Infecté par Win32
Justine
-
ep44 Messages postés 7432 Statut Contributeur -
ep44 Messages postés 7432 Statut Contributeur -
Bonjour,
Voila quelques jours qu'avast a repéré un cheval de troie du nom de Win32:Patched-ck [trj]. Il n'arrvie pas à le supprimer. J'ai donc essayé de changer d'antivirus, antivir le détecte également mais ne le supprime pas non plus (la quarantaine ne fonctionne pas non plus). J'ai essayé plusieurs anti spyware (superanti spyware, malwarebytes anti malware) qui ne servent à rien non plus. Par la suite j'ai essayé une restauration système, sauf que mon point de sauvegarde le plus anciens est éjà infecté.
Je ne sais plus trop quoi faire... J'ai envisagé la restauration usine ou le formatage mais je n'est pas les cd d'xp (mon pc est un portable windows été déjà installé)
J'ai vraiment besoin de votre aide, merci par avance
Voila quelques jours qu'avast a repéré un cheval de troie du nom de Win32:Patched-ck [trj]. Il n'arrvie pas à le supprimer. J'ai donc essayé de changer d'antivirus, antivir le détecte également mais ne le supprime pas non plus (la quarantaine ne fonctionne pas non plus). J'ai essayé plusieurs anti spyware (superanti spyware, malwarebytes anti malware) qui ne servent à rien non plus. Par la suite j'ai essayé une restauration système, sauf que mon point de sauvegarde le plus anciens est éjà infecté.
Je ne sais plus trop quoi faire... J'ai envisagé la restauration usine ou le formatage mais je n'est pas les cd d'xp (mon pc est un portable windows été déjà installé)
J'ai vraiment besoin de votre aide, merci par avance
A voir également:
- Infecté par Win32
- Trojan win32 - Forum Virus
- Puabundler win32 rostpay ✓ - Forum Antivirus
- Puadimanager win32/offercore ✓ - Forum Virus
- PUADlManager:Win32/OfferCore ✓ - Forum Virus
- Win32 pup gen ✓ - Forum Linux / Unix
23 réponses
Bonjour
Ne t'inquiète pas je vais te guider et t'aider à désinfecter ton PC.
Télécharge sur le Bureau HijackThis
http://download.hijackthis.eu/HJTInstall.exe
= Double-clique sur dessus pour l'installer
= Clique sur Do a system scan and save the log
= Colle le rapport
si problème voir l'aide
http://www.swl1f.net/viewtopic.php?f=14&t=153&p=1100#p1100
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
@+
Ne t'inquiète pas je vais te guider et t'aider à désinfecter ton PC.
Télécharge sur le Bureau HijackThis
http://download.hijackthis.eu/HJTInstall.exe
= Double-clique sur dessus pour l'installer
= Clique sur Do a system scan and save the log
= Colle le rapport
si problème voir l'aide
http://www.swl1f.net/viewtopic.php?f=14&t=153&p=1100#p1100
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
@+
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:00:45, on 06/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\Player\__CDS2.dll (file missing)
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: AHtwwebEK - {641D53F5-CEB7-F95F-6944-C8FA7BA4ACCC} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
Scan saved at 17:00:45, on 06/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\Player\__CDS2.dll (file missing)
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: AHtwwebEK - {641D53F5-CEB7-F95F-6944-C8FA7BA4ACCC} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
Télécharge sur le Bureau http://siri.urz.free.fr/Fix/SmitfraudFix.exe
=> Double clic sur SmitfraudFix.zip
=> Extraire tout
=> Double clic sur SmitfraudFix
=> Double Clic sur SmitfraudFix.cmd
=> Choisir Option 1
=> poste le rapport
@+
=> Double clic sur SmitfraudFix.zip
=> Extraire tout
=> Double clic sur SmitfraudFix
=> Double Clic sur SmitfraudFix.cmd
=> Choisir Option 1
=> poste le rapport
@+
Désolé pour le retard, j'espère que quelqu'un est toujours la. Voici le rapport:
SmitFraudFix v2.346
Rapport fait à 21:23:52,20, 06/09/2008
Executé à partir de C:\Documents and Settings\Justine\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Justine\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Justine
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Justine\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Justine\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/Wireless 3945ABG Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 89.2.0.1
DNS Server Search Order: 89.2.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\..\{2EB11F6F-FCED-43A6-83C5-B9D3B3EA1DB7}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CD1BAA1C-7073-4E50-A6F2-5F0EB8102043}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2EB11F6F-FCED-43A6-83C5-B9D3B3EA1DB7}: DhcpNameServer=84.103.237.146 86.64.145.146
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CD1BAA1C-7073-4E50-A6F2-5F0EB8102043}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{2EB11F6F-FCED-43A6-83C5-B9D3B3EA1DB7}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CD1BAA1C-7073-4E50-A6F2-5F0EB8102043}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2EB11F6F-FCED-43A6-83C5-B9D3B3EA1DB7}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{CD1BAA1C-7073-4E50-A6F2-5F0EB8102043}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=84.103.237.146 86.64.145.146
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
SmitFraudFix v2.346
Rapport fait à 21:23:52,20, 06/09/2008
Executé à partir de C:\Documents and Settings\Justine\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Justine\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Justine
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Justine\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Justine\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/Wireless 3945ABG Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 89.2.0.1
DNS Server Search Order: 89.2.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\..\{2EB11F6F-FCED-43A6-83C5-B9D3B3EA1DB7}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CD1BAA1C-7073-4E50-A6F2-5F0EB8102043}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2EB11F6F-FCED-43A6-83C5-B9D3B3EA1DB7}: DhcpNameServer=84.103.237.146 86.64.145.146
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CD1BAA1C-7073-4E50-A6F2-5F0EB8102043}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{2EB11F6F-FCED-43A6-83C5-B9D3B3EA1DB7}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CD1BAA1C-7073-4E50-A6F2-5F0EB8102043}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2EB11F6F-FCED-43A6-83C5-B9D3B3EA1DB7}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{CD1BAA1C-7073-4E50-A6F2-5F0EB8102043}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=84.103.237.146 86.64.145.146
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ok pour la suite
Télécharge malwarebytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Une aide pour l'installation
http://www.swl1f.net/viewtopic.php?f=14&t=68
=> Installe le
=> Ensuite va en mode sans echec
Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
=> Lance malwarebytes
=> Coche "Executer un examen complet"
=> Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
=> Clique sur Supprimer la sélection
=> Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
=> Fait copier coller et poste le rapport
--------------------------
ensuite
* Télécharge CCleaner
https://filehippo.com/download_ccleaner/
=> Aide toi de ce tuto pour l'utiliser
http://www.swl1f.net/viewtopic.php?f=14&t=69
--------------------------
Ensuite refais un nouveau HijackThis
@+
Télécharge malwarebytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Une aide pour l'installation
http://www.swl1f.net/viewtopic.php?f=14&t=68
=> Installe le
=> Ensuite va en mode sans echec
Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
=> Lance malwarebytes
=> Coche "Executer un examen complet"
=> Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
=> Clique sur Supprimer la sélection
=> Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
=> Fait copier coller et poste le rapport
--------------------------
ensuite
* Télécharge CCleaner
https://filehippo.com/download_ccleaner/
=> Aide toi de ce tuto pour l'utiliser
http://www.swl1f.net/viewtopic.php?f=14&t=69
--------------------------
Ensuite refais un nouveau HijackThis
@+
le rapport malwarebytes
Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1062
Windows 5.1.2600 Service Pack 2
22:46:07 06/09/2008
mbam-log-09-06-2008 (22-46-07).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 136750
Temps écoulé: 33 minute(s), 35 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1062
Windows 5.1.2600 Service Pack 2
22:46:07 06/09/2008
mbam-log-09-06-2008 (22-46-07).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 136750
Temps écoulé: 33 minute(s), 35 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
ok au lieu de refaire un rapport HiajckThis fait ceci stp
Télécharge DiagHelp.zip sur ton bureau http://www.malekal.com/download/DiagHelp.zip
==> Ne double-clic pas dessus !! Fais un clic droit sur le fichier et extraire tout
==> Un nouveau dossier chercher va être créé DiagHelp
==> Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
==> Une fenêtre va s'ouvrir, choisis l'option 1
==> L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande
==> Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
==> Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
==> A nouveau menu Edition / copier
==> Dans un nouveau message ici, faire un clic droit / coller
@+
Télécharge DiagHelp.zip sur ton bureau http://www.malekal.com/download/DiagHelp.zip
==> Ne double-clic pas dessus !! Fais un clic droit sur le fichier et extraire tout
==> Un nouveau dossier chercher va être créé DiagHelp
==> Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
==> Une fenêtre va s'ouvrir, choisis l'option 1
==> L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande
==> Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
==> Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
==> A nouveau menu Edition / copier
==> Dans un nouveau message ici, faire un clic droit / coller
@+
et le rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:48:42, on 06/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\Player\__CDS2.dll (file missing)
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: AHtwwebEK - {641D53F5-CEB7-F95F-6944-C8FA7BA4ACCC} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:48:42, on 06/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\Player\__CDS2.dll (file missing)
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: AHtwwebEK - {641D53F5-CEB7-F95F-6944-C8FA7BA4ACCC} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
DiagHelp version v1.4 - http://www.malekal.com
excute le 06/09/2008 à 22:53:07,40
Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\GUARDGUI.EXE-2C20A958.pf -->06/09/2008 16:42:58
C:\WINDOWS\prefetch\PCTSGUI.EXE-281B8AB7.pf -->06/09/2008 16:42:10
C:\WINDOWS\prefetch\UPDATE.EXE-1A7E7F45.pf -->06/09/2008 16:42:01
C:\WINDOWS\prefetch\AVWSC.EXE-347FCF75.pf -->06/09/2008 16:41:52
C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->06/09/2008 16:33:28
C:\WINDOWS\prefetch\WMIADAP.EXE-2DF425B2.pf -->06/09/2008 16:33:27
C:\WINDOWS\prefetch\PCTSAUXS.EXE-1E8D77A6.pf -->06/09/2008 16:32:58
C:\WINDOWS\prefetch\PCTSTRAY.EXE-29391146.pf -->06/09/2008 16:32:53
C:\WINDOWS\prefetch\PCTSSVC.EXE-3A239962.pf -->06/09/2008 16:32:52
C:\WINDOWS\prefetch\UNZIP.EXE-08434430.pf -->06/09/2008 16:32:46
C:\WINDOWS\System32\drivers\556a2dc3.sys -->29/08/2008 11:22:04
C:\WINDOWS\System32\drivers\iksyssec.sys -->25/08/2008 11:36:30
C:\WINDOWS\System32\drivers\iksysflt.sys -->25/08/2008 11:36:28
C:\WINDOWS\System32\drivers\ikfilesec.sys -->25/08/2008 11:36:28
C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->17/08/2008 15:01:18
C:\WINDOWS\System32\drivers\mbam.sys -->17/08/2008 15:01:14
C:\WINDOWS\System32\drivers\aswFsBlk.sys -->19/07/2008 16:37:42
C:\WINDOWS\System32\tmp.txt -->06/09/2008 21:23:54
C:\WINDOWS\System32\tmp.reg -->06/09/2008 21:23:54
C:\WINDOWS\System32\wpa.dbl -->06/09/2008 21:20:28
C:\WINDOWS\System32\PerfStringBackup.INI -->06/09/2008 16:33:35
C:\WINDOWS\System32\perfh00C.dat -->06/09/2008 16:33:35
C:\WINDOWS\System32\perfh009.dat -->06/09/2008 16:33:35
C:\WINDOWS\System32\perfc00C.dat -->06/09/2008 16:33:35
C:\WINDOWS\System32\perfc009.dat -->06/09/2008 16:33:35
C:\WINDOWS\System32\AntiXPVSTFix.exe -->02/09/2008 23:58:33
C:\WINDOWS\System32\VACFix.exe -->02/09/2008 16:51:48
C:\WINDOWS\System32\IEDFix.C.exe -->28/08/2008 22:36:57
C:\WINDOWS\System32\404Fix.exe -->18/08/2008 12:19:03
C:\WINDOWS\System32\TZLog.log -->16/08/2008 11:55:18
C:\WINDOWS\System32\FNTCACHE.DAT -->12/08/2008 13:09:31
C:\WINDOWS\System32\MRT.exe -->05/08/2008 20:11:01
C:\WINDOWS\System32\CONFIG.NT -->01/08/2008 19:55:36
C:\WINDOWS\System32\aswBoot.exe -->19/07/2008 16:43:08
C:\WINDOWS\System32\AvastSS.scr -->19/07/2008 16:30:53
C:\WINDOWS\System32\cdm.dll -->18/07/2008 22:10:48
C:\WINDOWS\System32\wuauclt.exe -->18/07/2008 22:10:42
C:\WINDOWS\System32\wups2.dll -->18/07/2008 22:10:40
C:\WINDOWS\System32\wucltui.dll.mui -->18/07/2008 22:10:36
C:\WINDOWS\System32\wups.dll -->18/07/2008 22:10:20
C:\WINDOWS\System32\wuaucpl.cpl.mui -->18/07/2008 22:09:56
C:\WINDOWS\System32\wucltui.dll -->18/07/2008 22:09:46
C:\WINDOWS\WindowsUpdate.log -->06/09/2008 22:52:07
C:\WINDOWS\bootstat.dat -->06/09/2008 21:18:52
C:\WINDOWS\win.ini -->28/08/2008 15:46:02
C:\WINDOWS\system.ini -->28/08/2008 15:46:02
C:\WINDOWS\QTFont.qfn -->20/08/2008 17:14:31
C:\WINDOWS\NeroDigital.ini -->16/08/2008 15:33:08
C:\WINDOWS\SIERRA.INI -->30/03/2008 16:53:27
C:\WINDOWS\ModemLog_Modem standard 33600 bps.txt -->30/11/2007 19:38:09
C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt -->30/11/2007 19:38:03
C:\WINDOWS\QTFont.for -->30/11/2007 15:58:53
C:\WINDOWS\aopr.ini -->23/06/2007 16:30:24
C:\WINDOWS\_MSRSTRT.EXE -->23/06/2007 14:06:07
C:\WINDOWS\aoxppr.ini -->23/06/2007 14:05:41
C:\WINDOWS\explorer.exe -->13/06/2007 15:22:28
C:\WINDOWS\tosOBEX.INI -->15/05/2007 16:43:08
winlogon.exe
svchost.exe
ws2_32.dll
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
explorer.exe pid: 228
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
0x44080000 0xd0000 7.00.6000.16705 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16705 C:\WINDOWS\system32\iertutil.dll
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x636e0000 0x29000 6.00.0000.0002 C:\Program Files\Spyware Doctor\smumhook.dll
0x5a000000 0x1f000 6.00.0000.0000 C:\Program Files\Spyware Doctor\klg.dat
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x44360000 0x5cd000 7.00.6000.16705 C:\WINDOWS\system32\ieframe.dll
0x44160000 0x127000 7.00.6000.16705 C:\WINDOWS\system32\urlmon.dll
0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
0x10000000 0x14000 1.00.0000.1012 C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
0x00c10000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
0x016b0000 0x2c000 C:\Program Files\WinRAR\rarext.dll
0x00c00000 0xf000 1.00.0000.1004 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
0x016e0000 0x12000 7.00.0000.0015 C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL
0x02180000 0x56000 7.10.3052.0004 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll
0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\system32\MFC71FRA.DLL
0x02300000 0x37000 3.05.0000.0000 C:\Program Files\PowerISO\PWRISOSH.DLL
0x021e0000 0x12000 1.01.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
0x64f00000 0x12000 4.08.1227.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
winlogon.exe pid: 808
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x82000 \??\C:\WINDOWS\system32\winlogon.exe
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x10000000 0x99000 1.00.0000.1048 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
0x44080000 0xd0000 7.00.6000.16705 C:\WINDOWS\system32\WININET.dll
0x00de0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16705 C:\WINDOWS\system32\iertutil.dll
0x00f50000 0x11000 6.14.0010.4124 C:\WINDOWS\system32\Ati2evxx.dll
0x010e0000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x636e0000 0x29000 6.00.0000.0002 C:\Program Files\Spyware Doctor\smumhook.dll
0x5a000000 0x1f000 6.00.0000.0000 C:\Program Files\Spyware Doctor\klg.dat
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 641D-53F4
Répertoire de C:\WINDOWS\system32
05/08/2004 13:00 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 40 314 417 152 octets libres
Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 641D-53F4
Répertoire de C:\WINDOWS\Downloaded Program Files
23/09/2006 10:49 <REP> .
23/09/2006 10:49 <REP> ..
16/01/2006 18:36 65 desktop.ini
26/05/2005 04:19 291 wuweb.inf
2 fichier(s) 356 octets
Total des fichiers listés :
2 fichier(s) 356 octets
2 Rép(s) 40 314 417 152 octets libres
Recherche de rootkit! (Merci S!Ri)
Recherche d'infections connues
Export des clefs sensibles..
Liste des fichiers en exception sur le pare-feu XP SP2
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Justine\\Local Settings\\Temp\\.tt22.tmp"="C:\\Documents and Settings\\Justine\\Local Settings\\Temp\\.tt22.tmp:*:Enabled:enable"
"C:\\WINDOWS\\system32\\sysrest32.exe"="C:\\WINDOWS\\system32\\sysrest32.exe:*:Enabled:enable"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Export de la clef SharedTaskScheduler
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
exports des policies
REGEDIT4
[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-06 22:53:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:b9,c2,93,2d,b3,bd,14,8c,04,f3,a3,11,90,47,05,c9,7f,b0,95,f6,0d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:2e,eb,5a,55,73,53,95,62,50,1c,cf,69,a9,71,a4,c6,1a,89,be,16,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7d,5a,fb,17,9a,19,96,6c,45,d0,8d,fa,2b,a2,bd,e9,83,..
"khjeh"=hex:af,02,fb,35,e5,09,f8,25,21,d9,d3,19,f6,e0,5a,4d,7b,aa,4c,83,13,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1c,95,da,08,af,a7,e0,ad,48,58,86,e5,7e,9a,21,d8,ff,c4,75,e2,ba,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2da7b4db
"s2"=dword:6e01368e
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:b9,c2,93,2d,b3,bd,14,8c,04,f3,a3,11,90,47,05,c9,7f,b0,95,f6,0d,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:2e,eb,5a,55,73,53,95,62,50,1c,cf,69,a9,71,a4,c6,1a,89,be,16,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7d,5a,fb,17,9a,19,96,6c,45,d0,8d,fa,2b,a2,bd,e9,83,..
"khjeh"=hex:af,02,fb,35,e5,09,f8,25,21,d9,d3,19,f6,e0,5a,4d,7b,aa,4c,83,13,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1c,95,da,08,af,a7,e0,ad,48,58,86,e5,7e,9a,21,d8,ff,c4,75,e2,ba,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:b9,c2,93,2d,b3,bd,14,8c,04,f3,a3,11,90,47,05,c9,7f,b0,95,f6,0d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:2e,eb,5a,55,73,53,95,62,50,1c,cf,69,a9,71,a4,c6,1a,89,be,16,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7d,5a,fb,17,9a,19,96,6c,45,d0,8d,fa,2b,a2,bd,e9,83,..
"khjeh"=hex:af,02,fb,35,e5,09,f8,25,21,d9,d3,19,f6,e0,5a,4d,7b,aa,4c,83,13,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1c,95,da,08,af,a7,e0,ad,48,58,86,e5,7e,9a,21,d8,ff,c4,75,e2,ba,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden services: 0
hidden files: 0
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Error loading kernel support driver!
Make sure you are running this as Administrator.
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Error loading kernel support driver!
Make sure you are running this as Administrator.
Liste des programmes installes
802.11 USB Wireless LAN Adapter
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Photoshop CS2
Adobe Reader 7.1.0 - Français
Adobe Shockwave Player
Adobe Stock Photos 1.0
AiO_Scan_CDA
AiOSoftwareNPI
Apple Software Update
Archiveur WinRAR
Assist TOSHIBA
Assistant de connexion Windows Live
ATI - Utilitaire de désinstallation du logiciel
ATI Catalyst Control Center
ATI Display Driver
avast! Antivirus
Avira AntiVir Personal - Free Antivirus
Azureus
Bluetooth Stack for Windows by Toshiba
BufferChm
C3100 c3100_Help
CCleaner (remove only)
CEP - Color Enable Package
Commandes TOSHIBA
Correctif pour Windows Internet Explorer 7 (KB947864)
Correctif Windows XP - KB884018
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
eMule
eSupportQFolder
Fax_CDA
Formatage de carte mémoire SD TOSHIBA
Gestion d'énergie TOSHIBA
HijackThis 2.0.2
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
InstantShareDevicesMFC
Intel(R) PRO Network Connections Drivers
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
J2SE Runtime Environment 5.0 Update 4
Le Petit MOURRE
Lecteur Windows Media 10
Les Indispensables Éducation pour Microsoft Office
Les Sims 2
Les Sims 2 : Nuits de Folie
Les Sims 2 Fun en Famille Kit
Les Sims 2 : La bonne affaire
Les Sims™ 2 Animaux & Cie
Les Sims™ 2 H&M® Fashion Kit
Les Sims™ 2 Jour de fête ! Kit
Les Sims™ 2 Kit Glamour
Les Sims™ 2 Quartier Libre
Les Sims™ 2 Tout pour les ados Kit
Les Sims™ 2 Au fil des saisons
Les Sims™ 2 Bon Voyage
Lexibase Collins Français-Anglais
LG PC Suite
LG USB Modem driver [KU580]
livebox
Logiciel Intel(R) PROSet/Wireless
Macromedia Flash Player
Malwarebytes' Anti-Malware
Manuels TOSHIBA
MarketResearch
mCore
mDrWiFi
Messenger Plus! Live
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Language Pack - FRA
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Encarta 2007 - Études
Microsoft Encarta Maths
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)
Mise à jour Encarta_Les Indispensables Éducation
mIWA
mLogView
mMHouse
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
Module sécurisé SD
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mXML
mZConfig
Nero 6 Ultra Edition
NewCopy_CDA
OCR Software by I.R.I.S 7.0
Outil de diagnostic PC TOSHIBA
PanoStandAlone
PowerISO
ProductContextNPI
QuickTime
Readme
Realtek High Definition Audio Driver
Réducteur de bruit lect. CD/DVD
SAGEM F@st 800-840
Satsuki Decoder Pack
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
SolutionCenter
Son virtuel TOSHIBA
Sonic DLA
Sony USB Driver
Spyware Doctor 6.0
Status
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
The Sims 2 University
Toolbox
TOSHIBA ConfigFree
TOSHIBA Hotkey Utility
TOSHIBA Software Modem
TOSHIBA TouchPad ON/Off Utility
TOSHIBA Utilities
TrayApp
Unload
Utilitaire de zoom TOSHIBA
VideoLAN VLC media player 0.8.6a
WebFldrs XP
WebReg
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Format Runtime
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 641D-53F4
Répertoire de C:\Program Files
06/09/2008 17:00 <REP> .
06/09/2008 17:00 <REP> ..
17/05/2007 16:35 <REP> 1964
09/12/2007 12:35 <REP> Adobe
22/04/2007 19:07 <REP> Ahead
22/09/2006 09:23 <REP> Alcohol Soft
10/04/2008 14:44 <REP> Alwil Software
13/05/2007 12:35 <REP> Apple Software Update
13/02/2006 13:12 <REP> ATI Technologies
06/09/2008 16:25 <REP> Avira
23/06/2008 14:45 <REP> Azureus
02/09/2007 21:56 <REP> CCleaner
16/01/2006 18:35 <REP> ComPlus Applications
01/06/2007 20:53 <REP> DAEMON Tools
01/03/2008 19:14 <REP> EA GAMES
23/06/2007 16:10 <REP> ElcomSoft
18/08/2008 15:00 <REP> eMule
28/08/2008 17:05 <REP> Enigma Software Group
01/03/2008 16:37 <REP> Fichiers communs
07/08/2007 14:55 <REP> Hewlett-Packard
25/12/2006 16:46 <REP> HP
29/08/2006 16:23 <REP> Intel
16/08/2008 11:54 <REP> Internet Explorer
29/08/2006 16:22 <REP> InterVideo
13/02/2006 13:14 <REP> Java
28/02/2007 20:17 <REP> Le Petit MOURRE
27/03/2008 09:10 <REP> Learning Essentials
18/05/2008 12:02 <REP> LG Electronics
18/05/2008 12:02 <REP> LG PC Suite 2
29/08/2008 11:40 <REP> Malwarebytes' Anti-Malware
16/08/2008 11:57 <REP> Messenger
06/09/2008 16:23 <REP> Messenger Plus! Live
26/03/2008 21:05 <REP> Microsoft CAPICOM 2.1.0.2
09/12/2007 14:57 <REP> Microsoft Etudes
13/02/2006 13:15 <REP> microsoft frontpage
02/02/2008 11:19 <REP> Microsoft Office
13/02/2006 13:16 <REP> Microsoft.NET
13/02/2006 13:16 <REP> Movie Maker
28/08/2008 19:24 <REP> Mozilla Firefox
13/02/2006 13:16 <REP> MSN
13/02/2006 13:16 <REP> MSN Gaming Zone
01/03/2008 16:38 <REP> MSN Messenger
03/02/2008 11:48 <REP> MSXML 6.0
13/02/2006 13:16 <REP> NetMeeting
13/02/2006 13:17 <REP> Online Services
06/07/2007 14:20 <REP> Outlook Express
08/12/2006 14:33 <REP> PowerISO
13/05/2007 12:36 <REP> QuickTime
12/03/2007 22:35 <REP> Real
13/02/2006 13:17 <REP> Realtek
25/04/2007 11:04 <REP> SAGEM
11/01/2007 21:28 <REP> SAGEM F@st 800-840
23/09/2006 19:13 <REP> Satsuki Decoder Pack
13/02/2006 13:17 <REP> Services en ligne
23/06/2007 13:37 <REP> Sims 2 Collection Maker
23/08/2007 10:41 <REP> Softissimo
06/09/2008 16:45 <REP> Spybot - Search & Destroy
06/09/2008 16:33 <REP> Spyware Doctor
24/06/2008 14:36 <REP> StepMania
06/09/2008 16:21 <REP> SUPERAntiSpyware
02/02/2008 11:39 <REP> Symantec
13/02/2006 13:18 <REP> Synaptics
12/05/2007 20:40 <REP> Timeline Interactive
23/06/2007 10:02 <REP> Toshiba
06/09/2008 17:00 <REP> Trend Micro
27/02/2007 19:55 <REP> VideoLAN
25/04/2007 11:34 <REP> Wanadoo
23/12/2007 20:27 <REP> Winamp
01/03/2008 16:38 <REP> Windows Live
26/03/2008 23:13 <REP> Windows Live Safety Center
24/09/2006 10:29 <REP> Windows Media Player
13/02/2006 13:19 <REP> Windows NT
01/03/2007 23:30 <REP> WinRAR
13/02/2006 13:19 <REP> xerox
0 fichier(s) 0 octets
74 Rép(s) 40 304 672 768 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 641D-53F4
Répertoire de C:\Program Files\fichiers communs
01/03/2008 16:37 <REP> .
01/03/2008 16:37 <REP> ..
10/06/2008 14:51 <REP> Adobe
09/12/2007 12:26 <REP> Adobe Systems Shared
22/04/2007 19:07 <REP> Ahead
01/09/2006 21:53 <REP> DESIGNER
23/09/2006 09:59 278 528 FDEUnInstaller.exe
25/12/2006 16:42 <REP> Hewlett-Packard
25/12/2006 16:46 <REP> HP
13/02/2006 13:12 <REP> InstallShield
13/02/2006 13:12 <REP> Java
11/08/2008 21:34 <REP> Microsoft Shared
13/02/2006 13:13 <REP> MSSoap
13/02/2006 13:13 <REP> ODBC
13/03/2007 10:25 <REP> Real
13/02/2006 13:13 <REP> Services
13/02/2006 13:13 <REP> SpeechEngines
02/02/2008 11:41 <REP> Symantec Shared
06/07/2007 14:20 <REP> System
28/08/2008 18:34 <REP> Wise Installation Wizard
1 fichier(s) 278 528 octets
19 Rép(s) 40 304 672 768 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 641D-53F4
Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders
02/08/2008 10:14 <REP> .
02/08/2008 10:14 <REP> ..
13/02/2006 13:12 <REP> 1033
02/08/2008 10:14 <REP> 1036
20/09/2005 12:33 1 293 008 MSONSEXT.DLL
22/03/2007 19:29 39 256 MSOSV.DLL
03/06/1999 13:09 122 937 MSOWS409.DLL
07/03/2001 08:00 127 033 MSOWS40c.DLL
11/07/2003 03:25 80 448 PKMWS.DLL
5 fichier(s) 1 662 682 octets
4 Rép(s) 40 304 672 768 octets libres
c:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.321\English\setup.exe
c:\Documents and Settings\Justine\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe
c:\Documents and Settings\Justine\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr710_fr_FR.exe
c:\Documents and Settings\Justine\Bureau\antivir_workstation_winu_en_h.exe
c:\Documents and Settings\Justine\Bureau\HJTInstall.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix.exe
c:\Documents and Settings\Justine\Bureau\zaSetup_fr.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\catchme.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\diff.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\dumphive.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\find2.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\Fport.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\grep.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\gzip.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\LFiles.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\md5sums.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\pslist.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\sigcheck.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\streams.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\swreg.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\tar.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\404Fix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\AntiXPVSTFix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\dumphive.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\exit.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\GenericRenosFix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\HostsChk.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\IEDFix.C.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\IEDFix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\Policies.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\Process.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\Reboot.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\restart.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\SmiUpdate.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\SrchSTS.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\swreg.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\swsc.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\swxcacls.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\UIFix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\unzip.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\VACFix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\VCCLSID.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\WS2Fix.exe
c:\Documents and Settings\Justine\Local Settings\Temp\SSUPDATE.EXE
c:\Documents and Settings\Justine\Mes documents\Games\rom\PoKémon\Visual_Boy_Advance_V1.7.2_win_Fr\VisualBoyAdvance.exe
c:\Documents and Settings\Justine\Mes documents\Ma musique\Musique\Grease - Soundtrack\Grease\Multimedia\GREASE.EXE
c:\Documents and Settings\Justine\Mes documents\Ma musique\Musique\Grease - Soundtrack\Grease\Multimedia\VFW11E\SETUP.EXE
c:\Documents and Settings\Administrateur\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10000.dll
c:\Documents and Settings\Administrateur\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10001.dll
c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\Justine\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
c:\Documents and Settings\Justine\Application Data\Mozilla\Firefox\Profiles\ntkjgpgm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
c:\Documents and Settings\Justine\Application Data\Mozilla\Firefox\Profiles\ntkjgpgm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
c:\Documents and Settings\Justine\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10000.dll
c:\Documents and Settings\Justine\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10001.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_JUSTINE.tar.gz a l'adresse http://upload.malekal.com
excute le 06/09/2008 à 22:53:07,40
Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\GUARDGUI.EXE-2C20A958.pf -->06/09/2008 16:42:58
C:\WINDOWS\prefetch\PCTSGUI.EXE-281B8AB7.pf -->06/09/2008 16:42:10
C:\WINDOWS\prefetch\UPDATE.EXE-1A7E7F45.pf -->06/09/2008 16:42:01
C:\WINDOWS\prefetch\AVWSC.EXE-347FCF75.pf -->06/09/2008 16:41:52
C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->06/09/2008 16:33:28
C:\WINDOWS\prefetch\WMIADAP.EXE-2DF425B2.pf -->06/09/2008 16:33:27
C:\WINDOWS\prefetch\PCTSAUXS.EXE-1E8D77A6.pf -->06/09/2008 16:32:58
C:\WINDOWS\prefetch\PCTSTRAY.EXE-29391146.pf -->06/09/2008 16:32:53
C:\WINDOWS\prefetch\PCTSSVC.EXE-3A239962.pf -->06/09/2008 16:32:52
C:\WINDOWS\prefetch\UNZIP.EXE-08434430.pf -->06/09/2008 16:32:46
C:\WINDOWS\System32\drivers\556a2dc3.sys -->29/08/2008 11:22:04
C:\WINDOWS\System32\drivers\iksyssec.sys -->25/08/2008 11:36:30
C:\WINDOWS\System32\drivers\iksysflt.sys -->25/08/2008 11:36:28
C:\WINDOWS\System32\drivers\ikfilesec.sys -->25/08/2008 11:36:28
C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->17/08/2008 15:01:18
C:\WINDOWS\System32\drivers\mbam.sys -->17/08/2008 15:01:14
C:\WINDOWS\System32\drivers\aswFsBlk.sys -->19/07/2008 16:37:42
C:\WINDOWS\System32\tmp.txt -->06/09/2008 21:23:54
C:\WINDOWS\System32\tmp.reg -->06/09/2008 21:23:54
C:\WINDOWS\System32\wpa.dbl -->06/09/2008 21:20:28
C:\WINDOWS\System32\PerfStringBackup.INI -->06/09/2008 16:33:35
C:\WINDOWS\System32\perfh00C.dat -->06/09/2008 16:33:35
C:\WINDOWS\System32\perfh009.dat -->06/09/2008 16:33:35
C:\WINDOWS\System32\perfc00C.dat -->06/09/2008 16:33:35
C:\WINDOWS\System32\perfc009.dat -->06/09/2008 16:33:35
C:\WINDOWS\System32\AntiXPVSTFix.exe -->02/09/2008 23:58:33
C:\WINDOWS\System32\VACFix.exe -->02/09/2008 16:51:48
C:\WINDOWS\System32\IEDFix.C.exe -->28/08/2008 22:36:57
C:\WINDOWS\System32\404Fix.exe -->18/08/2008 12:19:03
C:\WINDOWS\System32\TZLog.log -->16/08/2008 11:55:18
C:\WINDOWS\System32\FNTCACHE.DAT -->12/08/2008 13:09:31
C:\WINDOWS\System32\MRT.exe -->05/08/2008 20:11:01
C:\WINDOWS\System32\CONFIG.NT -->01/08/2008 19:55:36
C:\WINDOWS\System32\aswBoot.exe -->19/07/2008 16:43:08
C:\WINDOWS\System32\AvastSS.scr -->19/07/2008 16:30:53
C:\WINDOWS\System32\cdm.dll -->18/07/2008 22:10:48
C:\WINDOWS\System32\wuauclt.exe -->18/07/2008 22:10:42
C:\WINDOWS\System32\wups2.dll -->18/07/2008 22:10:40
C:\WINDOWS\System32\wucltui.dll.mui -->18/07/2008 22:10:36
C:\WINDOWS\System32\wups.dll -->18/07/2008 22:10:20
C:\WINDOWS\System32\wuaucpl.cpl.mui -->18/07/2008 22:09:56
C:\WINDOWS\System32\wucltui.dll -->18/07/2008 22:09:46
C:\WINDOWS\WindowsUpdate.log -->06/09/2008 22:52:07
C:\WINDOWS\bootstat.dat -->06/09/2008 21:18:52
C:\WINDOWS\win.ini -->28/08/2008 15:46:02
C:\WINDOWS\system.ini -->28/08/2008 15:46:02
C:\WINDOWS\QTFont.qfn -->20/08/2008 17:14:31
C:\WINDOWS\NeroDigital.ini -->16/08/2008 15:33:08
C:\WINDOWS\SIERRA.INI -->30/03/2008 16:53:27
C:\WINDOWS\ModemLog_Modem standard 33600 bps.txt -->30/11/2007 19:38:09
C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt -->30/11/2007 19:38:03
C:\WINDOWS\QTFont.for -->30/11/2007 15:58:53
C:\WINDOWS\aopr.ini -->23/06/2007 16:30:24
C:\WINDOWS\_MSRSTRT.EXE -->23/06/2007 14:06:07
C:\WINDOWS\aoxppr.ini -->23/06/2007 14:05:41
C:\WINDOWS\explorer.exe -->13/06/2007 15:22:28
C:\WINDOWS\tosOBEX.INI -->15/05/2007 16:43:08
winlogon.exe
svchost.exe
ws2_32.dll
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
explorer.exe pid: 228
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
0x44080000 0xd0000 7.00.6000.16705 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16705 C:\WINDOWS\system32\iertutil.dll
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x636e0000 0x29000 6.00.0000.0002 C:\Program Files\Spyware Doctor\smumhook.dll
0x5a000000 0x1f000 6.00.0000.0000 C:\Program Files\Spyware Doctor\klg.dat
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x44360000 0x5cd000 7.00.6000.16705 C:\WINDOWS\system32\ieframe.dll
0x44160000 0x127000 7.00.6000.16705 C:\WINDOWS\system32\urlmon.dll
0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
0x10000000 0x14000 1.00.0000.1012 C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
0x00c10000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
0x016b0000 0x2c000 C:\Program Files\WinRAR\rarext.dll
0x00c00000 0xf000 1.00.0000.1004 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
0x016e0000 0x12000 7.00.0000.0015 C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL
0x02180000 0x56000 7.10.3052.0004 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll
0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\system32\MFC71FRA.DLL
0x02300000 0x37000 3.05.0000.0000 C:\Program Files\PowerISO\PWRISOSH.DLL
0x021e0000 0x12000 1.01.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
0x64f00000 0x12000 4.08.1227.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
winlogon.exe pid: 808
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x82000 \??\C:\WINDOWS\system32\winlogon.exe
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x10000000 0x99000 1.00.0000.1048 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
0x44080000 0xd0000 7.00.6000.16705 C:\WINDOWS\system32\WININET.dll
0x00de0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16705 C:\WINDOWS\system32\iertutil.dll
0x00f50000 0x11000 6.14.0010.4124 C:\WINDOWS\system32\Ati2evxx.dll
0x010e0000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x636e0000 0x29000 6.00.0000.0002 C:\Program Files\Spyware Doctor\smumhook.dll
0x5a000000 0x1f000 6.00.0000.0000 C:\Program Files\Spyware Doctor\klg.dat
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 641D-53F4
Répertoire de C:\WINDOWS\system32
05/08/2004 13:00 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 40 314 417 152 octets libres
Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 641D-53F4
Répertoire de C:\WINDOWS\Downloaded Program Files
23/09/2006 10:49 <REP> .
23/09/2006 10:49 <REP> ..
16/01/2006 18:36 65 desktop.ini
26/05/2005 04:19 291 wuweb.inf
2 fichier(s) 356 octets
Total des fichiers listés :
2 fichier(s) 356 octets
2 Rép(s) 40 314 417 152 octets libres
Recherche de rootkit! (Merci S!Ri)
Recherche d'infections connues
Export des clefs sensibles..
Liste des fichiers en exception sur le pare-feu XP SP2
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Justine\\Local Settings\\Temp\\.tt22.tmp"="C:\\Documents and Settings\\Justine\\Local Settings\\Temp\\.tt22.tmp:*:Enabled:enable"
"C:\\WINDOWS\\system32\\sysrest32.exe"="C:\\WINDOWS\\system32\\sysrest32.exe:*:Enabled:enable"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Export de la clef SharedTaskScheduler
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
exports des policies
REGEDIT4
[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-06 22:53:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:b9,c2,93,2d,b3,bd,14,8c,04,f3,a3,11,90,47,05,c9,7f,b0,95,f6,0d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:2e,eb,5a,55,73,53,95,62,50,1c,cf,69,a9,71,a4,c6,1a,89,be,16,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7d,5a,fb,17,9a,19,96,6c,45,d0,8d,fa,2b,a2,bd,e9,83,..
"khjeh"=hex:af,02,fb,35,e5,09,f8,25,21,d9,d3,19,f6,e0,5a,4d,7b,aa,4c,83,13,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1c,95,da,08,af,a7,e0,ad,48,58,86,e5,7e,9a,21,d8,ff,c4,75,e2,ba,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2da7b4db
"s2"=dword:6e01368e
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:b9,c2,93,2d,b3,bd,14,8c,04,f3,a3,11,90,47,05,c9,7f,b0,95,f6,0d,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:2e,eb,5a,55,73,53,95,62,50,1c,cf,69,a9,71,a4,c6,1a,89,be,16,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7d,5a,fb,17,9a,19,96,6c,45,d0,8d,fa,2b,a2,bd,e9,83,..
"khjeh"=hex:af,02,fb,35,e5,09,f8,25,21,d9,d3,19,f6,e0,5a,4d,7b,aa,4c,83,13,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1c,95,da,08,af,a7,e0,ad,48,58,86,e5,7e,9a,21,d8,ff,c4,75,e2,ba,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:b9,c2,93,2d,b3,bd,14,8c,04,f3,a3,11,90,47,05,c9,7f,b0,95,f6,0d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:2e,eb,5a,55,73,53,95,62,50,1c,cf,69,a9,71,a4,c6,1a,89,be,16,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7d,5a,fb,17,9a,19,96,6c,45,d0,8d,fa,2b,a2,bd,e9,83,..
"khjeh"=hex:af,02,fb,35,e5,09,f8,25,21,d9,d3,19,f6,e0,5a,4d,7b,aa,4c,83,13,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1c,95,da,08,af,a7,e0,ad,48,58,86,e5,7e,9a,21,d8,ff,c4,75,e2,ba,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden services: 0
hidden files: 0
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Error loading kernel support driver!
Make sure you are running this as Administrator.
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Error loading kernel support driver!
Make sure you are running this as Administrator.
Liste des programmes installes
802.11 USB Wireless LAN Adapter
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Photoshop CS2
Adobe Reader 7.1.0 - Français
Adobe Shockwave Player
Adobe Stock Photos 1.0
AiO_Scan_CDA
AiOSoftwareNPI
Apple Software Update
Archiveur WinRAR
Assist TOSHIBA
Assistant de connexion Windows Live
ATI - Utilitaire de désinstallation du logiciel
ATI Catalyst Control Center
ATI Display Driver
avast! Antivirus
Avira AntiVir Personal - Free Antivirus
Azureus
Bluetooth Stack for Windows by Toshiba
BufferChm
C3100 c3100_Help
CCleaner (remove only)
CEP - Color Enable Package
Commandes TOSHIBA
Correctif pour Windows Internet Explorer 7 (KB947864)
Correctif Windows XP - KB884018
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
eMule
eSupportQFolder
Fax_CDA
Formatage de carte mémoire SD TOSHIBA
Gestion d'énergie TOSHIBA
HijackThis 2.0.2
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
InstantShareDevicesMFC
Intel(R) PRO Network Connections Drivers
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
J2SE Runtime Environment 5.0 Update 4
Le Petit MOURRE
Lecteur Windows Media 10
Les Indispensables Éducation pour Microsoft Office
Les Sims 2
Les Sims 2 : Nuits de Folie
Les Sims 2 Fun en Famille Kit
Les Sims 2 : La bonne affaire
Les Sims™ 2 Animaux & Cie
Les Sims™ 2 H&M® Fashion Kit
Les Sims™ 2 Jour de fête ! Kit
Les Sims™ 2 Kit Glamour
Les Sims™ 2 Quartier Libre
Les Sims™ 2 Tout pour les ados Kit
Les Sims™ 2 Au fil des saisons
Les Sims™ 2 Bon Voyage
Lexibase Collins Français-Anglais
LG PC Suite
LG USB Modem driver [KU580]
livebox
Logiciel Intel(R) PROSet/Wireless
Macromedia Flash Player
Malwarebytes' Anti-Malware
Manuels TOSHIBA
MarketResearch
mCore
mDrWiFi
Messenger Plus! Live
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Language Pack - FRA
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Encarta 2007 - Études
Microsoft Encarta Maths
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)
Mise à jour Encarta_Les Indispensables Éducation
mIWA
mLogView
mMHouse
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
Module sécurisé SD
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mXML
mZConfig
Nero 6 Ultra Edition
NewCopy_CDA
OCR Software by I.R.I.S 7.0
Outil de diagnostic PC TOSHIBA
PanoStandAlone
PowerISO
ProductContextNPI
QuickTime
Readme
Realtek High Definition Audio Driver
Réducteur de bruit lect. CD/DVD
SAGEM F@st 800-840
Satsuki Decoder Pack
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
SolutionCenter
Son virtuel TOSHIBA
Sonic DLA
Sony USB Driver
Spyware Doctor 6.0
Status
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
The Sims 2 University
Toolbox
TOSHIBA ConfigFree
TOSHIBA Hotkey Utility
TOSHIBA Software Modem
TOSHIBA TouchPad ON/Off Utility
TOSHIBA Utilities
TrayApp
Unload
Utilitaire de zoom TOSHIBA
VideoLAN VLC media player 0.8.6a
WebFldrs XP
WebReg
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Format Runtime
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 641D-53F4
Répertoire de C:\Program Files
06/09/2008 17:00 <REP> .
06/09/2008 17:00 <REP> ..
17/05/2007 16:35 <REP> 1964
09/12/2007 12:35 <REP> Adobe
22/04/2007 19:07 <REP> Ahead
22/09/2006 09:23 <REP> Alcohol Soft
10/04/2008 14:44 <REP> Alwil Software
13/05/2007 12:35 <REP> Apple Software Update
13/02/2006 13:12 <REP> ATI Technologies
06/09/2008 16:25 <REP> Avira
23/06/2008 14:45 <REP> Azureus
02/09/2007 21:56 <REP> CCleaner
16/01/2006 18:35 <REP> ComPlus Applications
01/06/2007 20:53 <REP> DAEMON Tools
01/03/2008 19:14 <REP> EA GAMES
23/06/2007 16:10 <REP> ElcomSoft
18/08/2008 15:00 <REP> eMule
28/08/2008 17:05 <REP> Enigma Software Group
01/03/2008 16:37 <REP> Fichiers communs
07/08/2007 14:55 <REP> Hewlett-Packard
25/12/2006 16:46 <REP> HP
29/08/2006 16:23 <REP> Intel
16/08/2008 11:54 <REP> Internet Explorer
29/08/2006 16:22 <REP> InterVideo
13/02/2006 13:14 <REP> Java
28/02/2007 20:17 <REP> Le Petit MOURRE
27/03/2008 09:10 <REP> Learning Essentials
18/05/2008 12:02 <REP> LG Electronics
18/05/2008 12:02 <REP> LG PC Suite 2
29/08/2008 11:40 <REP> Malwarebytes' Anti-Malware
16/08/2008 11:57 <REP> Messenger
06/09/2008 16:23 <REP> Messenger Plus! Live
26/03/2008 21:05 <REP> Microsoft CAPICOM 2.1.0.2
09/12/2007 14:57 <REP> Microsoft Etudes
13/02/2006 13:15 <REP> microsoft frontpage
02/02/2008 11:19 <REP> Microsoft Office
13/02/2006 13:16 <REP> Microsoft.NET
13/02/2006 13:16 <REP> Movie Maker
28/08/2008 19:24 <REP> Mozilla Firefox
13/02/2006 13:16 <REP> MSN
13/02/2006 13:16 <REP> MSN Gaming Zone
01/03/2008 16:38 <REP> MSN Messenger
03/02/2008 11:48 <REP> MSXML 6.0
13/02/2006 13:16 <REP> NetMeeting
13/02/2006 13:17 <REP> Online Services
06/07/2007 14:20 <REP> Outlook Express
08/12/2006 14:33 <REP> PowerISO
13/05/2007 12:36 <REP> QuickTime
12/03/2007 22:35 <REP> Real
13/02/2006 13:17 <REP> Realtek
25/04/2007 11:04 <REP> SAGEM
11/01/2007 21:28 <REP> SAGEM F@st 800-840
23/09/2006 19:13 <REP> Satsuki Decoder Pack
13/02/2006 13:17 <REP> Services en ligne
23/06/2007 13:37 <REP> Sims 2 Collection Maker
23/08/2007 10:41 <REP> Softissimo
06/09/2008 16:45 <REP> Spybot - Search & Destroy
06/09/2008 16:33 <REP> Spyware Doctor
24/06/2008 14:36 <REP> StepMania
06/09/2008 16:21 <REP> SUPERAntiSpyware
02/02/2008 11:39 <REP> Symantec
13/02/2006 13:18 <REP> Synaptics
12/05/2007 20:40 <REP> Timeline Interactive
23/06/2007 10:02 <REP> Toshiba
06/09/2008 17:00 <REP> Trend Micro
27/02/2007 19:55 <REP> VideoLAN
25/04/2007 11:34 <REP> Wanadoo
23/12/2007 20:27 <REP> Winamp
01/03/2008 16:38 <REP> Windows Live
26/03/2008 23:13 <REP> Windows Live Safety Center
24/09/2006 10:29 <REP> Windows Media Player
13/02/2006 13:19 <REP> Windows NT
01/03/2007 23:30 <REP> WinRAR
13/02/2006 13:19 <REP> xerox
0 fichier(s) 0 octets
74 Rép(s) 40 304 672 768 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 641D-53F4
Répertoire de C:\Program Files\fichiers communs
01/03/2008 16:37 <REP> .
01/03/2008 16:37 <REP> ..
10/06/2008 14:51 <REP> Adobe
09/12/2007 12:26 <REP> Adobe Systems Shared
22/04/2007 19:07 <REP> Ahead
01/09/2006 21:53 <REP> DESIGNER
23/09/2006 09:59 278 528 FDEUnInstaller.exe
25/12/2006 16:42 <REP> Hewlett-Packard
25/12/2006 16:46 <REP> HP
13/02/2006 13:12 <REP> InstallShield
13/02/2006 13:12 <REP> Java
11/08/2008 21:34 <REP> Microsoft Shared
13/02/2006 13:13 <REP> MSSoap
13/02/2006 13:13 <REP> ODBC
13/03/2007 10:25 <REP> Real
13/02/2006 13:13 <REP> Services
13/02/2006 13:13 <REP> SpeechEngines
02/02/2008 11:41 <REP> Symantec Shared
06/07/2007 14:20 <REP> System
28/08/2008 18:34 <REP> Wise Installation Wizard
1 fichier(s) 278 528 octets
19 Rép(s) 40 304 672 768 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 641D-53F4
Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders
02/08/2008 10:14 <REP> .
02/08/2008 10:14 <REP> ..
13/02/2006 13:12 <REP> 1033
02/08/2008 10:14 <REP> 1036
20/09/2005 12:33 1 293 008 MSONSEXT.DLL
22/03/2007 19:29 39 256 MSOSV.DLL
03/06/1999 13:09 122 937 MSOWS409.DLL
07/03/2001 08:00 127 033 MSOWS40c.DLL
11/07/2003 03:25 80 448 PKMWS.DLL
5 fichier(s) 1 662 682 octets
4 Rép(s) 40 304 672 768 octets libres
c:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.321\English\setup.exe
c:\Documents and Settings\Justine\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe
c:\Documents and Settings\Justine\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr710_fr_FR.exe
c:\Documents and Settings\Justine\Bureau\antivir_workstation_winu_en_h.exe
c:\Documents and Settings\Justine\Bureau\HJTInstall.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix.exe
c:\Documents and Settings\Justine\Bureau\zaSetup_fr.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\catchme.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\diff.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\dumphive.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\find2.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\Fport.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\grep.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\gzip.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\LFiles.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\md5sums.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\pslist.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\sigcheck.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\streams.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\swreg.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\tar.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\404Fix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\AntiXPVSTFix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\dumphive.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\exit.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\GenericRenosFix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\HostsChk.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\IEDFix.C.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\IEDFix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\Policies.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\Process.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\Reboot.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\restart.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\SmiUpdate.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\SrchSTS.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\swreg.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\swsc.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\swxcacls.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\UIFix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\unzip.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\VACFix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\VCCLSID.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\WS2Fix.exe
c:\Documents and Settings\Justine\Local Settings\Temp\SSUPDATE.EXE
c:\Documents and Settings\Justine\Mes documents\Games\rom\PoKémon\Visual_Boy_Advance_V1.7.2_win_Fr\VisualBoyAdvance.exe
c:\Documents and Settings\Justine\Mes documents\Ma musique\Musique\Grease - Soundtrack\Grease\Multimedia\GREASE.EXE
c:\Documents and Settings\Justine\Mes documents\Ma musique\Musique\Grease - Soundtrack\Grease\Multimedia\VFW11E\SETUP.EXE
c:\Documents and Settings\Administrateur\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10000.dll
c:\Documents and Settings\Administrateur\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10001.dll
c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\Justine\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
c:\Documents and Settings\Justine\Application Data\Mozilla\Firefox\Profiles\ntkjgpgm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
c:\Documents and Settings\Justine\Application Data\Mozilla\Firefox\Profiles\ntkjgpgm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
c:\Documents and Settings\Justine\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10000.dll
c:\Documents and Settings\Justine\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10001.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_JUSTINE.tar.gz a l'adresse http://upload.malekal.com
DiagHelp version v1.4 - http://www.malekal.com
excute le 06/09/2008 à 22:53:07,40
Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\GUARDGUI.EXE-2C20A958.pf -->06/09/2008 16:42:58
C:\WINDOWS\prefetch\PCTSGUI.EXE-281B8AB7.pf -->06/09/2008 16:42:10
C:\WINDOWS\prefetch\UPDATE.EXE-1A7E7F45.pf -->06/09/2008 16:42:01
C:\WINDOWS\prefetch\AVWSC.EXE-347FCF75.pf -->06/09/2008 16:41:52
C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->06/09/2008 16:33:28
C:\WINDOWS\prefetch\WMIADAP.EXE-2DF425B2.pf -->06/09/2008 16:33:27
C:\WINDOWS\prefetch\PCTSAUXS.EXE-1E8D77A6.pf -->06/09/2008 16:32:58
C:\WINDOWS\prefetch\PCTSTRAY.EXE-29391146.pf -->06/09/2008 16:32:53
C:\WINDOWS\prefetch\PCTSSVC.EXE-3A239962.pf -->06/09/2008 16:32:52
C:\WINDOWS\prefetch\UNZIP.EXE-08434430.pf -->06/09/2008 16:32:46
C:\WINDOWS\System32\drivers\556a2dc3.sys -->29/08/2008 11:22:04
C:\WINDOWS\System32\drivers\iksyssec.sys -->25/08/2008 11:36:30
C:\WINDOWS\System32\drivers\iksysflt.sys -->25/08/2008 11:36:28
C:\WINDOWS\System32\drivers\ikfilesec.sys -->25/08/2008 11:36:28
C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->17/08/2008 15:01:18
C:\WINDOWS\System32\drivers\mbam.sys -->17/08/2008 15:01:14
C:\WINDOWS\System32\drivers\aswFsBlk.sys -->19/07/2008 16:37:42
C:\WINDOWS\System32\tmp.txt -->06/09/2008 21:23:54
C:\WINDOWS\System32\tmp.reg -->06/09/2008 21:23:54
C:\WINDOWS\System32\wpa.dbl -->06/09/2008 21:20:28
C:\WINDOWS\System32\PerfStringBackup.INI -->06/09/2008 16:33:35
C:\WINDOWS\System32\perfh00C.dat -->06/09/2008 16:33:35
C:\WINDOWS\System32\perfh009.dat -->06/09/2008 16:33:35
C:\WINDOWS\System32\perfc00C.dat -->06/09/2008 16:33:35
C:\WINDOWS\System32\perfc009.dat -->06/09/2008 16:33:35
C:\WINDOWS\System32\AntiXPVSTFix.exe -->02/09/2008 23:58:33
C:\WINDOWS\System32\VACFix.exe -->02/09/2008 16:51:48
C:\WINDOWS\System32\IEDFix.C.exe -->28/08/2008 22:36:57
C:\WINDOWS\System32\404Fix.exe -->18/08/2008 12:19:03
C:\WINDOWS\System32\TZLog.log -->16/08/2008 11:55:18
C:\WINDOWS\System32\FNTCACHE.DAT -->12/08/2008 13:09:31
C:\WINDOWS\System32\MRT.exe -->05/08/2008 20:11:01
C:\WINDOWS\System32\CONFIG.NT -->01/08/2008 19:55:36
C:\WINDOWS\System32\aswBoot.exe -->19/07/2008 16:43:08
C:\WINDOWS\System32\AvastSS.scr -->19/07/2008 16:30:53
C:\WINDOWS\System32\cdm.dll -->18/07/2008 22:10:48
C:\WINDOWS\System32\wuauclt.exe -->18/07/2008 22:10:42
C:\WINDOWS\System32\wups2.dll -->18/07/2008 22:10:40
C:\WINDOWS\System32\wucltui.dll.mui -->18/07/2008 22:10:36
C:\WINDOWS\System32\wups.dll -->18/07/2008 22:10:20
C:\WINDOWS\System32\wuaucpl.cpl.mui -->18/07/2008 22:09:56
C:\WINDOWS\System32\wucltui.dll -->18/07/2008 22:09:46
C:\WINDOWS\WindowsUpdate.log -->06/09/2008 22:52:07
C:\WINDOWS\bootstat.dat -->06/09/2008 21:18:52
C:\WINDOWS\win.ini -->28/08/2008 15:46:02
C:\WINDOWS\system.ini -->28/08/2008 15:46:02
C:\WINDOWS\QTFont.qfn -->20/08/2008 17:14:31
C:\WINDOWS\NeroDigital.ini -->16/08/2008 15:33:08
C:\WINDOWS\SIERRA.INI -->30/03/2008 16:53:27
C:\WINDOWS\ModemLog_Modem standard 33600 bps.txt -->30/11/2007 19:38:09
C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt -->30/11/2007 19:38:03
C:\WINDOWS\QTFont.for -->30/11/2007 15:58:53
C:\WINDOWS\aopr.ini -->23/06/2007 16:30:24
C:\WINDOWS\_MSRSTRT.EXE -->23/06/2007 14:06:07
C:\WINDOWS\aoxppr.ini -->23/06/2007 14:05:41
C:\WINDOWS\explorer.exe -->13/06/2007 15:22:28
C:\WINDOWS\tosOBEX.INI -->15/05/2007 16:43:08
winlogon.exe
svchost.exe
ws2_32.dll
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
explorer.exe pid: 228
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
0x44080000 0xd0000 7.00.6000.16705 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16705 C:\WINDOWS\system32\iertutil.dll
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x636e0000 0x29000 6.00.0000.0002 C:\Program Files\Spyware Doctor\smumhook.dll
0x5a000000 0x1f000 6.00.0000.0000 C:\Program Files\Spyware Doctor\klg.dat
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x44360000 0x5cd000 7.00.6000.16705 C:\WINDOWS\system32\ieframe.dll
0x44160000 0x127000 7.00.6000.16705 C:\WINDOWS\system32\urlmon.dll
0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
0x10000000 0x14000 1.00.0000.1012 C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
0x00c10000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
0x016b0000 0x2c000 C:\Program Files\WinRAR\rarext.dll
0x00c00000 0xf000 1.00.0000.1004 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
0x016e0000 0x12000 7.00.0000.0015 C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL
0x02180000 0x56000 7.10.3052.0004 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll
0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\system32\MFC71FRA.DLL
0x02300000 0x37000 3.05.0000.0000 C:\Program Files\PowerISO\PWRISOSH.DLL
0x021e0000 0x12000 1.01.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
0x64f00000 0x12000 4.08.1227.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
winlogon.exe pid: 808
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x82000 \??\C:\WINDOWS\system32\winlogon.exe
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x10000000 0x99000 1.00.0000.1048 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
0x44080000 0xd0000 7.00.6000.16705 C:\WINDOWS\system32\WININET.dll
0x00de0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16705 C:\WINDOWS\system32\iertutil.dll
0x00f50000 0x11000 6.14.0010.4124 C:\WINDOWS\system32\Ati2evxx.dll
0x010e0000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x636e0000 0x29000 6.00.0000.0002 C:\Program Files\Spyware Doctor\smumhook.dll
0x5a000000 0x1f000 6.00.0000.0000 C:\Program Files\Spyware Doctor\klg.dat
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 641D-53F4
Répertoire de C:\WINDOWS\system32
05/08/2004 13:00 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 40 314 417 152 octets libres
Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 641D-53F4
Répertoire de C:\WINDOWS\Downloaded Program Files
23/09/2006 10:49 <REP> .
23/09/2006 10:49 <REP> ..
16/01/2006 18:36 65 desktop.ini
26/05/2005 04:19 291 wuweb.inf
2 fichier(s) 356 octets
Total des fichiers listés :
2 fichier(s) 356 octets
2 Rép(s) 40 314 417 152 octets libres
Recherche de rootkit! (Merci S!Ri)
Recherche d'infections connues
Export des clefs sensibles..
Liste des fichiers en exception sur le pare-feu XP SP2
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Justine\\Local Settings\\Temp\\.tt22.tmp"="C:\\Documents and Settings\\Justine\\Local Settings\\Temp\\.tt22.tmp:*:Enabled:enable"
"C:\\WINDOWS\\system32\\sysrest32.exe"="C:\\WINDOWS\\system32\\sysrest32.exe:*:Enabled:enable"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Export de la clef SharedTaskScheduler
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
exports des policies
REGEDIT4
[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-06 22:53:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:b9,c2,93,2d,b3,bd,14,8c,04,f3,a3,11,90,47,05,c9,7f,b0,95,f6,0d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:2e,eb,5a,55,73,53,95,62,50,1c,cf,69,a9,71,a4,c6,1a,89,be,16,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7d,5a,fb,17,9a,19,96,6c,45,d0,8d,fa,2b,a2,bd,e9,83,..
"khjeh"=hex:af,02,fb,35,e5,09,f8,25,21,d9,d3,19,f6,e0,5a,4d,7b,aa,4c,83,13,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1c,95,da,08,af,a7,e0,ad,48,58,86,e5,7e,9a,21,d8,ff,c4,75,e2,ba,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2da7b4db
"s2"=dword:6e01368e
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:b9,c2,93,2d,b3,bd,14,8c,04,f3,a3,11,90,47,05,c9,7f,b0,95,f6,0d,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:2e,eb,5a,55,73,53,95,62,50,1c,cf,69,a9,71,a4,c6,1a,89,be,16,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7d,5a,fb,17,9a,19,96,6c,45,d0,8d,fa,2b,a2,bd,e9,83,..
"khjeh"=hex:af,02,fb,35,e5,09,f8,25,21,d9,d3,19,f6,e0,5a,4d,7b,aa,4c,83,13,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1c,95,da,08,af,a7,e0,ad,48,58,86,e5,7e,9a,21,d8,ff,c4,75,e2,ba,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:b9,c2,93,2d,b3,bd,14,8c,04,f3,a3,11,90,47,05,c9,7f,b0,95,f6,0d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:2e,eb,5a,55,73,53,95,62,50,1c,cf,69,a9,71,a4,c6,1a,89,be,16,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7d,5a,fb,17,9a,19,96,6c,45,d0,8d,fa,2b,a2,bd,e9,83,..
"khjeh"=hex:af,02,fb,35,e5,09,f8,25,21,d9,d3,19,f6,e0,5a,4d,7b,aa,4c,83,13,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1c,95,da,08,af,a7,e0,ad,48,58,86,e5,7e,9a,21,d8,ff,c4,75,e2,ba,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden services: 0
hidden files: 0
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Error loading kernel support driver!
Make sure you are running this as Administrator.
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Error loading kernel support driver!
Make sure you are running this as Administrator.
Liste des programmes installes
802.11 USB Wireless LAN Adapter
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Photoshop CS2
Adobe Reader 7.1.0 - Français
Adobe Shockwave Player
Adobe Stock Photos 1.0
AiO_Scan_CDA
AiOSoftwareNPI
Apple Software Update
Archiveur WinRAR
Assist TOSHIBA
Assistant de connexion Windows Live
ATI - Utilitaire de désinstallation du logiciel
ATI Catalyst Control Center
ATI Display Driver
avast! Antivirus
Avira AntiVir Personal - Free Antivirus
Azureus
Bluetooth Stack for Windows by Toshiba
BufferChm
C3100 c3100_Help
CCleaner (remove only)
CEP - Color Enable Package
Commandes TOSHIBA
Correctif pour Windows Internet Explorer 7 (KB947864)
Correctif Windows XP - KB884018
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
eMule
eSupportQFolder
Fax_CDA
Formatage de carte mémoire SD TOSHIBA
Gestion d'énergie TOSHIBA
HijackThis 2.0.2
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
InstantShareDevicesMFC
Intel(R) PRO Network Connections Drivers
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
J2SE Runtime Environment 5.0 Update 4
Le Petit MOURRE
Lecteur Windows Media 10
Les Indispensables Éducation pour Microsoft Office
Les Sims 2
Les Sims 2 : Nuits de Folie
Les Sims 2 Fun en Famille Kit
Les Sims 2 : La bonne affaire
Les Sims™ 2 Animaux & Cie
Les Sims™ 2 H&M® Fashion Kit
Les Sims™ 2 Jour de fête ! Kit
Les Sims™ 2 Kit Glamour
Les Sims™ 2 Quartier Libre
Les Sims™ 2 Tout pour les ados Kit
Les Sims™ 2 Au fil des saisons
Les Sims™ 2 Bon Voyage
Lexibase Collins Français-Anglais
LG PC Suite
LG USB Modem driver [KU580]
livebox
Logiciel Intel(R) PROSet/Wireless
Macromedia Flash Player
Malwarebytes' Anti-Malware
Manuels TOSHIBA
MarketResearch
mCore
mDrWiFi
Messenger Plus! Live
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Language Pack - FRA
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Encarta 2007 - Études
Microsoft Encarta Maths
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)
Mise à jour Encarta_Les Indispensables Éducation
mIWA
mLogView
mMHouse
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
Module sécurisé SD
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mXML
mZConfig
Nero 6 Ultra Edition
NewCopy_CDA
OCR Software by I.R.I.S 7.0
Outil de diagnostic PC TOSHIBA
PanoStandAlone
PowerISO
ProductContextNPI
QuickTime
Readme
Realtek High Definition Audio Driver
Réducteur de bruit lect. CD/DVD
SAGEM F@st 800-840
Satsuki Decoder Pack
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
SolutionCenter
Son virtuel TOSHIBA
Sonic DLA
Sony USB Driver
Spyware Doctor 6.0
Status
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
The Sims 2 University
Toolbox
TOSHIBA ConfigFree
TOSHIBA Hotkey Utility
TOSHIBA Software Modem
TOSHIBA TouchPad ON/Off Utility
TOSHIBA Utilities
TrayApp
Unload
Utilitaire de zoom TOSHIBA
VideoLAN VLC media player 0.8.6a
WebFldrs XP
WebReg
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Format Runtime
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 641D-53F4
Répertoire de C:\Program Files
06/09/2008 17:00 <REP> .
06/09/2008 17:00 <REP> ..
17/05/2007 16:35 <REP> 1964
09/12/2007 12:35 <REP> Adobe
22/04/2007 19:07 <REP> Ahead
22/09/2006 09:23 <REP> Alcohol Soft
10/04/2008 14:44 <REP> Alwil Software
13/05/2007 12:35 <REP> Apple Software Update
13/02/2006 13:12 <REP> ATI Technologies
06/09/2008 16:25 <REP> Avira
23/06/2008 14:45 <REP> Azureus
02/09/2007 21:56 <REP> CCleaner
16/01/2006 18:35 <REP> ComPlus Applications
01/06/2007 20:53 <REP> DAEMON Tools
01/03/2008 19:14 <REP> EA GAMES
23/06/2007 16:10 <REP> ElcomSoft
18/08/2008 15:00 <REP> eMule
28/08/2008 17:05 <REP> Enigma Software Group
01/03/2008 16:37 <REP> Fichiers communs
07/08/2007 14:55 <REP> Hewlett-Packard
25/12/2006 16:46 <REP> HP
29/08/2006 16:23 <REP> Intel
16/08/2008 11:54 <REP> Internet Explorer
29/08/2006 16:22 <REP> InterVideo
13/02/2006 13:14 <REP> Java
28/02/2007 20:17 <REP> Le Petit MOURRE
27/03/2008 09:10 <REP> Learning Essentials
18/05/2008 12:02 <REP> LG Electronics
18/05/2008 12:02 <REP> LG PC Suite 2
29/08/2008 11:40 <REP> Malwarebytes' Anti-Malware
16/08/2008 11:57 <REP> Messenger
06/09/2008 16:23 <REP> Messenger Plus! Live
26/03/2008 21:05 <REP> Microsoft CAPICOM 2.1.0.2
09/12/2007 14:57 <REP> Microsoft Etudes
13/02/2006 13:15 <REP> microsoft frontpage
02/02/2008 11:19 <REP> Microsoft Office
13/02/2006 13:16 <REP> Microsoft.NET
13/02/2006 13:16 <REP> Movie Maker
28/08/2008 19:24 <REP> Mozilla Firefox
13/02/2006 13:16 <REP> MSN
13/02/2006 13:16 <REP> MSN Gaming Zone
01/03/2008 16:38 <REP> MSN Messenger
03/02/2008 11:48 <REP> MSXML 6.0
13/02/2006 13:16 <REP> NetMeeting
13/02/2006 13:17 <REP> Online Services
06/07/2007 14:20 <REP> Outlook Express
08/12/2006 14:33 <REP> PowerISO
13/05/2007 12:36 <REP> QuickTime
12/03/2007 22:35 <REP> Real
13/02/2006 13:17 <REP> Realtek
25/04/2007 11:04 <REP> SAGEM
11/01/2007 21:28 <REP> SAGEM F@st 800-840
23/09/2006 19:13 <REP> Satsuki Decoder Pack
13/02/2006 13:17 <REP> Services en ligne
23/06/2007 13:37 <REP> Sims 2 Collection Maker
23/08/2007 10:41 <REP> Softissimo
06/09/2008 16:45 <REP> Spybot - Search & Destroy
06/09/2008 16:33 <REP> Spyware Doctor
24/06/2008 14:36 <REP> StepMania
06/09/2008 16:21 <REP> SUPERAntiSpyware
02/02/2008 11:39 <REP> Symantec
13/02/2006 13:18 <REP> Synaptics
12/05/2007 20:40 <REP> Timeline Interactive
23/06/2007 10:02 <REP> Toshiba
06/09/2008 17:00 <REP> Trend Micro
27/02/2007 19:55 <REP> VideoLAN
25/04/2007 11:34 <REP> Wanadoo
23/12/2007 20:27 <REP> Winamp
01/03/2008 16:38 <REP> Windows Live
26/03/2008 23:13 <REP> Windows Live Safety Center
24/09/2006 10:29 <REP> Windows Media Player
13/02/2006 13:19 <REP> Windows NT
01/03/2007 23:30 <REP> WinRAR
13/02/2006 13:19 <REP> xerox
0 fichier(s) 0 octets
74 Rép(s) 40 304 672 768 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 641D-53F4
Répertoire de C:\Program Files\fichiers communs
01/03/2008 16:37 <REP> .
01/03/2008 16:37 <REP> ..
10/06/2008 14:51 <REP> Adobe
09/12/2007 12:26 <REP> Adobe Systems Shared
22/04/2007 19:07 <REP> Ahead
01/09/2006 21:53 <REP> DESIGNER
23/09/2006 09:59 278 528 FDEUnInstaller.exe
25/12/2006 16:42 <REP> Hewlett-Packard
25/12/2006 16:46 <REP> HP
13/02/2006 13:12 <REP> InstallShield
13/02/2006 13:12 <REP> Java
11/08/2008 21:34 <REP> Microsoft Shared
13/02/2006 13:13 <REP> MSSoap
13/02/2006 13:13 <REP> ODBC
13/03/2007 10:25 <REP> Real
13/02/2006 13:13 <REP> Services
13/02/2006 13:13 <REP> SpeechEngines
02/02/2008 11:41 <REP> Symantec Shared
06/07/2007 14:20 <REP> System
28/08/2008 18:34 <REP> Wise Installation Wizard
1 fichier(s) 278 528 octets
19 Rép(s) 40 304 672 768 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 641D-53F4
Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders
02/08/2008 10:14 <REP> .
02/08/2008 10:14 <REP> ..
13/02/2006 13:12 <REP> 1033
02/08/2008 10:14 <REP> 1036
20/09/2005 12:33 1 293 008 MSONSEXT.DLL
22/03/2007 19:29 39 256 MSOSV.DLL
03/06/1999 13:09 122 937 MSOWS409.DLL
07/03/2001 08:00 127 033 MSOWS40c.DLL
11/07/2003 03:25 80 448 PKMWS.DLL
5 fichier(s) 1 662 682 octets
4 Rép(s) 40 304 672 768 octets libres
c:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.321\English\setup.exe
c:\Documents and Settings\Justine\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe
c:\Documents and Settings\Justine\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr710_fr_FR.exe
c:\Documents and Settings\Justine\Bureau\antivir_workstation_winu_en_h.exe
c:\Documents and Settings\Justine\Bureau\HJTInstall.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix.exe
c:\Documents and Settings\Justine\Bureau\zaSetup_fr.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\catchme.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\diff.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\dumphive.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\find2.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\Fport.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\grep.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\gzip.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\LFiles.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\md5sums.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\pslist.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\sigcheck.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\streams.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\swreg.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\tar.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\404Fix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\AntiXPVSTFix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\dumphive.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\exit.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\GenericRenosFix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\HostsChk.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\IEDFix.C.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\IEDFix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\Policies.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\Process.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\Reboot.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\restart.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\SmiUpdate.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\SrchSTS.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\swreg.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\swsc.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\swxcacls.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\UIFix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\unzip.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\VACFix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\VCCLSID.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\WS2Fix.exe
c:\Documents and Settings\Justine\Local Settings\Temp\SSUPDATE.EXE
c:\Documents and Settings\Justine\Mes documents\Games\rom\PoKémon\Visual_Boy_Advance_V1.7.2_win_Fr\VisualBoyAdvance.exe
c:\Documents and Settings\Justine\Mes documents\Ma musique\Musique\Grease - Soundtrack\Grease\Multimedia\GREASE.EXE
c:\Documents and Settings\Justine\Mes documents\Ma musique\Musique\Grease - Soundtrack\Grease\Multimedia\VFW11E\SETUP.EXE
c:\Documents and Settings\Administrateur\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10000.dll
c:\Documents and Settings\Administrateur\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10001.dll
c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\Justine\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
c:\Documents and Settings\Justine\Application Data\Mozilla\Firefox\Profiles\ntkjgpgm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
c:\Documents and Settings\Justine\Application Data\Mozilla\Firefox\Profiles\ntkjgpgm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
c:\Documents and Settings\Justine\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10000.dll
c:\Documents and Settings\Justine\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10001.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_JUSTINE.tar.gz a l'adresse http://upload.malekal.com
excute le 06/09/2008 à 22:53:07,40
Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\GUARDGUI.EXE-2C20A958.pf -->06/09/2008 16:42:58
C:\WINDOWS\prefetch\PCTSGUI.EXE-281B8AB7.pf -->06/09/2008 16:42:10
C:\WINDOWS\prefetch\UPDATE.EXE-1A7E7F45.pf -->06/09/2008 16:42:01
C:\WINDOWS\prefetch\AVWSC.EXE-347FCF75.pf -->06/09/2008 16:41:52
C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->06/09/2008 16:33:28
C:\WINDOWS\prefetch\WMIADAP.EXE-2DF425B2.pf -->06/09/2008 16:33:27
C:\WINDOWS\prefetch\PCTSAUXS.EXE-1E8D77A6.pf -->06/09/2008 16:32:58
C:\WINDOWS\prefetch\PCTSTRAY.EXE-29391146.pf -->06/09/2008 16:32:53
C:\WINDOWS\prefetch\PCTSSVC.EXE-3A239962.pf -->06/09/2008 16:32:52
C:\WINDOWS\prefetch\UNZIP.EXE-08434430.pf -->06/09/2008 16:32:46
C:\WINDOWS\System32\drivers\556a2dc3.sys -->29/08/2008 11:22:04
C:\WINDOWS\System32\drivers\iksyssec.sys -->25/08/2008 11:36:30
C:\WINDOWS\System32\drivers\iksysflt.sys -->25/08/2008 11:36:28
C:\WINDOWS\System32\drivers\ikfilesec.sys -->25/08/2008 11:36:28
C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->17/08/2008 15:01:18
C:\WINDOWS\System32\drivers\mbam.sys -->17/08/2008 15:01:14
C:\WINDOWS\System32\drivers\aswFsBlk.sys -->19/07/2008 16:37:42
C:\WINDOWS\System32\tmp.txt -->06/09/2008 21:23:54
C:\WINDOWS\System32\tmp.reg -->06/09/2008 21:23:54
C:\WINDOWS\System32\wpa.dbl -->06/09/2008 21:20:28
C:\WINDOWS\System32\PerfStringBackup.INI -->06/09/2008 16:33:35
C:\WINDOWS\System32\perfh00C.dat -->06/09/2008 16:33:35
C:\WINDOWS\System32\perfh009.dat -->06/09/2008 16:33:35
C:\WINDOWS\System32\perfc00C.dat -->06/09/2008 16:33:35
C:\WINDOWS\System32\perfc009.dat -->06/09/2008 16:33:35
C:\WINDOWS\System32\AntiXPVSTFix.exe -->02/09/2008 23:58:33
C:\WINDOWS\System32\VACFix.exe -->02/09/2008 16:51:48
C:\WINDOWS\System32\IEDFix.C.exe -->28/08/2008 22:36:57
C:\WINDOWS\System32\404Fix.exe -->18/08/2008 12:19:03
C:\WINDOWS\System32\TZLog.log -->16/08/2008 11:55:18
C:\WINDOWS\System32\FNTCACHE.DAT -->12/08/2008 13:09:31
C:\WINDOWS\System32\MRT.exe -->05/08/2008 20:11:01
C:\WINDOWS\System32\CONFIG.NT -->01/08/2008 19:55:36
C:\WINDOWS\System32\aswBoot.exe -->19/07/2008 16:43:08
C:\WINDOWS\System32\AvastSS.scr -->19/07/2008 16:30:53
C:\WINDOWS\System32\cdm.dll -->18/07/2008 22:10:48
C:\WINDOWS\System32\wuauclt.exe -->18/07/2008 22:10:42
C:\WINDOWS\System32\wups2.dll -->18/07/2008 22:10:40
C:\WINDOWS\System32\wucltui.dll.mui -->18/07/2008 22:10:36
C:\WINDOWS\System32\wups.dll -->18/07/2008 22:10:20
C:\WINDOWS\System32\wuaucpl.cpl.mui -->18/07/2008 22:09:56
C:\WINDOWS\System32\wucltui.dll -->18/07/2008 22:09:46
C:\WINDOWS\WindowsUpdate.log -->06/09/2008 22:52:07
C:\WINDOWS\bootstat.dat -->06/09/2008 21:18:52
C:\WINDOWS\win.ini -->28/08/2008 15:46:02
C:\WINDOWS\system.ini -->28/08/2008 15:46:02
C:\WINDOWS\QTFont.qfn -->20/08/2008 17:14:31
C:\WINDOWS\NeroDigital.ini -->16/08/2008 15:33:08
C:\WINDOWS\SIERRA.INI -->30/03/2008 16:53:27
C:\WINDOWS\ModemLog_Modem standard 33600 bps.txt -->30/11/2007 19:38:09
C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt -->30/11/2007 19:38:03
C:\WINDOWS\QTFont.for -->30/11/2007 15:58:53
C:\WINDOWS\aopr.ini -->23/06/2007 16:30:24
C:\WINDOWS\_MSRSTRT.EXE -->23/06/2007 14:06:07
C:\WINDOWS\aoxppr.ini -->23/06/2007 14:05:41
C:\WINDOWS\explorer.exe -->13/06/2007 15:22:28
C:\WINDOWS\tosOBEX.INI -->15/05/2007 16:43:08
winlogon.exe
svchost.exe
ws2_32.dll
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
explorer.exe pid: 228
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
0x44080000 0xd0000 7.00.6000.16705 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16705 C:\WINDOWS\system32\iertutil.dll
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x636e0000 0x29000 6.00.0000.0002 C:\Program Files\Spyware Doctor\smumhook.dll
0x5a000000 0x1f000 6.00.0000.0000 C:\Program Files\Spyware Doctor\klg.dat
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x44360000 0x5cd000 7.00.6000.16705 C:\WINDOWS\system32\ieframe.dll
0x44160000 0x127000 7.00.6000.16705 C:\WINDOWS\system32\urlmon.dll
0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
0x10000000 0x14000 1.00.0000.1012 C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
0x00c10000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
0x016b0000 0x2c000 C:\Program Files\WinRAR\rarext.dll
0x00c00000 0xf000 1.00.0000.1004 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
0x016e0000 0x12000 7.00.0000.0015 C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL
0x02180000 0x56000 7.10.3052.0004 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll
0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\system32\MFC71FRA.DLL
0x02300000 0x37000 3.05.0000.0000 C:\Program Files\PowerISO\PWRISOSH.DLL
0x021e0000 0x12000 1.01.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
0x64f00000 0x12000 4.08.1227.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
winlogon.exe pid: 808
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x82000 \??\C:\WINDOWS\system32\winlogon.exe
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x10000000 0x99000 1.00.0000.1048 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
0x44080000 0xd0000 7.00.6000.16705 C:\WINDOWS\system32\WININET.dll
0x00de0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16705 C:\WINDOWS\system32\iertutil.dll
0x00f50000 0x11000 6.14.0010.4124 C:\WINDOWS\system32\Ati2evxx.dll
0x010e0000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x636e0000 0x29000 6.00.0000.0002 C:\Program Files\Spyware Doctor\smumhook.dll
0x5a000000 0x1f000 6.00.0000.0000 C:\Program Files\Spyware Doctor\klg.dat
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 641D-53F4
Répertoire de C:\WINDOWS\system32
05/08/2004 13:00 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 40 314 417 152 octets libres
Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 641D-53F4
Répertoire de C:\WINDOWS\Downloaded Program Files
23/09/2006 10:49 <REP> .
23/09/2006 10:49 <REP> ..
16/01/2006 18:36 65 desktop.ini
26/05/2005 04:19 291 wuweb.inf
2 fichier(s) 356 octets
Total des fichiers listés :
2 fichier(s) 356 octets
2 Rép(s) 40 314 417 152 octets libres
Recherche de rootkit! (Merci S!Ri)
Recherche d'infections connues
Export des clefs sensibles..
Liste des fichiers en exception sur le pare-feu XP SP2
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Justine\\Local Settings\\Temp\\.tt22.tmp"="C:\\Documents and Settings\\Justine\\Local Settings\\Temp\\.tt22.tmp:*:Enabled:enable"
"C:\\WINDOWS\\system32\\sysrest32.exe"="C:\\WINDOWS\\system32\\sysrest32.exe:*:Enabled:enable"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Export de la clef SharedTaskScheduler
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
exports des policies
REGEDIT4
[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-06 22:53:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:b9,c2,93,2d,b3,bd,14,8c,04,f3,a3,11,90,47,05,c9,7f,b0,95,f6,0d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:2e,eb,5a,55,73,53,95,62,50,1c,cf,69,a9,71,a4,c6,1a,89,be,16,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7d,5a,fb,17,9a,19,96,6c,45,d0,8d,fa,2b,a2,bd,e9,83,..
"khjeh"=hex:af,02,fb,35,e5,09,f8,25,21,d9,d3,19,f6,e0,5a,4d,7b,aa,4c,83,13,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1c,95,da,08,af,a7,e0,ad,48,58,86,e5,7e,9a,21,d8,ff,c4,75,e2,ba,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2da7b4db
"s2"=dword:6e01368e
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:b9,c2,93,2d,b3,bd,14,8c,04,f3,a3,11,90,47,05,c9,7f,b0,95,f6,0d,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:2e,eb,5a,55,73,53,95,62,50,1c,cf,69,a9,71,a4,c6,1a,89,be,16,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7d,5a,fb,17,9a,19,96,6c,45,d0,8d,fa,2b,a2,bd,e9,83,..
"khjeh"=hex:af,02,fb,35,e5,09,f8,25,21,d9,d3,19,f6,e0,5a,4d,7b,aa,4c,83,13,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1c,95,da,08,af,a7,e0,ad,48,58,86,e5,7e,9a,21,d8,ff,c4,75,e2,ba,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:b9,c2,93,2d,b3,bd,14,8c,04,f3,a3,11,90,47,05,c9,7f,b0,95,f6,0d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:2e,eb,5a,55,73,53,95,62,50,1c,cf,69,a9,71,a4,c6,1a,89,be,16,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7d,5a,fb,17,9a,19,96,6c,45,d0,8d,fa,2b,a2,bd,e9,83,..
"khjeh"=hex:af,02,fb,35,e5,09,f8,25,21,d9,d3,19,f6,e0,5a,4d,7b,aa,4c,83,13,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1c,95,da,08,af,a7,e0,ad,48,58,86,e5,7e,9a,21,d8,ff,c4,75,e2,ba,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden services: 0
hidden files: 0
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Error loading kernel support driver!
Make sure you are running this as Administrator.
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Error loading kernel support driver!
Make sure you are running this as Administrator.
Liste des programmes installes
802.11 USB Wireless LAN Adapter
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Photoshop CS2
Adobe Reader 7.1.0 - Français
Adobe Shockwave Player
Adobe Stock Photos 1.0
AiO_Scan_CDA
AiOSoftwareNPI
Apple Software Update
Archiveur WinRAR
Assist TOSHIBA
Assistant de connexion Windows Live
ATI - Utilitaire de désinstallation du logiciel
ATI Catalyst Control Center
ATI Display Driver
avast! Antivirus
Avira AntiVir Personal - Free Antivirus
Azureus
Bluetooth Stack for Windows by Toshiba
BufferChm
C3100 c3100_Help
CCleaner (remove only)
CEP - Color Enable Package
Commandes TOSHIBA
Correctif pour Windows Internet Explorer 7 (KB947864)
Correctif Windows XP - KB884018
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
eMule
eSupportQFolder
Fax_CDA
Formatage de carte mémoire SD TOSHIBA
Gestion d'énergie TOSHIBA
HijackThis 2.0.2
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
InstantShareDevicesMFC
Intel(R) PRO Network Connections Drivers
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
J2SE Runtime Environment 5.0 Update 4
Le Petit MOURRE
Lecteur Windows Media 10
Les Indispensables Éducation pour Microsoft Office
Les Sims 2
Les Sims 2 : Nuits de Folie
Les Sims 2 Fun en Famille Kit
Les Sims 2 : La bonne affaire
Les Sims™ 2 Animaux & Cie
Les Sims™ 2 H&M® Fashion Kit
Les Sims™ 2 Jour de fête ! Kit
Les Sims™ 2 Kit Glamour
Les Sims™ 2 Quartier Libre
Les Sims™ 2 Tout pour les ados Kit
Les Sims™ 2 Au fil des saisons
Les Sims™ 2 Bon Voyage
Lexibase Collins Français-Anglais
LG PC Suite
LG USB Modem driver [KU580]
livebox
Logiciel Intel(R) PROSet/Wireless
Macromedia Flash Player
Malwarebytes' Anti-Malware
Manuels TOSHIBA
MarketResearch
mCore
mDrWiFi
Messenger Plus! Live
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Language Pack - FRA
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Encarta 2007 - Études
Microsoft Encarta Maths
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)
Mise à jour Encarta_Les Indispensables Éducation
mIWA
mLogView
mMHouse
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
Module sécurisé SD
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mXML
mZConfig
Nero 6 Ultra Edition
NewCopy_CDA
OCR Software by I.R.I.S 7.0
Outil de diagnostic PC TOSHIBA
PanoStandAlone
PowerISO
ProductContextNPI
QuickTime
Readme
Realtek High Definition Audio Driver
Réducteur de bruit lect. CD/DVD
SAGEM F@st 800-840
Satsuki Decoder Pack
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
SolutionCenter
Son virtuel TOSHIBA
Sonic DLA
Sony USB Driver
Spyware Doctor 6.0
Status
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
The Sims 2 University
Toolbox
TOSHIBA ConfigFree
TOSHIBA Hotkey Utility
TOSHIBA Software Modem
TOSHIBA TouchPad ON/Off Utility
TOSHIBA Utilities
TrayApp
Unload
Utilitaire de zoom TOSHIBA
VideoLAN VLC media player 0.8.6a
WebFldrs XP
WebReg
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Format Runtime
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 641D-53F4
Répertoire de C:\Program Files
06/09/2008 17:00 <REP> .
06/09/2008 17:00 <REP> ..
17/05/2007 16:35 <REP> 1964
09/12/2007 12:35 <REP> Adobe
22/04/2007 19:07 <REP> Ahead
22/09/2006 09:23 <REP> Alcohol Soft
10/04/2008 14:44 <REP> Alwil Software
13/05/2007 12:35 <REP> Apple Software Update
13/02/2006 13:12 <REP> ATI Technologies
06/09/2008 16:25 <REP> Avira
23/06/2008 14:45 <REP> Azureus
02/09/2007 21:56 <REP> CCleaner
16/01/2006 18:35 <REP> ComPlus Applications
01/06/2007 20:53 <REP> DAEMON Tools
01/03/2008 19:14 <REP> EA GAMES
23/06/2007 16:10 <REP> ElcomSoft
18/08/2008 15:00 <REP> eMule
28/08/2008 17:05 <REP> Enigma Software Group
01/03/2008 16:37 <REP> Fichiers communs
07/08/2007 14:55 <REP> Hewlett-Packard
25/12/2006 16:46 <REP> HP
29/08/2006 16:23 <REP> Intel
16/08/2008 11:54 <REP> Internet Explorer
29/08/2006 16:22 <REP> InterVideo
13/02/2006 13:14 <REP> Java
28/02/2007 20:17 <REP> Le Petit MOURRE
27/03/2008 09:10 <REP> Learning Essentials
18/05/2008 12:02 <REP> LG Electronics
18/05/2008 12:02 <REP> LG PC Suite 2
29/08/2008 11:40 <REP> Malwarebytes' Anti-Malware
16/08/2008 11:57 <REP> Messenger
06/09/2008 16:23 <REP> Messenger Plus! Live
26/03/2008 21:05 <REP> Microsoft CAPICOM 2.1.0.2
09/12/2007 14:57 <REP> Microsoft Etudes
13/02/2006 13:15 <REP> microsoft frontpage
02/02/2008 11:19 <REP> Microsoft Office
13/02/2006 13:16 <REP> Microsoft.NET
13/02/2006 13:16 <REP> Movie Maker
28/08/2008 19:24 <REP> Mozilla Firefox
13/02/2006 13:16 <REP> MSN
13/02/2006 13:16 <REP> MSN Gaming Zone
01/03/2008 16:38 <REP> MSN Messenger
03/02/2008 11:48 <REP> MSXML 6.0
13/02/2006 13:16 <REP> NetMeeting
13/02/2006 13:17 <REP> Online Services
06/07/2007 14:20 <REP> Outlook Express
08/12/2006 14:33 <REP> PowerISO
13/05/2007 12:36 <REP> QuickTime
12/03/2007 22:35 <REP> Real
13/02/2006 13:17 <REP> Realtek
25/04/2007 11:04 <REP> SAGEM
11/01/2007 21:28 <REP> SAGEM F@st 800-840
23/09/2006 19:13 <REP> Satsuki Decoder Pack
13/02/2006 13:17 <REP> Services en ligne
23/06/2007 13:37 <REP> Sims 2 Collection Maker
23/08/2007 10:41 <REP> Softissimo
06/09/2008 16:45 <REP> Spybot - Search & Destroy
06/09/2008 16:33 <REP> Spyware Doctor
24/06/2008 14:36 <REP> StepMania
06/09/2008 16:21 <REP> SUPERAntiSpyware
02/02/2008 11:39 <REP> Symantec
13/02/2006 13:18 <REP> Synaptics
12/05/2007 20:40 <REP> Timeline Interactive
23/06/2007 10:02 <REP> Toshiba
06/09/2008 17:00 <REP> Trend Micro
27/02/2007 19:55 <REP> VideoLAN
25/04/2007 11:34 <REP> Wanadoo
23/12/2007 20:27 <REP> Winamp
01/03/2008 16:38 <REP> Windows Live
26/03/2008 23:13 <REP> Windows Live Safety Center
24/09/2006 10:29 <REP> Windows Media Player
13/02/2006 13:19 <REP> Windows NT
01/03/2007 23:30 <REP> WinRAR
13/02/2006 13:19 <REP> xerox
0 fichier(s) 0 octets
74 Rép(s) 40 304 672 768 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 641D-53F4
Répertoire de C:\Program Files\fichiers communs
01/03/2008 16:37 <REP> .
01/03/2008 16:37 <REP> ..
10/06/2008 14:51 <REP> Adobe
09/12/2007 12:26 <REP> Adobe Systems Shared
22/04/2007 19:07 <REP> Ahead
01/09/2006 21:53 <REP> DESIGNER
23/09/2006 09:59 278 528 FDEUnInstaller.exe
25/12/2006 16:42 <REP> Hewlett-Packard
25/12/2006 16:46 <REP> HP
13/02/2006 13:12 <REP> InstallShield
13/02/2006 13:12 <REP> Java
11/08/2008 21:34 <REP> Microsoft Shared
13/02/2006 13:13 <REP> MSSoap
13/02/2006 13:13 <REP> ODBC
13/03/2007 10:25 <REP> Real
13/02/2006 13:13 <REP> Services
13/02/2006 13:13 <REP> SpeechEngines
02/02/2008 11:41 <REP> Symantec Shared
06/07/2007 14:20 <REP> System
28/08/2008 18:34 <REP> Wise Installation Wizard
1 fichier(s) 278 528 octets
19 Rép(s) 40 304 672 768 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 641D-53F4
Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders
02/08/2008 10:14 <REP> .
02/08/2008 10:14 <REP> ..
13/02/2006 13:12 <REP> 1033
02/08/2008 10:14 <REP> 1036
20/09/2005 12:33 1 293 008 MSONSEXT.DLL
22/03/2007 19:29 39 256 MSOSV.DLL
03/06/1999 13:09 122 937 MSOWS409.DLL
07/03/2001 08:00 127 033 MSOWS40c.DLL
11/07/2003 03:25 80 448 PKMWS.DLL
5 fichier(s) 1 662 682 octets
4 Rép(s) 40 304 672 768 octets libres
c:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.321\English\setup.exe
c:\Documents and Settings\Justine\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe
c:\Documents and Settings\Justine\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr710_fr_FR.exe
c:\Documents and Settings\Justine\Bureau\antivir_workstation_winu_en_h.exe
c:\Documents and Settings\Justine\Bureau\HJTInstall.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix.exe
c:\Documents and Settings\Justine\Bureau\zaSetup_fr.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\catchme.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\diff.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\dumphive.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\find2.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\Fport.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\grep.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\gzip.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\LFiles.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\md5sums.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\pslist.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\sigcheck.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\streams.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\swreg.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\tar.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\404Fix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\AntiXPVSTFix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\dumphive.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\exit.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\GenericRenosFix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\HostsChk.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\IEDFix.C.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\IEDFix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\Policies.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\Process.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\Reboot.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\restart.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\SmiUpdate.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\SrchSTS.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\swreg.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\swsc.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\swxcacls.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\UIFix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\unzip.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\VACFix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\VCCLSID.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\WS2Fix.exe
c:\Documents and Settings\Justine\Local Settings\Temp\SSUPDATE.EXE
c:\Documents and Settings\Justine\Mes documents\Games\rom\PoKémon\Visual_Boy_Advance_V1.7.2_win_Fr\VisualBoyAdvance.exe
c:\Documents and Settings\Justine\Mes documents\Ma musique\Musique\Grease - Soundtrack\Grease\Multimedia\GREASE.EXE
c:\Documents and Settings\Justine\Mes documents\Ma musique\Musique\Grease - Soundtrack\Grease\Multimedia\VFW11E\SETUP.EXE
c:\Documents and Settings\Administrateur\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10000.dll
c:\Documents and Settings\Administrateur\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10001.dll
c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\Justine\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
c:\Documents and Settings\Justine\Application Data\Mozilla\Firefox\Profiles\ntkjgpgm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
c:\Documents and Settings\Justine\Application Data\Mozilla\Firefox\Profiles\ntkjgpgm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
c:\Documents and Settings\Justine\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10000.dll
c:\Documents and Settings\Justine\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10001.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_JUSTINE.tar.gz a l'adresse http://upload.malekal.com
DiagHelp version v1.4 - http://www.malekal.com
excute le 06/09/2008 à 22:53:07,40
Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\GUARDGUI.EXE-2C20A958.pf -->06/09/2008 16:42:58
C:\WINDOWS\prefetch\PCTSGUI.EXE-281B8AB7.pf -->06/09/2008 16:42:10
C:\WINDOWS\prefetch\UPDATE.EXE-1A7E7F45.pf -->06/09/2008 16:42:01
C:\WINDOWS\prefetch\AVWSC.EXE-347FCF75.pf -->06/09/2008 16:41:52
C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->06/09/2008 16:33:28
C:\WINDOWS\prefetch\WMIADAP.EXE-2DF425B2.pf -->06/09/2008 16:33:27
C:\WINDOWS\prefetch\PCTSAUXS.EXE-1E8D77A6.pf -->06/09/2008 16:32:58
C:\WINDOWS\prefetch\PCTSTRAY.EXE-29391146.pf -->06/09/2008 16:32:53
C:\WINDOWS\prefetch\PCTSSVC.EXE-3A239962.pf -->06/09/2008 16:32:52
C:\WINDOWS\prefetch\UNZIP.EXE-08434430.pf -->06/09/2008 16:32:46
C:\WINDOWS\System32\drivers\556a2dc3.sys -->29/08/2008 11:22:04
C:\WINDOWS\System32\drivers\iksyssec.sys -->25/08/2008 11:36:30
C:\WINDOWS\System32\drivers\iksysflt.sys -->25/08/2008 11:36:28
C:\WINDOWS\System32\drivers\ikfilesec.sys -->25/08/2008 11:36:28
C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->17/08/2008 15:01:18
C:\WINDOWS\System32\drivers\mbam.sys -->17/08/2008 15:01:14
C:\WINDOWS\System32\drivers\aswFsBlk.sys -->19/07/2008 16:37:42
C:\WINDOWS\System32\tmp.txt -->06/09/2008 21:23:54
C:\WINDOWS\System32\tmp.reg -->06/09/2008 21:23:54
C:\WINDOWS\System32\wpa.dbl -->06/09/2008 21:20:28
C:\WINDOWS\System32\PerfStringBackup.INI -->06/09/2008 16:33:35
C:\WINDOWS\System32\perfh00C.dat -->06/09/2008 16:33:35
C:\WINDOWS\System32\perfh009.dat -->06/09/2008 16:33:35
C:\WINDOWS\System32\perfc00C.dat -->06/09/2008 16:33:35
C:\WINDOWS\System32\perfc009.dat -->06/09/2008 16:33:35
C:\WINDOWS\System32\AntiXPVSTFix.exe -->02/09/2008 23:58:33
C:\WINDOWS\System32\VACFix.exe -->02/09/2008 16:51:48
C:\WINDOWS\System32\IEDFix.C.exe -->28/08/2008 22:36:57
C:\WINDOWS\System32\404Fix.exe -->18/08/2008 12:19:03
C:\WINDOWS\System32\TZLog.log -->16/08/2008 11:55:18
C:\WINDOWS\System32\FNTCACHE.DAT -->12/08/2008 13:09:31
C:\WINDOWS\System32\MRT.exe -->05/08/2008 20:11:01
C:\WINDOWS\System32\CONFIG.NT -->01/08/2008 19:55:36
C:\WINDOWS\System32\aswBoot.exe -->19/07/2008 16:43:08
C:\WINDOWS\System32\AvastSS.scr -->19/07/2008 16:30:53
C:\WINDOWS\System32\cdm.dll -->18/07/2008 22:10:48
C:\WINDOWS\System32\wuauclt.exe -->18/07/2008 22:10:42
C:\WINDOWS\System32\wups2.dll -->18/07/2008 22:10:40
C:\WINDOWS\System32\wucltui.dll.mui -->18/07/2008 22:10:36
C:\WINDOWS\System32\wups.dll -->18/07/2008 22:10:20
C:\WINDOWS\System32\wuaucpl.cpl.mui -->18/07/2008 22:09:56
C:\WINDOWS\System32\wucltui.dll -->18/07/2008 22:09:46
C:\WINDOWS\WindowsUpdate.log -->06/09/2008 22:52:07
C:\WINDOWS\bootstat.dat -->06/09/2008 21:18:52
C:\WINDOWS\win.ini -->28/08/2008 15:46:02
C:\WINDOWS\system.ini -->28/08/2008 15:46:02
C:\WINDOWS\QTFont.qfn -->20/08/2008 17:14:31
C:\WINDOWS\NeroDigital.ini -->16/08/2008 15:33:08
C:\WINDOWS\SIERRA.INI -->30/03/2008 16:53:27
C:\WINDOWS\ModemLog_Modem standard 33600 bps.txt -->30/11/2007 19:38:09
C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt -->30/11/2007 19:38:03
C:\WINDOWS\QTFont.for -->30/11/2007 15:58:53
C:\WINDOWS\aopr.ini -->23/06/2007 16:30:24
C:\WINDOWS\_MSRSTRT.EXE -->23/06/2007 14:06:07
C:\WINDOWS\aoxppr.ini -->23/06/2007 14:05:41
C:\WINDOWS\explorer.exe -->13/06/2007 15:22:28
C:\WINDOWS\tosOBEX.INI -->15/05/2007 16:43:08
winlogon.exe
svchost.exe
ws2_32.dll
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
explorer.exe pid: 228
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
0x44080000 0xd0000 7.00.6000.16705 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16705 C:\WINDOWS\system32\iertutil.dll
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x636e0000 0x29000 6.00.0000.0002 C:\Program Files\Spyware Doctor\smumhook.dll
0x5a000000 0x1f000 6.00.0000.0000 C:\Program Files\Spyware Doctor\klg.dat
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x44360000 0x5cd000 7.00.6000.16705 C:\WINDOWS\system32\ieframe.dll
0x44160000 0x127000 7.00.6000.16705 C:\WINDOWS\system32\urlmon.dll
0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
0x10000000 0x14000 1.00.0000.1012 C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
0x00c10000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
0x016b0000 0x2c000 C:\Program Files\WinRAR\rarext.dll
0x00c00000 0xf000 1.00.0000.1004 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
0x016e0000 0x12000 7.00.0000.0015 C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL
0x02180000 0x56000 7.10.3052.0004 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll
0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\system32\MFC71FRA.DLL
0x02300000 0x37000 3.05.0000.0000 C:\Program Files\PowerISO\PWRISOSH.DLL
0x021e0000 0x12000 1.01.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
0x64f00000 0x12000 4.08.1227.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
winlogon.exe pid: 808
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x82000 \??\C:\WINDOWS\system32\winlogon.exe
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x10000000 0x99000 1.00.0000.1048 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
0x44080000 0xd0000 7.00.6000.16705 C:\WINDOWS\system32\WININET.dll
0x00de0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16705 C:\WINDOWS\system32\iertutil.dll
0x00f50000 0x11000 6.14.0010.4124 C:\WINDOWS\system32\Ati2evxx.dll
0x010e0000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x636e0000 0x29000 6.00.0000.0002 C:\Program Files\Spyware Doctor\smumhook.dll
0x5a000000 0x1f000 6.00.0000.0000 C:\Program Files\Spyware Doctor\klg.dat
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 641D-53F4
Répertoire de C:\WINDOWS\system32
05/08/2004 13:00 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 40 314 417 152 octets libres
Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 641D-53F4
Répertoire de C:\WINDOWS\Downloaded Program Files
23/09/2006 10:49 <REP> .
23/09/2006 10:49 <REP> ..
16/01/2006 18:36 65 desktop.ini
26/05/2005 04:19 291 wuweb.inf
2 fichier(s) 356 octets
Total des fichiers listés :
2 fichier(s) 356 octets
2 Rép(s) 40 314 417 152 octets libres
Recherche de rootkit! (Merci S!Ri)
Recherche d'infections connues
Export des clefs sensibles..
Liste des fichiers en exception sur le pare-feu XP SP2
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Justine\\Local Settings\\Temp\\.tt22.tmp"="C:\\Documents and Settings\\Justine\\Local Settings\\Temp\\.tt22.tmp:*:Enabled:enable"
"C:\\WINDOWS\\system32\\sysrest32.exe"="C:\\WINDOWS\\system32\\sysrest32.exe:*:Enabled:enable"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Export de la clef SharedTaskScheduler
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
exports des policies
REGEDIT4
[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-06 22:53:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:b9,c2,93,2d,b3,bd,14,8c,04,f3,a3,11,90,47,05,c9,7f,b0,95,f6,0d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:2e,eb,5a,55,73,53,95,62,50,1c,cf,69,a9,71,a4,c6,1a,89,be,16,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7d,5a,fb,17,9a,19,96,6c,45,d0,8d,fa,2b,a2,bd,e9,83,..
"khjeh"=hex:af,02,fb,35,e5,09,f8,25,21,d9,d3,19,f6,e0,5a,4d,7b,aa,4c,83,13,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1c,95,da,08,af,a7,e0,ad,48,58,86,e5,7e,9a,21,d8,ff,c4,75,e2,ba,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2da7b4db
"s2"=dword:6e01368e
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:b9,c2,93,2d,b3,bd,14,8c,04,f3,a3,11,90,47,05,c9,7f,b0,95,f6,0d,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:2e,eb,5a,55,73,53,95,62,50,1c,cf,69,a9,71,a4,c6,1a,89,be,16,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7d,5a,fb,17,9a,19,96,6c,45,d0,8d,fa,2b,a2,bd,e9,83,..
"khjeh"=hex:af,02,fb,35,e5,09,f8,25,21,d9,d3,19,f6,e0,5a,4d,7b,aa,4c,83,13,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1c,95,da,08,af,a7,e0,ad,48,58,86,e5,7e,9a,21,d8,ff,c4,75,e2,ba,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:b9,c2,93,2d,b3,bd,14,8c,04,f3,a3,11,90,47,05,c9,7f,b0,95,f6,0d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:2e,eb,5a,55,73,53,95,62,50,1c,cf,69,a9,71,a4,c6,1a,89,be,16,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7d,5a,fb,17,9a,19,96,6c,45,d0,8d,fa,2b,a2,bd,e9,83,..
"khjeh"=hex:af,02,fb,35,e5,09,f8,25,21,d9,d3,19,f6,e0,5a,4d,7b,aa,4c,83,13,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1c,95,da,08,af,a7,e0,ad,48,58,86,e5,7e,9a,21,d8,ff,c4,75,e2,ba,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden services: 0
hidden files: 0
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Error loading kernel support driver!
Make sure you are running this as Administrator.
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Error loading kernel support driver!
Make sure you are running this as Administrator.
Liste des programmes installes
802.11 USB Wireless LAN Adapter
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Photoshop CS2
Adobe Reader 7.1.0 - Français
Adobe Shockwave Player
Adobe Stock Photos 1.0
AiO_Scan_CDA
AiOSoftwareNPI
Apple Software Update
Archiveur WinRAR
Assist TOSHIBA
Assistant de connexion Windows Live
ATI - Utilitaire de désinstallation du logiciel
ATI Catalyst Control Center
ATI Display Driver
avast! Antivirus
Avira AntiVir Personal - Free Antivirus
Azureus
Bluetooth Stack for Windows by Toshiba
BufferChm
C3100 c3100_Help
CCleaner (remove only)
CEP - Color Enable Package
Commandes TOSHIBA
Correctif pour Windows Internet Explorer 7 (KB947864)
Correctif Windows XP - KB884018
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
eMule
eSupportQFolder
Fax_CDA
Formatage de carte mémoire SD TOSHIBA
Gestion d'énergie TOSHIBA
HijackThis 2.0.2
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
InstantShareDevicesMFC
Intel(R) PRO Network Connections Drivers
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
J2SE Runtime Environment 5.0 Update 4
Le Petit MOURRE
Lecteur Windows Media 10
Les Indispensables Éducation pour Microsoft Office
Les Sims 2
Les Sims 2 : Nuits de Folie
Les Sims 2 Fun en Famille Kit
Les Sims 2 : La bonne affaire
Les Sims™ 2 Animaux & Cie
Les Sims™ 2 H&M® Fashion Kit
Les Sims™ 2 Jour de fête ! Kit
Les Sims™ 2 Kit Glamour
Les Sims™ 2 Quartier Libre
Les Sims™ 2 Tout pour les ados Kit
Les Sims™ 2 Au fil des saisons
Les Sims™ 2 Bon Voyage
Lexibase Collins Français-Anglais
LG PC Suite
LG USB Modem driver [KU580]
livebox
Logiciel Intel(R) PROSet/Wireless
Macromedia Flash Player
Malwarebytes' Anti-Malware
Manuels TOSHIBA
MarketResearch
mCore
mDrWiFi
Messenger Plus! Live
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Language Pack - FRA
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Encarta 2007 - Études
Microsoft Encarta Maths
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)
Mise à jour Encarta_Les Indispensables Éducation
mIWA
mLogView
mMHouse
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
Module sécurisé SD
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mXML
mZConfig
Nero 6 Ultra Edition
NewCopy_CDA
OCR Software by I.R.I.S 7.0
Outil de diagnostic PC TOSHIBA
PanoStandAlone
PowerISO
ProductContextNPI
QuickTime
Readme
Realtek High Definition Audio Driver
Réducteur de bruit lect. CD/DVD
SAGEM F@st 800-840
Satsuki Decoder Pack
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
SolutionCenter
Son virtuel TOSHIBA
Sonic DLA
Sony USB Driver
Spyware Doctor 6.0
Status
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
The Sims 2 University
Toolbox
TOSHIBA ConfigFree
TOSHIBA Hotkey Utility
TOSHIBA Software Modem
TOSHIBA TouchPad ON/Off Utility
TOSHIBA Utilities
TrayApp
Unload
Utilitaire de zoom TOSHIBA
VideoLAN VLC media player 0.8.6a
WebFldrs XP
WebReg
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Format Runtime
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 641D-53F4
Répertoire de C:\Program Files
06/09/2008 17:00 <REP> .
06/09/2008 17:00 <REP> ..
17/05/2007 16:35 <REP> 1964
09/12/2007 12:35 <REP> Adobe
22/04/2007 19:07 <REP> Ahead
22/09/2006 09:23 <REP> Alcohol Soft
10/04/2008 14:44 <REP> Alwil Software
13/05/2007 12:35 <REP> Apple Software Update
13/02/2006 13:12 <REP> ATI Technologies
06/09/2008 16:25 <REP> Avira
23/06/2008 14:45 <REP> Azureus
02/09/2007 21:56 <REP> CCleaner
16/01/2006 18:35 <REP> ComPlus Applications
01/06/2007 20:53 <REP> DAEMON Tools
01/03/2008 19:14 <REP> EA GAMES
23/06/2007 16:10 <REP> ElcomSoft
18/08/2008 15:00 <REP> eMule
28/08/2008 17:05 <REP> Enigma Software Group
01/03/2008 16:37 <REP> Fichiers communs
07/08/2007 14:55 <REP> Hewlett-Packard
25/12/2006 16:46 <REP> HP
29/08/2006 16:23 <REP> Intel
16/08/2008 11:54 <REP> Internet Explorer
29/08/2006 16:22 <REP> InterVideo
13/02/2006 13:14 <REP> Java
28/02/2007 20:17 <REP> Le Petit MOURRE
27/03/2008 09:10 <REP> Learning Essentials
18/05/2008 12:02 <REP> LG Electronics
18/05/2008 12:02 <REP> LG PC Suite 2
29/08/2008 11:40 <REP> Malwarebytes' Anti-Malware
16/08/2008 11:57 <REP> Messenger
06/09/2008 16:23 <REP> Messenger Plus! Live
26/03/2008 21:05 <REP> Microsoft CAPICOM 2.1.0.2
09/12/2007 14:57 <REP> Microsoft Etudes
13/02/2006 13:15 <REP> microsoft frontpage
02/02/2008 11:19 <REP> Microsoft Office
13/02/2006 13:16 <REP> Microsoft.NET
13/02/2006 13:16 <REP> Movie Maker
28/08/2008 19:24 <REP> Mozilla Firefox
13/02/2006 13:16 <REP> MSN
13/02/2006 13:16 <REP> MSN Gaming Zone
01/03/2008 16:38 <REP> MSN Messenger
03/02/2008 11:48 <REP> MSXML 6.0
13/02/2006 13:16 <REP> NetMeeting
13/02/2006 13:17 <REP> Online Services
06/07/2007 14:20 <REP> Outlook Express
08/12/2006 14:33 <REP> PowerISO
13/05/2007 12:36 <REP> QuickTime
12/03/2007 22:35 <REP> Real
13/02/2006 13:17 <REP> Realtek
25/04/2007 11:04 <REP> SAGEM
11/01/2007 21:28 <REP> SAGEM F@st 800-840
23/09/2006 19:13 <REP> Satsuki Decoder Pack
13/02/2006 13:17 <REP> Services en ligne
23/06/2007 13:37 <REP> Sims 2 Collection Maker
23/08/2007 10:41 <REP> Softissimo
06/09/2008 16:45 <REP> Spybot - Search & Destroy
06/09/2008 16:33 <REP> Spyware Doctor
24/06/2008 14:36 <REP> StepMania
06/09/2008 16:21 <REP> SUPERAntiSpyware
02/02/2008 11:39 <REP> Symantec
13/02/2006 13:18 <REP> Synaptics
12/05/2007 20:40 <REP> Timeline Interactive
23/06/2007 10:02 <REP> Toshiba
06/09/2008 17:00 <REP> Trend Micro
27/02/2007 19:55 <REP> VideoLAN
25/04/2007 11:34 <REP> Wanadoo
23/12/2007 20:27 <REP> Winamp
01/03/2008 16:38 <REP> Windows Live
26/03/2008 23:13 <REP> Windows Live Safety Center
24/09/2006 10:29 <REP> Windows Media Player
13/02/2006 13:19 <REP> Windows NT
01/03/2007 23:30 <REP> WinRAR
13/02/2006 13:19 <REP> xerox
0 fichier(s) 0 octets
74 Rép(s) 40 304 672 768 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 641D-53F4
Répertoire de C:\Program Files\fichiers communs
01/03/2008 16:37 <REP> .
01/03/2008 16:37 <REP> ..
10/06/2008 14:51 <REP> Adobe
09/12/2007 12:26 <REP> Adobe Systems Shared
22/04/2007 19:07 <REP> Ahead
01/09/2006 21:53 <REP> DESIGNER
23/09/2006 09:59 278 528 FDEUnInstaller.exe
25/12/2006 16:42 <REP> Hewlett-Packard
25/12/2006 16:46 <REP> HP
13/02/2006 13:12 <REP> InstallShield
13/02/2006 13:12 <REP> Java
11/08/2008 21:34 <REP> Microsoft Shared
13/02/2006 13:13 <REP> MSSoap
13/02/2006 13:13 <REP> ODBC
13/03/2007 10:25 <REP> Real
13/02/2006 13:13 <REP> Services
13/02/2006 13:13 <REP> SpeechEngines
02/02/2008 11:41 <REP> Symantec Shared
06/07/2007 14:20 <REP> System
28/08/2008 18:34 <REP> Wise Installation Wizard
1 fichier(s) 278 528 octets
19 Rép(s) 40 304 672 768 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 641D-53F4
Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders
02/08/2008 10:14 <REP> .
02/08/2008 10:14 <REP> ..
13/02/2006 13:12 <REP> 1033
02/08/2008 10:14 <REP> 1036
20/09/2005 12:33 1 293 008 MSONSEXT.DLL
22/03/2007 19:29 39 256 MSOSV.DLL
03/06/1999 13:09 122 937 MSOWS409.DLL
07/03/2001 08:00 127 033 MSOWS40c.DLL
11/07/2003 03:25 80 448 PKMWS.DLL
5 fichier(s) 1 662 682 octets
4 Rép(s) 40 304 672 768 octets libres
c:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.321\English\setup.exe
c:\Documents and Settings\Justine\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe
c:\Documents and Settings\Justine\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr710_fr_FR.exe
c:\Documents and Settings\Justine\Bureau\antivir_workstation_winu_en_h.exe
c:\Documents and Settings\Justine\Bureau\HJTInstall.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix.exe
c:\Documents and Settings\Justine\Bureau\zaSetup_fr.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\catchme.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\diff.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\dumphive.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\find2.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\Fport.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\grep.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\gzip.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\LFiles.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\md5sums.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\pslist.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\sigcheck.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\streams.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\swreg.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\tar.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\404Fix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\AntiXPVSTFix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\dumphive.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\exit.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\GenericRenosFix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\HostsChk.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\IEDFix.C.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\IEDFix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\Policies.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\Process.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\Reboot.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\restart.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\SmiUpdate.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\SrchSTS.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\swreg.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\swsc.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\swxcacls.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\UIFix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\unzip.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\VACFix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\VCCLSID.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\WS2Fix.exe
c:\Documents and Settings\Justine\Local Settings\Temp\SSUPDATE.EXE
c:\Documents and Settings\Justine\Mes documents\Games\rom\PoKémon\Visual_Boy_Advance_V1.7.2_win_Fr\VisualBoyAdvance.exe
c:\Documents and Settings\Justine\Mes documents\Ma musique\Musique\Grease - Soundtrack\Grease\Multimedia\GREASE.EXE
c:\Documents and Settings\Justine\Mes documents\Ma musique\Musique\Grease - Soundtrack\Grease\Multimedia\VFW11E\SETUP.EXE
c:\Documents and Settings\Administrateur\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10000.dll
c:\Documents and Settings\Administrateur\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10001.dll
c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\Justine\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
c:\Documents and Settings\Justine\Application Data\Mozilla\Firefox\Profiles\ntkjgpgm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
c:\Documents and Settings\Justine\Application Data\Mozilla\Firefox\Profiles\ntkjgpgm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
c:\Documents and Settings\Justine\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10000.dll
c:\Documents and Settings\Justine\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10001.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_JUSTINE.tar.gz a l'adresse http://upload.malekal.com
excute le 06/09/2008 à 22:53:07,40
Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\GUARDGUI.EXE-2C20A958.pf -->06/09/2008 16:42:58
C:\WINDOWS\prefetch\PCTSGUI.EXE-281B8AB7.pf -->06/09/2008 16:42:10
C:\WINDOWS\prefetch\UPDATE.EXE-1A7E7F45.pf -->06/09/2008 16:42:01
C:\WINDOWS\prefetch\AVWSC.EXE-347FCF75.pf -->06/09/2008 16:41:52
C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->06/09/2008 16:33:28
C:\WINDOWS\prefetch\WMIADAP.EXE-2DF425B2.pf -->06/09/2008 16:33:27
C:\WINDOWS\prefetch\PCTSAUXS.EXE-1E8D77A6.pf -->06/09/2008 16:32:58
C:\WINDOWS\prefetch\PCTSTRAY.EXE-29391146.pf -->06/09/2008 16:32:53
C:\WINDOWS\prefetch\PCTSSVC.EXE-3A239962.pf -->06/09/2008 16:32:52
C:\WINDOWS\prefetch\UNZIP.EXE-08434430.pf -->06/09/2008 16:32:46
C:\WINDOWS\System32\drivers\556a2dc3.sys -->29/08/2008 11:22:04
C:\WINDOWS\System32\drivers\iksyssec.sys -->25/08/2008 11:36:30
C:\WINDOWS\System32\drivers\iksysflt.sys -->25/08/2008 11:36:28
C:\WINDOWS\System32\drivers\ikfilesec.sys -->25/08/2008 11:36:28
C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->17/08/2008 15:01:18
C:\WINDOWS\System32\drivers\mbam.sys -->17/08/2008 15:01:14
C:\WINDOWS\System32\drivers\aswFsBlk.sys -->19/07/2008 16:37:42
C:\WINDOWS\System32\tmp.txt -->06/09/2008 21:23:54
C:\WINDOWS\System32\tmp.reg -->06/09/2008 21:23:54
C:\WINDOWS\System32\wpa.dbl -->06/09/2008 21:20:28
C:\WINDOWS\System32\PerfStringBackup.INI -->06/09/2008 16:33:35
C:\WINDOWS\System32\perfh00C.dat -->06/09/2008 16:33:35
C:\WINDOWS\System32\perfh009.dat -->06/09/2008 16:33:35
C:\WINDOWS\System32\perfc00C.dat -->06/09/2008 16:33:35
C:\WINDOWS\System32\perfc009.dat -->06/09/2008 16:33:35
C:\WINDOWS\System32\AntiXPVSTFix.exe -->02/09/2008 23:58:33
C:\WINDOWS\System32\VACFix.exe -->02/09/2008 16:51:48
C:\WINDOWS\System32\IEDFix.C.exe -->28/08/2008 22:36:57
C:\WINDOWS\System32\404Fix.exe -->18/08/2008 12:19:03
C:\WINDOWS\System32\TZLog.log -->16/08/2008 11:55:18
C:\WINDOWS\System32\FNTCACHE.DAT -->12/08/2008 13:09:31
C:\WINDOWS\System32\MRT.exe -->05/08/2008 20:11:01
C:\WINDOWS\System32\CONFIG.NT -->01/08/2008 19:55:36
C:\WINDOWS\System32\aswBoot.exe -->19/07/2008 16:43:08
C:\WINDOWS\System32\AvastSS.scr -->19/07/2008 16:30:53
C:\WINDOWS\System32\cdm.dll -->18/07/2008 22:10:48
C:\WINDOWS\System32\wuauclt.exe -->18/07/2008 22:10:42
C:\WINDOWS\System32\wups2.dll -->18/07/2008 22:10:40
C:\WINDOWS\System32\wucltui.dll.mui -->18/07/2008 22:10:36
C:\WINDOWS\System32\wups.dll -->18/07/2008 22:10:20
C:\WINDOWS\System32\wuaucpl.cpl.mui -->18/07/2008 22:09:56
C:\WINDOWS\System32\wucltui.dll -->18/07/2008 22:09:46
C:\WINDOWS\WindowsUpdate.log -->06/09/2008 22:52:07
C:\WINDOWS\bootstat.dat -->06/09/2008 21:18:52
C:\WINDOWS\win.ini -->28/08/2008 15:46:02
C:\WINDOWS\system.ini -->28/08/2008 15:46:02
C:\WINDOWS\QTFont.qfn -->20/08/2008 17:14:31
C:\WINDOWS\NeroDigital.ini -->16/08/2008 15:33:08
C:\WINDOWS\SIERRA.INI -->30/03/2008 16:53:27
C:\WINDOWS\ModemLog_Modem standard 33600 bps.txt -->30/11/2007 19:38:09
C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt -->30/11/2007 19:38:03
C:\WINDOWS\QTFont.for -->30/11/2007 15:58:53
C:\WINDOWS\aopr.ini -->23/06/2007 16:30:24
C:\WINDOWS\_MSRSTRT.EXE -->23/06/2007 14:06:07
C:\WINDOWS\aoxppr.ini -->23/06/2007 14:05:41
C:\WINDOWS\explorer.exe -->13/06/2007 15:22:28
C:\WINDOWS\tosOBEX.INI -->15/05/2007 16:43:08
winlogon.exe
svchost.exe
ws2_32.dll
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
explorer.exe pid: 228
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
0x44080000 0xd0000 7.00.6000.16705 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16705 C:\WINDOWS\system32\iertutil.dll
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x636e0000 0x29000 6.00.0000.0002 C:\Program Files\Spyware Doctor\smumhook.dll
0x5a000000 0x1f000 6.00.0000.0000 C:\Program Files\Spyware Doctor\klg.dat
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x44360000 0x5cd000 7.00.6000.16705 C:\WINDOWS\system32\ieframe.dll
0x44160000 0x127000 7.00.6000.16705 C:\WINDOWS\system32\urlmon.dll
0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
0x10000000 0x14000 1.00.0000.1012 C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
0x00c10000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
0x016b0000 0x2c000 C:\Program Files\WinRAR\rarext.dll
0x00c00000 0xf000 1.00.0000.1004 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
0x016e0000 0x12000 7.00.0000.0015 C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL
0x02180000 0x56000 7.10.3052.0004 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll
0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\system32\MFC71FRA.DLL
0x02300000 0x37000 3.05.0000.0000 C:\Program Files\PowerISO\PWRISOSH.DLL
0x021e0000 0x12000 1.01.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
0x64f00000 0x12000 4.08.1227.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
winlogon.exe pid: 808
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x82000 \??\C:\WINDOWS\system32\winlogon.exe
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x10000000 0x99000 1.00.0000.1048 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
0x44080000 0xd0000 7.00.6000.16705 C:\WINDOWS\system32\WININET.dll
0x00de0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16705 C:\WINDOWS\system32\iertutil.dll
0x00f50000 0x11000 6.14.0010.4124 C:\WINDOWS\system32\Ati2evxx.dll
0x010e0000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x636e0000 0x29000 6.00.0000.0002 C:\Program Files\Spyware Doctor\smumhook.dll
0x5a000000 0x1f000 6.00.0000.0000 C:\Program Files\Spyware Doctor\klg.dat
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 641D-53F4
Répertoire de C:\WINDOWS\system32
05/08/2004 13:00 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 40 314 417 152 octets libres
Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 641D-53F4
Répertoire de C:\WINDOWS\Downloaded Program Files
23/09/2006 10:49 <REP> .
23/09/2006 10:49 <REP> ..
16/01/2006 18:36 65 desktop.ini
26/05/2005 04:19 291 wuweb.inf
2 fichier(s) 356 octets
Total des fichiers listés :
2 fichier(s) 356 octets
2 Rép(s) 40 314 417 152 octets libres
Recherche de rootkit! (Merci S!Ri)
Recherche d'infections connues
Export des clefs sensibles..
Liste des fichiers en exception sur le pare-feu XP SP2
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Justine\\Local Settings\\Temp\\.tt22.tmp"="C:\\Documents and Settings\\Justine\\Local Settings\\Temp\\.tt22.tmp:*:Enabled:enable"
"C:\\WINDOWS\\system32\\sysrest32.exe"="C:\\WINDOWS\\system32\\sysrest32.exe:*:Enabled:enable"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Export de la clef SharedTaskScheduler
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
exports des policies
REGEDIT4
[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-06 22:53:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:b9,c2,93,2d,b3,bd,14,8c,04,f3,a3,11,90,47,05,c9,7f,b0,95,f6,0d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:2e,eb,5a,55,73,53,95,62,50,1c,cf,69,a9,71,a4,c6,1a,89,be,16,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7d,5a,fb,17,9a,19,96,6c,45,d0,8d,fa,2b,a2,bd,e9,83,..
"khjeh"=hex:af,02,fb,35,e5,09,f8,25,21,d9,d3,19,f6,e0,5a,4d,7b,aa,4c,83,13,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1c,95,da,08,af,a7,e0,ad,48,58,86,e5,7e,9a,21,d8,ff,c4,75,e2,ba,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2da7b4db
"s2"=dword:6e01368e
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:b9,c2,93,2d,b3,bd,14,8c,04,f3,a3,11,90,47,05,c9,7f,b0,95,f6,0d,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:2e,eb,5a,55,73,53,95,62,50,1c,cf,69,a9,71,a4,c6,1a,89,be,16,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7d,5a,fb,17,9a,19,96,6c,45,d0,8d,fa,2b,a2,bd,e9,83,..
"khjeh"=hex:af,02,fb,35,e5,09,f8,25,21,d9,d3,19,f6,e0,5a,4d,7b,aa,4c,83,13,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1c,95,da,08,af,a7,e0,ad,48,58,86,e5,7e,9a,21,d8,ff,c4,75,e2,ba,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:b9,c2,93,2d,b3,bd,14,8c,04,f3,a3,11,90,47,05,c9,7f,b0,95,f6,0d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:2e,eb,5a,55,73,53,95,62,50,1c,cf,69,a9,71,a4,c6,1a,89,be,16,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7d,5a,fb,17,9a,19,96,6c,45,d0,8d,fa,2b,a2,bd,e9,83,..
"khjeh"=hex:af,02,fb,35,e5,09,f8,25,21,d9,d3,19,f6,e0,5a,4d,7b,aa,4c,83,13,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1c,95,da,08,af,a7,e0,ad,48,58,86,e5,7e,9a,21,d8,ff,c4,75,e2,ba,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden services: 0
hidden files: 0
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Error loading kernel support driver!
Make sure you are running this as Administrator.
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Error loading kernel support driver!
Make sure you are running this as Administrator.
Liste des programmes installes
802.11 USB Wireless LAN Adapter
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Photoshop CS2
Adobe Reader 7.1.0 - Français
Adobe Shockwave Player
Adobe Stock Photos 1.0
AiO_Scan_CDA
AiOSoftwareNPI
Apple Software Update
Archiveur WinRAR
Assist TOSHIBA
Assistant de connexion Windows Live
ATI - Utilitaire de désinstallation du logiciel
ATI Catalyst Control Center
ATI Display Driver
avast! Antivirus
Avira AntiVir Personal - Free Antivirus
Azureus
Bluetooth Stack for Windows by Toshiba
BufferChm
C3100 c3100_Help
CCleaner (remove only)
CEP - Color Enable Package
Commandes TOSHIBA
Correctif pour Windows Internet Explorer 7 (KB947864)
Correctif Windows XP - KB884018
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
eMule
eSupportQFolder
Fax_CDA
Formatage de carte mémoire SD TOSHIBA
Gestion d'énergie TOSHIBA
HijackThis 2.0.2
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
InstantShareDevicesMFC
Intel(R) PRO Network Connections Drivers
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
J2SE Runtime Environment 5.0 Update 4
Le Petit MOURRE
Lecteur Windows Media 10
Les Indispensables Éducation pour Microsoft Office
Les Sims 2
Les Sims 2 : Nuits de Folie
Les Sims 2 Fun en Famille Kit
Les Sims 2 : La bonne affaire
Les Sims™ 2 Animaux & Cie
Les Sims™ 2 H&M® Fashion Kit
Les Sims™ 2 Jour de fête ! Kit
Les Sims™ 2 Kit Glamour
Les Sims™ 2 Quartier Libre
Les Sims™ 2 Tout pour les ados Kit
Les Sims™ 2 Au fil des saisons
Les Sims™ 2 Bon Voyage
Lexibase Collins Français-Anglais
LG PC Suite
LG USB Modem driver [KU580]
livebox
Logiciel Intel(R) PROSet/Wireless
Macromedia Flash Player
Malwarebytes' Anti-Malware
Manuels TOSHIBA
MarketResearch
mCore
mDrWiFi
Messenger Plus! Live
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Language Pack - FRA
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Encarta 2007 - Études
Microsoft Encarta Maths
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)
Mise à jour Encarta_Les Indispensables Éducation
mIWA
mLogView
mMHouse
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
Module sécurisé SD
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mXML
mZConfig
Nero 6 Ultra Edition
NewCopy_CDA
OCR Software by I.R.I.S 7.0
Outil de diagnostic PC TOSHIBA
PanoStandAlone
PowerISO
ProductContextNPI
QuickTime
Readme
Realtek High Definition Audio Driver
Réducteur de bruit lect. CD/DVD
SAGEM F@st 800-840
Satsuki Decoder Pack
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
SolutionCenter
Son virtuel TOSHIBA
Sonic DLA
Sony USB Driver
Spyware Doctor 6.0
Status
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
The Sims 2 University
Toolbox
TOSHIBA ConfigFree
TOSHIBA Hotkey Utility
TOSHIBA Software Modem
TOSHIBA TouchPad ON/Off Utility
TOSHIBA Utilities
TrayApp
Unload
Utilitaire de zoom TOSHIBA
VideoLAN VLC media player 0.8.6a
WebFldrs XP
WebReg
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Format Runtime
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 641D-53F4
Répertoire de C:\Program Files
06/09/2008 17:00 <REP> .
06/09/2008 17:00 <REP> ..
17/05/2007 16:35 <REP> 1964
09/12/2007 12:35 <REP> Adobe
22/04/2007 19:07 <REP> Ahead
22/09/2006 09:23 <REP> Alcohol Soft
10/04/2008 14:44 <REP> Alwil Software
13/05/2007 12:35 <REP> Apple Software Update
13/02/2006 13:12 <REP> ATI Technologies
06/09/2008 16:25 <REP> Avira
23/06/2008 14:45 <REP> Azureus
02/09/2007 21:56 <REP> CCleaner
16/01/2006 18:35 <REP> ComPlus Applications
01/06/2007 20:53 <REP> DAEMON Tools
01/03/2008 19:14 <REP> EA GAMES
23/06/2007 16:10 <REP> ElcomSoft
18/08/2008 15:00 <REP> eMule
28/08/2008 17:05 <REP> Enigma Software Group
01/03/2008 16:37 <REP> Fichiers communs
07/08/2007 14:55 <REP> Hewlett-Packard
25/12/2006 16:46 <REP> HP
29/08/2006 16:23 <REP> Intel
16/08/2008 11:54 <REP> Internet Explorer
29/08/2006 16:22 <REP> InterVideo
13/02/2006 13:14 <REP> Java
28/02/2007 20:17 <REP> Le Petit MOURRE
27/03/2008 09:10 <REP> Learning Essentials
18/05/2008 12:02 <REP> LG Electronics
18/05/2008 12:02 <REP> LG PC Suite 2
29/08/2008 11:40 <REP> Malwarebytes' Anti-Malware
16/08/2008 11:57 <REP> Messenger
06/09/2008 16:23 <REP> Messenger Plus! Live
26/03/2008 21:05 <REP> Microsoft CAPICOM 2.1.0.2
09/12/2007 14:57 <REP> Microsoft Etudes
13/02/2006 13:15 <REP> microsoft frontpage
02/02/2008 11:19 <REP> Microsoft Office
13/02/2006 13:16 <REP> Microsoft.NET
13/02/2006 13:16 <REP> Movie Maker
28/08/2008 19:24 <REP> Mozilla Firefox
13/02/2006 13:16 <REP> MSN
13/02/2006 13:16 <REP> MSN Gaming Zone
01/03/2008 16:38 <REP> MSN Messenger
03/02/2008 11:48 <REP> MSXML 6.0
13/02/2006 13:16 <REP> NetMeeting
13/02/2006 13:17 <REP> Online Services
06/07/2007 14:20 <REP> Outlook Express
08/12/2006 14:33 <REP> PowerISO
13/05/2007 12:36 <REP> QuickTime
12/03/2007 22:35 <REP> Real
13/02/2006 13:17 <REP> Realtek
25/04/2007 11:04 <REP> SAGEM
11/01/2007 21:28 <REP> SAGEM F@st 800-840
23/09/2006 19:13 <REP> Satsuki Decoder Pack
13/02/2006 13:17 <REP> Services en ligne
23/06/2007 13:37 <REP> Sims 2 Collection Maker
23/08/2007 10:41 <REP> Softissimo
06/09/2008 16:45 <REP> Spybot - Search & Destroy
06/09/2008 16:33 <REP> Spyware Doctor
24/06/2008 14:36 <REP> StepMania
06/09/2008 16:21 <REP> SUPERAntiSpyware
02/02/2008 11:39 <REP> Symantec
13/02/2006 13:18 <REP> Synaptics
12/05/2007 20:40 <REP> Timeline Interactive
23/06/2007 10:02 <REP> Toshiba
06/09/2008 17:00 <REP> Trend Micro
27/02/2007 19:55 <REP> VideoLAN
25/04/2007 11:34 <REP> Wanadoo
23/12/2007 20:27 <REP> Winamp
01/03/2008 16:38 <REP> Windows Live
26/03/2008 23:13 <REP> Windows Live Safety Center
24/09/2006 10:29 <REP> Windows Media Player
13/02/2006 13:19 <REP> Windows NT
01/03/2007 23:30 <REP> WinRAR
13/02/2006 13:19 <REP> xerox
0 fichier(s) 0 octets
74 Rép(s) 40 304 672 768 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 641D-53F4
Répertoire de C:\Program Files\fichiers communs
01/03/2008 16:37 <REP> .
01/03/2008 16:37 <REP> ..
10/06/2008 14:51 <REP> Adobe
09/12/2007 12:26 <REP> Adobe Systems Shared
22/04/2007 19:07 <REP> Ahead
01/09/2006 21:53 <REP> DESIGNER
23/09/2006 09:59 278 528 FDEUnInstaller.exe
25/12/2006 16:42 <REP> Hewlett-Packard
25/12/2006 16:46 <REP> HP
13/02/2006 13:12 <REP> InstallShield
13/02/2006 13:12 <REP> Java
11/08/2008 21:34 <REP> Microsoft Shared
13/02/2006 13:13 <REP> MSSoap
13/02/2006 13:13 <REP> ODBC
13/03/2007 10:25 <REP> Real
13/02/2006 13:13 <REP> Services
13/02/2006 13:13 <REP> SpeechEngines
02/02/2008 11:41 <REP> Symantec Shared
06/07/2007 14:20 <REP> System
28/08/2008 18:34 <REP> Wise Installation Wizard
1 fichier(s) 278 528 octets
19 Rép(s) 40 304 672 768 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 641D-53F4
Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders
02/08/2008 10:14 <REP> .
02/08/2008 10:14 <REP> ..
13/02/2006 13:12 <REP> 1033
02/08/2008 10:14 <REP> 1036
20/09/2005 12:33 1 293 008 MSONSEXT.DLL
22/03/2007 19:29 39 256 MSOSV.DLL
03/06/1999 13:09 122 937 MSOWS409.DLL
07/03/2001 08:00 127 033 MSOWS40c.DLL
11/07/2003 03:25 80 448 PKMWS.DLL
5 fichier(s) 1 662 682 octets
4 Rép(s) 40 304 672 768 octets libres
c:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.321\English\setup.exe
c:\Documents and Settings\Justine\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe
c:\Documents and Settings\Justine\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr710_fr_FR.exe
c:\Documents and Settings\Justine\Bureau\antivir_workstation_winu_en_h.exe
c:\Documents and Settings\Justine\Bureau\HJTInstall.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix.exe
c:\Documents and Settings\Justine\Bureau\zaSetup_fr.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\catchme.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\diff.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\dumphive.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\find2.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\Fport.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\grep.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\gzip.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\LFiles.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\md5sums.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\pslist.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\sigcheck.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\streams.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\swreg.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\tar.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\404Fix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\AntiXPVSTFix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\dumphive.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\exit.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\GenericRenosFix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\HostsChk.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\IEDFix.C.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\IEDFix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\Policies.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\Process.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\Reboot.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\restart.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\SmiUpdate.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\SrchSTS.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\swreg.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\swsc.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\swxcacls.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\UIFix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\unzip.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\VACFix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\VCCLSID.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\WS2Fix.exe
c:\Documents and Settings\Justine\Local Settings\Temp\SSUPDATE.EXE
c:\Documents and Settings\Justine\Mes documents\Games\rom\PoKémon\Visual_Boy_Advance_V1.7.2_win_Fr\VisualBoyAdvance.exe
c:\Documents and Settings\Justine\Mes documents\Ma musique\Musique\Grease - Soundtrack\Grease\Multimedia\GREASE.EXE
c:\Documents and Settings\Justine\Mes documents\Ma musique\Musique\Grease - Soundtrack\Grease\Multimedia\VFW11E\SETUP.EXE
c:\Documents and Settings\Administrateur\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10000.dll
c:\Documents and Settings\Administrateur\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10001.dll
c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\Justine\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
c:\Documents and Settings\Justine\Application Data\Mozilla\Firefox\Profiles\ntkjgpgm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
c:\Documents and Settings\Justine\Application Data\Mozilla\Firefox\Profiles\ntkjgpgm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
c:\Documents and Settings\Justine\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10000.dll
c:\Documents and Settings\Justine\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10001.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_JUSTINE.tar.gz a l'adresse http://upload.malekal.com
j'ai vu, voici le rapport de diaghelp
DiagHelp version v1.4 - http://www.malekal.com
excute le 06/09/2008 à 22:53:07,40
Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\GUARDGUI.EXE-2C20A958.pf -->06/09/2008 16:42:58
C:\WINDOWS\prefetch\PCTSGUI.EXE-281B8AB7.pf -->06/09/2008 16:42:10
C:\WINDOWS\prefetch\UPDATE.EXE-1A7E7F45.pf -->06/09/2008 16:42:01
C:\WINDOWS\prefetch\AVWSC.EXE-347FCF75.pf -->06/09/2008 16:41:52
C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->06/09/2008 16:33:28
C:\WINDOWS\prefetch\WMIADAP.EXE-2DF425B2.pf -->06/09/2008 16:33:27
C:\WINDOWS\prefetch\PCTSAUXS.EXE-1E8D77A6.pf -->06/09/2008 16:32:58
C:\WINDOWS\prefetch\PCTSTRAY.EXE-29391146.pf -->06/09/2008 16:32:53
C:\WINDOWS\prefetch\PCTSSVC.EXE-3A239962.pf -->06/09/2008 16:32:52
C:\WINDOWS\prefetch\UNZIP.EXE-08434430.pf -->06/09/2008 16:32:46
C:\WINDOWS\System32\drivers\556a2dc3.sys -->29/08/2008 11:22:04
C:\WINDOWS\System32\drivers\iksyssec.sys -->25/08/2008 11:36:30
C:\WINDOWS\System32\drivers\iksysflt.sys -->25/08/2008 11:36:28
C:\WINDOWS\System32\drivers\ikfilesec.sys -->25/08/2008 11:36:28
C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->17/08/2008 15:01:18
C:\WINDOWS\System32\drivers\mbam.sys -->17/08/2008 15:01:14
C:\WINDOWS\System32\drivers\aswFsBlk.sys -->19/07/2008 16:37:42
C:\WINDOWS\System32\tmp.txt -->06/09/2008 21:23:54
C:\WINDOWS\System32\tmp.reg -->06/09/2008 21:23:54
C:\WINDOWS\System32\wpa.dbl -->06/09/2008 21:20:28
C:\WINDOWS\System32\PerfStringBackup.INI -->06/09/2008 16:33:35
C:\WINDOWS\System32\perfh00C.dat -->06/09/2008 16:33:35
C:\WINDOWS\System32\perfh009.dat -->06/09/2008 16:33:35
C:\WINDOWS\System32\perfc00C.dat -->06/09/2008 16:33:35
C:\WINDOWS\System32\perfc009.dat -->06/09/2008 16:33:35
C:\WINDOWS\System32\AntiXPVSTFix.exe -->02/09/2008 23:58:33
C:\WINDOWS\System32\VACFix.exe -->02/09/2008 16:51:48
C:\WINDOWS\System32\IEDFix.C.exe -->28/08/2008 22:36:57
C:\WINDOWS\System32\404Fix.exe -->18/08/2008 12:19:03
C:\WINDOWS\System32\TZLog.log -->16/08/2008 11:55:18
C:\WINDOWS\System32\FNTCACHE.DAT -->12/08/2008 13:09:31
C:\WINDOWS\System32\MRT.exe -->05/08/2008 20:11:01
C:\WINDOWS\System32\CONFIG.NT -->01/08/2008 19:55:36
C:\WINDOWS\System32\aswBoot.exe -->19/07/2008 16:43:08
C:\WINDOWS\System32\AvastSS.scr -->19/07/2008 16:30:53
C:\WINDOWS\System32\cdm.dll -->18/07/2008 22:10:48
C:\WINDOWS\System32\wuauclt.exe -->18/07/2008 22:10:42
C:\WINDOWS\System32\wups2.dll -->18/07/2008 22:10:40
C:\WINDOWS\System32\wucltui.dll.mui -->18/07/2008 22:10:36
C:\WINDOWS\System32\wups.dll -->18/07/2008 22:10:20
C:\WINDOWS\System32\wuaucpl.cpl.mui -->18/07/2008 22:09:56
C:\WINDOWS\System32\wucltui.dll -->18/07/2008 22:09:46
C:\WINDOWS\WindowsUpdate.log -->06/09/2008 22:52:07
C:\WINDOWS\bootstat.dat -->06/09/2008 21:18:52
C:\WINDOWS\win.ini -->28/08/2008 15:46:02
C:\WINDOWS\system.ini -->28/08/2008 15:46:02
C:\WINDOWS\QTFont.qfn -->20/08/2008 17:14:31
C:\WINDOWS\NeroDigital.ini -->16/08/2008 15:33:08
C:\WINDOWS\SIERRA.INI -->30/03/2008 16:53:27
C:\WINDOWS\ModemLog_Modem standard 33600 bps.txt -->30/11/2007 19:38:09
C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt -->30/11/2007 19:38:03
C:\WINDOWS\QTFont.for -->30/11/2007 15:58:53
C:\WINDOWS\aopr.ini -->23/06/2007 16:30:24
C:\WINDOWS\_MSRSTRT.EXE -->23/06/2007 14:06:07
C:\WINDOWS\aoxppr.ini -->23/06/2007 14:05:41
C:\WINDOWS\explorer.exe -->13/06/2007 15:22:28
C:\WINDOWS\tosOBEX.INI -->15/05/2007 16:43:08
winlogon.exe
svchost.exe
ws2_32.dll
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
explorer.exe pid: 228
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
0x44080000 0xd0000 7.00.6000.16705 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16705 C:\WINDOWS\system32\iertutil.dll
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x636e0000 0x29000 6.00.0000.0002 C:\Program Files\Spyware Doctor\smumhook.dll
0x5a000000 0x1f000 6.00.0000.0000 C:\Program Files\Spyware Doctor\klg.dat
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x44360000 0x5cd000 7.00.6000.16705 C:\WINDOWS\system32\ieframe.dll
0x44160000 0x127000 7.00.6000.16705 C:\WINDOWS\system32\urlmon.dll
0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
0x10000000 0x14000 1.00.0000.1012 C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
0x00c10000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
0x016b0000 0x2c000 C:\Program Files\WinRAR\rarext.dll
0x00c00000 0xf000 1.00.0000.1004 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
0x016e0000 0x12000 7.00.0000.0015 C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL
0x02180000 0x56000 7.10.3052.0004 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll
0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\system32\MFC71FRA.DLL
0x02300000 0x37000 3.05.0000.0000 C:\Program Files\PowerISO\PWRISOSH.DLL
0x021e0000 0x12000 1.01.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
0x64f00000 0x12000 4.08.1227.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
winlogon.exe pid: 808
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x82000 \??\C:\WINDOWS\system32\winlogon.exe
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x10000000 0x99000 1.00.0000.1048 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
0x44080000 0xd0000 7.00.6000.16705 C:\WINDOWS\system32\WININET.dll
0x00de0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16705 C:\WINDOWS\system32\iertutil.dll
0x00f50000 0x11000 6.14.0010.4124 C:\WINDOWS\system32\Ati2evxx.dll
0x010e0000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x636e0000 0x29000 6.00.0000.0002 C:\Program Files\Spyware Doctor\smumhook.dll
0x5a000000 0x1f000 6.00.0000.0000 C:\Program Files\Spyware Doctor\klg.dat
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 641D-53F4
Répertoire de C:\WINDOWS\system32
05/08/2004 13:00 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 40 314 417 152 octets libres
Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 641D-53F4
Répertoire de C:\WINDOWS\Downloaded Program Files
23/09/2006 10:49 <REP> .
23/09/2006 10:49 <REP> ..
16/01/2006 18:36 65 desktop.ini
26/05/2005 04:19 291 wuweb.inf
2 fichier(s) 356 octets
Total des fichiers listés :
2 fichier(s) 356 octets
2 Rép(s) 40 314 417 152 octets libres
Recherche de rootkit! (Merci S!Ri)
Recherche d'infections connues
Export des clefs sensibles..
Liste des fichiers en exception sur le pare-feu XP SP2
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Justine\\Local Settings\\Temp\\.tt22.tmp"="C:\\Documents and Settings\\Justine\\Local Settings\\Temp\\.tt22.tmp:*:Enabled:enable"
"C:\\WINDOWS\\system32\\sysrest32.exe"="C:\\WINDOWS\\system32\\sysrest32.exe:*:Enabled:enable"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Export de la clef SharedTaskScheduler
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
exports des policies
REGEDIT4
[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-06 22:53:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:b9,c2,93,2d,b3,bd,14,8c,04,f3,a3,11,90,47,05,c9,7f,b0,95,f6,0d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:2e,eb,5a,55,73,53,95,62,50,1c,cf,69,a9,71,a4,c6,1a,89,be,16,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7d,5a,fb,17,9a,19,96,6c,45,d0,8d,fa,2b,a2,bd,e9,83,..
"khjeh"=hex:af,02,fb,35,e5,09,f8,25,21,d9,d3,19,f6,e0,5a,4d,7b,aa,4c,83,13,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1c,95,da,08,af,a7,e0,ad,48,58,86,e5,7e,9a,21,d8,ff,c4,75,e2,ba,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2da7b4db
"s2"=dword:6e01368e
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:b9,c2,93,2d,b3,bd,14,8c,04,f3,a3,11,90,47,05,c9,7f,b0,95,f6,0d,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:2e,eb,5a,55,73,53,95,62,50,1c,cf,69,a9,71,a4,c6,1a,89,be,16,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7d,5a,fb,17,9a,19,96,6c,45,d0,8d,fa,2b,a2,bd,e9,83,..
"khjeh"=hex:af,02,fb,35,e5,09,f8,25,21,d9,d3,19,f6,e0,5a,4d,7b,aa,4c,83,13,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1c,95,da,08,af,a7,e0,ad,48,58,86,e5,7e,9a,21,d8,ff,c4,75,e2,ba,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:b9,c2,93,2d,b3,bd,14,8c,04,f3,a3,11,90,47,05,c9,7f,b0,95,f6,0d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:2e,eb,5a,55,73,53,95,62,50,1c,cf,69,a9,71,a4,c6,1a,89,be,16,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7d,5a,fb,17,9a,19,96,6c,45,d0,8d,fa,2b,a2,bd,e9,83,..
"khjeh"=hex:af,02,fb,35,e5,09,f8,25,21,d9,d3,19,f6,e0,5a,4d,7b,aa,4c,83,13,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1c,95,da,08,af,a7,e0,ad,48,58,86,e5,7e,9a,21,d8,ff,c4,75,e2,ba,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden services: 0
hidden files: 0
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Error loading kernel support driver!
Make sure you are running this as Administrator.
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Error loading kernel support driver!
Make sure you are running this as Administrator.
Liste des programmes installes
802.11 USB Wireless LAN Adapter
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Photoshop CS2
Adobe Reader 7.1.0 - Français
Adobe Shockwave Player
Adobe Stock Photos 1.0
AiO_Scan_CDA
AiOSoftwareNPI
Apple Software Update
Archiveur WinRAR
Assist TOSHIBA
Assistant de connexion Windows Live
ATI - Utilitaire de désinstallation du logiciel
ATI Catalyst Control Center
ATI Display Driver
avast! Antivirus
Avira AntiVir Personal - Free Antivirus
Azureus
Bluetooth Stack for Windows by Toshiba
BufferChm
C3100 c3100_Help
CCleaner (remove only)
CEP - Color Enable Package
Commandes TOSHIBA
Correctif pour Windows Internet Explorer 7 (KB947864)
Correctif Windows XP - KB884018
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
eMule
eSupportQFolder
Fax_CDA
Formatage de carte mémoire SD TOSHIBA
Gestion d'énergie TOSHIBA
HijackThis 2.0.2
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
InstantShareDevicesMFC
Intel(R) PRO Network Connections Drivers
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
J2SE Runtime Environment 5.0 Update 4
Le Petit MOURRE
Lecteur Windows Media 10
Les Indispensables Éducation pour Microsoft Office
Les Sims 2
Les Sims 2 : Nuits de Folie
Les Sims 2 Fun en Famille Kit
Les Sims 2 : La bonne affaire
Les Sims™ 2 Animaux & Cie
Les Sims™ 2 H&M® Fashion Kit
Les Sims™ 2 Jour de fête ! Kit
Les Sims™ 2 Kit Glamour
Les Sims™ 2 Quartier Libre
Les Sims™ 2 Tout pour les ados Kit
Les Sims™ 2 Au fil des saisons
Les Sims™ 2 Bon Voyage
Lexibase Collins Français-Anglais
LG PC Suite
LG USB Modem driver [KU580]
livebox
Logiciel Intel(R) PROSet/Wireless
Macromedia Flash Player
Malwarebytes' Anti-Malware
Manuels TOSHIBA
MarketResearch
mCore
mDrWiFi
Messenger Plus! Live
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Language Pack - FRA
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Encarta 2007 - Études
Microsoft Encarta Maths
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)
Mise à jour Encarta_Les Indispensables Éducation
mIWA
mLogView
mMHouse
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
Module sécurisé SD
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mXML
mZConfig
Nero 6 Ultra Edition
NewCopy_CDA
OCR Software by I.R.I.S 7.0
Outil de diagnostic PC TOSHIBA
PanoStandAlone
PowerISO
ProductContextNPI
QuickTime
Readme
Realtek High Definition Audio Driver
Réducteur de bruit lect. CD/DVD
SAGEM F@st 800-840
Satsuki Decoder Pack
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
SolutionCenter
Son virtuel TOSHIBA
Sonic DLA
Sony USB Driver
Spyware Doctor 6.0
Status
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
The Sims 2 University
Toolbox
TOSHIBA ConfigFree
TOSHIBA Hotkey Utility
TOSHIBA Software Modem
TOSHIBA TouchPad ON/Off Utility
TOSHIBA Utilities
TrayApp
Unload
Utilitaire de zoom TOSHIBA
VideoLAN VLC media player 0.8.6a
WebFldrs XP
WebReg
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Format Runtime
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 641D-53F4
Répertoire de C:\Program Files
06/09/2008 17:00 <REP> .
06/09/2008 17:00 <REP> ..
17/05/2007 16:35 <REP> 1964
09/12/2007 12:35 <REP> Adobe
22/04/2007 19:07 <REP> Ahead
22/09/2006 09:23 <REP> Alcohol Soft
10/04/2008 14:44 <REP> Alwil Software
13/05/2007 12:35 <REP> Apple Software Update
13/02/2006 13:12 <REP> ATI Technologies
06/09/2008 16:25 <REP> Avira
23/06/2008 14:45 <REP> Azureus
02/09/2007 21:56 <REP> CCleaner
16/01/2006 18:35 <REP> ComPlus Applications
01/06/2007 20:53 <REP> DAEMON Tools
01/03/2008 19:14 <REP> EA GAMES
23/06/2007 16:10 <REP> ElcomSoft
18/08/2008 15:00 <REP> eMule
28/08/2008 17:05 <REP> Enigma Software Group
01/03/2008 16:37 <REP> Fichiers communs
07/08/2007 14:55 <REP> Hewlett-Packard
25/12/2006 16:46 <REP> HP
29/08/2006 16:23 <REP> Intel
16/08/2008 11:54 <REP> Internet Explorer
29/08/2006 16:22 <REP> InterVideo
13/02/2006 13:14 <REP> Java
28/02/2007 20:17 <REP> Le Petit MOURRE
27/03/2008 09:10 <REP> Learning Essentials
18/05/2008 12:02 <REP> LG Electronics
18/05/2008 12:02 <REP> LG PC Suite 2
29/08/2008 11:40 <REP> Malwarebytes' Anti-Malware
16/08/2008 11:57 <REP> Messenger
06/09/2008 16:23 <REP> Messenger Plus! Live
26/03/2008 21:05 <REP> Microsoft CAPICOM 2.1.0.2
09/12/2007 14:57 <REP> Microsoft Etudes
13/02/2006 13:15 <REP> microsoft frontpage
02/02/2008 11:19 <REP> Microsoft Office
13/02/2006 13:16 <REP> Microsoft.NET
13/02/2006 13:16 <REP> Movie Maker
28/08/2008 19:24 <REP> Mozilla Firefox
13/02/2006 13:16 <REP> MSN
13/02/2006 13:16 <REP> MSN Gaming Zone
01/03/2008 16:38 <REP> MSN Messenger
03/02/2008 11:48 <REP> MSXML 6.0
13/02/2006 13:16 <REP> NetMeeting
13/02/2006 13:17 <REP> Online Services
06/07/2007 14:20 <REP> Outlook Express
08/12/2006 14:33 <REP> PowerISO
13/05/2007 12:36 <REP> QuickTime
12/03/2007 22:35 <REP> Real
13/02/2006 13:17 <REP> Realtek
25/04/2007 11:04 <REP> SAGEM
11/01/2007 21:28 <REP> SAGEM F@st 800-840
23/09/2006 19:13 <REP> Satsuki Decoder Pack
13/02/2006 13:17 <REP> Services en ligne
23/06/2007 13:37 <REP> Sims 2 Collection Maker
23/08/2007 10:41 <REP> Softissimo
06/09/2008 16:45 <REP> Spybot - Search & Destroy
06/09/2008 16:33 <REP> Spyware Doctor
24/06/2008 14:36 <REP> StepMania
06/09/2008 16:21 <REP> SUPERAntiSpyware
02/02/2008 11:39 <REP> Symantec
13/02/2006 13:18 <REP> Synaptics
12/05/2007 20:40 <REP> Timeline Interactive
23/06/2007 10:02 <REP> Toshiba
06/09/2008 17:00 <REP> Trend Micro
27/02/2007 19:55 <REP> VideoLAN
25/04/2007 11:34 <REP> Wanadoo
23/12/2007 20:27 <REP> Winamp
01/03/2008 16:38 <REP> Windows Live
26/03/2008 23:13 <REP> Windows Live Safety Center
24/09/2006 10:29 <REP> Windows Media Player
13/02/2006 13:19 <REP> Windows NT
01/03/2007 23:30 <REP> WinRAR
13/02/2006 13:19 <REP> xerox
0 fichier(s) 0 octets
74 Rép(s) 40 304 672 768 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 641D-53F4
Répertoire de C:\Program Files\fichiers communs
01/03/2008 16:37 <REP> .
01/03/2008 16:37 <REP> ..
10/06/2008 14:51 <REP> Adobe
09/12/2007 12:26 <REP> Adobe Systems Shared
22/04/2007 19:07 <REP> Ahead
01/09/2006 21:53 <REP> DESIGNER
23/09/2006 09:59 278 528 FDEUnInstaller.exe
25/12/2006 16:42 <REP> Hewlett-Packard
25/12/2006 16:46 <REP> HP
13/02/2006 13:12 <REP> InstallShield
13/02/2006 13:12 <REP> Java
11/08/2008 21:34 <REP> Microsoft Shared
13/02/2006 13:13 <REP> MSSoap
13/02/2006 13:13 <REP> ODBC
13/03/2007 10:25 <REP> Real
13/02/2006 13:13 <REP> Services
13/02/2006 13:13 <REP> SpeechEngines
02/02/2008 11:41 <REP> Symantec Shared
06/07/2007 14:20 <REP> System
28/08/2008 18:34 <REP> Wise Installation Wizard
1 fichier(s) 278 528 octets
19 Rép(s) 40 304 672 768 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 641D-53F4
Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders
02/08/2008 10:14 <REP> .
02/08/2008 10:14 <REP> ..
13/02/2006 13:12 <REP> 1033
02/08/2008 10:14 <REP> 1036
20/09/2005 12:33 1 293 008 MSONSEXT.DLL
22/03/2007 19:29 39 256 MSOSV.DLL
03/06/1999 13:09 122 937 MSOWS409.DLL
07/03/2001 08:00 127 033 MSOWS40c.DLL
11/07/2003 03:25 80 448 PKMWS.DLL
5 fichier(s) 1 662 682 octets
4 Rép(s) 40 304 672 768 octets libres
c:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.321\English\setup.exe
c:\Documents and Settings\Justine\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe
c:\Documents and Settings\Justine\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr710_fr_FR.exe
c:\Documents and Settings\Justine\Bureau\antivir_workstation_winu_en_h.exe
c:\Documents and Settings\Justine\Bureau\HJTInstall.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix.exe
c:\Documents and Settings\Justine\Bureau\zaSetup_fr.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\catchme.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\diff.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\dumphive.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\find2.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\Fport.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\grep.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\gzip.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\LFiles.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\md5sums.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\pslist.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\sigcheck.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\streams.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\swreg.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\tar.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\404Fix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\AntiXPVSTFix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\dumphive.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\exit.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\GenericRenosFix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\HostsChk.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\IEDFix.C.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\IEDFix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\Policies.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\Process.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\Reboot.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\restart.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\SmiUpdate.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\SrchSTS.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\swreg.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\swsc.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\swxcacls.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\UIFix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\unzip.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\VACFix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\VCCLSID.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\WS2Fix.exe
c:\Documents and Settings\Justine\Local Settings\Temp\SSUPDATE.EXE
c:\Documents and Settings\Justine\Mes documents\Games\rom\PoKémon\Visual_Boy_Advance_V1.7.2_win_Fr\VisualBoyAdvance.exe
c:\Documents and Settings\Justine\Mes documents\Ma musique\Musique\Grease - Soundtrack\Grease\Multimedia\GREASE.EXE
c:\Documents and Settings\Justine\Mes documents\Ma musique\Musique\Grease - Soundtrack\Grease\Multimedia\VFW11E\SETUP.EXE
c:\Documents and Settings\Administrateur\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10000.dll
c:\Documents and Settings\Administrateur\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10001.dll
c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\Justine\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
c:\Documents and Settings\Justine\Application Data\Mozilla\Firefox\Profiles\ntkjgpgm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
c:\Documents and Settings\Justine\Application Data\Mozilla\Firefox\Profiles\ntkjgpgm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
c:\Documents and Settings\Justine\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10000.dll
c:\Documents and Settings\Justine\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10001.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_JUSTINE.tar.gz a l'adresse http://upload.malekal.com
DiagHelp version v1.4 - http://www.malekal.com
excute le 06/09/2008 à 22:53:07,40
Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\GUARDGUI.EXE-2C20A958.pf -->06/09/2008 16:42:58
C:\WINDOWS\prefetch\PCTSGUI.EXE-281B8AB7.pf -->06/09/2008 16:42:10
C:\WINDOWS\prefetch\UPDATE.EXE-1A7E7F45.pf -->06/09/2008 16:42:01
C:\WINDOWS\prefetch\AVWSC.EXE-347FCF75.pf -->06/09/2008 16:41:52
C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->06/09/2008 16:33:28
C:\WINDOWS\prefetch\WMIADAP.EXE-2DF425B2.pf -->06/09/2008 16:33:27
C:\WINDOWS\prefetch\PCTSAUXS.EXE-1E8D77A6.pf -->06/09/2008 16:32:58
C:\WINDOWS\prefetch\PCTSTRAY.EXE-29391146.pf -->06/09/2008 16:32:53
C:\WINDOWS\prefetch\PCTSSVC.EXE-3A239962.pf -->06/09/2008 16:32:52
C:\WINDOWS\prefetch\UNZIP.EXE-08434430.pf -->06/09/2008 16:32:46
C:\WINDOWS\System32\drivers\556a2dc3.sys -->29/08/2008 11:22:04
C:\WINDOWS\System32\drivers\iksyssec.sys -->25/08/2008 11:36:30
C:\WINDOWS\System32\drivers\iksysflt.sys -->25/08/2008 11:36:28
C:\WINDOWS\System32\drivers\ikfilesec.sys -->25/08/2008 11:36:28
C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->17/08/2008 15:01:18
C:\WINDOWS\System32\drivers\mbam.sys -->17/08/2008 15:01:14
C:\WINDOWS\System32\drivers\aswFsBlk.sys -->19/07/2008 16:37:42
C:\WINDOWS\System32\tmp.txt -->06/09/2008 21:23:54
C:\WINDOWS\System32\tmp.reg -->06/09/2008 21:23:54
C:\WINDOWS\System32\wpa.dbl -->06/09/2008 21:20:28
C:\WINDOWS\System32\PerfStringBackup.INI -->06/09/2008 16:33:35
C:\WINDOWS\System32\perfh00C.dat -->06/09/2008 16:33:35
C:\WINDOWS\System32\perfh009.dat -->06/09/2008 16:33:35
C:\WINDOWS\System32\perfc00C.dat -->06/09/2008 16:33:35
C:\WINDOWS\System32\perfc009.dat -->06/09/2008 16:33:35
C:\WINDOWS\System32\AntiXPVSTFix.exe -->02/09/2008 23:58:33
C:\WINDOWS\System32\VACFix.exe -->02/09/2008 16:51:48
C:\WINDOWS\System32\IEDFix.C.exe -->28/08/2008 22:36:57
C:\WINDOWS\System32\404Fix.exe -->18/08/2008 12:19:03
C:\WINDOWS\System32\TZLog.log -->16/08/2008 11:55:18
C:\WINDOWS\System32\FNTCACHE.DAT -->12/08/2008 13:09:31
C:\WINDOWS\System32\MRT.exe -->05/08/2008 20:11:01
C:\WINDOWS\System32\CONFIG.NT -->01/08/2008 19:55:36
C:\WINDOWS\System32\aswBoot.exe -->19/07/2008 16:43:08
C:\WINDOWS\System32\AvastSS.scr -->19/07/2008 16:30:53
C:\WINDOWS\System32\cdm.dll -->18/07/2008 22:10:48
C:\WINDOWS\System32\wuauclt.exe -->18/07/2008 22:10:42
C:\WINDOWS\System32\wups2.dll -->18/07/2008 22:10:40
C:\WINDOWS\System32\wucltui.dll.mui -->18/07/2008 22:10:36
C:\WINDOWS\System32\wups.dll -->18/07/2008 22:10:20
C:\WINDOWS\System32\wuaucpl.cpl.mui -->18/07/2008 22:09:56
C:\WINDOWS\System32\wucltui.dll -->18/07/2008 22:09:46
C:\WINDOWS\WindowsUpdate.log -->06/09/2008 22:52:07
C:\WINDOWS\bootstat.dat -->06/09/2008 21:18:52
C:\WINDOWS\win.ini -->28/08/2008 15:46:02
C:\WINDOWS\system.ini -->28/08/2008 15:46:02
C:\WINDOWS\QTFont.qfn -->20/08/2008 17:14:31
C:\WINDOWS\NeroDigital.ini -->16/08/2008 15:33:08
C:\WINDOWS\SIERRA.INI -->30/03/2008 16:53:27
C:\WINDOWS\ModemLog_Modem standard 33600 bps.txt -->30/11/2007 19:38:09
C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt -->30/11/2007 19:38:03
C:\WINDOWS\QTFont.for -->30/11/2007 15:58:53
C:\WINDOWS\aopr.ini -->23/06/2007 16:30:24
C:\WINDOWS\_MSRSTRT.EXE -->23/06/2007 14:06:07
C:\WINDOWS\aoxppr.ini -->23/06/2007 14:05:41
C:\WINDOWS\explorer.exe -->13/06/2007 15:22:28
C:\WINDOWS\tosOBEX.INI -->15/05/2007 16:43:08
winlogon.exe
svchost.exe
ws2_32.dll
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
explorer.exe pid: 228
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
0x44080000 0xd0000 7.00.6000.16705 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16705 C:\WINDOWS\system32\iertutil.dll
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x636e0000 0x29000 6.00.0000.0002 C:\Program Files\Spyware Doctor\smumhook.dll
0x5a000000 0x1f000 6.00.0000.0000 C:\Program Files\Spyware Doctor\klg.dat
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x44360000 0x5cd000 7.00.6000.16705 C:\WINDOWS\system32\ieframe.dll
0x44160000 0x127000 7.00.6000.16705 C:\WINDOWS\system32\urlmon.dll
0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
0x10000000 0x14000 1.00.0000.1012 C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
0x00c10000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
0x016b0000 0x2c000 C:\Program Files\WinRAR\rarext.dll
0x00c00000 0xf000 1.00.0000.1004 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
0x016e0000 0x12000 7.00.0000.0015 C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL
0x02180000 0x56000 7.10.3052.0004 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll
0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\system32\MFC71FRA.DLL
0x02300000 0x37000 3.05.0000.0000 C:\Program Files\PowerISO\PWRISOSH.DLL
0x021e0000 0x12000 1.01.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
0x64f00000 0x12000 4.08.1227.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
winlogon.exe pid: 808
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x82000 \??\C:\WINDOWS\system32\winlogon.exe
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x10000000 0x99000 1.00.0000.1048 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
0x44080000 0xd0000 7.00.6000.16705 C:\WINDOWS\system32\WININET.dll
0x00de0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16705 C:\WINDOWS\system32\iertutil.dll
0x00f50000 0x11000 6.14.0010.4124 C:\WINDOWS\system32\Ati2evxx.dll
0x010e0000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x636e0000 0x29000 6.00.0000.0002 C:\Program Files\Spyware Doctor\smumhook.dll
0x5a000000 0x1f000 6.00.0000.0000 C:\Program Files\Spyware Doctor\klg.dat
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 641D-53F4
Répertoire de C:\WINDOWS\system32
05/08/2004 13:00 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 40 314 417 152 octets libres
Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 641D-53F4
Répertoire de C:\WINDOWS\Downloaded Program Files
23/09/2006 10:49 <REP> .
23/09/2006 10:49 <REP> ..
16/01/2006 18:36 65 desktop.ini
26/05/2005 04:19 291 wuweb.inf
2 fichier(s) 356 octets
Total des fichiers listés :
2 fichier(s) 356 octets
2 Rép(s) 40 314 417 152 octets libres
Recherche de rootkit! (Merci S!Ri)
Recherche d'infections connues
Export des clefs sensibles..
Liste des fichiers en exception sur le pare-feu XP SP2
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Justine\\Local Settings\\Temp\\.tt22.tmp"="C:\\Documents and Settings\\Justine\\Local Settings\\Temp\\.tt22.tmp:*:Enabled:enable"
"C:\\WINDOWS\\system32\\sysrest32.exe"="C:\\WINDOWS\\system32\\sysrest32.exe:*:Enabled:enable"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Export de la clef SharedTaskScheduler
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
exports des policies
REGEDIT4
[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-06 22:53:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:b9,c2,93,2d,b3,bd,14,8c,04,f3,a3,11,90,47,05,c9,7f,b0,95,f6,0d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:2e,eb,5a,55,73,53,95,62,50,1c,cf,69,a9,71,a4,c6,1a,89,be,16,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7d,5a,fb,17,9a,19,96,6c,45,d0,8d,fa,2b,a2,bd,e9,83,..
"khjeh"=hex:af,02,fb,35,e5,09,f8,25,21,d9,d3,19,f6,e0,5a,4d,7b,aa,4c,83,13,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1c,95,da,08,af,a7,e0,ad,48,58,86,e5,7e,9a,21,d8,ff,c4,75,e2,ba,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2da7b4db
"s2"=dword:6e01368e
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:b9,c2,93,2d,b3,bd,14,8c,04,f3,a3,11,90,47,05,c9,7f,b0,95,f6,0d,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:2e,eb,5a,55,73,53,95,62,50,1c,cf,69,a9,71,a4,c6,1a,89,be,16,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7d,5a,fb,17,9a,19,96,6c,45,d0,8d,fa,2b,a2,bd,e9,83,..
"khjeh"=hex:af,02,fb,35,e5,09,f8,25,21,d9,d3,19,f6,e0,5a,4d,7b,aa,4c,83,13,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1c,95,da,08,af,a7,e0,ad,48,58,86,e5,7e,9a,21,d8,ff,c4,75,e2,ba,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:b9,c2,93,2d,b3,bd,14,8c,04,f3,a3,11,90,47,05,c9,7f,b0,95,f6,0d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000001
"khjeh"=hex:2e,eb,5a,55,73,53,95,62,50,1c,cf,69,a9,71,a4,c6,1a,89,be,16,00,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7d,5a,fb,17,9a,19,96,6c,45,d0,8d,fa,2b,a2,bd,e9,83,..
"khjeh"=hex:af,02,fb,35,e5,09,f8,25,21,d9,d3,19,f6,e0,5a,4d,7b,aa,4c,83,13,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:1c,95,da,08,af,a7,e0,ad,48,58,86,e5,7e,9a,21,d8,ff,c4,75,e2,ba,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden services: 0
hidden files: 0
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Error loading kernel support driver!
Make sure you are running this as Administrator.
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Error loading kernel support driver!
Make sure you are running this as Administrator.
Liste des programmes installes
802.11 USB Wireless LAN Adapter
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Photoshop CS2
Adobe Reader 7.1.0 - Français
Adobe Shockwave Player
Adobe Stock Photos 1.0
AiO_Scan_CDA
AiOSoftwareNPI
Apple Software Update
Archiveur WinRAR
Assist TOSHIBA
Assistant de connexion Windows Live
ATI - Utilitaire de désinstallation du logiciel
ATI Catalyst Control Center
ATI Display Driver
avast! Antivirus
Avira AntiVir Personal - Free Antivirus
Azureus
Bluetooth Stack for Windows by Toshiba
BufferChm
C3100 c3100_Help
CCleaner (remove only)
CEP - Color Enable Package
Commandes TOSHIBA
Correctif pour Windows Internet Explorer 7 (KB947864)
Correctif Windows XP - KB884018
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
eMule
eSupportQFolder
Fax_CDA
Formatage de carte mémoire SD TOSHIBA
Gestion d'énergie TOSHIBA
HijackThis 2.0.2
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
InstantShareDevicesMFC
Intel(R) PRO Network Connections Drivers
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
J2SE Runtime Environment 5.0 Update 4
Le Petit MOURRE
Lecteur Windows Media 10
Les Indispensables Éducation pour Microsoft Office
Les Sims 2
Les Sims 2 : Nuits de Folie
Les Sims 2 Fun en Famille Kit
Les Sims 2 : La bonne affaire
Les Sims™ 2 Animaux & Cie
Les Sims™ 2 H&M® Fashion Kit
Les Sims™ 2 Jour de fête ! Kit
Les Sims™ 2 Kit Glamour
Les Sims™ 2 Quartier Libre
Les Sims™ 2 Tout pour les ados Kit
Les Sims™ 2 Au fil des saisons
Les Sims™ 2 Bon Voyage
Lexibase Collins Français-Anglais
LG PC Suite
LG USB Modem driver [KU580]
livebox
Logiciel Intel(R) PROSet/Wireless
Macromedia Flash Player
Malwarebytes' Anti-Malware
Manuels TOSHIBA
MarketResearch
mCore
mDrWiFi
Messenger Plus! Live
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Language Pack - FRA
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Encarta 2007 - Études
Microsoft Encarta Maths
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)
Mise à jour Encarta_Les Indispensables Éducation
mIWA
mLogView
mMHouse
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
Module sécurisé SD
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mXML
mZConfig
Nero 6 Ultra Edition
NewCopy_CDA
OCR Software by I.R.I.S 7.0
Outil de diagnostic PC TOSHIBA
PanoStandAlone
PowerISO
ProductContextNPI
QuickTime
Readme
Realtek High Definition Audio Driver
Réducteur de bruit lect. CD/DVD
SAGEM F@st 800-840
Satsuki Decoder Pack
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
SolutionCenter
Son virtuel TOSHIBA
Sonic DLA
Sony USB Driver
Spyware Doctor 6.0
Status
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
The Sims 2 University
Toolbox
TOSHIBA ConfigFree
TOSHIBA Hotkey Utility
TOSHIBA Software Modem
TOSHIBA TouchPad ON/Off Utility
TOSHIBA Utilities
TrayApp
Unload
Utilitaire de zoom TOSHIBA
VideoLAN VLC media player 0.8.6a
WebFldrs XP
WebReg
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Format Runtime
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 641D-53F4
Répertoire de C:\Program Files
06/09/2008 17:00 <REP> .
06/09/2008 17:00 <REP> ..
17/05/2007 16:35 <REP> 1964
09/12/2007 12:35 <REP> Adobe
22/04/2007 19:07 <REP> Ahead
22/09/2006 09:23 <REP> Alcohol Soft
10/04/2008 14:44 <REP> Alwil Software
13/05/2007 12:35 <REP> Apple Software Update
13/02/2006 13:12 <REP> ATI Technologies
06/09/2008 16:25 <REP> Avira
23/06/2008 14:45 <REP> Azureus
02/09/2007 21:56 <REP> CCleaner
16/01/2006 18:35 <REP> ComPlus Applications
01/06/2007 20:53 <REP> DAEMON Tools
01/03/2008 19:14 <REP> EA GAMES
23/06/2007 16:10 <REP> ElcomSoft
18/08/2008 15:00 <REP> eMule
28/08/2008 17:05 <REP> Enigma Software Group
01/03/2008 16:37 <REP> Fichiers communs
07/08/2007 14:55 <REP> Hewlett-Packard
25/12/2006 16:46 <REP> HP
29/08/2006 16:23 <REP> Intel
16/08/2008 11:54 <REP> Internet Explorer
29/08/2006 16:22 <REP> InterVideo
13/02/2006 13:14 <REP> Java
28/02/2007 20:17 <REP> Le Petit MOURRE
27/03/2008 09:10 <REP> Learning Essentials
18/05/2008 12:02 <REP> LG Electronics
18/05/2008 12:02 <REP> LG PC Suite 2
29/08/2008 11:40 <REP> Malwarebytes' Anti-Malware
16/08/2008 11:57 <REP> Messenger
06/09/2008 16:23 <REP> Messenger Plus! Live
26/03/2008 21:05 <REP> Microsoft CAPICOM 2.1.0.2
09/12/2007 14:57 <REP> Microsoft Etudes
13/02/2006 13:15 <REP> microsoft frontpage
02/02/2008 11:19 <REP> Microsoft Office
13/02/2006 13:16 <REP> Microsoft.NET
13/02/2006 13:16 <REP> Movie Maker
28/08/2008 19:24 <REP> Mozilla Firefox
13/02/2006 13:16 <REP> MSN
13/02/2006 13:16 <REP> MSN Gaming Zone
01/03/2008 16:38 <REP> MSN Messenger
03/02/2008 11:48 <REP> MSXML 6.0
13/02/2006 13:16 <REP> NetMeeting
13/02/2006 13:17 <REP> Online Services
06/07/2007 14:20 <REP> Outlook Express
08/12/2006 14:33 <REP> PowerISO
13/05/2007 12:36 <REP> QuickTime
12/03/2007 22:35 <REP> Real
13/02/2006 13:17 <REP> Realtek
25/04/2007 11:04 <REP> SAGEM
11/01/2007 21:28 <REP> SAGEM F@st 800-840
23/09/2006 19:13 <REP> Satsuki Decoder Pack
13/02/2006 13:17 <REP> Services en ligne
23/06/2007 13:37 <REP> Sims 2 Collection Maker
23/08/2007 10:41 <REP> Softissimo
06/09/2008 16:45 <REP> Spybot - Search & Destroy
06/09/2008 16:33 <REP> Spyware Doctor
24/06/2008 14:36 <REP> StepMania
06/09/2008 16:21 <REP> SUPERAntiSpyware
02/02/2008 11:39 <REP> Symantec
13/02/2006 13:18 <REP> Synaptics
12/05/2007 20:40 <REP> Timeline Interactive
23/06/2007 10:02 <REP> Toshiba
06/09/2008 17:00 <REP> Trend Micro
27/02/2007 19:55 <REP> VideoLAN
25/04/2007 11:34 <REP> Wanadoo
23/12/2007 20:27 <REP> Winamp
01/03/2008 16:38 <REP> Windows Live
26/03/2008 23:13 <REP> Windows Live Safety Center
24/09/2006 10:29 <REP> Windows Media Player
13/02/2006 13:19 <REP> Windows NT
01/03/2007 23:30 <REP> WinRAR
13/02/2006 13:19 <REP> xerox
0 fichier(s) 0 octets
74 Rép(s) 40 304 672 768 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 641D-53F4
Répertoire de C:\Program Files\fichiers communs
01/03/2008 16:37 <REP> .
01/03/2008 16:37 <REP> ..
10/06/2008 14:51 <REP> Adobe
09/12/2007 12:26 <REP> Adobe Systems Shared
22/04/2007 19:07 <REP> Ahead
01/09/2006 21:53 <REP> DESIGNER
23/09/2006 09:59 278 528 FDEUnInstaller.exe
25/12/2006 16:42 <REP> Hewlett-Packard
25/12/2006 16:46 <REP> HP
13/02/2006 13:12 <REP> InstallShield
13/02/2006 13:12 <REP> Java
11/08/2008 21:34 <REP> Microsoft Shared
13/02/2006 13:13 <REP> MSSoap
13/02/2006 13:13 <REP> ODBC
13/03/2007 10:25 <REP> Real
13/02/2006 13:13 <REP> Services
13/02/2006 13:13 <REP> SpeechEngines
02/02/2008 11:41 <REP> Symantec Shared
06/07/2007 14:20 <REP> System
28/08/2008 18:34 <REP> Wise Installation Wizard
1 fichier(s) 278 528 octets
19 Rép(s) 40 304 672 768 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 641D-53F4
Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders
02/08/2008 10:14 <REP> .
02/08/2008 10:14 <REP> ..
13/02/2006 13:12 <REP> 1033
02/08/2008 10:14 <REP> 1036
20/09/2005 12:33 1 293 008 MSONSEXT.DLL
22/03/2007 19:29 39 256 MSOSV.DLL
03/06/1999 13:09 122 937 MSOWS409.DLL
07/03/2001 08:00 127 033 MSOWS40c.DLL
11/07/2003 03:25 80 448 PKMWS.DLL
5 fichier(s) 1 662 682 octets
4 Rép(s) 40 304 672 768 octets libres
c:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.321\English\setup.exe
c:\Documents and Settings\Justine\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe
c:\Documents and Settings\Justine\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr710_fr_FR.exe
c:\Documents and Settings\Justine\Bureau\antivir_workstation_winu_en_h.exe
c:\Documents and Settings\Justine\Bureau\HJTInstall.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix.exe
c:\Documents and Settings\Justine\Bureau\zaSetup_fr.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\catchme.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\diff.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\dumphive.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\find2.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\Fport.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\grep.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\gzip.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\LFiles.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\md5sums.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\pslist.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\sigcheck.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\streams.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\swreg.exe
c:\Documents and Settings\Justine\Bureau\DiagHelp\DiagHelp\tar.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\404Fix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\AntiXPVSTFix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\dumphive.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\exit.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\GenericRenosFix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\HostsChk.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\IEDFix.C.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\IEDFix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\Policies.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\Process.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\Reboot.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\restart.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\SmiUpdate.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\SrchSTS.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\swreg.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\swsc.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\swxcacls.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\UIFix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\unzip.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\VACFix.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\VCCLSID.exe
c:\Documents and Settings\Justine\Bureau\SmitfraudFix\WS2Fix.exe
c:\Documents and Settings\Justine\Local Settings\Temp\SSUPDATE.EXE
c:\Documents and Settings\Justine\Mes documents\Games\rom\PoKémon\Visual_Boy_Advance_V1.7.2_win_Fr\VisualBoyAdvance.exe
c:\Documents and Settings\Justine\Mes documents\Ma musique\Musique\Grease - Soundtrack\Grease\Multimedia\GREASE.EXE
c:\Documents and Settings\Justine\Mes documents\Ma musique\Musique\Grease - Soundtrack\Grease\Multimedia\VFW11E\SETUP.EXE
c:\Documents and Settings\Administrateur\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10000.dll
c:\Documents and Settings\Administrateur\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10001.dll
c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\Justine\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
c:\Documents and Settings\Justine\Application Data\Mozilla\Firefox\Profiles\ntkjgpgm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
c:\Documents and Settings\Justine\Application Data\Mozilla\Firefox\Profiles\ntkjgpgm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
c:\Documents and Settings\Justine\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10000.dll
c:\Documents and Settings\Justine\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10001.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_JUSTINE.tar.gz a l'adresse http://upload.malekal.com
ah bien voilà on la vois la maline
Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Déconnecte toi d'internet et ferme toutes tes applications.
* Désactive tes protections (antivirus, parefeu,antispyware) provisoirement et seulement le temps de l'utilisation de ComboFix,
* Double-clic sur combofix.exe, il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
* /! Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne /!
* Attends que Combofix ait terminé, un rapport sera créé.
* réactive ton parefeu, ton antivirus, la garde de ton antispyware
* copie/colle le rapport, le rapport se trouve dans : C:Combofix.txt
* Réactive tes protections en temps réel, Antivirus, Antispywares, avant de te reconnecter à internet.
Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Déconnecte toi d'internet et ferme toutes tes applications.
* Désactive tes protections (antivirus, parefeu,antispyware) provisoirement et seulement le temps de l'utilisation de ComboFix,
* Double-clic sur combofix.exe, il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
* /! Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne /!
* Attends que Combofix ait terminé, un rapport sera créé.
* réactive ton parefeu, ton antivirus, la garde de ton antispyware
* copie/colle le rapport, le rapport se trouve dans : C:Combofix.txt
* Réactive tes protections en temps réel, Antivirus, Antispywares, avant de te reconnecter à internet.
Tout d'abord merci beaucoup pour ton aide. Je voulais savoir si c'est normal que le scan soit très long (presque une heure maintenant). Je n'est touché à rien depuis le début du scan, le pc à redémarrer et depuis il est bloqué sur "compte rendu en cours de préparation, ne lancer aucun programme tant que combofix n'est pas fini " avec un tiret qui clignote en dessous.
Est ce que c'est normal ou est ce qu'il y a eu un bug?
Désolé pour mon inexpérience mais je m'inquiéte!!!
Est ce que c'est normal ou est ce qu'il y a eu un bug?
Désolé pour mon inexpérience mais je m'inquiéte!!!
c 'est bon voivi le scan
ComboFix 08-09-05.02 - Justine 2008-09-07 15:17:22.2 - NTFSx86 NETWORK
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.801 [GMT 2:00]
Endroit: C:\Documents and Settings\Justine\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV
-------\Service_poof
-------\Service_tdssserv
((((((((((((((((((((((((((((( Fichiers créés 2008-08-07 to 2008-09-07 ))))))))))))))))))))))))))))))))))))
.
2008-09-06 22:54 . 2008-09-06 22:54 9,705,579 --a------ C:\upload_moi_JUSTINE.tar.gz
2008-09-06 17:00 . 2008-09-06 17:00 <REP> d-------- C:\Program Files\Trend Micro
2008-09-06 16:32 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-09-06 16:32 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-09-06 16:32 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-09-06 16:32 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-09-06 16:31 . 2008-09-06 16:33 <REP> d-------- C:\Program Files\Spyware Doctor
2008-09-06 16:31 . 2008-09-06 16:31 <REP> d-------- C:\Documents and Settings\Justine\Application Data\PC Tools
2008-09-06 16:25 . 2008-09-06 16:25 <REP> d-------- C:\Program Files\Avira
2008-09-06 16:25 . 2008-09-06 16:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-04 21:19 . 2008-09-06 16:45 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-04 21:19 . 2008-09-06 16:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-29 12:25 . 2008-08-29 12:25 <REP> d-------- C:\WINDOWS\ERUNT
2008-08-29 11:40 . 2008-08-29 11:40 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-29 11:40 . 2008-08-29 11:40 <REP> d-------- C:\Documents and Settings\Justine\Application Data\Malwarebytes
2008-08-29 11:40 . 2008-08-29 11:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-29 11:40 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-29 11:40 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-29 11:03 . 2008-08-29 11:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SUPERAntiSpyware.com
2008-08-28 18:54 . 2008-08-28 19:48 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-28 18:34 . 2008-09-06 16:21 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-28 18:34 . 2008-08-28 18:34 <REP> d-------- C:\Documents and Settings\Justine\Application Data\SUPERAntiSpyware.com
2008-08-28 18:34 . 2008-08-28 18:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-28 18:20 . 2008-08-28 18:20 <REP> d-------- C:\Documents and Settings\Justine\Application Data\Grisoft
2008-08-28 18:20 . 2008-08-28 18:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-08-28 17:48 . 2008-09-07 10:50 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-28 17:20 . 2008-08-28 17:20 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Talkback
2008-08-28 17:05 . 2008-08-28 17:05 <REP> d-------- C:\Program Files\Enigma Software Group
2008-08-28 09:33 . 2006-02-13 13:04 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-08-28 09:33 . 2006-08-29 16:22 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-08-28 09:33 . 2006-01-16 19:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-08-28 09:33 . 2006-02-13 13:04 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-08-28 09:33 . 2006-02-13 13:04 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-08-28 09:33 . 2006-02-13 13:04 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-08-28 09:33 . 2006-02-13 13:03 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-08-28 09:33 . 2008-08-29 11:16 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-08-28 09:33 . 2006-02-13 13:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\toshiba
2008-08-28 09:33 . 2006-02-13 13:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sonic
2008-08-28 09:33 . 2006-08-29 16:22 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel
2008-08-28 09:33 . 2006-02-13 13:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ATI
2008-08-28 09:33 . 2008-08-28 09:33 <REP> d-------- C:\Documents and Settings\Administrateur
2008-08-24 16:26 . 2008-08-29 11:22 86,804 --a------ C:\WINDOWS\system32\drivers\556a2dc3.sys
2008-08-15 20:59 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-06 19:23 1,510 ----a-w C:\WINDOWS\system32\tmp.reg
2008-09-06 14:23 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-02 21:58 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-02 14:51 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-08-28 20:36 82,432 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
2008-08-28 16:34 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-08-18 13:00 --------- d-----w C:\Program Files\eMule
2008-08-18 10:19 82,432 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-08-12 20:27 --------- d-----w C:\Documents and Settings\Justine\Application Data\Azureus
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:18 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2006-09-23 07:59 278,528 -c--a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.
------- Sigcheck -------
2008-04-14 04:34 14336 e4bdf223cd75478bf44567b4d5c2634d C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\svchost.exe
2004-08-05 13:00 17408 e10254428fff9cd12ed29d3dbcfb4d53 C:\WINDOWS\system32\svchost.exe
2008-04-14 04:34 512000 dd73d6b9f6b4cb630cf35b438b540174 C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\winlogon.exe
2004-08-05 13:00 510464 9de86ca5059f94cec98bd279474261cc C:\WINDOWS\system32\winlogon.exe
2007-06-13 15:22 1039872 6774bd7f38465fecdbe88db8fe762fa7 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\explorer.exe
2008-04-14 04:34 109056 54cb50058851d95e56ec70d09f70857f C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\services.exe
2004-08-05 13:00 110592 1508d377147923d69343cb60bbdd0c63 C:\WINDOWS\system32\services.exe
2008-04-14 04:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\lsass.exe
2004-08-05 13:00 14848 e377fc401c6696bf48f5beacb6dcd8fd C:\WINDOWS\system32\lsass.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-06 1576176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]
C:\Documents and Settings\Justine\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide de Microsoft Office OneNote 2003.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VP40"= vp4vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Justine^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\Justine\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a--c--- 2007-04-04 00:29 165784 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2006-02-19 03:41 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07FXLRD_13069265]
--a------ 2006-06-13 18:11 351000 C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
S1 556a2dc3;556a2dc3;C:\WINDOWS\system32\drivers\556a2dc3.sys [2008-08-29 86804]
S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S3 e9637c0e-8e0f-480f-a798-fc1387b2d5fe;e9637c0e-8e0f-480f-a798-fc1387b2d5fe;D:\Player\cds300.dll [ ]
S3 lg3gbus;LGE KU580 driver (WDM);C:\WINDOWS\system32\DRIVERS\lg3gbus.sys [2007-04-26 83080]
S3 lg3gmdfl;LGE KU580 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\lg3gmdfl.sys [2007-04-26 15112]
S3 lg3gmdm;LGE KU580 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\lg3gmdm.sys [2007-04-26 108552]
S3 lg3gobex;LGE KU580 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\lg3gobex.sys [2007-04-26 98568]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 215040]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a23ae763-ef8d-11dc-bf9c-00a0d13d8e2d}]
\Shell\AutoRun\command - G:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fafd4b7e-4a0a-11db-bbf1-00a0d13d8e2d}]
\Shell\AutoRun\command - E:\AutoRun.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
.
- - - - ORPHANS REMOVED - - - -
SSODL-AHtwwebEK-{641D53F5-CEB7-F95F-6944-C8FA7BA4ACCC} - (no file)
MSConfigStartUp-lphcaw0j0er2j - C:\WINDOWS\system32\lphcaw0j0er2j.exe
MSConfigStartUp-SiteAdvisor - C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
MSConfigStartUp-SMrhcew0j0er2j - C:\Program Files\rhcew0j0er2j\rhcew0j0er2j.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Justine\Application Data\Mozilla\Firefox\Profiles\ntkjgpgm.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-07 15:20:49
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-09-07 15:22:02
ComboFix-quarantined-files.txt 2008-09-07 13:21:54
Pre-Run: 40,177,131,520 octets libres
Post-Run: 40,158,871,552 octets libres
203 --- E O F --- 2008-08-16 09:57:23
ComboFix 08-09-05.02 - Justine 2008-09-07 15:17:22.2 - NTFSx86 NETWORK
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.801 [GMT 2:00]
Endroit: C:\Documents and Settings\Justine\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV
-------\Service_poof
-------\Service_tdssserv
((((((((((((((((((((((((((((( Fichiers créés 2008-08-07 to 2008-09-07 ))))))))))))))))))))))))))))))))))))
.
2008-09-06 22:54 . 2008-09-06 22:54 9,705,579 --a------ C:\upload_moi_JUSTINE.tar.gz
2008-09-06 17:00 . 2008-09-06 17:00 <REP> d-------- C:\Program Files\Trend Micro
2008-09-06 16:32 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-09-06 16:32 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-09-06 16:32 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-09-06 16:32 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-09-06 16:31 . 2008-09-06 16:33 <REP> d-------- C:\Program Files\Spyware Doctor
2008-09-06 16:31 . 2008-09-06 16:31 <REP> d-------- C:\Documents and Settings\Justine\Application Data\PC Tools
2008-09-06 16:25 . 2008-09-06 16:25 <REP> d-------- C:\Program Files\Avira
2008-09-06 16:25 . 2008-09-06 16:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-04 21:19 . 2008-09-06 16:45 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-04 21:19 . 2008-09-06 16:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-29 12:25 . 2008-08-29 12:25 <REP> d-------- C:\WINDOWS\ERUNT
2008-08-29 11:40 . 2008-08-29 11:40 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-29 11:40 . 2008-08-29 11:40 <REP> d-------- C:\Documents and Settings\Justine\Application Data\Malwarebytes
2008-08-29 11:40 . 2008-08-29 11:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-29 11:40 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-29 11:40 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-29 11:03 . 2008-08-29 11:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SUPERAntiSpyware.com
2008-08-28 18:54 . 2008-08-28 19:48 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-28 18:34 . 2008-09-06 16:21 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-28 18:34 . 2008-08-28 18:34 <REP> d-------- C:\Documents and Settings\Justine\Application Data\SUPERAntiSpyware.com
2008-08-28 18:34 . 2008-08-28 18:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-28 18:20 . 2008-08-28 18:20 <REP> d-------- C:\Documents and Settings\Justine\Application Data\Grisoft
2008-08-28 18:20 . 2008-08-28 18:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-08-28 17:48 . 2008-09-07 10:50 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-28 17:20 . 2008-08-28 17:20 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Talkback
2008-08-28 17:05 . 2008-08-28 17:05 <REP> d-------- C:\Program Files\Enigma Software Group
2008-08-28 09:33 . 2006-02-13 13:04 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-08-28 09:33 . 2006-08-29 16:22 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-08-28 09:33 . 2006-01-16 19:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-08-28 09:33 . 2006-02-13 13:04 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-08-28 09:33 . 2006-02-13 13:04 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-08-28 09:33 . 2006-02-13 13:04 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-08-28 09:33 . 2006-02-13 13:03 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-08-28 09:33 . 2008-08-29 11:16 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-08-28 09:33 . 2006-02-13 13:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\toshiba
2008-08-28 09:33 . 2006-02-13 13:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sonic
2008-08-28 09:33 . 2006-08-29 16:22 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel
2008-08-28 09:33 . 2006-02-13 13:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ATI
2008-08-28 09:33 . 2008-08-28 09:33 <REP> d-------- C:\Documents and Settings\Administrateur
2008-08-24 16:26 . 2008-08-29 11:22 86,804 --a------ C:\WINDOWS\system32\drivers\556a2dc3.sys
2008-08-15 20:59 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-06 19:23 1,510 ----a-w C:\WINDOWS\system32\tmp.reg
2008-09-06 14:23 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-02 21:58 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-02 14:51 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-08-28 20:36 82,432 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
2008-08-28 16:34 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-08-18 13:00 --------- d-----w C:\Program Files\eMule
2008-08-18 10:19 82,432 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-08-12 20:27 --------- d-----w C:\Documents and Settings\Justine\Application Data\Azureus
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:18 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2006-09-23 07:59 278,528 -c--a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.
------- Sigcheck -------
2008-04-14 04:34 14336 e4bdf223cd75478bf44567b4d5c2634d C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\svchost.exe
2004-08-05 13:00 17408 e10254428fff9cd12ed29d3dbcfb4d53 C:\WINDOWS\system32\svchost.exe
2008-04-14 04:34 512000 dd73d6b9f6b4cb630cf35b438b540174 C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\winlogon.exe
2004-08-05 13:00 510464 9de86ca5059f94cec98bd279474261cc C:\WINDOWS\system32\winlogon.exe
2007-06-13 15:22 1039872 6774bd7f38465fecdbe88db8fe762fa7 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\explorer.exe
2008-04-14 04:34 109056 54cb50058851d95e56ec70d09f70857f C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\services.exe
2004-08-05 13:00 110592 1508d377147923d69343cb60bbdd0c63 C:\WINDOWS\system32\services.exe
2008-04-14 04:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\lsass.exe
2004-08-05 13:00 14848 e377fc401c6696bf48f5beacb6dcd8fd C:\WINDOWS\system32\lsass.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-06 1576176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]
C:\Documents and Settings\Justine\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide de Microsoft Office OneNote 2003.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VP40"= vp4vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Justine^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\Justine\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a--c--- 2007-04-04 00:29 165784 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2006-02-19 03:41 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07FXLRD_13069265]
--a------ 2006-06-13 18:11 351000 C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
S1 556a2dc3;556a2dc3;C:\WINDOWS\system32\drivers\556a2dc3.sys [2008-08-29 86804]
S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S3 e9637c0e-8e0f-480f-a798-fc1387b2d5fe;e9637c0e-8e0f-480f-a798-fc1387b2d5fe;D:\Player\cds300.dll [ ]
S3 lg3gbus;LGE KU580 driver (WDM);C:\WINDOWS\system32\DRIVERS\lg3gbus.sys [2007-04-26 83080]
S3 lg3gmdfl;LGE KU580 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\lg3gmdfl.sys [2007-04-26 15112]
S3 lg3gmdm;LGE KU580 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\lg3gmdm.sys [2007-04-26 108552]
S3 lg3gobex;LGE KU580 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\lg3gobex.sys [2007-04-26 98568]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 215040]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a23ae763-ef8d-11dc-bf9c-00a0d13d8e2d}]
\Shell\AutoRun\command - G:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fafd4b7e-4a0a-11db-bbf1-00a0d13d8e2d}]
\Shell\AutoRun\command - E:\AutoRun.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
.
- - - - ORPHANS REMOVED - - - -
SSODL-AHtwwebEK-{641D53F5-CEB7-F95F-6944-C8FA7BA4ACCC} - (no file)
MSConfigStartUp-lphcaw0j0er2j - C:\WINDOWS\system32\lphcaw0j0er2j.exe
MSConfigStartUp-SiteAdvisor - C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
MSConfigStartUp-SMrhcew0j0er2j - C:\Program Files\rhcew0j0er2j\rhcew0j0er2j.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Justine\Application Data\Mozilla\Firefox\Profiles\ntkjgpgm.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-07 15:20:49
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-09-07 15:22:02
ComboFix-quarantined-files.txt 2008-09-07 13:21:54
Pre-Run: 40,177,131,520 octets libres
Post-Run: 40,158,871,552 octets libres
203 --- E O F --- 2008-08-16 09:57:23
Bonjour très bien :)
Refais un nouveau rapport HijackThis stp ainsi qu'un nouveau DiagHelp et dit moi comment ce comporte ton PC
Refais un nouveau rapport HijackThis stp ainsi qu'un nouveau DiagHelp et dit moi comment ce comporte ton PC
voici les rapports
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:00:53, on 07/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\Player\__CDS2.dll (file missing)
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:00:53, on 07/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\Player\__CDS2.dll (file missing)
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
Oui en effet trois antivirus sur ton PC dur dur pour lui
tu as avast, norton et antivir
je te conseil vivement de garder antivir
utilise c'est outils pour la désinstallation de avast et de norton
avast ==> https://www.avast.com/fr-fr/uninstall-utility
Norton ==> http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924
ensuite
Télécharge ATF Cleaner par Atribune.
http://www.atribune.org/ccount/click.php?id=1
Double-clique ATF-Cleaner.exe afin de lancer le programme.
Sous l'onglet Main, choisis : Select All
Clique sur le bouton Empty Selected
Si tu utilises le navigateur Firefox :
Clique Firefox au haut et choisis : Select All
Clique le bouton Empty Selected
NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.
Si tu utilises le navigateur Opera :
Clique Opera au haut et choisis : Select All
Clique le bouton Empty Selected
NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.
Clique Exit, du menu principal, afin de fermer le programme.
Pour obtenir du Support technique, double-clique l'adresse électronique située au bas de chacun des menus.
tu as avast, norton et antivir
je te conseil vivement de garder antivir
utilise c'est outils pour la désinstallation de avast et de norton
avast ==> https://www.avast.com/fr-fr/uninstall-utility
Norton ==> http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924
ensuite
Télécharge ATF Cleaner par Atribune.
http://www.atribune.org/ccount/click.php?id=1
Double-clique ATF-Cleaner.exe afin de lancer le programme.
Sous l'onglet Main, choisis : Select All
Clique sur le bouton Empty Selected
Si tu utilises le navigateur Firefox :
Clique Firefox au haut et choisis : Select All
Clique le bouton Empty Selected
NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.
Si tu utilises le navigateur Opera :
Clique Opera au haut et choisis : Select All
Clique le bouton Empty Selected
NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.
Clique Exit, du menu principal, afin de fermer le programme.
Pour obtenir du Support technique, double-clique l'adresse électronique située au bas de chacun des menus.
