Pc infecté?
Résolu
Cindy138
Messages postés
42
Statut
Membre
-
ep44 Messages postés 7432 Statut Contributeur -
ep44 Messages postés 7432 Statut Contributeur -
Bonjour,
J'aimerai savoir si mon pc est infecté? merci pour vos réponces
rapport HijackThis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:19:15, on 04/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Moi\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
J'aimerai savoir si mon pc est infecté? merci pour vos réponces
rapport HijackThis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:19:15, on 04/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Moi\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
A voir également:
- Pc infecté?
- Reinitialiser pc - Guide
- Pc lent - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Forcer demarrage pc - Guide
- Double ecran pc - Guide
16 réponses
Si tu pense que ton ordinateur est infecte au pire installe un anti virus ou si tu l a deja active le et parametre le . N oublie pas d activer ton pare feu si t en as un.
le seul pare feu ke j'ai c'est celui de windows xp. Faut-il en avoir un à part?
Pour mon antivirus je l'ai activé et il ne me détect rien.
Pour mon antivirus je l'ai activé et il ne me détect rien.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
En ce moment il chauffe assez vite qd jmet 2programme en route, le UC est vite à 100.Donc jme demandé s'il n'y auré pas kelkue chose.
une ligne à fixer :
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
windows+ie+java à jour, bravo c très rare
pas de toolbar = un pc qui respire
remarque : pas de parefeu, ni d'anti spyware
logiciels free
parefeu : armor online (chiant et très efficace) ou zonealarm (efficace)
anti spyware : spybot (planifiable)
conseils et tutos sur
www.malekal.com
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
windows+ie+java à jour, bravo c très rare
pas de toolbar = un pc qui respire
remarque : pas de parefeu, ni d'anti spyware
logiciels free
parefeu : armor online (chiant et très efficace) ou zonealarm (efficace)
anti spyware : spybot (planifiable)
conseils et tutos sur
www.malekal.com
si il chauffe vois plutôt du coté du nettoyage comme un bon dépoussiérage
si tu es un doute on peut pousser la recherche
Télécharge DiagHelp.zip sur ton bureau http://www.malekal.com/download/DiagHelp.zip
==> Ne double-clic pas dessus !! Fais un clic droit sur le fichier et extraire tout
==> Un nouveau dossier chercher va être créé DiagHelp
==> Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
==> Une fenêtre va s'ouvrir, choisis l'option 1
==> L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande
==> Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
==> Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
==> A nouveau menu Edition / copier
==> Dans un nouveau message ici, faire un clic droit / coller
@+
si tu es un doute on peut pousser la recherche
Télécharge DiagHelp.zip sur ton bureau http://www.malekal.com/download/DiagHelp.zip
==> Ne double-clic pas dessus !! Fais un clic droit sur le fichier et extraire tout
==> Un nouveau dossier chercher va être créé DiagHelp
==> Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
==> Une fenêtre va s'ouvrir, choisis l'option 1
==> L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande
==> Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
==> Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
==> A nouveau menu Edition / copier
==> Dans un nouveau message ici, faire un clic droit / coller
@+
Merci Redbart pour ton conseil je l'ai fait.
Ep44 : je fais ske tu me demande et reviens te dire ski se passe
Ep44 : je fais ske tu me demande et reviens te dire ski se passe
Voila le scan ke tu m'as demandé :
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-04 18:47:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:95,b3,3a,db,59,1f,b0,4b,2c,ae,c1,c3,f8,f5,e5,b1,9d,83,fb,40,6a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,9d,00,b1,53,7a,1e,d5,e6,a5,4d,c4,8a,8b,2e,ff,cf,e3,..
"khjeh"=hex:dc,dd,6a,27,54,2d,c6,b5,57,2a,a4,b9,1f,6c,c7,8b,1f,b2,a1,2f,71,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:89,8d,8b,67,07,36,91,09,32,65,f4,9c,16,3f,83,16,1c,1f,17,e5,18,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{BF657286-2E5B-437F-8F3B-BBE80B4AB46D}]
"SymbolicLink"="\\?\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{BF657286-2E5B-437F-8F3B-BBE80B4AB46D}\0\0\r\0àÀ\0\0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:95,b3,3a,db,59,1f,b0,4b,2c,ae,c1,c3,f8,f5,e5,b1,9d,83,fb,40,6a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,9d,00,b1,53,7a,1e,d5,e6,a5,4d,c4,8a,8b,2e,ff,cf,e3,..
"khjeh"=hex:dc,dd,6a,27,54,2d,c6,b5,57,2a,a4,b9,1f,6c,c7,8b,1f,b2,a1,2f,71,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:89,8d,8b,67,07,36,91,09,32,65,f4,9c,16,3f,83,16,1c,1f,17,e5,18,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{BF657286-2E5B-437F-8F3B-BBE80B4AB46D}]
"SymbolicLink"="\\?\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{BF657286-2E5B-437F-8F3B-BBE80B4AB46D}\0\0\r\0àÀ\0\0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:90b6491d
"s2"=dword:2027b264
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:95,b3,3a,db,59,1f,b0,4b,2c,ae,c1,c3,f8,f5,e5,b1,9d,83,fb,40,6a,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,9d,00,b1,53,7a,1e,d5,e6,a5,4d,c4,8a,8b,2e,ff,cf,e3,..
"khjeh"=hex:dc,dd,6a,27,54,2d,c6,b5,57,2a,a4,b9,1f,6c,c7,8b,1f,b2,a1,2f,71,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:89,8d,8b,67,07,36,91,09,32,65,f4,9c,16,3f,83,16,1c,1f,17,e5,18,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden services: 0
hidden files: 0
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-04 18:47:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:95,b3,3a,db,59,1f,b0,4b,2c,ae,c1,c3,f8,f5,e5,b1,9d,83,fb,40,6a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,9d,00,b1,53,7a,1e,d5,e6,a5,4d,c4,8a,8b,2e,ff,cf,e3,..
"khjeh"=hex:dc,dd,6a,27,54,2d,c6,b5,57,2a,a4,b9,1f,6c,c7,8b,1f,b2,a1,2f,71,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:89,8d,8b,67,07,36,91,09,32,65,f4,9c,16,3f,83,16,1c,1f,17,e5,18,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{BF657286-2E5B-437F-8F3B-BBE80B4AB46D}]
"SymbolicLink"="\\?\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{BF657286-2E5B-437F-8F3B-BBE80B4AB46D}\0\0\r\0àÀ\0\0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:95,b3,3a,db,59,1f,b0,4b,2c,ae,c1,c3,f8,f5,e5,b1,9d,83,fb,40,6a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,9d,00,b1,53,7a,1e,d5,e6,a5,4d,c4,8a,8b,2e,ff,cf,e3,..
"khjeh"=hex:dc,dd,6a,27,54,2d,c6,b5,57,2a,a4,b9,1f,6c,c7,8b,1f,b2,a1,2f,71,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:89,8d,8b,67,07,36,91,09,32,65,f4,9c,16,3f,83,16,1c,1f,17,e5,18,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{BF657286-2E5B-437F-8F3B-BBE80B4AB46D}]
"SymbolicLink"="\\?\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{BF657286-2E5B-437F-8F3B-BBE80B4AB46D}\0\0\r\0àÀ\0\0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:90b6491d
"s2"=dword:2027b264
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:95,b3,3a,db,59,1f,b0,4b,2c,ae,c1,c3,f8,f5,e5,b1,9d,83,fb,40,6a,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,9d,00,b1,53,7a,1e,d5,e6,a5,4d,c4,8a,8b,2e,ff,cf,e3,..
"khjeh"=hex:dc,dd,6a,27,54,2d,c6,b5,57,2a,a4,b9,1f,6c,c7,8b,1f,b2,a1,2f,71,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:89,8d,8b,67,07,36,91,09,32,65,f4,9c,16,3f,83,16,1c,1f,17,e5,18,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden services: 0
hidden files: 0
Non pas de soucis je suis partie diner :)
ce n'est pas le rapport regarde dans C si tu as un rapport Résultat.txt
ce n'est pas le rapport regarde dans C si tu as un rapport Résultat.txt
ah oki dsl lol.
voila ske g :
DiagHelp version v1.4 - http://www.malekal.com
excute le 04/09/2008 à 18:45:49,67
Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CHCP.COM-17EDBDC9.pf -->04/09/2008 18:45:29
C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf -->04/09/2008 18:45:27
C:\WINDOWS\prefetch\WINRAR.EXE-0AA31BB9.pf -->04/09/2008 18:44:31
C:\WINDOWS\prefetch\ALBUMDB2.EXE-1F918EF2.pf -->04/09/2008 18:40:59
C:\WINDOWS\prefetch\WLLOGINPROXY.EXE-090074F0.pf -->04/09/2008 18:40:53
C:\WINDOWS\prefetch\IEXPLORE.EXE-2D97EBE6.pf -->04/09/2008 18:40:44
C:\WINDOWS\prefetch\WMIPRVSE.EXE-0D449B4F.pf -->04/09/2008 18:40:11
C:\WINDOWS\prefetch\HIJACKTHIS.EXE-00930694.pf -->04/09/2008 18:40:07
C:\WINDOWS\prefetch\NOTEPAD.EXE-2F2D61E1.pf -->04/09/2008 18:39:53
C:\WINDOWS\prefetch\MBAM.EXE-0D37CDF0.pf -->04/09/2008 18:37:41
C:\WINDOWS\System32\drivers\fidbox2.dat -->04/09/2008 18:44:20
C:\WINDOWS\System32\drivers\fidbox.dat -->04/09/2008 18:43:03
C:\WINDOWS\System32\drivers\fidbox2.idx -->04/09/2008 17:55:43
C:\WINDOWS\System32\drivers\fidbox.idx -->04/09/2008 17:55:42
C:\WINDOWS\System32\drivers\klin.dat -->06/08/2008 20:34:34
C:\WINDOWS\System32\drivers\klick.dat -->23/07/2008 18:36:27
C:\WINDOWS\System32\drivers\tcpip.sys -->20/06/2008 13:51:12
C:\WINDOWS\System32\wpa.dbl -->04/09/2008 18:02:44
C:\WINDOWS\System32\TZLog.log -->15/08/2008 09:05:52
C:\WINDOWS\System32\MRT.exe -->05/08/2008 20:11:01
C:\WINDOWS\System32\cdm.dll -->18/07/2008 22:10:48
C:\WINDOWS\System32\wuauclt.exe -->18/07/2008 22:10:42
C:\WINDOWS\System32\wups2.dll -->18/07/2008 22:10:40
C:\WINDOWS\System32\wucltui.dll.mui -->18/07/2008 22:10:36
C:\WINDOWS\System32\wups.dll -->18/07/2008 22:10:20
C:\WINDOWS\System32\wuaucpl.cpl.mui -->18/07/2008 22:09:56
C:\WINDOWS\System32\wucltui.dll -->18/07/2008 22:09:46
C:\WINDOWS\System32\wuaucpl.cpl -->18/07/2008 22:09:46
C:\WINDOWS\System32\wuweb.dll -->18/07/2008 22:09:44
C:\WINDOWS\System32\wuapi.dll -->18/07/2008 22:09:44
C:\WINDOWS\System32\wuaueng.dll -->18/07/2008 22:09:42
C:\WINDOWS\System32\wuapi.dll.mui -->18/07/2008 22:09:14
C:\WINDOWS\System32\wuaueng.dll.mui -->18/07/2008 22:09:06
C:\WINDOWS\System32\mucltui.dll -->18/07/2008 22:07:34
C:\WINDOWS\System32\muweb.dll -->18/07/2008 22:07:32
C:\WINDOWS\System32\mucltui.dll.mui -->18/07/2008 22:07:28
C:\WINDOWS\System32\jupdate-1.6.0_07-b06.log -->14/07/2008 15:31:43
C:\WINDOWS\System32\tzchange.exe -->11/07/2008 14:42:28
C:\WINDOWS\System32\es.dll -->07/07/2008 22:28:20
C:\WINDOWS\System32\mscms.dll -->24/06/2008 18:44:02
C:\WINDOWS\System32\mshtml.dll -->24/06/2008 10:28:24
C:\WINDOWS\System32\wininet.dll -->23/06/2008 18:28:23
C:\WINDOWS\WindowsUpdate.log -->04/09/2008 18:02:55
C:\WINDOWS\wiadebug.log -->04/09/2008 18:02:52
C:\WINDOWS\wiaservc.log -->04/09/2008 18:02:48
C:\WINDOWS\bootstat.dat -->04/09/2008 18:02:42
C:\WINDOWS\SchedLgU.Txt -->04/09/2008 17:55:40
C:\WINDOWS\INI2=No -->04/09/2008 17:47:54
C:\WINDOWS\INI1=No -->04/09/2008 17:47:54
C:\WINDOWS\NeroDigital.ini -->04/09/2008 13:12:12
C:\WINDOWS\avisplitter.INI -->23/07/2008 21:57:20
C:\WINDOWS\win.ini -->22/06/2008 15:01:32
C:\WINDOWS\Thumbs.db -->19/06/2008 22:20:51
C:\WINDOWS\dsez2262.dat -->19/06/2008 13:04:31
C:\WINDOWS\system.ini -->17/06/2008 14:30:07
C:\WINDOWS\BMb7f76687.txt -->17/06/2008 09:15:12
C:\WINDOWS\Sti_Trace.log -->15/05/2008 15:04:06
winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
explorer.exe pid: 1644
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
*** Loaded C:\WINDOWS\system32\kernel32.dll differs from file image:
*** File timestamp: Mon Apr 14 04:33:02 2008
*** Loaded image timestamp: Mon Apr 14 04:33:03 2008
*** Loaded C:\WINDOWS\system32\USER32.dll differs from file image:
*** File timestamp: Mon Apr 14 04:32:50 2008
*** Loaded image timestamp: Mon Apr 14 04:57:14 2008
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
*** Loaded C:\WINDOWS\system32\SHDOCVW.dll differs from file image:
*** File timestamp: Mon Apr 14 04:32:36 2008
*** Loaded image timestamp: Mon Apr 14 04:34:50 2008
0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x76610000 0x84000 5.131.2600.5512 C:\WINDOWS\system32\CRYPTUI.dll
0x44080000 0xd0000 7.00.6000.16705 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16705 C:\WINDOWS\system32\iertutil.dll
0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll
*** Loaded C:\WINDOWS\system32\SHELL32.dll differs from file image:
*** File timestamp: Mon Apr 14 04:32:37 2008
*** Loaded image timestamp: Mon Apr 14 04:57:47 2008
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x305e0000 0x16000 7.00.0001.0321 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
0x30480000 0xe000 7.00.0005.0321 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\fssync.dll
0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
0x307e0000 0x27000 7.00.0001.0321 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll
0x13420000 0x1a000 11.00.5721.5145 C:\PROGRA~1\WINDOW~2\wmpband.dll
*** Loaded C:\WINDOWS\system32\ieframe.dll differs from file image:
*** File timestamp: Mon Jun 23 18:28:22 2008
*** Loaded image timestamp: Mon Jun 23 18:31:43 2008
*** 0x44360000 0x5cd000 7.00.6000.16705 C:\WINDOWS\system32\ieframe.dll
0x44160000 0x127000 7.00.6000.16705 C:\WINDOWS\system32\urlmon.dll
0x76ac0000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL
0x019d0000 0x2bc000 3.01.4001.5512 C:\WINDOWS\system32\msi.dll
0x442b0000 0x3c000 7.00.6000.16705 C:\WINDOWS\system32\webcheck.dll
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x03670000 0x489000 1.01.0000.0207 C:\Program Files\Fichiers communs\Nero\Shared\NL3\AdvrCntr3.dll
0x10000000 0x8000 1.00.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
0x01dd0000 0x3e000 3.01.0000.0000 C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll
0x782e0000 0x10f000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL
0x7c420000 0x87000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll
0x5d360000 0xf000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80FRA.DLL
0x02be0000 0x2e000 C:\Program Files\WinRAR\rarext.dll
0x30810000 0xc000 7.00.0001.0321 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll
0x03360000 0x202000 3.01.0001.0000 C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
0x781d0000 0x10f000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL
0x4eb80000 0x1a6000 5.01.3102.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll
0x74da0000 0x6d000 5.30.0023.1230 C:\WINDOWS\system32\RICHED20.dll
0x03e50000 0x24000 8.04.0002.1019 C:\Program Files\Logitech\Video\Namespc2.dll
0x7c140000 0x103000 7.10.3077.0000 C:\WINDOWS\system32\MFC71.DLL
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\WINDOWS\system32\MSVCP71.dll
0x03e80000 0x8000 8.04.0002.1019 C:\Program Files\Logitech\Video\AlbuDBps.dll
0x5a500000 0x50000 8.05.1302.1018 C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll
0x16210000 0x27e000 5.02.5721.5145 C:\WINDOWS\system32\wpdshext.dll
0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll
0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x07160000 0x46000 5.02.5721.5145 C:\WINDOWS\system32\Audiodev.dll
0x15110000 0x25a000 11.00.5721.5145 C:\WINDOWS\system32\WMVCore.DLL
0x11c70000 0x3a000 11.00.5721.5238 C:\WINDOWS\system32\WMASF.DLL
0x04080000 0x1b8000 3.01.0000.0008 C:\Program Files\Fichiers communs\Nero\Lib\NeroDigitalExt.dll
0x04010000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
0x04250000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
0x75ed0000 0x13000 5.131.2600.5512 C:\WINDOWS\system32\cryptnet.dll
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
winlogon.exe pid: 1024
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x82000 \??\C:\WINDOWS\system32\winlogon.exe
*** Loaded C:\WINDOWS\system32\kernel32.dll differs from file image:
*** File timestamp: Mon Apr 14 04:33:02 2008
*** Loaded image timestamp: Mon Apr 14 04:33:03 2008
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll
0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x305e0000 0x16000 7.00.0001.0321 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
0x304d0000 0x36000 7.00.0001.0321 C:\WINDOWS\system32\klogon.dll
0x76ac0000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est B4C4-55B4
Répertoire de C:\WINDOWS\system32
14/04/2008 04:33 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 31 866 908 672 octets libres
Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est B4C4-55B4
Répertoire de C:\WINDOWS\Downloaded Program Files
24/06/2008 18:53 <REP> .
24/06/2008 18:53 <REP> ..
12/05/2008 20:28 65 desktop.ini
11/04/2007 14:55 1 292 erma.inf
24/03/2008 19:33 1 527 056 FP_AX_CAB_INSTALLER.exe
20/06/2006 15:44 117 560 PURen-us.dll
09/01/2007 08:30 110 592 PURfr-fr.dll
5 fichier(s) 1 756 565 octets
Total des fichiers listés :
5 fichier(s) 1 756 565 octets
2 Rép(s) 31 866 908 672 octets libres
Recherche de rootkit! (Merci S!Ri)
Recherche d'infections connues
Export des clefs sensibles..
Liste des fichiers en exception sur le pare-feu XP SP2
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\French\\setup.exe"="C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\French\\setup.exe:*:Enabled:Programme d'installation de Kaspersky Anti-Virus 7.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"="C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe:*:Enabled:MessengerDiscovery Live the Windows Live Messenger addon"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Export de la clef SharedTaskScheduler
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
exports des policies
REGEDIT4
[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableRegistryTools"=dword:00000000
"HideLegacyLogonScripts"=dword:00000000
"HideLogoffScripts"=dword:00000000
"RunLogonScriptSync"=dword:00000001
"RunStartupScriptSync"=dword:00000000
"HideStartupScripts"=dword:00000000
Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-04 18:47:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:95,b3,3a,db,59,1f,b0,4b,2c,ae,c1,c3,f8,f5,e5,b1,9d,83,fb,40,6a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,9d,00,b1,53,7a,1e,d5,e6,a5,4d,c4,8a,8b,2e,ff,cf,e3,..
"khjeh"=hex:dc,dd,6a,27,54,2d,c6,b5,57,2a,a4,b9,1f,6c,c7,8b,1f,b2,a1,2f,71,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:89,8d,8b,67,07,36,91,09,32,65,f4,9c,16,3f,83,16,1c,1f,17,e5,18,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{BF657286-2E5B-437F-8F3B-BBE80B4AB46D}]
"SymbolicLink"="\\?\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{BF657286-2E5B-437F-8F3B-BBE80B4AB46D}\0\0\r\0àÀ\0\0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:95,b3,3a,db,59,1f,b0,4b,2c,ae,c1,c3,f8,f5,e5,b1,9d,83,fb,40,6a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,9d,00,b1,53,7a,1e,d5,e6,a5,4d,c4,8a,8b,2e,ff,cf,e3,..
"khjeh"=hex:dc,dd,6a,27,54,2d,c6,b5,57,2a,a4,b9,1f,6c,c7,8b,1f,b2,a1,2f,71,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:89,8d,8b,67,07,36,91,09,32,65,f4,9c,16,3f,83,16,1c,1f,17,e5,18,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{BF657286-2E5B-437F-8F3B-BBE80B4AB46D}]
"SymbolicLink"="\\?\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{BF657286-2E5B-437F-8F3B-BBE80B4AB46D}\0\0\r\0àÀ\0\0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:90b6491d
"s2"=dword:2027b264
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:95,b3,3a,db,59,1f,b0,4b,2c,ae,c1,c3,f8,f5,e5,b1,9d,83,fb,40,6a,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,9d,00,b1,53,7a,1e,d5,e6,a5,4d,c4,8a,8b,2e,ff,cf,e3,..
"khjeh"=hex:dc,dd,6a,27,54,2d,c6,b5,57,2a,a4,b9,1f,6c,c7,8b,1f,b2,a1,2f,71,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:89,8d,8b,67,07,36,91,09,32,65,f4,9c,16,3f,83,16,1c,1f,17,e5,18,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden services: 0
hidden files: 0
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Process list by traversal of KiWaitListHead
4 - System
188 - avp.exe
268 - ctfmon.exe
280 - slserv.exe
712 - NMIndexStoreSvr
1000 - csrss.exe
1024 - winlogon.exe
1068 - services.exe
1080 - lsass.exe
1128 - NMIndexingServi
1244 - svchost.exe
1264 - iexplore.exe
1296 - svchost.exe
1336 - svchost.exe
1468 - NMBgMonitor.exe
1592 - svchost.exe
1644 - explorer.exe
1836 - LVCOMSX.EXE
1892 - spoolsv.exe
2000 - avp.exe
2168 - alg.exe
2792 - usnsvc.exe
3496 - msnmsgr.exe
3704 - MessengerDiscov
4028 - cmd.exe
Total number of processes = 25
NOTE: Under WinXP, this will not show all processes.
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Driver/Module list by traversal of PsLoadedModuleList
804D7000 - \WINDOWS\system32\ntoskrnl.exe
806EE000 - \WINDOWS\system32\hal.dll
F8C35000 - \WINDOWS\system32\KDCOM.DLL
F8B45000 - \WINDOWS\system32\BOOTVID.dll
F863D000 - sptd.sys
F8C37000 - \WINDOWS\System32\Drivers\WMILIB.SYS
F8625000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS
F85F6000 - ACPI.sys
F85E5000 - pci.sys
F8735000 - ohci1394.sys
F8745000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS
F8755000 - isapnp.sys
F8CFD000 - pciide.sys
F89B5000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
F8765000 - MountMgr.sys
F85C6000 - ftdisk.sys
F89BD000 - PartMgr.sys
F8775000 - VolSnap.sys
F85AE000 - atapi.sys
F8785000 - disk.sys
F8795000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
F858E000 - fltmgr.sys
F857C000 - sr.sys
F8565000 - KSecDD.sys
F8552000 - WudfPf.sys
F84C5000 - Ntfs.sys
F8498000 - NDIS.sys
F87A5000 - sisagp.sys
F8B49000 - RecAgent.sys
F847E000 - Mup.sys
F8461000 - kl1.sys
F89C5000 - \WINDOWS\system32\drivers\TDI.SYS
F8925000 - \SystemRoot\system32\DRIVERS\intelppm.sys
F832A000 - \SystemRoot\system32\DRIVERS\ati2mtag.sys
F8316000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
F8935000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
F8A7D000 - \SystemRoot\system32\DRIVERS\mouclass.sys
F8A85000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
F8A8D000 - \SystemRoot\system32\DRIVERS\fdc.sys
F8305000 - \SystemRoot\system32\DRIVERS\serial.sys
F8C31000 - \SystemRoot\system32\DRIVERS\serenum.sys
F82F1000 - \SystemRoot\system32\DRIVERS\parport.sys
F8945000 - \SystemRoot\system32\DRIVERS\nic1394.sys
F8955000 - \SystemRoot\system32\DRIVERS\imapi.sys
F8965000 - \SystemRoot\system32\DRIVERS\cdrom.sys
F8975000 - \SystemRoot\system32\DRIVERS\redbook.sys
F82CE000 - \SystemRoot\system32\DRIVERS\ks.sys
F826B000 - \SystemRoot\system32\DRIVERS\slntamr.sys
F8435000 - \SystemRoot\system32\DRIVERS\SlWdmSup.sys
F7BA9000 - \SystemRoot\system32\DRIVERS\Mtlmnt5.sys
F8A95000 - \SystemRoot\System32\Drivers\Modem.SYS
F7B71000 - \SystemRoot\system32\drivers\stac97nh.sys
F7B29000 - \SystemRoot\system32\drivers\stac97na.sys
F7B05000 - \SystemRoot\system32\drivers\portcls.sys
F8995000 - \SystemRoot\system32\drivers\drmk.sys
F8A9D000 - \SystemRoot\system32\DRIVERS\usbohci.sys
F7AE1000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
F8AA5000 - \SystemRoot\system32\DRIVERS\usbehci.sys
F7A97000 - \SystemRoot\System32\Drivers\a0wpatdq.SYS
F8AF5000 - \SystemRoot\system32\DRIVERS\klim5.sys
F8D35000 - \SystemRoot\system32\DRIVERS\audstub.sys
F8815000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
F8409000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
F7A58000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
F8825000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
F8835000 - \SystemRoot\system32\DRIVERS\raspptp.sys
F7A47000 - \SystemRoot\system32\DRIVERS\psched.sys
F8845000 - \SystemRoot\system32\DRIVERS\msgpc.sys
F8AFD000 - \SystemRoot\system32\DRIVERS\ptilink.sys
F8B05000 - \SystemRoot\system32\DRIVERS\raspti.sys
F8855000 - \SystemRoot\system32\DRIVERS\termdd.sys
F8C6D000 - \SystemRoot\system32\DRIVERS\swenum.sys
F7949000 - \SystemRoot\system32\DRIVERS\update.sys
F8405000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
F8865000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F8B15000 - \SystemRoot\system32\DRIVERS\flpydisk.sys
F88A5000 - \SystemRoot\system32\DRIVERS\usbhub.sys
F8C73000 - \SystemRoot\system32\DRIVERS\USBD.SYS
F8C0D000 - \SystemRoot\system32\drivers\MODEMCSA.sys
F8C75000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F8D6D000 - \SystemRoot\System32\Drivers\Null.SYS
F8C77000 - \SystemRoot\System32\Drivers\Beep.SYS
F8B25000 - \SystemRoot\System32\drivers\vga.sys
F8C79000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F8C7B000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F8B2D000 - \SystemRoot\System32\Drivers\Msfs.SYS
F8B35000 - \SystemRoot\System32\Drivers\Npfs.SYS
F8C19000 - \SystemRoot\system32\DRIVERS\rasacd.sys
B2FA5000 - \SystemRoot\system32\DRIVERS\ipsec.sys
B2F24000 - \SystemRoot\system32\DRIVERS\tcpip.sys
B2EFC000 - \SystemRoot\system32\DRIVERS\netbt.sys
B2EDA000 - \SystemRoot\System32\drivers\afd.sys
F88C5000 - \SystemRoot\system32\DRIVERS\netbios.sys
B2EAF000 - \SystemRoot\system32\DRIVERS\rdbss.sys
B2E3F000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
B2E0B000 - \??\C:\WINDOWS\system32\drivers\klif.sys
F88D5000 - \SystemRoot\System32\Drivers\Fips.SYS
B2DE5000 - \SystemRoot\system32\DRIVERS\ipnat.sys
F88F5000 - \SystemRoot\system32\DRIVERS\wanarp.sys
F8905000 - \SystemRoot\system32\DRIVERS\arp1394.sys
F87D5000 - \SystemRoot\System32\Drivers\Cdfs.SYS
B2CE8000 - \SystemRoot\system32\DRIVERS\sis163u.sys
F87E5000 - \SystemRoot\system32\DRIVERS\LVUSBSta.sys
B2CB4000 - \SystemRoot\system32\DRIVERS\LV561AV.SYS
F87F5000 - \SystemRoot\system32\DRIVERS\STREAM.SYS
F89DD000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS
B2C9C000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F8C83000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
B2FFC000 - \SystemRoot\System32\drivers\Dxapi.sys
F89E5000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
F8DA1000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9D5000 - \SystemRoot\System32\ati2dvag.dll
BFA0B000 - \SystemRoot\System32\ati2cqag.dll
BFA43000 - \SystemRoot\System32\ati3duag.dll
BFC11000 - \SystemRoot\System32\ativvaxx.dll
B2B7C000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
B2927000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
F8CB9000 - \SystemRoot\System32\Drivers\ParVdm.SYS
B2885000 - \SystemRoot\system32\DRIVERS\srv.sys
B2668000 - \SystemRoot\system32\drivers\wdmaud.sys
B27FD000 - \SystemRoot\system32\drivers\sysaudio.sys
B21E9000 - \SystemRoot\System32\Drivers\HTTP.sys
B1F42000 - \SystemRoot\System32\Drivers\Fastfat.SYS
B1F17000 - \SystemRoot\system32\drivers\kmixer.sys
F8D96000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys
Total number of drivers = 127
Liste des programmes installes
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
802.11 USB Wireless LAN Adapter
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Reader 8.1.2 - Français
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Archiveur WinRAR
Assistant de connexion Windows Live
CCleaner (remove only)
Correctif pour Lecteur Windows Media 11 (KB939683)
Correctif pour Windows Internet Explorer 7 (KB947864)
Correctif pour Windows XP (KB952287)
eMule
EPSON Logiciel imprimante
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Java(TM) 6 Update 6
Java(TM) 6 Update 7
K-Lite Mega Codec Pack 3.9.5
Kaspersky Anti-Virus 7.0
Kaspersky Anti-Virus 7.0
Lecteur Windows Media 11
Logiciel WebCam de Labtec
Malwarebytes' Anti-Malware
Messenger Plus! Live
MessengerDiscovery Live 1.5.0725
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (French) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office Groove MUI (French) 2007
Microsoft Office InfoPath MUI (French) 2007
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)
Microsoft Office OneNote MUI (French) 2007
Microsoft Office Outlook MUI (French) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Publisher MUI (French) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (French) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB936782)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)
Mise à jour de sécurité pour Windows XP (KB946648)
Mise à jour de sécurité pour Windows XP (KB950974)
Mise à jour de sécurité pour Windows XP (KB951066)
Mise à jour de sécurité pour Windows XP (KB951376-v2)
Mise à jour de sécurité pour Windows XP (KB951748)
Mise à jour de sécurité pour Windows XP (KB952954)
Mise à jour de sécurité pour Windows XP (KB953839)
Mise à jour pour Windows XP (KB951072-v2)
Mise à jour pour Windows XP (KB951978)
MSXML 4.0 SP2 (KB936181)
Nero 8
neroxml
PC Booster
PhotoFiltre Studio
Programme de gestion Camera de Labtec®
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Samsung PC Studio
Samsung PC Studio 3 USB Driver Installer
Security Update for 2007 Microsoft Office System (KB951596)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB951546)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update pour Microsoft .NET Framework 2.0 (KB928365)
SigmaTel C-Major Audio
Spybot - Search & Destroy
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb955433)
VCRedistSetup
Vodafone 804SS USB driver Software
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est B4C4-55B4
Répertoire de C:\Program Files
09/08/2008 22:53 <REP> .
09/08/2008 22:53 <REP> ..
22/07/2008 13:15 <REP> Adobe
13/05/2008 20:11 <REP> CCleaner
04/09/2008 17:42 <REP> Chameleon Clock
12/05/2008 20:27 <REP> ComPlus Applications
13/05/2008 20:40 <REP> DAEMON Tools
04/09/2008 13:14 <REP> eMule
16/05/2008 19:23 <REP> EPSON
13/06/2008 14:58 <REP> Fichiers communs
04/09/2008 18:02 <REP> Google
15/05/2008 22:25 <REP> inKline Global
15/08/2008 09:04 <REP> Internet Explorer
30/05/2008 12:47 <REP> INVENTEL
14/07/2008 15:31 <REP> Java
12/05/2008 20:59 <REP> Kaspersky Lab
19/06/2008 22:52 <REP> K-Lite Codec Pack
15/05/2008 14:56 <REP> Logitech
17/06/2008 00:09 <REP> Malwarebytes' Anti-Malware
04/09/2008 17:46 <REP> ManyCam 2.2
15/08/2008 09:09 <REP> Messenger
02/09/2008 09:25 <REP> Messenger Plus! Live
01/08/2008 13:52 <REP> MessengerDiscovery
15/05/2008 20:42 <REP> Microsoft CAPICOM 2.1.0.2
12/05/2008 20:30 <REP> microsoft frontpage
16/05/2008 19:36 <REP> Microsoft Office
19/08/2008 09:02 <REP> Microsoft Silverlight
16/05/2008 19:36 <REP> Microsoft Visual Studio
16/05/2008 19:36 <REP> Microsoft Works
12/05/2008 23:25 <REP> Movie Maker
12/05/2008 20:26 <REP> MSN
12/05/2008 20:26 <REP> MSN Gaming Zone
23/08/2008 21:41 <REP> MSN Webcam Recorder
25/06/2008 23:54 <REP> MSXML 4.0
04/09/2008 17:47 <REP> My Photo Calendars & Cards
13/05/2008 17:53 <REP> Nero
12/05/2008 23:22 <REP> NetMeeting
12/05/2008 20:26 <REP> Online Services
12/05/2008 23:22 <REP> Outlook Express
22/06/2008 19:25 <REP> PhotoFiltre Studio
15/05/2008 21:57 <REP> RegCleaner
16/05/2008 21:12 <REP> Samsung
12/05/2008 20:28 <REP> Services en ligne
15/05/2008 18:54 <REP> Spybot - Search & Destroy
13/05/2008 19:18 <REP> uTorrent
13/05/2008 07:16 <REP> Windows Live
17/05/2008 14:16 <REP> Windows Media Components
13/05/2008 07:11 <REP> Windows Media Connect 2
15/05/2008 12:53 <REP> Windows Media Player
12/05/2008 23:22 <REP> Windows NT
14/05/2008 20:57 <REP> WinRAR
12/05/2008 20:30 <REP> xerox
0 fichier(s) 0 octets
52 Rép(s) 31 816 470 528 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est B4C4-55B4
Répertoire de C:\Program Files\fichiers communs
13/06/2008 14:58 <REP> .
13/06/2008 14:58 <REP> ..
13/06/2008 14:59 <REP> Adobe
16/05/2008 19:36 <REP> DESIGNER
12/05/2008 20:46 278 528 FDEUnInstaller.exe
15/05/2008 14:56 <REP> InstallShield
02/06/2008 00:05 <REP> Java
15/05/2008 14:57 <REP> Logitech
16/06/2008 13:03 <REP> Microsoft Shared
12/05/2008 20:28 <REP> MSSoap
13/05/2008 17:56 <REP> Nero
12/05/2008 21:54 <REP> ODBC
12/05/2008 20:28 <REP> Services
12/05/2008 21:54 <REP> SpeechEngines
12/05/2008 23:22 <REP> System
1 fichier(s) 278 528 octets
14 Rép(s) 31 816 470 528 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est B4C4-55B4
Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders
16/06/2008 13:27 <REP> .
16/06/2008 13:27 <REP> ..
16/05/2008 19:30 <REP> 1036
28/08/2007 23:55 973 168 MSONSEXT.DLL
26/10/2006 20:12 40 256 MSOSV.DLL
03/06/1999 12:09 122 937 MSOWS409.DLL
07/03/2001 07:00 127 033 MSOWS40c.DLL
4 fichier(s) 1 263 394 octets
3 Rép(s) 31 816 470 528 octets libres
c:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.321\French\setup.exe
c:\Documents and Settings\Moi\Bureau\HiJackThis.exe
c:\Documents and Settings\Moi\Bureau\DiagHelp\catchme.exe
c:\Documents and Settings\Moi\Bureau\DiagHelp\diff.exe
c:\Documents and Settings\Moi\Bureau\DiagHelp\dumphive.exe
c:\Documents and Settings\Moi\Bureau\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Moi\Bureau\DiagHelp\find2.exe
c:\Documents and Settings\Moi\Bureau\DiagHelp\Fport.exe
c:\Documents and Settings\Moi\Bureau\DiagHelp\grep.exe
c:\Documents and Settings\Moi\Bureau\DiagHelp\gzip.exe
c:\Documents and Settings\Moi\Bureau\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Moi\Bureau\DiagHelp\LFiles.exe
c:\Documents and Settings\Moi\Bureau\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Moi\Bureau\DiagHelp\md5sums.exe
c:\Documents and Settings\Moi\Bureau\DiagHelp\pslist.exe
c:\Documents and Settings\Moi\Bureau\DiagHelp\sigcheck.exe
c:\Documents and Settings\Moi\Bureau\DiagHelp\streams.exe
c:\Documents and Settings\Moi\Bureau\DiagHelp\swreg.exe
c:\Documents and Settings\Moi\Bureau\DiagHelp\tar.exe
c:\Documents and Settings\Moi\Local Settings\Temp\Rar$EX00.968\MsgCacheExplorer.exe
c:\Documents and Settings\Moi\Local Settings\Temp\Rar$EX01.782\MsgCacheExplorer.exe
c:\Documents and Settings\Moi\Local Settings\Temporary Internet Files\Content.IE5\F8B60UWH\HiJackThis[1].exe
c:\Documents and Settings\Moi\Mes documents\MSNCleaner.exe
c:\Documents and Settings\Moi\Mes documents\msnreaper-1.3.exe
c:\Documents and Settings\Moi\Mes documents\Tigre et Dragon.exe
c:\Documents and Settings\Moi\Mes documents\Dial-a-fix-v0.60.0.24\Dial-a-fix.exe
c:\Documents and Settings\Moi\Mes documents\Dial-a-fix-v0.60.0.24\secedit.exe
c:\Documents and Settings\Moi\Mes documents\Downloads\Love Live Messenger 8.5.exe
c:\Documents and Settings\Moi\Mes documents\Downloads\KASPERSKY ANTI-VIRUS 7.0.1.325(With 100 NEW SERIAL KEYS)\KASPERSKY ANTI-VIRUS 7.0.1.325(With 100 NEW SERIAL KEYS)\Setup\kav7.0.1.325en.exe
c:\Documents and Settings\Moi\Mes documents\Downloads\Kaspersky.Antivirus.&.Internet.Security_8.0.0.357_FR_keys.incluses\Kaspersky Antivirus\kav8.0.0.357fr.exe
c:\Documents and Settings\Moi\Mes documents\Downloads\Kaspersky.Antivirus.&.Internet.Security_8.0.0.357_FR_keys.incluses\Kaspersky Internet Security\kis8.0.0.357fr.exe
c:\Documents and Settings\Moi\Mes documents\Downloads\The Sims 2 FreeTime-vitality [btarena.org]\Sims 2 Free Time NoCD crack\Sims2EP7.exe
c:\Documents and Settings\Moi\Mes documents\rescueiventel\DWBFlash.exe
c:\Documents and Settings\Moi\Mes documents\rescueiventel\RGWRepair.exe
c:\Documents and Settings\Moi\Mes documents\ZR_1.0.0.37\Zeb-Restore.exe
c:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\ckahum.dll
c:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\diffs.dll
c:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\dnsq.dll
c:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\updater.dll
c:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\ushata.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Nero\DrWeb\Drweb32.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
c:\Documents and Settings\Moi\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_CINDY.tar.gz a l'adresse http://upload.malekal.com
voila ske g :
DiagHelp version v1.4 - http://www.malekal.com
excute le 04/09/2008 à 18:45:49,67
Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CHCP.COM-17EDBDC9.pf -->04/09/2008 18:45:29
C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf -->04/09/2008 18:45:27
C:\WINDOWS\prefetch\WINRAR.EXE-0AA31BB9.pf -->04/09/2008 18:44:31
C:\WINDOWS\prefetch\ALBUMDB2.EXE-1F918EF2.pf -->04/09/2008 18:40:59
C:\WINDOWS\prefetch\WLLOGINPROXY.EXE-090074F0.pf -->04/09/2008 18:40:53
C:\WINDOWS\prefetch\IEXPLORE.EXE-2D97EBE6.pf -->04/09/2008 18:40:44
C:\WINDOWS\prefetch\WMIPRVSE.EXE-0D449B4F.pf -->04/09/2008 18:40:11
C:\WINDOWS\prefetch\HIJACKTHIS.EXE-00930694.pf -->04/09/2008 18:40:07
C:\WINDOWS\prefetch\NOTEPAD.EXE-2F2D61E1.pf -->04/09/2008 18:39:53
C:\WINDOWS\prefetch\MBAM.EXE-0D37CDF0.pf -->04/09/2008 18:37:41
C:\WINDOWS\System32\drivers\fidbox2.dat -->04/09/2008 18:44:20
C:\WINDOWS\System32\drivers\fidbox.dat -->04/09/2008 18:43:03
C:\WINDOWS\System32\drivers\fidbox2.idx -->04/09/2008 17:55:43
C:\WINDOWS\System32\drivers\fidbox.idx -->04/09/2008 17:55:42
C:\WINDOWS\System32\drivers\klin.dat -->06/08/2008 20:34:34
C:\WINDOWS\System32\drivers\klick.dat -->23/07/2008 18:36:27
C:\WINDOWS\System32\drivers\tcpip.sys -->20/06/2008 13:51:12
C:\WINDOWS\System32\wpa.dbl -->04/09/2008 18:02:44
C:\WINDOWS\System32\TZLog.log -->15/08/2008 09:05:52
C:\WINDOWS\System32\MRT.exe -->05/08/2008 20:11:01
C:\WINDOWS\System32\cdm.dll -->18/07/2008 22:10:48
C:\WINDOWS\System32\wuauclt.exe -->18/07/2008 22:10:42
C:\WINDOWS\System32\wups2.dll -->18/07/2008 22:10:40
C:\WINDOWS\System32\wucltui.dll.mui -->18/07/2008 22:10:36
C:\WINDOWS\System32\wups.dll -->18/07/2008 22:10:20
C:\WINDOWS\System32\wuaucpl.cpl.mui -->18/07/2008 22:09:56
C:\WINDOWS\System32\wucltui.dll -->18/07/2008 22:09:46
C:\WINDOWS\System32\wuaucpl.cpl -->18/07/2008 22:09:46
C:\WINDOWS\System32\wuweb.dll -->18/07/2008 22:09:44
C:\WINDOWS\System32\wuapi.dll -->18/07/2008 22:09:44
C:\WINDOWS\System32\wuaueng.dll -->18/07/2008 22:09:42
C:\WINDOWS\System32\wuapi.dll.mui -->18/07/2008 22:09:14
C:\WINDOWS\System32\wuaueng.dll.mui -->18/07/2008 22:09:06
C:\WINDOWS\System32\mucltui.dll -->18/07/2008 22:07:34
C:\WINDOWS\System32\muweb.dll -->18/07/2008 22:07:32
C:\WINDOWS\System32\mucltui.dll.mui -->18/07/2008 22:07:28
C:\WINDOWS\System32\jupdate-1.6.0_07-b06.log -->14/07/2008 15:31:43
C:\WINDOWS\System32\tzchange.exe -->11/07/2008 14:42:28
C:\WINDOWS\System32\es.dll -->07/07/2008 22:28:20
C:\WINDOWS\System32\mscms.dll -->24/06/2008 18:44:02
C:\WINDOWS\System32\mshtml.dll -->24/06/2008 10:28:24
C:\WINDOWS\System32\wininet.dll -->23/06/2008 18:28:23
C:\WINDOWS\WindowsUpdate.log -->04/09/2008 18:02:55
C:\WINDOWS\wiadebug.log -->04/09/2008 18:02:52
C:\WINDOWS\wiaservc.log -->04/09/2008 18:02:48
C:\WINDOWS\bootstat.dat -->04/09/2008 18:02:42
C:\WINDOWS\SchedLgU.Txt -->04/09/2008 17:55:40
C:\WINDOWS\INI2=No -->04/09/2008 17:47:54
C:\WINDOWS\INI1=No -->04/09/2008 17:47:54
C:\WINDOWS\NeroDigital.ini -->04/09/2008 13:12:12
C:\WINDOWS\avisplitter.INI -->23/07/2008 21:57:20
C:\WINDOWS\win.ini -->22/06/2008 15:01:32
C:\WINDOWS\Thumbs.db -->19/06/2008 22:20:51
C:\WINDOWS\dsez2262.dat -->19/06/2008 13:04:31
C:\WINDOWS\system.ini -->17/06/2008 14:30:07
C:\WINDOWS\BMb7f76687.txt -->17/06/2008 09:15:12
C:\WINDOWS\Sti_Trace.log -->15/05/2008 15:04:06
winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
explorer.exe pid: 1644
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
*** Loaded C:\WINDOWS\system32\kernel32.dll differs from file image:
*** File timestamp: Mon Apr 14 04:33:02 2008
*** Loaded image timestamp: Mon Apr 14 04:33:03 2008
*** Loaded C:\WINDOWS\system32\USER32.dll differs from file image:
*** File timestamp: Mon Apr 14 04:32:50 2008
*** Loaded image timestamp: Mon Apr 14 04:57:14 2008
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
*** Loaded C:\WINDOWS\system32\SHDOCVW.dll differs from file image:
*** File timestamp: Mon Apr 14 04:32:36 2008
*** Loaded image timestamp: Mon Apr 14 04:34:50 2008
0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x76610000 0x84000 5.131.2600.5512 C:\WINDOWS\system32\CRYPTUI.dll
0x44080000 0xd0000 7.00.6000.16705 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16705 C:\WINDOWS\system32\iertutil.dll
0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll
*** Loaded C:\WINDOWS\system32\SHELL32.dll differs from file image:
*** File timestamp: Mon Apr 14 04:32:37 2008
*** Loaded image timestamp: Mon Apr 14 04:57:47 2008
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x305e0000 0x16000 7.00.0001.0321 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
0x30480000 0xe000 7.00.0005.0321 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\fssync.dll
0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
0x307e0000 0x27000 7.00.0001.0321 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll
0x13420000 0x1a000 11.00.5721.5145 C:\PROGRA~1\WINDOW~2\wmpband.dll
*** Loaded C:\WINDOWS\system32\ieframe.dll differs from file image:
*** File timestamp: Mon Jun 23 18:28:22 2008
*** Loaded image timestamp: Mon Jun 23 18:31:43 2008
*** 0x44360000 0x5cd000 7.00.6000.16705 C:\WINDOWS\system32\ieframe.dll
0x44160000 0x127000 7.00.6000.16705 C:\WINDOWS\system32\urlmon.dll
0x76ac0000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL
0x019d0000 0x2bc000 3.01.4001.5512 C:\WINDOWS\system32\msi.dll
0x442b0000 0x3c000 7.00.6000.16705 C:\WINDOWS\system32\webcheck.dll
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x03670000 0x489000 1.01.0000.0207 C:\Program Files\Fichiers communs\Nero\Shared\NL3\AdvrCntr3.dll
0x10000000 0x8000 1.00.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
0x01dd0000 0x3e000 3.01.0000.0000 C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll
0x782e0000 0x10f000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL
0x7c420000 0x87000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll
0x5d360000 0xf000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80FRA.DLL
0x02be0000 0x2e000 C:\Program Files\WinRAR\rarext.dll
0x30810000 0xc000 7.00.0001.0321 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll
0x03360000 0x202000 3.01.0001.0000 C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
0x781d0000 0x10f000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL
0x4eb80000 0x1a6000 5.01.3102.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll
0x74da0000 0x6d000 5.30.0023.1230 C:\WINDOWS\system32\RICHED20.dll
0x03e50000 0x24000 8.04.0002.1019 C:\Program Files\Logitech\Video\Namespc2.dll
0x7c140000 0x103000 7.10.3077.0000 C:\WINDOWS\system32\MFC71.DLL
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\WINDOWS\system32\MSVCP71.dll
0x03e80000 0x8000 8.04.0002.1019 C:\Program Files\Logitech\Video\AlbuDBps.dll
0x5a500000 0x50000 8.05.1302.1018 C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll
0x16210000 0x27e000 5.02.5721.5145 C:\WINDOWS\system32\wpdshext.dll
0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll
0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x07160000 0x46000 5.02.5721.5145 C:\WINDOWS\system32\Audiodev.dll
0x15110000 0x25a000 11.00.5721.5145 C:\WINDOWS\system32\WMVCore.DLL
0x11c70000 0x3a000 11.00.5721.5238 C:\WINDOWS\system32\WMASF.DLL
0x04080000 0x1b8000 3.01.0000.0008 C:\Program Files\Fichiers communs\Nero\Lib\NeroDigitalExt.dll
0x04010000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
0x04250000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
0x75ed0000 0x13000 5.131.2600.5512 C:\WINDOWS\system32\cryptnet.dll
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
winlogon.exe pid: 1024
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x82000 \??\C:\WINDOWS\system32\winlogon.exe
*** Loaded C:\WINDOWS\system32\kernel32.dll differs from file image:
*** File timestamp: Mon Apr 14 04:33:02 2008
*** Loaded image timestamp: Mon Apr 14 04:33:03 2008
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll
0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x305e0000 0x16000 7.00.0001.0321 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
0x304d0000 0x36000 7.00.0001.0321 C:\WINDOWS\system32\klogon.dll
0x76ac0000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est B4C4-55B4
Répertoire de C:\WINDOWS\system32
14/04/2008 04:33 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 31 866 908 672 octets libres
Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est B4C4-55B4
Répertoire de C:\WINDOWS\Downloaded Program Files
24/06/2008 18:53 <REP> .
24/06/2008 18:53 <REP> ..
12/05/2008 20:28 65 desktop.ini
11/04/2007 14:55 1 292 erma.inf
24/03/2008 19:33 1 527 056 FP_AX_CAB_INSTALLER.exe
20/06/2006 15:44 117 560 PURen-us.dll
09/01/2007 08:30 110 592 PURfr-fr.dll
5 fichier(s) 1 756 565 octets
Total des fichiers listés :
5 fichier(s) 1 756 565 octets
2 Rép(s) 31 866 908 672 octets libres
Recherche de rootkit! (Merci S!Ri)
Recherche d'infections connues
Export des clefs sensibles..
Liste des fichiers en exception sur le pare-feu XP SP2
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\French\\setup.exe"="C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\French\\setup.exe:*:Enabled:Programme d'installation de Kaspersky Anti-Virus 7.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"="C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe:*:Enabled:MessengerDiscovery Live the Windows Live Messenger addon"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Export de la clef SharedTaskScheduler
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
exports des policies
REGEDIT4
[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableRegistryTools"=dword:00000000
"HideLegacyLogonScripts"=dword:00000000
"HideLogoffScripts"=dword:00000000
"RunLogonScriptSync"=dword:00000001
"RunStartupScriptSync"=dword:00000000
"HideStartupScripts"=dword:00000000
Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-04 18:47:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:95,b3,3a,db,59,1f,b0,4b,2c,ae,c1,c3,f8,f5,e5,b1,9d,83,fb,40,6a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,9d,00,b1,53,7a,1e,d5,e6,a5,4d,c4,8a,8b,2e,ff,cf,e3,..
"khjeh"=hex:dc,dd,6a,27,54,2d,c6,b5,57,2a,a4,b9,1f,6c,c7,8b,1f,b2,a1,2f,71,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:89,8d,8b,67,07,36,91,09,32,65,f4,9c,16,3f,83,16,1c,1f,17,e5,18,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{BF657286-2E5B-437F-8F3B-BBE80B4AB46D}]
"SymbolicLink"="\\?\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{BF657286-2E5B-437F-8F3B-BBE80B4AB46D}\0\0\r\0àÀ\0\0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:95,b3,3a,db,59,1f,b0,4b,2c,ae,c1,c3,f8,f5,e5,b1,9d,83,fb,40,6a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,9d,00,b1,53,7a,1e,d5,e6,a5,4d,c4,8a,8b,2e,ff,cf,e3,..
"khjeh"=hex:dc,dd,6a,27,54,2d,c6,b5,57,2a,a4,b9,1f,6c,c7,8b,1f,b2,a1,2f,71,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:89,8d,8b,67,07,36,91,09,32,65,f4,9c,16,3f,83,16,1c,1f,17,e5,18,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{BF657286-2E5B-437F-8F3B-BBE80B4AB46D}]
"SymbolicLink"="\\?\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{BF657286-2E5B-437F-8F3B-BBE80B4AB46D}\0\0\r\0àÀ\0\0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:90b6491d
"s2"=dword:2027b264
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:95,b3,3a,db,59,1f,b0,4b,2c,ae,c1,c3,f8,f5,e5,b1,9d,83,fb,40,6a,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,9d,00,b1,53,7a,1e,d5,e6,a5,4d,c4,8a,8b,2e,ff,cf,e3,..
"khjeh"=hex:dc,dd,6a,27,54,2d,c6,b5,57,2a,a4,b9,1f,6c,c7,8b,1f,b2,a1,2f,71,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:89,8d,8b,67,07,36,91,09,32,65,f4,9c,16,3f,83,16,1c,1f,17,e5,18,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden services: 0
hidden files: 0
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Process list by traversal of KiWaitListHead
4 - System
188 - avp.exe
268 - ctfmon.exe
280 - slserv.exe
712 - NMIndexStoreSvr
1000 - csrss.exe
1024 - winlogon.exe
1068 - services.exe
1080 - lsass.exe
1128 - NMIndexingServi
1244 - svchost.exe
1264 - iexplore.exe
1296 - svchost.exe
1336 - svchost.exe
1468 - NMBgMonitor.exe
1592 - svchost.exe
1644 - explorer.exe
1836 - LVCOMSX.EXE
1892 - spoolsv.exe
2000 - avp.exe
2168 - alg.exe
2792 - usnsvc.exe
3496 - msnmsgr.exe
3704 - MessengerDiscov
4028 - cmd.exe
Total number of processes = 25
NOTE: Under WinXP, this will not show all processes.
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Driver/Module list by traversal of PsLoadedModuleList
804D7000 - \WINDOWS\system32\ntoskrnl.exe
806EE000 - \WINDOWS\system32\hal.dll
F8C35000 - \WINDOWS\system32\KDCOM.DLL
F8B45000 - \WINDOWS\system32\BOOTVID.dll
F863D000 - sptd.sys
F8C37000 - \WINDOWS\System32\Drivers\WMILIB.SYS
F8625000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS
F85F6000 - ACPI.sys
F85E5000 - pci.sys
F8735000 - ohci1394.sys
F8745000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS
F8755000 - isapnp.sys
F8CFD000 - pciide.sys
F89B5000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
F8765000 - MountMgr.sys
F85C6000 - ftdisk.sys
F89BD000 - PartMgr.sys
F8775000 - VolSnap.sys
F85AE000 - atapi.sys
F8785000 - disk.sys
F8795000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
F858E000 - fltmgr.sys
F857C000 - sr.sys
F8565000 - KSecDD.sys
F8552000 - WudfPf.sys
F84C5000 - Ntfs.sys
F8498000 - NDIS.sys
F87A5000 - sisagp.sys
F8B49000 - RecAgent.sys
F847E000 - Mup.sys
F8461000 - kl1.sys
F89C5000 - \WINDOWS\system32\drivers\TDI.SYS
F8925000 - \SystemRoot\system32\DRIVERS\intelppm.sys
F832A000 - \SystemRoot\system32\DRIVERS\ati2mtag.sys
F8316000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
F8935000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
F8A7D000 - \SystemRoot\system32\DRIVERS\mouclass.sys
F8A85000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
F8A8D000 - \SystemRoot\system32\DRIVERS\fdc.sys
F8305000 - \SystemRoot\system32\DRIVERS\serial.sys
F8C31000 - \SystemRoot\system32\DRIVERS\serenum.sys
F82F1000 - \SystemRoot\system32\DRIVERS\parport.sys
F8945000 - \SystemRoot\system32\DRIVERS\nic1394.sys
F8955000 - \SystemRoot\system32\DRIVERS\imapi.sys
F8965000 - \SystemRoot\system32\DRIVERS\cdrom.sys
F8975000 - \SystemRoot\system32\DRIVERS\redbook.sys
F82CE000 - \SystemRoot\system32\DRIVERS\ks.sys
F826B000 - \SystemRoot\system32\DRIVERS\slntamr.sys
F8435000 - \SystemRoot\system32\DRIVERS\SlWdmSup.sys
F7BA9000 - \SystemRoot\system32\DRIVERS\Mtlmnt5.sys
F8A95000 - \SystemRoot\System32\Drivers\Modem.SYS
F7B71000 - \SystemRoot\system32\drivers\stac97nh.sys
F7B29000 - \SystemRoot\system32\drivers\stac97na.sys
F7B05000 - \SystemRoot\system32\drivers\portcls.sys
F8995000 - \SystemRoot\system32\drivers\drmk.sys
F8A9D000 - \SystemRoot\system32\DRIVERS\usbohci.sys
F7AE1000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
F8AA5000 - \SystemRoot\system32\DRIVERS\usbehci.sys
F7A97000 - \SystemRoot\System32\Drivers\a0wpatdq.SYS
F8AF5000 - \SystemRoot\system32\DRIVERS\klim5.sys
F8D35000 - \SystemRoot\system32\DRIVERS\audstub.sys
F8815000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
F8409000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
F7A58000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
F8825000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
F8835000 - \SystemRoot\system32\DRIVERS\raspptp.sys
F7A47000 - \SystemRoot\system32\DRIVERS\psched.sys
F8845000 - \SystemRoot\system32\DRIVERS\msgpc.sys
F8AFD000 - \SystemRoot\system32\DRIVERS\ptilink.sys
F8B05000 - \SystemRoot\system32\DRIVERS\raspti.sys
F8855000 - \SystemRoot\system32\DRIVERS\termdd.sys
F8C6D000 - \SystemRoot\system32\DRIVERS\swenum.sys
F7949000 - \SystemRoot\system32\DRIVERS\update.sys
F8405000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
F8865000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F8B15000 - \SystemRoot\system32\DRIVERS\flpydisk.sys
F88A5000 - \SystemRoot\system32\DRIVERS\usbhub.sys
F8C73000 - \SystemRoot\system32\DRIVERS\USBD.SYS
F8C0D000 - \SystemRoot\system32\drivers\MODEMCSA.sys
F8C75000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F8D6D000 - \SystemRoot\System32\Drivers\Null.SYS
F8C77000 - \SystemRoot\System32\Drivers\Beep.SYS
F8B25000 - \SystemRoot\System32\drivers\vga.sys
F8C79000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F8C7B000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F8B2D000 - \SystemRoot\System32\Drivers\Msfs.SYS
F8B35000 - \SystemRoot\System32\Drivers\Npfs.SYS
F8C19000 - \SystemRoot\system32\DRIVERS\rasacd.sys
B2FA5000 - \SystemRoot\system32\DRIVERS\ipsec.sys
B2F24000 - \SystemRoot\system32\DRIVERS\tcpip.sys
B2EFC000 - \SystemRoot\system32\DRIVERS\netbt.sys
B2EDA000 - \SystemRoot\System32\drivers\afd.sys
F88C5000 - \SystemRoot\system32\DRIVERS\netbios.sys
B2EAF000 - \SystemRoot\system32\DRIVERS\rdbss.sys
B2E3F000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
B2E0B000 - \??\C:\WINDOWS\system32\drivers\klif.sys
F88D5000 - \SystemRoot\System32\Drivers\Fips.SYS
B2DE5000 - \SystemRoot\system32\DRIVERS\ipnat.sys
F88F5000 - \SystemRoot\system32\DRIVERS\wanarp.sys
F8905000 - \SystemRoot\system32\DRIVERS\arp1394.sys
F87D5000 - \SystemRoot\System32\Drivers\Cdfs.SYS
B2CE8000 - \SystemRoot\system32\DRIVERS\sis163u.sys
F87E5000 - \SystemRoot\system32\DRIVERS\LVUSBSta.sys
B2CB4000 - \SystemRoot\system32\DRIVERS\LV561AV.SYS
F87F5000 - \SystemRoot\system32\DRIVERS\STREAM.SYS
F89DD000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS
B2C9C000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F8C83000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
B2FFC000 - \SystemRoot\System32\drivers\Dxapi.sys
F89E5000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
F8DA1000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9D5000 - \SystemRoot\System32\ati2dvag.dll
BFA0B000 - \SystemRoot\System32\ati2cqag.dll
BFA43000 - \SystemRoot\System32\ati3duag.dll
BFC11000 - \SystemRoot\System32\ativvaxx.dll
B2B7C000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
B2927000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
F8CB9000 - \SystemRoot\System32\Drivers\ParVdm.SYS
B2885000 - \SystemRoot\system32\DRIVERS\srv.sys
B2668000 - \SystemRoot\system32\drivers\wdmaud.sys
B27FD000 - \SystemRoot\system32\drivers\sysaudio.sys
B21E9000 - \SystemRoot\System32\Drivers\HTTP.sys
B1F42000 - \SystemRoot\System32\Drivers\Fastfat.SYS
B1F17000 - \SystemRoot\system32\drivers\kmixer.sys
F8D96000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys
Total number of drivers = 127
Liste des programmes installes
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
802.11 USB Wireless LAN Adapter
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Reader 8.1.2 - Français
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Archiveur WinRAR
Assistant de connexion Windows Live
CCleaner (remove only)
Correctif pour Lecteur Windows Media 11 (KB939683)
Correctif pour Windows Internet Explorer 7 (KB947864)
Correctif pour Windows XP (KB952287)
eMule
EPSON Logiciel imprimante
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Java(TM) 6 Update 6
Java(TM) 6 Update 7
K-Lite Mega Codec Pack 3.9.5
Kaspersky Anti-Virus 7.0
Kaspersky Anti-Virus 7.0
Lecteur Windows Media 11
Logiciel WebCam de Labtec
Malwarebytes' Anti-Malware
Messenger Plus! Live
MessengerDiscovery Live 1.5.0725
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (French) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office Groove MUI (French) 2007
Microsoft Office InfoPath MUI (French) 2007
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)
Microsoft Office OneNote MUI (French) 2007
Microsoft Office Outlook MUI (French) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Publisher MUI (French) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (French) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB936782)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)
Mise à jour de sécurité pour Windows XP (KB946648)
Mise à jour de sécurité pour Windows XP (KB950974)
Mise à jour de sécurité pour Windows XP (KB951066)
Mise à jour de sécurité pour Windows XP (KB951376-v2)
Mise à jour de sécurité pour Windows XP (KB951748)
Mise à jour de sécurité pour Windows XP (KB952954)
Mise à jour de sécurité pour Windows XP (KB953839)
Mise à jour pour Windows XP (KB951072-v2)
Mise à jour pour Windows XP (KB951978)
MSXML 4.0 SP2 (KB936181)
Nero 8
neroxml
PC Booster
PhotoFiltre Studio
Programme de gestion Camera de Labtec®
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Samsung PC Studio
Samsung PC Studio 3 USB Driver Installer
Security Update for 2007 Microsoft Office System (KB951596)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB951546)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update pour Microsoft .NET Framework 2.0 (KB928365)
SigmaTel C-Major Audio
Spybot - Search & Destroy
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb955433)
VCRedistSetup
Vodafone 804SS USB driver Software
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est B4C4-55B4
Répertoire de C:\Program Files
09/08/2008 22:53 <REP> .
09/08/2008 22:53 <REP> ..
22/07/2008 13:15 <REP> Adobe
13/05/2008 20:11 <REP> CCleaner
04/09/2008 17:42 <REP> Chameleon Clock
12/05/2008 20:27 <REP> ComPlus Applications
13/05/2008 20:40 <REP> DAEMON Tools
04/09/2008 13:14 <REP> eMule
16/05/2008 19:23 <REP> EPSON
13/06/2008 14:58 <REP> Fichiers communs
04/09/2008 18:02 <REP> Google
15/05/2008 22:25 <REP> inKline Global
15/08/2008 09:04 <REP> Internet Explorer
30/05/2008 12:47 <REP> INVENTEL
14/07/2008 15:31 <REP> Java
12/05/2008 20:59 <REP> Kaspersky Lab
19/06/2008 22:52 <REP> K-Lite Codec Pack
15/05/2008 14:56 <REP> Logitech
17/06/2008 00:09 <REP> Malwarebytes' Anti-Malware
04/09/2008 17:46 <REP> ManyCam 2.2
15/08/2008 09:09 <REP> Messenger
02/09/2008 09:25 <REP> Messenger Plus! Live
01/08/2008 13:52 <REP> MessengerDiscovery
15/05/2008 20:42 <REP> Microsoft CAPICOM 2.1.0.2
12/05/2008 20:30 <REP> microsoft frontpage
16/05/2008 19:36 <REP> Microsoft Office
19/08/2008 09:02 <REP> Microsoft Silverlight
16/05/2008 19:36 <REP> Microsoft Visual Studio
16/05/2008 19:36 <REP> Microsoft Works
12/05/2008 23:25 <REP> Movie Maker
12/05/2008 20:26 <REP> MSN
12/05/2008 20:26 <REP> MSN Gaming Zone
23/08/2008 21:41 <REP> MSN Webcam Recorder
25/06/2008 23:54 <REP> MSXML 4.0
04/09/2008 17:47 <REP> My Photo Calendars & Cards
13/05/2008 17:53 <REP> Nero
12/05/2008 23:22 <REP> NetMeeting
12/05/2008 20:26 <REP> Online Services
12/05/2008 23:22 <REP> Outlook Express
22/06/2008 19:25 <REP> PhotoFiltre Studio
15/05/2008 21:57 <REP> RegCleaner
16/05/2008 21:12 <REP> Samsung
12/05/2008 20:28 <REP> Services en ligne
15/05/2008 18:54 <REP> Spybot - Search & Destroy
13/05/2008 19:18 <REP> uTorrent
13/05/2008 07:16 <REP> Windows Live
17/05/2008 14:16 <REP> Windows Media Components
13/05/2008 07:11 <REP> Windows Media Connect 2
15/05/2008 12:53 <REP> Windows Media Player
12/05/2008 23:22 <REP> Windows NT
14/05/2008 20:57 <REP> WinRAR
12/05/2008 20:30 <REP> xerox
0 fichier(s) 0 octets
52 Rép(s) 31 816 470 528 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est B4C4-55B4
Répertoire de C:\Program Files\fichiers communs
13/06/2008 14:58 <REP> .
13/06/2008 14:58 <REP> ..
13/06/2008 14:59 <REP> Adobe
16/05/2008 19:36 <REP> DESIGNER
12/05/2008 20:46 278 528 FDEUnInstaller.exe
15/05/2008 14:56 <REP> InstallShield
02/06/2008 00:05 <REP> Java
15/05/2008 14:57 <REP> Logitech
16/06/2008 13:03 <REP> Microsoft Shared
12/05/2008 20:28 <REP> MSSoap
13/05/2008 17:56 <REP> Nero
12/05/2008 21:54 <REP> ODBC
12/05/2008 20:28 <REP> Services
12/05/2008 21:54 <REP> SpeechEngines
12/05/2008 23:22 <REP> System
1 fichier(s) 278 528 octets
14 Rép(s) 31 816 470 528 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est B4C4-55B4
Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders
16/06/2008 13:27 <REP> .
16/06/2008 13:27 <REP> ..
16/05/2008 19:30 <REP> 1036
28/08/2007 23:55 973 168 MSONSEXT.DLL
26/10/2006 20:12 40 256 MSOSV.DLL
03/06/1999 12:09 122 937 MSOWS409.DLL
07/03/2001 07:00 127 033 MSOWS40c.DLL
4 fichier(s) 1 263 394 octets
3 Rép(s) 31 816 470 528 octets libres
c:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.321\French\setup.exe
c:\Documents and Settings\Moi\Bureau\HiJackThis.exe
c:\Documents and Settings\Moi\Bureau\DiagHelp\catchme.exe
c:\Documents and Settings\Moi\Bureau\DiagHelp\diff.exe
c:\Documents and Settings\Moi\Bureau\DiagHelp\dumphive.exe
c:\Documents and Settings\Moi\Bureau\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Moi\Bureau\DiagHelp\find2.exe
c:\Documents and Settings\Moi\Bureau\DiagHelp\Fport.exe
c:\Documents and Settings\Moi\Bureau\DiagHelp\grep.exe
c:\Documents and Settings\Moi\Bureau\DiagHelp\gzip.exe
c:\Documents and Settings\Moi\Bureau\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Moi\Bureau\DiagHelp\LFiles.exe
c:\Documents and Settings\Moi\Bureau\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Moi\Bureau\DiagHelp\md5sums.exe
c:\Documents and Settings\Moi\Bureau\DiagHelp\pslist.exe
c:\Documents and Settings\Moi\Bureau\DiagHelp\sigcheck.exe
c:\Documents and Settings\Moi\Bureau\DiagHelp\streams.exe
c:\Documents and Settings\Moi\Bureau\DiagHelp\swreg.exe
c:\Documents and Settings\Moi\Bureau\DiagHelp\tar.exe
c:\Documents and Settings\Moi\Local Settings\Temp\Rar$EX00.968\MsgCacheExplorer.exe
c:\Documents and Settings\Moi\Local Settings\Temp\Rar$EX01.782\MsgCacheExplorer.exe
c:\Documents and Settings\Moi\Local Settings\Temporary Internet Files\Content.IE5\F8B60UWH\HiJackThis[1].exe
c:\Documents and Settings\Moi\Mes documents\MSNCleaner.exe
c:\Documents and Settings\Moi\Mes documents\msnreaper-1.3.exe
c:\Documents and Settings\Moi\Mes documents\Tigre et Dragon.exe
c:\Documents and Settings\Moi\Mes documents\Dial-a-fix-v0.60.0.24\Dial-a-fix.exe
c:\Documents and Settings\Moi\Mes documents\Dial-a-fix-v0.60.0.24\secedit.exe
c:\Documents and Settings\Moi\Mes documents\Downloads\Love Live Messenger 8.5.exe
c:\Documents and Settings\Moi\Mes documents\Downloads\KASPERSKY ANTI-VIRUS 7.0.1.325(With 100 NEW SERIAL KEYS)\KASPERSKY ANTI-VIRUS 7.0.1.325(With 100 NEW SERIAL KEYS)\Setup\kav7.0.1.325en.exe
c:\Documents and Settings\Moi\Mes documents\Downloads\Kaspersky.Antivirus.&.Internet.Security_8.0.0.357_FR_keys.incluses\Kaspersky Antivirus\kav8.0.0.357fr.exe
c:\Documents and Settings\Moi\Mes documents\Downloads\Kaspersky.Antivirus.&.Internet.Security_8.0.0.357_FR_keys.incluses\Kaspersky Internet Security\kis8.0.0.357fr.exe
c:\Documents and Settings\Moi\Mes documents\Downloads\The Sims 2 FreeTime-vitality [btarena.org]\Sims 2 Free Time NoCD crack\Sims2EP7.exe
c:\Documents and Settings\Moi\Mes documents\rescueiventel\DWBFlash.exe
c:\Documents and Settings\Moi\Mes documents\rescueiventel\RGWRepair.exe
c:\Documents and Settings\Moi\Mes documents\ZR_1.0.0.37\Zeb-Restore.exe
c:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\ckahum.dll
c:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\diffs.dll
c:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\dnsq.dll
c:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\updater.dll
c:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\ushata.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Nero\DrWeb\Drweb32.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
c:\Documents and Settings\Moi\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_CINDY.tar.gz a l'adresse http://upload.malekal.com
pas grand chose
tu as juste c'est deux fichers qui sont un peu louche
C:\WINDOWS\dsez2262.dat
C:\WINDOWS\BMb7f76687.txt
a faire analyser ici
https://www.virustotal.com/gui/
ensuite pour faire un peu de ménage
Télécharge ATF Cleaner par Atribune.
http://www.atribune.org/ccount/click.php?id=1
Double-clique ATF-Cleaner.exe afin de lancer le programme.
Sous l'onglet Main, choisis : Select All
Clique sur le bouton Empty Selected
Si tu utilises le navigateur Firefox :
Clique Firefox au haut et choisis : Select All
Clique le bouton Empty Selected
NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.
Si tu utilises le navigateur Opera :
Clique Opera au haut et choisis : Select All
Clique le bouton Empty Selected
NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.
Clique Exit, du menu prinicipal, afin de fermer le programme.
Pour obtenir du Support technique, double-clique l'adresse électronique située au bas de chacun des menus.
ensuite prend le temps de regarder ces liens
http://www.swl1f.net/viewtopic.php?f=14&t=66
http://www.swl1f.net/viewtopic.php?f=14&t=69
http://www.swl1f.net/viewtopic.php?f=14&t=152
@+
tu as juste c'est deux fichers qui sont un peu louche
C:\WINDOWS\dsez2262.dat
C:\WINDOWS\BMb7f76687.txt
a faire analyser ici
https://www.virustotal.com/gui/
ensuite pour faire un peu de ménage
Télécharge ATF Cleaner par Atribune.
http://www.atribune.org/ccount/click.php?id=1
Double-clique ATF-Cleaner.exe afin de lancer le programme.
Sous l'onglet Main, choisis : Select All
Clique sur le bouton Empty Selected
Si tu utilises le navigateur Firefox :
Clique Firefox au haut et choisis : Select All
Clique le bouton Empty Selected
NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.
Si tu utilises le navigateur Opera :
Clique Opera au haut et choisis : Select All
Clique le bouton Empty Selected
NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.
Clique Exit, du menu prinicipal, afin de fermer le programme.
Pour obtenir du Support technique, double-clique l'adresse électronique située au bas de chacun des menus.
ensuite prend le temps de regarder ces liens
http://www.swl1f.net/viewtopic.php?f=14&t=66
http://www.swl1f.net/viewtopic.php?f=14&t=69
http://www.swl1f.net/viewtopic.php?f=14&t=152
@+
