Aller au contenu

Ordinoob

Membres
  • Compteur de contenus

    22
  • Inscription

  • Dernière visite

Ordinoob's Achievements

Member

Member (4/12)

0

Réputation sur la communauté

  1. Plus pour l'instant ^^. Merci pour tout ce temps passé pour ceux qui comme moi ont des soucis. Une question: comme mon antivirus n'est visiblement pas efficace, que puis je ajouter comme protections (gratuite)?
  2. voila ComboFix 08-09-04.09 - Pascal 2008-09-05 22:09:56.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1587 [GMT 2:00] Endroit: C:\ComboFix.exe Command switches used :: C:\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\WinSys.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ASBP2POA -------\Service_38f1b4w7 -------\Service_asbp2poa ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-05 to 2008-09-05 )))))))))))))))))))))))))))))))))))) . 2008-09-04 22:39 . 2008-09-04 22:39 <REP> d-------- C:\Program Files\Avira 2008-09-04 22:39 . 2008-09-04 22:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-09-04 17:01 . 2008-09-04 17:01 244 --ah----- C:\sqmnoopt02.sqm 2008-09-04 17:01 . 2008-09-04 17:01 232 --ah----- C:\sqmdata02.sqm 2008-09-03 20:21 . 2008-09-03 20:21 <REP> d-------- C:\Documents and Settings\Valérian 2008-09-03 20:21 . 2008-09-03 20:21 <REP> d-------- C:\Documents and Settings\Frédérique 2008-09-03 17:28 . 2008-09-03 17:28 268 --ah----- C:\sqmdata01.sqm 2008-09-03 17:28 . 2008-09-03 17:28 244 --ah----- C:\sqmnoopt01.sqm 2008-09-03 12:44 . 2008-09-03 12:44 268 --ah----- C:\sqmdata00.sqm 2008-09-03 12:44 . 2008-09-03 12:44 244 --ah----- C:\sqmnoopt00.sqm 2008-09-02 21:10 . 2008-09-02 21:10 <REP> d-------- C:\_OTMoveIt 2008-09-02 18:49 . 2008-09-03 15:42 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2008-09-02 18:42 . 2008-09-02 18:42 <REP> d-------- C:\Program Files\Buena Vista Games 2008-09-02 08:54 . 2008-09-02 08:54 <REP> d-------- C:\WINDOWS\system32\fr 2008-09-02 08:54 . 2008-09-02 08:54 <REP> d-------- C:\WINDOWS\system32\bits 2008-09-02 08:54 . 2008-09-02 08:54 <REP> d-------- C:\WINDOWS\l2schemas 2008-09-02 08:51 . 2008-09-02 08:51 <REP> d-------- C:\WINDOWS\ServicePackFiles 2008-09-02 08:48 . 2008-09-02 08:59 2,639 --a------ C:\WINDOWS\imsins.BAK 2008-09-02 00:40 . 2008-09-02 00:40 <REP> d-------- C:\DiagHelp 2008-09-01 19:37 . 2008-09-02 18:39 <REP> d-------- C:\Program Files\Navilog1 2008-08-31 12:43 . 2008-08-31 12:43 <REP> d-------- C:\Documents and Settings\Paul-Emile\Application Data\Grisoft 2008-08-30 18:59 . 2008-08-30 18:59 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-30 18:59 . 2008-08-30 18:59 <REP> d-------- C:\Documents and Settings\Pascal\Application Data\Malwarebytes 2008-08-30 18:59 . 2008-08-30 18:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-30 18:59 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-30 18:59 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-30 12:21 . 2008-08-30 13:08 6,018 --a------ C:\Documents and Settings\Orph.egd 2008-08-30 12:19 . 2008-08-30 13:08 <REP> d-------- C:\ToolBar SD 2008-08-30 09:21 . 2008-08-30 09:21 <REP> d-------- C:\Program Files\Trend Micro 2008-08-30 09:21 . 2008-08-30 09:21 812,344 --a------ C:\hijackthis_hijackthis_2.02_anglais_17891.exe 2008-08-29 22:04 . 2008-08-31 22:56 <REP> d-------- C:\WINDOWS\BDOSCAN8 2008-08-29 21:52 . 2008-08-29 21:52 <REP> d-------- C:\Documents and Settings\Pascal\Application Data\Grisoft 2008-08-29 21:52 . 2008-08-29 21:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-08-29 21:52 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-08-29 21:46 . 2008-08-29 21:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-08-29 21:43 . 2008-08-29 21:43 <REP> d-------- C:\Program Files\Yahoo! 2008-08-29 21:43 . 2008-08-29 21:44 <REP> d-------- C:\Program Files\CCleaner 2008-08-29 21:16 . 2008-08-29 22:00 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-29 20:54 . 2008-08-29 20:54 <REP> d-------- C:\Program Files\Sun 2008-08-29 20:53 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-08-29 19:48 . 2008-08-29 20:03 <REP> d-------- C:\Documents and Settings\Paul-Emile\.housecall6.6 2008-08-26 13:33 . 2001-05-17 05:18 190,976 --a------ C:\WINDOWS\RRKW.POL 2008-08-24 15:32 . 2008-08-24 15:32 792,685 --a------ C:\voute.pdf 2008-08-23 21:59 . 2008-08-24 10:34 <REP> d---s---- C:\Program Files\Xfire 2008-08-23 21:59 . 2008-09-05 21:59 <REP> d-------- C:\Documents and Settings\Pascal\Application Data\Xfire 2008-08-16 20:50 . 2008-08-16 20:50 <REP> d-------- C:\Documents and Settings\Pascal\Application Data\Apple Computer 2008-08-16 20:49 . 2008-08-16 20:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-08-16 20:49 . 2008-08-16 20:49 1,409 --a------ C:\WINDOWS\QTFont.for 2008-08-15 18:05 . 2008-05-01 16:36 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-15 18:04 . 2008-04-11 21:05 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-14 23:57 . 2008-08-15 00:05 512 --a------ C:\drmHeader.bin 2008-08-13 00:08 . 2008-08-13 00:08 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll 2008-08-09 13:14 . 2008-09-05 22:17 182,038 --a------ C:\WINDOWS\system32\nvapps.xml 2008-08-09 13:13 . 2008-08-09 13:13 <REP> d-------- C:\WINDOWS\nview 2008-08-09 13:13 . 2008-08-09 13:14 <REP> d-------- C:\WINDOWS\NV2044220.TMP 2008-08-09 13:06 . 2008-08-09 13:06 <REP> d-------- C:\Program Files\MSI 2008-08-09 13:05 . 2008-08-09 13:05 <REP> d-------- C:\Program Files\Setup Files 2008-08-09 12:57 . 2008-08-09 12:57 0 --a------ C:\WINDOWS\msicpl.ini 2008-08-09 12:34 . 1998-10-02 19:00 327,168 --a------ C:\WINDOWS\IsUninst.exe 2008-08-09 12:32 . 2008-08-09 13:11 <REP> d-------- C:\WINDOWS\NV18241376.TMP 2008-08-09 12:32 . 2006-12-15 04:58 208,896 -ra------ C:\WINDOWS\system32\sw20.exe 2008-08-09 12:32 . 2006-06-01 11:22 114,688 -ra------ C:\WINDOWS\system32\sysinfo.dll 2008-08-09 12:32 . 2006-12-15 04:58 69,632 -ra------ C:\WINDOWS\system32\sw24.exe 2008-08-09 12:32 . 2006-06-01 11:22 9,728 -ra------ C:\WINDOWS\system32\sysinfoX64.sys 2008-08-09 12:32 . 2006-06-01 11:22 8,883 -ra------ C:\WINDOWS\system32\sysinfo.vxd 2008-08-09 12:32 . 2006-06-01 11:22 8,192 -ra------ C:\WINDOWS\system32\sysinfo.sys 2008-08-08 08:42 . 2008-08-08 08:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Dell 2008-08-07 21:15 . 2008-05-16 11:48 446,464 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2008-08-07 21:09 . 2008-05-16 14:01 446,464 --a------ C:\WINDOWS\system32\nvudisp.exe 2008-08-07 21:09 . 2008-06-05 16:50 18,818 --a------ C:\WINDOWS\system32\nvdisp.nvu 2008-08-07 18:47 . 2008-08-07 18:47 <REP> d-------- C:\Program Files\NVIDIA Corporation 2008-08-07 18:46 . 2008-08-07 20:58 <REP> d-------- C:\Program Files\NVIDIA nTune Performance Application 2008-08-05 00:09 . 2008-04-14 04:33 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll 2008-08-05 00:09 . 2008-04-14 04:33 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll 2008-08-05 00:09 . 2008-04-14 04:33 276,992 --------- C:\WINDOWS\system32\wmphoto.dll 2008-08-05 00:09 . 2008-04-14 04:33 69,120 --------- C:\WINDOWS\system32\wlanapi.dll 2008-08-05 00:07 . 2008-04-14 04:33 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-05 20:08 2,845,681 ----a-r C:\ComboFix.exe 2008-09-05 16:00 --------- d-----w C:\Program Files\Norton Security Scan 2008-09-05 15:28 137,656 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-09-05 10:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-09-05 06:13 --------- d-----w C:\Program Files\McAfee 2008-09-04 20:33 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-09-04 10:20 --------- d-----w C:\Program Files\Steam 2008-09-02 16:46 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-02 07:01 96,384 ----a-w C:\WINDOWS\system32\drivers\sptd9533.sys 2008-08-29 20:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee 2008-08-29 19:58 --------- d-----w C:\Program Files\Google 2008-08-29 18:53 --------- d-----w C:\Program Files\Java 2008-08-29 16:01 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-08-28 19:13 --------- d-----w C:\Program Files\eMule 2008-08-26 11:33 --------- d-----w C:\Program Files\Mindscape 2008-08-25 19:46 --------- d-----w C:\Program Files\Activision 2008-08-07 15:29 106,496 ----a-w C:\WINDOWS\DUMP65af.tmp 2008-08-05 21:41 --------- d-----w C:\Documents and Settings\Pascal\Application Data\SiteAdvisor 2008-07-06 08:35 --------- d-----w C:\Program Files\Sony 2008-07-06 08:35 --------- d-----w C:\Program Files\Fichiers communs\Sony Shared 2008-05-09 07:28 22,328 ----a-w C:\Documents and Settings\Pascal\Application Data\PnkBstrK.sys 2006-01-20 21:35 251 ----a-w C:\Program Files\wt3d.ini 2006-04-16 10:10 104 --sh--r C:\WINDOWS\system32\0853486DF1.sys 2006-04-16 10:10 6,580 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( snapshot@2008-09-03_20.21.09.95 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-15 20:12:48 296,336 ----a-w C:\WINDOWS\Downloaded Program Files\rufsi.dll - 2008-03-14 16:10:06 29,926 ----a-r C:\WINDOWS\Installer\{BADF6744-3787-48F6-B8C9-4C4995401D65}\MsblIco.Exe + 2008-09-04 15:02:13 29,926 ----a-r C:\WINDOWS\Installer\{BADF6744-3787-48F6-B8C9-4C4995401D65}\MsblIco.Exe - 2008-09-03 16:38:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-09-05 17:34:31 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2008-09-03 16:38:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2008-09-05 17:34:31 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2008-05-09 11:15:51 45,376 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys + 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys + 2008-06-27 13:03:55 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys + 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys - 2008-09-03 14:12:16 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe + 2008-09-05 15:28:33 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-05 68856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152] "MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480] "VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-02-09 36904] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992] "McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-22 4838952] "ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-06-19 200704] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 67584] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 122941] "Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096] "Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832] "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984] "EKIJ5000StatusMonitor"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2007-11-13 1052672] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 13529088] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 86016] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 282624] "SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2008-07-07 4891472] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-10-21 C:\WINDOWS\KHALMNPR.Exe] "CTHelper"="CTHELPER.EXE" [2005-09-20 C:\WINDOWS\CTHELPER.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\drivers HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\drivers\audio HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\drivers\audio\addon HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\drivers\audio\addon\common HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\drivers\audio\addon\common\i386 [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"= "C:\\WINDOWS\\system32\\LEXPPS.EXE"= "C:\\Program Files\\Steam\\SteamApps\\common\\red orchestra\\System\\RedOrchestra.exe"= "C:\\WINDOWS\\system32\\mmc.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Xfire\\Xfire.exe"= "C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Steam\\steam.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Program Files\\DNA\\btdna.exe"= "C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"= "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R2 KodakSvc;Kodak AiO Device Service;C:\Program Files\Kodak\printer\center\KodakSvc.exe [2007-12-13 18944] R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2005-09-20 1093632] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S2 oxu4yena7n0e;ASUSKeyboardService;C:\WINDOWS\system32\cuciquud.exe [ ] S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 18848] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-05 22:17:21 Windows 5.1.2600 Service Pack 3 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\SiteAdvisor\6253\saHook.dll -> C:\Program Files\Logitech\SetPoint\lgscroll.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\McAfee\MBK\MBackMonitor.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe C:\PROGRA~1\FICHIE~1\McAfee\McProxy\McProxy.exe C:\Program Files\McAfee\VirusScan\Mcshield.exe C:\Program Files\McAfee\MPF\MpfSrv.exe C:\Program Files\McAfee\MSK\msksrver.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\CTXFISPI.EXE C:\WINDOWS\ehome\ehmsas.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe C:\Program Files\Dell Photo Printer 720\dlbcserv.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe . ************************************************************************** . Temps d'accomplissement: 2008-09-05 22:21:14 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-05 20:21:06 ComboFix2.txt 2008-09-03 18:21:56 Pre-Run: 187,842,084,864 octets libres Post-Run: 187,858,374,656 octets libres 283 --- E O F --- 2008-09-05 17:40:04
  3. Pas possible d'ouvrir la page 3 du post déavant, alors j'encréé un autre.... Désolé.... J'ai effectué 1 scan avec avira antivir qui m'a trouvé 10x le trojan (cf ci dessous) qui se cachait sous le nom kokukquoo.exe Avira AntiVir Personal Report file date: jeudi 4 septembre 2008 22:42 Scanning for 1598352 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: WHAOUUU Version information: BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15 ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 31/08/2008 20:40:42 ANTIVIR3.VDF : 7.0.6.118 179712 Bytes 04/09/2008 20:40:45 Engineversion : 8.1.1.28 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21 AESCRIPT.DLL : 8.1.0.70 319866 Bytes 04/09/2008 20:40:59 AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49 AERDL.DLL : 8.1.1.1 397683 Bytes 04/09/2008 20:40:57 AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35 AEOFFICE.DLL : 8.1.0.23 196987 Bytes 04/09/2008 20:40:55 AEHEUR.DLL : 8.1.0.51 1397111 Bytes 04/09/2008 20:40:54 AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48 AEGEN.DLL : 8.1.0.36 315764 Bytes 04/09/2008 20:40:49 AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21 AECORE.DLL : 8.1.1.11 172406 Bytes 04/09/2008 20:40:48 AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 04/09/2008 20:40:46 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: jeudi 4 septembre 2008 22:42 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'SpybotSD.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'COCIManager.exe' - '1' Module(s) have been scanned Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned Scan process 'KEM.exe' - '1' Module(s) have been scanned Scan process 'dlbcserv.exe' - '1' Module(s) have been scanned Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned Scan process 'CTXFISPI.EXE' - '1' Module(s) have been scanned Scan process 'avgas.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'LCDMedia.exe' - '1' Module(s) have been scanned Scan process 'LCDPop3.exe' - '1' Module(s) have been scanned Scan process 'LCDClock.exe' - '1' Module(s) have been scanned Scan process 'LCDCountdown.exe' - '1' Module(s) have been scanned Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned Scan process 'ehmsas.exe' - '1' Module(s) have been scanned Scan process 'Quickcam.exe' - '1' Module(s) have been scanned Scan process 'LGDCore.exe' - '1' Module(s) have been scanned Scan process 'LCDMon.exe' - '1' Module(s) have been scanned Scan process 'CTHELPER.EXE' - '1' Module(s) have been scanned Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned Scan process 'DVDLauncher.exe' - '1' Module(s) have been scanned Scan process 'ehtray.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'mcagent.exe' - '1' Module(s) have been scanned Scan process 'SiteAdv.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'VolPanel.exe' - '1' Module(s) have been scanned Scan process 'DLLML.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'LVComSer.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned Scan process 'COCIManager.exe' - '1' Module(s) have been scanned Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned Scan process 'KEM.exe' - '1' Module(s) have been scanned Scan process 'dlbcserv.exe' - '1' Module(s) have been scanned Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned Scan process 'steam.exe' - '1' Module(s) have been scanned Scan process 'mcsysmon.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avgas.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'LCDMedia.exe' - '1' Module(s) have been scanned Scan process 'LCDPop3.exe' - '1' Module(s) have been scanned Scan process 'LCDCountdown.exe' - '1' Module(s) have been scanned Scan process 'LCDClock.exe' - '1' Module(s) have been scanned Scan process 'EKIJ5000MUI.exe' - '1' Module(s) have been scanned Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned Scan process 'Quickcam.exe' - '1' Module(s) have been scanned Scan process 'LGDCore.exe' - '1' Module(s) have been scanned Scan process 'LCDMon.exe' - '1' Module(s) have been scanned Scan process 'ehmsas.exe' - '1' Module(s) have been scanned Scan process 'CTHELPER.EXE' - '1' Module(s) have been scanned Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned Scan process 'DVDLauncher.exe' - '1' Module(s) have been scanned Scan process 'ehtray.exe' - '1' Module(s) have been scanned Scan process 'McAfeeDataBackup.exe' - '1' Module(s) have been scanned Scan process 'CTXFISPI.EXE' - '1' Module(s) have been scanned Scan process 'SiteAdv.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'VolPanel.exe' - '1' Module(s) have been scanned Scan process 'DLLML.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'mcagent.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'dllhost.exe' - '1' Module(s) have been scanned Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned Scan process 'UAService7.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'msksrver.exe' - '1' Module(s) have been scanned Scan process 'MpfSrv.exe' - '1' Module(s) have been scanned Scan process 'Mcshield.exe' - '1' Module(s) have been scanned Scan process 'McProxy.exe' - '1' Module(s) have been scanned Scan process 'McNASvc.exe' - '1' Module(s) have been scanned Scan process 'mcmscsvc.exe' - '1' Module(s) have been scanned Scan process 'MBackMonitor.exe' - '1' Module(s) have been scanned Scan process 'LVComSer.exe' - '1' Module(s) have been scanned Scan process 'KodakSvc.exe' - '1' Module(s) have been scanned Scan process 'ehSched.exe' - '1' Module(s) have been scanned Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned Scan process 'guard.exe' - '0' Module(s) have been scanned Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 109 processes with 109 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD2 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD3 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD4 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '69' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\LocalService\Application Data\Microsoft\kokukequoo.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\Documents and Settings\Paul-Emile\Local Settings\Temporary Internet Files\Content.IE5\ZYSD4F4Z\enavweb[1].cab [0] Archive type: CAB (Microsoft) --> navex32a.dll [WARNING] No further files can be extracted from this archive. The archive will be closed C:\Documents and Settings\Valérian\Local Settings\Temp\hoonapezy.tmp [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP1002\A0410372.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP1002\A0410374.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP1003\A0411398.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '48f4620c.qua'! C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP1003\A0411409.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP1003\A0412429.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP1008\A0412593.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP1023\A0418544.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP998\A0409720.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\sptd9533.sys [WARNING] The file could not be opened! C:\_OTMoveIt\MovedFiles\09022008_211037\Documents and Settings\Frédérique\Application Data\Microsoft\kokukequoo.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! End of the scan: vendredi 5 septembre 2008 00:57 Used time: 2:14:54 Hour(s) The scan has been done completely. 10258 Scanning directories 468161 Files were scanned 11 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 10 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 4 Files cannot be scanned 468146 Files not concerned 8142 Archives were scanned 9 Warnings 11 Notes
  4. j'ai fait un scan avec avira antivir qui m'a trouvé 10x le mme virus (le fameux kokukequo).. Ci joint le rapport. Avira AntiVir Personal Report file date: jeudi 4 septembre 2008 22:42 Scanning for 1598352 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: WHAOUUU Version information: BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15 ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 31/08/2008 20:40:42 ANTIVIR3.VDF : 7.0.6.118 179712 Bytes 04/09/2008 20:40:45 Engineversion : 8.1.1.28 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21 AESCRIPT.DLL : 8.1.0.70 319866 Bytes 04/09/2008 20:40:59 AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49 AERDL.DLL : 8.1.1.1 397683 Bytes 04/09/2008 20:40:57 AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35 AEOFFICE.DLL : 8.1.0.23 196987 Bytes 04/09/2008 20:40:55 AEHEUR.DLL : 8.1.0.51 1397111 Bytes 04/09/2008 20:40:54 AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48 AEGEN.DLL : 8.1.0.36 315764 Bytes 04/09/2008 20:40:49 AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21 AECORE.DLL : 8.1.1.11 172406 Bytes 04/09/2008 20:40:48 AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 04/09/2008 20:40:46 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: jeudi 4 septembre 2008 22:42 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'SpybotSD.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'COCIManager.exe' - '1' Module(s) have been scanned Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned Scan process 'KEM.exe' - '1' Module(s) have been scanned Scan process 'dlbcserv.exe' - '1' Module(s) have been scanned Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned Scan process 'CTXFISPI.EXE' - '1' Module(s) have been scanned Scan process 'avgas.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'LCDMedia.exe' - '1' Module(s) have been scanned Scan process 'LCDPop3.exe' - '1' Module(s) have been scanned Scan process 'LCDClock.exe' - '1' Module(s) have been scanned Scan process 'LCDCountdown.exe' - '1' Module(s) have been scanned Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned Scan process 'ehmsas.exe' - '1' Module(s) have been scanned Scan process 'Quickcam.exe' - '1' Module(s) have been scanned Scan process 'LGDCore.exe' - '1' Module(s) have been scanned Scan process 'LCDMon.exe' - '1' Module(s) have been scanned Scan process 'CTHELPER.EXE' - '1' Module(s) have been scanned Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned Scan process 'DVDLauncher.exe' - '1' Module(s) have been scanned Scan process 'ehtray.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'mcagent.exe' - '1' Module(s) have been scanned Scan process 'SiteAdv.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'VolPanel.exe' - '1' Module(s) have been scanned Scan process 'DLLML.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'LVComSer.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned Scan process 'COCIManager.exe' - '1' Module(s) have been scanned Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned Scan process 'KEM.exe' - '1' Module(s) have been scanned Scan process 'dlbcserv.exe' - '1' Module(s) have been scanned Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned Scan process 'steam.exe' - '1' Module(s) have been scanned Scan process 'mcsysmon.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avgas.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'LCDMedia.exe' - '1' Module(s) have been scanned Scan process 'LCDPop3.exe' - '1' Module(s) have been scanned Scan process 'LCDCountdown.exe' - '1' Module(s) have been scanned Scan process 'LCDClock.exe' - '1' Module(s) have been scanned Scan process 'EKIJ5000MUI.exe' - '1' Module(s) have been scanned Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned Scan process 'Quickcam.exe' - '1' Module(s) have been scanned Scan process 'LGDCore.exe' - '1' Module(s) have been scanned Scan process 'LCDMon.exe' - '1' Module(s) have been scanned Scan process 'ehmsas.exe' - '1' Module(s) have been scanned Scan process 'CTHELPER.EXE' - '1' Module(s) have been scanned Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned Scan process 'DVDLauncher.exe' - '1' Module(s) have been scanned Scan process 'ehtray.exe' - '1' Module(s) have been scanned Scan process 'McAfeeDataBackup.exe' - '1' Module(s) have been scanned Scan process 'CTXFISPI.EXE' - '1' Module(s) have been scanned Scan process 'SiteAdv.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'VolPanel.exe' - '1' Module(s) have been scanned Scan process 'DLLML.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'mcagent.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'dllhost.exe' - '1' Module(s) have been scanned Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned Scan process 'UAService7.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'msksrver.exe' - '1' Module(s) have been scanned Scan process 'MpfSrv.exe' - '1' Module(s) have been scanned Scan process 'Mcshield.exe' - '1' Module(s) have been scanned Scan process 'McProxy.exe' - '1' Module(s) have been scanned Scan process 'McNASvc.exe' - '1' Module(s) have been scanned Scan process 'mcmscsvc.exe' - '1' Module(s) have been scanned Scan process 'MBackMonitor.exe' - '1' Module(s) have been scanned Scan process 'LVComSer.exe' - '1' Module(s) have been scanned Scan process 'KodakSvc.exe' - '1' Module(s) have been scanned Scan process 'ehSched.exe' - '1' Module(s) have been scanned Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned Scan process 'guard.exe' - '0' Module(s) have been scanned Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 109 processes with 109 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD2 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD3 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD4 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '69' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\LocalService\Application Data\Microsoft\kokukequoo.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\Documents and Settings\Paul-Emile\Local Settings\Temporary Internet Files\Content.IE5\ZYSD4F4Z\enavweb[1].cab [0] Archive type: CAB (Microsoft) --> navex32a.dll [WARNING] No further files can be extracted from this archive. The archive will be closed C:\Documents and Settings\Valérian\Local Settings\Temp\hoonapezy.tmp [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP1002\A0410372.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP1002\A0410374.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP1003\A0411398.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '48f4620c.qua'! C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP1003\A0411409.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP1003\A0412429.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP1008\A0412593.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP1023\A0418544.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP998\A0409720.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\sptd9533.sys [WARNING] The file could not be opened! C:\_OTMoveIt\MovedFiles\09022008_211037\Documents and Settings\Frédérique\Application Data\Microsoft\kokukequoo.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! End of the scan: vendredi 5 septembre 2008 00:57 Used time: 2:14:54 Hour(s) The scan has been done completely. 10258 Scanning directories 468161 Files were scanned 11 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 10 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 4 Files cannot be scanned 468146 Files not concerned 8142 Archives were scanned 9 Warnings 11 Notes j'ai fait un scan avec avira antivir qui m'a trouvé 10x le mme virus (le fameux kokukequo).. Ci joint le rapport. Avira AntiVir Personal Report file date: jeudi 4 septembre 2008 22:42 Scanning for 1598352 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: WHAOUUU Version information: BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15 ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 31/08/2008 20:40:42 ANTIVIR3.VDF : 7.0.6.118 179712 Bytes 04/09/2008 20:40:45 Engineversion : 8.1.1.28 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21 AESCRIPT.DLL : 8.1.0.70 319866 Bytes 04/09/2008 20:40:59 AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49 AERDL.DLL : 8.1.1.1 397683 Bytes 04/09/2008 20:40:57 AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35 AEOFFICE.DLL : 8.1.0.23 196987 Bytes 04/09/2008 20:40:55 AEHEUR.DLL : 8.1.0.51 1397111 Bytes 04/09/2008 20:40:54 AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48 AEGEN.DLL : 8.1.0.36 315764 Bytes 04/09/2008 20:40:49 AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21 AECORE.DLL : 8.1.1.11 172406 Bytes 04/09/2008 20:40:48 AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 04/09/2008 20:40:46 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: jeudi 4 septembre 2008 22:42 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'SpybotSD.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'COCIManager.exe' - '1' Module(s) have been scanned Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned Scan process 'KEM.exe' - '1' Module(s) have been scanned Scan process 'dlbcserv.exe' - '1' Module(s) have been scanned Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned Scan process 'CTXFISPI.EXE' - '1' Module(s) have been scanned Scan process 'avgas.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'LCDMedia.exe' - '1' Module(s) have been scanned Scan process 'LCDPop3.exe' - '1' Module(s) have been scanned Scan process 'LCDClock.exe' - '1' Module(s) have been scanned Scan process 'LCDCountdown.exe' - '1' Module(s) have been scanned Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned Scan process 'ehmsas.exe' - '1' Module(s) have been scanned Scan process 'Quickcam.exe' - '1' Module(s) have been scanned Scan process 'LGDCore.exe' - '1' Module(s) have been scanned Scan process 'LCDMon.exe' - '1' Module(s) have been scanned Scan process 'CTHELPER.EXE' - '1' Module(s) have been scanned Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned Scan process 'DVDLauncher.exe' - '1' Module(s) have been scanned Scan process 'ehtray.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'mcagent.exe' - '1' Module(s) have been scanned Scan process 'SiteAdv.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'VolPanel.exe' - '1' Module(s) have been scanned Scan process 'DLLML.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'LVComSer.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned Scan process 'COCIManager.exe' - '1' Module(s) have been scanned Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned Scan process 'KEM.exe' - '1' Module(s) have been scanned Scan process 'dlbcserv.exe' - '1' Module(s) have been scanned Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned Scan process 'steam.exe' - '1' Module(s) have been scanned Scan process 'mcsysmon.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avgas.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'LCDMedia.exe' - '1' Module(s) have been scanned Scan process 'LCDPop3.exe' - '1' Module(s) have been scanned Scan process 'LCDCountdown.exe' - '1' Module(s) have been scanned Scan process 'LCDClock.exe' - '1' Module(s) have been scanned Scan process 'EKIJ5000MUI.exe' - '1' Module(s) have been scanned Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned Scan process 'Quickcam.exe' - '1' Module(s) have been scanned Scan process 'LGDCore.exe' - '1' Module(s) have been scanned Scan process 'LCDMon.exe' - '1' Module(s) have been scanned Scan process 'ehmsas.exe' - '1' Module(s) have been scanned Scan process 'CTHELPER.EXE' - '1' Module(s) have been scanned Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned Scan process 'DVDLauncher.exe' - '1' Module(s) have been scanned Scan process 'ehtray.exe' - '1' Module(s) have been scanned Scan process 'McAfeeDataBackup.exe' - '1' Module(s) have been scanned Scan process 'CTXFISPI.EXE' - '1' Module(s) have been scanned Scan process 'SiteAdv.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'VolPanel.exe' - '1' Module(s) have been scanned Scan process 'DLLML.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'mcagent.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'dllhost.exe' - '1' Module(s) have been scanned Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned Scan process 'UAService7.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'msksrver.exe' - '1' Module(s) have been scanned Scan process 'MpfSrv.exe' - '1' Module(s) have been scanned Scan process 'Mcshield.exe' - '1' Module(s) have been scanned Scan process 'McProxy.exe' - '1' Module(s) have been scanned Scan process 'McNASvc.exe' - '1' Module(s) have been scanned Scan process 'mcmscsvc.exe' - '1' Module(s) have been scanned Scan process 'MBackMonitor.exe' - '1' Module(s) have been scanned Scan process 'LVComSer.exe' - '1' Module(s) have been scanned Scan process 'KodakSvc.exe' - '1' Module(s) have been scanned Scan process 'ehSched.exe' - '1' Module(s) have been scanned Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned Scan process 'guard.exe' - '0' Module(s) have been scanned Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 109 processes with 109 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD2 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD3 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD4 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '69' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\LocalService\Application Data\Microsoft\kokukequoo.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\Documents and Settings\Paul-Emile\Local Settings\Temporary Internet Files\Content.IE5\ZYSD4F4Z\enavweb[1].cab [0] Archive type: CAB (Microsoft) --> navex32a.dll [WARNING] No further files can be extracted from this archive. The archive will be closed C:\Documents and Settings\Valérian\Local Settings\Temp\hoonapezy.tmp [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP1002\A0410372.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP1002\A0410374.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP1003\A0411398.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '48f4620c.qua'! C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP1003\A0411409.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP1003\A0412429.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP1008\A0412593.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP1023\A0418544.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP998\A0409720.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\sptd9533.sys [WARNING] The file could not be opened! C:\_OTMoveIt\MovedFiles\09022008_211037\Documents and Settings\Frédérique\Application Data\Microsoft\kokukequoo.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! End of the scan: vendredi 5 septembre 2008 00:57 Used time: 2:14:54 Hour(s) The scan has been done completely. 10258 Scanning directories 468161 Files were scanned 11 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 10 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 4 Files cannot be scanned 468146 Files not concerned 8142 Archives were scanned 9 Warnings 11 Notes
  5. Oui, les rapports sont dans mon post d'avant, en tout 4 rapports dedans. Les 2 fichiers en question n'ont pas été trouvés.
  6. Ben oui, il y est cuciquud... mais wexplorer ne le trouve pas... J' 04/09/2008 ---- 19:07:34,26 ---------------------------------- §§§§§§ [cuciquud] §§§§§§ ---------------------------------- [X] Registre -------------- [ ] rapide -- Fichier --- [ ] disque systeme ------------- [X] complete ******************** [Registre] ******************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\cuciquud] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\cuciquud\DEBUG] [HKEY_USERS\S-1-5-21-1316576355-2183960598-615534113-1008\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\\WINDOWS\\system32\\cuciquud.exe"="cuciquud" ******************* [Fichier] ******************* ********************* [Même date] ********************* Aucun fichier créé à la même date détecté Outil Aide Diagnostic By !aur3n7 Version 1.1 ---------------------------------- §§§§§ Fin Rapport §§§§§ 04/09/2008 ---- 19:21:12,29 ---------------------------------- §§§§§§ [f0YmHzHK] §§§§§§ ---------------------------------- [X] Registre -------------- [ ] rapide -- Fichier --- [ ] disque systeme ------------- [X] complete ******************** [Registre] ******************** Aucune entrée détectée ******************* [Fichier] ******************* ********************* [Même date] ********************* Aucun fichier créé à la même date détecté Outil Aide Diagnostic By !aur3n7 Version 1.1 ---------------------------------- §§§§§ Fin Rapport §§§§§ ---------------------------------- 04/09/2008 ---- 19:23:28,07 ---------------------------------- §§§§§§ [asbp2poa.sys] §§§§§§ ---------------------------------- [X] Registre -------------- [ ] rapide -- Fichier --- [ ] disque systeme ------------- [X] complete ******************** [Registre] ******************** Aucune entrée détectée ******************* [Fichier] ******************* ********************* [Même date] ********************* Aucun fichier créé à la même date détecté Outil Aide Diagnostic By !aur3n7 Version 1.1 ---------------------------------- §§§§§ Fin Rapport §§§§§ ---------------------------------- 04/09/2008 ---- 19:26:55,17 ---------------------------------- §§§§§§ [kokukequoo.exe] §§§§§§ ---------------------------------- [X] Registre -------------- [ ] rapide -- Fichier --- [ ] disque systeme ------------- [X] complete ******************** [Registre] ******************** [HKEY_USERS\S-1-5-21-1316576355-2183960598-615534113-1006\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\\Documents and Settings\\Frédérique\\Application Data\\Microsoft\\kokukequoo.exe"="kokukequoo" [HKEY_USERS\S-1-5-21-1316576355-2183960598-615534113-1006\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\\WINDOWS\\system32\\kokukequoo.exe"="kokukequoo" [HKEY_USERS\S-1-5-21-1316576355-2183960598-615534113-1008\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\\WINDOWS\\system32\\kokukequoo.exe"="kokukequoo" ******************* [Fichier] ******************* c:\_OTMoveIt\MovedFiles\09022008_211037\Documents and Settings\Fr‚d‚rique\Application Data\Microsoft\kokukequoo.exe c:\Documents and Settings\LocalService\Application Data\Microsoft\kokukequoo.exe ********************* [Même date] ********************* Aucun fichier créé à la même date détecté Outil Aide Diagnostic By !aur3n7 Version 1.1 ---------------------------------- §§§§§ Fin Rapport §§§§§ ---------------------------------- J'ai aussi scanné le fameux kokukequoo.exe... résultat ci dessus -> présent
  7. C'est étonnant mais je ne trouve pas ces fichiers la même en cochant l'option montrer les fichiers cahcés ou en faisant une recherche sous Wexploreur???!!! Oo
  8. Après un scan très long, un peu de lecture: ComboFix 08-09-01.05 - Pascal 2008-09-03 18:43:16.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1359 [GMT 2:00] Endroit: C:\ComboFix.exe * Création d'un nouveau point de restauration * Resident AV is active AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Frédérique\Application Data\macromedia\Flash Player\#SharedObjects\7CK4KJ2Y\bin.clearspring.com C:\Documents and Settings\Frédérique\Application Data\macromedia\Flash Player\#SharedObjects\7CK4KJ2Y\bin.clearspring.com\clearspring.sol C:\Documents and Settings\Frédérique\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com C:\Documents and Settings\Frédérique\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol C:\Documents and Settings\LocalService\Cookies\system@trafiz[1].txt . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_poof ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-03 to 2008-09-03 )))))))))))))))))))))))))))))))))))) . 2008-09-03 17:28 . 2008-09-03 17:28 268 --ah----- C:\sqmdata01.sqm 2008-09-03 17:28 . 2008-09-03 17:28 244 --ah----- C:\sqmnoopt01.sqm 2008-09-03 12:44 . 2008-09-03 12:44 268 --ah----- C:\sqmdata00.sqm 2008-09-03 12:44 . 2008-09-03 12:44 244 --ah----- C:\sqmnoopt00.sqm 2008-09-02 21:10 . 2008-09-02 21:10 <REP> d-------- C:\_OTMoveIt 2008-09-02 18:49 . 2008-09-03 15:42 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2008-09-02 18:42 . 2008-09-02 18:42 <REP> d-------- C:\Program Files\Buena Vista Games 2008-09-02 08:54 . 2008-09-02 08:54 <REP> d-------- C:\WINDOWS\system32\fr 2008-09-02 08:54 . 2008-09-02 08:54 <REP> d-------- C:\WINDOWS\system32\bits 2008-09-02 08:54 . 2008-09-02 08:54 <REP> d-------- C:\WINDOWS\l2schemas 2008-09-02 08:51 . 2008-09-02 08:51 <REP> d-------- C:\WINDOWS\ServicePackFiles 2008-09-02 08:48 . 2008-09-02 08:59 2,639 --a------ C:\WINDOWS\imsins.BAK 2008-09-02 00:40 . 2008-09-02 00:40 <REP> d-------- C:\DiagHelp 2008-09-01 19:37 . 2008-09-02 18:39 <REP> d-------- C:\Program Files\Navilog1 2008-08-31 12:43 . 2008-08-31 12:43 <REP> d-------- C:\Documents and Settings\Paul-Emile\Application Data\Grisoft 2008-08-30 18:59 . 2008-08-30 18:59 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-30 18:59 . 2008-08-30 18:59 <REP> d-------- C:\Documents and Settings\Pascal\Application Data\Malwarebytes 2008-08-30 18:59 . 2008-08-30 18:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-30 18:59 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-30 18:59 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-30 12:21 . 2008-08-30 13:08 6,018 --a------ C:\Documents and Settings\Orph.egd 2008-08-30 12:19 . 2008-08-30 13:08 <REP> d-------- C:\ToolBar SD 2008-08-30 09:21 . 2008-08-30 09:21 <REP> d-------- C:\Program Files\Trend Micro 2008-08-30 09:21 . 2008-08-30 09:21 812,344 --a------ C:\hijackthis_hijackthis_2.02_anglais_17891.exe 2008-08-29 22:04 . 2008-08-31 22:56 <REP> d-------- C:\WINDOWS\BDOSCAN8 2008-08-29 21:52 . 2008-08-29 21:52 <REP> d-------- C:\Documents and Settings\Pascal\Application Data\Grisoft 2008-08-29 21:52 . 2008-08-29 21:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-08-29 21:52 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-08-29 21:46 . 2008-08-29 21:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-08-29 21:43 . 2008-08-29 21:43 <REP> d-------- C:\Program Files\Yahoo! 2008-08-29 21:43 . 2008-08-29 21:44 <REP> d-------- C:\Program Files\CCleaner 2008-08-29 21:16 . 2008-08-29 22:00 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-29 20:54 . 2008-08-29 20:54 <REP> d-------- C:\Program Files\Sun 2008-08-29 20:53 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-08-29 19:48 . 2008-08-29 20:03 <REP> d-------- C:\Documents and Settings\Paul-Emile\.housecall6.6 2008-08-26 13:33 . 2001-05-17 05:18 190,976 --a------ C:\WINDOWS\RRKW.POL 2008-08-24 15:32 . 2008-08-24 15:32 792,685 --a------ C:\voute.pdf 2008-08-23 21:59 . 2008-08-24 10:34 <REP> d---s---- C:\Program Files\Xfire 2008-08-23 21:59 . 2008-09-03 18:40 <REP> d-------- C:\Documents and Settings\Pascal\Application Data\Xfire 2008-08-16 20:50 . 2008-08-16 20:50 <REP> d-------- C:\Documents and Settings\Pascal\Application Data\Apple Computer 2008-08-16 20:49 . 2008-08-16 20:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-08-16 20:49 . 2008-08-16 20:49 1,409 --a------ C:\WINDOWS\QTFont.for 2008-08-15 18:05 . 2008-05-01 16:36 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-15 18:04 . 2008-04-11 21:05 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-14 23:57 . 2008-08-15 00:05 512 --a------ C:\drmHeader.bin 2008-08-13 00:08 . 2008-08-13 00:08 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll 2008-08-09 13:14 . 2008-09-03 20:18 182,038 --a------ C:\WINDOWS\system32\nvapps.xml 2008-08-09 13:13 . 2008-08-09 13:13 <REP> d-------- C:\WINDOWS\nview 2008-08-09 13:13 . 2008-08-09 13:14 <REP> d-------- C:\WINDOWS\NV2044220.TMP 2008-08-09 13:06 . 2008-08-09 13:06 <REP> d-------- C:\Program Files\MSI 2008-08-09 13:05 . 2008-08-09 13:05 <REP> d-------- C:\Program Files\Setup Files 2008-08-09 12:57 . 2008-08-09 12:57 0 --a------ C:\WINDOWS\msicpl.ini 2008-08-09 12:34 . 1998-10-02 19:00 327,168 --a------ C:\WINDOWS\IsUninst.exe 2008-08-09 12:32 . 2008-08-09 13:11 <REP> d-------- C:\WINDOWS\NV18241376.TMP 2008-08-09 12:32 . 2006-12-15 04:58 208,896 -ra------ C:\WINDOWS\system32\sw20.exe 2008-08-09 12:32 . 2006-12-15 04:57 200,704 -ra------ C:\WINDOWS\system32\WinSys.exe 2008-08-09 12:32 . 2006-06-01 11:22 114,688 -ra------ C:\WINDOWS\system32\sysinfo.dll 2008-08-09 12:32 . 2006-12-15 04:58 69,632 -ra------ C:\WINDOWS\system32\sw24.exe 2008-08-09 12:32 . 2006-06-01 11:22 9,728 -ra------ C:\WINDOWS\system32\sysinfoX64.sys 2008-08-09 12:32 . 2006-06-01 11:22 8,883 -ra------ C:\WINDOWS\system32\sysinfo.vxd 2008-08-09 12:32 . 2006-06-01 11:22 8,192 -ra------ C:\WINDOWS\system32\sysinfo.sys 2008-08-08 08:42 . 2008-08-08 08:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Dell 2008-08-07 21:15 . 2008-05-16 11:48 446,464 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2008-08-07 21:09 . 2008-05-16 14:01 446,464 --a------ C:\WINDOWS\system32\nvudisp.exe 2008-08-07 21:09 . 2008-06-05 16:50 18,818 --a------ C:\WINDOWS\system32\nvdisp.nvu 2008-08-07 18:47 . 2008-08-07 18:47 <REP> d-------- C:\Program Files\NVIDIA Corporation 2008-08-07 18:46 . 2008-08-07 20:58 <REP> d-------- C:\Program Files\NVIDIA nTune Performance Application 2008-08-05 00:09 . 2008-04-14 04:33 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll 2008-08-05 00:09 . 2008-04-14 04:33 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll 2008-08-05 00:09 . 2008-04-14 04:33 276,992 --------- C:\WINDOWS\system32\wmphoto.dll 2008-08-05 00:09 . 2008-04-14 04:33 69,120 --------- C:\WINDOWS\system32\wlanapi.dll 2008-08-05 00:07 . 2008-04-14 04:33 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-03 16:38 2,841,308 ----a-r C:\ComboFix.exe 2008-09-03 14:12 137,656 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-09-02 16:46 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-02 07:01 96,384 ----a-w C:\WINDOWS\system32\drivers\sptd9533.sys 2008-09-01 18:59 --------- d-----w C:\Program Files\Steam 2008-08-29 20:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee 2008-08-29 19:58 --------- d-----w C:\Program Files\Google 2008-08-29 18:53 --------- d-----w C:\Program Files\Java 2008-08-29 18:48 --------- d-----w C:\Program Files\McAfee 2008-08-29 16:01 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-08-29 16:00 --------- d-----w C:\Program Files\Norton Security Scan 2008-08-28 19:13 --------- d-----w C:\Program Files\eMule 2008-08-26 11:33 --------- d-----w C:\Program Files\Mindscape 2008-08-25 19:46 --------- d-----w C:\Program Files\Activision 2008-08-07 15:29 106,496 ----a-w C:\WINDOWS\DUMP65af.tmp 2008-08-05 21:41 --------- d-----w C:\Documents and Settings\Pascal\Application Data\SiteAdvisor 2008-07-06 08:35 --------- d-----w C:\Program Files\Sony 2008-07-06 08:35 --------- d-----w C:\Program Files\Fichiers communs\Sony Shared 2008-07-03 16:30 --------- d-----w C:\Program Files\THQ 2008-05-09 07:28 22,328 ----a-w C:\Documents and Settings\Pascal\Application Data\PnkBstrK.sys 2006-01-20 21:35 251 ----a-w C:\Program Files\wt3d.ini 2006-04-16 10:10 104 --sh--r C:\WINDOWS\system32\0853486DF1.sys 2006-04-16 10:10 6,580 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-05 68856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152] "MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480] "VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-02-09 36904] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992] "McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-22 4838952] "ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-06-19 200704] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 67584] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 122941] "Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096] "Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832] "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984] "EKIJ5000StatusMonitor"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2007-11-13 1052672] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 13529088] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 86016] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 282624] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-10-21 C:\WINDOWS\KHALMNPR.Exe] "CTHelper"="CTHELPER.EXE" [2005-09-20 C:\WINDOWS\CTHELPER.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\drivers HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\drivers\audio HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\drivers\audio\addon HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\drivers\audio\addon\common HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\drivers\audio\addon\common\i386 [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"= "C:\\WINDOWS\\system32\\LEXPPS.EXE"= "C:\\Program Files\\Steam\\SteamApps\\common\\red orchestra\\System\\RedOrchestra.exe"= "C:\\WINDOWS\\system32\\mmc.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Xfire\\Xfire.exe"= "C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Steam\\steam.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\DNA\\btdna.exe"= "C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"= "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= R2 KodakSvc;Kodak AiO Device Service;C:\Program Files\Kodak\printer\center\KodakSvc.exe [2007-12-13 18944] R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2005-09-20 1093632] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S2 oxu4yena7n0e;ASUSKeyboardService;C:\WINDOWS\system32\cuciquud.exe [ ] S3 38f1b4w7;38f1b4w7;C:\DOCUME~1\FRDRIQ~1\LOCALS~1\Temp\f0YmHzHK [ ] S3 asbp2poa;asbp2poa;C:\DOCUME~1\PAUL-E~1\LOCALS~1\Temp\asbp2poa.sys [ ] S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 18848] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-CTxfiReg - CTxfiReg.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\xydr4bpf.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-03 20:17:04 Windows 5.1.2600 Service Pack 3 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet017\Services\38f1b4w7] "ImagePath"="\??\C:\DOCUME~1\FRDRIQ~1\LOCALS~1\Temp\f0YmHzHK" . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\SiteAdvisor\6253\saHook.dll -> C:\Program Files\Logitech\SetPoint\lgscroll.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\LEXBCES.EXE C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\McAfee\MBK\MBackMonitor.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe C:\PROGRA~1\FICHIE~1\McAfee\McProxy\McProxy.exe C:\Program Files\McAfee\VirusScan\Mcshield.exe C:\Program Files\McAfee\MPF\MpfSrv.exe C:\Program Files\McAfee\MSK\msksrver.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\CTXFISPI.EXE C:\WINDOWS\system32\dllhost.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\ehome\ehmsas.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe C:\Program Files\Dell Photo Printer 720\dlbcserv.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.exe C:\Program Files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\PROGRA~1\McAfee\MSC\mcuimgr.exe C:\PROGRA~1\McAfee\MSC\mcshell.exe . ************************************************************************** . Temps d'accomplissement: 2008-09-03 20:21:54 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-03 18:21:46 Pre-Run: 187,895,652,352 octets libres Post-Run: 188,378,161,152 octets libres 271 --- E O F --- 2008-09-03 15:29:43
  9. Au fait, j'ai une question: kokukequoo.exe: c'est quoi ce truc?
  10. Voila l"autre rapport. c:\Documents and Settings\Frédérique\Application Data\Microsoft\kokukequoo.exe moved successfully. File move failed. c:\Documents and Settings\LocalService\Application Data\Microsoft\kokukequoo.exe scheduled to be moved on reboot. < EmptyTemp > File delete failed. C:\DOCUME~1\Pascal\LOCALS~1\Temp\fb_2992.lck scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pascal\LOCALS~1\Temp\sqlite_nUsTQR9emfY5bK9 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pascal\LOCALS~1\Temp\~DF51AF.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pascal\LOCALS~1\Temp\~DFF588.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\fb_1768.lck scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\LVCOMSX.LOG scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mcafee_8z2DOUAXrdjWbIF scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mcafee_kNMDhv8a3LG7Bo9 scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mcmsc_0DNkxDVXWH8s1qa scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mcmsc_7E59FBGRPNqYFWh scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mcmsc_jJLQZP3riRnBDgX scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mcmsc_P6OUCqAwbAyfXji scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mcmsc_ZWzg4u1pHIF4rIZ scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_FSDa4U5SVnMzCsa scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_vdRr0Scl3PMVcop scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09022008_211037 Files moved on Reboot... File move failed. c:\Documents and Settings\LocalService\Application Data\Microsoft\kokukequoo.exe scheduled to be moved on reboot. File C:\DOCUME~1\Pascal\LOCALS~1\Temp\fb_2992.lck not found! File C:\DOCUME~1\Pascal\LOCALS~1\Temp\sqlite_nUsTQR9emfY5bK9 not found! C:\DOCUME~1\Pascal\LOCALS~1\Temp\~DF51AF.tmp moved successfully. C:\DOCUME~1\Pascal\LOCALS~1\Temp\~DFF588.tmp moved successfully. File C:\WINDOWS\temp\fb_1768.lck not found! C:\WINDOWS\temp\LVCOMSX.LOG moved successfully. File C:\WINDOWS\temp\mcafee_8z2DOUAXrdjWbIF not found! File C:\WINDOWS\temp\mcafee_kNMDhv8a3LG7Bo9 not found! File C:\WINDOWS\temp\mcmsc_0DNkxDVXWH8s1qa not found! C:\WINDOWS\temp\mcmsc_7E59FBGRPNqYFWh moved successfully. File C:\WINDOWS\temp\mcmsc_jJLQZP3riRnBDgX not found! File C:\WINDOWS\temp\mcmsc_P6OUCqAwbAyfXji not found! File C:\WINDOWS\temp\mcmsc_ZWzg4u1pHIF4rIZ not found! C:\WINDOWS\temp\sqlite_FSDa4U5SVnMzCsa moved successfully. C:\WINDOWS\temp\sqlite_vdRr0Scl3PMVcop moved successfully.
  11. Déjà le 1er rapport pour les 2 merdes, l'autre va suivre: 02/09/2008 ---- 21:00:18,60 ---------------------------------- §§§§§§ [KOKUKEQUOO] §§§§§§ ---------------------------------- [X] Registre -------------- [ ] rapide -- Fichier --- [ ] disque systeme ------------- [X] complete ******************** [Registre] ******************** [HKEY_USERS\S-1-5-21-1316576355-2183960598-615534113-1007\Software\Microsoft\Windows\CurrentVersion\Run] "wapa"="C:\\Documents and Settings\\Valérian\\Application Data\\Microsoft\\kokukequoo.exe" [HKEY_USERS\S-1-5-21-1316576355-2183960598-615534113-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\\WINDOWS\\system32\\kokukequoo.exe"="kokukequoo" ******************* [Fichier] ******************* c:\Documents and Settings\Fr‚d‚rique\Application Data\Microsoft\kokukequoo.exe c:\Documents and Settings\LocalService\Application Data\Microsoft\kokukequoo.exe ********************* [Même date] ********************* Aucun fichier créé à la même date détecté Outil Aide Diagnostic By !aur3n7 Version 1.1 ---------------------------------- §§§§§ Fin Rapport §§§§§ ---------------------------------- 02/09/2008 ---- 21:03:27,97 ---------------------------------- §§§§§§ [MyWay Search Assistant] §§§§§§ ---------------------------------- [X] Registre -------------- [ ] rapide -- Fichier --- [ ] disque systeme ------------- [X] complete ******************** [Registre] ******************** [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}] @="MyWay Search Assistant" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8829557EB322C354F96043E0B32EE193] "ProductName"="MyWay Search Assistant" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8829557EB322C354F96043E0B32EE193\InstallProperties] "DisplayName"="MyWay Search Assistant" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E7559288-223B-453C-9F06-340E3BE21E39}] "DisplayName"="MyWay Search Assistant" ******************* [Fichier] ******************* ********************* [Même date] ********************* Aucun fichier créé à la même date détecté Outil Aide Diagnostic By !aur3n7 Version 1.1 ---------------------------------- §§§§§ Fin Rapport §§§§§ ----------------------------------
  12. Search Navipromo version 3.6.5 commencé le 02/09/2008 à 18:32:24,59 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "Pascal" Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.11 Système de fichiers : NTFS Recherche executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans "C:\WINDOWS" *** *** Recherche dossiers dans "C:\Program Files" *** *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" *** *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Pascal\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\FRDRIQ~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\PAUL-E~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Pascal\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\FRDRIQ~1\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\PAUL-E~1\locals~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Pascal\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\DOCUME~1\FRDRIQ~1\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\DOCUME~1\PAUL-E~1\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\DOCUME~1\VALRIA~1\menudm~1\progra~1" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\WINDOWS\system32" * * Recherche dans "C:\Documents and Settings\Pascal\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\FRDRIQ~1\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\PAUL-E~1\locals~1\applic~1" * *** Recherche fichiers *** *** Recherche clés spécifiques dans le Registre *** *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\WINDOWS\system32" : * Dans "C:\Documents and Settings\Pascal\locals~1\applic~1" : * Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" : * Dans "C:\DOCUME~1\FRDRIQ~1\locals~1\applic~1" : * Dans "C:\DOCUME~1\PAUL-E~1\locals~1\applic~1" : 3)Recherche Certificats : Certificat Egroup absent ! Certificat Electronic-Group absent ! Certificat Montorgueil absent ! Certificat OOO-Favorit absent ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche fichiers connus : *** Analyse terminée le 02/09/2008 à 18:39:54,26 ***
  13. Ben c'est ce que j'ai fait hier déjà ! Ok je relance.
  14. Voila le rapport avec lequel tu vas savoir tout ce qu'il y a sur la machine lol. UN POINT important que je voudrais préciser, quand je veux aller voir mes processuss avec le taskmanager, il n'y a plus d'onglet pour basculer sur ceux ci, juste la page ou je peux voir les applications en cours mais rien d'autre -> c'est pas strange? ++, merci encore et bonne lecture Oo DiagHelp version v1.4 - http://www.malekal.com excute le 02/09/2008 à 0:42:45,92 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CHCP.COM-17EDBDC9.pf -->02/09/2008 00:42:42 C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf -->02/09/2008 00:42:20 C:\WINDOWS\prefetch\UNINSTAL.EXE-288C1D5C.pf -->02/09/2008 00:41:47 C:\WINDOWS\prefetch\NTVDM.EXE-0A81AB7B.pf -->02/09/2008 00:41:47 C:\WINDOWS\prefetch\NOTEPAD.EXE-2F2D61E1.pf -->02/09/2008 00:41:18 C:\WINDOWS\prefetch\WINRAR.EXE-0AA31BB9.pf -->02/09/2008 00:40:45 C:\WINDOWS\prefetch\QTTASK.EXE-1876A1A1.pf -->02/09/2008 00:39:48 C:\WINDOWS\prefetch\WLLOGINPROXY.EXE-090074F0.pf -->02/09/2008 00:38:50 C:\WINDOWS\prefetch\IEXPLORE.EXE-2D97EBE6.pf -->02/09/2008 00:38:38 C:\WINDOWS\prefetch\MBAM.EXE-0D37CDF0.pf -->02/09/2008 00:34:33 C:\WINDOWS\System32\drivers\PnkBstrK.sys -->01/09/2008 20:38:17 C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->17/08/2008 15:01:18 C:\WINDOWS\System32\drivers\mbam.sys -->17/08/2008 15:01:14 C:\WINDOWS\System32\drivers\tcpip.sys -->20/06/2008 12:45:13 C:\WINDOWS\System32\drivers\afd.sys -->20/06/2008 12:44:38 C:\WINDOWS\System32\drivers\tcpip6.sys -->20/06/2008 11:52:06 C:\WINDOWS\System32\drivers\bthport.sys -->14/06/2008 19:59:52 C:\WINDOWS\System32\nvapps.xml -->01/09/2008 20:59:57 C:\WINDOWS\System32\wpa.dbl -->01/09/2008 20:59:33 C:\WINDOWS\System32\PnkBstrB.exe -->01/09/2008 20:38:10 C:\WINDOWS\System32\Config.MPF -->01/09/2008 19:35:45 C:\WINDOWS\System32\settingsbkup.sfm -->01/09/2008 09:41:39 C:\WINDOWS\System32\settings.sfm -->01/09/2008 09:41:39 C:\WINDOWS\System32\DVCState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx -->01/09/2008 09:41:39 C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx -->01/09/2008 09:41:39 C:\WINDOWS\System32\BMXState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx -->01/09/2008 09:41:39 C:\WINDOWS\System32\PnkBstrA.exe -->31/08/2008 10:55:48 C:\WINDOWS\System32\PerfStringBackup.INI -->29/08/2008 21:18:11 C:\WINDOWS\System32\perfh00C.dat -->29/08/2008 21:18:11 C:\WINDOWS\System32\perfh009.dat -->29/08/2008 21:18:11 C:\WINDOWS\System32\perfc00C.dat -->29/08/2008 21:18:11 C:\WINDOWS\System32\perfc009.dat -->29/08/2008 21:18:11 C:\WINDOWS\System32\jupdate-1.6.0_07-b06.log -->29/08/2008 20:53:48 C:\WINDOWS\System32\FNTCACHE.DAT -->29/08/2008 20:47:44 C:\WINDOWS\System32\lvcoinst.log -->29/08/2008 20:05:54 C:\WINDOWS\System32\TZLog.log -->16/08/2008 03:02:55 C:\WINDOWS\System32\xfcodec.dll -->13/08/2008 00:08:56 C:\WINDOWS\System32\d3d9caps.dat -->08/08/2008 21:25:01 C:\WINDOWS\System32\MRT.exe -->05/08/2008 11:11:02 C:\WINDOWS\System32\cdm.dll -->18/07/2008 22:10:48 C:\WINDOWS\System32\wuauclt.exe -->18/07/2008 22:10:42 C:\WINDOWS\System32\wups2.dll -->18/07/2008 22:10:40 C:\WINDOWS\WindowsUpdate.log -->01/09/2008 23:48:59 C:\WINDOWS\0.log -->01/09/2008 19:35:31 C:\WINDOWS\wiadebug.log -->01/09/2008 19:35:21 C:\WINDOWS\wiaservc.log -->01/09/2008 19:35:13 C:\WINDOWS\bootstat.dat -->01/09/2008 19:34:15 C:\WINDOWS\SchedLgU.Txt -->01/09/2008 09:41:19 C:\WINDOWS\msxml4-KB936181-enu.LOG -->01/09/2008 09:41:06 C:\WINDOWS\setupapi.log -->31/08/2008 19:24:45 C:\WINDOWS\ntbtlog.txt -->30/08/2008 20:03:40 C:\WINDOWS\QTFont.qfn -->16/08/2008 20:49:56 C:\WINDOWS\QTFont.for -->16/08/2008 20:49:56 C:\WINDOWS\msicpl.ini -->09/08/2008 12:57:06 C:\WINDOWS\DUMP65af.tmp -->07/08/2008 17:29:57 C:\WINDOWS\wininit.ini -->01/07/2008 07:35:56 C:\WINDOWS\KA.ini -->01/07/2008 07:35:56 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 1956 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x44080000 0xd0000 7.00.6000.16705 C:\WINDOWS\system32\WININET.dll 0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x43e00000 0x45000 7.00.6000.16705 C:\WINDOWS\system32\iertutil.dll 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x44360000 0x5cd000 7.00.6000.16705 C:\WINDOWS\system32\ieframe.dll 0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll 0x44160000 0x127000 7.00.6000.16705 C:\WINDOWS\system32\urlmon.dll 0x00ff0000 0x6000 2.06.0000.6253 C:\Program Files\SiteAdvisor\6253\saHook.dll 0x10100000 0x16000 C:\Program Files\Logitech\SetPoint\lgscroll.dll 0x442b0000 0x3c000 7.00.6000.16705 C:\WINDOWS\system32\webcheck.dll 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x014a0000 0x1b000 11.05.0000.1158 C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll 0x10000000 0x13000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll 0x02980000 0xc000 6.00.0001.1091 C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll 0x14490000 0x12000 14.00.0000.0366 C:\Program Files\McAfee\VirusScan\scriptsn.dll 0x63380000 0x78000 5.07.0000.5730 C:\WINDOWS\system32\JScript.dll 0x73300000 0x65000 5.07.0000.5730 C:\WINDOWS\system32\VBScript.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x03300000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x03aa0000 0x222000 0.00.0000.0000 C:\Program Files\Xfire\xfire_toucan_33659.dll 0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.DLL 0x017e0000 0x2c000 C:\Program Files\WinRAR\rarext.dll 0x6c600000 0x29000 12.00.0172.0000 c:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll 0x01810000 0x12000 1.01.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll 0x01890000 0x1f000 1.04.0008.0000 C:\WINDOWS\system32\dla\tfswshx.dll 0x01330000 0xf000 1.04.0008.0000 C:\WINDOWS\system32\tfswapi.dll 0x02fb0000 0x9b000 1.04.0008.0000 C:\WINDOWS\system32\dla\tfswcres.dll 0x6d7c0000 0x7b000 6.00.0070.0006 C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll 0x02510000 0x2a000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll ------------------------------------------------------------------------------ explorer.exe pid: 8472 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x44080000 0xd0000 7.00.6000.16705 C:\WINDOWS\system32\WININET.dll 0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x43e00000 0x45000 7.00.6000.16705 C:\WINDOWS\system32\iertutil.dll 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll 0x00d10000 0x1b000 11.05.0000.1158 C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll 0x44360000 0x5cd000 7.00.6000.16705 C:\WINDOWS\system32\ieframe.dll 0x44160000 0x127000 7.00.6000.16705 C:\WINDOWS\system32\urlmon.dll 0x442b0000 0x3c000 7.00.6000.16705 C:\WINDOWS\system32\webcheck.dll 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x00d90000 0x6000 2.06.0000.6253 C:\Program Files\SiteAdvisor\6253\saHook.dll 0x10100000 0x16000 C:\Program Files\Logitech\SetPoint\lgscroll.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 796 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x01410000 0xae000 1.05.0540.0000 C:\WINDOWS\system32\WgaLogon.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll 0x748f0000 0x113000 8.90.1101.0000 C:\WINDOWS\system32\msxml3.dll ------------------------------------------------------------------------------ winlogon.exe pid: 904 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x00db0000 0xae000 1.05.0540.0000 C:\WINDOWS\system32\WgaLogon.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x748f0000 0x113000 8.90.1101.0000 C:\WINDOWS\system32\msxml3.dll Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est DCE1-8340 Répertoire de C:\WINDOWS\system32 10/08/2004 14:00 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 190 127 095 808 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est DCE1-8340 Répertoire de C:\WINDOWS\Downloaded Program Files 30/08/2008 10:03 <REP> . 30/08/2008 10:03 <REP> .. 06/05/2005 19:45 69 632 atl.dll 02/03/2007 14:49 1 443 408 banksht2.dll 09/01/2008 15:01 32 bdcore.dll 09/01/2008 15:01 118 784 bdupd.dll 31/08/2008 19:24 <REP> CONFLICT.1 01/09/2005 08:15 65 desktop.ini 25/07/2002 20:13 24 576 dwusplay.dll 25/07/2002 20:13 196 608 dwusplay.exe 25/06/2006 13:50 1 793 erma.inf 09/01/2008 15:01 53 248 ipsupd.dll 10/06/2005 12:44 417 792 isusweb.dll 26/02/2008 15:42 7 724 lang.ini 09/01/2008 15:01 32 libfn.dll 21/01/2008 17:43 130 live.ini 05/08/2008 13:33 117 584 McContentMgr.dll 24/05/2005 18:47 691 McGDMgr.inf 05/08/2008 13:32 359 768 McHealthCheck.dll 13/04/2005 14:46 678 mcinsctl.inf 05/08/2008 13:33 119 112 McLogMgr.dll 05/08/2008 13:32 536 912 McPlugins.dll 05/08/2008 13:34 240 976 McProdMgr.dll 29/05/2003 16:00 160 864 messengerstatsclient.dll 29/01/2007 10:46 234 536 MessengerStatsPAClient.dll 28/02/2007 14:21 130 472 MineSweeper.dll 29/05/2003 16:00 77 408 msgrchkr.dll 06/05/2005 19:45 413 696 msvcp60.dll 05/04/2007 21:13 1 183 370 mvt.cab 05/08/2008 13:31 308 576 MVT.dll 08/03/2007 12:06 1 025 mvt.inf 14/03/2007 14:34 321 128 MVTFrameworkWrapper.dll 14/03/2007 14:34 408 168 MVTPlugins.dll 09/01/2008 15:01 6 828 scanoptions.tsi 28/02/2007 14:21 142 248 SolitaireShowdown.dll 14/03/2007 14:35 196 200 SupportabilityFramework.dll 27/08/2005 14:30 5 065 swflash.inf 20/05/2008 20:32 267 568 sysreqlab3.dll 01/05/2008 14:28 667 SysReqLab3.osd 21/02/2006 12:56 246 424 unicows.dll 05/08/2008 13:30 147 456 Uploader.exe 19/02/2007 11:26 159 128 ZIntro.ocx 39 fichier(s) 8 120 372 octets Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1 31/08/2008 19:24 <REP> . 31/08/2008 19:24 <REP> .. 07/12/2004 17:07 32 bdcore.dll 25/05/2006 01:21 118 784 bdupd.dll 25/05/2006 01:21 53 248 ipsupd.dll 16/03/2005 12:34 7 407 lang.ini 07/12/2004 17:07 32 libfn.dll 13/02/2008 17:55 130 live.ini 23/02/2007 00:41 304 544 MessengerStatsPAClient.dll 28/02/2007 15:21 131 472 msgrchkr.dll 29/10/2007 16:45 1 244 oscan8.inf 25/10/2007 16:54 471 040 oscan8.ocx 14/03/2005 14:58 7 073 scanoptions.tsi 11 fichier(s) 1 095 006 octets Total des fichiers listés : 50 fichier(s) 9 215 378 octets 5 Rép(s) 190 127 091 712 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\America's Army\\System\\ArmyOps.exe"="C:\\Program Files\\America's Army\\System\\ArmyOps.exe:*:Enabled:ArmyOps" "C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s" "C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Disabled:LEXPPS.EXE" "C:\\Program Files\\Steam\\SteamApps\\common\\red orchestra\\System\\RedOrchestra.exe"="C:\\Program Files\\Steam\\SteamApps\\common\\red orchestra\\System\\RedOrchestra.exe:*:Enabled:RedOrchestra" "C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console" "C:\\Program Files\\HTTP-Tunnel\\HTTP-TunnelClient.exe"="C:\\Program Files\\HTTP-Tunnel\\HTTP-TunnelClient.exe:*:Enabled:HTTP-Tunnel Client" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Xfire\\Xfire.exe"="C:\\Program Files\\Xfire\\Xfire.exe:*:Enabled:Xfire" "C:\\Program Files\\Sierra\\FEARCombat\\fpupdate.exe"="C:\\Program Files\\Sierra\\FEARCombat\\fpupdate.exe:*:Enabled:fpupdate" "C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"="C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup" "C:\\Documents and Settings\\Pascal\\Mes documents\\Utilitaires\\edonkey\\eDonkey2000\\edonkey2000.exe"="C:\\Documents and Settings\\Pascal\\Mes documents\\Utilitaires\\edonkey\\eDonkey2000\\edonkey2000.exe:*:Enabled:edonkey2000" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\Steam\\steam.exe"="C:\\Program Files\\Steam\\steam.exe:*:Enabled:Steam" "C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare" "C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA" "C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent" "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Disabled:BitTorrent" "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare " "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-02 00:43:43 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:4d,18,8c,31,01,60,63,94,e0,b9,95,3f,95,18,93,df,40,fe,68,7c,66,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:4d,18,8c,31,01,60,63,94,e0,b9,95,3f,95,18,93,df,40,fe,68,7c,66,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:4d,18,8c,31,01,60,63,94,e0,b9,95,3f,95,18,93,df,40,fe,68,7c,66,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:4d,18,8c,31,01,60,63,94,e0,b9,95,3f,95,18,93,df,40,fe,68,7c,66,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:4d,18,8c,31,01,60,63,94,e0,b9,95,3f,95,18,93,df,40,fe,68,7c,66,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:4d,18,8c,31,01,60,63,94,e0,b9,95,3f,95,18,93,df,40,fe,68,7c,66,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:4d,18,8c,31,01,60,63,94,e0,b9,95,3f,95,18,93,df,40,fe,68,7c,66,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:4d,18,8c,31,01,60,63,94,e0,b9,95,3f,95,18,93,df,40,fe,68,7c,66,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:4d,18,8c,31,01,60,63,94,e0,b9,95,3f,95,18,93,df,40,fe,68,7c,66,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:4d,18,8c,31,01,60,63,94,e0,b9,95,3f,95,18,93,df,40,fe,68,7c,66,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:4d,18,8c,31,01,60,63,94,e0,b9,95,3f,95,18,93,df,40,fe,68,7c,66,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:4d,18,8c,31,01,60,63,94,e0,b9,95,3f,95,18,93,df,40,fe,68,7c,66,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:4d,18,8c,31,01,60,63,94,e0,b9,95,3f,95,18,93,df,40,fe,68,7c,66,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:4d,18,8c,31,01,60,63,94,e0,b9,95,3f,95,18,93,df,40,fe,68,7c,66,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet015\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:4d,18,8c,31,01,60,63,94,e0,b9,95,3f,95,18,93,df,40,fe,68,7c,66,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet016\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:4d,18,8c,31,01,60,63,94,e0,b9,95,3f,95,18,93,df,40,fe,68,7c,66,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s0"=dword:761d2002 "s1"=dword:782b8c26 "s2"=dword:7166f35b "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:4d,18,8c,31,01,60,63,94,e0,b9,95,3f,95,18,93,df,40,fe,68,7c,66,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet018\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:4d,18,8c,31,01,60,63,94,e0,b9,95,3f,95,18,93,df,40,fe,68,7c,66,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 300 - DLLML.exe 308 - VolPanel.exe 332 - SiteAdv.exe 344 - mcagent.exe 356 - McAfeeDataBacku 376 - svchost.exe 388 - LVComSer.exe 424 - ehtray.exe 464 - DVDLauncher.exe 480 - tfswctrl.exe 488 - CTHELPER.EXE 496 - LCDMon.exe 504 - LGDCore.exe 512 - Quickcam.exe 564 - Communications_ 584 - mcrdsvc.exe 592 - EKIJ5000MUI.exe 708 - rundll32.exe 716 - avgas.exe 728 - GoogleToolbarNo 744 - ctfmon.exe 772 - csrss.exe 776 - dlbcserv.exe 796 - winlogon.exe 844 - services.exe 856 - lsass.exe 904 - winlogon.exe 1036 - svchost.exe 1116 - svchost.exe 1152 - LCDClock.exe 1212 - svchost.exe 1252 - svchost.exe 1324 - svchost.exe 1356 - LCDCountdown.ex 1396 - svchost.exe 1468 - KEM.exe 1480 - LCDPop3.exe 1504 - LCDMedia.exe 1624 - spoolsv.exe 1636 - CTXFISPI.EXE 1668 - LVPrcSrv.exe 1676 - LEXPPS.EXE 1872 - DVDLauncher.exe 1876 - KHALMNPR.exe 1956 - explorer.exe 2052 - svchost.exe 2984 - guard.exe 3024 - ehrecvr.exe 3048 - ehSched.exe 3224 - LVComSer.exe 3520 - mcmscsvc.exe 3564 - McNASvc.exe 3688 - McProxy.exe 3716 - Mcshield.exe 3840 - MpfSrv.exe 3972 - msksrver.exe 4004 - nvsvc32.exe 4060 - PnkBstrA.exe 4192 - dllhost.exe 4592 - alg.exe 5160 - COCIManager.exe 5308 - KEM.exe 5460 - mcsysmon.exe 5700 - CTHELPER.EXE 6548 - csrss.exe 6596 - dlbcserv.exe 7200 - ehtray.exe 7236 - mcagent.exe 7476 - iexplore.exe 7532 - steam.exe 7716 - LVComSer.exe 8016 - Xfire.exe 8340 - KHALMNPR.exe 8464 - cmd.exe 8472 - explorer.exe 8756 - DLLML.exe 8804 - VolPanel.exe 8832 - SiteAdv.exe 9232 - tfswctrl.exe 9360 - LCDMon.exe 9428 - LGDCore.exe 9548 - Quickcam.exe 9568 - rundll32.exe 9592 - Communications_ 9624 - EKIJ5000MUI.exe 9756 - avgas.exe 9780 - LCDClock.exe 9852 - LCDCountdown.ex 9864 - ctfmon.exe 9916 - LCDPop3.exe 9952 - LCDMedia.exe 10020 - COCIManager.exe 10036 - CTXFISPI.EXE 10068 - GoogleToolbarNo 10356 - iexplore.exe 12000 - WLLoginProxy.ex Total number of processes = 97 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntkrnlpa.exe 806E2000 - \WINDOWS\system32\hal.dll BA5A8000 - \WINDOWS\system32\KDCOM.DLL BA4B8000 - \WINDOWS\system32\BOOTVID.dll B9ED7000 - sptd.sys BA5AA000 - \WINDOWS\System32\Drivers\WMILIB.SYS B9EBF000 - \WINDOWS\System32\Drivers\SPTD9533.SYS B9E90000 - ACPI.sys B9E7F000 - pci.sys BA0A8000 - isapnp.sys BA670000 - pciide.sys BA328000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS BA0B8000 - MountMgr.sys B9E60000 - ftdisk.sys BA5AC000 - dmload.sys B9E3A000 - dmio.sys BA330000 - PartMgr.sys BA0C8000 - VolSnap.sys B9E22000 - atapi.sys B9D4D000 - iastor.sys BA0D8000 - disk.sys BA0E8000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS B9D2D000 - fltMgr.sys B9D1B000 - sr.sys B9D05000 - drvmcdb.sys BA0F8000 - PxHelp20.sys B9CEE000 - KSecDD.sys B9CDB000 - WudfPf.sys B9C4E000 - Ntfs.sys B9C21000 - NDIS.sys B9C0D000 - sfvfs02.sys BA338000 - sfhlp02.sys BA5AE000 - sfhlp01.sys B9BFB000 - sfdrv01.sys BA5B0000 - prosync1.sys B9BE3000 - \WINDOWS\System32\drivers\SCSIPORT.SYS B9BC7000 - prohlp02.sys B9BAC000 - Mup.sys BA1E8000 - \SystemRoot\system32\DRIVERS\intelppm.sys B7A6F000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys B7A5B000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS B7A2E000 - \SystemRoot\system32\DRIVERS\e1e5132.sys BA348000 - \SystemRoot\system32\DRIVERS\usbuhci.sys B7A0B000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS BA358000 - \SystemRoot\system32\DRIVERS\usbehci.sys B799F000 - \SystemRoot\system32\drivers\ctaud2k.sys B797D000 - \SystemRoot\system32\drivers\portcls.sys B8836000 - \SystemRoot\system32\drivers\drmk.sys B795A000 - \SystemRoot\system32\drivers\ks.sys B7928000 - \SystemRoot\system32\drivers\ctoss2k.sys BA360000 - \SystemRoot\system32\drivers\ctprxy2k.sys B7903000 - \SystemRoot\system32\DRIVERS\hcwPP2.sys B8816000 - \SystemRoot\system32\DRIVERS\imapi.sys BA62A000 - \SystemRoot\system32\drivers\sscdbhk5.sys B8806000 - \SystemRoot\system32\DRIVERS\cdrom.sys B87F6000 - \SystemRoot\system32\DRIVERS\redbook.sys BA767000 - \SystemRoot\system32\DRIVERS\audstub.sys B8140000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys B9B77000 - \SystemRoot\system32\DRIVERS\ndistapi.sys B78EC000 - \SystemRoot\system32\DRIVERS\ndiswan.sys B8130000 - \SystemRoot\system32\DRIVERS\raspppoe.sys B8120000 - \SystemRoot\system32\DRIVERS\raspptp.sys BA368000 - \SystemRoot\system32\DRIVERS\TDI.SYS B78DB000 - \SystemRoot\system32\DRIVERS\psched.sys B8110000 - \SystemRoot\system32\DRIVERS\msgpc.sys BA370000 - \SystemRoot\system32\DRIVERS\ptilink.sys BA378000 - \SystemRoot\system32\DRIVERS\raspti.sys B78AA000 - \SystemRoot\system32\DRIVERS\rdpdr.sys B8100000 - \SystemRoot\system32\DRIVERS\termdd.sys BA380000 - \SystemRoot\system32\DRIVERS\kbdclass.sys BA388000 - \SystemRoot\system32\DRIVERS\mouclass.sys BA640000 - \SystemRoot\system32\DRIVERS\swenum.sys B7851000 - \SystemRoot\system32\DRIVERS\update.sys B9B5F000 - \SystemRoot\system32\DRIVERS\mssmbios.sys AB4FC000 - \SystemRoot\System32\Drivers\NDProxy.SYS AB4DC000 - \SystemRoot\system32\DRIVERS\usbhub.sys ABE78000 - \SystemRoot\system32\DRIVERS\USBD.SYS A2EC5000 - \SystemRoot\system32\drivers\ha20x2k.sys A2E98000 - \SystemRoot\system32\drivers\emupia2k.sys A2E71000 - \SystemRoot\system32\drivers\ctsfm2k.sys A2DD5000 - \SystemRoot\system32\drivers\ctac32k.sys ABE76000 - \SystemRoot\System32\Drivers\i2omgmt.SYS ABE74000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS AA1A2000 - \SystemRoot\System32\Drivers\Null.SYS ABE72000 - \SystemRoot\System32\Drivers\Beep.SYS ABBD9000 - \SystemRoot\system32\drivers\ssrtln.sys AA1A1000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys ABBD1000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS ABBC9000 - \SystemRoot\System32\drivers\vga.sys ABE6E000 - \SystemRoot\System32\Drivers\mnmdd.SYS ABE6C000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys ABBC1000 - \SystemRoot\System32\Drivers\Msfs.SYS ABBB9000 - \SystemRoot\System32\Drivers\Npfs.SYS ABD91000 - \SystemRoot\system32\DRIVERS\rasacd.sys A2DA2000 - \SystemRoot\system32\DRIVERS\ipsec.sys A2D4A000 - \SystemRoot\system32\DRIVERS\tcpip.sys A2D26000 - \SystemRoot\System32\Drivers\Mpfp.sys A2D05000 - \SystemRoot\system32\DRIVERS\ipnat.sys AB4BC000 - \SystemRoot\system32\DRIVERS\wanarp.sys AB4AC000 - \SystemRoot\System32\DRIVERS\ipfltdrv.sys A2CDD000 - \SystemRoot\system32\DRIVERS\netbt.sys A2CBB000 - \SystemRoot\System32\drivers\afd.sys AB49C000 - \SystemRoot\system32\DRIVERS\netbios.sys A2C90000 - \SystemRoot\system32\DRIVERS\rdbss.sys AAAF4000 - \SystemRoot\System32\drivers\prodrv06.sys A2C21000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys A2BF1000 - \SystemRoot\system32\drivers\mfehidk.sys A93EC000 - \SystemRoot\System32\Drivers\Fips.SYS 9A4A7000 - \SystemRoot\system32\DRIVERS\usbccgp.sys 9A49F000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS 9B5B6000 - \SystemRoot\system32\DRIVERS\hidusb.sys 9B1F8000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 9B1E8000 - \SystemRoot\system32\drivers\LVUSBSta.sys 99870000 - \SystemRoot\system32\DRIVERS\LVMVDrv.sys 99739000 - \SystemRoot\system32\DRIVERS\LV302V32.SYS AD11B000 - \SystemRoot\system32\DRIVERS\lv302af.sys 9B1D8000 - \SystemRoot\system32\drivers\usbaudio.sys 99537000 - \SystemRoot\system32\DRIVERS\LVcKap.sys 9B0D0000 - \SystemRoot\system32\DRIVERS\kbdhid.sys 99F2D000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys 9B0CC000 - \SystemRoot\system32\DRIVERS\mouhid.sys 9A55C000 - \SystemRoot\System32\Drivers\Cdfs.SYS 9943F000 - \SystemRoot\System32\Drivers\dump_iastor.sys BF800000 - \SystemRoot\System32\win32k.sys A9319000 - \SystemRoot\System32\drivers\Dxapi.sys 9A467000 - \SystemRoot\System32\watchdog.sys BF000000 - \SystemRoot\System32\drivers\dxg.sys 9AAA5000 - \SystemRoot\System32\drivers\dxgthk.sys B87C6000 - \SystemRoot\system32\drivers\drvnddm.sys BA70F000 - \SystemRoot\system32\dla\tfsndres.sys 9895D000 - \SystemRoot\system32\dla\tfsnifs.sys B0144000 - \SystemRoot\system32\dla\tfsnopio.sys AB8AD000 - \SystemRoot\system32\dla\tfsnpool.sys AA9F5000 - \SystemRoot\system32\dla\tfsnboio.sys B87B6000 - \SystemRoot\system32\dla\tfsncofs.sys BA710000 - \SystemRoot\system32\dla\tfsndrct.sys 98944000 - \SystemRoot\system32\dla\tfsnudf.sys 9892B000 * --[Hidden]-- AC19C000 - \SystemRoot\system32\DRIVERS\ndisuio.sys 9889E000 - \SystemRoot\system32\drivers\wdmaud.sys B87E6000 - \SystemRoot\system32\drivers\sysaudio.sys 9784C000 - \SystemRoot\system32\DRIVERS\mrxdav.sys 97809000 - \SystemRoot\system32\DRIVERS\atksgt.sys 977A0000 - \SystemRoot\System32\Drivers\HTTP.sys BA3E0000 - \SystemRoot\system32\DRIVERS\lirsgt.sys 9763B000 - \SystemRoot\system32\DRIVERS\srv.sys AC288000 - \SystemRoot\system32\drivers\MSPQM.sys 97127000 - \SystemRoot\system32\DRIVERS\secdrv.sys BA448000 - \SystemRoot\system32\drivers\mfebopk.sys 96EEA000 - \SystemRoot\system32\drivers\mfeavfk.sys AE5C5000 - \SystemRoot\system32\DRIVERS\LVPr2Mon.sys 96C9C000 - \SystemRoot\system32\drivers\mfesmfk.sys AAA05000 - \??\C:\DOCUME~1\Pascal\LOCALS~1\Temp\catchme.sys BFF50000 - \SystemRoot\System32\TSDDD.dll 93C97000 - \SystemRoot\system32\drivers\kmixer.sys BF012000 - \SystemRoot\System32\nv4_disp.dll BA68D000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 157 Liste des programmes installes Adobe Acrobat - Reader 6.0.2 Update Adobe Flash Player ActiveX Adobe Reader 6.0.1 - Français Adobe Shockwave Player aiofw aioocr aioprnt aioscnnr Archiveur WinRAR Assistant de connexion Windows Live AutoUpdate AVG Anti-Spyware 7.5 Barre d'outils Outlook de Windows Live (Windows Live Toolbar) Bloqueur de fenêtres pop-up (Windows Live Toolbar) Bob L'éponge - Silence on tourne ! Call of Duty® 2 Call of Duty® 2 Call of Duty® 2 Patch 1.3 Call of Duty® 4 - Modern Warfare Call of Duty® 4 - Modern Warfare Call of Duty® 4 - Modern Warfare 1.3 Patch Call of Duty® 4 - Modern Warfare 1.4 Patch Call of Duty® 4 - Modern Warfare 1.4 Patch Call of Duty® 4 - Modern Warfare 1.5 Multiplayer Patch Call of Duty® 4 - Modern Warfare 1.6 Patch Call of Duty® 4 - Modern Warfare 1.6 Patch Call of Duty® 4 - Modern Warfare 1.7 Patch Call of Duty® 4 - Modern Warfare 1.7 Patch CCleaner (remove only) center Coffret de pilotes Logitech Legacy USB Camera Coffret de pilotes Logitech QuickCam Correctif n° 2 pour Windows XP Édition Media Center 2005 Correctif pour Lecteur Windows Media 11 (KB939683) Correctif pour Windows Internet Explorer 7 (KB947864) Correctif pour Windows XP (KB888795) Correctif pour Windows XP (KB891593) Correctif pour Windows XP (KB896256) Correctif pour Windows XP (KB899337) Correctif pour Windows XP (KB899510) Correctif pour Windows XP (KB902841) Correctif pour Windows XP (KB906569) Correctif pour Windows XP (KB914440) Correctif pour Windows XP (KB952287) Correctif Windows XP - KB873339 Correctif Windows XP - KB885250 Correctif Windows XP - KB885835 Correctif Windows XP - KB885836 Correctif Windows XP - KB886185 Correctif Windows XP - KB887472 Correctif Windows XP - KB887742 Correctif Windows XP - KB888113 Correctif Windows XP - KB888302 Correctif Windows XP - KB888310 Correctif Windows XP - KB889673 Correctif Windows XP - KB890175 Correctif Windows XP - KB890859 Correctif Windows XP - KB891781 Correctif Windows XP - KB895961 Creative MediaSource Dell Driver Reset Tool Dell System Restore DivX Codec DivX Content Uploader DivX Converter DivX Player DivX Web Player Détecteur de flux Windows Live Toolbar (Windows Live Toolbar) eMule Extension de Windows Live Toolbar (Windows Live Toolbar) Free - Kit de connexion Google Toolbar for Internet Explorer Help_CTR helptut helpug High Definition Audio Driver Package - KB835221 HijackThis 2.0.2 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) Intel® PRO Network Connections Drivers Intel® PROSet for Wired Connections Internet Explorer Default Page Java 2 Runtime Environment, SE v1.4.2_03 Java 6 Update 7 ksdip Lapin Malin CE1 Lapin Malin Cours Préparatoire + Atelier de dessin & de musique Lecteur Windows Media 11 Logiciel pour imprimante multifonction KODAK Logitech Audio Echo Cancellation Component Logitech GamePanel Software 2.02 Logitech QuickCam Logitech SetPoint Logitech Video Enumerator Magellan POI File Editor Malwarebytes' Anti-Malware McAfee SecurityCenter MCU Menus intelligents (Windows Live Toolbar) Messenger Plus! Live Microsoft .NET Framework 1.0 Hotfix (KB887998) Microsoft .NET Framework 1.0 Hotfix (KB930494) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2000 Professional Microsoft Office PowerPoint Viewer 2003 Microsoft User-Mode Driver Framework Feature Pack 1.0 Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782) Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838) Mise à jour de sécurité pour Windows XP (KB890046) Mise à jour de sécurité pour Windows XP (KB893066) Mise à jour de sécurité pour Windows XP (KB893756) Mise à jour de sécurité pour Windows XP (KB896358) Mise à jour de sécurité pour Windows XP (KB896422) Mise à jour de sécurité pour Windows XP (KB896423) Mise à jour de sécurité pour Windows XP (KB896424) Mise à jour de sécurité pour Windows XP (KB896428) Mise à jour de sécurité pour Windows XP (KB896688) Mise à jour de sécurité pour Windows XP (KB899587) Mise à jour de sécurité pour Windows XP (KB899588) Mise à jour de sécurité pour Windows XP (KB899589) Mise à jour de sécurité pour Windows XP (KB899591) Mise à jour de sécurité pour Windows XP (KB900725) Mise à jour de sécurité pour Windows XP (KB901017) Mise à jour de sécurité pour Windows XP (KB901190) Mise à jour de sécurité pour Windows XP (KB901214) Mise à jour de sécurité pour Windows XP (KB902400) Mise à jour de sécurité pour Windows XP (KB904706) Mise à jour de sécurité pour Windows XP (KB905414) Mise à jour de sécurité pour Windows XP (KB905749) Mise à jour de sécurité pour Windows XP (KB905915) Mise à jour de sécurité pour Windows XP (KB908519) Mise à jour de sécurité pour Windows XP (KB908531) Mise à jour de sécurité pour Windows XP (KB911280) Mise à jour de sécurité pour Windows XP (KB911562) Mise à jour de sécurité pour Windows XP (KB911567) Mise à jour de sécurité pour Windows XP (KB911927) Mise à jour de sécurité pour Windows XP (KB912812) Mise à jour de sécurité pour Windows XP (KB912919) Mise à jour de sécurité pour Windows XP (KB913446) Mise à jour de sécurité pour Windows XP (KB913580) Mise à jour de sécurité pour Windows XP (KB914388) Mise à jour de sécurité pour Windows XP (KB914389) Mise à jour de sécurité pour Windows XP (KB916281) Mise à jour de sécurité pour Windows XP (KB917159) Mise à jour de sécurité pour Windows XP (KB917344) Mise à jour de sécurité pour Windows XP (KB917422) Mise à jour de sécurité pour Windows XP (KB917953) Mise à jour de sécurité pour Windows XP (KB918118) Mise à jour de sécurité pour Windows XP (KB918439) Mise à jour de sécurité pour Windows XP (KB918899) Mise à jour de sécurité pour Windows XP (KB919007) Mise à jour de sécurité pour Windows XP (KB920213) Mise à jour de sécurité pour Windows XP (KB920214) Mise à jour de sécurité pour Windows XP (KB920670) Mise à jour de sécurité pour Windows XP (KB920683) Mise à jour de sécurité pour Windows XP (KB920685) Mise à jour de sécurité pour Windows XP (KB921398) Mise à jour de sécurité pour Windows XP (KB921503) Mise à jour de sécurité pour Windows XP (KB921883) Mise à jour de sécurité pour Windows XP (KB922616) Mise à jour de sécurité pour Windows XP (KB922760) Mise à jour de sécurité pour Windows XP (KB922819) Mise à jour de sécurité pour Windows XP (KB923191) Mise à jour de sécurité pour Windows XP (KB923414) Mise à jour de sécurité pour Windows XP (KB923689) Mise à jour de sécurité pour Windows XP (KB923694) Mise à jour de sécurité pour Windows XP (KB923980) Mise à jour de sécurité pour Windows XP (KB924191) Mise à jour de sécurité pour Windows XP (KB924270) Mise à jour de sécurité pour Windows XP (KB924496) Mise à jour de sécurité pour Windows XP (KB924667) Mise à jour de sécurité pour Windows XP (KB925454) Mise à jour de sécurité pour Windows XP (KB925486) Mise à jour de sécurité pour Windows XP (KB925902) Mise à jour de sécurité pour Windows XP (KB926255) Mise à jour de sécurité pour Windows XP (KB926436) Mise à jour de sécurité pour Windows XP (KB927779) Mise à jour de sécurité pour Windows XP (KB927802) Mise à jour de sécurité pour Windows XP (KB928255) Mise à jour de sécurité pour Windows XP (KB928843) Mise à jour de sécurité pour Windows XP (KB929123) Mise à jour de sécurité pour Windows XP (KB930178) Mise à jour de sécurité pour Windows XP (KB931261) Mise à jour de sécurité pour Windows XP (KB931784) Mise à jour de sécurité pour Windows XP (KB932168) Mise à jour de sécurité pour Windows XP (KB933729) Mise à jour de sécurité pour Windows XP (KB935839) Mise à jour de sécurité pour Windows XP (KB935840) Mise à jour de sécurité pour Windows XP (KB936021) Mise à jour de sécurité pour Windows XP (KB937894) Mise à jour de sécurité pour Windows XP (KB938829) Mise à jour de sécurité pour Windows XP (KB941202) Mise à jour de sécurité pour Windows XP (KB941568) Mise à jour de sécurité pour Windows XP (KB941569) Mise à jour de sécurité pour Windows XP (KB941644) Mise à jour de sécurité pour Windows XP (KB941693) Mise à jour de sécurité pour Windows XP (KB943055) Mise à jour de sécurité pour Windows XP (KB943460) Mise à jour de sécurité pour Windows XP (KB943485) Mise à jour de sécurité pour Windows XP (KB944653) Mise à jour de sécurité pour Windows XP (KB945553) Mise à jour de sécurité pour Windows XP (KB946026) Mise à jour de sécurité pour Windows XP (KB946648) Mise à jour de sécurité pour Windows XP (KB948590) Mise à jour de sécurité pour Windows XP (KB948881) Mise à jour de sécurité pour Windows XP (KB950749) Mise à jour de sécurité pour Windows XP (KB950760) Mise à jour de sécurité pour Windows XP (KB950762) Mise à jour de sécurité pour Windows XP (KB950974) Mise à jour de sécurité pour Windows XP (KB951066) Mise à jour de sécurité pour Windows XP (KB951376-v2) Mise à jour de sécurité pour Windows XP (KB951376) Mise à jour de sécurité pour Windows XP (KB951698) Mise à jour de sécurité pour Windows XP (KB951748) Mise à jour de sécurité pour Windows XP (KB952954) Mise à jour de sécurité pour Windows XP (KB953839) Mise à jour pour Lecteur Windows Media 10 (KB910393) Mise à jour pour Lecteur Windows Media 10 (KB913800) Mise à jour pour Lecteur Windows Media 10 (KB926251) Mise à jour pour Windows XP (KB894391) Mise à jour pour Windows XP (KB898461) Mise à jour pour Windows XP (KB900485) Mise à jour pour Windows XP (KB904942) Mise à jour pour Windows XP (KB910437) Mise à jour pour Windows XP (KB916595) Mise à jour pour Windows XP (KB920872) Mise à jour pour Windows XP (KB922582) Mise à jour pour Windows XP (KB927891) Mise à jour pour Windows XP (KB929338) Mise à jour pour Windows XP (KB930916) Mise à jour pour Windows XP (KB931836) Mise à jour pour Windows XP (KB932823-v3) Mise à jour pour Windows XP (KB933360) Mise à jour pour Windows XP (KB936357) Mise à jour pour Windows XP (KB938828) Mise à jour pour Windows XP (KB942763) Mise à jour pour Windows XP (KB951072-v2) Moorhuhn Kart XXL (FR) Moorhuhn X - XXL (FR) MSI Live Update 3 MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MVision MyWay Search Assistant Navilog1 3.6.5 netbrdg Norton Security Scan NVIDIA Drivers OneCare Advisor (Windows Live Toolbar) OpenMG Secure Module 4.7.00 OpenMG Secure Module 4.7.00 OpenOffice.org Installer 1.0 Power Tab Librarian PowerDVD 5.5 PunkBuster Services QuickTime RealPlayer Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) SFR Shrek 2 Centre d'activités Sibelius Scorch Sibelius Scorch (ActiveX Only) Sonic Audio module Sonic DLA Sonic Encoders Sonic MyDVD LE Sonic RecordNow Copy Sonic RecordNow Data Sonic Riders Sonic Update Manager Sound Blaster X-Fi Steam Thrustmaster Force Feedback Driver Viewpoint Media Player WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live Favorites pour Windows Live Toolbar Windows Live installer Windows Live Messenger Windows Live Toolbar Windows Live Toolbar Windows Live Writer Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows XP Hotfix - KB890927 Windows XP Media Center Edition 2005 KB908246 Windows XP Media Center Edition 2005 KB925766 Xfire (remove only) Yahoo! Toolbar Yahoo! Toolbar avec bloqueur de fenêtres pop-up Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est DCE1-8340 Répertoire de C:\Program Files 01/09/2008 19:37 <REP> . 01/09/2008 19:37 <REP> .. 25/08/2008 21:46 <REP> Activision 10/01/2006 21:50 <REP> Adobe 29/08/2008 21:44 <REP> CCleaner 16/06/2008 20:25 <REP> Common Files 10/01/2006 21:48 <REP> Creative 10/01/2006 21:46 <REP> CyberLink 19/03/2006 15:44 <REP> Dell 25/10/2005 21:16 <REP> Dell Photo Printer 720 01/09/2007 09:33 <REP> directx 31/03/2007 09:53 <REP> DivX 22/03/2008 22:21 <REP> DNA 28/08/2008 21:13 <REP> eMule 11/07/2008 18:08 <REP> Fichiers communs 24/03/2006 23:11 <REP> Free.fr 29/08/2008 21:58 <REP> Google 29/08/2008 21:52 <REP> Grisoft 22/03/2008 22:10 <REP> Hewlett-Packard 23/03/2008 09:36 <REP> hp deskjet 940c series 20/08/2006 14:16 <REP> Intel 29/08/2008 19:50 <REP> Internet Explorer 29/08/2008 20:53 <REP> Java 19/04/2008 21:27 <REP> Kodak 28/07/2007 09:43 <REP> LaserMedia 06/04/2008 20:10 <REP> Logitech 12/09/2007 08:03 <REP> Magellan 30/08/2008 18:59 <REP> Malwarebytes' Anti-Malware 08/10/2007 17:07 <REP> Maxis 29/08/2008 20:48 <REP> McAfee 25/02/2007 16:51 <REP> McAfee.com 01/11/2007 00:38 <REP> MegaSpoof 16/08/2008 03:03 <REP> Messenger 21/10/2005 12:04 <REP> Messenger Plus! Live 26/06/2008 21:06 <REP> Microids 01/06/2007 20:12 <REP> Microsoft CAPICOM 2.1.0.2 22/07/2006 13:22 <REP> microsoft frontpage 22/07/2006 13:23 <REP> Microsoft Office 26/08/2008 13:33 <REP> Mindscape 01/09/2005 08:12 <REP> Movie Maker 09/08/2008 13:06 <REP> MSI 22/05/2006 22:04 <REP> MSN 01/09/2005 08:12 <REP> MSN Gaming Zone 14/03/2008 18:10 <REP> MSN Messenger 19/05/2007 10:05 <REP> MSXML 4.0 16/06/2007 10:52 <REP> MUSICMATCH 01/09/2008 19:47 <REP> Navilog1 01/09/2005 08:15 <REP> NetMeeting 29/08/2008 18:00 <REP> Norton Security Scan 07/08/2008 18:47 <REP> NVIDIA Corporation 07/08/2008 20:58 <REP> NVIDIA nTune Performance Application 01/09/2005 08:13 <REP> Online Services 14/06/2007 00:24 <REP> Outlook Express 27/09/2007 22:07 <REP> Power Tab Software 16/03/2008 12:58 <REP> QuickTime 14/05/2006 11:17 <REP> Real 01/07/2008 08:07 <REP> RegCleaner 22/04/2008 20:29 <REP> Sega 01/09/2005 08:15 <REP> Services en ligne 09/08/2008 13:05 <REP> Setup Files 12/04/2008 21:37 <REP> Sibelius Software 01/07/2008 07:45 <REP> Sierra 21/12/2007 23:25 <REP> SiteAdvisor 17/12/2006 13:22 <REP> Sonic 06/07/2008 10:35 <REP> Sony 29/11/2006 20:05 <REP> Spybot - Search & Destroy 01/09/2008 20:59 <REP> Steam 29/08/2008 20:54 <REP> Sun 03/07/2008 18:30 <REP> THQ 31/10/2007 14:48 <REP> Thrustmaster 30/08/2008 09:21 <REP> Trend Micro 01/07/2008 07:56 <REP> Ubisoft 14/05/2006 11:23 <REP> VideoLAN 10/01/2006 21:50 <REP> Viewpoint 31/01/2008 20:12 <REP> Wanadoo Edition 14/03/2008 18:12 <REP> Windows Live 30/11/2007 09:50 <REP> Windows Live Favorites 30/11/2007 09:50 <REP> Windows Live Toolbar 16/06/2008 21:58 <REP> Windows Media Connect 2 16/06/2008 20:34 <REP> Windows Media Player 01/09/2005 08:12 <REP> Windows NT 01/09/2005 08:12 <REP> Windows Plus 15/05/2007 18:50 <REP> WinRAR 20/01/2006 23:35 251 wt3d.ini 01/09/2005 08:18 <REP> xerox 29/08/2008 21:43 <REP> Yahoo! 1 fichier(s) 251 octets 85 Rép(s) 190 118 084 608 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est DCE1-8340 Répertoire de C:\Program Files\fichiers communs 11/07/2008 18:08 <REP> . 11/07/2008 18:08 <REP> .. 14/01/2006 12:07 <REP> Adobe 28/01/2006 20:47 <REP> AOL 22/07/2006 13:26 <REP> Designer 10/01/2006 21:52 <REP> InstallShield 10/01/2006 21:41 <REP> Java 24/04/2008 17:59 <REP> Knowledge Adventure 06/04/2008 12:42 <REP> LogiShrd 16/06/2007 10:31 <REP> Logitech 21/11/2007 10:14 <REP> McAfee 01/07/2008 07:35 <REP> Microsoft Shared 01/09/2005 08:15 <REP> MSSoap 10/01/2006 21:50 <REP> Nullsoft 14/05/2006 11:17 <REP> Real 01/09/2005 08:15 <REP> Services 25/03/2007 01:28 <REP> Sonic Shared 06/07/2008 10:35 <REP> Sony Shared 01/09/2005 08:08 <REP> SpeechEngines 29/08/2008 18:01 <REP> Symantec Shared 14/06/2007 00:24 <REP> System 10/01/2006 21:51 <REP> TiVo Shared 14/05/2006 11:17 <REP> xing shared 0 fichier(s) 0 octets 23 Rép(s) 190 118 084 608 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est DCE1-8340 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 22/07/2006 13:27 <REP> . 22/07/2006 13:27 <REP> .. 18/05/2001 17:57 561 209 MSONSEXT.DLL 03/06/1999 14:09 122 937 MSOWS409.DLL 07/03/2001 09:00 127 033 MSOWS40c.DLL 18/03/1999 06:37 593 977 RAGENT.DLL 4 fichier(s) 1 405 156 octets 2 Rép(s) 190 118 084 608 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est DCE1-8340 Répertoire de C:\Program Files\common files 16/06/2008 20:25 <REP> . 16/06/2008 20:25 <REP> .. 16/06/2008 20:25 <REP> Sony Shared 0 fichier(s) 0 octets 3 Rép(s) 190 118 084 608 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est DCE1-8340 Répertoire de C:\ 30/08/2008 09:21 812 344 hijackthis_hijackthis_2.02_anglais_17891.exe 24/05/2001 12:59 162 304 UNWISE.EXE 2 fichier(s) 974 648 octets 0 Rép(s) 190 118 084 608 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est DCE1-8340 Répertoire de C:\ c:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\2149MRWN\XP051A07[1].EXE c:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\2149MRWN\XP051A07[2].EXE c:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\9KDMU2IR\R106303[1].EXE c:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\9KDMU2IR\XP051A07[1].EXE c:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\W8S7FU9T\R180808-3[1].exe c:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\W8S7FU9T\XP051A07[1].EXE c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\QuickTime 7.1.3.100\QuickTimeInstallerAdmin.exe c:\Documents and Settings\All Users\Application Data\Eastman Kodak Company\AiO Home Center Product Updater\1.0.0.0\setup.exe c:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0002_46425\Setup.exe c:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\ess\netbrdg\brdg_r.exe c:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\wtf\finish.exe c:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\wtf\start.exe c:\Documents and Settings\Frédérique\Application Data\Microsoft\kokukequoo.exe c:\Documents and Settings\Frédérique\Bureau\yetisports 7.exe c:\Documents and Settings\Frédérique\Bureau\yetisports1.exe c:\Documents and Settings\Frédérique\Bureau\yetisports2.exe c:\Documents and Settings\Frédérique\Bureau\yetisports3.exe c:\Documents and Settings\Frédérique\Bureau\yetisports4.exe c:\Documents and Settings\Frédérique\Bureau\yetisports5.exe c:\Documents and Settings\Frédérique\Bureau\yetisports6.exe c:\Documents and Settings\Frédérique\Bureau\yetisports8.exe c:\Documents and Settings\LocalService\Application Data\Microsoft\kokukequoo.exe c:\Documents and Settings\Pascal\Application Data\McAfee\Supportability\MVTLogs\mpsdbchk.exe c:\Documents and Settings\Pascal\Application Data\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe c:\Documents and Settings\Pascal\Application Data\Microsoft\Installer\{843081BD-351F-46FC-8A17-517A0D9117A3}\ARPPRODUCTICON.exe c:\Documents and Settings\Pascal\Application Data\Microsoft\Installer\{843081BD-351F-46FC-8A17-517A0D9117A3}\NewShortcut1_843081BD351F46FC8A17517A0D9117A3.exe c:\Documents and Settings\Pascal\Application Data\Microsoft\Installer\{843081BD-351F-46FC-8A17-517A0D9117A3}\NewShortcut2_843081BD351F46FC8A17517A0D9117A3.exe c:\Documents and Settings\Pascal\Application Data\Microsoft\Installer\{843081BD-351F-46FC-8A17-517A0D9117A3}\NewShortcut3_843081BD351F46FC8A17517A0D9117A3.exe c:\Documents and Settings\Pascal\Application Data\Microsoft\Installer\{843081BD-351F-46FC-8A17-517A0D9117A3}\NewShortcut4_843081BD351F46FC8A17517A0D9117A3.exe c:\Documents and Settings\Pascal\Application Data\Microsoft\Installer\{843081BD-351F-46FC-8A17-517A0D9117A3}\NewShortcut5_843081BD351F46FC8A17517A0D9117A3.exe c:\Documents and Settings\Pascal\Application Data\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe c:\Documents and Settings\Pascal\Application Data\Microsoft\Installer\{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}\ARPPRODUCTICON.exe c:\Documents and Settings\Pascal\Application Data\Microsoft\Installer\{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}\NewShortcut1_DC626A21EDF140C78F2FD2BA7535529F.exe c:\Documents and Settings\Pascal\Application Data\Microsoft\Installer\{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}\NewShortcut2_DC626A21EDF140C78F2FD2BA7535529F.exe c:\Documents and Settings\Pascal\Application Data\Microsoft\Installer\{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}\NewShortcut3_DC626A21EDF140C78F2FD2BA7535529F.exe c:\Documents and Settings\Pascal\Application Data\Microsoft\Installer\{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}\NewShortcut4_DC626A21EDF140C78F2FD2BA7535529F.exe c:\Documents and Settings\Pascal\Application Data\Microsoft\Installer\{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}\NewShortcut5_DC626A21EDF140C78F2FD2BA7535529F.exe c:\Documents and Settings\Pascal\Application Data\Microsoft\Installer\{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}\NewShortcut6_DC626A21EDF140C78F2FD2BA7535529F.exe c:\Documents and Settings\Pascal\Application Data\Microsoft\Installer\{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}\NewShortcut7_DC626A21EDF140C78F2FD2BA7535529F.exe c:\Documents and Settings\Pascal\Application Data\Microsoft\Installer\{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}\NewShortcut8_DC626A21EDF140C78F2FD2BA7535529F.exe c:\Documents and Settings\Pascal\Application Data\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe c:\Documents and Settings\Pascal\Application Data\MSNInstaller\msnauins.exe c:\Documents and Settings\Pascal\Local Settings\Application Data\Eastman_Kodak_Company\AiOHomeCenter.exe_StrongName_h2jkkt3om0ki15qrplv254tjzyxeklfc c:\Documents and Settings\Pascal\Local Settings\Temp\ycomp_setup.exe c:\Documents and Settings\Pascal\Local Settings\Temp\ICD4.tmp\jinstall.exe c:\Documents and Settings\Pascal\Local Settings\Temp\jkos-Pascal\binaries\ScanningProcess.exe c:\Documents and Settings\Pascal\Mes documents\Install_MSN_Messenger.EXE c:\Documents and Settings\Pascal\Mes documents\Mises à jour de programme téléchargées\Update Manager\Mise à jour DLA 4.98\dla498.exe c:\Documents and Settings\Pascal\Mes documents\Utilitaires\2007_FFD_3.exe c:\Documents and Settings\Pascal\Mes documents\Utilitaires\eMule0.48a-Installer.exe c:\Documents and Settings\Pascal\Mes documents\Utilitaires\RealPlayer10-5GOLD_fr.exe c:\Documents and Settings\Pascal\Mes documents\Utilitaires\uninstallupdatemanager.exe c:\Documents and Settings\Pascal\Mes documents\Utilitaires\alcohol120\alcohol120_trial_1[1].9.5.3823.exe c:\Documents and Settings\Pascal\Mes documents\Utilitaires\bios\R180808-3.exe c:\Documents and Settings\Pascal\Mes documents\Utilitaires\bios\XP051A07.EXE c:\Documents and Settings\Pascal\Mes documents\Utilitaires\drivers\freebox\drivfbxusb.exe c:\Documents and Settings\Pascal\Mes documents\Utilitaires\drivers\graphique\162.18_forceware_winxp_32bit_english_whql.exe c:\Documents and Settings\Pascal\Mes documents\Utilitaires\drivers\graphique\169.21_forceware_winxp_32bit_international_whql.exe c:\Documents and Settings\Pascal\Mes documents\Utilitaires\drivers\graphique\175.19_geforce_winxp_32bit_international_whql.exe c:\Documents and Settings\Pascal\Mes documents\Utilitaires\drivers\graphique\81.98_forceware_winxpmce_international_whql.exe c:\Documents and Settings\Pascal\Mes documents\Utilitaires\drivers\graphique\91.31_winxp2kmce_international_whql.exe c:\Documents and Settings\Pascal\Mes documents\Utilitaires\drivers\graphique\R106303.EXE c:\Documents and Settings\Pascal\Mes documents\Utilitaires\drivers\graphique\NVIDIA_175.16_2KXP\NVIDIA_175.16_2KXP\nvudisp.exe c:\Documents and Settings\Pascal\Mes documents\Utilitaires\drivers\graphique\NVIDIA_175.16_2KXP\NVIDIA_175.16_2KXP\setup.exe c:\Documents and Settings\Pascal\Mes documents\Utilitaires\drivers\graphique\NVIDIA_175.16_2KXP\NVIDIA_175.16_2KXP\winsys2.exe c:\Documents and Settings\Pascal\Mes documents\Utilitaires\drivers\printerkodak\install_aio.exe c:\Documents and Settings\Pascal\Mes documents\Utilitaires\hijackthis\HIJACKTHIS VF.exe c:\Documents and Settings\Pascal\Mes documents\Utilitaires\hijackthis\LSPFix VF.exe c:\Documents and Settings\Pascal\Mes documents\Utilitaires\hijackthis\regsupreme_regsupreme_1.4.0.46_francais_15395.exe c:\Documents and Settings\Pascal\Mes documents\Utilitaires\nlite\dotnetfx.exe c:\Documents and Settings\Pascal\Mes documents\Utilitaires\nlite\nlite_nlite_1.0_rc5i_francais_13152.exe c:\Documents and Settings\Pascal\Mes documents\Utilitaires\rivatuner\RivaTuner20RC158-[Guru3D.com].exe c:\Documents and Settings\Pascal\Mes documents\Utilitaires\rivatuner\Guru3D.com\setup\RivaTuner20RC158.exe c:\Documents and Settings\Pascal\Mes documents\Utilitaires\winrare\rarx320.exe c:\Documents and Settings\Pascal\Mes documents\Utilitaires\winrare\wrar351fr.exe c:\Documents and Settings\Pascal\Mes documents\Utilitaires\xfire\xfire_installer_20809.exe c:\Documents and Settings\Paul-Emile\.housecall6.6\getMac.exe c:\Documents and Settings\Paul-Emile\.housecall6.6\patch.exe c:\Documents and Settings\Paul-Emile\.housecall6.6\TSC.exe c:\Documents and Settings\Paul-Emile\Application Data\Microsoft\Installer\{B1A295B9-342B-482B-96F3-FD644B3C2963}\ARPPRODUCTICON.exe c:\Documents and Settings\Paul-Emile\Bureau\COD4MW (D)\instmsia.exe c:\Documents and Settings\Paul-Emile\Bureau\COD4MW (D)\instmsiw.exe c:\Documents and Settings\Paul-Emile\Bureau\COD4MW (D)\pbsvc.exe c:\Documents and Settings\Paul-Emile\Bureau\COD4MW (D)\setup.exe c:\Documents and Settings\Paul-Emile\Bureau\COD4MW (D)\WindowsInstaller-KB893803-x86.exe c:\Documents and Settings\Paul-Emile\Bureau\COD4MW (D)\Setup\Data\iw3mp.exe c:\Documents and Settings\Paul-Emile\Bureau\COD4MW (D)\Setup\Data\iw3sp.exe c:\Documents and Settings\Paul-Emile\Bureau\COD4MW (D)\Setup\rsrc\AUTORUN.EXE c:\Documents and Settings\Paul-Emile\Bureau\COD4MW (D)\Setup\rsrc\CoD4.exe c:\Documents and Settings\Paul-Emile\Local Settings\Temp\Install_Messenger.exe c:\Documents and Settings\Paul-Emile\Local Settings\Temp\InstMsiA.Exe c:\Documents and Settings\Paul-Emile\Local Settings\Temp\InstMsiW.Exe c:\Documents and Settings\Paul-Emile\Local Settings\Temporary Internet Files\Content.IE5\5C7DT8DE\SearchWithGoogleUpdate[1].exe c:\Documents and Settings\Paul-Emile\Mes documents\Mises à jour de programme téléchargées\Update Manager\RecordNow Data (Basic) 2.0.0.1\Data2001Basic.exe c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll c:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_7.5.30.2.dll c:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0002_46425\EasyShrx.Dll c:\Documents and Settings\All Users\Application Data\Logishrd\LQCVFX\Filters\MMSEF.dll c:\Documents and Settings\All Users\Application Data\Logishrd\LQCVFX\Filters\VMSEF.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll c:\Documents and Settings\Pascal\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll c:\Documents and Settings\Paul-Emile\Local Settings\Application Data\Microsoft\Messenger\Brands\fr-FR\FT01\wlmbrand.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_WHAOUUU.tar.gz a l'adresse http://upload.malekal.com
  15. Voila, ça à l'air vicieux car le rapport ne montre rien... sauf peut être les certificats. Merci de consacrer tant de temps à mon pb ! Search Navipromo version 3.6.5 commencé le 01/09/2008 à 19:39:23,92 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "Pascal" Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.11 Système de fichiers : NTFS Recherche executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans "C:\WINDOWS" *** *** Recherche dossiers dans "C:\Program Files" *** *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" *** *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Pascal\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\FRDRIQ~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\PAUL-E~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Pascal\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\FRDRIQ~1\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\PAUL-E~1\locals~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Pascal\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\DOCUME~1\FRDRIQ~1\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\DOCUME~1\PAUL-E~1\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\DOCUME~1\VALRIA~1\menudm~1\progra~1" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\WINDOWS\system32" * * Recherche dans "C:\Documents and Settings\Pascal\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\FRDRIQ~1\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\PAUL-E~1\locals~1\applic~1" * *** Recherche fichiers *** *** Recherche clés spécifiques dans le Registre *** *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\WINDOWS\system32" : * Dans "C:\Documents and Settings\Pascal\locals~1\applic~1" : * Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" : * Dans "C:\DOCUME~1\FRDRIQ~1\locals~1\applic~1" : * Dans "C:\DOCUME~1\PAUL-E~1\locals~1\applic~1" : 3)Recherche Certificats : Certificat Egroup absent ! Certificat Electronic-Group absent ! Certificat Montorgueil absent ! Certificat OOO-Favorit absent ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche fichiers connus : *** Analyse terminée le 01/09/2008 à 19:47:11,21 ***
×
×
  • Créer...