Libellules.ch - forum d'informatique • Déconnection du net-virus heur trojan generic (modification) : Désinfections et demandes d'analyse

par **titane1975** » 23 Fév 2008 19:02

Bonjour,

Je suis tout nouveau sur ce forum :-D

J'ai kaspersky comme anti virus et suite à des déconnections répétées d'internet, j'ai lancé un scan de mon poste de travail.

Il a trouvé ce "souci" : virus.heur.trojan.generic. J'ai lancé la réparation grâce à mon antivirus et j'ai relancé un scan ensuite. Re-belote, il est toujours là mais a changé d'endroit :plaf:

Pouvez-vous m'indiquer un remède pour éradiquer ce problème? Merci à l'avance :supers:

par **Falkra** » 23 Fév 2008 21:53

Bonsoir, il s'agit d'une détection heuristique : une "intuition" pour ainsi dire de l'antivirus, du code suspect.
As-tu le nom du fichier incriminé ?

Pour voir ce qui tourne sur ta machine et pouvoir nettoyer les infections présentes, il nous faut faire quelques tests.

Voici comment démarrer.
:arrow:

Poste un rapport Hijackthis (v2.0.2) dans ta prochaine réponse stp :
Voici un tuto avec les liens nécessaires :
http://www.libellules.ch/poster_log_hijackthis.php

Si ton antivirus émet des alertes pendant que HijackThis fonctionne, fais-lui ignorer, pour que la détection puise se faire.

par **titane1975** » 24 Fév 2008 00:17

Merci pour ta réponse rapide :mrgreen:

J'ai fais un scan avec a-squared free 3.1 et il a trouvé ce "souci" : e-mail.worm.Win32.Runouce.b - Je suis maudit :cry:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:14:51, on 23/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Telecom Factory\MANA ADSL by telecom factory\dslmon.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\a-squared Free\a2free.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Cappelle\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [SweetIM] "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://dinaetarnaud.spaces.live.com//Ph ... nPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se4009.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/NET/Import/ImageUploader4.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promot ... 371420.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://paris.ville.orange.fr/CO/activex ... ontrol.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f004.mail.caramail.lycos.fr/app/ ... loader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{886C9220-33BC-40D7-A7CD-A786F1838A15}: NameServer = 202.3.225.115 202.3.225.125
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3955C8D-2B61-4EF1-8D1D-1B9EF190BF55}: NameServer = 202.3.225.115,202.3.225.125
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 12872 bytes

par **Falkra** » 24 Fév 2008 00:30

Pour le moment, rien d'anormal dans ton log.
Si le virus était juste présent mais pas actif, il n'y a pas de danger.
On va vérifier d'autres choses.

Télécharge DiagHelp.zip de Malekal_morte sur ton bureau.

Décompresse-le, sur ton bureau par exemple.
Un nouveau dossier chercher va être créé DiagHelp.
Ouvre le et double-clique sur go.cmd (le .cmd peut ne pas apparaître)
Une fenêtre va s'ouvrir, choisis l'option 1 et valide avec la touche entrée.
L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande
Copie/colle le contenu du bloc-note qui s'ouvre et joins-le à ta prochaine réponse.

NB : si un antivirus détecte Troj/INJECT MF choisis "ignorer" c'est une fausse alerte.
NB : un outil, sigcheck.exe, peut demander l'accès à internet, si ton firewall te demande l'autorisation, laisse-le accéder à internet.
Le rapport est sauvegardé dans c:\resultat.txt si jamais tu le cherches

par **titane1975** » 24 Fév 2008 00:52

J'ai profité du rapport de HiJackhis pour faire une analyse avec le site virustotal, ci-joint le lien :
http://www.virustotal.com/fr/analisis/2 ... 789f2a80f5

catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 13:43:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:db,5c,ef,ef,fa,4a,c0,d2,6e,27,e4,50,51,2a,ee,41,b5,c3,9d,69,a6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:db,5c,ef,ef,fa,4a,c0,d2,6e,27,e4,50,51,2a,ee,41,b5,c3,9d,69,a6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:db,5c,ef,ef,fa,4a,c0,d2,6e,27,e4,50,51,2a,ee,41,b5,c3,9d,69,a6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:db,5c,ef,ef,fa,4a,c0,d2,6e,27,e4,50,51,2a,ee,41,b5,c3,9d,69,a6,..
IPC error: 2 Le fichier spécifié est introuvable.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:2d90dc3a
"s1"=dword:9aae197f
"s2"=dword:90ffb414
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:db,5c,ef,ef,fa,4a,c0,d2,6e,27,e4,50,51,2a,ee,41,b5,c3,9d,69,a6,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg41]
"ujdew"=hex:20,02,00,00,36,65,36,22,da,38,f5,c5,12,21,8f,8c,91,b7,7e,79,16,..
"ljej40"=hex:81,29,19,fb,bd,7c,99,f8,5d,fb,69,0d,82,be,b3,2b,42,b5,48,1f,91,..
"ljej41"=hex:66,29,19,fb,c5,7c,99,f8,5c,fb,68,0d,83,be,b3,2b,42,b5,48,1f,71,..
"ljej42"=hex:66,29,19,fb,c5,7c,99,f8,5c,fb,68,0d,83,be,b3,2b,42,b5,48,1f,71,..
"ljej43"=hex:66,29,19,fb,c5,7c,99,f8,5c,fb,68,0d,83,be,b3,2b,42,b5,48,1f,71,..
"ljej44"=hex:66,29,19,fb,c5,7c,99,f8,5c,fb,68,0d,83,be,b3,2b,42,b5,48,1f,71,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg42]
"ujdew"=hex:20,02,00,00,36,65,36,22,9c,38,ab,86,12,21,8f,8c,76,b6,7e,79,16,..
"ljej40"=hex:ae,29,19,fb,bd,7c,99,f8,5d,fb,69,0d,82,be,b3,2b,42,b5,48,1f,ee,..
"ljej41"=hex:66,29,19,fb,c5,7c,99,f8,5c,fb,68,0d,83,be,b3,2b,42,b5,48,1f,71,..
"ljej42"=hex:66,29,19,fb,c5,7c,99,f8,5c,fb,68,0d,83,be,b3,2b,42,b5,48,1f,71,..
"ljej43"=hex:66,29,19,fb,c5,7c,99,f8,5c,fb,68,0d,83,be,b3,2b,42,b5,48,1f,71,..
"ljej44"=hex:66,29,19,fb,c5,7c,99,f8,5c,fb,68,0d,83,be,b3,2b,42,b5,48,1f,71,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg43]
"ujdew"=hex:20,02,00,00,cd,1c,0e,fa,65,b6,ca,2d,64,54,f3,db,f7,f4,b4,9f,5e,..
"ljej40"=hex:c9,4a,a8,71,ec,5f,79,6d,5a,8c,65,99,3b,d7,b4,a5,09,39,5c,0e,dd,..
"ljej41"=hex:6c,07,ad,71,da,0a,7c,6d,b2,d1,61,99,be,b1,b1,a5,17,56,59,0e,e8,..
"ljej42"=hex:a1,bb,a4,71,0b,a7,75,6d,99,8c,69,99,df,df,b9,a5,0f,28,51,0e,78,..
"ljej43"=hex:2c,61,bc,71,13,6d,6d,6d,46,b6,70,99,88,96,a0,a5,4f,70,48,0e,8b,..
"ljej44"=hex:61,4b,b3,71,68,58,62,6d,67,83,7f,99,40,c1,af,a5,b0,24,47,0e,a7,..
"ljej45"=hex:0d,c0,89,71,57,cd,58,6d,ec,15,45,99,90,77,95,a5,95,9e,7d,0e,df,..
"ljej46"=hex:08,9f,8f,71,12,84,5e,6d,6d,6e,43,99,df,3f,93,a5,9c,d6,7b,0e,14,..
"ljej47"=hex:ed,a8,85,71,30,b6,54,6d,42,7c,49,99,b6,21,99,a5,f6,c5,71,0e,22,..
"ljej48"=hex:34,f7,9b,71,b3,9c,4a,6d,3e,45,57,99,98,18,87,a5,d6,ec,6f,0e,4c,..
"ljej49"=hex:28,2d,91,71,95,32,40,6d,55,ff,5d,99,20,ae,8d,a5,2f,46,65,0e,62,..
"ljej410"=hex:7e,ae,96,71,16,b4,47,6d,39,7d,5a,99,7b,20,8a,a5,29,c4,62,0e,af,..
"ljej411"=hex:41,77,ec,71,c7,1d,3d,6d,52,c4,20,99,85,9a,f0,a5,7c,6a,18,0e,7b,..
"ljej412"=hex:cf,24,e1,71,37,2b,30,6d,68,f6,2d,99,f9,a8,fd,a5,5b,bc,15,0e,b2,..
"ljej413"=hex:60,34,e6,71,be,da,37,6d,cc,06,2a,99,3e,47,fa,a5,78,ac,12,0e,8d,..
"ljej414"=hex:f6,3a,fb,71,ec,29,2a,6d,9f,f7,37,99,2a,56,e7,a5,55,bf,0f,0e,f8,..
"ljej415"=hex:b7,0e,f0,71,0c,15,21,6d,9d,c3,3c,99,c9,83,ec,a5,28,63,04,0e,1e,..
"ljej416"=hex:58,b5,f4,71,02,5c,24,6d,f3,84,39,99,82,da,e9,a5,c0,2b,01,0e,8a,..
"ljej417"=hex:c7,d5,c9,71,84,fc,18,6d,5c,24,05,99,c7,7b,d5,a5,fa,88,3d,0e,ba,..
"ljej418"=hex:19,6e,ce,71,35,75,1f,6d,24,a3,02,99,66,e3,d2,a5,30,00,3a,0e,46,..
"ljej419"=hex:0e,dd,c2,71,0c,c4,13,6d,05,2c,0e,99,1e,72,de,a5,e0,90,36,0e,fe,..
"ljej420"=hex:7b,b9,c6,71,c2,a8,17,6d,5e,70,0a,99,8e,d7,db,a5,6a,3c,33,0e,42,..
"ljej421"=hex:80,71,db,71,63,61,0a,6d,c9,cf,17,99,11,9f,c7,a5,cc,75,2f,0e,0f,..
"ljej422"=hex:df,24,df,71,1c,2c,0e,6d,55,f4,13,99,a9,ab,c3,a5,10,b8,2b,0e,ce,..
"ljej423"=hex:55,da,d3,71,6f,ca,02,6d,36,16,1f,99,da,49,cf,a5,5b,9a,27,0e,95,..
"ljej424"=hex:13,e9,d7,71,bb,f8,06,6d,d4,27,1b,99,d5,78,cb,a5,46,8d,23,0e,e0,..
"ljej425"=hex:6d,e8,2b,71,6b,f8,fa,6d,15,20,e7,99,a7,67,37,a5,e5,8d,df,0e,6a,..
"ljej426"=hex:07,df,2f,71,8c,c6,fe,6d,0c,11,e3,99,af,76,33,a5,da,9c,db,0e,42,..
"ljej427"=hex:c5,3c,23,71,d2,24,f2,6d,2e,f3,ef,99,99,54,3f,a5,d8,be,d7,0e,50,..
"ljej428"=hex:dd,4b,a8,71,94,5f,79,6d,5b,8c,64,99,3a,d7,b4,a5,09,39,5c,0e,50,..
"ljej429"=hex:dd,4b,a8,71,94,5f,79,6d,5b,8c,64,99,3a,d7,b4,a5,09,39,5c,0e,50,..
"ljej430"=hex:dd,4b,a8,71,94,5f,79,6d,5b,8c,64,99,3a,d7,b4,a5,09,39,5c,0e,50,..
"ljej431"=hex:dd,4b,a8,71,94,5f,79,6d,5b,8c,64,99,3a,d7,b4,a5,09,39,5c,0e,50,..
"ljej432"=hex:dd,4b,a8,71,94,5f,79,6d,5b,8c,64,99,3a,d7,b4,a5,09,39,5c,0e,50,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg44]
"ujdew"=hex:20,02,00,00,cd,1c,0e,fa,65,b6,ca,2d,64,54,f3,db,f7,f4,b4,9f,5e,..
"ljej40"=hex:2a,4b,a8,71,ec,5f,79,6d,5a,8c,65,99,3b,d7,b4,a5,09,39,5c,0e,87,..
"ljej41"=hex:dd,4b,a8,71,94,5f,79,6d,5b,8c,64,99,3a,d7,b4,a5,09,39,5c,0e,50,..
"ljej42"=hex:dd,4b,a8,71,94,5f,79,6d,5b,8c,64,99,3a,d7,b4,a5,09,39,5c,0e,50,..
"ljej43"=hex:dd,4b,a8,71,94,5f,79,6d,5b,8c,64,99,3a,d7,b4,a5,09,39,5c,0e,50,..
"ljej44"=hex:dd,4b,a8,71,94,5f,79,6d,5b,8c,64,99,3a,d7,b4,a5,09,39,5c,0e,50,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:db,5c,ef,ef,fa,4a,c0,d2,6e,27,e4,50,51,2a,ee,41,b5,c3,9d,69,a6,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG08.00.00.01WORKSTATION"="C856BAC2A379AC798F73B73365A5C5DC2315FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3DA2D97226D213B5558EDD5E5BE2F6E667FB90758DA7BE69FE053E1A825BBDB034C942B2072D47AF07F21F2F63827A2BC73EB6344BCCDB877695EAB325B261213FC09588A4455237B0234CABB3486C66D20E72792686EBB4831A217FC8B94D2B2916D962B581EFFB340A0C4D7DE67DC66CBFE6791F762E589368813BD3644D8D5541CCA7A4C59938895E5944CF52729CC06CEA4F0AC0D27B2819DE8AFE279D2CBAFCDD24AD773AC53C9A62A48E0204DC116E8B760E8D014CD889C37256FA730DE3C5B4076382B3A4EDFE0AE66FF16021336686D12889D21B50DAEB5EBB5FF45BF0DEA9E32CD4D8F9520FE568FC22A52511B850A626665560CBF2C69CE1D33DE5954DC9B14161F18DB111C1E71795EBCAA50F119CADD88B341E7AFA5E535FDB9F185CD84CB01FBA4AE7119B8AEE543C9684D22343B5986AD5AC5E5FBB6C0C539FD49A4A735B0863C066DCA5598DE812B2D2B6168B88E15D26F3CE812EDDE59BA1B9D8C8C9F71B8F243088C73F4BE45E69C7AC2E4A49F6412B7FC3A1942D7F9D82CBAC30D711DA584E5EEB9A8DD8D9862EB26EE239699BE910F2F2B3B0316F3A47A0721486024EC8B81DA0ED793861E4147477DE7531981AA083DC60A998CCC4156447B8A8FEFEE104AB86449A3F16C455020983803CB90FCFFD40050963B882B8550D196E0DFC9574DFC0536C1B18674DE42562407A50F5B43EA2313FE6D0AF9EC86AE0F184DA4EF221B606D0488903FEB995C37E30327086374E2B9B4BBEFBDBA3C9722D152EE709EB137B0C9A15BE0E3366A26673B61326EFCF68560EA908A6E258E37FBF9130E8D04506C5B8E23A4294E6300B33B9EA9202F7180A7EBF6DD995087DACDA25EC64F3002B8A9D26040B392C4EE2AB9D73F31C5C1A3442B2B5F2DE10BD5C8E0B57758CBBA54B178F22770C8D94C4F24620927F550237D239E097F56A55195BE8183768B2655BC9D70EBD1128CF70701C575E8301995B7C0B610D25D42BD2106AD169E6630C74AA3BB4355BDBFD06DE0DF0E712405D495F679D3FCD5257DC543E186EFC91703205F876DB15CBD38A4F08BCE4A9387C8E718F71BB61A7A8EEA196F251B2C59B157854A853FBE1B8E8A4037CAF5C525C207AC72CB566DF1FA34629DDBBA4494E81F59414DEE048466D9775E64650BA16D297DB10047BC9717CE1B2C87E812B7A41C6877667A9F0CFC933DCA4C9C0E27561B998D323CDF589D96CF0188D0FBFC5FD047A00FACD8E5513573A5401F9027BE925CFA43020BA0485AEA52400259D0BCA9CC1D54ADB1A104337918755608DDBEEF3D51FED4AB4B229C619B812B09FD81A53B512"
"OODLED02.00.00.02WSSV"="F201E65B4996CCF2010E44AFA5CA6740795DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555FEBC9E127BECC74CFEBC9E127BECC74C6F8570FD8D0609E007D877F842FBE622F2CD90E9E92A35CE2F2B300D6E77560CF35684CBC007FCD67CF77C1AC5EC252A2134A7DC99E751AFBFEF5DE8A132A87EF12AC009E65E54F317DE079C4EC7B4142F7E173E928E6A78FCF4768119AAA558084382BC1003CD155B9E01DFDFA2F364A4ADF7E56CF5997B174D60492396C3D2ACE31D905EAA5EFDA34CC96893D67309E04AD5D054B7ADEA108F75D221722E8CA455565187D52ED31B82B45A1183F84F14DCB01D0AB32AE1BED70159087F45858DE4E77155C39BA1435D89039A0AFEEC4675FC0F600D445A4DC6443861C19C24D663018728F9B5D6708002500311B0F7CF262210C1AAE6B6BB7F756FC880FA31C42541CDEFC1C1C34C104D54AF82F26B5E86FC2AA938B1BADB293DA6F1C75C5BEC82C020B3A8B69F52B68EC79D8C58A674B0DB8E2824F50ED4EF37A4A169F0323E5989038EFEC206D3225E04DBA12C6EE743041062223ABD200375572FF71B2CF588189A2D5BC6F2F603C5090E77EA69E1E0ADA70FA9393A8F17FDCE8A4BF32329F4DFB0D39455CBB28E4578EA0947A2DF2F05F07C75E157C26248C0B30144D33F88C53457C938D35301CE9ABC13A50A34DAA9AB8984564E32A1C2853FF78E5E73AF25B6225BEC38FB154959641920730591AEBAAA9AEDBAA8944D1A575504CA57D94BED33EE21069F0F10C354DF8315CB851EA767BD311D44FDBC9FB9818E014C7DF9341C6D3CAE87B2F28D94F2528A566D721EDD3AE05B7826DA5AB627C7CD0C1167860483D48AD0C9348D409FC1D3C5841C6DBC1EEEBB0B58E435B3387FE321133E87242239536CA28B3D8578BAD49089FE894ABD806B97648BBAAAE63A586C049BFCCA8068279E8F223C2954DBD2013E738BDC2FF17C0E1EF21C28AC2DA4A06792505B1597887F64194E81CBF5FBB26A452DDFCED1DFADDC3630CD46C7A5C546A810CB1FAEDDFD7C8359F93E8E5D9AD7B44FD63B6071907D606D5132A51DB8ADD6EE259E4B715834E5E8114CDF6C7CD5F57653D616EBA0DDF2727BB41D3127AE0CC008D83DF1A4EDBD2C5C5ED6FEF1B6B04A7F4A1EEE1C61E300A857B369175C2B81245789724B8E79F3019C945169D0801616FED40195F29BF84BE526B45F51094D416767E70A01FBB93C76EF81A4FEF6CA68A5CD09F4F97669686FE3642BA9EF673919452DEFB29C975B1E7094B92196FA5931CFD3F36947FB1A49102DFA849E34F943C281639425CB418856711117D7DF63D7D591A1B2CF828C0C02282288463F077DB3069C9CD6B967F010636ACA275590940DD6E04FCDF18012"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120%"

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0

par **Falkra** » 24 Fév 2008 00:57

C'est une partie du rapport, le total est dans c:\resultat.txt, poste le contenu de ce fichier stp. :-D

par **titane1975** » 24 Fév 2008 17:15

DiagHelp version v1.4 - http://www.malekal.com
excute le 23/02/2008 à 13:39:29,31

Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CHCP.COM-17EDBDC9.pf -->23/02/2008 13:39:22
C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf -->23/02/2008 13:39:20
C:\WINDOWS\prefetch\WINRAR.EXE-0AA31BB9.pf -->23/02/2008 13:38:48
C:\WINDOWS\prefetch\VERCLSID.EXE-28F52AD2.pf -->23/02/2008 13:37:03
C:\WINDOWS\prefetch\MSWORKS.EXE-24630094.pf -->23/02/2008 13:22:26
C:\WINDOWS\prefetch\WKSSS.EXE-29C28516.pf -->23/02/2008 13:22:24
C:\WINDOWS\prefetch\FIREFOX.EXE-06188867.pf -->23/02/2008 13:21:54
C:\WINDOWS\prefetch\NOTEPAD.EXE-2F2D61E1.pf -->23/02/2008 13:15:02
C:\WINDOWS\prefetch\WMIPRVSE.EXE-0D449B4F.pf -->23/02/2008 13:14:43
C:\WINDOWS\prefetch\HIJACKTHIS.EXE-1139A1EA.pf -->23/02/2008 13:14:14

C:\WINDOWS\System32\drivers\fidbox2.dat -->23/02/2008 13:38:48
C:\WINDOWS\System32\drivers\fidbox.dat -->23/02/2008 13:38:47
C:\WINDOWS\System32\drivers\fidbox2.idx -->23/02/2008 09:54:47
C:\WINDOWS\System32\drivers\fidbox.idx -->23/02/2008 09:54:47
C:\WINDOWS\System32\drivers\klif.sys -->16/02/2008 07:45:09
C:\WINDOWS\System32\drivers\klin.dat -->16/02/2008 07:45:05
C:\WINDOWS\System32\drivers\klick.dat -->16/02/2008 07:21:18

C:\WINDOWS\System32\wpa.dbl -->23/02/2008 09:57:45
C:\WINDOWS\System32\nvapps.xml -->23/02/2008 09:56:03
C:\WINDOWS\System32\OODBS.lor -->23/02/2008 09:55:25
C:\WINDOWS\System32\MRT.exe -->04/02/2008 13:09:46
C:\WINDOWS\System32\pngfilt.dll -->10/01/2008 19:36:55
C:\WINDOWS\System32\BASSMOD.dll -->28/12/2007 10:53:18
C:\WINDOWS\System32\dxtmsft.dll -->19/12/2007 12:53:23
C:\WINDOWS\System32\klogon.dll -->18/12/2007 00:44:54
C:\WINDOWS\System32\TZLog.log -->14/12/2007 19:04:27
C:\WINDOWS\System32\lvcoinst.log -->14/12/2007 19:04:05
C:\WINDOWS\System32\mshtml.dll -->07/12/2007 19:08:36
C:\WINDOWS\System32\CONFIG.NT -->07/12/2007 05:34:37
C:\WINDOWS\System32\wininet.dll -->06/12/2007 16:08:34
C:\WINDOWS\System32\webcheck.dll -->06/12/2007 16:08:34
C:\WINDOWS\System32\urlmon.dll -->06/12/2007 16:08:34
C:\WINDOWS\System32\url.dll -->06/12/2007 16:08:34
C:\WINDOWS\System32\occache.dll -->06/12/2007 16:08:34
C:\WINDOWS\System32\mstime.dll -->06/12/2007 16:08:34
C:\WINDOWS\System32\msrating.dll -->06/12/2007 16:08:34
C:\WINDOWS\System32\mshtmled.dll -->06/12/2007 16:08:34
C:\WINDOWS\System32\msfeedsbs.dll -->06/12/2007 16:08:33
C:\WINDOWS\System32\msfeeds.dll -->06/12/2007 16:08:33
C:\WINDOWS\System32\jsproxy.dll -->06/12/2007 16:08:33
C:\WINDOWS\System32\inetcpl.cpl -->06/12/2007 16:08:33
C:\WINDOWS\System32\iertutil.dll -->06/12/2007 16:08:33

C:\WINDOWS\WindowsUpdate.log -->23/02/2008 12:47:36
C:\WINDOWS\0.log -->23/02/2008 09:57:22
C:\WINDOWS\wiadebug.log -->23/02/2008 09:55:42
C:\WINDOWS\wiaservc.log -->23/02/2008 09:55:35
C:\WINDOWS\bootstat.dat -->23/02/2008 09:55:28
C:\WINDOWS\SchedLgU.Txt -->23/02/2008 09:54:41
C:\WINDOWS\setupapi.log -->22/02/2008 18:46:59
C:\WINDOWS\bdagent.INI -->16/02/2008 07:10:33
C:\WINDOWS\unins000.dat -->10/02/2008 20:25:12
C:\WINDOWS\unins000.exe -->10/02/2008 20:11:34
C:\WINDOWS\win.ini -->25/01/2008 10:11:36
C:\WINDOWS\dsltest.INI -->23/01/2008 18:38:37
C:\WINDOWS\WANEUninstaller.exe -->26/12/2007 12:41:15
C:\WINDOWS\BlendSettings.ini -->18/11/2007 08:28:55
C:\WINDOWS\WLXPGSS.SCR -->23/10/2007 17:49:46

winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - http://www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 352
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
*** Loaded C:\WINDOWS\system32\kernel32.dll differs from file image:
*** File timestamp: Mon Apr 16 05:53:11 2007
*** Loaded image timestamp: Mon Apr 16 05:53:12 2007
*** Loaded C:\WINDOWS\system32\USER32.dll differs from file image:
*** File timestamp: Thu Mar 08 05:37:50 2007
*** Loaded image timestamp: Thu Mar 08 05:50:02 2007
*** Loaded C:\WINDOWS\system32\SHDOCVW.dll differs from file image:
*** File timestamp: Sun Sep 03 20:14:50 2006
*** Loaded image timestamp: Sun Sep 03 20:17:04 2006
0x44080000 0xcf000 7.00.6000.16608 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16608 C:\WINDOWS\system32\iertutil.dll
*** Loaded C:\WINDOWS\system32\SHELL32.dll differs from file image:
*** File timestamp: Thu Oct 25 06:43:25 2007
*** Loaded image timestamp: Thu Oct 25 06:56:00 2007
0x30000000 0x15000 7.00.0001.0321 C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x305e0000 0x16000 7.00.0001.0321 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
0x30480000 0xe000 7.00.0005.0321 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll
0x78130000 0x9b000 8.00.50727.0363 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.363_x-ww_691a48fd\MSVCR80.dll
0x13420000 0x1a000 11.00.5721.5145 C:\PROGRA~1\WINDOW~2\wmpband.dll
0x307e0000 0x27000 7.00.0001.0321 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
*** Loaded C:\WINDOWS\system32\ieframe.dll differs from file image:
*** File timestamp: Thu Dec 06 16:08:36 2007
*** Loaded image timestamp: Thu Dec 06 16:11:57 2007
*** 0x44360000 0x5cd000 7.00.6000.16608 C:\WINDOWS\system32\ieframe.dll
0x442b0000 0x3c000 7.00.6000.16608 C:\WINDOWS\system32\webcheck.dll
0x5f800000 0x16000 1.01.1592.0000 C:\PROGRA~1\WINDOW~3\MpShHook.dll
0x7c420000 0x87000 8.00.50727.0363 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.363_x-ww_691a48fd\MSVCP80.dll
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
0x44160000 0x127000 7.00.6000.16608 C:\WINDOWS\system32\urlmon.dll
0x10000000 0xe000 C:\Program Files\ArcSoft\Software Suite\PhotoImpression 5\share\pihook.dll
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x01f70000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
0x017e0000 0x7000 1.01.0000.0162 C:\Program Files\Macrogaming\SweetIM\mgAdaptersProxy.dll
0x00c10000 0x1c000 11.01.0000.2021 C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll
0x01380000 0x3b000 2.06.5000.5378 C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
0x01490000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
0x01d70000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
0x748f0000 0x113000 8.90.1101.0000 C:\WINDOWS\system32\msxml3.dll
0x03480000 0x185000 1.05.0000.0011 C:\PROGRA~1\SPYBOT~1\SDHelper.dll
0x43ff0000 0xa000 7.00.6000.16608 C:\WINDOWS\system32\jsproxy.dll
0x03d90000 0x15000 1.01.1592.0000 C:\PROGRA~1\WINDOW~3\MpOAv.dll
0x012d0000 0x8000 2.00.0000.0002 C:\PROGRA~1\TUNEUP~1\SDShelEx-win32.dll
0x038d0000 0x38000 3.01.0000.0002 C:\WINDOWS\system32\Shellext\split.dll
0x03a80000 0x2c000 C:\Program Files\WinRAR\rarext.dll
0x30810000 0xc000 7.00.0001.0321 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ShellEx.dll
0x03ab0000 0x92000 4.00.0001.0049 C:\PROGRA~1\VSO\COPYTO~1\CTCDSH~1.DLL
0x03b50000 0x38000 3.00.0000.0058 C:\Program Files\a-squared Free\a2freecontmenu.dll

par **titane1975** » 24 Fév 2008 17:21

je n'arrive pas à envoyer le rapport en entier :oops:

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - http://www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 1124
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
*** Loaded C:\WINDOWS\system32\kernel32.dll differs from file image:
*** File timestamp: Mon Apr 16 05:53:11 2007
*** Loaded image timestamp: Mon Apr 16 05:53:12 2007
0x30000000 0x15000 7.00.0001.0321 C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x305e0000 0x16000 7.00.0001.0321 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
0x304d0000 0x36000 7.00.0001.0321 C:\WINDOWS\system32\klogon.dll
0x013f0000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll

Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est F4A8-56A7

Répertoire de C:\WINDOWS\system32

05/08/2004 01:00 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 121 632 415 744 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est F4A8-56A7

Répertoire de C:\WINDOWS\Downloaded Program Files

23/11/2007 17:15 <REP> .
23/11/2007 17:15 <REP> ..
13/11/2006 08:48 946 296 asquared.ocx
17/05/2006 02:32 231 072 avsniff.dll
17/05/2006 03:29 878 avsniff.inf
17/05/2006 02:32 198 304 avsniffdlgs.dll
22/06/2006 08:40 181 136 AxisCamControl.ocx
17/05/2006 02:26 537 704 AXXPEE.dll
07/12/2004 04:07 32 bdcore.dll
01/03/2005 02:08 118 784 bdupd.dll
17/05/2006 02:29 241 CabSA.inf
19/12/2006 14:00 2 504 catalog.dat
05/07/2006 11:10 <REP> CONFLICT.1
05/07/2006 11:10 <REP> CONFLICT.2
19/08/2004 23:36 65 desktop.ini
25/07/2002 07:13 24 576 dwusplay.dll
25/07/2002 07:13 196 608 dwusplay.exe
19/12/2006 14:00 6 899 ecbootil.vxd
17/05/2006 02:26 42 112 ecmldr32.dll
19/12/2006 14:00 272 040 ecmsvr32.dll
04/07/2006 06:12 155 648 FileUploader.dll
04/07/2006 05:15 373 FileUploader.inf
23/02/2007 09:43 2 639 608 ICSScan.dll
23/02/2007 03:05 403 ICSScanner.inf
14/02/2007 07:44 378 ImageUploader4.inf
14/02/2007 07:44 2 557 752 ImageUploader4.ocx
01/03/2005 02:08 53 248 ipsupd.dll
09/06/2005 23:44 417 792 isusweb.dll
10/11/2005 02:05 876 jinstall-1_5_0_06.inf
08/08/2006 00:45 576 kavwebscan.inf
15/03/2005 23:34 7 407 lang.ini
11/12/2006 05:44 367 LegitCheckControl.inf
07/12/2004 04:07 32 libfn.dll
14/03/2005 01:38 126 live.ini
06/04/2004 07:03 172 072 MessengerStatsPAClient.dll
20/06/2006 04:44 379 704 MsnPUpld.dll
19/06/2006 03:40 393 MsnPUpld.inf
17/05/2006 02:28 6 850 navapi.vxd
17/05/2006 02:28 201 896 navapi32.dll
19/12/2006 14:00 124 584 naveng32.dll
19/12/2006 14:00 882 344 navex32a.dll
28/02/2005 23:15 1 246 oscan8.inf
15/03/2005 23:31 475 136 oscan8.ocx
20/06/2006 04:44 117 560 PURen-us.dll
30/05/2002 22:20 117 328 purfr-fr.dll
03/06/2002 05:53 144 QTPlugin.inf
17/05/2006 02:32 161 480 rufsi.dll
14/03/2005 01:58 7 073 scanoptions.tsi
19/12/2006 14:00 97 696 scrauth.dat
20/04/2006 00:24 313 SpyMD.inf
09/11/2006 03:36 5 019 swflash.inf
19/12/2006 14:00 9 237 symaveng.cat
19/12/2006 14:00 1 061 symaveng.inf
22/05/2006 04:28 386 560 sysreqlab.dll
31/03/2006 07:22 667 sysreqlab.osd
19/12/2006 14:00 187 543 tcdefs.dat
19/12/2006 14:00 1 172 076 tcscan7.dat
19/12/2006 14:00 323 242 tcscan8.dat
19/12/2006 14:00 728 804 tcscan9.dat
19/12/2006 14:00 453 tinf.dat
19/12/2006 14:00 148 tinfidx.dat
19/12/2006 14:00 1 957 tinfl.dat
19/12/2006 14:00 64 048 tscan1.dat
19/12/2006 14:00 3 072 tscan1hd.dat
19/12/2006 14:00 4 778 v.grd
19/12/2006 14:00 2 261 v.sig
19/12/2006 14:00 106 244 virscan.inf
19/12/2006 14:00 974 242 virscan1.dat
19/12/2006 14:00 569 910 virscan2.dat
19/12/2006 14:00 147 296 virscan3.dat
19/12/2006 14:00 320 186 virscan4.dat
19/12/2006 14:00 3 086 703 virscan5.dat
19/12/2006 14:00 390 030 virscan6.dat
19/12/2006 14:00 5 396 298 virscan7.dat
19/12/2006 14:00 1 650 979 virscan8.dat
19/12/2006 14:00 3 940 959 virscan9.dat
19/12/2006 14:00 32 virscant.dat
29/12/2006 03:48 2 072 vscanmsx.dat
15/10/2007 10:02 465 472 wlscBase.dll
15/10/2007 10:11 320 wlscBase.inf
19/12/2006 14:00 224 zdone.dat
17/11/2004 10:44 114 728 Zintro.ocx
78 fichier(s) 31 396 277 octets

Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1

05/07/2006 11:10 <REP> .
05/07/2006 11:10 <REP> ..
28/10/2004 23:01 204 800 AxisCamControl.ocx
07/05/2003 00:26 192 512 CamCli.dll
07/05/2003 00:26 180 224 ijl11.dll
3 fichier(s) 577 536 octets

Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.2

05/07/2006 11:10 <REP> .
05/07/2006 11:10 <REP> ..
28/10/2004 23:04 325 AxisCamControl.inf
28/10/2004 23:01 204 800 AxisCamControl.ocx
07/05/2003 00:26 192 512 CamCli.dll
07/05/2003 00:26 180 224 ijl11.dll
4 fichier(s) 577 861 octets

Total des fichiers listés :
85 fichier(s) 32 551 674 octets
8 Rép(s) 121 632 411 648 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..

Liste des fichiers en exception sur le pare-feu XP SP2

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Palm\\HOTSYNC.EXE"="C:\\Program Files\\Palm\\HOTSYNC.EXE:*:Enabled:HotSync® Manager Application"
"C:\\Programmes\\Activision\\Rome - Total War\\RomeTW.exe"="C:\\Programmes\\Activision\\Rome - Total War\\RomeTW.exe:*:Enabled:Rome: Total War"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:Partage de l'application RTC"
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\Microsoft Games\\Rise Of Legends\\legends.exe"="C:\\Program Files\\Microsoft Games\\Rise Of Legends\\legends.exe:*:Enabled:Rise Of Legends"
"C:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\GRAW.exe"="C:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\GRAW.exe:*:Enabled:GRAW"
"C:\\WINDOWS\\system32\\dxdiag.exe"="C:\\WINDOWS\\system32\\dxdiag.exe:*:Enabled:Outil de diagnostic Microsoft DirectX"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Disabled:Windows® NetMeeting®"
"C:\\Program Files\\TVU Player\\TVUPlayer.exe"="C:\\Program Files\\TVU Player\\TVUPlayer.exe:*:Enabled:TVUPlayer"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault(tm)\\mohpa.exe"="C:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault(tm)\\mohpa.exe:*:Disabled:Medal of Honor Pacific Assault(tm)"
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"="C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"="C:\\Program Files\\GameSpy\\Comrade\\Comrade.exe:*:Disabled:Comrade"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\FolderShare\\FolderShare.exe"="C:\\Program Files\\FolderShare\\FolderShare.exe:*:Enabled:FolderShare"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe"="C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe:*:Enabled:Active Virus Shield"
"C:\\Program Files\\Codemasters\\Operation Flashpoint\\OperationFlashpoint.exe"="C:\\Program Files\\Codemasters\\Operation Flashpoint\\OperationFlashpoint.exe:*:Enabled:Operation Flashpoint"
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"="C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat:*:Enabled:Command & Conquer 3 Les guerres du Tiberium™"
"C:\\Documents and Settings\\Cappelle\\Local Settings\\Temp\\ElectronicArts_Patcher_000.exe"="C:\\Documents and Settings\\Cappelle\\Local Settings\\Temp\\ElectronicArts_Patcher_000.exe:*:Enabled:ElectronicArts_Patcher_000"
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.4\\cnc3game.dat"="C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.4\\cnc3game.dat:*:Enabled:Command & Conquer 3 Les guerres du Tiberium™"
"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"="C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"="C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Games\\Worms Armageddon - New Edition\\WA.exe"="C:\\Games\\Worms Armageddon - New Edition\\WA.exe:*:Disabled:Worms Armageddon"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Disabled:Nero Home"
"C:\\Program Files\\neuf Talk\\neuf Talk.exe"="C:\\Program Files\\neuf Talk\\neuf Talk.exe:*:Disabled:neuf Talk"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Disabled:Azureus"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

REGEDIT4

[taskmgr.exe]

exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
127.0.0.1 avpcheckupdate.com
127.0.0.1 http://www.avpcheckupdate.com
127.0.0.1 client.exeupdate.com
127.0.0.1 eupdatepage.com
127.0.0.1 http://www.eupdatepage.com
127.0.0.1 exeupdate.com
127.0.0.1 http://www.exeupdate.com
127.0.0.1 hotwinupdates.com
127.0.0.1 http://www.hotwinupdates.com
127.0.0.1 lavasoftupdate.com
127.0.0.1 http://www.lavasoftupdate.com
127.0.0.1 malwarewipeupdate.com
127.0.0.1 http://www.malwarewipeupdate.com
127.0.0.1 msupdate.net
127.0.0.1 http://www.msupdate.net
127.0.0.1 msupdater.net
127.0.0.1 http://www.msupdater.net
127.0.0.1 necessaryupdates.com
127.0.0.1 http://www.necessaryupdates.com
127.0.0.1 newupdates.lzio.com
127.0.0.1 redirect.msupdate.net
127.0.0.1 search.keyword.exeupdate.com
127.0.0.1 securityupdatesite.com
127.0.0.1 http://www.securityupdatesite.com
127.0.0.1 settings.updatemysettings.com
127.0.0.1 spyaxeupdate.com
127.0.0.1 http://www.spyaxeupdate.com
127.0.0.1 spyfalconupdate.com
127.0.0.1 http://www.spyfalconupdate.com
127.0.0.1 systemupdates.net
127.0.0.1 http://www.systemupdates.net
127.0.0.1 trial.updates.winsoftware.com
127.0.0.1 updatemysettings.com
127.0.0.1 http://www.updatemysettings.com
127.0.0.1 updates.spywarequake.com
127.0.0.1 urgentsystemupdate.biz
127.0.0.1 http://www.urgentsystemupdate.biz
127.0.0.1 urgentsystemupdate.com
127.0.0.1 http://www.urgentsystemupdate.com
127.0.0.1 windupdates.com
127.0.0.1 update.680180.net
127.0.0.1 activexupdate.com
127.0.0.1 http://www.activexupdate.com
127.0.0.1 pandaantivirus-2007.com
127.0.0.1 http://www.pandaantivirus-2007.com
127.0.0.1 pandadownload-now.com
127.0.0.1 http://www.pandadownload-now.com
127.0.0.1 panda-hq.com
127.0.0.1 http://www.panda-hq.com
catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 13:43:35
Windows 5.1.2600 Service Pack 2 NTFS

par **titane1975** » 24 Fév 2008 17:31

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:db,5c,ef,ef,fa,4a,c0,d2,6e,27,e4,50,51,2a,ee,41,b5,c3,9d,69,a6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:db,5c,ef,ef,fa,4a,c0,d2,6e,27,e4,50,51,2a,ee,41,b5,c3,9d,69,a6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:db,5c,ef,ef,fa,4a,c0,d2,6e,27,e4,50,51,2a,ee,41,b5,c3,9d,69,a6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:db,5c,ef,ef,fa,4a,c0,d2,6e,27,e4,50,51,2a,ee,41,b5,c3,9d,69,a6,..
IPC error: 2 Le fichier spécifié est introuvable.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:2d90dc3a
"s1"=dword:9aae197f
"s2"=dword:90ffb414
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:db,5c,ef,ef,fa,4a,c0,d2,6e,27,e4,50,51,2a,ee,41,b5,c3,9d,69,a6,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg41]
"ujdew"=hex:20,02,00,00,36,65,36,22,da,38,f5,c5,12,21,8f,8c,91,b7,7e,79,16,..
"ljej40"=hex:81,29,19,fb,bd,7c,99,f8,5d,fb,69,0d,82,be,b3,2b,42,b5,48,1f,91,..
"ljej41"=hex:66,29,19,fb,c5,7c,99,f8,5c,fb,68,0d,83,be,b3,2b,42,b5,48,1f,71,..
"ljej42"=hex:66,29,19,fb,c5,7c,99,f8,5c,fb,68,0d,83,be,b3,2b,42,b5,48,1f,71,..
"ljej43"=hex:66,29,19,fb,c5,7c,99,f8,5c,fb,68,0d,83,be,b3,2b,42,b5,48,1f,71,..
"ljej44"=hex:66,29,19,fb,c5,7c,99,f8,5c,fb,68,0d,83,be,b3,2b,42,b5,48,1f,71,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg42]
"ujdew"=hex:20,02,00,00,36,65,36,22,9c,38,ab,86,12,21,8f,8c,76,b6,7e,79,16,..
"ljej40"=hex:ae,29,19,fb,bd,7c,99,f8,5d,fb,69,0d,82,be,b3,2b,42,b5,48,1f,ee,..
"ljej41"=hex:66,29,19,fb,c5,7c,99,f8,5c,fb,68,0d,83,be,b3,2b,42,b5,48,1f,71,..
"ljej42"=hex:66,29,19,fb,c5,7c,99,f8,5c,fb,68,0d,83,be,b3,2b,42,b5,48,1f,71,..
"ljej43"=hex:66,29,19,fb,c5,7c,99,f8,5c,fb,68,0d,83,be,b3,2b,42,b5,48,1f,71,..
"ljej44"=hex:66,29,19,fb,c5,7c,99,f8,5c,fb,68,0d,83,be,b3,2b,42,b5,48,1f,71,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg43]
"ujdew"=hex:20,02,00,00,cd,1c,0e,fa,65,b6,ca,2d,64,54,f3,db,f7,f4,b4,9f,5e,..
"ljej40"=hex:c9,4a,a8,71,ec,5f,79,6d,5a,8c,65,99,3b,d7,b4,a5,09,39,5c,0e,dd,..
"ljej41"=hex:6c,07,ad,71,da,0a,7c,6d,b2,d1,61,99,be,b1,b1,a5,17,56,59,0e,e8,..
"ljej42"=hex:a1,bb,a4,71,0b,a7,75,6d,99,8c,69,99,df,df,b9,a5,0f,28,51,0e,78,..
"ljej43"=hex:2c,61,bc,71,13,6d,6d,6d,46,b6,70,99,88,96,a0,a5,4f,70,48,0e,8b,..
"ljej44"=hex:61,4b,b3,71,68,58,62,6d,67,83,7f,99,40,c1,af,a5,b0,24,47,0e,a7,..
"ljej45"=hex:0d,c0,89,71,57,cd,58,6d,ec,15,45,99,90,77,95,a5,95,9e,7d,0e,df,..
"ljej46"=hex:08,9f,8f,71,12,84,5e,6d,6d,6e,43,99,df,3f,93,a5,9c,d6,7b,0e,14,..
"ljej47"=hex:ed,a8,85,71,30,b6,54,6d,42,7c,49,99,b6,21,99,a5,f6,c5,71,0e,22,..
"ljej48"=hex:34,f7,9b,71,b3,9c,4a,6d,3e,45,57,99,98,18,87,a5,d6,ec,6f,0e,4c,..
"ljej49"=hex:28,2d,91,71,95,32,40,6d,55,ff,5d,99,20,ae,8d,a5,2f,46,65,0e,62,..
"ljej410"=hex:7e,ae,96,71,16,b4,47,6d,39,7d,5a,99,7b,20,8a,a5,29,c4,62,0e,af,..
"ljej411"=hex:41,77,ec,71,c7,1d,3d,6d,52,c4,20,99,85,9a,f0,a5,7c,6a,18,0e,7b,..
"ljej412"=hex:cf,24,e1,71,37,2b,30,6d,68,f6,2d,99,f9,a8,fd,a5,5b,bc,15,0e,b2,..
"ljej413"=hex:60,34,e6,71,be,da,37,6d,cc,06,2a,99,3e,47,fa,a5,78,ac,12,0e,8d,..
"ljej414"=hex:f6,3a,fb,71,ec,29,2a,6d,9f,f7,37,99,2a,56,e7,a5,55,bf,0f,0e,f8,..
"ljej415"=hex:b7,0e,f0,71,0c,15,21,6d,9d,c3,3c,99,c9,83,ec,a5,28,63,04,0e,1e,..
"ljej416"=hex:58,b5,f4,71,02,5c,24,6d,f3,84,39,99,82,da,e9,a5,c0,2b,01,0e,8a,..
"ljej417"=hex:c7,d5,c9,71,84,fc,18,6d,5c,24,05,99,c7,7b,d5,a5,fa,88,3d,0e,ba,..
"ljej418"=hex:19,6e,ce,71,35,75,1f,6d,24,a3,02,99,66,e3,d2,a5,30,00,3a,0e,46,..
"ljej419"=hex:0e,dd,c2,71,0c,c4,13,6d,05,2c,0e,99,1e,72,de,a5,e0,90,36,0e,fe,..
"ljej420"=hex:7b,b9,c6,71,c2,a8,17,6d,5e,70,0a,99,8e,d7,db,a5,6a,3c,33,0e,42,..
"ljej421"=hex:80,71,db,71,63,61,0a,6d,c9,cf,17,99,11,9f,c7,a5,cc,75,2f,0e,0f,..
"ljej422"=hex:df,24,df,71,1c,2c,0e,6d,55,f4,13,99,a9,ab,c3,a5,10,b8,2b,0e,ce,..
"ljej423"=hex:55,da,d3,71,6f,ca,02,6d,36,16,1f,99,da,49,cf,a5,5b,9a,27,0e,95,..
"ljej424"=hex:13,e9,d7,71,bb,f8,06,6d,d4,27,1b,99,d5,78,cb,a5,46,8d,23,0e,e0,..
"ljej425"=hex:6d,e8,2b,71,6b,f8,fa,6d,15,20,e7,99,a7,67,37,a5,e5,8d,df,0e,6a,..
"ljej426"=hex:07,df,2f,71,8c,c6,fe,6d,0c,11,e3,99,af,76,33,a5,da,9c,db,0e,42,..
"ljej427"=hex:c5,3c,23,71,d2,24,f2,6d,2e,f3,ef,99,99,54,3f,a5,d8,be,d7,0e,50,..
"ljej428"=hex:dd,4b,a8,71,94,5f,79,6d,5b,8c,64,99,3a,d7,b4,a5,09,39,5c,0e,50,..
"ljej429"=hex:dd,4b,a8,71,94,5f,79,6d,5b,8c,64,99,3a,d7,b4,a5,09,39,5c,0e,50,..
"ljej430"=hex:dd,4b,a8,71,94,5f,79,6d,5b,8c,64,99,3a,d7,b4,a5,09,39,5c,0e,50,..
"ljej431"=hex:dd,4b,a8,71,94,5f,79,6d,5b,8c,64,99,3a,d7,b4,a5,09,39,5c,0e,50,..
"ljej432"=hex:dd,4b,a8,71,94,5f,79,6d,5b,8c,64,99,3a,d7,b4,a5,09,39,5c,0e,50,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg44]
"ujdew"=hex:20,02,00,00,cd,1c,0e,fa,65,b6,ca,2d,64,54,f3,db,f7,f4,b4,9f,5e,..
"ljej40"=hex:2a,4b,a8,71,ec,5f,79,6d,5a,8c,65,99,3b,d7,b4,a5,09,39,5c,0e,87,..
"ljej41"=hex:dd,4b,a8,71,94,5f,79,6d,5b,8c,64,99,3a,d7,b4,a5,09,39,5c,0e,50,..
"ljej42"=hex:dd,4b,a8,71,94,5f,79,6d,5b,8c,64,99,3a,d7,b4,a5,09,39,5c,0e,50,..
"ljej43"=hex:dd,4b,a8,71,94,5f,79,6d,5b,8c,64,99,3a,d7,b4,a5,09,39,5c,0e,50,..
"ljej44"=hex:dd,4b,a8,71,94,5f,79,6d,5b,8c,64,99,3a,d7,b4,a5,09,39,5c,0e,50,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:db,5c,ef,ef,fa,4a,c0,d2,6e,27,e4,50,51,2a,ee,41,b5,c3,9d,69,a6,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG08.00.00.01WORKSTATION"="C856BAC2A379AC798F73B73365A5C5DC2315FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3DA2D97226D213B5558EDD5E5BE2F6E667FB90758DA7BE69FE053E1A825BBDB034C942B2072D47AF07F21F2F63827A2BC73EB6344BCCDB877695EAB325B261213FC09588A4455237B0234CABB3486C66D20E72792686EBB4831A217FC8B94D2B2916D962B581EFFB340A0C4D7DE67DC66CBFE6791F762E589368813BD3644D8D5541CCA7A4C59938895E5944CF52729CC06CEA4F0AC0D27B2819DE8AFE279D2CBAFCDD24AD773AC53C9A62A48E0204DC116E8B760E8D014CD889C37256FA730DE3C5B4076382B3A4EDFE0AE66FF16021336686D12889D21B50DAEB5EBB5FF45BF0DEA9E32CD4D8F9520FE568FC22A52511B850A626665560CBF2C69CE1D33DE5954DC9B14161F18DB111C1E71795EBCAA50F119CADD88B341E7AFA5E535FDB9F185CD84CB01FBA4AE7119B8AEE543C9684D22343B5986AD5AC5E5FBB6C0C539FD49A4A735B0863C066DCA5598DE812B2D2B6168B88E15D26F3CE812EDDE59BA1B9D8C8C9F71B8F243088C73F4BE45E69C7AC2E4A49F6412B7FC3A1942D7F9D82CBAC30D711DA584E5EEB9A8DD8D9862EB26EE239699BE910F2F2B3B0316F3A47A0721486024EC8B81DA0ED793861E4147477DE7531981AA083DC60A998CCC4156447B8A8FEFEE104AB86449A3F16C455020983803CB90FCFFD40050963B882B8550D196E0DFC9574DFC0536C1B18674DE42562407A50F5B43EA2313FE6D0AF9EC86AE0F184DA4EF221B606D0488903FEB995C37E30327086374E2B9B4BBEFBDBA3C9722D152EE709EB137B0C9A15BE0E3366A26673B61326EFCF68560EA908A6E258E37FBF9130E8D04506C5B8E23A4294E6300B33B9EA9202F7180A7EBF6DD995087DACDA25EC64F3002B8A9D26040B392C4EE2AB9D73F31C5C1A3442B2B5F2DE10BD5C8E0B57758CBBA54B178F22770C8D94C4F24620927F550237D239E097F56A55195BE8183768B2655BC9D70EBD1128CF70701C575E8301995B7C0B610D25D42BD2106AD169E6630C74AA3BB4355BDBFD06DE0DF0E712405D495F679D3FCD5257DC543E186EFC91703205F876DB15CBD38A4F08BCE4A9387C8E718F71BB61A7A8EEA196F251B2C59B157854A853FBE1B8E8A4037CAF5C525C207AC72CB566DF1FA34629DDBBA4494E81F59414DEE048466D9775E64650BA16D297DB10047BC9717CE1B2C87E812B7A41C6877667A9F0CFC933DCA4C9C0E27561B998D323CDF589D96CF0188D0FBFC5FD047A00FACD8E5513573A5401F9027BE925CFA43020BA0485AEA52400259D0BCA9CC1D54ADB1A104337918755608DDBEEF3D51FED4AB4B229C619B812B09FD81A53B512"
"OODLED02.00.00.02WSSV"="F201E65B4996CCF2010E44AFA5CA6740795DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555FEBC9E127BECC74CFEBC9E127BECC74C6F8570FD8D0609E007D877F842FBE622F2CD90E9E92A35CE2F2B300D6E77560CF35684CBC007FCD67CF77C1AC5EC252A2134A7DC99E751AFBFEF5DE8A132A87EF12AC009E65E54F317DE079C4EC7B4142F7E173E928E6A78FCF4768119AAA558084382BC1003CD155B9E01DFDFA2F364A4ADF7E56CF5997B174D60492396C3D2ACE31D905EAA5EFDA34CC96893D67309E04AD5D054B7ADEA108F75D221722E8CA455565187D52ED31B82B45A1183F84F14DCB01D0AB32AE1BED70159087F45858DE4E77155C39BA1435D89039A0AFEEC4675FC0F600D445A4DC6443861C19C24D663018728F9B5D6708002500311B0F7CF262210C1AAE6B6BB7F756FC880FA31C42541CDEFC1C1C34C104D54AF82F26B5E86FC2AA938B1BADB293DA6F1C75C5BEC82C020B3A8B69F52B68EC79D8C58A674B0DB8E2824F50ED4EF37A4A169F0323E5989038EFEC206D3225E04DBA12C6EE743041062223ABD200375572FF71B2CF588189A2D5BC6F2F603C5090E77EA69E1E0ADA70FA9393A8F17FDCE8A4BF32329F4DFB0D39455CBB28E4578EA0947A2DF2F05F07C75E157C26248C0B30144D33F88C53457C938D35301CE9ABC13A50A34DAA9AB8984564E32A1C2853FF78E5E73AF25B6225BEC38FB154959641920730591AEBAAA9AEDBAA8944D1A575504CA57D94BED33EE21069F0F10C354DF8315CB851EA767BD311D44FDBC9FB9818E014C7DF9341C6D3CAE87B2F28D94F2528A566D721EDD3AE05B7826DA5AB627C7CD0C1167860483D48AD0C9348D409FC1D3C5841C6DBC1EEEBB0B58E435B3387FE321133E87242239536CA28B3D8578BAD49089FE894ABD806B97648BBAAAE63A586C049BFCCA8068279E8F223C2954DBD2013E738BDC2FF17C0E1EF21C28AC2DA4A06792505B1597887F64194E81CBF5FBB26A452DDFCED1DFADDC3630CD46C7A5C546A810CB1FAEDDFD7C8359F93E8E5D9AD7B44FD63B6071907D606D5132A51DB8ADD6EE259E4B715834E5E8114CDF6C7CD5F57653D616EBA0DDF2727BB41D3127AE0CC008D83DF1A4EDBD2C5C5ED6FEF1B6B04A7F4A1EEE1C61E300A857B369175C2B81245789724B8E79F3019C945169D0801616FED40195F29BF84BE526B45F51094D416767E70A01FBB93C76EF81A4FEF6CA68A5CD09F4F97669686FE3642BA9EF673919452DEFB29C975B1E7094B92196FA5931CFD3F36947FB1A49102DFA849E34F943C281639425CB418856711117D7DF63D7D591A1B2CF828C0C02282288463F077DB3069C9CD6B967F010636ACA275590940DD6E04FCDF18012"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120%"

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (http://www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
352 - explorer.exe
376 - avp.exe
432 - IAANTMon.exe
544 - LVComSer.exe
608 - nvsvc32.exe
692 - oodag.exe
752 - PnkBstrA.exe
1100 - csrss.exe
1124 - winlogon.exe
1172 - services.exe
1184 - lsass.exe
1340 - svchost.exe
1408 - svchost.exe
1452 - MsMpEng.exe
1492 - svchost.exe
1668 - firefox.exe
1824 - spoolsv.exe
1896 - LVPrcSrv.exe
2312 - MSASCui.exe
2448 - avp.exe
2468 - MemOptimizer.ex
2480 - SweetIM.exe
2504 - Core.exe
2572 - cmd.exe
2636 - TeaTimer.exe
2716 - DSLMON.exe
2964 - msnmsgr.exe
3312 - firefox.exe
3856 - alg.exe
3928 - LVComSer.exe

Total number of processes = 31
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (http://www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntkrnlpa.exe
806E2000 - \WINDOWS\system32\hal.dll
BA5A8000 - \WINDOWS\system32\KDCOM.DLL
BA4B8000 - \WINDOWS\system32\BOOTVID.dll
B9ED6000 - sptd.sys
BA5AA000 - \WINDOWS\System32\Drivers\WMILIB.SYS
B9EBE000 - \WINDOWS\System32\Drivers\SPTD2221.SYS
B9E97000 - Vax347b.sys
B9E68000 - ACPI.sys
B9E57000 - pci.sys
BA0A8000 - isapnp.sys
B9E45000 - sfsync04.sys
BA670000 - pciide.sys
BA328000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
BA0B8000 - MountMgr.sys
B9E26000 - ftdisk.sys
BA330000 - PartMgr.sys
BA0C8000 - sfsync02.sys
BA0D8000 - VolSnap.sys
B9E0E000 -
B9D39000 - iastor.sys
BA5AC000 - Vax347s.sys
B9D21000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS
BA0E8000 - disk.sys
BA0F8000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
B9D01000 - fltMgr.sys
B9CEF000 - sr.sys
BA108000 - PxHelp20.sys
B9CD8000 - KSecDD.sys
B9C4B000 - Ntfs.sys
B9C1E000 - NDIS.sys
B9C0A000 - sfvfs02.sys
BA338000 - sfhlp02.sys
B9BF8000 - sfdrv01.sys
B9BDD000 - Mup.sys
BA5AE000 - mcctl.sys
BA340000 - \WINDOWS\system32\drivers\mcclib.sys
B99D3000 - LVMVDrv.sys
B99B7000 - kl1.sys
BA348000 - \WINDOWS\system32\drivers\TDI.SYS
BA258000 - \SystemRoot\system32\DRIVERS\intelppm.sys
B8F10000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys
B8EFC000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
B8ED6000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys
B8EAB000 - \SystemRoot\system32\DRIVERS\e1e5132.sys
B95F2000 - \SystemRoot\System32\DRIVERS\Bonifay.sys
BA3E0000 - \SystemRoot\system32\DRIVERS\usbuhci.sys
B8E88000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
BA3E8000 - \SystemRoot\system32\DRIVERS\usbehci.sys
BA268000 - \SystemRoot\system32\DRIVERS\imapi.sys
BA3F0000 - \SystemRoot\system32\drivers\Afc.sys
BA278000 - \SystemRoot\system32\DRIVERS\cdrom.sys
BA288000 - \SystemRoot\system32\DRIVERS\redbook.sys
B8E65000 - \SystemRoot\system32\DRIVERS\ks.sys
BA3F8000 - \SystemRoot\system32\DRIVERS\klim5.sys
BA788000 - \SystemRoot\system32\DRIVERS\audstub.sys
BA2C8000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
B996A000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
B8ABA000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
BA2D8000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
BA2E8000 - \SystemRoot\system32\DRIVERS\raspptp.sys
B86EC000 - \SystemRoot\system32\DRIVERS\psched.sys
BA308000 - \SystemRoot\system32\DRIVERS\msgpc.sys
BA470000 - \SystemRoot\system32\DRIVERS\ptilink.sys
BA478000 - \SystemRoot\system32\DRIVERS\raspti.sys
BA138000 - \SystemRoot\system32\DRIVERS\termdd.sys
BA480000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
BA488000 - \SystemRoot\system32\DRIVERS\mouclass.sys
BA602000 - \SystemRoot\system32\DRIVERS\swenum.sys
B8435000 - \SystemRoot\system32\DRIVERS\update.sys
B9956000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
BA188000 - \SystemRoot\system32\DRIVERS\usbhub.sys
BA61A000 - \SystemRoot\system32\DRIVERS\USBD.SYS
BA198000 - \SystemRoot\System32\Drivers\NDProxy.SYS
B4D00000 - \SystemRoot\system32\drivers\sthda.sys
B4CDE000 - \SystemRoot\system32\drivers\portcls.sys
BA238000 - \SystemRoot\system32\drivers\drmk.sys
BA632000 - \SystemRoot\System32\Drivers\i2omgmt.SYS
BA634000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
BA6F6000 - \SystemRoot\System32\Drivers\Null.SYS
BA636000 - \SystemRoot\System32\Drivers\Beep.SYS
BA390000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
BA398000 - \SystemRoot\System32\drivers\vga.sys
BA63A000 - \SystemRoot\System32\Drivers\mnmdd.SYS
BA63C000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
BA3A0000 - \SystemRoot\System32\Drivers\Msfs.SYS
BA3A8000 - \SystemRoot\System32\Drivers\Npfs.SYS
B960A000 - \SystemRoot\system32\DRIVERS\rasacd.sys
B4044000 - \SystemRoot\system32\DRIVERS\ipsec.sys
B3FC4000 - \SystemRoot\system32\DRIVERS\tcpip.sys
B3FA3000 - \SystemRoot\system32\DRIVERS\ipnat.sys
B3F7B000 - \SystemRoot\system32\DRIVERS\netbt.sys
B929B000 - \SystemRoot\system32\DRIVERS\wanarp.sys
B3F59000 - \SystemRoot\System32\drivers\afd.sys
B928B000 - \SystemRoot\system32\DRIVERS\netbios.sys
B3F2E000 - \SystemRoot\system32\DRIVERS\rdbss.sys
B3EBF000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
B3E8B000 - \??\C:\WINDOWS\system32\drivers\klif.sys
BA118000 - \SystemRoot\System32\Drivers\Fips.SYS
B3C0C000 - \SystemRoot\system32\DRIVERS\usbccgp.sys
B3C72000 - \SystemRoot\system32\drivers\LVUSBSta.sys
B2F51000 - \SystemRoot\system32\DRIVERS\LV302V32.SYS
BA64E000 - \SystemRoot\system32\DRIVERS\lv302af.sys
B3C62000 - \SystemRoot\system32\drivers\usbaudio.sys
B2D4F000 - \SystemRoot\system32\DRIVERS\LVcKap.sys
B1A23000 - \SystemRoot\system32\DRIVERS\adiusbaw.sys
B3D3A000 - \SystemRoot\system32\DRIVERS\hidusb.sys
B1CD3000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
B3D2A000 - \SystemRoot\system32\DRIVERS\mouhid.sys
B399A000 - \SystemRoot\system32\DRIVERS\kbdhid.sys
ACE06000 - \SystemRoot\System32\Drivers\Cdfs.SYS
ABBA6000 - \SystemRoot\System32\Drivers\Udfs.SYS
ABAD1000 - \SystemRoot\System32\Drivers\dump_iastor.sys
BF800000 - \SystemRoot\System32\win32k.sys
ACB58000 - \SystemRoot\System32\drivers\Dxapi.sys
ACD13000 - \SystemRoot\System32\watchdog.sys
BF000000 - \SystemRoot\System32\drivers\dxg.sys
B077F000 - \SystemRoot\System32\drivers\dxgthk.sys
BF012000 - \SystemRoot\System32\nv4_disp.dll
B40EB000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
AAB1C000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
AAADF000 - \SystemRoot\system32\drivers\wdmaud.sys
B85E2000 - \SystemRoot\system32\drivers\sysaudio.sys
AC3AC000 - \SystemRoot\System32\DRIVERS\ipfltdrv.sys
AA88D000 - \SystemRoot\system32\DRIVERS\srv.sys
B92FB000 - \SystemRoot\system32\DRIVERS\secdrv.sys
AA785000 - \??\C:\WINDOWS\system32\drivers\tmcomm.sys
B86CA000 - \SystemRoot\system32\drivers\LVPr2Mon.sys
A4B34000 - \SystemRoot\system32\drivers\kmixer.sys
BA7E8000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 130

par **Falkra** » 24 Fév 2008 17:31

Je regarde ça. Merci. :supers:

par **titane1975** » 24 Fév 2008 17:32

Milles excuses pour tous mes messages

Liste des programmes installes

Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est F4A8-56A7

Répertoire de C:\Program Files

23/02/2008 09:26 <REP> .
23/02/2008 09:26 <REP> ..
15/02/2008 22:45 <REP> Adobe
02/06/2006 06:24 <REP> Alcohol Soft
16/03/2007 06:51 <REP> Alwil Software
19/02/2008 18:08 <REP> AnsaRC
02/11/2007 10:14 <REP> Apple Software Update
18/01/2008 17:18 <REP> ArcSoft
23/02/2008 10:40 <REP> a-squared Free
06/02/2007 07:10 <REP> Astonsoft
16/09/2006 06:01 <REP> Bethesda Softworks
25/01/2008 10:11 <REP> BitDefender
15/05/2006 06:54 <REP> CCleaner
30/01/2007 11:11 <REP> CDBurnerXP Pro 3
10/09/2006 00:04 <REP> Common Files
16/06/2006 23:41 <REP> Dell
06/02/2007 07:03 <REP> DellConnect
12/10/2007 19:45 <REP> DivX
06/10/2007 15:08 <REP> EA GAMES
27/10/2007 08:47 <REP> Electronic Arts
15/05/2006 06:01 <REP> epson
25/01/2008 07:11 <REP> Fichiers communs
20/04/2007 23:09 <REP> Freecom Backup Software
20/04/2007 23:08 <REP> Freecom Personal Media Suite
20/10/2006 06:33 <REP> GameSpy
28/12/2006 07:32 <REP> Google
10/09/2006 01:32 <REP> Human Head Studios
10/05/2006 08:09 <REP> Intel
13/02/2008 06:26 <REP> Internet Explorer
18/01/2008 17:21 <REP> ISL
02/12/2007 07:10 <REP> Java
16/02/2008 07:20 <REP> Kaspersky Lab
15/05/2006 05:48 <REP> Kit ADSL
12/10/2007 19:47 <REP> K-Lite Codec Pack
10/05/2006 08:11 <REP> Learn2.com
13/10/2007 08:01 <REP> Logitech
23/02/2008 10:41 <REP> Macrogaming
23/05/2006 09:59 <REP> Messenger
19/01/2008 20:09 <REP> Messenger Plus! Live
16/09/2006 04:38 <REP> MessengerPlus! 3
19/05/2006 22:41 <REP> Microsoft Baseline Security Analyzer 2
12/10/2007 19:01 <REP> Microsoft CAPICOM 2.1.0.2
19/08/2004 23:37 <REP> microsoft frontpage
10/09/2006 20:24 <REP> Microsoft Games
13/11/2007 22:21 <REP> Microsoft SQL Server Compact Edition
01/07/2006 22:54 <REP> Microsoft Works
19/08/2004 23:35 <REP> Movie Maker
23/02/2008 10:19 <REP> Mozilla Firefox
22/10/2007 15:31 <REP> Mozilla Sunbird
19/08/2004 23:34 <REP> MSN
19/08/2004 23:34 <REP> MSN Gaming Zone
12/10/2007 19:01 <REP> MSXML 4.0
25/01/2008 21:55 <REP> NetMeeting
02/02/2008 07:38 <REP> OGSConverter
19/08/2004 23:34 <REP> Online Services
11/01/2008 20:51 <REP> OO Software
15/05/2006 05:49 <REP> Optio 50L Digital Camera
12/10/2007 19:01 <REP> Outlook Express
16/09/2006 04:38 <REP> Palm
18/01/2008 17:25 <REP> Panasonic
01/06/2006 07:57 <REP> PANZERS - Phase2
18/02/2008 20:24 <REP> PeerGuardian2
16/08/2006 10:24 <REP> PhotoFiltre
15/08/2006 10:46 <REP> PhotoZoom Professional
12/10/2007 17:14 <REP> Picasa2
01/12/2007 11:18 <REP> QuickTime
06/02/2007 04:14 <REP> Razer
20/10/2007 22:05 <REP> Real
19/08/2004 23:35 <REP> Services en ligne
10/05/2006 08:07 <REP> Sigmatel
12/10/2007 20:08 <REP> Skype
03/02/2008 11:23 <REP> SpeedSim
10/02/2008 20:31 <REP> Spybot - Search & Destroy
12/10/2007 13:30 <REP> Telecom Factory
19/07/2007 16:36 <REP> THQ
20/07/2006 07:35 <REP> Trend Micro
16/02/2008 21:52 <REP> TuneUp Utilities 2006
31/10/2006 23:00 <REP> Ubisoft
15/02/2007 07:23 <REP> uTorrent
12/10/2007 19:09 <REP> VideoLAN
10/05/2006 08:11 <REP> Viewpoint
30/01/2007 11:01 <REP> VSO
29/03/2007 08:47 <REP> Webteh
28/10/2006 22:16 <REP> Windows Defender
22/01/2007 08:39 <REP> Windows Desktop Search
14/11/2007 07:51 <REP> Windows Live
13/11/2007 22:32 <REP> Windows Live Favorites
18/01/2008 19:25 <REP> Windows Live Safety Center
30/11/2007 05:54 <REP> Windows Live Toolbar
02/12/2006 21:43 <REP> Windows Media Bonus Pack for Windows XP
02/12/2006 21:33 <REP> Windows Media Connect 2
16/04/2007 09:50 <REP> Windows Media Player
19/08/2004 23:34 <REP> Windows NT
20/10/2006 22:11 <REP> WinRAR
19/08/2004 23:37 <REP> xerox
10/09/2006 08:41 <REP> Yahoo!
0 fichier(s) 0 octets
96 Rép(s) 121 619 214 336 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est F4A8-56A7

Répertoire de C:\Program Files\fichiers communs

25/01/2008 07:11 <REP> .
25/01/2008 07:11 <REP> ..
15/02/2008 22:45 <REP> Adobe
22/02/2007 09:16 <REP> Ahead
23/05/2006 20:16 <REP> AOL
25/01/2008 10:11 <REP> BitDefender
10/05/2006 08:13 <REP> InstallShield
10/05/2006 08:05 <REP> Java
13/10/2007 08:18 <REP> LogiShrd
17/01/2007 08:35 <REP> Logitech
04/11/2006 06:08 <REP> Micro Application Shared
13/11/2007 21:21 <REP> Microsoft Shared
19/08/2004 23:35 <REP> MSSoap
10/05/2006 08:11 <REP> Nullsoft
23/01/2008 22:25 <REP> ODBC
20/10/2007 22:05 <REP> Real
10/05/2006 08:09 <REP> Roxio Shared
19/08/2004 23:35 <REP> Services
13/01/2008 10:29 <REP> Skype
25/01/2008 10:11 <REP> Softwin
19/08/2004 23:30 <REP> SpeechEngines
12/10/2007 20:11 <REP> System
20/07/2006 08:53 <REP> SystemRequirementsLab
20/10/2007 22:05 <REP> xing shared
0 fichier(s) 0 octets
24 Rép(s) 121 619 214 336 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est F4A8-56A7

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

19/08/2004 23:41 <REP> .
19/08/2004 23:41 <REP> ..
18/05/2001 04:57 561 209 MSONSEXT.DLL
03/06/1999 01:09 122 937 MSOWS409.DLL
06/03/2001 20:00 127 033 MSOWS40c.DLL
3 fichier(s) 811 179 octets
2 Rép(s) 121 619 214 336 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est F4A8-56A7

Répertoire de C:\Program Files\common files

10/09/2006 00:04 <REP> .
10/09/2006 00:04 <REP> ..
24/06/2006 02:13 <REP> EasyInfo
10/09/2006 08:41 <REP> Scanner
0 fichier(s) 0 octets
4 Rép(s) 121 619 214 336 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est F4A8-56A7

Répertoire de C:\

03/12/2006 11:16 40 960 HTGD0003.exe
1 fichier(s) 40 960 octets
0 Rép(s) 121 619 214 336 octets libres

c:\Documents and Settings\Cappelle\.housecall\getMac.exe
c:\Documents and Settings\Cappelle\.housecall\patch.exe
c:\Documents and Settings\Cappelle\.housecall\tsc.exe
c:\Documents and Settings\Cappelle\.housecall6.6\getMac.exe
c:\Documents and Settings\Cappelle\.housecall6.6\patch.exe
c:\Documents and Settings\Cappelle\.housecall6.6\tsc.exe
c:\Documents and Settings\Cappelle\Application Data\ezpinst.exe
c:\Documents and Settings\Cappelle\Application Data\Microsoft\Installer\{121ECDB5-5DBE-498A-909D-A971C0F4A337}\ARPPRODUCTICON.exe
c:\Documents and Settings\Cappelle\Application Data\Microsoft\Installer\{121ECDB5-5DBE-498A-909D-A971C0F4A337}\prey.exe_121ECDB55DBE498A909DA971C0F4A337.exe
c:\Documents and Settings\Cappelle\Application Data\Microsoft\Installer\{121ECDB5-5DBE-498A-909D-A971C0F4A337}\prey.exe1_121ECDB55DBE498A909DA971C0F4A337.exe
c:\Documents and Settings\Cappelle\Application Data\Microsoft\Installer\{121ECDB5-5DBE-498A-909D-A971C0F4A337}\UNINST_Uninstall_Pre_121ECDB55DBE498A909DA971C0F4A337.exe
c:\Documents and Settings\Cappelle\Application Data\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe
c:\Documents and Settings\Cappelle\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
c:\Documents and Settings\Cappelle\Application Data\Microsoft\Installer\{870842F7-18BB-479D-A7B1-FE17E81AFF1A}\ARPPRODUCTICON.exe
c:\Documents and Settings\Cappelle\Application Data\Microsoft\Installer\{870842F7-18BB-479D-A7B1-FE17E81AFF1A}\PalmDesktopShortcut.exe
c:\Documents and Settings\Cappelle\Application Data\Microsoft\Installer\{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}\ARPPRODUCTICON.exe
c:\Documents and Settings\Cappelle\Application Data\Microsoft\Installer\{BBB1528C-2F8C-4526-9C8E-699F17AF21CA}\ARPPRODUCTICON.exe
c:\Documents and Settings\Cappelle\Application Data\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
c:\Documents and Settings\Cappelle\Application Data\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe
c:\Documents and Settings\Cappelle\Application Data\Mozilla\Firefox\Profiles\vmr697en.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}\FEBEbg.exe
c:\Documents and Settings\Cappelle\Application Data\Mozilla\Firefox\Profiles\vmr697en.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}\FEBEunzip.exe
c:\Documents and Settings\Cappelle\Application Data\Mozilla\Firefox\Profiles\vmr697en.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}\FEBEzip.exe
c:\Documents and Settings\Cappelle\Application Data\WholeSecurity\CAT\WSOOPScan.exe
c:\Documents and Settings\Cappelle\Application Data\WholeSecurity\CAT\WSUIEE.exe
c:\Documents and Settings\Cappelle\Bureau\HiJackThis.exe
c:\Documents and Settings\Cappelle\Bureau\DiagHelp\DiagHelp\catchme.exe
c:\Documents and Settings\Cappelle\Bureau\DiagHelp\DiagHelp\diff.exe
c:\Documents and Settings\Cappelle\Bureau\DiagHelp\DiagHelp\dumphive.exe
c:\Documents and Settings\Cappelle\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Cappelle\Bureau\DiagHelp\DiagHelp\find2.exe
c:\Documents and Settings\Cappelle\Bureau\DiagHelp\DiagHelp\Fport.exe
c:\Documents and Settings\Cappelle\Bureau\DiagHelp\DiagHelp\grep.exe
c:\Documents and Settings\Cappelle\Bureau\DiagHelp\DiagHelp\gzip.exe
c:\Documents and Settings\Cappelle\Bureau\DiagHelp\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Cappelle\Bureau\DiagHelp\DiagHelp\LFiles.exe
c:\Documents and Settings\Cappelle\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Cappelle\Bureau\DiagHelp\DiagHelp\md5sums.exe
c:\Documents and Settings\Cappelle\Bureau\DiagHelp\DiagHelp\pslist.exe
c:\Documents and Settings\Cappelle\Bureau\DiagHelp\DiagHelp\sigcheck.exe
c:\Documents and Settings\Cappelle\Bureau\DiagHelp\DiagHelp\streams.exe
c:\Documents and Settings\Cappelle\Bureau\DiagHelp\DiagHelp\swreg.exe
c:\Documents and Settings\Cappelle\Bureau\DiagHelp\DiagHelp\tar.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\sd4hide.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Antivirus\a2FreeSetup.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Antivirus\Antivirus Avast.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Antivirus\antivirus cwshredder.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Antivirus\antivirus Windows-V1.17.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Antivirus\avast setupfre edition familiale.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Antivirus\ClamWinPortable.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Antivirus\Mc Afee antivirus.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Antivirus\sdsetup.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Ogame\OGSConverter_v1.42_install.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Ogame\SpeedSim_0.9.7.0b_unicode.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Programmes\Jeux\Titan Quest\Titan quest crack (active multilanguage), keygen, patch [NoCD] Tested\Titan quest crack\Crack\crack.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Programmes\Jeux\Worms.Armageddon.Nouvelle Edition.PC.FRENCH-Bignames\Worms Armageddon - New Edition\autorun.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Programmes\Jeux\Worms.Armageddon.Nouvelle Edition.PC.FRENCH-Bignames\Worms Armageddon - New Edition\SetupWA.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Programmes\Jeux\Worms.Armageddon.Nouvelle Edition.PC.FRENCH-Bignames\Worms Armageddon - New Edition\Install\clokspl.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Programmes\Jeux\Worms.Armageddon.Nouvelle Edition.PC.FRENCH-Bignames\Worms Armageddon - New Edition\Install\Landgen.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Programmes\Jeux\Worms.Armageddon.Nouvelle Edition.PC.FRENCH-Bignames\Worms Armageddon - New Edition\Install\WA.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Programmes\Jeux\Worms.Armageddon.Nouvelle Edition.PC.FRENCH-Bignames\Worms Armageddon - New Edition\Install\User\BankEditor.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Programmes\PC\O&O Defrag 8.6.2336+keygen\o-o-defrag_o_o_defrag_8.6.2336_francais_11995.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Programmes\PC\O&O Defrag 8.6.2336+keygen\Keygen\Keygen.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Programmes\PC\O&O DriveLED 2.0\keygen.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Programmes\PC\O&O DriveLED 2.0\OODriveLEDFra.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Programmes\PC\Peerguardian 2.0.6.4 + listes\Peerguardian 2.0.6.4 + listes [by Elzboub]\pg2-050918-nt.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Setup programme\AdbeRdr810_fr_FR.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Setup programme\ASM_GEN_1.0.0.315.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Setup programme\avast.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Setup programme\BF2142_Update_1.20.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Setup programme\bsplayer_bsplayer_1.37_sans_adware_anglais_10424(2).exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Setup programme\copytodvd4_setup.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Setup programme\deepburner_deepburner_1.8.0.224_francais_12674.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Setup programme\GoogleEarthWin.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Setup programme\klcodec345f.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Setup programme\peerguardian.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Setup programme\QuickTimeInstaller.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Setup programme\Rainlendar-0.22.1.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Setup programme\RealPlayer10-5GOLD_fr.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Setup programme\spybotsd15.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Setup programme\spybotsd152.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Setup programme\vlc-0.8.6d-win32.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Setup programme\WLinstaller.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Setup programme\wmp11-windowsxp-mediaplayer 11.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Setup programme\ccleaner\ccsetup204.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Setup programme\Patch Windows Haut Debit\Patch_Window_A_0_14.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Setup programme\Votre avocat à domicile by kata\AUTORUN.EXE
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Setup programme\Votre avocat à domicile by kata\NAVIGMA.EXE
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Setup programme\Votre avocat à domicile by kata\setup\flashplayer6_winax.exe
c:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Setup programme\Votre avocat à domicile by kata\setup\setup.exe
c:\Documents and Settings\Cappelle\Bureau\Programmes photos\PhotoZoom Professional 1.2.8\PhotoZoom Professional Setup.exe
c:\Documents and Settings\Cappelle\Local Settings\Temp\Install\SETUP.EXE
c:\Documents and Settings\Cappelle\Mes documents\My Games\Titan Quest\TitanQuest1_08.exe
c:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\dnsq.dll
c:\Documents and Settings\All Users\Application Data\Logishrd\LQCVFX\Filters\MMSEF.dll
c:\Documents and Settings\All Users\Application Data\Logishrd\LQCVFX\Filters\VMSEF.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpEngine.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{687E5EDD-2047-4203-8D53-AFB42E7F46FD}\mpengine.dll
c:\Documents and Settings\Cappelle\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\Cappelle\Application Data\Mozilla\Firefox\Profiles\vmr697en.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll

****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_ARNAUD.tar.gz a l'adresse http://upload.malekal.com

par **Falkra** » 24 Fév 2008 17:36

Tout y est. :wink:

a part des cracks éventuellement porteurs de saletés, il n'y a rien de réellement nocif.
Le scan heuristique est avant tout une intuition d'antivirus : les fichiers détectés de cette manière peuvent être suspects, mais sujets à des erreurs.

Peux-tu poster le nom et chemin d'accès au fichier dans sa dernière détection ?
(au besoin dans l'historique des rapports de KAV tu pourras le trouver mentionné)
Si ça se trouve, le fichier n'était pas actif mais simplement présent.

par **titane1975** » 24 Fév 2008 17:40

Merci encore :supers:

Par contre après avoir fait la deuxième manip' (rapport), j'ai eu quelques soucis. Plus d'accès à MSN et impossible de voir les photos sur Picasa 2.

J'ai eu ce message :

Microsoft Visual C++ Runtime library
Runtime error!
program c:\program files\msn messenger\msnmsgr.exe

Un peu de panique

mais j'ai trouvé la solution :king:

j'ai désinstallé "sweet..." (me souviens plus du nom), il y avait un conflit à priori.

Par contre, quand je mets un CD, ce message apparaît avant sa lecture :

sous-système Windows 16 bits
SYSTEM\currentcontrolset\virtualdevicedrivers. le format du pilote de périphérique virtuel dans le registre n'est pas valide. Choississez "fermer"...

je ne comprends pas pour celui là.

penses-tu qu'il me faudrait formater mon PC pour repartir comme aux 1ers jours :crazy:

par **Falkra** » 24 Fév 2008 17:46

Ceci n'est pas lié à des malwares, je pencherais plutôt sur un problème avec un émulateur cd type alcohol ou daemon tools. Alcohol est installé.

Pour MSN, je vois que MSN+ est là, tu as décoché le "sponsor" à l'installation ?

par **titane1975** » 24 Fév 2008 17:48

Une épine en moins dans mon grand pied :wink:

Voici ce que tu m'as demandé, il est tout chaud :

24/02/2008 06:45:20 Le fichier C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP920\A0092039.exe/bdis.msi//bdprof.cab.AE3C3951_7A91_4185_B6E7_BA9F78BFE365/IEShow.exe, découvert : virus 'Heur.Trojan.Generic' (modification).

par **Falkra** » 24 Fév 2008 17:55

Ce fichier fait partie d'un module anti-phising de bitdefender ou d'un programme de whois.
C'est bien un faux positif : tu peux faire ignorer par ton antivirus.

par **titane1975** » 24 Fév 2008 17:57

Mon rapport date d'hier (vu que je vis en Polynésie, j'ai un peu de mal à savoir quelle heure il est en europe...) :mrgreen:

Le problème a eu lieu après la manip' pour effectuer le 2ème rapport... j'ai désinstallé MSN puis réinstaller et tout va bien maintenant. Je viens de remettre un Cd et le msg n'apparait plus :-D

j'ai pensé à un formatage de mon DD, tu en penses quoi à la vue des différents rapports?

Et un ptit conseil pour un antivirus aussi :oops:

j'avais avast puis j'ai essayé bitdefender 30 jours et là, je suis avec kaspersky pour 30 jours aussi. J'hésite à choisir parmi ces 3 antivirus... :?:

par **Falkra** » 24 Fév 2008 18:02

ta machine n'est pas infectée. Ne reformate pas, ce sont là des problèmes du système. Ils pourraient revenir après reformatage, et entre temps : temps perdu.

Avast perd ses plumes. Je te recommande en gratuit Antivir :
http://www.libellules.ch/tuto_antivir.php
En payant, Kaspersky, mais c'est payant.

:!:

NB : un seul antivirus installé à la fois hein. :wink:

par **titane1975** » 24 Fév 2008 18:06

Si j'ai tout compris, c'est un faux-positif aussi celui là :

supprimé : cheval de Troie Trojan.Win32.Inject.mf Le fichier: C:\Documents and Settings\Cappelle\Bureau\Fichiers divers\Antivirus\DiagHelp\DiagHelp\catchme.exe//PE_Patch.UPX//#

supprimé : cheval de Troie Trojan.Win32.Inject.mf Le fichier: C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP922\A0092163.exe//PE_Patch.UPX//#

Merci beaucoup encore pour ton aide. heureusement qu'il y a des forums et des personnes qui aident les noobs comme moi :mrgreen:

par **Falkra** » 24 Fév 2008 18:08

Ca oui, c'est un des outils spéciaux qu'on utilise. Sa sophistication le fait mal voir des antivirus. Sans danger aucun.
Tu peux effacer les outils spéciaux que l'on a utilisés.

Pour te protéger, et éviter les infections avant qu'elles ne s'installent : :-D

http://www.libellules.ch/phpBB2/prevention-comment-eviter-bien-des-infections-t24540.html

Déconnection du net-virus heur trojan generic (modification)

Déconnection du net-virus heur trojan generic (modification)

Re: Déconnection du net-virus heur trojan generic (modification)

Re: Déconnection du net-virus heur trojan generic (modification)

Re: Déconnection du net-virus heur trojan generic (modification)

Re: Déconnection du net-virus heur trojan generic (modification)

Re: Déconnection du net-virus heur trojan generic (modification)

Re: Déconnection du net-virus heur trojan generic (modification)

Re: Déconnection du net-virus heur trojan generic (modification)

Re: Déconnection du net-virus heur trojan generic (modification)

Re: Déconnection du net-virus heur trojan generic (modification)

Re: Déconnection du net-virus heur trojan generic (modification)

Re: Déconnection du net-virus heur trojan generic (modification)

Re: Déconnection du net-virus heur trojan generic (modification)

Re: Déconnection du net-virus heur trojan generic (modification)

Re: Déconnection du net-virus heur trojan generic (modification)

Re: Déconnection du net-virus heur trojan generic (modification)

Re: Déconnection du net-virus heur trojan generic (modification)

Re: Déconnection du net-virus heur trojan generic (modification)

Re: Déconnection du net-virus heur trojan generic (modification)

Re: Déconnection du net-virus heur trojan generic (modification)

Qui est en ligne