rapport hijackthis

Koma · le 2 mars 2008

Salut, merci pour ta réponse, voilà le rapport.

DiagHelp version v1.4 - http://www.malekal.com

excute le 02/03/2008 à 14:31:11,64

Liste des derniers fichies modifies/crees dans windir\system32 et prefetch

C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->02/03/2008 14:30:12

C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->02/03/2008 14:29:25

C:\WINDOWS\prefetch\FIREFOX.EXE-28641590.pf -->02/03/2008 14:27:02

C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf -->02/03/2008 14:25:16

C:\WINDOWS\prefetch\MSNMSGR.EXE-366A1A81.pf -->02/03/2008 14:15:26

C:\WINDOWS\prefetch\SIMLOCKPATCHGEN.EXE-0AFC4205.pf -->02/03/2008 13:27:30

C:\WINDOWS\prefetch\RUNDLL32.EXE-451FC2C0.pf -->02/03/2008 13:27:10

C:\WINDOWS\prefetch\XS++.EXE-026EDD1E.pf -->02/03/2008 13:16:48

C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->02/03/2008 13:16:36

C:\WINDOWS\prefetch\FAR.EXE-35E6B5A2.pf -->02/03/2008 13:04:47

C:\WINDOWS\System32\drivers\Msft_Kernel_ggsemc_01005.Wdf -->02/03/2008 12:46:20

C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -->02/03/2008 12:46:20

C:\WINDOWS\System32\drivers\ggsemc.sys -->02/03/2008 12:41:40

C:\WINDOWS\System32\drivers\ggflt.sys -->02/03/2008 12:41:40

C:\WINDOWS\System32\drivers\TCPIP.SYS.ORIGINAL -->26/02/2008 17:08:14

C:\WINDOWS\System32\drivers\TCPIP.SYS -->26/02/2008 17:08:14

C:\WINDOWS\System32\drivers\avipbb.sys -->22/02/2008 11:26:42

C:\WINDOWS\System32\wdfcoinstaller01005.dll -->02/03/2008 12:41:40

C:\WINDOWS\System32\wpa.dbl -->01/03/2008 16:06:34

C:\WINDOWS\System32\NTEST.CFG -->29/02/2008 12:09:27

C:\WINDOWS\System32\FNTCACHE.DAT -->21/02/2008 15:30:43

C:\WINDOWS\System32\PerfStringBackup.INI -->21/02/2008 10:59:23

C:\WINDOWS\System32\perfh00C.dat -->21/02/2008 10:59:23

C:\WINDOWS\System32\perfh009.dat -->21/02/2008 10:59:23

C:\WINDOWS\System32\perfc00C.dat -->21/02/2008 10:59:23

C:\WINDOWS\System32\perfc009.dat -->21/02/2008 10:59:23

C:\WINDOWS\System32\LoopyMusic.wav -->21/02/2008 10:55:54

C:\WINDOWS\System32\BuzzingBee.wav -->21/02/2008 10:55:54

C:\WINDOWS\System32\msinet.ocx -->21/02/2008 10:35:53

C:\WINDOWS\System32\comdlg32.ocx -->21/02/2008 10:35:53

C:\WINDOWS\System32\h323log.txt -->20/02/2008 23:49:36

C:\WINDOWS\System32\javaws.exe -->20/02/2008 23:15:27

C:\WINDOWS\System32\javaw.exe -->20/02/2008 23:15:27

C:\WINDOWS\System32\javacpl.cpl -->20/02/2008 23:15:27

C:\WINDOWS\System32\java.exe -->20/02/2008 23:15:27

C:\WINDOWS\System32\nscompat.tlb -->20/02/2008 23:14:14

C:\WINDOWS\System32\amcompat.tlb -->20/02/2008 23:14:14

C:\WINDOWS\System32\$winnt$.inf -->20/02/2008 22:58:04

C:\WINDOWS\System32\TZLog.log -->20/02/2008 22:55:01

C:\WINDOWS\System32\CONFIG.NT -->20/02/2008 22:54:54

C:\WINDOWS\System32\WindowsLogon.manifest -->20/02/2008 22:53:51

C:\WINDOWS\System32\logonui.exe.manifest -->20/02/2008 22:53:51

C:\WINDOWS\setupapi.log -->02/03/2008 12:46:20

C:\WINDOWS\setupact.log -->02/03/2008 12:46:20

C:\WINDOWS\Wdf01005Inst.log -->02/03/2008 12:46:19

C:\WINDOWS\tsoc.log -->02/03/2008 12:46:19

C:\WINDOWS\tabletoc.log -->02/03/2008 12:46:19

C:\WINDOWS\ocgen.log -->02/03/2008 12:46:19

C:\WINDOWS\ntdtcsetup.log -->02/03/2008 12:46:19

C:\WINDOWS\MedCtrOC.log -->02/03/2008 12:46:19

C:\WINDOWS\imsins.log -->02/03/2008 12:46:19

C:\WINDOWS\iis6.log -->02/03/2008 12:46:19

C:\WINDOWS\FaxSetup.log -->02/03/2008 12:46:19

C:\WINDOWS\comsetup.log -->02/03/2008 12:46:19

C:\WINDOWS\msmqinst.log -->02/03/2008 12:46:18

C:\WINDOWS\DPINST.LOG -->02/03/2008 12:41:56

C:\WINDOWS.log -->02/03/2008 00:12:22

winlogon.exe

Verified: Signed

svchost.exe

Verified: Signed

ws2_32.dll

Verified: Signed

user32.dll

Verified: Signed

tcpip.sys

Verified: Unsigned

ndis.sys

Verified: Signed

null.sys

Verified: Signed

ListDLLs v2.25 - DLL lister for Win9x/NT

Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------

explorer.exe pid: 200

Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path

0x771b0000 0xcc000 7.00.5730.0011 C:\WINDOWS\system32\WININET.dll

0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll

0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll

0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll

0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL

0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll

0x7e1e0000 0x5c9000 7.00.5730.0011 C:\WINDOWS\system32\ieframe.dll

0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL

0x01c60000 0x2c6000 3.01.4000.2435 C:\WINDOWS\system32\msi.dll

0x61410000 0x136000 7.00.5730.0011 C:\WINDOWS\system32\urlmon.dll

0x74b30000 0x62000 7.00.5730.0011 C:\WINDOWS\system32\webcheck.dll

0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll

0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll

0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll

0x061f0000 0x15000 5.05.0000.0005 C:\WINDOWS\system32\SSSensor.dll

0x02880000 0x2c000 C:\Program Files\WinRAR\rarext.dll

0x10000000 0x11000 7.00.0000.0010 C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll

0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL

0x02cb0000 0x56000 7.10.3052.0004 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll

0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll

0x03170000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll

0x58640000 0x8a000 1.09.0000.0305 C:\WINDOWS\system32\l3codeca.acm

0x08b70000 0xf5000 11.00.5721.5145 C:\WINDOWS\system32\drmv2clt.dll

0x0bef0000 0x37000 11.00.5721.5145 C:\WINDOWS\system32\MFPlat.DLL

0x15110000 0x25a000 11.00.5721.5145 C:\WINDOWS\system32\wmvcore.dll

0x11c70000 0x39000 11.00.5721.5145 C:\WINDOWS\system32\WMASF.DLL

0x00fa0000 0x3000 6.14.0010.2001 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamFRA.dll

0x5a500000 0x4e000 8.01.0178.0000 C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll

0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll

0x16210000 0x27e000 5.02.5721.5145 C:\WINDOWS\system32\wpdshext.dll

0x07160000 0x46000 5.02.5721.5145 C:\WINDOWS\system32\Audiodev.dll

0x01300000 0x21000 1.02.0001.0002 C:\WINDOWS\BricoPacks\Vista Inspirat 2\iColorFolder\CMExt.dll

0x6d7c0000 0x79000 6.00.0000.0105 C:\Program Files\Java\jre1.6.0\bin\ssv.dll

0x32520000 0x12000 10.00.2609.0000 E:\Program Files\Microsoft Office\Office10\msohev.dll

ListDLLs v2.25 - DLL lister for Win9x/NT

Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------

winlogon.exe pid: 880

Command line: winlogon.exe

Base Size Version Path

0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe

0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll

0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll

0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll

0x10000000 0x20000 6.14.0010.4176 C:\WINDOWS\system32\Ati2evxx.dll

0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll

0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL

0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 24F9-605B

Répertoire de C:\WINDOWS\system

17/07/2002 15:22 4 672 wowpost.exe

1 fichier(s) 4 672 octets

0 Rép(s) 61 723 312 128 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 24F9-605B

Répertoire de C:\WINDOWS\system32

19/08/2004 17:09 6 144 csrss.exe

1 fichier(s) 6 144 octets

0 Rép(s) 61 723 308 032 octets libres

Contenu de Downloaded Program Files

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 24F9-605B

Répertoire de C:\WINDOWS\Downloaded Program Files

26/02/2008 22:53 <REP> .

26/02/2008 22:53 <REP> ..

20/02/2008 22:53 65 desktop.ini

25/07/2002 17:13 24 576 dwusplay.dll

25/07/2002 17:13 196 608 dwusplay.exe

11/08/2005 15:30 417 792 isusweb.dll

20/06/2006 15:44 379 704 MsnPUpld.dll

19/06/2006 14:40 393 MsnPUpld.inf

20/06/2006 15:44 117 560 PURen-us.dll

09/01/2007 08:30 110 592 PURfr-fr.dll

8 fichier(s) 1 247 290 octets

Total des fichiers listés :

8 fichier(s) 1 247 290 octets

2 Rép(s) 61 723 308 032 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..

Liste des fichiers en exception sur le pare-feu XP SP2

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Export de la clef SharedTaskScheduler

[sharedTaskScheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

exports des policies

REGEDIT4

[system]

"dontdisplaylastusername"=dword:00000001

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

"SynchronousMachineGroupPolicy"=dword:00000000

"SynchronousUserGroupPolicy"=dword:00000000

Export des clefs sensibles..

Rechercher adresses sensibles dans le fichier HOSTS...

catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-02 14:32:10

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully

hidden services: 0

hidden files: 0

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System

200 - explorer.exe

216 - msnmsgr.exe

408 - MOM.exe

584 - sched.exe

604 - RTHDCPL.exe

692 - avgnt.exe

724 - ctfmon.exe

800 - csrss.exe

880 - winlogon.exe

924 - services.exe

936 - lsass.exe

1080 - svchost.exe

1128 - svchost.exe

1200 - svchost.exe

1272 - CCC.exe

1300 - svchost.exe

1340 - Smc.exe

1428 - svchost.exe

1524 - svchost.exe

1588 - msnmsgr.exe

1624 - ati2evxx.exe

1800 - AppleMobileDevi

1852 - avguard.exe

2532 - firefox.exe

2676 - alg.exe

2732 - wmiprvse.exe

3364 - cmd.exe

3396 - usnsvc.exe

Total number of processes = 29

NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntoskrnl.exe

806FD000 - \WINDOWS\system32\hal.dll

F7B2F000 - \WINDOWS\system32\KDCOM.DLL

F7A3F000 - \WINDOWS\system32\BOOTVID.dll

F75DF000 - ACPI.sys

F7B31000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS

F75CE000 - pci.sys

F762F000 - isapnp.sys

F7BF7000 - pciide.sys

F78AF000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

F7B33000 - viaide.sys

F763F000 - MountMgr.sys

F75AF000 - ftdisk.sys

F7B35000 - dmload.sys

F7589000 - dmio.sys

F78B7000 - PartMgr.sys

F78BF000 - videX32.sys

F764F000 - ViBus.sys

F765F000 - VolSnap.sys

F7571000 - atapi.sys

F7558000 - viamraid.sys

F7540000 - \WINDOWS\system32\DRIVERS\SCSIPORT.SYS

F766F000 - ViPrt.sys

F767F000 - disk.sys

F768F000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

F7520000 - fltMgr.sys

F750E000 - sr.sys

F74F7000 - KSecDD.sys

F746A000 - Ntfs.sys

F743D000 - NDIS.sys

F769F000 - uagp35.sys

F7420000 - Teefer.sys

F7405000 - Mup.sys

F787F000 - \SystemRoot\system32\DRIVERS\intelppm.sys

F62AF000 - \SystemRoot\system32\DRIVERS\ati2mtag.sys

F629B000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

F773F000 - \SystemRoot\system32\DRIVERS\imapi.sys

F7B4F000 - \SystemRoot\System32\Drivers\ElbyDelay.sys

F774F000 - \SystemRoot\system32\DRIVERS\cdrom.sys

F775F000 - \SystemRoot\system32\DRIVERS\redbook.sys

F6278000 - \SystemRoot\system32\DRIVERS\ks.sys

F795F000 - \SystemRoot\system32\DRIVERS\usbuhci.sys

F6255000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS

F7967000 - \SystemRoot\system32\DRIVERS\usbehci.sys

F796F000 - \SystemRoot\system32\DRIVERS\fdc.sys

F6241000 - \SystemRoot\system32\DRIVERS\parport.sys

F7B13000 - \SystemRoot\system32\DRIVERS\gameenum.sys

F776F000 - \SystemRoot\system32\DRIVERS\i8042prt.sys

F7977000 - \SystemRoot\system32\DRIVERS\kbdclass.sys

F6230000 - \SystemRoot\system32\DRIVERS\serial.sys

F7B17000 - \SystemRoot\system32\DRIVERS\serenum.sys

F61E8000 - \SystemRoot\system32\DRIVERS\deltaII.sys

F777F000 - \SystemRoot\system32\DRIVERS\dlkfet5b.sys

F61C3000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys

F7C7E000 - \SystemRoot\system32\DRIVERS\audstub.sys

F778F000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys

F7B1B000 - \SystemRoot\system32\DRIVERS\ndistapi.sys

F61AC000 - \SystemRoot\system32\DRIVERS\ndiswan.sys

F779F000 - \SystemRoot\system32\DRIVERS\raspppoe.sys

F77AF000 - \SystemRoot\system32\DRIVERS\raspptp.sys

F797F000 - \SystemRoot\system32\DRIVERS\TDI.SYS

F619B000 - \SystemRoot\system32\DRIVERS\psched.sys

F77BF000 - \SystemRoot\system32\DRIVERS\msgpc.sys

F7987000 - \SystemRoot\system32\DRIVERS\ptilink.sys

F798F000 - \SystemRoot\system32\DRIVERS\raspti.sys

F616A000 - \SystemRoot\system32\DRIVERS\rdpdr.sys

F77CF000 - \SystemRoot\system32\DRIVERS\termdd.sys

F7997000 - \SystemRoot\system32\DRIVERS\mouclass.sys

F7B51000 - \SystemRoot\system32\DRIVERS\swenum.sys

F6136000 - \SystemRoot\system32\DRIVERS\update.sys

F73D9000 - \SystemRoot\system32\DRIVERS\mssmbios.sys

F77DF000 - \SystemRoot\system32\DRIVERS\cledx.sys

F5CA1000 - \SystemRoot\system32\drivers\RtkHDAud.sys

F5C7F000 - \SystemRoot\system32\drivers\portcls.sys

F77EF000 - \SystemRoot\system32\drivers\drmk.sys

F77FF000 - \SystemRoot\System32\Drivers\NDProxy.SYS

F785F000 - \SystemRoot\system32\DRIVERS\usbhub.sys

F7B5F000 - \SystemRoot\system32\DRIVERS\USBD.SYS

F79B7000 - \SystemRoot\system32\DRIVERS\flpydisk.sys

F7B63000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS

F7D2E000 - \SystemRoot\System32\Drivers\Null.SYS

F7B65000 - \SystemRoot\System32\Drivers\Beep.SYS

F79C7000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

F79CF000 - \SystemRoot\System32\drivers\vga.sys

F7B67000 - \SystemRoot\System32\Drivers\mnmdd.SYS

F7B69000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys

F79EF000 - \SystemRoot\System32\Drivers\Msfs.SYS

F79F7000 - \SystemRoot\System32\Drivers\Npfs.SYS

F7AFB000 - \SystemRoot\system32\DRIVERS\rasacd.sys

BA705000 - \SystemRoot\system32\DRIVERS\ipsec.sys

BA6AD000 - \SystemRoot\system32\DRIVERS\tcpip.sys

F6D6B000 - \SystemRoot\system32\DRIVERS\wanarp.sys

F6D5B000 - \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys

BA663000 - \SystemRoot\system32\DRIVERS\ipnat.sys

BA63B000 - \SystemRoot\system32\DRIVERS\netbt.sys

BA619000 - \SystemRoot\System32\drivers\afd.sys

F6D4B000 - \SystemRoot\system32\DRIVERS\netbios.sys

F79FF000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys

BA5EE000 - \SystemRoot\system32\DRIVERS\rdbss.sys

BA57F000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys

F6D3B000 - \SystemRoot\System32\Drivers\Fips.SYS

F7A0F000 - \SystemRoot\System32\Drivers\ElbyCDIO.sys

F5C77000 - \SystemRoot\system32\DRIVERS\hidusb.sys

F6D2B000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

F6D1B000 - \SystemRoot\system32\DRIVERS\avipbb.sys

F7B6B000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys

F7A17000 - \SystemRoot\system32\DRIVERS\usbccgp.sys

F7A1F000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS

F6CFB000 - \SystemRoot\System32\Drivers\Cdfs.SYS

BA758000 - \SystemRoot\system32\DRIVERS\mouhid.sys

BA754000 - \SystemRoot\system32\DRIVERS\usbscan.sys

F7A2F000 - \SystemRoot\system32\DRIVERS\usbprint.sys

BF800000 - \SystemRoot\System32\win32k.sys

BA740000 - \SystemRoot\System32\drivers\Dxapi.sys

F78CF000 - \SystemRoot\System32\watchdog.sys

BF000000 - \SystemRoot\System32\drivers\dxg.sys

F7C28000 - \SystemRoot\System32\drivers\dxgthk.sys

BF012000 - \SystemRoot\System32\ati2dvag.dll

BF058000 - \SystemRoot\System32\ati2cqag.dll

BF0D3000 - \SystemRoot\System32\atikvmag.dll

BF141000 - \SystemRoot\System32\atiok3x2.dll

BF16E000 - \SystemRoot\System32\ati3duag.dll

BF469000 - \SystemRoot\System32\ativvaxx.dll

BFFA0000 - \SystemRoot\System32\ATMFD.DLL

BA557000 - \SystemRoot\system32\DRIVERS\ndisuio.sys

B8427000 - \SystemRoot\SYSTEM32\Drivers\wg3n.sys

B8423000 - \SystemRoot\SYSTEM32\Drivers\wg4n.sys

B8373000 - \SystemRoot\SYSTEM32\Drivers\wg5n.sys

B836F000 - \SystemRoot\SYSTEM32\Drivers\wg6n.sys

B810A000 - \SystemRoot\system32\drivers\wdmaud.sys

B83B7000 - \SystemRoot\system32\drivers\sysaudio.sys

B7BFD000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys

B7A90000 - \SystemRoot\system32\DRIVERS\mrxdav.sys

F7BD7000 - \SystemRoot\System32\Drivers\ParVdm.SYS

B7A88000 - \SystemRoot\System32\drivers\aspi32.sys

B7B4D000 - \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys

B7926000 - \SystemRoot\system32\DRIVERS\srv.sys

B77CD000 - \SystemRoot\System32\Drivers\HTTP.sys

B7006000 - \SystemRoot\System32\Drivers\Fastfat.SYS

B6D6C000 - \SystemRoot\system32\drivers\kmixer.sys

F7C25000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 141

Liste des programmes installes

Adobe Flash Player 9 ActiveX

Adobe Flash Player 9 Plugin

Adobe Shockwave Player

aMSN 0.97

Apple Mobile Device Support

Apple Software Update

ATI - Software Uninstall Utility

ATI Catalyst Control Center

ATI Display Driver

Avira AntiVir PersonalEdition Classic

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

ccc-core-preinstall

ccc-core-static

ccc-utility

CCC Help English

CCleaner (remove only)

Client Windows Rights Management avec Service Pack 2

CloneDVD2

D-Link DFE530TX

D-Link PCI Fast Ethernet Adapter

Delta

Démo Overclocked

eMule

GUILD WARS

High Definition Audio Driver Package - KB888111

HijackThis 2.0.2

ImgBurn 2.3.2.0 Fr

Java SE Runtime Environment 6

Le Centre de Contrôle de Licences de Syncrosoft

Ma-Config.com plugin

Microsoft .NET Framework 1.1

Microsoft .NET Framework 2.0

Microsoft .NET Framework 2.0 Language Pack - FRA

Microsoft .NET Framework 3.0

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Office PowerPoint Viewer 2003

Microsoft Office XP Professional with FrontPage

Microsoft Visual C++ 2005 Redistributable

Microsoft Windows Media Video 9 VCM

Mise à jour de logiciel pour les Dossiers Web

Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)

Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA

Mozilla Firefox (2.0.0.12)

MSXML 4.0 SP2 (KB927978)

MSXML 6.0 Parser (KB927977)

Pack Vista Inspirat 2 1.0

Panda TotalScan

Platform

QuickTime

Rappelz

Readiris Pro 10

Realtek High Definition Audio Driver

Samsung SCX-4200 Series

Security Update for Microsoft .NET Framework 2.0 (KB917283)

Security Update pour Microsoft .NET Framework 2.0 (KB922770)

Skins

SmarThru 4

Sony ACID Pro 5.0

SoulSeek Client 156c

Steinberg Cubase SX v3.1.1.944

Sygate Personal Firewall

SyncroSoft Emu (Remove only)

Update Service

VIA Gestionnaire de périphériques de plate-forme

VideoLAN VLC media player 0.8.6c

WebFldrs XP

Windows Communication Foundation

Windows Imaging Component

Windows Live Messenger

Windows Presentation Foundation

Windows Workflow Foundation

WinRAR archiver

XML Paper Specification Shared Components Pack 1.0

Yahoo! Install Manager

Yahoo! Toolbar

Yahoo! Toolbar avec bloqueur de fenêtres pop-up

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 24F9-605B

Répertoire de C:\Program Files

02/03/2008 12:40 <REP> .

02/03/2008 12:40 <REP> ..

21/02/2008 14:58 <REP> Apple Software Update

21/02/2008 14:48 <REP> ATI Technologies

22/02/2008 11:25 <REP> Avira

02/03/2008 12:36 <REP> CCleaner

20/02/2008 22:51 <REP> ComPlus Applications

21/02/2008 14:22 <REP> D-Link

27/02/2008 14:35 <REP> Elaborate Bytes

02/03/2008 11:06 <REP> eMule

23/02/2008 10:28 <REP> Fichiers communs

29/02/2008 11:22 <REP> Grisoft

24/02/2008 12:29 <REP> ImgBurn

20/02/2008 23:04 <REP> Internet Explorer

20/02/2008 23:15 <REP> Java

20/02/2008 23:02 <REP> JEUX

27/02/2008 22:00 <REP> ma-config.com

21/02/2008 14:25 <REP> M-Audio

21/02/2008 10:43 <REP> Microsoft ActiveSync

20/02/2008 22:55 <REP> microsoft frontpage

20/02/2008 23:13 <REP> Microsoft Office

20/02/2008 22:52 <REP> Movie Maker

02/03/2008 14:27 <REP> Mozilla Firefox

21/02/2008 10:25 <REP> MSBuild

20/02/2008 22:51 <REP> MSN Gaming Zone

21/02/2008 10:35 <REP> MSN Messenger

20/02/2008 23:03 <REP> MSXML 4.0

20/02/2008 22:52 <REP> NetMeeting

20/02/2008 22:52 <REP> Outlook Express

28/02/2008 23:36 <REP> Panda Security

23/02/2008 10:25 <REP> QuickTime

21/02/2008 10:42 <REP> Readiris10

21/02/2008 10:24 <REP> Realtek

21/02/2008 10:22 <REP> Reference Assemblies

21/02/2008 10:38 <REP> SAMSUNG

21/02/2008 10:43 <REP> SmarThru 4

02/03/2008 12:40 <REP> Sony Ericsson

21/02/2008 14:53 <REP> Sygate

21/02/2008 15:20 <REP> Syncrosoft

20/02/2008 23:02 <REP> UTILS

25/02/2008 19:01 <REP> uTorrent

24/02/2008 17:29 <REP> VIA

21/02/2008 15:04 <REP> Vstplugins

20/02/2008 23:14 <REP> Windows Media Connect 2

20/02/2008 23:14 <REP> Windows Media Player

20/02/2008 22:51 <REP> Windows NT

21/02/2008 11:38 <REP> WinRAR

20/02/2008 23:14 <REP> WMV9_VCM

20/02/2008 23:02 <REP> WSTARTUP

20/02/2008 22:55 <REP> xerox

02/03/2008 12:36 <REP> Yahoo!

0 fichier(s) 0 octets

51 Rép(s) 61 721 698 304 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 24F9-605B

Répertoire de C:\Program Files\fichiers communs

23/02/2008 10:28 <REP> .

23/02/2008 10:28 <REP> ..

23/02/2008 10:28 <REP> Apple

21/02/2008 10:43 <REP> Designer

26/02/2008 22:53 <REP> InstallShield

20/02/2008 23:15 <REP> Java

21/02/2008 10:59 <REP> Microsoft Shared

20/02/2008 22:52 <REP> MSSoap

20/02/2008 23:45 <REP> ODBC

20/02/2008 22:52 <REP> Services

20/02/2008 23:44 <REP> SpeechEngines

21/02/2008 10:42 <REP> SRC Shared

21/02/2008 10:43 <REP> System

29/02/2008 22:49 <REP> Wise Installation Wizard

0 fichier(s) 0 octets

14 Rép(s) 61 721 694 208 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 24F9-605B

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

20/02/2008 23:19 <REP> .

20/02/2008 23:19 <REP> ..

21/02/2008 10:43 <REP> 1033

20/02/2008 23:03 <REP> 1036

17/09/2004 14:43 1 293 008 msonsext.dll

13/02/2001 00:23 58 784 MSOSV.DLL

03/06/1999 12:09 122 937 MSOWS409.DLL

07/03/2001 07:00 127 033 MSOWS40c.DLL

06/08/2000 09:04 401 462 MSVCP60.DLL

22/01/2001 03:25 69 632 PKMAXCTL.DLL

22/01/2001 03:25 872 448 PKMCDO.DLL

22/01/2001 03:25 159 744 PKMCORE.DLL

07/02/2001 09:59 106 496 PKMFORMS.DLL

22/01/2001 03:25 671 744 PKMRES.DLL

22/01/2001 03:25 28 672 PKMSSTLB.DLL

22/01/2001 03:25 40 960 PKMTEMPL.DLL

22/01/2001 03:25 24 576 PKMTRACE.DLL

17/09/2004 14:43 80 448 pkmws.dll

22/01/2001 03:25 237 568 PROMDEMO.DLL

22/01/2001 03:25 184 320 SECMGR.DLL

22/01/2001 03:25 323 584 VAIDDMGR.DLL

22/01/2001 03:25 32 768 VAIMEM.DLL

18 fichier(s) 4 836 184 octets

4 Rép(s) 61 721 694 208 octets libres

c:\Documents and Settings\Les 3 frères\Bureau\DiagHelp\catchme.exe

c:\Documents and Settings\Les 3 frères\Bureau\DiagHelp\diff.exe

c:\Documents and Settings\Les 3 frères\Bureau\DiagHelp\dumphive.exe

c:\Documents and Settings\Les 3 frères\Bureau\DiagHelp\FilesInfoCmd.exe

c:\Documents and Settings\Les 3 frères\Bureau\DiagHelp\find2.exe

c:\Documents and Settings\Les 3 frères\Bureau\DiagHelp\Fport.exe

c:\Documents and Settings\Les 3 frères\Bureau\DiagHelp\grep.exe

c:\Documents and Settings\Les 3 frères\Bureau\DiagHelp\gzip.exe

c:\Documents and Settings\Les 3 frères\Bureau\DiagHelp\KProcCheck.exe

c:\Documents and Settings\Les 3 frères\Bureau\DiagHelp\LFiles.exe

c:\Documents and Settings\Les 3 frères\Bureau\DiagHelp\LISTDLLS.exe

c:\Documents and Settings\Les 3 frères\Bureau\DiagHelp\md5sums.exe

c:\Documents and Settings\Les 3 frères\Bureau\DiagHelp\pslist.exe

c:\Documents and Settings\Les 3 frères\Bureau\DiagHelp\sigcheck.exe

c:\Documents and Settings\Les 3 frères\Bureau\DiagHelp\streams.exe

c:\Documents and Settings\Les 3 frères\Bureau\DiagHelp\swreg.exe

c:\Documents and Settings\Les 3 frères\Bureau\DiagHelp\tar.exe

c:\Documents and Settings\Les 3 frères\Local Settings\Temp\AtiCimUn.exe

c:\Documents and Settings\Les 3 frères\Local Settings\Temp\Install_WLMessenger.exe

c:\Documents and Settings\Les 3 frères\Local Settings\Temp\wwfdist.exe

c:\Documents and Settings\Les 3 frères\Local Settings\Temp\ycomp_setup.exe

c:\Documents and Settings\Les 3 frères\Local Settings\Temp\pft5~tmp\ChCfg.exe

c:\Documents and Settings\Les 3 frères\Local Settings\Temp\pft5~tmp\SetCDfmt.exe

c:\Documents and Settings\Les 3 frères\Local Settings\Temp\pft5~tmp\Setup.exe

c:\Documents and Settings\Les 3 frères\Local Settings\Temp\pft5~tmp\MSHDQFE\Win2K3\us\kb888111srvrtm.exe

c:\Documents and Settings\Les 3 frères\Local Settings\Temp\pft5~tmp\MSHDQFE\Win2K_XP\us\kb888111w2ksp4.exe

c:\Documents and Settings\Les 3 frères\Local Settings\Temp\pft5~tmp\MSHDQFE\Win2K_XP\us\kb888111xpsp1.exe

c:\Documents and Settings\Les 3 frères\Local Settings\Temp\pft5~tmp\MSHDQFE\Win2K_XP\us\kb888111xpsp2.exe

c:\Documents and Settings\Les 3 frères\Local Settings\Temp\pft5~tmp\WDM\Alcmtr.exe

c:\Documents and Settings\Les 3 frères\Local Settings\Temp\pft5~tmp\WDM\AlcWzrd.exe

c:\Documents and Settings\Les 3 frères\Local Settings\Temp\pft5~tmp\WDM\CPLUtl64.exe

c:\Documents and Settings\Les 3 frères\Local Settings\Temp\pft5~tmp\WDM\MicCal.exe

c:\Documents and Settings\Les 3 frères\Local Settings\Temp\pft5~tmp\WDM\RTHDCPL.exe

c:\Documents and Settings\Les 3 frères\Local Settings\Temp\pft5~tmp\WDM\RTLCPL.exe

c:\Documents and Settings\Les 3 frères\Local Settings\Temp\pft5~tmp\WDM\RtlUpd.exe

c:\Documents and Settings\Les 3 frères\Local Settings\Temp\pft5~tmp\WDM\RtlUpd64.exe

c:\Documents and Settings\Les 3 frères\Local Settings\Temp\pft5~tmp\WDM\SkyTel.exe

c:\Documents and Settings\Les 3 frères\Local Settings\Temp\pft5~tmp\WDM\SoundMan.exe

c:\Documents and Settings\Les 3 frères\Local Settings\Temp\{3F1EFF69-648C-4067-9DC6-A04BC8E6635A}\{A4810699-E859-43A6-8F40-1743873E72AB}\DeltaIICpl.exe

c:\Documents and Settings\Les 3 frères\Local Settings\Temp\{3F1EFF69-648C-4067-9DC6-A04BC8E6635A}\{A4810699-E859-43A6-8F40-1743873E72AB}\DeltaIIInstl.exe

c:\Documents and Settings\Les 3 frères\Local Settings\Temp\{3F1EFF69-648C-4067-9DC6-A04BC8E6635A}\{A4810699-E859-43A6-8F40-1743873E72AB}\DeltaIITray.exe

c:\Documents and Settings\Les 3 frères\Local Settings\Temp\{3F1EFF69-648C-4067-9DC6-A04BC8E6635A}\{A4810699-E859-43A6-8F40-1743873E72AB}\DeltaIIUninst.exe

c:\Documents and Settings\Les 3 frères\Local Settings\Temp\{3F1EFF69-648C-4067-9DC6-A04BC8E6635A}\{A4810699-E859-43A6-8F40-1743873E72AB}\ShutDownWindowsForHardwareInstallation.exe

c:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\41DX1QFN\iTunesSetupAdmin[1].exe

c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\avewin32.dll

c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll

c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll

c:\Documents and Settings\Les 3 frères\Application Data\Mozilla\Firefox\Profiles\i8z2ok7p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll

c:\Documents and Settings\Les 3 frères\Application Data\Mozilla\Firefox\Profiles\i8z2ok7p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll

c:\Documents and Settings\Les 3 frères\Application Data\Mozilla\Firefox\Profiles\i8z2ok7p.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll

c:\Documents and Settings\Les 3 frères\Local Settings\Application Data\Microsoft\Messenger\Brands\FT01\wlmbrand.dll

c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

****** Fin du rapport DiagHelp

Veuillez svp envoyer le fichier C:\upload_moi_LES-74A4454FDEB.tar.gz a l'adresse http://upload.malekal.com

Modifié le 2 mars 2008 par Koma

Koma · le 2 mars 2008

Au faite avant même de faire le scan avec diaghelp, je n'avais plus de ralentissements, mais bon autant y aller jusqu'au bous.

Connexion

Pas encore inscrit ?

rapport hijackthis

Messages recommandés

Koma

Koma

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer