Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Infection PC : mabidwe.exe, soxpeca.exe et udxfytw.sys

bapor

Par bapor
dans Analyses et éradication malwares

 Partager

Messages recommandés

bapor Member

bapor

Posté(e)
Posté(e)

Hi.

Voila je suis infecte par un virus bien chiant. Il simule des clicks, le bruit d'une radio, des personnes qui parlent etc...

 

J'ai tout essaye (Combofix, Gmer, Hijackthis, scan online, spybot etc...) mais il revient toujours.

 

Merci de m'aider.

WawaSeb Godlike Member

WawaSeb

Posté(e)
Posté(e)

Bonsoir bapor,

 

*** Bienvenue sur le forum sécurité de Zebulon ! *** :P

 

Groupe : Membres

Messages : 1

--> Je vois que tu es nouveau ici, prends donc bien ton temps pour observer le fonctionnement de ce site :

 

 

 

J'ai tout essaye (Combofix, Gmer, Hijackthis, scan online, spybot etc...) mais il revient toujours

--> Il peut être très dangereux d'utiliser ces outils sans y être formé, informé...

--> As-tu été supervisé par quelqu'un dans ces démarches ou as-tu tenté des procédures "au petit bonheur la chance" ?

 

# Quel est ton système d'exploitation (XP, Vista, ...) ?

 

 

# Télécharge DiagHelp.zip de Malekal_morte sur ton bureau.

 

  • Décompresse-le sur ton bureau
  • Un nouveau dossier va être créé (DiagHelp)
  • Ouvre le et double-clique sur go.cmd (le .cmd sera peut-être invisible) --> Clic-droit, exécuter en tant qu'Administrateur (si tu es sur Vista)
  • Une fenêtre va s'ouvrir, choisis l'option 1
  • L'analyse peut prendre quelques minutes, appuie sur une touche quand on te le réclame
  • Copie/colle le rapport qui s'ouvre sur ce forum (tu pourras retrouver ce rapport sur C:\Resultat.txt)

N'oublie surtout pas d'appuyer sur une touche à la fin pour afficher le rapport !!

 

Notes :

  • Tu devras sans doute accepter une license pendant l'utilisation de l'outil, c'est évidemment sans risque, mais nécessaire !
  • Il se peut que ton antivirus détecte certains fichiers de l'archive comme étant potentiellement infectés, ce n'est bien sûr pas le cas !
  • Tu seras peut-être invité à envoyer le fichier upload_moi_xxx.zip à malekal_morte ; fais-le si tu y parviens (la taille de l'archive peut bloquer l'envoi)...
    Tutoriel : http://www.malekal.com/DiagHelp/DiagHelp.php

 

 

Bon travail !

:P

bapor Member

bapor

Posté(e)
  • Auteur
Posté(e)

Hi, ne t'inquiete pas je savais ce que je faisais.

 

DiagHelp version v1.4 - http://www.malekal.com

excute le 01/12/2008 à 1:48:38,04

 

 

Liste des derniers fichies modifies/crees dans windir\system32 et prefetch

C:\WINDOWS.0\prefetch\CMD.EXE-115AA09F.pf -->01/12/2008 01:48:26

C:\WINDOWS.0\prefetch\CHCP.COM-16F8021E.pf -->01/12/2008 01:48:26

C:\WINDOWS.0\prefetch\NOTEPAD.EXE-0E7B88BB.pf -->01/12/2008 01:48:13

C:\WINDOWS.0\prefetch\TASKMGR.EXE-09726B3C.pf -->01/12/2008 01:47:36

C:\WINDOWS.0\prefetch\EXPLORER.EXE-1B701634.pf -->01/12/2008 01:42:32

C:\WINDOWS.0\prefetch\I_VIEW32.EXE-15CEFF86.pf -->01/12/2008 01:42:21

C:\WINDOWS.0\prefetch\WINRAR.EXE-2F90D3C3.pf -->01/12/2008 01:42:06

C:\WINDOWS.0\prefetch\IEXPLORE.EXE-27122324.pf -->01/12/2008 01:40:20

C:\WINDOWS.0\prefetch\NTVDM.EXE-020783AB.pf -->01/12/2008 01:38:49

C:\WINDOWS.0\prefetch\GZIP.EXE-2F70D8F3.pf -->01/12/2008 01:38:40

 

C:\WINDOWS.0\System32\drivers\hamachi.sys -->20/11/2008 15:33:56

C:\WINDOWS.0\System32\drivers\mbamswissarmy.sys -->22/10/2008 16:10:38

C:\WINDOWS.0\System32\drivers\mbam.sys -->22/10/2008 16:10:22

C:\WINDOWS.0\System32\drivers\sptd.sys -->15/10/2008 18:31:43

C:\WINDOWS.0\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf -->10/10/2008 12:03:25

C:\WINDOWS.0\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf -->07/10/2008 10:21:12

C:\WINDOWS.0\System32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf -->07/10/2008 10:21:02

 

C:\WINDOWS.0\System32\msnfoed.exe -->01/12/2008 01:34:48

C:\WINDOWS.0\System32\ativvaxx.cap -->01/12/2008 01:24:03

C:\WINDOWS.0\System32\DVCState-{00000003-00000000-00000007-00001102-00000005-002C1102}.rfx -->30/11/2008 20:00:40

C:\WINDOWS.0\System32\BMXStateBkp-{00000003-00000000-00000007-00001102-00000005-002C1102}.rfx -->30/11/2008 20:00:40

C:\WINDOWS.0\System32\BMXState-{00000003-00000000-00000007-00001102-00000005-002C1102}.rfx -->30/11/2008 20:00:40

C:\WINDOWS.0\System32\wpa.dbl -->30/11/2008 16:15:46

C:\WINDOWS.0\System32\CmdLineExt.dll -->25/11/2008 23:12:45

C:\WINDOWS.0\System32\wrap_oal.dll -->19/11/2008 23:42:49

C:\WINDOWS.0\System32\OpenAL32.dll -->19/11/2008 23:42:49

C:\WINDOWS.0\System32\ealregsnapshot1.reg -->01/11/2008 15:03:25

C:\WINDOWS.0\System32\PerfStringBackup.INI -->27/10/2008 12:50:40

C:\WINDOWS.0\System32\perfh00C.dat -->27/10/2008 12:50:40

C:\WINDOWS.0\System32\perfh009.dat -->27/10/2008 12:50:40

C:\WINDOWS.0\System32\perfc00C.dat -->27/10/2008 12:50:40

C:\WINDOWS.0\System32\perfc009.dat -->27/10/2008 12:50:40

C:\WINDOWS.0\System32\XAudio2_3.dll -->27/10/2008 10:04:18

C:\WINDOWS.0\System32\xactengine3_3.dll -->27/10/2008 10:04:16

C:\WINDOWS.0\System32\X3DAudio1_5.dll -->27/10/2008 10:04:16

C:\WINDOWS.0\System32\XAPOFX1_2.dll -->27/10/2008 10:04:14

C:\WINDOWS.0\System32\javaws.exe -->25/10/2008 11:10:12

C:\WINDOWS.0\System32\javaw.exe -->25/10/2008 11:10:12

C:\WINDOWS.0\System32\javacpl.cpl -->25/10/2008 11:10:12

C:\WINDOWS.0\System32\java.exe -->25/10/2008 11:10:12

C:\WINDOWS.0\System32\deploytk.dll -->25/10/2008 11:10:12

C:\WINDOWS.0\System32\FNTCACHE.DAT -->23/10/2008 22:03:53

 

C:\WINDOWS.0\WindowsUpdate.log -->01/12/2008 01:36:42

C:\WINDOWS.0\SchedLgU.Txt -->01/12/2008 01:29:45

C:\WINDOWS.0\wiadebug.log -->01/12/2008 01:24:35

C:\WINDOWS.0\wiaservc.log -->01/12/2008 01:24:34

C:\WINDOWS.0\0.log -->01/12/2008 01:24:12

C:\WINDOWS.0\bootstat.dat -->01/12/2008 01:24:03

C:\WINDOWS.0\UninstVeetleTVPlayer.exe -->30/11/2008 21:05:07

C:\WINDOWS.0\system.ini -->30/11/2008 19:55:05

C:\WINDOWS.0\ntbtlog.txt -->30/11/2008 19:30:18

C:\WINDOWS.0\win.ini -->30/11/2008 16:20:55

C:\WINDOWS.0\setupapi.log -->30/11/2008 15:07:23

C:\WINDOWS.0\setupact.log -->30/11/2008 13:27:23

C:\WINDOWS.0\wininit.ini -->30/11/2008 13:10:13

C:\WINDOWS.0\wmsetup.log -->28/11/2008 16:38:53

C:\WINDOWS.0\obzgi.txt -->22/11/2008 01:09:05

 

winlogon.exe

Verified: Signed

svchost.exe

Verified: Signed

ws2_32.dll

Verified: Signed

user32.dll

Verified: Signed

tcpip.sys

Verified: Unsigned

ndis.sys

Verified: Signed

null.sys

Verified: Signed

 

 

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

------------------------------------------------------------------------------

explorer.exe pid: 436

Command line: C:\WINDOWS.0\Explorer.EXE

 

Base Size Version Path

0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS.0\system32\msvcrt.dll

0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS.0\system32\CRYPT32.dll

0x76610000 0x84000 5.131.2600.5512 C:\WINDOWS.0\system32\CRYPTUI.dll

0x44080000 0xd0000 7.00.6000.16640 C:\WINDOWS.0\system32\WININET.dll

0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS.0\system32\Normaliz.dll

0x43e00000 0x45000 7.00.6000.16640 C:\WINDOWS.0\system32\iertutil.dll

0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS.0\system32\WINTRUST.dll

0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS.0\system32\comctl32.dll

0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS.0\system32\CLBCATQ.DLL

0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS.0\system32\COMRes.dll

0x44360000 0x5cd000 7.00.6000.16640 C:\WINDOWS.0\system32\ieframe.dll

0x16210000 0x27e000 5.02.5721.5145 C:\WINDOWS.0\system32\wpdshext.dll

0x4eb80000 0x1a6000 5.01.3102.5512 C:\WINDOWS.0\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll

0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS.0\system32\portabledeviceapi.dll

0x76ac0000 0x11000 3.05.2284.0001 C:\WINDOWS.0\system32\ATL.DLL

0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS.0\system32\ODBC32.dll

0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS.0\system32\odbcint.dll

0x07160000 0x46000 5.02.5721.5145 C:\WINDOWS.0\system32\audiodev.dll

0x15110000 0x25a000 11.00.5721.5145 C:\WINDOWS.0\system32\WMVCore.DLL

0x11c70000 0x3a000 11.00.5721.5238 C:\WINDOWS.0\system32\WMASF.DLL

0x44160000 0x127000 7.00.6000.16640 C:\WINDOWS.0\system32\urlmon.dll

0x7d200000 0x2bc000 3.01.4001.5512 C:\WINDOWS.0\system32\msi.dll

0x60510000 0x19000 2.00.50727.1433 C:\WINDOWS.0\system32\dfshim.dll

0x79000000 0x46000 2.00.50727.1433 C:\WINDOWS.0\system32\mscoree.dll

0x78130000 0x9b000 8.00.50727.1433 C:\WINDOWS.0\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll

0x79e70000 0x58f000 2.00.50727.1433 C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS.0\system32\MSVCP60.dll

0x10000000 0xe000 3.63.0004.0000 C:\Program Files\MessengerPlus! 3\MsgPlusLoader.dll

0x02530000 0x19000 2.00.0000.0016 G:\logiciel\SuperCopier2\SC2Hook.dll

0x10100000 0xe000 4.60.0122.0000 G:\Logiciel\Logitech\SetPoint\lgscroll.dll

0x10d00000 0xf000 4.60.0122.0000 G:\Logiciel\Logitech\SetPoint\GameHook.dll

0x442b0000 0x3c000 7.00.6000.16640 C:\WINDOWS.0\system32\webcheck.dll

0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS.0\system32\wpdshserviceobj.dll

0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS.0\system32\portabledevicetypes.dll

0x03430000 0x187000 1.06.0000.0012 g:\Logiciel\SPYBOT~1\SDHelper.dll

0x43ff0000 0xa000 7.00.6000.16640 C:\WINDOWS.0\system32\jsproxy.dll

0x017b0000 0x2b000 g:\logiciel\WinRAR\rarext.dll

0x04310000 0x5b000 9.00.0000.0332 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll

0x04370000 0x4c000 9.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA

0x00d70000 0x12000 1.01.0000.0000 g:\logiciel\Malwarebytes' Anti-Malware\mbamext.dll

0x00da0000 0x9000 2.00.0000.0004 G:\logiciel\TuneUp Utilities 2008\SDShelEx-win32.dll

0x6bd10000 0x10000 12.00.4518.1014 G:\logiciel\Microsoft Office\Office12\msohevi.dll

0x60990000 0x7000 3.01.4001.5512 C:\WINDOWS.0\system32\MSISIP.DLL

0x7e6a0000 0x16000 5.07.0000.16599 C:\WINDOWS.0\system32\wshext.dll

 

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

------------------------------------------------------------------------------

winlogon.exe pid: 800

Command line: winlogon.exe

 

Base Size Version Path

0x01000000 0x82000 \??\C:\WINDOWS.0\system32\winlogon.exe

0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS.0\system32\msvcrt.dll

0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS.0\system32\CRYPT32.dll

0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS.0\system32\WINTRUST.dll

0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS.0\system32\COMCTL32.dll

0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS.0\system32\ODBC32.dll

0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS.0\system32\odbcint.dll

0x10000000 0x25000 6.14.0010.4177 C:\WINDOWS.0\system32\Ati2evxx.dll

0x00fe0000 0x12000 4.60.0122.0000 c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll

0x01ef0000 0x24000 4.60.0122.0000 c:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dll

0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS.0\system32\COMRes.dll

0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS.0\system32\CLBCATQ.DLL

 

 

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 0096-1338

 

Répertoire de C:\WINDOWS.0\system32

 

14/04/2008 13:00 6 144 csrss.exe

1 fichier(s) 6 144 octets

0 Rép(s) 53 734 350 848 octets libres

 

Contenu de Downloaded Program Files

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 0096-1338

 

Répertoire de C:\WINDOWS.0\Downloaded Program Files

 

30/11/2008 15:07 <REP> .

30/11/2008 15:07 <REP> ..

23/10/2008 04:09 312 680 avsniff.dll

23/10/2008 04:02 773 avsniff.inf

23/10/2008 04:09 255 336 avsniffdlgs.dll

23/10/2008 04:02 241 CabSA.inf

26/11/2008 01:00 2 504 catalog.dat

07/10/2008 03:06 65 desktop.ini

26/11/2008 01:00 6 899 ecbootil.vxd

23/10/2008 04:00 42 112 ecmldr32.dll

26/11/2008 01:00 259 368 ecmsvr32.dll

23/10/2008 04:00 6 850 navapi.vxd

23/10/2008 04:00 201 896 navapi32.dll

26/11/2008 01:00 177 520 naveng32.dll

26/11/2008 01:00 1 181 040 navex32a.dll

23/10/2008 04:10 296 336 rufsi.dll

26/11/2008 01:00 97 776 scrauth.dat

26/11/2008 01:00 9 657 symaveng.cat

26/11/2008 01:00 1 063 symaveng.inf

26/11/2008 01:00 487 046 tcdefs.dat

26/11/2008 01:00 6 938 220 tcscan7.dat

26/11/2008 01:00 165 756 tcscan8.dat

26/11/2008 01:00 475 945 tcscan9.dat

26/11/2008 01:00 453 tinf.dat

26/11/2008 01:00 148 tinfidx.dat

26/11/2008 01:00 1 957 tinfl.dat

26/11/2008 01:00 72 567 tscan1.dat

26/11/2008 01:00 3 760 tscan1hd.dat

26/11/2008 01:00 4 988 v.grd

26/11/2008 01:00 2 267 v.sig

26/11/2008 01:00 106 244 virscan.inf

26/11/2008 01:00 1 012 292 virscan1.dat

26/11/2008 01:00 571 824 virscan2.dat

26/11/2008 01:00 152 840 virscan3.dat

26/11/2008 01:00 320 259 virscan4.dat

26/11/2008 01:00 9 828 482 virscan5.dat

26/11/2008 01:00 395 289 virscan6.dat

26/11/2008 01:00 31 890 878 virscan7.dat

26/11/2008 01:00 1 044 682 virscan8.dat

26/11/2008 01:00 3 541 518 virscan9.dat

26/11/2008 01:00 32 virscant.dat

30/11/2008 15:16 2 072 vscanmsx.dat

26/11/2008 01:00 224 zdone.dat

41 fichier(s) 59 871 859 octets

 

Total des fichiers listés :

41 fichier(s) 59 871 859 octets

2 Rép(s) 53 734 350 848 octets libres

 

Recherche de rootkit! (Merci S!Ri)

 

Recherche d'infections connues

 

Export des clefs sensibles..

 

 

Liste des fichiers en exception sur le pare-feu XP SP2

 

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"G:\\Logiciel\\Azureus\\Azureus.exe"="G:\\Logiciel\\Azureus\\Azureus.exe:*:Enabled:Azureus"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"G:\\Logiciel\\Microsoft Office\\Office12\\OUTLOOK.EXE"="G:\\Logiciel\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

 

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

 

Export de la clef SharedTaskScheduler

 

[sharedTaskScheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

 

 

 

exports des policies

REGEDIT4

 

[system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

"HideLegacyLogonScripts"=dword:00000000

"HideLogoffScripts"=dword:00000000

"RunLogonScriptSync"=dword:00000001

"RunStartupScriptSync"=dword:00000000

"HideStartupScripts"=dword:00000000

"DisableRegistryTools"=dword:00000000

 

 

 

Export des clefs sensibles..

Rechercher adresses sensibles dans le fichier HOSTS...

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-01 01:48:51

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:19a70fe2

"s2"=dword:e9361f09

"h0"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="g:\logiciel\DAEMON Tools\"

"h0"=dword:00000000

"khjeh"=hex:66,7b,fb,88,89,26,46,ed,09,9b,01,17,b4,1c,d9,4d,c9,95,23,29,9c,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,7d,db,b3,75,9a,0c,bf,df,45,cb,0c,b5,2b,ef,ca,77,83,..

"khjeh"=hex:3b,c1,69,ac,ab,b8,99,02,a4,fc,4a,3f,43,94,eb,9c,2c,39,36,a1,a4,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:5e,45,ac,22,57,90,c3,dd,1f,04,e0,73,20,02,85,e2,08,a5,74,7c,6d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="g:\logiciel\DAEMON Tools\"

"h0"=dword:00000000

"khjeh"=hex:66,7b,fb,88,89,26,46,ed,09,9b,01,17,b4,1c,d9,4d,c9,95,23,29,9c,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,7d,db,b3,75,9a,0c,bf,df,45,cb,0c,b5,2b,ef,ca,77,83,..

"khjeh"=hex:3b,c1,69,ac,ab,b8,99,02,a4,fc,4a,3f,43,94,eb,9c,2c,39,36,a1,a4,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:5e,45,ac,22,57,90,c3,dd,1f,04,e0,73,20,02,85,e2,08,a5,74,7c,6d,..

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden services: 0

hidden files: 0

 

 

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

 

Process list by traversal of KiWaitListHead

 

4 - System

436 - explorer.exe

628 - MOM.exe

636 - MsgPlus.exe

648 - svchost.exe

664 - LWEMon.exe

672 - VolPanlu.exe

768 - csrss.exe

800 - winlogon.exe

844 - services.exe

880 - lsass.exe

1056 - svchost.exe

1172 - svchost.exe

1240 - ctfmon.exe

1308 - msmsgs.exe

1320 - fdm.exe

1356 - msnmsgr.exe

1416 - svchost.exe

1452 - ati2evxx.exe

1524 - SetPoint.exe

1528 - firefox.exe

1592 - WinBar.exe

1632 - svchost.exe

1764 - svchost.exe

1904 - CCC.exe

2392 - afisicx.exe --[Hidden]--

2436 - taskmgr.exe

2536 - mabidwe.exe

2616 - cmd.exe

2720 - noytcyr.exe --[Hidden]--

2744 - roytctm.exe --[Hidden]--

2876 - mirc.exe

2888 - soxpeca.exe

2916 - svchost.exe

2928 - tdydowkc.exe --[Hidden]--

3028 - wsldoekd.exe --[Hidden]--

 

Total number of processes = 36

NOTE: Under WinXP, this will not show all processes.

 

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

 

Driver/Module list by traversal of PsLoadedModuleList

 

804D7000 - \WINDOWS.0\system32\ntoskrnl.exe

806FF000 - \WINDOWS.0\system32\hal.dll

F7987000 - \WINDOWS.0\system32\KDCOM.DLL

F7897000 - \WINDOWS.0\system32\BOOTVID.dll

F74FF000 - sptd.sys

F7989000 - \WINDOWS.0\System32\Drivers\WMILIB.SYS

F74E7000 - \WINDOWS.0\System32\Drivers\SCSIPORT.SYS

F74B8000 - ACPI.sys

F74A7000 - pci.sys

F75F7000 - isapnp.sys

F7A4F000 - pciide.sys

F7707000 - \WINDOWS.0\system32\DRIVERS\PCIIDEX.SYS

F798B000 - viaide.sys

F7607000 - MountMgr.sys

F7878000 - ftdisk.sys

F798D000 - dmload.sys

F7852000 - dmio.sys

F770F000 - PartMgr.sys

F7717000 - videX32.sys

F7617000 - VolSnap.sys

F783A000 - atapi.sys

F7627000 - disk.sys

F7637000 - \WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS

F7967000 - fltMgr.sys

F7828000 - sr.sys

F7950000 - KSecDD.sys

F7A3C000 - WudfPf.sys

F7B52000 - Ntfs.sys

F7A0F000 - NDIS.sys

F7647000 - uagp35.sys

F798F000 - speedfan.sys

F7B38000 - Mup.sys

F7A50000 - giveio.sys

BA740000 - \SystemRoot\system32\DRIVERS\intelppm.sys

B99E0000 - \SystemRoot\system32\DRIVERS\ati2mtag.sys

B99CC000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

BA730000 - \SystemRoot\system32\DRIVERS\imapi.sys

BA720000 - \SystemRoot\system32\DRIVERS\cdrom.sys

BA710000 - \SystemRoot\system32\DRIVERS\redbook.sys

B99A9000 - \SystemRoot\system32\DRIVERS\ks.sys

F77D7000 - \SystemRoot\system32\DRIVERS\usbuhci.sys

B9985000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS

F77DF000 - \SystemRoot\system32\DRIVERS\usbehci.sys

B9974000 - \SystemRoot\system32\DRIVERS\serial.sys

F77E7000 - \SystemRoot\system32\DRIVERS\irsir.sys

BA7C0000 - \SystemRoot\system32\DRIVERS\irenum.sys

F77EF000 - \SystemRoot\system32\DRIVERS\fdc.sys

B9960000 - \SystemRoot\system32\DRIVERS\parport.sys

BA7B8000 - \SystemRoot\system32\DRIVERS\gameenum.sys

B9F2E000 - \SystemRoot\system32\drivers\msmpu401.sys

B993C000 - \SystemRoot\system32\drivers\portcls.sys

F76B7000 - \SystemRoot\system32\drivers\drmk.sys

BA0CD000 - \SystemRoot\system32\DRIVERS\i8042prt.sys

BA7B4000 - \SystemRoot\system32\DRIVERS\L8042Kbd.sys

F77F7000 - \SystemRoot\system32\DRIVERS\kbdclass.sys

BA7B0000 - \SystemRoot\system32\DRIVERS\serenum.sys

F77FF000 - \SystemRoot\system32\DRIVERS\fetnd5.sys

B98BC000 - \SystemRoot\system32\drivers\ctaud2k.sys

B9888000 - \SystemRoot\system32\drivers\ctoss2k.sys

F7807000 - \SystemRoot\system32\drivers\ctprxy2k.sys

B97EE000 - \SystemRoot\System32\Drivers\acgt9n7q.SYS

B9EF1000 - \SystemRoot\system32\DRIVERS\audstub.sys

F7787000 - \SystemRoot\system32\DRIVERS\rasirda.sys

F778F000 - \SystemRoot\system32\DRIVERS\TDI.SYS

BA0BD000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys

BA6D0000 - \SystemRoot\system32\DRIVERS\ndistapi.sys

B97D7000 - \SystemRoot\system32\DRIVERS\ndiswan.sys

BA0AD000 - \SystemRoot\system32\DRIVERS\raspppoe.sys

BA09D000 - \SystemRoot\system32\DRIVERS\raspptp.sys

B979E000 - \SystemRoot\system32\DRIVERS\psched.sys

BA08D000 - \SystemRoot\system32\DRIVERS\msgpc.sys

F7797000 - \SystemRoot\system32\DRIVERS\ptilink.sys

F779F000 - \SystemRoot\system32\DRIVERS\raspti.sys

F77A7000 - \SystemRoot\system32\DRIVERS\hamachi.sys

B976E000 - \SystemRoot\system32\DRIVERS\rdpdr.sys

BA07D000 - \SystemRoot\system32\DRIVERS\termdd.sys

F77AF000 - \SystemRoot\system32\DRIVERS\mouclass.sys

F79B7000 - \SystemRoot\system32\DRIVERS\swenum.sys

B9710000 - \SystemRoot\system32\DRIVERS\update.sys

BA6BC000 - \SystemRoot\system32\DRIVERS\mssmbios.sys

BA6B8000 - \SystemRoot\system32\drivers\WmBEnum.sys

BA06D000 - \SystemRoot\system32\drivers\WmXlCore.sys

BA05D000 - \SystemRoot\System32\Drivers\NDProxy.SYS

F76C7000 - \SystemRoot\system32\DRIVERS\usbhub.sys

F79B9000 - \SystemRoot\system32\DRIVERS\USBD.SYS

A9304000 - \SystemRoot\system32\drivers\ha20x2k.sys

A92D5000 - \SystemRoot\system32\drivers\emupia2k.sys

A92AC000 - \SystemRoot\system32\drivers\ctsfm2k.sys

A9210000 - \SystemRoot\system32\drivers\ctac32k.sys

A91FB000 - \SystemRoot\system32\CTHWIUT.DLL

A91CF000 - \SystemRoot\system32\CT20XUT.DLL

A9088000 - \SystemRoot\system32\CTEXFIFX.DLL

F77BF000 - \SystemRoot\system32\DRIVERS\flpydisk.sys

F79BB000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS

B9F46000 - \SystemRoot\System32\Drivers\Null.SYS

F79BD000 - \SystemRoot\System32\Drivers\Beep.SYS

F77CF000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

B9880000 - \SystemRoot\System32\drivers\vga.sys

F79BF000 - \SystemRoot\System32\Drivers\mnmdd.SYS

B9878000 - \SystemRoot\System32\Drivers\LUsbFilt.Sys

F76E7000 - \SystemRoot\System32\Drivers\WDFLDR.SYS

A8F75000 - \SystemRoot\system32\DRIVERS\Wdf01000.sys

BA704000 - \SystemRoot\system32\DRIVERS\hidusb.sys

F76F7000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

F79C1000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys

B9870000 - \SystemRoot\System32\Drivers\Msfs.SYS

B9868000 - \SystemRoot\System32\Drivers\Npfs.SYS

BA700000 - \SystemRoot\system32\DRIVERS\rasacd.sys

A8F62000 - \SystemRoot\system32\DRIVERS\ipsec.sys

A8F09000 - \SystemRoot\system32\DRIVERS\tcpip.sys

A8EE1000 - \SystemRoot\system32\DRIVERS\netbt.sys

A8EBB000 - \SystemRoot\system32\DRIVERS\ipnat.sys

A8E99000 - \SystemRoot\System32\drivers\afd.sys

F7497000 - \SystemRoot\system32\DRIVERS\wanarp.sys

F7487000 - \SystemRoot\system32\DRIVERS\netbios.sys

A8E6E000 - \SystemRoot\system32\DRIVERS\rdbss.sys

A8DFE000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys

F7477000 - \SystemRoot\System32\Drivers\Fips.SYS

B9850000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS

B9840000 - \SystemRoot\system32\DRIVERS\LHidFilt.Sys

B97C7000 - \SystemRoot\system32\DRIVERS\mouhid.sys

F780F000 - \SystemRoot\system32\DRIVERS\LMouFilt.Sys

F7447000 - \SystemRoot\System32\Drivers\Cdfs.SYS

A8DBE000 - \SystemRoot\System32\Drivers\dump_atapi.sys

F79C3000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS

BF800000 - \SystemRoot\System32\win32k.sys

B97B7000 - \SystemRoot\System32\drivers\Dxapi.sys

F775F000 - \SystemRoot\System32\watchdog.sys

BF000000 - \SystemRoot\System32\drivers\dxg.sys

B9F02000 - \SystemRoot\System32\drivers\dxgthk.sys

A8D94000 - \SystemRoot\system32\DRIVERS\atinavt2.sys

B970C000 - \SystemRoot\system32\DRIVERS\BdaSup.SYS

BF012000 - \SystemRoot\System32\ati2dvag.dll

BF062000 - \SystemRoot\System32\ati2cqag.dll

BF0EB000 - \SystemRoot\System32\atikvmag.dll

BF158000 - \SystemRoot\System32\atiok3x2.dll

BF19B000 - \SystemRoot\System32\ati3duag.dll

BF583000 - \SystemRoot\System32\ativvaxx.dll

A6B70000 - \SystemRoot\System32\Drivers\Fastfat.SYS

A683A000 - \SystemRoot\system32\DRIVERS\irda.sys

A6A10000 - \SystemRoot\system32\DRIVERS\ndisuio.sys

A661D000 - \SystemRoot\system32\drivers\wdmaud.sys

A67B2000 - \SystemRoot\system32\drivers\sysaudio.sys

F7A5E000 - \??\C:\DOCUME~1\BaPoR\LOCALS~1\Temp\mc21.tmp

A5E6A000 - \SystemRoot\system32\DRIVERS\mrxdav.sys

F79D9000 - \SystemRoot\System32\Drivers\ParVdm.SYS

A5DF0000 - \SystemRoot\system32\DRIVERS\srv.sys

A5CC0000 - \??\C:\WINDOWS.0\system32\drivers\tmcomm.sys

A5AC7000 - \SystemRoot\System32\Drivers\HTTP.sys

B9F57000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

A5779000 - \SystemRoot\system32\drivers\kmixer.sys

 

Total number of drivers = 151

 

Liste des programmes installes

 

Adobe Flash Player 10 Plugin

Adobe Flash Player ActiveX

Adobe Reader 9 - Français

Analyseur et SDK MSXML 4.0 SP2

Archiveur WinRAR

ATI - Software Uninstall Utility

ATI Catalyst Control Center

ATI Display Driver

Azureus Vuze

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

ccc-core-preinstall

ccc-core-static

ccc-utility

CCC Help English

CDDRV_Installer

Command & Conquer 3

Command & Conquer 3 : La Fureur de Kane

Command & Conquer Alerte Rouge 3

Creative Audio Console

Creative MediaSource 5

Creative Software AutoUpdate

Creative System Information

Delete FXP Files Classic

ffdshow [rev 1703] [2007-12-15]

Fraps (remove only)

Free Download Manager 2.5

Hamachi 1.0.2.2

HijackThis 2.0.2

Java 6 Update 10

Java 6 Update 5

Java 6 Update 7

KhalInstallWrapper

Logitech Gaming Software 5.02

Logitech SetPoint

Malwarebytes' Anti-Malware

Messenger Plus! 3

Microsoft .NET Framework 2.0 Service Pack 1

Microsoft Flight Simulator X

Microsoft Flight Simulator X

Microsoft Flight Simulator X: Acceleration

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Office Access MUI (French) 2007

Microsoft Office Excel MUI (French) 2007

Microsoft Office InfoPath MUI (French) 2007

Microsoft Office Outlook MUI (French) 2007

Microsoft Office PowerPoint MUI (French) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (Arabic) 2007

Microsoft Office Proof (Dutch) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (French) 2007

Microsoft Office Publisher MUI (French) 2007

Microsoft Office Shared MUI (French) 2007

Microsoft Office Word MUI (French) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (French) 12

Microsoft User-Mode Driver Framework Feature Pack 1.5

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable

mIRC

Mozilla Firefox (3.0.4)

MSN Messenger 7.5

MSXML 6.0 Parser

Nero 6 Ultra Edition

Nokia Connectivity Cable Driver

Nokia Flashing Cable Driver

Nokia Lifeblog 2.5

Nokia NSeries Application Installer

Nokia NSeries Content Copier

Nokia NSeries Multimedia Player

Nokia NSeries One Touch Access

Nokia NSeries System Utilities

Nokia Software Launcher

Nokia Software Updater

OpenAL

PC Connectivity Solution

Platform

Skins

Sound Blaster X-Fi

SpeedFan (remove only)

Spybot - Search & Destroy

StuffPlug-NG (Messenger Plus! Plugins)

SuperCopier2

Tennis Elbow 2006 1.0c

Trials 2 Second Edition

TuneUp Utilities 2008

TVAnts 1.0

Veetle TV Player 0.9.11

Virtual DJ - Atomix Productions

VLC media player 0.9.4

WebFldrs XP

WinBar

Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)

 

 

 

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 0096-1338

 

Répertoire de C:\Program Files

 

30/11/2008 21:04 <REP> .

30/11/2008 21:04 <REP> ..

06/10/2008 22:19 <REP> ATI Technologies

07/10/2008 02:40 <REP> ComPlus Applications

08/10/2008 23:31 <REP> Creative

22/11/2008 01:23 544 cvhx.txt

07/10/2008 11:53 <REP> DIFX

30/11/2008 19:52 <REP> Fichiers communs

24/11/2008 23:56 <REP> File Scanner Library (Spybot - Search & Destroy)

07/10/2008 03:05 <REP> Internet Explorer

25/10/2008 11:10 <REP> Java

08/10/2008 21:18 <REP> Logitech

07/10/2008 03:04 <REP> Messenger

07/10/2008 00:09 <REP> MessengerPlus! 3

07/10/2008 02:44 <REP> microsoft frontpage

07/10/2008 02:43 <REP> Microsoft Silverlight

15/10/2008 18:41 <REP> Microsoft Visual Studio

15/10/2008 18:39 <REP> Microsoft Visual Studio 8

15/10/2008 18:41 <REP> Microsoft Works

15/10/2008 18:41 <REP> Microsoft.NET

24/11/2008 23:57 <REP> Misc. Support Library (Spybot - Search & Destroy)

07/10/2008 03:05 <REP> Movie Maker

15/10/2008 18:41 <REP> MSBuild

07/10/2008 02:39 <REP> MSN Gaming Zone

07/10/2008 00:02 <REP> MSN Messenger

17/10/2008 11:45 <REP> MSXML 4.0

10/10/2008 11:57 <REP> MSXML 6.0

07/10/2008 03:05 <REP> NetMeeting

10/10/2008 11:57 <REP> Nokia

07/10/2008 10:23 <REP> OpenAL

07/10/2008 03:05 <REP> Outlook Express

07/10/2008 11:53 <REP> PC Connectivity Solution

24/11/2008 23:57 <REP> SDHelper (Spybot - Search & Destroy)

07/10/2008 02:41 <REP> Services en ligne

24/11/2008 23:57 <REP> TeaTimer (Spybot - Search & Destroy)

30/11/2008 21:04 <REP> Veetle

06/10/2008 21:41 <REP> VIA

07/10/2008 03:04 <REP> Windows Media Connect 2

07/10/2008 03:05 <REP> Windows Media Player

07/10/2008 03:03 <REP> Windows NT

07/10/2008 02:44 <REP> xerox

1 fichier(s) 544 octets

40 Rép(s) 53 734 330 368 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 0096-1338

 

Répertoire de C:\Program Files\fichiers communs

 

30/11/2008 19:52 <REP> .

30/11/2008 19:52 <REP> ..

10/10/2008 16:41 <REP> Adobe

28/11/2008 16:52 <REP> Ahead

31/10/2008 20:41 <REP> Blizzard Entertainment

08/10/2008 23:27 <REP> Creative

19/11/2008 23:43 <REP> Creative Labs Shared

15/10/2008 18:41 <REP> DESIGNER

06/10/2008 22:19 <REP> InstallShield

07/10/2008 02:43 <REP> Java

07/10/2008 10:20 <REP> Logishrd

08/10/2008 21:18 <REP> Logitech

15/10/2008 18:41 <REP> Microsoft Shared

07/10/2008 02:41 <REP> MSSoap

10/10/2008 11:56 <REP> Nokia

07/10/2008 04:35 <REP> ODBC

07/10/2008 11:53 <REP> PCSuite

07/10/2008 03:05 <REP> Services

07/10/2008 04:35 <REP> SpeechEngines

15/10/2008 18:39 <REP> System

17/10/2008 16:17 <REP> Wise Installation Wizard

0 fichier(s) 0 octets

21 Rép(s) 53 734 330 368 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 0096-1338

 

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

 

15/10/2008 18:41 <REP> .

15/10/2008 18:41 <REP> ..

15/10/2008 18:39 <REP> 1036

26/10/2006 18:49 970 528 MSONSEXT.DLL

26/10/2006 19:12 40 256 MSOSV.DLL

03/06/1999 11:09 122 937 MSOWS409.DLL

07/03/2001 06:00 127 033 MSOWS40c.DLL

4 fichier(s) 1 260 754 octets

3 Rép(s) 53 734 330 368 octets libres

 

 

 

 

c:\Documents and Settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\batchrunner.exe

c:\Documents and Settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE

c:\Documents and Settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE

c:\Documents and Settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\NETFXSBS10.exe

c:\Documents and Settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\AppLaunch.exe

c:\Documents and Settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\aspnet_compiler.exe

c:\Documents and Settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\aspnet_regbrowsers.exe

c:\Documents and Settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\aspnet_regiis.exe

c:\Documents and Settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\aspnet_regsql.exe

c:\Documents and Settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\aspnet_state.exe

c:\Documents and Settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\aspnet_wp.exe

c:\Documents and Settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CasPol.exe

c:\Documents and Settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\csc.exe

c:\Documents and Settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\cvtres.exe

c:\Documents and Settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\dfsvc.exe

c:\Documents and Settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\IEExec.exe

c:\Documents and Settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ilasm.exe

c:\Documents and Settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\InstallUtil.exe

c:\Documents and Settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\jsc.exe

c:\Documents and Settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\MSBuild.exe

c:\Documents and Settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\mscorsvw.exe

c:\Documents and Settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ngen.exe

c:\Documents and Settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\RegAsm.exe

c:\Documents and Settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\RegSvcs.exe

c:\Documents and Settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\regtlibv12.exe

c:\Documents and Settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\vbc.exe

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\simpletts.exe

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\SD-CARD\InstallSD\InstallSD.exe

c:\Documents and Settings\All Users.WINDOWS.0\Application Data\Installations\{17BD85F9-3B88-4C85-BB47-4AB8DD68F8BB}\NokiaSoftwareUpdaterSetup_en.exe

c:\Documents and Settings\All Users.WINDOWS.0\Application Data\Installations\{17BD85F9-3B88-4C85-BB47-4AB8DD68F8BB}\NokiaSoftwareUpdaterSetup_fr.exe

c:\Documents and Settings\All Users.WINDOWS.0\Application Data\Installations\{17BD85F9-3B88-4C85-BB47-4AB8DD68F8BB}\Installer\CommonCustomActions\Sleep.exe

c:\Documents and Settings\All Users.WINDOWS.0\Application Data\Installations\{17BD85F9-3B88-4C85-BB47-4AB8DD68F8BB}\Installer\CommonCustomActions\vcredistExec.exe

c:\Documents and Settings\BaPoR\.housecall6.6\getMac.exe

c:\Documents and Settings\BaPoR\.housecall6.6\patch.exe

c:\Documents and Settings\BaPoR\.housecall6.6\TSC.exe

c:\Documents and Settings\BaPoR\7zSA27.tmp\batchrunner.exe

c:\Documents and Settings\BaPoR\7zSA27.tmp\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE

c:\Documents and Settings\BaPoR\7zSA27.tmp\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE

c:\Documents and Settings\BaPoR\7zSA27.tmp\Win\Microsoft.NET\Framework\NETFXSBS10.exe

c:\Documents and Settings\BaPoR\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\AppLaunch.exe

c:\Documents and Settings\BaPoR\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\aspnet_compiler.exe

c:\Documents and Settings\BaPoR\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\aspnet_regbrowsers.exe

c:\Documents and Settings\BaPoR\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\aspnet_regiis.exe

c:\Documents and Settings\BaPoR\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\aspnet_regsql.exe

c:\Documents and Settings\BaPoR\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\aspnet_state.exe

c:\Documents and Settings\BaPoR\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\aspnet_wp.exe

c:\Documents and Settings\BaPoR\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CasPol.exe

c:\Documents and Settings\BaPoR\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\csc.exe

c:\Documents and Settings\BaPoR\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\cvtres.exe

c:\Documents and Settings\BaPoR\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\dfsvc.exe

c:\Documents and Settings\BaPoR\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\IEExec.exe

c:\Documents and Settings\BaPoR\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ilasm.exe

c:\Documents and Settings\BaPoR\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\InstallUtil.exe

c:\Documents and Settings\BaPoR\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\jsc.exe

c:\Documents and Settings\BaPoR\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\MSBuild.exe

c:\Documents and Settings\BaPoR\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\mscorsvw.exe

c:\Documents and Settings\BaPoR\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ngen.exe

c:\Documents and Settings\BaPoR\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\RegAsm.exe

c:\Documents and Settings\BaPoR\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\RegSvcs.exe

c:\Documents and Settings\BaPoR\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\regtlibv12.exe

c:\Documents and Settings\BaPoR\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\vbc.exe

c:\Documents and Settings\BaPoR\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\ARPPRODUCTICON.exe

c:\Documents and Settings\BaPoR\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\Uninstall_WD_Diagnos_0AB76F69E7614CFAB9B0A1906B4E9E4B.exe

c:\Documents and Settings\BaPoR\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe

c:\Documents and Settings\BaPoR\Application Data\Microsoft\Installer\{18063128-B9E1-AFAE-B7DD-2C313D2C375B}\ARPPRODUCTICON.exe

c:\Documents and Settings\BaPoR\Application Data\Microsoft\Installer\{2A425503-3D15-BE66-8781-3D153AF1F8A9}\ARPPRODUCTICON.exe

c:\Documents and Settings\BaPoR\Application Data\Microsoft\Installer\{56918C0C-0D87-4CA6-92BF-4975A43AC719}\ARPPRODUCTICON.exe

c:\Documents and Settings\BaPoR\Application Data\Microsoft\Installer\{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}\ARPPRODUCTICON.exe

c:\Documents and Settings\BaPoR\Application Data\Microsoft\Installer\{C02EDE17-BC2E-4393-70BD-36185ABEBFF7}\ARPPRODUCTICON.exe

c:\Documents and Settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\FlashGot.exe

c:\Documents and Settings\BaPoR\Application Data\U3\temp\cleanup.exe

c:\Documents and Settings\BaPoR\Bureau\DiagHelp\catchme.exe

c:\Documents and Settings\BaPoR\Bureau\DiagHelp\diff.exe

c:\Documents and Settings\BaPoR\Bureau\DiagHelp\dumphive.exe

c:\Documents and Settings\BaPoR\Bureau\DiagHelp\FilesInfoCmd.exe

c:\Documents and Settings\BaPoR\Bureau\DiagHelp\find2.exe

c:\Documents and Settings\BaPoR\Bureau\DiagHelp\Fport.exe

c:\Documents and Settings\BaPoR\Bureau\DiagHelp\grep.exe

c:\Documents and Settings\BaPoR\Bureau\DiagHelp\gzip.exe

c:\Documents and Settings\BaPoR\Bureau\DiagHelp\KProcCheck.exe

c:\Documents and Settings\BaPoR\Bureau\DiagHelp\LFiles.exe

c:\Documents and Settings\BaPoR\Bureau\DiagHelp\LISTDLLS.exe

c:\Documents and Settings\BaPoR\Bureau\DiagHelp\md5sums.exe

c:\Documents and Settings\BaPoR\Bureau\DiagHelp\pslist.exe

c:\Documents and Settings\BaPoR\Bureau\DiagHelp\sigcheck.exe

c:\Documents and Settings\BaPoR\Bureau\DiagHelp\streams.exe

c:\Documents and Settings\BaPoR\Bureau\DiagHelp\swreg.exe

c:\Documents and Settings\BaPoR\Bureau\DiagHelp\tar.exe

c:\Documents and Settings\BaPoR\Local Settings\Apps\2.0\GEW9HZ8H.OLB\WAQTJBVZ.HBZ\wowa..tion_4d89fb8d52541cc9_0001.0009_463a4ff8a8f16a7e\WowAceUpdater.exe

c:\Documents and Settings\BaPoR\Local Settings\Apps\2.0\GEW9HZ8H.OLB\WAQTJBVZ.HBZ\wowa..tion_4d89fb8d52541cc9_0001.0009_be6e1817fe995cd7\WowAceUpdater.exe

c:\Documents and Settings\BaPoR\Local Settings\Temp\CF20493.exe

c:\Documents and Settings\BaPoR\Mes documents\Azureus Downloads\X3 Terran Conflict\X3TCUpdate1.0.1_to_1.2.exe

c:\Documents and Settings\BaPoR\Mes documents\Mes fichiers reçus\Themida.1.8.5.5.Full\Themida.exe

c:\Documents and Settings\Default User.WINDOWS.0\7zSA27.tmp\batchrunner.exe

c:\Documents and Settings\Default User.WINDOWS.0\7zSA27.tmp\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE

c:\Documents and Settings\Default User.WINDOWS.0\7zSA27.tmp\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE

c:\Documents and Settings\Default User.WINDOWS.0\7zSA27.tmp\Win\Microsoft.NET\Framework\NETFXSBS10.exe

c:\Documents and Settings\Default User.WINDOWS.0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\AppLaunch.exe

c:\Documents and Settings\Default User.WINDOWS.0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\aspnet_compiler.exe

c:\Documents and Settings\Default User.WINDOWS.0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\aspnet_regbrowsers.exe

c:\Documents and Settings\Default User.WINDOWS.0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\aspnet_regiis.exe

c:\Documents and Settings\Default User.WINDOWS.0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\aspnet_regsql.exe

c:\Documents and Settings\Default User.WINDOWS.0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\aspnet_state.exe

c:\Documents and Settings\Default User.WINDOWS.0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\aspnet_wp.exe

c:\Documents and Settings\Default User.WINDOWS.0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\CasPol.exe

c:\Documents and Settings\Default User.WINDOWS.0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\csc.exe

c:\Documents and Settings\Default User.WINDOWS.0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\cvtres.exe

c:\Documents and Settings\Default User.WINDOWS.0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\dfsvc.exe

c:\Documents and Settings\Default User.WINDOWS.0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\IEExec.exe

c:\Documents and Settings\Default User.WINDOWS.0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ilasm.exe

c:\Documents and Settings\Default User.WINDOWS.0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\InstallUtil.exe

c:\Documents and Settings\Default User.WINDOWS.0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\jsc.exe

c:\Documents and Settings\Default User.WINDOWS.0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\MSBuild.exe

c:\Documents and Settings\Default User.WINDOWS.0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\mscorsvw.exe

c:\Documents and Settings\Default User.WINDOWS.0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\ngen.exe

c:\Documents and Settings\Default User.WINDOWS.0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\RegAsm.exe

c:\Documents and Settings\Default User.WINDOWS.0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\RegSvcs.exe

c:\Documents and Settings\Default User.WINDOWS.0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\regtlibv12.exe

c:\Documents and Settings\Default User.WINDOWS.0\7zSA27.tmp\Win\Microsoft.NET\Framework\URTInstallPath\vbc.exe

c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll

c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\_entreelist.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\_enviewlist.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_033084351D1EAC148B8FF78746F4F705.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_297DD19418DAC924E94B68DDD3223E33.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_305524A251D366EB7818D351A31F8F9A.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_30F141422B9D920DC149B0AB99771D37.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_31A06A18D42273642830E3CA301B124A.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_3231695C5E2ABAF49BD2BD6F2C280F5F.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_3FB590517D3AFDD41B39A39486180E30.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_4BD2EED9C64DFC7E495608B22D70A7A0.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_509FB7A3D73FBFD43880CEA34A16B763.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_5183C15255A770648AD23C9BF8F0AB8B.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_56DEA0E727EC5173F50D1AC841B9B5FF.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_5B84B90E141EA724BAC03D06157222A4.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_5EAD28C50BE647342945EB3391ABE428.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_62287FAB00234BD4EB33D429A2978904.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_62414A174A7CFCD49ADE5C4B1B50DED1.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_68AB67CA7DA76301B7448A2100000030.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_6987D8684D993154CB26B2A33D2E9462.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_6FF9D18EF54B4DD46937680BA86F7F50.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_7185FF779ABA4921D2D32AF9F8ADB8DA.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_71EDE20CE2CB393407DB6381A5EBFB7F.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_821360811E9BEAFA7BDDC213D3C273B5.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_83222CEFE7BF70D58FA8871F450670A3.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610003.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610005.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_9040820900063D11C8EF00054038389C.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_96F67BA0167EAFC49B0B1A09B6E4E9B4.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_98CFF663008C66349B309B4C1314905A.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_9976FF4E27D904947AA5B6452608267E.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_9C2242CC5B7F57142B59E52C82A36A47.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_BCA60DFFB8FDD43DF9E9DC1AC8512E80.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_BD6219EF48F5A594BB64C327F4C1D280.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_c049C053C7D38EE4AB9A00CB3B5D2472.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_C0C8196578D06AC429FB94574AA37C91.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_C6FADEDDE884ADC42867C1FCF5C3C523.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_CF3635BC2F402F3E87DB9A6ABD36BDE9.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_D6461317C3DC4F04799BDCE9E42626FE.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_DB58B1D770AA8B8408D8764A60F76CDB.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_DC099CC88C78C574CA23A897482ECFAF.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_E1C3DFABCE30AD11FBDB0060B5DB0C5B.dll

c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_F942F94A19C0F79468FD2B85E5E8677B.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\audioout.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\combrk.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\comrsrc.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\comsyssvc.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\dcteg.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\domain_mngr.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\edct.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\empp_dub.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\empp_eng.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\empp_enu.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\empp_frf.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\empp_ged.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\empp_iti.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\empp_spe.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\g2p_dun.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\g2p_eng.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\g2p_enu.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\g2p_frf.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\g2p_ged.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\g2p_iti.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\g2p_spe.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\rettt.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\rs_sapi5_solo.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\rssoloapi.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\stdpp_dub.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\stdpp_eng.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\stdpp_enu.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\stdpp_frf.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\stdpp_ged.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\stdpp_iti.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\stdpp_spe.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\swisolo.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\synth_112mrf16.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\ttsengine.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\vf_claire_red.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\vf_emily_red.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\vf_isabel_red.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\vf_samantha_red.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\vf_silvia_red.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\vf_steffi_red.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\vf_virginie_red.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\xcoder.dll

c:\Documents and Settings\All Users\Application Data\ViaMichelin\ViaMichelin Navigation PND\ContentManager\Dynamic\RESTORE\MEMORY\VMData\TTS\speech\components\xlit_1252.dll

c:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll

c:\Documents and Settings\BaPoR\Application Data\Acreon\WowMatrix\wmzip.dll

c:\Documents and Settings\BaPoR\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll

c:\Documents and Settings\BaPoR\Application Data\Sun\Java\jre1.6.0_10\lzma.dll

c:\Documents and Settings\BaPoR\Application Data\System Requirements Lab\SRLProxyE.dll

c:\Documents and Settings\BaPoR\Application Data\System Requirements Lab\SRLProxyF.dll

c:\Documents and Settings\BaPoR\Application Data\System Requirements Lab\SRLProxyG.dll

c:\Documents and Settings\BaPoR\Application Data\System Requirements Lab\SRLProxyH.dll

c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

 

****** Fin du rapport DiagHelp

 

Merci !

WawaSeb Godlike Member

WawaSeb

Posté(e)
Posté(e)

Bonsoir bapor !

 

*** Me voici de retour, ton rapport est peu parlant... mais montre effectivement des traces d'infections ! ***

 

Écrit Aujourd'hui à 18h01

Personne ?

bapor Écrit Aujourd'hui à 16h51

up

bapor Écrit Aujourd'hui à 12h19

up

--> Excuse-moi pour le délai de réponse, mais je cumule plusieurs métiers dont un à temps-plein...

--> Le fait que tu aies passé des outils sans poster les rapports masque probablement des parties d'infections...

 

1) As-tu des problèmes sur un site en particulier ? Si oui, lequel ?

 

2) Quel navigateur utilises-tu (Internet Explorer, FireFox, ...) ?

 

3) Désactive le Teatimer de Spybot

  • Ouvre Spybot
  • Rends-toi dans le menu Mode
  • Coche la case Mode Avancé
  • Clique sur Outils (tout en bas)
  • Dans Résident, tu décoches la case Resident Teatimer
    -----> L'icône doit être absente de la barre des tâches...

 

Tutoriel animé : http://pagesperso-orange.fr/rginformatique...mo%20spybot.htm (merci Balltrap34 !)

 

 

4) Si ComboFix est toujours installé sur ton système, clique sur Démarrer, puis sur Exécuter

  • Tape combofix /u et appuie sur Entrée <-- Attention, l'espace entre le "x" et le "/" est important
    CF_Cleanup.png

 

 

5) Télécharge Combofix de sUBs cf.JPG

 

  • Enregistre-le impérativement sur ton bureau.
  • Prends connaissance du tutoriel suivant : http://www.bleepingcomputer.com/combofix/f...iliser-combofix
  • Déconnecte-toi du net et désactive ton antivirus pendant la procédure.
  • Ferme toutes les fenêtres.
  • Double-clique sur combofix.exe
  • Clique sur "Oui" pour accepter la limitation de garantie !
    --> Si ton pare-feu te demande d'autoriser nircmd.cfexe, accepte.
    --> Si ComboFix te demande d'installer la console de récupération, accepte (YES, puis OUI), c'est TRES IMPORTANT !
  • Lance le scan (ne clique pas sur la fenêtre qui s'ouvre).
  • A la fin du scan (cela peut prendre du temps), un rapport sera créé.
  • Poste ce rapport dans ton / tes prochain(s) message(s) (C:\Combofix.txt)

Avertissement important : Cet outil n'est pas un antimalware's généraliste ! Il ne peut être utilisé que par des personnes qualifiées...

 

 

Bon travail à toi !

4079.gif

bapor Member

bapor

Posté(e)
  • Auteur
Posté(e) (modifié)

1) As-tu des problèmes sur un site en particulier ? Si oui, lequel ? Non

 

2) Quel navigateur utilises-tu (Internet Explorer, FireFox, ...) ? Firefox

 

 

ComboFix 08-12-01.01 - BaPoR 2008-12-01 21:44:34.4 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1582 [GMT 1:00]

Lancé depuis: c:\documents and settings\BaPoR\Bureau\ComboFix.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows.0\Install.txt

c:\windows.0\system32\afisicx.exe

c:\windows.0\system32\comsa32.sys

c:\windows.0\system32\mabidwe.exe

c:\windows.0\system32\noytcyr.exe

c:\windows.0\system32\roytctm.exe

c:\windows.0\system32\soxpeca.exe

c:\windows.0\system32\tdydowkc.exe

c:\windows.0\system32\tpszxyd.sys

c:\windows.0\system32\udxfytw.sys

c:\windows.0\system32\wsldoekd.exe

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_AFISICX

-------\Legacy_MABIDWE

-------\Legacy_NOYTCYR

-------\Legacy_ROYTCTM

-------\Legacy_SOXPECA

-------\Legacy_TDYDOWKC

-------\Legacy_WSLDOEKD

-------\Service_afisicx

-------\Service_mabidwe

-------\Service_noytcyr

-------\Service_poof

-------\Service_roytctm

-------\Service_soxpeca

-------\Service_tdydowkc

-------\Service_wsldoekd

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-01 au 2008-12-01 ))))))))))))))))))))))))))))))))))))

.

 

2008-12-01 16:31 . 2008-12-01 16:31 <REP> d--h----- c:\windows.0\system32\GroupPolicy

2008-12-01 13:52 . 2008-12-01 16:50 69 --a------ c:\windows.0\NeroDigital.ini

2008-12-01 12:52 . 2008-12-01 13:22 <REP> d-------- c:\documents and settings\BaPoR\Application Data\vlc

2008-12-01 01:34 . 2008-12-01 19:28 60,928 --a------ c:\windows.0\system32\msnfoed.exe

2008-11-30 21:04 . 2008-11-30 21:04 <REP> d-------- c:\program files\Veetle

2008-11-30 21:04 . 2008-11-30 21:05 48,396 --a------ c:\windows.0\UninstVeetleTVPlayer.exe

2008-11-30 19:29 . 2008-11-30 19:29 <REP> d-------- c:\windows.0\ERUNT

2008-11-30 19:27 . 2008-10-07 04:58 <REP> d--h----- c:\documents and settings\Administrateur.A6-6D3439E225D0\Voisinage réseau

2008-11-30 19:27 . 2008-10-07 04:58 <REP> d--h----- c:\documents and settings\Administrateur.A6-6D3439E225D0\Voisinage d'impression

2008-11-30 19:27 . 2008-10-07 03:03 <REP> d--h----- c:\documents and settings\Administrateur.A6-6D3439E225D0\Modèles

2008-11-30 19:27 . 2008-10-07 04:58 <REP> d-------- c:\documents and settings\Administrateur.A6-6D3439E225D0\Mes documents

2008-11-30 19:27 . 2008-10-07 04:58 <REP> dr------- c:\documents and settings\Administrateur.A6-6D3439E225D0\Menu Démarrer

2008-11-30 19:27 . 2008-10-07 03:08 <REP> d-------- c:\documents and settings\Administrateur.A6-6D3439E225D0\Favoris

2008-11-30 19:27 . 2008-10-07 04:58 <REP> d-------- c:\documents and settings\Administrateur.A6-6D3439E225D0\Bureau

2008-11-30 19:27 . 2008-10-07 03:08 <REP> d-------- c:\documents and settings\Administrateur.A6-6D3439E225D0\7zSA27.tmp

2008-11-30 19:27 . 2008-11-30 19:28 <REP> d-------- c:\documents and settings\Administrateur.A6-6D3439E225D0

2008-11-30 19:20 . 2008-11-30 19:59 <REP> d-------- C:\SDFix

2008-11-28 16:53 . 2004-03-02 16:37 125,184 --------- c:\windows.0\system32\drivers\imagesrv.sys

2008-11-28 16:53 . 2004-03-02 16:37 5,504 --------- c:\windows.0\system32\drivers\imagedrv.sys

2008-11-28 16:52 . 2008-11-28 16:52 <REP> d-------- c:\program files\Fichiers communs\Ahead

2008-11-28 16:52 . 2004-07-26 16:16 1,568,768 --------- c:\windows.0\system32\ImagX7.dll

2008-11-28 16:52 . 2004-07-26 16:16 476,320 --------- c:\windows.0\system32\ImagXpr7.dll

2008-11-28 16:52 . 2004-07-26 16:16 471,040 --------- c:\windows.0\system32\ImagXRA7.dll

2008-11-28 16:52 . 2004-07-26 16:16 262,144 --------- c:\windows.0\system32\ImagXR7.dll

2008-11-28 16:52 . 2001-07-09 10:50 155,648 --a------ c:\windows.0\system32\NeroCheck.exe

2008-11-28 16:52 . 2000-06-26 10:45 106,496 --a------ c:\windows.0\system32\TwnLib20.dll

2008-11-25 01:14 . 2008-11-30 13:10 604 --a------ c:\windows.0\wininit.ini

2008-11-24 23:57 . 2008-11-24 23:57 <REP> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)

2008-11-24 23:57 . 2008-11-24 23:57 <REP> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)

2008-11-24 23:57 . 2008-11-24 23:57 <REP> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)

2008-11-24 23:56 . 2008-11-24 23:56 <REP> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)

2008-11-24 23:55 . 2008-11-30 12:47 <REP> d-------- c:\documents and settings\All Users.WINDOWS.0\Application Data\Spybot - Search & Destroy

2008-11-24 00:20 . 2008-08-30 19:48 102,664 --a------ c:\windows.0\system32\drivers\tmcomm.sys

2008-11-22 01:06 . 2008-11-22 01:06 <REP> d-------- c:\documents and settings\BaPoR\Application Data\Malwarebytes

2008-11-22 01:06 . 2008-11-22 01:06 <REP> d-------- c:\documents and settings\All Users.WINDOWS.0\Application Data\Malwarebytes

2008-11-22 01:06 . 2008-10-22 16:10 38,496 --a------ c:\windows.0\system32\drivers\mbamswissarmy.sys

2008-11-22 01:06 . 2008-10-22 16:10 15,504 --a------ c:\windows.0\system32\drivers\mbam.sys

2008-11-20 15:35 . 2008-11-29 12:28 <REP> d-------- c:\documents and settings\BaPoR\Application Data\Hamachi

2008-11-20 15:30 . 2008-11-20 15:33 25,544 --a------ c:\windows.0\system32\drivers\hamachi.sys

2008-11-19 23:43 . 2008-11-19 23:43 <REP> d-------- c:\program files\Fichiers communs\Creative Labs Shared

2008-11-19 23:43 . 2008-12-01 21:46 54,568 --a------ c:\windows.0\system32\BMXStateBkp-{00000003-00000000-00000007-00001102-00000005-002C1102}.rfx

2008-11-19 23:43 . 2008-12-01 21:46 54,568 --a------ c:\windows.0\system32\BMXState-{00000003-00000000-00000007-00001102-00000005-002C1102}.rfx

2008-11-19 23:43 . 2008-12-01 21:46 788 --a------ c:\windows.0\system32\DVCState-{00000003-00000000-00000007-00001102-00000005-002C1102}.rfx

2008-11-11 18:55 . 2007-01-01 00:00 60,273 --a------ c:\windows.0\system32\pthreadGC2.dll

2008-11-11 18:55 . 2007-12-15 16:11 7,680 --a------ c:\windows.0\system32\ff_vfw.dll

2008-11-11 18:55 . 2007-01-01 00:00 547 --a------ c:\windows.0\system32\ff_vfw.dll.manifest

2008-11-03 16:48 . 2008-11-03 16:48 <REP> d--h----- c:\windows.0\PIF

2008-11-01 15:07 . 2008-11-02 20:50 <REP> d-------- c:\documents and settings\BaPoR\Application Data\Red Alert 3

2008-11-01 15:03 . 2008-11-01 15:03 7,130 --a------ c:\windows.0\system32\ealregsnapshot1.reg

2008-11-01 14:35 . 2008-11-01 14:35 <REP> d-------- c:\windows.0\Logs

2008-11-01 14:35 . 2008-05-30 14:11 3,850,760 --a------ c:\windows.0\system32\D3DX9_38.dll

2008-11-01 14:35 . 2007-07-19 18:14 3,727,720 --a------ c:\windows.0\system32\d3dx9_35.dll

2008-11-01 14:35 . 2008-05-30 14:11 1,491,992 --a------ c:\windows.0\system32\D3DCompiler_38.dll

2008-11-01 14:35 . 2007-07-19 18:14 1,358,192 --a------ c:\windows.0\system32\D3DCompiler_35.dll

2008-11-01 14:35 . 2008-05-30 14:11 467,984 --a------ c:\windows.0\system32\d3dx10_38.dll

2008-11-01 14:35 . 2007-07-19 18:14 444,776 --a------ c:\windows.0\system32\d3dx10_35.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-01 20:45 --------- d-----w c:\documents and settings\BaPoR\Application Data\Free Download Manager

2008-12-01 15:51 --------- d-----w c:\documents and settings\BaPoR\Application Data\dvdcss

2008-12-01 14:56 --------- d-----w c:\documents and settings\BaPoR\Application Data\Azureus

2008-11-25 22:12 98,304 ----a-w c:\windows.0\system32\CmdLineExt.dll

2008-11-22 00:23 544 ----a-w c:\program files\cvhx.txt

2008-11-20 14:35 --------- d-----w c:\documents and settings\BaPoR\Application Data\Hamachi-Backup

2008-11-19 22:43 --------- d--h--w c:\program files\InstallShield Installation Information

2008-11-19 22:42 413,696 ----a-w c:\windows.0\system32\wrap_oal.dll

2008-11-19 22:42 110,592 ----a-w c:\windows.0\system32\OpenAL32.dll

2008-11-19 22:42 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Creative

2008-10-31 21:56 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Blizzard

2008-10-31 19:41 --------- d-----w c:\program files\Fichiers communs\Blizzard Entertainment

2008-10-27 09:04 70,992 ----a-w c:\windows.0\system32\XAPOFX1_2.dll

2008-10-27 09:04 514,384 ----a-w c:\windows.0\system32\XAudio2_3.dll

2008-10-27 09:04 235,856 ----a-w c:\windows.0\system32\xactengine3_3.dll

2008-10-27 09:04 23,376 ----a-w c:\windows.0\system32\X3DAudio1_5.dll

2008-10-25 10:10 410,976 ----a-w c:\windows.0\system32\deploytk.dll

2008-10-25 10:10 --------- d-----w c:\program files\Java

2008-10-24 14:24 2,829 ----a-w c:\windows.0\War3Unin.pif

2008-10-24 14:24 139,264 ----a-w c:\windows.0\War3Unin.exe

2008-10-17 15:17 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard

2008-10-17 10:45 --------- d-----w c:\program files\MSXML 4.0

2008-10-15 17:42 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft Help

2008-10-15 17:41 --------- d-----w c:\program files\MSBuild

2008-10-15 17:41 --------- d-----w c:\program files\Microsoft.NET

2008-10-15 17:41 --------- d-----w c:\program files\Microsoft Works

2008-10-15 17:39 --------- d-----w c:\program files\Microsoft Visual Studio 8

2008-10-15 17:31 639,224 ----a-w c:\windows.0\system32\drivers\sptd.sys

2008-10-10 15:41 --------- d-----w c:\program files\Fichiers communs\Adobe

2008-10-10 11:03 0 ---ha-w c:\windows.0\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf

2008-10-10 11:02 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Nokia

2008-10-10 10:57 --------- d-----w c:\program files\Nokia

2008-10-10 10:57 --------- d-----w c:\program files\MSXML 6.0

2008-10-10 10:56 --------- d-----w c:\program files\Fichiers communs\Nokia

2008-10-10 10:53 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Installations

2008-10-10 03:52 452,440 ----a-w c:\windows.0\system32\d3dx10_40.dll

2008-10-10 03:52 4,379,984 ----a-w c:\windows.0\system32\D3DX9_40.dll

2008-10-10 03:52 2,036,576 ----a-w c:\windows.0\system32\D3DCompiler_40.dll

2008-10-09 09:33 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\FreeDownloadManager.ORG

2008-10-08 22:31 --------- d-----w c:\program files\Creative

2008-10-08 22:27 --------- d--h--w c:\program files\Creative Installation Information

2008-10-08 22:27 --------- d-----w c:\program files\Fichiers communs\Creative

2008-10-08 20:18 --------- d-----w c:\program files\Logitech

2008-10-08 20:18 --------- d-----w c:\program files\Fichiers communs\Logitech

2008-10-07 10:56 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\PC Suite

2008-10-07 10:55 --------- d-----w c:\documents and settings\BaPoR\Application Data\Nokia

2008-10-07 10:53 --------- d-----w c:\program files\PC Connectivity Solution

2008-10-07 10:53 --------- d-----w c:\program files\Fichiers communs\PCSuite

2008-10-07 10:53 --------- d-----w c:\program files\DIFX

2008-10-07 10:53 --------- d-----w c:\documents and settings\BaPoR\Application Data\PC Suite

2008-10-07 09:28 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Messenger Plus!

2008-10-07 09:23 --------- d-----w c:\program files\OpenAL

2008-10-07 09:22 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\LogiShrd

2008-10-07 09:21 0 ---ha-w c:\windows.0\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf

2008-10-07 09:21 0 ---ha-w c:\windows.0\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

2008-10-07 09:20 0 ---ha-w c:\windows.0\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-10-07 09:20 --------- d-----w c:\program files\Fichiers communs\Logishrd

2008-10-07 09:20 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Logitech

2008-10-07 02:04 --------- d-----w c:\program files\Windows Media Connect 2

2008-10-07 01:44 --------- d-----w c:\program files\microsoft frontpage

2008-10-07 01:43 --------- d-----w c:\program files\Microsoft Silverlight

2008-10-07 01:43 --------- d-----w c:\program files\Fichiers communs\Java

2008-10-07 01:41 --------- d-----w c:\program files\Services en ligne

2008-10-06 23:09 --------- d-----w c:\program files\MessengerPlus! 3

2008-10-06 23:02 --------- d-----w c:\program files\MSN Messenger

2008-10-06 21:58 307,968 ----a-w c:\windows.0\system32\TuneUpDefragService.exe

2008-10-06 21:58 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\TuneUp Software

2008-10-06 21:55 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Azureus

2008-10-06 21:28 --------- d-----w c:\documents and settings\BaPoR\Application Data\Media Player Classic

2008-10-06 21:28 --------- d-----w c:\documents and settings\BaPoR\Application Data\Logitech

2008-10-06 21:28 --------- d-----w c:\documents and settings\BaPoR\Application Data\IGN_DLM

2008-10-06 21:28 --------- d-----w c:\documents and settings\BaPoR\Application Data\Acreon

2008-10-06 21:20 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\ATI

2008-10-06 21:19 --------- d-----w c:\program files\Fichiers communs\InstallShield

2008-10-06 21:19 --------- d-----w c:\program files\ATI Technologies

2008-10-06 20:41 --------- d-----w c:\program files\VIA

2008-09-18 20:11 19,104 ----a-w c:\documents and settings\BaPoR\Application Data\GDIPFONTCACHEV1.DAT

.

 

------- Sigcheck -------

 

2008-04-29 19:34 361344 68f06fe0021b01e670af37b8c5964fdf c:\windows.0\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows.0\system32\ctfmon.exe" [2008-04-14 15360]

"SuperCopier2.exe"="g:\logiciel\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]

"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2008-10-07 190024]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]

"Free Download Manager"="g:\logiciel\Free Download Manager\fdm.exe" [2008-05-20 2474031]

"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2006-01-24 7094272]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-25 136600]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]

"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2008-10-07 190024]

"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]

"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 122880]

"Adobe Reader Speed Launcher"="g:\logiciel\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows.0\KHALMNPR.Exe]

"CTxfiHlp"="CTXFIHLP.EXE" [2008-07-11 c:\windows.0\system32\Ctxfihlp.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows.0\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

 

c:\documents and settings\BaPoR\Menu D‚marrer\Programmes\D‚marrage\

WinBar.lnk - g:\logiciel\WinBar\WinBar.exe [2008-06-10 188928]

 

c:\documents and settings\All Users.WINDOWS.0\Menu D‚marrer\Programmes\D‚marrage\

Logitech SetPoint.lnk - g:\logiciel\Logitech\SetPoint\SetPoint.exe [2008-06-10 805392]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"MemCheckBoxInRunDlg"= 1 (0x1)

"NoSMBalloonTip"= 1 (0x1)

"NoWelcomeScreen"= 1 (0x1)

"NoStrCmpLogical"= 0 (0x0)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"MemCheckBoxInRunDlg"= 1 (0x1)

"NoSMBalloonTip"= 1 (0x1)

"NoWelcomeScreen"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 01:42 72208 c:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"DAEMON Tools"="g:\logiciel\DAEMON Tools\daemon.exe" -lang 1033

"NSLauncher"=c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"DisablePagingExecutive"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"g:\\Logiciel\\Azureus\\Azureus.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"g:\\Logiciel\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

 

R0 videX32;videX32;c:\windows.0\system32\DRIVERS\videX32.sys [2008-10-06 9216]

R2 CTAudSvcService;Creative Audio Service;c:\program files\Creative\Shared Files\CTAudSvc.exe [2008-11-19 417792]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;"c:\program files\Fichiers communs\Creative Labs Shared\Service\CTAELicensing.exe" [2008-11-19 79360]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows.0\system32\drivers\nmwcdnsu.sys [2008-10-10 138112]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows.0\system32\drivers\nmwcdnsuc.sys [2008-10-10 8320]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Contenu du dossier 'Tâches planifiées'

 

2008-12-01 c:\windows.0\Tasks\1-Click Maintenance.job

- g:\logiciel\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 13:24]

.

.

------- Examen supplémentaire -------

.

FireFox -: Profile - c:\documents and settings\BaPoR\Application Data\Mozilla\Firefox\Profiles\vunhsosb.default\

FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll

FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll

FF -: plugin - c:\program files\Veetle\plugins\npVeetle.dll

FF -: plugin - c:\windows\system32\Adobe\Director\np32dsw.dll

FF -: plugin - g:\logiciel\DivX\DivX Web Player\npdivx32.dll

FF -: plugin - g:\logiciel\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF -: plugin - g:\logiciel\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF -: plugin - g:\logiciel\Mozilla Firefox\plugins\np32dsw.dll

FF -: plugin - g:\logiciel\Mozilla Firefox\plugins\NPAdbESD.dll

FF -: plugin - g:\logiciel\Mozilla Firefox\plugins\npdeploytk.dll

FF -: plugin - g:\logiciel\Mozilla Firefox\plugins\npdivx32.dll

FF -: plugin - g:\logiciel\Mozilla Firefox\plugins\npnul32.dll

FF -: plugin - g:\logiciel\Mozilla Firefox\plugins\NPOFF12.DLL

FF -: plugin - g:\logiciel\Mozilla Firefox\plugins\nppdf32.dll

FF -: plugin - g:\logiciel\Reader 8.0\Reader\browser\nppdf32.dll

FF -: plugin - g:\logiciel\Reader 9.0\Reader\browser\nppdf32.dll

FF -: plugin - g:\logiciel\Real Alternative\browser\plugins\nppl3260.dll

FF -: plugin - g:\logiciel\Real Alternative\browser\plugins\nprpjplug.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-01 21:47:49

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]

"ImagePath"="\??\c:\docume~1\BaPoR\LOCALS~1\Temp\mc22.tmp"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(804)

c:\windows.0\system32\Ati2evxx.dll

c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll

c:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows.0\system32\ati2evxx.exe

c:\windows.0\system32\ati2evxx.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\windows.0\system32\CTxfispi.exe

c:\progra~1\MSNMES~1\msnmsgr.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

c:\windows.0\system32\CTSVCCDA.EXE

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.exe

c:\windows.0\system32\wscntfy.exe

.

**************************************************************************

.

Heure de fin: 2008-12-01 21:48:51 - La machine a redémarré [baPoR]

ComboFix-quarantined-files.txt 2008-12-01 20:48:49

 

Avant-CF: 54,277,980,160 octets libres

Après-CF: 54,275,776,512 octets libres

 

309

Modifié par bapor

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...