Win32/Cryptexe

Merci de ta réponse si rapide =)

Voici le rapport en espérant que tu puisse m'aider.

SmitFraudFix v2.320

Rapport fait à 19:05:12,48, 19/05/2008
Executé à partir de C:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NetProject\sbmntr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetProject\sbsm.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\lxcgcoms.exe
c:\windows\system32\qlmnvt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\GUILD WARS\Gw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Propri‚taire


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Propri‚taire\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\COMPAQ~1\Favoris

C:\DOCUME~1\COMPAQ~1\Favoris\Online Security Test.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\NetProject\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="https://www.linternaute.com/sortir/magazine/1358366-fond-d-ecran-gratuit-choisissez-votre-wallpaper-parmi-nos-selections/"
"SubscribedURL"="https://www.linternaute.com/sortir/magazine/1358366-fond-d-ecran-gratuit-choisissez-votre-wallpaper-parmi-nos-selections/"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Hamachi Network Interface
DNS Server Search Order: 15.243.128.51
DNS Server Search Order: 15.243.160.51

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 194.117.200.10
DNS Server Search Order: 194.117.200.15

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0080B9AC-5772-4513-9D85-3B286ED3A79F}: NameServer=194.117.200.10,194.117.200.15
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0080B9AC-5772-4513-9D85-3B286ED3A79F}: NameServer=194.117.200.10,194.117.200.15
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CS3\Services\Tcpip\..\{0080B9AC-5772-4513-9D85-3B286ED3A79F}: NameServer=194.117.200.10,194.117.200.15
HKLM\SYSTEM\CS3\Services\Tcpip\..\{BA4E763B-CA83-4B7A-98CD-D5F8A7EA006B}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Alors alors.
Voici le Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:02:05, on 19/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: LphantBar Toolbar - {6b284373-1765-4464-a587-80fbc2b2eefa} - C:\Program Files\LphantBar\tbLpha.dll
O1 - Hosts: 87.117.202.117 nprotect.roseonlinegame.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: 527631 helper - {54160F28-994B-48DD-8D83-1B2F6B9EB054} - C:\WINDOWS\system32\527631\527631.dll (file missing)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: LphantBar Toolbar - {6b284373-1765-4464-a587-80fbc2b2eefa} - C:\Program Files\LphantBar\tbLpha.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: LphantBar Toolbar - {6b284373-1765-4464-a587-80fbc2b2eefa} - C:\Program Files\LphantBar\tbLpha.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Internet] C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\GJ86A2V6\www.club-internet[1]
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0080B9AC-5772-4513-9D85-3B286ED3A79F}: NameServer = 194.117.200.10,194.117.200.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{0080B9AC-5772-4513-9D85-3B286ED3A79F}: NameServer = 194.117.200.10,194.117.200.15
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

Un peu plus long cette fois =)

SDfix


[b]SDFix: Version 1.183 [/b]
Run by Compaq_Propri‚taire on 19/05/2008 at 21:16

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\Documents and Settings\All Users\Menu D‚marrer\Online Security Guide.url - Deleted
C:\Documents and Settings\All Users\Menu D‚marrer\Security Troubleshooting.url - Deleted



Folder C:\WINDOWS\system32\527631 - Removed


Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-19 21:29:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:01,5e,fa,8a,26,2f,d3,c8,f8,e1,db,dd,82,5f,eb,25,53,e1,b4,d8,43,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:9a,aa,86,1a,e4,7c,98,eb,36,e0,8b,5c,c2,be,27,c0,61,cf,54,b8,3d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d8,07,b0,6c,59,6c,4e,f5,90,90,bd,79,5c,b3,73,6c,fe,..
"khjeh"=hex:f9,3d,a5,65,12,ba,a1,22,e1,1d,05,69,8f,4a,c5,de,4e,d2,14,67,e5,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5d,b8,95,5b,d1,a8,0c,f1,3c,f0,77,f4,b2,2e,35,30,99,9b,eb,ef,49,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:01,5e,fa,8a,26,2f,d3,c8,f8,e1,db,dd,82,5f,eb,25,53,e1,b4,d8,43,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:9a,aa,86,1a,e4,7c,98,eb,36,e0,8b,5c,c2,be,27,c0,61,cf,54,b8,3d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d8,07,b0,6c,59,6c,4e,f5,90,90,bd,79,5c,b3,73,6c,fe,..
"khjeh"=hex:f9,3d,a5,65,12,ba,a1,22,e1,1d,05,69,8f,4a,c5,de,4e,d2,14,67,e5,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5d,b8,95,5b,d1,a8,0c,f1,3c,f0,77,f4,b2,2e,35,30,99,9b,eb,ef,49,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"="C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe:*:Enabled:CyberLink PowerCinema"
"C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"="C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL France"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\condition zero\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\counter-strike\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\wamp\\Apache2\\bin\\httpd.exe"="C:\\wamp\\Apache2\\bin\\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\source sdk base\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\source sdk base\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Gpotato\\Flyff\\Flyff.exe"="C:\\Program Files\\Gpotato\\Flyff\\Flyff.exe:*:Enabled:Flyff"
"C:\\Program Files\\lphant\\eLePhantClient.exe"="C:\\Program Files\\lphant\\eLePhantClient.exe:*:Enabled:Lphant"
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner"
"C:\\Program Files\\THQ\\Dawn Of War\\W40kWA.exe"="C:\\Program Files\\THQ\\Dawn Of War\\W40kWA.exe:*:Enabled:W40kWA"
"C:\\Program Files\\Cyberlink\\PowerDirector\\PDR.exe"="C:\\Program Files\\Cyberlink\\PowerDirector\\PDR.exe:*:Enabled:CyberLink PowerDirector"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\Program Files\\THQ\\Dawn Of War\\W40k.exe"="C:\\Program Files\\THQ\\Dawn Of War\\W40k.exe:*:Enabled:W40k"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\day of defeat\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
"C:\\Program Files\\Valve\\Steam\\steam.exe"="C:\\Program Files\\Valve\\Steam\\steam.exe:*:Enabled:Steam"
"C:\\Program Files\\eMule2\\emule.exe"="C:\\Program Files\\eMule2\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\ricochet\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\ricochet\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\deathmatch classic\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\deathmatch classic\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\GameTribe\\Infinity\\xclient.exe"="C:\\Program Files\\GameTribe\\Infinity\\xclient.exe:*:Enabled:xclient"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\common\\dawn of war soulstorm demo\\Soulstorm.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\common\\dawn of war soulstorm demo\\Soulstorm.exe:*:Enabled:Soulstorm"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\TmNationsForever\\TmForever.exe"="C:\\Program Files\\TmNationsForever\\TmForever.exe:*:Enabled:TmForever"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\team fortress 2\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\team fortress 2\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe"="C:\\Program Files\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe:*:Enabled:Miro_Downloader"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Tue 12 Jun 2007 218 A.SHR --- "C:\BOOT.BAK"
Fri 13 May 2005 217,073 A.SHR --- "C:\WINDOWS\meta4.exe"
Mon 28 May 2001 48,640 A..H. --- "C:\WINDOWS\vStrip.exe"
Wed 26 Jul 2006 32,207 ..SH. --- "C:\Program Files\Fichiers communs\Y1220OU.exe"
Sat 26 May 2007 22 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys"
Thu 14 Jul 2005 27,648 A.SHR --- "C:\WINDOWS\system32\AVSredirect.dll"
Sun 26 Jun 2005 616,448 A.SHR --- "C:\WINDOWS\system32\cygwin1.dll"
Tue 21 Jun 2005 45,568 A.SHR --- "C:\WINDOWS\system32\cygz.dll"
Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Sun 25 Jan 2004 70,656 A.SHR --- "C:\WINDOWS\system32\i420vfw.dll"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Mon 28 Feb 2005 240,128 A.SHR --- "C:\WINDOWS\system32\x.264.exe"
Sun 25 Jan 2004 70,656 A.SHR --- "C:\WINDOWS\system32\yv12vfw.dll"
Thu 3 Aug 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Sat 24 Nov 2007 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Fri 27 Oct 2006 15,872 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll"
Sun 19 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sun 4 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"

[b]Finished![


Hijack:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:36:41, on 19/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: LphantBar Toolbar - {6b284373-1765-4464-a587-80fbc2b2eefa} - C:\Program Files\LphantBar\tbLpha.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: LphantBar Toolbar - {6b284373-1765-4464-a587-80fbc2b2eefa} - C:\Program Files\LphantBar\tbLpha.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: LphantBar Toolbar - {6b284373-1765-4464-a587-80fbc2b2eefa} - C:\Program Files\LphantBar\tbLpha.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0080B9AC-5772-4513-9D85-3B286ED3A79F}: NameServer = 194.117.200.10,194.117.200.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{0080B9AC-5772-4513-9D85-3B286ED3A79F}: NameServer = 194.117.200.10,194.117.200.15
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

DiagHelp version v1.4 - http://www.malekal.com
excute le 20/05/2008 à 19:04:53,50


Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->20/05/2008 19:04:44
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->20/05/2008 19:04:43
C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf -->20/05/2008 19:04:24
C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->20/05/2008 19:04:24
C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->20/05/2008 19:04:24
C:\WINDOWS\prefetch\SVCHOST.EXE-3530F672.pf -->20/05/2008 19:04:24
C:\WINDOWS\prefetch\IPODSERVICE.EXE-3192DE38.pf -->20/05/2008 19:04:24
C:\WINDOWS\prefetch\ALG.EXE-0F138680.pf -->20/05/2008 19:04:24
C:\WINDOWS\prefetch\REGEDIT.EXE-1B606482.pf -->20/05/2008 19:04:23
C:\WINDOWS\prefetch\NTOSBOOT-B00DFAAD.pf -->20/05/2008 19:04:23

C:\WINDOWS\System32\drivers\aswSP.sys -->16/05/2008 01:20:32
C:\WINDOWS\System32\drivers\aswmon2.sys -->16/05/2008 01:18:33
C:\WINDOWS\System32\drivers\aswFsBlk.sys -->16/05/2008 01:16:06
C:\WINDOWS\System32\drivers\aswRdr.sys -->16/05/2008 01:15:29
C:\WINDOWS\System32\drivers\aswTdi.sys -->16/05/2008 01:14:11
C:\WINDOWS\System32\drivers\aavmker4.sys -->16/05/2008 01:13:26
C:\WINDOWS\System32\drivers\hamachi.sys -->02/05/2008 17:38:39

C:\WINDOWS\System32\qlmnvt.dat -->20/05/2008 19:03:36
C:\WINDOWS\System32\CONFIG.NT -->20/05/2008 05:40:11
C:\WINDOWS\System32\tmp.txt -->19/05/2008 19:54:58
C:\WINDOWS\System32\tmp.reg -->19/05/2008 19:54:58
C:\WINDOWS\System32\qlmnvt.exe -->18/05/2008 23:36:48
C:\WINDOWS\System32\IEDFix.exe -->18/05/2008 21:40:35
C:\WINDOWS\System32\404Fix.exe -->18/05/2008 21:40:35
C:\WINDOWS\System32\aswBoot.exe -->16/05/2008 01:24:43
C:\WINDOWS\System32\AvastSS.scr -->16/05/2008 01:12:36
C:\WINDOWS\System32\VACFix.exe -->15/05/2008 23:22:45
C:\WINDOWS\System32\qlmnvt_nav.dat -->25/04/2008 13:51:23
C:\WINDOWS\System32\DrvTrNTm.dll -->17/04/2008 01:34:02
C:\WINDOWS\System32\DrvTrNTl.dll -->12/04/2008 12:29:36
C:\WINDOWS\System32\wpa.dbl -->08/04/2008 21:52:08
C:\WINDOWS\System32\FNTCACHE.DAT -->02/04/2008 07:18:31
C:\WINDOWS\System32\PerfStringBackup.INI -->30/03/2008 08:51:12
C:\WINDOWS\System32\perfh00C.dat -->30/03/2008 08:51:12
C:\WINDOWS\System32\perfh009.dat -->30/03/2008 08:51:12
C:\WINDOWS\System32\perfc00C.dat -->30/03/2008 08:51:12
C:\WINDOWS\System32\perfc009.dat -->30/03/2008 08:51:12
C:\WINDOWS\System32\QuickTimeVR.qtx -->28/03/2008 23:37:26
C:\WINDOWS\System32\QuickTime.qts -->28/03/2008 23:37:26
C:\WINDOWS\System32\nscompat.tlb -->10/03/2008 21:00:28
C:\WINDOWS\System32\amcompat.tlb -->10/03/2008 21:00:28
C:\WINDOWS\System32\GEARAspi.dll -->29/01/2008 12:02:30

C:\WINDOWS\WindowsUpdate.log -->20/05/2008 19:04:27
C:\WINDOWS\0.log -->20/05/2008 19:03:35
C:\WINDOWS\wiaservc.log -->20/05/2008 19:03:33
C:\WINDOWS\wiadebug.log -->20/05/2008 19:03:33
C:\WINDOWS\QTFont.qfn -->20/05/2008 19:03:14
C:\WINDOWS\bootstat.dat -->20/05/2008 19:03:07
C:\WINDOWS\SchedLgU.Txt -->20/05/2008 19:02:11
C:\WINDOWS\setupapi.log -->20/05/2008 17:58:31
C:\WINDOWS\ACROREAD.INI -->18/05/2008 20:43:43
C:\WINDOWS\Thumbs.db -->18/05/2008 12:23:58
C:\WINDOWS\system.ini -->05/05/2008 21:11:47
C:\WINDOWS\QTFont.for -->12/04/2008 10:50:07
C:\WINDOWS\win.ini -->02/04/2008 07:12:21
C:\WINDOWS\Revolution Script CZ Uninstaller.exe -->06/03/2008 21:18:07
C:\WINDOWS\WORDPAD.INI -->23/02/2008 18:21:43

winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed


ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 444
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x01ce0000 0x1c000 11.01.0000.2021 C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll
0x01be0000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
0x01c00000 0x9b000 C:\PROGRA~1\IZArc\IZArcCM.dll
0x01e40000 0x2a000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
0x01fa0000 0x2c000 C:\Program Files\WinRAR\rarext.dll
0x64f00000 0x12000 4.08.1201.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll
0x01240000 0xe000 7.00.0000.1333 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
0x7c360000 0x56000 7.10.6030.0000 C:\WINDOWS\system32\MSVCR71.dll

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 964
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL


Le volume dans le lecteur C s'appelle PRESARIO
Le numéro de série du volume est C88D-E7B3

Répertoire de C:\WINDOWS\system

07/05/1998 18:04 52 736 hpsysdrv.exe
10/09/1999 12:06 4 672 WOWPOST.EXE
2 fichier(s) 57 408 octets
0 Rép(s) 98 221 084 672 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le numéro de série du volume est C88D-E7B3

Répertoire de C:\WINDOWS\system32

05/08/2004 13:00 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 98 221 084 672 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C s'appelle PRESARIO
Le numéro de série du volume est C88D-E7B3

Répertoire de C:\WINDOWS\Downloaded Program Files

15/05/2008 09:17 <REP> .
15/05/2008 09:17 <REP> ..
15/05/2008 09:16 <REP> CONFLICT.1
23/11/2004 16:20 65 desktop.ini
26/07/2002 02:13 24 576 dwusplay.dll
26/07/2002 02:13 196 608 dwusplay.exe
15/06/2006 18:33 1 132 192 EPUWALcontrol.dll
23/03/2007 12:17 1 292 erma.inf
07/08/2006 09:44 807 flashax2.inf
09/08/2006 20:56 53 248 HGPlugin9USA.dll
09/08/2006 20:58 390 HGPlugin9USA.inf
09/08/2006 20:29 540 672 HGStart9USA.exe
11/08/2005 16:30 417 792 isusweb.dll
29/05/2003 16:00 160 864 messengerstatsclient.dll
22/02/2007 23:41 304 544 MessengerStatsPAClient.dll
20/01/2000 15:25 1 162 Microsoft XML Parser for Java.osd
28/02/2007 14:21 130 472 MineSweeper.dll
29/05/2003 16:00 77 408 msgrchkr.dll
22/06/2006 11:41 5 032 swflash.inf
30/06/2003 23:41 1 689 WMV9VCM.inf
17 fichier(s) 3 048 813 octets

Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1

15/05/2008 09:16 <REP> .
15/05/2008 09:16 <REP> ..
28/02/2007 14:21 131 472 msgrchkr.dll
1 fichier(s) 131 472 octets

Total des fichiers listés :
18 fichier(s) 3 180 285 octets
5 Rép(s) 98 221 080 576 octets libres

Recherche de rootkit! (Merci S!Ri)
[b]infection possible Magic.Control/b : un scan F-Secure BlackLight est recommandé

Recherche d'infections connues

Export des clefs sensibles..


Liste des fichiers en exception sur le pare-feu XP SP2

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"="C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe:*:Enabled:CyberLink PowerCinema"
"C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"="C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL France"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\condition zero\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\counter-strike\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\wamp\\Apache2\\bin\\httpd.exe"="C:\\wamp\\Apache2\\bin\\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\source sdk base\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\source sdk base\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Gpotato\\Flyff\\Flyff.exe"="C:\\Program Files\\Gpotato\\Flyff\\Flyff.exe:*:Enabled:Flyff"
"C:\\Program Files\\lphant\\eLePhantClient.exe"="C:\\Program Files\\lphant\\eLePhantClient.exe:*:Enabled:Lphant"
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner"
"C:\\Program Files\\THQ\\Dawn Of War\\W40kWA.exe"="C:\\Program Files\\THQ\\Dawn Of War\\W40kWA.exe:*:Enabled:W40kWA"
"C:\\Program Files\\Cyberlink\\PowerDirector\\PDR.exe"="C:\\Program Files\\Cyberlink\\PowerDirector\\PDR.exe:*:Enabled:CyberLink PowerDirector"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\Program Files\\THQ\\Dawn Of War\\W40k.exe"="C:\\Program Files\\THQ\\Dawn Of War\\W40k.exe:*:Enabled:W40k"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\day of defeat\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"
"C:\\Program Files\\Valve\\Steam\\steam.exe"="C:\\Program Files\\Valve\\Steam\\steam.exe:*:Enabled:Steam"
"C:\\Program Files\\eMule2\\emule.exe"="C:\\Program Files\\eMule2\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\ricochet\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\ricochet\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\deathmatch classic\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\deathmatch classic\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\GameTribe\\Infinity\\xclient.exe"="C:\\Program Files\\GameTribe\\Infinity\\xclient.exe:*:Enabled:xclient"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\common\\dawn of war soulstorm demo\\Soulstorm.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\common\\dawn of war soulstorm demo\\Soulstorm.exe:*:Enabled:Soulstorm"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\TmNationsForever\\TmForever.exe"="C:\\Program Files\\TmNationsForever\\TmForever.exe:*:Enabled:TmForever"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\team fortress 2\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\team fortress 2\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe"="C:\\Program Files\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe:*:Enabled:Miro_Downloader"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"



exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001



Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-20 19:05:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:01,5e,fa,8a,26,2f,d3,c8,f8,e1,db,dd,82,5f,eb,25,53,e1,b4,d8,43,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:9a,aa,86,1a,e4,7c,98,eb,36,e0,8b,5c,c2,be,27,c0,61,cf,54,b8,3d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d8,07,b0,6c,59,6c,4e,f5,90,90,bd,79,5c,b3,73,6c,fe,..
"khjeh"=hex:f9,3d,a5,65,12,ba,a1,22,e1,1d,05,69,8f,4a,c5,de,4e,d2,14,67,e5,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5d,b8,95,5b,d1,a8,0c,f1,3c,f0,77,f4,b2,2e,35,30,99,9b,eb,ef,49,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:01,5e,fa,8a,26,2f,d3,c8,f8,e1,db,dd,82,5f,eb,25,53,e1,b4,d8,43,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:9a,aa,86,1a,e4,7c,98,eb,36,e0,8b,5c,c2,be,27,c0,61,cf,54,b8,3d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d8,07,b0,6c,59,6c,4e,f5,90,90,bd,79,5c,b3,73,6c,fe,..
"khjeh"=hex:f9,3d,a5,65,12,ba,a1,22,e1,1d,05,69,8f,4a,c5,de,4e,d2,14,67,e5,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5d,b8,95,5b,d1,a8,0c,f1,3c,f0,77,f4,b2,2e,35,30,99,9b,eb,ef,49,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"qlmnvt"="c:\windows\system32\qlmnvt.exe qlmnvt"

scanning hidden files ...

C:\WINDOWS\system32\qlmnvt.dat 5165 bytes
C:\WINDOWS\system32\qlmnvt.exe 327680 bytes executable
C:\WINDOWS\system32\qlmnvt_nav.dat 420034 bytes
C:\WINDOWS\system32\qlmnvt_navps.dat 1490 bytes

scan completed successfully
hidden services: 0
hidden files: 4


KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
148 - LVComSer.exe
428 - ashServ.exe
444 - explorer.exe
592 - razertra.exe
624 - razerofa.exe
636 - ashDisp.exe
644 - avgas.exe
712 - realsched.exe
748 - iTunesHelper.ex
784 - razerhid.exe
812 - qlmnvt.exe
904 - msnmsgr.exe
940 - csrss.exe
964 - winlogon.exe
1012 - services.exe
1024 - lsass.exe
1196 - svchost.exe
1244 - svchost.exe
1464 - AppleMobileDevi
1504 - guard.exe
1536 - mDNSResponder.e
1556 - LVPrcSrv.exe
1612 - spoolsv.exe
1632 - svchost.exe
1712 - svchost.exe
1828 - svchost.exe
1884 - LVComSer.exe
1948 - cmd.exe
1980 - iPodService.exe
2252 - svchost.exe
2688 - nvsvc32.exe
2736 - RichVideo.exe
2828 - StarWindService
2864 - svchost.exe
3556 - alg.exe
3620 - ashMaiSv.exe
4056 - ashWebSv.exe

Total number of processes = 38
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntkrnlpa.exe
806E2000 - \WINDOWS\system32\hal.dll
F7ADC000 - \WINDOWS\system32\KDCOM.DLL
F79EC000 - \WINDOWS\system32\BOOTVID.dll
F73DD000 - spqv.sys
F7ADE000 - \WINDOWS\System32\Drivers\WMILIB.SYS
F73C5000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS
F7396000 - ACPI.sys
F7385000 - pci.sys
F75DC000 - ohci1394.sys
F75EC000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS
F75FC000 - isapnp.sys
F7BA4000 - pciide.sys
F785C000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
F7AE0000 - viaide.sys
F7AE2000 - intelide.sys
F760C000 - MountMgr.sys
F7366000 - ftdisk.sys
F7864000 - PartMgr.sys
F761C000 - VolSnap.sys
F734E000 - atapi.sys
F762C000 - disk.sys
F763C000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
F732E000 - fltMgr.sys
F731C000 - sr.sys
F786C000 - PxHelp20.sys
F7305000 - KSecDD.sys
F7278000 - Ntfs.sys
F724B000 - NDIS.sys
F7230000 - Mup.sys
F6BD1000 - \SystemRoot\system32\drivers\TotRec7.sys
F6BAF000 - \SystemRoot\system32\drivers\portcls.sys
F778C000 - \SystemRoot\system32\drivers\drmk.sys
F6B8C000 - \SystemRoot\system32\drivers\ks.sys
F779C000 - \SystemRoot\system32\DRIVERS\intelppm.sys
F6502000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys
F64EE000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
F79CC000 - \SystemRoot\system32\DRIVERS\usbohci.sys
F64CB000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
F79D4000 - \SystemRoot\system32\DRIVERS\usbehci.sys
F77AC000 - \SystemRoot\system32\DRIVERS\imapi.sys
F77BC000 - \SystemRoot\system32\DRIVERS\cdrom.sys
F77CC000 - \SystemRoot\system32\DRIVERS\redbook.sys
F71F8000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys
F64A6000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys
F79DC000 - \SystemRoot\system32\DRIVERS\fdc.sys
F6492000 - \SystemRoot\system32\DRIVERS\parport.sys
F77DC000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
F79E4000 - \SystemRoot\system32\DRIVERS\PS2.sys
F787C000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
F647E000 - \SystemRoot\system32\DRIVERS\Rtnicxp.sys
F77EC000 - \SystemRoot\system32\DRIVERS\nic1394.sys
F6417000 - \SystemRoot\System32\Drivers\a6h768qs.SYS
F62A2000 - \SystemRoot\System32\Drivers\ao8m14zk.SYS
F7C95000 - \SystemRoot\system32\DRIVERS\audstub.sys
F784C000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
F7AAC000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
F612B000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
F76AC000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
F6C89000 - \SystemRoot\system32\DRIVERS\raspptp.sys
F797C000 - \SystemRoot\system32\DRIVERS\TDI.SYS
F611A000 - \SystemRoot\system32\DRIVERS\psched.sys
F6C79000 - \SystemRoot\system32\DRIVERS\msgpc.sys
F7984000 - \SystemRoot\system32\DRIVERS\ptilink.sys
F798C000 - \SystemRoot\system32\DRIVERS\raspti.sys
F7994000 - \SystemRoot\system32\DRIVERS\hamachi.sys
F6C69000 - \SystemRoot\System32\Drivers\pcouffin.sys
F6C59000 - \SystemRoot\system32\DRIVERS\termdd.sys
F799C000 - \SystemRoot\system32\DRIVERS\mouclass.sys
F7B3E000 - \SystemRoot\system32\DRIVERS\swenum.sys
F60C1000 - \SystemRoot\system32\DRIVERS\update.sys
F7AC0000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
F6C49000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F780C000 - \SystemRoot\system32\DRIVERS\usbhub.sys
F7B50000 - \SystemRoot\system32\DRIVERS\USBD.SYS
F3396000 - \SystemRoot\system32\drivers\RtkHDAud.sys
F7B54000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F7C5F000 - \SystemRoot\System32\Drivers\Null.SYS
F7B56000 - \SystemRoot\System32\Drivers\Beep.SYS
F7C62000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys
F7944000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
F794C000 - \SystemRoot\System32\drivers\vga.sys
F7B5A000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F7B5C000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F7954000 - \SystemRoot\System32\Drivers\Msfs.SYS
F795C000 - \SystemRoot\System32\Drivers\Npfs.SYS
F7AA0000 - \SystemRoot\system32\DRIVERS\rasacd.sys
F333B000 - \SystemRoot\system32\DRIVERS\ipsec.sys
F32E3000 - \SystemRoot\system32\DRIVERS\tcpip.sys
F783C000 - \SystemRoot\System32\Drivers\aswTdi.SYS
F32C2000 - \SystemRoot\system32\DRIVERS\ipnat.sys
F329A000 - \SystemRoot\system32\DRIVERS\netbt.sys
F399A000 - \SystemRoot\system32\DRIVERS\wanarp.sys
F3278000 - \SystemRoot\System32\drivers\afd.sys
F398A000 - \SystemRoot\system32\DRIVERS\netbios.sys
F397A000 - \SystemRoot\system32\DRIVERS\arp1394.sys
F324D000 - \SystemRoot\system32\DRIVERS\rdbss.sys
F31B6000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
F396A000 - \SystemRoot\System32\Drivers\Fips.SYS
F7C94000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
F319F000 - \SystemRoot\System32\Drivers\aswSP.SYS
F3F0F000 - \SystemRoot\System32\Drivers\Aavmker4.SYS
F317C000 - \SystemRoot\System32\Drivers\Fastfat.SYS
F7AA4000 - \SystemRoot\system32\DRIVERS\usb8023.sys
F3EFF000 - \SystemRoot\system32\DRIVERS\RNDISMP.SYS
F3EF7000 - \SystemRoot\system32\DRIVERS\usbccgp.sys
F3EEF000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS
F394A000 - \SystemRoot\system32\drivers\LVUSBSta.sys
F7AA8000 - \SystemRoot\system32\DRIVERS\usbscan.sys
F3EE7000 - \SystemRoot\system32\DRIVERS\usbprint.sys
F7AB8000 - \SystemRoot\system32\DRIVERS\hidusb.sys
F393A000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
F2E13000 - \SystemRoot\system32\DRIVERS\LV302V32.SYS
F7B70000 - \SystemRoot\system32\DRIVERS\lv302af.sys
F392A000 - \SystemRoot\system32\drivers\usbaudio.sys
F391A000 - \SystemRoot\System32\Drivers\Cdfs.SYS
F3ECF000 - \SystemRoot\System32\Drivers\Razerlow.sys
F7204000 - \SystemRoot\system32\DRIVERS\mouhid.sys
F7200000 - \SystemRoot\system32\DRIVERS\kbdhid.sys
F2DFB000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F7B78000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
F338E000 - \SystemRoot\System32\drivers\Dxapi.sys
F3EC7000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
F7C37000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9D5000 - \SystemRoot\System32\nv4_disp.dll
BFFA0000 - \SystemRoot\System32\ATMFD.DLL
F37E6000 - \SystemRoot\system32\DRIVERS\aswFsBlk.sys
BAF98000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
BAD42000 - \SystemRoot\System32\Drivers\aswMon2.SYS
BA0FC000 - \SystemRoot\system32\drivers\wdmaud.sys
BAA5A000 - \SystemRoot\system32\drivers\sysaudio.sys
B9E77000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
B9D13000 - \SystemRoot\system32\DRIVERS\srv.sys
F3F07000 - \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
B95D7000 - \SystemRoot\System32\Drivers\HTTP.sys
B96E4000 - \SystemRoot\System32\Drivers\aswRdr.SYS
F7CDA000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 139

Liste des programmes installes

Adobe Acrobat Reader 3.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS
Adobe Photoshop CS2
Adobe Photoshop CS2
Adobe Reader 7.0 - Français
Adobe Shockwave Player
Adobe Stock Photos 1.0
AGEIA PhysX v7.05.17
Amélioration de nos services
Amélioration de nos services
Apple Mobile Device Support
Apple Software Update
Assistant de connexion Windows Live
µTorrent
Audiosurf Demo
avast! Antivirus
AVG Anti-Spyware 7.5
Bonjour
BroadJump Client Foundation
BufferChm
Canon Camera WIA Driver
Canon EOS Kiss REBEL 300D Pilote WIA
Canon PhotoRecord
Canon Utilities File Viewer Utility 1.3
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.7
Canon Utilities ZoomBrowser EX
Casino Spin Palace
CCleaner (remove only)
CDBurnerXP
Clean Start
Compaq Multimedia Keyboard Software
Condition Zero
Correctif pour Windows XP (KB893357)
Correctif pour Windows XP (KB906569)
Correctif pour Windows XP (KB935448)
Correctif Windows XP - KB873339
Correctif Windows XP - KB883667
Correctif Windows XP - KB885250
Correctif Windows XP - KB885835
Correctif Windows XP - KB885836
Correctif Windows XP - KB886185
Correctif Windows XP - KB887472
Correctif Windows XP - KB887742
Correctif Windows XP - KB888113
Correctif Windows XP - KB888239
Correctif Windows XP - KB888302
Correctif Windows XP - KB890175
Correctif Windows XP - KB890859
Correctif Windows XP - KB891781
Correctif Windows XP - KB892050
Correctif Windows XP - KB893066
Counter-Strike(TM)
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CueTour
Destinations
DeviceManagementQFolder
eMule
File Viewer Utility 1.3.1
FullDPAppQFolder
Google Earth
GUILD WARS
Hamachi 1.0.2.5
High Definition Audio - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB926239)
HP Boot Optimizer
HP DVD Play 1.0
HP Imaging Device Functions 6.0
HP Photosmart Premier Software 6.0
HP Software Update
HpSdpAppCoreApp
InstantShareDevices
iTunes
IZArc 3.81
J2SE Runtime Environment 5.0 Update 5
Java 2 SDK, SE v1.4.2_13
LE COMPAGNON CLUB
Lecteur Windows Media 11
Lexmark 2300 Series
LG USB Modem driver
Logitech Audio Echo Cancellation Component
Logitech QuickCam
Lphant v3.50 Beta1
LphantBar Toolbar
MainConcept MPEG Encoder
MainConcept MPEG Encoder
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Excel Viewer 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Miro
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)
Mise à jour de sécurité pour Windows XP (KB890046)
Mise à jour de sécurité pour Windows XP (KB893756)
Mise à jour de sécurité pour Windows XP (KB896358)
Mise à jour de sécurité pour Windows XP (KB896422)
Mise à jour de sécurité pour Windows XP (KB896423)
Mise à jour de sécurité pour Windows XP (KB896424)
Mise à jour de sécurité pour Windows XP (KB896428)
Mise à jour de sécurité pour Windows XP (KB899587)
Mise à jour de sécurité pour Windows XP (KB899591)
Mise à jour de sécurité pour Windows XP (KB900725)
Mise à jour de sécurité pour Windows XP (KB901017)
Mise à jour de sécurité pour Windows XP (KB901214)
Mise à jour de sécurité pour Windows XP (KB902400)
Mise à jour de sécurité pour Windows XP (KB904706)
Mise à jour de sécurité pour Windows XP (KB905414)
Mise à jour de sécurité pour Windows XP (KB905749)
Mise à jour de sécurité pour Windows XP (KB905915)
Mise à jour de sécurité pour Windows XP (KB908519)
Mise à jour de sécurité pour Windows XP (KB911562)
Mise à jour de sécurité pour Windows XP (KB911927)
Mise à jour de sécurité pour Windows XP (KB913580)
Mise à jour de sécurité pour Windows XP (KB914388)
Mise à jour de sécurité pour Windows XP (KB914389)
Mise à jour de sécurité pour Windows XP (KB917344)
Mise à jour de sécurité pour Windows XP (KB917953)
Mise à jour de sécurité pour Windows XP (KB918118)
Mise à jour de sécurité pour Windows XP (KB918439)
Mise à jour de sécurité pour Windows XP (KB919007)
Mise à jour de sécurité pour Windows XP (KB920213)
Mise à jour de sécurité pour Windows XP (KB920670)
Mise à jour de sécurité pour Windows XP (KB920683)
Mise à jour de sécurité pour Windows XP (KB920685)
Mise à jour de sécurité pour Windows XP (KB921503)
Mise à jour de sécurité pour Windows XP (KB922819)
Mise à jour de sécurité pour Windows XP (KB923191)
Mise à jour de sécurité pour Windows XP (KB923414)
Mise à jour de sécurité pour Windows XP (KB923689)
Mise à jour de sécurité pour Windows XP (KB923980)
Mise à jour de sécurité pour Windows XP (KB924191)
Mise à jour de sécurité pour Windows XP (KB924270)
Mise à jour de sécurité pour Windows XP (KB924496)
Mise à jour de sécurité pour Windows XP (KB924667)
Mise à jour de sécurité pour Windows XP (KB925902)
Mise à jour de sécurité pour Windows XP (KB926255)
Mise à jour de sécurité pour Windows XP (KB926436)
Mise à jour de sécurité pour Windows XP (KB927779)
Mise à jour de sécurité pour Windows XP (KB927802)
Mise à jour de sécurité pour Windows XP (KB928255)
Mise à jour de sécurité pour Windows XP (KB928843)
Mise à jour de sécurité pour Windows XP (KB929123)
Mise à jour de sécurité pour Windows XP (KB929969)
Mise à jour de sécurité pour Windows XP (KB930178)
Mise à jour de sécurité pour Windows XP (KB931261)
Mise à jour de sécurité pour Windows XP (KB931784)
Mise à jour de sécurité pour Windows XP (KB932168)
Mise à jour de sécurité pour Windows XP (KB933566)
Mise à jour de sécurité pour Windows XP (KB935839)
Mise à jour de sécurité pour Windows XP (KB935840)
Mise à jour de sécurité pour Windows XP (KB936021)
Mise à jour de sécurité pour Windows XP (KB937143)
Mise à jour de sécurité pour Windows XP (KB938127)
Mise à jour de sécurité pour Windows XP (KB938829)
Mise à jour pour Windows XP (KB898461)
Mise à jour pour Windows XP (KB900485)
Mise à jour pour Windows XP (KB908531)
Mise à jour pour Windows XP (KB910437)
Mise à jour pour Windows XP (KB911280)
Mise à jour pour Windows XP (KB916595)
Mise à jour pour Windows XP (KB920872)
Mise à jour pour Windows XP (KB922582)
Mise à jour pour Windows XP (KB927891)
Mise à jour pour Windows XP (KB930916)
Mise à jour pour Windows XP (KB931836)
Mise à jour pour Windows XP (KB933360)
Mise à jour pour Windows XP (KB936357)
Mise à jour pour Windows XP (KB938828)
Mozilla Firefox (2.0.0.14)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB925673)
MVision
NVIDIA Drivers
OptionalContentQFolder
Outils Club Internet
PhotoGallery
PhotoStitch
PowerDirector
PowerDirector
Programme de gestion Camera de Logitech®
PS2
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
RandMap
Razer Copperhead
RealPlayer
Realtek High Definition Audio Driver
RemoteCapture 2.7.4
Revolution Script CZ
SkinsHP1
Skype™ 3.6
SmartSound Quicktracks Plugin
SmartSound Quicktracks Plugin
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Steam(TM)
SUPER © Version 2007.bld.23 (July 4, 2007)
TeamSpeak 2 RC2
TmNationsForever
Total Recorder 7.0
Unload
Ventrilo
VideoLAN VLC media player 0.8.6c
WAMP5 1.7.3
WebFldrs XP
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live installer
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
XML Paper Specification Shared Components Pack 1.0



Le volume dans le lecteur C s'appelle PRESARIO
Le numéro de série du volume est C88D-E7B3

Répertoire de C:\Program Files

19/05/2008 19:49 <REP> .
19/05/2008 19:49 <REP> ..
22/04/2007 13:10 <REP> ABC
25/08/2007 08:07 <REP> Adobe
29/09/2007 13:18 <REP> AGEIA Technologies
01/11/2007 12:23 <REP> Alcohol Soft
09/05/2007 20:30 <REP> Alwil Software
17/04/2008 12:42 <REP> Apple Software Update
02/08/2006 12:45 <REP> AviSynth 2.5
21/04/2007 21:48 <REP> AVSMedia
21/04/2007 21:44 <REP> bobyte
12/04/2008 10:48 <REP> Bonjour
14/07/2007 07:30 <REP> BroadJump
25/07/2007 17:57 <REP> Canon
07/06/2007 18:30 <REP> CCleaner
31/12/2007 12:21 <REP> CDBurnerXP
09/12/2007 14:10 <REP> Clean Start
19/07/2007 12:04 <REP> Club-Internet
30/03/2008 16:03 <REP> Common Files
20/10/2005 21:06 <REP> ComPlus Applications
26/05/2007 08:42 <REP> Cybercorder
23/11/2007 21:13 <REP> Cyberlink
01/11/2007 11:39 <REP> DAEMON Tools
04/01/2008 17:18 <REP> Deco Online
09/10/2006 07:02 <REP> DownloadManager
17/10/2007 16:37 <REP> eMule
17/05/2008 09:20 <REP> eMule2
24/11/2007 10:21 <REP> eRightSoft
23/04/2008 15:19 <REP> Fichiers communs
08/02/2007 09:36 <REP> FileZilla
30/07/2006 09:36 <REP> Free iPod Video Converter
10/03/2008 18:27 <REP> GameTribe
13/10/2007 16:10 <REP> Google
07/05/2008 07:20 <REP> Gpotato
13/11/2007 08:44 <REP> Grisoft
17/02/2008 19:05 <REP> GUILD WARS
02/05/2008 17:39 <REP> Hamachi
31/12/2007 10:09 <REP> HardwareDetection
01/01/2005 17:09 <REP> Hewlett-Packard
26/04/2008 20:41 <REP> HighCriteria
01/01/2005 16:46 <REP> HP
22/04/2007 13:42 <REP> hp deskjet 845c series
09/10/2006 07:08 <REP> IGN
15/05/2007 20:32 <REP> Illustrate
31/03/2007 18:07 <REP> Intel Corporation
19/08/2007 09:14 <REP> Internet Explorer
12/04/2008 10:49 <REP> iPod
12/04/2008 10:49 <REP> iTunes
18/09/2007 19:17 <REP> IZArc
01/01/2005 16:27 <REP> Java
28/06/2007 12:38 <REP> Lexmark 2300 Series
19/09/2006 19:21 <REP> Lexmark Fax Solutions
22/08/2007 09:52 <REP> LG Electronics
19/08/2007 08:54 <REP> Logitech
04/11/2007 23:21 <REP> lphant
04/11/2007 23:22 <REP> LphantBar
19/05/2008 22:20 <REP> Lx_cats
31/10/2007 12:38 <REP> MAIET
01/01/2005 16:31 <REP> Messenger
16/01/2008 20:47 <REP> Messenger Plus! Live
27/10/2005 00:36 <REP> microsoft frontpage
12/09/2007 14:13 <REP> Microsoft Games
02/04/2008 07:15 <REP> Microsoft Office
23/02/2008 16:32 <REP> Microsoft Works
20/07/2007 10:33 <REP> Motive
27/10/2005 00:36 <REP> Movie Maker
20/05/2008 18:53 <REP> Mozilla Firefox
23/02/2008 15:37 <REP> MSECache
12/06/2007 19:41 <REP> MSN
27/10/2005 00:36 <REP> MSN Gaming Zone
21/02/2007 13:59 <REP> MSN Messenger
31/10/2007 12:08 <REP> NetMeeting
27/10/2005 00:36 <REP> Online Services
29/06/2007 03:05 <REP> Outlook Express
18/05/2008 11:41 <REP> Participatory Culture Foundation
12/04/2008 10:47 <REP> QuickTime
29/04/2008 07:30 <REP> Razer
01/01/2005 16:43 <REP> Real
01/01/2005 16:58 <REP> Services en ligne
23/04/2008 15:19 <REP> Skype
07/10/2006 17:16 <REP> SmartCom
23/11/2007 21:14 <REP> SmartSound Software
18/09/2007 19:40 <REP> Steam
04/01/2008 11:51 <REP> Teamspeak2_RC2
05/05/2008 21:11 <REP> THQ
23/04/2008 17:15 <REP> TmNationsForever
19/05/2008 07:13 <REP> Trend Micro
31/07/2007 08:24 <REP> Triggersoft
20/10/2005 21:06 <REP> Uninstall Information
13/01/2008 14:08 <REP> utorrent
12/06/2007 10:15 <REP> Valve
19/07/2006 19:01 <REP> VideoLAN
01/09/2006 14:15 <REP> VirtualDJ
22/04/2007 13:10 <REP> WellPhone DirectSync
12/06/2007 19:49 <REP> Windows Live
22/04/2007 13:10 <REP> Windows Media Connect 2
19/08/2007 10:00 <REP> Windows Media Player
27/10/2005 00:36 <REP> Windows NT
20/10/2005 21:05 <REP> WindowsUpdate
04/08/2006 18:01 <REP> WinRAR
27/10/2005 00:37 <REP> xerox
0 fichier(s) 0 octets
101 Rép(s) 98 218 037 248 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le numéro de série du volume est C88D-E7B3

Répertoire de C:\Program Files\fichiers communs

23/04/2008 15:19 <REP> .
23/04/2008 15:19 <REP> ..
25/08/2007 08:08 <REP> Adobe
15/06/2007 12:14 <REP> Adobe Systems Shared
08/06/2007 11:02 <REP> Ahead
12/04/2008 10:43 <REP> Apple
08/06/2007 10:58 <REP> AVSMedia
07/06/2007 19:06 <REP> Blizzard Entertainment
30/10/2007 19:31 <REP> DirectX
01/01/2005 16:40 <REP> HP
01/01/2005 16:56 <REP> InstallShield
01/01/2005 16:27 <REP> Java
19/08/2007 09:15 <REP> LogiShrd
19/07/2006 18:36 <REP> Logitech
02/04/2008 07:15 <REP> Microsoft Shared
14/07/2007 07:35 <REP> Motive
27/10/2005 00:35 <REP> MSSoap
27/10/2005 00:35 <REP> ODBC
01/01/2005 16:43 <REP> Real
27/10/2005 00:35 <REP> Services
23/04/2008 15:19 <REP> Skype
01/01/2005 16:44 <REP> Sonic Shared
27/10/2005 00:35 <REP> SpeechEngines
01/01/2005 16:44 <REP> SureThing Shared
19/07/2007 12:02 <REP> Symantec Shared
23/02/2008 16:28 <REP> System
18/07/2006 23:35 <REP> Talkway
01/01/2005 16:45 <REP> TiVo Shared
25/08/2007 08:08 <REP> Vbox
29/09/2007 13:09 <REP> Wise Installation Wizard
07/10/2006 17:17 <REP> XCPCSync.OEM
01/01/2005 16:43 <REP> xing shared
0 fichier(s) 0 octets
32 Rép(s) 98 218 033 152 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le numéro de série du volume est C88D-E7B3

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

02/04/2008 07:15 <REP> .
02/04/2008 07:15 <REP> ..
02/04/2008 07:11 <REP> 1036
26/10/2006 20:49 970 528 MSONSEXT.DLL
03/06/1999 12:09 122 937 MSOWS409.DLL
07/03/2001 07:00 127 033 MSOWS40c.DLL
3 fichier(s) 1 220 498 octets
3 Rép(s) 98 218 033 152 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le numéro de série du volume est C88D-E7B3

Répertoire de C:\Program Files\common files

30/03/2008 16:03 <REP> .
30/03/2008 16:03 <REP> ..
30/03/2008 16:03 <REP> INCA Shared
0 fichier(s) 0 octets
3 Rép(s) 98 218 033 152 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le numéro de série du volume est C88D-E7B3

Répertoire de C:\

19/05/2008 18:59 1 390 349 SmitfraudFix.exe
1 fichier(s) 1 390 349 octets
0 Rép(s) 98 218 033 152 octets libres




c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.1.1.5\iTunesSetupAdmin.exe
c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.2.9\iTunesSetupAdmin.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0497545E.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\049C675F.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\082805F2.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\083C01DC.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09F17BFB.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2DF049E4.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DD60FC3.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F1E163E.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F432F3B.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\713602B6.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75B354EA.exe
c:\Documents and Settings\Compaq_Propriétaire\Application Data\inst.exe
c:\Documents and Settings\Compaq_Propriétaire\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
c:\Documents and Settings\Compaq_Propriétaire\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
c:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.exe
c:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe
c:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\ARPPRODUCTICON.exe
c:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
c:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
c:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\UNINST_Uninstall_G_3DE5E7D47B88403CA3FD2017A8240C5B.exe
c:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\SDFix.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\SUPERsetup.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\catchme.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\diff.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\dumphive.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\find2.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\Fport.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\grep.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\gzip.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\LFiles.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\md5sums.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\pslist.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\sigcheck.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\streams.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\swreg.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\tar.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\ZR_1.0.0.37\Zeb-Restore.exe
c:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\CDBurnerXP_Soft\cdbxpp.exe_Url_nfryvllqiqb1hla4nzefaejvhwflc2o0
c:\Documents and Settings\Compaq_Propriétaire\Mes documents\Documents d'Alexia\eMule0.48a-Installer.exe
c:\Documents and Settings\Compaq_Propriétaire\Mes documents\My Games\Titan Quest\TitanQuest1_30.exe
c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
c:\Documents and Settings\All Users\Application Data\LogiShrd\LQCVFX\Filters\MMSEF.dll
c:\Documents and Settings\All Users\Application Data\LogiShrd\LQCVFX\Filters\VMSEF.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\3\3cardpoker.8e73a522a397f174eb628d05f72f1f40.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\a\advancedslots1.0a55799429d83e0cb0c51c4f8800bb5c.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\a\advancedslots1_temp.37e91badb56f49775900493796886528.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx.515b62c381b162125cd165ff444a9767.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_temp.31b4026f06bf6a58dac069b91ce9f87e.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\a\atlanticcityblackjack.9baef784fe666fb9d90dc331d0239eed.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bigkahuna.769fd4a48b95c8614a738f1cad88bcd5.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjghighstreakautoplayplugin.daa7cf372053cea211edcbea65d22b12.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjghighstreakplugin.3e93030461895e6c47198d045c8d1cf9.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjghighstreakstatsplugin.145ee00ec8a028833dd329dab350af61.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjghighstreakstrategylogic1.191efcf9140c2fe6e0f5d9a976a4dc62.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjghighstreakstrategyui1.57392ae0d395ad2b922b909eeea4d57f.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjghighstreakxxx.b4ec12e8f6a82be74843d2bd8895d089.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjgoldautoplayplugin.9eecf610ea29425ecba27ee4d82e5058.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjgoldplugin.77868ad6c41073f45be5eb8a5441c690.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjgoldstatsplugin.6518eac98880e1c269feffe4b0025ca1.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjgoldxxx.49c3810d214dd99c8c9a10ec7d79ed46.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjstrategylogic1.0ce35352c4c4658d12c59ec38c70398a.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjstrategyui1.f6bf7f52301739c715fb0c01374c3b3a.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\blplugin.43df87da33698c32bca7a2698484452d.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bonus_threereel_types_1_2.19c24a05687d90864e9a9de516d92124.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bonusblackjack.dab6343a296b066bd5fe18d7c7d9940f.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bonuspaigowpoker.7a255497429caa23df774f47d3465136.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\cashanovafreerangebonus.e076c032e655189a3a36f4df53998202.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\cashanovafreerangebonus_temp.598336f9707e832cab943342026367f4.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\cashanovagetlucky.0b76a8d26c574693effc6642880e2100.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\cashanovagetlucky_temp.b71b6ce6d93f57e6e8d79f64bfda39ca.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\casinowar.e981fb96518533a1e37361e9d8163b74.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\casinowarxxx.07a6656e153859c2f09a4efde26ba0d5.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\choosebonus.f45804d6e8abc6918fbf1eaa8e3e92b4.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\classicblackjack.cd8f07669d8ad1880944c3c957f8a558.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\complexpickxofybonus.d1bfb60b3ff2f4b47b96df4144258313.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\complexpickxofybonus_temp.08605981adfd307c6b4a171bff0fc06e.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\d\diamonddealbonus.2870129824bd4ab03fe258a72414c9fe.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\d\doubleexposureblackjack.00416c68a65da9cd4e538e162751f284.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\e\euroblackjack.6c6f541acc24f3244c0a64fa851edca8.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\e\euroblackjackstrategy.9c188ef9cd6c03e5b4bd398d23041cd2.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\e\europeanblackjack.cb403a5bad6b43e2910d2e09c35c47ed.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\e\euroroulette.fa2b524975a5d8bbc30203d094e2b084.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\f\frenchroulette.181434980597f8ff07c31ab5432ab080.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\gamble.212eaf21a4805f8521d0d0c57b6a933b.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\gamble2.04f884d96aad7f5c7b941fdd39ed766d.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\gamble2_temp.26f9c8c015d827f52f79be90c9c65d15.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\gambleplugin.c4d8c6f5542066f894b7f2e575038afb.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\goldengoosecardbonus.ad7c2639e837decbb6b1767d636aa20c.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\goldengoosecreditsbonus.1bee21962a1e5bd558c2298b640bc2d1.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\goldengoosemoneybonus.931d2cffabd7746875b654c43954652a.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\goldengoosexofybonus.50f0a525cf3c793fb5038ad1f3466247.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\goldseries_euroroulette.c04add4a4ccdfa99acf5bc9050a74d69.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\goldseriesmh3cardpokerplugin.5a185095e975ba0cdfe6e7400fcb7d4e.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\goldseriesmh3cardpokerxxx.f90691784645d2d0d637d253e6b6f397.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\h\hlbaccarat.039d4b87185594a6514fa72926a5dbbd.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\megaspinsuite1.2def01b8e52d92e08cc8f9a917ea6e80.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\mermaidsbonus.f520937c2ec436ae80b67d9c967dd3f6.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\mermaidsmillions.9379e4aac1e4731bf7922c8c2544bd7a.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\mermaidsmillionsxxx.85e8ee4057b7c3d431514729821caee1.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\mhbjgoldplugin.ade63f3fb6abb840a17307ccbd0accf4.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\mhbjgoldxxx.9f90371deb21a4c89c6bc14d9c0e3224.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\mhbjstrategyui1.0be4ad11dcfc60954bb7dba32e842885.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\mptadvancedslots.039a84427e76ab4e1715f80765a76305.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\mptleaderboard.91fac472d1ff352976950258719d35a2.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\mpvslotxxx.e5675e7198cee47ae84db3a4020d9441.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\p\powerpokersuite1_nl.cebfe8812d984716506c6d9d096a5f48.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\p\progressive.438680b03871c60991f1514597a244d3.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\p\progressive_temp.6ebf7ea2dc11bd7ab20476f37a97da6f.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\s\secretadmirer.8a58ed349e595e616819333c365b431d.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\s\secretadmirerxxx.b82b0093b453bf095401cf169803f6f6.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\s\simplepickuntilbonus.571a904af34f5f3b18cf4feaec07913f.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\s\simplepickuntilbonus_temp.b6b7e588aedb05fa062fb8447406bca9.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\s\simplepickxofybonus.bb69121ba26b8b09500f7448266e3542.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\s\simplepickxofybonus_temp.72ea7bbc511b024cb0eafd21daabe862.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\s\simplepickxofyskillbonus.9217a2b384f498835fd4199838199dc2.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\t\tikimaskbonusgame.0dc1c149f619ef0a72aacd3abdeb0dfb.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\t\transition.11abae2d8790a65ff5805bcb9230762f.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\t\transition_temp.b1ca11d4e648e5135eea6ec5f3d901f9.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\t\type_3reelnormal1_2.6d58a1bcaf1d9165fa0b77fa9598b623.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\t\type_3reelprogressive1_2.a0c5e56438d504531121ead802e24dcf.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\t\type_5reelnormal3_4_5.07db0a5618a0565d7bde7a2766c54711.dll
c:\Documents and Settings

DiagHelp version v1.4 - http://www.malekal.com
excute le 20/05/2008 à 19:04:53,50


Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->20/05/2008 19:04:44
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->20/05/2008 19:04:43
C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf -->20/05/2008 19:04:24
C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->20/05/2008 19:04:24
C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->20/05/2008 19:04:24
C:\WINDOWS\prefetch\SVCHOST.EXE-3530F672.pf -->20/05/2008 19:04:24
C:\WINDOWS\prefetch\IPODSERVICE.EXE-3192DE38.pf -->20/05/2008 19:04:24
C:\WINDOWS\prefetch\ALG.EXE-0F138680.pf -->20/05/2008 19:04:24
C:\WINDOWS\prefetch\REGEDIT.EXE-1B606482.pf -->20/05/2008 19:04:23
C:\WINDOWS\prefetch\NTOSBOOT-B00DFAAD.pf -->20/05/2008 19:04:23

C:\WINDOWS\System32\drivers\aswSP.sys -->16/05/2008 01:20:32
C:\WINDOWS\System32\drivers\aswmon2.sys -->16/05/2008 01:18:33
C:\WINDOWS\System32\drivers\aswFsBlk.sys -->16/05/2008 01:16:06
C:\WINDOWS\System32\drivers\aswRdr.sys -->16/05/2008 01:15:29
C:\WINDOWS\System32\drivers\aswTdi.sys -->16/05/2008 01:14:11
C:\WINDOWS\System32\drivers\aavmker4.sys -->16/05/2008 01:13:26
C:\WINDOWS\System32\drivers\hamachi.sys -->02/05/2008 17:38:39

C:\WINDOWS\System32\qlmnvt.dat -->20/05/2008 19:03:36
C:\WINDOWS\System32\CONFIG.NT -->20/05/2008 05:40:11
C:\WINDOWS\System32\tmp.txt -->19/05/2008 19:54:58
C:\WINDOWS\System32\tmp.reg -->19/05/2008 19:54:58
C:\WINDOWS\System32\qlmnvt.exe -->18/05/2008 23:36:48
C:\WINDOWS\System32\IEDFix.exe -->18/05/2008 21:40:35
C:\WINDOWS\System32\404Fix.exe -->18/05/2008 21:40:35
C:\WINDOWS\System32\aswBoot.exe -->16/05/2008 01:24:43
C:\WINDOWS\System32\AvastSS.scr -->16/05/2008 01:12:36
C:\WINDOWS\System32\VACFix.exe -->15/05/2008 23:22:45
C:\WINDOWS\System32\qlmnvt_nav.dat -->25/04/2008 13:51:23
C:\WINDOWS\System32\DrvTrNTm.dll -->17/04/2008 01:34:02
C:\WINDOWS\System32\DrvTrNTl.dll -->12/04/2008 12:29:36
C:\WINDOWS\System32\wpa.dbl -->08/04/2008 21:52:08
C:\WINDOWS\System32\FNTCACHE.DAT -->02/04/2008 07:18:31
C:\WINDOWS\System32\PerfStringBackup.INI -->30/03/2008 08:51:12
C:\WINDOWS\System32\perfh00C.dat -->30/03/2008 08:51:12
C:\WINDOWS\System32\perfh009.dat -->30/03/2008 08:51:12
C:\WINDOWS\System32\perfc00C.dat -->30/03/2008 08:51:12
C:\WINDOWS\System32\perfc009.dat -->30/03/2008 08:51:12
C:\WINDOWS\System32\QuickTimeVR.qtx -->28/03/2008 23:37:26
C:\WINDOWS\System32\QuickTime.qts -->28/03/2008 23:37:26
C:\WINDOWS\System32\nscompat.tlb -->10/03/2008 21:00:28
C:\WINDOWS\System32\amcompat.tlb -->10/03/2008 21:00:28
C:\WINDOWS\System32\GEARAspi.dll -->29/01/2008 12:02:30

C:\WINDOWS\WindowsUpdate.log -->20/05/2008 19:04:27
C:\WINDOWS\0.log -->20/05/2008 19:03:35
C:\WINDOWS\wiaservc.log -->20/05/2008 19:03:33
C:\WINDOWS\wiadebug.log -->20/05/2008 19:03:33
C:\WINDOWS\QTFont.qfn -->20/05/2008 19:03:14
C:\WINDOWS\bootstat.dat -->20/05/2008 19:03:07
C:\WINDOWS\SchedLgU.Txt -->20/05/2008 19:02:11
C:\WINDOWS\setupapi.log -->20/05/2008 17:58:31
C:\WINDOWS\ACROREAD.INI -->18/05/2008 20:43:43
C:\WINDOWS\Thumbs.db -->18/05/2008 12:23:58
C:\WINDOWS\system.ini -->05/05/2008 21:11:47
C:\WINDOWS\QTFont.for -->12/04/2008 10:50:07
C:\WINDOWS\win.ini -->02/04/2008 07:12:21
C:\WINDOWS\Revolution Script CZ Uninstaller.exe -->06/03/2008 21:18:07
C:\WINDOWS\WORDPAD.INI -->23/02/2008 18:21:43

winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed


ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 444
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x01ce0000 0x1c000 11.01.0000.2021 C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll
0x01be0000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
0x01c00000 0x9b000 C:\PROGRA~1\IZArc\IZArcCM.dll
0x01e40000 0x2a000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
0x01fa0000 0x2c000 C:\Program Files\WinRAR\rarext.dll
0x64f00000 0x12000 4.08.1201.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll
0x01240000 0xe000 7.00.0000.1333 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
0x7c360000 0x56000 7.10.6030.0000 C:\WINDOWS\system32\MSVCR71.dll

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 964
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL


Le volume dans le lecteur C s'appelle PRESARIO
Le numéro de série du volume est C88D-E7B3

Répertoire de C:\WINDOWS\system

07/05/1998 18:04 52 736 hpsysdrv.exe
10/09/1999 12:06 4 672 WOWPOST.EXE
2 fichier(s) 57 408 octets
0 Rép(s) 98 221 084 672 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le numéro de série du volume est C88D-E7B3

Répertoire de C:\WINDOWS\system32

05/08/2004 13:00 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 98 221 084 672 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C s'appelle PRESARIO
Le numéro de série du volume est C88D-E7B3

Répertoire de C:\WINDOWS\Downloaded Program Files

15/05/2008 09:17 <REP> .
15/05/2008 09:17 <REP> ..
15/05/2008 09:16 <REP> CONFLICT.1
23/11/2004 16:20 65 desktop.ini
26/07/2002 02:13 24 576 dwusplay.dll
26/07/2002 02:13 196 608 dwusplay.exe
15/06/2006 18:33 1 132 192 EPUWALcontrol.dll
23/03/2007 12:17 1 292 erma.inf
07/08/2006 09:44 807 flashax2.inf
09/08/2006 20:56 53 248 HGPlugin9USA.dll
09/08/2006 20:58 390 HGPlugin9USA.inf
09/08/2006 20:29 540 672 HGStart9USA.exe
11/08/2005 16:30 417 792 isusweb.dll
29/05/2003 16:00 160 864 messengerstatsclient.dll
22/02/2007 23:41 304 544 MessengerStatsPAClient.dll
20/01/2000 15:25 1 162 Microsoft XML Parser for Java.osd
28/02/2007 14:21 130 472 MineSweeper.dll
29/05/2003 16:00 77 408 msgrchkr.dll
22/06/2006 11:41 5 032 swflash.inf
30/06/2003 23:41 1 689 WMV9VCM.inf
17 fichier(s) 3 048 813 octets

Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1

15/05/2008 09:16 <REP> .
15/05/2008 09:16 <REP> ..
28/02/2007 14:21 131 472 msgrchkr.dll
1 fichier(s) 131 472 octets

Total des fichiers listés :
18 fichier(s) 3 180 285 octets
5 Rép(s) 98 221 080 576 octets libres

Recherche de rootkit! (Merci S!Ri)
[b]infection possible Magic.Control/b : un scan F-Secure BlackLight est recommandé

Recherche d'infections connues

Export des clefs sensibles..


Liste des fichiers en exception sur le pare-feu XP SP2

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"="C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe:*:Enabled:CyberLink PowerCinema"
"C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"="C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL France"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\condition zero\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\counter-strike\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\wamp\\Apache2\\bin\\httpd.exe"="C:\\wamp\\Apache2\\bin\\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\source sdk base\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\source sdk base\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Gpotato\\Flyff\\Flyff.exe"="C:\\Program Files\\Gpotato\\Flyff\\Flyff.exe:*:Enabled:Flyff"
"C:\\Program Files\\lphant\\eLePhantClient.exe"="C:\\Program Files\\lphant\\eLePhantClient.exe:*:Enabled:Lphant"
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner"
"C:\\Program Files\\THQ\\Dawn Of War\\W40kWA.exe"="C:\\Program Files\\THQ\\Dawn Of War\\W40kWA.exe:*:Enabled:W40kWA"
"C:\\Program Files\\Cyberlink\\PowerDirector\\PDR.exe"="C:\\Program Files\\Cyberlink\\PowerDirector\\PDR.exe:*:Enabled:CyberLink PowerDirector"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\Program Files\\THQ\\Dawn Of War\\W40k.exe"="C:\\Program Files\\THQ\\Dawn Of War\\W40k.exe:*:Enabled:W40k"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\day of defeat\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"
"C:\\Program Files\\Valve\\Steam\\steam.exe"="C:\\Program Files\\Valve\\Steam\\steam.exe:*:Enabled:Steam"
"C:\\Program Files\\eMule2\\emule.exe"="C:\\Program Files\\eMule2\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\ricochet\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\ricochet\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\deathmatch classic\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\deathmatch classic\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\GameTribe\\Infinity\\xclient.exe"="C:\\Program Files\\GameTribe\\Infinity\\xclient.exe:*:Enabled:xclient"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\common\\dawn of war soulstorm demo\\Soulstorm.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\common\\dawn of war soulstorm demo\\Soulstorm.exe:*:Enabled:Soulstorm"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\TmNationsForever\\TmForever.exe"="C:\\Program Files\\TmNationsForever\\TmForever.exe:*:Enabled:TmForever"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\team fortress 2\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\team fortress 2\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe"="C:\\Program Files\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe:*:Enabled:Miro_Downloader"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"



exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001



Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-20 19:05:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:01,5e,fa,8a,26,2f,d3,c8,f8,e1,db,dd,82,5f,eb,25,53,e1,b4,d8,43,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:9a,aa,86,1a,e4,7c,98,eb,36,e0,8b,5c,c2,be,27,c0,61,cf,54,b8,3d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d8,07,b0,6c,59,6c,4e,f5,90,90,bd,79,5c,b3,73,6c,fe,..
"khjeh"=hex:f9,3d,a5,65,12,ba,a1,22,e1,1d,05,69,8f,4a,c5,de,4e,d2,14,67,e5,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5d,b8,95,5b,d1,a8,0c,f1,3c,f0,77,f4,b2,2e,35,30,99,9b,eb,ef,49,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:01,5e,fa,8a,26,2f,d3,c8,f8,e1,db,dd,82,5f,eb,25,53,e1,b4,d8,43,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:9a,aa,86,1a,e4,7c,98,eb,36,e0,8b,5c,c2,be,27,c0,61,cf,54,b8,3d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d8,07,b0,6c,59,6c,4e,f5,90,90,bd,79,5c,b3,73,6c,fe,..
"khjeh"=hex:f9,3d,a5,65,12,ba,a1,22,e1,1d,05,69,8f,4a,c5,de,4e,d2,14,67,e5,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5d,b8,95,5b,d1,a8,0c,f1,3c,f0,77,f4,b2,2e,35,30,99,9b,eb,ef,49,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"qlmnvt"="c:\windows\system32\qlmnvt.exe qlmnvt"

scanning hidden files ...

C:\WINDOWS\system32\qlmnvt.dat 5165 bytes
C:\WINDOWS\system32\qlmnvt.exe 327680 bytes executable
C:\WINDOWS\system32\qlmnvt_nav.dat 420034 bytes
C:\WINDOWS\system32\qlmnvt_navps.dat 1490 bytes

scan completed successfully
hidden services: 0
hidden files: 4


KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
148 - LVComSer.exe
428 - ashServ.exe
444 - explorer.exe
592 - razertra.exe
624 - razerofa.exe
636 - ashDisp.exe
644 - avgas.exe
712 - realsched.exe
748 - iTunesHelper.ex
784 - razerhid.exe
812 - qlmnvt.exe
904 - msnmsgr.exe
940 - csrss.exe
964 - winlogon.exe
1012 - services.exe
1024 - lsass.exe
1196 - svchost.exe
1244 - svchost.exe
1464 - AppleMobileDevi
1504 - guard.exe
1536 - mDNSResponder.e
1556 - LVPrcSrv.exe
1612 - spoolsv.exe
1632 - svchost.exe
1712 - svchost.exe
1828 - svchost.exe
1884 - LVComSer.exe
1948 - cmd.exe
1980 - iPodService.exe
2252 - svchost.exe
2688 - nvsvc32.exe
2736 - RichVideo.exe
2828 - StarWindService
2864 - svchost.exe
3556 - alg.exe
3620 - ashMaiSv.exe
4056 - ashWebSv.exe

Total number of processes = 38
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntkrnlpa.exe
806E2000 - \WINDOWS\system32\hal.dll
F7ADC000 - \WINDOWS\system32\KDCOM.DLL
F79EC000 - \WINDOWS\system32\BOOTVID.dll
F73DD000 - spqv.sys
F7ADE000 - \WINDOWS\System32\Drivers\WMILIB.SYS
F73C5000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS
F7396000 - ACPI.sys
F7385000 - pci.sys
F75DC000 - ohci1394.sys
F75EC000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS
F75FC000 - isapnp.sys
F7BA4000 - pciide.sys
F785C000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
F7AE0000 - viaide.sys
F7AE2000 - intelide.sys
F760C000 - MountMgr.sys
F7366000 - ftdisk.sys
F7864000 - PartMgr.sys
F761C000 - VolSnap.sys
F734E000 - atapi.sys
F762C000 - disk.sys
F763C000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
F732E000 - fltMgr.sys
F731C000 - sr.sys
F786C000 - PxHelp20.sys
F7305000 - KSecDD.sys
F7278000 - Ntfs.sys
F724B000 - NDIS.sys
F7230000 - Mup.sys
F6BD1000 - \SystemRoot\system32\drivers\TotRec7.sys
F6BAF000 - \SystemRoot\system32\drivers\portcls.sys
F778C000 - \SystemRoot\system32\drivers\drmk.sys
F6B8C000 - \SystemRoot\system32\drivers\ks.sys
F779C000 - \SystemRoot\system32\DRIVERS\intelppm.sys
F6502000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys
F64EE000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
F79CC000 - \SystemRoot\system32\DRIVERS\usbohci.sys
F64CB000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
F79D4000 - \SystemRoot\system32\DRIVERS\usbehci.sys
F77AC000 - \SystemRoot\system32\DRIVERS\imapi.sys
F77BC000 - \SystemRoot\system32\DRIVERS\cdrom.sys
F77CC000 - \SystemRoot\system32\DRIVERS\redbook.sys
F71F8000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys
F64A6000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys
F79DC000 - \SystemRoot\system32\DRIVERS\fdc.sys
F6492000 - \SystemRoot\system32\DRIVERS\parport.sys
F77DC000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
F79E4000 - \SystemRoot\system32\DRIVERS\PS2.sys
F787C000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
F647E000 - \SystemRoot\system32\DRIVERS\Rtnicxp.sys
F77EC000 - \SystemRoot\system32\DRIVERS\nic1394.sys
F6417000 - \SystemRoot\System32\Drivers\a6h768qs.SYS
F62A2000 - \SystemRoot\System32\Drivers\ao8m14zk.SYS
F7C95000 - \SystemRoot\system32\DRIVERS\audstub.sys
F784C000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
F7AAC000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
F612B000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
F76AC000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
F6C89000 - \SystemRoot\system32\DRIVERS\raspptp.sys
F797C000 - \SystemRoot\system32\DRIVERS\TDI.SYS
F611A000 - \SystemRoot\system32\DRIVERS\psched.sys
F6C79000 - \SystemRoot\system32\DRIVERS\msgpc.sys
F7984000 - \SystemRoot\system32\DRIVERS\ptilink.sys
F798C000 - \SystemRoot\system32\DRIVERS\raspti.sys
F7994000 - \SystemRoot\system32\DRIVERS\hamachi.sys
F6C69000 - \SystemRoot\System32\Drivers\pcouffin.sys
F6C59000 - \SystemRoot\system32\DRIVERS\termdd.sys
F799C000 - \SystemRoot\system32\DRIVERS\mouclass.sys
F7B3E000 - \SystemRoot\system32\DRIVERS\swenum.sys
F60C1000 - \SystemRoot\system32\DRIVERS\update.sys
F7AC0000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
F6C49000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F780C000 - \SystemRoot\system32\DRIVERS\usbhub.sys
F7B50000 - \SystemRoot\system32\DRIVERS\USBD.SYS
F3396000 - \SystemRoot\system32\drivers\RtkHDAud.sys
F7B54000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F7C5F000 - \SystemRoot\System32\Drivers\Null.SYS
F7B56000 - \SystemRoot\System32\Drivers\Beep.SYS
F7C62000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys
F7944000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
F794C000 - \SystemRoot\System32\drivers\vga.sys
F7B5A000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F7B5C000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F7954000 - \SystemRoot\System32\Drivers\Msfs.SYS
F795C000 - \SystemRoot\System32\Drivers\Npfs.SYS
F7AA0000 - \SystemRoot\system32\DRIVERS\rasacd.sys
F333B000 - \SystemRoot\system32\DRIVERS\ipsec.sys
F32E3000 - \SystemRoot\system32\DRIVERS\tcpip.sys
F783C000 - \SystemRoot\System32\Drivers\aswTdi.SYS
F32C2000 - \SystemRoot\system32\DRIVERS\ipnat.sys
F329A000 - \SystemRoot\system32\DRIVERS\netbt.sys
F399A000 - \SystemRoot\system32\DRIVERS\wanarp.sys
F3278000 - \SystemRoot\System32\drivers\afd.sys
F398A000 - \SystemRoot\system32\DRIVERS\netbios.sys
F397A000 - \SystemRoot\system32\DRIVERS\arp1394.sys
F324D000 - \SystemRoot\system32\DRIVERS\rdbss.sys
F31B6000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
F396A000 - \SystemRoot\System32\Drivers\Fips.SYS
F7C94000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
F319F000 - \SystemRoot\System32\Drivers\aswSP.SYS
F3F0F000 - \SystemRoot\System32\Drivers\Aavmker4.SYS
F317C000 - \SystemRoot\System32\Drivers\Fastfat.SYS
F7AA4000 - \SystemRoot\system32\DRIVERS\usb8023.sys
F3EFF000 - \SystemRoot\system32\DRIVERS\RNDISMP.SYS
F3EF7000 - \SystemRoot\system32\DRIVERS\usbccgp.sys
F3EEF000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS
F394A000 - \SystemRoot\system32\drivers\LVUSBSta.sys
F7AA8000 - \SystemRoot\system32\DRIVERS\usbscan.sys
F3EE7000 - \SystemRoot\system32\DRIVERS\usbprint.sys
F7AB8000 - \SystemRoot\system32\DRIVERS\hidusb.sys
F393A000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
F2E13000 - \SystemRoot\system32\DRIVERS\LV302V32.SYS
F7B70000 - \SystemRoot\system32\DRIVERS\lv302af.sys
F392A000 - \SystemRoot\system32\drivers\usbaudio.sys
F391A000 - \SystemRoot\System32\Drivers\Cdfs.SYS
F3ECF000 - \SystemRoot\System32\Drivers\Razerlow.sys
F7204000 - \SystemRoot\system32\DRIVERS\mouhid.sys
F7200000 - \SystemRoot\system32\DRIVERS\kbdhid.sys
F2DFB000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F7B78000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
F338E000 - \SystemRoot\System32\drivers\Dxapi.sys
F3EC7000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
F7C37000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9D5000 - \SystemRoot\System32\nv4_disp.dll
BFFA0000 - \SystemRoot\System32\ATMFD.DLL
F37E6000 - \SystemRoot\system32\DRIVERS\aswFsBlk.sys
BAF98000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
BAD42000 - \SystemRoot\System32\Drivers\aswMon2.SYS
BA0FC000 - \SystemRoot\system32\drivers\wdmaud.sys
BAA5A000 - \SystemRoot\system32\drivers\sysaudio.sys
B9E77000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
B9D13000 - \SystemRoot\system32\DRIVERS\srv.sys
F3F07000 - \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
B95D7000 - \SystemRoot\System32\Drivers\HTTP.sys
B96E4000 - \SystemRoot\System32\Drivers\aswRdr.SYS
F7CDA000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 139

Liste des programmes installes

Adobe Acrobat Reader 3.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS
Adobe Photoshop CS2
Adobe Photoshop CS2
Adobe Reader 7.0 - Français
Adobe Shockwave Player
Adobe Stock Photos 1.0
AGEIA PhysX v7.05.17
Amélioration de nos services
Amélioration de nos services
Apple Mobile Device Support
Apple Software Update
Assistant de connexion Windows Live
µTorrent
Audiosurf Demo
avast! Antivirus
AVG Anti-Spyware 7.5
Bonjour
BroadJump Client Foundation
BufferChm
Canon Camera WIA Driver
Canon EOS Kiss REBEL 300D Pilote WIA
Canon PhotoRecord
Canon Utilities File Viewer Utility 1.3
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.7
Canon Utilities ZoomBrowser EX
Casino Spin Palace
CCleaner (remove only)
CDBurnerXP
Clean Start
Compaq Multimedia Keyboard Software
Condition Zero
Correctif pour Windows XP (KB893357)
Correctif pour Windows XP (KB906569)
Correctif pour Windows XP (KB935448)
Correctif Windows XP - KB873339
Correctif Windows XP - KB883667
Correctif Windows XP - KB885250
Correctif Windows XP - KB885835
Correctif Windows XP - KB885836
Correctif Windows XP - KB886185
Correctif Windows XP - KB887472
Correctif Windows XP - KB887742
Correctif Windows XP - KB888113
Correctif Windows XP - KB888239
Correctif Windows XP - KB888302
Correctif Windows XP - KB890175
Correctif Windows XP - KB890859
Correctif Windows XP - KB891781
Correctif Windows XP - KB892050
Correctif Windows XP - KB893066
Counter-Strike(TM)
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CueTour
Destinations
DeviceManagementQFolder
eMule
File Viewer Utility 1.3.1
FullDPAppQFolder
Google Earth
GUILD WARS
Hamachi 1.0.2.5
High Definition Audio - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB926239)
HP Boot Optimizer
HP DVD Play 1.0
HP Imaging Device Functions 6.0
HP Photosmart Premier Software 6.0
HP Software Update
HpSdpAppCoreApp
InstantShareDevices
iTunes
IZArc 3.81
J2SE Runtime Environment 5.0 Update 5
Java 2 SDK, SE v1.4.2_13
LE COMPAGNON CLUB
Lecteur Windows Media 11
Lexmark 2300 Series
LG USB Modem driver
Logitech Audio Echo Cancellation Component
Logitech QuickCam
Lphant v3.50 Beta1
LphantBar Toolbar
MainConcept MPEG Encoder
MainConcept MPEG Encoder
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Excel Viewer 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Miro
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)
Mise à jour de sécurité pour Windows XP (KB890046)
Mise à jour de sécurité pour Windows XP (KB893756)
Mise à jour de sécurité pour Windows XP (KB896358)
Mise à jour de sécurité pour Windows XP (KB896422)
Mise à jour de sécurité pour Windows XP (KB896423)
Mise à jour de sécurité pour Windows XP (KB896424)
Mise à jour de sécurité pour Windows XP (KB896428)
Mise à jour de sécurité pour Windows XP (KB899587)
Mise à jour de sécurité pour Windows XP (KB899591)
Mise à jour de sécurité pour Windows XP (KB900725)
Mise à jour de sécurité pour Windows XP (KB901017)
Mise à jour de sécurité pour Windows XP (KB901214)
Mise à jour de sécurité pour Windows XP (KB902400)
Mise à jour de sécurité pour Windows XP (KB904706)
Mise à jour de sécurité pour Windows XP (KB905414)
Mise à jour de sécurité pour Windows XP (KB905749)
Mise à jour de sécurité pour Windows XP (KB905915)
Mise à jour de sécurité pour Windows XP (KB908519)
Mise à jour de sécurité pour Windows XP (KB911562)
Mise à jour de sécurité pour Windows XP (KB911927)
Mise à jour de sécurité pour Windows XP (KB913580)
Mise à jour de sécurité pour Windows XP (KB914388)
Mise à jour de sécurité pour Windows XP (KB914389)
Mise à jour de sécurité pour Windows XP (KB917344)
Mise à jour de sécurité pour Windows XP (KB917953)
Mise à jour de sécurité pour Windows XP (KB918118)
Mise à jour de sécurité pour Windows XP (KB918439)
Mise à jour de sécurité pour Windows XP (KB919007)
Mise à jour de sécurité pour Windows XP (KB920213)
Mise à jour de sécurité pour Windows XP (KB920670)
Mise à jour de sécurité pour Windows XP (KB920683)
Mise à jour de sécurité pour Windows XP (KB920685)
Mise à jour de sécurité pour Windows XP (KB921503)
Mise à jour de sécurité pour Windows XP (KB922819)
Mise à jour de sécurité pour Windows XP (KB923191)
Mise à jour de sécurité pour Windows XP (KB923414)
Mise à jour de sécurité pour Windows XP (KB923689)
Mise à jour de sécurité pour Windows XP (KB923980)
Mise à jour de sécurité pour Windows XP (KB924191)
Mise à jour de sécurité pour Windows XP (KB924270)
Mise à jour de sécurité pour Windows XP (KB924496)
Mise à jour de sécurité pour Windows XP (KB924667)
Mise à jour de sécurité pour Windows XP (KB925902)
Mise à jour de sécurité pour Windows XP (KB926255)
Mise à jour de sécurité pour Windows XP (KB926436)
Mise à jour de sécurité pour Windows XP (KB927779)
Mise à jour de sécurité pour Windows XP (KB927802)
Mise à jour de sécurité pour Windows XP (KB928255)
Mise à jour de sécurité pour Windows XP (KB928843)
Mise à jour de sécurité pour Windows XP (KB929123)
Mise à jour de sécurité pour Windows XP (KB929969)
Mise à jour de sécurité pour Windows XP (KB930178)
Mise à jour de sécurité pour Windows XP (KB931261)
Mise à jour de sécurité pour Windows XP (KB931784)
Mise à jour de sécurité pour Windows XP (KB932168)
Mise à jour de sécurité pour Windows XP (KB933566)
Mise à jour de sécurité pour Windows XP (KB935839)
Mise à jour de sécurité pour Windows XP (KB935840)
Mise à jour de sécurité pour Windows XP (KB936021)
Mise à jour de sécurité pour Windows XP (KB937143)
Mise à jour de sécurité pour Windows XP (KB938127)
Mise à jour de sécurité pour Windows XP (KB938829)
Mise à jour pour Windows XP (KB898461)
Mise à jour pour Windows XP (KB900485)
Mise à jour pour Windows XP (KB908531)
Mise à jour pour Windows XP (KB910437)
Mise à jour pour Windows XP (KB911280)
Mise à jour pour Windows XP (KB916595)
Mise à jour pour Windows XP (KB920872)
Mise à jour pour Windows XP (KB922582)
Mise à jour pour Windows XP (KB927891)
Mise à jour pour Windows XP (KB930916)
Mise à jour pour Windows XP (KB931836)
Mise à jour pour Windows XP (KB933360)
Mise à jour pour Windows XP (KB936357)
Mise à jour pour Windows XP (KB938828)
Mozilla Firefox (2.0.0.14)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB925673)
MVision
NVIDIA Drivers
OptionalContentQFolder
Outils Club Internet
PhotoGallery
PhotoStitch
PowerDirector
PowerDirector
Programme de gestion Camera de Logitech®
PS2
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
RandMap
Razer Copperhead
RealPlayer
Realtek High Definition Audio Driver
RemoteCapture 2.7.4
Revolution Script CZ
SkinsHP1
Skype™ 3.6
SmartSound Quicktracks Plugin
SmartSound Quicktracks Plugin
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Steam(TM)
SUPER © Version 2007.bld.23 (July 4, 2007)
TeamSpeak 2 RC2
TmNationsForever
Total Recorder 7.0
Unload
Ventrilo
VideoLAN VLC media player 0.8.6c
WAMP5 1.7.3
WebFldrs XP
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live installer
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
XML Paper Specification Shared Components Pack 1.0



Le volume dans le lecteur C s'appelle PRESARIO
Le numéro de série du volume est C88D-E7B3

Répertoire de C:\Program Files

19/05/2008 19:49 <REP> .
19/05/2008 19:49 <REP> ..
22/04/2007 13:10 <REP> ABC
25/08/2007 08:07 <REP> Adobe
29/09/2007 13:18 <REP> AGEIA Technologies
01/11/2007 12:23 <REP> Alcohol Soft
09/05/2007 20:30 <REP> Alwil Software
17/04/2008 12:42 <REP> Apple Software Update
02/08/2006 12:45 <REP> AviSynth 2.5
21/04/2007 21:48 <REP> AVSMedia
21/04/2007 21:44 <REP> bobyte
12/04/2008 10:48 <REP> Bonjour
14/07/2007 07:30 <REP> BroadJump
25/07/2007 17:57 <REP> Canon
07/06/2007 18:30 <REP> CCleaner
31/12/2007 12:21 <REP> CDBurnerXP
09/12/2007 14:10 <REP> Clean Start
19/07/2007 12:04 <REP> Club-Internet
30/03/2008 16:03 <REP> Common Files
20/10/2005 21:06 <REP> ComPlus Applications
26/05/2007 08:42 <REP> Cybercorder
23/11/2007 21:13 <REP> Cyberlink
01/11/2007 11:39 <REP> DAEMON Tools
04/01/2008 17:18 <REP> Deco Online
09/10/2006 07:02 <REP> DownloadManager
17/10/2007 16:37 <REP> eMule
17/05/2008 09:20 <REP> eMule2
24/11/2007 10:21 <REP> eRightSoft
23/04/2008 15:19 <REP> Fichiers communs
08/02/2007 09:36 <REP> FileZilla
30/07/2006 09:36 <REP> Free iPod Video Converter
10/03/2008 18:27 <REP> GameTribe
13/10/2007 16:10 <REP> Google
07/05/2008 07:20 <REP> Gpotato
13/11/2007 08:44 <REP> Grisoft
17/02/2008 19:05 <REP> GUILD WARS
02/05/2008 17:39 <REP> Hamachi
31/12/2007 10:09 <REP> HardwareDetection
01/01/2005 17:09 <REP> Hewlett-Packard
26/04/2008 20:41 <REP> HighCriteria
01/01/2005 16:46 <REP> HP
22/04/2007 13:42 <REP> hp deskjet 845c series
09/10/2006 07:08 <REP> IGN
15/05/2007 20:32 <REP> Illustrate
31/03/2007 18:07 <REP> Intel Corporation
19/08/2007 09:14 <REP> Internet Explorer
12/04/2008 10:49 <REP> iPod
12/04/2008 10:49 <REP> iTunes
18/09/2007 19:17 <REP> IZArc
01/01/2005 16:27 <REP> Java
28/06/2007 12:38 <REP> Lexmark 2300 Series
19/09/2006 19:21 <REP> Lexmark Fax Solutions
22/08/2007 09:52 <REP> LG Electronics
19/08/2007 08:54 <REP> Logitech
04/11/2007 23:21 <REP> lphant
04/11/2007 23:22 <REP> LphantBar
19/05/2008 22:20 <REP> Lx_cats
31/10/2007 12:38 <REP> MAIET
01/01/2005 16:31 <REP> Messenger
16/01/2008 20:47 <REP> Messenger Plus! Live
27/10/2005 00:36 <REP> microsoft frontpage
12/09/2007 14:13 <REP> Microsoft Games
02/04/2008 07:15 <REP> Microsoft Office
23/02/2008 16:32 <REP> Microsoft Works
20/07/2007 10:33 <REP> Motive
27/10/2005 00:36 <REP> Movie Maker
20/05/2008 18:53 <REP> Mozilla Firefox
23/02/2008 15:37 <REP> MSECache
12/06/2007 19:41 <REP> MSN
27/10/2005 00:36 <REP> MSN Gaming Zone
21/02/2007 13:59 <REP> MSN Messenger
31/10/2007 12:08 <REP> NetMeeting
27/10/2005 00:36 <REP> Online Services
29/06/2007 03:05 <REP> Outlook Express
18/05/2008 11:41 <REP> Participatory Culture Foundation
12/04/2008 10:47 <REP> QuickTime
29/04/2008 07:30 <REP> Razer
01/01/2005 16:43 <REP> Real
01/01/2005 16:58 <REP> Services en ligne
23/04/2008 15:19 <REP> Skype
07/10/2006 17:16 <REP> SmartCom
23/11/2007 21:14 <REP> SmartSound Software
18/09/2007 19:40 <REP> Steam
04/01/2008 11:51 <REP> Teamspeak2_RC2
05/05/2008 21:11 <REP> THQ
23/04/2008 17:15 <REP> TmNationsForever
19/05/2008 07:13 <REP> Trend Micro
31/07/2007 08:24 <REP> Triggersoft
20/10/2005 21:06 <REP> Uninstall Information
13/01/2008 14:08 <REP> utorrent
12/06/2007 10:15 <REP> Valve
19/07/2006 19:01 <REP> VideoLAN
01/09/2006 14:15 <REP> VirtualDJ
22/04/2007 13:10 <REP> WellPhone DirectSync
12/06/2007 19:49 <REP> Windows Live
22/04/2007 13:10 <REP> Windows Media Connect 2
19/08/2007 10:00 <REP> Windows Media Player
27/10/2005 00:36 <REP> Windows NT
20/10/2005 21:05 <REP> WindowsUpdate
04/08/2006 18:01 <REP> WinRAR
27/10/2005 00:37 <REP> xerox
0 fichier(s) 0 octets
101 Rép(s) 98 218 037 248 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le numéro de série du volume est C88D-E7B3

Répertoire de C:\Program Files\fichiers communs

23/04/2008 15:19 <REP> .
23/04/2008 15:19 <REP> ..
25/08/2007 08:08 <REP> Adobe
15/06/2007 12:14 <REP> Adobe Systems Shared
08/06/2007 11:02 <REP> Ahead
12/04/2008 10:43 <REP> Apple
08/06/2007 10:58 <REP> AVSMedia
07/06/2007 19:06 <REP> Blizzard Entertainment
30/10/2007 19:31 <REP> DirectX
01/01/2005 16:40 <REP> HP
01/01/2005 16:56 <REP> InstallShield
01/01/2005 16:27 <REP> Java
19/08/2007 09:15 <REP> LogiShrd
19/07/2006 18:36 <REP> Logitech
02/04/2008 07:15 <REP> Microsoft Shared
14/07/2007 07:35 <REP> Motive
27/10/2005 00:35 <REP> MSSoap
27/10/2005 00:35 <REP> ODBC
01/01/2005 16:43 <REP> Real
27/10/2005 00:35 <REP> Services
23/04/2008 15:19 <REP> Skype
01/01/2005 16:44 <REP> Sonic Shared
27/10/2005 00:35 <REP> SpeechEngines
01/01/2005 16:44 <REP> SureThing Shared
19/07/2007 12:02 <REP> Symantec Shared
23/02/2008 16:28 <REP> System
18/07/2006 23:35 <REP> Talkway
01/01/2005 16:45 <REP> TiVo Shared
25/08/2007 08:08 <REP> Vbox
29/09/2007 13:09 <REP> Wise Installation Wizard
07/10/2006 17:17 <REP> XCPCSync.OEM
01/01/2005 16:43 <REP> xing shared
0 fichier(s) 0 octets
32 Rép(s) 98 218 033 152 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le numéro de série du volume est C88D-E7B3

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

02/04/2008 07:15 <REP> .
02/04/2008 07:15 <REP> ..
02/04/2008 07:11 <REP> 1036
26/10/2006 20:49 970 528 MSONSEXT.DLL
03/06/1999 12:09 122 937 MSOWS409.DLL
07/03/2001 07:00 127 033 MSOWS40c.DLL
3 fichier(s) 1 220 498 octets
3 Rép(s) 98 218 033 152 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le numéro de série du volume est C88D-E7B3

Répertoire de C:\Program Files\common files

30/03/2008 16:03 <REP> .
30/03/2008 16:03 <REP> ..
30/03/2008 16:03 <REP> INCA Shared
0 fichier(s) 0 octets
3 Rép(s) 98 218 033 152 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le numéro de série du volume est C88D-E7B3

Répertoire de C:\

19/05/2008 18:59 1 390 349 SmitfraudFix.exe
1 fichier(s) 1 390 349 octets
0 Rép(s) 98 218 033 152 octets libres




c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.1.1.5\iTunesSetupAdmin.exe
c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.2.9\iTunesSetupAdmin.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0497545E.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\049C675F.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\082805F2.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\083C01DC.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09F17BFB.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2DF049E4.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DD60FC3.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F1E163E.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F432F3B.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\713602B6.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75B354EA.exe
c:\Documents and Settings\Compaq_Propriétaire\Application Data\inst.exe
c:\Documents and Settings\Compaq_Propriétaire\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
c:\Documents and Settings\Compaq_Propriétaire\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
c:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.exe
c:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe
c:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\ARPPRODUCTICON.exe
c:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
c:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
c:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\UNINST_Uninstall_G_3DE5E7D47B88403CA3FD2017A8240C5B.exe
c:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\SDFix.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\SUPERsetup.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\catchme.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\diff.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\dumphive.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\find2.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\Fport.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\grep.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\gzip.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\LFiles.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\md5sums.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\pslist.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\sigcheck.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\streams.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\swreg.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\tar.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\ZR_1.0.0.37\Zeb-Restore.exe
c:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\CDBurnerXP_Soft\cdbxpp.exe_Url_nfryvllqiqb1hla4nzefaejvhwflc2o0
c:\Documents and Settings\Compaq_Propriétaire\Mes documents\Documents d'Alexia\eMule0.48a-Installer.exe
c:\Documents and Settings\Compaq_Propriétaire\Mes documents\My Games\Titan Quest\TitanQuest1_30.exe
c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
c:\Documents and Settings\All Users\Application Data\LogiShrd\LQCVFX\Filters\MMSEF.dll
c:\Documents and Settings\All Users\Application Data\LogiShrd\LQCVFX\Filters\VMSEF.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\3\3cardpoker.8e73a522a397f174eb628d05f72f1f40.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\a\advancedslots1.0a55799429d83e0cb0c51c4f8800bb5c.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\a\advancedslots1_temp.37e91badb56f49775900493796886528.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx.515b62c381b162125cd165ff444a9767.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_temp.31b4026f06bf6a58dac069b91ce9f87e.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\a\atlanticcityblackjack.9baef784fe666fb9d90dc331d0239eed.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bigkahuna.769fd4a48b95c8614a738f1cad88bcd5.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjghighstreakautoplayplugin.daa7cf372053cea211edcbea65d22b12.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjghighstreakplugin.3e93030461895e6c47198d045c8d1cf9.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjghighstreakstatsplugin.145ee00ec8a028833dd329dab350af61.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjghighstreakstrategylogic1.191efcf9140c2fe6e0f5d9a976a4dc62.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjghighstreakstrategyui1.57392ae0d395ad2b922b909eeea4d57f.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjghighstreakxxx.b4ec12e8f6a82be74843d2bd8895d089.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjgoldautoplayplugin.9eecf610ea29425ecba27ee4d82e5058.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjgoldplugin.77868ad6c41073f45be5eb8a5441c690.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjgoldstatsplugin.6518eac98880e1c269feffe4b0025ca1.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjgoldxxx.49c3810d214dd99c8c9a10ec7d79ed46.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjstrategylogic1.0ce35352c4c4658d12c59ec38c70398a.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjstrategyui1.f6bf7f52301739c715fb0c01374c3b3a.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\blplugin.43df87da33698c32bca7a2698484452d.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bonus_threereel_types_1_2.19c24a05687d90864e9a9de516d92124.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bonusblackjack.dab6343a296b066bd5fe18d7c7d9940f.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bonuspaigowpoker.7a255497429caa23df774f47d3465136.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\cashanovafreerangebonus.e076c032e655189a3a36f4df53998202.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\cashanovafreerangebonus_temp.598336f9707e832cab943342026367f4.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\cashanovagetlucky.0b76a8d26c574693effc6642880e2100.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\cashanovagetlucky_temp.b71b6ce6d93f57e6e8d79f64bfda39ca.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\casinowar.e981fb96518533a1e37361e9d8163b74.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\casinowarxxx.07a6656e153859c2f09a4efde26ba0d5.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\choosebonus.f45804d6e8abc6918fbf1eaa8e3e92b4.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\classicblackjack.cd8f07669d8ad1880944c3c957f8a558.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\complexpickxofybonus.d1bfb60b3ff2f4b47b96df4144258313.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\complexpickxofybonus_temp.08605981adfd307c6b4a171bff0fc06e.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\d\diamonddealbonus.2870129824bd4ab03fe258a72414c9fe.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\d\doubleexposureblackjack.00416c68a65da9cd4e538e162751f284.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\e\euroblackjack.6c6f541acc24f3244c0a64fa851edca8.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\e\euroblackjackstrategy.9c188ef9cd6c03e5b4bd398d23041cd2.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\e\europeanblackjack.cb403a5bad6b43e2910d2e09c35c47ed.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\e\euroroulette.fa2b524975a5d8bbc30203d094e2b084.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\f\frenchroulette.181434980597f8ff07c31ab5432ab080.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\gamble.212eaf21a4805f8521d0d0c57b6a933b.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\gamble2.04f884d96aad7f5c7b941fdd39ed766d.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\gamble2_temp.26f9c8c015d827f52f79be90c9c65d15.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\gambleplugin.c4d8c6f5542066f894b7f2e575038afb.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\goldengoosecardbonus.ad7c2639e837decbb6b1767d636aa20c.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\goldengoosecreditsbonus.1bee21962a1e5bd558c2298b640bc2d1.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\goldengoosemoneybonus.931d2cffabd7746875b654c43954652a.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\goldengoosexofybonus.50f0a525cf3c793fb5038ad1f3466247.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\goldseries_euroroulette.c04add4a4ccdfa99acf5bc9050a74d69.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\goldseriesmh3cardpokerplugin.5a185095e975ba0cdfe6e7400fcb7d4e.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\goldseriesmh3cardpokerxxx.f90691784645d2d0d637d253e6b6f397.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\h\hlbaccarat.039d4b87185594a6514fa72926a5dbbd.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\megaspinsuite1.2def01b8e52d92e08cc8f9a917ea6e80.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\mermaidsbonus.f520937c2ec436ae80b67d9c967dd3f6.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\mermaidsmillions.9379e4aac1e4731bf7922c8c2544bd7a.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\mermaidsmillionsxxx.85e8ee4057b7c3d431514729821caee1.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\mhbjgoldplugin.ade63f3fb6abb840a17307ccbd0accf4.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\mhbjgoldxxx.9f90371deb21a4c89c6bc14d9c0e3224.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\mhbjstrategyui1.0be4ad11dcfc60954bb7dba32e842885.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\mptadvancedslots.039a84427e76ab4e1715f80765a76305.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\mptleaderboard.91fac472d1ff352976950258719d35a2.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\mpvslotxxx.e5675e7198cee47ae84db3a4020d9441.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\p\powerpokersuite1_nl.cebfe8812d984716506c6d9d096a5f48.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\p\progressive.438680b03871c60991f1514597a244d3.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\p\progressive_temp.6ebf7ea2dc11bd7ab20476f37a97da6f.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\s\secretadmirer.8a58ed349e595e616819333c365b431d.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\s\secretadmirerxxx.b82b0093b453bf095401cf169803f6f6.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\s\simplepickuntilbonus.571a904af34f5f3b18cf4feaec07913f.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\s\simplepickuntilbonus_temp.b6b7e588aedb05fa062fb8447406bca9.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\s\simplepickxofybonus.bb69121ba26b8b09500f7448266e3542.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\s\simplepickxofybonus_temp.72ea7bbc511b024cb0eafd21daabe862.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\s\simplepickxofyskillbonus.9217a2b384f498835fd4199838199dc2.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\t\tikimaskbonusgame.0dc1c149f619ef0a72aacd3abdeb0dfb.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\t\transition.11abae2d8790a65ff5805bcb9230762f.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\t\transition_temp.b1ca11d4e648e5135eea6ec5f3d901f9.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\t\type_3reelnormal1_2.6d58a1bcaf1d9165fa0b77fa9598b623.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\t\type_3reelprogressive1_2.a0c5e56438d504531121ead802e24dcf.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\t\type_5reelnormal3_4_5.07db0a5618a0565d7bde7a2766c54711.dll
c:\Documents and Settings

Répertoire de C:\

19/05/2008 18:59 1 390 349 SmitfraudFix.exe
1 fichier(s) 1 390 349 octets
0 Rép(s) 98 218 033 152 octets libres




c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.1.1.5\iTunesSetupAdmin.exe
c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.2.9\iTunesSetupAdmin.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0497545E.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\049C675F.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\082805F2.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\083C01DC.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09F17BFB.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2DF049E4.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DD60FC3.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F1E163E.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F432F3B.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\713602B6.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75B354EA.exe
c:\Documents and Settings\Compaq_Propriétaire\Application Data\inst.exe
c:\Documents and Settings\Compaq_Propriétaire\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
c:\Documents and Settings\Compaq_Propriétaire\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
c:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.exe
c:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe
c:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\ARPPRODUCTICON.exe
c:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
c:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
c:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\UNINST_Uninstall_G_3DE5E7D47B88403CA3FD2017A8240C5B.exe
c:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\SDFix.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\SUPERsetup.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\catchme.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\diff.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\dumphive.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\find2.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\Fport.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\grep.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\gzip.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\LFiles.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\md5sums.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\pslist.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\sigcheck.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\streams.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\swreg.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\DiagHelp\tar.exe
c:\Documents and Settings\Compaq_Propriétaire\Bureau\ZR_1.0.0.37\Zeb-Restore.exe
c:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\CDBurnerXP_Soft\cdbxpp.exe_Url_nfryvllqiqb1hla4nzefaejvhwflc2o0
c:\Documents and Settings\Compaq_Propriétaire\Mes documents\Documents d'Alexia\eMule0.48a-Installer.exe
c:\Documents and Settings\Compaq_Propriétaire\Mes documents\My Games\Titan Quest\TitanQuest1_30.exe
c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
c:\Documents and Settings\All Users\Application Data\LogiShrd\LQCVFX\Filters\MMSEF.dll
c:\Documents and Settings\All Users\Application Data\LogiShrd\LQCVFX\Filters\VMSEF.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\3\3cardpoker.8e73a522a397f174eb628d05f72f1f40.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\a\advancedslots1.0a55799429d83e0cb0c51c4f8800bb5c.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\a\advancedslots1_temp.37e91badb56f49775900493796886528.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx.515b62c381b162125cd165ff444a9767.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_temp.31b4026f06bf6a58dac069b91ce9f87e.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\a\atlanticcityblackjack.9baef784fe666fb9d90dc331d0239eed.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bigkahuna.769fd4a48b95c8614a738f1cad88bcd5.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjghighstreakautoplayplugin.daa7cf372053cea211edcbea65d22b12.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjghighstreakplugin.3e93030461895e6c47198d045c8d1cf9.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjghighstreakstatsplugin.145ee00ec8a028833dd329dab350af61.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjghighstreakstrategylogic1.191efcf9140c2fe6e0f5d9a976a4dc62.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjghighstreakstrategyui1.57392ae0d395ad2b922b909eeea4d57f.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjghighstreakxxx.b4ec12e8f6a82be74843d2bd8895d089.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjgoldautoplayplugin.9eecf610ea29425ecba27ee4d82e5058.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjgoldplugin.77868ad6c41073f45be5eb8a5441c690.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjgoldstatsplugin.6518eac98880e1c269feffe4b0025ca1.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjgoldxxx.49c3810d214dd99c8c9a10ec7d79ed46.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjstrategylogic1.0ce35352c4c4658d12c59ec38c70398a.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjstrategyui1.f6bf7f52301739c715fb0c01374c3b3a.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\blplugin.43df87da33698c32bca7a2698484452d.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bonus_threereel_types_1_2.19c24a05687d90864e9a9de516d92124.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bonusblackjack.dab6343a296b066bd5fe18d7c7d9940f.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bonuspaigowpoker.7a255497429caa23df774f47d3465136.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\cashanovafreerangebonus.e076c032e655189a3a36f4df53998202.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\cashanovafreerangebonus_temp.598336f9707e832cab943342026367f4.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\cashanovagetlucky.0b76a8d26c574693effc6642880e2100.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\cashanovagetlucky_temp.b71b6ce6d93f57e6e8d79f64bfda39ca.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\casinowar.e981fb96518533a1e37361e9d8163b74.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\casinowarxxx.07a6656e153859c2f09a4efde26ba0d5.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\choosebonus.f45804d6e8abc6918fbf1eaa8e3e92b4.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\classicblackjack.cd8f07669d8ad1880944c3c957f8a558.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\complexpickxofybonus.d1bfb60b3ff2f4b47b96df4144258313.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\complexpickxofybonus_temp.08605981adfd307c6b4a171bff0fc06e.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\d\diamonddealbonus.2870129824bd4ab03fe258a72414c9fe.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\d\doubleexposureblackjack.00416c68a65da9cd4e538e162751f284.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\e\euroblackjack.6c6f541acc24f3244c0a64fa851edca8.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\e\euroblackjackstrategy.9c188ef9cd6c03e5b4bd398d23041cd2.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\e\europeanblackjack.cb403a5bad6b43e2910d2e09c35c47ed.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\e\euroroulette.fa2b524975a5d8bbc30203d094e2b084.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\f\frenchroulette.181434980597f8ff07c31ab5432ab080.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\gamble.212eaf21a4805f8521d0d0c57b6a933b.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\gamble2.04f884d96aad7f5c7b941fdd39ed766d.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\gamble2_temp.26f9c8c015d827f52f79be90c9c65d15.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\gambleplugin.c4d8c6f5542066f894b7f2e575038afb.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\goldengoosecardbonus.ad7c2639e837decbb6b1767d636aa20c.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\goldengoosecreditsbonus.1bee21962a1e5bd558c2298b640bc2d1.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\goldengoosemoneybonus.931d2cffabd7746875b654c43954652a.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\goldengoosexofybonus.50f0a525cf3c793fb5038ad1f3466247.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\goldseries_euroroulette.c04add4a4ccdfa99acf5bc9050a74d69.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\goldseriesmh3cardpokerplugin.5a185095e975ba0cdfe6e7400fcb7d4e.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\goldseriesmh3cardpokerxxx.f90691784645d2d0d637d253e6b6f397.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\h\hlbaccarat.039d4b87185594a6514fa72926a5dbbd.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\megaspinsuite1.2def01b8e52d92e08cc8f9a917ea6e80.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\mermaidsbonus.f520937c2ec436ae80b67d9c967dd3f6.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\mermaidsmillions.9379e4aac1e4731bf7922c8c2544bd7a.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\mermaidsmillionsxxx.85e8ee4057b7c3d431514729821caee1.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\mhbjgoldplugin.ade63f3fb6abb840a17307ccbd0accf4.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\mhbjgoldxxx.9f90371deb21a4c89c6bc14d9c0e3224.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\mhbjstrategyui1.0be4ad11dcfc60954bb7dba32e842885.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\mptadvancedslots.039a84427e76ab4e1715f80765a76305.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\mptleaderboard.91fac472d1ff352976950258719d35a2.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\mpvslotxxx.e5675e7198cee47ae84db3a4020d9441.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\p\powerpokersuite1_nl.cebfe8812d984716506c6d9d096a5f48.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\p\progressive.438680b03871c60991f1514597a244d3.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\p\progressive_temp.6ebf7ea2dc11bd7ab20476f37a97da6f.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\s\secretadmirer.8a58ed349e595e616819333c365b431d.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\s\secretadmirerxxx.b82b0093b453bf095401cf169803f6f6.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\s\simplepickuntilbonus.571a904af34f5f3b18cf4feaec07913f.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\s\simplepickuntilbonus_temp.b6b7e588aedb05fa062fb8447406bca9.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\s\simplepickxofybonus.bb69121ba26b8b09500f7448266e3542.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\s\simplepickxofybonus_temp.72ea7bbc511b024cb0eafd21daabe862.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\s\simplepickxofyskillbonus.9217a2b384f498835fd4199838199dc2.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\t\tikimaskbonusgame.0dc1c149f619ef0a72aacd3abdeb0dfb.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\t\transition.11abae2d8790a65ff5805bcb9230762f.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\t\transition_temp.b1ca11d4e648e5135eea6ec5f3d901f9.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\t\type_3reelnormal1_2.6d58a1bcaf1d9165fa0b77fa9598b623.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\t\type_3reelprogressive1_2.a0c5e56438d504531121ead802e24dcf.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\t\type_5reelnormal3_4_5.07db0a5618a0565d7bde7a2766c54711.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\t\type_5reelprogressive3_4_5.c65d2830787ed7999b948455e324121b.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\v\videopokersuite1.03dd648f567bef124a1d270ad208752a.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\v\volcanobonusgame.1f5cd5f4b800bd1a6e740e08a3119e10.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\w\wheelofwealthbonus.273ed6671a16c67a5d50ecde6a66097a.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\x\xmlparserplugin.57e9fd94cbd592ad475a3ca59462730f.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\_\_crt_baccarat.a090413d6195a12421945ded5707d93f.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\_\_crt_keno.ed975aa9c9bb5e5ec89c8ffeee254e8a.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\id Software\Enemy Territory - QUAKE Wars Demo\base\compiledscriptx86.dll
c:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\id Software\Enemy Territory - QUAKE Wars Demo\base\gamex86.dll
c:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\id Software\Enemy Territory - QUAKE Wars Demo\pb\pbag.dll
c:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\id Software\Enemy Territory - QUAKE Wars Demo\pb\pbcl.dll
c:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\id Software\Enemy Territory - QUAKE Wars Demo\pb\pbsv.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_PC-THIBAUT.tar.gz a l'adresse http://upload.malekal.com

Search Navipromo version 3.5.7 commencé le 21/05/2008 à 18:05:30,89

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Compaq_Propriétaire"

Mise à jour le 11.05.2008 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\menudÉ~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Compaq_Propriétaire\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Compaq_Propriétaire\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Compaq_Propriétaire\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\COMPAQ~2\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\COMPAQ~3\menudm~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Fichier(s) caché(s) :

C:\WINDOWS\system32\qlmnvt.dat
C:\WINDOWS\system32\qlmnvt.exe
C:\WINDOWS\system32\qlmnvt_nav.dat
C:\WINDOWS\system32\qlmnvt_navps.dat


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Compaq_Propriétaire\locals~1\applic~1" *



*** Recherche fichiers ***


C:\WINDOWS\pack.epk trouvé !
C:\WINDOWS\system32\nvs2.inf trouvé !

*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

qlmnvt.dat trouvé !

* Dans "C:\Documents and Settings\Compaq_Propriétaire\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 21/05/2008 à 18:13:26,12 ***

Clean Navipromo version 3.5.7 commencé le 21/05/2008 à 18:49:14,92

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Compaq_Propriétaire"

Mise à jour le 11.05.2008 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS

Mode suppression automatique
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur


*** Creation backups fichiers trouvés par Catchme ***

Copie vers "C:\Program Files\navilog1\Backupnavi"

Copie C:\WINDOWS\system32\qlmnvt.dat réalisée avec succès !
Copie C:\WINDOWS\system32\qlmnvt.exe réalisée avec succès !
Copie C:\WINDOWS\system32\qlmnvt_nav.dat réalisée avec succès !
Copie C:\WINDOWS\system32\qlmnvt_navps.dat réalisée avec succès !

*** Suppression des fichiers trouvés avec Catchme ***

C:\WINDOWS\system32\qlmnvt.dat supprimé !
C:\WINDOWS\system32\qlmnvt.exe supprimé !
C:\WINDOWS\system32\qlmnvt_nav.dat supprimé !
C:\WINDOWS\system32\qlmnvt_navps.dat supprimé !

** 2ème passage avec résultats Catchme **

* Dans "C:\WINDOWS\system32" *


C:\WINDOWS\prefetch\qlmnvt*.pf trouvé !
Copie C:\WINDOWS\prefetch\qlmnvt*.pf réalisée avec succès !
C:\WINDOWS\prefetch\qlmnvt*.pf supprimé !

* Dans "C:\Documents and Settings\Compaq_Propriétaire\locals~1\applic~1" *


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


* Suppression dans "C:\Documents and Settings\Compaq_Propriétaire\locals~1\applic~1" *



*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\menudÉ~1\progra~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Compaq_Propriétaire\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Compaq_Propriétaire\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Compaq_Propriétaire\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\COMPAQ~2\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\COMPAQ~3\menudm~1\progra~1" ***



*** Suppression fichiers ***

C:\WINDOWS\pack.epk supprimé !
C:\WINDOWS\system32\nvs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Compaq_Propri‚taire\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *


* Dans "C:\Documents and Settings\Compaq_Propriétaire\locals~1\applic~1" *


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 21/05/2008 à 18:55:03,93 ***

ComboFix 08-05-20.5 - Compaq_Propriétaire 2008-05-21 19:20:01.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.631 [GMT 2:00]
Endroit: C:\Documents and Settings\Compaq_Propriétaire\Bureau\C-Fix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Compaq_Propriétaire\Application Data\inst.exe
C:\Program Files\Mozilla Firefox\plugins\npclntax.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_poof


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-21 to 2008-05-21 ))))))))))))))))))))))))))))))))))))
.

2008-05-21 18:04 . 2008-05-21 18:55 <REP> d-------- C:\Program Files\Navilog1
2008-05-20 19:06 . 2008-05-20 19:06 2,655,260 --a------ C:\upload_moi_PC-THIBAUT.tar.gz
2008-05-19 21:06 . 2008-05-19 21:07 <REP> d-------- C:\WINDOWS\ERUNT
2008-05-19 20:50 . 2008-05-19 21:34 <REP> d-------- C:\SDFix
2008-05-19 19:05 . 2008-05-19 19:54 2,610 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-19 19:04 . 2008-05-19 19:58 <REP> d-------- C:\SmitfraudFix
2008-05-19 19:03 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-19 19:03 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-19 19:03 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-19 19:03 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-19 19:03 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-19 19:03 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-19 19:03 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-19 18:59 . 2008-05-19 18:59 1,390,349 --a------ C:\SmitfraudFix.exe
2008-05-19 18:55 . 2008-05-19 18:55 3,022 --a------ C:\djin.jpg
2008-05-19 07:13 . 2008-05-19 07:13 <REP> d-------- C:\Program Files\Trend Micro
2008-05-18 12:39 . 2008-05-18 12:39 25,670 --a------ C:\lord of the dearth-b8c8792af8075.jpg
2008-05-18 12:37 . 2008-05-18 12:37 15,870 --a------ C:\Tanner-b8adffb1734b.jpg
2008-05-18 12:36 . 2008-05-18 12:36 11,679 --a------ C:\Darbloody-b8c63d22a93cf.jpg
2008-05-18 12:35 . 2008-05-18 12:35 10,872 --a------ C:\eloane sister-b84e524edb3d8.jpg
2008-05-18 12:34 . 2008-05-18 12:34 5,541 --a------ C:\Mayu-b880782ac02df.jpg
2008-05-18 12:28 . 2008-05-18 12:28 6,166 --a------ C:\jb76-b8b53a1840e9e.jpg
2008-05-18 12:23 . 2008-05-18 12:23 8,192 --ahs---- C:\Thumbs.db
2008-05-18 12:22 . 2008-05-18 12:22 7,219 --a------ C:\doumdoums-b8803e21f9d0.jpg
2008-05-18 12:18 . 2008-05-18 12:18 6,484 --a------ C:\jcmhaga-b8bca272384.jpg
2008-05-18 12:14 . 2008-05-18 12:14 8,446 --a------ C:\Tome Necro elite.jpg
2008-05-18 11:41 . 2008-05-18 11:41 <REP> d-------- C:\Program Files\Participatory Culture Foundation
2008-05-06 21:14 . 2008-05-06 21:14 5,089 --a------ C:\rlz.php
2008-05-02 17:38 . 2008-05-02 17:39 <REP> d-------- C:\Program Files\Hamachi
2008-05-02 17:38 . 2008-05-02 17:38 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-04-29 07:30 . 2008-04-29 07:30 <REP> d-------- C:\Program Files\Razer
2008-04-29 07:30 . 2005-07-22 15:01 69,632 --a------ C:\WINDOWS\system32\razer.cpl
2008-04-26 20:41 . 2008-04-26 20:41 <REP> d-------- C:\Program Files\HighCriteria
2008-04-26 20:41 . 2008-04-17 01:34 119,448 --a------ C:\WINDOWS\system32\drivers\TotRec7.sys
2008-04-26 20:41 . 2008-04-12 12:29 106,496 --a------ C:\WINDOWS\system32\DrvTrNTl.dll
2008-04-26 20:41 . 2008-04-17 01:34 59,032 --a------ C:\WINDOWS\system32\DrvTrNTm.dll
2008-04-23 17:17 . 2008-05-18 13:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-04-23 17:12 . 2008-04-23 17:15 <REP> d-------- C:\Program Files\TmNationsForever
2008-04-23 15:23 . 2008-04-23 15:23 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-04-23 15:19 . 2008-04-23 15:19 <REP> d-------- C:\Program Files\Skype
2008-04-23 15:19 . 2008-04-23 15:19 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-04-23 15:19 . 2008-04-23 15:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-19 20:20 --------- d-----w C:\Program Files\Lx_cats
2008-05-17 07:20 --------- d-----w C:\Program Files\eMule2
2008-05-07 05:20 --------- d-----w C:\Program Files\Gpotato
2008-05-05 19:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-05 19:11 --------- d-----w C:\Program Files\THQ
2008-05-03 12:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-17 10:42 --------- d-----w C:\Program Files\Apple Software Update
2008-04-12 08:49 --------- d-----w C:\Program Files\iTunes
2008-04-12 08:49 --------- d-----w C:\Program Files\iPod
2008-04-12 08:48 --------- d-----w C:\Program Files\Bonjour
2008-04-12 08:47 --------- d-----w C:\Program Files\QuickTime
2008-04-12 08:43 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-04-12 08:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-04-02 05:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-30 14:03 --------- d-----w C:\Program Files\Common Files
2008-03-06 19:18 440,466 -c--a-w C:\WINDOWS\Revolution Script CZ Uninstaller.exe
2007-05-23 15:57 24,064 -csha-w C:\Program Files\Thumbs.db
2006-07-26 19:38 32,207 -csh--w C:\Program Files\Fichiers communs\Y1220OU.exe
2005-05-13 15:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2007-05-26 03:50 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys
2005-07-14 10:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 13:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 20:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2004-01-24 22:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2005-02-28 11:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-24 22:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6b284373-1765-4464-a587-80fbc2b2eefa}]
2007-10-14 12:00 1498136 --a------ C:\Program Files\LphantBar\tbLpha.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6B284373-1765-4464-A587-80FBC2B2EEFA}"= "C:\Program Files\LphantBar\tbLpha.dll" [2007-10-14 12:00 1498136]

[HKEY_CLASSES_ROOT\clsid\{6b284373-1765-4464-a587-80fbc2b2eefa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{6B284373-1765-4464-A587-80FBC2B2EEFA}"= C:\Program Files\LphantBar\tbLpha.dll [2007-10-14 12:00 1498136]

[HKEY_CLASSES_ROOT\clsid\{6b284373-1765-4464-a587-80fbc2b2eefa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 09:20 222080]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 16:19 5728112]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-29 14:42 21898024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-01-01 16:43 180269]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"razer"="C:\Program Files\Razer\Copperhead\razerhid.exe" [2005-10-08 16:27 155648]
"LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 13:48 73728]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"wave"= DrvTrNTm.dll
"mixer"= DrvTrNTm.dll
"vidc.yv12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\condition zero\\hl.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\counter-strike\\hl.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\wamp\\Apache2\\bin\\httpd.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\source sdk base\\hl2.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\lphant\\eLePhantClient.exe"=
"C:\\Program Files\\Cyberlink\\PowerDirector\\PDR.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\day of defeat\\hl.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Valve\\Steam\\steam.exe"=
"C:\\Program Files\\eMule2\\emule.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\ricochet\\hl.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\deathmatch classic\\hl.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\TmNationsForever\\TmForever.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\everlast59990\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 09:34]
R3 Razerlow;Razer Copperhead Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2005-08-12 10:11]
R3 TotRec7;Total Recorder WDM audio driver;C:\WINDOWS\system32\drivers\TotRec7.sys [2008-04-17 01:34]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 uisp;Freescale USB JW32 driver;C:\WINDOWS\system32\Drivers\usbicp.sys [2001-01-04 10:12]
S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-05 13:00]
S3 wampapache;wampapache;"c:\wamp\apache2\bin\httpd.exe" -k runservice []
S3 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe [2007-07-06 13:14]
S3 XDva039;XDva039;C:\WINDOWS\system32\XDva039.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\setup.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-09 05:34:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-21 19:25:49
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-21 19:30:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-21 17:30:24

Pre-Run: 97,996,181,504 octets libres
Post-Run: 97,916,710,912 octets libres

202 --- E O F --- 2007-08-29 01:00:50

Tout d'abord je constate un arrêt des spams; ce qui est très agréable, pouvoir surfer sans embrouilles ^^.
Un petite augmentation de rapidité également.
D'autres choses restent surement à constater mais en tout cas merci d'avoir réglé mon problème et d'avoir porté attention à mon problème.

Amicalement,
Ever