Rapport Ad-Aware 2008 Pro

[El Diablo]

Bonsoir Gof!

 

J'ai refais une analyse avec Ad-Aware 2008 et plus rien, je pense que suite à la mise à jour de MBAM celui-ci les a détectés et supprimés... et voici le rapport de DialHelp:

 

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-01 22:07:35

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"

"h0"=dword:00000000

"ujdew"=hex:70,ee,8b,9d,98,e6,89,37,99,1c,2f,6c,4f,64,87,5a,65,70,4f,89,cc,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:eaaa1a9d

"s2"=dword:9d29e435

"h0"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000000

"ujdew"=hex:86,25,b1,1f,6b,33,37,a4,f9,f9,40,16,26,50,59,cb,7e,20,66,9d,28,..

"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"

"h0"=dword:00000000

"ujdew"=hex:70,ee,8b,9d,98,e6,89,37,99,1c,2f,6c,4f,64,87,5a,65,70,4f,89,cc,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000000

"ujdew"=hex:86,25,b1,1f,6b,33,37,a4,f9,f9,40,16,26,50,59,cb,7e,20,66,9d,28,..

"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden services: 0

hidden files: 0

 

Et voici le rapport de fin:

 

DiagHelp version v1.4 - http://www.malekal.com

excute le 01/10/2008 à 22:06:51,07

 

 

Liste des derniers fichies modifies/crees dans windir\system32 et prefetch

 

C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->10/09/2008 00:04:02

C:\WINDOWS\System32\drivers\mbam.sys -->10/09/2008 00:03:56

C:\WINDOWS\System32\drivers\vaxscsi.sys -->21/08/2008 14:11:09

C:\WINDOWS\System32\drivers\AnyDVD.sys -->01/08/2008 15:27:35

C:\WINDOWS\System32\drivers\ElbyCDIO.sys -->21/07/2008 14:11:58

C:\WINDOWS\System32\drivers\sptd.sys -->20/07/2008 12:17:23

C:\WINDOWS\System32\drivers\StarOpen.sys -->19/07/2008 14:04:45

 

C:\WINDOWS\System32\PerfStringBackup.INI -->30/09/2008 20:53:13

C:\WINDOWS\System32\perfh00C.dat -->30/09/2008 20:53:13

C:\WINDOWS\System32\perfh009.dat -->30/09/2008 20:53:13

C:\WINDOWS\System32\perfc00C.dat -->30/09/2008 20:53:13

C:\WINDOWS\System32\perfc009.dat -->30/09/2008 20:53:13

C:\WINDOWS\System32\Postin__.FOT -->30/09/2008 20:47:56

C:\WINDOWS\System32\wpa.dbl -->30/09/2008 12:26:34

C:\WINDOWS\System32\MsiExec.exe.log -->24/08/2008 22:06:36

C:\WINDOWS\System32\jupdate-1.6.0_07-b06.log -->22/08/2008 17:42:37

C:\WINDOWS\System32\TZLog.log -->21/08/2008 16:02:07

C:\WINDOWS\System32\FNTCACHE.DAT -->07/08/2008 20:25:47

C:\WINDOWS\System32\divxsm.tlb -->25/07/2008 10:36:00

C:\WINDOWS\System32\DivXsm.exe -->25/07/2008 10:36:00

C:\WINDOWS\System32\dpl100.dll -->25/07/2008 10:34:54

C:\WINDOWS\System32\dtu100.dll -->25/07/2008 10:34:52

C:\WINDOWS\System32\dpuGUI10.dll -->25/07/2008 10:34:50

C:\WINDOWS\System32\dpv11.dll -->25/07/2008 10:34:46

C:\WINDOWS\System32\dpus11.dll -->25/07/2008 10:34:46

C:\WINDOWS\System32\dpuGUI11.dll -->25/07/2008 10:34:46

C:\WINDOWS\System32\dpu11.dll -->25/07/2008 10:34:46

C:\WINDOWS\System32\dpu10.dll -->25/07/2008 10:34:46

C:\WINDOWS\System32\divx_xx07.dll -->25/07/2008 10:34:42

C:\WINDOWS\System32\divx_xx11.dll -->25/07/2008 10:34:40

C:\WINDOWS\System32\divx_xx0c.dll -->25/07/2008 10:34:40

C:\WINDOWS\System32\divx_xx0a.dll -->25/07/2008 10:34:40

 

C:\WINDOWS\0.log -->30/09/2008 20:49:04

C:\WINDOWS\WindowsUpdate.log -->30/09/2008 20:48:57

C:\WINDOWS\wiadebug.log -->30/09/2008 20:48:56

C:\WINDOWS\wiaservc.log -->30/09/2008 20:48:55

C:\WINDOWS\bootstat.dat -->30/09/2008 20:47:33

C:\WINDOWS\setupapi.log -->30/09/2008 20:45:45

C:\WINDOWS\win.ini -->28/09/2008 22:16:52

C:\WINDOWS\system.ini -->28/09/2008 22:16:52

C:\WINDOWS\Sti_Trace.log -->18/09/2008 22:23:22

C:\WINDOWS\Irremote.ini -->24/08/2008 21:52:35

C:\WINDOWS\NeroDigital.ini -->21/08/2008 21:46:48

C:\WINDOWS\cdplayer.ini -->21/08/2008 15:49:52

C:\WINDOWS\BlendSettings.ini -->29/07/2008 21:31:54

C:\WINDOWS\ativpsrm.bin -->24/07/2008 13:01:36

C:\WINDOWS\S4A2BAD3B.tmp -->20/07/2008 10:47:06

 

winlogon.exe

Verified: Signed

svchost.exe

Verified: Signed

ws2_32.dll

Verified: Signed

user32.dll

Verified: Signed

tcpip.sys

Verified: Signed

ndis.sys

Verified: Signed

null.sys

Verified: Signed

 

 

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

------------------------------------------------------------------------------

explorer.exe pid: 1584

Command line: C:\WINDOWS\Explorer.EXE

 

Base Size Version Path

0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll

0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll

0x76610000 0x84000 5.131.2600.5512 C:\WINDOWS\system32\CRYPTUI.dll

0x44080000 0xd0000 7.00.6000.16705 C:\WINDOWS\system32\WININET.dll

0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll

0x43e00000 0x45000 7.00.6000.16705 C:\WINDOWS\system32\iertutil.dll

0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll

0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll

0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL

0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll

0x44360000 0x5cd000 7.00.6000.16705 C:\WINDOWS\system32\ieframe.dll

0x76ac0000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL

0x44160000 0x127000 7.00.6000.16705 C:\WINDOWS\system32\urlmon.dll

0x442b0000 0x3c000 7.00.6000.16705 C:\WINDOWS\system32\webcheck.dll

0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll

0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll

0x67080000 0x1c000 3.01.0001.0001 C:\Program Files\FileZilla FTP Client\fzshellext.dll

0x10000000 0x11000 5.01.0000.3300 C:\WINDOWS\system32\btncopy.dll

0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll

0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll

0x7d200000 0x2bc000 3.01.4001.5512 C:\WINDOWS\system32\msi.dll

0x02250000 0x16000 5.01.0000.3300 C:\WINDOWS\system32\btmmhook.dll

0x00980000 0xf000 C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll

0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll

0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll

0x03010000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA

0x00d70000 0x10000 8.00.0000.0456 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll

0x4eb80000 0x1a6000 5.01.3102.5581 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll

0x6bd10000 0x10000 12.00.4518.1014 C:\Program Files\Microsoft Office\Office12\msohevi.dll

0x16200000 0x6000 4.01.0000.0000 C:\Program Files\WinZip\wzshlstb.dll

0x011f0000 0x12000 1.01.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll

0x01390000 0x40000 3.05.0003.0000 C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll

0x782e0000 0x10f000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL

0x7c420000 0x87000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll

0x5d360000 0xf000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80FRA.DLL

0x01500000 0x2d000 C:\Program Files\WinRAR\rarext.dll

0x22000000 0x2e000 3.00.0650.0000 C:\Program Files\ESET\ESET Smart Security\shellExt.dll

0x04480000 0x202000 3.03.0003.0000 C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll

0x781d0000 0x10f000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL

0x74da0000 0x6d000 5.30.0023.1230 C:\WINDOWS\system32\RICHED20.dll

0x5a500000 0x50000 8.05.1302.1018 C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll

0x04690000 0x27e000 5.02.5721.5145 C:\WINDOWS\system32\wpdshext.dll

0x07160000 0x46000 5.02.5721.5145 C:\WINDOWS\system32\Audiodev.dll

0x15110000 0x25a000 11.00.5721.5145 C:\WINDOWS\system32\WMVCore.DLL

0x11c70000 0x3a000 11.00.5721.5238 C:\WINDOWS\system32\WMASF.DLL

0x01440000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll

 

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

------------------------------------------------------------------------------

winlogon.exe pid: 544

Command line: winlogon.exe

 

Base Size Version Path

0x01000000 0x82000 \??\C:\WINDOWS\system32\winlogon.exe

0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll

0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll

0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll

0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\COMCTL32.dll

0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll

0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll

0x10000000 0x20000 6.14.0010.4176 C:\WINDOWS\system32\Ati2evxx.dll

0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll

0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL

0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll

 

 

Le volume dans le lecteur C s'appelle Programmes

Le numéro de série du volume est C0DA-F6FD

 

Répertoire de C:\WINDOWS\system

 

17/07/2002 17:22 4 672 WOWPOST.EXE

1 fichier(s) 4 672 octets

0 Rép(s) 6 940 733 952 octets libres

Le volume dans le lecteur C s'appelle Programmes

Le numéro de série du volume est C0DA-F6FD

 

Répertoire de C:\WINDOWS\system32

 

14/04/2008 04:33 6 144 csrss.exe

1 fichier(s) 6 144 octets

0 Rép(s) 6 940 733 952 octets libres

 

Contenu de Downloaded Program Files

Le volume dans le lecteur C s'appelle Programmes

Le numéro de série du volume est C0DA-F6FD

 

Répertoire de C:\WINDOWS\Downloaded Program Files

 

28/09/2008 22:30 <REP> .

28/09/2008 22:30 <REP> ..

16/09/2008 09:11 963 704 asquared.ocx

18/07/2008 21:17 65 desktop.ini

11/04/2007 14:55 1 292 erma.inf

24/03/2008 19:33 1 527 056 FP_AX_CAB_INSTALLER.exe

20/06/2006 15:44 379 704 MsnPUpld.dll

19/06/2006 14:40 393 MsnPUpld.inf

30/07/2007 19:24 295 muweb.inf

27/09/1999 08:12 624 128 npcc.dll

20/06/2006 15:44 117 560 PURen-us.dll

09/01/2007 08:30 110 592 PURfr-fr.dll

24/03/2008 19:18 247 swflash.inf

30/07/2007 19:24 293 wuweb.inf

12 fichier(s) 3 725 329 octets

 

Total des fichiers listés :

12 fichier(s) 3 725 329 octets

2 Rép(s) 6 940 731 904 octets libres

 

Recherche de rootkit! (Merci S!Ri)

 

Recherche d'infections connues

 

Export des clefs sensibles..

 

 

Liste des fichiers en exception sur le pare-feu XP SP2

 

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\eMule\\eMule.exe"="C:\\Program Files\\eMule\\eMule.exe:*:Enabled:eMule"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

Export de la clef SharedTaskScheduler

 

[sharedTaskScheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

 

 

 

exports des policies

REGEDIT4

 

[system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

 

 

 

Export des clefs sensibles..

Rechercher adresses sensibles dans le fichier HOSTS...

127.0.0.1 www.symantecreview.com

127.0.0.1 liveupdate.myim.cn

127.0.0.1 liveupdatesnet.com

127.0.0.1 www.liveupdatesnet.com

# hpHosts last updated on: 29/03/2008 18:36

127.0.0.1 activexupdate.com

127.0.0.1 ads.macupdate.com

127.0.0.1 ads1.updated.com

127.0.0.1 anit1478.msupdater.org

127.0.0.1 anit1808.msupdater.org

127.0.0.1 anit2157.msupdater.org

127.0.0.1 anit2242.msupdater.org

127.0.0.1 anit2350.msupdater.org

127.0.0.1 anit2393.msupdater.org

127.0.0.1 anit2520.msupdater.org

127.0.0.1 anit2811.msupdater.org

127.0.0.1 anit2824.msupdater.org

127.0.0.1 anit2840.msupdater.org

127.0.0.1 anit2948.msupdater.org

127.0.0.1 anit3039.msupdater.org

127.0.0.1 anit427.msupdater.org

127.0.0.1 anit988.msupdater.org

127.0.0.1 antispywareupdates.net

127.0.0.1 av-update.net

127.0.0.1 dlx.getupdate.com

127.0.0.1 getupdate.com

127.0.0.1 getupdate.info

127.0.0.1 install38.msupdater.org

127.0.0.1 liveupdate.myim.cn

127.0.0.1 liveupdatesnet.com

127.0.0.1 msupdate.org

127.0.0.1 msupdater.com

127.0.0.1 msupdater.net

127.0.0.1 msupdater.org

127.0.0.1 necessaryupdates.com

127.0.0.1 needupdate.com

127.0.0.1 nl.browserupdate.co.uk

127.0.0.1 ns1.updatesystempage.com

127.0.0.1 ns2.updatesystempage.com

127.0.0.1 nvupdate.cn

127.0.0.1 online.update.redirect.hm

127.0.0.1 pcsecurityupdates.com

127.0.0.1 registryupdate.com

127.0.0.1 securityupdater.com

127.0.0.1 sp2msupdateresearch.com

127.0.0.1 systemsecurityupdate.com

127.0.0.1 systemupdate.net

127.0.0.1 systemupdates.net

127.0.0.1 sysupdate.ieplugin.com

127.0.0.1 sysupdates.com

127.0.0.1 sysupdates2.com

127.0.0.1 update.680180.net

127.0.0.1 update.doctorvaccine.co.kr

127.0.0.1 update.downloadaccelerator.com

127.0.0.1 update.downloadv3.com

127.0.0.1 update.msupdater.com

127.0.0.1 update.outerinfo.com

127.0.0.1 update.searchmiracle.com

127.0.0.1 update.searchsquire.com

127.0.0.1 update.smart-browser.com

127.0.0.1 update.topconverting.com

127.0.0.1 update.vaccinepro.co.kr

127.0.0.1 update.webhancer.com

127.0.0.1 update.yupsearch.com

127.0.0.1 update.zero-virus.co.kr

127.0.0.1 update1.nbar.co.kr

127.0.0.1 update1.shopcenter.co.kr

127.0.0.1 update2.outerinfo.com

127.0.0.1 update32.searchmiracle.com

127.0.0.1 update32.yupsearch.com

127.0.0.1 updateallpage.com

127.0.0.1 updatecenter.com

127.0.0.1 updatedmatures.com

127.0.0.1 updated-microsoft.com

127.0.0.1 updatehere.com

127.0.0.1 update-microsofts.com

127.0.0.1 updatenow.com

127.0.0.1 updatenow.org

127.0.0.1 updates.adultprovide.com

127.0.0.1 updates.browseraid.com

127.0.0.1 updates.copernic.com

127.0.0.1 updates.desktop.ak-networks.com

127.0.0.1 updates.hotbar.com

127.0.0.1 updates.shopperreports.com

127.0.0.1 updatescenter.com

127.0.0.1 updatesearches.com

127.0.0.1 updateserver1.com

127.0.0.1 updatesystempage.com

127.0.0.1 updateyoursystem.com

127.0.0.1 urgentsystemupdate.com

127.0.0.1 urgentwindowsupdate.biz

127.0.0.1 windowsupdate.62nds.com

127.0.0.1 windowsupdates.info

127.0.0.1 winquickupdates.com

127.0.0.1 win-update.net

127.0.0.1 www.activexupdate.com

127.0.0.1 www.antispywareupdates.net

127.0.0.1 www.av-update.net

127.0.0.1 www.browserupdate.co.uk

127.0.0.1 www.dlx.getupdate.com

127.0.0.1 www.getupdate.com

127.0.0.1 www.getupdate.info

127.0.0.1 www.liveupdatesnet.com

127.0.0.1 www.msupdate.org

127.0.0.1 www.msupdater.com

127.0.0.1 www.msupdater.net

127.0.0.1 www.msupdater.org

127.0.0.1 www.necessaryupdates.com

127.0.0.1 www.needupdate.com

127.0.0.1 www.nvupdate.cn

127.0.0.1 www.pcsecurityupdates.com

127.0.0.1 www.registryupdate.com

127.0.0.1 www.securityupdater.com

127.0.0.1 www.sp2msupdateresearch.com

127.0.0.1 www.systemsecurityupdate.com

127.0.0.1 www.systemupdate.net

127.0.0.1 www.systemupdates.net

127.0.0.1 www.sysupdate.ieplugin.com

127.0.0.1 www.sysupdates.com

127.0.0.1 www.sysupdates2.com

127.0.0.1 www.updateallpage.com

127.0.0.1 www.updatecenter.com

127.0.0.1 www.updatedmatures.com

127.0.0.1 www.updated-microsoft.com

127.0.0.1 www.updatehere.com

127.0.0.1 www.update-microsofts.com

127.0.0.1 www.updatenow.org

127.0.0.1 www.updatescenter.com

127.0.0.1 www.updatesearches.com

127.0.0.1 www.updateserver1.com

127.0.0.1 www.updatesystempage.com

127.0.0.1 www.updateyoursystem.com

127.0.0.1 www.urgentsystemupdate.com

127.0.0.1 www.urgentwindowsupdate.biz

127.0.0.1 www.windowsupdates.info

127.0.0.1 www.winquickupdates.com

127.0.0.1 www.yoursystemupdate.com

127.0.0.1 yoursystemupdate.com

## Append critical updates below ############################127.0.0.1 wdcs.trendmicro.com

127.0.0.1 panda-antivirus-2008.com

127.0.0.1 www.panda-antivirus-2008.com

127.0.0.1 www.pandamovies.com

127.0.0.1 www.pornopanda.com

127.0.0.1 urgentwindowsupdate.biz

127.0.0.1 windowsupdate.62nds.com

127.0.0.1 windowsupdates.info

127.0.0.1 www.urgentwindowsupdate.biz

127.0.0.1 www.windowsupdates.info

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-01 22:07:35

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"

"h0"=dword:00000000

"ujdew"=hex:70,ee,8b,9d,98,e6,89,37,99,1c,2f,6c,4f,64,87,5a,65,70,4f,89,cc,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:eaaa1a9d

"s2"=dword:9d29e435

"h0"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000000

"ujdew"=hex:86,25,b1,1f,6b,33,37,a4,f9,f9,40,16,26,50,59,cb,7e,20,66,9d,28,..

"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"

"h0"=dword:00000000

"ujdew"=hex:70,ee,8b,9d,98,e6,89,37,99,1c,2f,6c,4f,64,87,5a,65,70,4f,89,cc,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000000

"ujdew"=hex:86,25,b1,1f,6b,33,37,a4,f9,f9,40,16,26,50,59,cb,7e,20,66,9d,28,..

"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden services: 0

hidden files: 0

 

 

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

 

Process list by traversal of KiWaitListHead

 

4 - System

260 - everest.exe

340 - DkService.exe

344 - LManager.exe

372 - BTTray.exe

484 - SynTPEnh.exe

504 - egui.exe

544 - winlogon.exe

604 - aawservice.exe

800 - ekrn.exe

872 - ctfmon.exe

900 - services.exe

912 - lsass.exe

988 - msnmsgr.exe

1088 - msmsgs.exe

1288 - iexplore.exe

1312 - svchost.exe

1572 - svchost.exe

1584 - explorer.exe

1668 - svchost.exe

1696 - csrss.exe

1832 - Ad-Watch.exe

2140 - eMule.exe

2156 - alg.exe

3980 - cmd.exe

 

Total number of processes = 25

NOTE: Under WinXP, this will not show all processes.

 

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

 

Driver/Module list by traversal of PsLoadedModuleList

 

804D7000 - \WINDOWS\system32\ntkrnlpa.exe

806E4000 - \WINDOWS\system32\hal.dll

BA5A8000 - \WINDOWS\system32\KDCOM.DLL

BA4B8000 - \WINDOWS\system32\BOOTVID.dll

B9EAA000 - spuu.sys

BA5AA000 - \WINDOWS\System32\Drivers\WMILIB.SYS

B9E92000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS

B9E63000 - ACPI.sys

B9E52000 - pci.sys

BA0A8000 - isapnp.sys

BA0B8000 - ohci1394.sys

BA0C8000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS

BA4BC000 - compbatt.sys

BA4C0000 - \WINDOWS\system32\DRIVERS\BATTC.SYS

BA670000 - pciide.sys

BA328000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

B9E34000 - pcmcia.sys

BA0D8000 - MountMgr.sys

B9E15000 - ftdisk.sys

BA5AC000 - dmload.sys

B9DEF000 - dmio.sys

BA4C4000 - ACPIEC.sys

BA671000 - \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS

BA330000 - PartMgr.sys

BA0E8000 - VolSnap.sys

B9DD7000 - atapi.sys

BA0F8000 - o2media.sys

BA108000 - disk.sys

BA118000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

B9DB7000 - fltmgr.sys

BA128000 - PxHelp20.sys

B9DA0000 - KSecDD.sys

B9D13000 - Ntfs.sys

B9CE6000 - NDIS.sys

B9CCC000 - Mup.sys

BA168000 - \SystemRoot\system32\DRIVERS\AmdK8.sys

BA560000 - \SystemRoot\system32\DRIVERS\wmiacpi.sys

B99C0000 - \SystemRoot\system32\DRIVERS\ati2mtag.sys

B99AC000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

B9966000 - \SystemRoot\system32\DRIVERS\yk51x86.sys

B98D2000 - \SystemRoot\system32\DRIVERS\bcmwl5.sys

BA388000 - \SystemRoot\system32\DRIVERS\usbohci.sys

B98AE000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS

BA390000 - \SystemRoot\system32\DRIVERS\usbehci.sys

BA178000 - \SystemRoot\system32\DRIVERS\imapi.sys

B9897000 - \SystemRoot\System32\Drivers\AnyDVD.sys

BA398000 - \SystemRoot\System32\Drivers\ElbyCDFL.sys

BA188000 - \SystemRoot\system32\DRIVERS\cdrom.sys

BA198000 - \SystemRoot\system32\DRIVERS\redbook.sys

B9874000 - \SystemRoot\system32\DRIVERS\ks.sys

B984C000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys

BA578000 - \SystemRoot\system32\DRIVERS\CmBatt.sys

BA1A8000 - \SystemRoot\system32\DRIVERS\i8042prt.sys

BA3B0000 - \SystemRoot\system32\DRIVERS\DKbFltr.sys

BA3C0000 - \SystemRoot\system32\DRIVERS\kbdclass.sys

B9817000 - \SystemRoot\system32\DRIVERS\SynTP.sys

BA5B0000 - \SystemRoot\system32\DRIVERS\USBD.SYS

BA3D8000 - \SystemRoot\system32\DRIVERS\mouclass.sys

B9803000 - \SystemRoot\system32\DRIVERS\sdbus.sys

BA1B8000 - \SystemRoot\system32\DRIVERS\nic1394.sys

B97B9000 - \SystemRoot\System32\Drivers\vaxscsi.sys

B96E8000 - \SystemRoot\system32\DRIVERS\btkrnl.sys

BA1C8000 - \SystemRoot\system32\DRIVERS\Epfwndis.sys

BA7D7000 - \SystemRoot\system32\DRIVERS\audstub.sys

BA1D8000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys

BA588000 - \SystemRoot\system32\DRIVERS\ndistapi.sys

B96D1000 - \SystemRoot\system32\DRIVERS\ndiswan.sys

BA1E8000 - \SystemRoot\system32\DRIVERS\raspppoe.sys

BA1F8000 - \SystemRoot\system32\DRIVERS\raspptp.sys

BA418000 - \SystemRoot\system32\DRIVERS\TDI.SYS

B9620000 - \SystemRoot\system32\DRIVERS\psched.sys

BA208000 - \SystemRoot\system32\DRIVERS\msgpc.sys

BA428000 - \SystemRoot\system32\DRIVERS\ptilink.sys

BA438000 - \SystemRoot\system32\DRIVERS\raspti.sys

B95F0000 - \SystemRoot\system32\DRIVERS\rdpdr.sys

BA218000 - \SystemRoot\system32\DRIVERS\termdd.sys

BA5B6000 - \SystemRoot\system32\DRIVERS\swenum.sys

B9592000 - \SystemRoot\system32\DRIVERS\update.sys

B9CA8000 - \SystemRoot\system32\DRIVERS\mssmbios.sys

BA228000 - \SystemRoot\system32\DRIVERS\AmdLLD.sys

BA458000 - \SystemRoot\system32\DRIVERS\btport.sys

B94EA000 - \SystemRoot\system32\drivers\btaudio.sys

B94C6000 - \SystemRoot\system32\drivers\portcls.sys

BA238000 - \SystemRoot\system32\drivers\drmk.sys

BA248000 - \SystemRoot\System32\Drivers\NDProxy.SYS

BA278000 - \SystemRoot\system32\DRIVERS\usbhub.sys

AD021000 - \SystemRoot\system32\drivers\RtkHDAud.sys

ACFED000 - \SystemRoot\system32\DRIVERS\HSFHWAZL.sys

ACEFB000 - \SystemRoot\system32\DRIVERS\HSF_DPV.sys

ACE48000 - \SystemRoot\system32\DRIVERS\HSF_CNXT.sys

BA478000 - \SystemRoot\System32\Drivers\Modem.SYS

BA5C2000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS

BA6A0000 - \SystemRoot\System32\Drivers\Null.SYS

BA5C6000 - \SystemRoot\System32\Drivers\Beep.SYS

BA4B0000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

BA340000 - \SystemRoot\System32\drivers\vga.sys

BA5CA000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys

BA378000 - \SystemRoot\System32\Drivers\Msfs.SYS

BA3A0000 - \SystemRoot\System32\Drivers\Npfs.SYS

B9582000 - \SystemRoot\system32\DRIVERS\rasacd.sys

ACDED000 - \SystemRoot\system32\DRIVERS\ipsec.sys

ACD94000 - \SystemRoot\system32\DRIVERS\tcpip.sys

ACD5A000 - \SystemRoot\system32\DRIVERS\epfwtdi.sys

ACD34000 - \SystemRoot\system32\DRIVERS\ipnat.sys

BA288000 - \SystemRoot\system32\DRIVERS\wanarp.sys

ACC6C000 - \SystemRoot\system32\DRIVERS\netbt.sys

BA298000 - \SystemRoot\system32\DRIVERS\arp1394.sys

ACC4A000 - \SystemRoot\System32\drivers\afd.sys

BA2A8000 - \SystemRoot\system32\DRIVERS\netbios.sys

BA3D0000 - \SystemRoot\System32\Drivers\StarOpen.SYS

ACC1F000 - \SystemRoot\system32\DRIVERS\rdbss.sys

BA706000 - \SystemRoot\System32\Drivers\PQNTDrv.SYS

ACBAF000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys

BA2C8000 - \SystemRoot\System32\Drivers\Fips.SYS

BA3F0000 - \SystemRoot\System32\Drivers\ElbyCDIO.sys

BA2E8000 - \SystemRoot\system32\DRIVERS\easdrv.sys

BA408000 - \SystemRoot\system32\DRIVERS\usbccgp.sys

ACB91000 - \SystemRoot\System32\Drivers\usbvideo.sys

ACB46000 - \SystemRoot\system32\DRIVERS\ATSwpDrv.sys

BA318000 - \SystemRoot\System32\Drivers\Cdfs.SYS

ACB2E000 - \SystemRoot\System32\Drivers\dump_atapi.sys

BA5D4000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS

BF800000 - \SystemRoot\System32\win32k.sys

ACE20000 - \SystemRoot\System32\drivers\Dxapi.sys

BA448000 - \SystemRoot\System32\watchdog.sys

BF000000 - \SystemRoot\System32\drivers\dxg.sys

BA7D9000 - \SystemRoot\System32\drivers\dxgthk.sys

BF012000 - \SystemRoot\System32\ati2dvag.dll

BF057000 - \SystemRoot\System32\ati2cqag.dll

BF0D1000 - \SystemRoot\System32\atikvmag.dll

BF13D000 - \SystemRoot\System32\atiok3x2.dll

BF16B000 - \SystemRoot\System32\ati3duag.dll

BF468000 - \SystemRoot\System32\ativvaxx.dll

BFFA0000 - \SystemRoot\System32\ATMFD.DLL

AA7A1000 - \SystemRoot\system32\DRIVERS\epfw.sys

AA7D5000 - \SystemRoot\system32\DRIVERS\ndisuio.sys

AA494000 - \SystemRoot\system32\drivers\wdmaud.sys

AA719000 - \SystemRoot\system32\drivers\sysaudio.sys

BA430000 - \SystemRoot\System32\drivers\aspi32.sys

AA1F1000 - \SystemRoot\system32\DRIVERS\eamon.sys

AA29E000 - \SystemRoot\system32\DRIVERS\mdmxsdk.sys

BA460000 - \SystemRoot\system32\DRIVERS\xaudio.sys

AA05F000 - \SystemRoot\system32\DRIVERS\srv.sys

BA634000 - \??\C:\WINDOWS\system32\drivers\AWRTPD.sys

AA01F000 - \??\C:\WINDOWS\system32\drivers\NSDriver.sys

A9F87000 - \??\C:\Program Files\Benchmark\Everest\kerneld.wnt

ACE28000 - \SystemRoot\system32\DRIVERS\hidusb.sys

A9B92000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

AA013000 - \SystemRoot\system32\DRIVERS\mouhid.sys

A983C000 - \SystemRoot\system32\drivers\kmixer.sys

BA712000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

 

Total number of drivers = 151

 

Liste des programmes installes

 

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

2007 Microsoft Office Suite Service Pack 1 (SP1)

3DMark05

3DMark06

4 Super Jeux 1.1

Ad-Aware

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)

Adobe Flash Player ActiveX

Adobe Flash Player Plugin

Adobe Reader 8.1.2 - Français

Adobe Reader 8.1.2 Security Update 1 (KB403742)

AnyDVD

Apple Software Update

Archiveur WinRAR

ATI - Software Uninstall Utility

ATI Display Driver

AutoUpdate

CCleaner (remove only)

CloneCD

CloneDVD2

Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007

CyberLink PowerDVD 8

CyberLink PowerDVD 8

Diablo II

Diskeeper 2008 Pro Premier

DivX Codec

DivX Converter

DivX Player

DivX Web Player

Dual-Core Optimizer

DVD Decoder Pak for Windows XP

DVD Shrink 3.2

Easy CD-DA Extractor 11

ESET Smart Security

EVEREST Ultimate Edition v4.50

FileZilla Client 3.1.1.1

Google Earth

HijackThis 2.0.2

HomePlayer 1.5.6b

hpHosts

Java 6 Update 7

jv16 PowerTools 2008

Launch Manager

Lecteur Windows Media 11

Malwarebytes' Anti-Malware

Marvell Miniport Driver

Media Library Management Wizard

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 French Language Pack

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0

Microsoft .NET Framework 2.0

Microsoft .NET Framework 2.0 Language Pack - FRA

Microsoft .NET Framework 3.0

Microsoft .NET Framework 3.0

Microsoft .NET Framework 3.0 French Language Pack

Microsoft AutoRoute 2007 avec récepteur GPS

Microsoft Money

Microsoft Office Access MUI (French) 2007

Microsoft Office Excel MUI (French) 2007

Microsoft Office InfoPath MUI (French) 2007

Microsoft Office Language Pack 2007 Service Pack 1 (SP1)

Microsoft Office Outlook MUI (French) 2007

Microsoft Office PowerPoint MUI (French) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (Arabic) 2007

Microsoft Office Proof (Dutch) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (French) 2007

Microsoft Office Publisher MUI (French) 2007

Microsoft Office Shared MUI (French) 2007

Microsoft Office Word MUI (French) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (French) 12

Microsoft Visual C++ 2005 Redistributable

Microsoft XML Parser

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)

Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA

Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0

Movie Maker Background Music Files

Movie Maker Sound Effects

Movie Maker Title Images

Mozilla Firefox (3.0.1)

MP3 Creation Pack for WinXP

MSXML 4.0 SP2 (KB936181)

MSXML 6.0 Parser

Nero 8 Ultra Edition HD

neroxml

NFO viewer v 2.1

NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up

Package de pilotes Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)

PartitionMagic

Personal License Update Wizard for Windows Media Player

Plus! MP3 Audio Converter LE

Post-it® Software Notes

PowerQuest PartitionMagic 8.0

QuickTime

RealPlayer

RealSpeak Solo pour la voix francaise Virginie

Realtek High Definition Audio Driver

RM Converter 3.21

SAMSUNG CDMA Modem Driver Set

Samsung Mobile phone USB driver Software

SAMSUNG Mobile USB Modem 1.0 Software

SAMSUNG Mobile USB Modem Software

Samsung PC Studio

Samsung PC Studio

Security Update for 2007 Microsoft Office System (KB951596)

Security Update for 2007 Microsoft Office System (KB951944)

Security Update for Microsoft Office Excel 2007 (KB951546)

Security Update for Microsoft Office PowerPoint 2007 (KB951338)

Security Update for Microsoft Office Publisher 2007 (KB950114)

Security Update for Microsoft Office system 2007 (KB951808)

Security Update for Microsoft Office system 2007 (KB954326)

Security Update for Microsoft Office Word 2007 (KB950113)

Security Update pour Microsoft .NET Framework 2.0 (KB928365)

Severance: Blade of Darkness

Spelling Dictionaries Support For Adobe Reader 8

SUPER © Version 2008.bld.30 (Mar 22, 2008)

Synaptics Pointing Device Driver

TablePCRT

TomTom HOME

Universalis 10

Update for Microsoft Office Outlook 2007 (KB952142)

Update for Office 2007 (KB946691)

Update for Outlook 2007 Junk Email Filter (kb956080)

VC_MergeModuleToMSI

VCRedistSetup

VideoLAN VLC media player 0.8.6h

WebFldrs XP

WIDCOMM Bluetooth Software

WinAVI Video Converter 8.0

Windows Communication Foundation

Windows Communication Foundation Language Pack - FRA

Windows Genuine Advantage Validation Tool

Windows Internet Explorer 7

Windows Live Messenger

Windows Media Bonus Pack for Windows XP

Windows Media Format 11 runtime

Windows Media Player Playlist Import to Excel Wizard

Windows Media Player Skin Importer

Windows Media Player Tray Control

Windows Presentation Foundation

Windows Presentation Foundation Language Pack (FRA)

Windows Workflow Foundation

Windows Workflow Foundation FR Language Pack

WinZip 11.1

X-OOM Movies On PSP désinstaller

XML Paper Specification Shared Components Pack 1.0

 

 

 

Le volume dans le lecteur C s'appelle Programmes

Le numéro de série du volume est C0DA-F6FD

 

Répertoire de C:\Program Files

 

28/09/2008 21:58 <REP> .

28/09/2008 21:58 <REP> ..

19/07/2008 13:17 <REP> 3M

19/07/2008 14:57 <REP> Adobe

21/08/2008 14:01 <REP> Alcohol Soft

19/07/2008 13:08 <REP> AMD

19/07/2008 11:56 <REP> Apple Software Update

04/08/2008 21:18 <REP> ATI Technologies

19/07/2008 12:10 <REP> AviSynth 2.5

18/09/2008 22:29 <REP> Benchmark

19/07/2008 13:16 <REP> CCleaner

18/07/2008 21:14 <REP> ComPlus Applications

18/07/2008 23:53 <REP> CONEXANT

19/07/2008 11:54 <REP> CyberLink

18/07/2008 23:56 <REP> DIFX

19/07/2008 13:10 <REP> Diskeeper Corporation

13/08/2008 12:34 <REP> DivX

19/07/2008 11:52 <REP> DVD Shrink

17/09/2008 06:46 <REP> Easy CD-DA Extractor 11

19/07/2008 11:52 <REP> Elaborate Bytes

30/09/2008 20:51 <REP> eMule

19/07/2008 12:10 <REP> eRightSoft

07/09/2008 16:17 <REP> ESET

28/09/2008 21:56 <REP> Fichiers communs

24/08/2008 01:17 <REP> FileZilla FTP Client

01/10/2008 22:05 <REP> FlashGet

19/07/2008 15:08 <REP> Google

21/07/2008 22:31 <REP> HomePlayer

28/09/2008 09:02 <REP> hpHosts

21/08/2008 17:55 <REP> Internet Explorer

22/08/2008 17:42 <REP> Java

19/07/2008 13:32 <REP> jv16 PowerTools 2008

27/07/2008 10:56 <REP> Launch Manager

28/09/2008 21:56 <REP> Lavasoft

10/09/2008 23:24 <REP> Malwarebytes' Anti-Malware

19/07/2008 00:00 <REP> Marvell

21/08/2008 16:01 <REP> Messenger

19/07/2008 19:25 <REP> Microsoft AutoRoute

18/07/2008 21:18 <REP> microsoft frontpage

03/08/2008 18:13 <REP> Microsoft Money 2005

19/07/2008 13:50 <REP> Microsoft Office

21/08/2008 16:03 <REP> Microsoft Silverlight

19/07/2008 13:50 <REP> Microsoft Visual Studio

19/07/2008 13:50 <REP> Microsoft Works

19/07/2008 18:47 <REP> Movie Maker

27/09/2008 14:56 <REP> Mozilla Firefox

19/07/2008 16:41 <REP> MSBuild

19/07/2008 14:54 <REP> MSECache

19/07/2008 18:47 <REP> msn

18/07/2008 21:18 <REP> msn gaming zone

19/07/2008 17:02 <REP> MSXML 4.0

19/07/2008 16:44 <REP> MSXML 6.0

19/07/2008 00:19 <REP> Nero

20/07/2008 12:12 <REP> NeroInstall.bak

18/07/2008 21:18 <REP> netmeeting

19/07/2008 13:17 <REP> NFO viewer

19/07/2008 18:44 <REP> Outlook Express

21/08/2008 20:26 <REP> PowerQuest

20/07/2008 11:54 <REP> QuickTime

19/07/2008 11:57 <REP> Real

18/07/2008 23:51 <REP> Realtek

19/07/2008 16:37 <REP> Reference Assemblies

19/07/2008 12:07 <REP> RM Converter

19/07/2008 13:42 <REP> Samsung

19/07/2008 19:33 <REP> ScanSoft

18/07/2008 21:17 <REP> Services en ligne

21/08/2008 13:46 <REP> SlySoft

19/07/2008 13:16 <REP> SNCF

19/07/2008 00:10 <REP> Synaptics

19/07/2008 13:19 <REP> TomTom HOME 2

28/09/2008 21:58 <REP> Trend Micro

19/07/2008 15:22 <REP> Universalis 10

19/07/2008 13:17 <REP> VideoLAN

19/07/2008 14:45 <REP> WIDCOMM

19/07/2008 12:08 <REP> WinAVI Video Converter

20/07/2008 10:43 <REP> Windows Live

19/07/2008 17:46 <REP> Windows Media Bonus Pack for Windows XP

19/07/2008 16:53 <REP> Windows Media Connect 2

19/07/2008 18:44 <REP> Windows Media Player

18/07/2008 21:14 <REP> Windows NT

19/07/2008 13:13 <REP> WinRAR

19/07/2008 13:13 <REP> WinZip

18/07/2008 21:18 <REP> xerox

21/09/2008 22:12 <REP> X-OOM

0 fichier(s) 0 octets

84 Rép(s) 6 939 275 264 octets libres

Le volume dans le lecteur C s'appelle Programmes

Le numéro de série du volume est C0DA-F6FD

 

Répertoire de C:\Program Files\fichiers communs

 

28/09/2008 21:56 <REP> .

28/09/2008 21:56 <REP> ..

19/07/2008 14:57 <REP> Adobe

19/07/2008 11:55 <REP> CyberLink

19/07/2008 13:50 <REP> DESIGNER

18/07/2008 23:47 <REP> InstallShield

22/08/2008 17:42 <REP> Java

19/07/2008 16:57 <REP> Microsoft Shared

18/07/2008 21:16 <REP> MSSoap

24/08/2008 22:06 <REP> Nero

18/07/2008 21:10 <REP> ODBC

19/07/2008 11:57 <REP> Real

18/07/2008 21:16 <REP> Services

18/07/2008 21:10 <REP> SpeechEngines

19/07/2008 18:44 <REP> System

28/09/2008 21:56 <REP> Wise Installation Wizard

19/07/2008 11:57 <REP> xing shared

0 fichier(s) 0 octets

17 Rép(s) 6 939 277 312 octets libres

Le volume dans le lecteur C s'appelle Programmes

Le numéro de série du volume est C0DA-F6FD

 

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

 

19/07/2008 17:00 <REP> .

19/07/2008 17:00 <REP> ..

19/07/2008 13:47 <REP> 1036

28/08/2007 23:55 973 168 MSONSEXT.DLL

26/10/2006 20:12 40 256 MSOSV.DLL

03/06/1999 12:09 122 937 MSOWS409.DLL

07/03/2001 07:00 127 033 MSOWS40c.DLL

4 fichier(s) 1 263 394 octets

3 Rép(s) 6 939 277 312 octets libres

 

 

 

 

c:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

c:\Documents and Settings\Brice\Application Data\Microsoft\Installer\{1F8FB0FA-6FF2-4B2F-BE2F-7266AFB0895D}\IconC5EEDCDA.exe

c:\Documents and Settings\Brice\Application Data\Real\Update\setup\schedule.exe

c:\Documents and Settings\Brice\Application Data\Real\Update\setup\setup.exe

c:\Documents and Settings\Brice\Application Data\Real\Update\setup\data\ff\firefoxgoogletoolbarsetup.exe

c:\Documents and Settings\Brice\Application Data\Real\Update\setup\data\gds\GOOGLE_DESKTOP\gdssetup.exe

c:\Documents and Settings\Brice\Application Data\Real\Update\setup\data\gtb\GOOGLE_TOOLBAR\googletoolbarinstaller.exe

c:\Documents and Settings\Brice\Application Data\Real\Update\setup\data\gtb_gds\GOOGLE_TOOLBAR\googletoolbarinstaller.exe

c:\Documents and Settings\Brice\Application Data\Real\Update\setup\data\rp\RealPlayer11GOLD_fr.exe

c:\Documents and Settings\Brice\Mes documents\TomTom\HOME\Sauvegarde\ONE\Backup01\InternalMemory\InstallTomTomHOME.exe

c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll

c:\Documents and Settings\All Users\Application Data\Nero\DrWeb\Drweb32.dll

c:\Documents and Settings\Brice\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll

c:\Documents and Settings\Brice\Application Data\Real\Update\setup\data\gds\GOOGLE_DESKTOP\barcontrol.dll

c:\Documents and Settings\Brice\Application Data\Real\Update\setup\data\gds\GOOGLE_DESKTOP\gdsapi.dll

c:\Documents and Settings\Brice\Application Data\Real\Update\setup\data\gds\GOOGLE_DESKTOP\spcping.dll

c:\Documents and Settings\Brice\Application Data\Real\Update\setup\data\gtb\GOOGLE_TOOLBAR\barcontrol.dll

c:\Documents and Settings\Brice\Application Data\Real\Update\setup\data\gtb\GOOGLE_TOOLBAR\spcping.dll

c:\Documents and Settings\Brice\Application Data\Real\Update\setup\data\gtb_gds\GOOGLE_TOOLBAR\barcontrol.dll

c:\Documents and Settings\Brice\Application Data\Real\Update\setup\data\gtb_gds\GOOGLE_TOOLBAR\spcping.dll

c:\Documents and Settings\Brice\Application Data\Real\Update\setup\data\RUP\control.dll

c:\Documents and Settings\Brice\Application Data\Real\Update\setup\data\RUP\inst_config\compat.dll

c:\Documents and Settings\Brice\Application Data\Real\Update\setup\data\RUP\inst_config\fftbapi.dll

c:\Documents and Settings\Brice\Application Data\Real\Update\setup\data\RUP\inst_config\gdsapi.dll

c:\Documents and Settings\Brice\Application Data\Real\Update\setup\data\RUP\inst_config\gtapi.dll

 

****** Fin du rapport DiagHelp

Veuillez svp envoyer le fichier C:\upload_moi_BRICE2.tar.gz a l'adresse http://upload.malekal.com

 

 

Cordialement

Modifié le 1 octobre 2008 par El Diablo

[Gof]

Bonsoir El Diablo,

 

Rien d'inquiétant dans ce rapport, sinon un fichoer qui m'intrigue.

 

Fais une recherche sur ton système, et dis moi si tu trouves de fichier spuu.sys. Si tu le trouves, fais le anayser en ligne sur le lien suivant : http://www.virustotal.com/ et poste le rapport d'analyse.

 

Si tu n'y arrives pas indique le moi, je t'indiquerai la manipulation pas à pas.

[El Diablo]

Bonjour Gof ,

 

J'ai fais une recherche mais n'ai pas trouvé ce fichier... en utilisant simplement la recherche de windows.

[Gof]

Bonsoir El Diablo

 

On va chercher avec un outil adapté pour voir.

 

Télécharge OAD de !aur3n7.

• Enregistre le sur ton bureau.
  
• Double-clique sur le fichier OAD.exe pour l'exécuter.
  
• A la question nom de fichier à rechercher, tape ou copie-colle : spuu.sys
  
• Je te demande de faire bien attention à ne pas laisser d'espace devant ou derrière le nom dans la fenêtre de saisie, il ne faut que strictement le nom.
  
• Puis valide ton choix en pressant la touche [Entrée].
  
• Dans Type de recherche, sélectionne l'option 6 puis valide ton choix en pressant la touche [Entrée].
  
• L'outil va travailler et générer un rapport, cela peut prendre un certain temps, sois patient.
  
• Poste le dans ta prochaine réponse.
  

 

A bientôt.

[El Diablo]

Bonjour Gof,

 

Voici le rapport:

 

03/10/2008 ---- 15:42:09,60

 

----------------------------------

§§§§§§ [spuu.sys] §§§§§§

----------------------------------

[X] Registre

 

-------------- [ ] rapide

-- Fichier --- [ ] disque systeme

------------- [X] complete

 

 

********************

[Registre]

********************

 

 

[HKEY_USERS\S-1-5-21-682003330-1547161642-725345543-1003\SOFTWARE\Microsoft\Search Assistant\ACMru\5603]

"000"="spuu.sys"

 

*******************

[Fichier]

*******************

 

 

 

*********************

[Même date]

*********************

 

Aucun fichier créé à la même date détecté

 

 

Outil Aide Diagnostic By !aur3n7 Version 1.1

----------------------------------

§§§§§ Fin Rapport §§§§§

----------------------------------

 

 

Cordialement

[Gof]

Bonsoir El Diablo

 

Je ne peux pas continuer à prendre en charge ton sujet, je dois m'absenter des réseaux. Un autre Helper devrait venir t'aider. Si tu es oublié (cela peut arriver), reposte d'ici quelques jours dans ton sujet

 

A bientôt