Erreur service
Fermé
Ramamy
-
noctambule28 Messages postés 2071 Date d'inscription Statut Webmaster Dernière intervention -
noctambule28 Messages postés 2071 Date d'inscription Statut Webmaster Dernière intervention -
Bonjour,
Depuis 4 jours j'ai toujours ce message quand ja'llume mon PC : "services.exe a rencontré un problème et doit fermer.", et après la machine se redemarre toujours.
J'ai vu sur un forum de scanner la machine avec hijackthis et j'ai aussi lancé diaghelp et lors du scan j'ai vu ce message
Recherche de rootkit! (Merci S!Ri)
C:\WINDOWS\system32\drivers\orean32.sys existe !
Windows m'affiche aussi le message d'erreur comme EXPLORER.EXE ...
A part ça la mise à jour automatique de mon antivirus "Antivir" a toujours un problème en m'affichant le message "internet connexion failed"
Que dois-je faire
Comptant sur votre compréhension et votre aide
Voici le rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:29:14, on 08/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PS Tray Factory\PSTrayFactory.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hamachi\hamachi.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Serveur HF\Manta.exe
C:\xampp\apache\bin\apache.exe
C:\Serveur HF\MantaManager.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\xampp\mysql\bin\mysqld-nt.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\rserver30\RServer3.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\rserver30\FamItrfc.Exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.234\Rootkit_Detective.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Administrateur\Bureau\Scanner.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [Lanceur FinePrint v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [TrayFactory] C:\Program Files\PS Tray Factory\PSTrayFactory.exe /start
O4 - HKLM\..\RunOnce: [TrayFactory] C:\Program Files\PS Tray Factory\PSTrayFactory.EXE /start
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &T&élécharger &avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &T&élécharger tout avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &T&élécharger toute vidéo avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{67E1517D-2ECF-4260-A206-050C9CD13CAD}: NameServer = 85.255.116.118;85.255.112.205
O17 - HKLM\System\CCS\Services\Tcpip\..\{845C7C2A-701D-41DE-A68B-829E7996F3EC}: NameServer = 85.255.116.118;85.255.112.205
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.118;85.255.112.205
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.118;85.255.112.205
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.116.118;85.255.112.205
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.118;85.255.112.205
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\rserver30\newtstop.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hyper File Server : INFO-DT01 - PC SOFT - C:\Serveur HF\Manta.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Installation automatique du serveur Hyper File (MantaAutoInstall) - PC SOFT - C:\Serveur HF\Manta.exe
O23 - Service: MantaManager - PC SOFT - C:\Serveur HF\MantaManager.exe
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe
O23 - Service: S3igplrta - S3 Graphics Co., Ltd. - (no file)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 12913 bytes
Et voici le rapport avec diaghelp :
DiagHelp version v1.4 - http://www.malekal.com
excute le 08/12/2008 à 9:15:26,56
Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\RUNDLL32.EXE-12E27DD0.pf -->14/05/2009 10:52:20
C:\WINDOWS\prefetch\AVWSC.EXE-347FCF75.pf -->14/05/2009 10:52:02
C:\WINDOWS\prefetch\WDTST.EXE-13257D97.pf -->02/01/2009 10:51:32
C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf -->02/01/2009 10:47:15
C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->08/12/2008 09:15:23
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->08/12/2008 09:15:16
C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->08/12/2008 09:01:11
C:\WINDOWS\prefetch\ONECLICKSTARTER.EXE-1492110E.pf -->08/12/2008 09:00:00
C:\WINDOWS\prefetch\REGEDIT.EXE-1B606482.pf -->08/12/2008 08:58:01
C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->08/12/2008 08:57:14
C:\WINDOWS\System32\drivers\Ndisprot.sys -->05/12/2008 10:15:04
C:\WINDOWS\System32\drivers\aswmon.sys -->26/11/2008 20:18:25
C:\WINDOWS\System32\drivers\aswmon2.sys -->26/11/2008 20:18:18
C:\WINDOWS\System32\drivers\aswSP.sys -->26/11/2008 20:17:36
C:\WINDOWS\System32\drivers\aswFsBlk.sys -->26/11/2008 20:17:25
C:\WINDOWS\System32\drivers\aswTdi.sys -->26/11/2008 20:16:38
C:\WINDOWS\System32\drivers\aswRdr.sys -->26/11/2008 20:16:29
C:\WINDOWS\System32\9be3C.sys -->08/12/2008 08:11:51
C:\WINDOWS\System32\d7a37.mht -->08/12/2008 08:10:51
C:\WINDOWS\System32\config.nt -->08/12/2008 07:45:03
C:\WINDOWS\System32\wpa.dbl -->08/12/2008 07:36:56
C:\WINDOWS\System32\aswBoot.exe -->26/11/2008 20:21:30
C:\WINDOWS\System32\AvastSS.scr -->26/11/2008 20:15:10
C:\WINDOWS\System32\jupdate-1.6.0_07-b06.log -->24/11/2008 15:01:25
C:\WINDOWS\System32\TuneUpDefragService.exe -->19/11/2008 15:40:12
C:\WINDOWS\System32\FNTCACHE.DAT -->18/11/2008 14:13:31
C:\WINDOWS\System32\PerfStringBackup.INI -->18/11/2008 13:32:40
C:\WINDOWS\System32\perfh00C.dat -->18/11/2008 13:32:40
C:\WINDOWS\System32\perfh009.dat -->18/11/2008 13:32:40
C:\WINDOWS\System32\perfc00C.dat -->18/11/2008 13:32:40
C:\WINDOWS\System32\perfc009.dat -->18/11/2008 13:32:40
C:\WINDOWS\System32\MsiExec.exe.log -->14/11/2008 14:57:22
C:\WINDOWS\System32\ezsidmv.dat -->14/11/2008 11:25:32
C:\WINDOWS\System32\haspdos.sys -->10/11/2008 09:48:12
C:\WINDOWS\System32\haspvdd.dll -->10/11/2008 09:48:11
C:\WINDOWS\System32\config.hsp -->10/11/2008 09:47:39
C:\WINDOWS\System32\pxinsa64.exe -->07/11/2008 11:28:58
C:\WINDOWS\System32\pxhpinst.exe -->07/11/2008 11:28:58
C:\WINDOWS\System32\pxcpya64.exe -->07/11/2008 11:28:58
C:\WINDOWS\System32\pxsfs.dll -->07/11/2008 11:28:53
C:\WINDOWS\System32\pxwma.dll -->07/11/2008 11:28:51
C:\WINDOWS\System32\pxwave.dll -->07/11/2008 11:28:51
C:\WINDOWS\setupapi.log -->08/12/2008 08:48:36
C:\WINDOWS\BRWMARK.INI -->08/12/2008 08:26:35
C:\WINDOWS\WindowsUpdate.log -->08/12/2008 07:43:15
C:\WINDOWS\0.log -->08/12/2008 07:38:57
C:\WINDOWS\TempFile -->08/12/2008 07:37:10
C:\WINDOWS\QTFont.qfn -->08/12/2008 07:37:09
C:\WINDOWS\bootstat.dat -->08/12/2008 07:36:54
C:\WINDOWS\SchedLgU.Txt -->05/12/2008 15:50:25
C:\WINDOWS\ntbtlog.txt -->05/12/2008 14:19:26
C:\WINDOWS\QTFont.for -->04/12/2008 07:33:33
C:\WINDOWS\wmsetup.log -->03/12/2008 12:31:19
C:\WINDOWS\MediaRCO.INI -->03/12/2008 11:18:31
C:\WINDOWS\3DBELOTE.INI -->03/12/2008 11:17:04
C:\WINDOWS\NeroDigital.ini -->03/12/2008 11:01:08
C:\WINDOWS\wiadebug.log -->01/12/2008 15:53:44
winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
explorer.exe pid: 1452
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
0x76f80000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x10000000 0x2f000 11.00.0000.0001 C:\WINDOWS\system32\WDShell.dll
0x00fb0000 0xe000 C:\Program Files\PS Tray Factory\HKDll.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x01a30000 0x2c6000 3.01.4000.2435 C:\WINDOWS\system32\msi.dll
0x01490000 0x11000 C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
0x014b0000 0xe000 1.09.0000.0000 C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll
0x009f0000 0x12000 C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
0x00df0000 0x10000 8.00.0000.0456 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
0x01840000 0x18000 760.00.0000.0000 C:\Program Files\Free Download Manager\iefdm2.dll
0x02240000 0x3d000 2.01.0010.0002 C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
0x75be0000 0x6e000 5.06.0000.8820 C:\WINDOWS\system32\jscript.dll
0x06d40000 0x1b8000 3.01.0000.0008 C:\Program Files\Fichiers communs\Nero\Lib\NeroDigitalExt.dll
0x781d0000 0x10f000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL
0x7c420000 0x87000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll
0x5d360000 0xf000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80FRA.DLL
0x06f30000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
0x06fa0000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x074b0000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x60510000 0x18000 2.00.50727.0042 C:\WINDOWS\system32\dfshim.dll
0x79000000 0x45000 2.00.50727.0042 C:\WINDOWS\system32\mscoree.dll
0x641f0000 0x1d000 2.00.50727.0042 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Shfusion.dll
0x60610000 0x6000 2.00.50727.0042 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Fusion.dll
0x60340000 0x8000 2.00.50727.0042 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll
0x64220000 0x18000 2.00.50727.0042 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fr\ShFusRes.dll
0x16200000 0x6000 4.01.0000.0000 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
0x01e50000 0x9000 2.00.0000.0004 C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll
0x51250000 0xe000 8.05.0000.0001 C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL
0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL
0x096f0000 0x202000 3.02.0003.0000 C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
0x74da0000 0x6c000 5.30.0023.1221 C:\WINDOWS\system32\RICHED20.dll
0x027a0000 0x3e000 3.02.0003.0000 C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll
0x782e0000 0x10f000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL
0x06cd0000 0x2e000 C:\Program Files\WinRAR\rarext.dll
0x027e0000 0x12000 7.00.0000.0015 C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL
0x072e0000 0x56000 7.10.3052.0004 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll
0x07350000 0x12000 1.01.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
0x07370000 0x29000 6.00.0000.9751 C:\Program Files\JetAudio\JetFlExt.dll
0x64f00000 0x12000 4.08.1296.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll
0x16080000 0x25000 1.00.0004.0012 C:\Program Files\Bonjour\mdnsNSP.dll
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
winlogon.exe pid: 648
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76f80000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL
Le volume dans le lecteur C s'appelle System
Le numéro de série du volume est CCEB-9A07
Répertoire de C:\WINDOWS\system32
19/08/2004 16:09 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 51 594 838 016 octets libres
Contenu de Downloaded Program Files
Le volume dans le lecteur C s'appelle System
Le numéro de série du volume est CCEB-9A07
Répertoire de C:\WINDOWS\Downloaded Program Files
06/11/2008 15:12 <REP> .
06/11/2008 15:12 <REP> ..
06/11/2008 13:30 65 desktop.ini
1 fichier(s) 65 octets
Total des fichiers listés :
1 fichier(s) 65 octets
2 Rép(s) 51 594 838 016 octets libres
Recherche de rootkit! (Merci S!Ri)
Recherche d'infections connues
Export des clefs sensibles..
Liste des fichiers en exception sur le pare-feu XP SP2
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\rserver30\\rserver3.exe"="C:\\WINDOWS\\system32\\rserver30\\rserver3.exe:*:Enabled:Radmin Server 3"
"C:\\xampp\\apache\\bin\\apache.exe"="C:\\xampp\\apache\\bin\\apache.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"G:\\Software\\Chat\\Skype Mobile\\Phone\\Skype.exe"="G:\\Software\\Chat\\Skype Mobile\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\xampp\\MercuryMail\\mercury.exe"="C:\\xampp\\MercuryMail\\mercury.exe:*:Enabled:Mercury/32 Core Processing Module v4.52"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\JDownloader.exe"="C:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\WINDOWS\\system32\\java.exe"="C:\\WINDOWS\\system32\\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\WinDev 11\\Programmes\\CC110HF.exe"="C:\\WinDev 11\\Programmes\\CC110HF.exe:*:Enabled:Centre de Contrôle Hyper File"
"C:\\WinDev 11\\Exemples\\Exemples complets\\WD ProxyPOP3\\Exe\\WD ProxyPOP3.exe"="C:\\WinDev 11\\Exemples\\Exemples complets\\WD ProxyPOP3\\Exe\\WD ProxyPOP3.exe:*:Enabled:WD ProxyPOP3"
"C:\\WinDev 11\\Exemples\\Exemples complets\\WD Utilisation du RPC\\WD Serveur de la messagerie\\Exe\\WD Serveur de la messagerie.EXE"="C:\\WinDev 11\\Exemples\\Exemples complets\\WD Utilisation du RPC\\WD Serveur de la messagerie\\Exe\\WD Serveur de la messagerie.EXE:*:Enabled:WD Serveur de la messagerie"
"C:\\WinDev 11\\Exemples\\Exemples complets\\WD Visioconférence\\Exe\\WD Visioconférence.exe"="C:\\WinDev 11\\Exemples\\Exemples complets\\WD Visioconférence\\Exe\\WD Visioconférence.exe:*:Enabled:WD Visioconférence"
"G:\\Software\\Chat\\Skype Mobile\\Skype.exe"="G:\\Software\\Chat\\Skype Mobile\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
Export de la clef SharedTaskScheduler
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
REGEDIT4
[taskmgr.exe]
exports des policies
REGEDIT4
[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 09:16:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden services & system hive ...
disk error: C:\WINDOWS\system32\config\system, 0
scanning hidden registry entries ...
disk error: C:\WINDOWS\system32\config\software, 0
disk error: C:\Documents and Settings\Administrateur\ntuser.dat, 0
scanning hidden files ...
disk error: C:\
please note that you need administrator rights to perform deep scan
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Process list by traversal of KiWaitListHead
4 - System
168 - hamachi.exe
272 - ashServ.exe
440 - fdm.exe
508 - YzShadow.exe
612 - avguard.exe
624 - csrss.exe
648 - winlogon.exe
692 - services.exe
704 - lsass.exe
872 - sched.exe
944 - svchost.exe
1076 - AppleMobileDevi
1132 - svchost.exe
1220 - mDNSResponder.e
1428 - svchost.exe
1452 - explorer.exe
1516 - svchost.exe
1544 - PSTrayFactory.e
1592 - VTTimer.exe
1620 - fpdisp5a.exe
1628 - S3Trayp.exe
1720 - avgnt.exe
1816 - iTunesHelper.ex
1824 - Manta.exe
1896 - ashDisp.exe
1932 - fppdis3a.exe
2008 - emule.exe
2036 - ApacheMonitor.e
2156 - ashMaiSv.exe
2200 - ashWebSv.exe
2220 - apache.exe
3380 - MDM.EXE
3512 - sqlservr.exe
3728 - iPodService.exe
3748 - rserver3.exe
3932 - StarWindService
4092 - FamItrfc.Exe
4460 - wscntfy.exe
4604 - TuneUpDefragSer
4744 - WinRAR.exe
4784 - cmd.exe
5016 - BitComet.exe
5344 - firefox.exe
5500 - WinRAR.exe
5956 - AdobeUpdater.ex
Total number of processes = 46
NOTE: Under WinXP, this will not show all processes.
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Driver/Module list by traversal of PsLoadedModuleList
804D7000 - \WINDOWS\system32\ntoskrnl.exe
806EC000 - \WINDOWS\system32\hal.dll
F7CE4000 - \WINDOWS\system32\KDCOM.DLL
F7BF4000 - \WINDOWS\system32\BOOTVID.dll
F76C6000 - spht.sys
F7CE6000 - \WINDOWS\System32\Drivers\WMILIB.SYS
F76AE000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS
F767F000 - ACPI.sys
F766E000 - pci.sys
F77E4000 - isapnp.sys
F7DAC000 - pciide.sys
F7A64000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
F7CE8000 - viaide.sys
F77F4000 - MountMgr.sys
F764F000 - ftdisk.sys
F7CEA000 - dmload.sys
F7629000 - dmio.sys
F7A6C000 - PartMgr.sys
F7A74000 - videX32.sys
F7804000 - ViBus.sys
F7814000 - VolSnap.sys
F7611000 - atapi.sys
F7824000 - ViPrt.sys
F7834000 - disk.sys
F7844000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
F75F2000 - fltMgr.sys
F7854000 - PxHelp20.sys
F75DB000 - KSecDD.sys
F754E000 - Ntfs.sys
F7521000 - NDIS.sys
F7864000 - uagp35.sys
F7506000 - Mup.sys
F6F10000 - \SystemRoot\system32\DRIVERS\intelppm.sys
F6DCB000 - \SystemRoot\system32\DRIVERS\S3gIGPm.sys
F6DB7000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
F6F00000 - \SystemRoot\system32\DRIVERS\imapi.sys
F7B1C000 - \SystemRoot\System32\Drivers\ElbyCDFL.sys
F6EF0000 - \SystemRoot\system32\DRIVERS\cdrom.sys
F6EE0000 - \SystemRoot\system32\DRIVERS\redbook.sys
F6D94000 - \SystemRoot\system32\DRIVERS\ks.sys
F7CBC000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys
F7B24000 - \SystemRoot\system32\DRIVERS\usbuhci.sys
F6D71000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
F7B2C000 - \SystemRoot\system32\DRIVERS\usbehci.sys
F6D60000 - \SystemRoot\system32\DRIVERS\serial.sys
F7CC4000 - \SystemRoot\system32\DRIVERS\serenum.sys
F7B34000 - \SystemRoot\system32\DRIVERS\fdc.sys
F6D0B000 - \SystemRoot\system32\DRIVERS\parport.sys
F6ED0000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
F7B3C000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
F7B44000 - \SystemRoot\system32\DRIVERS\mouclass.sys
F6EC0000 - \SystemRoot\system32\DRIVERS\fetnd5bv.sys
F6CA6000 - \SystemRoot\System32\Drivers\arfcbyie.SYS
F7E81000 - \SystemRoot\system32\DRIVERS\rminiv3.sys
F7E82000 - \SystemRoot\system32\DRIVERS\audstub.sys
F6EA0000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
F74C6000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
F6C8F000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
F6E90000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
F6E80000 - \SystemRoot\system32\DRIVERS\raspptp.sys
F7B94000 - \SystemRoot\system32\DRIVERS\TDI.SYS
F6C7E000 - \SystemRoot\system32\DRIVERS\psched.sys
F78D4000 - \SystemRoot\system32\DRIVERS\msgpc.sys
F7B9C000 - \SystemRoot\system32\DRIVERS\ptilink.sys
F7BA4000 - \SystemRoot\system32\DRIVERS\raspti.sys
F7BAC000 - \SystemRoot\system32\DRIVERS\hamachi.sys
F6645000 - \SystemRoot\system32\DRIVERS\rdpdr.sys
F7914000 - \SystemRoot\system32\DRIVERS\termdd.sys
F7D1E000 - \SystemRoot\system32\DRIVERS\swenum.sys
F6611000 - \SystemRoot\system32\DRIVERS\update.sys
F7C90000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
F7934000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F7974000 - \SystemRoot\system32\DRIVERS\usbhub.sys
F7D20000 - \SystemRoot\system32\DRIVERS\USBD.SYS
F7BC4000 - \SystemRoot\system32\DRIVERS\flpydisk.sys
F7D22000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F7E69000 - \SystemRoot\System32\Drivers\Null.SYS
F7D24000 - \SystemRoot\System32\Drivers\Beep.SYS
F7984000 - \??\C:\WINDOWS\system32\rserver30\raddrvv3.sys
F7BD4000 - \SystemRoot\System32\drivers\vga.sys
F7D26000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F7D28000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F7BDC000 - \SystemRoot\System32\Drivers\Msfs.SYS
F7BEC000 - \SystemRoot\System32\Drivers\Npfs.SYS
F7CE0000 - \SystemRoot\system32\DRIVERS\rasacd.sys
F54E1000 - \SystemRoot\system32\DRIVERS\ipsec.sys
F5489000 - \SystemRoot\system32\DRIVERS\tcpip.sys
F79A4000 - \SystemRoot\System32\Drivers\aswTdi.SYS
F5461000 - \SystemRoot\system32\DRIVERS\netbt.sys
F543F000 - \SystemRoot\System32\drivers\afd.sys
F79B4000 - \SystemRoot\system32\DRIVERS\netbios.sys
F7A8C000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys
F5413000 - \SystemRoot\system32\DRIVERS\rdbss.sys
F7E56000 - \SystemRoot\System32\Drivers\PQNTDrv.SYS
F79C4000 - \??\C:\WINDOWS\system32\drivers\oreans32.sys
F7A94000 - \systemroot\system32\drivers\Ndisprot.sys
F537C000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
F79D4000 - \SystemRoot\System32\Drivers\Fips.SYS
F535B000 - \SystemRoot\system32\DRIVERS\ipnat.sys
F79E4000 - \SystemRoot\system32\DRIVERS\wanarp.sys
F534A000 - \SystemRoot\system32\DRIVERS\avipbb.sys
F7D2E000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
F532A000 - \SystemRoot\System32\Drivers\aswSP.SYS
F7AA4000 - \SystemRoot\System32\Drivers\Aavmker4.SYS
F5307000 - \SystemRoot\System32\Drivers\Fastfat.SYS
F78F4000 - \SystemRoot\System32\Drivers\dump_ViPrt.sys
BF800000 - \SystemRoot\System32\win32k.sys
F7ABC000 - \SystemRoot\System32\watchdog.sys
F65DF000 - \SystemRoot\System32\drivers\Dxapi.sys
BF000000 - \SystemRoot\System32\drivers\dxg.sys
F7EB4000 - \SystemRoot\System32\drivers\dxgthk.sys
BF012000 - \SystemRoot\System32\S3gIGP.dll
BF0F1000 - \SystemRoot\System32\s3ginv.dll
F7B04000 - \SystemRoot\system32\DRIVERS\aswFsBlk.sys
F020F000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
F008D000 - \SystemRoot\System32\Drivers\aswMon2.SYS
EFE80000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
BFFA0000 - \SystemRoot\System32\ATMFD.DLL
EFAE8000 - \??\C:\WINDOWS\system32\drivers\Haspnt.sys
F7D96000 - \SystemRoot\System32\Drivers\ParVdm.SYS
EFC08000 - \SystemRoot\System32\Drivers\Cdfs.SYS
EF9E4000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
EFAE0000 - \SystemRoot\System32\Drivers\ElbyCDIO.sys
EF914000 - \??\C:\WINDOWS\system32\drivers\hardlock.sys
EF871000 - \SystemRoot\system32\DRIVERS\srv.sys
F52FF000 - \SystemRoot\System32\Drivers\aswRdr.SYS
EEBD9000 - \??\C:\WINDOWS\system32\9be3C.sys
F7DC8000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys
F7BCC000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS
Total number of drivers = 129
Liste des programmes installes
40 leçons pour parler anglais
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Illustrator 10
Adobe InDesign 2.0
Adobe Photoshop CS
Adobe Reader 8.1.2 - Français
Adobe SVG Viewer 3.0
Advanced RAR Password Recovery (remove only)
AIDA32 v3.93
Analyseur MSXML 6.0
Apache HTTP Server 2.0.55
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
avast! Antivirus
Avira AntiVir Personal - Free Antivirus
BitComet 1.06
Bonjour
Cimaware OfficeFIX 6
CloneCD
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Download Accelerator Plus (DAP)
Download Direct
eMule
Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français)
FinePrint
Free Download Manager 2.5
GetDataBack for FAT
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Hamachi 1.0.3.0
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hyper File : INFO-DT01
Hyper File Manager
iTunes
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 7
JDownloader 0.3.342 Rus
jetAudio Basic
Launcher 5
Malwarebytes' Anti-Malware
Micro Application - Dictionnaires Complets Anglais-Français
Microsoft .NET Compact Framework 1.0 SP3 Developer
Microsoft .NET Compact Framework 2.0
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Language Pack - FRA
Microsoft Device Emulator version 1.0 - FRA
Microsoft Document Explorer 2005
Microsoft Document Explorer 2005
Microsoft Document Explorer 2005 Language Pack - FRA
Microsoft Office Professional Edition 2003
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Mobile [FRA] Developer Tools
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server 7.0
Microsoft SQL Server Native Client
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2005 Team Edition for Software Developers - FRA
Microsoft Visual Studio 2005 Team Edition for Software Developers - FRA
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft VM for Java
Microsoft Web Publishing Wizard 1.53
Microsoft XML Parser
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
Module de prise en charge linguistique de Microsoft Document Explorer 2005 - FRA
Mozilla Firefox (3.0.4)
MpcStar 3.3
Nero 8 Essentials
neroxml
Pack Vista Inspirat 2 1.0
PartitionMagic
PDFCreator
PDFCreator Toolbar
pdfFactory Pro
Platform
PowerQuest PartitionMagic 8.0
PS Tray Factory 2.52
QuickTime
Radmin Server 3.1
RAR Password Recovery v1.1 RC16 (remove only)
RealPlayer
Realtek AC'97 Audio
Realtek High Definition Audio Driver
Skype™ 3.8
Software Informer 1.0 BETA
SuperCopier2
TuneUp Utilities 2008
VIA Display Driver 6.14.10.0099
VIA Gestionnaire de périphériques de plate-forme
VIA Rhine-Family Fast-Ethernet Adapter
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
WinRAR archiver
WinZip
XAMPP 1.6.5
Yahoo! Messenger
Yahoo! Toolbar
Le volume dans le lecteur C s'appelle System
Le numéro de série du volume est CCEB-9A07
Répertoire de C:\Program Files
05/12/2008 14:17 <REP> .
05/12/2008 14:17 <REP> ..
07/11/2008 11:08 <REP> Adobe
14/11/2008 13:44 <REP> AIDA32 - Personal System Information
07/11/2008 08:19 <REP> Alcohol Soft
06/11/2008 14:58 <REP> Alwil Software
10/11/2008 09:51 <REP> Apache Group
07/11/2008 08:44 <REP> Apple Software Update
14/11/2008 14:39 <REP> AskTBar
06/11/2008 15:00 <REP> Avira
14/11/2008 14:26 <REP> AvRack
03/12/2008 12:34 <REP> BitComet
04/12/2008 12:43 <REP> BitComet Acceleration Patch
04/12/2008 11:49 <REP> Bonjour
26/11/2008 13:22 <REP> CC Hyper File
14/11/2008 08:07 <REP> CE Remote Tools
17/11/2008 10:03 <REP> Cimaware
06/11/2008 15:21 <REP> ComPlus Applications
06/11/2008 14:57 <REP> DAP
14/11/2008 15:04 <REP> DivX
21/11/2008 09:19 <REP> Download Direct
12/11/2008 12:49 <REP> ElcomSoft
08/12/2008 07:37 <REP> eMule
19/11/2008 15:38 <REP> Fichiers communs
06/11/2008 14:53 <REP> Free Download Manager
06/11/2008 14:54 <REP> Google
06/11/2008 14:45 <REP> Hamachi
17/11/2008 12:49 <REP> HAVAS Poche
14/11/2008 08:15 <REP> HTML Help Workshop
12/11/2008 08:57 <REP> Intelore
07/11/2008 13:09 <REP> Internet Explorer
07/11/2008 08:46 <REP> iPod
07/11/2008 08:46 <REP> iTunes
24/11/2008 15:01 <REP> Java
03/12/2008 13:53 <REP> JDownloader
26/11/2008 14:24 <REP> JetAudio
18/11/2008 11:25 <REP> Launcher
21/11/2008 11:37 <REP> Malwarebytes' Anti-Malware
06/11/2008 13:28 <REP> Messenger
03/12/2008 11:17 <REP> Micro Application
14/11/2008 08:22 <REP> Microsoft Device Emulator
18/11/2008 13:44 <REP> Microsoft Office
14/11/2008 08:37 <REP> Microsoft SQL Server
14/11/2008 08:22 <REP> Microsoft SQL Server 2005 Mobile Edition
06/11/2008 15:12 <REP> Microsoft Visual Studio
18/11/2008 09:52 <REP> Microsoft Visual Studio 8
18/11/2008 13:44 <REP> Microsoft Works
14/11/2008 08:33 <REP> Microsoft.NET
06/11/2008 14:14 <REP> Morefun
06/11/2008 13:29 <REP> Movie Maker
08/12/2008 08:02 <REP> Mozilla Firefox
03/12/2008 12:32 <REP> MpcStar
18/11/2008 09:52 <REP> MSBuild
06/11/2008 13:27 <REP> MSN
06/11/2008 13:27 <REP> MSN Gaming Zone
14/11/2008 14:53 <REP> Nero
14/11/2008 14:59 <REP> NeroInstall.bak
06/11/2008 13:29 <REP> NetMeeting
19/11/2008 12:58 <REP> New_Badge
06/11/2008 13:29 <REP> Outlook Express
06/11/2008 14:19 <REP> PDFCreator
06/11/2008 14:19 <REP> PDFCreator Toolbar
06/11/2008 14:02 <REP> PowerQuest
05/12/2008 09:17 <REP> PS Tray Factory
03/12/2008 12:31 <REP> QuickTime
11/11/2008 07:57 <REP> Rapidown
07/11/2008 08:57 <REP> Real
14/11/2008 13:52 <REP> Realtek
14/11/2008 14:26 <REP> Realtek AC97
14/11/2008 14:26 <REP> Realtek Sound Manager
14/11/2008 08:18 <REP> Runtime Software
06/11/2008 13:42 <REP> S3
06/11/2008 13:30 <REP> Services en ligne
07/11/2008 08:29 <REP> SlySoft
06/11/2008 14:52 <REP> Software Informer
10/11/2008 12:45 <REP> SuperCopier2
28/11/2008 14:57 <REP> Tache Calendrier
19/11/2008 15:40 <REP> TuneUp Utilities 2008
06/11/2008 13:39 <REP> VIA
06/11/2008 15:12 <REP> Web Publish
06/11/2008 15:33 <REP> win'design
14/11/2008 14:52 <REP> Windows Media Player
06/11/2008 13:27 <REP> Windows NT
06/11/2008 13:53 <REP> WinRAR
06/11/2008 13:55 <REP> WinZip
11/11/2008 11:43 <REP> Yahoo!
0 fichier(s) 0 octets
86 Rép(s) 51 593 248 768 octets libres
Le volume dans le lecteur C s'appelle System
Le numéro de série du volume est CCEB-9A07
Répertoire de C:\Program Files\fichiers communs
19/11/2008 15:38 <REP> .
19/11/2008 15:38 <REP> ..
07/11/2008 11:09 <REP> Adobe
07/11/2008 10:29 <REP> Adobe Systems Shared
07/11/2008 08:44 <REP> Apple
14/11/2008 08:08 <REP> Business Objects
07/11/2008 08:48 <REP> COWON
06/11/2008 15:12 <REP> DESIGNER
07/11/2008 11:06 <REP> InstallShield
07/11/2008 08:33 <REP> Java
06/11/2008 15:29 <REP> Jetstream Shared
14/11/2008 08:15 <REP> Merge Modules
18/11/2008 13:45 <REP> Microsoft Shared
06/11/2008 13:29 <REP> MSSoap
14/11/2008 14:56 <REP> Nero
06/11/2008 16:22 <REP> ODBC
10/11/2008 09:12 <REP> PC SOFT
07/11/2008 08:57 <REP> Real
06/11/2008 13:29 <REP> Services
14/11/2008 11:24 <REP> Skype
06/11/2008 16:22 <REP> SpeechEngines
18/11/2008 13:30 <REP> System
19/11/2008 15:38 <REP> Wise Installation Wizard
07/11/2008 08:57 <REP> xing shared
0 fichier(s) 0 octets
24 Rép(s) 51 593 248 768 octets libres
Le volume dans le lecteur C s'appelle System
Le numéro de série du volume est CCEB-9A07
Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders
17/11/2008 11:15 <REP> .
17/11/2008 11:15 <REP> ..
17/11/2008 08:04 <REP> 1033
17/11/2008 11:22 <REP> 1036
26/10/2006 19:49 970 528 MSONSEXT.DLL
26/10/2006 20:12 40 256 MSOSV.DLL
03/06/1999 12:09 122 937 MSOWS409.DLL
07/03/2001 07:00 127 033 MSOWS40c.DLL
11/07/2003 02:25 80 448 PKMWS.DLL
5 fichier(s) 1 341 202 octets
4 Rép(s) 51 593 248 768 octets libres
Attention : C:\autorun.inf existe
[autorun]
;vsognbpvsgjpfkawbejqsvclirlydtjbwozorpnbqeyvmwtlphoiybuufredsahzcxpukuuljeccbtrfbrtxcyhqrlkrfpillo
shellexecute="resycled\boot.com c:"
;dodaeiqzrsvutlokhpsubmeaksqorckixmxuugnjjolawnarboknyxzkzsrrtlytc
shell\Open\command="resycled\boot.com
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\MailWasher.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
c:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\d3zu002d.default\FlashGot.exe
c:\Documents and Settings\Administrateur\Bureau\Scanner.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\catchme.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\diff.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\dumphive.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\find2.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\Fport.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\grep.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\gzip.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\LFiles.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\md5sums.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\pslist.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\sigcheck.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\streams.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\swreg.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\tar.exe
c:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.234\Rootkit_Detective.exe
c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.7.1.11\SetupAdmin.exe
c:\Documents and Settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
c:\WinDev 11\Composants\Composants exemples\WD DerniersDocuments\WD DerniersDocuments - Exemple\Exe\WD DerniersDocuments - Exemple.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Services Windows Live\Services Windows Live.dll
c:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\d3zu002d.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4917baed\ave2\aecore.dll
c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4917baed\ave2\aegen.dll
c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4917baed\ave2\aehelp.dll
c:\Documents and Settings\All Users\Application Data\Nero\DrWeb\Drweb32.dll
c:\Documents and Settings\All Users\Application Data\SpeedBit\DAP\Updates\Condition.dll
****** Fin du rapport DiagHelp
Depuis 4 jours j'ai toujours ce message quand ja'llume mon PC : "services.exe a rencontré un problème et doit fermer.", et après la machine se redemarre toujours.
J'ai vu sur un forum de scanner la machine avec hijackthis et j'ai aussi lancé diaghelp et lors du scan j'ai vu ce message
Recherche de rootkit! (Merci S!Ri)
C:\WINDOWS\system32\drivers\orean32.sys existe !
Windows m'affiche aussi le message d'erreur comme EXPLORER.EXE ...
A part ça la mise à jour automatique de mon antivirus "Antivir" a toujours un problème en m'affichant le message "internet connexion failed"
Que dois-je faire
Comptant sur votre compréhension et votre aide
Voici le rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:29:14, on 08/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PS Tray Factory\PSTrayFactory.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hamachi\hamachi.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Serveur HF\Manta.exe
C:\xampp\apache\bin\apache.exe
C:\Serveur HF\MantaManager.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\xampp\mysql\bin\mysqld-nt.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\rserver30\RServer3.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\rserver30\FamItrfc.Exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.234\Rootkit_Detective.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Administrateur\Bureau\Scanner.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [Lanceur FinePrint v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [TrayFactory] C:\Program Files\PS Tray Factory\PSTrayFactory.exe /start
O4 - HKLM\..\RunOnce: [TrayFactory] C:\Program Files\PS Tray Factory\PSTrayFactory.EXE /start
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &T&élécharger &avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &T&élécharger tout avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &T&élécharger toute vidéo avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{67E1517D-2ECF-4260-A206-050C9CD13CAD}: NameServer = 85.255.116.118;85.255.112.205
O17 - HKLM\System\CCS\Services\Tcpip\..\{845C7C2A-701D-41DE-A68B-829E7996F3EC}: NameServer = 85.255.116.118;85.255.112.205
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.118;85.255.112.205
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.118;85.255.112.205
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.116.118;85.255.112.205
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.118;85.255.112.205
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\rserver30\newtstop.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hyper File Server : INFO-DT01 - PC SOFT - C:\Serveur HF\Manta.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Installation automatique du serveur Hyper File (MantaAutoInstall) - PC SOFT - C:\Serveur HF\Manta.exe
O23 - Service: MantaManager - PC SOFT - C:\Serveur HF\MantaManager.exe
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe
O23 - Service: S3igplrta - S3 Graphics Co., Ltd. - (no file)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 12913 bytes
Et voici le rapport avec diaghelp :
DiagHelp version v1.4 - http://www.malekal.com
excute le 08/12/2008 à 9:15:26,56
Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\RUNDLL32.EXE-12E27DD0.pf -->14/05/2009 10:52:20
C:\WINDOWS\prefetch\AVWSC.EXE-347FCF75.pf -->14/05/2009 10:52:02
C:\WINDOWS\prefetch\WDTST.EXE-13257D97.pf -->02/01/2009 10:51:32
C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf -->02/01/2009 10:47:15
C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->08/12/2008 09:15:23
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->08/12/2008 09:15:16
C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->08/12/2008 09:01:11
C:\WINDOWS\prefetch\ONECLICKSTARTER.EXE-1492110E.pf -->08/12/2008 09:00:00
C:\WINDOWS\prefetch\REGEDIT.EXE-1B606482.pf -->08/12/2008 08:58:01
C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->08/12/2008 08:57:14
C:\WINDOWS\System32\drivers\Ndisprot.sys -->05/12/2008 10:15:04
C:\WINDOWS\System32\drivers\aswmon.sys -->26/11/2008 20:18:25
C:\WINDOWS\System32\drivers\aswmon2.sys -->26/11/2008 20:18:18
C:\WINDOWS\System32\drivers\aswSP.sys -->26/11/2008 20:17:36
C:\WINDOWS\System32\drivers\aswFsBlk.sys -->26/11/2008 20:17:25
C:\WINDOWS\System32\drivers\aswTdi.sys -->26/11/2008 20:16:38
C:\WINDOWS\System32\drivers\aswRdr.sys -->26/11/2008 20:16:29
C:\WINDOWS\System32\9be3C.sys -->08/12/2008 08:11:51
C:\WINDOWS\System32\d7a37.mht -->08/12/2008 08:10:51
C:\WINDOWS\System32\config.nt -->08/12/2008 07:45:03
C:\WINDOWS\System32\wpa.dbl -->08/12/2008 07:36:56
C:\WINDOWS\System32\aswBoot.exe -->26/11/2008 20:21:30
C:\WINDOWS\System32\AvastSS.scr -->26/11/2008 20:15:10
C:\WINDOWS\System32\jupdate-1.6.0_07-b06.log -->24/11/2008 15:01:25
C:\WINDOWS\System32\TuneUpDefragService.exe -->19/11/2008 15:40:12
C:\WINDOWS\System32\FNTCACHE.DAT -->18/11/2008 14:13:31
C:\WINDOWS\System32\PerfStringBackup.INI -->18/11/2008 13:32:40
C:\WINDOWS\System32\perfh00C.dat -->18/11/2008 13:32:40
C:\WINDOWS\System32\perfh009.dat -->18/11/2008 13:32:40
C:\WINDOWS\System32\perfc00C.dat -->18/11/2008 13:32:40
C:\WINDOWS\System32\perfc009.dat -->18/11/2008 13:32:40
C:\WINDOWS\System32\MsiExec.exe.log -->14/11/2008 14:57:22
C:\WINDOWS\System32\ezsidmv.dat -->14/11/2008 11:25:32
C:\WINDOWS\System32\haspdos.sys -->10/11/2008 09:48:12
C:\WINDOWS\System32\haspvdd.dll -->10/11/2008 09:48:11
C:\WINDOWS\System32\config.hsp -->10/11/2008 09:47:39
C:\WINDOWS\System32\pxinsa64.exe -->07/11/2008 11:28:58
C:\WINDOWS\System32\pxhpinst.exe -->07/11/2008 11:28:58
C:\WINDOWS\System32\pxcpya64.exe -->07/11/2008 11:28:58
C:\WINDOWS\System32\pxsfs.dll -->07/11/2008 11:28:53
C:\WINDOWS\System32\pxwma.dll -->07/11/2008 11:28:51
C:\WINDOWS\System32\pxwave.dll -->07/11/2008 11:28:51
C:\WINDOWS\setupapi.log -->08/12/2008 08:48:36
C:\WINDOWS\BRWMARK.INI -->08/12/2008 08:26:35
C:\WINDOWS\WindowsUpdate.log -->08/12/2008 07:43:15
C:\WINDOWS\0.log -->08/12/2008 07:38:57
C:\WINDOWS\TempFile -->08/12/2008 07:37:10
C:\WINDOWS\QTFont.qfn -->08/12/2008 07:37:09
C:\WINDOWS\bootstat.dat -->08/12/2008 07:36:54
C:\WINDOWS\SchedLgU.Txt -->05/12/2008 15:50:25
C:\WINDOWS\ntbtlog.txt -->05/12/2008 14:19:26
C:\WINDOWS\QTFont.for -->04/12/2008 07:33:33
C:\WINDOWS\wmsetup.log -->03/12/2008 12:31:19
C:\WINDOWS\MediaRCO.INI -->03/12/2008 11:18:31
C:\WINDOWS\3DBELOTE.INI -->03/12/2008 11:17:04
C:\WINDOWS\NeroDigital.ini -->03/12/2008 11:01:08
C:\WINDOWS\wiadebug.log -->01/12/2008 15:53:44
winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
explorer.exe pid: 1452
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
0x76f80000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x10000000 0x2f000 11.00.0000.0001 C:\WINDOWS\system32\WDShell.dll
0x00fb0000 0xe000 C:\Program Files\PS Tray Factory\HKDll.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x01a30000 0x2c6000 3.01.4000.2435 C:\WINDOWS\system32\msi.dll
0x01490000 0x11000 C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
0x014b0000 0xe000 1.09.0000.0000 C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll
0x009f0000 0x12000 C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
0x00df0000 0x10000 8.00.0000.0456 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
0x01840000 0x18000 760.00.0000.0000 C:\Program Files\Free Download Manager\iefdm2.dll
0x02240000 0x3d000 2.01.0010.0002 C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
0x75be0000 0x6e000 5.06.0000.8820 C:\WINDOWS\system32\jscript.dll
0x06d40000 0x1b8000 3.01.0000.0008 C:\Program Files\Fichiers communs\Nero\Lib\NeroDigitalExt.dll
0x781d0000 0x10f000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL
0x7c420000 0x87000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll
0x5d360000 0xf000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80FRA.DLL
0x06f30000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
0x06fa0000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x074b0000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x60510000 0x18000 2.00.50727.0042 C:\WINDOWS\system32\dfshim.dll
0x79000000 0x45000 2.00.50727.0042 C:\WINDOWS\system32\mscoree.dll
0x641f0000 0x1d000 2.00.50727.0042 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Shfusion.dll
0x60610000 0x6000 2.00.50727.0042 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Fusion.dll
0x60340000 0x8000 2.00.50727.0042 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll
0x64220000 0x18000 2.00.50727.0042 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fr\ShFusRes.dll
0x16200000 0x6000 4.01.0000.0000 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
0x01e50000 0x9000 2.00.0000.0004 C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll
0x51250000 0xe000 8.05.0000.0001 C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL
0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL
0x096f0000 0x202000 3.02.0003.0000 C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
0x74da0000 0x6c000 5.30.0023.1221 C:\WINDOWS\system32\RICHED20.dll
0x027a0000 0x3e000 3.02.0003.0000 C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll
0x782e0000 0x10f000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL
0x06cd0000 0x2e000 C:\Program Files\WinRAR\rarext.dll
0x027e0000 0x12000 7.00.0000.0015 C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL
0x072e0000 0x56000 7.10.3052.0004 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll
0x07350000 0x12000 1.01.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
0x07370000 0x29000 6.00.0000.9751 C:\Program Files\JetAudio\JetFlExt.dll
0x64f00000 0x12000 4.08.1296.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll
0x16080000 0x25000 1.00.0004.0012 C:\Program Files\Bonjour\mdnsNSP.dll
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
winlogon.exe pid: 648
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76f80000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL
Le volume dans le lecteur C s'appelle System
Le numéro de série du volume est CCEB-9A07
Répertoire de C:\WINDOWS\system32
19/08/2004 16:09 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 51 594 838 016 octets libres
Contenu de Downloaded Program Files
Le volume dans le lecteur C s'appelle System
Le numéro de série du volume est CCEB-9A07
Répertoire de C:\WINDOWS\Downloaded Program Files
06/11/2008 15:12 <REP> .
06/11/2008 15:12 <REP> ..
06/11/2008 13:30 65 desktop.ini
1 fichier(s) 65 octets
Total des fichiers listés :
1 fichier(s) 65 octets
2 Rép(s) 51 594 838 016 octets libres
Recherche de rootkit! (Merci S!Ri)
Recherche d'infections connues
Export des clefs sensibles..
Liste des fichiers en exception sur le pare-feu XP SP2
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\rserver30\\rserver3.exe"="C:\\WINDOWS\\system32\\rserver30\\rserver3.exe:*:Enabled:Radmin Server 3"
"C:\\xampp\\apache\\bin\\apache.exe"="C:\\xampp\\apache\\bin\\apache.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"G:\\Software\\Chat\\Skype Mobile\\Phone\\Skype.exe"="G:\\Software\\Chat\\Skype Mobile\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\xampp\\MercuryMail\\mercury.exe"="C:\\xampp\\MercuryMail\\mercury.exe:*:Enabled:Mercury/32 Core Processing Module v4.52"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\JDownloader.exe"="C:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\WINDOWS\\system32\\java.exe"="C:\\WINDOWS\\system32\\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\WinDev 11\\Programmes\\CC110HF.exe"="C:\\WinDev 11\\Programmes\\CC110HF.exe:*:Enabled:Centre de Contrôle Hyper File"
"C:\\WinDev 11\\Exemples\\Exemples complets\\WD ProxyPOP3\\Exe\\WD ProxyPOP3.exe"="C:\\WinDev 11\\Exemples\\Exemples complets\\WD ProxyPOP3\\Exe\\WD ProxyPOP3.exe:*:Enabled:WD ProxyPOP3"
"C:\\WinDev 11\\Exemples\\Exemples complets\\WD Utilisation du RPC\\WD Serveur de la messagerie\\Exe\\WD Serveur de la messagerie.EXE"="C:\\WinDev 11\\Exemples\\Exemples complets\\WD Utilisation du RPC\\WD Serveur de la messagerie\\Exe\\WD Serveur de la messagerie.EXE:*:Enabled:WD Serveur de la messagerie"
"C:\\WinDev 11\\Exemples\\Exemples complets\\WD Visioconférence\\Exe\\WD Visioconférence.exe"="C:\\WinDev 11\\Exemples\\Exemples complets\\WD Visioconférence\\Exe\\WD Visioconférence.exe:*:Enabled:WD Visioconférence"
"G:\\Software\\Chat\\Skype Mobile\\Skype.exe"="G:\\Software\\Chat\\Skype Mobile\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
Export de la clef SharedTaskScheduler
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
REGEDIT4
[taskmgr.exe]
exports des policies
REGEDIT4
[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 09:16:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden services & system hive ...
disk error: C:\WINDOWS\system32\config\system, 0
scanning hidden registry entries ...
disk error: C:\WINDOWS\system32\config\software, 0
disk error: C:\Documents and Settings\Administrateur\ntuser.dat, 0
scanning hidden files ...
disk error: C:\
please note that you need administrator rights to perform deep scan
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Process list by traversal of KiWaitListHead
4 - System
168 - hamachi.exe
272 - ashServ.exe
440 - fdm.exe
508 - YzShadow.exe
612 - avguard.exe
624 - csrss.exe
648 - winlogon.exe
692 - services.exe
704 - lsass.exe
872 - sched.exe
944 - svchost.exe
1076 - AppleMobileDevi
1132 - svchost.exe
1220 - mDNSResponder.e
1428 - svchost.exe
1452 - explorer.exe
1516 - svchost.exe
1544 - PSTrayFactory.e
1592 - VTTimer.exe
1620 - fpdisp5a.exe
1628 - S3Trayp.exe
1720 - avgnt.exe
1816 - iTunesHelper.ex
1824 - Manta.exe
1896 - ashDisp.exe
1932 - fppdis3a.exe
2008 - emule.exe
2036 - ApacheMonitor.e
2156 - ashMaiSv.exe
2200 - ashWebSv.exe
2220 - apache.exe
3380 - MDM.EXE
3512 - sqlservr.exe
3728 - iPodService.exe
3748 - rserver3.exe
3932 - StarWindService
4092 - FamItrfc.Exe
4460 - wscntfy.exe
4604 - TuneUpDefragSer
4744 - WinRAR.exe
4784 - cmd.exe
5016 - BitComet.exe
5344 - firefox.exe
5500 - WinRAR.exe
5956 - AdobeUpdater.ex
Total number of processes = 46
NOTE: Under WinXP, this will not show all processes.
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Driver/Module list by traversal of PsLoadedModuleList
804D7000 - \WINDOWS\system32\ntoskrnl.exe
806EC000 - \WINDOWS\system32\hal.dll
F7CE4000 - \WINDOWS\system32\KDCOM.DLL
F7BF4000 - \WINDOWS\system32\BOOTVID.dll
F76C6000 - spht.sys
F7CE6000 - \WINDOWS\System32\Drivers\WMILIB.SYS
F76AE000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS
F767F000 - ACPI.sys
F766E000 - pci.sys
F77E4000 - isapnp.sys
F7DAC000 - pciide.sys
F7A64000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
F7CE8000 - viaide.sys
F77F4000 - MountMgr.sys
F764F000 - ftdisk.sys
F7CEA000 - dmload.sys
F7629000 - dmio.sys
F7A6C000 - PartMgr.sys
F7A74000 - videX32.sys
F7804000 - ViBus.sys
F7814000 - VolSnap.sys
F7611000 - atapi.sys
F7824000 - ViPrt.sys
F7834000 - disk.sys
F7844000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
F75F2000 - fltMgr.sys
F7854000 - PxHelp20.sys
F75DB000 - KSecDD.sys
F754E000 - Ntfs.sys
F7521000 - NDIS.sys
F7864000 - uagp35.sys
F7506000 - Mup.sys
F6F10000 - \SystemRoot\system32\DRIVERS\intelppm.sys
F6DCB000 - \SystemRoot\system32\DRIVERS\S3gIGPm.sys
F6DB7000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
F6F00000 - \SystemRoot\system32\DRIVERS\imapi.sys
F7B1C000 - \SystemRoot\System32\Drivers\ElbyCDFL.sys
F6EF0000 - \SystemRoot\system32\DRIVERS\cdrom.sys
F6EE0000 - \SystemRoot\system32\DRIVERS\redbook.sys
F6D94000 - \SystemRoot\system32\DRIVERS\ks.sys
F7CBC000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys
F7B24000 - \SystemRoot\system32\DRIVERS\usbuhci.sys
F6D71000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
F7B2C000 - \SystemRoot\system32\DRIVERS\usbehci.sys
F6D60000 - \SystemRoot\system32\DRIVERS\serial.sys
F7CC4000 - \SystemRoot\system32\DRIVERS\serenum.sys
F7B34000 - \SystemRoot\system32\DRIVERS\fdc.sys
F6D0B000 - \SystemRoot\system32\DRIVERS\parport.sys
F6ED0000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
F7B3C000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
F7B44000 - \SystemRoot\system32\DRIVERS\mouclass.sys
F6EC0000 - \SystemRoot\system32\DRIVERS\fetnd5bv.sys
F6CA6000 - \SystemRoot\System32\Drivers\arfcbyie.SYS
F7E81000 - \SystemRoot\system32\DRIVERS\rminiv3.sys
F7E82000 - \SystemRoot\system32\DRIVERS\audstub.sys
F6EA0000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
F74C6000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
F6C8F000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
F6E90000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
F6E80000 - \SystemRoot\system32\DRIVERS\raspptp.sys
F7B94000 - \SystemRoot\system32\DRIVERS\TDI.SYS
F6C7E000 - \SystemRoot\system32\DRIVERS\psched.sys
F78D4000 - \SystemRoot\system32\DRIVERS\msgpc.sys
F7B9C000 - \SystemRoot\system32\DRIVERS\ptilink.sys
F7BA4000 - \SystemRoot\system32\DRIVERS\raspti.sys
F7BAC000 - \SystemRoot\system32\DRIVERS\hamachi.sys
F6645000 - \SystemRoot\system32\DRIVERS\rdpdr.sys
F7914000 - \SystemRoot\system32\DRIVERS\termdd.sys
F7D1E000 - \SystemRoot\system32\DRIVERS\swenum.sys
F6611000 - \SystemRoot\system32\DRIVERS\update.sys
F7C90000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
F7934000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F7974000 - \SystemRoot\system32\DRIVERS\usbhub.sys
F7D20000 - \SystemRoot\system32\DRIVERS\USBD.SYS
F7BC4000 - \SystemRoot\system32\DRIVERS\flpydisk.sys
F7D22000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F7E69000 - \SystemRoot\System32\Drivers\Null.SYS
F7D24000 - \SystemRoot\System32\Drivers\Beep.SYS
F7984000 - \??\C:\WINDOWS\system32\rserver30\raddrvv3.sys
F7BD4000 - \SystemRoot\System32\drivers\vga.sys
F7D26000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F7D28000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F7BDC000 - \SystemRoot\System32\Drivers\Msfs.SYS
F7BEC000 - \SystemRoot\System32\Drivers\Npfs.SYS
F7CE0000 - \SystemRoot\system32\DRIVERS\rasacd.sys
F54E1000 - \SystemRoot\system32\DRIVERS\ipsec.sys
F5489000 - \SystemRoot\system32\DRIVERS\tcpip.sys
F79A4000 - \SystemRoot\System32\Drivers\aswTdi.SYS
F5461000 - \SystemRoot\system32\DRIVERS\netbt.sys
F543F000 - \SystemRoot\System32\drivers\afd.sys
F79B4000 - \SystemRoot\system32\DRIVERS\netbios.sys
F7A8C000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys
F5413000 - \SystemRoot\system32\DRIVERS\rdbss.sys
F7E56000 - \SystemRoot\System32\Drivers\PQNTDrv.SYS
F79C4000 - \??\C:\WINDOWS\system32\drivers\oreans32.sys
F7A94000 - \systemroot\system32\drivers\Ndisprot.sys
F537C000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
F79D4000 - \SystemRoot\System32\Drivers\Fips.SYS
F535B000 - \SystemRoot\system32\DRIVERS\ipnat.sys
F79E4000 - \SystemRoot\system32\DRIVERS\wanarp.sys
F534A000 - \SystemRoot\system32\DRIVERS\avipbb.sys
F7D2E000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
F532A000 - \SystemRoot\System32\Drivers\aswSP.SYS
F7AA4000 - \SystemRoot\System32\Drivers\Aavmker4.SYS
F5307000 - \SystemRoot\System32\Drivers\Fastfat.SYS
F78F4000 - \SystemRoot\System32\Drivers\dump_ViPrt.sys
BF800000 - \SystemRoot\System32\win32k.sys
F7ABC000 - \SystemRoot\System32\watchdog.sys
F65DF000 - \SystemRoot\System32\drivers\Dxapi.sys
BF000000 - \SystemRoot\System32\drivers\dxg.sys
F7EB4000 - \SystemRoot\System32\drivers\dxgthk.sys
BF012000 - \SystemRoot\System32\S3gIGP.dll
BF0F1000 - \SystemRoot\System32\s3ginv.dll
F7B04000 - \SystemRoot\system32\DRIVERS\aswFsBlk.sys
F020F000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
F008D000 - \SystemRoot\System32\Drivers\aswMon2.SYS
EFE80000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
BFFA0000 - \SystemRoot\System32\ATMFD.DLL
EFAE8000 - \??\C:\WINDOWS\system32\drivers\Haspnt.sys
F7D96000 - \SystemRoot\System32\Drivers\ParVdm.SYS
EFC08000 - \SystemRoot\System32\Drivers\Cdfs.SYS
EF9E4000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
EFAE0000 - \SystemRoot\System32\Drivers\ElbyCDIO.sys
EF914000 - \??\C:\WINDOWS\system32\drivers\hardlock.sys
EF871000 - \SystemRoot\system32\DRIVERS\srv.sys
F52FF000 - \SystemRoot\System32\Drivers\aswRdr.SYS
EEBD9000 - \??\C:\WINDOWS\system32\9be3C.sys
F7DC8000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys
F7BCC000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS
Total number of drivers = 129
Liste des programmes installes
40 leçons pour parler anglais
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Illustrator 10
Adobe InDesign 2.0
Adobe Photoshop CS
Adobe Reader 8.1.2 - Français
Adobe SVG Viewer 3.0
Advanced RAR Password Recovery (remove only)
AIDA32 v3.93
Analyseur MSXML 6.0
Apache HTTP Server 2.0.55
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
avast! Antivirus
Avira AntiVir Personal - Free Antivirus
BitComet 1.06
Bonjour
Cimaware OfficeFIX 6
CloneCD
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Download Accelerator Plus (DAP)
Download Direct
eMule
Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français)
FinePrint
Free Download Manager 2.5
GetDataBack for FAT
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Hamachi 1.0.3.0
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hyper File : INFO-DT01
Hyper File Manager
iTunes
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 7
JDownloader 0.3.342 Rus
jetAudio Basic
Launcher 5
Malwarebytes' Anti-Malware
Micro Application - Dictionnaires Complets Anglais-Français
Microsoft .NET Compact Framework 1.0 SP3 Developer
Microsoft .NET Compact Framework 2.0
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Language Pack - FRA
Microsoft Device Emulator version 1.0 - FRA
Microsoft Document Explorer 2005
Microsoft Document Explorer 2005
Microsoft Document Explorer 2005 Language Pack - FRA
Microsoft Office Professional Edition 2003
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Mobile [FRA] Developer Tools
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server 7.0
Microsoft SQL Server Native Client
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2005 Team Edition for Software Developers - FRA
Microsoft Visual Studio 2005 Team Edition for Software Developers - FRA
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft VM for Java
Microsoft Web Publishing Wizard 1.53
Microsoft XML Parser
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
Module de prise en charge linguistique de Microsoft Document Explorer 2005 - FRA
Mozilla Firefox (3.0.4)
MpcStar 3.3
Nero 8 Essentials
neroxml
Pack Vista Inspirat 2 1.0
PartitionMagic
PDFCreator
PDFCreator Toolbar
pdfFactory Pro
Platform
PowerQuest PartitionMagic 8.0
PS Tray Factory 2.52
QuickTime
Radmin Server 3.1
RAR Password Recovery v1.1 RC16 (remove only)
RealPlayer
Realtek AC'97 Audio
Realtek High Definition Audio Driver
Skype™ 3.8
Software Informer 1.0 BETA
SuperCopier2
TuneUp Utilities 2008
VIA Display Driver 6.14.10.0099
VIA Gestionnaire de périphériques de plate-forme
VIA Rhine-Family Fast-Ethernet Adapter
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
WinRAR archiver
WinZip
XAMPP 1.6.5
Yahoo! Messenger
Yahoo! Toolbar
Le volume dans le lecteur C s'appelle System
Le numéro de série du volume est CCEB-9A07
Répertoire de C:\Program Files
05/12/2008 14:17 <REP> .
05/12/2008 14:17 <REP> ..
07/11/2008 11:08 <REP> Adobe
14/11/2008 13:44 <REP> AIDA32 - Personal System Information
07/11/2008 08:19 <REP> Alcohol Soft
06/11/2008 14:58 <REP> Alwil Software
10/11/2008 09:51 <REP> Apache Group
07/11/2008 08:44 <REP> Apple Software Update
14/11/2008 14:39 <REP> AskTBar
06/11/2008 15:00 <REP> Avira
14/11/2008 14:26 <REP> AvRack
03/12/2008 12:34 <REP> BitComet
04/12/2008 12:43 <REP> BitComet Acceleration Patch
04/12/2008 11:49 <REP> Bonjour
26/11/2008 13:22 <REP> CC Hyper File
14/11/2008 08:07 <REP> CE Remote Tools
17/11/2008 10:03 <REP> Cimaware
06/11/2008 15:21 <REP> ComPlus Applications
06/11/2008 14:57 <REP> DAP
14/11/2008 15:04 <REP> DivX
21/11/2008 09:19 <REP> Download Direct
12/11/2008 12:49 <REP> ElcomSoft
08/12/2008 07:37 <REP> eMule
19/11/2008 15:38 <REP> Fichiers communs
06/11/2008 14:53 <REP> Free Download Manager
06/11/2008 14:54 <REP> Google
06/11/2008 14:45 <REP> Hamachi
17/11/2008 12:49 <REP> HAVAS Poche
14/11/2008 08:15 <REP> HTML Help Workshop
12/11/2008 08:57 <REP> Intelore
07/11/2008 13:09 <REP> Internet Explorer
07/11/2008 08:46 <REP> iPod
07/11/2008 08:46 <REP> iTunes
24/11/2008 15:01 <REP> Java
03/12/2008 13:53 <REP> JDownloader
26/11/2008 14:24 <REP> JetAudio
18/11/2008 11:25 <REP> Launcher
21/11/2008 11:37 <REP> Malwarebytes' Anti-Malware
06/11/2008 13:28 <REP> Messenger
03/12/2008 11:17 <REP> Micro Application
14/11/2008 08:22 <REP> Microsoft Device Emulator
18/11/2008 13:44 <REP> Microsoft Office
14/11/2008 08:37 <REP> Microsoft SQL Server
14/11/2008 08:22 <REP> Microsoft SQL Server 2005 Mobile Edition
06/11/2008 15:12 <REP> Microsoft Visual Studio
18/11/2008 09:52 <REP> Microsoft Visual Studio 8
18/11/2008 13:44 <REP> Microsoft Works
14/11/2008 08:33 <REP> Microsoft.NET
06/11/2008 14:14 <REP> Morefun
06/11/2008 13:29 <REP> Movie Maker
08/12/2008 08:02 <REP> Mozilla Firefox
03/12/2008 12:32 <REP> MpcStar
18/11/2008 09:52 <REP> MSBuild
06/11/2008 13:27 <REP> MSN
06/11/2008 13:27 <REP> MSN Gaming Zone
14/11/2008 14:53 <REP> Nero
14/11/2008 14:59 <REP> NeroInstall.bak
06/11/2008 13:29 <REP> NetMeeting
19/11/2008 12:58 <REP> New_Badge
06/11/2008 13:29 <REP> Outlook Express
06/11/2008 14:19 <REP> PDFCreator
06/11/2008 14:19 <REP> PDFCreator Toolbar
06/11/2008 14:02 <REP> PowerQuest
05/12/2008 09:17 <REP> PS Tray Factory
03/12/2008 12:31 <REP> QuickTime
11/11/2008 07:57 <REP> Rapidown
07/11/2008 08:57 <REP> Real
14/11/2008 13:52 <REP> Realtek
14/11/2008 14:26 <REP> Realtek AC97
14/11/2008 14:26 <REP> Realtek Sound Manager
14/11/2008 08:18 <REP> Runtime Software
06/11/2008 13:42 <REP> S3
06/11/2008 13:30 <REP> Services en ligne
07/11/2008 08:29 <REP> SlySoft
06/11/2008 14:52 <REP> Software Informer
10/11/2008 12:45 <REP> SuperCopier2
28/11/2008 14:57 <REP> Tache Calendrier
19/11/2008 15:40 <REP> TuneUp Utilities 2008
06/11/2008 13:39 <REP> VIA
06/11/2008 15:12 <REP> Web Publish
06/11/2008 15:33 <REP> win'design
14/11/2008 14:52 <REP> Windows Media Player
06/11/2008 13:27 <REP> Windows NT
06/11/2008 13:53 <REP> WinRAR
06/11/2008 13:55 <REP> WinZip
11/11/2008 11:43 <REP> Yahoo!
0 fichier(s) 0 octets
86 Rép(s) 51 593 248 768 octets libres
Le volume dans le lecteur C s'appelle System
Le numéro de série du volume est CCEB-9A07
Répertoire de C:\Program Files\fichiers communs
19/11/2008 15:38 <REP> .
19/11/2008 15:38 <REP> ..
07/11/2008 11:09 <REP> Adobe
07/11/2008 10:29 <REP> Adobe Systems Shared
07/11/2008 08:44 <REP> Apple
14/11/2008 08:08 <REP> Business Objects
07/11/2008 08:48 <REP> COWON
06/11/2008 15:12 <REP> DESIGNER
07/11/2008 11:06 <REP> InstallShield
07/11/2008 08:33 <REP> Java
06/11/2008 15:29 <REP> Jetstream Shared
14/11/2008 08:15 <REP> Merge Modules
18/11/2008 13:45 <REP> Microsoft Shared
06/11/2008 13:29 <REP> MSSoap
14/11/2008 14:56 <REP> Nero
06/11/2008 16:22 <REP> ODBC
10/11/2008 09:12 <REP> PC SOFT
07/11/2008 08:57 <REP> Real
06/11/2008 13:29 <REP> Services
14/11/2008 11:24 <REP> Skype
06/11/2008 16:22 <REP> SpeechEngines
18/11/2008 13:30 <REP> System
19/11/2008 15:38 <REP> Wise Installation Wizard
07/11/2008 08:57 <REP> xing shared
0 fichier(s) 0 octets
24 Rép(s) 51 593 248 768 octets libres
Le volume dans le lecteur C s'appelle System
Le numéro de série du volume est CCEB-9A07
Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders
17/11/2008 11:15 <REP> .
17/11/2008 11:15 <REP> ..
17/11/2008 08:04 <REP> 1033
17/11/2008 11:22 <REP> 1036
26/10/2006 19:49 970 528 MSONSEXT.DLL
26/10/2006 20:12 40 256 MSOSV.DLL
03/06/1999 12:09 122 937 MSOWS409.DLL
07/03/2001 07:00 127 033 MSOWS40c.DLL
11/07/2003 02:25 80 448 PKMWS.DLL
5 fichier(s) 1 341 202 octets
4 Rép(s) 51 593 248 768 octets libres
Attention : C:\autorun.inf existe
[autorun]
;vsognbpvsgjpfkawbejqsvclirlydtjbwozorpnbqeyvmwtlphoiybuufredsahzcxpukuuljeccbtrfbrtxcyhqrlkrfpillo
shellexecute="resycled\boot.com c:"
;dodaeiqzrsvutlokhpsubmeaksqorckixmxuugnjjolawnarboknyxzkzsrrtlytc
shell\Open\command="resycled\boot.com
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\MailWasher.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
c:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\d3zu002d.default\FlashGot.exe
c:\Documents and Settings\Administrateur\Bureau\Scanner.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\catchme.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\diff.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\dumphive.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\find2.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\Fport.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\grep.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\gzip.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\LFiles.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\md5sums.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\pslist.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\sigcheck.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\streams.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\swreg.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\tar.exe
c:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.234\Rootkit_Detective.exe
c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.7.1.11\SetupAdmin.exe
c:\Documents and Settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
c:\WinDev 11\Composants\Composants exemples\WD DerniersDocuments\WD DerniersDocuments - Exemple\Exe\WD DerniersDocuments - Exemple.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Services Windows Live\Services Windows Live.dll
c:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\d3zu002d.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4917baed\ave2\aecore.dll
c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4917baed\ave2\aegen.dll
c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4917baed\ave2\aehelp.dll
c:\Documents and Settings\All Users\Application Data\Nero\DrWeb\Drweb32.dll
c:\Documents and Settings\All Users\Application Data\SpeedBit\DAP\Updates\Condition.dll
****** Fin du rapport DiagHelp
Configuration: Windows XP Firefox 3.0.4
