Bonjour, j'ai un virus spyWorm.win32, des trojan mon antivirus (Avast) arrête pas de me trouver des virus lorsque je me connecte sur msn, des messages en anglais vont à mes contacts (même si je suis en hors ligne). ces messages parlent de photo et n'envoie pas de lien....mon ordi se bloque, la souris ne bouge plus. je me demande si quelqu'un ne prend pas le contrôle de mon pc. voilà si quelqu'un pouvait m'aider ça serait sympa.

VIRUS

Réponse 21 / 39

Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
18 nov. 2007 à 20:29

Re,

Vas sur le site https://virusscan.jotti.org/
- Clic en haut à droite sur "Parcourir", navigue dans les dossiers et sélectionne ce fichier : C:\WINDOWS\is-P5HI2.exe
- Clic sur submit toujours en haut à droite
- Le scan va se lancer, ça va prendre un petit instant
- En bas, tu as le résultat du scan, copie/colle le résultat complet du scan ici.
Aide : https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId662799

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

C:\WINDOWS\system32\fsccgijy.dll
C:\WINDOWS\system32\slbaylia.dll
C:\WINDOWS\system32\vjmppwqe.dll
C:\WINDOWS\system32\oqorhbil.dll
C:\WINDOWS\system32\ssqpmkh.dll
C:\WINDOWS\system32\gebxxyw.dll
C:\WINDOWS\system32\hggdcyw.dll
C:\WINDOWS\system32\urqrsts.dll
C:\Documents and Settings\malka\Application Data\MonContenuassistant
C:\Program Files\Fichiers communs\MonContenuassistant
C:\Documents and Settings\All Users\Application Data\defensedudisque
C:\Program Files\Fichiers communs\DefenseDuDisque
C:\Program Files\DefenseDuDisque
C:\Documents and Settings\malka\Application Data\defensedudisque 
C:\WINDOWS\system32\atl71.dll
C:\WINDOWS\system32\wobnujql.dll.vir
C:\WINDOWS\system32\ihwmfyei.dll
C:\WINDOWS\system32\rqrsrrr.dll
C:\WINDOWS\system32\qomklki.dll
C:\WINDOWS\system32\wvuvtrq.dll
C:\WINDOWS\system32\efccdaw.dll.vir
C:\WINDOWS\system32\mdasvc.exe
C:\WINDOWS\System32\slbaylia.dll
C:\WINDOWS\System32\mllmn.dll

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

A+

Réponse 22 / 39

JO
18 nov. 2007 à 21:18

Scanner results
Scan taken on 18 Nov 2007 20:11:39 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Réponse 23 / 39

JO
18 nov. 2007 à 21:23

C:\WINDOWS\system32\fsccgijy.dll unregistered successfully.
C:\WINDOWS\system32\fsccgijy.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\slbaylia.dll
C:\WINDOWS\system32\slbaylia.dll NOT unregistered.
C:\WINDOWS\system32\slbaylia.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vjmppwqe.dll
C:\WINDOWS\system32\vjmppwqe.dll NOT unregistered.
C:\WINDOWS\system32\vjmppwqe.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\oqorhbil.dll
C:\WINDOWS\system32\oqorhbil.dll NOT unregistered.
C:\WINDOWS\system32\oqorhbil.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ssqpmkh.dll
C:\WINDOWS\system32\ssqpmkh.dll NOT unregistered.
C:\WINDOWS\system32\ssqpmkh.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\gebxxyw.dll
C:\WINDOWS\system32\gebxxyw.dll NOT unregistered.
C:\WINDOWS\system32\gebxxyw.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\hggdcyw.dll
C:\WINDOWS\system32\hggdcyw.dll NOT unregistered.
C:\WINDOWS\system32\hggdcyw.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\urqrsts.dll
C:\WINDOWS\system32\urqrsts.dll NOT unregistered.
C:\WINDOWS\system32\urqrsts.dll moved successfully.
C:\Documents and Settings\malka\Application Data\MonContenuassistant\Logs moved successfully.
C:\Documents and Settings\malka\Application Data\MonContenuassistant moved successfully.
C:\Program Files\Fichiers communs\MonContenuassistant moved successfully.
Folder move failed. C:\Documents and Settings\All Users\Application Data\defensedudisque\Data\user scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\All Users\Application Data\defensedudisque\Data\oid scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\All Users\Application Data\defensedudisque\Data\em scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\All Users\Application Data\defensedudisque\Data\ac scheduled to be moved on reboot.
C:\Documents and Settings\All Users\Application Data\defensedudisque\Data moved successfully.
C:\Documents and Settings\All Users\Application Data\defensedudisque moved successfully.
C:\Program Files\Fichiers communs\DefenseDuDisque moved successfully.
C:\Program Files\DefenseDuDisque moved successfully.
C:\Documents and Settings\malka\Application Data\defensedudisque\Logs moved successfully.
C:\Documents and Settings\malka\Application Data\defensedudisque moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\atl71.dll
C:\WINDOWS\system32\atl71.dll NOT unregistered.
C:\WINDOWS\system32\atl71.dll moved successfully.
C:\WINDOWS\system32\wobnujql.dll.vir moved successfully.
C:\WINDOWS\system32\ihwmfyei.dll unregistered successfully.
C:\WINDOWS\system32\ihwmfyei.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\rqrsrrr.dll
C:\WINDOWS\system32\rqrsrrr.dll NOT unregistered.
C:\WINDOWS\system32\rqrsrrr.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\qomklki.dll
C:\WINDOWS\system32\qomklki.dll NOT unregistered.
C:\WINDOWS\system32\qomklki.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wvuvtrq.dll
C:\WINDOWS\system32\wvuvtrq.dll NOT unregistered.
C:\WINDOWS\system32\wvuvtrq.dll moved successfully.
C:\WINDOWS\system32\efccdaw.dll.vir moved successfully.
C:\WINDOWS\system32\mdasvc.exe moved successfully.
File/Folder C:\WINDOWS\System32\slbaylia.dll not found.
File/Folder C:\WINDOWS\System32\mllmn.dll not found.

Created on 11/18/2007 21:20:37

Réponse 24 / 39

Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
19 nov. 2007 à 18:15

Ok, remet un combofix et un Hijackthis stp

A+

Réponse 25 / 39

JO
19 nov. 2007 à 20:18

Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:17:49, on 19/11/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\Program Files\Fichiers communs\07%2F06%2F2007\stmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\cmd.exe
C:\WINDOWS\system32\cscript.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Logical Disk Awareness] mdasvc.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Fichiers communs\07%2F06%2F2007\stmon.exe" dm=http://apu03c0.audientia.net; ad=http://apu03c0.audientia.net
O4 - HKLM\..\Run: [Salestart(2)] "C:\Program Files\Fichiers communs\DefenseDuDisque\strpmon.exe" dm=http://defensedudisque.com; ad=http://defensedudisque.com
O4 - HKLM\..\Run: [Salestart(3)] "C:\Program Files\Fichiers communs\MonContenuassistant\mc.exe" dm=http://moncontenuassistant.com; ad=http://moncontenuassistant.com
O4 - HKLM\..\Run: [ac18511d] rundll32.exe "C:\WINDOWS\System32\slbaylia.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

Réponse 26 / 39

JO
19 nov. 2007 à 20:21

Le combofix a expiré.

Quelle est le nouveau lien?

Réponse 27 / 39

Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
20 nov. 2007 à 22:08

Salut

fournit moi ce rapport stp
http://www.malekal.com/DiagHelp/DiagHelp.php

A+

Réponse 28 / 39

JO
21 nov. 2007 à 00:12

DiagHelp version v1.4 - http://www.malekal.com
excute le 21/11/2007 à 0:04:22,88

Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CHCP.COM-17EDBDC9.pf -->21/11/2007 00:04:19
C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf -->21/11/2007 00:03:56
C:\WINDOWS\prefetch\EXPLORER.EXE-02121B1A.pf -->21/11/2007 00:03:17
C:\WINDOWS\prefetch\QTTASK.EXE-1876A1A1.pf -->21/11/2007 00:00:25
C:\WINDOWS\prefetch\WUAUCLT.EXE-1360D60A.pf -->21/11/2007 00:00:01
C:\WINDOWS\prefetch\IEXPLORE.EXE-2D97EBE6.pf -->20/11/2007 23:59:47
C:\WINDOWS\prefetch\MSNAPPAU.EXE-17A3A6E5.pf -->20/11/2007 23:59:38
C:\WINDOWS\prefetch\LOG VIEWER.EXE-367A4CA4.pf -->20/11/2007 23:55:08
C:\WINDOWS\prefetch\SETUP.OVR-1ABDA79A.pf -->20/11/2007 23:34:22
C:\WINDOWS\prefetch\AVAST.SETUP-295443AF.pf -->20/11/2007 23:34:15

C:\WINDOWS\System32\drivers\aswmon.sys -->06/09/2007 12:05:25
C:\WINDOWS\System32\drivers\aswmon2.sys -->06/09/2007 12:05:10
C:\WINDOWS\System32\drivers\aswRdr.sys -->06/09/2007 12:03:02
C:\WINDOWS\System32\drivers\aswTdi.sys -->06/09/2007 12:02:20
C:\WINDOWS\System32\drivers\aavmker4.sys -->06/09/2007 12:00:53
C:\WINDOWS\System32\drivers\lvuvcflt.sys -->12/05/2007 01:31:12
C:\WINDOWS\System32\drivers\secdrv.sys -->28/10/2006 12:07:54

C:\WINDOWS\System32\nvapps.xml -->20/11/2007 15:28:11
C:\WINDOWS\System32\ailyabls.ini -->18/11/2007 19:59:08
C:\WINDOWS\System32\wpa.dbl -->18/11/2007 12:06:08
C:\WINDOWS\System32\mcrh.tmp -->14/11/2007 19:43:53
C:\WINDOWS\System32\isohspie.ini -->12/11/2007 17:39:46
C:\WINDOWS\System32\eqwppmjv.ini -->11/11/2007 13:30:23
C:\WINDOWS\System32\libhroqo.ini -->10/11/2007 17:38:39
C:\WINDOWS\System32\ocjolhyc.ini -->09/11/2007 16:40:04
C:\WINDOWS\System32\uicpdmix.ini -->08/11/2007 13:25:03
C:\WINDOWS\System32\CONFIG.NT -->06/11/2007 15:58:59
C:\WINDOWS\System32\perfh00C.dat -->28/10/2007 09:11:50
C:\WINDOWS\System32\perfh009.dat -->28/10/2007 09:11:50
C:\WINDOWS\System32\perfc00C.dat -->28/10/2007 09:11:50
C:\WINDOWS\System32\perfc009.dat -->28/10/2007 09:11:50
C:\WINDOWS\System32\PerfStringBackup.INI -->28/10/2007 09:11:49
C:\WINDOWS\System32\jupdate-1.6.0_02-b06.log -->14/09/2007 21:32:22
C:\WINDOWS\System32\aswBoot.exe -->06/09/2007 12:09:49
C:\WINDOWS\System32\AvastSS.scr -->06/09/2007 12:00:07
C:\WINDOWS\System32\wuweb.dll -->30/07/2007 19:19:46
C:\WINDOWS\System32\javaws.exe -->12/07/2007 01:22:38
C:\WINDOWS\System32\javacpl.cpl -->12/07/2007 01:22:36
C:\WINDOWS\System32\javaw.exe -->12/07/2007 00:22:04
C:\WINDOWS\System32\java.exe -->12/07/2007 00:22:00
C:\WINDOWS\System32\QuickTimeVR.qtx -->29/06/2007 05:24:58
C:\WINDOWS\System32\QuickTime.qts -->29/06/2007 05:24:58

C:\WINDOWS\WindowsUpdate.log -->20/11/2007 23:34:50
C:\WINDOWS\0.log -->20/11/2007 15:28:36
C:\WINDOWS\wiaservc.log -->20/11/2007 15:28:15
C:\WINDOWS\wiadebug.log -->20/11/2007 15:28:14
C:\WINDOWS\ACMonitor_X83.ini -->20/11/2007 15:28:07
C:\WINDOWS\bootstat.dat -->20/11/2007 15:27:55
C:\WINDOWS\SchedLgU.Txt -->20/11/2007 07:45:35
C:\WINDOWS\cookies.ini -->18/11/2007 12:45:05
C:\WINDOWS\tsoc.log -->18/11/2007 12:40:03
C:\WINDOWS\ocmsn.log -->18/11/2007 12:40:03
C:\WINDOWS\ocgen.log -->18/11/2007 12:40:03
C:\WINDOWS\ntdtcsetup.log -->18/11/2007 12:40:03
C:\WINDOWS\msgsocm.log -->18/11/2007 12:40:03
C:\WINDOWS\imsins.log -->18/11/2007 12:40:03
C:\WINDOWS\iis6.log -->18/11/2007 12:40:03

winlogon.exe
svchost.exe
ws2_32.dll
user32.dll
tcpip.sys
ndis.sys
null.sys
Verified: Signed

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 1664
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x01000000 0xf8000 6.00.2600.0000 C:\WINDOWS\Explorer.EXE
0x77be0000 0x53000 7.00.2600.0000 C:\WINDOWS\system32\msvcrt.dll
0x77290000 0x63000 6.00.2600.0000 C:\WINDOWS\system32\SHLWAPI.dll
0x77390000 0x802000 6.00.2600.0000 C:\WINDOWS\system32\SHELL32.dll
0x770e0000 0x8b000 3.50.5014.0000 C:\WINDOWS\system32\OLEAUT32.dll
0x75f10000 0xfc000 6.00.2600.0000 C:\WINDOWS\System32\BROWSEUI.dll
0x76960000 0x149000 6.00.2600.0000 C:\WINDOWS\System32\SHDOCVW.dll
0x5b090000 0x34000 6.00.2600.0000 C:\WINDOWS\System32\UxTheme.dll
0x78090000 0xe5000 6.00.2800.1816 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1816_x-ww_7d33ba0e\comctl32.dll
0x77300000 0x8b000 5.82.2600.0000 C:\WINDOWS\system32\comctl32.dll
0x7a170000 0x80000 2001.12.4414.0062 C:\WINDOWS\System32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0042 C:\WINDOWS\System32\COMRes.dll
0x5b950000 0x71000 6.00.2600.0000 C:\WINDOWS\System32\themeui.dll
0x76ac0000 0x15000 3.00.9238.0000 C:\WINDOWS\System32\ATL.DLL
0x76250000 0x8c000 5.131.2600.0000 C:\WINDOWS\system32\CRYPT32.dll
0x74aa0000 0x43000 6.00.2600.0000 C:\WINDOWS\System32\webcheck.dll
0x74a60000 0x9000 6.00.2600.0000 C:\WINDOWS\System32\BatMeter.dll
0x74a40000 0x7000 6.00.2600.0000 C:\WINDOWS\System32\POWRPROF.dll
0x76390000 0x1fb000 2.00.2600.0000 C:\WINDOWS\System32\msi.dll
0x76190000 0x98000 6.00.2600.0000 C:\WINDOWS\system32\WININET.dll
0x76100000 0x8e000 6.00.2600.0000 C:\WINDOWS\System32\shdoclc.dll
0x723a0000 0x13000 6.00.2600.0000 C:\WINDOWS\System32\browselc.dll
0x76080000 0x78000 6.00.2600.0000 C:\WINDOWS\system32\urlmon.dll
0x08530000 0x1fd000 9.00.0000.2980 C:\WINDOWS\System32\WMVCore.DLL
0x07260000 0x39000 9.00.0000.2980 C:\WINDOWS\System32\WMASF.DLL
0x72380000 0x19000 6.00.2600.0000 C:\WINDOWS\System32\mydocs.dll
0x746e0000 0x8f000 6.00.2600.0000 C:\WINDOWS\System32\mlang.dll
0x732d0000 0x51000 6.00.2600.0000 C:\WINDOWS\System32\zipfldr.dll
0x64f00000 0x12000 4.07.1043.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll
0x10000000 0x3a2000 6.14.0010.6085 C:\WINDOWS\System32\nvcpl.dll
0x76340000 0x46000 6.00.2600.0000 C:\WINDOWS\system32\comdlg32.dll
0x74bf0000 0x2c000 4.02.5406.0000 C:\WINDOWS\System32\OLEACC.dll
0x76010000 0x61000 6.00.8972.0000 C:\WINDOWS\System32\MSVCP60.dll
0x01990000 0x70000 6.14.0010.6085 C:\WINDOWS\System32\nvshell.dll
0x011f0000 0xb000 6.00.0000.0878 C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
0x32520000 0x12000 10.00.2609.0000 C:\Program Files\Microsoft Office\Office10\msohev.dll
0x76be0000 0x2b000 5.131.2600.0000 C:\WINDOWS\System32\WINTRUST.dll
0x0ffd0000 0x22000 5.01.2518.0000 C:\WINDOWS\System32\rsaenh.dll

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 856
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x6f000 \??\C:\WINDOWS\system32\winlogon.exe
0x77be0000 0x53000 7.00.2600.0000 C:\WINDOWS\system32\msvcrt.dll
0x76250000 0x8c000 5.131.2600.0000 C:\WINDOWS\system32\CRYPT32.dll
0x76be0000 0x2b000 5.131.2600.0000 C:\WINDOWS\system32\WINTRUST.dll
0x77390000 0x802000 6.00.2600.0000 C:\WINDOWS\system32\SHELL32.dll
0x77290000 0x63000 6.00.2600.0000 C:\WINDOWS\system32\SHLWAPI.dll
0x77300000 0x8b000 5.82.2600.0000 C:\WINDOWS\system32\COMCTL32.dll
0x1f7b0000 0x31000 3.520.7713.0000 C:\WINDOWS\system32\ODBC32.dll
0x76340000 0x46000 6.00.2600.0000 C:\WINDOWS\system32\comdlg32.dll
0x78090000 0xe5000 6.00.2800.1816 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1816_x-ww_7d33ba0e\comctl32.dll
0x1f850000 0x18000 3.520.7713.0000 C:\WINDOWS\system32\odbcint.dll
0x76b70000 0x1f000 6.00.2600.0000 C:\WINDOWS\system32\SHSVCS.dll
0x5b090000 0x34000 6.00.2600.0000 C:\WINDOWS\system32\uxtheme.dll
0x0ffd0000 0x22000 5.01.2518.0000 C:\WINDOWS\System32\rsaenh.dll
0x77000000 0xd4000 2001.12.4414.0042 C:\WINDOWS\system32\COMRes.dll
0x770e0000 0x8b000 3.50.5014.0000 C:\WINDOWS\system32\OLEAUT32.dll
0x7a170000 0x80000 2001.12.4414.0062 C:\WINDOWS\system32\CLBCATQ.DLL

Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est AC18-51B2

Répertoire de C:\WINDOWS\system32

28/08/2001 13:00 4 096 csrss.exe
1 fichier(s) 4 096 octets
0 Rép(s) 60 881 113 088 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est AC18-51B2

Répertoire de C:\WINDOWS\Downloaded Program Files

08/11/2007 20:52 <REP> .
08/11/2007 20:52 <REP> ..
23/07/2006 21:38 65 desktop.ini
14/10/1997 17:52 697 DirectAnimation Java Classes.osd
13/04/2007 14:27 367 LegitCheckControl.inf
20/01/2000 14:25 1 162 Microsoft XML Parser for Java.osd
03/06/2002 17:53 144 QTPlugin.inf
11/06/2007 12:21 5 021 swflash.inf
11/08/2004 01:22 3 036 wmv9dmo.inf
30/07/2007 19:24 293 wuweb.inf
8 fichier(s) 10 785 octets

Total des fichiers listés :
8 fichier(s) 10 785 octets
2 Rép(s) 60 881 113 088 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..

Liste des fichiers en exception sur le pare-feu XP SP2

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-21 00:05:32
Windows 5.1.2600 NTFS

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
324 - ACMonitor_X83.e
348 - AcBtnMgr_X83.ex
360 - printray.exe
464 - ashWebSv.exe
508 - jusched.exe
524 - ashDisp.exe
576 - stmon.exe
600 - ctfmon.exe
648 - ashMaiSv.exe
660 - WLANUTL.exe
688 - PAStiSvc.exe
832 - csrss.exe
856 - winlogon.exe
900 - services.exe
912 - lsass.exe
1096 - svchost.exe
1144 - CALMAIN.exe
1224 - svchost.exe
1284 - cmd.exe
1344 - IEXPLORE.EXE
1388 - iPodService.exe
1476 - svchost.exe
1520 - svchost.exe
1616 - usnsvc.exe
1664 - explorer.exe
1792 - ashServ.exe
2040 - spoolsv.exe
3124 - msnmsgr.exe
3208 - LimeWire.exe
3352 - jucheck.exe

Total number of processes = 31
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D0000 - \WINDOWS\system32\ntoskrnl.exe
806B5000 - \WINDOWS\system32\hal.dll
F9F32000 - \WINDOWS\system32\KDCOM.DLL
F9E42000 - \WINDOWS\system32\BOOTVID.dll
F99E5000 - ACPI.sys
F9F34000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS
F9A32000 - pci.sys
F9A42000 - isapnp.sys
F9A52000 - ohci1394.sys
F9A62000 - \WINDOWS\System32\DRIVERS\1394BUS.SYS
F9F36000 - viaide.sys
F9CB2000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
F9A72000 - MountMgr.sys
F99C6000 - ftdisk.sys
F9F38000 - dmload.sys
F99A2000 - dmio.sys
F9CBA000 - PartMgr.sys
F9A82000 - VolSnap.sys
F998C000 - atapi.sys
F9A92000 - disk.sys
F9AA2000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
F997A000 - sr.sys
F9E46000 - PzWDM.sys
F9966000 - KSecDD.sys
F98E3000 - Ntfs.sys
F98BB000 - NDIS.sys
F9CC2000 - viaagp1.sys
F98A1000 - Mup.sys
F9AD2000 - \SystemRoot\System32\DRIVERS\nic1394.sys
F9C72000 - \SystemRoot\System32\DRIVERS\processr.sys
F8F9E000 - \SystemRoot\System32\DRIVERS\nv4_mini.sys
F9C82000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
F9D4A000 - \SystemRoot\System32\DRIVERS\usbuhci.sys
F8F7F000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS
F9C92000 - \SystemRoot\System32\DRIVERS\cdrom.sys
F9CA2000 - \SystemRoot\System32\DRIVERS\redbook.sys
F8F5F000 - \SystemRoot\System32\DRIVERS\ks.sys
F9D52000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys
F9AE2000 - \SystemRoot\System32\DRIVERS\imapi.sys
F8EF0000 - \SystemRoot\system32\drivers\ALCXWDM.SYS
F8ECF000 - \SystemRoot\system32\drivers\portcls.sys
F9240000 - \SystemRoot\system32\drivers\drmk.sys
F8E6C000 - \SystemRoot\system32\drivers\ALCXSENS.SYS
F9D5A000 - \SystemRoot\System32\DRIVERS\fetnd5.sys
F9D62000 - \SystemRoot\System32\DRIVERS\fdc.sys
F9230000 - \SystemRoot\System32\DRIVERS\serial.sys
F9F12000 - \SystemRoot\System32\DRIVERS\serenum.sys
F8E59000 - \SystemRoot\System32\DRIVERS\parport.sys
F9220000 - \SystemRoot\System32\DRIVERS\i8042prt.sys
F9D6A000 - \SystemRoot\System32\DRIVERS\mouclass.sys
F9D72000 - \SystemRoot\System32\DRIVERS\kbdclass.sys
FA16A000 - \SystemRoot\System32\DRIVERS\audstub.sys
F9210000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys
F9F1A000 - \SystemRoot\System32\DRIVERS\ndistapi.sys
F8E43000 - \SystemRoot\System32\DRIVERS\ndiswan.sys
F9200000 - \SystemRoot\System32\DRIVERS\raspppoe.sys
F91F0000 - \SystemRoot\System32\DRIVERS\raspptp.sys
F9F1E000 - \SystemRoot\System32\DRIVERS\TDI.SYS
F8E32000 - \SystemRoot\System32\DRIVERS\psched.sys
F91E0000 - \SystemRoot\System32\DRIVERS\msgpc.sys
F9D7A000 - \SystemRoot\System32\DRIVERS\ptilink.sys
F9D82000 - \SystemRoot\System32\DRIVERS\raspti.sys
F8DC2000 - \SystemRoot\System32\DRIVERS\rdpdr.sys
F91D0000 - \SystemRoot\System32\DRIVERS\termdd.sys
FA177000 - \SystemRoot\System32\DRIVERS\swenum.sys
F8DA0000 - \SystemRoot\System32\DRIVERS\update.sys
F91C0000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F91B0000 - \SystemRoot\System32\DRIVERS\usbhub.sys
F9F5A000 - \SystemRoot\System32\DRIVERS\USBD.SYS
F9D8A000 - \SystemRoot\System32\DRIVERS\USBSTOR.SYS
F9D92000 - \SystemRoot\System32\DRIVERS\flpydisk.sys
F7C0A000 - \SystemRoot\System32\DRIVERS\WlanUIG.sys
F9F60000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
FA081000 - \SystemRoot\System32\Drivers\Null.SYS
F9F62000 - \SystemRoot\System32\Drivers\Beep.SYS
F9DA2000 - \SystemRoot\System32\drivers\vga.sys
F9F64000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F9F66000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F9DAA000 - \SystemRoot\System32\Drivers\Msfs.SYS
F9DB2000 - \SystemRoot\System32\Drivers\Npfs.SYS
F9ED6000 - \SystemRoot\System32\DRIVERS\rasacd.sys
F9B02000 - \SystemRoot\System32\DRIVERS\ipsec.sys
F7B72000 - \SystemRoot\System32\DRIVERS\tcpip.sys
F9B12000 - \SystemRoot\System32\Drivers\aswTdi.SYS
F7B4D000 - \SystemRoot\System32\DRIVERS\netbt.sys
F9B22000 - \SystemRoot\System32\DRIVERS\netbios.sys
F7A85000 - \SystemRoot\System32\DRIVERS\rdbss.sys
F7A21000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys
F9B42000 - \SystemRoot\System32\Drivers\Fips.SYS
F9B52000 - \SystemRoot\System32\DRIVERS\wanarp.sys
F9B62000 - \SystemRoot\System32\DRIVERS\arp1394.sys
F9DC2000 - \SystemRoot\System32\Drivers\Aavmker4.SYS
F9BE2000 - \SystemRoot\System32\Drivers\Cdfs.SYS
F79E3000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F9F98000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \??\C:\WINDOWS\system32\win32k.sys
F7BEE000 - \??\C:\WINDOWS\system32\watchdog.sys
BFF80000 - \SystemRoot\System32\drivers\dxg.sys
FA04E000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9B8000 - \SystemRoot\System32\nv4_disp.dll
F6A43000 - \SystemRoot\System32\drivers\afd.sys
F6ACF000 - \SystemRoot\System32\DRIVERS\mdc8021x.sys
F6ACB000 - \SystemRoot\System32\DRIVERS\ndisuio.sys
F604D000 - \SystemRoot\System32\Drivers\aswMon2.SYS
F6001000 - \SystemRoot\System32\Drivers\Fastfat.SYS
F5EAD000 - \SystemRoot\system32\drivers\wdmaud.sys
F60FB000 - \SystemRoot\system32\drivers\sysaudio.sys
F5D9F000 - \SystemRoot\System32\DRIVERS\mrxdav.sys
F9F58000 - \SystemRoot\System32\Drivers\ParVdm.SYS
F5FB5000 - \SystemRoot\System32\DRIVERS\secdrv.sys
F5A56000 - \SystemRoot\System32\DRIVERS\srv.sys
F594A000 - \SystemRoot\System32\Drivers\aswRdr.SYS
F5926000 - \??\C:\WINDOWS\System32\PCANDIS5.SYS
F4C9D000 - \SystemRoot\system32\drivers\kmixer.sys
BFFA0000 - \SystemRoot\System32\ATMFD.DLL
FA078000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 116

Liste des programmes installes

Adobe Flash Player 9 ActiveX
Adobe Reader 6.0 - Français
Apple Software Update
avast! Antivirus
Barre d'outils MSN
Camera Access Library
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window DVC
Camera Window MC
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window DSLR 5 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
CANON iMAGE GATEWAY Task
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX (F)
FoxTarot version 4.0
FusionSoft DVD Player XP Version 5.0
HijackThis 2.0.2
Internet Library
iTunes
Java(TM) 6 Update 2
Les Sims Deluxe
Lexmark X83
LimeWire 4.14.8
LiveBox
Messenger Plus! Live
MGI PhotoSuite 8.1 (suppression seulement)
Microsoft Office XP Professional with FrontPage
MovieEdit Task
NVIDIA Drivers
ONES Trial (F)
PC VGA Camer@
PC VGA Camer@
Philips Digital Audio Player
PhotoStitch
QuickTime
RAW Image Task 2.2
Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g
The Sims House Party
WebFldrs XP
Windows Live Messenger
Windows Live Sign-in Assistant

Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est AC18-51B2

Répertoire de C:\Program Files

20/11/2007 23:59 <REP> .
20/11/2007 23:59 <REP> ..
20/06/2001 15:19 40 960 ACMonitor_X83.exe
28/10/2006 12:06 <REP> Adobe
05/11/2007 20:58 <REP> Alwil Software
03/09/2007 17:58 <REP> Apple Software Update
22/07/2006 10:37 <REP> Canon
25/06/2006 14:14 <REP> ComPlus Applications
18/11/2007 21:20 <REP> Fichiers communs
20/11/2007 21:19 <REP> FoxTarot4
03/04/2007 19:38 <REP> FusionSoft DVD Player XP
23/07/2006 21:37 <REP> Internet Explorer
03/09/2007 18:01 <REP> iPod
03/09/2007 18:02 <REP> iTunes
14/09/2007 21:32 <REP> Java
01/07/2006 13:34 <REP> Lexmark
08/07/2006 12:33 <REP> LexmarkX83
14/09/2007 21:32 <REP> LimeWire
08/07/2006 12:42 <REP> Maxis
19/07/2006 08:25 <REP> Messenger
19/06/2007 18:39 <REP> Messenger Plus! Live
01/07/2006 13:41 <REP> MGI
25/06/2006 19:52 <REP> Microsoft ActiveSync
25/06/2006 14:17 <REP> microsoft frontpage
25/06/2006 19:51 <REP> Microsoft Office
23/07/2006 21:37 <REP> Movie Maker
23/07/2006 21:36 <REP> MSN
01/07/2006 13:23 <REP> MSN Apps
25/06/2006 14:13 <REP> MSN Gaming Zone
07/11/2007 18:10 <REP> MSN Messenger
01/07/2006 16:03 <REP> MSN Toolbar
23/07/2006 21:37 <REP> NetMeeting
28/07/2006 18:07 <REP> ONES Trial (F)
23/07/2006 21:37 <REP> Outlook Express
08/07/2006 12:24 <REP> PC VGA Camer@
22/11/2006 18:29 <REP> Philips
03/09/2007 18:00 <REP> QuickTime
30/06/2006 19:50 <REP> SAGEM
30/06/2006 19:51 <REP> SAGEM Wi-Fi USB 802.11g
25/06/2006 14:15 <REP> Services en ligne
09/11/2007 17:31 <REP> Trend Micro
06/11/2007 14:04 <REP> Ubi Soft
19/06/2007 18:39 <REP> Windows Live
06/05/2007 12:36 <REP> Windows Media Player
25/06/2006 14:13 <REP> Windows NT
25/06/2006 14:17 <REP> xerox
1 fichier(s) 40 960 octets
45 Rép(s) 60 880 834 560 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est AC18-51B2

Répertoire de C:\Program Files\fichiers communs

18/11/2007 21:20 <REP> .
18/11/2007 21:20 <REP> ..
11/11/2007 21:44 <REP> 07%2F06%2F2007
28/10/2006 23:13 <REP> Adobe
25/06/2006 19:52 <REP> Designer
22/11/2006 18:28 <REP> InstallShield
14/09/2007 21:30 <REP> Java
07/11/2007 18:07 <REP> Microsoft Shared
25/06/2006 14:14 <REP> MSSoap
25/06/2006 14:44 <REP> ODBC
08/07/2006 12:24 <REP> PCCamera
25/06/2006 14:14 <REP> Services
25/06/2006 14:44 <REP> SpeechEngines
23/07/2006 21:37 <REP> System
0 fichier(s) 0 octets
14 Rép(s) 60 880 834 560 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est AC18-51B2

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

25/06/2006 19:52 <REP> .
25/06/2006 19:52 <REP> ..
25/06/2006 19:51 <REP> 1033
14/02/2001 20:45 1 318 912 MSONSEXT.DLL
12/02/2001 23:23 58 784 MSOSV.DLL
03/06/1999 13:09 122 937 MSOWS409.DLL
07/03/2001 08:00 127 033 MSOWS40c.DLL
06/08/2000 08:04 401 462 MSVCP60.DLL
22/01/2001 02:25 69 632 PKMAXCTL.DLL
22/01/2001 02:25 872 448 PKMCDO.DLL
22/01/2001 02:25 159 744 PKMCORE.DLL
07/02/2001 08:59 106 496 PKMFORMS.DLL
22/01/2001 02:25 671 744 PKMRES.DLL
22/01/2001 02:25 28 672 PKMSSTLB.DLL
22/01/2001 02:25 40 960 PKMTEMPL.DLL
22/01/2001 02:25 24 576 PKMTRACE.DLL
22/01/2001 02:25 86 016 PKMWS.DLL
22/01/2001 02:25 237 568 PROMDEMO.DLL
22/01/2001 02:25 184 320 SECMGR.DLL
22/01/2001 02:25 323 584 VAIDDMGR.DLL
22/01/2001 02:25 32 768 VAIMEM.DLL
18 fichier(s) 4 867 656 octets
3 Rép(s) 60 880 834 560 octets libres

c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.3.1.3\iTunesSetupAdmin.exe
c:\Documents and Settings\malka\Application Data\LimeWire\.NetworkShare\LimeWireWin4.14.10.exe
c:\Documents and Settings\malka\Application Data\Macromedia\Flash Player\#SharedObjects\L89GXBQ2\localhost\MainCD.exe
c:\Documents and Settings\malka\Bureau\OTMoveIt.exe
c:\Documents and Settings\malka\Bureau\VirtumundoBeGone.exe
c:\Documents and Settings\malka\Bureau\VundoFix.exe
c:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\catchme.exe
c:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\diff.exe
c:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\dumphive.exe
c:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\find2.exe
c:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\Fport.exe
c:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\grep.exe
c:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\gzip.exe
c:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\KProcCheck.exe
c:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\LFiles.exe
c:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\md5sums.exe
c:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\pslist.exe
c:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\sigcheck.exe
c:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\streams.exe
c:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\swreg.exe
c:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\tar.exe
c:\Documents and Settings\malka\Bureau\MSNFix\MSNFix\msnchk.exe
c:\Documents and Settings\malka\Bureau\MSNFix\MSNFix\incl\MD5File.exe
c:\Documents and Settings\malka\Bureau\MSNFix\MSNFix\incl\msnchk.exe
c:\Documents and Settings\malka\Bureau\MSNFix\MSNFix\incl\Process.exe
c:\Documents and Settings\malka\Bureau\MSNFix\MSNFix\incl\swreg.exe
c:\Documents and Settings\malka\Bureau\MSNFix\MSNFix\incl\zip.exe
c:\Documents and Settings\malka\Local Settings\Temporary Internet Files\Content.IE5\SLIBO9QJ\in23[1].exe
c:\Documents and Settings\malka\Mes documents\DVD_Player_5.0_XP.exe
c:\Documents and Settings\malka\Mes documents\JOANNE COURS\Nouveau dossier\iTunesSetup.exe
c:\Documents and Settings\malka\Mes documents\JOANNE COURS\Nouveau dossier\LimeWireWin.exe
c:\Documents and Settings\malka\Mes documents\JOANNE COURS\Nouveau dossier\MPSetup.exe
c:\Documents and Settings\malka\Mes documents\Nouveau dossier\HJTInstall.exe
c:\Documents and Settings\malka\Mes documents\Nouveau dossier\INSTALL_MSN_MESSENGER_NT.EXE
c:\Documents and Settings\malka\Mes documents\Nouveau dossier\installer_fr.exe
c:\Documents and Settings\malka\Mes documents\Nouveau dossier\setup_fr.exe
c:\Documents and Settings\malka\Mes documents\Nouveau dossier\setupfre.exe
c:\Documents and Settings\malka\Mes documents\Nouveau dossier\MSNFix\MSNFix\incl\MD5File.exe
c:\Documents and Settings\malka\Mes documents\Nouveau dossier\MSNFix\MSNFix\incl\msnchk.exe
c:\Documents and Settings\malka\Mes documents\Nouveau dossier\MSNFix\MSNFix\incl\Process.exe
c:\Documents and Settings\malka\Mes documents\Nouveau dossier\MSNFix\MSNFix\incl\swreg.exe
c:\Documents and Settings\malka\Mes documents\Nouveau dossier\MSNFix\MSNFix\incl\zip.exe
c:\Documents and Settings\malka\Mes documents\programmes\Avast4.exe
c:\Documents and Settings\malka\Mes documents\programmes\Install_Messenger.exe
c:\Documents and Settings\malka\Mes documents\programmes\INSTALL_MSN_MESSENGER_NT.EXE
c:\Documents and Settings\malka\Mes documents\programmes\nvidia_6085.exe
c:\Documents and Settings\malka\Mes documents\programmes\pb_alc650_5320.exe
c:\Documents and Settings\malka\Mes documents\programmes\viahyperion4in1448v.exe
c:\Documents and Settings\malka\Mes documents\programmes\viausb20xp.exe
c:\Documents and Settings\malka\Mes documents\programmes\wmp11-windowsxp-x86-FR-FR.exe
c:\Documents and Settings\malka\Mes documents\programmes\Office\INSTMSI.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\INSTMSIW.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\Office XP.exe
c:\Documents and Settings\malka\Mes documents\programmes\Office\SETUP.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\FILES\OSP\1033\FILES\SYSTEM\EXTRACT.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\FILES\OSP\1033\IE5\EN\DCOM95.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\FILES\OSP\1033\IE5\EN\IE5COMP.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\FILES\OSP\1033\IE5\EN\IE5SETUP.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\FILES\OSP\1033\IE5\EN\OAINST.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\FILES\OSP\1033\IE5\EN\VRML2C.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\FILES\OWC\SETUP.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\FILES\PFILES\COMMON\MSSHARED\OFFICE10\DW.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\FILES\PFILES\MSOFFICE\OFFICE10\OFFCLN.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\FILES\SUPPORT\INSTMSI.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\FILES\SUPPORT\INSTMSIW.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\FILES\SUPPORT\Q282879.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\MSDE2000\SETUP.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\MSDE2000\MSI\INSTMSI.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\MSDE2000\MSI\INSTMSIW.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\ORK\INSTMSI.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\ORK\INSTMSIW.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\ORK\SETUP.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\ORK\FILES\PFILES\ORKTOOLS\ORK10\TOOLS\ADMPACK\ADMPACK.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\ORK\FILES\PFILES\ORKTOOLS\ORK10\TOOLS\HTMLHELP\HTMLHELP.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\ORK\FILES\PFILES\ORKTOOLS\ORK10\TOOLS\OCP\_ISDEL.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\ORK\FILES\PFILES\ORKTOOLS\ORK10\TOOLS\OCP\SETUP.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\ORK\FILES\PFILES\ORKTOOLS\ORK10\TOOLS\PPTVIEW\PPVIEW97.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\ORK\FILES\SUPPORT\INSTMSI.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\ORK\FILES\SUPPORT\INSTMSIW.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\ORK\FILES\SUPPORT\Q282879.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\INSTMSI.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\INSTMSIW.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SETUPSE.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQLWRAP.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\FILES\SUPPORT\INSTMSI.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\FILES\SUPPORT\INSTMSIW.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\FILES\SUPPORT\Q282879.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\BCP.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\CMDWRAP.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\CNFGSVR.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\DCOMSCM.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\DISTRIB.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\DTSRUN.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\DTSWIZ.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\LOGREAD.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\ODBCCMPT.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\OSQL.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\REBUILDM.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\REGREBLD.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\REPLMERG.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\SCM.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\SNAPSHOT.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\SQLAGENT.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\SQLMANGR.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\SQLSERVR.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\SVRNETCN.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\VSWITCH.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\OTHER\DTCSETUP.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\SETUP\_ISDEL.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\SETUP\MSETUP.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\SETUP\SETUPSQL.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\SETUP\SQLSTP.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\SYSTEM\CLICONFG.EXE
c:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\SYSTEM\REGSVR32.EXE
c:\Documents and Settings\malka\Mes documents\VIVRE APRES LA CHUTE DU MUR DE BERLIN\MsgPlusLive-411.exe
c:\Documents and Settings\malka\Mes documents\VIVRE APRES LA CHUTE DU MUR DE BERLIN\psa30se_ytb612_a708_DLM_en_us.exe
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\malka\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\malka\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll

****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_MALKA-OPM3M753E.tar.gz a l'adresse http://upload.malekal.com

Réponse 29 / 39

JO
21 nov. 2007 à 17:53

FPort v2.0 - TCP/IP Process to Port Mapper
Copyright 2000 by Foundstone, Inc.
https://www.mcafee.com/en-us/index.html

Pid Process Port Proto Path
1540 -> 5000 TCP
4 System -> 1031 TCP
0 System -> 12080 TCP
4 System -> 139 TCP
0 System -> 1540 TCP
4 System -> 445 TCP
660 ashMaiSv -> 12025 TCP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
660 ashMaiSv -> 12110 TCP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
660 ashMaiSv -> 12119 TCP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
660 ashMaiSv -> 12143 TCP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
532 ashWebSv -> 12080 TCP C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
2452 jucheck -> 1530 TCP C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
520 jusched -> 1527 TCP C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
520 jusched -> 1528 TCP C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
1228 svchost -> 1026 TCP C:\WINDOWS\System32\svchost.exe
1100 svchost -> 135 TCP C:\WINDOWS\system32\svchost.exe

1540 -> 1406 UDP
4 System -> 1025 UDP
0 System -> 1445 UDP
4 System -> 1900 UDP
4 System -> 445 UDP
660 ashMaiSv -> 123 UDP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
660 ashMaiSv -> 137 UDP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
660 ashMaiSv -> 138 UDP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
532 ashWebSv -> 1034 UDP C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
2452 jucheck -> 1391 UDP C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
520 jusched -> 1027 UDP C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
520 jusched -> 1036 UDP C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
520 jusched -> 15656 UDP C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
520 jusched -> 60315 UDP C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
1100 svchost -> 135 UDP C:\WINDOWS\system32\svchost.exe
1228 svchost -> 500 UDP C:\WINDOWS\System32\svchost.exe

PsList 1.26 - Process Information Lister
Copyright (C) 1999-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

Process information for MALKA-OPM3M753E:

Name Pid Pri Thd Hnd VM WS Priv
Idle 0 0 1 0 0 20 0
System 4 8 57 289 1876 80 0
smss 760 11 3 21 3796 80 164
csrss 836 13 12 489 24828 1724 1640
winlogon 860 13 20 448 45492 2320 5444
services 904 9 20 333 21680 1848 1464
spoolsv 168 8 14 154 45680 2008 3240
alg 512 8 3 68 13956 1000 480
ashWebSv 532 8 18 121 86684 6900 11444
nvsvc32 564 8 3 66 19368 600 500
ashMaiSv 660 8 8 83 52500 552 2884
PAStiSvc 668 8 2 23 7868 424 192
svchost 740 8 5 111 16572 1044 776
svchost 1100 8 9 285 31252 1756 1352
svchost 1228 8 58 1049 102200 11088 11276
CALMAIN 1280 8 7 116 22428 960 676
svchost 1508 8 6 93 29132 1368 1028
svchost 1540 8 13 155 30928 1028 1188
aswUpdSv 1756 8 3 31 16352 64 380
ashServ 1812 13 24 251 113608 12868 22828
usnsvc 2576 8 3 82 14624 1648 644
lsass 916 9 20 319 38516 460 3192
explorer 1692 8 15 388 86272 6420 12892
ACMonitor_X83 356 8 1 26 16204 1288 344
AcBtnMgr_X83 380 8 1 25 24212 784 432
WLANUTL 388 8 2 60 34692 1284 1132
printray 456 8 1 31 34992 888 756
SOUNDMAN 464 8 2 52 30280 900 580
jusched 520 8 3 152 53412 4656 1232
jucheck 2452 8 4 182 57664 5624 2400
ashDisp 600 8 7 76 42764 840 2276
stmon 616 8 2 104 56804 1752 1284
ctfmon 632 8 1 52 15080 788 348
IEXPLORE 720 8 19 533 197392 24256 35996
msnmsgr 2116 8 33 623 172936 14868 32708
cmd 3200 8 1 22 13376 1140 1384
pslist 3404 13 2 72 17408 1452 664

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 1692
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x01000000 0xf8000 6.00.2600.0000 C:\WINDOWS\Explorer.EXE
0x77be0000 0x53000 7.00.2600.0000 C:\WINDOWS\system32\msvcrt.dll
0x77290000 0x63000 6.00.2600.0000 C:\WINDOWS\system32\SHLWAPI.dll
0x77390000 0x802000 6.00.2600.0000 C:\WINDOWS\system32\SHELL32.dll
0x770e0000 0x8b000 3.50.5014.0000 C:\WINDOWS\system32\OLEAUT32.dll
0x75f10000 0xfc000 6.00.2600.0000 C:\WINDOWS\System32\BROWSEUI.dll
0x76960000 0x149000 6.00.2600.0000 C:\WINDOWS\System32\SHDOCVW.dll
0x5b090000 0x34000 6.00.2600.0000 C:\WINDOWS\System32\UxTheme.dll
0x78090000 0xe5000 6.00.2800.1816 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1816_x-ww_7d33ba0e\comctl32.dll
0x77300000 0x8b000 5.82.2600.0000 C:\WINDOWS\system32\comctl32.dll
0x7a170000 0x80000 2001.12.4414.0062 C:\WINDOWS\System32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0042 C:\WINDOWS\System32\COMRes.dll
0x5b950000 0x71000 6.00.2600.0000 C:\WINDOWS\System32\themeui.dll
0x71ca0000 0x1b000 6.00.2600.0000 C:\WINDOWS\System32\actxprxy.dll
0x76ac0000 0x15000 3.00.9238.0000 C:\WINDOWS\System32\ATL.DLL
0x76250000 0x8c000 5.131.2600.0000 C:\WINDOWS\system32\CRYPT32.dll
0x74aa0000 0x43000 6.00.2600.0000 C:\WINDOWS\System32\webcheck.dll
0x74a60000 0x9000 6.00.2600.0000 C:\WINDOWS\System32\BatMeter.dll
0x74a40000 0x7000 6.00.2600.0000 C:\WINDOWS\System32\POWRPROF.dll
0x76390000 0x1fb000 2.00.2600.0000 C:\WINDOWS\System32\msi.dll
0x76190000 0x98000 6.00.2600.0000 C:\WINDOWS\system32\WININET.dll
0x76100000 0x8e000 6.00.2600.0000 C:\WINDOWS\System32\shdoclc.dll
0x732d0000 0x51000 6.00.2600.0000 C:\WINDOWS\System32\zipfldr.dll
0x64f00000 0x12000 4.07.1043.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll
0x723a0000 0x13000 6.00.2600.0000 C:\WINDOWS\System32\browselc.dll
0x10000000 0xb000 6.00.0000.0878 C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
0x76080000 0x78000 6.00.2600.0000 C:\WINDOWS\system32\urlmon.dll
0x32520000 0x12000 10.00.2609.0000 C:\Program Files\Microsoft Office\Office10\msohev.dll
0x76be0000 0x2b000 5.131.2600.0000 C:\WINDOWS\System32\WINTRUST.dll
0x0ffd0000 0x22000 5.01.2518.0000 C:\WINDOWS\System32\rsaenh.dll
0x70ee0000 0x7000 1.01.0000.3917 C:\WINDOWS\System32\asfsipc.dll
0x60990000 0xd000 2.00.2600.0000 C:\WINDOWS\System32\MSISIP.DLL
0x74e10000 0x10000 5.06.0000.6626 C:\WINDOWS\System32\wshext.dll
0x76340000 0x46000 6.00.2600.0000 C:\WINDOWS\system32\comdlg32.dll
0x59000000 0xe000 5.06.0000.6626 C:\WINDOWS\System32\wshFR.DLL
0x365a0000 0x15000 10.00.2625.0000 C:\PROGRA~1\MICROS~2\Office10\MCPS.DLL
0x76010000 0x61000 6.00.8972.0000 C:\WINDOWS\System32\MSVCP60.DLL

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 860
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x6f000 \??\C:\WINDOWS\system32\winlogon.exe
0x77be0000 0x53000 7.00.2600.0000 C:\WINDOWS\system32\msvcrt.dll
0x76250000 0x8c000 5.131.2600.0000 C:\WINDOWS\system32\CRYPT32.dll
0x76be0000 0x2b000 5.131.2600.0000 C:\WINDOWS\system32\WINTRUST.dll
0x77390000 0x802000 6.00.2600.0000 C:\WINDOWS\system32\SHELL32.dll
0x77290000 0x63000 6.00.2600.0000 C:\WINDOWS\system32\SHLWAPI.dll
0x77300000 0x8b000 5.82.2600.0000 C:\WINDOWS\system32\COMCTL32.dll
0x1f7b0000 0x31000 3.520.7713.0000 C:\WINDOWS\system32\ODBC32.dll
0x76340000 0x46000 6.00.2600.0000 C:\WINDOWS\system32\comdlg32.dll
0x78090000 0xe5000 6.00.2800.1816 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1816_x-ww_7d33ba0e\comctl32.dll
0x1f850000 0x18000 3.520.7713.0000 C:\WINDOWS\system32\odbcint.dll
0x76b70000 0x1f000 6.00.2600.0000 C:\WINDOWS\system32\SHSVCS.dll
0x5b090000 0x34000 6.00.2600.0000 C:\WINDOWS\system32\uxtheme.dll
0x0ffd0000 0x22000 5.01.2518.0000 C:\WINDOWS\System32\rsaenh.dll
0x77000000 0xd4000 2001.12.4414.0042 C:\WINDOWS\system32\COMRes.dll
0x770e0000 0x8b000 3.50.5014.0000 C:\WINDOWS\system32\OLEAUT32.dll
0x7a170000 0x80000 2001.12.4414.0062 C:\WINDOWS\system32\CLBCATQ.DLL

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
IEXPLORE.EXE pid: 720
Command line: "C:\Program Files\Internet Explorer\IEXPLORE.EXE"

Base Size Version Path
0x00400000 0x19000 6.00.2600.0000 C:\Program Files\Internet Explorer\IEXPLORE.EXE
0x77be0000 0x53000 7.00.2600.0000 C:\WINDOWS\system32\msvcrt.dll
0x77290000 0x63000 6.00.2600.0000 C:\WINDOWS\system32\SHLWAPI.dll
0x76960000 0x149000 6.00.2600.0000 C:\WINDOWS\System32\SHDOCVW.dll
0x78090000 0xe5000 6.00.2800.1816 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1816_x-ww_7d33ba0e\comctl32.dll
0x77390000 0x802000 6.00.2600.0000 C:\WINDOWS\system32\SHELL32.dll
0x77300000 0x8b000 5.82.2600.0000 C:\WINDOWS\system32\comctl32.dll
0x5b090000 0x34000 6.00.2600.0000 C:\WINDOWS\system32\uxtheme.dll
0x75f10000 0xfc000 6.00.2600.0000 C:\WINDOWS\System32\BROWSEUI.dll
0x723a0000 0x13000 6.00.2600.0000 C:\WINDOWS\System32\browselc.dll
0x7a170000 0x80000 2001.12.4414.0062 C:\WINDOWS\System32\CLBCATQ.DLL
0x770e0000 0x8b000 3.50.5014.0000 C:\WINDOWS\system32\OLEAUT32.dll
0x77000000 0xd4000 2001.12.4414.0042 C:\WINDOWS\System32\COMRes.dll
0x76190000 0x98000 6.00.2600.0000 C:\WINDOWS\system32\WININET.dll
0x76250000 0x8c000 5.131.2600.0000 C:\WINDOWS\system32\CRYPT32.dll
0x10000000 0xb000 6.00.0000.0878 C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
0x6d7c0000 0x79000 6.00.0020.0006 C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\Java\jre1.6.0_02\bin\MSVCR71.dll
0x29500000 0x51000 4.00.0249.0001 C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
0x76080000 0x78000 6.00.2600.0000 C:\WINDOWS\system32\urlmon.dll
0x0ffd0000 0x22000 5.01.2518.0000 C:\WINDOWS\System32\rsaenh.dll
0x27500000 0xc9000 4.00.0249.0001 C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\msidcrl40.dll
0x76be0000 0x2b000 5.131.2600.0000 C:\WINDOWS\System32\WINTRUST.dll
0x02020000 0x28000 1.02.3000.1001 C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
0x72d50000 0x114000 8.20.8730.0001 C:\WINDOWS\System32\msxml3.dll
0x746e0000 0x8f000 6.00.2600.0000 C:\WINDOWS\System32\mlang.dll
0x73ca0000 0x10000 5.131.2600.0000 C:\WINDOWS\System32\cryptnet.dll
0x01e20000 0x49000 1.02.5000.1021 C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
0x01e90000 0x2c000 1.02.5000.1021 C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\mtbres.dll
0x76100000 0x8e000 6.00.2600.0000 C:\WINDOWS\System32\shdoclc.dll
0x76390000 0x1fb000 2.00.2600.0000 C:\WINDOWS\System32\msi.dll
0x76ac0000 0x15000 3.00.9238.0000 C:\WINDOWS\System32\ATL.DLL
0x74780000 0x2ad000 6.00.2600.0000 C:\WINDOWS\System32\mshtml.dll
0x74630000 0x27000 3.10.0349.0000 C:\WINDOWS\System32\MSLS31.DLL
0x75be0000 0x91000 5.06.0000.6626 C:\WINDOWS\System32\jscript.dll
0x66cc0000 0xa000 6.00.2600.0000 C:\WINDOWS\System32\imgutil.dll
0x5e680000 0xb000 6.00.2600.0000 C:\WINDOWS\System32\pngfilt.dll
0x73250000 0x75000 5.06.0000.6626 C:\WINDOWS\system32\vbscript.dll
0x30000000 0x2ef000 9.00.0047.0000 C:\WINDOWS\System32\Macromed\Flash\Flash9d.ocx
0x76340000 0x46000 6.00.2600.0000 C:\WINDOWS\system32\comdlg32.dll
0x65000000 0x9000 5.03.0000.0900 C:\WINDOWS\System32\ddrawex.dll
0x51000000 0x4d000 5.03.0000.0900 C:\WINDOWS\System32\DDRAW.dll
0x6c270000 0x33000 6.03.2600.0000 C:\WINDOWS\System32\dxtrans.dll
0x6c2b0000 0x55000 6.03.2600.0000 C:\WINDOWS\System32\dxtmsft.dll
0x672b0000 0x3b000 6.00.2600.0000 C:\WINDOWS\System32\iepeers.dll
0x74c20000 0x6f000 6.00.2600.0000 C:\WINDOWS\System32\mshtmled.dll
0x71ca0000 0x1b000 6.00.2600.0000 C:\WINDOWS\System32\actxprxy.dll
0x09a30000 0x61000 6.00.0000.0878 C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\pdf.ocx
0x66700000 0x91000 7.02.0000.0240 C:\Program Files\QuickTime\QTPlugin.ocx
0x09aa0000 0x472000 9.00.0000.2980 C:\WINDOWS\System32\wmp.dll
0x09f20000 0x2d9000 9.00.0000.2980 C:\WINDOWS\System32\wmploc.dll
0x72a70000 0x18000 6.00.2600.0000 C:\WINDOWS\System32\plugin.ocx

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
services.exe pid: 904
Command line: C:\WINDOWS\system32\services.exe

Base Size Version Path
0x77be0000 0x53000 7.00.2600.0000 C:\WINDOWS\system32\msvcrt.dll
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est AC18-51B2

Répertoire de C:\Program Files

21/11/2007 17:43 <REP> .
21/11/2007 17:43 <REP> ..
20/06/2001 15:19 40 960 ACMonitor_X83.exe
28/10/2006 12:06 <REP> Adobe
05/11/2007 20:58 <REP> Alwil Software
03/09/2007 17:58 <REP> Apple Software Update
22/07/2006 10:37 <REP> Canon
25/06/2006 14:14 <REP> ComPlus Applications
18/11/2007 21:20 <REP> Fichiers communs
20/11/2007 21:19 <REP> FoxTarot4
03/04/2007 19:38 <REP> FusionSoft DVD Player XP
23/07/2006 21:37 <REP> Internet Explorer
03/09/2007 18:01 <REP> iPod
03/09/2007 18:02 <REP> iTunes
14/09/2007 21:32 <REP> Java
01/07/2006 13:34 <REP> Lexmark
08/07/2006 12:33 <REP> LexmarkX83
14/09/2007 21:32 <REP> LimeWire
08/07/2006 12:42 <REP> Maxis
19/07/2006 08:25 <REP> Messenger
19/06/2007 18:39 <REP> Messenger Plus! Live
01/07/2006 13:41 <REP> MGI
25/06/2006 19:52 <REP> Microsoft ActiveSync
25/06/2006 14:17 <REP> microsoft frontpage
25/06/2006 19:51 <REP> Microsoft Office
23/07/2006 21:37 <REP> Movie Maker
23/07/2006 21:36 <REP> MSN
01/07/2006 13:23 <REP> MSN Apps
25/06/2006 14:13 <REP> MSN Gaming Zone
07/11/2007 18:10 <REP> MSN Messenger
01/07/2006 16:03 <REP> MSN Toolbar
23/07/2006 21:37 <REP> NetMeeting
28/07/2006 18:07 <REP> ONES Trial (F)
23/07/2006 21:37 <REP> Outlook Express
08/07/2006 12:24 <REP> PC VGA Camer@
22/11/2006 18:29 <REP> Philips
03/09/2007 18:00 <REP> QuickTime
30/06/2006 19:50 <REP> SAGEM
30/06/2006 19:51 <REP> SAGEM Wi-Fi USB 802.11g
25/06/2006 14:15 <REP> Services en ligne
09/11/2007 17:31 <REP> Trend Micro
06/11/2007 14:04 <REP> Ubi Soft
19/06/2007 18:39 <REP> Windows Live
06/05/2007 12:36 <REP> Windows Media Player
25/06/2006 14:13 <REP> Windows NT
25/06/2006 14:17 <REP> xerox
1 fichier(s) 40 960 octets
45 Rép(s) 60 856 233 984 octets libres
C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.3.1.3\iTunesSetupAdmin.exe
C:\Documents and Settings\malka\Application Data\LimeWire\.NetworkShare\LimeWireWin4.14.10.exe
C:\Documents and Settings\malka\Application Data\Macromedia\Flash Player\#SharedObjects\L89GXBQ2\localhost\MainCD.exe
C:\Documents and Settings\malka\Bureau\OTMoveIt.exe
C:\Documents and Settings\malka\Bureau\VirtumundoBeGone.exe
C:\Documents and Settings\malka\Bureau\VundoFix.exe
C:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\catchme.exe
C:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\diff.exe
C:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\dumphive.exe
C:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe
C:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\find2.exe
C:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\Fport.exe
C:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\grep.exe
C:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\gzip.exe
C:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\KProcCheck.exe
C:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\LFiles.exe
C:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe
C:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\md5sums.exe
C:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\pslist.exe
C:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\sigcheck.exe
C:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\streams.exe
C:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\swreg.exe
C:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\tar.exe
C:\Documents and Settings\malka\Bureau\MSNFix\MSNFix\msnchk.exe
C:\Documents and Settings\malka\Bureau\MSNFix\MSNFix\incl\MD5File.exe
C:\Documents and Settings\malka\Bureau\MSNFix\MSNFix\incl\msnchk.exe
C:\Documents and Settings\malka\Bureau\MSNFix\MSNFix\incl\Process.exe
C:\Documents and Settings\malka\Bureau\MSNFix\MSNFix\incl\swreg.exe
C:\Documents and Settings\malka\Bureau\MSNFix\MSNFix\incl\zip.exe
C:\Documents and Settings\malka\Local Settings\Temporary Internet Files\Content.IE5\SLIBO9QJ\in23[1].exe
C:\Documents and Settings\malka\Mes documents\DVD_Player_5.0_XP.exe
C:\Documents and Settings\malka\Mes documents\JOANNE COURS\Nouveau dossier\iTunesSetup.exe
C:\Documents and Settings\malka\Mes documents\JOANNE COURS\Nouveau dossier\LimeWireWin.exe
C:\Documents and Settings\malka\Mes documents\JOANNE COURS\Nouveau dossier\MPSetup.exe
C:\Documents and Settings\malka\Mes documents\Nouveau dossier\HJTInstall.exe
C:\Documents and Settings\malka\Mes documents\Nouveau dossier\INSTALL_MSN_MESSENGER_NT.EXE
C:\Documents and Settings\malka\Mes documents\Nouveau dossier\installer_fr.exe
C:\Documents and Settings\malka\Mes documents\Nouveau dossier\setup_fr.exe
C:\Documents and Settings\malka\Mes documents\Nouveau dossier\setupfre.exe
C:\Documents and Settings\malka\Mes documents\Nouveau dossier\MSNFix\MSNFix\incl\MD5File.exe
C:\Documents and Settings\malka\Mes documents\Nouveau dossier\MSNFix\MSNFix\incl\msnchk.exe
C:\Documents and Settings\malka\Mes documents\Nouveau dossier\MSNFix\MSNFix\incl\Process.exe
C:\Documents and Settings\malka\Mes documents\Nouveau dossier\MSNFix\MSNFix\incl\swreg.exe
C:\Documents and Settings\malka\Mes documents\Nouveau dossier\MSNFix\MSNFix\incl\zip.exe
C:\Documents and Settings\malka\Mes documents\programmes\Avast4.exe
C:\Documents and Settings\malka\Mes documents\programmes\Install_Messenger.exe
C:\Documents and Settings\malka\Mes documents\programmes\INSTALL_MSN_MESSENGER_NT.EXE
C:\Documents and Settings\malka\Mes documents\programmes\nvidia_6085.exe
C:\Documents and Settings\malka\Mes documents\programmes\pb_alc650_5320.exe
C:\Documents and Settings\malka\Mes documents\programmes\viahyperion4in1448v.exe
C:\Documents and Settings\malka\Mes documents\programmes\viausb20xp.exe
C:\Documents and Settings\malka\Mes documents\programmes\wmp11-windowsxp-x86-FR-FR.exe
C:\Documents and Settings\malka\Mes documents\programmes\Office\INSTMSI.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\INSTMSIW.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\Office XP.exe
C:\Documents and Settings\malka\Mes documents\programmes\Office\SETUP.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\FILES\OSP\1033\FILES\SYSTEM\EXTRACT.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\FILES\OSP\1033\IE5\EN\DCOM95.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\FILES\OSP\1033\IE5\EN\IE5COMP.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\FILES\OSP\1033\IE5\EN\IE5SETUP.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\FILES\OSP\1033\IE5\EN\OAINST.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\FILES\OSP\1033\IE5\EN\VRML2C.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\FILES\OWC\SETUP.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\FILES\PFILES\COMMON\MSSHARED\OFFICE10\DW.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\FILES\PFILES\MSOFFICE\OFFICE10\OFFCLN.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\FILES\SUPPORT\INSTMSI.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\FILES\SUPPORT\INSTMSIW.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\FILES\SUPPORT\Q282879.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\MSDE2000\SETUP.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\MSDE2000\MSI\INSTMSI.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\MSDE2000\MSI\INSTMSIW.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\ORK\INSTMSI.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\ORK\INSTMSIW.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\ORK\SETUP.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\ORK\FILES\PFILES\ORKTOOLS\ORK10\TOOLS\ADMPACK\ADMPACK.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\ORK\FILES\PFILES\ORKTOOLS\ORK10\TOOLS\HTMLHELP\HTMLHELP.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\ORK\FILES\PFILES\ORKTOOLS\ORK10\TOOLS\OCP\_ISDEL.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\ORK\FILES\PFILES\ORKTOOLS\ORK10\TOOLS\OCP\SETUP.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\ORK\FILES\PFILES\ORKTOOLS\ORK10\TOOLS\PPTVIEW\PPVIEW97.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\ORK\FILES\SUPPORT\INSTMSI.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\ORK\FILES\SUPPORT\INSTMSIW.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\ORK\FILES\SUPPORT\Q282879.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\INSTMSI.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\INSTMSIW.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SETUPSE.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQLWRAP.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\FILES\SUPPORT\INSTMSI.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\FILES\SUPPORT\INSTMSIW.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\FILES\SUPPORT\Q282879.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\BCP.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\CMDWRAP.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\CNFGSVR.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\DCOMSCM.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\DISTRIB.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\DTSRUN.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\DTSWIZ.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\LOGREAD.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\ODBCCMPT.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\OSQL.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\REBUILDM.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\REGREBLD.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\REPLMERG.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\SCM.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\SNAPSHOT.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\SQLAGENT.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\SQLMANGR.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\SQLSERVR.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\SVRNETCN.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\VSWITCH.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\OTHER\DTCSETUP.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\SETUP\_ISDEL.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\SETUP\MSETUP.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\SETUP\SETUPSQL.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\SETUP\SQLSTP.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\SYSTEM\CLICONFG.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\SYSTEM\REGSVR32.EXE
C:\Documents and Settings\malka\Mes documents\VIVRE APRES LA CHUTE DU MUR DE BERLIN\MsgPlusLive-411.exe
C:\Documents and Settings\malka\Mes documents\VIVRE APRES LA CHUTE DU MUR DE BERLIN\psa30se_ytb612_a708_DLM_en_us.exe

Réponse 30 / 39

JO
21 nov. 2007 à 17:53

FPort v2.0 - TCP/IP Process to Port Mapper
Copyright 2000 by Foundstone, Inc.
https://www.mcafee.com/en-us/index.html

Pid Process Port Proto Path
1540 -> 5000 TCP
4 System -> 1031 TCP
0 System -> 12080 TCP
4 System -> 139 TCP
0 System -> 1540 TCP
4 System -> 445 TCP
660 ashMaiSv -> 12025 TCP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
660 ashMaiSv -> 12110 TCP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
660 ashMaiSv -> 12119 TCP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
660 ashMaiSv -> 12143 TCP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
532 ashWebSv -> 12080 TCP C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
2452 jucheck -> 1530 TCP C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
520 jusched -> 1527 TCP C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
520 jusched -> 1528 TCP C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
1228 svchost -> 1026 TCP C:\WINDOWS\System32\svchost.exe
1100 svchost -> 135 TCP C:\WINDOWS\system32\svchost.exe

1540 -> 1406 UDP
4 System -> 1025 UDP
0 System -> 1445 UDP
4 System -> 1900 UDP
4 System -> 445 UDP
660 ashMaiSv -> 123 UDP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
660 ashMaiSv -> 137 UDP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
660 ashMaiSv -> 138 UDP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
532 ashWebSv -> 1034 UDP C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
2452 jucheck -> 1391 UDP C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
520 jusched -> 1027 UDP C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
520 jusched -> 1036 UDP C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
520 jusched -> 15656 UDP C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
520 jusched -> 60315 UDP C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
1100 svchost -> 135 UDP C:\WINDOWS\system32\svchost.exe
1228 svchost -> 500 UDP C:\WINDOWS\System32\svchost.exe

PsList 1.26 - Process Information Lister
Copyright (C) 1999-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

Process information for MALKA-OPM3M753E:

Name Pid Pri Thd Hnd VM WS Priv
Idle 0 0 1 0 0 20 0
System 4 8 57 289 1876 80 0
smss 760 11 3 21 3796 80 164
csrss 836 13 12 489 24828 1724 1640
winlogon 860 13 20 448 45492 2320 5444
services 904 9 20 333 21680 1848 1464
spoolsv 168 8 14 154 45680 2008 3240
alg 512 8 3 68 13956 1000 480
ashWebSv 532 8 18 121 86684 6900 11444
nvsvc32 564 8 3 66 19368 600 500
ashMaiSv 660 8 8 83 52500 552 2884
PAStiSvc 668 8 2 23 7868 424 192
svchost 740 8 5 111 16572 1044 776
svchost 1100 8 9 285 31252 1756 1352
svchost 1228 8 58 1049 102200 11088 11276
CALMAIN 1280 8 7 116 22428 960 676
svchost 1508 8 6 93 29132 1368 1028
svchost 1540 8 13 155 30928 1028 1188
aswUpdSv 1756 8 3 31 16352 64 380
ashServ 1812 13 24 251 113608 12868 22828
usnsvc 2576 8 3 82 14624 1648 644
lsass 916 9 20 319 38516 460 3192
explorer 1692 8 15 388 86272 6420 12892
ACMonitor_X83 356 8 1 26 16204 1288 344
AcBtnMgr_X83 380 8 1 25 24212 784 432
WLANUTL 388 8 2 60 34692 1284 1132
printray 456 8 1 31 34992 888 756
SOUNDMAN 464 8 2 52 30280 900 580
jusched 520 8 3 152 53412 4656 1232
jucheck 2452 8 4 182 57664 5624 2400
ashDisp 600 8 7 76 42764 840 2276
stmon 616 8 2 104 56804 1752 1284
ctfmon 632 8 1 52 15080 788 348
IEXPLORE 720 8 19 533 197392 24256 35996
msnmsgr 2116 8 33 623 172936 14868 32708
cmd 3200 8 1 22 13376 1140 1384
pslist 3404 13 2 72 17408 1452 664

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 1692
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x01000000 0xf8000 6.00.2600.0000 C:\WINDOWS\Explorer.EXE
0x77be0000 0x53000 7.00.2600.0000 C:\WINDOWS\system32\msvcrt.dll
0x77290000 0x63000 6.00.2600.0000 C:\WINDOWS\system32\SHLWAPI.dll
0x77390000 0x802000 6.00.2600.0000 C:\WINDOWS\system32\SHELL32.dll
0x770e0000 0x8b000 3.50.5014.0000 C:\WINDOWS\system32\OLEAUT32.dll
0x75f10000 0xfc000 6.00.2600.0000 C:\WINDOWS\System32\BROWSEUI.dll
0x76960000 0x149000 6.00.2600.0000 C:\WINDOWS\System32\SHDOCVW.dll
0x5b090000 0x34000 6.00.2600.0000 C:\WINDOWS\System32\UxTheme.dll
0x78090000 0xe5000 6.00.2800.1816 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1816_x-ww_7d33ba0e\comctl32.dll
0x77300000 0x8b000 5.82.2600.0000 C:\WINDOWS\system32\comctl32.dll
0x7a170000 0x80000 2001.12.4414.0062 C:\WINDOWS\System32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0042 C:\WINDOWS\System32\COMRes.dll
0x5b950000 0x71000 6.00.2600.0000 C:\WINDOWS\System32\themeui.dll
0x71ca0000 0x1b000 6.00.2600.0000 C:\WINDOWS\System32\actxprxy.dll
0x76ac0000 0x15000 3.00.9238.0000 C:\WINDOWS\System32\ATL.DLL
0x76250000 0x8c000 5.131.2600.0000 C:\WINDOWS\system32\CRYPT32.dll
0x74aa0000 0x43000 6.00.2600.0000 C:\WINDOWS\System32\webcheck.dll
0x74a60000 0x9000 6.00.2600.0000 C:\WINDOWS\System32\BatMeter.dll
0x74a40000 0x7000 6.00.2600.0000 C:\WINDOWS\System32\POWRPROF.dll
0x76390000 0x1fb000 2.00.2600.0000 C:\WINDOWS\System32\msi.dll
0x76190000 0x98000 6.00.2600.0000 C:\WINDOWS\system32\WININET.dll
0x76100000 0x8e000 6.00.2600.0000 C:\WINDOWS\System32\shdoclc.dll
0x732d0000 0x51000 6.00.2600.0000 C:\WINDOWS\System32\zipfldr.dll
0x64f00000 0x12000 4.07.1043.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll
0x723a0000 0x13000 6.00.2600.0000 C:\WINDOWS\System32\browselc.dll
0x10000000 0xb000 6.00.0000.0878 C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
0x76080000 0x78000 6.00.2600.0000 C:\WINDOWS\system32\urlmon.dll
0x32520000 0x12000 10.00.2609.0000 C:\Program Files\Microsoft Office\Office10\msohev.dll
0x76be0000 0x2b000 5.131.2600.0000 C:\WINDOWS\System32\WINTRUST.dll
0x0ffd0000 0x22000 5.01.2518.0000 C:\WINDOWS\System32\rsaenh.dll
0x70ee0000 0x7000 1.01.0000.3917 C:\WINDOWS\System32\asfsipc.dll
0x60990000 0xd000 2.00.2600.0000 C:\WINDOWS\System32\MSISIP.DLL
0x74e10000 0x10000 5.06.0000.6626 C:\WINDOWS\System32\wshext.dll
0x76340000 0x46000 6.00.2600.0000 C:\WINDOWS\system32\comdlg32.dll
0x59000000 0xe000 5.06.0000.6626 C:\WINDOWS\System32\wshFR.DLL
0x365a0000 0x15000 10.00.2625.0000 C:\PROGRA~1\MICROS~2\Office10\MCPS.DLL
0x76010000 0x61000 6.00.8972.0000 C:\WINDOWS\System32\MSVCP60.DLL

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 860
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x6f000 \??\C:\WINDOWS\system32\winlogon.exe
0x77be0000 0x53000 7.00.2600.0000 C:\WINDOWS\system32\msvcrt.dll
0x76250000 0x8c000 5.131.2600.0000 C:\WINDOWS\system32\CRYPT32.dll
0x76be0000 0x2b000 5.131.2600.0000 C:\WINDOWS\system32\WINTRUST.dll
0x77390000 0x802000 6.00.2600.0000 C:\WINDOWS\system32\SHELL32.dll
0x77290000 0x63000 6.00.2600.0000 C:\WINDOWS\system32\SHLWAPI.dll
0x77300000 0x8b000 5.82.2600.0000 C:\WINDOWS\system32\COMCTL32.dll
0x1f7b0000 0x31000 3.520.7713.0000 C:\WINDOWS\system32\ODBC32.dll
0x76340000 0x46000 6.00.2600.0000 C:\WINDOWS\system32\comdlg32.dll
0x78090000 0xe5000 6.00.2800.1816 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1816_x-ww_7d33ba0e\comctl32.dll
0x1f850000 0x18000 3.520.7713.0000 C:\WINDOWS\system32\odbcint.dll
0x76b70000 0x1f000 6.00.2600.0000 C:\WINDOWS\system32\SHSVCS.dll
0x5b090000 0x34000 6.00.2600.0000 C:\WINDOWS\system32\uxtheme.dll
0x0ffd0000 0x22000 5.01.2518.0000 C:\WINDOWS\System32\rsaenh.dll
0x77000000 0xd4000 2001.12.4414.0042 C:\WINDOWS\system32\COMRes.dll
0x770e0000 0x8b000 3.50.5014.0000 C:\WINDOWS\system32\OLEAUT32.dll
0x7a170000 0x80000 2001.12.4414.0062 C:\WINDOWS\system32\CLBCATQ.DLL

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
IEXPLORE.EXE pid: 720
Command line: "C:\Program Files\Internet Explorer\IEXPLORE.EXE"

Base Size Version Path
0x00400000 0x19000 6.00.2600.0000 C:\Program Files\Internet Explorer\IEXPLORE.EXE
0x77be0000 0x53000 7.00.2600.0000 C:\WINDOWS\system32\msvcrt.dll
0x77290000 0x63000 6.00.2600.0000 C:\WINDOWS\system32\SHLWAPI.dll
0x76960000 0x149000 6.00.2600.0000 C:\WINDOWS\System32\SHDOCVW.dll
0x78090000 0xe5000 6.00.2800.1816 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1816_x-ww_7d33ba0e\comctl32.dll
0x77390000 0x802000 6.00.2600.0000 C:\WINDOWS\system32\SHELL32.dll
0x77300000 0x8b000 5.82.2600.0000 C:\WINDOWS\system32\comctl32.dll
0x5b090000 0x34000 6.00.2600.0000 C:\WINDOWS\system32\uxtheme.dll
0x75f10000 0xfc000 6.00.2600.0000 C:\WINDOWS\System32\BROWSEUI.dll
0x723a0000 0x13000 6.00.2600.0000 C:\WINDOWS\System32\browselc.dll
0x7a170000 0x80000 2001.12.4414.0062 C:\WINDOWS\System32\CLBCATQ.DLL
0x770e0000 0x8b000 3.50.5014.0000 C:\WINDOWS\system32\OLEAUT32.dll
0x77000000 0xd4000 2001.12.4414.0042 C:\WINDOWS\System32\COMRes.dll
0x76190000 0x98000 6.00.2600.0000 C:\WINDOWS\system32\WININET.dll
0x76250000 0x8c000 5.131.2600.0000 C:\WINDOWS\system32\CRYPT32.dll
0x10000000 0xb000 6.00.0000.0878 C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
0x6d7c0000 0x79000 6.00.0020.0006 C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\Java\jre1.6.0_02\bin\MSVCR71.dll
0x29500000 0x51000 4.00.0249.0001 C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
0x76080000 0x78000 6.00.2600.0000 C:\WINDOWS\system32\urlmon.dll
0x0ffd0000 0x22000 5.01.2518.0000 C:\WINDOWS\System32\rsaenh.dll
0x27500000 0xc9000 4.00.0249.0001 C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\msidcrl40.dll
0x76be0000 0x2b000 5.131.2600.0000 C:\WINDOWS\System32\WINTRUST.dll
0x02020000 0x28000 1.02.3000.1001 C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
0x72d50000 0x114000 8.20.8730.0001 C:\WINDOWS\System32\msxml3.dll
0x746e0000 0x8f000 6.00.2600.0000 C:\WINDOWS\System32\mlang.dll
0x73ca0000 0x10000 5.131.2600.0000 C:\WINDOWS\System32\cryptnet.dll
0x01e20000 0x49000 1.02.5000.1021 C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
0x01e90000 0x2c000 1.02.5000.1021 C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\mtbres.dll
0x76100000 0x8e000 6.00.2600.0000 C:\WINDOWS\System32\shdoclc.dll
0x76390000 0x1fb000 2.00.2600.0000 C:\WINDOWS\System32\msi.dll
0x76ac0000 0x15000 3.00.9238.0000 C:\WINDOWS\System32\ATL.DLL
0x74780000 0x2ad000 6.00.2600.0000 C:\WINDOWS\System32\mshtml.dll
0x74630000 0x27000 3.10.0349.0000 C:\WINDOWS\System32\MSLS31.DLL
0x75be0000 0x91000 5.06.0000.6626 C:\WINDOWS\System32\jscript.dll
0x66cc0000 0xa000 6.00.2600.0000 C:\WINDOWS\System32\imgutil.dll
0x5e680000 0xb000 6.00.2600.0000 C:\WINDOWS\System32\pngfilt.dll
0x73250000 0x75000 5.06.0000.6626 C:\WINDOWS\system32\vbscript.dll
0x30000000 0x2ef000 9.00.0047.0000 C:\WINDOWS\System32\Macromed\Flash\Flash9d.ocx
0x76340000 0x46000 6.00.2600.0000 C:\WINDOWS\system32\comdlg32.dll
0x65000000 0x9000 5.03.0000.0900 C:\WINDOWS\System32\ddrawex.dll
0x51000000 0x4d000 5.03.0000.0900 C:\WINDOWS\System32\DDRAW.dll
0x6c270000 0x33000 6.03.2600.0000 C:\WINDOWS\System32\dxtrans.dll
0x6c2b0000 0x55000 6.03.2600.0000 C:\WINDOWS\System32\dxtmsft.dll
0x672b0000 0x3b000 6.00.2600.0000 C:\WINDOWS\System32\iepeers.dll
0x74c20000 0x6f000 6.00.2600.0000 C:\WINDOWS\System32\mshtmled.dll
0x71ca0000 0x1b000 6.00.2600.0000 C:\WINDOWS\System32\actxprxy.dll
0x09a30000 0x61000 6.00.0000.0878 C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\pdf.ocx
0x66700000 0x91000 7.02.0000.0240 C:\Program Files\QuickTime\QTPlugin.ocx
0x09aa0000 0x472000 9.00.0000.2980 C:\WINDOWS\System32\wmp.dll
0x09f20000 0x2d9000 9.00.0000.2980 C:\WINDOWS\System32\wmploc.dll
0x72a70000 0x18000 6.00.2600.0000 C:\WINDOWS\System32\plugin.ocx

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
services.exe pid: 904
Command line: C:\WINDOWS\system32\services.exe

Base Size Version Path
0x77be0000 0x53000 7.00.2600.0000 C:\WINDOWS\system32\msvcrt.dll
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est AC18-51B2

Répertoire de C:\Program Files

21/11/2007 17:43 <REP> .
21/11/2007 17:43 <REP> ..
20/06/2001 15:19 40 960 ACMonitor_X83.exe
28/10/2006 12:06 <REP> Adobe
05/11/2007 20:58 <REP> Alwil Software
03/09/2007 17:58 <REP> Apple Software Update
22/07/2006 10:37 <REP> Canon
25/06/2006 14:14 <REP> ComPlus Applications
18/11/2007 21:20 <REP> Fichiers communs
20/11/2007 21:19 <REP> FoxTarot4
03/04/2007 19:38 <REP> FusionSoft DVD Player XP
23/07/2006 21:37 <REP> Internet Explorer
03/09/2007 18:01 <REP> iPod
03/09/2007 18:02 <REP> iTunes
14/09/2007 21:32 <REP> Java
01/07/2006 13:34 <REP> Lexmark
08/07/2006 12:33 <REP> LexmarkX83
14/09/2007 21:32 <REP> LimeWire
08/07/2006 12:42 <REP> Maxis
19/07/2006 08:25 <REP> Messenger
19/06/2007 18:39 <REP> Messenger Plus! Live
01/07/2006 13:41 <REP> MGI
25/06/2006 19:52 <REP> Microsoft ActiveSync
25/06/2006 14:17 <REP> microsoft frontpage
25/06/2006 19:51 <REP> Microsoft Office
23/07/2006 21:37 <REP> Movie Maker
23/07/2006 21:36 <REP> MSN
01/07/2006 13:23 <REP> MSN Apps
25/06/2006 14:13 <REP> MSN Gaming Zone
07/11/2007 18:10 <REP> MSN Messenger
01/07/2006 16:03 <REP> MSN Toolbar
23/07/2006 21:37 <REP> NetMeeting
28/07/2006 18:07 <REP> ONES Trial (F)
23/07/2006 21:37 <REP> Outlook Express
08/07/2006 12:24 <REP> PC VGA Camer@
22/11/2006 18:29 <REP> Philips
03/09/2007 18:00 <REP> QuickTime
30/06/2006 19:50 <REP> SAGEM
30/06/2006 19:51 <REP> SAGEM Wi-Fi USB 802.11g
25/06/2006 14:15 <REP> Services en ligne
09/11/2007 17:31 <REP> Trend Micro
06/11/2007 14:04 <REP> Ubi Soft
19/06/2007 18:39 <REP> Windows Live
06/05/2007 12:36 <REP> Windows Media Player
25/06/2006 14:13 <REP> Windows NT
25/06/2006 14:17 <REP> xerox
1 fichier(s) 40 960 octets
45 Rép(s) 60 856 233 984 octets libres
C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.3.1.3\iTunesSetupAdmin.exe
C:\Documents and Settings\malka\Application Data\LimeWire\.NetworkShare\LimeWireWin4.14.10.exe
C:\Documents and Settings\malka\Application Data\Macromedia\Flash Player\#SharedObjects\L89GXBQ2\localhost\MainCD.exe
C:\Documents and Settings\malka\Bureau\OTMoveIt.exe
C:\Documents and Settings\malka\Bureau\VirtumundoBeGone.exe
C:\Documents and Settings\malka\Bureau\VundoFix.exe
C:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\catchme.exe
C:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\diff.exe
C:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\dumphive.exe
C:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe
C:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\find2.exe
C:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\Fport.exe
C:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\grep.exe
C:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\gzip.exe
C:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\KProcCheck.exe
C:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\LFiles.exe
C:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe
C:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\md5sums.exe
C:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\pslist.exe
C:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\sigcheck.exe
C:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\streams.exe
C:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\swreg.exe
C:\Documents and Settings\malka\Bureau\DiagHelp\DiagHelp\tar.exe
C:\Documents and Settings\malka\Bureau\MSNFix\MSNFix\msnchk.exe
C:\Documents and Settings\malka\Bureau\MSNFix\MSNFix\incl\MD5File.exe
C:\Documents and Settings\malka\Bureau\MSNFix\MSNFix\incl\msnchk.exe
C:\Documents and Settings\malka\Bureau\MSNFix\MSNFix\incl\Process.exe
C:\Documents and Settings\malka\Bureau\MSNFix\MSNFix\incl\swreg.exe
C:\Documents and Settings\malka\Bureau\MSNFix\MSNFix\incl\zip.exe
C:\Documents and Settings\malka\Local Settings\Temporary Internet Files\Content.IE5\SLIBO9QJ\in23[1].exe
C:\Documents and Settings\malka\Mes documents\DVD_Player_5.0_XP.exe
C:\Documents and Settings\malka\Mes documents\JOANNE COURS\Nouveau dossier\iTunesSetup.exe
C:\Documents and Settings\malka\Mes documents\JOANNE COURS\Nouveau dossier\LimeWireWin.exe
C:\Documents and Settings\malka\Mes documents\JOANNE COURS\Nouveau dossier\MPSetup.exe
C:\Documents and Settings\malka\Mes documents\Nouveau dossier\HJTInstall.exe
C:\Documents and Settings\malka\Mes documents\Nouveau dossier\INSTALL_MSN_MESSENGER_NT.EXE
C:\Documents and Settings\malka\Mes documents\Nouveau dossier\installer_fr.exe
C:\Documents and Settings\malka\Mes documents\Nouveau dossier\setup_fr.exe
C:\Documents and Settings\malka\Mes documents\Nouveau dossier\setupfre.exe
C:\Documents and Settings\malka\Mes documents\Nouveau dossier\MSNFix\MSNFix\incl\MD5File.exe
C:\Documents and Settings\malka\Mes documents\Nouveau dossier\MSNFix\MSNFix\incl\msnchk.exe
C:\Documents and Settings\malka\Mes documents\Nouveau dossier\MSNFix\MSNFix\incl\Process.exe
C:\Documents and Settings\malka\Mes documents\Nouveau dossier\MSNFix\MSNFix\incl\swreg.exe
C:\Documents and Settings\malka\Mes documents\Nouveau dossier\MSNFix\MSNFix\incl\zip.exe
C:\Documents and Settings\malka\Mes documents\programmes\Avast4.exe
C:\Documents and Settings\malka\Mes documents\programmes\Install_Messenger.exe
C:\Documents and Settings\malka\Mes documents\programmes\INSTALL_MSN_MESSENGER_NT.EXE
C:\Documents and Settings\malka\Mes documents\programmes\nvidia_6085.exe
C:\Documents and Settings\malka\Mes documents\programmes\pb_alc650_5320.exe
C:\Documents and Settings\malka\Mes documents\programmes\viahyperion4in1448v.exe
C:\Documents and Settings\malka\Mes documents\programmes\viausb20xp.exe
C:\Documents and Settings\malka\Mes documents\programmes\wmp11-windowsxp-x86-FR-FR.exe
C:\Documents and Settings\malka\Mes documents\programmes\Office\INSTMSI.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\INSTMSIW.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\Office XP.exe
C:\Documents and Settings\malka\Mes documents\programmes\Office\SETUP.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\FILES\OSP\1033\FILES\SYSTEM\EXTRACT.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\FILES\OSP\1033\IE5\EN\DCOM95.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\FILES\OSP\1033\IE5\EN\IE5COMP.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\FILES\OSP\1033\IE5\EN\IE5SETUP.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\FILES\OSP\1033\IE5\EN\OAINST.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\FILES\OSP\1033\IE5\EN\VRML2C.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\FILES\OWC\SETUP.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\FILES\PFILES\COMMON\MSSHARED\OFFICE10\DW.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\FILES\PFILES\MSOFFICE\OFFICE10\OFFCLN.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\FILES\SUPPORT\INSTMSI.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\FILES\SUPPORT\INSTMSIW.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\FILES\SUPPORT\Q282879.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\MSDE2000\SETUP.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\MSDE2000\MSI\INSTMSI.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\MSDE2000\MSI\INSTMSIW.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\ORK\INSTMSI.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\ORK\INSTMSIW.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\ORK\SETUP.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\ORK\FILES\PFILES\ORKTOOLS\ORK10\TOOLS\ADMPACK\ADMPACK.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\ORK\FILES\PFILES\ORKTOOLS\ORK10\TOOLS\HTMLHELP\HTMLHELP.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\ORK\FILES\PFILES\ORKTOOLS\ORK10\TOOLS\OCP\_ISDEL.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\ORK\FILES\PFILES\ORKTOOLS\ORK10\TOOLS\OCP\SETUP.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\ORK\FILES\PFILES\ORKTOOLS\ORK10\TOOLS\PPTVIEW\PPVIEW97.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\ORK\FILES\SUPPORT\INSTMSI.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\ORK\FILES\SUPPORT\INSTMSIW.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\ORK\FILES\SUPPORT\Q282879.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\INSTMSI.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\INSTMSIW.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SETUPSE.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQLWRAP.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\FILES\SUPPORT\INSTMSI.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\FILES\SUPPORT\INSTMSIW.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\FILES\SUPPORT\Q282879.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\BCP.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\CMDWRAP.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\CNFGSVR.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\DCOMSCM.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\DISTRIB.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\DTSRUN.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\DTSWIZ.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\LOGREAD.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\ODBCCMPT.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\OSQL.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\REBUILDM.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\REGREBLD.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\REPLMERG.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\SCM.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\SNAPSHOT.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\SQLAGENT.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\SQLMANGR.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\SQLSERVR.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\SVRNETCN.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\BINN\VSWITCH.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\OTHER\DTCSETUP.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\SETUP\_ISDEL.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\SETUP\MSETUP.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\SETUP\SETUPSQL.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\SETUP\SQLSTP.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\SYSTEM\CLICONFG.EXE
C:\Documents and Settings\malka\Mes documents\programmes\Office\SHAREPT\SQL\X86\SYSTEM\REGSVR32.EXE
C:\Documents and Settings\malka\Mes documents\VIVRE APRES LA CHUTE DU MUR DE BERLIN\MsgPlusLive-411.exe
C:\Documents and Settings\malka\Mes documents\VIVRE APRES LA CHUTE DU MUR DE BERLIN\psa30se_ytb612_a708_DLM_en_us.exe

Réponse 31 / 39

Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
22 nov. 2007 à 21:46

Normalement combofix est de nouveau fonctionnel, tu peux faire un new rapport et apres je te dis quoi faire.

a+

Réponse 32 / 39

JO
22 nov. 2007 à 22:36

ComboFix 07-11-19.3 - malka 2007-11-22 22:21:57.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.68 [GMT 1:00]Running from: C:\Documents and Settings\malka\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\WINDOWS\cookies.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\poof

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-22 to 2007-11-22 ))))))))))))))))))))))))))))))))))))
.

2007-11-14 19:42 0 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-11 11:59 <REP> d-------- C:\MSN FIXX
2007-11-11 02:19 <REP> d-------- C:\msnfix
2007-11-10 17:39 583,979 ---hs---- C:\WINDOWS\system32\eqwppmjv.ini
2007-11-09 17:31 <REP> d-------- C:\Program Files\Trend Micro
2007-11-09 16:41 583,679 ---hs---- C:\WINDOWS\system32\libhroqo.ini
2007-11-07 21:31 <REP> d--hs---- C:\found.000
2007-11-07 13:03 <REP> d-------- C:\Documents and Settings\malka\Application Data\[u]0[/u]7%2F06%2F2007
2007-11-07 12:56 681,984 --a------ C:\WINDOWS\is-P5HI2.exe
2007-11-07 12:54 681,984 --a------ C:\WINDOWS\is-NSG79.exe
2007-11-07 12:50 681,984 --a------ C:\WINDOWS\is-KJNGJ.exe
2007-11-07 12:39 681,984 --a------ C:\WINDOWS\is-LEKDT.exe
2007-11-07 12:36 681,984 --a------ C:\WINDOWS\is-DNTO1.exe
2007-11-07 12:34 681,984 --a------ C:\WINDOWS\is-BG01F.exe
2007-11-07 12:32 681,984 --a------ C:\WINDOWS\is-F0KPU.exe
2007-11-07 12:28 <REP> d-------- C:\Program Files\Fichiers communs\[u]0[/u]7%2F06%2F2007
2007-11-07 12:24 569,628 ---hs---- C:\WINDOWS\system32\uicpdmix.ini
2007-11-05 20:58 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-05 20:58 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-05 20:58 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-05 20:58 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-05 20:58 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-02 17:39 56,448 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-11-02 17:39 56,448 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-11-02 17:38 50,688 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2007-11-02 17:38 45,568 --a--c--- C:\WINDOWS\system32\dllcache\iyuv_32.dll
2007-11-02 17:38 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll
2007-11-02 17:38 8,192 --a--c--- C:\WINDOWS\system32\dllcache\tsbyuv.dll
2007-11-02 17:33 47,104 --a--c--- C:\WINDOWS\system32\dllcache\wstdecod.dll
2007-11-02 17:33 34,304 --a------ C:\WINDOWS\system32\mciqtz32.dll
2007-11-02 17:33 27,648 --a--c--- C:\WINDOWS\system32\dllcache\vbisurf.ax
2007-11-02 17:33 18,688 --a--c--- C:\WINDOWS\system32\dllcache\wstcodec.sys
2007-11-01 19:32 24,960 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-11-01 19:32 24,960 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-22 10:36 --------- d-----w C:\Documents and Settings\malka\Application Data\LimeWire
2007-11-20 20:19 --------- d-----w C:\Program Files\FoxTarot4
2007-11-07 17:10 --------- d-----w C:\Program Files\MSN Messenger
2007-11-06 13:04 --------- d-----w C:\Program Files\Ubi Soft
2007-11-05 19:58 --------- d-----w C:\Program Files\Alwil Software
2006-11-11 14:07 17,144 ----a-w C:\Documents and Settings\malka\Application Data\GDIPFONTCACHEV1.DAT
2001-06-20 14:19 40,960 ----a-w C:\Program Files\ACMonitor_X83.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-28 13:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2001-08-28 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2004-04-23 11:24 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2001-08-28 13:00 C:\WINDOWS\system32\rundll32.exe]
"Lexmark X83 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe" [2001-10-12 17:36]
"Lexmark X83 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe" [2001-06-10 13:59]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [2001-10-25 19:20]
"SoundMan"="SOUNDMAN.EXE" [2003-08-14 23:34 C:\WINDOWS\SOUNDMAN.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 08:18]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"Logical Disk Awareness"="mdasvc.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"Salestart(1)"="C:\Program Files\Fichiers communs\[u]0[/u]7%2F06%2F2007\stmon.exe" [2007-10-11 15:21]
"Salestart(2)"="C:\Program Files\Fichiers communs\DefenseDuDisque\strpmon.exe" []
"Salestart(3)"="C:\Program Files\Fichiers communs\MonContenuassistant\mc.exe" []
"ac18511d"="C:\WINDOWS\System32\slbaylia.dll" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 13:00]

R0 PzWDM;PzWDM;C:\WINDOWS\System32\Drivers\PzWDM.sys
R3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;C:\WINDOWS\System32\DRIVERS\WlanUIG.sys
S2 BulkUsb;Genesys Logic USB Scanner Controller NT 5.0;C:\WINDOWS\System32\Drivers\usbscan.sys
S3 PAC7311;VGA SoC PC-Camer@;C:\WINDOWS\System32\DRIVERS\PA707UCM.SYS

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-02 14:16:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-22 22:29:52
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-22 22:31:44 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-13 13:59
.
--- E O F ---

Réponse 33 / 39

JO
27 nov. 2007 à 12:55

il me reste qqch à faire?

Réponse 34 / 39

Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
30 nov. 2007 à 19:16

Salut

Oui, desole.

Remet un Hijackthis et un combofix

A+

Réponse 35 / 39

JO
2 déc. 2007 à 13:37

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:37:21, on 02/12/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Fichiers communs\07%2F06%2F2007\stmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\malka\Local Settings\temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Logical Disk Awareness] mdasvc.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Fichiers communs\07%2F06%2F2007\stmon.exe" dm=http://apu03c0.audientia.net; ad=http://apu03c0.audientia.net
O4 - HKLM\..\Run: [Salestart(2)] "C:\Program Files\Fichiers communs\DefenseDuDisque\strpmon.exe" dm=http://defensedudisque.com; ad=http://defensedudisque.com
O4 - HKLM\..\Run: [Salestart(3)] "C:\Program Files\Fichiers communs\MonContenuassistant\mc.exe" dm=http://moncontenuassistant.com; ad=http://moncontenuassistant.com
O4 - HKLM\..\Run: [ac18511d] rundll32.exe "C:\WINDOWS\System32\slbaylia.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

Réponse 36 / 39

JO
2 déc. 2007 à 13:39

encore une fois, combofix a expiré

Réponse 37 / 39

Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
2 déc. 2007 à 23:23

ok retelecharge le et relance le alors.

A+

Réponse 38 / 39

JO
4 déc. 2007 à 16:18

ComboFix 07-12-02.6 - malka 2007-12-04 16:10:35.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.83 [GMT 1:00]
Running from: C:\Documents and Settings\malka\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor

.
((((((((((((((((((((((((((((( Fichiers créés 2007-11-04 to 2007-12-04 ))))))))))))))))))))))))))))))))))))
.

2007-11-28 17:17 . 2007-11-28 17:17 244 --ah----- C:\sqmnoopt10.sqm
2007-11-28 17:17 . 2007-11-28 17:17 232 --ah----- C:\sqmdata11.sqm
2007-11-21 17:29 . 2007-11-21 17:29 722,134 --a------ C:\upload_moi_MALKA-OPM3M753E.tar.gz
2007-11-14 19:42 . 2007-11-14 19:43 0 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-14 10:14 . 2007-11-14 10:14 244 --ah----- C:\sqmnoopt09.sqm
2007-11-14 10:14 . 2007-11-14 10:14 232 --ah----- C:\sqmdata10.sqm
2007-11-12 17:40 . 2007-11-18 19:59 1,038,418 ---hs---- C:\WINDOWS\system32\ailyabls.ini
2007-11-11 17:41 . 2007-11-12 17:39 584,596 ---hs---- C:\WINDOWS\system32\isohspie.ini
2007-11-11 11:59 . 2007-11-11 11:59 <REP> d-------- C:\MSN FIXX
2007-11-11 02:19 . 2007-11-11 02:19 <REP> d-------- C:\msnfix
2007-11-10 17:39 . 2007-11-11 13:30 583,979 ---hs---- C:\WINDOWS\system32\eqwppmjv.ini
2007-11-09 17:31 . 2007-11-09 17:31 <REP> d-------- C:\Program Files\Trend Micro
2007-11-09 16:41 . 2007-11-10 17:38 583,679 ---hs---- C:\WINDOWS\system32\libhroqo.ini
2007-11-08 13:25 . 2007-11-09 16:40 584,182 ---hs---- C:\WINDOWS\system32\ocjolhyc.ini
2007-11-07 21:31 . 2007-11-07 21:31 <REP> d--hs---- C:\found.000
2007-11-07 13:03 . 2007-11-07 13:03 <REP> d-------- C:\Documents and Settings\malka\Application Data\[u]0[/u]7%2F06%2F2007
2007-11-07 12:56 . 2007-11-07 12:56 681,984 --a------ C:\WINDOWS\is-P5HI2.exe
2007-11-07 12:56 . 2007-11-07 12:56 10,551 --a------ C:\WINDOWS\is-P5HI2.msg
2007-11-07 12:56 . 2007-11-07 12:56 303 --a------ C:\WINDOWS\is-P5HI2.lst
2007-11-07 12:54 . 2007-11-07 12:54 681,984 --a------ C:\WINDOWS\is-NSG79.exe
2007-11-07 12:54 . 2007-11-07 12:54 10,551 --a------ C:\WINDOWS\is-NSG79.msg
2007-11-07 12:54 . 2007-11-07 12:54 303 --a------ C:\WINDOWS\is-NSG79.lst
2007-11-07 12:50 . 2007-11-07 12:50 681,984 --a------ C:\WINDOWS\is-KJNGJ.exe
2007-11-07 12:50 . 2007-11-07 12:50 10,551 --a------ C:\WINDOWS\is-KJNGJ.msg
2007-11-07 12:50 . 2007-11-07 12:50 303 --a------ C:\WINDOWS\is-KJNGJ.lst
2007-11-07 12:39 . 2007-11-07 12:39 681,984 --a------ C:\WINDOWS\is-LEKDT.exe
2007-11-07 12:39 . 2007-11-07 12:39 10,551 --a------ C:\WINDOWS\is-LEKDT.msg
2007-11-07 12:39 . 2007-11-07 12:39 303 --a------ C:\WINDOWS\is-LEKDT.lst
2007-11-07 12:36 . 2007-11-07 12:36 681,984 --a------ C:\WINDOWS\is-DNTO1.exe
2007-11-07 12:36 . 2007-11-07 12:36 10,551 --a------ C:\WINDOWS\is-DNTO1.msg
2007-11-07 12:36 . 2007-11-07 12:36 303 --a------ C:\WINDOWS\is-DNTO1.lst
2007-11-07 12:34 . 2007-11-07 12:34 681,984 --a------ C:\WINDOWS\is-BG01F.exe
2007-11-07 12:34 . 2007-11-07 12:34 10,551 --a------ C:\WINDOWS\is-BG01F.msg
2007-11-07 12:34 . 2007-11-07 12:34 303 --a------ C:\WINDOWS\is-BG01F.lst
2007-11-07 12:32 . 2007-11-07 12:32 681,984 --a------ C:\WINDOWS\is-F0KPU.exe
2007-11-07 12:32 . 2007-11-07 12:32 10,551 --a------ C:\WINDOWS\is-F0KPU.msg
2007-11-07 12:32 . 2007-11-07 12:32 303 --a------ C:\WINDOWS\is-F0KPU.lst
2007-11-07 12:28 . 2007-11-11 21:44 <REP> d-------- C:\Program Files\Fichiers communs\[u]0[/u]7%2F06%2F2007
2007-11-07 12:24 . 2007-11-08 13:25 569,628 ---hs---- C:\WINDOWS\system32\uicpdmix.ini
2007-11-05 20:58 . 2007-09-06 12:09 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-05 20:58 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-11-05 20:58 . 2007-09-06 12:00 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-05 20:58 . 2007-09-06 12:05 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-05 20:58 . 2007-09-06 12:05 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-05 20:58 . 2007-09-06 12:02 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-05 20:58 . 2007-09-06 12:00 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-05 20:58 . 2007-09-06 12:03 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-03 19:22 --------- d-----w C:\Program Files\FoxTarot4
2007-11-30 19:59 --------- d-----w C:\Documents and Settings\malka\Application Data\LimeWire
2007-11-07 17:10 --------- d-----w C:\Program Files\MSN Messenger
2007-11-06 13:04 --------- d-----w C:\Program Files\Ubi Soft
2007-11-05 19:58 --------- d-----w C:\Program Files\Alwil Software
2006-11-11 14:07 17,144 ----a-w C:\Documents and Settings\malka\Application Data\GDIPFONTCACHEV1.DAT
2001-06-20 14:19 40,960 ----a-w C:\Program Files\ACMonitor_X83.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-28 13:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2001-08-28 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2004-04-23 11:24 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2001-08-28 13:00 C:\WINDOWS\system32\rundll32.exe]
"Lexmark X83 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe" [2001-10-12 17:36]
"Lexmark X83 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe" [2001-06-10 13:59]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [2001-10-25 19:20]
"SoundMan"="SOUNDMAN.EXE" [2003-08-14 23:34 C:\WINDOWS\SOUNDMAN.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 08:18]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"Logical Disk Awareness"="mdasvc.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"Salestart(1)"="C:\Program Files\Fichiers communs\[u]0[/u]7%2F06%2F2007\stmon.exe" [2007-10-11 15:21]
"Salestart(2)"="C:\Program Files\Fichiers communs\DefenseDuDisque\strpmon.exe" []
"Salestart(3)"="C:\Program Files\Fichiers communs\MonContenuassistant\mc.exe" []
"ac18511d"="C:\WINDOWS\System32\slbaylia.dll" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 13:00]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]
Sagem - Utilitaire r‚seau pour Cl‚ USB Wi-Fi 802.11g.lnk - C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2006-06-30 19:51:02]

R0 PzWDM;PzWDM;C:\WINDOWS\System32\Drivers\PzWDM.sys
R3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;C:\WINDOWS\System32\DRIVERS\WlanUIG.sys
S2 BulkUsb;Genesys Logic USB Scanner Controller NT 5.0;C:\WINDOWS\System32\Drivers\usbscan.sys
S3 PAC7311;VGA SoC PC-Camer@;C:\WINDOWS\System32\DRIVERS\PA707UCM.SYS

*Newly Created Service* - PCANDIS5
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-02 14:16:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-04 16:14:33
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-04 16:15:38
C:\ComboFix2.txt ... 2007-11-22 22:31
C:\ComboFix3.txt ... 2007-11-13 13:59
.
--- E O F ---

Réponse 39 / 39

JO
4 déc. 2007 à 16:20

voilà...
en tt cas jte remercie pr ton aide jusqu'ici, le problème semble être parti.
il me reste encore bcp à faire?

VIRUS

39 réponses

Discussions similaires