Aller au contenu

Utilisateur existant ? Connexion
Connexion

Se souvenir de moi Non recommandé sur les ordinateurs partagés

Mot de passe oublié ?
S’inscrire

Analyses et éradication malwares

Pas encore inscrit ?

Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs !

Se connecter

ou

S’inscrire

[RESOLU] Infecté, mais par quoi ? [RESOLU]

Gildas Ar Breizh

Par Gildas Ar Breizh
le 1 mars 2008 dans Analyses et éradication malwares

Partager

https://forum.zebulon.fr/topic/140218-resolu-infect%C3%A9-mais-par-quoi-resolu/

Messages recommandés

Zonk

Godlike Member

Zonk

Posté(e) le 2 mars 2008

- Signaler

Posté(e) le 2 mars 2008 (modifié)

Salut

Le scan est impeccable.....cette vérification donne une bonne idée ...mais n'est pas pour autant parole d'évangile......

tu parlais d'un "rootkit" ....alors restera à voir ce que les connaisseurs te diront pour la détection

c'est juste un peu désolant que tu n'est pas garder le rapport Antivir sur le sujet...

@+

Modifié le 2 mars 2008 par Zonk

Citer

pear

Devil Member !

pear

Posté(e) le 2 mars 2008

- Signaler

Posté(e) le 2 mars 2008

Bonjour,

Désactivez les protections.

Télécharger DiagHelp.zip de Malekal_morte sur le bureau.

http://www.malekal.com/download/DiagHelp.zip

* Décompressez le, sur le bureau par exemple.

* Un nouveau dossier chercher va être créé DiagHelp.

* Ouvrez le et double-cliquez sur go.cmd (le .cmd peut ne pas apparaître)

* Une fenêtre va s'ouvrir, choisir l'option 1

* L'analyse va commencer, ceci peut durer quelques minutes,

appuyez sur une touche quand on le demande

* Copier/coller le contenu entier du bloc-note qui s'ouvre et le joindre à la prochaine réponse.

Sinon, il est là:C:\resultats.txt

Citer

Gildas Ar Breizh

Member

Gildas Ar Breizh

Posté(e) le 2 mars 2008

Auteur

- Signaler

Posté(e) le 2 mars 2008

Bonjour,

au moment du scan catchme la fenetre dos bascule en rouge est-ce normal (anti-virus desactivé bien sur)

"C:\Program Files\DAEMON Tools Pro\" n'existe pas, cette version demo fut deinstallé

l'entrée de registre qui me pose probleme est bien presente:

(tVersion\Run]

"kspkdcbfa"="c:\documents and settings\jerome.jerome-69f6ed99\local settings\application data\kspkdcbfa.exe kspkdcbfa")

________________________________________

DiagHelp version v1.4 - http://www.malekal.com

excute le 02/03/2008 à 13:43:31,60

Liste des derniers fichies modifies/crees dans

windir\system32 et prefetch

C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf --

>02/03/2008 13:43:30

C:\WINDOWS\prefetch\CHCP.COM-18156052.pf --

>02/03/2008 13:43:27

C:\WINDOWS\prefetch\IZARC.EXE-1F7960A4.pf --

>02/03/2008 13:43:12

C:\WINDOWS\prefetch\NGEN.EXE-38021CCC.pf --

>02/03/2008 13:42:00

C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf --

>02/03/2008 13:41:59

C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf --

>02/03/2008 13:41:59

C:\WINDOWS\prefetch\NTOSBOOT-B00DFAAD.pf --

>02/03/2008 13:41:59

C:\WINDOWS\prefetch\HPQWMI.EXE-2AFC3DAD.pf --

>02/03/2008 13:41:59

C:\WINDOWS\prefetch\LOGONUI.EXE-0AF22957.pf --

>02/03/2008 13:38:17

C:\WINDOWS\prefetch\ATF-CLEANER.EXE-1C0BC124.pf --

>02/03/2008 13:38:02

C:\WINDOWS\System32\drivers\nhcDriver.sys --

>02/03/2008 13:41:22

C:\WINDOWS\System32\drivers\sptd.sys -->24/02/2008

06:12:51

C:\WINDOWS\System32\drivers\epfwtdi.sys --

>30/01/2008 12:38:06

C:\WINDOWS\System32\drivers\epfwndis.sys --

>30/01/2008 12:38:04

C:\WINDOWS\System32\drivers\epfw.sys -->30/01/2008

12:38:02

C:\WINDOWS\System32\drivers\easdrv.sys -->30/01/2008

12:35:56

C:\WINDOWS\System32\drivers\eamon.sys -->30/01/2008

12:35:30

C:\WINDOWS\System32\wpa.dbl -->02/03/2008 00:51:45

C:\WINDOWS\System32\MsiExec.exe.log -->26/02/2008

01:44:55

C:\WINDOWS\System32\BASSMOD.dll -->25/02/2008

22:53:32

C:\WINDOWS\System32\bdod.bin -->25/02/2008 15:14:07

C:\WINDOWS\System32\UnIfs.exe -->25/02/2008 10:51:18

C:\WINDOWS\System32\PerfStringBackup.INI --

>24/02/2008 09:47:27

C:\WINDOWS\System32\perfh00C.dat -->24/02/2008

09:47:27

C:\WINDOWS\System32\perfh009.dat -->24/02/2008

09:47:27

C:\WINDOWS\System32\perfc00C.dat -->24/02/2008

09:47:27

C:\WINDOWS\System32\perfc009.dat -->24/02/2008

09:47:27

C:\WINDOWS\System32\FNTCACHE.DAT -->21/02/2008

05:47:08

C:\WINDOWS\System32\spupdwxp.log -->20/02/2008

08:52:04

C:\WINDOWS\System32\CONFIG.NT -->19/02/2008 18:30:43

C:\WINDOWS\System32\antispam.log -->19/02/2008

05:59:47

C:\WINDOWS\System32\TuneUpDefragService.exe --

>13/02/2008 05:31:37

C:\WINDOWS\System32\oeminfo.ini -->13/02/2008

03:11:19

C:\WINDOWS\System32\OEMLogo.bmp -->13/02/2008

03:11:18

C:\WINDOWS\System32\MRT.exe -->04/02/2008 15:09:48

C:\WINDOWS\System32\JkDefragScreenSaver.exe --

>01/02/2008 09:50:12

C:\WINDOWS\System32\JkDefragScreenSaver.scr --

>01/02/2008 09:50:08

C:\WINDOWS\System32\pngfilt.dll -->11/01/2008

06:36:55

C:\WINDOWS\System32\lhacm.acm -->25/12/2007 21:37:55

C:\WINDOWS\System32\uxtuneup.dll -->20/12/2007

10:41:56

C:\WINDOWS\System32\dxtmsft.dll -->19/12/2007

23:53:23

C:\WINDOWS\System32\TZLog.log -->12/12/2007 20:36:46

C:\WINDOWS\WindowsUpdate.log -->02/03/2008 13:40:54

C:\WINDOWS\bootstat.dat -->02/03/2008 13:40:08

C:\WINDOWS\SchedLgU.Txt -->02/03/2008 13:38:20

C:\WINDOWS\win.ini -->02/03/2008 00:15:07

C:\WINDOWS\system.ini -->01/03/2008 23:29:43

C:\WINDOWS\MyDrivers.ini -->28/02/2008 02:20:03

C:\WINDOWS\NeroDigital.ini -->27/02/2008 21:26:28

C:\WINDOWS\pccillin.ini -->25/02/2008 17:18:50

C:\WINDOWS\bdagent.INI -->25/02/2008 15:41:54

C:\WINDOWS\DaemonPlugin.INI -->24/02/2008 09:02:49

C:\WINDOWS\Ascd_tmp.ini -->24/02/2008 03:52:21

C:\WINDOWS\Setup1.exe -->24/02/2008 02:55:45

C:\WINDOWS\ST6UNST.EXE -->24/02/2008 02:55:44

C:\WINDOWS\go -->23/02/2008 08:55:25

C:\WINDOWS\SMWizard.INI -->18/02/2008 08:08:15

winlogon.exe

Verified: Signed

svchost.exe

Verified: Signed

ws2_32.dll

Verified: Signed

user32.dll

Verified: Signed

tcpip.sys

Verified: Signed

ndis.sys

Verified: Signed

null.sys

Verified: Signed

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

---------------------------------------------------

---------------------------

explorer.exe pid: 1856

Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path

0x44080000 0xcf000 7.00.6000.16608

C:\WINDOWS\system32\WININET.dll

0x00400000 0x9000 6.00.5441.0000

C:\WINDOWS\system32\Normaliz.dll

0x43e00000 0x45000 7.00.6000.16608

C:\WINDOWS\system32\iertutil.dll

0x58b50000 0x9a000 5.82.2900.2982

C:\WINDOWS\system32\comctl32.dll

0x76f80000 0x7f000 2001.12.4414.0308

C:\WINDOWS\system32\CLBCATQ.DLL

0x77000000 0xd4000 2001.12.4414.0258

C:\WINDOWS\system32\COMRes.dll

0x76ac0000 0x11000 3.05.2284.0000

C:\WINDOWS\system32\ATL.DLL

0x44360000 0x5cd000 7.00.6000.16608

C:\WINDOWS\system32\ieframe.dll

0x44160000 0x127000 7.00.6000.16608

C:\WINDOWS\system32\urlmon.dll

0x442b0000 0x3c000 7.00.6000.16608

C:\WINDOWS\system32\webcheck.dll

0x164a0000 0x23000 5.02.5721.5145

C:\WINDOWS\system32\WPDShServiceObj.dll

0x109c0000 0x2c000 5.02.5721.5145

C:\WINDOWS\system32\PortableDeviceTypes.dll

0x10930000 0x49000 5.02.5721.5145

C:\WINDOWS\system32\PortableDeviceApi.dll

0x10000000 0x5000 C:\Program

Files\VisualTaskTips\VttHooks.dll

0x7d200000 0x2be000 3.01.4000.4039

C:\WINDOWS\system32\msi.dll

0x01630000 0x7000 1.02.0000.0000 C:\Program

Files\Taskix\Taskix32.dll

0x00f40000 0x9000 2.00.0000.0004 C:\Program

Files\TuneUp Utilities 2008\SDShelEx-win32.dll

0x02380000 0x9b000 C:\PROGRA~1

\IZArc\IZArcCM.dll

0x02520000 0x202000 3.02.0003.0000 C:\Program

Files\Nero\Nero8\Nero

CoverDesigner\CoverEdExtension.dll

0x781d0000 0x10f000 8.00.50727.0762

C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e

18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL

0x78130000 0x9b000 8.00.50727.1433

C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e

18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll

0x7c420000 0x87000 8.00.50727.1433

C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e

18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCP80.dll

0x5d360000 0xf000 8.00.50727.0762

C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9

a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80FRA.DLL

0x74da0000 0x6c000 5.30.0023.1228

C:\WINDOWS\system32\RICHED20.dll

0x02830000 0x3e000 3.02.0003.0000 C:\Program

Files\Nero\Nero8\Nero BackItUp\NBShell.dll

0x782e0000 0x10f000 8.00.50727.0762

C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e

18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL

0x22000000 0x2e000 3.00.0630.0000 C:\Program

Files\ESET\ESET Smart Security\shellExt.dll

0x028d0000 0x1c0000 3.02.0005.0000 C:\Program

Files\Fichiers communs\Nero\Lib\MediaLibraryNSE.dll

0x5a500000 0x4e000 8.01.0178.0000 C:\Program

Files\MSN Messenger\fsshext.8.1.0178.00.dll

0x16210000 0x27e000 5.02.5721.5145

C:\WINDOWS\system32\wpdshext.dll

0x74730000 0x3d000 3.525.1117.0000

C:\WINDOWS\system32\ODBC32.dll

0x02ba0000 0x18000 3.525.1117.0000

C:\WINDOWS\system32\odbcint.dll

0x07160000 0x46000 5.02.5721.5145

C:\WINDOWS\system32\Audiodev.dll

0x15110000 0x25a000 11.00.5721.5145

C:\WINDOWS\system32\WMVCore.DLL

0x11c70000 0x3a000 11.00.5721.5238

C:\WINDOWS\system32\WMASF.DLL

0x02c50000 0x1b8000 3.01.0000.0008 C:\Program

Files\Fichiers communs\Nero\Lib\NeroDigitalExt.dll

0x02e10000 0x5b000 8.01.0000.0000 C:\Program

Files\Fichiers

communs\Adobe\Acrobat\ActiveX\PDFShell.dll

0x02e70000 0x4c000 8.00.0000.0000 C:\Program

Files\Fichiers

communs\Adobe\Acrobat\ActiveX\PDFShell.FRA

0x6bd10000 0x10000 12.00.4518.1014 C:\Program

Files\Microsoft Office\Office12\msohevi.dll

0x60980000 0x7000 3.01.4000.1823

C:\WINDOWS\system32\MSISIP.DLL

0x74e10000 0x10000 5.06.0000.8820

C:\WINDOWS\system32\wshext.dll

0x73d20000 0xfe000 6.02.4131.0000

C:\WINDOWS\system32\MFC42.DLL

0x61d70000 0xe000 6.00.8665.0000

C:\WINDOWS\system32\MFC42LOC.DLL

0x59000000 0xe000 5.06.0000.6626

C:\WINDOWS\system32\wshFR.DLL

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

---------------------------------------------------

---------------------------

winlogon.exe pid: 900

Command line: winlogon.exe

Base Size Version Path

0x01000000 0x81000 \??

\C:\WINDOWS\system32\winlogon.exe

0x58b50000 0x9a000 5.82.2900.2982

C:\WINDOWS\system32\COMCTL32.dll

0x74730000 0x3d000 3.525.1117.0000

C:\WINDOWS\system32\ODBC32.dll

0x20000000 0x18000 3.525.1117.0000

C:\WINDOWS\system32\odbcint.dll

0x77000000 0xd4000 2001.12.4414.0258

C:\WINDOWS\system32\COMRes.dll

0x76f80000 0x7f000 2001.12.4414.0308

C:\WINDOWS\system32\CLBCATQ.DLL

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 2C25-27AB

Répertoire de C:\WINDOWS\system32

19/08/2004 16:09 6 144 csrss.exe

1 fichier(s) 6 144 octets

0 Rép(s) 31 025 692 672 octets

libres

Contenu de Downloaded Program Files

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 2C25-27AB

Répertoire de C:\WINDOWS\Downloaded Program Files

02/03/2008 01:27 <REP> .

02/03/2008 01:27 <REP> ..

07/12/2004 17:07 32 bdcore.dll

25/05/2006 01:21 118 784 bdupd.dll

02/03/2008 01:13 <REP> CONFLICT.1

09/10/2007 11:31 65 desktop.ini

25/07/2002 17:13 24 576 dwusplay.dll

25/07/2002 17:13 196 608 dwusplay.exe

23/03/2007 11:17 1 292 erma.inf

20/11/2007 16:04 1 523 536

FP_AX_CAB_INSTALLER.exe

25/05/2006 01:21 53 248 ipsupd.dll

27/07/2004 15:48 323 584 isusweb.dll

07/01/2007 12:55 2 305 kavwebscan.inf

16/03/2005 12:34 7 407 lang.ini

07/12/2004 17:07 32 libfn.dll

14/03/2005 14:38 126 live.ini

01/06/2006 02:54 471 040 oscan8.ocx

31/05/2006 04:15 10 oscan81.ocx_x

02/08/2007 11:31 67 456 PURen-us.dll

06/08/2007 12:10 68 992 PURfr-fr.dll

14/03/2005 14:58 7 073 scanoptions.tsi

18 fichier(s) 2 866 166 octets

Répertoire de C:\WINDOWS\Downloaded Program

Files\CONFLICT.1

02/03/2008 01:13 <REP> .

02/03/2008 01:13 <REP> ..

07/12/2004 17:07 32 bdcore.dll

25/05/2006 01:21 118 784 bdupd.dll

25/05/2006 01:21 53 248 ipsupd.dll

16/03/2005 12:34 7 407 lang.ini

07/12/2004 17:07 32 libfn.dll

14/03/2005 14:38 126 live.ini

31/05/2006 04:15 10 oscan81.ocx_x

14/03/2005 14:58 7 073 scanoptions.tsi

8 fichier(s) 186 712 octets

Total des fichiers listés :

26 fichier(s) 3 052 878 octets

5 Rép(s) 31 025 692 672 octets

libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..

Liste des fichiers en exception sur le pare-feu XP

SP2

"C:\\WINDOWS\\system32

\\sessmgr.exe"="C:\\WINDOWS\\system32

\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\MSN

Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN

Messenger\\msnmsgr.exe:*:Enabled:Windows Live

Messenger 8.1"

"C:\\Program Files\\MSN

Messenger\\livecall.exe"="C:\\Program Files\\MSN

Messenger\\livecall.exe:*:Enabled:Windows Live

Messenger 8.1 (Phone)"

"%windir%\\system32\\sessmgr.exe"="%windir%

\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-

22019"

"C:\\Program Files\\Microsoft Office\\Office12

\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft

Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft

Office Outlook"

"C:\\Program

Files\\uTorrent\\uTorrent.exe"="C:\\Program

Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"

"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-

Virus 7.0\\avp.exe"="C:\\Program Files\\Kaspersky

Lab\\Kaspersky Anti-Virus 7.0

\\avp.exe:*:Enabled:Kaspersky Anti-Virus"

"%windir%\\system32\\sessmgr.exe"="%windir%

\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-

22019"

"C:\\Program Files\\MSN

Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN

Messenger\\msnmsgr.exe:*:Enabled:Windows Live

Messenger 8.1"

"C:\\Program Files\\MSN

Messenger\\livecall.exe"="C:\\Program Files\\MSN

Messenger\\livecall.exe:*:Enabled:Windows Live

Messenger 8.1 (Phone)"

Export de la clef SharedTaskScheduler

[sharedTaskScheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-

chargeur Browseui"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de

cache des catégories de composant"

REGEDIT4

[taskmgr.exe]

exports des policies

REGEDIT4

[system]

"legalnoticecaption"=""

"legalnoticetext"=""

"undockwithoutlogon"=dword:00000001

"ShutdownWithoutLogon"=dword:00000001

"DontDisplayLastUserName"=dword:00000001

Export des clefs sensibles..

Rechercher adresses sensibles dans le fichier

HOSTS...

127.0.0.1 ads.macupdate.com

127.0.0.1 ads2004.treiberupdate.de

127.0.0.1 updated.com

127.0.0.1 windupdates.com

catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth

malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-02 13:44:14

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001

\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program Files\DAEMON Tools\"

"h0"=dword:00000000

"khjeh"=hex:41,84,3f,a3,d9,93,21,81,9d,ca,66,72,d5,a

c,f0,54,c6,80,9a,7b,3c,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001

\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

000001]

"a0"=hex:20,01,00,00,cf,17,f3,42,b4,89,30,9c,23,c5,a

3,fa,31,45,d8,89,11,..

"khjeh"=hex:ce,12,28,34,24,1e,3a,50,5f,44,61,cf,e9,c

d,97,e9,30,5a,22,cd,ab,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001

\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

000001Jf40]

"khjeh"=hex:07,1b,cc,37,a0,ea,ea,89,98,3c,c5,a5,66,c

c,56,b4,5a,51,f2,b2,9b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001

\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

000001Jf41]

"khjeh"=hex:6c,55,dc,40,34,f2,f3,80,83,c2,21,b2,98,4

d,e6,17,85,6d,f0,22,16,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service

s\sptd\Cfg]

"s1"=dword:2df9c43f

"s2"=dword:110480d0

"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service

s\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]

"p0"="C:\Program Files\DAEMON Tools Pro\"

"h0"=dword:00000001

"hdf12"=hex:9e,5c,87,85,62,f7,8b,a6,11,84,2a,5a,80,9

9,43,e9,9a,5f,e6,8e,13,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service

s\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC000001

]

"a0"=hex:20,01,00,00,90,f4,6d,32,6e,75,af,16,08,e8,a

6,34,44,d1,1f,75,c6,..

"hdf12"=hex:8c,5b,a4,ca,b6,22,1b,9a,53,d3,ab,bb,36,9

7,20,4c,b9,0c,e9,bd,23,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service

s\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC000001

\gdq0]

"hdf12"=hex:9a,1d,54,b7,56,90,59,2b,02,02,30,a6,41,0

5,cd,03,68,f7,8f,fe,15,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service

s\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:39,4d,40,db,c4,d8,25,fa,f8,68,a4,79,e0,0

5,1f,89,90,43,dd,df,44,..

"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service

s\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

000001]

"khjeh"=hex:85,c9,00,ef,33,92,1e,d2,e0,0f,03,ff,0e,1

b,71,cd,b1,44,e1,4c,3f,..

"a0"=hex:20,01,00,00,8c,d9,67,3d,3d,fa,2b,38,ac,45,5

3,d5,90,cf,da,3c,82,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service

s\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

000001Jf40]

"khjeh"=hex:ac,18,02,7d,1e,35,f2,08,a5,bd,50,ab,19,e

d,89,d7,22,1b,46,db,76,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service

s\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

000001Jf41]

"khjeh"=hex:6c,55,dc,40,34,f2,f3,80,83,c2,21,b2,98,4

d,e6,17,85,6d,f0,22,16,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003

\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]

"p0"="C:\Program Files\DAEMON Tools Pro\"

"h0"=dword:00000001

"hdf12"=hex:9e,5c,87,85,62,f7,8b,a6,11,84,2a,5a,80,9

9,43,e9,9a,5f,e6,8e,13,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003

\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\

00000001]

"a0"=hex:20,01,00,00,90,f4,6d,32,6e,75,af,16,08,e8,a

6,34,44,d1,1f,75,c6,..

"hdf12"=hex:8c,5b,a4,ca,b6,22,1b,9a,53,d3,ab,bb,36,9

7,20,4c,b9,0c,e9,bd,23,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003

\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\

00000001\gdq0]

"hdf12"=hex:9a,1d,54,b7,56,90,59,2b,02,02,30,a6,41,0

5,cd,03,68,f7,8f,fe,15,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003

\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:39,4d,40,db,c4,d8,25,fa,f8,68,a4,79,e0,0

5,1f,89,90,43,dd,df,44,..

"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003

\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

000001]

"khjeh"=hex:85,c9,00,ef,33,92,1e,d2,e0,0f,03,ff,0e,1

b,71,cd,b1,44,e1,4c,3f,..

"a0"=hex:20,01,00,00,8c,d9,67,3d,3d,fa,2b,38,ac,45,5

3,d5,90,cf,da,3c,82,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003

\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

000001Jf40]

"khjeh"=hex:ac,18,02,7d,1e,35,f2,08,a5,bd,50,ab,19,e

d,89,d7,22,1b,46,db,76,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003

\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

000001Jf41]

"khjeh"=hex:6c,55,dc,40,34,f2,f3,80,83,c2,21,b2,98,4

d,e6,17,85,6d,f0,22,16,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004

\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program Files\DAEMON Tools\"

"h0"=dword:00000000

"khjeh"=hex:f7,8d,3d,56,c7,37,f4,47,be,34,54,37,d9,4

f,6c,a9,1a,fa,fe,76,a6,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004

\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

000001]

"a0"=hex:20,01,00,00,cf,17,f3,42,b4,89,30,9c,23,c5,a

3,fa,31,45,d8,89,11,..

"khjeh"=hex:80,b5,65,1f,e2,03,d0,4d,9c,9e,60,a2,7f,1

a,41,3a,9b,8a,ae,ba,18,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004

\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

000001Jf40]

"khjeh"=hex:4e,c1,4c,f4,34,74,0d,49,b6,c0,b8,b7,6b,d

e,c1,d1,7e,72,33,6e,8c,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004

\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

000001Jf41]

"khjeh"=hex:6c,55,dc,40,34,f2,f3,80,83,c2,21,b2,98,4

d,e6,17,85,6d,f0,22,16,..

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curren

tVersion\Run]

"kspkdcbfa"="c:\documents and

settings\jerome.jerome-69f6ed99\local

settings\application data\kspkdcbfa.exe kspkdcbfa"

scanning hidden files ...

scan completed successfully

hidden services: 0

hidden files: 0

KProcCheck Version 0.2-beta1 Proof-of-Concept by

SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System

240 - DkService.exe

292 - ekrn.exe

456 - hpqwmi.exe

728 - SMax4PNP.exe

740 - nhc.exe

808 - HP Wireless Ass

856 - Apoint.exe

876 - csrss.exe

900 - winlogon.exe

944 - services.exe

956 - lsass.exe

1096 - Taskix32.exe

1136 - VisualTaskTips.

1156 - egui.exe

1208 - ctfmon.exe

1228 - svchost.exe

1272 - svchost.exe

1316 - svchost.exe

1420 - kspkdcbfa.exe

1452 - svchost.exe

1588 - ApntEx.exe

1856 - explorer.exe

1920 - alg.exe

1940 - wmiprvse.exe

2096 - wuauclt.exe

2564 - cmd.exe

Total number of processes = 27

NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by

SIG^2 (www.security.org.sg)

Driver/Module list by traversal of

PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntkrnlpa.exe

806CE000 - \WINDOWS\system32\hal.dll

F8974000 - \WINDOWS\system32\KDCOM.DLL

F8884000 - \WINDOWS\system32\BOOTVID.dll

F8276000 - spzr.sys

F8976000 - \WINDOWS\System32\Drivers\WMILIB.SYS

F825E000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS

F822F000 - ACPI.sys

F821E000 - pci.sys

F8474000 - ohci1394.sys

F8484000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS

F8494000 - isapnp.sys

F8888000 - compbatt.sys

F888C000 - \WINDOWS\system32\DRIVERS\BATTC.SYS

F8A3C000 - pciide.sys

F86F4000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

F8978000 - intelide.sys

F8200000 - pcmcia.sys

F84A4000 - MountMgr.sys

F81E1000 - ftdisk.sys

F8890000 - ACPIEC.sys

F8A3D000 - \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS

F86FC000 - PartMgr.sys

F84B4000 - VolSnap.sys

F81C9000 - atapi.sys

F84C4000 - disk.sys

F84D4000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

F81A9000 - fltmgr.sys

F8197000 - sr.sys

F84E4000 - PxHelp20.sys

F8180000 - KSecDD.sys

F816D000 - WudfPf.sys

F80E0000 - Ntfs.sys

F80B3000 - NDIS.sys

F8098000 - Mup.sys

F8504000 - \SystemRoot\system32\DRIVERS\intelppm.sys

F8920000 - \SystemRoot\system32\DRIVERS\wmiacpi.sys

F7AC5000 - \SystemRoot\system32\DRIVERS\igxpmp32.sys

F7AB1000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

F8854000 - \SystemRoot\system32\DRIVERS\usbuhci.sys

F7A8E000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS

F8704000 - \SystemRoot\system32\DRIVERS\usbehci.sys

F7872000 - \SystemRoot\system32\DRIVERS\w29n51.sys

F784B000 - \SystemRoot\system32\drivers\tifm21.sys

F783A000 - \SystemRoot\system32\DRIVERS\sdbus.sys

F77FA000 - \SystemRoot\system32\drivers\smwdm.sys

F77D6000 - \SystemRoot\system32\drivers\portcls.sys

F8514000 - \SystemRoot\system32\drivers\drmk.sys

F77B3000 - \SystemRoot\system32\drivers\ks.sys

F7793000 - \SystemRoot\system32\drivers\aeaudio.sys

F7735000 - \SystemRoot\system32\drivers\senfilt.sys

F7630000 - \SystemRoot\system32\DRIVERS\AGRSM.sys

F8724000 - \SystemRoot\System32\Drivers\Modem.SYS

F893C000 - \SystemRoot\system32\DRIVERS\CmBatt.sys

F8524000 - \SystemRoot\system32\DRIVERS\i8042prt.sys

F8744000 - \SystemRoot\system32\DRIVERS\kbdclass.sys

F75EE000 - \SystemRoot\system32\DRIVERS\Apfiltr.sys

F8784000 - \SystemRoot\system32\DRIVERS\mouclass.sys

F8534000 - \SystemRoot\system32\DRIVERS\imapi.sys

F8544000 - \SystemRoot\system32\DRIVERS\cdrom.sys

F8554000 - \SystemRoot\system32\DRIVERS\redbook.sys

F87B4000 - \SystemRoot\SYSTEM32

\DRIVERS\GEARAspiWDM.sys

F7589000 - \SystemRoot\System32\Drivers\ah65gyz4.SYS

F8564000 - \SystemRoot\system32\DRIVERS\Epfwndis.sys

F8B51000 - \SystemRoot\system32\DRIVERS\audstub.sys

F8574000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys

F8043000 - \SystemRoot\system32\DRIVERS\ndistapi.sys

F7572000 - \SystemRoot\system32\DRIVERS\ndiswan.sys

F8584000 - \SystemRoot\system32\DRIVERS\raspppoe.sys

F8594000 - \SystemRoot\system32\DRIVERS\raspptp.sys

F884C000 - \SystemRoot\system32\DRIVERS\TDI.SYS

F7561000 - \SystemRoot\system32\DRIVERS\psched.sys

F85A4000 - \SystemRoot\system32\DRIVERS\msgpc.sys

F887C000 - \SystemRoot\system32\DRIVERS\ptilink.sys

F872C000 - \SystemRoot\system32\DRIVERS\raspti.sys

F85B4000 - \SystemRoot\system32\DRIVERS\termdd.sys

F898A000 - \SystemRoot\system32\DRIVERS\swenum.sys

F7468000 - \SystemRoot\system32\DRIVERS\update.sys

F892C000 - \SystemRoot\system32\DRIVERS\mssmbios.sys

F85C4000 - \SystemRoot\System32\Drivers\NDProxy.SYS

F85E4000 - \SystemRoot\system32\DRIVERS\usbhub.sys

F8990000 - \SystemRoot\system32\DRIVERS\USBD.SYS

F8996000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS

F8BA9000 - \SystemRoot\System32\Drivers\Null.SYS

F899A000 - \SystemRoot\System32\Drivers\Beep.SYS

F8804000 - \SystemRoot\System32\drivers\vga.sys

F899E000 - \SystemRoot\System32\Drivers\mnmdd.SYS

F89A2000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys

AA757000 - \SystemRoot\system32\DRIVERS\ext2fs.sys

F8814000 - \SystemRoot\System32\Drivers\Msfs.SYS

F8824000 - \SystemRoot\System32\Drivers\Npfs.SYS

F8964000 - \SystemRoot\system32\DRIVERS\rasacd.sys

AA744000 - \SystemRoot\system32\DRIVERS\ipsec.sys

AA6EC000 - \SystemRoot\system32\DRIVERS\tcpip.sys

AA6DA000 - \SystemRoot\system32\DRIVERS\epfwtdi.sys

AA6B9000 - \SystemRoot\system32\DRIVERS\ipnat.sys

F8634000 - \SystemRoot\system32\DRIVERS\wanarp.sys

F805F000 - \SystemRoot\System32\drivers\ws2ifsl.sys

AA697000 - \SystemRoot\System32\drivers\afd.sys

F8057000 - \SystemRoot\system32\DRIVERS\hidusb.sys

F8644000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

F87D4000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

F8654000 - \SystemRoot\system32\DRIVERS\netbios.sys

F89A6000 - \SystemRoot\system32

\DRIVERS\IfsDrives.sys

F87E4000 - \SystemRoot\System32\Drivers\StarOpen.SYS

F804F000 - \??\C:\WINDOWS\system32\vcdrom.sys

F803F000 - \SystemRoot\system32\DRIVERS\mouhid.sys

F87F4000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys

AA5CC000 - \SystemRoot\system32\DRIVERS\rdbss.sys

F8A60000 - \SystemRoot\System32\Drivers\PQNTDrv.SYS

AA55D000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys

F8664000 - \SystemRoot\System32\Drivers\Fips.SYS

F8674000 - \SystemRoot\system32\DRIVERS\easdrv.sys

F89AE000 - \??\C:\WINDOWS\system32

\drivers\EABFiltr.sys

F8694000 - \SystemRoot\System32\Drivers\Cdfs.SYS

AA51D000 - \SystemRoot\System32

\Drivers\dump_atapi.sys

F89B4000 - \SystemRoot\System32

\Drivers\dump_WMILIB.SYS

BF800000 - \SystemRoot\System32\win32k.sys

AA7B8000 - \SystemRoot\System32\drivers\Dxapi.sys

F880C000 - \SystemRoot\System32\watchdog.sys

BF000000 - \SystemRoot\System32\drivers\dxg.sys

F8B5D000 - \SystemRoot\System32\drivers\dxgthk.sys

BF024000 - \SystemRoot\System32\igxpgd32.dll

BF012000 - \SystemRoot\System32\igxprd32.dll

BF04E000 - \SystemRoot\System32\igxpdv32.DLL

BF1CC000 - \SystemRoot\System32\igxpdx32.DLL

BFFA0000 - \SystemRoot\System32\ATMFD.DLL

AA3A1000 - \SystemRoot\system32\DRIVERS\epfw.sys

AA289000 - \SystemRoot\system32\DRIVERS\netbt.sys

AA3D1000 - \SystemRoot\system32\DRIVERS\ndisuio.sys

AA16D000 - \SystemRoot\system32\DRIVERS\mrxdav.sys

AA130000 - \SystemRoot\system32\drivers\wdmaud.sys

AA4B5000 - \SystemRoot\system32\drivers\sysaudio.sys

A9FE2000 - \SystemRoot\system32\DRIVERS\eamon.sys

A9DA8000 - \SystemRoot\system32\DRIVERS\srv.sys

A999B000 - \??\C:\WINDOWS\system32

\drivers\nhcDriver.sys

F8BAB000 - \SystemRoot\System32

\DRIVERS\KProcCheck.sys

Total number of drivers = 137

Liste des programmes installes

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

Adobe Flash Player ActiveX

Adobe Reader 8.1.2 - Français

Agere Systems AC'97 Modem

AIDA32 v3.93

ALPS Touch Pad Driver

CCleaner (remove only)

CodeStuff Starter

Diskeeper 2008 Pro Premier

EA SPORTS™ Rugby 08

ESET Smart Security

EVEREST Home Edition v2.20

Ext2Ifs

FastStone

Free Download Manager 2.5

Google Earth Pro

Google Toolbar for Internet Explorer

GUILD WARS

HDGraph

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.0 (KB932471)

HP Help and Support

HP Pavillion dv4000 User Guides

HP Software Update

HP Wireless Assistant 1.01 A3

Intel® Graphics Media Accelerator Driver

InterVideo DVD Check

InterVideo WinDVD

IrfanView

iTunes

IZArc 3.81

J2SE Runtime Environment 5.0 Update 2

Java 6 Update 3

K-Lite Codec Pack 3.4.5 Full

Kaspersky Online Scanner

LClock

Lecteur Windows Media 11

Ma-Config.com plugin

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 French Language Pack

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0 Language Pack - FRA

Microsoft .NET Framework 2.0 Service Pack 1

Microsoft .NET Framework 3.0 French Language Pack

Microsoft .NET Framework 3.0 Service Pack 1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation

APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Access MUI (French) 2007

Microsoft Office Excel MUI (French) 2007

Microsoft Office InfoPath MUI (French) 2007

Microsoft Office Language Pack 2007 Service Pack 1

(SP1)

Microsoft Office Outlook MUI (French) 2007

Microsoft Office PowerPoint MUI (French) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (Arabic) 2007

Microsoft Office Proof (Dutch) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (French) 2007

Microsoft Office Publisher MUI (French) 2007

Microsoft Office Shared MUI (French) 2007

Microsoft Office Word MUI (French) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (French)

12

Microsoft User-Mode Driver Framework Feature Pack

1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft XML Parser

Mise à jour de sécurité pour Windows Internet

Explorer 7 (KB938127)

Mise à jour de sécurité pour Windows Internet

Explorer 7 (KB939653)

Mise à jour de sécurité pour Windows Internet

Explorer 7 (KB944533)

Module de prise en charge linguistique de Microsoft

.NET Framework 2.0 - FRA

Module de prise en charge linguistique du français

de Microsoft .NET Framework 3.0

MSXML 4.0 SP2 (KB936181)

MSXML 6.0 Parser (KB933579)

Nero 8

Nero 8 Lite 8.1.1.3

neroxml

Next Generation Visualisations

NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire

in 2050)

Notebook Hardware Control 2.0 Pre-Release-06

PartitionMagic

PC Booster

Platform

PowerQuest PartitionMagic 8.0 Demo

Quick Launch Buttons 5.10 A2

QuickTime

Sonic Audio Module

Sonic Copy Module

Sonic Data Module

Sonic Express Labeler

Sonic MyDVD Plus

Sonic Update Manager

SoundMAX

Spelling Dictionaries Support For Adobe Reader 8

System Requirements Lab

Taskix

TeamSpeak 2 RC2

Texas Instruments PCIxx21/x515 drivers.

TIxx21

TransBar

TuneUp Utilities 2008

Update for Outlook 2007 Junk Email Filter (kb944965)

UserGuides

VCRedistSetup

VIA Gestionnaire de périphériques de plate-forme

VideoLAN VLC media player 0.8.6d

Virtual CDRom

Virtualis Crédit Mutuel

VistaDriveStatus

VisualTaskTips

Winamax Poker (remove only)

Winamp

Windows Communication Foundation Language Pack - FRA

Windows Imaging Component

Windows Internet Explorer 7

Windows Live installer

Windows Live Messenger

Windows Live OneCare safety scanner

Windows Live Sign-in Assistant

Windows Media Format 11 runtime

Windows Media Player 11

Windows Presentation Foundation

Windows Presentation Foundation Language Pack (FRA)

Windows Trust Anti-Pub

Windows Trust Installer

Windows Workflow Foundation FR Language Pack

WinRoll

XML Paper Specification Shared Components Language

Pack 1.0

XML Paper Specification Shared Components Pack 1.0

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 2C25-27AB

Répertoire de C:\Program Files

29/02/2008 16:14 <REP> .

29/02/2008 16:14 <REP> ..

07/10/2007 18:25 <REP> Adobe

01/03/2008 22:50 <REP> AIDA32 -

Personal System Information

07/10/2007 18:35 <REP> Analog Devices

09/10/2007 21:27 <REP> Apoint2K

01/12/2007 17:35 <REP> CCleaner

23/11/2007 19:52 <REP> CodeStuff

07/10/2007 14:40 <REP> ComPlus

Applications

24/02/2008 06:24 <REP> DAEMON Tools

15/02/2008 16:52 <REP> Diskeeper

Corporation

07/12/2007 19:40 <REP> EA SPORTS

25/02/2008 23:33 <REP> ESET

25/02/2008 10:51 <REP> FastStone

Capture

26/02/2008 01:39 <REP> Fichiers communs

18/02/2008 19:03 <REP> Free Download

Manager

25/02/2008 11:05 <REP> Google

29/02/2008 16:09 <REP> GUILD WARS

13/02/2008 02:42 <REP> HDGraph

09/10/2007 12:00 <REP> Hewlett-Packard

09/10/2007 12:00 <REP> Hp

09/10/2007 12:11 <REP> HPQ

24/11/2007 20:09 <REP> inKline Global

08/12/2007 17:28 <REP> Intel

23/02/2008 18:03 <REP> Internet

Explorer

09/10/2007 12:00 <REP> InterVideo

24/12/2007 15:43 <REP> iPod

28/02/2008 21:47 <REP> IrfanView

24/12/2007 15:43 <REP> iTunes

30/12/2007 18:18 <REP> IZArc

12/10/2007 14:16 <REP> Java

11/10/2007 18:00 <REP> K-Lite Codec

Pack

08/12/2007 14:47 <REP> Lavalys

25/02/2008 10:41 <REP> LClock

29/02/2008 20:16 <REP> ma-config.com

20/02/2008 09:06 <REP> messenger

23/11/2007 21:48 <REP> microsoft

frontpage

21/02/2008 02:14 <REP> Microsoft Office

21/02/2008 02:14 <REP> Microsoft Visual

Studio

21/02/2008 02:09 <REP> Microsoft Visual

Studio 8

21/02/2008 02:15 <REP> Microsoft Works

21/02/2008 02:12 <REP> Microsoft.NET

20/02/2008 08:20 <REP> Movie Maker

21/02/2008 02:14 <REP> MSBuild

18/02/2008 13:32 <REP> MSECache

09/10/2007 11:28 <REP> MSN Gaming Zone

16/02/2008 04:02 <REP> MSN Messenger

07/12/2007 20:26 <REP> MSXML 4.0

10/11/2007 12:21 <REP> MSXML 6.0

28/02/2008 02:22 <REP> Nero

20/02/2008 08:14 <REP> NetMeeting

24/11/2007 00:06 <REP> Notebook

Hardware Control

20/02/2008 08:14 <REP> Outlook Express

25/02/2008 07:57 <REP> PowerQuest

24/12/2007 15:40 <REP> QuickTime

09/10/2007 21:38 <REP> Reference

Assemblies

09/10/2007 11:30 <REP> Services en

ligne

09/10/2007 12:09 <REP> Sonic

10/12/2007 19:39 <REP>

SystemRequirementsLab

25/02/2008 10:41 <REP> Taskix

29/02/2008 16:14 <REP> Teamspeak2_RC2

25/02/2008 10:41 <REP> TransBar

25/02/2008 16:55 <REP> Trend Micro

15/02/2008 15:44 <REP> TuneUp Utilities

2008

07/01/2008 04:00 <REP> UltraStar

11/10/2007 18:11 <REP> uTorrent

08/12/2007 19:14 <REP> VIA

11/10/2007 16:06 <REP> VideoLAN

25/02/2008 10:51 <REP> Virtual CDRom

21/11/2007 17:52 <REP> Virtualis

25/02/2008 10:48 <REP> VistaDriveStatus

25/02/2008 10:41 <REP> VisualTaskTips

07/10/2007 18:38 <REP> WIDCOMM

25/02/2008 20:03 <REP> WinamaxPoker

07/01/2008 01:13 <REP> Winamp

22/02/2008 12:54 <REP> Windows Live

28/02/2008 17:19 <REP> Windows Live

Safety Center

25/02/2008 10:48 <REP> Windows Media

Connect 2

28/02/2008 02:54 <REP> Windows Media

Player

20/02/2008 08:14 <REP> Windows NT

25/02/2008 10:41 <REP> WinRoll

25/02/2008 10:41 <REP> WTInstaller

09/10/2007 11:33 <REP> xerox

0 fichier(s) 0 octets

83 Rép(s) 31 025 700 864 octets

libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 2C25-27AB

Répertoire de C:\Program Files\fichiers communs

26/02/2008 01:39 <REP> .

26/02/2008 01:39 <REP> ..

12/10/2007 14:20 <REP> Adobe

21/02/2008 02:14 <REP> DESIGNER

09/10/2007 12:09 <REP> InstallShield

07/10/2007 18:45 <REP> Java

02/03/2008 00:10 <REP> Microsoft Shared

07/10/2007 16:42 <REP> MSSoap

26/02/2008 01:43 <REP> Nero

01/12/2007 05:23 <REP> NSV

07/10/2007 16:14 <REP> ODBC

09/10/2007 11:30 <REP> Services

09/10/2007 12:06 <REP> Sonic Shared

07/10/2007 16:14 <REP> SpeechEngines

09/10/2007 12:09 <REP> SureThing Shared

23/02/2008 03:51 <REP> Symantec Shared

21/02/2008 02:08 <REP> System

09/10/2007 12:07 <REP> TiVo Shared

25/02/2008 11:12 <REP> Wise

Installation Wizard

0 fichier(s) 0 octets

19 Rép(s) 31 025 700 864 octets

libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 2C25-27AB

Répertoire de C:\Program Files\fichiers

communs\Microsoft Shared\Web Folders

21/02/2008 02:13 <REP> .

21/02/2008 02:13 <REP> ..

21/02/2008 02:08 <REP> 1036

26/10/2006 19:49 970 528 MSONSEXT.DLL

26/10/2006 20:12 40 256 MSOSV.DLL

2 fichier(s) 1 010 784 octets

3 Rép(s) 31 025 696 768 octets

libres

c:\Documents and Settings\All

Users.WINDOWS\Application Data\Apple

Computer\Installer Cache\iTunes 7.5.0.20

\iTunesSetupAdmin.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\.housecall6.6\getMac.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\.housecall6.6\patch.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\.housecall6.6\tsc.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\ATF-Cleaner.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\explorer.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\attrib.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\autochk.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\autofmt.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\bartpe.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\cacls.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\calc.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\chkdsk.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\clipsrv.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\cmd.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\comp.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\compact.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\convert.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\csrss.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\diskpart.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\ditrace.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\dmadmin.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\eqndiag.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\eqnlogr.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\eqnloop.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\expand.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\fc.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\find.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\findstr.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\finger.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\fltmc.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\ftp.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\hostname.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\ipconfig.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\keyboard.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\keydown.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\label.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\locator.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\lpq.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\lpr.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\lsass.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\makecab.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\mountvol.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\mspaint.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\mstsc.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\nbtstat.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\net.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\net1.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\netconfig.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\notepad.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\nslookup.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\ntkrnlmp.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\ntoskrnl.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\ntsd.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32

\nu2menumsg.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\nu2shell.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\odbcad32.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\odbcconf.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\pathping.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\peer.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\penetcfg.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\pentnt.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\ping.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\portmon.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\print.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\reg.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\regedit.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\regedt32.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\regsvr32.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\replace.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\route.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\rsvp.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\rundll32.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\services.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\setup.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\smss.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\sort.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\spoolsv.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\subst.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\svchost.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\taskmgr.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\tftp.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\tracert.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\userinit.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\winlogon.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\wordpad.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\xcopy.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\i386\system32\xlog.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\Programs\A43\a43.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\Programs\bst5\bst5.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick

Edition\INSTALLDIR\Programs\Nu2Menu\nu2menu.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\Programs\Nu2Menu\setres.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick Edition\INSTALLDIR\Programs\peinst\mkbt.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick

Edition\INSTALLDIR\Programs\peinst\nt2peldr.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\clef usb\Win XP USB Stick Edition\Win XP USB

Stick

Edition\INSTALLDIR\Programs\snapshot\snapshot.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\DiagHelp\catchme.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\DiagHelp\diff.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\DiagHelp\dumphive.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\DiagHelp\FilesInfoCmd.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\DiagHelp\find2.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\DiagHelp\Fport.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\DiagHelp\grep.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\DiagHelp\gzip.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\DiagHelp\KProcCheck.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\DiagHelp\LFiles.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\DiagHelp\LISTDLLS.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\DiagHelp\md5sums.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\DiagHelp\pslist.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\DiagHelp\sigcheck.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\DiagHelp\streams.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\DiagHelp\swreg.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\DiagHelp\tar.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\Ultimate\Ultimate Edition v6.3

\MD5Checker\cmdMD5.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Bureau\Ultimate\Ultimate Edition v6.3

\MD5Checker\WinMD5.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Local Settings\Application Data\kspkdcbfa.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99\Mes

documents\blagues\bengame.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99\Mes

documents\blagues\Sex and Chope!.exe

c:\Documents and Settings\JEROME~1~JER\LOCALS~1

\Temp\pft5~tmp\Setup.exe

c:\Documents and Settings\JEROME~1~JER\LOCALS~1

\Temp\pft5~tmp\Graphics\hkcmd.exe

c:\Documents and Settings\JEROME~1~JER\LOCALS~1

\Temp\pft5~tmp\Graphics\igfxcfg.exe

c:\Documents and Settings\JEROME~1~JER\LOCALS~1

\Temp\pft5~tmp\Graphics\igfxext.exe

c:\Documents and Settings\JEROME~1~JER\LOCALS~1

\Temp\pft5~tmp\Graphics\igfxpers.exe

c:\Documents and Settings\JEROME~1~JER\LOCALS~1

\Temp\pft5~tmp\Graphics\igfxsrvc.exe

c:\Documents and Settings\JEROME~1~JER\LOCALS~1

\Temp\pft5~tmp\Graphics\igfxtray.exe

c:\Documents and Settings\JEROME~1~JER\LOCALS~1

\Temp\pft5~tmp\Graphics\igfxzoom.exe

c:\Documents and Settings\JEROME~1~JER\LOCALS~1

\Temp\pft5~tmp\Graphics\igxpun.exe

c:\Documents and Settings\JEROME~1~JER\LOCALS~1

\Temp\pftE3~tmp\Setup.exe

c:\Documents and Settings\All

Users.WINDOWS\Application

Data\Microsoft\IdentityCRL\production\ppcrlconfig.dl

l

c:\Documents and Settings\All

Users.WINDOWS\Application

Data\Nero\DrWeb\Drweb32.dll

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Application

Data\Microsoft\IdentityCRL\ppcrlconfig.dll

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Application

Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dl

l

c:\Documents and Settings\Jerome.JEROME-69F6ED99

\Application Data\TaoUSign\jseccapi.dll

c:\Documents and Settings\LocalService.AUTORITE

NT\Application Data\Microsoft\UPnP Device

Host\upnphost\udhisapi.dll

****** Fin du rapport DiagHelp

Veuillez svp envoyer le fichier

C:\upload_moi_JEROME.tar.gz a l'adresse

http://upload.malekal.com

Citer

pear

Devil Member !

pear

Posté(e) le 2 mars 2008

- Signaler

Posté(e) le 2 mars 2008

Bonjour,

au moment du scan catchme la fenetre dos bascule en rouge est-ce normal (anti-virus desactivé bien sur)

Oui.

Fermez ou désactivez tous les programmes Antivirus, Antispyware, ainsi que tout pare-feu en cours d'exécution car ils pourraient perturber le fonctionnement de ComboFix.

Fermer tous les programmes

Télécharger combofix.exe de sUBs

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Tutoriel:http://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

*Double cliquer sur combofix.exe pour le lancer.

Si pour une raison quelconque, Vista par exemple, combofix ne se lançait pas, Démarrez en mode sans échec, choisissez le compte Administrateur, lancez Combofix

Ne pas fermer la fenêtre qui vient de s'ouvrir , le bureau serait vide et cela pourrait entraîner un plantage du programme!

* Taper sur la touche 1 pour démarrer le scan.

Lorsque ComboFix tourne, ne touchez plus du tout à votre ordinateur, vous risqueriez de planter le programme.

* Lorsque le scan sera terminé, cela pourrait prendre un certain temps,un rapport sera généré : postez en le contenu dans un prochain message.

* Si le rapport est trop long, postez le en deux fois.

Citer

Gildas Ar Breizh

Member

Gildas Ar Breizh

Posté(e) le 2 mars 2008

Auteur

- Signaler

Posté(e) le 2 mars 2008 (modifié)

merci de ta reponse si rapide

le tuto de combo fix me fait peur sachant que mon lecteur de cd ne marche pas, et que c'est un pc potable donc pasde disquette 3/4

eventuellement je peux monter mon cd original (copier sur disque amovible par securité) via un lecteur virtuel

mais s'il me faudra boot dessus je ne pourrai pas

Modifié le 2 mars 2008 par Gildas Ar Breizh

Citer

pear

Devil Member !

pear

Posté(e) le 2 mars 2008

- Signaler

Posté(e) le 2 mars 2008

Bonjour,

Ok.

Désactiver les protections résidentes ( Antivirus, etc...), vous les réactiverez ensuite,

* Télécharger Lop S&D de Eric71 sur le bureau,

http://eric.71.mespages.googlepages.com/LopSD.exe

* Double-cliquer dessus pour lancer l'installation

* Puis double-cliquer sur le raccourci Lop S&D présent sur le bureau

* Séléctionner la langue souhaitée , puis choisir l'Option 1 (Recherche)

* Patienter jusqu'à la fin du scan

* Poster le rapport généré (C:\lopR.txt)

( Si le Bureau ne réapparait pas presser Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , taper explorer.exe et valider )

Relancer Lop S&D

* Choisir l'Option 2 (Suppression)

* Ne fermez pas la fenêtre lors de la suppression !

* Poster le rapport généré (C:\lopR.txt)

(Si le Bureau ne réapparaît pas presser Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , taper explorer.exe et valider)

[/color]

* Télécharger SDFix (créé par AndyManchesta) et le sauvegarder sur le Bureau.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

* Double cliquer sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.

Redémarrer en mode sans échec

* Ouvrir le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clic sur RunThis.cmd pour lancer le script.

* Appuyer sur Y pour commencer le processus de nettoyage.

* Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis demandera d'appuyer sur une touche pour redémarrer.

* Le redémarrage sera plus lent qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.

* Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

* Appuyer sur une touche pour finir l'exécution du script et charger les icônes du Bureau.

* Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

* Postez le rapport ici.

Citer

Gildas Ar Breizh

Member

Gildas Ar Breizh

Posté(e) le 2 mars 2008

Auteur

- Signaler

Posté(e) le 2 mars 2008

L'entrée figure toujour dans msconfig

__________________________________

ComboFix 08-03-01.3 - Jerome 2008-03-02 15:21:59.1 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.129 [GMT 1:00]

Endroit: C:\Documents and Settings\Jerome.JEROME-69F6ED99\Bureau\ComboFix.exe

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Jerome.JEROME-69F6ED99\Local Settings\Application Data\hhzaauuvhh.dat

C:\Documents and Settings\Jerome.JEROME-69F6ED99\Local Settings\Application Data\hhzaauuvhh_nav.dat

C:\Documents and Settings\Jerome.JEROME-69F6ED99\Local Settings\Application Data\hhzaauuvhh_navps.dat

C:\Documents and Settings\Jerome.JEROME-69F6ED99\Local Settings\Application Data\kspkdcbfa.dat

c:\documents and settings\jerome.jerome-69f6ed99\local settings\application data\kspkdcbfa.exe

c:\Documents and Settings\Jerome.JEROME-69F6ED99\Local Settings\Application Data\kspkdcbfa_nav.dat

c:\Documents and Settings\Jerome.JEROME-69F6ED99\Local Settings\Application Data\kspkdcbfa_navps.dat

C:\Documents and Settings\Jerome.JEROME-69F6ED99\Local Settings\Application Data\wjcplkvqo.dat

C:\Documents and Settings\Jerome.JEROME-69F6ED99\Local Settings\Application Data\wjcplkvqo_nav.dat

C:\Documents and Settings\Jerome.JEROME-69F6ED99\Local Settings\Application Data\wjcplkvqo_navps.dat

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\nm

-------\poof

((((((((((((((((((((((((((((( Fichiers créés 2008-02-02 to 2008-03-02 ))))))))))))))))))))))))))))))))))))

.

2008-03-02 14:16 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-03-02 13:44 . 2008-03-02 13:44 9,191,818 --a------ C:\upload_moi_JEROME.tar.gz

2008-03-02 01:27 . 2008-03-02 01:27 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-03-02 01:27 . 2008-03-02 01:27 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab

2008-02-29 16:14 . 2008-02-29 16:14 <REP> d-------- C:\Program Files\Teamspeak2_RC2

2008-02-29 16:09 . 2008-02-29 16:09 <REP> d-------- C:\Program Files\GUILD WARS

2008-02-29 15:51 . 2008-03-01 22:50 <REP> d-------- C:\Program Files\AIDA32 - Personal System Information

2008-02-28 17:18 . 2008-02-28 17:19 <REP> d-------- C:\Program Files\Windows Live Safety Center

2008-02-28 02:20 . 2008-02-28 02:20 161 --a------ C:\WINDOWS\MyDrivers.ini

2008-02-26 01:45 . 2008-02-26 01:45 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\Nero

2008-02-26 01:39 . 2008-02-28 02:22 <REP> d-------- C:\Program Files\Nero

2008-02-26 01:39 . 2008-02-26 01:43 <REP> d-------- C:\Program Files\Fichiers communs\Nero

2008-02-26 01:39 . 2008-02-26 01:39 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero

2008-02-25 23:33 . 2008-02-25 23:33 <REP> d-------- C:\Program Files\ESET

2008-02-25 22:46 . 2008-02-25 23:02 125 --a------ C:\ioSpecial.ini

2008-02-25 22:03 . 2008-02-29 20:16 <REP> d-------- C:\Program Files\ma-config.com

2008-02-25 22:01 . 2008-02-25 22:01 <REP> d--h----- C:\WINDOWS\PIF

2008-02-25 17:18 . 2008-02-25 17:18 51 --a------ C:\WINDOWS\pccillin.ini

2008-02-25 14:38 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg

2008-02-25 12:04 . 2008-02-25 15:14 81,984 --a------ C:\WINDOWS\system32\bdod.bin

2008-02-25 11:36 . 2008-02-25 17:28 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Trend Micro

2008-02-25 10:54 . 2008-02-25 10:54 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\FastStone

2008-02-25 10:51 . 2008-02-25 10:51 <REP> d-------- C:\Program Files\Virtual CDRom

2008-02-25 10:51 . 2008-02-28 21:47 <REP> d-------- C:\Program Files\IrfanView

2008-02-25 10:51 . 2008-02-25 10:51 <REP> d-------- C:\Program Files\FastStone Capture

2008-02-25 10:51 . 2008-02-25 10:51 39,859 --a------ C:\WINDOWS\system32\UnIfs.exe

2008-02-25 10:41 . 2008-02-25 10:41 <REP> d-------- C:\Program Files\WinRoll

2008-02-25 10:41 . 2008-02-25 10:41 <REP> d-------- C:\Program Files\VisualTaskTips

2008-02-25 10:41 . 2008-02-25 10:48 <REP> d-------- C:\Program Files\VistaDriveStatus

2008-02-25 10:41 . 2008-02-25 10:41 <REP> d-------- C:\Program Files\TransBar

2008-02-25 10:41 . 2008-02-25 10:41 <REP> d-------- C:\Program Files\Taskix

2008-02-25 10:41 . 2008-02-25 10:41 <REP> d-------- C:\Program Files\LClock

2008-02-25 09:47 . 2008-02-25 09:47 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\ESET

2008-02-25 09:39 . 2008-02-25 09:39 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET

2008-02-25 07:57 . 2008-02-25 07:57 <REP> d-------- C:\Program Files\PowerQuest

2008-02-24 09:02 . 2008-02-24 09:02 36 --a------ C:\WINDOWS\DaemonPlugin.INI

2008-02-24 08:46 . 2008-02-25 10:41 <REP> d-------- C:\Program Files\WTInstaller

2008-02-24 06:24 . 2008-02-24 06:24 <REP> d-------- C:\Program Files\DAEMON Tools

2008-02-24 06:20 . 2008-02-24 09:02 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\DAEMON Tools

2008-02-24 06:14 . 2008-02-24 06:14 <REP> d-------- C:\WINDOWS\system32\dumps

2008-02-24 03:52 . 2008-02-24 03:52 3,934 --a------ C:\WINDOWS\Ascd_tmp.ini

2008-02-24 03:51 . 2000-03-29 15:17 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS

2008-02-23 17:24 . 2008-02-24 02:55 249,856 --------- C:\WINDOWS\Setup1.exe

2008-02-23 17:24 . 2008-02-24 02:55 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2008-02-23 09:26 . 2008-02-25 22:45 <REP> d-------- C:\Downloads

2008-02-23 08:55 . 2008-02-23 08:55 32 --a------ C:\WINDOWS\go

2008-02-23 07:00 . 2008-02-23 07:00 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\DAEMON Tools Pro

2008-02-23 07:00 . 2008-02-23 07:00 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\DAEMON Tools Pro

2008-02-23 05:50 . 2008-02-23 05:51 <REP> d--h----- C:\WINDOWS\msdownld.tmp

2008-02-23 05:50 . 2008-02-25 11:05 <REP> d-------- C:\Program Files\Google

2008-02-22 12:55 . 2008-02-22 12:55 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller

2008-02-22 12:54 . 2008-02-22 12:54 <REP> d-------- C:\Program Files\Windows Live

2008-02-22 12:53 . 2008-02-22 12:53 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller

2008-02-21 02:15 . 2008-02-21 02:15 <REP> d-------- C:\Program Files\Microsoft Works

2008-02-21 02:12 . 2008-02-21 02:12 <REP> d-------- C:\Program Files\Microsoft.NET

2008-02-21 02:09 . 2008-02-21 02:09 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8

2008-02-21 02:07 . 2008-02-21 02:14 <REP> d-------- C:\WINDOWS\SHELLNEW

2008-02-21 02:04 . 2008-03-02 00:16 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help

2008-02-21 02:03 . 2008-02-21 02:03 <REP> dr-h----- C:\MSOCache

2008-02-20 08:14 . 2008-02-20 08:14 <REP> d-------- C:\WINDOWS\ServicePackFiles

2008-02-20 08:10 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\000001_.tmp

2008-02-20 06:41 . 2008-02-25 13:59 <REP> d-------- C:\WINDOWS\SxsCaPendDel

2008-02-20 03:52 . 2008-02-20 03:52 268 --ah----- C:\sqmdata08.sqm

2008-02-20 03:52 . 2008-02-20 03:52 244 --ah----- C:\sqmnoopt08.sqm

2008-02-20 02:54 . 2008-02-20 02:54 268 --ah----- C:\sqmdata07.sqm

2008-02-20 02:54 . 2008-02-20 02:54 244 --ah----- C:\sqmnoopt07.sqm

2008-02-19 23:16 . 2008-02-19 23:16 268 --ah----- C:\sqmdata06.sqm

2008-02-19 23:16 . 2008-02-19 23:16 244 --ah----- C:\sqmnoopt06.sqm

2008-02-19 21:39 . 2008-02-25 10:21 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8

2008-02-18 13:25 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-02-18 13:25 . 2007-07-01 04:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-02-18 08:08 . 2008-02-18 08:08 44 --a------ C:\WINDOWS\SMWizard.INI

2008-02-18 07:36 . 2008-02-18 19:03 <REP> d-------- C:\Program Files\Free Download Manager

2008-02-18 07:36 . 2008-02-25 23:23 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\Free Download Manager

2008-02-18 07:36 . 2008-02-18 07:36 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\FreeDownloadManager.ORG

2008-02-17 11:11 . 2008-02-17 11:11 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\SmartFTP

2008-02-16 14:04 . 2008-02-16 14:04 754 --a------ C:\WINDOWS\WORDPAD.INI

2008-02-16 09:16 . 2008-02-25 15:41 121 --a------ C:\WINDOWS\bdagent.INI

2008-02-16 08:14 . 2008-02-16 08:14 <REP> d-------- C:\Documents and Settings\LocalService.AUTORITE NT\Menu D‚marrer

2008-02-16 06:56 . 2008-02-16 06:56 <REP> d--hs---- C:\Diskeeper

2008-02-16 06:01 . 2008-03-01 18:51 <REP> d-------- C:\WINDOWS\BDOSCAN8

2008-02-16 01:29 . 2008-02-19 21:23 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira

2008-02-15 16:52 . 2008-02-15 16:52 <REP> d-------- C:\Program Files\Diskeeper Corporation

2008-02-15 16:52 . 2008-02-15 16:52 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Diskeeper Corporation

2008-02-14 20:37 . 2008-02-25 16:55 <REP> d-------- C:\Program Files\Trend Micro

2008-02-14 02:28 . 2008-02-14 02:31 679 --a------ C:\WINDOWS\wininit.ini

2008-02-13 20:40 . 2008-02-16 08:46 <REP> d-------- C:\MFT 2503

2008-02-13 07:50 . 2008-02-13 07:50 <REP> d-------- C:\Documents and Settings\Administrateur.JEROME\Application Data\TuneUp Software

2008-02-13 05:31 . 2008-02-13 05:31 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe

2008-02-13 05:31 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll

2008-02-13 05:30 . 2008-02-15 15:44 <REP> d-------- C:\Program Files\TuneUp Utilities 2008

2008-02-13 03:10 . 2008-02-13 03:10 <REP> d-------- C:\WINDOWS\IconsInUse

2008-02-13 02:38 . 2008-02-13 02:42 <REP> d-------- C:\Program Files\HDGraph

2008-02-08 17:14 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-02-08 17:14 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-02-05 18:54 . 2008-02-05 18:56 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft

2008-02-05 18:25 . 2008-02-25 11:12 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-02 14:27 22,528 -c--a-w C:\WINDOWS\system32\drivers\nhcDriver.sys

2008-02-24 05:12 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-01-30 11:38 71,176 ----a-w C:\WINDOWS\system32\drivers\epfw.sys

2008-01-30 11:38 54,280 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys

2008-01-30 11:38 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys

2008-01-30 11:35 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys

2008-01-30 11:35 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys

2007-12-13 18:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe

2007-12-04 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe

2006-12-02 14:25 853 -c--a-w C:\Documents and Settings\Jerome.JEROME-69F6ED99\reboot.cmd

2007-11-25 00:00 80 -csh--r C:\WINDOWS\system32\F29DB264E0.dll

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]

"TransBar"="C:\Program Files\TransBar\TransBar.exe" [2005-06-01 20:41 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 08:11 1388544]

"NotebookHardwareControl"="C:\Program Files\Notebook Hardware Control\nhc.exe" [2007-05-04 01:33 2629632]

"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 15:21 794624]

"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2005-02-08 17:38 159744]

"Taskix"="C:\Program Files\Taskix\Taskix32.exe" [2007-01-25 21:33 65536]

"VisualTaskTips"="C:\Program Files\VisualTaskTips\VisualTaskTips.exe" [2007-09-05 18:20 36352]

"Vistadrv"="C:\Program Files\VistaDriveStatus\vsdrv.exe" [2006-07-30 02:37 121089]

"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-01-30 12:37 1443072]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 0 (0x0)

"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSimpleStartMenu"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kspkdcbfa]

c:\documents and settings\jerome.jerome-69f6ed99\local settings\application data\kspkdcbfa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"avast! Web Scanner"=3 (0x3)

"avast! Mail Scanner"=3 (0x3)

"avast! Antivirus"=2 (0x2)

"aswUpdSv"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

R1 Ext2fs;Ext2fs;C:\WINDOWS\system32\DRIVERS\ext2fs.sys [2006-10-23 18:20]

R1 IfsDrives;IfsDrives;C:\WINDOWS\system32\DRIVERS\IfsDrives.sys [2004-09-25 00:28]

R1 vcdrom;Virtual CD-ROM Device Driver;C:\WINDOWS\system32\vcdrom.sys [2001-12-19 11:45]

R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-19 16:10]

S3 PEEK5;PEEK5 Protocol Driver;F:\WINAIR~1\WINAIR~1\PEEK5.SYS []

S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-13 05:31]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efe338e7-7653-11dc-a2d1-000ae4d4acb8}]

\Shell\AutoRun\command - E:\TOTALCMD\TOTALCMD.EXE

\Shell\read\command - notepad.exe autorun.inf

\Shell\start\command - E:\TOTALCMD\TOTALCMD.EXE

\Shell\start1\command - siw\siw.exe

\Shell\start2\command - PowerMenu_150_FR\PowerMenu.exe

\Shell\start3\command - E:\_Divers\procexp.exe

\Shell\start4\command - hijackthis\HijackThis.exe

\Shell\start5\command - CCTASK\CCTASK.EXE

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-02 15:27:04

Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès

Les fichiers cachés: 0

**************************************************************************

.

--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]

-> C:\Program Files\VisualTaskTips\VttHooks.dll

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\HPQ\shared\hpqwmi.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-03-02 15:29:51 - machine was rebooted

ComboFix-quarantined-files.txt 2008-03-02 14:29:46

.

2008-03-01 23:18:17 --- E O F ---

Citer

Gildas Ar Breizh

Member

Gildas Ar Breizh

Posté(e) le 2 mars 2008

Auteur

- Signaler

Posté(e) le 2 mars 2008

je refait le scan en mode diagnostique car nod32 c'est lancé au demarrage et j'ai peur qu'il est faussé l'analyse

Citer

pear

Devil Member !

pear

Posté(e) le 2 mars 2008

- Signaler

Posté(e) le 2 mars 2008

L'entrée figure toujour dans msconfig

On s'en occupe.

Combo, Nettoyage

# Déconnectez-vous du net et désactivez l'antivirus (juste le temps de la procédure !)

Lancez Combofix

# Dans le bloc-note ,copiez-collez ces lignes :

File::

C:\WINDOWS0001_.tmp

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kspkdcbfa]

* Attention, ce code a été rédigé spécialement pour cet utilisateur, prière de ne pas le réutiliser dans d'autres cas !

Enregistrez-le en lui donnant le nom CFScript.txt

* Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

http://i261.photobucket.com/albums/ii49/Ma...te/CFScript.gif

*

* Au message qui apparait dans une fenêtre bleue ( Type 1 to continue, or 2 to abort) , taper 1 puis valider.

* Patienter le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne toucher à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poster son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

Citer

Gildas Ar Breizh

Member

Gildas Ar Breizh

Posté(e) le 2 mars 2008

Auteur

- Signaler

Posté(e) le 2 mars 2008 (modifié)

scan en mode diagnostic:

ComboFix 08-03-01.3 - Jerome 2008-03-02 15:58:50.2 - NTFSx86

Endroit: C:\Documents and Settings\Jerome.JEROME-69F6ED99\Bureau\ComboFix.exe

.

((((((((((((((((((((((((((((( Fichiers créés 2008-02-02 to 2008-03-02 ))))))))))))))))))))))))))))))))))))

.

2008-03-02 14:16 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-03-02 13:44 . 2008-03-02 13:44 9,191,818 --a------ C:\upload_moi_JEROME.tar.gz

2008-03-02 01:27 . 2008-03-02 01:27 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-03-02 01:27 . 2008-03-02 01:27 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab

2008-02-29 16:14 . 2008-02-29 16:14 <REP> d-------- C:\Program Files\Teamspeak2_RC2

2008-02-29 16:09 . 2008-02-29 16:09 <REP> d-------- C:\Program Files\GUILD WARS

2008-02-29 15:51 . 2008-03-01 22:50 <REP> d-------- C:\Program Files\AIDA32 - Personal System Information

2008-02-28 17:18 . 2008-02-28 17:19 <REP> d-------- C:\Program Files\Windows Live Safety Center

2008-02-28 02:20 . 2008-02-28 02:20 161 --a------ C:\WINDOWS\MyDrivers.ini

2008-02-26 01:45 . 2008-02-26 01:45 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\Nero

2008-02-26 01:39 . 2008-02-28 02:22 <REP> d-------- C:\Program Files\Nero

2008-02-26 01:39 . 2008-02-26 01:43 <REP> d-------- C:\Program Files\Fichiers communs\Nero

2008-02-26 01:39 . 2008-02-26 01:39 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero

2008-02-25 23:33 . 2008-02-25 23:33 <REP> d-------- C:\Program Files\ESET

2008-02-25 22:46 . 2008-02-25 23:02 125 --a------ C:\ioSpecial.ini

2008-02-25 22:03 . 2008-02-29 20:16 <REP> d-------- C:\Program Files\ma-config.com

2008-02-25 22:01 . 2008-02-25 22:01 <REP> d--h----- C:\WINDOWS\PIF

2008-02-25 17:18 . 2008-02-25 17:18 51 --a------ C:\WINDOWS\pccillin.ini

2008-02-25 14:38 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg

2008-02-25 12:04 . 2008-02-25 15:14 81,984 --a------ C:\WINDOWS\system32\bdod.bin

2008-02-25 11:36 . 2008-02-25 17:28 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Trend Micro

2008-02-25 10:54 . 2008-02-25 10:54 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\FastStone

2008-02-25 10:51 . 2008-02-25 10:51 <REP> d-------- C:\Program Files\Virtual CDRom

2008-02-25 10:51 . 2008-02-28 21:47 <REP> d-------- C:\Program Files\IrfanView

2008-02-25 10:51 . 2008-02-25 10:51 <REP> d-------- C:\Program Files\FastStone Capture

2008-02-25 10:51 . 2008-02-25 10:51 39,859 --a------ C:\WINDOWS\system32\UnIfs.exe

2008-02-25 10:41 . 2008-02-25 10:41 <REP> d-------- C:\Program Files\WinRoll

2008-02-25 10:41 . 2008-02-25 10:41 <REP> d-------- C:\Program Files\VisualTaskTips

2008-02-25 10:41 . 2008-02-25 10:48 <REP> d-------- C:\Program Files\VistaDriveStatus

2008-02-25 10:41 . 2008-02-25 10:41 <REP> d-------- C:\Program Files\TransBar

2008-02-25 10:41 . 2008-02-25 10:41 <REP> d-------- C:\Program Files\Taskix

2008-02-25 10:41 . 2008-02-25 10:41 <REP> d-------- C:\Program Files\LClock

2008-02-25 09:47 . 2008-02-25 09:47 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\ESET

2008-02-25 09:39 . 2008-02-25 09:39 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET

2008-02-25 07:57 . 2008-02-25 07:57 <REP> d-------- C:\Program Files\PowerQuest

2008-02-24 09:02 . 2008-02-24 09:02 36 --a------ C:\WINDOWS\DaemonPlugin.INI

2008-02-24 08:46 . 2008-02-25 10:41 <REP> d-------- C:\Program Files\WTInstaller

2008-02-24 06:24 . 2008-02-24 06:24 <REP> d-------- C:\Program Files\DAEMON Tools

2008-02-24 06:20 . 2008-02-24 09:02 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\DAEMON Tools

2008-02-24 06:14 . 2008-02-24 06:14 <REP> d-------- C:\WINDOWS\system32\dumps

2008-02-24 03:52 . 2008-02-24 03:52 3,934 --a------ C:\WINDOWS\Ascd_tmp.ini

2008-02-24 03:51 . 2000-03-29 15:17 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS

2008-02-23 17:24 . 2008-02-24 02:55 249,856 --------- C:\WINDOWS\Setup1.exe

2008-02-23 17:24 . 2008-02-24 02:55 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2008-02-23 09:26 . 2008-02-25 22:45 <REP> d-------- C:\Downloads

2008-02-23 08:55 . 2008-02-23 08:55 32 --a------ C:\WINDOWS\go

2008-02-23 07:00 . 2008-02-23 07:00 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\DAEMON Tools Pro

2008-02-23 07:00 . 2008-02-23 07:00 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\DAEMON Tools Pro

2008-02-23 05:50 . 2008-02-23 05:51 <REP> d--h----- C:\WINDOWS\msdownld.tmp

2008-02-23 05:50 . 2008-02-25 11:05 <REP> d-------- C:\Program Files\Google

2008-02-22 12:55 . 2008-02-22 12:55 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller

2008-02-22 12:54 . 2008-02-22 12:54 <REP> d-------- C:\Program Files\Windows Live

2008-02-22 12:53 . 2008-02-22 12:53 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller

2008-02-21 02:15 . 2008-02-21 02:15 <REP> d-------- C:\Program Files\Microsoft Works

2008-02-21 02:12 . 2008-02-21 02:12 <REP> d-------- C:\Program Files\Microsoft.NET

2008-02-21 02:09 . 2008-02-21 02:09 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8

2008-02-21 02:07 . 2008-02-21 02:14 <REP> d-------- C:\WINDOWS\SHELLNEW

2008-02-21 02:04 . 2008-03-02 00:16 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help

2008-02-21 02:03 . 2008-02-21 02:03 <REP> dr-h----- C:\MSOCache

2008-02-20 08:14 . 2008-02-20 08:14 <REP> d-------- C:\WINDOWS\ServicePackFiles

2008-02-20 08:10 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\000001_.tmp

2008-02-20 06:41 . 2008-02-25 13:59 <REP> d-------- C:\WINDOWS\SxsCaPendDel

2008-02-20 03:52 . 2008-02-20 03:52 268 --ah----- C:\sqmdata08.sqm

2008-02-20 03:52 . 2008-02-20 03:52 244 --ah----- C:\sqmnoopt08.sqm

2008-02-20 02:54 . 2008-02-20 02:54 268 --ah----- C:\sqmdata07.sqm

2008-02-20 02:54 . 2008-02-20 02:54 244 --ah----- C:\sqmnoopt07.sqm

2008-02-19 23:16 . 2008-02-19 23:16 268 --ah----- C:\sqmdata06.sqm

2008-02-19 23:16 . 2008-02-19 23:16 244 --ah----- C:\sqmnoopt06.sqm

2008-02-19 21:39 . 2008-02-25 10:21 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8

2008-02-18 13:25 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-02-18 13:25 . 2007-07-01 04:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-02-18 08:08 . 2008-02-18 08:08 44 --a------ C:\WINDOWS\SMWizard.INI

2008-02-18 07:36 . 2008-02-18 19:03 <REP> d-------- C:\Program Files\Free Download Manager

2008-02-18 07:36 . 2008-02-25 23:23 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\Free Download Manager

2008-02-18 07:36 . 2008-02-18 07:36 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\FreeDownloadManager.ORG

2008-02-17 11:11 . 2008-02-17 11:11 <REP> d-------- C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\SmartFTP

2008-02-16 14:04 . 2008-02-16 14:04 754 --a------ C:\WINDOWS\WORDPAD.INI

2008-02-16 09:16 . 2008-02-25 15:41 121 --a------ C:\WINDOWS\bdagent.INI

2008-02-16 08:14 . 2008-02-16 08:14 <REP> d-------- C:\Documents and Settings\LocalService.AUTORITE NT\Menu Démarrer

2008-02-16 06:56 . 2008-02-16 06:56 <REP> d--hs---- C:\Diskeeper

2008-02-16 06:01 . 2008-03-01 18:51 <REP> d-------- C:\WINDOWS\BDOSCAN8

2008-02-16 01:29 . 2008-02-19 21:23 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira

2008-02-15 16:52 . 2008-02-15 16:52 <REP> d-------- C:\Program Files\Diskeeper Corporation

2008-02-15 16:52 . 2008-02-15 16:52 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Diskeeper Corporation

2008-02-14 20:37 . 2008-02-25 16:55 <REP> d-------- C:\Program Files\Trend Micro

2008-02-14 02:28 . 2008-02-14 02:31 679 --a------ C:\WINDOWS\wininit.ini

2008-02-13 20:40 . 2008-02-16 08:46 <REP> d-------- C:\MFT 2503

2008-02-13 07:50 . 2008-02-13 07:50 <REP> d-------- C:\Documents and Settings\Administrateur.JEROME\Application Data\TuneUp Software

2008-02-13 05:31 . 2008-02-13 05:31 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe

2008-02-13 05:31 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll

2008-02-13 05:30 . 2008-02-15 15:44 <REP> d-------- C:\Program Files\TuneUp Utilities 2008

2008-02-13 03:10 . 2008-02-13 03:10 <REP> d-------- C:\WINDOWS\IconsInUse

2008-02-13 02:38 . 2008-02-13 02:42 <REP> d-------- C:\Program Files\HDGraph

2008-02-08 17:14 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-02-08 17:14 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-02-05 18:54 . 2008-02-05 18:56 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft

2008-02-05 18:25 . 2008-02-25 11:12 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-02 14:34 22,528 -c--a-w C:\WINDOWS\system32\drivers\nhcDriver.sys

2008-03-02 13:16 --------- d-----w C:\Program Files\Java

2008-03-02 12:20 --------- d-----w C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\utorrent

2008-02-25 21:04 --------- d-----w C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\ma-config.com

2008-02-25 20:59 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-02-25 19:03 --------- d-----w C:\Program Files\WinamaxPoker

2008-02-25 17:06 --------- d-----w C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\Microgaming

2008-02-25 09:48 --------- d-----w C:\Program Files\Windows Media Connect 2

2008-02-25 04:55 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer

2008-02-25 00:22 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP

2008-02-25 00:22 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy

2008-02-24 05:12 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-02-23 02:51 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared

2008-02-21 01:14 --------- d-----w C:\Program Files\MSBuild

2008-02-18 12:32 --------- d-----w C:\Program Files\MSECache

2008-02-16 03:02 --------- d-----w C:\Program Files\MSN Messenger

2008-02-13 04:31 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software

2008-02-01 08:50 245,760 ----a-w C:\WINDOWS\system32\JkDefragScreenSaver.exe

2008-02-01 08:50 110,592 ----a-w C:\WINDOWS\system32\JkDefragScreenSaver.scr

2008-01-30 11:38 71,176 ----a-w C:\WINDOWS\system32\drivers\epfw.sys

2008-01-30 11:38 54,280 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys

2008-01-30 11:38 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys

2008-01-30 11:35 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys

2008-01-30 11:35 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys

2008-01-15 19:47 --------- d-----w C:\Documents and Settings\Administrateur.JEROME\Application Data\Lavasoft

2008-01-10 17:29 --------- d-----w C:\Documents and Settings\Jerome.JEROME-69F6ED99\Application Data\Samsung

2008-01-07 03:00 --------- d-----w C:\Program Files\UltraStar

2008-01-07 00:13 --------- d-----w C:\Program Files\Winamp

2007-12-13 18:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe

2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll

2007-12-06 13:05 108,144 -c--a-w C:\WINDOWS\system32\CmdLineExt.dll

2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE

2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

2007-12-04 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe

2007-12-03 17:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll

2006-12-02 14:25 853 -c--a-w C:\Documents and Settings\Jerome.JEROME-69F6ED99\reboot.cmd

2007-11-25 00:00 80 -csh--r C:\WINDOWS\system32\F29DB264E0.dll

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 0 (0x0)

"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSimpleStartMenu"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

--a--c--- 2005-02-08 17:38 159744 C:\Program Files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-19 16:09 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]

--a------ 2008-01-30 12:37 1443072 C:\Program Files\ESET\ESET Smart Security\egui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]

--a------ 2005-04-11 15:21 794624 C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kspkdcbfa]

c:\documents and settings\jerome.jerome-69f6ed99\local settings\application data\kspkdcbfa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NotebookHardwareControl]

--a------ 2007-05-04 01:33 2629632 C:\Program Files\Notebook Hardware Control\nhc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

--a--c--- 2004-10-14 08:11 1388544 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Taskix]

--a------ 2007-01-25 21:33 65536 C:\Program Files\Taskix\Taskix32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TransBar]

--a------ 2005-06-01 20:41 65536 C:\Program Files\TransBar\TransBar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vistadrv]

--a------ 2006-07-30 02:37 121089 C:\Program Files\VistaDriveStatus\vsdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTaskTips]

--a------ 2007-09-05 18:20 36352 C:\Program Files\VisualTaskTips\VisualTaskTips.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"avast! Web Scanner"=3 (0x3)

"avast! Mail Scanner"=3 (0x3)

"avast! Antivirus"=2 (0x2)

"aswUpdSv"=2 (0x2)

"xmlprov"=3 (0x3)

"WZCSVC"=2 (0x2)

"WudfSvc"=2 (0x2)

"wuauserv"=2 (0x2)

"wscsvc"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"WmiApSrv"=3 (0x3)

"WmdmPmSN"=3 (0x3)

"WLSetupSvc"=3 (0x3)

"winmgmt"=2 (0x2)

"WebClient"=2 (0x2)

"W32Time"=2 (0x2)

"VSS"=3 (0x3)

"UxTuneUp"=2 (0x2)

"usnjsvc"=3 (0x3)

"UPS"=3 (0x3)

"TuneUp.Defrag"=3 (0x3)

"TrkWks"=2 (0x2)

"Themes"=2 (0x2)

"TapiSrv"=3 (0x3)

"SysmonLog"=3 (0x3)

"SwPrv"=3 (0x3)

"srservice"=2 (0x2)

"SoundMAX Agent Service (default)"=2 (0x2)

"ShellHWDetection"=2 (0x2)

"SharedAccess"=2 (0x2)

"Schedule"=2 (0x2)

"SCardSvr"=3 (0x3)

"SamSs"=2 (0x2)

"RSVP"=3 (0x3)

"RDSessMgr"=3 (0x3)

"RasMan"=3 (0x3)

"RasAuto"=3 (0x3)

"ProtectedStorage"=2 (0x2)

"PolicyAgent"=2 (0x2)

"PlugPlay"=2 (0x2)

"ose"=3 (0x3)

"odserv"=3 (0x3)

"NtmsSvc"=3 (0x3)

"NtLmSsp"=3 (0x3)

"Nla"=3 (0x3)

"Netman"=3 (0x3)

"Netlogon"=3 (0x3)

"Nero BackItUp Scheduler 3"=2 (0x2)

"MSIServer"=3 (0x3)

"MSDTC"=3 (0x3)

"mnmsrvc"=3 (0x3)

"lanmanworkstation"=2 (0x2)

"lanmanserver"=2 (0x2)

"iPod Service"=3 (0x3)

"ImapiService"=3 (0x3)

"idsvc"=3 (0x3)

"HTTPFilter"=3 (0x3)

"hpqwmi"=3 (0x3)

"helpsvc"=2 (0x2)

"gusvc"=3 (0x3)

"FontCache3.0.0.0"=3 (0x3)

"Eventlog"=2 (0x2)

"ERSvc"=2 (0x2)

"ekrn"=2 (0x2)

"EhttpSrv"=3 (0x3)

"Dnscache"=2 (0x2)

"dmserver"=3 (0x3)

"dmadmin"=3 (0x3)

"Diskeeper"=2 (0x2)

"Dhcp"=2 (0x2)

"CryptSvc"=3 (0x3)

"clr_optimization_v2.0.50727_32"=2 (0x2)

"ClipSrv"=3 (0x3)

"CiSvc"=3 (0x3)

"Browser"=3 (0x3)

"BITS"=2 (0x2)

"AudioSrv"=2 (0x2)

"aspnet_state"=3 (0x3)

"AppMgmt"=3 (0x3)

"ALG"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efe338e7-7653-11dc-a2d1-000ae4d4acb8}]

\Shell\AutoRun\command - E:\TOTALCMD\TOTALCMD.EXE

\Shell\read\command - notepad.exe autorun.inf

\Shell\start\command - E:\TOTALCMD\TOTALCMD.EXE

\Shell\start1\command - siw\siw.exe

\Shell\start2\command - PowerMenu_150_FR\PowerMenu.exe

\Shell\start3\command - E:\_Divers\procexp.exe

\Shell\start4\command - hijackthis\HijackThis.exe

\Shell\start5\command - CCTASK\CCTASK.EXE

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-02 16:01:04

Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès

Les fichiers cachés: 0

**************************************************************************

.

Temps d'accomplissement: 2008-03-02 16:02:08

ComboFix-quarantined-files.txt 2008-03-02 15:01:59

ComboFix2.txt 2008-03-02 14:29:52

.

2008-03-01 23:18:17 --- E O F ---

option 1 en mode diagnostic:

-----------------------------[ Lop S&D 4.0.2 ]---------------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]

[ USER : Jerome ] [ "C:\Lop SD" ]

[ 02/03/2008 | 16:06:50,39 ] [ PC : JEROME ]

[ MAJ : 30-02-2008 | 00:12 ]

-------------[ Listing des dossiers dans Application Data ]------------

[08/12/2007|17:36] C:\DOCUME~1\Administrateur\APPLIC~1\.

[08/12/2007|17:36] C:\DOCUME~1\Administrateur\APPLIC~1\..

[07/10/2007|19:49] C:\DOCUME~1\Administrateur\APPLIC~1\desktop.ini

[07/10/2007|17:55] C:\DOCUME~1\Administrateur\APPLIC~1\Microsoft

[08/12/2007|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.

[08/12/2007|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..

[07/10/2007|16:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini

[07/10/2007|16:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[02/03/2008|01:27] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\.

[02/03/2008|01:27] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\..

[16/02/2008|05:03] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\addr_file.html

[20/02/2008|22:48] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Adobe

[11/10/2007|16:27] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple

[25/02/2008|05:55] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple Computer

[25/02/2008|10:21] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\avg8

[19/02/2008|21:23] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Avira

[23/02/2008|07:00] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\DAEMON Tools Pro

[09/10/2007|13:16] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\desktop.ini

[15/02/2008|16:52] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Diskeeper Corporation

[25/02/2008|09:39] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\ESET

[18/02/2008|07:36] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\FreeDownloadManager.ORG

[23/02/2008|05:50] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Google

[09/10/2007|12:18] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\hpqwmi

[09/10/2007|12:09] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\InstallShield

[02/03/2008|01:27] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Kaspersky Lab

[22/01/2008|18:16] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\LauncherAccess.dt

[05/02/2008|18:56] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Lavasoft

[17/02/2008|17:44] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft

[02/03/2008|00:16] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft Help

[26/02/2008|01:39] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Nero

[11/10/2007|16:37] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\751 QTSBandwidthCache

[09/10/2007|12:02] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\QuickTime

[25/02/2008|01:22] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy

[25/02/2008|01:22] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\TEMP

[25/02/2008|17:28] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Trend Micro

[13/02/2008|05:31] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\TuneUp Software

[09/10/2007|20:33] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Windows Genuine Advantage

[22/02/2008|12:53] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\WLInstaller

[08/12/2007|17:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.

[08/12/2007|17:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..

[07/10/2007|16:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini

[07/10/2007|16:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[08/12/2007|17:36] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\.

[08/12/2007|17:36] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\..

[09/10/2007|13:16] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\desktop.ini

[09/10/2007|11:32] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\Microsoft

[08/12/2007|17:36] C:\DOCUME~1\Jerome\APPLIC~1\.

[08/12/2007|17:36] C:\DOCUME~1\Jerome\APPLIC~1\..

[07/10/2007|19:49] C:\DOCUME~1\Jerome\APPLIC~1\desktop.ini

[07/10/2007|17:55] C:\DOCUME~1\Jerome\APPLIC~1\Microsoft

[25/02/2008|14:57] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\.

[25/02/2008|14:57] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\..

[20/02/2008|16:27] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Adobe

[09/10/2007|12:03] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Apple Computer

[18/11/2007|00:15] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Azureus

[09/10/2007|19:41] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\BitTorrent

[24/02/2008|09:02] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\DAEMON Tools

[23/02/2008|07:00] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\DAEMON Tools Pro

[09/10/2007|13:16] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\desktop.ini

[25/11/2007|00:59] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\DivX

[09/10/2007|19:41] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\dvdcss

[25/02/2008|09:47] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\ESET

[25/02/2008|10:54] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\FastStone

[09/10/2007|19:41] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\FileZilla

[25/02/2008|23:23] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Free Download Manager

[11/10/2007|19:22] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Google

[12/10/2007|14:27] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Help

[09/10/2007|19:41] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Identities

[09/10/2007|19:41] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\InterVideo

[01/12/2007|01:23] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Lavasoft

[06/12/2007|16:30] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Leadertech

[08/12/2007|17:36] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\ma-config(2).com

[25/02/2008|22:04] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\ma-config.com

[09/10/2007|20:09] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Macromedia

[10/11/2007|16:48] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Media Player Classic

[25/02/2008|18:06] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Microgaming

[21/02/2008|03:25] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Microsoft

[26/02/2008|01:45] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Nero

[11/10/2007|19:35] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\OpenArena

[25/11/2007|05:27] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\PC Tools

[10/01/2008|18:29] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Samsung

[09/10/2007|19:41] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Shareaza

[17/02/2008|11:11] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\SmartFTP

[06/12/2007|16:31] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Sonic

[10/11/2007|13:07] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Sun

[09/10/2007|19:43] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\TaoUSign

[25/12/2007|21:39] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\teamspeak2

[09/10/2007|19:43] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\temp

[09/10/2007|19:43] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Thunderbird

[17/11/2007|23:50] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\TuneUp Software

[24/11/2007|19:23] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Uniblue

[02/03/2008|13:20] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\utorrent

[11/10/2007|16:07] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\vlc

[11/10/2007|18:10] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\Winamp

[11/10/2007|16:44] C:\DOCUME~1\JEROME~1.JER\APPLIC~1\WinRAR

[08/12/2007|17:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\.

[08/12/2007|17:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\..

[07/10/2007|17:55] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[19/02/2008|21:41] C:\DOCUME~1\LOCALS~1.AUT\APPLIC~1\.

[19/02/2008|21:41] C:\DOCUME~1\LOCALS~1.AUT\APPLIC~1\..

[25/02/2008|10:17] C:\DOCUME~1\LOCALS~1.AUT\APPLIC~1\Microsoft

[08/12/2007|17:36] C:\DOCUME~1\NETWOR~1\APPLIC~1\.

[08/12/2007|17:36] C:\DOCUME~1\NETWOR~1\APPLIC~1\..

[07/10/2007|17:55] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[08/12/2007|17:36] C:\DOCUME~1\NETWOR~1.AUT\APPLIC~1\.

[08/12/2007|17:36] C:\DOCUME~1\NETWOR~1.AUT\APPLIC~1\..

[25/02/2008|10:17] C:\DOCUME~1\NETWOR~1.AUT\APPLIC~1\Microsoft

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[02/03/2008 15:55][--ah-c---] C:\WINDOWS\tasks\SA.DAT

[05/08/2004 13:00][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[29/02/2008|16:14] C:\Program Files\.

[29/02/2008|16:14] C:\Program Files\..

[07/10/2007|18:25] C:\Program Files\Adobe

[01/03/2008|22:50] C:\Program Files\AIDA32 - Personal System Information

[07/10/2007|18:35] C:\Program Files\Analog Devices

[09/10/2007|21:27] C:\Program Files\Apoint2K

[01/12/2007|17:35] C:\Program Files\CCleaner

[23/11/2007|19:52] C:\Program Files\CodeStuff

[07/10/2007|14:40] C:\Program Files\ComPlus Applications

[24/02/2008|06:24] C:\Program Files\DAEMON Tools

[15/02/2008|16:52] C:\Program Files\Diskeeper Corporation

[07/12/2007|19:40] C:\Program Files\EA SPORTS

[25/02/2008|23:33] C:\Program Files\ESET

[25/02/2008|10:51] C:\Program Files\FastStone Capture

[26/02/2008|01:39] C:\Program Files\Fichiers communs

[18/02/2008|19:03] C:\Program Files\Free Download Manager

[25/02/2008|11:05] C:\Program Files\Google

[29/02/2008|16:09] C:\Program Files\GUILD WARS

[13/02/2008|02:42] C:\Program Files\HDGraph

[09/10/2007|12:00] C:\Program Files\Hewlett-Packard

[09/10/2007|12:00] C:\Program Files\Hp

[09/10/2007|12:11] C:\Program Files\HPQ

[24/11/2007|20:09] C:\Program Files\inKline Global

[25/02/2008|21:59] C:\Program Files\InstallShield Installation Information

[08/12/2007|17:28] C:\Program Files\Intel

[23/02/2008|18:03] C:\Program Files\Internet Explorer

[09/10/2007|12:00] C:\Program Files\InterVideo

[24/12/2007|15:43] C:\Program Files\iPod

[28/02/2008|21:47] C:\Program Files\IrfanView

[24/12/2007|15:43] C:\Program Files\iTunes

[30/12/2007|18:18] C:\Program Files\IZArc

[02/03/2008|14:16] C:\Program Files\Java

[11/10/2007|18:00] C:\Program Files\K-Lite Codec Pack

[08/12/2007|14:47] C:\Program Files\Lavalys

[25/02/2008|10:41] C:\Program Files\LClock

[29/02/2008|20:16] C:\Program Files\ma-config.com

[20/02/2008|09:06] C:\Program Files\messenger

[23/11/2007|21:48] C:\Program Files\microsoft frontpage

[21/02/2008|02:14] C:\Program Files\Microsoft Office

[21/02/2008|02:14] C:\Program Files\Microsoft Visual Studio

[21/02/2008|02:09] C:\Program Files\Microsoft Visual Studio 8

[21/02/2008|02:15] C:\Program Files\Microsoft Works

[21/02/2008|02:12] C:\Program Files\Microsoft.NET

[20/02/2008|08:20] C:\Program Files\Movie Maker

[21/02/2008|02:14] C:\Program Files\MSBuild

[18/02/2008|13:32] C:\Program Files\MSECache

[09/10/2007|11:28] C:\Program Files\MSN Gaming Zone

[16/02/2008|04:02] C:\Program Files\MSN Messenger

[07/12/2007|20:26] C:\Program Files\MSXML 4.0

[10/11/2007|12:21] C:\Program Files\MSXML 6.0

[28/02/2008|02:22] C:\Program Files\Nero

[20/02/2008|08:14] C:\Program Files\NetMeeting

[24/11/2007|00:06] C:\Program Files\Notebook Hardware Control

[20/02/2008|08:14] C:\Program Files\Outlook Express

[25/02/2008|07:57] C:\Program Files\PowerQuest

[24/12/2007|15:40] C:\Program Files\QuickTime

[09/10/2007|21:38] C:\Program Files\Reference Assemblies

[09/10/2007|11:30] C:\Program Files\Services en ligne

[09/10/2007|12:09] C:\Program Files\Sonic

[10/12/2007|19:39] C:\Program Files\SystemRequirementsLab

[25/02/2008|10:41] C:\Program Files\Taskix

[29/02/2008|16:14] C:\Program Files\Teamspeak2_RC2

[25/02/2008|10:41] C:\Program Files\TransBar

[25/02/2008|16:55] C:\Program Files\Trend Micro

[15/02/2008|15:44] C:\Program Files\TuneUp Utilities 2008

[07/01/2008|04:00] C:\Program Files\UltraStar

[09/10/2007|11:39] C:\Program Files\Uninstall Information

[11/10/2007|18:11] C:\Program Files\uTorrent

[08/12/2007|19:14] C:\Program Files\VIA

[11/10/2007|16:06] C:\Program Files\VideoLAN

[25/02/2008|10:51] C:\Program Files\Virtual CDRom

[21/11/2007|17:52] C:\Program Files\Virtualis

[25/02/2008|10:48] C:\Program Files\VistaDriveStatus

[25/02/2008|10:41] C:\Program Files\VisualTaskTips

[07/10/2007|18:38] C:\Program Files\WIDCOMM

[25/02/2008|20:03] C:\Program Files\WinamaxPoker

[07/01/2008|01:13] C:\Program Files\Winamp

[22/02/2008|12:54] C:\Program Files\Windows Live

[28/02/2008|17:19] C:\Program Files\Windows Live Safety Center

[25/02/2008|10:48] C:\Program Files\Windows Media Connect 2

[28/02/2008|02:54] C:\Program Files\Windows Media Player

[20/02/2008|08:14] C:\Program Files\Windows NT

[09/10/2007|11:30] C:\Program Files\WindowsUpdate

[25/02/2008|10:41] C:\Program Files\WinRoll

[25/02/2008|10:41] C:\Program Files\WTInstaller

[09/10/2007|11:33] C:\Program Files\xerox

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[26/02/2008|01:39] C:\Program Files\Fichiers communs\.

[26/02/2008|01:39] C:\Program Files\Fichiers communs\..

[12/10/2007|14:20] C:\Program Files\Fichiers communs\Adobe

[21/02/2008|02:14] C:\Program Files\Fichiers communs\DESIGNER

[09/10/2007|12:09] C:\Program Files\Fichiers communs\InstallShield

[07/10/2007|18:45] C:\Program Files\Fichiers communs\Java

[02/03/2008|00:10] C:\Program Files\Fichiers communs\Microsoft Shared

[07/10/2007|16:42] C:\Program Files\Fichiers communs\MSSoap

[26/02/2008|01:43] C:\Program Files\Fichiers communs\Nero

[01/12/2007|05:23] C:\Program Files\Fichiers communs\NSV

[07/10/2007|16:14] C:\Program Files\Fichiers communs\ODBC

[09/10/2007|11:30] C:\Program Files\Fichiers communs\Services

[09/10/2007|12:06] C:\Program Files\Fichiers communs\Sonic Shared

[07/10/2007|16:14] C:\Program Files\Fichiers communs\SpeechEngines

[09/10/2007|12:09] C:\Program Files\Fichiers communs\SureThing Shared

[23/02/2008|03:51] C:\Program Files\Fichiers communs\Symantec Shared

[21/02/2008|02:08] C:\Program Files\Fichiers communs\System

[09/10/2007|12:07] C:\Program Files\Fichiers communs\TiVo Shared

[22/02/2008|12:55] C:\Program Files\Fichiers communs\WindowsLiveInstaller

[25/02/2008|11:12] C:\Program Files\Fichiers communs\Wise Installation Wizard

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

Aucun fichier / dossier Lop trouvé !

----------------------[ Verification du Registre ]----------------------

..... OK !

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE

----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-02 16:07:21

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden files ...

scan completed successfully

hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

Aucune autre infection trouvée !

/!\ [Fich:1][Doss:1] C:\DOCUME~1\JEROME~1.JER\LOCALS~1\Temp

/!\ [Fich:8][Doss:0] C:\DOCUME~1\JEROME~1.JER\Cookies

/!\ [Fich:156][Doss:4] C:\DOCUME~1\JEROME~1.JER\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 16:07:35,51 ]----------------------

Modifié le 2 mars 2008 par Gildas Ar Breizh

Citer

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité

Répondre à ce sujet…

× Collé en tant que texte enrichi. Coller en tant que texte brut à la place

Seulement 75 émoticônes maximum sont autorisées.

× Votre lien a été automatiquement intégré. Afficher plutôt comme un lien

× Votre contenu précédent a été rétabli. Vider l’éditeur

× Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

Insérer une image depuis une URL

×

https://forum.zebulon.fr/topic/140218-resolu-infect%C3%A9-mais-par-quoi-resolu/

Aller sur la liste des sujets

En ligne récemment 0 membre est en ligne
- Aucun utilisateur enregistré regarde cette page.

×

×

Créer...