B-0A1643B8A39B}]
"@="Microsoft .NET Framework 1.1 Hotfix (KB886903)"
"ComponentID"="M886903"

[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
"@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"

[Installed Components\{96543d59-497a-4801-a1f3-5936aacaf7b1}]
"@="Q828750"
"ComponentID"="Q828750"

[Installed Components\{abcdf74f-9a64-4e6e-b8eb-6e5a41de6550}]

[Installed Components\{abcdf74f-9a64-4e6e-b8eb-6e5a41de6550}\0409]

[Installed Components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]

[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
"@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"

[Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
"ComponentID"=".NETFramework"
"@=".NET Framework"

[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
"@="Task Scheduler"
"ComponentID"="MSTASK"

[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"@="Adobe Flash Player 9"
"ComponentID"="Flash"

[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
"@="HTML Help"
"ComponentID"="HTMLHelp"

[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
"@="Active Directory Service Interface"
"ComponentID"="ADSI"

[Installed Components\{f5173cf0-1dfb-4978-8e50-a90169ee7ca9}]
"@="Q823353"
"ComponentID"="Q823353"

[Installed Components\{F5776D81-AE53-4935-8E84-B0B283D8BCEF}]
"@="Q330994"
"ComponentID"="Q330994"
Revenir en haut Aller en bas
Invité
Invité
Anonymous



HBO virus Empty
MessageSujet: HBO virus   HBO virus EmptyVen 14 Sep 2007, 00:56

suite et fin du rapport systemscan
merci pour ton aide



-----Comparing registry keys CCS1 vs CCS2 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\AvgClean __delete REG_MULTI_SZ \??\D:\JJSMBXX\fzxcrn81\koknkok.equ\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\BITS\Parameters ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\qmgr.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\BITS\Parameters ServiceDll REG_EXPAND_SZ C:\WINDOWS\System32\qmgr.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\System32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\System32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Spooler
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\System Sources REG_MULTI_SZ WZCSVC\0Workstation\0WindowsMedia\0Windows Update Agent\0Windows Script Host\0Windows Installer 3.1\0Windows File Protection\0Win32k\0WGA\0W32Time\0VolSnap\0viaide\0VgaSave\0USER32\0UPS\0ultra\0udfs\0toside\0TermServSessDir\0TermService\0TermServDevices\0TermDD\0tdi\0TCPMon\0Tcpip\0System Error\0sym_u3\0sym_hi\0symc8xx\0symc810\0StillImage\0SSDPSRV\0Srv\0srservice\0sr\0sparrow\0Software Restriction Policy\0sndblst\0SISNIC\0SiS315\0Simbad\0SideBySide\0sfloppy\0Setup\0Service Control Manager\0Server\0serial\0scsiport\0Schedule\0Schannel\0SCardSvr\0Save Dump\0SAM\0RT73\0RT61\0RSVP\0Removable Storage Service\0RemoteAccess\0Remote Desktop Help Session Manager\0redbook\0Rdbss\0RasMan\0RasAuto\0ql1280\0ql1240\0ql12160\0ql10wnt\0ql1080\0PSched\0Processor\0Print\0PptpMiniport\0PolicyAgent\0PlugPlayManager\0perc2\0pcmcia\0pciide\0pci\0parvdm\0partmgr\0parport\0OSPFMib\0OSPF\0NVENET\0nv\0null\0NtServicePack\0ntfs\0npfs\0Nla\0Netlogon\0NetDDE\0NetBT\0NetBIOS\0NdisWan\0ndis\0Mup\0msfs\0msadlib\0MrxSmb\0MRxDAV\0mraid35x\0mouhid\0mouclass\0Modem\0LsaSrv\0LmHosts\0LDMS\0LDM\0lbrtfdc\0Kerberos\0kbdclass\0isapnp\0irsir\0irevents\0IPXSAP\0IPXRouterManager\0IPXRIP\0IPXCP\0IPSec\0IPRouterManager\0IPRIP2\0IPNATHLP\0IPMGM\0IPBOOTP\0Ip6FwHlp\0Internet Explorer 6\0intelide\0ini910u\0IGMPv2\0i8042prt\0i2omp\0i2omgmt\0hpn\0ftdisk\0fs_rec\0flpydisk\0Fips\0fdc\0fastfat\0eventlog\0efs\0dpti2o\0Dnscache\0Dnsapi\0dmio\0dmboot\0Distributed Link Tracking Client\0disk\0DirectX\0Dhcp\0DfsSvc\0DfsDriver\0DCOM\0dac960nt\0dac2w2k\0cpqarray\0cmdide\0changer\0cdrom\0Cdm\0cdfs\0cdaudio\0cd20xrnt\0cbidf2k\0Browser\0BITS\0beep\0Atmarpc\0atdisk\0atapi\0AsyncMac\0asc3550\0asc3350p\0asc\0Application Popup\0apphelp\0amsint\0ami0nt\0AmdK7\0aliide\0Alerter\0aic78xx\0aic78u2\0aha154x\0adpu160m\0acpiec\0acpi\0abp480n5\0abiosdsk\0System\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\System Sources REG_MULTI_SZ WZCSVC\0Workstation\0WindowsMedia\0Windows Update Agent\0Windows Script Host\0Windows Installer 3.1\0Windows File Protection\0Win32k\0WGA\0W32Time\0VolSnap\0viaide\0VgaSave\0USER32\0UPS\0ultra\0udfs\0toside\0TermServSessDir\0TermService\0TermServDevices\0TermDD\0tdi\0TCPMon\0Tcpip\0System Error\0sym_u3\0sym_hi\0symc8xx\0symc810\0StillImage\0SSDPSRV\0Srv\0srservice\0sr\0sparrow\0Software Restriction Policy\0sndblst\0SISNIC\0Simbad\0SideBySide\0sfloppy\0Setup\0Service Control Manager\0Server\0serial\0scsiport\0Schedule\0Schannel\0SCardSvr\0Save Dump\0SAM\0RT73\0RT61\0RSVP\0Removable Storage Service\0RemoteAccess\0Remote Desktop Help Session Manager\0redbook\0Rdbss\0RasMan\0RasAuto\0ql1280\0ql1240\0ql12160\0ql10wnt\0ql1080\0PSched\0Processor\0Print\0PptpMiniport\0PolicyAgent\0PlugPlayManager\0perc2\0pcmcia\0pciide\0pci\0parvdm\0partmgr\0parport\0OSPFMib\0OSPF\0NVENET\0nv\0null\0NtServicePack\0ntfs\0npfs\0Nla\0Netlogon\0NetDDE\0NetBT\0NetBIOS\0NdisWan\0ndis\0Mup\0msfs\0msadlib\0MrxSmb\0MRxDAV\0mraid35x\0mouhid\0mouclass\0Modem\0LsaSrv\0LmHosts\0LDMS\0LDM\0lbrtfdc\0Kerberos\0kbdclass\0isapnp\0irsir\0irevents\0IPXSAP\0IPXRouterManager\0IPXRIP\0IPXCP\0IPSec\0IPRouterManager\0IPRIP2\0IPNATHLP\0IPMGM\0IPBOOTP\0Ip6FwHlp\0Internet Explorer 6\0intelide\0ini910u\0IGMPv2\0i8042prt\0i2omp\0i2omgmt\0hpn\0ftdisk\0fs_rec\0flpydisk\0Fips\0fdc\0fastfat\0eventlog\0efs\0dpti2o\0Dnscache\0Dnsapi\0dmio\0dmboot\0Distributed Link Tracking Client\0disk\0DirectX\0Dhcp\0DfsSvc\0DfsDriver\0DCOM\0dac960nt\0dac2w2k\0cpqarray\0cmdide\0changer\0cdrom\0Cdm\0cdfs\0cdaudio\0cd20xrnt\0cbidf2k\0Browser\0BITS\0beep\0Atmarpc\0atdisk\0atapi\0AsyncMac\0asc3550\0asc3350p\0asc\0Application Popup\0apphelp\0amsint\0ami0nt\0AmdK7\0aliide\0Alerter\0aic78xx\0aic78u2\0aha154x\0adpu160m\0acpiec\0acpi\0abp480n5\0abiosdsk\0System\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\MRxDAV\EncryptedDirectories
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\NetBT\Parameters\Interfaces\Tcpip_{24161A97-6123-49AC-9D89-E4DFD126BE49} NameServerList REG_MULTI_SZ \0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\NetBT\Parameters\Interfaces\Tcpip_{24161A97-6123-49AC-9D89-E4DFD126BE49} NameServerList REG_MULTI_SZ \0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\semadgos
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Adapters\NdisWanIp IpConfig REG_MULTI_SZ Tcpip\Parameters\Interfaces\{17411D10-3DB4-4FB4-890C-4DEAA719D41B}\0Tcpip\Parameters\Interfaces\{24161A97-6123-49AC-9D89-E4DFD126BE49}\0Tcpip\Parameters\Interfaces\{4C523FCD-B309-44E0-8E7E-7C7D686F2CA7}\0Tcpip\Parameters\Interfaces\{032AF5AB-B8D8-4787-AA5D-24687770CD04}\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Adapters\NdisWanIp IpConfig REG_MULTI_SZ Tcpip\Parameters\Interfaces\{17411D10-3DB4-4FB4-890C-4DEAA719D41B}\0Tcpip\Parameters\Interfaces\{24161A97-6123-49AC-9D89-E4DFD126BE49}\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Adapters\NdisWanIp NumInterfaces REG_DWORD 4 (0x4)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Adapters\NdisWanIp NumInterfaces REG_DWORD 2 (0x2)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Adapters\NdisWanIp IpInterfaces REG_BINARY 101D4117B43DB44F890C4DEAA719D41B971A16242361AC499D89E4DFD126BE49CD3F524C09B3E0448E7E7C7D686F2CA7ABF52A03D8B88747AA5D24687770CD04
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Adapters\NdisWanIp IpInterfaces REG_BINARY 101D4117B43DB44F890C4DEAA719D41B971A16242361AC499D89E4DFD126BE49
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{24161A97-6123-49AC-9D89-E4DFD126BE49} NTEContextList REG_MULTI_SZ 0x00000003\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{24161A97-6123-49AC-9D89-E4DFD126BE49} DhcpClassIdBin REG_BINARY
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{24161A97-6123-49AC-9D89-E4DFD126BE49} DhcpIPAddress REG_SZ 0.0.0.0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{24161A97-6123-49AC-9D89-E4DFD126BE49} DhcpSubnetMask REG_SZ 0.0.0.0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{24161A97-6123-49AC-9D89-E4DFD126BE49} Domain REG_SZ
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{24161A97-6123-49AC-9D89-E4DFD126BE49} NameServer REG_SZ
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{24161A97-6123-49AC-9D89-E4DFD126BE49} RegistrationEnabled REG_DWORD 0 (0x0)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{24161A97-6123-49AC-9D89-E4DFD126BE49} RegisterAdapterName REG_DWORD 0 (0x0)

Result compared: Different


-----Comparing registry keys CCS1 vs CCS3 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services

Result compared: Identical


==========================================
Scan completed in 2 minutes
End of report
Revenir en haut Aller en bas
boule
Membre aide
Membre aide



Masculin
OS : XP
Navigateur : opera

Pays : HBO virus Achat_11
Messages postés : 8781
Votes reçus : 164

HBO virus Empty
MessageSujet: Re: HBO virus   HBO virus EmptyVen 14 Sep 2007, 02:11

Hello Gillech

y'a des choses bizarres, alors fais ceci

Télécharge OTMoveIt sur ton bureau
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

Double clic sur OTMoveIt.exe
Sélectionne et copie les lignes ci-dessous

C:\_OTMoveIt
C:\cleanup.txt
C:\WINDOWS\system32\hljwnhxf.dll.bak
C:\WINDOWS\system32\ydaldafp.dll.bak
C:\WINDOWS\system32\ontinihc.dll.bak
C:\WINDOWS\system32\ubkqzuiu.dll.bak
C:\WINDOWS\system32\jsegmmbv.dll.bak
C:\WINDOWS\system32\ifdkjqks.dll.bak
C:\WINDOWS\system32\jjbajjb.dll.bak
C:\WINDOWS\system32\jjbajjb.dll
C:\WINDOWS\system32\drivers\wnimjutr.sys

Retourne dans OTMoveit, fais un clic droit dans la fenêtre "Paste List of Files/Folders to be moved" et choisis "coller".
Clic sur le boutton rouge Moveit et ferme OTMoveIt
Si un fichier ou un dossier ne peut être déplacer immédiatement il te sera demander de redémarrer ta machine pour finir l'exécution, si c'est le cas, clic sur "Yes"
Copie et colle le rapport qu'il va te générer ici stp. Le rapport d'OTMoveit se trouve dans ce dossier : C:\_OTMoveIt\MovedFiles


Ensuite, fais ceci : le rapport va être long, si tu veux me l'envoyer par mail, pas de souci : boulepate62@gmail.com

Télécharge DiagHelp.zip sur ton bureau
http://www.malekal.com/download/DiagHelp.zip
- Fais un clic droit sur le fichier et extraire tout
- Un nouveau dossier chercher va être créé DiagHelp
- Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
- Une fenêtre va s'ouvrir, choisis l'option 1
- L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande
- A la fin de l'analyse, il te sera redemandé de redémarrer l'ordinateur... Une fois l'ordinateur redémarré le rapport va apparaître sur le bloc-note.. Ce dernier se trouve sur C:\resultat.txt
- Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
-- Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
-- A nouveau menu Edition / copier
-- Dans un nouveau message ici, faire un clic droit / coller

Bon courage niquel
Revenir en haut Aller en bas
http://www.donnemoilinfo.com
Contenu sponsorisé





HBO virus Empty
MessageSujet: Re: HBO virus   HBO virus Empty

Revenir en haut Aller en bas
 
HBO virus
Revenir en haut 
Page 1 sur 1
 Sujets similaires
-
» trojan horse BHO Windows 32 jjbajjb.dll
» AIde help me pour ad aware et virus et anti virus
» Virus possible ?
» Virus msn

Permission de ce forum:Vous ne pouvez pas répondre aux sujets dans ce forum
 :: Anciens sujets-
Sauter vers:  
Ne ratez plus aucun deal !
Abonnez-vous pour recevoir par notification une sélection des meilleurs deals chaque jour.
IgnorerAutoriser