Infecté par 4 trojans
Résolu/Fermé
A voir également:
- Infecté par 4 trojans
- Code gta 4 ps4 - Guide
- Control center 4 - Télécharger - Divers Utilitaires
- L'ordinateur de mustapha a été infecté par un virus répertorié récemment. son anti-virus ne l'a pas détecté. qu'a-t-il pu se passer ? - Forum Virus
- Word diviser page en 4 ✓ - Forum Matériel & Système
- Motherlode sims 4 mac ✓ - Forum Jeux PC
40 réponses
ep44
Messages postés
7393
Date d'inscription
samedi 10 novembre 2007
Statut
Contributeur
Dernière intervention
11 novembre 2010
3
7 sept. 2008 à 23:35
7 sept. 2008 à 23:35
Bonsoir bubu
Ne t'inquiète pas je vais te guider et t'aider à désinfecter ton PC.(si c'est toujours le cas)
Télécharge sur le Bureau HijackThis
http://download.hijackthis.eu/HJTInstall.exe
= Double-clique sur dessus pour l'installer
= Clique sur Do a system scan and save the log
= Colle le rapport
si problème voir l'aide
http://www.swl1f.net/viewtopic.php?f=14&t=153&p=1100#p1100
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
@+
Ne t'inquiète pas je vais te guider et t'aider à désinfecter ton PC.(si c'est toujours le cas)
Télécharge sur le Bureau HijackThis
http://download.hijackthis.eu/HJTInstall.exe
= Double-clique sur dessus pour l'installer
= Clique sur Do a system scan and save the log
= Colle le rapport
si problème voir l'aide
http://www.swl1f.net/viewtopic.php?f=14&t=153&p=1100#p1100
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
@+
amd64
Messages postés
5342
Date d'inscription
mardi 17 juillet 2007
Statut
Membre
Dernière intervention
13 octobre 2015
549
7 sept. 2008 à 23:35
7 sept. 2008 à 23:35
a mon avis tu les as encore
demare en mode sans echecs et lance un scan anti virus et anti spy
demare en mode sans echecs et lance un scan anti virus et anti spy
evasion60/PCA
Messages postés
819
Date d'inscription
mercredi 2 novembre 2005
Statut
Contributeur sécurité
Dernière intervention
29 janvier 2010
92
7 sept. 2008 à 23:36
7 sept. 2008 à 23:36
Hello, bonsoir
... Tu sembles étonné :
Trojan-Clicker.Win32.Tiny.h
Trojan-Spy.Win32.KeyLogger.aa
Trojan-Downloader.Win32.Agent.bq
Trojan-Spy.HTML.Bankfraud.dq
Supprime tes cracks déjà, ensuite nous verons demain !!
Bonne réception
... Tu sembles étonné :
Trojan-Clicker.Win32.Tiny.h
Trojan-Spy.Win32.KeyLogger.aa
Trojan-Downloader.Win32.Agent.bq
Trojan-Spy.HTML.Bankfraud.dq
Supprime tes cracks déjà, ensuite nous verons demain !!
Bonne réception
amd64
Messages postés
5342
Date d'inscription
mardi 17 juillet 2007
Statut
Membre
Dernière intervention
13 octobre 2015
549
7 sept. 2008 à 23:37
7 sept. 2008 à 23:37
ou telecharge hitjackthis comme dit ep44
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Merci pour votre aide, si rapide !!
Voici donc le log.
Bubu
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:17:33, on 08/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup 9\cbService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Cobian Backup 9\cbInterface.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Cobian Backup 9 interface] "C:\Program Files\Cobian Backup 9\cbInterface.exe" -service
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [MntDbCfg] C:\WINDOWS\system32\dkrahuhy.exe
O4 - HKLM\..\Policies\Explorer\Run: [n7ut0ju7j0] C:\Documents and Settings\Bubu\Bureau\AdobeFlashPlayerExt.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .xmz: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O21 - SSODL: monsmart - {04742814-4CA0-6481-65D9-0AC9335B5DB0} - C:\Program Files\yhttewd\monsmart.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cobian Backup 9 service (CobianBackupAmanita) - Luis Cobian - C:\Program Files\Cobian Backup 9\cbService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\WampServer 2\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\WampServer 2\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe
Voici donc le log.
Bubu
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:17:33, on 08/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup 9\cbService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Cobian Backup 9\cbInterface.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Cobian Backup 9 interface] "C:\Program Files\Cobian Backup 9\cbInterface.exe" -service
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [MntDbCfg] C:\WINDOWS\system32\dkrahuhy.exe
O4 - HKLM\..\Policies\Explorer\Run: [n7ut0ju7j0] C:\Documents and Settings\Bubu\Bureau\AdobeFlashPlayerExt.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .xmz: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O21 - SSODL: monsmart - {04742814-4CA0-6481-65D9-0AC9335B5DB0} - C:\Program Files\yhttewd\monsmart.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cobian Backup 9 service (CobianBackupAmanita) - Luis Cobian - C:\Program Files\Cobian Backup 9\cbService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\WampServer 2\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\WampServer 2\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe
ep44
Messages postés
7393
Date d'inscription
samedi 10 novembre 2007
Statut
Contributeur
Dernière intervention
11 novembre 2010
3
8 sept. 2008 à 20:57
8 sept. 2008 à 20:57
Bonsoir bubu,
pour commencer
* Télécharge malwarebytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Une aide pour l'installation
http://www.swl1f.net/viewtopic.php?f=14&t=68
=> Installe le
=> Ensuite va en mode sans echec
Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
=> Lance malwarebytes
=> Coche "Executer un examen complet"
=> Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
=> Clique sur Supprimer la sélection
=> Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
=> Fait copier coller et poste le rapport
--------------------------
ensuite
* Télécharge CCleaner
https://filehippo.com/download_ccleaner/
=> Aide toi de ce tuto pour l'utiliser
http://www.swl1f.net/viewtopic.php?f=14&t=69
--------------------------
Ensuite refais un nouveau HijackThis
pour commencer
* Télécharge malwarebytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Une aide pour l'installation
http://www.swl1f.net/viewtopic.php?f=14&t=68
=> Installe le
=> Ensuite va en mode sans echec
Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
=> Lance malwarebytes
=> Coche "Executer un examen complet"
=> Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
=> Clique sur Supprimer la sélection
=> Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
=> Fait copier coller et poste le rapport
--------------------------
ensuite
* Télécharge CCleaner
https://filehippo.com/download_ccleaner/
=> Aide toi de ce tuto pour l'utiliser
http://www.swl1f.net/viewtopic.php?f=14&t=69
--------------------------
Ensuite refais un nouveau HijackThis
Quels éléments dans le log HijackThis, t'as permis de savoir que les trojans sont toujours présents ?
Merci pour ton aide
Bubu
Merci pour ton aide
Bubu
ep44
Messages postés
7393
Date d'inscription
samedi 10 novembre 2007
Statut
Contributeur
Dernière intervention
11 novembre 2010
3
8 sept. 2008 à 22:10
8 sept. 2008 à 22:10
et bien
celui-ci
O4 - HKCU\..\Run: [MntDbCfg] C:\WINDOWS\system32\dkrahuhy.exe
et
O21 - SSODL: monsmart - {04742814-4CA0-6481-65D9-0AC9335B5DB0} - C:\Program Files\yhttewd\monsmart.dll
:)
celui-ci
O4 - HKCU\..\Run: [MntDbCfg] C:\WINDOWS\system32\dkrahuhy.exe
et
O21 - SSODL: monsmart - {04742814-4CA0-6481-65D9-0AC9335B5DB0} - C:\Program Files\yhttewd\monsmart.dll
:)
Voici le log de malwarebytes, exécuté en mode sans échec
Je fais un CCcleaner (en mode normal)
et je refais un HijackThis, ensuite
merci pr l'aide
bruno
Malwarebytes' Anti-Malware 1.27
Version de la base de données: 1130
Windows 5.1.2600 Service Pack 3
08/09/2008 23:20:28
mbam-log-2008-09-08 (23-20-28).txt
Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 255377
Temps écoulé: 1 hour(s), 16 minute(s), 40 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 21
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 66
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{04742814-4ca0-6481-65d9-0ac9335b5db0} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\monsmart (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\yhttewd (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\yhttewd\monsmart.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
Je fais un CCcleaner (en mode normal)
et je refais un HijackThis, ensuite
merci pr l'aide
bruno
Malwarebytes' Anti-Malware 1.27
Version de la base de données: 1130
Windows 5.1.2600 Service Pack 3
08/09/2008 23:20:28
mbam-log-2008-09-08 (23-20-28).txt
Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 255377
Temps écoulé: 1 hour(s), 16 minute(s), 40 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 21
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 66
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{04742814-4ca0-6481-65d9-0ac9335b5db0} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\monsmart (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\yhttewd (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\yhttewd\monsmart.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
Enfin, le nouveau log de HijackThis ?
Est-ce mieux ?
Merci encore pour l'aide !!
Bubu
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:31:37, on 08/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup 9\cbService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Cobian Backup 9\cbInterface.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Cobian Backup 9 interface] "C:\Program Files\Cobian Backup 9\cbInterface.exe" -service
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [MntDbCfg] C:\WINDOWS\system32\dkrahuhy.exe
O4 - HKLM\..\Policies\Explorer\Run: [n7ut0ju7j0] C:\Documents and Settings\Bubu\Bureau\AdobeFlashPlayerExt.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .xmz: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cobian Backup 9 service (CobianBackupAmanita) - Luis Cobian - C:\Program Files\Cobian Backup 9\cbService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\WampServer 2\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\WampServer 2\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe
Est-ce mieux ?
Merci encore pour l'aide !!
Bubu
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:31:37, on 08/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup 9\cbService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Cobian Backup 9\cbInterface.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Cobian Backup 9 interface] "C:\Program Files\Cobian Backup 9\cbInterface.exe" -service
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [MntDbCfg] C:\WINDOWS\system32\dkrahuhy.exe
O4 - HKLM\..\Policies\Explorer\Run: [n7ut0ju7j0] C:\Documents and Settings\Bubu\Bureau\AdobeFlashPlayerExt.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .xmz: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cobian Backup 9 service (CobianBackupAmanita) - Luis Cobian - C:\Program Files\Cobian Backup 9\cbService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\WampServer 2\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\WampServer 2\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe
ep44
Messages postés
7393
Date d'inscription
samedi 10 novembre 2007
Statut
Contributeur
Dernière intervention
11 novembre 2010
3
9 sept. 2008 à 19:06
9 sept. 2008 à 19:06
Bonsoir
Très bien ton rapport et propre
Pour vérification
fait un scan en ligne
avec bitdefender et colle le rapport
https://www.bitdefender.com/toolbox/
Scan à faire sous Internet Explorer
un tuto
http://pageperso.aol.fr/rginformatique/mapage/defender.htm
Très bien ton rapport et propre
Pour vérification
fait un scan en ligne
avec bitdefender et colle le rapport
https://www.bitdefender.com/toolbox/
Scan à faire sous Internet Explorer
un tuto
http://pageperso.aol.fr/rginformatique/mapage/defender.htm
Le fichier dkrahuhy.exe que tu avais repéré dans le premier HijackThis est toujours présent dans le second. Est-ce normal ?
Je fais de suite le scan bitdefender
Merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci pour l'aide
Bubu
Je fais de suite le scan bitdefender
Merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci merci pour l'aide
Bubu
ep44
Messages postés
7393
Date d'inscription
samedi 10 novembre 2007
Statut
Contributeur
Dernière intervention
11 novembre 2010
3
10 sept. 2008 à 20:47
10 sept. 2008 à 20:47
Bonsoir
Oui en effet fait analyser ce fichier sur ce site ==> C:\WINDOWS\system32\dkrahuhy.exe
https://www.virustotal.com/gui/
Ensuite suit le conseil de evasion60/PCA
http://www.commentcamarche.net/forum/affich 8318425 infecte par 4 trojans#3
ensuite pour vérification
Télécharge DiagHelp.zip sur ton bureau http://www.malekal.com/download/DiagHelp.zip
==> Ne double-clic pas dessus !! Fais un clic droit sur le fichier et extraire tout
==> Un nouveau dossier chercher va être créé DiagHelp
==> Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
==> Une fenêtre va s'ouvrir, choisis l'option 1
==> L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande
==> Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
==> Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
==> A nouveau menu Edition / copier
==> Dans un nouveau message ici, faire un clic droit / coller
@+
Oui en effet fait analyser ce fichier sur ce site ==> C:\WINDOWS\system32\dkrahuhy.exe
https://www.virustotal.com/gui/
Ensuite suit le conseil de evasion60/PCA
http://www.commentcamarche.net/forum/affich 8318425 infecte par 4 trojans#3
ensuite pour vérification
Télécharge DiagHelp.zip sur ton bureau http://www.malekal.com/download/DiagHelp.zip
==> Ne double-clic pas dessus !! Fais un clic droit sur le fichier et extraire tout
==> Un nouveau dossier chercher va être créé DiagHelp
==> Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
==> Une fenêtre va s'ouvrir, choisis l'option 1
==> L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande
==> Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
==> Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
==> A nouveau menu Edition / copier
==> Dans un nouveau message ici, faire un clic droit / coller
@+
Bonsoir,
Je n'ai pas pu analyser sur https://www.virustotal.com/gui/ car le fichier C:\WINDOWS\system32\dkrahuhy.exe est introuvable.
J'ai à nouveau effectué un HijackThis et la ligne concernant ce fichier est toujours existante.
Ensuite, je ne comprends pas la remarque de evasion60/PCA," Supprime tes cracks déjà ".
Je n'ai pas "attraper" ces trojans suite à l'exécution d'un crack... J'ai exécuté un fichier qui se faisait passer pour un installeur d'Adobe Reader.
Je fais un DiagHelp
Merci pour tout
Bubu
Je n'ai pas pu analyser sur https://www.virustotal.com/gui/ car le fichier C:\WINDOWS\system32\dkrahuhy.exe est introuvable.
J'ai à nouveau effectué un HijackThis et la ligne concernant ce fichier est toujours existante.
Ensuite, je ne comprends pas la remarque de evasion60/PCA," Supprime tes cracks déjà ".
Je n'ai pas "attraper" ces trojans suite à l'exécution d'un crack... J'ai exécuté un fichier qui se faisait passer pour un installeur d'Adobe Reader.
Je fais un DiagHelp
Merci pour tout
Bubu
ep44
Messages postés
7393
Date d'inscription
samedi 10 novembre 2007
Statut
Contributeur
Dernière intervention
11 novembre 2010
3
10 sept. 2008 à 21:10
10 sept. 2008 à 21:10
Excuse moi pour trouver ce fichier fait ceci
Fait: Windows+e > Outils > Options des dossiers > Affichage > bouton radio "Afficher les fichiers et dossiers cachés"> décoche "Masquer les extensions de fichiers connus" > décoche "Masquer les fichiers protégés du Système" > Clique sur Appliquer à tous les dossiers > Appliquer et ok.
tu devrais le trouver
Fait: Windows+e > Outils > Options des dossiers > Affichage > bouton radio "Afficher les fichiers et dossiers cachés"> décoche "Masquer les extensions de fichiers connus" > décoche "Masquer les fichiers protégés du Système" > Clique sur Appliquer à tous les dossiers > Appliquer et ok.
tu devrais le trouver
ep44
Messages postés
7393
Date d'inscription
samedi 10 novembre 2007
Statut
Contributeur
Dernière intervention
11 novembre 2010
3
10 sept. 2008 à 21:15
10 sept. 2008 à 21:15
ok
Télécharge OAD http://sosvirus.changelog.fr/OAD.exe
- Enregistre le sur ton bureau
Double clique sur le OAD pour le lancer
- nom de fichier à rechercher tape ou fais un copier coller de : dkrahuhy.exe
- Type de recherche : sélectionne l'option 6 puis valide [entree]
OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ai terminé.
Le rapport de recherche s'affichera automatiquement à dès qu'il en aura terminé.
- Fais un copier / coller de ce rapport dans ton prochain post.
Télécharge OAD http://sosvirus.changelog.fr/OAD.exe
- Enregistre le sur ton bureau
Double clique sur le OAD pour le lancer
- nom de fichier à rechercher tape ou fais un copier coller de : dkrahuhy.exe
- Type de recherche : sélectionne l'option 6 puis valide [entree]
OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ai terminé.
Le rapport de recherche s'affichera automatiquement à dès qu'il en aura terminé.
- Fais un copier / coller de ce rapport dans ton prochain post.
scan diaghelp
deux fichiers
catchme.log
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-10 21:03:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden services: 0
hidden files: 0
resultat.txt
DiagHelp version v1.4 - http://www.malekal.com
excute le 10/09/2008 à 21:02:25,50
Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->10/09/2008 21:02:08
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->10/09/2008 21:02:05
C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->10/09/2008 21:01:20
C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->10/09/2008 21:01:11
C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->10/09/2008 21:00:55
C:\WINDOWS\prefetch\AVP.EXE-0C478C0B.pf -->10/09/2008 21:00:03
C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->10/09/2008 20:51:03
C:\WINDOWS\prefetch\HIJACKTHIS.EXE-34A0FC79.pf -->10/09/2008 20:50:59
C:\WINDOWS\prefetch\FIREFOX.EXE-28641590.pf -->10/09/2008 20:46:21
C:\WINDOWS\prefetch\THUNDERBIRD.EXE-38CA75D9.pf -->10/09/2008 20:46:20
C:\WINDOWS\System32\drivers\fidbox2.idx -->10/09/2008 18:48:10
C:\WINDOWS\System32\drivers\fidbox2.dat -->10/09/2008 18:48:10
C:\WINDOWS\System32\drivers\fidbox.idx -->10/09/2008 03:45:12
C:\WINDOWS\System32\drivers\fidbox.dat -->10/09/2008 03:45:12
C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->08/09/2008 00:11:08
C:\WINDOWS\System32\drivers\mbam.sys -->08/09/2008 00:11:02
C:\WINDOWS\System32\drivers\klin.dat -->01/09/2008 20:32:58
C:\WINDOWS\System32\nvapps.xml -->10/09/2008 18:40:18
C:\WINDOWS\System32\wpa.dbl -->10/09/2008 18:40:16
C:\WINDOWS\System32\PerfStringBackup.INI -->07/09/2008 22:58:54
C:\WINDOWS\System32\perfh00C.dat -->07/09/2008 22:58:54
C:\WINDOWS\System32\perfh009.dat -->07/09/2008 22:58:54
C:\WINDOWS\System32\perfc00C.dat -->07/09/2008 22:58:54
C:\WINDOWS\System32\perfc009.dat -->07/09/2008 22:58:54
C:\WINDOWS\System32\spupdwxp.log -->07/09/2008 22:57:39
C:\WINDOWS\System32\FNTCACHE.DAT -->07/09/2008 22:57:38
C:\WINDOWS\System32\TZLog.log -->30/08/2008 21:59:26
C:\WINDOWS\System32\MRT.exe -->26/08/2008 22:28:12
C:\WINDOWS\System32\jupdate-1.6.0_07-b06.log -->31/07/2008 20:47:22
C:\WINDOWS\System32\klogon.dll -->29/07/2008 20:21:42
C:\WINDOWS\System32\cdm.dll -->18/07/2008 22:10:48
C:\WINDOWS\System32\wuauclt.exe -->18/07/2008 22:10:42
C:\WINDOWS\System32\wups2.dll -->18/07/2008 22:10:40
C:\WINDOWS\System32\wucltui.dll.mui -->18/07/2008 22:10:36
C:\WINDOWS\System32\wups.dll -->18/07/2008 22:10:20
C:\WINDOWS\System32\wuaucpl.cpl.mui -->18/07/2008 22:09:56
C:\WINDOWS\System32\wucltui.dll -->18/07/2008 22:09:46
C:\WINDOWS\System32\wuaucpl.cpl -->18/07/2008 22:09:46
C:\WINDOWS\System32\wuweb.dll -->18/07/2008 22:09:44
C:\WINDOWS\System32\wuapi.dll -->18/07/2008 22:09:44
C:\WINDOWS\System32\wuaueng.dll -->18/07/2008 22:09:42
C:\WINDOWS\System32\wuapi.dll.mui -->18/07/2008 22:09:14
C:\WINDOWS\WindowsUpdate.log -->10/09/2008 19:15:20
C:\WINDOWS\tsoc.log -->10/09/2008 18:47:15
C:\WINDOWS\tabletoc.log -->10/09/2008 18:47:15
C:\WINDOWS\ocmsn.log -->10/09/2008 18:47:15
C:\WINDOWS\ocgen.log -->10/09/2008 18:47:15
C:\WINDOWS\ntdtcsetup.log -->10/09/2008 18:47:15
C:\WINDOWS\netfxocm.log -->10/09/2008 18:47:15
C:\WINDOWS\msgsocm.log -->10/09/2008 18:47:15
C:\WINDOWS\MedCtrOC.log -->10/09/2008 18:47:15
C:\WINDOWS\KB938464.log -->10/09/2008 18:47:15
C:\WINDOWS\imsins.log -->10/09/2008 18:47:15
C:\WINDOWS\iis6.log -->10/09/2008 18:47:15
C:\WINDOWS\FaxSetup.log -->10/09/2008 18:47:15
C:\WINDOWS\comsetup.log -->10/09/2008 18:47:15
C:\WINDOWS\setuperr.log -->10/09/2008 18:47:14
winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
explorer.exe pid: 2400
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x76610000 0x84000 5.131.2600.5512 C:\WINDOWS\system32\CRYPTUI.dll
0x44080000 0xd0000 7.00.6000.16705 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16705 C:\WINDOWS\system32\iertutil.dll
0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll
0x6d710000 0x13000 8.00.0000.0454 C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
0x6d730000 0x13000 8.00.0000.0454 C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x76ac0000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL
0x7d200000 0x2bc000 3.01.4001.5512 C:\WINDOWS\system32\msi.dll
0x44360000 0x5cd000 7.00.6000.16705 C:\WINDOWS\system32\ieframe.dll
0x44160000 0x127000 7.00.6000.16705 C:\WINDOWS\system32\urlmon.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x442b0000 0x3c000 7.00.6000.16705 C:\WINDOWS\system32\webcheck.dll
0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\OpenOffice.org 2.2\program\MSVCR71.dll
0x4eb80000 0x1a6000 5.01.3102.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\OpenOffice.org 2.2\program\MSVCP71.dll
0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll
0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x58640000 0x8a000 1.09.0000.0305 C:\WINDOWS\system32\l3codeca.acm
0x73600000 0x7000 6.05.2600.5512 C:\WINDOWS\system32\msdmo.dll
0x03db0000 0x106000 1.01.0006.0159 C:\Program Files\Sony Ericsson\Mobile2\File Manager\FM.dll
0x04560000 0x102000 7.10.3077.0000 C:\WINDOWS\system32\MFC71U.DLL
0x02620000 0x30000 1.01.0001.0139 C:\Program Files\Fichiers communs\Teleca Shared\tlib_log.dll
0x00f10000 0x14000 C:\Program Files\Fichiers communs\Teleca Shared\boost_log-vc71-mt-1_33.dll
0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\system32\MFC71FRA.DLL
0x6c3f0000 0x7e000 6.04.0009.1133 C:\WINDOWS\system32\dxmasf.dll
0x097e0000 0x41000 10.00.0000.3802 C:\WINDOWS\system32\DRMClien.DLL
0x61c20000 0x54000 8.00.0000.9118 C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll
0x5fc70000 0x18000 8.00.0000.9107 C:\Program Files\OpenOffice.org 2.2\program\uwinapi.dll
0x61740000 0x8e000 4.05.2003.0120 C:\Program Files\OpenOffice.org 2.2\program\stlport_vc7145.dll
0x78130000 0x9b000 8.00.50727.1378 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1378_x-ww_5c7e3652\MSVCR80.dll
0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
0x00fd0000 0x2d000 C:\Program Files\WinRAR\rarext.dll
0x1c000000 0x6000 1.02.0001.0000 C:\Program Files\Notepad++\nppcm.dll
0x01f10000 0x12000 1.01.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
0x02ac0000 0x10000 5.03.0000.0198 C:\Program Files\MagicISO\misosh.dll
0x6d910000 0xc000 8.00.0000.0454 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ShellEx.dll
0x7c420000 0x87000 8.00.50727.1378 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1378_x-ww_5c7e3652\MSVCP80.dll
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
winlogon.exe pid: 1116
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x82000 \??\C:\WINDOWS\system32\winlogon.exe
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll
0x6d710000 0x13000 8.00.0000.0454 C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
0x6d730000 0x13000 8.00.0000.0454 C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll
0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x6d4d0000 0x36000 8.00.0000.0454 C:\WINDOWS\system32\klogon.dll
0x01240000 0x3b000 1.07.0018.0007 C:\WINDOWS\system32\WgaLogon.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x748f0000 0x113000 8.90.1101.0000 C:\WINDOWS\System32\msxml3.dll
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est C06B-FFDC
Répertoire de C:\WINDOWS\system32
14/04/2008 04:33 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 5 043 810 304 octets libres
Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est C06B-FFDC
Répertoire de C:\WINDOWS\Downloaded Program Files
09/09/2008 23:04 <REP> .
09/09/2008 23:04 <REP> ..
09/01/2008 15:01 32 bdcore.dll
09/01/2008 15:01 118 784 bdupd.dll
01/09/2007 17:38 65 desktop.ini
20/03/2006 17:34 24 576 dwusplay.dll
20/03/2006 17:34 196 608 dwusplay.exe
23/03/2007 13:17 1 292 erma.inf
09/01/2008 15:01 53 248 ipsupd.dll
20/03/2006 17:34 484 272 isusweb.dll
26/02/2008 15:42 7 724 lang.ini
09/01/2008 15:01 32 libfn.dll
21/01/2008 17:43 130 live.ini
07/02/2008 14:06 1 248 oscan8.inf
26/02/2008 15:59 487 424 oscan82.ocx
09/01/2008 15:01 6 828 scanoptions.tsi
30/07/2007 19:24 293 wuweb.inf
15 fichier(s) 1 382 556 octets
Total des fichiers listés :
15 fichier(s) 1 382 556 octets
2 Rép(s) 5 043 810 304 octets libres
Recherche de rootkit! (Merci S!Ri)
Recherche d'infections connues
Export des clefs sensibles..
Liste des fichiers en exception sur le pare-feu XP SP2
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\FileZilla\\FileZilla.exe"="C:\\Program Files\\FileZilla\\FileZilla.exe:*:Enabled:FileZilla"
"C:\\Program Files\\WampServer 2\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"="C:\\Program Files\\WampServer 2\\bin\\apache\\apache2.2.8\\bin\\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Neuf\\Media Center\\httpd\\httpd.exe"="C:\\Program Files\\Neuf\\Media Center\\httpd\\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Export de la clef SharedTaskScheduler
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
exports des policies
REGEDIT4
[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-10 21:03:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden services: 0
hidden files: 0
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Process list by traversal of KiWaitListHead
4 - System
220 - avp.exe
236 - mDNSResponder.e
256 - cmd.exe
260 - cbService.exe
544 - nvsvc32.exe
820 - alg.exe
1092 - csrss.exe
1116 - winlogon.exe
1160 - services.exe
1172 - lsass.exe
1300 - usnsvc.exe
1344 - svchost.exe
1392 - svchost.exe
1516 - svchost.exe
1580 - svchost.exe
1732 - svchost.exe
1868 - aawservice.exe
2112 - thunderbird.exe
2400 - explorer.exe
2768 - cbInterface.exe
2808 - avp.exe
2856 - msnmsgr.exe
2956 - MediaCenter.exe
3020 - firefox.exe
3092 - soffice.bin
3460 - epmworker.exe
3904 - httpd.exe
4052 - Azureus.exe
Total number of processes = 29
NOTE: Under WinXP, this will not show all processes.
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Driver/Module list by traversal of PsLoadedModuleList
804D7000 - \WINDOWS\system32\ntkrnlpa.exe
806E4000 - \WINDOWS\system32\hal.dll
BADA8000 - \WINDOWS\system32\KDCOM.DLL
BACB8000 - \WINDOWS\system32\BOOTVID.dll
BA778000 - ACPI.sys
BADAA000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS
BA767000 - pci.sys
BA8A8000 - isapnp.sys
BA8B8000 - ohci1394.sys
BA8C8000 - \WINDOWS\System32\DRIVERS\1394BUS.SYS
BAE70000 - pciide.sys
BAB28000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
BA8D8000 - MountMgr.sys
BA748000 - ftdisk.sys
BADAC000 - dmload.sys
BA722000 - dmio.sys
BAB30000 - PartMgr.sys
BA8E8000 - VolSnap.sys
BA70A000 - atapi.sys
BA6F3000 - nvata.sys
BA8F8000 - disk.sys
BA908000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
BA6D3000 - fltmgr.sys
BA6C1000 - sr.sys
BA918000 - klbg.sys
BA928000 - PxHelp20.sys
BA6AA000 - KSecDD.sys
BA61D000 - Ntfs.sys
BA5F0000 - NDIS.sys
BA5D6000 - Mup.sys
BA0B7000 - kl1.sys
BAB38000 - \WINDOWS\system32\drivers\TDI.SYS
B9CD6000 - \SystemRoot\System32\DRIVERS\nic1394.sys
BA9A8000 - \SystemRoot\system32\DRIVERS\AmdK8.sys
B9978000 - \SystemRoot\System32\DRIVERS\serial.sys
B999D000 - \SystemRoot\System32\DRIVERS\serenum.sys
B9964000 - \SystemRoot\System32\DRIVERS\parport.sys
BAA98000 - \SystemRoot\System32\DRIVERS\i8042prt.sys
BABD8000 - \SystemRoot\System32\DRIVERS\mouclass.sys
BABE8000 - \SystemRoot\System32\DRIVERS\kbdclass.sys
BABF0000 - \SystemRoot\System32\DRIVERS\usbohci.sys
B9940000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS
BABF8000 - \SystemRoot\system32\DRIVERS\usbehci.sys
BA9D8000 - \SystemRoot\System32\Drivers\Imapi.SYS
B9999000 - \SystemRoot\system32\drivers\pfc.sys
BA9C8000 - \SystemRoot\System32\DRIVERS\cdrom.sys
B9C96000 - \SystemRoot\System32\DRIVERS\redbook.sys
B991D000 - \SystemRoot\System32\DRIVERS\ks.sys
B998D000 - \SystemRoot\System32\DRIVERS\nvnetbus.sys
B98D3000 - \SystemRoot\System32\DRIVERS\NVNRM.SYS
B989C000 - \SystemRoot\System32\DRIVERS\NVSNPU.SYS
B9531000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys
B951D000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
BAE2A000 - \SystemRoot\System32\DRIVERS\ASACPI.sys
BA08B000 - \SystemRoot\system32\drivers\atkkbnt.sys
BAC00000 - \SystemRoot\system32\DRIVERS\klim5.sys
BAFE4000 - \SystemRoot\System32\DRIVERS\audstub.sys
B9C76000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys
BA07F000 - \SystemRoot\System32\DRIVERS\ndistapi.sys
B9506000 - \SystemRoot\System32\DRIVERS\ndiswan.sys
B9C86000 - \SystemRoot\System32\DRIVERS\raspppoe.sys
BA9B8000 - \SystemRoot\System32\DRIVERS\raspptp.sys
B94F5000 - \SystemRoot\System32\DRIVERS\psched.sys
BA988000 - \SystemRoot\System32\DRIVERS\msgpc.sys
BAC08000 - \SystemRoot\System32\DRIVERS\ptilink.sys
BAC10000 - \SystemRoot\System32\DRIVERS\raspti.sys
B94C5000 - \SystemRoot\System32\DRIVERS\rdpdr.sys
BA998000 - \SystemRoot\System32\DRIVERS\termdd.sys
BAE2C000 - \SystemRoot\System32\DRIVERS\swenum.sys
B9467000 - \SystemRoot\System32\DRIVERS\update.sys
BA06F000 - \SystemRoot\System32\DRIVERS\mssmbios.sys
B9411000 - \SystemRoot\system32\DRIVERS\MarvinBus.sys
B4CAA000 - \SystemRoot\System32\Drivers\NDProxy.SYS
B4C9A000 - \SystemRoot\System32\DRIVERS\usbhub.sys
BADAE000 - \SystemRoot\System32\DRIVERS\USBD.SYS
B4C8A000 - \SystemRoot\System32\DRIVERS\NVENETFD.sys
B1CDC000 - \SystemRoot\system32\DRIVERS\klif.sys
B2024000 - \SystemRoot\System32\DRIVERS\usbccgp.sys
B1B81000 - \SystemRoot\system32\drivers\c6501.sys
B1B5D000 - \SystemRoot\system32\drivers\portcls.sys
B1F64000 - \SystemRoot\system32\drivers\drmk.sys
BAE16000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
B05D2000 - \SystemRoot\System32\Drivers\Null.SYS
BADB6000 - \SystemRoot\System32\Drivers\Beep.SYS
B1527000 - \SystemRoot\System32\drivers\vga.sys
B1543000 - \SystemRoot\System32\Drivers\mnmdd.SYS
AF554000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
AF6BA000 - \SystemRoot\System32\Drivers\Msfs.SYS
AF6AA000 - \SystemRoot\System32\Drivers\Npfs.SYS
B2694000 - \SystemRoot\System32\DRIVERS\rasacd.sys
AEDAE000 - \SystemRoot\System32\DRIVERS\ipsec.sys
AED4B000 - \SystemRoot\System32\DRIVERS\tcpip.sys
AF69A000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS
AED23000 - \SystemRoot\System32\DRIVERS\netbt.sys
AECFD000 - \SystemRoot\System32\DRIVERS\ipnat.sys
AECDB000 - \SystemRoot\System32\drivers\afd.sys
B0435000 - \SystemRoot\System32\DRIVERS\netbios.sys
B0405000 - \SystemRoot\System32\DRIVERS\wanarp.sys
AECB0000 - \SystemRoot\System32\DRIVERS\rdbss.sys
AEC40000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys
B03F5000 - \SystemRoot\System32\DRIVERS\arp1394.sys
B03E5000 - \SystemRoot\System32\Drivers\Fips.SYS
A9D80000 - \SystemRoot\System32\Drivers\Cdfs.SYS
A932E000 - \SystemRoot\System32\Drivers\dump_nvata.sys
B266E000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
AA44E000 - \SystemRoot\System32\drivers\Dxapi.sys
AA242000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
BAF23000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9D5000 - \SystemRoot\System32\atkdisp.dll
BFA10000 - \SystemRoot\System32\nv4_disp.dll
BFFA0000 - \SystemRoot\System32\ATMFD.DLL
B99A9000 - \SystemRoot\System32\DRIVERS\ndisuio.sys
A82E0000 - \SystemRoot\System32\DRIVERS\mrxdav.sys
BAE34000 - \SystemRoot\System32\Drivers\ParVdm.SYS
B264C000 - \??\C:\WINDOWS\system32\drivers\EIO.sys
A8216000 - \SystemRoot\System32\DRIVERS\srv.sys
A7EB9000 - \SystemRoot\system32\drivers\wdmaud.sys
A7FEE000 - \SystemRoot\system32\drivers\sysaudio.sys
A7D10000 - \SystemRoot\System32\Drivers\HTTP.sys
A288F000 - \SystemRoot\system32\drivers\kmixer.sys
BAEC5000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys
Total number of drivers = 123
Liste des programmes installes
Ad-Aware
Archiveur WinRAR
Assistant de connexion Windows Live
ASUS Enhanced Display Driver
ASUS nVIDIA Driver
Audacity 1.2.6
AutoUpdate
Azureus Vuze
Bink and Smacker
C-Media 6501 Sound
CCleaner (remove only)
CDBurnerXP
CDex extraction audio
Cobian Backup 9
Correctif pour Windows Internet Explorer 7 (KB947864)
Correctif pour Windows XP (KB952287)
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
eMule
FileZilla (remove only)
Freeware PDF Unlocker
Gammadyne Mailer
Google Earth
GTA San Andreas
HijackThis 2.0.2
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
Kaspersky Anti-Virus 2009
Kaspersky Anti-Virus 2009
Magic ISO Maker v5.3 (build 0221)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 1 - FRA
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1 - FRA
Microsoft .NET Framework 3.5 (Pre-Release Version)
Microsoft .NET Framework 3.5 (Pre-Release Version)
Microsoft .NET Framework 3.5 (Pre-Release Version) Language Pack - fra
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Word Viewer 2003
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB936782)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)
Mise à jour de sécurité pour Windows XP (KB923689)
Mise à jour de sécurité pour Windows XP (KB923789)
Mise à jour de sécurité pour Windows XP (KB938464)
Mise à jour de sécurité pour Windows XP (KB941569)
Mise à jour de sécurité pour Windows XP (KB946648)
Mise à jour de sécurité pour Windows XP (KB950760)
Mise à jour de sécurité pour Windows XP (KB950762)
Mise à jour de sécurité pour Windows XP (KB950974)
Mise à jour de sécurité pour Windows XP (KB951066)
Mise à jour de sécurité pour Windows XP (KB951376-v2)
Mise à jour de sécurité pour Windows XP (KB951376)
Mise à jour de sécurité pour Windows XP (KB951698)
Mise à jour de sécurité pour Windows XP (KB951748)
Mise à jour de sécurité pour Windows XP (KB952954)
Mise à jour de sécurité pour Windows XP (KB953839)
Mise à jour pour Windows XP (KB951072-v2)
Mise à jour pour Windows XP (KB951978)
Module linguistique Microsoft .NET Framework 3.5 (version préliminaire) - fra
Mozilla Firefox (3.0.1)
Mozilla Thunderbird (2.0.0.16)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Music Editing Master
Neuf - Media Center
Notepad++
NVIDIA Drivers
OpenOffice.org 2.2
Package de pilotes Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
PDF Settings
PDFCreator
proDAD Heroglyph 2.5
proDAD Vitascene 1.0
QuickTime Alternative 1.95
Real Alternative 1.60
Replay Media Catcher
Sony Ericsson Device Data
Sony Ericsson Drivers
Sony Ericsson PC Suite
Sony Ericsson PC Suite
Traduction française pour jetAudio 6.2
VideoLAN VLC media player 0.8.6c
WampServer 2.0
WD Diagnostics
WebFldrs XP
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Media Format Runtime
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
Yahoo! Desktop Login
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est C06B-FFDC
Répertoire de C:\Program Files
09/09/2008 18:16 <REP> .
09/09/2008 18:16 <REP> ..
27/09/2007 23:28 <REP> AdorageI-GfxDatas
27/09/2007 23:28 <REP> AdorageI-SAL
01/09/2007 19:27 <REP> ASUSTeK
26/11/2007 23:38 <REP> Audacity
08/09/2008 19:32 <REP> Azureus
23/06/2008 23:02 <REP> Bonjour
08/09/2008 21:56 <REP> CCleaner
27/09/2007 12:48 <REP> CDBurnerXP
27/11/2007 00:27 <REP> CDex_170b2
01/09/2007 19:15 <REP> C-Media 6501 Sound
03/05/2008 19:02 <REP> Cobian Backup 9
01/09/2007 17:37 <REP> ComPlus Applications
09/09/2008 18:16 <REP> DevGuru
01/09/2007 19:22 <REP> DIFX
30/09/2007 00:58 <REP> DivX
08/09/2008 19:30 <REP> eMule
01/09/2008 23:32 <REP> Fichiers communs
05/09/2007 00:00 <REP> FileZilla
09/01/2008 17:36 <REP> Freeware PDF Unlocker
23/05/2008 23:46 <REP> Gammadyne Mailer
04/05/2008 09:48 <REP> Google
03/09/2007 23:18 <REP> Grisoft
30/08/2008 21:59 <REP> Internet Explorer
31/07/2008 20:47 <REP> Java
28/11/2007 20:17 <REP> JetAudio
01/09/2008 20:18 <REP> Kaspersky Lab
01/09/2008 23:33 <REP> Lavasoft
27/09/2007 12:45 <REP> MagicISO
08/09/2008 21:55 <REP> Malwarebytes' Anti-Malware
07/09/2008 22:47 <REP> Messenger
01/09/2007 17:39 <REP> microsoft frontpage
30/01/2008 13:52 <REP> Microsoft Office
30/01/2008 13:45 <REP> Microsoft Works
07/09/2008 22:43 <REP> Movie Maker
10/09/2008 20:46 <REP> Mozilla Firefox
10/09/2008 20:46 <REP> Mozilla Thunderbird
27/09/2007 12:44 <REP> MSBuild
01/09/2007 17:37 <REP> MSN
01/09/2007 17:37 <REP> MSN Gaming Zone
11/09/2007 18:26 <REP> MSXML 4.0
28/09/2007 00:33 <REP> MSXML 6.0
01/06/2008 14:15 <REP> Music Editing Master
07/09/2008 22:42 <REP> NetMeeting
07/05/2008 12:38 <REP> Neuf
04/09/2008 21:26 <REP> Notepad++
02/09/2007 15:15 <REP> OpenOffice.org 2.2
07/09/2008 22:42 <REP> Outlook Express
09/01/2008 11:38 <REP> PDFCreator
27/09/2007 23:30 <REP> proDAD
28/11/2007 14:52 <REP> QuickTime Alternative
28/11/2007 14:21 <REP> RADVideo
05/12/2007 22:00 <REP> Real Alternative
27/09/2007 12:44 <REP> Reference Assemblies
26/11/2007 21:48 <REP> Replay Media Catcher
28/11/2007 14:41 <REP> RM-X® Mov To DivX
14/09/2007 22:15 <REP> Rockstar Games
01/09/2007 17:37 <REP> Services en ligne
10/09/2007 20:09 <REP> Sony Ericsson
08/09/2008 18:17 <REP> Trend Micro
02/09/2007 16:29 <REP> VideoLAN
05/04/2008 17:39 <REP> WampServer 2
03/05/2008 18:51 <REP> Western Digital
03/05/2008 18:50 <REP> Western Digital Technologies
25/11/2007 20:16 <REP> Winamp
26/03/2008 11:47 <REP> Windows Live
07/09/2008 22:44 <REP> Windows Media Player
07/09/2008 22:42 <REP> Windows NT
02/09/2007 16:49 <REP> WinRAR
01/09/2007 17:39 <REP> xerox
0 fichier(s) 0 octets
74 Rép(s) 5 033 771 008 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est C06B-FFDC
Répertoire de C:\Program Files\fichiers communs
01/09/2008 23:32 <REP> .
01/09/2008 23:32 <REP> ..
03/05/2008 18:51 <REP> InstallShield
02/09/2007 15:14 <REP> Java
23/06/2008 22:54 <REP> Macrovision Shared
26/03/2008 11:47 <REP> Microsoft Shared
01/09/2007 17:37 <REP> MSSoap
01/09/2007 18:24 <REP> ODBC
01/09/2007 17:37 <REP> Services
10/09/2007 20:09 <REP> Sony Ericsson Shared
01/09/2007 18:24 <REP> SpeechEngines
07/09/2008 22:41 <REP> System
24/09/2007 23:12 <REP> System-G
10/09/2007 20:11 <REP> Teleca Shared
01/09/2008 23:32 <REP> Wise Installation Wizard
0 fichier(s) 0 octets
17 Rép(s) 5 033 771 008 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est C06B-FFDC
Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders
01/09/2007 17:42 <REP> .
01/09/2007 17:42 <REP> ..
18/05/2001 17:57 561 209 MSONSEXT.DLL
03/06/1999 14:09 122 937 MSOWS409.DLL
07/03/2001 09:00 127 033 MSOWS40c.DLL
3 fichier(s) 811 179 octets
2 Rép(s) 5 033 771 008 octets libres
c:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\French\setup.exe
c:\Documents and Settings\Bubu\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\ARPPRODUCTICON.exe
c:\Documents and Settings\Bubu\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\Uninstall_WD_Diagnos_0AB76F69E7614CFAB9B0A1906B4E9E4B.exe
c:\Documents and Settings\Bubu\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
c:\Documents and Settings\Bubu\Bureau\ccsetup211.exe
c:\Documents and Settings\Bubu\Bureau\HJTInstall.exe
c:\Documents and Settings\Bubu\Bureau\Lavasoft_Adaware_multi.exe
c:\Documents and Settings\Bubu\Bureau\mbam-setup.exe
c:\Documents and Settings\Bubu\Bureau\20071015125552984_driver\Install.exe
c:\Documents and Settings\Bubu\Bureau\20071015125552984_driver\Uninstall.exe
c:\Documents and Settings\Bubu\Bureau\DiagHelp\catchme.exe
c:\Documents and Settings\Bubu\Bureau\DiagHelp\diff.exe
c:\Documents and Settings\Bubu\Bureau\DiagHelp\dumphive.exe
c:\Documents and Settings\Bubu\Bureau\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Bubu\Bureau\DiagHelp\find2.exe
c:\Documents and Settings\Bubu\Bureau\DiagHelp\Fport.exe
c:\Documents and Settings\Bubu\Bureau\DiagHelp\grep.exe
c:\Documents and Settings\Bubu\Bureau\DiagHelp\gzip.exe
c:\Documents and Settings\Bubu\Bureau\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Bubu\Bureau\DiagHelp\LFiles.exe
c:\Documents and Settings\Bubu\Bureau\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Bubu\Bureau\DiagHelp\md5sums.exe
c:\Documents and Settings\Bubu\Bureau\DiagHelp\pslist.exe
c:\Documents and Settings\Bubu\Bureau\DiagHelp\sigcheck.exe
c:\Documents and Settings\Bubu\Bureau\DiagHelp\streams.exe
c:\Documents and Settings\Bubu\Bureau\DiagHelp\swreg.exe
c:\Documents and Settings\Bubu\Bureau\DiagHelp\tar.exe
c:\Documents and Settings\Bubu\Bureau\VirtualDub-1.7.7\auxsetup.exe
c:\Documents and Settings\Bubu\Bureau\VirtualDub-1.7.7\vdub.exe
c:\Documents and Settings\Bubu\Bureau\VirtualDub-1.7.7\VirtualDub.exe
c:\Documents and Settings\Bubu\Local Settings\Application Data\CDBurnerXP_Soft\cdbxpp.exe_Url_nfryvllqiqb1hla4nzefaejvhwflc2o0
c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer3032\Setup.exe
c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer3032\redist\WindowsInstaller-KB893803-v2-x86.exe
c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer3032\redist\WindowsServer2003-KB898715-ia64-enu.exe
c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer3032\redist\WindowsServer2003-KB898715-x64-enu.exe
c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer3032\redist\WindowsServer2003-KB898715-x86-enu.exe
c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer3032\redist\WindowsXP-KB898715-x64-enu.exe
c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer3456\Setup.exe
c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer3456\redist\WindowsInstaller-KB893803-v2-x86.exe
c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer3456\redist\WindowsServer2003-KB898715-ia64-enu.exe
c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer3456\redist\WindowsServer2003-KB898715-x64-enu.exe
c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer3456\redist\WindowsServer2003-KB898715-x86-enu.exe
c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer3456\redist\WindowsXP-KB898715-x64-enu.exe
c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer4064\Setup.exe
c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer4064\redist\WindowsInstaller-KB893803-v2-x86.exe
c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer4064\redist\WindowsServer2003-KB898715-ia64-enu.exe
c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer4064\redist\WindowsServer2003-KB898715-x64-enu.exe
c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer4064\redist\WindowsServer2003-KB898715-x86-enu.exe
c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer4064\redist\WindowsXP-KB898715-x64-enu.exe
c:\Documents and Settings\Bubu\Local Settings\Temp\_is2.exe
c:\Documents and Settings\Bubu\Local Settings\Temp\_is4.exe
c:\Documents and Settings\Bubu\Local Settings\Temp\jre-6u5-windows-i586-p-iftw_1b121abb.exe
c:\Documents and Settings\Bubu\Local Settings\Temp\jre-6u7-windows-i586-p-iftw_bdb28397.exe
c:\Documents and Settings\Bubu\Local Settings\Temp\npp.5.0.3.Installer.exe
c:\Documents and Settings\Bubu\Local Settings\Temp\xmlUpdater.exe
c:\Documents and Settings\Bubu\Local Settings\Temp\IXP000.TMP\OSE.EXE
c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher1848\RTPatch\patch.exe
c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher2460\RTPatch\patch.exe
c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher2460\StagingArea\1423.exe
c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher2460\StagingArea\1732.exe
c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher2584\RTPatch\patch.exe
c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher2664\RTPatch\patch.exe
c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher2904\RTPatch\patch.exe
c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher3168\RTPatch\patch.exe
c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher380\RTPatch\patch.exe
c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher380\StagingArea\4185.exe
c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher3992\RTPatch\patch.exe
c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher492\RTPatch\patch.exe
c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher536\RTPatch\patch.exe
c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher696\RTPatch\patch.exe
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\Bubu\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_ZEUS.tar.gz a l'adresse http://upload.malekal.com
ENCORE MERCI
deux fichiers
catchme.log
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-10 21:03:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden services: 0
hidden files: 0
resultat.txt
DiagHelp version v1.4 - http://www.malekal.com
excute le 10/09/2008 à 21:02:25,50
Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->10/09/2008 21:02:08
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->10/09/2008 21:02:05
C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->10/09/2008 21:01:20
C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->10/09/2008 21:01:11
C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->10/09/2008 21:00:55
C:\WINDOWS\prefetch\AVP.EXE-0C478C0B.pf -->10/09/2008 21:00:03
C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->10/09/2008 20:51:03
C:\WINDOWS\prefetch\HIJACKTHIS.EXE-34A0FC79.pf -->10/09/2008 20:50:59
C:\WINDOWS\prefetch\FIREFOX.EXE-28641590.pf -->10/09/2008 20:46:21
C:\WINDOWS\prefetch\THUNDERBIRD.EXE-38CA75D9.pf -->10/09/2008 20:46:20
C:\WINDOWS\System32\drivers\fidbox2.idx -->10/09/2008 18:48:10
C:\WINDOWS\System32\drivers\fidbox2.dat -->10/09/2008 18:48:10
C:\WINDOWS\System32\drivers\fidbox.idx -->10/09/2008 03:45:12
C:\WINDOWS\System32\drivers\fidbox.dat -->10/09/2008 03:45:12
C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->08/09/2008 00:11:08
C:\WINDOWS\System32\drivers\mbam.sys -->08/09/2008 00:11:02
C:\WINDOWS\System32\drivers\klin.dat -->01/09/2008 20:32:58
C:\WINDOWS\System32\nvapps.xml -->10/09/2008 18:40:18
C:\WINDOWS\System32\wpa.dbl -->10/09/2008 18:40:16
C:\WINDOWS\System32\PerfStringBackup.INI -->07/09/2008 22:58:54
C:\WINDOWS\System32\perfh00C.dat -->07/09/2008 22:58:54
C:\WINDOWS\System32\perfh009.dat -->07/09/2008 22:58:54
C:\WINDOWS\System32\perfc00C.dat -->07/09/2008 22:58:54
C:\WINDOWS\System32\perfc009.dat -->07/09/2008 22:58:54
C:\WINDOWS\System32\spupdwxp.log -->07/09/2008 22:57:39
C:\WINDOWS\System32\FNTCACHE.DAT -->07/09/2008 22:57:38
C:\WINDOWS\System32\TZLog.log -->30/08/2008 21:59:26
C:\WINDOWS\System32\MRT.exe -->26/08/2008 22:28:12
C:\WINDOWS\System32\jupdate-1.6.0_07-b06.log -->31/07/2008 20:47:22
C:\WINDOWS\System32\klogon.dll -->29/07/2008 20:21:42
C:\WINDOWS\System32\cdm.dll -->18/07/2008 22:10:48
C:\WINDOWS\System32\wuauclt.exe -->18/07/2008 22:10:42
C:\WINDOWS\System32\wups2.dll -->18/07/2008 22:10:40
C:\WINDOWS\System32\wucltui.dll.mui -->18/07/2008 22:10:36
C:\WINDOWS\System32\wups.dll -->18/07/2008 22:10:20
C:\WINDOWS\System32\wuaucpl.cpl.mui -->18/07/2008 22:09:56
C:\WINDOWS\System32\wucltui.dll -->18/07/2008 22:09:46
C:\WINDOWS\System32\wuaucpl.cpl -->18/07/2008 22:09:46
C:\WINDOWS\System32\wuweb.dll -->18/07/2008 22:09:44
C:\WINDOWS\System32\wuapi.dll -->18/07/2008 22:09:44
C:\WINDOWS\System32\wuaueng.dll -->18/07/2008 22:09:42
C:\WINDOWS\System32\wuapi.dll.mui -->18/07/2008 22:09:14
C:\WINDOWS\WindowsUpdate.log -->10/09/2008 19:15:20
C:\WINDOWS\tsoc.log -->10/09/2008 18:47:15
C:\WINDOWS\tabletoc.log -->10/09/2008 18:47:15
C:\WINDOWS\ocmsn.log -->10/09/2008 18:47:15
C:\WINDOWS\ocgen.log -->10/09/2008 18:47:15
C:\WINDOWS\ntdtcsetup.log -->10/09/2008 18:47:15
C:\WINDOWS\netfxocm.log -->10/09/2008 18:47:15
C:\WINDOWS\msgsocm.log -->10/09/2008 18:47:15
C:\WINDOWS\MedCtrOC.log -->10/09/2008 18:47:15
C:\WINDOWS\KB938464.log -->10/09/2008 18:47:15
C:\WINDOWS\imsins.log -->10/09/2008 18:47:15
C:\WINDOWS\iis6.log -->10/09/2008 18:47:15
C:\WINDOWS\FaxSetup.log -->10/09/2008 18:47:15
C:\WINDOWS\comsetup.log -->10/09/2008 18:47:15
C:\WINDOWS\setuperr.log -->10/09/2008 18:47:14
winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
explorer.exe pid: 2400
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x76610000 0x84000 5.131.2600.5512 C:\WINDOWS\system32\CRYPTUI.dll
0x44080000 0xd0000 7.00.6000.16705 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16705 C:\WINDOWS\system32\iertutil.dll
0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll
0x6d710000 0x13000 8.00.0000.0454 C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
0x6d730000 0x13000 8.00.0000.0454 C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x76ac0000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL
0x7d200000 0x2bc000 3.01.4001.5512 C:\WINDOWS\system32\msi.dll
0x44360000 0x5cd000 7.00.6000.16705 C:\WINDOWS\system32\ieframe.dll
0x44160000 0x127000 7.00.6000.16705 C:\WINDOWS\system32\urlmon.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x442b0000 0x3c000 7.00.6000.16705 C:\WINDOWS\system32\webcheck.dll
0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\OpenOffice.org 2.2\program\MSVCR71.dll
0x4eb80000 0x1a6000 5.01.3102.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\OpenOffice.org 2.2\program\MSVCP71.dll
0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll
0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x58640000 0x8a000 1.09.0000.0305 C:\WINDOWS\system32\l3codeca.acm
0x73600000 0x7000 6.05.2600.5512 C:\WINDOWS\system32\msdmo.dll
0x03db0000 0x106000 1.01.0006.0159 C:\Program Files\Sony Ericsson\Mobile2\File Manager\FM.dll
0x04560000 0x102000 7.10.3077.0000 C:\WINDOWS\system32\MFC71U.DLL
0x02620000 0x30000 1.01.0001.0139 C:\Program Files\Fichiers communs\Teleca Shared\tlib_log.dll
0x00f10000 0x14000 C:\Program Files\Fichiers communs\Teleca Shared\boost_log-vc71-mt-1_33.dll
0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\system32\MFC71FRA.DLL
0x6c3f0000 0x7e000 6.04.0009.1133 C:\WINDOWS\system32\dxmasf.dll
0x097e0000 0x41000 10.00.0000.3802 C:\WINDOWS\system32\DRMClien.DLL
0x61c20000 0x54000 8.00.0000.9118 C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll
0x5fc70000 0x18000 8.00.0000.9107 C:\Program Files\OpenOffice.org 2.2\program\uwinapi.dll
0x61740000 0x8e000 4.05.2003.0120 C:\Program Files\OpenOffice.org 2.2\program\stlport_vc7145.dll
0x78130000 0x9b000 8.00.50727.1378 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1378_x-ww_5c7e3652\MSVCR80.dll
0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
0x00fd0000 0x2d000 C:\Program Files\WinRAR\rarext.dll
0x1c000000 0x6000 1.02.0001.0000 C:\Program Files\Notepad++\nppcm.dll
0x01f10000 0x12000 1.01.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
0x02ac0000 0x10000 5.03.0000.0198 C:\Program Files\MagicISO\misosh.dll
0x6d910000 0xc000 8.00.0000.0454 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ShellEx.dll
0x7c420000 0x87000 8.00.50727.1378 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1378_x-ww_5c7e3652\MSVCP80.dll
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
winlogon.exe pid: 1116
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x82000 \??\C:\WINDOWS\system32\winlogon.exe
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll
0x6d710000 0x13000 8.00.0000.0454 C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
0x6d730000 0x13000 8.00.0000.0454 C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll
0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x6d4d0000 0x36000 8.00.0000.0454 C:\WINDOWS\system32\klogon.dll
0x01240000 0x3b000 1.07.0018.0007 C:\WINDOWS\system32\WgaLogon.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x748f0000 0x113000 8.90.1101.0000 C:\WINDOWS\System32\msxml3.dll
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est C06B-FFDC
Répertoire de C:\WINDOWS\system32
14/04/2008 04:33 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 5 043 810 304 octets libres
Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est C06B-FFDC
Répertoire de C:\WINDOWS\Downloaded Program Files
09/09/2008 23:04 <REP> .
09/09/2008 23:04 <REP> ..
09/01/2008 15:01 32 bdcore.dll
09/01/2008 15:01 118 784 bdupd.dll
01/09/2007 17:38 65 desktop.ini
20/03/2006 17:34 24 576 dwusplay.dll
20/03/2006 17:34 196 608 dwusplay.exe
23/03/2007 13:17 1 292 erma.inf
09/01/2008 15:01 53 248 ipsupd.dll
20/03/2006 17:34 484 272 isusweb.dll
26/02/2008 15:42 7 724 lang.ini
09/01/2008 15:01 32 libfn.dll
21/01/2008 17:43 130 live.ini
07/02/2008 14:06 1 248 oscan8.inf
26/02/2008 15:59 487 424 oscan82.ocx
09/01/2008 15:01 6 828 scanoptions.tsi
30/07/2007 19:24 293 wuweb.inf
15 fichier(s) 1 382 556 octets
Total des fichiers listés :
15 fichier(s) 1 382 556 octets
2 Rép(s) 5 043 810 304 octets libres
Recherche de rootkit! (Merci S!Ri)
Recherche d'infections connues
Export des clefs sensibles..
Liste des fichiers en exception sur le pare-feu XP SP2
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\FileZilla\\FileZilla.exe"="C:\\Program Files\\FileZilla\\FileZilla.exe:*:Enabled:FileZilla"
"C:\\Program Files\\WampServer 2\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"="C:\\Program Files\\WampServer 2\\bin\\apache\\apache2.2.8\\bin\\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Neuf\\Media Center\\httpd\\httpd.exe"="C:\\Program Files\\Neuf\\Media Center\\httpd\\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Export de la clef SharedTaskScheduler
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
exports des policies
REGEDIT4
[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-10 21:03:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden services: 0
hidden files: 0
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Process list by traversal of KiWaitListHead
4 - System
220 - avp.exe
236 - mDNSResponder.e
256 - cmd.exe
260 - cbService.exe
544 - nvsvc32.exe
820 - alg.exe
1092 - csrss.exe
1116 - winlogon.exe
1160 - services.exe
1172 - lsass.exe
1300 - usnsvc.exe
1344 - svchost.exe
1392 - svchost.exe
1516 - svchost.exe
1580 - svchost.exe
1732 - svchost.exe
1868 - aawservice.exe
2112 - thunderbird.exe
2400 - explorer.exe
2768 - cbInterface.exe
2808 - avp.exe
2856 - msnmsgr.exe
2956 - MediaCenter.exe
3020 - firefox.exe
3092 - soffice.bin
3460 - epmworker.exe
3904 - httpd.exe
4052 - Azureus.exe
Total number of processes = 29
NOTE: Under WinXP, this will not show all processes.
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Driver/Module list by traversal of PsLoadedModuleList
804D7000 - \WINDOWS\system32\ntkrnlpa.exe
806E4000 - \WINDOWS\system32\hal.dll
BADA8000 - \WINDOWS\system32\KDCOM.DLL
BACB8000 - \WINDOWS\system32\BOOTVID.dll
BA778000 - ACPI.sys
BADAA000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS
BA767000 - pci.sys
BA8A8000 - isapnp.sys
BA8B8000 - ohci1394.sys
BA8C8000 - \WINDOWS\System32\DRIVERS\1394BUS.SYS
BAE70000 - pciide.sys
BAB28000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
BA8D8000 - MountMgr.sys
BA748000 - ftdisk.sys
BADAC000 - dmload.sys
BA722000 - dmio.sys
BAB30000 - PartMgr.sys
BA8E8000 - VolSnap.sys
BA70A000 - atapi.sys
BA6F3000 - nvata.sys
BA8F8000 - disk.sys
BA908000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
BA6D3000 - fltmgr.sys
BA6C1000 - sr.sys
BA918000 - klbg.sys
BA928000 - PxHelp20.sys
BA6AA000 - KSecDD.sys
BA61D000 - Ntfs.sys
BA5F0000 - NDIS.sys
BA5D6000 - Mup.sys
BA0B7000 - kl1.sys
BAB38000 - \WINDOWS\system32\drivers\TDI.SYS
B9CD6000 - \SystemRoot\System32\DRIVERS\nic1394.sys
BA9A8000 - \SystemRoot\system32\DRIVERS\AmdK8.sys
B9978000 - \SystemRoot\System32\DRIVERS\serial.sys
B999D000 - \SystemRoot\System32\DRIVERS\serenum.sys
B9964000 - \SystemRoot\System32\DRIVERS\parport.sys
BAA98000 - \SystemRoot\System32\DRIVERS\i8042prt.sys
BABD8000 - \SystemRoot\System32\DRIVERS\mouclass.sys
BABE8000 - \SystemRoot\System32\DRIVERS\kbdclass.sys
BABF0000 - \SystemRoot\System32\DRIVERS\usbohci.sys
B9940000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS
BABF8000 - \SystemRoot\system32\DRIVERS\usbehci.sys
BA9D8000 - \SystemRoot\System32\Drivers\Imapi.SYS
B9999000 - \SystemRoot\system32\drivers\pfc.sys
BA9C8000 - \SystemRoot\System32\DRIVERS\cdrom.sys
B9C96000 - \SystemRoot\System32\DRIVERS\redbook.sys
B991D000 - \SystemRoot\System32\DRIVERS\ks.sys
B998D000 - \SystemRoot\System32\DRIVERS\nvnetbus.sys
B98D3000 - \SystemRoot\System32\DRIVERS\NVNRM.SYS
B989C000 - \SystemRoot\System32\DRIVERS\NVSNPU.SYS
B9531000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys
B951D000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
BAE2A000 - \SystemRoot\System32\DRIVERS\ASACPI.sys
BA08B000 - \SystemRoot\system32\drivers\atkkbnt.sys
BAC00000 - \SystemRoot\system32\DRIVERS\klim5.sys
BAFE4000 - \SystemRoot\System32\DRIVERS\audstub.sys
B9C76000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys
BA07F000 - \SystemRoot\System32\DRIVERS\ndistapi.sys
B9506000 - \SystemRoot\System32\DRIVERS\ndiswan.sys
B9C86000 - \SystemRoot\System32\DRIVERS\raspppoe.sys
BA9B8000 - \SystemRoot\System32\DRIVERS\raspptp.sys
B94F5000 - \SystemRoot\System32\DRIVERS\psched.sys
BA988000 - \SystemRoot\System32\DRIVERS\msgpc.sys
BAC08000 - \SystemRoot\System32\DRIVERS\ptilink.sys
BAC10000 - \SystemRoot\System32\DRIVERS\raspti.sys
B94C5000 - \SystemRoot\System32\DRIVERS\rdpdr.sys
BA998000 - \SystemRoot\System32\DRIVERS\termdd.sys
BAE2C000 - \SystemRoot\System32\DRIVERS\swenum.sys
B9467000 - \SystemRoot\System32\DRIVERS\update.sys
BA06F000 - \SystemRoot\System32\DRIVERS\mssmbios.sys
B9411000 - \SystemRoot\system32\DRIVERS\MarvinBus.sys
B4CAA000 - \SystemRoot\System32\Drivers\NDProxy.SYS
B4C9A000 - \SystemRoot\System32\DRIVERS\usbhub.sys
BADAE000 - \SystemRoot\System32\DRIVERS\USBD.SYS
B4C8A000 - \SystemRoot\System32\DRIVERS\NVENETFD.sys
B1CDC000 - \SystemRoot\system32\DRIVERS\klif.sys
B2024000 - \SystemRoot\System32\DRIVERS\usbccgp.sys
B1B81000 - \SystemRoot\system32\drivers\c6501.sys
B1B5D000 - \SystemRoot\system32\drivers\portcls.sys
B1F64000 - \SystemRoot\system32\drivers\drmk.sys
BAE16000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
B05D2000 - \SystemRoot\System32\Drivers\Null.SYS
BADB6000 - \SystemRoot\System32\Drivers\Beep.SYS
B1527000 - \SystemRoot\System32\drivers\vga.sys
B1543000 - \SystemRoot\System32\Drivers\mnmdd.SYS
AF554000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
AF6BA000 - \SystemRoot\System32\Drivers\Msfs.SYS
AF6AA000 - \SystemRoot\System32\Drivers\Npfs.SYS
B2694000 - \SystemRoot\System32\DRIVERS\rasacd.sys
AEDAE000 - \SystemRoot\System32\DRIVERS\ipsec.sys
AED4B000 - \SystemRoot\System32\DRIVERS\tcpip.sys
AF69A000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS
AED23000 - \SystemRoot\System32\DRIVERS\netbt.sys
AECFD000 - \SystemRoot\System32\DRIVERS\ipnat.sys
AECDB000 - \SystemRoot\System32\drivers\afd.sys
B0435000 - \SystemRoot\System32\DRIVERS\netbios.sys
B0405000 - \SystemRoot\System32\DRIVERS\wanarp.sys
AECB0000 - \SystemRoot\System32\DRIVERS\rdbss.sys
AEC40000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys
B03F5000 - \SystemRoot\System32\DRIVERS\arp1394.sys
B03E5000 - \SystemRoot\System32\Drivers\Fips.SYS
A9D80000 - \SystemRoot\System32\Drivers\Cdfs.SYS
A932E000 - \SystemRoot\System32\Drivers\dump_nvata.sys
B266E000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
AA44E000 - \SystemRoot\System32\drivers\Dxapi.sys
AA242000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
BAF23000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9D5000 - \SystemRoot\System32\atkdisp.dll
BFA10000 - \SystemRoot\System32\nv4_disp.dll
BFFA0000 - \SystemRoot\System32\ATMFD.DLL
B99A9000 - \SystemRoot\System32\DRIVERS\ndisuio.sys
A82E0000 - \SystemRoot\System32\DRIVERS\mrxdav.sys
BAE34000 - \SystemRoot\System32\Drivers\ParVdm.SYS
B264C000 - \??\C:\WINDOWS\system32\drivers\EIO.sys
A8216000 - \SystemRoot\System32\DRIVERS\srv.sys
A7EB9000 - \SystemRoot\system32\drivers\wdmaud.sys
A7FEE000 - \SystemRoot\system32\drivers\sysaudio.sys
A7D10000 - \SystemRoot\System32\Drivers\HTTP.sys
A288F000 - \SystemRoot\system32\drivers\kmixer.sys
BAEC5000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys
Total number of drivers = 123
Liste des programmes installes
Ad-Aware
Archiveur WinRAR
Assistant de connexion Windows Live
ASUS Enhanced Display Driver
ASUS nVIDIA Driver
Audacity 1.2.6
AutoUpdate
Azureus Vuze
Bink and Smacker
C-Media 6501 Sound
CCleaner (remove only)
CDBurnerXP
CDex extraction audio
Cobian Backup 9
Correctif pour Windows Internet Explorer 7 (KB947864)
Correctif pour Windows XP (KB952287)
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
eMule
FileZilla (remove only)
Freeware PDF Unlocker
Gammadyne Mailer
Google Earth
GTA San Andreas
HijackThis 2.0.2
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
Kaspersky Anti-Virus 2009
Kaspersky Anti-Virus 2009
Magic ISO Maker v5.3 (build 0221)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 1 - FRA
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1 - FRA
Microsoft .NET Framework 3.5 (Pre-Release Version)
Microsoft .NET Framework 3.5 (Pre-Release Version)
Microsoft .NET Framework 3.5 (Pre-Release Version) Language Pack - fra
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Word Viewer 2003
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB936782)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)
Mise à jour de sécurité pour Windows XP (KB923689)
Mise à jour de sécurité pour Windows XP (KB923789)
Mise à jour de sécurité pour Windows XP (KB938464)
Mise à jour de sécurité pour Windows XP (KB941569)
Mise à jour de sécurité pour Windows XP (KB946648)
Mise à jour de sécurité pour Windows XP (KB950760)
Mise à jour de sécurité pour Windows XP (KB950762)
Mise à jour de sécurité pour Windows XP (KB950974)
Mise à jour de sécurité pour Windows XP (KB951066)
Mise à jour de sécurité pour Windows XP (KB951376-v2)
Mise à jour de sécurité pour Windows XP (KB951376)
Mise à jour de sécurité pour Windows XP (KB951698)
Mise à jour de sécurité pour Windows XP (KB951748)
Mise à jour de sécurité pour Windows XP (KB952954)
Mise à jour de sécurité pour Windows XP (KB953839)
Mise à jour pour Windows XP (KB951072-v2)
Mise à jour pour Windows XP (KB951978)
Module linguistique Microsoft .NET Framework 3.5 (version préliminaire) - fra
Mozilla Firefox (3.0.1)
Mozilla Thunderbird (2.0.0.16)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Music Editing Master
Neuf - Media Center
Notepad++
NVIDIA Drivers
OpenOffice.org 2.2
Package de pilotes Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
PDF Settings
PDFCreator
proDAD Heroglyph 2.5
proDAD Vitascene 1.0
QuickTime Alternative 1.95
Real Alternative 1.60
Replay Media Catcher
Sony Ericsson Device Data
Sony Ericsson Drivers
Sony Ericsson PC Suite
Sony Ericsson PC Suite
Traduction française pour jetAudio 6.2
VideoLAN VLC media player 0.8.6c
WampServer 2.0
WD Diagnostics
WebFldrs XP
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Media Format Runtime
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
Yahoo! Desktop Login
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est C06B-FFDC
Répertoire de C:\Program Files
09/09/2008 18:16 <REP> .
09/09/2008 18:16 <REP> ..
27/09/2007 23:28 <REP> AdorageI-GfxDatas
27/09/2007 23:28 <REP> AdorageI-SAL
01/09/2007 19:27 <REP> ASUSTeK
26/11/2007 23:38 <REP> Audacity
08/09/2008 19:32 <REP> Azureus
23/06/2008 23:02 <REP> Bonjour
08/09/2008 21:56 <REP> CCleaner
27/09/2007 12:48 <REP> CDBurnerXP
27/11/2007 00:27 <REP> CDex_170b2
01/09/2007 19:15 <REP> C-Media 6501 Sound
03/05/2008 19:02 <REP> Cobian Backup 9
01/09/2007 17:37 <REP> ComPlus Applications
09/09/2008 18:16 <REP> DevGuru
01/09/2007 19:22 <REP> DIFX
30/09/2007 00:58 <REP> DivX
08/09/2008 19:30 <REP> eMule
01/09/2008 23:32 <REP> Fichiers communs
05/09/2007 00:00 <REP> FileZilla
09/01/2008 17:36 <REP> Freeware PDF Unlocker
23/05/2008 23:46 <REP> Gammadyne Mailer
04/05/2008 09:48 <REP> Google
03/09/2007 23:18 <REP> Grisoft
30/08/2008 21:59 <REP> Internet Explorer
31/07/2008 20:47 <REP> Java
28/11/2007 20:17 <REP> JetAudio
01/09/2008 20:18 <REP> Kaspersky Lab
01/09/2008 23:33 <REP> Lavasoft
27/09/2007 12:45 <REP> MagicISO
08/09/2008 21:55 <REP> Malwarebytes' Anti-Malware
07/09/2008 22:47 <REP> Messenger
01/09/2007 17:39 <REP> microsoft frontpage
30/01/2008 13:52 <REP> Microsoft Office
30/01/2008 13:45 <REP> Microsoft Works
07/09/2008 22:43 <REP> Movie Maker
10/09/2008 20:46 <REP> Mozilla Firefox
10/09/2008 20:46 <REP> Mozilla Thunderbird
27/09/2007 12:44 <REP> MSBuild
01/09/2007 17:37 <REP> MSN
01/09/2007 17:37 <REP> MSN Gaming Zone
11/09/2007 18:26 <REP> MSXML 4.0
28/09/2007 00:33 <REP> MSXML 6.0
01/06/2008 14:15 <REP> Music Editing Master
07/09/2008 22:42 <REP> NetMeeting
07/05/2008 12:38 <REP> Neuf
04/09/2008 21:26 <REP> Notepad++
02/09/2007 15:15 <REP> OpenOffice.org 2.2
07/09/2008 22:42 <REP> Outlook Express
09/01/2008 11:38 <REP> PDFCreator
27/09/2007 23:30 <REP> proDAD
28/11/2007 14:52 <REP> QuickTime Alternative
28/11/2007 14:21 <REP> RADVideo
05/12/2007 22:00 <REP> Real Alternative
27/09/2007 12:44 <REP> Reference Assemblies
26/11/2007 21:48 <REP> Replay Media Catcher
28/11/2007 14:41 <REP> RM-X® Mov To DivX
14/09/2007 22:15 <REP> Rockstar Games
01/09/2007 17:37 <REP> Services en ligne
10/09/2007 20:09 <REP> Sony Ericsson
08/09/2008 18:17 <REP> Trend Micro
02/09/2007 16:29 <REP> VideoLAN
05/04/2008 17:39 <REP> WampServer 2
03/05/2008 18:51 <REP> Western Digital
03/05/2008 18:50 <REP> Western Digital Technologies
25/11/2007 20:16 <REP> Winamp
26/03/2008 11:47 <REP> Windows Live
07/09/2008 22:44 <REP> Windows Media Player
07/09/2008 22:42 <REP> Windows NT
02/09/2007 16:49 <REP> WinRAR
01/09/2007 17:39 <REP> xerox
0 fichier(s) 0 octets
74 Rép(s) 5 033 771 008 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est C06B-FFDC
Répertoire de C:\Program Files\fichiers communs
01/09/2008 23:32 <REP> .
01/09/2008 23:32 <REP> ..
03/05/2008 18:51 <REP> InstallShield
02/09/2007 15:14 <REP> Java
23/06/2008 22:54 <REP> Macrovision Shared
26/03/2008 11:47 <REP> Microsoft Shared
01/09/2007 17:37 <REP> MSSoap
01/09/2007 18:24 <REP> ODBC
01/09/2007 17:37 <REP> Services
10/09/2007 20:09 <REP> Sony Ericsson Shared
01/09/2007 18:24 <REP> SpeechEngines
07/09/2008 22:41 <REP> System
24/09/2007 23:12 <REP> System-G
10/09/2007 20:11 <REP> Teleca Shared
01/09/2008 23:32 <REP> Wise Installation Wizard
0 fichier(s) 0 octets
17 Rép(s) 5 033 771 008 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est C06B-FFDC
Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders
01/09/2007 17:42 <REP> .
01/09/2007 17:42 <REP> ..
18/05/2001 17:57 561 209 MSONSEXT.DLL
03/06/1999 14:09 122 937 MSOWS409.DLL
07/03/2001 09:00 127 033 MSOWS40c.DLL
3 fichier(s) 811 179 octets
2 Rép(s) 5 033 771 008 octets libres
c:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\French\setup.exe
c:\Documents and Settings\Bubu\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\ARPPRODUCTICON.exe
c:\Documents and Settings\Bubu\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\Uninstall_WD_Diagnos_0AB76F69E7614CFAB9B0A1906B4E9E4B.exe
c:\Documents and Settings\Bubu\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
c:\Documents and Settings\Bubu\Bureau\ccsetup211.exe
c:\Documents and Settings\Bubu\Bureau\HJTInstall.exe
c:\Documents and Settings\Bubu\Bureau\Lavasoft_Adaware_multi.exe
c:\Documents and Settings\Bubu\Bureau\mbam-setup.exe
c:\Documents and Settings\Bubu\Bureau\20071015125552984_driver\Install.exe
c:\Documents and Settings\Bubu\Bureau\20071015125552984_driver\Uninstall.exe
c:\Documents and Settings\Bubu\Bureau\DiagHelp\catchme.exe
c:\Documents and Settings\Bubu\Bureau\DiagHelp\diff.exe
c:\Documents and Settings\Bubu\Bureau\DiagHelp\dumphive.exe
c:\Documents and Settings\Bubu\Bureau\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Bubu\Bureau\DiagHelp\find2.exe
c:\Documents and Settings\Bubu\Bureau\DiagHelp\Fport.exe
c:\Documents and Settings\Bubu\Bureau\DiagHelp\grep.exe
c:\Documents and Settings\Bubu\Bureau\DiagHelp\gzip.exe
c:\Documents and Settings\Bubu\Bureau\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Bubu\Bureau\DiagHelp\LFiles.exe
c:\Documents and Settings\Bubu\Bureau\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Bubu\Bureau\DiagHelp\md5sums.exe
c:\Documents and Settings\Bubu\Bureau\DiagHelp\pslist.exe
c:\Documents and Settings\Bubu\Bureau\DiagHelp\sigcheck.exe
c:\Documents and Settings\Bubu\Bureau\DiagHelp\streams.exe
c:\Documents and Settings\Bubu\Bureau\DiagHelp\swreg.exe
c:\Documents and Settings\Bubu\Bureau\DiagHelp\tar.exe
c:\Documents and Settings\Bubu\Bureau\VirtualDub-1.7.7\auxsetup.exe
c:\Documents and Settings\Bubu\Bureau\VirtualDub-1.7.7\vdub.exe
c:\Documents and Settings\Bubu\Bureau\VirtualDub-1.7.7\VirtualDub.exe
c:\Documents and Settings\Bubu\Local Settings\Application Data\CDBurnerXP_Soft\cdbxpp.exe_Url_nfryvllqiqb1hla4nzefaejvhwflc2o0
c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer3032\Setup.exe
c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer3032\redist\WindowsInstaller-KB893803-v2-x86.exe
c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer3032\redist\WindowsServer2003-KB898715-ia64-enu.exe
c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer3032\redist\WindowsServer2003-KB898715-x64-enu.exe
c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer3032\redist\WindowsServer2003-KB898715-x86-enu.exe
c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer3032\redist\WindowsXP-KB898715-x64-enu.exe
c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer3456\Setup.exe
c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer3456\redist\WindowsInstaller-KB893803-v2-x86.exe
c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer3456\redist\WindowsServer2003-KB898715-ia64-enu.exe
c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer3456\redist\WindowsServer2003-KB898715-x64-enu.exe
c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer3456\redist\WindowsServer2003-KB898715-x86-enu.exe
c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer3456\redist\WindowsXP-KB898715-x64-enu.exe
c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer4064\Setup.exe
c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer4064\redist\WindowsInstaller-KB893803-v2-x86.exe
c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer4064\redist\WindowsServer2003-KB898715-ia64-enu.exe
c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer4064\redist\WindowsServer2003-KB898715-x64-enu.exe
c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer4064\redist\WindowsServer2003-KB898715-x86-enu.exe
c:\Documents and Settings\Bubu\Local Settings\Application Data\Installer4064\redist\WindowsXP-KB898715-x64-enu.exe
c:\Documents and Settings\Bubu\Local Settings\Temp\_is2.exe
c:\Documents and Settings\Bubu\Local Settings\Temp\_is4.exe
c:\Documents and Settings\Bubu\Local Settings\Temp\jre-6u5-windows-i586-p-iftw_1b121abb.exe
c:\Documents and Settings\Bubu\Local Settings\Temp\jre-6u7-windows-i586-p-iftw_bdb28397.exe
c:\Documents and Settings\Bubu\Local Settings\Temp\npp.5.0.3.Installer.exe
c:\Documents and Settings\Bubu\Local Settings\Temp\xmlUpdater.exe
c:\Documents and Settings\Bubu\Local Settings\Temp\IXP000.TMP\OSE.EXE
c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher1848\RTPatch\patch.exe
c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher2460\RTPatch\patch.exe
c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher2460\StagingArea\1423.exe
c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher2460\StagingArea\1732.exe
c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher2584\RTPatch\patch.exe
c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher2664\RTPatch\patch.exe
c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher2904\RTPatch\patch.exe
c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher3168\RTPatch\patch.exe
c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher380\RTPatch\patch.exe
c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher380\StagingArea\4185.exe
c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher3992\RTPatch\patch.exe
c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher492\RTPatch\patch.exe
c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher536\RTPatch\patch.exe
c:\Documents and Settings\Bubu\Local Settings\Temp\Patcher\Patcher696\RTPatch\patch.exe
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\Bubu\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_ZEUS.tar.gz a l'adresse http://upload.malekal.com
ENCORE MERCI
7 sept. 2008 à 23:42
... Ns, ns sommes croisé !!
Ne tiens pas compte de ma réponse publié plus haut
Bonne fin de soirée
7 sept. 2008 à 23:47