Trojan Vundo,Trojan Nébuler,Idialer... Fermé

Question

bonjour, voici mon log, que dois je faire ?
Logfile of HijackThis v1.99.1
Scan saved at 23:17:42, on 19-01-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MSTMON_Q.EXE
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Cobian Backup 8\Cobian.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Wengo\wengophone.exe
C:\Program Files\Cobian Backup 8\cbInterface.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Garmin\gStart.exe
C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\RamBoost XP\rambxpfr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\SAM\SAM.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\TEMP\win47.tmp.exe
C:\WINDOWS\TEMP\idd42.tmp.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.villiet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?pc=mssh&form=msshhp&ocid=onepro&homepage=http%3a%2f%2fgo.microsoft.com%2ffwlink%2f%3fLinkId%3d69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: UltraEdit Toolbar - {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - C:\PROGRA~1\UE_TOO~1\UE_TOO~1.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB(VGA) Camera
O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1350WStatusDisplay] C:\WINDOWS\system32\MSTMON_Q.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cobian Backup 8] "C:\Program Files\Cobian Backup 8\Cobian.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\kqumaigm.dll",setvm
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Wengo] "C:/Program Files/Wengo/wengophone.exe" -background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [MétéoIMédia] C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Startup: SAM.lnk = C:\Program Files\SAM\SAM.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0F7A9297-7268-11D1-B81A-00A076C01B0A} (CPC View ax Control) - https://www.cartesianinc.com/Products/CPCViewAX/Sdk/CpcViewAX.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatrol.com/pestscan/pestscan.cab
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.66.155.171.55.downloads.estara.com./as/OneCCDM.php?template=11959&sessionid=1981062348_66.155.171.55_38563&=&req=1159879263179OneCC.cab
O16 - DPF: {813A45F9-744F-435F-A815-19E2DF35A9D8} (O2C-Player - area constructor view (ELECO Software GmbH)) - http://www.o2c.de/download/o2cplayerac.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A9F2611F-C7CE-49D7-AEE9-17E9028711C1} (SafeGuard Class) - http://www.meetstream.com/activex/login4/login.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} (O2C-Player Version 1.x) - http://www.o2c.de/download/o2cplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D32E12A5-F4E1-4F99-8C80-4A0C494430A5} (MsgAlertButton Class) - http://www.meetstream.com/activex/messagealert2/NewMsgButton.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.registrefoncier.gouv.qc.ca/Sirf/Script/14_05_04/ActiveCGM/Acgm.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Fichiers communs\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Unknown owner - C:\Program Files\Inventel\Gateway\wlancfg.exe (file missing)

Utilisateur anonyme · Answer

Bonjour


Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4

* Double-clique VundoFix.exe afin de le lancer.
* Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
* Démarre ton PC à nouveau.
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

Note Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".


Poste ausi ce rapport, mais dans un autre message, car il est long.
Télécharge DiagHelp.zip (de Malekal_Morte) sur ton bureau 
http://www.malekal.com/download/DiagHelp.zip
- Fais un clic droit sur le fichier et extraire tout 
- Un nouveau dossier chercher va être créé DiagHelp 
- Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître) 
- Une fenêtre va s'ouvrir, choisis l'option 1 
- L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande 
- A la fin de l'analyse, il te sera redemandé de redémarrer l'ordinateur... Une fois l'ordinateur redémarré le rapport va apparaître sur le bloc-note.. Ce dernier se trouve sur C:\resultat.txt
- Copie/colle le contenu du bloc-note qui s'ouvre, pour cela : 
-- Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout 
-- A nouveau menu Edition / copier 
-- Dans un nouveau message ici, faire un clic droit / coller

traore3003 · Answer

DiagHelp version v1.4 - http://www.malekal.com
excute le 23/05/2008 à 4:00:03,35

Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\ONECLICKSTARTER.EXE-1492110E.pf -->23/05/2008 04:00:02
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->23/05/2008 03:59:48
C:\WINDOWS\prefetch\MSNTBUP.EXE-0D913FB9.pf -->23/05/2008 03:56:02
C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->23/05/2008 03:56:00
C:\WINDOWS\prefetch\TASKMGR.EXE-20256C55.pf -->23/05/2008 03:50:46
C:\WINDOWS\prefetch\FLOCK.EXE-00CBD9AB.pf -->23/05/2008 03:21:42
C:\WINDOWS\prefetch\AD-AWARE.EXE-02FDAFAE.pf -->23/05/2008 01:59:46
C:\WINDOWS\prefetch\RUNDLL32.EXE-451FC2C0.pf -->23/05/2008 00:38:40
C:\WINDOWS\prefetch\UPDCLIENT.EXE-215FC96B.pf -->23/05/2008 00:04:24
C:\WINDOWS\prefetch\SKYPEPM.EXE-2BC7DD5C.pf -->23/05/2008 00:00:56

C:\WINDOWS\System32\drivers\NSDriver.sys -->22/05/2008 22:35:48
C:\WINDOWS\System32\drivers\Awrtrd.sys -->22/05/2008 22:35:48
C:\WINDOWS\System32\drivers\Awrtpd.sys -->22/05/2008 22:35:48
C:\WINDOWS\System32\drivers\adidsl.cfg -->16/04/2008 12:24:20
C:\WINDOWS\System32\drivers\PxHelp20.sys -->15/04/2008 01:53:02
C:\WINDOWS\System32\drivers\usbsermpt.sys -->03/04/2008 14:02:34
C:\WINDOWS\System32\drivers\klif.sys -->01/04/2008 22:11:00

C:\WINDOWS\System32\pYxbHkkj.ini -->23/05/2008 04:00:00
C:\WINDOWS\System32\bdod.bin -->23/05/2008 03:59:10
C:\WINDOWS\System32\pYxbHkkj.ini2 -->23/05/2008 03:57:06
C:\WINDOWS\System32\mocrajyr.ini -->22/05/2008 23:37:50
C:\WINDOWS\System32\vsconfig.xml -->22/05/2008 23:33:16
C:\WINDOWS\System32\bdss.log -->22/05/2008 23:32:40
C:\WINDOWS\System32\rmoc3260.dll -->22/05/2008 22:45:18
C:\WINDOWS\System32\pndx5032.dll -->22/05/2008 22:44:30
C:\WINDOWS\System32\pndx5016.dll -->22/05/2008 22:44:28
C:\WINDOWS\System32\pncrt.dll -->22/05/2008 22:44:20
C:\WINDOWS\System32\ryjarcom.dll -->22/05/2008 22:38:54
C:\WINDOWS\System32\clkcnt.txt -->22/05/2008 22:38:52
C:\WINDOWS\System32\jkkHbxYp.dll -->22/05/2008 22:38:02
C:\WINDOWS\System32\lsdelete.exe -->22/05/2008 22:35:48
C:\WINDOWS\System32\yayabaAP.dll -->22/05/2008 22:32:52
C:\WINDOWS\System32\cdplayer.exe.manifest -->19/05/2008 03:36:06
C:\WINDOWS\System32\wuaucpl.cpl.manifest -->19/05/2008 03:36:06
C:\WINDOWS\System32\sapi.cpl.manifest -->19/05/2008 03:36:06
C:\WINDOWS\System32\nwc.cpl.manifest -->19/05/2008 03:36:06
C:\WINDOWS\System32\ncpa.cpl.manifest -->19/05/2008 03:36:06
C:\WINDOWS\System32\perfh00C.dat -->18/05/2008 23:04:04
C:\WINDOWS\System32\perfc00C.dat -->18/05/2008 23:04:04
C:\WINDOWS\System32\perfh009.dat -->18/05/2008 23:04:04
C:\WINDOWS\System32\perfc009.dat -->18/05/2008 23:04:04
C:\WINDOWS\System32\TuneUpDefragService.exe -->18/05/2008 22:04:20

C:\WINDOWS\win.ini -->23/05/2008 01:22:12
C:\WINDOWS\0.log -->22/05/2008 23:33:14
C:\WINDOWS\bootstat.dat -->22/05/2008 23:32:10
C:\WINDOWS\SchedLgU.Txt -->22/05/2008 23:31:28
C:\WINDOWS\bthservsdp.dat -->22/05/2008 23:31:26
C:\WINDOWS\WindowsUpdate.log -->22/05/2008 23:31:24
C:\WINDOWS\NeroDigital.ini -->22/05/2008 11:21:00
C:\WINDOWS\system.ini -->21/05/2008 23:36:28
C:\WINDOWS\setupapi.log -->21/05/2008 23:01:16
C:\WINDOWS\WindowsShell.Manifest -->19/05/2008 03:36:06
C:\WINDOWS\vpd.properties -->18/05/2008 15:54:34
C:\WINDOWS\ModemLog_Motorola USB Modem #4.txt -->16/05/2008 09:46:40
C:\WINDOWS\ModemLog_Motorola USB Modem #3.txt -->11/05/2008 03:28:04
C:\WINDOWS\ModemLog_Motorola USB Modem #2.txt -->23/04/2008 19:49:36
C:\WINDOWS\avisplitter.INI -->19/04/2008 03:21:00

winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
EXPLORER.EXE pid: 3340
Command line: C:\WINDOWS\explorer.exe

Base Size Version Path
0x10000000 0x36000 C:\WINDOWS\system32\sockspy.dll
0x00aa0000 0x9d25d C:\WINDOWS\system32\jkkHbxYp.dll
0x00c80000 0x12000 C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
0x00cc0000 0xe000 1.09.0000.0000 C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll
0x00d30000 0x26bcc C:\WINDOWS\system32\ryjarcom.dll
0x76f80000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x55df0000 0xd000 17.01.0051.0000 C:\WINDOWS\system32\AcSignIcon.dll
0x782e0000 0x10f000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL
0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
0x5d360000 0xf000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\MFC80FRA.DLL
0x00fe0000 0x14000 1.00.0000.0000 C:\WINDOWS\system32\VirtualExpander\VEShellExt.dll
0x07320000 0x18000 11.00.5358.4827 C:\PROGRA~1\WINDOW~2\wmpband.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x55fe0000 0x52000 17.01.0051.0000 C:\Program Files\Fichiers communs\Autodesk Shared\AcSignCore16.dll
0x7c420000 0x87000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll
0x01500000 0x10000 5.02.5358.4827 C:\WINDOWS\system32\WPDShServiceObj.dll
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x021b0000 0x2c6000 3.01.4000.2435 C:\WINDOWS\system32\msi.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x04480000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x015e0000 0x1e000 2.00.0000.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL
0x01dc0000 0x56000 7.10.3052.0004 C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCR71.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCP71.dll
0x02ba0000 0xf000 7.10.3077.0000 C:\WINDOWS\system32\MFC71FRA.DLL
0x16200000 0x6000 4.01.0000.0000 C:\Program Files\WinZip\wzshlstb.dll
0x02c30000 0x2b000 C:\Program Files\WinRAR\rarext.dll
0x03a80000 0x54000 8.00.0005.0456 D:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.fra
0x055a0000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
0x02bb0000 0x12000 1.00.0000.0002 C:\Program Files\Softwin\BitDefender10\bdshelxt.dll
0x05720000 0xa6000 8.01.0005.0137 D:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
0x04320000 0x9000 2.00.0000.0004 C:\PROGRA~1\TUNEUP~1\SDShelEx-win32.dll
0x04e80000 0xc000 1.01.0000.0341 C:\Program Files\Fichiers communs\Autodesk Shared\dwf Common\DWFShellExtensionRes.dll
0x64000000 0x30000 2005.01.0001.0004 C:\PROGRA~1\YAHOO!\COMMON\ymmapi.dll
0x03990000 0xe3000 1.01.0000.0004 C:\Program Files\Nitro PDF\Professional\N5ShellExtension.dll
0x03fc0000 0x2cd000 1.01.0000.0341 C:\Program Files\Fichiers communs\Autodesk Shared\dwf Common\DWFShellExtension.dll
0x01890000 0x10000 8.00.0000.0456 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
0x044c0000 0x57000 1.01.0000.0500 C:\Program Files\WIBU-SYSTEMS\System\WibuShellExt.dll
0x6bd10000 0x10000 12.00.4518.1014 C:\Program Files\Microsoft Office\Office12\msohevi.dll
0x064c0000 0x1b9000 2.00.0000.0007 C:\Program Files\Fichiers communs\Ahead\lib\NeroDigitalExt.dll
0x7c140000 0x103000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\lib\MFC71.DLL
0x55ee0000 0x1b000 17.01.0051.0000 C:\Program Files\Fichiers communs\Autodesk Shared\AcShellEx\AcShellExtension.dll
0x7c630000 0x1b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL
0x04dd0000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
0x05600000 0x99000 10.00.0000.0168 e:\Program Files\Graphisoft\ArchiCAD 10\GSShellX.dll

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
WINLOGON.EXE pid: 640
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x10000000 0x10ef8 C:\WINDOWS\system32\yayabaAP.dll
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76f80000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll

Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 403D-8FA6

Répertoire de C:\WINDOWS\system

17/02/2004 02:51 1 458 176 SmWizard.exe
1 fichier(s) 1 458 176 octets
0 Rép(s) 6 002 163 712 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 403D-8FA6

Répertoire de C:\WINDOWS\system32

04/08/2004 00:54 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 6 002 163 712 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 403D-8FA6

Répertoire de C:\WINDOWS\Downloaded Program Files

01/04/2008 14:54 <REP> .
01/04/2008 14:54 <REP> ..
01/04/2008 14:54 65 desktop.ini
12/02/2007 06:24 114 792 IDropENU.dll
16/02/2007 11:15 114 768 IDropFRA.dll
12/02/2007 06:10 302 184 IDrop.ocx
4 fichier(s) 531 809 octets

Total des fichiers listés :
4 fichier(s) 531 809 octets
2 Rép(s) 6 002 163 712 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..

Liste des fichiers en exception sur le pare-feu XP SP2

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Flock\\flock\\flock.exe"="C:\\Program Files\\Flock\\flock\\flock.exe:*:Enabled:Flock"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"F:\\Program Files\\eXtrème\\emule.exe"="F:\\Program Files\\eXtrème\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\VoipCheapCom\\VoipCheapCom.exe"="C:\\Program Files\\VoipCheapCom\\VoipCheapCom.exe:*:Enabled:VoipCheapCom"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"HideLegacyLogonScripts"=dword:00000000
"HideLogoffScripts"=dword:00000000
"RunLogonScriptSync"=dword:00000001
"RunStartupScriptSync"=dword:00000000
"HideStartupScripts"=dword:00000000

Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-23 04:02:57
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
236 - YAHOOWIDGETS.EX
324 - livesrv.exe
376 - xcommsvr.exe
616 - CSRSS.EXE
640 - WINLOGON.EXE
684 - SERVICES.EXE
696 - LSASS.EXE
940 - SVCHOST.EXE
980 - SVCHOST.EXE
1096 - VSMON.EXE
1128 - YAHOOWIDGETS.EX
1220 - YAHOOWIDGETS.EX
1244 - YAHOOWIDGETS.EX
1500 - aawservice.exe
1660 - cmd.exe
1676 - SPOOLSV.EXE
1692 - bdmcon.exe
1724 - bdagent.exe
1760 - GOOGLETOOLBARNO
1792 - ROCKETDOCK.EXE
1900 - YZSHADOW.EXE
2036 - DTSRVC.EXE
2148 - YAHOOWIDGETS.EX
2172 - ADSL AUTOCONNEC
2368 - Skype.exe
2632 - vsserv.exe
2692 - SkypePM.exe
2712 - ALG.EXE
3340 - EXPLORER.EXE
3416 - flock.exe
3648 - bdss.exe
3896 - zlclient.exe

Total number of processes = 33
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntoskrnl.exe
80701000 - \WINDOWS\system32\hal.dll
F7987000 - \WINDOWS\system32\KDCOM.DLL
F7897000 - \WINDOWS\system32\BOOTVID.dll
F75B6000 - imagesrv.sys
F7587000 - ACPI.sys
F7989000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS
F7576000 - pci.sys
F75F7000 - isapnp.sys
F7A4F000 - pciide.sys
F7707000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
F798B000 - intelide.sys
F7607000 - MountMgr.sys
F74B7000 - ftdisk.sys
F798D000 - dmload.sys
F7491000 - dmio.sys
F770F000 - PartMgr.sys
F7617000 - VolSnap.sys
F7479000 - atapi.sys
F798F000 - imagedrv.sys
F7461000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS
F7627000 - disk.sys
F7637000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
F7442000 - fltMgr.sys
F7430000 - sr.sys
F7717000 - PxHelp20.sys
F740D000 - Fastfat.sys
F7880000 - KSecDD.sys
F7853000 - NDIS.sys
F783F000 - srescan.sys
F796C000 - Mup.sys
F7647000 - agp440.sys
F76B7000 - \SystemRoot\system32\DRIVERS\intelppm.sys
BADD1000 - \SystemRoot\system32\DRIVERS\ati2mtag.sys
BAC73000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
F76C7000 - \SystemRoot\System32\drivers\pivot.sys
F7747000 - \SystemRoot\system32\DRIVERS\usbuhci.sys
BAC50000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
F774F000 - \SystemRoot\system32\DRIVERS\usbehci.sys
BAC3D000 - \SystemRoot\system32\DRIVERS\Rtlnicxp.sys
F7757000 - \SystemRoot\system32\DRIVERS\fdc.sys
BAC29000 - \SystemRoot\system32\DRIVERS\parport.sys
F76D7000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
F775F000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
F76E7000 - \??\C:\WINDOWS\system32\drivers\pivotmou.sys
F7767000 - \SystemRoot\system32\DRIVERS\mouclass.sys
BAC18000 - \SystemRoot\system32\DRIVERS\serial.sys
F794B000 - \SystemRoot\system32\DRIVERS\serenum.sys
F76F7000 - \SystemRoot\system32\DRIVERS\imapi.sys
F7566000 - \SystemRoot\system32\DRIVERS\cdrom.sys
F7556000 - \SystemRoot\system32\DRIVERS\redbook.sys
BAB55000 - \SystemRoot\system32\DRIVERS\ks.sys
BA9E7000 - \SystemRoot\system32\drivers\cmuda.sys
BA9C3000 - \SystemRoot\system32\drivers\portcls.sys
F7546000 - \SystemRoot\system32\drivers\drmk.sys
BACE6000 - \SystemRoot\system32\DRIVERS\audstub.sys
F7536000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
BAFF8000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
BA9AC000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
F7526000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
F7516000 - \SystemRoot\system32\DRIVERS\raspptp.sys
F776F000 - \SystemRoot\system32\DRIVERS\TDI.SYS
BA99B000 - \SystemRoot\system32\DRIVERS\psched.sys
F7506000 - \SystemRoot\system32\DRIVERS\msgpc.sys
F7777000 - \SystemRoot\system32\DRIVERS\ptilink.sys
F777F000 - \SystemRoot\system32\DRIVERS\raspti.sys
BAFEC000 - \SystemRoot\System32\Drivers\PdiPorts.sys
BA96A000 - \SystemRoot\system32\DRIVERS\rdpdr.sys
F74F6000 - \SystemRoot\system32\DRIVERS\termdd.sys
F7991000 - \SystemRoot\system32\DRIVERS\swenum.sys
BA936000 - \SystemRoot\system32\DRIVERS\update.sys
BAFDC000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
F74E6000 - \SystemRoot\System32\Drivers\NDProxy.SYS
BAF80000 - \SystemRoot\system32\DRIVERS\usbhub.sys
F7993000 - \SystemRoot\system32\DRIVERS\USBD.SYS
F7787000 - \SystemRoot\system32\DRIVERS\flpydisk.sys
F7995000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
BACB3000 - \SystemRoot\System32\Drivers\Null.SYS
F7997000 - \SystemRoot\System32\Drivers\Beep.SYS
F7797000 - \SystemRoot\System32\drivers\vga.sys
F7999000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F799B000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F779F000 - \SystemRoot\System32\Drivers\Msfs.SYS
F77A7000 - \SystemRoot\System32\Drivers\Npfs.SYS
BAF04000 - \SystemRoot\system32\DRIVERS\rasacd.sys
AE7A3000 - \SystemRoot\system32\DRIVERS\ipsec.sys
AE74B000 - \SystemRoot\system32\DRIVERS\tcpip.sys
F77AF000 - \??\C:\Program Files\Softwin\BitDefender10\bdpredir.sys
AE72A000 - \SystemRoot\system32\DRIVERS\ipnat.sys
BAF60000 - \SystemRoot\system32\DRIVERS\wanarp.sys
AE702000 - \SystemRoot\system32\DRIVERS\netbt.sys
AE6A2000 - \SystemRoot\System32\vsdatant.sys
AE680000 - \SystemRoot\System32\drivers\afd.sys
BAF50000 - \SystemRoot\system32\DRIVERS\netbios.sys
AE654000 - \SystemRoot\system32\DRIVERS\rdbss.sys
AE5E5000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
BAF40000 - \SystemRoot\System32\Drivers\Fips.SYS
AE530000 - \SystemRoot\System32\Drivers\Ntfs.SYS
F77B7000 - \SystemRoot\system32\DRIVERS\usbprint.sys
AE512000 - \SystemRoot\system32\DRIVERS\adiusbaw.sys
BAB2D000 - \SystemRoot\system32\DRIVERS\hidusb.sys
BAF20000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
F77BF000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
BAF10000 - \SystemRoot\System32\Drivers\Cdfs.SYS
BA932000 - \SystemRoot\system32\DRIVERS\mouhid.sys
BF800000 - \SystemRoot\System32\win32k.sys
F77C7000 - \SystemRoot\System32\watchdog.sys
BA926000 - \SystemRoot\System32\drivers\Dxapi.sys
BF9C1000 - \SystemRoot\System32\drivers\dxg.sys
BAD9F000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9E6000 - \SystemRoot\System32\ati2dvag.dll
BFA1E000 - \SystemRoot\System32\ati2cqag.dll
BF9D3000 - \SystemRoot\System32\wpfb_ati2dvag.dll
BFA58000 - \SystemRoot\System32\ati3duag.dll
BFC7B000 - \SystemRoot\System32\ativvaxx.dll
BFFA0000 - \SystemRoot\System32\ATMFD.DLL
AE3FA000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
ADDCD000 - \SystemRoot\system32\drivers\wdmaud.sys
ADEBA000 - \SystemRoot\system32\drivers\sysaudio.sys
ADDA0000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
F79CF000 - \SystemRoot\System32\Drivers\ParVdm.SYS
AD935000 - \SystemRoot\SYSTEM32\DRIVERS\WibuKey.sys
AD8E2000 - \SystemRoot\system32\DRIVERS\srv.sys
AD442000 - \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys
AE80E000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS
AE83E000 - \??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys
AE4EA000 - \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys
ACD9A000 - \SystemRoot\system32\drivers\kmixer.sys
BAD09000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 129

Liste des programmes installes

Ad-Aware 2008
Adobe Acrobat 8 Professional - English, Français, Deutsch
Adobe Acrobat 8.1.2 Professional
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Center 2.0
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Photoshop Elements 4.0
Adobe Photoshop Elements 4.0
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
ADSL Autoconnect
Apple Software Update
ArchiCAD 10 R1 FRA
Artlantis 1.0
Assistant de connexion Windows Live
ATI - Utilitaire de désinstallation du logiciel
ATI Control Panel
ATI Display Driver
AutoCAD Architecture 2008 - Français
AutoCAD Architecture 2008 - Français
Autodesk DWF Viewer 7
Avanquest update
Azureus Vuze
Better Homes and Gardens Interior Designer 7.0
BitDefender Antivirus Plus v10
BlazeDVD 5.0 Professional
C-Media 3D Audio
Canon S100
CCleaner (remove only)
CVitae 2.1.1
DFX 8 for Windows Media Player
Extension de Windows Live Toolbar (Windows Live Toolbar)
Flock 1.1
G-Force
Galerie de photos Windows Live
Google Toolbar for Internet Explorer
HP My Display
J2SE Runtime Environment 5.0 Update 6
K-Lite Codec Pack 3.8.5 Full
Kit de Connexion MENARA
Lecteur Windows Media 11
Medal of Honor Batailles du Pacifique(tm)
Menus intelligents (Windows Live Toolbar)
Messenger Plus! Live & Sponsor (CiD)
MetaProducts Download Express
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Language Pack - FRA
Microsoft Office Access MUI (French) 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office InfoPath MUI (French) 2007
Microsoft Office Outlook MUI (French) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Publisher MUI (French) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Software Update for Web Folders (French) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
Motorola Phone Tools
Mozilla Firefox (2.0)
MSXML 6.0 Parser
Nero 7 Premium
Nitro PDF Professional
Olympus Digital Wave Player
ooVoo
Pack Vista Inspirat 2 1.0
PDF Settings
Pivot Software
QuickTime
RealPlayer
REALTEK Gigabit and Fast Ethernet NIC Driver
Safari
SDK
Skype 3.0
Skype Plugin Manager
Spirit of Fire 3D Screensaver 2.2
Surligneur (Windows Live Toolbar)
TuneUp Utilities 2008
Utilitaire d'activation de licence réseau d'AutoCAD Architecture 2008
VBA (2627.01)
VBA (2627.5)
VideoLAN VLC media player 0.8.6c
VirginMega.Fr Premium
WebFldrs XP
WIBU-KEY Setup (WIBU-KEY Remove)
Windows Live Favorites pour Windows Live Toolbar
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Toolbar
Windows Live Toolbar
Windows Live Writer
Windows Media Format 11 runtime
WinRAR archiver
WinZip 11.1
Yahoo! Extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! ¤u¨ã¦C
Yahoo! Widgets
ZoneAlarm

Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 403D-8FA6

Répertoire de C:\Program Files

01/04/2008 14:44 <REP> .
01/04/2008 14:44 <REP> ..
02/04/2008 13:49 <REP> Adobe
24/04/2008 15:12 <REP> ADSL Autoconnect
02/04/2008 10:23 <REP> ATI Technologies
15/04/2008 03:19 <REP> Autodesk Network License Manager
03/04/2008 14:03 <REP> Avanquest update
01/04/2008 22:42 <REP> BlazeVideo
02/04/2008 01:21 <REP> Bonjour
17/05/2008 04:33 <REP> CCleaner
01/04/2008 15:07 <REP> C-Media 3D Audio
21/04/2008 12:22 <REP> Common Files
11/04/2008 14:44 <REP> CVitae
01/04/2008 22:39 <REP> CyberLink
01/04/2008 22:39 <REP> DFX
01/04/2008 23:00 <REP> Download Express
01/04/2008 14:44 <REP> Fichiers communs
01/04/2008 23:04 <REP> Flock
01/04/2008 22:23 <REP> Google
27/04/2008 17:10 <REP> inKline Global
01/04/2008 15:04 <REP> Intel
01/04/2008 14:53 <REP> Internet Explorer
15/04/2008 01:00 <REP> Java
01/04/2008 22:27 <REP> K-Lite Codec Pack
30/04/2008 00:55 <REP> Lantern 3D Screensaver
01/04/2008 15:14 <REP> Menara
01/04/2008 14:52 <REP> Messenger
02/04/2008 01:12 <REP> Messenger Plus! Live
01/04/2008 14:56 <REP> microsoft frontpage
02/04/2008 00:26 <REP> Microsoft Office
02/04/2008 01:04 <REP> Microsoft SQL Server Compact Edition
02/04/2008 00:30 <REP> Microsoft Visual Studio
02/04/2008 00:30 <REP> Microsoft Works
03/04/2008 14:02 <REP> Motorola Phone Tools
01/04/2008 14:53 <REP> Movie Maker
22/05/2008 12:27 <REP> Mozilla Firefox
02/04/2008 00:30 <REP> MSBuild
01/04/2008 14:51 <REP> MSN
01/04/2008 14:52 <REP> MSN Gaming Zone
03/04/2008 14:12 <REP> Nero
01/04/2008 14:53 <REP> NetMeeting
11/04/2008 14:51 <REP> Nitro PDF
20/05/2008 11:52 <REP> Olympus
13/04/2008 00:49 <REP> ooVoo
01/04/2008 14:53 <REP> Outlook Express
02/04/2008 12:12 <REP> Portrait Displays
02/04/2008 01:20 <REP> QuickTime
21/04/2008 11:37 <REP> Real
01/04/2008 14:54 <REP> Services en ligne
01/04/2008 22:45 <REP> Skype
22/05/2008 23:13 <REP> Softwin
01/04/2008 23:02 <REP> SoundSpectrum
30/04/2008 01:09 <REP> Spirit of Fire 3D Screensaver
02/04/2008 10:45 <REP> TuneUp Utilities 2008
12/04/2008 21:11 <REP> VideoLAN
12/04/2008 22:29 <REP> VirginMega
18/05/2008 15:55 <REP> WIBUKEY
15/04/2008 01:05 <REP> WIBU-SYSTEMS
14/05/2008 10:53 <REP> Windows Desktop Search
02/04/2008 00:48 <REP> Windows Live
02/04/2008 01:03 <REP> Windows Live Favorites
02/04/2008 01:03 <REP> Windows Live Toolbar
12/04/2008 20:35 <REP> Windows Media Connect 2
01/04/2008 14:52 <REP> Windows Media Player
01/04/2008 14:51 <REP> Windows NT
01/04/2008 22:20 <REP> WinRAR
01/04/2008 22:23 <REP> WinZip
01/04/2008 14:56 <REP> xerox
03/04/2008 14:49 <REP> Yahoo!
02/04/2008 14:13 <REP> Zone Labs
0 fichier(s) 0 octets
70 Rép(s) 6 002 532 352 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 403D-8FA6

Répertoire de C:\Program Files\fichiers communs

01/04/2008 14:44 <REP> .
01/04/2008 14:44 <REP> ..
01/04/2008 14:44 <REP> Microsoft Shared
01/04/2008 14:44 <REP> SpeechEngines
01/04/2008 14:44 <REP> ODBC
01/04/2008 14:53 <REP> System
01/04/2008 14:53 <REP> MSSoap
01/04/2008 14:53 <REP> Services
01/04/2008 15:07 <REP> InstallShield
01/04/2008 22:38 <REP> Wise Installation Wizard
01/04/2008 22:45 <REP> Skype
01/04/2008 23:02 <REP> Real
02/04/2008 00:30 <REP> DESIGNER
02/04/2008 12:12 <REP> Portrait Displays
02/04/2008 13:49 <REP> Adobe
02/04/2008 13:59 <REP> Macrovision Shared
03/04/2008 14:12 <REP> Ahead
11/04/2008 14:51 <REP> Nitro PDF
11/04/2008 14:51 <REP> BCL Technologies
15/04/2008 01:00 <REP> Java
15/04/2008 03:52 <REP> Autodesk Shared
22/05/2008 22:46 <REP> xing shared
22/05/2008 23:12 <REP> Softwin
0 fichier(s) 0 octets
23 Rép(s) 6 002 532 352 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 403D-8FA6

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

01/04/2008 15:01 <REP> .
01/04/2008 15:01 <REP> ..
07/03/2001 07:00 127 033 MSOWS40c.DLL
03/06/1999 12:09 122 937 MSOWS409.DLL
02/04/2008 00:07 <REP> 1036
26/10/2006 19:49 970 528 MSONSEXT.DLL
26/10/2006 20:12 40 256 MSOSV.DLL
4 fichier(s) 1 260 754 octets
3 Rép(s) 6 002 532 352 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 403D-8FA6

Répertoire de C:\Program Files\common files

21/04/2008 12:22 <REP> .
21/04/2008 12:22 <REP> ..
21/04/2008 12:22 <REP> Real
0 fichier(s) 0 octets
3 Rép(s) 6 002 532 352 octets libres

Attention : C:\autorun.inf existe

c:\Documents and Settings\LE PARRAIN\cnmss3a.exe
c:\Documents and Settings\LE PARRAIN\Local Settings\Application Data\Adobe\Updater5\Install\acrobat8pro-EFG\Setup.exe
c:\Documents and Settings\LE PARRAIN\Local Settings\Application Data\Installer3348\Setup.exe
c:\Documents and Settings\LE PARRAIN\Local Settings\Application Data\Installer3348\redist\WindowsInstaller-KB893803-v2-x86.exe
c:\Documents and Settings\LE PARRAIN\Local Settings\Application Data\Installer3348\redist\WindowsServer2003-KB898715-ia64-enu.exe
c:\Documents and Settings\LE PARRAIN\Local Settings\Application Data\Installer3348\redist\WindowsServer2003-KB898715-x64-enu.exe
c:\Documents and Settings\LE PARRAIN\Local Settings\Application Data\Installer3348\redist\WindowsServer2003-KB898715-x86-enu.exe
c:\Documents and Settings\LE PARRAIN\Local Settings\Application Data\Installer3348\redist\WindowsXP-KB898715-x64-enu.exe
c:\Documents and Settings\LE PARRAIN\Local Settings\Application Data\Installer1268\Setup.exe
c:\Documents and Settings\LE PARRAIN\Local Settings\Application Data\Installer1268\redist\WindowsInstaller-KB893803-v2-x86.exe
c:\Documents and Settings\LE PARRAIN\Local Settings\Application Data\Installer1268\redist\WindowsServer2003-KB898715-ia64-enu.exe
c:\Documents and Settings\LE PARRAIN\Local Settings\Application Data\Installer1268\redist\WindowsServer2003-KB898715-x64-enu.exe
c:\Documents and Settings\LE PARRAIN\Local Settings\Application Data\Installer1268\redist\WindowsServer2003-KB898715-x86-enu.exe
c:\Documents and Settings\LE PARRAIN\Local Settings\Application Data\Installer1268\redist\WindowsXP-KB898715-x64-enu.exe
c:\Documents and Settings\LE PARRAIN\Local Settings\temp\i4jdel0.exe
c:\Documents and Settings\LE PARRAIN\Local Settings\temp\Disk0\_isdel.exe
c:\Documents and Settings\LE PARRAIN\Local Settings\temp\Disk0\setup.exe
c:\Documents and Settings\LE PARRAIN\Local Settings\temp\Rar$EX01.109\Vista+AMD\DWPUP5EN.exe
c:\Documents and Settings\LE PARRAIN\Local Settings\temp\Rar$EX01.109\Vista+AMD\DWPUP5ES.exe
c:\Documents and Settings\LE PARRAIN\Local Settings\temp\Rar$EX01.109\Vista+AMD\DWPUP5FR.exe
c:\Documents and Settings\LE PARRAIN\Local Settings\temp\Rar$EX01.109\Vista+AMD\DWPUP5GR.exe
c:\Documents and Settings\LE PARRAIN\Local Settings\temp\Rar$EX01.109\Vista+AMD\DWPUP5IT.exe
c:\Documents and Settings\LE PARRAIN\Local Settings\temp\Rar$EX01.109\Vista+AMD\DWPUP5RU.exe
c:\Documents and Settings\LE PARRAIN\Local Settings\temp\Rar$EX00.266\Vista+AMD\DWPUP5EN.exe
c:\Documents and Settings\LE PARRAIN\Local Settings\temp\Rar$EX00.266\Vista+AMD\DWPUP5ES.exe
c:\Documents and Settings\LE PARRAIN\Local Settings\temp\Rar$EX00.266\Vista+AMD\DWPUP5FR.exe
c:\Documents and Settings\LE PARRAIN\Local Settings\temp\Rar$EX00.266\Vista+AMD\DWPUP5GR.exe
c:\Documents and Settings\LE PARRAIN\Local Settings\temp\Rar$EX00.266\Vista+AMD\DWPUP5IT.exe
c:\Documents and Settings\LE PARRAIN\Local Settings\temp\Rar$EX00.266\Vista+AMD\DWPUP5RU.exe
c:\Documents and Settings\LE PARRAIN\Local Settings\temp\Rar$EX00.172\Vista+AMD\DWPUP5EN.exe
c:\Documents and Settings\LE PARRAIN\Local Settings\temp\Rar$EX00.172\Vista+AMD\DWPUP5ES.exe
c:\Documents and Settings\LE PARRAIN\Local Settings\temp\Rar$EX00.172\Vista+AMD\DWPUP5FR.exe
c:\Documents and Settings\LE PARRAIN\Local Settings\temp\Rar$EX00.172\Vista+AMD\DWPUP5GR.exe
c:\Documents and Settings\LE PARRAIN\Local Settings\temp\Rar$EX00.172\Vista+AMD\DWPUP5IT.exe
c:\Documents and Settings\LE PARRAIN\Local Settings\temp\Rar$EX00.172\Vista+AMD\DWPUP5RU.exe
c:\Documents and Settings\LE PARRAIN\Bureau\VundoFix.exe
c:\Documents and Settings\LE PARRAIN\Bureau\CARDINAL BERNARDIN GANTIN\RealPlayer\Activator.exe
c:\Documents and Settings\LE PARRAIN\Bureau\CARDINAL BERNARDIN GANTIN\RealPlayer\fixrjb.exe
c:\Documents and Settings\LE PARRAIN\Bureau\CARDINAL BERNARDIN GANTIN\RealPlayer\realjbox.exe
c:\Documents and Settings\LE PARRAIN\Bureau\CARDINAL BERNARDIN GANTIN\RealPlayer\realplay.exe
c:\Documents and Settings\LE PARRAIN\Bureau\CARDINAL BERNARDIN GANTIN\RealPlayer\RecordingManager.exe
c:\Documents and Settings\LE PARRAIN\Bureau\CARDINAL BERNARDIN GANTIN\RealPlayer\rphelperapp.exe
c:\Documents and Settings\LE PARRAIN\Bureau\CARDINAL BERNARDIN GANTIN\RealPlayer\Setup\setup.exe
c:\Documents and Settings\LE PARRAIN\Bureau\DiagHelp\catchme.exe
c:\Documents and Settings\LE PARRAIN\Bureau\DiagHelp\diff.exe
c:\Documents and Settings\LE PARRAIN\Bureau\DiagHelp\dumphive.exe
c:\Documents and Settings\LE PARRAIN\Bureau\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\LE PARRAIN\Bureau\DiagHelp\find2.exe
c:\Documents and Settings\LE PARRAIN\Bureau\DiagHelp\Fport.exe
c:\Documents and Settings\LE PARRAIN\Bureau\DiagHelp\grep.exe
c:\Documents and Settings\LE PARRAIN\Bureau\DiagHelp\gzip.exe
c:\Documents and Settings\LE PARRAIN\Bureau\DiagHelp\KProcCheck.exe
c:\Documents and Settings\LE PARRAIN\Bureau\DiagHelp\LFiles.exe
c:\Documents and Settings\LE PARRAIN\Bureau\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\LE PARRAIN\Bureau\DiagHelp\md5sums.exe
c:\Documents and Settings\LE PARRAIN\Bureau\DiagHelp\pslist.exe
c:\Documents and Settings\LE PARRAIN\Bureau\DiagHelp\sigcheck.exe
c:\Documents and Settings\LE PARRAIN\Bureau\DiagHelp\streams.exe
c:\Documents and Settings\LE PARRAIN\Bureau\DiagHelp\swreg.exe
c:\Documents and Settings\LE PARRAIN\Bureau\DiagHelp\tar.exe
c:\Documents and Settings\LE PARRAIN\Application Data\Real\RealPlayer\setup\AUsetup1.exe
c:\Documents and Settings\LE PARRAIN\Application Data\Yahoo!\Mail\attach\LE PROJET KUTCHE-newwwwwww.sfx.sfx.exe
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\USMT\iconlib.dll
c:\Documents and Settings\All Users\Application Data\Lavasoft\License\lavalicense.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_PRISMA-06776F3A.tar.gz a l'adresse http://upload.malekal.com

Trojan Vundo,Trojan Nébuler,Idialer...

2 réponses

Discussions similaires