Ce forum n'est plus mis à jour, passez sur notre site http://www.donnemoilinfo.com/
Pour des raisons de confidentialité tous les comptes ont été supprimés. |
| | | HBO virus |  |
| | | Auteur | Message |
|---|
Invité
Invité
 | | Sujet: HBO virus Ven 14 Sep 2007, 00:45 | |
| bonjour voici la prmiere partie du rapport systemscan SystemScan - www.suspectfile.com - ver. 3.2.0 Running on: Windows XP PROFESSIONAL Edition, Service Pack 1 (2600.5.1) System directory: C:\WINDOWS Date: 13/09/2007 Time: 23:09:05 Output limited to: -Recent files -Registry Run Keys ===================== Recent files (60 days old)===================== ----- recent files in C:\ 22/07/2007 11:42:17 (DIR) 0 byte 53 days old -- System Volume Information 02/09/2007 18:02:46 (DIR) 0 byte 11 days old -- Config.Msi 04/09/2007 19:16:12 (DIR) 0 byte 9 days old -- _OTMoveIt 06/09/2007 00:14:28 0 byte 7 days old -- cleanup.txt 07/09/2007 23:18:33 (DIR) 0 byte 6 days old -- Program Files 13/09/2007 22:53:52 703832064 byte 0 days old -- pagefile.sys 13/09/2007 22:54:42 (DIR) 0 byte 0 days old -- WINDOWS 13/09/2007 22:58:29 (DIR) 0 byte 0 days old -- $VAULT$.AVG 13/09/2007 23:09:04 (DIR) 0 byte 0 days old -- suspectfile ----- recent files in C:\WINDOWS\ 02/09/2007 17:59:51 (DIR) 0 byte 11 days old -- Installer 02/09/2007 18:05:37 (DIR) 0 byte 11 days old -- system 05/09/2007 23:53:34 (DIR) 0 byte 8 days old -- system32 13/09/2007 21:35:52 32558 byte 0 days old -- SchedLgU.Txt 13/09/2007 22:53:55 2048 byte 0 days old -- bootstat.dat 13/09/2007 22:54:04 (DIR) 0 byte 0 days old -- Debug 13/09/2007 22:54:10 51 byte 0 days old -- wiaservc.log 13/09/2007 22:54:16 159 byte 0 days old -- wiadebug.log 13/09/2007 22:54:17 391163 byte 0 days old -- WindowsUpdate.log 13/09/2007 22:54:37 (DIR) 0 byte 0 days old -- Temp 13/09/2007 23:04:01 (DIR) 0 byte 0 days old -- Prefetch ----- recent files in C:\WINDOWS\Downloaded Program Files\ ----- recent files in C:\WINDOWS\system\ ----- recent files in C:\WINDOWS\system32\ 22/07/2007 11:42:17 (DIR) 0 byte 53 days old -- Restore 30/08/2007 12:02:39 3284 byte 14 days old -- ANIWZCS{179A9B69-AA7C-473D-B96B-FDC63942DCFC} 31/08/2007 18:59:53 128512 byte 13 days old -- hljwnhxf.dll.bak 31/08/2007 18:59:55 45056 byte 13 days old -- ydaldafp.dll.bak 31/08/2007 18:59:56 101376 byte 13 days old -- ontinihc.dll.bak 31/08/2007 19:00:03 756224 byte 13 days old -- ubkqzuiu.dll.bak 31/08/2007 19:00:06 66560 byte 13 days old -- jsegmmbv.dll.bak 31/08/2007 19:00:08 47104 byte 13 days old -- ifdkjqks.dll.bak 01/09/2007 19:27:47 78848 byte 12 days old -- jjbajjb.dll.bak 02/09/2007 18:12:22 78848 byte 11 days old -- jjbajjb.dll 07/09/2007 22:57:02 (DIR) 0 byte 6 days old -- drivers 12/09/2007 09:47:56 2206 byte 1 days old -- wpa.dbl 13/09/2007 19:53:24 (DIR) 0 byte 0 days old -- CatRoot2 ----- recent files in C:\WINDOWS\system32\drivers\ 30/08/2007 11:00:20 2945 byte 14 days old -- fwdrv.err 31/08/2007 19:00:02 17280 byte 13 days old -- wnimjutr.sys 02/09/2007 18:06:48 27776 byte 11 days old -- avg7rsxp.sys 02/09/2007 18:06:49 19904 byte 11 days old -- avgmfx86.sys 04/09/2007 13:17:09 821600 byte 9 days old -- avg7core.sys 07/09/2007 23:20:49 (DIR) 0 byte 6 days old -- etc ----- recent files in C:\WINDOWS\temp\ ----- recent files in C:\Program Files\ 02/09/2007 18:06:21 (DIR) 0 byte 11 days old -- Grisoft 07/09/2007 23:13:20 (DIR) 0 byte 6 days old -- Google ----- recent files in C:\Program Files\Common Files\ ----- recent files in C:\Documents and Settings\Christian\Application Data\ 13/09/2007 12:10:06 (DIR) 0 byte 0 days old -- AVG7 ----- recent files in C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\ 12/09/2007 09:48:26 0 byte 1 days old -- vga4.tmp 12/09/2007 20:41:21 0 byte 1 days old -- vga5.tmp 13/09/2007 12:09:52 0 byte 0 days old -- vga6.tmp 13/09/2007 13:10:22 0 byte 0 days old -- vga1.tmp 13/09/2007 19:51:39 0 byte 0 days old -- vga2.tmp 13/09/2007 22:54:25 0 byte 0 days old -- vga3.tmp 13/09/2007 22:57:32 (DIR) 0 byte 0 days old -- Google Toolbar 13/09/2007 23:03:52 16384 byte 0 days old -- ~DFBD81.tmp 13/09/2007 23:03:52 (DIR) 0 byte 0 days old -- nsv5.tmp ===================== REGISTRY SCAN ===================== -----HKLM\Software\Microsoft\Windows\CurrentVersion\Run----- [Run] "D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" "QuickTime Task"="\"C:\Program Files\QuickTime\qttask.exe\" -atboottime" "SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd" "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP" [Run\OptionalComponents] @="" [Run\OptionalComponents\IMAIL] "Installed"="1" @="" [Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" @="" [Run\OptionalComponents\MSFS] "Installed"="1" @="" -----HKCU\Software\Microsoft\Windows\CurrentVersion\Run----- [Run] "msnmsgr"="\"C:\Program Files\MSN Messenger\msnmsgr.exe\" /background" "ccleaner"="\"C:\Program Files\CCleaner\ccleaner.exe\" /AUTO" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run----- [Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" "ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE" -----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run----- [run] -----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run----- -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows----- [Windows] "AppInit_DLLs"="" -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad----- [ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" #### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" #### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" #### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"%SystemRoot%\System32\webcheck.dll" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" #### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\System32\stobject.dll" -----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks----- [ShellExecuteHooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" #### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" #### HKCR\CLSID\{57B86673-276A-48B2-BAE7-C6DBB3020EB8}\InprocServer32 @="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" |
| | | | Invité
Invité
| | Sujet: HBO virus Ven 14 Sep 2007, 00:48 | |
| bonjour,
suite de la premeire partie du rapport systemscan
-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----
[Winlogon]
"Shell"="Explorer.exe"
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"
"system"=""
[Winlogon\GPExtensions]
[Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
"@="Wireless"
"DllName"=expand:"gptext.dll"
[Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
"@="Folder Redirection"
"DllName"=expand:"fdeploy.dll"
[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Microsoft Disk Quota"
"DllName"=expand:"dskquota.dll"
[Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
"@="QoS Packet Scheduler"
"DllName"=expand:"gptext.dll"
[Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
"@="Scripts"
"DllName"=expand:"gptext.dll"
[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="Security"
[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"=expand:"iedkcs32.dll"
"@="Internet Explorer Branding"
[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"
[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"@="Software Installation"
"DllName"=expand:"appmgmts.dll"
[Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
"@="IP Security"
"DllName"=expand:"gptext.dll"
[Winlogon\Notify]
[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"
[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"
[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"StartShell"="WinlogonStartShellEvent"
[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"DllName"=expand:"sclgntfy.dll"
[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
[Winlogon\Notify\yozyahnn]
"DLLName"="jjbajjb.dll"
"Logoff"="WLEventLogoff"
"Logon"="WLEventLogon"
[Winlogon\SCLogon]
[Winlogon\SpecialAccounts]
[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----
[Winlogon]
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Local Settings;Temporary Internet Files;History;Temp;Local Settings\Application Data\Microsoft\Outlook"
"BuildNumber"=dword:00000a28 |
| | | | Invité
Invité
| | Sujet: HBO virus Ven 14 Sep 2007, 00:49 | |
| suite 2 de la premiere partie du rapport systemscan
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----
[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"
-----HKLM\System\CurrentControlSet\Control\Session Manager\-----
[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00\00"
[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"
-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----
[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"
-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----
[RunOnce]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----
[RunOnceEx]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----
[RunServices]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----
[RunServicesOnce]
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----
[RunOnce]
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----
[RunOnceEx]
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----
[RunServices]
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----
[RunServicesOnce]
-----HKLM\Software\Microsoft\Command Processor\Autorun-----
-----HKCU\Software\Microsoft\Command Processor\Autorun-----
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----
-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----
-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----
-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----
-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\System32\browseui.dll"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----
[Browser Helper Objects]
[Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
@=""
[Browser Helper Objects\{6DE8FD7F-0F11-4FA1-A407-56189967D5EA}]
[Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
#### HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32 @="c:\program files\google\googletoolbar2.dll"
[Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
#### HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32 @="C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll"
-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----
[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @=expand:"%SystemRoot%\System32\shdocvw.dll"
-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder-----
[startupfolder]
-----HKCU\Control Panel\Desktop\-----
[Desktop]
"SCRNSAVE.EXE"="C:\WINDOWS\System32\logon.scr"
[Desktop\WindowMetrics]
-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----
[command]
@="\"%1\" /S"
-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----
[Command]
@="C:\WINDOWS\System32\mshta.exe \"%1\" %*"
-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----
[URL]
[URL\DefaultPrefix]
@="http://"
[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"
-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----
[Lsa]
"Authentication Packages"=multi:"msv1_0\00\00"
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=multi:"kerberos\00msv1_0\00schannel\00wdigest\00\00"
"LsaPid"=dword:00000308
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=multi:"scecli\00\00"
[Lsa\AccessProviders]
"ProviderOrder"=multi:"Windows NT Access Provider\00\00"
[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"
[Lsa\Data]
@Class="e2ae14bb"
"Pattern"=hex:fd,17,bb,d0,df,fb,db,09,56,a0,da,d9,9b,d1,87,70,65,32,61,65,31,\
34,62,62,00,68,07,00,01,00,00,00,d8,00,00,00,dc,00,00,00,48,fa,06,00,d6,48,\
5a,74,04,00,00,00,a0,fd,06,00,b8,fd,06,00,eb,f3,e0,a3
[Lsa\GBG]
@Class="eb98cc93"
"GrafBlumGroup"=hex:86,d0,82,f1,c4,af,93,b6,9a
[Lsa\JD]
@Class="2f6fa3d4"
"Lookup"=hex:08,fe,94,a3,91,47
[Lsa\Kerberos]
[Lsa\Kerberos\Domains]
[Lsa\Kerberos\SidCache]
[Lsa\MSV1_0]
"Auth132"="IISSUBA"
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000
[Lsa\Skew1]
@Class="e0f325d3"
"SkewMatrix"=hex:42,84,f2,8c,46,e9,49,e8,47,5a,6e,b7,73,62,06,7f
[Lsa\SSO]
[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"
[Lsa\SspiCache]
"Time"=hex:1a,07,0f,9e,69,7a,c4,01
[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,00,f1,f4,ae,87,c3,01
"Type"=dword:00000031
[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,00,f1,f4,ae,87,c3,01
"Type"=dword:00000031
[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,00,f1,f4,ae,87,c3,01
"Type"=dword:00000031 |
| | | | Invité
Invité
| | Sujet: HBO virus Ven 14 Sep 2007, 00:51 | |
| suite 3 de la premiere partie du rapport systemscan
-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----
[SharedAccess]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"DisplayName"="Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)"
"DependOnService"=multi:"Netman\00NLA\00RasMan\00ALG\00\00"
"DependOnGroup"=multi:"\00"
"ObjectName"="LocalSystem"
"Description"="Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network."
[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"
[SharedAccess\Parameters\FirewallPolicy]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----
-----HKLM\Software\Microsoft\Ole-----
[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\
00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\
5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\
5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00
"EnableDCOM"="Y"
[Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""
-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----
[Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----
[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000
"RestoreStatus"=dword:00000001
"RestoreSafeModeStatus"=dword:00000000
[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{94C6F6D7-628C-4DAD-9476-A32B078B7DF8}"
[SystemRestore\SnapshotCallbacks]
@=""
-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----
[VB and VBA Program Settings]
[VB and VBA Program Settings\CCleaner]
[VB and VBA Program Settings\CCleaner\Options]
[VB and VBA Program Settings\DBCDD4]
[VB and VBA Program Settings\DBCDD4\ClipartInfo]
[VB and VBA Program Settings\DBCDD4\Settings]
[VB and VBA Program Settings\DBCDD4\TemplateInfo]
-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----
[MountPoints2]
[MountPoints2\A]
"BaseClass"="Drive"
[MountPoints2\C]
"BaseClass"="Drive"
[MountPoints2\D]
"BaseClass"="Drive"
[MountPoints2\E]
"BaseClass"="Drive"
[MountPoints2\F]
"BaseClass"="Drive"
[MountPoints2\G]
"BaseClass"="Drive"
[MountPoints2\H]
"BaseClass"="Drive"
[MountPoints2\I]
"BaseClass"="Drive"
[MountPoints2\J]
"BaseClass"="Drive"
[MountPoints2\K]
"BaseClass"="Drive"
[MountPoints2\L]
"BaseClass"="Drive"
[MountPoints2\{198cb330-919b-11d9-8070-000c767f3a80}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
df,df,df,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,00,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,10,00,00,08,\
02,00,00
[MountPoints2\{198cb330-919b-11d9-8070-000c767f3a80}\shell]
@="None"
[MountPoints2\{198cb330-919b-11d9-8070-000c767f3a80}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{198cb330-919b-11d9-8070-000c767f3a80}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{2838285d-e660-11d8-bdb7-000c767f3a80}]
"BaseClass"="Drive"
[MountPoints2\{39a519e9-f29e-11db-b1f0-00138ffa13b9}]
"BaseClass"="Drive"
[MountPoints2\{60431742-e59f-11d8-bb64-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,01,00,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,20,00,00,00,0a,\
00,00,00
[MountPoints2\{60431743-e59f-11d8-bb64-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,e0,00,00,00,09,\
00,00,00
[MountPoints2\{60431744-e59f-11d8-bb64-806d6172696f}]
"BaseClass"="Drive"
[MountPoints2\{60431745-e59f-11d8-bb64-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
df,df,df,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,cf,5f,5f,5f,\
cf,cf,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,5f,5f,5f,5f,5f,00,00,00,00,10,00,00,00,\
00,00,00
[MountPoints2\{60431746-e59f-11d8-bb64-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
df,df,df,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,cf,5f,5f,5f,\
cf,cf,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,5f,5f,5f,5f,5f,00,00,00,00,10,00,00,00,\
00,00,00
[MountPoints2\{60431747-e59f-11d8-bb64-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
df,df,df,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,cf,5f,5f,5f,\
cf,cf,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,5f,5f,5f,5f,5f,00,00,00,00,10,00,00,00,\
00,00,00
[MountPoints2\{60431748-e59f-11d8-bb64-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,10,00,00,08,\
00,00,00
[MountPoints2\{a9b80116-f2a2-11db-8b1e-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,cf,cf,5f,5f,\
cf,cf,cf,5f,5f,cf,cf,cf,5f,5f,cf,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,cf,5f,5f,5f,\
01,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,20,00,00,00,08,\
00,00,00
[MountPoints2\{a9b80117-f2a2-11db-8b1e-806d6172696f}]
"BaseClass"="Drive"
[MountPoints2\{aa323065-c7c0-11db-a66b-00195b3c04d5}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
df,df,df,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,01,00,ee,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,10,00,00,08,\
02,00,00
[MountPoints2\{aa323065-c7c0-11db-a66b-00195b3c04d5}\shell]
@="None"
[MountPoints2\{aa323065-c7c0-11db-a66b-00195b3c04d5}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[MountPoints2\{aa323065-c7c0-11db-a66b-00195b3c04d5}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
#### HKCR\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
[MountPoints2\{aa323b35-c7c0-11db-a66b-00195b3c04d5}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
df,df,df,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,01,00,ee,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,10,00,00,08,\
02,00,00
[MountPoints2\{cc75494c-e5a6-11d8-b21b-806d6172696f}]
"BaseClass"="Drive" |
| | | | Invité
Invité
| | Sujet: HBO virus Ven 14 Sep 2007, 00:55 | |
| suite 4 du rapport systemscan
desole, j ai du le tyrancher en tranches fines pour l envoyer
merci
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----
[AdvancedOptions]
-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----
-----HKLM\Software\Microsoft\Active Setup\Installed Components-----
[Installed Components]
[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\System32\wmpdxm.dll"
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
"@="Microsoft Windows Media Player"
"ComponentID"="WMPACCESS"
[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE"
[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
"@="Browser Customizations"
"ComponentID"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
"@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"
[Installed Components\{02f78298-8af6-495c-9ecb-b6ae68678186}]
"@="KB867282"
"ComponentID"="KB867282"
[Installed Components\{04d6265d-6b5d-41c3-9e7c-48be15919643}]
"@="KB890923"
"ComponentID"="KB890923"
[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
"@="Microsoft VM"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\WINDOWS\System32\msjava.dll"
[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608555}]
"@="Internet Explorer Classes for Java"
"ComponentID"="IEJAVA"
[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
"@="Vector Graphics Rendering (VML)"
"ComponentID"="MSVML"
[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\System32\wmpdxm.dll"
"ComponentID"="NetShow"
"StubPath"=""
[Installed Components\{2298d453-bcae-4519-bf33-1cbf3faf1524}]
"@="Q867801"
"ComponentID"="Q867801"
[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\System32\wmpdxm.dll"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"=""
"@="Microsoft Windows Media Player 6.4"
[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
#### HKCR\CLSID\{283807B5-2C60-11D0-A31D-00AA00B92C03}\InprocServer32 @="C:\WINDOWS\System32\danim.dll"
"@="DirectAnimation"
"ComponentID"="DirectAnimation"
[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"
[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
"@="Dynamic HTML Data Binding for Java"
"ComponentID"="TridataJava"
[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"@="Offline Browsing Pack"
"ComponentID"="MobilePk"
[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
"@="Uniscribe"
"ComponentID"="USP10"
[Installed Components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
"ComponentID"="S867460"
"@="Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)"
[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
"@="Advanced Authoring"
"ComponentID"="AdvAuth"
[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"
[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
"@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"
[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"@="DirectShow"
"ComponentID"="activemovie"
[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft DirectX"
[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
"@="DirectDrawEx"
"ComponentID"="DirectDrawEx"
[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
"@="Internet Explorer Help"
"ComponentID"="HelpCont"
[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
"@="DirectAnimation Java Classes"
"ComponentID"="DAJava"
[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"
[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"KeyFileName"="C:\Program Files\Messenger\msmsgs.exe"
"ComponentID"="Messenger"
"StubPath"=expand:"rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser"
"@="Windows Messenger 4.7"
[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"
[Installed Components\{5f3c70b3-ac2f-432c-8f9c-1624df61f54f}]
"@="Microsoft Data Access Components KB870669"
"ComponentID"="KB870669"
[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
"@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"
[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\System32\msieftp.dll"
[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\System32\wmp.dll"
"@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub"
[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
"@="MSN Site Access"
"ComponentID"="MSN_Auth"
[Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
"@="Web Folders"
"ComponentID"="WebFolders"
"StubPath"=""
[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"@="Address Book 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"
[Installed Components\{839117ee-2132-4bae-a56a-42b50204c9b9}]
"@="KB889293"
"ComponentID"="KB889293"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"@="Windows Desktop Update"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"@="Internet Explorer 6"
"ComponentID"="BASEIE40_W2K"
"StubPath"=expand:"%SystemRoot%\system32\ie4uinit.exe"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]
[Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"ComponentID"="DOTNETFRAMEWORKS"
"StubPath"="C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install"
[Installed Components\{8EFA4753-7169-4CC3-A28B-0A1643B8A39B}]
"@="Microsoft .NET Framework 1.1 Hotfix (KB886903)"
"ComponentID"="M886903"
[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
"@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"
[Installed Components\{96543d59-497a-4801-a1f3-5936aacaf7b1}]
"@="Q828750"
"ComponentID"="Q828750"
[Installed Components\{abcdf74f-9a64-4e6e-b8eb-6e5a41de6550}]
[Installed Components\{abcdf74f-9a64-4e6e-b8eb-6e5a41de6550}\0409]
[Installed Components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]
[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
"@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"
[Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
"ComponentID"=".NETFramework"
"@=".NET Framework"
[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
"@="Task Scheduler"
"ComponentID"="MSTASK"
[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"@="Adobe Flash Player 9"
"ComponentID"="Flash"
[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
"@="HTML Help"
"ComponentID"="HTMLHelp"
[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
"@="Active Directory Service Interface"
"ComponentID"="ADSI"
[Installed Components\{f5173cf0-1dfb-4978-8e50-a90169ee7ca9}]
"@="Q823353"
"ComponentID"="Q823353"
[Installed Components\{F5776D81-AE53-4935-8E84-B0B283D8BCEF}]
"@="Q330994"
"ComponentID"="Q330994" |
| | | | Invité
Invité
| | Sujet: HBO virus Ven 14 Sep 2007, 00:56 | |
| suite et fin du rapport systemscan
merci pour ton aide
-----Comparing registry keys CCS1 vs CCS2 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\AvgClean __delete REG_MULTI_SZ \??\D:\JJSMBXX\fzxcrn81\koknkok.equ\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\BITS\Parameters ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\qmgr.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\BITS\Parameters ServiceDll REG_EXPAND_SZ C:\WINDOWS\System32\qmgr.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\System32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\System32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Spooler
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\System Sources REG_MULTI_SZ WZCSVC\0Workstation\0WindowsMedia\0Windows Update Agent\0Windows Script Host\0Windows Installer 3.1\0Windows File Protection\0Win32k\0WGA\0W32Time\0VolSnap\0viaide\0VgaSave\0USER32\0UPS\0ultra\0udfs\0toside\0TermServSessDir\0TermService\0TermServDevices\0TermDD\0tdi\0TCPMon\0Tcpip\0System Error\0sym_u3\0sym_hi\0symc8xx\0symc810\0StillImage\0SSDPSRV\0Srv\0srservice\0sr\0sparrow\0Software Restriction Policy\0sndblst\0SISNIC\0SiS315\0Simbad\0SideBySide\0sfloppy\0Setup\0Service Control Manager\0Server\0serial\0scsiport\0Schedule\0Schannel\0SCardSvr\0Save Dump\0SAM\0RT73\0RT61\0RSVP\0Removable Storage Service\0RemoteAccess\0Remote Desktop Help Session Manager\0redbook\0Rdbss\0RasMan\0RasAuto\0ql1280\0ql1240\0ql12160\0ql10wnt\0ql1080\0PSched\0Processor\0Print\0PptpMiniport\0PolicyAgent\0PlugPlayManager\0perc2\0pcmcia\0pciide\0pci\0parvdm\0partmgr\0parport\0OSPFMib\0OSPF\0NVENET\0nv\0null\0NtServicePack\0ntfs\0npfs\0Nla\0Netlogon\0NetDDE\0NetBT\0NetBIOS\0NdisWan\0ndis\0Mup\0msfs\0msadlib\0MrxSmb\0MRxDAV\0mraid35x\0mouhid\0mouclass\0Modem\0LsaSrv\0LmHosts\0LDMS\0LDM\0lbrtfdc\0Kerberos\0kbdclass\0isapnp\0irsir\0irevents\0IPXSAP\0IPXRouterManager\0IPXRIP\0IPXCP\0IPSec\0IPRouterManager\0IPRIP2\0IPNATHLP\0IPMGM\0IPBOOTP\0Ip6FwHlp\0Internet Explorer 6\0intelide\0ini910u\0IGMPv2\0i8042prt\0i2omp\0i2omgmt\0hpn\0ftdisk\0fs_rec\0flpydisk\0Fips\0fdc\0fastfat\0eventlog\0efs\0dpti2o\0Dnscache\0Dnsapi\0dmio\0dmboot\0Distributed Link Tracking Client\0disk\0DirectX\0Dhcp\0DfsSvc\0DfsDriver\0DCOM\0dac960nt\0dac2w2k\0cpqarray\0cmdide\0changer\0cdrom\0Cdm\0cdfs\0cdaudio\0cd20xrnt\0cbidf2k\0Browser\0BITS\0beep\0Atmarpc\0atdisk\0atapi\0AsyncMac\0asc3550\0asc3350p\0asc\0Application Popup\0apphelp\0amsint\0ami0nt\0AmdK7\0aliide\0Alerter\0aic78xx\0aic78u2\0aha154x\0adpu160m\0acpiec\0acpi\0abp480n5\0abiosdsk\0System\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\System Sources REG_MULTI_SZ WZCSVC\0Workstation\0WindowsMedia\0Windows Update Agent\0Windows Script Host\0Windows Installer 3.1\0Windows File Protection\0Win32k\0WGA\0W32Time\0VolSnap\0viaide\0VgaSave\0USER32\0UPS\0ultra\0udfs\0toside\0TermServSessDir\0TermService\0TermServDevices\0TermDD\0tdi\0TCPMon\0Tcpip\0System Error\0sym_u3\0sym_hi\0symc8xx\0symc810\0StillImage\0SSDPSRV\0Srv\0srservice\0sr\0sparrow\0Software Restriction Policy\0sndblst\0SISNIC\0Simbad\0SideBySide\0sfloppy\0Setup\0Service Control Manager\0Server\0serial\0scsiport\0Schedule\0Schannel\0SCardSvr\0Save Dump\0SAM\0RT73\0RT61\0RSVP\0Removable Storage Service\0RemoteAccess\0Remote Desktop Help Session Manager\0redbook\0Rdbss\0RasMan\0RasAuto\0ql1280\0ql1240\0ql12160\0ql10wnt\0ql1080\0PSched\0Processor\0Print\0PptpMiniport\0PolicyAgent\0PlugPlayManager\0perc2\0pcmcia\0pciide\0pci\0parvdm\0partmgr\0parport\0OSPFMib\0OSPF\0NVENET\0nv\0null\0NtServicePack\0ntfs\0npfs\0Nla\0Netlogon\0NetDDE\0NetBT\0NetBIOS\0NdisWan\0ndis\0Mup\0msfs\0msadlib\0MrxSmb\0MRxDAV\0mraid35x\0mouhid\0mouclass\0Modem\0LsaSrv\0LmHosts\0LDMS\0LDM\0lbrtfdc\0Kerberos\0kbdclass\0isapnp\0irsir\0irevents\0IPXSAP\0IPXRouterManager\0IPXRIP\0IPXCP\0IPSec\0IPRouterManager\0IPRIP2\0IPNATHLP\0IPMGM\0IPBOOTP\0Ip6FwHlp\0Internet Explorer 6\0intelide\0ini910u\0IGMPv2\0i8042prt\0i2omp\0i2omgmt\0hpn\0ftdisk\0fs_rec\0flpydisk\0Fips\0fdc\0fastfat\0eventlog\0efs\0dpti2o\0Dnscache\0Dnsapi\0dmio\0dmboot\0Distributed Link Tracking Client\0disk\0DirectX\0Dhcp\0DfsSvc\0DfsDriver\0DCOM\0dac960nt\0dac2w2k\0cpqarray\0cmdide\0changer\0cdrom\0Cdm\0cdfs\0cdaudio\0cd20xrnt\0cbidf2k\0Browser\0BITS\0beep\0Atmarpc\0atdisk\0atapi\0AsyncMac\0asc3550\0asc3350p\0asc\0Application Popup\0apphelp\0amsint\0ami0nt\0AmdK7\0aliide\0Alerter\0aic78xx\0aic78u2\0aha154x\0adpu160m\0acpiec\0acpi\0abp480n5\0abiosdsk\0System\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\MRxDAV\EncryptedDirectories
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\NetBT\Parameters\Interfaces\Tcpip_{24161A97-6123-49AC-9D89-E4DFD126BE49} NameServerList REG_MULTI_SZ \0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\NetBT\Parameters\Interfaces\Tcpip_{24161A97-6123-49AC-9D89-E4DFD126BE49} NameServerList REG_MULTI_SZ \0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\semadgos
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Adapters\NdisWanIp IpConfig REG_MULTI_SZ Tcpip\Parameters\Interfaces\{17411D10-3DB4-4FB4-890C-4DEAA719D41B}\0Tcpip\Parameters\Interfaces\{24161A97-6123-49AC-9D89-E4DFD126BE49}\0Tcpip\Parameters\Interfaces\{4C523FCD-B309-44E0-8E7E-7C7D686F2CA7}\0Tcpip\Parameters\Interfaces\{032AF5AB-B8D8-4787-AA5D-24687770CD04}\0\0
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Adapters\NdisWanIp IpConfig REG_MULTI_SZ Tcpip\Parameters\Interfaces\{17411D10-3DB4-4FB4-890C-4DEAA719D41B}\0Tcpip\Parameters\Interfaces\{24161A97-6123-49AC-9D89-E4DFD126BE49}\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Adapters\NdisWanIp NumInterfaces REG_DWORD 4 (0x4)
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Adapters\NdisWanIp NumInterfaces REG_DWORD 2 (0x2)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Adapters\NdisWanIp IpInterfaces REG_BINARY 101D4117B43DB44F890C4DEAA719D41B971A16242361AC499D89E4DFD126BE49CD3F524C09B3E0448E7E7C7D686F2CA7ABF52A03D8B88747AA5D24687770CD04
> Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Tcpip\Parameters\Adapters\NdisWanIp IpInterfaces REG_BINARY 101D4117B43DB44F890C4DEAA719D41B971A16242361AC499D89E4DFD126BE49
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{24161A97-6123-49AC-9D89-E4DFD126BE49} NTEContextList REG_MULTI_SZ 0x00000003\0\0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{24161A97-6123-49AC-9D89-E4DFD126BE49} DhcpClassIdBin REG_BINARY
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{24161A97-6123-49AC-9D89-E4DFD126BE49} DhcpIPAddress REG_SZ 0.0.0.0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{24161A97-6123-49AC-9D89-E4DFD126BE49} DhcpSubnetMask REG_SZ 0.0.0.0
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{24161A97-6123-49AC-9D89-E4DFD126BE49} Domain REG_SZ
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{24161A97-6123-49AC-9D89-E4DFD126BE49} NameServer REG_SZ
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{24161A97-6123-49AC-9D89-E4DFD126BE49} RegistrationEnabled REG_DWORD 0 (0x0)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{24161A97-6123-49AC-9D89-E4DFD126BE49} RegisterAdapterName REG_DWORD 0 (0x0)
Result compared: Different
-----Comparing registry keys CCS1 vs CCS3 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services
Result compared: Identical
==========================================
Scan completed in 2 minutes
End of report |
| | | | boule
Membre aide
OS : XP
Navigateur : 
Pays : 
Messages postés : 8781
Votes reçus : 164
| | Sujet: Re: HBO virus Ven 14 Sep 2007, 02:11 | |
| Hello Gillech y'a des choses bizarres, alors fais ceci Télécharge OTMoveIt sur ton bureau http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exeDouble clic sur OTMoveIt.exe Sélectionne et copie les lignes ci-dessous C:\_OTMoveIt C:\cleanup.txt C:\WINDOWS\system32\hljwnhxf.dll.bak C:\WINDOWS\system32\ydaldafp.dll.bak C:\WINDOWS\system32\ontinihc.dll.bak C:\WINDOWS\system32\ubkqzuiu.dll.bak C:\WINDOWS\system32\jsegmmbv.dll.bak C:\WINDOWS\system32\ifdkjqks.dll.bak C:\WINDOWS\system32\jjbajjb.dll.bak C:\WINDOWS\system32\jjbajjb.dll C:\WINDOWS\system32\drivers\wnimjutr.sys Retourne dans OTMoveit, fais un clic droit dans la fenêtre "Paste List of Files/Folders to be moved" et choisis "coller". Clic sur le boutton rouge Moveit et ferme OTMoveIt Si un fichier ou un dossier ne peut être déplacer immédiatement il te sera demander de redémarrer ta machine pour finir l'exécution, si c'est le cas, clic sur "Yes" Copie et colle le rapport qu'il va te générer ici stp. Le rapport d'OTMoveit se trouve dans ce dossier : C:\_OTMoveIt\MovedFiles Ensuite, fais ceci : le rapport va être long, si tu veux me l'envoyer par mail, pas de souci : boulepate62@gmail.comTélécharge DiagHelp.zip sur ton bureau http://www.malekal.com/download/DiagHelp.zip - Fais un clic droit sur le fichier et extraire tout - Un nouveau dossier chercher va être créé DiagHelp - Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître) - Une fenêtre va s'ouvrir, choisis l'option 1 - L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande - A la fin de l'analyse, il te sera redemandé de redémarrer l'ordinateur... Une fois l'ordinateur redémarré le rapport va apparaître sur le bloc-note.. Ce dernier se trouve sur C:\resultat.txt - Copie/colle le contenu du bloc-note qui s'ouvre, pour cela : -- Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout -- A nouveau menu Edition / copier -- Dans un nouveau message ici, faire un clic droit / coller Bon courage  | |
| | | | Contenu sponsorisé
| | Sujet: Re: HBO virus | |
| |
| | | | | | HBO virus | |
|
Sujets similaires | |
|
| | Permission de ce forum: | Vous ne pouvez pas répondre aux sujets dans ce forum
| |
| |
| |
|
