Gildas Ar Breizh

Impeccable MERCI et bonne journée Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:49, on 04/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\VisualTaskTips\VisualTaskTips.exe C:\Program Files\Taskix\Taskix32.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Notebook Hardware Control\nhc.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\HPQ\shared\hpqwmi.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [VisualTaskTips] "C:\Program Files\VisualTaskTips\VisualTaskTips.exe" O4 - HKLM\..\Run: [Vistadrv] C:\Program Files\VistaDriveStatus\vsdrv.exe O4 - HKLM\..\Run: [Taskix] C:\Program Files\Taskix\Taskix32.exe start O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 4953 bytes

MERCI Le double clic me le rouvre en bloc-note

Bonjour, J'aimerai effacer ceci: O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (eventuellement faisable avec "Starter") et ceci: O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe PROPREMENT svp merci Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:26, on 04/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\VisualTaskTips\VisualTaskTips.exe C:\Program Files\Taskix\Taskix32.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Notebook Hardware Control\nhc.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\HPQ\shared\hpqwmi.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [VisualTaskTips] "C:\Program Files\VisualTaskTips\VisualTaskTips.exe" O4 - HKLM\..\Run: [Vistadrv] C:\Program Files\VistaDriveStatus\vsdrv.exe O4 - HKLM\..\Run: [Taskix] C:\Program Files\Taskix\Taskix32.exe start O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 5203 bytes

Effectivement les logiciels de P2P ralentissent le demarrage, d'autant que souvent ils modifient la taille du cache La messagerie au demarrage est egalement une source de ralentissement (est-elle utile au demarrage, ne vaut-il pas mieu attendre que l'anti-virus soit en route) Consomme beaucoup de ram: D:\PROGRA~1\SPYBOT~1\SDHelper.dll En 512Mo, je me le permet pas (as-tu assez de ram ?) D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe S'il monte un lecteur virtuel au demarrage cela augmente cette procedure La plupart de tes programmes sont sur "D:\" ! Si le ralentissement est soudain: http://www.zebulon.fr/astuces/130-windows-...ement-lent.html

MERCI Mais n'y a-t-il pas des logiciels genre "Zeb-Protect", qui permettrai de les fermés en un clic (surtout afin de ne pas se tromper)

MERCI C'était deja fait HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug Effacé, mais toujours present dans CCleaner "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Dr Watson\user.dmp 70,03KB" "user.dmp 70,03KB" Effacé avec Shredder ; ok La ligne n'est plus MERCI pour tout

Bonsoir, Petite precition le processeur est de 3Ghz Sinon oui, il m'est vendu avec licence (d'entreprise), plus CD original Ma question etait surtout que faire avant d'allez sur le net prendre les MAJ (bloquer certain port, avec quel logiciel,etc...) Et que faire une fois en ligne

MERCI Effectivement je voulais dire "envahi" Ca marche correctement, Si ce n'est que je suis ralenti, vu que les manipulations effectuées ont fragmenté mon DD, mais cela reviendra J'ai omis de copier le rapport et ai fait "supprimé" directement Il y avait ~7 lignes dont 3 pour HJT 6 mois, quand meme, que je cherche sur la toile qu'elle etait cette entrée sans resultat Je ne serai jamais d'ou elle venait Maintenant quelle est effacé je peux demarrer en (msonfig) mode normal sans etre envahi de pub et d'alertes tentatives d'intrutions Pourquoi ai-je tout le temps cette ligne dans CCleaner ? "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Dr Watson\user.dmp 70,03KB" Est-ce normal ? Elle est toujours de la meme taille OK pour msn J'ignorai qu'il fallait le faire pour chaque compte en etant connecté Que dois-je faire au sujet de la console de recuperation que j'ai desormais au demarage (je l'ai créer suvant le modele du tuto de "ComboFix" Et encore MERCI

BONJOUR, J'ai commandé un nouveau PC UC Win XP Pro SP2 1Go PC3200 carte video X1950 Pro ecran 17" Hyundai Il a 2 ans c'est une occasion de cybercafé Il me sera livré le 10 mars entierement reformaté J'aurai voulu savoir quel sont les premieres manipulations a effectuer dessus Quel anti-virus et autres me conseilleriez vous en gratuit ou a l'essai

Mon lecteur "C:\" commence a etre envi, que faut il enlever ? http://img504.imageshack.us/my.php?image=2...02181745ts1.jpg

ok l'entrée a disparu CFScript effectuer en mode diagnostique (le fichier txt a disparu de mon bureau lorsque je l'ai glisser sur ComboFix) ComboFix 08-03-01.3 - Jerome 2008-03-02 17:17:48.3 - NTFSx86 Endroit: C:\Documents and Settings\Jerome.JEROME-69F6ED99\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Jerome.JEROME-69F6ED99\Bureau\CFScript.txt FILE :: C:\WINDOWS0001_.tmp . ((((((((((((((((((((((((((((( Fichiers créés 2008-02-02 to 2008-03-02 )))))))))))))))))))))))))))))))))))) . 2008-03-02 16:21 . 2008-03-02 16:21 <REP> d-------- C:\WINDOWS\ERUNT 2008-03-02 16:12 . 2008-03-02 16:50 <REP> d-------- C:\SDFix 2008-03-02 16:05 . 2008-03-02 16:10 <REP> d-------- C:\Lop SD 2008-03-02 14:16 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-03-02 13:44 . 2008-03-02 13:44 9,191,818 --a------ C:\upload_moi_JEROME.tar.gz 2008-03-02 01:27 . 2008-03-02 01:27 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-03-02 01:27 . 2008-03-02 01:27 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab 2008-02-29 16:14 . 2008-02-29 16:14 <REP> d-------- C:\Program Files\Teamspeak2_RC2 2008-02-29 16:09 . 2008-02-29 16:09 <REP> d-------- C:\Program Files\GUILD WARS 2008-02-29 15:51 . 2008-03-01 22:50 <REP> d-------- C:\Program Files\AIDA32 - Personal System Information 2008-02-28 17:18 . 2008-02-28 17:19 <REP> d-------- C:\Program Files\Windows Live Safety Center 2008-02-28 02:20 . 2008-02-28 02:20 161 --a------ C:\WINDOWS\MyDrivers.ini 2008-02-26 01:45 . 2008-02-26 01:45 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\Nero 2008-02-26 01:39 . 2008-02-28 02:22 <REP> d-------- C:\Program Files\Nero 2008-02-26 01:39 . 2008-02-26 01:43 <REP> d-------- C:\Program Files\Fichiers communs\Nero 2008-02-26 01:39 . 2008-02-26 01:39 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero 2008-02-25 23:33 . 2008-02-25 23:33 <REP> d-------- C:\Program Files\ESET 2008-02-25 22:46 . 2008-02-25 23:02 125 --a------ C:\ioSpecial.ini 2008-02-25 22:03 . 2008-02-29 20:16 <REP> d-------- C:\Program Files\ma-config.com 2008-02-25 22:01 . 2008-02-25 22:01 <REP> d--h----- C:\WINDOWS\PIF 2008-02-25 17:18 . 2008-02-25 17:18 51 --a------ C:\WINDOWS\pccillin.ini 2008-02-25 14:38 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg 2008-02-25 12:04 . 2008-02-25 15:14 81,984 --a------ C:\WINDOWS\system32\bdod.bin 2008-02-25 11:36 . 2008-02-25 17:28 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Trend Micro 2008-02-25 10:54 . 2008-02-25 10:54 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\FastStone 2008-02-25 10:51 . 2008-02-25 10:51 <REP> d-------- C:\Program Files\Virtual CDRom 2008-02-25 10:51 . 2008-02-28 21:47 <REP> d-------- C:\Program Files\IrfanView 2008-02-25 10:51 . 2008-02-25 10:51 <REP> d-------- C:\Program Files\FastStone Capture 2008-02-25 10:51 . 2008-02-25 10:51 39,859 --a------ C:\WINDOWS\system32\UnIfs.exe 2008-02-25 10:41 . 2008-02-25 10:41 <REP> d-------- C:\Program Files\WinRoll 2008-02-25 10:41 . 2008-02-25 10:41 <REP> d-------- C:\Program Files\VisualTaskTips 2008-02-25 10:41 . 2008-02-25 10:48 <REP> d-------- C:\Program Files\VistaDriveStatus 2008-02-25 10:41 . 2008-02-25 10:41 <REP> d-------- C:\Program Files\TransBar 2008-02-25 10:41 . 2008-02-25 10:41 <REP> d-------- C:\Program Files\Taskix 2008-02-25 10:41 . 2008-02-25 10:41 <REP> d-------- C:\Program Files\LClock 2008-02-25 09:47 . 2008-02-25 09:47 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\ESET 2008-02-25 09:39 . 2008-02-25 09:39 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET 2008-02-25 07:57 . 2008-02-25 07:57 <REP> d-------- C:\Program Files\PowerQuest 2008-02-24 09:02 . 2008-02-24 09:02 36 --a------ C:\WINDOWS\DaemonPlugin.INI 2008-02-24 08:46 . 2008-02-25 10:41 <REP> d-------- C:\Program Files\WTInstaller 2008-02-24 06:24 . 2008-02-24 06:24 <REP> d-------- C:\Program Files\DAEMON Tools 2008-02-24 06:20 . 2008-02-24 09:02 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\DAEMON Tools 2008-02-24 06:14 . 2008-02-24 06:14 <REP> d-------- C:\WINDOWS\system32\dumps 2008-02-24 03:52 . 2008-02-24 03:52 3,934 --a------ C:\WINDOWS\Ascd_tmp.ini 2008-02-24 03:51 . 2000-03-29 15:17 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS 2008-02-23 17:24 . 2008-02-24 02:55 249,856 --------- C:\WINDOWS\Setup1.exe 2008-02-23 17:24 . 2008-02-24 02:55 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2008-02-23 09:26 . 2008-02-25 22:45 <REP> d-------- C:\Downloads 2008-02-23 08:55 . 2008-02-23 08:55 32 --a------ C:\WINDOWS\go 2008-02-23 07:00 . 2008-02-23 07:00 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\DAEMON Tools Pro 2008-02-23 07:00 . 2008-02-23 07:00 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\DAEMON Tools Pro 2008-02-23 05:50 . 2008-02-23 05:51 <REP> d--h----- C:\WINDOWS\msdownld.tmp 2008-02-23 05:50 . 2008-02-25 11:05 <REP> d-------- C:\Program Files\Google 2008-02-22 12:55 . 2008-02-22 12:55 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-02-22 12:54 . 2008-02-22 12:54 <REP> d-------- C:\Program Files\Windows Live 2008-02-22 12:53 . 2008-02-22 12:53 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller 2008-02-21 02:15 . 2008-02-21 02:15 <REP> d-------- C:\Program Files\Microsoft Works 2008-02-21 02:12 . 2008-02-21 02:12 <REP> d-------- C:\Program Files\Microsoft.NET 2008-02-21 02:09 . 2008-02-21 02:09 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8 2008-02-21 02:07 . 2008-02-21 02:14 <REP> d-------- C:\WINDOWS\SHELLNEW 2008-02-21 02:04 . 2008-03-02 00:16 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help 2008-02-21 02:03 . 2008-02-21 02:03 <REP> dr-h----- C:\MSOCache 2008-02-20 08:14 . 2008-02-20 08:14 <REP> d-------- C:\WINDOWS\ServicePackFiles 2008-02-20 08:10 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\000001_.tmp 2008-02-20 06:41 . 2008-02-25 13:59 <REP> d-------- C:\WINDOWS\SxsCaPendDel 2008-02-20 03:52 . 2008-02-20 03:52 268 --ah----- C:\sqmdata08.sqm 2008-02-20 03:52 . 2008-02-20 03:52 244 --ah----- C:\sqmnoopt08.sqm 2008-02-20 02:54 . 2008-02-20 02:54 268 --ah----- C:\sqmdata07.sqm 2008-02-20 02:54 . 2008-02-20 02:54 244 --ah----- C:\sqmnoopt07.sqm 2008-02-19 23:16 . 2008-02-19 23:16 268 --ah----- C:\sqmdata06.sqm 2008-02-19 23:16 . 2008-02-19 23:16 244 --ah----- C:\sqmnoopt06.sqm 2008-02-19 21:39 . 2008-02-25 10:21 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8 2008-02-18 13:25 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-02-18 13:25 . 2007-07-01 04:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-02-18 08:08 . 2008-02-18 08:08 44 --a------ C:\WINDOWS\SMWizard.INI 2008-02-18 07:36 . 2008-02-18 19:03 <REP> d-------- C:\Program Files\Free Download Manager 2008-02-18 07:36 . 2008-02-25 23:23 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\Free Download Manager 2008-02-18 07:36 . 2008-02-18 07:36 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\FreeDownloadManager.ORG 2008-02-17 11:11 . 2008-02-17 11:11 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\SmartFTP 2008-02-16 14:04 . 2008-02-16 14:04 754 --a------ C:\WINDOWS\WORDPAD.INI 2008-02-16 09:16 . 2008-02-25 15:41 121 --a------ C:\WINDOWS\bdagent.INI 2008-02-16 08:14 . 2008-02-16 08:14 <REP> d-------- C:\Documents and Settings\LocalService.AUTORITE NT\Menu Démarrer 2008-02-16 06:56 . 2008-02-16 06:56 <REP> d--hs---- C:\Diskeeper 2008-02-16 06:01 . 2008-03-01 18:51 <REP> d-------- C:\WINDOWS\BDOSCAN8 2008-02-16 01:29 . 2008-02-19 21:23 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira 2008-02-15 16:52 . 2008-02-15 16:52 <REP> d-------- C:\Program Files\Diskeeper Corporation 2008-02-15 16:52 . 2008-02-15 16:52 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Diskeeper Corporation 2008-02-14 20:37 . 2008-02-25 16:55 <REP> d-------- C:\Program Files\Trend Micro 2008-02-14 02:28 . 2008-02-14 02:31 679 --a------ C:\WINDOWS\wininit.ini 2008-02-13 20:40 . 2008-02-16 08:46 <REP> d-------- C:\MFT 2503 2008-02-13 07:50 . 2008-02-13 07:50 <REP> d-------- C:\Documents and Settings\Administrateur.JEROME\Application Data\TuneUp Software 2008-02-13 05:31 . 2008-02-13 05:31 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-02-13 05:31 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-02-13 05:30 . 2008-02-15 15:44 <REP> d-------- C:\Program Files\TuneUp Utilities 2008 2008-02-13 03:10 . 2008-02-13 03:10 <REP> d-------- C:\WINDOWS\IconsInUse 2008-02-13 02:38 . 2008-02-13 02:42 <REP> d-------- C:\Program Files\HDGraph 2008-02-08 17:14 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-02-08 17:14 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-02-05 18:54 . 2008-02-05 18:56 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft 2008-02-05 18:25 . 2008-02-25 11:12 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-02 15:56 22,528 -c--a-w C:\WINDOWS\system32\drivers\nhcDriver.sys 2008-03-02 13:16 --------- d-----w C:\Program Files\Java 2008-03-02 12:20 --------- d-----w C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\utorrent 2008-02-25 21:04 --------- d-----w C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\ma-config.com 2008-02-25 20:59 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-25 19:03 --------- d-----w C:\Program Files\WinamaxPoker 2008-02-25 17:06 --------- d-----w C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\Microgaming 2008-02-25 09:48 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-02-25 04:55 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer 2008-02-25 00:22 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP 2008-02-25 00:22 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2008-02-24 05:12 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-02-23 02:51 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-02-21 01:14 --------- d-----w C:\Program Files\MSBuild 2008-02-18 12:32 --------- d-----w C:\Program Files\MSECache 2008-02-16 03:02 --------- d-----w C:\Program Files\MSN Messenger 2008-02-13 04:31 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software 2008-02-01 08:50 245,760 ----a-w C:\WINDOWS\system32\JkDefragScreenSaver.exe 2008-02-01 08:50 110,592 ----a-w C:\WINDOWS\system32\JkDefragScreenSaver.scr 2008-01-30 11:38 71,176 ----a-w C:\WINDOWS\system32\drivers\epfw.sys 2008-01-30 11:38 54,280 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys 2008-01-30 11:38 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys 2008-01-30 11:35 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys 2008-01-30 11:35 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys 2008-01-15 19:47 --------- d-----w C:\Documents and Settings\Administrateur.JEROME\Application Data\Lavasoft 2008-01-10 17:29 --------- d-----w C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\Samsung 2008-01-07 03:00 --------- d-----w C:\Program Files\UltraStar 2008-01-07 00:13 --------- d-----w C:\Program Files\Winamp 2007-12-13 18:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-06 13:05 108,144 -c--a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2007-12-04 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe 2007-12-03 17:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll 2006-12-02 14:25 853 -c--a-w C:\Documents and Settings\Jerome.JEROME-69F6ED99\reboot.cmd 2007-11-25 00:00 80 -csh--r C:\WINDOWS\system32\F29DB264E0.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2004-08-19 16:10 160768] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 0 (0x0) "NoResolveSearch"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSimpleStartMenu"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] --a--c--- 2005-02-08 17:38 159744 C:\Program Files\Apoint2K\Apoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-19 16:09 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui] --a------ 2008-01-30 12:37 1443072 C:\Program Files\ESET\ESET Smart Security\egui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] --a------ 2005-04-11 15:21 794624 C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NotebookHardwareControl] --a------ 2007-05-04 01:33 2629632 C:\Program Files\Notebook Hardware Control\nhc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] --a--c--- 2004-10-14 08:11 1388544 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Taskix] --a------ 2007-01-25 21:33 65536 C:\Program Files\Taskix\Taskix32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TransBar] --a------ 2005-06-01 20:41 65536 C:\Program Files\TransBar\TransBar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vistadrv] --a------ 2006-07-30 02:37 121089 C:\Program Files\VistaDriveStatus\vsdrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTaskTips] --a------ 2007-09-05 18:20 36352 C:\Program Files\VisualTaskTips\VisualTaskTips.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "avast! Web Scanner"=3 (0x3) "avast! Mail Scanner"=3 (0x3) "avast! Antivirus"=2 (0x2) "aswUpdSv"=2 (0x2) "xmlprov"=3 (0x3) "WZCSVC"=2 (0x2) "WudfSvc"=2 (0x2) "wuauserv"=2 (0x2) "wscsvc"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "WmiApSrv"=3 (0x3) "WmdmPmSN"=3 (0x3) "WLSetupSvc"=3 (0x3) "winmgmt"=2 (0x2) "WebClient"=2 (0x2) "W32Time"=2 (0x2) "VSS"=3 (0x3) "UxTuneUp"=2 (0x2) "usnjsvc"=3 (0x3) "UPS"=3 (0x3) "TuneUp.Defrag"=3 (0x3) "TrkWks"=2 (0x2) "Themes"=2 (0x2) "TapiSrv"=3 (0x3) "SysmonLog"=3 (0x3) "SwPrv"=3 (0x3) "srservice"=2 (0x2) "SoundMAX Agent Service (default)"=2 (0x2) "ShellHWDetection"=2 (0x2) "SharedAccess"=2 (0x2) "Schedule"=2 (0x2) "SCardSvr"=3 (0x3) "SamSs"=2 (0x2) "RSVP"=3 (0x3) "RDSessMgr"=3 (0x3) "RasMan"=3 (0x3) "RasAuto"=3 (0x3) "ProtectedStorage"=2 (0x2) "PolicyAgent"=2 (0x2) "PlugPlay"=2 (0x2) "ose"=3 (0x3) "odserv"=3 (0x3) "NtmsSvc"=3 (0x3) "NtLmSsp"=3 (0x3) "Nla"=3 (0x3) "Netman"=3 (0x3) "Netlogon"=3 (0x3) "Nero BackItUp Scheduler 3"=2 (0x2) "MSIServer"=3 (0x3) "MSDTC"=3 (0x3) "mnmsrvc"=3 (0x3) "lanmanworkstation"=2 (0x2) "lanmanserver"=2 (0x2) "iPod Service"=3 (0x3) "ImapiService"=3 (0x3) "idsvc"=3 (0x3) "HTTPFilter"=3 (0x3) "hpqwmi"=3 (0x3) "helpsvc"=2 (0x2) "gusvc"=3 (0x3) "FontCache3.0.0.0"=3 (0x3) "Eventlog"=2 (0x2) "ERSvc"=2 (0x2) "ekrn"=2 (0x2) "EhttpSrv"=3 (0x3) "Dnscache"=2 (0x2) "dmserver"=3 (0x3) "dmadmin"=3 (0x3) "Diskeeper"=2 (0x2) "Dhcp"=2 (0x2) "CryptSvc"=3 (0x3) "clr_optimization_v2.0.50727_32"=2 (0x2) "ClipSrv"=3 (0x3) "CiSvc"=3 (0x3) "Browser"=3 (0x3) "BITS"=2 (0x2) "AudioSrv"=2 (0x2) "aspnet_state"=3 (0x3) "AppMgmt"=3 (0x3) "ALG"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efe338e7-7653-11dc-a2d1-000ae4d4acb8}] \Shell\AutoRun\command - E:\TOTALCMD\TOTALCMD.EXE \Shell\read\command - notepad.exe autorun.inf \Shell\start\command - E:\TOTALCMD\TOTALCMD.EXE \Shell\start1\command - siw\siw.exe \Shell\start2\command - PowerMenu_150_FR\PowerMenu.exe \Shell\start3\command - E:\_Divers\procexp.exe \Shell\start4\command - hijackthis\HijackThis.exe \Shell\start5\command - CCTASK\CCTASK.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-02 17:20:07 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-03-02 17:21:25 ComboFix-quarantined-files.txt 2008-03-02 16:21:08 ComboFix2.txt 2008-03-02 15:02:09 ComboFix3.txt 2008-03-02 14:29:52 . 2008-03-01 23:18:17 --- E O F ---

Pas sur qu'il est fonctionné car planté 2 fois a cause de la chauffe Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-02 16:47:25 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:41,84,3f,a3,d9,93,21,81,9d,ca,66,72,d5,ac,f0,54,c6,80,9a,7b,3c,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001] "a0"=hex:20,01,00,00,cf,17,f3,42,b4,89,30,9c,23,c5,a3,fa,31,45,d8,89,11,.. "khjeh"=hex:ce,12,28,34,24,1e,3a,50,5f,44,61,cf,e9,cd,97,e9,30,5a,22,cd,ab,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf40] "khjeh"=hex:07,1b,cc,37,a0,ea,ea,89,98,3c,c5,a5,66,cc,56,b4,5a,51,f2,b2,9b,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf41] "khjeh"=hex:6c,55,dc,40,34,f2,f3,80,83,c2,21,b2,98,4d,e6,17,85,6d,f0,22,16,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC] "p0"="C:\Program Files\DAEMON Tools Pro\" "h0"=dword:00000001 "hdf12"=hex:9e,5c,87,85,62,f7,8b,a6,11,84,2a,5a,80,99,43,e9,9a,5f,e6,8e,13,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC000001] "a0"=hex:20,01,00,00,90,f4,6d,32,6e,75,af,16,08,e8,a6,34,44,d1,1f,75,c6,.. "hdf12"=hex:8c,5b,a4,ca,b6,22,1b,9a,53,d3,ab,bb,36,97,20,4c,b9,0c,e9,bd,23,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC000001\gdq0] "hdf12"=hex:9a,1d,54,b7,56,90,59,2b,02,02,30,a6,41,05,cd,03,68,f7,8f,fe,15,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:39,4d,40,db,c4,d8,25,fa,f8,68,a4,79,e0,05,1f,89,90,43,dd,df,44,.. "p0"="C:\Program Files\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001] "khjeh"=hex:a6,94,ea,0f,ec,c5,a5,cf,2f,8e,1c,cf,09,3d,80,d8,b4,e9,b8,d7,1a,.. "a0"=hex:20,01,00,00,8c,d9,67,3d,3d,fa,2b,38,ac,45,53,d5,90,cf,da,3c,82,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf40] "khjeh"=hex:03,1a,b1,99,1c,51,36,85,9f,77,b2,5a,2a,53,44,59,30,98,27,75,f2,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf41] "khjeh"=hex:6c,55,dc,40,34,f2,f3,80,83,c2,21,b2,98,4d,e6,17,85,6d,f0,22,16,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC] "p0"="C:\Program Files\DAEMON Tools Pro\" "h0"=dword:00000001 "hdf12"=hex:9e,5c,87,85,62,f7,8b,a6,11,84,2a,5a,80,99,43,e9,9a,5f,e6,8e,13,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC000001] "a0"=hex:20,01,00,00,90,f4,6d,32,6e,75,af,16,08,e8,a6,34,44,d1,1f,75,c6,.. "hdf12"=hex:8c,5b,a4,ca,b6,22,1b,9a,53,d3,ab,bb,36,97,20,4c,b9,0c,e9,bd,23,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC000001\gdq0] "hdf12"=hex:9a,1d,54,b7,56,90,59,2b,02,02,30,a6,41,05,cd,03,68,f7,8f,fe,15,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:39,4d,40,db,c4,d8,25,fa,f8,68,a4,79,e0,05,1f,89,90,43,dd,df,44,.. "p0"="C:\Program Files\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001] "khjeh"=hex:a6,94,ea,0f,ec,c5,a5,cf,2f,8e,1c,cf,09,3d,80,d8,b4,e9,b8,d7,1a,.. "a0"=hex:20,01,00,00,8c,d9,67,3d,3d,fa,2b,38,ac,45,53,d5,90,cf,da,3c,82,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf40] "khjeh"=hex:03,1a,b1,99,1c,51,36,85,9f,77,b2,5a,2a,53,44,59,30,98,27,75,f2,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf41] "khjeh"=hex:6c,55,dc,40,34,f2,f3,80,83,c2,21,b2,98,4d,e6,17,85,6d,f0,22,16,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:f7,8d,3d,56,c7,37,f4,47,be,34,54,37,d9,4f,6c,a9,1a,fa,fe,76,a6,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001] "a0"=hex:20,01,00,00,cf,17,f3,42,b4,89,30,9c,23,c5,a3,fa,31,45,d8,89,11,.. "khjeh"=hex:80,b5,65,1f,e2,03,d0,4d,9c,9e,60,a2,7f,1a,41,3a,9b,8a,ae,ba,18,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf40] "khjeh"=hex:4e,c1,4c,f4,34,74,0d,49,b6,c0,b8,b7,6b,de,c1,d1,7e,72,33,6e,8c,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf41] "khjeh"=hex:6c,55,dc,40,34,f2,f3,80,83,c2,21,b2,98,4d,e6,17,85,6d,f0,22,16,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files : Files with Hidden Attributes : Mon 7 Jan 2008 352 A..H. --- "C:\WINDOWS\nod32fixtemdono.reg" Thu 19 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe" Thu 19 Aug 2004 4,639 A.SH. --- "C:\Program Files\Windows Media Player\mplayer2.exe" Fri 3 Nov 2006 64,000 A.SH. --- "C:\Program Files\Windows Media Player\wmplayer.exe" Mon 24 Dec 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak" Fri 5 Oct 2007 348,160 A.SH. --- "C:\Documents and Settings\Jerome.JEROME-69F6ED99\Bureau\clef usb\msvcr71.dll" Mon 18 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4633c51c90c17af214c8eeab40b9fcf4\BITA.tmp" Wed 20 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f8ec741c57b58a534cd55e8f0ca69e79\BIT1.tmp" Finished!

scan en mode diagnostic option 2: -----------------------------[ Lop S&D 4.0.2 ]--------------------------- [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ] [ USER : Jerome ] [ "C:\Lop SD" ] [ 02/03/2008 | 16:09:20,96 ] [ PC : JEROME ] [ MAJ : 30-02-2008 | 00:12 ] //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ -------------[ Listing des dossiers dans Application Data ]------------ [08/12/2007|17:36] C:\DOCUME~1\Administrateur\APPLIC~1\. [08/12/2007|17:36] C:\DOCUME~1\Administrateur\APPLIC~1\.. [07/10/2007|19:49] C:\DOCUME~1\Administrateur\APPLIC~1\desktop.ini [07/10/2007|17:55] C:\DOCUME~1\Administrateur\APPLIC~1\Microsoft [08/12/2007|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\. [08/12/2007|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.. [07/10/2007|16:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini [07/10/2007|16:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [02/03/2008|01:27] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\. [02/03/2008|01:27] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\.. [16/02/2008|05:03] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\addr_file.html [20/02/2008|22:48] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Adobe [11/10/2007|16:27] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple [25/02/2008|05:55] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple Computer [25/02/2008|10:21] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\avg8 [19/02/2008|21:23] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Avira [23/02/2008|07:00] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\DAEMON Tools Pro [09/10/2007|13:16] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\desktop.ini [15/02/2008|16:52] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Diskeeper Corporation [25/02/2008|09:39] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\ESET [18/02/2008|07:36] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\FreeDownloadManager.ORG [23/02/2008|05:50] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Google [09/10/2007|12:18] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\hpqwmi [09/10/2007|12:09] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\InstallShield [02/03/2008|01:27] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Kaspersky Lab [22/01/2008|18:16] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\LauncherAccess.dt [05/02/2008|18:56] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Lavasoft [17/02/2008|17:44] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft [02/03/2008|00:16] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft Help [26/02/2008|01:39] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Nero [11/10/2007|16:37] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\751 QTSBandwidthCache [09/10/2007|12:02] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\QuickTime [25/02/2008|01:22] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy [25/02/2008|01:22] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\TEMP [25/02/2008|17:28] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Trend Micro [13/02/2008|05:31] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\TuneUp Software [09/10/2007|20:33] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Windows Genuine Advantage [22/02/2008|12:53] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\WLInstaller [08/12/2007|17:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\. [08/12/2007|17:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.. [07/10/2007|16:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini [07/10/2007|16:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [08/12/2007|17:36] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\. [08/12/2007|17:36] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\.. [09/10/2007|13:16] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\desktop.ini [09/10/2007|11:32] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\Microsoft [08/12/2007|17:36] C:\DOCUME~1\Jerome\APPLIC~1\. [08/12/2007|17:36] C:\DOCUME~1\Jerome\APPLIC~1\.. [07/10/2007|19:49] C:\DOCUME~1\Jerome\APPLIC~1\desktop.ini [07/10/2007|17:55] C:\DOCUME~1\Jerome\APPLIC~1\Microsoft [25/02/2008|14:57] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\. [25/02/2008|14:57] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\.. [20/02/2008|16:27] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Adobe [09/10/2007|12:03] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Apple Computer [18/11/2007|00:15] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Azureus [09/10/2007|19:41] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\BitTorrent [24/02/2008|09:02] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\DAEMON Tools [23/02/2008|07:00] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\DAEMON Tools Pro [09/10/2007|13:16] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\desktop.ini [25/11/2007|00:59] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\DivX [09/10/2007|19:41] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\dvdcss [25/02/2008|09:47] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\ESET [25/02/2008|10:54] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\FastStone [09/10/2007|19:41] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\FileZilla [25/02/2008|23:23] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Free Download Manager [11/10/2007|19:22] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Google [12/10/2007|14:27] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Help [09/10/2007|19:41] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Identities [09/10/2007|19:41] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\InterVideo [01/12/2007|01:23] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Lavasoft [06/12/2007|16:30] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Leadertech [08/12/2007|17:36] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\ma-config(2).com [25/02/2008|22:04] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\ma-config.com [09/10/2007|20:09] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Macromedia [10/11/2007|16:48] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Media Player Classic [25/02/2008|18:06] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Microgaming [21/02/2008|03:25] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Microsoft [26/02/2008|01:45] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Nero [11/10/2007|19:35] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\OpenArena [25/11/2007|05:27] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\PC Tools [10/01/2008|18:29] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Samsung [09/10/2007|19:41] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Shareaza [17/02/2008|11:11] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\SmartFTP [06/12/2007|16:31] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Sonic [10/11/2007|13:07] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Sun [09/10/2007|19:43] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\TaoUSign [25/12/2007|21:39] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\teamspeak2 [09/10/2007|19:43] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\temp [09/10/2007|19:43] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Thunderbird [17/11/2007|23:50] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\TuneUp Software [24/11/2007|19:23] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Uniblue [02/03/2008|13:20] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\utorrent [11/10/2007|16:07] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\vlc [11/10/2007|18:10] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Winamp [11/10/2007|16:44] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\WinRAR [08/12/2007|17:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\. [08/12/2007|17:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\.. [07/10/2007|17:55] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [19/02/2008|21:41] C:\DOCUME~1\LOCALS~1.AUT\APPLIC~1\. [19/02/2008|21:41] C:\DOCUME~1\LOCALS~1.AUT\APPLIC~1\.. [25/02/2008|10:17] C:\DOCUME~1\LOCALS~1.AUT\APPLIC~1\Microsoft [08/12/2007|17:36] C:\DOCUME~1\NETWOR~1\APPLIC~1\. [08/12/2007|17:36] C:\DOCUME~1\NETWOR~1\APPLIC~1\.. [07/10/2007|17:55] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [08/12/2007|17:36] C:\DOCUME~1\NETWOR~1.AUT\APPLIC~1\. [08/12/2007|17:36] C:\DOCUME~1\NETWOR~1.AUT\APPLIC~1\.. [25/02/2008|10:17] C:\DOCUME~1\NETWOR~1.AUT\APPLIC~1\Microsoft ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]--------------- [02/03/2008 15:55][--ah-c---] C:\WINDOWS\tasks\SA.DAT [05/08/2004 13:00][-r-h-c---] C:\WINDOWS\tasks\desktop.ini ---------------[ Listing des dossiers dans C:\Program Files ]-------------- [29/02/2008|16:14] C:\Program Files\. [29/02/2008|16:14] C:\Program Files\.. [07/10/2007|18:25] C:\Program Files\Adobe [01/03/2008|22:50] C:\Program Files\AIDA32 - Personal System Information [07/10/2007|18:35] C:\Program Files\Analog Devices [09/10/2007|21:27] C:\Program Files\Apoint2K [01/12/2007|17:35] C:\Program Files\CCleaner [23/11/2007|19:52] C:\Program Files\CodeStuff [07/10/2007|14:40] C:\Program Files\ComPlus Applications [24/02/2008|06:24] C:\Program Files\DAEMON Tools [15/02/2008|16:52] C:\Program Files\Diskeeper Corporation [07/12/2007|19:40] C:\Program Files\EA SPORTS [25/02/2008|23:33] C:\Program Files\ESET [25/02/2008|10:51] C:\Program Files\FastStone Capture [26/02/2008|01:39] C:\Program Files\Fichiers communs [18/02/2008|19:03] C:\Program Files\Free Download Manager [25/02/2008|11:05] C:\Program Files\Google [29/02/2008|16:09] C:\Program Files\GUILD WARS [13/02/2008|02:42] C:\Program Files\HDGraph [09/10/2007|12:00] C:\Program Files\Hewlett-Packard [09/10/2007|12:00] C:\Program Files\Hp [09/10/2007|12:11] C:\Program Files\HPQ [24/11/2007|20:09] C:\Program Files\inKline Global [25/02/2008|21:59] C:\Program Files\InstallShield Installation Information [08/12/2007|17:28] C:\Program Files\Intel [23/02/2008|18:03] C:\Program Files\Internet Explorer [09/10/2007|12:00] C:\Program Files\InterVideo [24/12/2007|15:43] C:\Program Files\iPod [28/02/2008|21:47] C:\Program Files\IrfanView [24/12/2007|15:43] C:\Program Files\iTunes [30/12/2007|18:18] C:\Program Files\IZArc [02/03/2008|14:16] C:\Program Files\Java [11/10/2007|18:00] C:\Program Files\K-Lite Codec Pack [08/12/2007|14:47] C:\Program Files\Lavalys [25/02/2008|10:41] C:\Program Files\LClock [29/02/2008|20:16] C:\Program Files\ma-config.com [20/02/2008|09:06] C:\Program Files\messenger [23/11/2007|21:48] C:\Program Files\microsoft frontpage [21/02/2008|02:14] C:\Program Files\Microsoft Office [21/02/2008|02:14] C:\Program Files\Microsoft Visual Studio [21/02/2008|02:09] C:\Program Files\Microsoft Visual Studio 8 [21/02/2008|02:15] C:\Program Files\Microsoft Works [21/02/2008|02:12] C:\Program Files\Microsoft.NET [20/02/2008|08:20] C:\Program Files\Movie Maker [21/02/2008|02:14] C:\Program Files\MSBuild [18/02/2008|13:32] C:\Program Files\MSECache [09/10/2007|11:28] C:\Program Files\MSN Gaming Zone [16/02/2008|04:02] C:\Program Files\MSN Messenger [07/12/2007|20:26] C:\Program Files\MSXML 4.0 [10/11/2007|12:21] C:\Program Files\MSXML 6.0 [28/02/2008|02:22] C:\Program Files\Nero [20/02/2008|08:14] C:\Program Files\NetMeeting [24/11/2007|00:06] C:\Program Files\Notebook Hardware Control [20/02/2008|08:14] C:\Program Files\Outlook Express [25/02/2008|07:57] C:\Program Files\PowerQuest [24/12/2007|15:40] C:\Program Files\QuickTime [09/10/2007|21:38] C:\Program Files\Reference Assemblies [09/10/2007|11:30] C:\Program Files\Services en ligne [09/10/2007|12:09] C:\Program Files\Sonic [10/12/2007|19:39] C:\Program Files\SystemRequirementsLab [25/02/2008|10:41] C:\Program Files\Taskix [29/02/2008|16:14] C:\Program Files\Teamspeak2_RC2 [25/02/2008|10:41] C:\Program Files\TransBar [25/02/2008|16:55] C:\Program Files\Trend Micro [15/02/2008|15:44] C:\Program Files\TuneUp Utilities 2008 [07/01/2008|04:00] C:\Program Files\UltraStar [09/10/2007|11:39] C:\Program Files\Uninstall Information [11/10/2007|18:11] C:\Program Files\uTorrent [08/12/2007|19:14] C:\Program Files\VIA [11/10/2007|16:06] C:\Program Files\VideoLAN [25/02/2008|10:51] C:\Program Files\Virtual CDRom [21/11/2007|17:52] C:\Program Files\Virtualis [25/02/2008|10:48] C:\Program Files\VistaDriveStatus [25/02/2008|10:41] C:\Program Files\VisualTaskTips [07/10/2007|18:38] C:\Program Files\WIDCOMM [25/02/2008|20:03] C:\Program Files\WinamaxPoker [07/01/2008|01:13] C:\Program Files\Winamp [22/02/2008|12:54] C:\Program Files\Windows Live [28/02/2008|17:19] C:\Program Files\Windows Live Safety Center [25/02/2008|10:48] C:\Program Files\Windows Media Connect 2 [28/02/2008|02:54] C:\Program Files\Windows Media Player [20/02/2008|08:14] C:\Program Files\Windows NT [09/10/2007|11:30] C:\Program Files\WindowsUpdate [25/02/2008|10:41] C:\Program Files\WinRoll [25/02/2008|10:41] C:\Program Files\WTInstaller [09/10/2007|11:33] C:\Program Files\xerox ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------ [26/02/2008|01:39] C:\Program Files\Fichiers communs\. [26/02/2008|01:39] C:\Program Files\Fichiers communs\.. [12/10/2007|14:20] C:\Program Files\Fichiers communs\Adobe [21/02/2008|02:14] C:\Program Files\Fichiers communs\DESIGNER [09/10/2007|12:09] C:\Program Files\Fichiers communs\InstallShield [07/10/2007|18:45] C:\Program Files\Fichiers communs\Java [02/03/2008|00:10] C:\Program Files\Fichiers communs\Microsoft Shared [07/10/2007|16:42] C:\Program Files\Fichiers communs\MSSoap [26/02/2008|01:43] C:\Program Files\Fichiers communs\Nero [01/12/2007|05:23] C:\Program Files\Fichiers communs\NSV [07/10/2007|16:14] C:\Program Files\Fichiers communs\ODBC [09/10/2007|11:30] C:\Program Files\Fichiers communs\Services [09/10/2007|12:06] C:\Program Files\Fichiers communs\Sonic Shared [07/10/2007|16:14] C:\Program Files\Fichiers communs\SpeechEngines [09/10/2007|12:09] C:\Program Files\Fichiers communs\SureThing Shared [23/02/2008|03:51] C:\Program Files\Fichiers communs\Symantec Shared [21/02/2008|02:08] C:\Program Files\Fichiers communs\System [09/10/2007|12:07] C:\Program Files\Fichiers communs\TiVo Shared [22/02/2008|12:55] C:\Program Files\Fichiers communs\WindowsLiveInstaller [25/02/2008|11:12] C:\Program Files\Fichiers communs\Wise Installation Wizard ----------------------[ Recherche avec S_Lop ]--------------------- Aucun fichier / dossier Lop trouvé ! -----------------[ Recherche de Fichiers / Dossiers Lop ]----------------- Aucun fichier / dossier Lop trouvé ! ----------------------[ Verification du Registre ]---------------------- ..... OK ! --------------------[ Verification du fichier Hosts ]--------------------- Fichier Hosts PROPRE ----------------[ Recherche de fichiers avec Catchme ]----------------- catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-02 16:09:51 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden files ... scan completed successfully hidden files: 0 --------------------[ Recherche d'autres infections ]--------------------- Aucune autre infection trouvée ! /!\ [Fich:8][Doss:0] C:\DOCUME~1\JEROME~1.JER\Cookies /!\ [Fich:86][Doss:4] C:\DOCUME~1\JEROME~1.JER\LOCALS~1\TEMPOR~1\content.IE5 --------------------[ Fin du rapport a 16:10:06,10 ]----------------------

scan en mode diagnostic: ComboFix 08-03-01.3 - Jerome 2008-03-02 15:58:50.2 - NTFSx86 Endroit: C:\Documents and Settings\Jerome.JEROME-69F6ED99\Bureau\ComboFix.exe . ((((((((((((((((((((((((((((( Fichiers créés 2008-02-02 to 2008-03-02 )))))))))))))))))))))))))))))))))))) . 2008-03-02 14:16 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-03-02 13:44 . 2008-03-02 13:44 9,191,818 --a------ C:\upload_moi_JEROME.tar.gz 2008-03-02 01:27 . 2008-03-02 01:27 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-03-02 01:27 . 2008-03-02 01:27 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab 2008-02-29 16:14 . 2008-02-29 16:14 <REP> d-------- C:\Program Files\Teamspeak2_RC2 2008-02-29 16:09 . 2008-02-29 16:09 <REP> d-------- C:\Program Files\GUILD WARS 2008-02-29 15:51 . 2008-03-01 22:50 <REP> d-------- C:\Program Files\AIDA32 - Personal System Information 2008-02-28 17:18 . 2008-02-28 17:19 <REP> d-------- C:\Program Files\Windows Live Safety Center 2008-02-28 02:20 . 2008-02-28 02:20 161 --a------ C:\WINDOWS\MyDrivers.ini 2008-02-26 01:45 . 2008-02-26 01:45 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\Nero 2008-02-26 01:39 . 2008-02-28 02:22 <REP> d-------- C:\Program Files\Nero 2008-02-26 01:39 . 2008-02-26 01:43 <REP> d-------- C:\Program Files\Fichiers communs\Nero 2008-02-26 01:39 . 2008-02-26 01:39 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero 2008-02-25 23:33 . 2008-02-25 23:33 <REP> d-------- C:\Program Files\ESET 2008-02-25 22:46 . 2008-02-25 23:02 125 --a------ C:\ioSpecial.ini 2008-02-25 22:03 . 2008-02-29 20:16 <REP> d-------- C:\Program Files\ma-config.com 2008-02-25 22:01 . 2008-02-25 22:01 <REP> d--h----- C:\WINDOWS\PIF 2008-02-25 17:18 . 2008-02-25 17:18 51 --a------ C:\WINDOWS\pccillin.ini 2008-02-25 14:38 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg 2008-02-25 12:04 . 2008-02-25 15:14 81,984 --a------ C:\WINDOWS\system32\bdod.bin 2008-02-25 11:36 . 2008-02-25 17:28 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Trend Micro 2008-02-25 10:54 . 2008-02-25 10:54 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\FastStone 2008-02-25 10:51 . 2008-02-25 10:51 <REP> d-------- C:\Program Files\Virtual CDRom 2008-02-25 10:51 . 2008-02-28 21:47 <REP> d-------- C:\Program Files\IrfanView 2008-02-25 10:51 . 2008-02-25 10:51 <REP> d-------- C:\Program Files\FastStone Capture 2008-02-25 10:51 . 2008-02-25 10:51 39,859 --a------ C:\WINDOWS\system32\UnIfs.exe 2008-02-25 10:41 . 2008-02-25 10:41 <REP> d-------- C:\Program Files\WinRoll 2008-02-25 10:41 . 2008-02-25 10:41 <REP> d-------- C:\Program Files\VisualTaskTips 2008-02-25 10:41 . 2008-02-25 10:48 <REP> d-------- C:\Program Files\VistaDriveStatus 2008-02-25 10:41 . 2008-02-25 10:41 <REP> d-------- C:\Program Files\TransBar 2008-02-25 10:41 . 2008-02-25 10:41 <REP> d-------- C:\Program Files\Taskix 2008-02-25 10:41 . 2008-02-25 10:41 <REP> d-------- C:\Program Files\LClock 2008-02-25 09:47 . 2008-02-25 09:47 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\ESET 2008-02-25 09:39 . 2008-02-25 09:39 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET 2008-02-25 07:57 . 2008-02-25 07:57 <REP> d-------- C:\Program Files\PowerQuest 2008-02-24 09:02 . 2008-02-24 09:02 36 --a------ C:\WINDOWS\DaemonPlugin.INI 2008-02-24 08:46 . 2008-02-25 10:41 <REP> d-------- C:\Program Files\WTInstaller 2008-02-24 06:24 . 2008-02-24 06:24 <REP> d-------- C:\Program Files\DAEMON Tools 2008-02-24 06:20 . 2008-02-24 09:02 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\DAEMON Tools 2008-02-24 06:14 . 2008-02-24 06:14 <REP> d-------- C:\WINDOWS\system32\dumps 2008-02-24 03:52 . 2008-02-24 03:52 3,934 --a------ C:\WINDOWS\Ascd_tmp.ini 2008-02-24 03:51 . 2000-03-29 15:17 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS 2008-02-23 17:24 . 2008-02-24 02:55 249,856 --------- C:\WINDOWS\Setup1.exe 2008-02-23 17:24 . 2008-02-24 02:55 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2008-02-23 09:26 . 2008-02-25 22:45 <REP> d-------- C:\Downloads 2008-02-23 08:55 . 2008-02-23 08:55 32 --a------ C:\WINDOWS\go 2008-02-23 07:00 . 2008-02-23 07:00 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\DAEMON Tools Pro 2008-02-23 07:00 . 2008-02-23 07:00 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\DAEMON Tools Pro 2008-02-23 05:50 . 2008-02-23 05:51 <REP> d--h----- C:\WINDOWS\msdownld.tmp 2008-02-23 05:50 . 2008-02-25 11:05 <REP> d-------- C:\Program Files\Google 2008-02-22 12:55 . 2008-02-22 12:55 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-02-22 12:54 . 2008-02-22 12:54 <REP> d-------- C:\Program Files\Windows Live 2008-02-22 12:53 . 2008-02-22 12:53 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller 2008-02-21 02:15 . 2008-02-21 02:15 <REP> d-------- C:\Program Files\Microsoft Works 2008-02-21 02:12 . 2008-02-21 02:12 <REP> d-------- C:\Program Files\Microsoft.NET 2008-02-21 02:09 . 2008-02-21 02:09 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8 2008-02-21 02:07 . 2008-02-21 02:14 <REP> d-------- C:\WINDOWS\SHELLNEW 2008-02-21 02:04 . 2008-03-02 00:16 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help 2008-02-21 02:03 . 2008-02-21 02:03 <REP> dr-h----- C:\MSOCache 2008-02-20 08:14 . 2008-02-20 08:14 <REP> d-------- C:\WINDOWS\ServicePackFiles 2008-02-20 08:10 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\000001_.tmp 2008-02-20 06:41 . 2008-02-25 13:59 <REP> d-------- C:\WINDOWS\SxsCaPendDel 2008-02-20 03:52 . 2008-02-20 03:52 268 --ah----- C:\sqmdata08.sqm 2008-02-20 03:52 . 2008-02-20 03:52 244 --ah----- C:\sqmnoopt08.sqm 2008-02-20 02:54 . 2008-02-20 02:54 268 --ah----- C:\sqmdata07.sqm 2008-02-20 02:54 . 2008-02-20 02:54 244 --ah----- C:\sqmnoopt07.sqm 2008-02-19 23:16 . 2008-02-19 23:16 268 --ah----- C:\sqmdata06.sqm 2008-02-19 23:16 . 2008-02-19 23:16 244 --ah----- C:\sqmnoopt06.sqm 2008-02-19 21:39 . 2008-02-25 10:21 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8 2008-02-18 13:25 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-02-18 13:25 . 2007-07-01 04:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-02-18 08:08 . 2008-02-18 08:08 44 --a------ C:\WINDOWS\SMWizard.INI 2008-02-18 07:36 . 2008-02-18 19:03 <REP> d-------- C:\Program Files\Free Download Manager 2008-02-18 07:36 . 2008-02-25 23:23 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\Free Download Manager 2008-02-18 07:36 . 2008-02-18 07:36 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\FreeDownloadManager.ORG 2008-02-17 11:11 . 2008-02-17 11:11 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\SmartFTP 2008-02-16 14:04 . 2008-02-16 14:04 754 --a------ C:\WINDOWS\WORDPAD.INI 2008-02-16 09:16 . 2008-02-25 15:41 121 --a------ C:\WINDOWS\bdagent.INI 2008-02-16 08:14 . 2008-02-16 08:14 <REP> d-------- C:\Documents and Settings\LocalService.AUTORITE NT\Menu Démarrer 2008-02-16 06:56 . 2008-02-16 06:56 <REP> d--hs---- C:\Diskeeper 2008-02-16 06:01 . 2008-03-01 18:51 <REP> d-------- C:\WINDOWS\BDOSCAN8 2008-02-16 01:29 . 2008-02-19 21:23 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira 2008-02-15 16:52 . 2008-02-15 16:52 <REP> d-------- C:\Program Files\Diskeeper Corporation 2008-02-15 16:52 . 2008-02-15 16:52 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Diskeeper Corporation 2008-02-14 20:37 . 2008-02-25 16:55 <REP> d-------- C:\Program Files\Trend Micro 2008-02-14 02:28 . 2008-02-14 02:31 679 --a------ C:\WINDOWS\wininit.ini 2008-02-13 20:40 . 2008-02-16 08:46 <REP> d-------- C:\MFT 2503 2008-02-13 07:50 . 2008-02-13 07:50 <REP> d-------- C:\Documents and Settings\Administrateur.JEROME\Application Data\TuneUp Software 2008-02-13 05:31 . 2008-02-13 05:31 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-02-13 05:31 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-02-13 05:30 . 2008-02-15 15:44 <REP> d-------- C:\Program Files\TuneUp Utilities 2008 2008-02-13 03:10 . 2008-02-13 03:10 <REP> d-------- C:\WINDOWS\IconsInUse 2008-02-13 02:38 . 2008-02-13 02:42 <REP> d-------- C:\Program Files\HDGraph 2008-02-08 17:14 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-02-08 17:14 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-02-05 18:54 . 2008-02-05 18:56 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft 2008-02-05 18:25 . 2008-02-25 11:12 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-02 14:34 22,528 -c--a-w C:\WINDOWS\system32\drivers\nhcDriver.sys 2008-03-02 13:16 --------- d-----w C:\Program Files\Java 2008-03-02 12:20 --------- d-----w C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\utorrent 2008-02-25 21:04 --------- d-----w C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\ma-config.com 2008-02-25 20:59 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-25 19:03 --------- d-----w C:\Program Files\WinamaxPoker 2008-02-25 17:06 --------- d-----w C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\Microgaming 2008-02-25 09:48 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-02-25 04:55 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer 2008-02-25 00:22 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP 2008-02-25 00:22 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2008-02-24 05:12 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-02-23 02:51 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-02-21 01:14 --------- d-----w C:\Program Files\MSBuild 2008-02-18 12:32 --------- d-----w C:\Program Files\MSECache 2008-02-16 03:02 --------- d-----w C:\Program Files\MSN Messenger 2008-02-13 04:31 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software 2008-02-01 08:50 245,760 ----a-w C:\WINDOWS\system32\JkDefragScreenSaver.exe 2008-02-01 08:50 110,592 ----a-w C:\WINDOWS\system32\JkDefragScreenSaver.scr 2008-01-30 11:38 71,176 ----a-w C:\WINDOWS\system32\drivers\epfw.sys 2008-01-30 11:38 54,280 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys 2008-01-30 11:38 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys 2008-01-30 11:35 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys 2008-01-30 11:35 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys 2008-01-15 19:47 --------- d-----w C:\Documents and Settings\Administrateur.JEROME\Application Data\Lavasoft 2008-01-10 17:29 --------- d-----w C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\Samsung 2008-01-07 03:00 --------- d-----w C:\Program Files\UltraStar 2008-01-07 00:13 --------- d-----w C:\Program Files\Winamp 2007-12-13 18:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-06 13:05 108,144 -c--a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2007-12-04 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe 2007-12-03 17:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll 2006-12-02 14:25 853 -c--a-w C:\Documents and Settings\Jerome.JEROME-69F6ED99\reboot.cmd 2007-11-25 00:00 80 -csh--r C:\WINDOWS\system32\F29DB264E0.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 0 (0x0) "NoResolveSearch"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSimpleStartMenu"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] --a--c--- 2005-02-08 17:38 159744 C:\Program Files\Apoint2K\Apoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-19 16:09 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui] --a------ 2008-01-30 12:37 1443072 C:\Program Files\ESET\ESET Smart Security\egui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] --a------ 2005-04-11 15:21 794624 C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kspkdcbfa] c:\documents and settings\jerome.jerome-69f6ed99\local settings\application data\kspkdcbfa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NotebookHardwareControl] --a------ 2007-05-04 01:33 2629632 C:\Program Files\Notebook Hardware Control\nhc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] --a--c--- 2004-10-14 08:11 1388544 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Taskix] --a------ 2007-01-25 21:33 65536 C:\Program Files\Taskix\Taskix32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TransBar] --a------ 2005-06-01 20:41 65536 C:\Program Files\TransBar\TransBar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vistadrv] --a------ 2006-07-30 02:37 121089 C:\Program Files\VistaDriveStatus\vsdrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTaskTips] --a------ 2007-09-05 18:20 36352 C:\Program Files\VisualTaskTips\VisualTaskTips.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "avast! Web Scanner"=3 (0x3) "avast! Mail Scanner"=3 (0x3) "avast! Antivirus"=2 (0x2) "aswUpdSv"=2 (0x2) "xmlprov"=3 (0x3) "WZCSVC"=2 (0x2) "WudfSvc"=2 (0x2) "wuauserv"=2 (0x2) "wscsvc"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "WmiApSrv"=3 (0x3) "WmdmPmSN"=3 (0x3) "WLSetupSvc"=3 (0x3) "winmgmt"=2 (0x2) "WebClient"=2 (0x2) "W32Time"=2 (0x2) "VSS"=3 (0x3) "UxTuneUp"=2 (0x2) "usnjsvc"=3 (0x3) "UPS"=3 (0x3) "TuneUp.Defrag"=3 (0x3) "TrkWks"=2 (0x2) "Themes"=2 (0x2) "TapiSrv"=3 (0x3) "SysmonLog"=3 (0x3) "SwPrv"=3 (0x3) "srservice"=2 (0x2) "SoundMAX Agent Service (default)"=2 (0x2) "ShellHWDetection"=2 (0x2) "SharedAccess"=2 (0x2) "Schedule"=2 (0x2) "SCardSvr"=3 (0x3) "SamSs"=2 (0x2) "RSVP"=3 (0x3) "RDSessMgr"=3 (0x3) "RasMan"=3 (0x3) "RasAuto"=3 (0x3) "ProtectedStorage"=2 (0x2) "PolicyAgent"=2 (0x2) "PlugPlay"=2 (0x2) "ose"=3 (0x3) "odserv"=3 (0x3) "NtmsSvc"=3 (0x3) "NtLmSsp"=3 (0x3) "Nla"=3 (0x3) "Netman"=3 (0x3) "Netlogon"=3 (0x3) "Nero BackItUp Scheduler 3"=2 (0x2) "MSIServer"=3 (0x3) "MSDTC"=3 (0x3) "mnmsrvc"=3 (0x3) "lanmanworkstation"=2 (0x2) "lanmanserver"=2 (0x2) "iPod Service"=3 (0x3) "ImapiService"=3 (0x3) "idsvc"=3 (0x3) "HTTPFilter"=3 (0x3) "hpqwmi"=3 (0x3) "helpsvc"=2 (0x2) "gusvc"=3 (0x3) "FontCache3.0.0.0"=3 (0x3) "Eventlog"=2 (0x2) "ERSvc"=2 (0x2) "ekrn"=2 (0x2) "EhttpSrv"=3 (0x3) "Dnscache"=2 (0x2) "dmserver"=3 (0x3) "dmadmin"=3 (0x3) "Diskeeper"=2 (0x2) "Dhcp"=2 (0x2) "CryptSvc"=3 (0x3) "clr_optimization_v2.0.50727_32"=2 (0x2) "ClipSrv"=3 (0x3) "CiSvc"=3 (0x3) "Browser"=3 (0x3) "BITS"=2 (0x2) "AudioSrv"=2 (0x2) "aspnet_state"=3 (0x3) "AppMgmt"=3 (0x3) "ALG"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efe338e7-7653-11dc-a2d1-000ae4d4acb8}] \Shell\AutoRun\command - E:\TOTALCMD\TOTALCMD.EXE \Shell\read\command - notepad.exe autorun.inf \Shell\start\command - E:\TOTALCMD\TOTALCMD.EXE \Shell\start1\command - siw\siw.exe \Shell\start2\command - PowerMenu_150_FR\PowerMenu.exe \Shell\start3\command - E:\_Divers\procexp.exe \Shell\start4\command - hijackthis\HijackThis.exe \Shell\start5\command - CCTASK\CCTASK.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-02 16:01:04 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-03-02 16:02:08 ComboFix-quarantined-files.txt 2008-03-02 15:01:59 ComboFix2.txt 2008-03-02 14:29:52 . 2008-03-01 23:18:17 --- E O F --- option 1 en mode diagnostic: -----------------------------[ Lop S&D 4.0.2 ]--------------------------- [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ] [ USER : Jerome ] [ "C:\Lop SD" ] [ 02/03/2008 | 16:06:50,39 ] [ PC : JEROME ] [ MAJ : 30-02-2008 | 00:12 ] -------------[ Listing des dossiers dans Application Data ]------------ [08/12/2007|17:36] C:\DOCUME~1\Administrateur\APPLIC~1\. [08/12/2007|17:36] C:\DOCUME~1\Administrateur\APPLIC~1\.. [07/10/2007|19:49] C:\DOCUME~1\Administrateur\APPLIC~1\desktop.ini [07/10/2007|17:55] C:\DOCUME~1\Administrateur\APPLIC~1\Microsoft [08/12/2007|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\. [08/12/2007|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.. [07/10/2007|16:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini [07/10/2007|16:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [02/03/2008|01:27] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\. [02/03/2008|01:27] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\.. [16/02/2008|05:03] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\addr_file.html [20/02/2008|22:48] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Adobe [11/10/2007|16:27] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple [25/02/2008|05:55] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple Computer [25/02/2008|10:21] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\avg8 [19/02/2008|21:23] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Avira [23/02/2008|07:00] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\DAEMON Tools Pro [09/10/2007|13:16] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\desktop.ini [15/02/2008|16:52] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Diskeeper Corporation [25/02/2008|09:39] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\ESET [18/02/2008|07:36] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\FreeDownloadManager.ORG [23/02/2008|05:50] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Google [09/10/2007|12:18] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\hpqwmi [09/10/2007|12:09] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\InstallShield [02/03/2008|01:27] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Kaspersky Lab [22/01/2008|18:16] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\LauncherAccess.dt [05/02/2008|18:56] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Lavasoft [17/02/2008|17:44] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft [02/03/2008|00:16] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft Help [26/02/2008|01:39] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Nero [11/10/2007|16:37] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\751 QTSBandwidthCache [09/10/2007|12:02] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\QuickTime [25/02/2008|01:22] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy [25/02/2008|01:22] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\TEMP [25/02/2008|17:28] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Trend Micro [13/02/2008|05:31] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\TuneUp Software [09/10/2007|20:33] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Windows Genuine Advantage [22/02/2008|12:53] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\WLInstaller [08/12/2007|17:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\. [08/12/2007|17:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.. [07/10/2007|16:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini [07/10/2007|16:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [08/12/2007|17:36] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\. [08/12/2007|17:36] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\.. [09/10/2007|13:16] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\desktop.ini [09/10/2007|11:32] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\Microsoft [08/12/2007|17:36] C:\DOCUME~1\Jerome\APPLIC~1\. [08/12/2007|17:36] C:\DOCUME~1\Jerome\APPLIC~1\.. [07/10/2007|19:49] C:\DOCUME~1\Jerome\APPLIC~1\desktop.ini [07/10/2007|17:55] C:\DOCUME~1\Jerome\APPLIC~1\Microsoft [25/02/2008|14:57] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\. [25/02/2008|14:57] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\.. [20/02/2008|16:27] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Adobe [09/10/2007|12:03] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Apple Computer [18/11/2007|00:15] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Azureus [09/10/2007|19:41] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\BitTorrent [24/02/2008|09:02] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\DAEMON Tools [23/02/2008|07:00] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\DAEMON Tools Pro [09/10/2007|13:16] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\desktop.ini [25/11/2007|00:59] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\DivX [09/10/2007|19:41] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\dvdcss [25/02/2008|09:47] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\ESET [25/02/2008|10:54] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\FastStone [09/10/2007|19:41] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\FileZilla [25/02/2008|23:23] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Free Download Manager [11/10/2007|19:22] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Google [12/10/2007|14:27] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Help [09/10/2007|19:41] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Identities [09/10/2007|19:41] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\InterVideo [01/12/2007|01:23] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Lavasoft [06/12/2007|16:30] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Leadertech [08/12/2007|17:36] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\ma-config(2).com [25/02/2008|22:04] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\ma-config.com [09/10/2007|20:09] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Macromedia [10/11/2007|16:48] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Media Player Classic [25/02/2008|18:06] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Microgaming [21/02/2008|03:25] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Microsoft [26/02/2008|01:45] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Nero [11/10/2007|19:35] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\OpenArena [25/11/2007|05:27] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\PC Tools [10/01/2008|18:29] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Samsung [09/10/2007|19:41] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Shareaza [17/02/2008|11:11] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\SmartFTP [06/12/2007|16:31] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Sonic [10/11/2007|13:07] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Sun [09/10/2007|19:43] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\TaoUSign [25/12/2007|21:39] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\teamspeak2 [09/10/2007|19:43] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\temp [09/10/2007|19:43] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Thunderbird [17/11/2007|23:50] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\TuneUp Software [24/11/2007|19:23] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Uniblue [02/03/2008|13:20] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\utorrent [11/10/2007|16:07] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\vlc [11/10/2007|18:10] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Winamp [11/10/2007|16:44] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\WinRAR [08/12/2007|17:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\. [08/12/2007|17:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\.. [07/10/2007|17:55] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [19/02/2008|21:41] C:\DOCUME~1\LOCALS~1.AUT\APPLIC~1\. [19/02/2008|21:41] C:\DOCUME~1\LOCALS~1.AUT\APPLIC~1\.. [25/02/2008|10:17] C:\DOCUME~1\LOCALS~1.AUT\APPLIC~1\Microsoft [08/12/2007|17:36] C:\DOCUME~1\NETWOR~1\APPLIC~1\. [08/12/2007|17:36] C:\DOCUME~1\NETWOR~1\APPLIC~1\.. [07/10/2007|17:55] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [08/12/2007|17:36] C:\DOCUME~1\NETWOR~1.AUT\APPLIC~1\. [08/12/2007|17:36] C:\DOCUME~1\NETWOR~1.AUT\APPLIC~1\.. [25/02/2008|10:17] C:\DOCUME~1\NETWOR~1.AUT\APPLIC~1\Microsoft ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]--------------- [02/03/2008 15:55][--ah-c---] C:\WINDOWS\tasks\SA.DAT [05/08/2004 13:00][-r-h-c---] C:\WINDOWS\tasks\desktop.ini ---------------[ Listing des dossiers dans C:\Program Files ]-------------- [29/02/2008|16:14] C:\Program Files\. [29/02/2008|16:14] C:\Program Files\.. [07/10/2007|18:25] C:\Program Files\Adobe [01/03/2008|22:50] C:\Program Files\AIDA32 - Personal System Information [07/10/2007|18:35] C:\Program Files\Analog Devices [09/10/2007|21:27] C:\Program Files\Apoint2K [01/12/2007|17:35] C:\Program Files\CCleaner [23/11/2007|19:52] C:\Program Files\CodeStuff [07/10/2007|14:40] C:\Program Files\ComPlus Applications [24/02/2008|06:24] C:\Program Files\DAEMON Tools [15/02/2008|16:52] C:\Program Files\Diskeeper Corporation [07/12/2007|19:40] C:\Program Files\EA SPORTS [25/02/2008|23:33] C:\Program Files\ESET [25/02/2008|10:51] C:\Program Files\FastStone Capture [26/02/2008|01:39] C:\Program Files\Fichiers communs [18/02/2008|19:03] C:\Program Files\Free Download Manager [25/02/2008|11:05] C:\Program Files\Google [29/02/2008|16:09] C:\Program Files\GUILD WARS [13/02/2008|02:42] C:\Program Files\HDGraph [09/10/2007|12:00] C:\Program Files\Hewlett-Packard [09/10/2007|12:00] C:\Program Files\Hp [09/10/2007|12:11] C:\Program Files\HPQ [24/11/2007|20:09] C:\Program Files\inKline Global [25/02/2008|21:59] C:\Program Files\InstallShield Installation Information [08/12/2007|17:28] C:\Program Files\Intel [23/02/2008|18:03] C:\Program Files\Internet Explorer [09/10/2007|12:00] C:\Program Files\InterVideo [24/12/2007|15:43] C:\Program Files\iPod [28/02/2008|21:47] C:\Program Files\IrfanView [24/12/2007|15:43] C:\Program Files\iTunes [30/12/2007|18:18] C:\Program Files\IZArc [02/03/2008|14:16] C:\Program Files\Java [11/10/2007|18:00] C:\Program Files\K-Lite Codec Pack [08/12/2007|14:47] C:\Program Files\Lavalys [25/02/2008|10:41] C:\Program Files\LClock [29/02/2008|20:16] C:\Program Files\ma-config.com [20/02/2008|09:06] C:\Program Files\messenger [23/11/2007|21:48] C:\Program Files\microsoft frontpage [21/02/2008|02:14] C:\Program Files\Microsoft Office [21/02/2008|02:14] C:\Program Files\Microsoft Visual Studio [21/02/2008|02:09] C:\Program Files\Microsoft Visual Studio 8 [21/02/2008|02:15] C:\Program Files\Microsoft Works [21/02/2008|02:12] C:\Program Files\Microsoft.NET [20/02/2008|08:20] C:\Program Files\Movie Maker [21/02/2008|02:14] C:\Program Files\MSBuild [18/02/2008|13:32] C:\Program Files\MSECache [09/10/2007|11:28] C:\Program Files\MSN Gaming Zone [16/02/2008|04:02] C:\Program Files\MSN Messenger [07/12/2007|20:26] C:\Program Files\MSXML 4.0 [10/11/2007|12:21] C:\Program Files\MSXML 6.0 [28/02/2008|02:22] C:\Program Files\Nero [20/02/2008|08:14] C:\Program Files\NetMeeting [24/11/2007|00:06] C:\Program Files\Notebook Hardware Control [20/02/2008|08:14] C:\Program Files\Outlook Express [25/02/2008|07:57] C:\Program Files\PowerQuest [24/12/2007|15:40] C:\Program Files\QuickTime [09/10/2007|21:38] C:\Program Files\Reference Assemblies [09/10/2007|11:30] C:\Program Files\Services en ligne [09/10/2007|12:09] C:\Program Files\Sonic [10/12/2007|19:39] C:\Program Files\SystemRequirementsLab [25/02/2008|10:41] C:\Program Files\Taskix [29/02/2008|16:14] C:\Program Files\Teamspeak2_RC2 [25/02/2008|10:41] C:\Program Files\TransBar [25/02/2008|16:55] C:\Program Files\Trend Micro [15/02/2008|15:44] C:\Program Files\TuneUp Utilities 2008 [07/01/2008|04:00] C:\Program Files\UltraStar [09/10/2007|11:39] C:\Program Files\Uninstall Information [11/10/2007|18:11] C:\Program Files\uTorrent [08/12/2007|19:14] C:\Program Files\VIA [11/10/2007|16:06] C:\Program Files\VideoLAN [25/02/2008|10:51] C:\Program Files\Virtual CDRom [21/11/2007|17:52] C:\Program Files\Virtualis [25/02/2008|10:48] C:\Program Files\VistaDriveStatus [25/02/2008|10:41] C:\Program Files\VisualTaskTips [07/10/2007|18:38] C:\Program Files\WIDCOMM [25/02/2008|20:03] C:\Program Files\WinamaxPoker [07/01/2008|01:13] C:\Program Files\Winamp [22/02/2008|12:54] C:\Program Files\Windows Live [28/02/2008|17:19] C:\Program Files\Windows Live Safety Center [25/02/2008|10:48] C:\Program Files\Windows Media Connect 2 [28/02/2008|02:54] C:\Program Files\Windows Media Player [20/02/2008|08:14] C:\Program Files\Windows NT [09/10/2007|11:30] C:\Program Files\WindowsUpdate [25/02/2008|10:41] C:\Program Files\WinRoll [25/02/2008|10:41] C:\Program Files\WTInstaller [09/10/2007|11:33] C:\Program Files\xerox ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------ [26/02/2008|01:39] C:\Program Files\Fichiers communs\. [26/02/2008|01:39] C:\Program Files\Fichiers communs\.. [12/10/2007|14:20] C:\Program Files\Fichiers communs\Adobe [21/02/2008|02:14] C:\Program Files\Fichiers communs\DESIGNER [09/10/2007|12:09] C:\Program Files\Fichiers communs\InstallShield [07/10/2007|18:45] C:\Program Files\Fichiers communs\Java [02/03/2008|00:10] C:\Program Files\Fichiers communs\Microsoft Shared [07/10/2007|16:42] C:\Program Files\Fichiers communs\MSSoap [26/02/2008|01:43] C:\Program Files\Fichiers communs\Nero [01/12/2007|05:23] C:\Program Files\Fichiers communs\NSV [07/10/2007|16:14] C:\Program Files\Fichiers communs\ODBC [09/10/2007|11:30] C:\Program Files\Fichiers communs\Services [09/10/2007|12:06] C:\Program Files\Fichiers communs\Sonic Shared [07/10/2007|16:14] C:\Program Files\Fichiers communs\SpeechEngines [09/10/2007|12:09] C:\Program Files\Fichiers communs\SureThing Shared [23/02/2008|03:51] C:\Program Files\Fichiers communs\Symantec Shared [21/02/2008|02:08] C:\Program Files\Fichiers communs\System [09/10/2007|12:07] C:\Program Files\Fichiers communs\TiVo Shared [22/02/2008|12:55] C:\Program Files\Fichiers communs\WindowsLiveInstaller [25/02/2008|11:12] C:\Program Files\Fichiers communs\Wise Installation Wizard ----------------------[ Recherche avec S_Lop ]--------------------- Aucun fichier / dossier Lop trouvé ! -----------------[ Recherche de Fichiers / Dossiers Lop ]----------------- Aucun fichier / dossier Lop trouvé ! ----------------------[ Verification du Registre ]---------------------- ..... OK ! --------------------[ Verification du fichier Hosts ]--------------------- Fichier Hosts PROPRE ----------------[ Recherche de fichiers avec Catchme ]----------------- catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-02 16:07:21 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden files ... scan completed successfully hidden files: 0 --------------------[ Recherche d'autres infections ]--------------------- Aucune autre infection trouvée ! /!\ [Fich:1][Doss:1] C:\DOCUME~1\JEROME~1.JER\LOCALS~1\Temp /!\ [Fich:8][Doss:0] C:\DOCUME~1\JEROME~1.JER\Cookies /!\ [Fich:156][Doss:4] C:\DOCUME~1\JEROME~1.JER\LOCALS~1\TEMPOR~1\content.IE5 --------------------[ Fin du rapport a 16:07:35,51 ]----------------------

je refait le scan en mode diagnostique car nod32 c'est lancé au demarrage et j'ai peur qu'il est faussé l'analyse

L'entrée figure toujour dans msconfig __________________________________ ComboFix 08-03-01.3 - Jerome 2008-03-02 15:21:59.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.129 [GMT 1:00] Endroit: C:\Documents and Settings\Jerome.JEROME-69F6ED99\Bureau\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Jerome.JEROME-69F6ED99\Local Settings\Application Data\hhzaauuvhh.dat C:\Documents and Settings\Jerome.JEROME-69F6ED99\Local Settings\Application Data\hhzaauuvhh_nav.dat C:\Documents and Settings\Jerome.JEROME-69F6ED99\Local Settings\Application Data\hhzaauuvhh_navps.dat C:\Documents and Settings\Jerome.JEROME-69F6ED99\Local Settings\Application Data\kspkdcbfa.dat c:\documents and settings\jerome.jerome-69f6ed99\local settings\application data\kspkdcbfa.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99\Local Settings\Application Data\kspkdcbfa_nav.dat c:\Documents and Settings\Jerome.JEROME-69F6ED99\Local Settings\Application Data\kspkdcbfa_navps.dat C:\Documents and Settings\Jerome.JEROME-69F6ED99\Local Settings\Application Data\wjcplkvqo.dat C:\Documents and Settings\Jerome.JEROME-69F6ED99\Local Settings\Application Data\wjcplkvqo_nav.dat C:\Documents and Settings\Jerome.JEROME-69F6ED99\Local Settings\Application Data\wjcplkvqo_navps.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\nm -------\poof ((((((((((((((((((((((((((((( Fichiers créés 2008-02-02 to 2008-03-02 )))))))))))))))))))))))))))))))))))) . 2008-03-02 14:16 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-03-02 13:44 . 2008-03-02 13:44 9,191,818 --a------ C:\upload_moi_JEROME.tar.gz 2008-03-02 01:27 . 2008-03-02 01:27 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-03-02 01:27 . 2008-03-02 01:27 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab 2008-02-29 16:14 . 2008-02-29 16:14 <REP> d-------- C:\Program Files\Teamspeak2_RC2 2008-02-29 16:09 . 2008-02-29 16:09 <REP> d-------- C:\Program Files\GUILD WARS 2008-02-29 15:51 . 2008-03-01 22:50 <REP> d-------- C:\Program Files\AIDA32 - Personal System Information 2008-02-28 17:18 . 2008-02-28 17:19 <REP> d-------- C:\Program Files\Windows Live Safety Center 2008-02-28 02:20 . 2008-02-28 02:20 161 --a------ C:\WINDOWS\MyDrivers.ini 2008-02-26 01:45 . 2008-02-26 01:45 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\Nero 2008-02-26 01:39 . 2008-02-28 02:22 <REP> d-------- C:\Program Files\Nero 2008-02-26 01:39 . 2008-02-26 01:43 <REP> d-------- C:\Program Files\Fichiers communs\Nero 2008-02-26 01:39 . 2008-02-26 01:39 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero 2008-02-25 23:33 . 2008-02-25 23:33 <REP> d-------- C:\Program Files\ESET 2008-02-25 22:46 . 2008-02-25 23:02 125 --a------ C:\ioSpecial.ini 2008-02-25 22:03 . 2008-02-29 20:16 <REP> d-------- C:\Program Files\ma-config.com 2008-02-25 22:01 . 2008-02-25 22:01 <REP> d--h----- C:\WINDOWS\PIF 2008-02-25 17:18 . 2008-02-25 17:18 51 --a------ C:\WINDOWS\pccillin.ini 2008-02-25 14:38 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg 2008-02-25 12:04 . 2008-02-25 15:14 81,984 --a------ C:\WINDOWS\system32\bdod.bin 2008-02-25 11:36 . 2008-02-25 17:28 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Trend Micro 2008-02-25 10:54 . 2008-02-25 10:54 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\FastStone 2008-02-25 10:51 . 2008-02-25 10:51 <REP> d-------- C:\Program Files\Virtual CDRom 2008-02-25 10:51 . 2008-02-28 21:47 <REP> d-------- C:\Program Files\IrfanView 2008-02-25 10:51 . 2008-02-25 10:51 <REP> d-------- C:\Program Files\FastStone Capture 2008-02-25 10:51 . 2008-02-25 10:51 39,859 --a------ C:\WINDOWS\system32\UnIfs.exe 2008-02-25 10:41 . 2008-02-25 10:41 <REP> d-------- C:\Program Files\WinRoll 2008-02-25 10:41 . 2008-02-25 10:41 <REP> d-------- C:\Program Files\VisualTaskTips 2008-02-25 10:41 . 2008-02-25 10:48 <REP> d-------- C:\Program Files\VistaDriveStatus 2008-02-25 10:41 . 2008-02-25 10:41 <REP> d-------- C:\Program Files\TransBar 2008-02-25 10:41 . 2008-02-25 10:41 <REP> d-------- C:\Program Files\Taskix 2008-02-25 10:41 . 2008-02-25 10:41 <REP> d-------- C:\Program Files\LClock 2008-02-25 09:47 . 2008-02-25 09:47 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\ESET 2008-02-25 09:39 . 2008-02-25 09:39 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET 2008-02-25 07:57 . 2008-02-25 07:57 <REP> d-------- C:\Program Files\PowerQuest 2008-02-24 09:02 . 2008-02-24 09:02 36 --a------ C:\WINDOWS\DaemonPlugin.INI 2008-02-24 08:46 . 2008-02-25 10:41 <REP> d-------- C:\Program Files\WTInstaller 2008-02-24 06:24 . 2008-02-24 06:24 <REP> d-------- C:\Program Files\DAEMON Tools 2008-02-24 06:20 . 2008-02-24 09:02 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\DAEMON Tools 2008-02-24 06:14 . 2008-02-24 06:14 <REP> d-------- C:\WINDOWS\system32\dumps 2008-02-24 03:52 . 2008-02-24 03:52 3,934 --a------ C:\WINDOWS\Ascd_tmp.ini 2008-02-24 03:51 . 2000-03-29 15:17 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS 2008-02-23 17:24 . 2008-02-24 02:55 249,856 --------- C:\WINDOWS\Setup1.exe 2008-02-23 17:24 . 2008-02-24 02:55 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2008-02-23 09:26 . 2008-02-25 22:45 <REP> d-------- C:\Downloads 2008-02-23 08:55 . 2008-02-23 08:55 32 --a------ C:\WINDOWS\go 2008-02-23 07:00 . 2008-02-23 07:00 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\DAEMON Tools Pro 2008-02-23 07:00 . 2008-02-23 07:00 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\DAEMON Tools Pro 2008-02-23 05:50 . 2008-02-23 05:51 <REP> d--h----- C:\WINDOWS\msdownld.tmp 2008-02-23 05:50 . 2008-02-25 11:05 <REP> d-------- C:\Program Files\Google 2008-02-22 12:55 . 2008-02-22 12:55 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-02-22 12:54 . 2008-02-22 12:54 <REP> d-------- C:\Program Files\Windows Live 2008-02-22 12:53 . 2008-02-22 12:53 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller 2008-02-21 02:15 . 2008-02-21 02:15 <REP> d-------- C:\Program Files\Microsoft Works 2008-02-21 02:12 . 2008-02-21 02:12 <REP> d-------- C:\Program Files\Microsoft.NET 2008-02-21 02:09 . 2008-02-21 02:09 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8 2008-02-21 02:07 . 2008-02-21 02:14 <REP> d-------- C:\WINDOWS\SHELLNEW 2008-02-21 02:04 . 2008-03-02 00:16 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help 2008-02-21 02:03 . 2008-02-21 02:03 <REP> dr-h----- C:\MSOCache 2008-02-20 08:14 . 2008-02-20 08:14 <REP> d-------- C:\WINDOWS\ServicePackFiles 2008-02-20 08:10 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\000001_.tmp 2008-02-20 06:41 . 2008-02-25 13:59 <REP> d-------- C:\WINDOWS\SxsCaPendDel 2008-02-20 03:52 . 2008-02-20 03:52 268 --ah----- C:\sqmdata08.sqm 2008-02-20 03:52 . 2008-02-20 03:52 244 --ah----- C:\sqmnoopt08.sqm 2008-02-20 02:54 . 2008-02-20 02:54 268 --ah----- C:\sqmdata07.sqm 2008-02-20 02:54 . 2008-02-20 02:54 244 --ah----- C:\sqmnoopt07.sqm 2008-02-19 23:16 . 2008-02-19 23:16 268 --ah----- C:\sqmdata06.sqm 2008-02-19 23:16 . 2008-02-19 23:16 244 --ah----- C:\sqmnoopt06.sqm 2008-02-19 21:39 . 2008-02-25 10:21 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8 2008-02-18 13:25 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-02-18 13:25 . 2007-07-01 04:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-02-18 08:08 . 2008-02-18 08:08 44 --a------ C:\WINDOWS\SMWizard.INI 2008-02-18 07:36 . 2008-02-18 19:03 <REP> d-------- C:\Program Files\Free Download Manager 2008-02-18 07:36 . 2008-02-25 23:23 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\Free Download Manager 2008-02-18 07:36 . 2008-02-18 07:36 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\FreeDownloadManager.ORG 2008-02-17 11:11 . 2008-02-17 11:11 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\SmartFTP 2008-02-16 14:04 . 2008-02-16 14:04 754 --a------ C:\WINDOWS\WORDPAD.INI 2008-02-16 09:16 . 2008-02-25 15:41 121 --a------ C:\WINDOWS\bdagent.INI 2008-02-16 08:14 . 2008-02-16 08:14 <REP> d-------- C:\Documents and Settings\LocalService.AUTORITE NT\Menu D‚marrer 2008-02-16 06:56 . 2008-02-16 06:56 <REP> d--hs---- C:\Diskeeper 2008-02-16 06:01 . 2008-03-01 18:51 <REP> d-------- C:\WINDOWS\BDOSCAN8 2008-02-16 01:29 . 2008-02-19 21:23 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira 2008-02-15 16:52 . 2008-02-15 16:52 <REP> d-------- C:\Program Files\Diskeeper Corporation 2008-02-15 16:52 . 2008-02-15 16:52 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Diskeeper Corporation 2008-02-14 20:37 . 2008-02-25 16:55 <REP> d-------- C:\Program Files\Trend Micro 2008-02-14 02:28 . 2008-02-14 02:31 679 --a------ C:\WINDOWS\wininit.ini 2008-02-13 20:40 . 2008-02-16 08:46 <REP> d-------- C:\MFT 2503 2008-02-13 07:50 . 2008-02-13 07:50 <REP> d-------- C:\Documents and Settings\Administrateur.JEROME\Application Data\TuneUp Software 2008-02-13 05:31 . 2008-02-13 05:31 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-02-13 05:31 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-02-13 05:30 . 2008-02-15 15:44 <REP> d-------- C:\Program Files\TuneUp Utilities 2008 2008-02-13 03:10 . 2008-02-13 03:10 <REP> d-------- C:\WINDOWS\IconsInUse 2008-02-13 02:38 . 2008-02-13 02:42 <REP> d-------- C:\Program Files\HDGraph 2008-02-08 17:14 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-02-08 17:14 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-02-05 18:54 . 2008-02-05 18:56 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft 2008-02-05 18:25 . 2008-02-25 11:12 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-02 14:27 22,528 -c--a-w C:\WINDOWS\system32\drivers\nhcDriver.sys 2008-02-24 05:12 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-01-30 11:38 71,176 ----a-w C:\WINDOWS\system32\drivers\epfw.sys 2008-01-30 11:38 54,280 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys 2008-01-30 11:38 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys 2008-01-30 11:35 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys 2008-01-30 11:35 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys 2007-12-13 18:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2007-12-04 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe 2006-12-02 14:25 853 -c--a-w C:\Documents and Settings\Jerome.JEROME-69F6ED99\reboot.cmd 2007-11-25 00:00 80 -csh--r C:\WINDOWS\system32\F29DB264E0.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360] "TransBar"="C:\Program Files\TransBar\TransBar.exe" [2005-06-01 20:41 65536] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 08:11 1388544] "NotebookHardwareControl"="C:\Program Files\Notebook Hardware Control\nhc.exe" [2007-05-04 01:33 2629632] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 15:21 794624] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2005-02-08 17:38 159744] "Taskix"="C:\Program Files\Taskix\Taskix32.exe" [2007-01-25 21:33 65536] "VisualTaskTips"="C:\Program Files\VisualTaskTips\VisualTaskTips.exe" [2007-09-05 18:20 36352] "Vistadrv"="C:\Program Files\VistaDriveStatus\vsdrv.exe" [2006-07-30 02:37 121089] "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-01-30 12:37 1443072] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 0 (0x0) "NoResolveSearch"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSimpleStartMenu"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kspkdcbfa] c:\documents and settings\jerome.jerome-69f6ed99\local settings\application data\kspkdcbfa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "avast! Web Scanner"=3 (0x3) "avast! Mail Scanner"=3 (0x3) "avast! Antivirus"=2 (0x2) "aswUpdSv"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= R1 Ext2fs;Ext2fs;C:\WINDOWS\system32\DRIVERS\ext2fs.sys [2006-10-23 18:20] R1 IfsDrives;IfsDrives;C:\WINDOWS\system32\DRIVERS\IfsDrives.sys [2004-09-25 00:28] R1 vcdrom;Virtual CD-ROM Device Driver;C:\WINDOWS\system32\vcdrom.sys [2001-12-19 11:45] R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-19 16:10] S3 PEEK5;PEEK5 Protocol Driver;F:\WINAIR~1\WINAIR~1\PEEK5.SYS [] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-13 05:31] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efe338e7-7653-11dc-a2d1-000ae4d4acb8}] \Shell\AutoRun\command - E:\TOTALCMD\TOTALCMD.EXE \Shell\read\command - notepad.exe autorun.inf \Shell\start\command - E:\TOTALCMD\TOTALCMD.EXE \Shell\start1\command - siw\siw.exe \Shell\start2\command - PowerMenu_150_FR\PowerMenu.exe \Shell\start3\command - E:\_Divers\procexp.exe \Shell\start4\command - hijackthis\HijackThis.exe \Shell\start5\command - CCTASK\CCTASK.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-02 15:27:04 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . --------------------- DLLs a chargé sous des processus courants --------------------- PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156] -> C:\Program Files\VisualTaskTips\VttHooks.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\HPQ\shared\hpqwmi.exe . ************************************************************************** . Temps d'accomplissement: 2008-03-02 15:29:51 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-02 14:29:46 . 2008-03-01 23:18:17 --- E O F ---

merci de ta reponse si rapide le tuto de combo fix me fait peur sachant que mon lecteur de cd ne marche pas, et que c'est un pc potable donc pasde disquette 3/4 eventuellement je peux monter mon cd original (copier sur disque amovible par securité) via un lecteur virtuel mais s'il me faudra boot dessus je ne pourrai pas

Bonjour, au moment du scan catchme la fenetre dos bascule en rouge est-ce normal (anti-virus desactivé bien sur) "C:\Program Files\DAEMON Tools Pro\" n'existe pas, cette version demo fut deinstallé l'entrée de registre qui me pose probleme est bien presente: (tVersion\Run] "kspkdcbfa"="c:\documents and settings\jerome.jerome-69f6ed99\local settings\application data\kspkdcbfa.exe kspkdcbfa") ________________________________________ DiagHelp version v1.4 - http://www.malekal.com excute le 02/03/2008 à 13:43:31,60 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -- >02/03/2008 13:43:30 C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -- >02/03/2008 13:43:27 C:\WINDOWS\prefetch\IZARC.EXE-1F7960A4.pf -- >02/03/2008 13:43:12 C:\WINDOWS\prefetch\NGEN.EXE-38021CCC.pf -- >02/03/2008 13:42:00 C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf -- >02/03/2008 13:41:59 C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -- >02/03/2008 13:41:59 C:\WINDOWS\prefetch\NTOSBOOT-B00DFAAD.pf -- >02/03/2008 13:41:59 C:\WINDOWS\prefetch\HPQWMI.EXE-2AFC3DAD.pf -- >02/03/2008 13:41:59 C:\WINDOWS\prefetch\LOGONUI.EXE-0AF22957.pf -- >02/03/2008 13:38:17 C:\WINDOWS\prefetch\ATF-CLEANER.EXE-1C0BC124.pf -- >02/03/2008 13:38:02 C:\WINDOWS\System32\drivers\nhcDriver.sys -- >02/03/2008 13:41:22 C:\WINDOWS\System32\drivers\sptd.sys -->24/02/2008 06:12:51 C:\WINDOWS\System32\drivers\epfwtdi.sys -- >30/01/2008 12:38:06 C:\WINDOWS\System32\drivers\epfwndis.sys -- >30/01/2008 12:38:04 C:\WINDOWS\System32\drivers\epfw.sys -->30/01/2008 12:38:02 C:\WINDOWS\System32\drivers\easdrv.sys -->30/01/2008 12:35:56 C:\WINDOWS\System32\drivers\eamon.sys -->30/01/2008 12:35:30 C:\WINDOWS\System32\wpa.dbl -->02/03/2008 00:51:45 C:\WINDOWS\System32\MsiExec.exe.log -->26/02/2008 01:44:55 C:\WINDOWS\System32\BASSMOD.dll -->25/02/2008 22:53:32 C:\WINDOWS\System32\bdod.bin -->25/02/2008 15:14:07 C:\WINDOWS\System32\UnIfs.exe -->25/02/2008 10:51:18 C:\WINDOWS\System32\PerfStringBackup.INI -- >24/02/2008 09:47:27 C:\WINDOWS\System32\perfh00C.dat -->24/02/2008 09:47:27 C:\WINDOWS\System32\perfh009.dat -->24/02/2008 09:47:27 C:\WINDOWS\System32\perfc00C.dat -->24/02/2008 09:47:27 C:\WINDOWS\System32\perfc009.dat -->24/02/2008 09:47:27 C:\WINDOWS\System32\FNTCACHE.DAT -->21/02/2008 05:47:08 C:\WINDOWS\System32\spupdwxp.log -->20/02/2008 08:52:04 C:\WINDOWS\System32\CONFIG.NT -->19/02/2008 18:30:43 C:\WINDOWS\System32\antispam.log -->19/02/2008 05:59:47 C:\WINDOWS\System32\TuneUpDefragService.exe -- >13/02/2008 05:31:37 C:\WINDOWS\System32\oeminfo.ini -->13/02/2008 03:11:19 C:\WINDOWS\System32\OEMLogo.bmp -->13/02/2008 03:11:18 C:\WINDOWS\System32\MRT.exe -->04/02/2008 15:09:48 C:\WINDOWS\System32\JkDefragScreenSaver.exe -- >01/02/2008 09:50:12 C:\WINDOWS\System32\JkDefragScreenSaver.scr -- >01/02/2008 09:50:08 C:\WINDOWS\System32\pngfilt.dll -->11/01/2008 06:36:55 C:\WINDOWS\System32\lhacm.acm -->25/12/2007 21:37:55 C:\WINDOWS\System32\uxtuneup.dll -->20/12/2007 10:41:56 C:\WINDOWS\System32\dxtmsft.dll -->19/12/2007 23:53:23 C:\WINDOWS\System32\TZLog.log -->12/12/2007 20:36:46 C:\WINDOWS\WindowsUpdate.log -->02/03/2008 13:40:54 C:\WINDOWS\bootstat.dat -->02/03/2008 13:40:08 C:\WINDOWS\SchedLgU.Txt -->02/03/2008 13:38:20 C:\WINDOWS\win.ini -->02/03/2008 00:15:07 C:\WINDOWS\system.ini -->01/03/2008 23:29:43 C:\WINDOWS\MyDrivers.ini -->28/02/2008 02:20:03 C:\WINDOWS\NeroDigital.ini -->27/02/2008 21:26:28 C:\WINDOWS\pccillin.ini -->25/02/2008 17:18:50 C:\WINDOWS\bdagent.INI -->25/02/2008 15:41:54 C:\WINDOWS\DaemonPlugin.INI -->24/02/2008 09:02:49 C:\WINDOWS\Ascd_tmp.ini -->24/02/2008 03:52:21 C:\WINDOWS\Setup1.exe -->24/02/2008 02:55:45 C:\WINDOWS\ST6UNST.EXE -->24/02/2008 02:55:44 C:\WINDOWS\go -->23/02/2008 08:55:25 C:\WINDOWS\SMWizard.INI -->18/02/2008 08:08:15 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com --------------------------------------------------- --------------------------- explorer.exe pid: 1856 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x44080000 0xcf000 7.00.6000.16608 C:\WINDOWS\system32\WININET.dll 0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x43e00000 0x45000 7.00.6000.16608 C:\WINDOWS\system32\iertutil.dll 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x44360000 0x5cd000 7.00.6000.16608 C:\WINDOWS\system32\ieframe.dll 0x44160000 0x127000 7.00.6000.16608 C:\WINDOWS\system32\urlmon.dll 0x442b0000 0x3c000 7.00.6000.16608 C:\WINDOWS\system32\webcheck.dll 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x10000000 0x5000 C:\Program Files\VisualTaskTips\VttHooks.dll 0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll 0x01630000 0x7000 1.02.0000.0000 C:\Program Files\Taskix\Taskix32.dll 0x00f40000 0x9000 2.00.0000.0004 C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll 0x02380000 0x9b000 C:\PROGRA~1 \IZArc\IZArcCM.dll 0x02520000 0x202000 3.02.0003.0000 C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll 0x781d0000 0x10f000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e 18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL 0x78130000 0x9b000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e 18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll 0x7c420000 0x87000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e 18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCP80.dll 0x5d360000 0xf000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9 a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80FRA.DLL 0x74da0000 0x6c000 5.30.0023.1228 C:\WINDOWS\system32\RICHED20.dll 0x02830000 0x3e000 3.02.0003.0000 C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll 0x782e0000 0x10f000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e 18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL 0x22000000 0x2e000 3.00.0630.0000 C:\Program Files\ESET\ESET Smart Security\shellExt.dll 0x028d0000 0x1c0000 3.02.0005.0000 C:\Program Files\Fichiers communs\Nero\Lib\MediaLibraryNSE.dll 0x5a500000 0x4e000 8.01.0178.0000 C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll 0x16210000 0x27e000 5.02.5721.5145 C:\WINDOWS\system32\wpdshext.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x02ba0000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x07160000 0x46000 5.02.5721.5145 C:\WINDOWS\system32\Audiodev.dll 0x15110000 0x25a000 11.00.5721.5145 C:\WINDOWS\system32\WMVCore.DLL 0x11c70000 0x3a000 11.00.5721.5238 C:\WINDOWS\system32\WMASF.DLL 0x02c50000 0x1b8000 3.01.0000.0008 C:\Program Files\Fichiers communs\Nero\Lib\NeroDigitalExt.dll 0x02e10000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll 0x02e70000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA 0x6bd10000 0x10000 12.00.4518.1014 C:\Program Files\Microsoft Office\Office12\msohevi.dll 0x60980000 0x7000 3.01.4000.1823 C:\WINDOWS\system32\MSISIP.DLL 0x74e10000 0x10000 5.06.0000.8820 C:\WINDOWS\system32\wshext.dll 0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL 0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL 0x59000000 0xe000 5.06.0000.6626 C:\WINDOWS\system32\wshFR.DLL ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com --------------------------------------------------- --------------------------- winlogon.exe pid: 900 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \?? \C:\WINDOWS\system32\winlogon.exe 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 2C25-27AB Répertoire de C:\WINDOWS\system32 19/08/2004 16:09 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 31 025 692 672 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 2C25-27AB Répertoire de C:\WINDOWS\Downloaded Program Files 02/03/2008 01:27 <REP> . 02/03/2008 01:27 <REP> .. 07/12/2004 17:07 32 bdcore.dll 25/05/2006 01:21 118 784 bdupd.dll 02/03/2008 01:13 <REP> CONFLICT.1 09/10/2007 11:31 65 desktop.ini 25/07/2002 17:13 24 576 dwusplay.dll 25/07/2002 17:13 196 608 dwusplay.exe 23/03/2007 11:17 1 292 erma.inf 20/11/2007 16:04 1 523 536 FP_AX_CAB_INSTALLER.exe 25/05/2006 01:21 53 248 ipsupd.dll 27/07/2004 15:48 323 584 isusweb.dll 07/01/2007 12:55 2 305 kavwebscan.inf 16/03/2005 12:34 7 407 lang.ini 07/12/2004 17:07 32 libfn.dll 14/03/2005 14:38 126 live.ini 01/06/2006 02:54 471 040 oscan8.ocx 31/05/2006 04:15 10 oscan81.ocx_x 02/08/2007 11:31 67 456 PURen-us.dll 06/08/2007 12:10 68 992 PURfr-fr.dll 14/03/2005 14:58 7 073 scanoptions.tsi 18 fichier(s) 2 866 166 octets Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1 02/03/2008 01:13 <REP> . 02/03/2008 01:13 <REP> .. 07/12/2004 17:07 32 bdcore.dll 25/05/2006 01:21 118 784 bdupd.dll 25/05/2006 01:21 53 248 ipsupd.dll 16/03/2005 12:34 7 407 lang.ini 07/12/2004 17:07 32 libfn.dll 14/03/2005 14:38 126 live.ini 31/05/2006 04:15 10 oscan81.ocx_x 14/03/2005 14:58 7 073 scanoptions.tsi 8 fichier(s) 186 712 octets Total des fichiers listés : 26 fichier(s) 3 052 878 octets 5 Rép(s) 31 025 692 672 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "C:\\WINDOWS\\system32 \\sessmgr.exe"="C:\\WINDOWS\\system32 \\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "%windir%\\system32\\sessmgr.exe"="%windir% \\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,- 22019" "C:\\Program Files\\Microsoft Office\\Office12 \\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent" "C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti- Virus 7.0\\avp.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0 \\avp.exe:*:Enabled:Kaspersky Anti-Virus" "%windir%\\system32\\sessmgr.exe"="%windir% \\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,- 22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré- chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" REGEDIT4 [taskmgr.exe] exports des policies REGEDIT4 [system] "legalnoticecaption"="" "legalnoticetext"="" "undockwithoutlogon"=dword:00000001 "ShutdownWithoutLogon"=dword:00000001 "DontDisplayLastUserName"=dword:00000001 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... 127.0.0.1 ads.macupdate.com 127.0.0.1 ads2004.treiberupdate.de 127.0.0.1 updated.com 127.0.0.1 windupdates.com catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-02 13:44:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001 \Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:41,84,3f,a3,d9,93,21,81,9d,ca,66,72,d5,a c,f0,54,c6,80,9a,7b,3c,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001 \Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 000001] "a0"=hex:20,01,00,00,cf,17,f3,42,b4,89,30,9c,23,c5,a 3,fa,31,45,d8,89,11,.. "khjeh"=hex:ce,12,28,34,24,1e,3a,50,5f,44,61,cf,e9,c d,97,e9,30,5a,22,cd,ab,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001 \Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 000001Jf40] "khjeh"=hex:07,1b,cc,37,a0,ea,ea,89,98,3c,c5,a5,66,c c,56,b4,5a,51,f2,b2,9b,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001 \Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 000001Jf41] "khjeh"=hex:6c,55,dc,40,34,f2,f3,80,83,c2,21,b2,98,4 d,e6,17,85,6d,f0,22,16,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service s\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service s\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC] "p0"="C:\Program Files\DAEMON Tools Pro\" "h0"=dword:00000001 "hdf12"=hex:9e,5c,87,85,62,f7,8b,a6,11,84,2a,5a,80,9 9,43,e9,9a,5f,e6,8e,13,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service s\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC000001 ] "a0"=hex:20,01,00,00,90,f4,6d,32,6e,75,af,16,08,e8,a 6,34,44,d1,1f,75,c6,.. "hdf12"=hex:8c,5b,a4,ca,b6,22,1b,9a,53,d3,ab,bb,36,9 7,20,4c,b9,0c,e9,bd,23,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service s\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC000001 \gdq0] "hdf12"=hex:9a,1d,54,b7,56,90,59,2b,02,02,30,a6,41,0 5,cd,03,68,f7,8f,fe,15,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service s\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:39,4d,40,db,c4,d8,25,fa,f8,68,a4,79,e0,0 5,1f,89,90,43,dd,df,44,.. "p0"="C:\Program Files\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service s\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 000001] "khjeh"=hex:85,c9,00,ef,33,92,1e,d2,e0,0f,03,ff,0e,1 b,71,cd,b1,44,e1,4c,3f,.. "a0"=hex:20,01,00,00,8c,d9,67,3d,3d,fa,2b,38,ac,45,5 3,d5,90,cf,da,3c,82,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service s\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 000001Jf40] "khjeh"=hex:ac,18,02,7d,1e,35,f2,08,a5,bd,50,ab,19,e d,89,d7,22,1b,46,db,76,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service s\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 000001Jf41] "khjeh"=hex:6c,55,dc,40,34,f2,f3,80,83,c2,21,b2,98,4 d,e6,17,85,6d,f0,22,16,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003 \Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC] "p0"="C:\Program Files\DAEMON Tools Pro\" "h0"=dword:00000001 "hdf12"=hex:9e,5c,87,85,62,f7,8b,a6,11,84,2a,5a,80,9 9,43,e9,9a,5f,e6,8e,13,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003 \Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\ 00000001] "a0"=hex:20,01,00,00,90,f4,6d,32,6e,75,af,16,08,e8,a 6,34,44,d1,1f,75,c6,.. "hdf12"=hex:8c,5b,a4,ca,b6,22,1b,9a,53,d3,ab,bb,36,9 7,20,4c,b9,0c,e9,bd,23,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003 \Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\ 00000001\gdq0] "hdf12"=hex:9a,1d,54,b7,56,90,59,2b,02,02,30,a6,41,0 5,cd,03,68,f7,8f,fe,15,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003 \Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:39,4d,40,db,c4,d8,25,fa,f8,68,a4,79,e0,0 5,1f,89,90,43,dd,df,44,.. "p0"="C:\Program Files\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003 \Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 000001] "khjeh"=hex:85,c9,00,ef,33,92,1e,d2,e0,0f,03,ff,0e,1 b,71,cd,b1,44,e1,4c,3f,.. "a0"=hex:20,01,00,00,8c,d9,67,3d,3d,fa,2b,38,ac,45,5 3,d5,90,cf,da,3c,82,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003 \Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 000001Jf40] "khjeh"=hex:ac,18,02,7d,1e,35,f2,08,a5,bd,50,ab,19,e d,89,d7,22,1b,46,db,76,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003 \Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 000001Jf41] "khjeh"=hex:6c,55,dc,40,34,f2,f3,80,83,c2,21,b2,98,4 d,e6,17,85,6d,f0,22,16,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004 \Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:f7,8d,3d,56,c7,37,f4,47,be,34,54,37,d9,4 f,6c,a9,1a,fa,fe,76,a6,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004 \Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 000001] "a0"=hex:20,01,00,00,cf,17,f3,42,b4,89,30,9c,23,c5,a 3,fa,31,45,d8,89,11,.. "khjeh"=hex:80,b5,65,1f,e2,03,d0,4d,9c,9e,60,a2,7f,1 a,41,3a,9b,8a,ae,ba,18,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004 \Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 000001Jf40] "khjeh"=hex:4e,c1,4c,f4,34,74,0d,49,b6,c0,b8,b7,6b,d e,c1,d1,7e,72,33,6e,8c,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004 \Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 000001Jf41] "khjeh"=hex:6c,55,dc,40,34,f2,f3,80,83,c2,21,b2,98,4 d,e6,17,85,6d,f0,22,16,.. scanning hidden registry entries ... [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curren tVersion\Run] "kspkdcbfa"="c:\documents and settings\jerome.jerome-69f6ed99\local settings\application data\kspkdcbfa.exe kspkdcbfa" scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 240 - DkService.exe 292 - ekrn.exe 456 - hpqwmi.exe 728 - SMax4PNP.exe 740 - nhc.exe 808 - HP Wireless Ass 856 - Apoint.exe 876 - csrss.exe 900 - winlogon.exe 944 - services.exe 956 - lsass.exe 1096 - Taskix32.exe 1136 - VisualTaskTips. 1156 - egui.exe 1208 - ctfmon.exe 1228 - svchost.exe 1272 - svchost.exe 1316 - svchost.exe 1420 - kspkdcbfa.exe 1452 - svchost.exe 1588 - ApntEx.exe 1856 - explorer.exe 1920 - alg.exe 1940 - wmiprvse.exe 2096 - wuauclt.exe 2564 - cmd.exe Total number of processes = 27 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntkrnlpa.exe 806CE000 - \WINDOWS\system32\hal.dll F8974000 - \WINDOWS\system32\KDCOM.DLL F8884000 - \WINDOWS\system32\BOOTVID.dll F8276000 - spzr.sys F8976000 - \WINDOWS\System32\Drivers\WMILIB.SYS F825E000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS F822F000 - ACPI.sys F821E000 - pci.sys F8474000 - ohci1394.sys F8484000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS F8494000 - isapnp.sys F8888000 - compbatt.sys F888C000 - \WINDOWS\system32\DRIVERS\BATTC.SYS F8A3C000 - pciide.sys F86F4000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS F8978000 - intelide.sys F8200000 - pcmcia.sys F84A4000 - MountMgr.sys F81E1000 - ftdisk.sys F8890000 - ACPIEC.sys F8A3D000 - \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS F86FC000 - PartMgr.sys F84B4000 - VolSnap.sys F81C9000 - atapi.sys F84C4000 - disk.sys F84D4000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS F81A9000 - fltmgr.sys F8197000 - sr.sys F84E4000 - PxHelp20.sys F8180000 - KSecDD.sys F816D000 - WudfPf.sys F80E0000 - Ntfs.sys F80B3000 - NDIS.sys F8098000 - Mup.sys F8504000 - \SystemRoot\system32\DRIVERS\intelppm.sys F8920000 - \SystemRoot\system32\DRIVERS\wmiacpi.sys F7AC5000 - \SystemRoot\system32\DRIVERS\igxpmp32.sys F7AB1000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F8854000 - \SystemRoot\system32\DRIVERS\usbuhci.sys F7A8E000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS F8704000 - \SystemRoot\system32\DRIVERS\usbehci.sys F7872000 - \SystemRoot\system32\DRIVERS\w29n51.sys F784B000 - \SystemRoot\system32\drivers\tifm21.sys F783A000 - \SystemRoot\system32\DRIVERS\sdbus.sys F77FA000 - \SystemRoot\system32\drivers\smwdm.sys F77D6000 - \SystemRoot\system32\drivers\portcls.sys F8514000 - \SystemRoot\system32\drivers\drmk.sys F77B3000 - \SystemRoot\system32\drivers\ks.sys F7793000 - \SystemRoot\system32\drivers\aeaudio.sys F7735000 - \SystemRoot\system32\drivers\senfilt.sys F7630000 - \SystemRoot\system32\DRIVERS\AGRSM.sys F8724000 - \SystemRoot\System32\Drivers\Modem.SYS F893C000 - \SystemRoot\system32\DRIVERS\CmBatt.sys F8524000 - \SystemRoot\system32\DRIVERS\i8042prt.sys F8744000 - \SystemRoot\system32\DRIVERS\kbdclass.sys F75EE000 - \SystemRoot\system32\DRIVERS\Apfiltr.sys F8784000 - \SystemRoot\system32\DRIVERS\mouclass.sys F8534000 - \SystemRoot\system32\DRIVERS\imapi.sys F8544000 - \SystemRoot\system32\DRIVERS\cdrom.sys F8554000 - \SystemRoot\system32\DRIVERS\redbook.sys F87B4000 - \SystemRoot\SYSTEM32 \DRIVERS\GEARAspiWDM.sys F7589000 - \SystemRoot\System32\Drivers\ah65gyz4.SYS F8564000 - \SystemRoot\system32\DRIVERS\Epfwndis.sys F8B51000 - \SystemRoot\system32\DRIVERS\audstub.sys F8574000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys F8043000 - \SystemRoot\system32\DRIVERS\ndistapi.sys F7572000 - \SystemRoot\system32\DRIVERS\ndiswan.sys F8584000 - \SystemRoot\system32\DRIVERS\raspppoe.sys F8594000 - \SystemRoot\system32\DRIVERS\raspptp.sys F884C000 - \SystemRoot\system32\DRIVERS\TDI.SYS F7561000 - \SystemRoot\system32\DRIVERS\psched.sys F85A4000 - \SystemRoot\system32\DRIVERS\msgpc.sys F887C000 - \SystemRoot\system32\DRIVERS\ptilink.sys F872C000 - \SystemRoot\system32\DRIVERS\raspti.sys F85B4000 - \SystemRoot\system32\DRIVERS\termdd.sys F898A000 - \SystemRoot\system32\DRIVERS\swenum.sys F7468000 - \SystemRoot\system32\DRIVERS\update.sys F892C000 - \SystemRoot\system32\DRIVERS\mssmbios.sys F85C4000 - \SystemRoot\System32\Drivers\NDProxy.SYS F85E4000 - \SystemRoot\system32\DRIVERS\usbhub.sys F8990000 - \SystemRoot\system32\DRIVERS\USBD.SYS F8996000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F8BA9000 - \SystemRoot\System32\Drivers\Null.SYS F899A000 - \SystemRoot\System32\Drivers\Beep.SYS F8804000 - \SystemRoot\System32\drivers\vga.sys F899E000 - \SystemRoot\System32\Drivers\mnmdd.SYS F89A2000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys AA757000 - \SystemRoot\system32\DRIVERS\ext2fs.sys F8814000 - \SystemRoot\System32\Drivers\Msfs.SYS F8824000 - \SystemRoot\System32\Drivers\Npfs.SYS F8964000 - \SystemRoot\system32\DRIVERS\rasacd.sys AA744000 - \SystemRoot\system32\DRIVERS\ipsec.sys AA6EC000 - \SystemRoot\system32\DRIVERS\tcpip.sys AA6DA000 - \SystemRoot\system32\DRIVERS\epfwtdi.sys AA6B9000 - \SystemRoot\system32\DRIVERS\ipnat.sys F8634000 - \SystemRoot\system32\DRIVERS\wanarp.sys F805F000 - \SystemRoot\System32\drivers\ws2ifsl.sys AA697000 - \SystemRoot\System32\drivers\afd.sys F8057000 - \SystemRoot\system32\DRIVERS\hidusb.sys F8644000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS F87D4000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS F8654000 - \SystemRoot\system32\DRIVERS\netbios.sys F89A6000 - \SystemRoot\system32 \DRIVERS\IfsDrives.sys F87E4000 - \SystemRoot\System32\Drivers\StarOpen.SYS F804F000 - \??\C:\WINDOWS\system32\vcdrom.sys F803F000 - \SystemRoot\system32\DRIVERS\mouhid.sys F87F4000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys AA5CC000 - \SystemRoot\system32\DRIVERS\rdbss.sys F8A60000 - \SystemRoot\System32\Drivers\PQNTDrv.SYS AA55D000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys F8664000 - \SystemRoot\System32\Drivers\Fips.SYS F8674000 - \SystemRoot\system32\DRIVERS\easdrv.sys F89AE000 - \??\C:\WINDOWS\system32 \drivers\EABFiltr.sys F8694000 - \SystemRoot\System32\Drivers\Cdfs.SYS AA51D000 - \SystemRoot\System32 \Drivers\dump_atapi.sys F89B4000 - \SystemRoot\System32 \Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys AA7B8000 - \SystemRoot\System32\drivers\Dxapi.sys F880C000 - \SystemRoot\System32\watchdog.sys BF000000 - \SystemRoot\System32\drivers\dxg.sys F8B5D000 - \SystemRoot\System32\drivers\dxgthk.sys BF024000 - \SystemRoot\System32\igxpgd32.dll BF012000 - \SystemRoot\System32\igxprd32.dll BF04E000 - \SystemRoot\System32\igxpdv32.DLL BF1CC000 - \SystemRoot\System32\igxpdx32.DLL BFFA0000 - \SystemRoot\System32\ATMFD.DLL AA3A1000 - \SystemRoot\system32\DRIVERS\epfw.sys AA289000 - \SystemRoot\system32\DRIVERS\netbt.sys AA3D1000 - \SystemRoot\system32\DRIVERS\ndisuio.sys AA16D000 - \SystemRoot\system32\DRIVERS\mrxdav.sys AA130000 - \SystemRoot\system32\drivers\wdmaud.sys AA4B5000 - \SystemRoot\system32\drivers\sysaudio.sys A9FE2000 - \SystemRoot\system32\DRIVERS\eamon.sys A9DA8000 - \SystemRoot\system32\DRIVERS\srv.sys A999B000 - \??\C:\WINDOWS\system32 \drivers\nhcDriver.sys F8BAB000 - \SystemRoot\System32 \DRIVERS\KProcCheck.sys Total number of drivers = 137 Liste des programmes installes 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) Adobe Flash Player ActiveX Adobe Reader 8.1.2 - Français Agere Systems AC'97 Modem AIDA32 v3.93 ALPS Touch Pad Driver CCleaner (remove only) CodeStuff Starter Diskeeper 2008 Pro Premier EA SPORTS™ Rugby 08 ESET Smart Security EVEREST Home Edition v2.20 Ext2Ifs FastStone Free Download Manager 2.5 Google Earth Pro Google Toolbar for Internet Explorer GUILD WARS HDGraph HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.0 (KB932471) HP Help and Support HP Pavillion dv4000 User Guides HP Software Update HP Wireless Assistant 1.01 A3 Intel® Graphics Media Accelerator Driver InterVideo DVD Check InterVideo WinDVD IrfanView iTunes IZArc 3.81 J2SE Runtime Environment 5.0 Update 2 Java 6 Update 3 K-Lite Codec Pack 3.4.5 Full Kaspersky Online Scanner LClock Lecteur Windows Media 11 Ma-Config.com plugin Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Language Pack - FRA Microsoft .NET Framework 2.0 Service Pack 1 Microsoft .NET Framework 3.0 French Language Pack Microsoft .NET Framework 3.0 Service Pack 1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Access MUI (French) 2007 Microsoft Office Excel MUI (French) 2007 Microsoft Office InfoPath MUI (French) 2007 Microsoft Office Language Pack 2007 Service Pack 1 (SP1) Microsoft Office Outlook MUI (French) 2007 Microsoft Office PowerPoint MUI (French) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (Arabic) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (French) 2007 Microsoft Office Publisher MUI (French) 2007 Microsoft Office Shared MUI (French) 2007 Microsoft Office Word MUI (French) 2007 Microsoft Silverlight Microsoft Software Update for Web Folders (French) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft XML Parser Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533) Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0 MSXML 4.0 SP2 (KB936181) MSXML 6.0 Parser (KB933579) Nero 8 Nero 8 Lite 8.1.1.3 neroxml Next Generation Visualisations NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050) Notebook Hardware Control 2.0 Pre-Release-06 PartitionMagic PC Booster Platform PowerQuest PartitionMagic 8.0 Demo Quick Launch Buttons 5.10 A2 QuickTime Sonic Audio Module Sonic Copy Module Sonic Data Module Sonic Express Labeler Sonic MyDVD Plus Sonic Update Manager SoundMAX Spelling Dictionaries Support For Adobe Reader 8 System Requirements Lab Taskix TeamSpeak 2 RC2 Texas Instruments PCIxx21/x515 drivers. TIxx21 TransBar TuneUp Utilities 2008 Update for Outlook 2007 Junk Email Filter (kb944965) UserGuides VCRedistSetup VIA Gestionnaire de périphériques de plate-forme VideoLAN VLC media player 0.8.6d Virtual CDRom Virtualis Crédit Mutuel VistaDriveStatus VisualTaskTips Winamax Poker (remove only) Winamp Windows Communication Foundation Language Pack - FRA Windows Imaging Component Windows Internet Explorer 7 Windows Live installer Windows Live Messenger Windows Live OneCare safety scanner Windows Live Sign-in Assistant Windows Media Format 11 runtime Windows Media Player 11 Windows Presentation Foundation Windows Presentation Foundation Language Pack (FRA) Windows Trust Anti-Pub Windows Trust Installer Windows Workflow Foundation FR Language Pack WinRoll XML Paper Specification Shared Components Language Pack 1.0 XML Paper Specification Shared Components Pack 1.0 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 2C25-27AB Répertoire de C:\Program Files 29/02/2008 16:14 <REP> . 29/02/2008 16:14 <REP> .. 07/10/2007 18:25 <REP> Adobe 01/03/2008 22:50 <REP> AIDA32 - Personal System Information 07/10/2007 18:35 <REP> Analog Devices 09/10/2007 21:27 <REP> Apoint2K 01/12/2007 17:35 <REP> CCleaner 23/11/2007 19:52 <REP> CodeStuff 07/10/2007 14:40 <REP> ComPlus Applications 24/02/2008 06:24 <REP> DAEMON Tools 15/02/2008 16:52 <REP> Diskeeper Corporation 07/12/2007 19:40 <REP> EA SPORTS 25/02/2008 23:33 <REP> ESET 25/02/2008 10:51 <REP> FastStone Capture 26/02/2008 01:39 <REP> Fichiers communs 18/02/2008 19:03 <REP> Free Download Manager 25/02/2008 11:05 <REP> Google 29/02/2008 16:09 <REP> GUILD WARS 13/02/2008 02:42 <REP> HDGraph 09/10/2007 12:00 <REP> Hewlett-Packard 09/10/2007 12:00 <REP> Hp 09/10/2007 12:11 <REP> HPQ 24/11/2007 20:09 <REP> inKline Global 08/12/2007 17:28 <REP> Intel 23/02/2008 18:03 <REP> Internet Explorer 09/10/2007 12:00 <REP> InterVideo 24/12/2007 15:43 <REP> iPod 28/02/2008 21:47 <REP> IrfanView 24/12/2007 15:43 <REP> iTunes 30/12/2007 18:18 <REP> IZArc 12/10/2007 14:16 <REP> Java 11/10/2007 18:00 <REP> K-Lite Codec Pack 08/12/2007 14:47 <REP> Lavalys 25/02/2008 10:41 <REP> LClock 29/02/2008 20:16 <REP> ma-config.com 20/02/2008 09:06 <REP> messenger 23/11/2007 21:48 <REP> microsoft frontpage 21/02/2008 02:14 <REP> Microsoft Office 21/02/2008 02:14 <REP> Microsoft Visual Studio 21/02/2008 02:09 <REP> Microsoft Visual Studio 8 21/02/2008 02:15 <REP> Microsoft Works 21/02/2008 02:12 <REP> Microsoft.NET 20/02/2008 08:20 <REP> Movie Maker 21/02/2008 02:14 <REP> MSBuild 18/02/2008 13:32 <REP> MSECache 09/10/2007 11:28 <REP> MSN Gaming Zone 16/02/2008 04:02 <REP> MSN Messenger 07/12/2007 20:26 <REP> MSXML 4.0 10/11/2007 12:21 <REP> MSXML 6.0 28/02/2008 02:22 <REP> Nero 20/02/2008 08:14 <REP> NetMeeting 24/11/2007 00:06 <REP> Notebook Hardware Control 20/02/2008 08:14 <REP> Outlook Express 25/02/2008 07:57 <REP> PowerQuest 24/12/2007 15:40 <REP> QuickTime 09/10/2007 21:38 <REP> Reference Assemblies 09/10/2007 11:30 <REP> Services en ligne 09/10/2007 12:09 <REP> Sonic 10/12/2007 19:39 <REP> SystemRequirementsLab 25/02/2008 10:41 <REP> Taskix 29/02/2008 16:14 <REP> Teamspeak2_RC2 25/02/2008 10:41 <REP> TransBar 25/02/2008 16:55 <REP> Trend Micro 15/02/2008 15:44 <REP> TuneUp Utilities 2008 07/01/2008 04:00 <REP> UltraStar 11/10/2007 18:11 <REP> uTorrent 08/12/2007 19:14 <REP> VIA 11/10/2007 16:06 <REP> VideoLAN 25/02/2008 10:51 <REP> Virtual CDRom 21/11/2007 17:52 <REP> Virtualis 25/02/2008 10:48 <REP> VistaDriveStatus 25/02/2008 10:41 <REP> VisualTaskTips 07/10/2007 18:38 <REP> WIDCOMM 25/02/2008 20:03 <REP> WinamaxPoker 07/01/2008 01:13 <REP> Winamp 22/02/2008 12:54 <REP> Windows Live 28/02/2008 17:19 <REP> Windows Live Safety Center 25/02/2008 10:48 <REP> Windows Media Connect 2 28/02/2008 02:54 <REP> Windows Media Player 20/02/2008 08:14 <REP> Windows NT 25/02/2008 10:41 <REP> WinRoll 25/02/2008 10:41 <REP> WTInstaller 09/10/2007 11:33 <REP> xerox 0 fichier(s) 0 octets 83 Rép(s) 31 025 700 864 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 2C25-27AB Répertoire de C:\Program Files\fichiers communs 26/02/2008 01:39 <REP> . 26/02/2008 01:39 <REP> .. 12/10/2007 14:20 <REP> Adobe 21/02/2008 02:14 <REP> DESIGNER 09/10/2007 12:09 <REP> InstallShield 07/10/2007 18:45 <REP> Java 02/03/2008 00:10 <REP> Microsoft Shared 07/10/2007 16:42 <REP> MSSoap 26/02/2008 01:43 <REP> Nero 01/12/2007 05:23 <REP> NSV 07/10/2007 16:14 <REP> ODBC 09/10/2007 11:30 <REP> Services 09/10/2007 12:06 <REP> Sonic Shared 07/10/2007 16:14 <REP> SpeechEngines 09/10/2007 12:09 <REP> SureThing Shared 23/02/2008 03:51 <REP> Symantec Shared 21/02/2008 02:08 <REP> System 09/10/2007 12:07 <REP> TiVo Shared 25/02/2008 11:12 <REP> Wise Installation Wizard 0 fichier(s) 0 octets 19 Rép(s) 31 025 700 864 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 2C25-27AB Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 21/02/2008 02:13 <REP> . 21/02/2008 02:13 <REP> .. 21/02/2008 02:08 <REP> 1036 26/10/2006 19:49 970 528 MSONSEXT.DLL 26/10/2006 20:12 40 256 MSOSV.DLL 2 fichier(s) 1 010 784 octets 3 Rép(s) 31 025 696 768 octets libres c:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\iTunes 7.5.0.20 \iTunesSetupAdmin.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \.housecall6.6\getMac.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \.housecall6.6\patch.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \.housecall6.6\tsc.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\ATF-Cleaner.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\explorer.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\attrib.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\autochk.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\autofmt.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\bartpe.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\cacls.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\calc.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\chkdsk.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\clipsrv.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\cmd.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\comp.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\compact.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\convert.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\csrss.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\diskpart.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\ditrace.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\dmadmin.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\eqndiag.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\eqnlogr.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\eqnloop.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\expand.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\fc.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\find.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\findstr.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\finger.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\fltmc.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\ftp.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\hostname.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\ipconfig.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\keyboard.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\keydown.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\label.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\locator.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\lpq.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\lpr.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\lsass.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\makecab.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\mountvol.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\mspaint.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\mstsc.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\nbtstat.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\net.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\net1.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\netconfig.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\notepad.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\nslookup.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\ntkrnlmp.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\ntoskrnl.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\ntsd.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32 \nu2menumsg.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\nu2shell.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\odbcad32.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\odbcconf.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\pathping.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\peer.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\penetcfg.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\pentnt.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\ping.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\portmon.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\print.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\reg.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\regedit.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\regedt32.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\regsvr32.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\replace.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\route.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\rsvp.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\rundll32.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\services.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\setup.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\smss.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\sort.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\spoolsv.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\subst.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\svchost.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\taskmgr.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\tftp.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\tracert.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\userinit.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\winlogon.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\wordpad.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\xcopy.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\xlog.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\Programs\A43\a43.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\Programs\bst5\bst5.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\Programs\Nu2Menu\nu2menu.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\Programs\Nu2Menu\setres.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\Programs\peinst\mkbt.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\Programs\peinst\nt2peldr.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\clef usb\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\Programs\snapshot\snapshot.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\DiagHelp\catchme.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\DiagHelp\diff.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\DiagHelp\dumphive.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\DiagHelp\find2.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\DiagHelp\Fport.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\DiagHelp\grep.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\DiagHelp\gzip.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\DiagHelp\KProcCheck.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\DiagHelp\LFiles.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\DiagHelp\md5sums.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\DiagHelp\pslist.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\DiagHelp\sigcheck.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\DiagHelp\streams.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\DiagHelp\swreg.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\DiagHelp\tar.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\Ultimate\Ultimate Edition v6.3 \MD5Checker\cmdMD5.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Bureau\Ultimate\Ultimate Edition v6.3 \MD5Checker\WinMD5.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Local Settings\Application Data\kspkdcbfa.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99\Mes documents\blagues\bengame.exe c:\Documents and Settings\Jerome.JEROME-69F6ED99\Mes documents\blagues\Sex and Chope!.exe c:\Documents and Settings\JEROME~1~JER\LOCALS~1 \Temp\pft5~tmp\Setup.exe c:\Documents and Settings\JEROME~1~JER\LOCALS~1 \Temp\pft5~tmp\Graphics\hkcmd.exe c:\Documents and Settings\JEROME~1~JER\LOCALS~1 \Temp\pft5~tmp\Graphics\igfxcfg.exe c:\Documents and Settings\JEROME~1~JER\LOCALS~1 \Temp\pft5~tmp\Graphics\igfxext.exe c:\Documents and Settings\JEROME~1~JER\LOCALS~1 \Temp\pft5~tmp\Graphics\igfxpers.exe c:\Documents and Settings\JEROME~1~JER\LOCALS~1 \Temp\pft5~tmp\Graphics\igfxsrvc.exe c:\Documents and Settings\JEROME~1~JER\LOCALS~1 \Temp\pft5~tmp\Graphics\igfxtray.exe c:\Documents and Settings\JEROME~1~JER\LOCALS~1 \Temp\pft5~tmp\Graphics\igfxzoom.exe c:\Documents and Settings\JEROME~1~JER\LOCALS~1 \Temp\pft5~tmp\Graphics\igxpun.exe c:\Documents and Settings\JEROME~1~JER\LOCALS~1 \Temp\pftE3~tmp\Setup.exe c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dl l c:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\DrWeb\Drweb32.dll c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dl l c:\Documents and Settings\Jerome.JEROME-69F6ED99 \Application Data\TaoUSign\jseccapi.dll c:\Documents and Settings\LocalService.AUTORITE NT\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_JEROME.tar.gz a l'adresse http://upload.malekal.com

Vista drive me permet d'avoir les options d'affichage de vista sous Xp Il n'est pas verolé et m'offre un grand confort visuel sans me bouffer de memoire ni de cpu Je ne vois pas l'interet de l'enlever ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Sunday, March 02, 2008 3:37:31 AM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 2/03/2008 Kaspersky Anti-Virus database records: 592862 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ E:\ G:\ Scan Statistics: Total number of scanned objects: 78903 Number of viruses found: 0 Number of infected objects: 0 Number of suspicious objects: 0 Duration of the scan process: 01:49:30 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET\ESET Smart Security\Charon\CACHE.NDB Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET\ESET Smart Security\Logs\epfwlog.dat Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET\ESET Smart Security\Logs\virlog.dat Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET\ESET Smart Security\Logs\warnlog.dat Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped C:\Documents and Settings\Jerome.JEROME-69F6ED99\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Jerome.JEROME-69F6ED99\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped C:\Documents and Settings\Jerome.JEROME-69F6ED99\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped C:\Documents and Settings\Jerome.JEROME-69F6ED99\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Jerome.JEROME-69F6ED99\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Jerome.JEROME-69F6ED99\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Jerome.JEROME-69F6ED99\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Jerome.JEROME-69F6ED99\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Jerome.JEROME-69F6ED99\ntuser.dat Object is locked skipped C:\Documents and Settings\Jerome.JEROME-69F6ED99\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService.AUTORITE NT\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService.AUTORITE NT\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService.AUTORITE NT\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService.AUTORITE NT\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService.AUTORITE NT\ntuser.dat.LOG Object is locked skipped C:\Program Files\Nero\Nero8\Nero BackItUp\BIU1.txt Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{01BE0CEB-0AD1-4B69-B77E-A9E9E28CA8AE}\RP4\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped C:\WINDOWS\system32\config\OSession.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_108.dat Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.

le scan est long j'en suis qu'a 54% rien de trouver pour l'instant le scan en ligne bitdefender je l'ai fait juste avant deposter le sujet Sinon pour Nod32 je comprend pas ton histoire de licence Apres avoir tester tout les anti-virus a l'essai ou gratuit J'ai pris celui la (car c'est celui qui bouffe le moins de memoire) en essai de 30 jours, il me reste 27 jours a en profiter

Ok Zonk Resultat que demain par contre (il se fait tard) Pour Nod32 c'est une evaluation de 30 jours, surement pour cela qu'il est incomplet Sinon effectivement je l'ai desinstall (avec TUuninstall) car j'avai trop touché a la config avancée Puis je l'ai reinstallé Sinon petite precision il y a moins d'un an j'avais eu un cluster qui avait peté, peut etre pour cela que mon SP1 avait disparu J'avais du recupérer mon systeme en bootant depuis mon DDexterne Depuis le cluster defecteux est redevenu correct "apparement" Autre precision au demarage pendant 5 minutes environ j'ai un svchost a 99% d'UC (j'suis pas sur que ce soit normal), si je le stop manuellement via task aucun changement si ce n'est une UC correct Sinon apres avoir fait votre BitDefender en ligne, envahie de page de pub d'anti-virus J'ai bloquer ses 3 lignes avec Hijackthis depuis c'est bon Aussi avec CCleaner j'ai: C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Dr Watson\drwtsn32.log 1,57MB C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Dr Watson\user.dmp 70,03KB qui revient tout le temps

MERCI "Pear" mes M.A.J. sont revenu la premiere detecté fut SP1 (bizard)

Bonjour, Il semblerai que je soit infecté par un rootkit, voir plus depuis 6 mois si je le bloque pas avec Msconfig je suis envahie de pub Seul anti-vir me le detecte, mais il ne peut l'effacer Il se trouve dans mes "C:\Documents and Settings\JEROME\Local Settings\Application Data" (HKCU\SOFTWARE\Microsoft\Windows\Current version\Run (en fichier caché)) et porte le nom de kspkdcbfa De plus WinUpdate me reconnait en mac alors que je suis XP donc je ne gere plus les M.A.J., sauf en automatique Merci de votre aide Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:26:28, on 01/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Notebook Hardware Control\nhc.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Taskix\Taskix32.exe C:\Program Files\VisualTaskTips\VisualTaskTips.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\HPQ\shared\hpqwmi.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Taskix] C:\Program Files\Taskix\Taskix32.exe start O4 - HKLM\..\Run: [VisualTaskTips] "C:\Program Files\VisualTaskTips\VisualTaskTips.exe" O4 - HKLM\..\Run: [Vistadrv] C:\Program Files\VistaDriveStatus\vsdrv.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TransBar] C:\Program Files\TransBar\TransBar.exe /s O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 5176 bytes --------[ AIDA32 © 1995-2004 Tamas Miklos ]--------------------------------------------------------------------------- Version AIDA32 v3.93 Auteur tamas.miklos@aida32.hu Site web http://www.aida32.hu Type de rapport Rapport rapide Ordinateur JEROME Générateur Jerome Système d'exploitation Microsoft Windows XP Home Edition 5.1.2600 (WinXP Retail) Date 2008-03-01 Heure 22:49 --------[ Résumé ]------------------------------------------------------------------------------------------------------ Ordinateur: Système d'exploitation Microsoft Windows XP Home Edition Service Pack du système Service Pack 2 Internet Explorer 7.0.5730.11 Nom du système JEROME Nom d'utilisateur Jerome Domaine de connexion JEROME Carte mère: Type de processeur Mobile Unknown, 600 MHz (12 x 50) Nom de la carte mère Hewlett-Packard 09BC Chipset de la carte mère Inconnu Mémoire système 502 Mo Type de BIOS Phoenix (04/27/06) Moniteur: Carte vidéo Mobile Intel® 915GM/GMS,910GML Express Chipset Family (128 Mo) Carte vidéo Mobile Intel® 915GM/GMS,910GML Express Chipset Family (128 Mo) Moniteur Écran Plug-and-Play [NoDB] Moniteur Écran Plug-and-Play [NoDB] Moniteur Écran Plug-and-Play [NoDB] Multimédia: Carte audio Intel 82801FB ICH6 - AC'97 Audio Controller Stockage: Disque dur FUJITSU MHT2060AT PL (60 Go, 4200 RPM, Ultra-ATA/100) Lecteur optique MATSHITA UJ-840D Lecteur optique PH5511E VFQ515M SCSI CdRom Device Partitions: C: (NTFS) 57223 Mo (30516 Mo libre) Entrée: Clavier Quick Launch Buttons Souris Alps Pointing-device (2-way) Souris Souris HID Réseau: Adresse IP principale "secret" Adresse MAC principale "secret" Carte réseau Intel® PRO/Wireless 2200BG Network Connection ("secret") Modem Agere Systems AC'97 Modem Périphériques: Périphérique USB Périphérique d'interface utilisateur USB --------[ Debug - Video BIOS ]------------------------------------------------------------------------------------------ C000:0000 U.y.K.000000000000.!.. '@...00IBM VGA Compatible BIOS. .[.k.y... C000:0040 PCIR...%.................................u.............]........ C000:0080 ....................................d......d......d.....0d...... C000:00C0 d......d......d......d.....0d......d.....0d......d......d......d C000:0100 ......d.....0d......d......d.....0$......$......d.......... .... C000:0140 `".......N... ....@............ ...88.......... .1X. (.........V C000:0180 . .1X. .P.......... .0X. @........d..@A.&0..6.......... A. 0.`. C000:01C0 ........$.`A.(00`........0*..Q.*@0p.........4..Q.*@...........=. C000:0200 .Q.0@@.........H?@0b.2@@..........O@0b.2@@..........Y@0b.2@@.... C000:0240 .....h[..r.<P...........t..r.<P..........0.7..2.m..4....8....:.. C000:0280 ..<.E..A.7..C.m..E....I....K....M.E..P 7..R m..T ...X ...Z ...\ C000:02C0 E..`.j..a.j..b j..c....d....e ...f....g....h ...i....j....k ...l C000:0300 ....m....n ...o....p....q ...................................... C000:0340 .........................................................For Eva C000:0380 luation Use Only....(........c-'(.+............................. C000:03C0 ....................(........c-'(.+............................. --------[ Debug - Unknown ]--------------------------------------------------------------------------------------------- Monitor SEC3345: Écran Plug-and-Play [NoDB] Optical MATSHITA UJ-840D Optical PH5511E VFQ515M SCSI CdRom Device PCI/AGP Agere Systems AC'97 Modem [NoDB] PCI/AGP Contrôleur hôte numérique sécurisé compatible SDA [NoDB] PCI/AGP Contrôleur hôte Texas Instruments IEEE 1394 compatible OHCI (Open Host Controller Interface) [NoDB] PCI/AGP Intel® 82801FB/FBM PCI Express Root Port - 2660 [NoDB] PCI/AGP Intel® 82801FBM LPC Interface Controller - 2641 [NoDB] PCI/AGP Intel® PRO/Wireless 2200BG Network Connection [NoDB] PCI/AGP Mobile Intel® 915GM/GMS,910GML Express Chipset Family [NoDB] PCI/AGP Mobile Intel® 915GM/PM/GMS/910GML Express Processor to DRAM Controller - 2590 [NoDB] PCI/AGP Texas Instruments PCIxx21 Integrated FlashMedia Controller [NoDB] PCI/AGP Texas Instruments PCIxx21/x515 Cardbus Controller [NoDB] PnP Alps Pointing-device (2-way) [NoDB] PnP Interface de gestion Microsoft Windows pour ACPI [NoDB] ------------------------------------------------------------------------------------------------------------------------ The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Justement j'ai mis ce programme car je connaissai mon probleme Mon CPU chauffai trop Et avec ce programme j'ai diminuer mes entrées de voltage Ha Tu as overclock ton CPU http://forum.zebulon.fr/index.php?showtopic=110295&st=0 Tu aurai du le preciser dans ton poste Je sais pas si NHC sera compatible Tu nous dira et s'il est compatible t'en mieu pour toi, ainsi tu pourras voir sur ton bureau les 4 graphiques(comme dans mon screen du dessus) et quelques autres. De plus, tu pourras gerer ta consommation ATI

D'apres ta question tu n'as aucun souci Moi mon 1,6 de chez intel va de 599MHz a 1600MHz C'est normal Mon 599MHz represente ma valeur X8 et 1600MHz ma X16 et il y a d'autres valeures entre les 2 Moi je plantai souvent Alors depuis je gere mon processeur avec "Notebook Hardware Control" Ca te permet de le mettre a max ou au mini ou automatique et de gere ton voltage (Plus le voltage est bas moi ca chauffe) Par contre, pour allez dans mon bios moi c'est la touche F10 au demarrage