C:\WINDOWS\system32\drivers\xtjveehs.dat - Sécurité, virus et assimilés::Trojan et spywares

Passionné(e) d'internet, de logiciels, de forums ? 01net recrute...

Auteur

Message

guelmitx-

Posté le 17/12/2007 23:50:11

voila j'aimerais bien savoir ce que c'est..
je scan avec trojan remover et une fenetre s'ouvre..
en me disant.
the windows registry attempts to load this file at boot time:
C:\WINDOWS\system32\drivers\xtjveehs.dat
The programm is loaded by the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nygdjfzy\"ImagePath"
il n'y a aucune info sur ca seulement la taille :19,456 ; la date cree le 12/11/07 et celle modifiee qui est la meme..ainsi que plusieurs actions.
:??:

j'ai regarde partout et je ne trouve aucune info sur tout ca.Que faire? faire

naheulbeuk

Posté le 18/12/2007 11:00:15

bonjour,

- Télécharge DiagHelp.zip sur ton bureau - Tuto : http://www.malekal.com/DiagHelp/DiagHelp.php
- Ne double-clic pas dessus !! Fais un clic droit sur le fichier et extraire tout
- Un nouveau dossier chercher va être créé DiagHelp
- Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
- Une fenêtre va s'ouvrir, choisis l'option 1
- L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande.

ATTENTION : pendant l'analyse, après le rapport catchme, il te sera demandé d'appuyer sur une touche afin de poursuivre le scan, suis bien les instructions à l'écran !

- A la fin de l'analyse, il peut-être (pas obligatoire) demandé de redémarrer l'ordinateur... Une fois l'ordinateur redémarré, le rapport va apparaître sur le bloc-note.. Ce dernier se trouve sur C:\resultat.txt
- Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
-- Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
-- A nouveau menu Edition / copier
-- Dans un nouveau message ici, faire un clic droit / coller

-------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/

guelmitx-

Posté le 18/12/2007 18:51:52

bonjour,voila j'ai fais comme prevu.
en esperant que cela t'aide.merci d'avance.

DiagHelp version v1.4 - http://www.malekal.com
excute le Tue 12/18/2007 à 11:27:26.70

Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CHCP.COM-17EDBDC9.pf -->12/18/2007 11:27:16 AM
C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf -->12/18/2007 11:27:00 AM
C:\WINDOWS\prefetch\MRT.EXE-161A5291.pf -->12/18/2007 11:24:45 AM
C:\WINDOWS\prefetch\MRTSTUB.EXE-0D0DFC98.pf -->12/18/2007 11:24:33 AM
C:\WINDOWS\prefetch\WINDOWS-KB890830-V1.35.EXE-067933EC.pf -->12/18/2007 11:24:32 AM
C:\WINDOWS\prefetch\EXPLORER.EXE-02121B1A.pf -->12/18/2007 11:24:15 AM
C:\WINDOWS\prefetch\VERCLSID.EXE-28F52AD2.pf -->12/18/2007 11:21:44 AM
C:\WINDOWS\prefetch\SSSTARS.SCR-3464C062.pf -->12/18/2007 11:03:00 AM
C:\WINDOWS\prefetch\YBRWICON.EXE-27098397.pf -->12/18/2007 9:49:12 AM
C:\WINDOWS\prefetch\YBROWSER.EXE-066EA56B.pf -->12/18/2007 9:49:07 AM

C:\WINDOWS\System32\drivers\xtjveehs.dat -->12/11/2007 7:47:18 AM
C:\WINDOWS\System32\drivers\aswmon.sys -->12/4/2007 8:56:02 AM
C:\WINDOWS\System32\drivers\aswmon2.sys -->12/4/2007 8:55:46 AM
C:\WINDOWS\System32\drivers\aswRdr.sys -->12/4/2007 8:53:39 AM
C:\WINDOWS\System32\drivers\aswTdi.sys -->12/4/2007 8:51:52 AM
C:\WINDOWS\System32\drivers\aavmker4.sys -->12/4/2007 8:49:02 AM
C:\WINDOWS\System32\drivers\AnyDVD.sys -->11/30/2007 9:23:02 AM

C:\WINDOWS\System32\wpa.dbl -->12/18/2007 9:24:31 AM
C:\WINDOWS\System32\LVCOMSX.LOG -->12/14/2007 12:39:14 PM
C:\WINDOWS\System32\CONFIG.NT -->12/14/2007 12:33:07 PM
C:\WINDOWS\System32\PerfStringBackup.INI -->12/14/2007 9:13:23 AM
C:\WINDOWS\System32\perfh009.dat -->12/14/2007 9:13:23 AM
C:\WINDOWS\System32\perfc009.dat -->12/14/2007 9:13:23 AM
C:\WINDOWS\System32\FNTCACHE.DAT -->12/14/2007 8:46:37 AM
C:\WINDOWS\System32\TZLog.log -->12/14/2007 8:40:19 AM
C:\WINDOWS\System32\spupdsvc.inf -->12/14/2007 8:36:40 AM
C:\WINDOWS\System32\aswBoot.exe -->12/4/2007 7:04:28 AM
C:\WINDOWS\System32\AvastSS.scr -->12/4/2007 6:54:04 AM
C:\WINDOWS\System32\nscompat.tlb -->11/28/2007 7:36:49 PM
C:\WINDOWS\System32\amcompat.tlb -->11/28/2007 7:36:49 PM
C:\WINDOWS\System32\lvcoinst.log -->11/28/2007 7:19:22 PM
C:\WINDOWS\System32\$winnt$.inf -->11/28/2007 7:19:22 PM
C:\WINDOWS\System32\WindowsLogon.manifest -->11/28/2007 7:12:39 PM
C:\WINDOWS\System32\logonui.exe.manifest -->11/28/2007 7:12:39 PM
C:\WINDOWS\System32\wuaucpl.cpl.manifest -->11/28/2007 7:12:34 PM
C:\WINDOWS\System32\sapi.cpl.manifest -->11/28/2007 7:12:34 PM
C:\WINDOWS\System32\nwc.cpl.manifest -->11/28/2007 7:12:34 PM
C:\WINDOWS\System32\ncpa.cpl.manifest -->11/28/2007 7:12:34 PM
C:\WINDOWS\System32\cdplayer.exe.manifest -->11/28/2007 7:12:34 PM
C:\WINDOWS\System32\emptyregdb.dat -->11/28/2007 7:11:35 PM
C:\WINDOWS\System32\oeminfo.ini -->11/28/2007 7:03:26 PM
C:\WINDOWS\System32\tzchange.exe -->11/13/2007 5:31:11 AM

C:\WINDOWS\0.log -->12/18/2007 9:23:38 AM
C:\WINDOWS\WindowsUpdate.log -->12/18/2007 9:23:37 AM
C:\WINDOWS\wiadebug.log -->12/18/2007 9:23:37 AM
C:\WINDOWS\wiaservc.log -->12/18/2007 9:23:36 AM
C:\WINDOWS\bootstat.dat -->12/18/2007 9:22:19 AM
C:\WINDOWS\SchedLgU.Txt -->12/17/2007 10:12:02 PM
C:\WINDOWS\NeroDigital.ini -->12/17/2007 1:24:26 PM
C:\WINDOWS\WMSysPr9.prx -->11/28/2007 7:13:39 PM
C:\WINDOWS\ODBCINST.INI -->11/28/2007 7:13:27 PM
C:\WINDOWS\WindowsShell.Manifest -->11/28/2007 7:12:34 PM
C:\WINDOWS\win.ini -->11/28/2007 7:12:23 PM
C:\WINDOWS\system.ini -->11/28/2007 7:03:22 PM
C:\WINDOWS\UPGRADE.TXT -->11/28/2007 6:50:27 PM
C:\WINDOWS\setupapi.old -->11/28/2007 6:49:24 PM
C:\WINDOWS\iPlayer.INI -->11/18/2007 9:06:58 AM

winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 1704
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x42c10000 0xcf000 7.00.6000.16574 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x42990000 0x45000 7.00.6000.16574 C:\WINDOWS\system32\iertutil.dll
0x5d090000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
0x76fd0000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 0xc5000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x42ef0000 0x5cd000 7.00.6000.16574 C:\WINDOWS\system32\ieframe.dll
0x5f800000 0x16000 1.01.1593.0000 C:\PROGRA~1\WIFD1F~1\MpShHook.dll
0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
0x7c420000 0x87000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll
0x42cf0000 0x127000 7.00.6000.16574 C:\WINDOWS\system32\urlmon.dll
0x42e40000 0x3c000 7.00.6000.16574 C:\WINDOWS\system32\webcheck.dll
0x7d1e0000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x10000000 0x10000 8.00.0000.0456 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
0x01550000 0x2c0 C:\WINDOWS\system32\audiode.dll
0x74320000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x01d90000 0x17000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x024b0000 0x3e000 3.00.0003.0000 D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero 8\Nero BackItUp\NBShell.dll
0x782e0000 0x10f000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL
0x5d360000 0xe000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80ENU.DLL
0x64000000 0x48000 2005.01.0001.0012 C:\Program Files\Yahoo!\Common\Ymmapi.dll
0x02500000 0x2b000 D:\Program Files\Winampwinrar\rarext.dll
0x02d90000 0x76000 1.00.0008.0046 D:\PROGRA~1\TROJAN~1\Trshlex.dll
0x02f10000 0x202000 3.00.0001.0000 D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero 8\Nero CoverDesigner\CoverEdExtension.dll
0x781d0000 0x10f000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL
0x74e30000 0x6c000 5.30.0023.1228 C:\WINDOWS\system32\RICHED20.dll
0x03230000 0x3cf000 0.04.0000.0101 C:\Program Files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
0x64f00000 0x12000 4.07.1098.0000 D:\Program Files\avast\ashShell.dll
0x028a0000 0x5b000 8.01.0000.0000 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
0x02600000 0x30000 5.00.0000.0085 C:\Program Files\Common Files\Simple Star Shared\PhotoShowShellExt.dll
0x03ac0000 0x37000 3.00.0000.2104 C:\WINDOWS\System32\igfxpph.dll
0x03b00000 0x1e000 3.00.0000.2104 C:\WINDOWS\System32\hccutils.DLL
0x03b30000 0x15000 1.01.1593.0000 C:\PROGRA~1\WIFD1F~1\MpOAv.dll

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 696
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x80000 \??\C:\WINDOWS\system32\winlogon.exe
0x5d090000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74320000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x17000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x01250000 0x3b000 1.07.0018.0007 C:\WINDOWS\system32\WgaLogon.dll
0x76fd0000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 0xc5000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x74980000 0x113000 8.90.1101.0000 C:\WINDOWS\system32\msxml3.dll
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll

Volume in drive C has no label.
Volume Serial Number is 44AB-E1D7

Directory of C:\WINDOWS\system32

08/04/2004 06:00 AM 6,144 csrss.exe
1 File(s) 6,144 bytes
0 Dir(s) 6,748,909,568 bytes free
Volume in drive C has no label.
Volume Serial Number is 44AB-E1D7

Directory of C:\WINDOWS\system32

08/02/2004 09:58 AM 43,520 dm.exe
08/18/2003 07:56 PM 1,323,008 dmcpl.exe
2 File(s) 1,366,528 bytes
0 Dir(s) 6,748,909,568 bytes free

Contenu de Downloaded Program Files
Volume in drive C has no label.
Volume Serial Number is 44AB-E1D7

Directory of C:\WINDOWS\Downloaded Program Files

12/12/2007 03:16 PM <DIR> .
12/12/2007 03:16 PM <DIR> ..
11/28/2007 07:12 PM 65 desktop.ini
01/20/2000 02:25 PM 1,162 Microsoft XML Parser for Java.osd
01/18/2007 12:27 AM 345,512 MSDcode.dll
06/20/2006 02:44 PM 379,704 MsnPUpld.dll
06/19/2006 01:40 PM 393 MsnPUpld.inf
07/30/2007 07:24 PM 295 muweb.inf
12/06/2007 04:10 PM <DIR> ODCTOOLS
06/20/2006 02:44 PM 117,560 PURen-us.dll
01/09/2007 07:28 AM 110,592 PURes-us.dll
06/11/2007 11:21 AM 5,021 swflash.inf
04/16/2007 04:30 PM 206 VE3DInstall.inf
10/15/2007 10:02 AM 465,472 wlscBase.dll
10/15/2007 10:11 AM 320 wlscBase.inf
04/16/2007 09:50 PM 293 wuweb.inf
13 File(s) 1,426,595 bytes

Directory of C:\WINDOWS\Downloaded Program Files\ODCTOOLS

12/06/2007 04:10 PM <DIR> .
12/06/2007 04:10 PM <DIR> ..
0 File(s) 0 bytes

Total Files Listed:
13 File(s) 1,426,595 bytes
5 Dir(s) 6,748,909,568 bytes free

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues
possible infection rogues : l'utilisation de SmitFraudFix est recommandé

Export des clefs sensibles..

Liste des fichiers en exception sur le pare-feu XP SP2

"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"="C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE:*:Enabled:Yahoo! Messenger"
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"="C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"="C:\\Program Files\\support.com\\client\\bin\\tgcmd.exe:*:Disabled:Support.com Scheduler and Command Dispatcher"
"D:\\Program Files\\bitcomet\\BitComet.exe"="D:\\Program Files\\bitcomet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"D:\\Program Files\\iTunes\\iTunes.exe"="D:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"D:\\Program Files\\messenger\\Messenger\\YahooMessenger.exe"="D:\\Program Files\\messenger\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"D:\\Program Files\\messenger\\Messenger\\YServer.exe"="D:\\Program Files\\messenger\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"D:\\Program Files\\Shareaza\\eMule\\emule.exe"="D:\\Program Files\\Shareaza\\eMule\\emule.exe:*:Enabled:eMule"
"D:\\Program Files\\EMULE-Shareaza\\eMule\\emule.exe"="D:\\Program Files\\EMULE-Shareaza\\eMule\\emule.exe:*:Enabled:eMule"
"D:\\Program Files\\nero\\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\\Nero 8\\Nero ShowTime\\ShowTime.exe"="D:\\Program Files\\nero\\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\\Nero 8\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\\Program Files\\yahoomessenger\\Messenger\\YahooMessenger.exe"="D:\\Program Files\\yahoomessenger\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"D:\\Program Files\\messenger\\YahooMessenger.exe"="D:\\Program Files\\messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"D:\\Program Files\\messenger\\YServer.exe"="D:\\Program Files\\messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{d8b937a4-cdad-497b-a872-8da7c4c3ef6f}"="eaton"

exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-18 11:28:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac|\xff\xff\xff\xff"\x2022\x20ac|\xfe\xbb\xd4w\2]
"A0C0110900063D11C8EF10054038389C"="C?\WINDOWS\system32\FM20ENU.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\xd8\x2022\x20ac|\xff\xff\xff\xff\22\x2022\x20ac|\xf9\x2022A~\2]
"A0C0110900063D11C8EF10054038389C"="C?\WINDOWS\system32\FM20ENU.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG04.00.00.01SERVER"="C41C98BAE757590A149237C548126A82465465D63D26F78332FB84D020907A4BA801601FBB4126381CC59D6FA129B9551D2AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D597BE1580CB39C136D617996218227B733741C102F6A245F3513A8B35F990C08324F78C95C8C06800DA73083A40DD7FB03CEE418B145383A3E8888F66CE5DD3FAE952D02F0546D18B829905DA1EE333130F783CF0FDFA6BD255495AFA77FC5AF8150966242C540B8F102E5676D4DE7E82947987B16E784CC66A362C4FC3D60AA52A9DA92F801BA46AE740CA90D32FAB651B454A34CF0B9CB6FC995DF8EDC1909BD6B37FDF40CF02AD6E4F36FBD8BC234FCDFFD956AEF8225A53E6BEEB27BB2255407FBD3484EC9CC475BA3CB6E296B7D76886F645CBF70C6DD9B33A3719D43DC998F0D0739147FA052863490C2C0F4B3FC171662C29FE921E3A0CFF409AAB213053DE3CE420EA0183BB6D155136D337B4193F62BF2B024AB77B0B89DEA6DC1AD826C0B2792D011AA3DDFBF78682ACDFC692CA59974FAAEDD49D1789ABC957F19F39BA3CD0C548654039BD197055A416490B3CD5183E76A3704AF2FAE58365342AC7062C646F40C952F277219DA43DBE3449F2D3592C489B73F98105F4BC7769CF2B10F580B73807056E39DA4120D42AF8589956F44C517E68C00E2F7D5A5F59F84CB860FD7F416EC0154E5A586C46C80CAAFEE6D7180EFCCEC7D02066E8DB544114EB7B8600055982D23EFCCC65D2690FE73B160A7EFC3F758C95C5BBFA3E88A3D6DA7698B0317004B1D748D972C0FA4005B6DBC25F1187ABA45F68EA4F01B749E80EE78F24C8BB941344121EDE9997E9F11C3BCE1C844E871736779315E2A8844053A80651234DB667A3883793490E7A2636BDB831BF7DD50F9D9B9AABDC6512D98495FE56B690288ABCDF3160C0D2DC442ADDCE7F2B0751FA48C3308C0F65E4D00EE3AAA56D34C69A30C765958009D34C46AC41FBF455397E1540B797E95428BA495789DB173DEBD628ED489602C919125925B6DD25D9BE8C3172AE0744F13C410B8445DC19BDFAD8E891AA2522B5EF3402D2ECCE3F6F83703D0C0D000A56A4A74E88BBDB0727C576F3F16D4BFE6E064995490688BE198987911C015E5EFE85E23CA84458973634BF28A5E039FA17BE0D5359421C9432C18A6FADEAA4CD5B0399694A32C3D6CC88E2AD74A44486C115D3E14160B7F14E9B42CC595C3BF5767076995A4632000E41AC8A97565792F0CBEC2C52F6F75210A62523B2544AE44B8E8DAAB880CE9A5F15AA814BF6554A758DDF33544C9D2894B8603BC8CC76D43D3F150CB8FFCB8A7AF324641CEF65C64E58A87E0F8CCA845EE7ECDBC151A32"

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
284 - AnyDVD.exe
420 - AGRSMMSG.exe
484 - mssysmgr.exe
524 - msnmsgr.exe
536 - ctfmon.exe
648 - USBsircs.exe
672 - csrss.exe
696 - winlogon.exe
740 - services.exe
752 - lsass.exe
828 - ycommon.exe
940 - svchost.exe
1008 - svchost.exe
1116 - AppleMobileDevi
1148 - svchost.exe
1240 - svchost.exe
1316 - svchost.exe
1432 - livecall.exe
1528 - ashServ.exe
1704 - explorer.exe
1852 - cmd.exe
2184 - ashMaiSv.exe
2280 - ashWebSv.exe
2380 - iexplore.exe
2776 - usnsvc.exe
2860 - alg.exe
3948 - ybrowser.exe
3956 - ybrwicon.exe

Total number of processes = 29
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntoskrnl.exe
806FD000 - \WINDOWS\system32\hal.dll
F7D2F000 - \WINDOWS\system32\KDCOM.DLL
F7C3F000 - \WINDOWS\system32\BOOTVID.dll
F77E0000 - ACPI.sys
F7D31000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS
F77CF000 - pci.sys
F782F000 - isapnp.sys
F783F000 - ohci1394.sys
F784F000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS
F76E0000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS
F7AAF000 - xtjveehs.dat
F7DF7000 - pciide.sys
F7AB7000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
F785F000 - MountMgr.sys
F76C1000 - ftdisk.sys
F7D33000 - dmload.sys
F769B000 - dmio.sys
F7ABF000 - PartMgr.sys
F786F000 - VolSnap.sys
F7683000 - atapi.sys
F787F000 - disk.sys
F788F000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
F7663000 - fltMgr.sys
F789F000 - PxHelp20.sys
F764C000 - KSecDD.sys
F75BF000 - Ntfs.sys
F7592000 - NDIS.sys
F7577000 - Mup.sys
F78AF000 - agp440.sys
F78DF000 - \SystemRoot\System32\DRIVERS\nic1394.sys
F7A6F000 - \SystemRoot\system32\DRIVERS\intelppm.sys
F6BF4000 - \SystemRoot\System32\DRIVERS\ati2mtag.sys
F6BE0000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
F7B57000 - \SystemRoot\system32\DRIVERS\usbuhci.sys
F6BBD000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
F7B5F000 - \SystemRoot\system32\DRIVERS\usbehci.sys
F6B99000 - \SystemRoot\System32\DRIVERS\e100b325.sys
F6ADD000 - \SystemRoot\System32\DRIVERS\smrt.sys
F7A8F000 - \SystemRoot\System32\DRIVERS\STREAM.SYS
F6ABA000 - \SystemRoot\System32\DRIVERS\ks.sys
F7A9F000 - \SystemRoot\System32\DRIVERS\i8042prt.sys
F7B67000 - \SystemRoot\System32\DRIVERS\kbdclass.sys
F7B6F000 - \SystemRoot\System32\DRIVERS\mouclass.sys
F7B77000 - \SystemRoot\system32\DRIVERS\fdc.sys
F6AA6000 - \SystemRoot\System32\DRIVERS\parport.sys
F78EF000 - \SystemRoot\System32\DRIVERS\imapi.sys
F6A90000 - \SystemRoot\System32\Drivers\AnyDVD.sys
F7EA4000 - \SystemRoot\System32\Drivers\ElbyDelay.sys
F6D5E000 - \SystemRoot\System32\DRIVERS\cdrom.sys
F6D4E000 - \SystemRoot\System32\DRIVERS\redbook.sys
F7B7F000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys
F69FE000 - \SystemRoot\system32\drivers\smwdm.sys
F69DA000 - \SystemRoot\system32\drivers\portcls.sys
F6D2E000 - \SystemRoot\system32\drivers\drmk.sys
F7D51000 - \SystemRoot\system32\drivers\aeaudio.sys
F68BB000 - \SystemRoot\System32\DRIVERS\AGRSM.sys
F7B87000 - \SystemRoot\System32\Drivers\Modem.SYS
F7EA9000 - \SystemRoot\System32\DRIVERS\audstub.sys
F6CCE000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys
F7D0F000 - \SystemRoot\System32\DRIVERS\ndistapi.sys
F6850000 - \SystemRoot\System32\DRIVERS\ndiswan.sys
F78FF000 - \SystemRoot\System32\DRIVERS\raspppoe.sys
F790F000 - \SystemRoot\System32\DRIVERS\raspptp.sys
F7BB7000 - \SystemRoot\System32\DRIVERS\TDI.SYS
F683F000 - \SystemRoot\System32\DRIVERS\psched.sys
F791F000 - \SystemRoot\System32\DRIVERS\msgpc.sys
F7BBF000 - \SystemRoot\System32\DRIVERS\ptilink.sys
F7BCF000 - \SystemRoot\System32\DRIVERS\raspti.sys
F794F000 - \SystemRoot\System32\Drivers\Pcouffin.sys
F67E7000 - \SystemRoot\system32\DRIVERS\rdpdr.sys
F795F000 - \SystemRoot\System32\DRIVERS\termdd.sys
F7D69000 - \SystemRoot\System32\DRIVERS\swenum.sys
F678E000 - \SystemRoot\System32\DRIVERS\update.sys
F7D2B000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
F798F000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F79CF000 - \SystemRoot\system32\DRIVERS\usbhub.sys
F7D75000 - \SystemRoot\system32\DRIVERS\USBD.SYS
B6FAD000 - \SystemRoot\System32\DRIVERS\flpydisk.sys
F7D8F000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F7ECF000 - \SystemRoot\System32\Drivers\Null.SYS
F7D91000 - \SystemRoot\System32\Drivers\Beep.SYS
B6F9D000 - \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
B2D9C000 - \SystemRoot\System32\drivers\vga.sys
F7D93000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F7D95000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
B2D94000 - \SystemRoot\System32\Drivers\Msfs.SYS
B2D8C000 - \SystemRoot\System32\Drivers\Npfs.SYS
F7CEF000 - \SystemRoot\System32\DRIVERS\rasacd.sys
B2A4E000 - \SystemRoot\System32\DRIVERS\ipsec.sys
B29F6000 - \SystemRoot\System32\DRIVERS\tcpip.sys
F6632000 - \SystemRoot\System32\Drivers\aswTdi.SYS
B29D5000 - \SystemRoot\system32\DRIVERS\ipnat.sys
B29AD000 - \SystemRoot\System32\DRIVERS\netbt.sys
B298B000 - \SystemRoot\System32\drivers\afd.sys
F6622000 - \SystemRoot\System32\DRIVERS\netbios.sys
F6602000 - \SystemRoot\System32\DRIVERS\wanarp.sys
B2960000 - \SystemRoot\System32\DRIVERS\rdbss.sys
B28F1000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys
B6F68000 - \SystemRoot\System32\Drivers\Fips.SYS
B6F58000 - \SystemRoot\System32\DRIVERS\arp1394.sys
B2D7C000 - \SystemRoot\System32\Drivers\ElbyCDIO.sys
F7F11000 - \SystemRoot\System32\DRIVERS\DMICall.sys
B2D74000 - \SystemRoot\System32\Drivers\Aavmker4.SYS
F66E3000 - \SystemRoot\system32\DRIVERS\hidusb.sys
B6F48000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
B2D64000 - \SystemRoot\system32\DRIVERS\usbccgp.sys
B2D5C000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS
F66DF000 - \SystemRoot\System32\DRIVERS\kbdhid.sys
B6EF8000 - \SystemRoot\system32\drivers\lvusbsta.sys
B28B5000 - \SystemRoot\system32\DRIVERS\CamDrL20.sys
B2D12000 - \SystemRoot\system32\DRIVERS\CAMUSP20.SYS
B27B1000 - \SystemRoot\system32\DRIVERS\lvsvf2.sys
B6EE8000 - \SystemRoot\system32\drivers\usbaudio.sys
F66C3000 - \SystemRoot\System32\DRIVERS\mouhid.sys
B2E45000 - \SystemRoot\System32\Drivers\Cdfs.SYS
B2799000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F7DC1000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
B2E61000 - \SystemRoot\System32\drivers\Dxapi.sys
B2D0A000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
F7EFA000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9D5000 - \SystemRoot\System32\ati2dvag.dll
BFA35000 - \SystemRoot\System32\ati3d2ag.dll
B26E9000 - \SystemRoot\System32\DRIVERS\ndisuio.sys
B257B000 - \SystemRoot\System32\Drivers\aswMon2.SYS
B22E6000 - \SystemRoot\system32\drivers\wdmaud.sys
F6D0E000 - \SystemRoot\system32\drivers\sysaudio.sys
B1F1B000 - \SystemRoot\System32\DRIVERS\mrxdav.sys
F7D81000 - \SystemRoot\System32\Drivers\ParVdm.SYS
B1E8A000 - \SystemRoot\System32\Drivers\HTTP.sys
B1E10000 - \SystemRoot\System32\DRIVERS\srv.sys
B1D6C000 - \SystemRoot\System32\Drivers\aswRdr.SYS
B157B000 - \SystemRoot\system32\drivers\kmixer.sys
F7E27000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 136

Liste des programmes installes

Adobe Reader 8.1.1
Agere Systems AC'97 Modem
AnyDVD
Apple Mobile Device Support
Apple Software Update
AT&T Self Support Tool
AT&T Yahoo! Activation
AT&T Yahoo! Applications
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
avast! Antivirus
CCleaner (remove only)
Click to DVD 1.3
CloneDVD2
DivxToDVD 1.99.11
Drag'n Drop CD+DVD
DVD Flick
DVgate Plus
eMule
getPlus(R)_ocx
Giga Pocket 5.5
Giga Pocket Demo Movie
Giga Pocket Hardware Library 5.5
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Intel(R) Extreme Graphics Driver
Intel(R) PRO Network Adapters and Drivers
InterActual Player
InterVideo WinDVD 5 for VAIO
iTunes
Java 2 Runtime Environment, SE v1.4.2_01
K-Lite Codec Pack 3.4.0 Full
Logitech QuickCam
Logitech® Camera Driver
Media Library Management Wizard
Memory Stick Formatter
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Suite 2006
Microsoft Digital Image Suite 2006 Editor
Microsoft Digital Image Suite 2006 Library
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
MoodLogic
MotionDV STUDIO 5.6E LE for DV
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
MpcStar 1.9
MSXML 4.0 SP2 (KB936181)
MultiMedia Software
Music Visualizer Library 1.4.00
Nero 8
Nero DVD/MP3Pro/ACC Plugin
Nero PhotoShow Express 5
Netscape (7.02)
Next Generation Visualisations
NVIDIA Windows 2000/XP Display Drivers
OpenMG Secure Module 3.3.01
Panasonic DVC USB Driver
Panasonic DVC USB Driver
Personal License Update Wizard for Windows Media Player
PictureGear Studio 2.0
Plus! MP3 Audio Converter LE
Quick Movie Magic 1.0E
Quicken 2004
Quicken 2004
QuickTime
RealPlayer
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944653)
SonicStage 1.6.00
Sony Certificate PCH
Sony Video Shared Library
SWF & FLV Player 3.0 (build 3.0.33.5106)
Trojan Remover 6.6.5
Update for Windows XP (KB894391)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
VAIO BrightColor Wallpaper
VAIO Help and Support
VAIO Help and Support
VAIO Media 2.6
VAIO Media Integrated Server 2.6
VAIO Media Redistribution 2.6
VAIO Registration
VAIO Registration
VAIO Remote Commander Utility 6.2
VAIO Survey Standalone
VAIO Survey Standalone
VAIO System Information
Viewpoint Media Player (Remove Only)
WebFldrs XP
Welcome to VAIO life
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Bonus Pack for Windows XP
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Yahoo! Toolbar

Volume in drive C has no label.
Volume Serial Number is 44AB-E1D7

Directory of C:\Program Files

12/14/2007 12:36 PM <DIR> .
12/14/2007 12:36 PM <DIR> ..
08/15/2007 09:03 AM <DIR> Adobe
08/19/2007 06:23 PM <DIR> Apple Software Update
12/01/2003 07:46 PM <DIR> ATI Technologies
10/30/2007 07:22 PM <DIR> Common Files
12/01/2003 07:34 PM <DIR> ComPlus Applications
08/16/2007 03:55 PM <DIR> directx
08/14/2007 01:10 PM <DIR> drag'n drop cd+dvd
12/12/2007 08:30 PM <DIR> Helper
08/14/2007 02:41 PM <DIR> illiminable
12/01/2003 07:48 PM <DIR> Intel
11/18/2007 09:04 AM <DIR> InterActual
12/14/2007 08:41 AM <DIR> Internet Explorer
08/14/2007 01:10 PM <DIR> InterVideo
08/19/2007 06:25 PM <DIR> iPod
12/02/2003 02:17 PM <DIR> Java
11/20/2007 09:53 AM <DIR> Macrogaming
12/14/2007 08:26 AM <DIR> Messenger
12/14/2007 08:34 AM <DIR> Microsoft CAPICOM 2.1.0.2
12/01/2003 07:36 PM <DIR> microsoft frontpage
08/14/2007 01:39 PM <DIR> Microsoft Office
08/14/2007 01:14 PM <DIR> Microsoft Works
08/14/2007 08:59 PM <DIR> Microsoft.NET
12/02/2003 02:43 PM <DIR> MoodLogic
08/14/2007 03:28 PM <DIR> Movie Maker
12/01/2003 07:34 PM <DIR> MSN Gaming Zone
11/14/2007 03:17 AM <DIR> MSN Messenger
08/16/2007 07:52 PM <DIR> MSXML 4.0
08/14/2007 03:28 PM <DIR> NetMeeting
12/02/2003 02:37 PM <DIR> Netscape
08/14/2007 04:04 PM <DIR> Online Services
12/14/2007 08:35 AM <DIR> Outlook Express
12/02/2003 02:44 PM <DIR> Quicken
08/19/2007 06:24 PM <DIR> QuickTime
12/02/2003 02:43 PM <DIR> Real
08/15/2007 12:35 AM <DIR> SBC
08/18/2007 09:34 PM <DIR> SBC Self Support Tool
08/15/2007 12:34 AM <DIR> SBC Yahoo!
12/02/2003 02:44 PM <DIR> Shield
08/14/2007 01:28 PM <DIR> Sony
08/18/2007 09:01 PM <DIR> support.com
12/02/2003 03:05 PM <DIR> VAIOAgent
12/13/2007 11:41 AM <DIR> Video Add-on
12/02/2003 02:37 PM <DIR> Viewpoint
10/10/2007 03:03 PM <DIR> vso
12/14/2007 12:36 PM <DIR> Windows Defender
12/14/2007 12:58 PM <DIR> Windows Live Safety Center
08/15/2007 08:50 AM <DIR> Windows Media Bonus Pack for Windows XP
08/15/2007 08:53 AM <DIR> Windows Media Connect 2
12/14/2007 08:29 AM <DIR> Windows Media Player
08/14/2007 03:27 PM <DIR> Windows NT
12/01/2003 07:36 PM <DIR> xerox
09/16/2007 08:43 AM <DIR> Yahoo!
0 File(s) 0 bytes
54 Dir(s) 6,748,553,216 bytes free
Volume in drive C has no label.
Volume Serial Number is 44AB-E1D7

Directory of C:\Program Files\common files

10/30/2007 07:22 PM <DIR> .
10/30/2007 07:22 PM <DIR> ..
12/02/2003 03:13 PM <DIR> Adobe
10/18/2007 12:43 PM <DIR> Ahead
08/19/2007 06:22 PM <DIR> Apple
08/15/2007 01:21 PM <DIR> CNC
08/14/2007 08:57 PM <DIR> DESIGNER
12/02/2003 02:44 PM <DIR> InstallShield
12/02/2003 02:44 PM <DIR> Intuit
12/02/2003 02:17 PM <DIR> Java
08/16/2007 10:52 AM <DIR> Logitech
08/15/2007 10:27 AM <DIR> Microsoft Shared
08/18/2007 09:32 PM <DIR> Motive
12/01/2003 07:34 PM <DIR> MSSoap
10/19/2007 03:04 PM <DIR> Nero
08/15/2007 10:20 AM <DIR> Nikon
12/01/2003 11:32 AM <DIR> ODBC
12/02/2003 02:44 PM <DIR> Palo Alto Software
08/15/2007 01:24 PM <DIR> Panasonic
08/14/2007 09:09 PM <DIR> Real
08/14/2007 02:42 PM <DIR> Scanner
12/01/2003 07:34 PM <DIR> Services
10/18/2007 02:14 PM <DIR> Simple Star Shared
12/02/2003 02:46 PM <DIR> Sony Shared
12/01/2003 11:32 AM <DIR> SpeechEngines
12/14/2007 08:35 AM <DIR> System
08/14/2007 09:09 PM <DIR> xing shared
0 File(s) 0 bytes
27 Dir(s) 6,748,553,216 bytes free

c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.3.2.6\iTunesSetupAdmin.exe
c:\Documents and Settings\claudia\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_en_US.exe
c:\Documents and Settings\claudia\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
c:\Documents and Settings\claudia\Application Data\Move Networks\ie_bin\Uninst.exe
c:\Documents and Settings\claudia\Application Data\Real\RealOne Player\setup\setup.exe
c:\Documents and Settings\claudia\Application Data\Simply Super Software\Trojan Remover\ydqA0.exe
c:\Documents and Settings\claudia\Desktop\mplayerc.exe
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpEngine.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{27A4CB1C-F319-4F27-B733-6EC3EAD34FA7}\mpengine.dll
c:\Documents and Settings\All Users\Application Data\Nero\DrWeb\Drweb32.dll
c:\Documents and Settings\claudia\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll
c:\Documents and Settings\claudia\Application Data\Move Networks\ie_bin\qsp2ie07074039.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_VALUED-B4B48255.tar.gz a l'adresse http://upload.malekal.com

naheulbeuk

Posté le 18/12/2007 20:51:27

bonsoir, déjà on va virer quelques rogues...

Télécharge SmitFraudFix
Guide d'utilisation : http://mickael.barroux.free.fr/securite/smitfraudfix.php

Double clic sur SmitfraudFix.exe pour le lancer
Choisis l'option 1 (Recherche)
Post moi le rapport !

bonne soirée :hello:

-------
Visitez mon site sur la sécurité informatique : http://www.site-naheulbeuk.com
Et son forum : http://www.site-naheulbeuk.com/forum/

guelmitx-

Posté le 18/12/2007 22:59:40

rebonjour,
enfin pour toi bon soir,je pense :sleep:

moi je suis a Dallas Tx,
ce sont quoi des rogues?
bon voila le resultat;

SmitFraudFix v2.271

Scan done at 15:53:05.98, Tue 12/18/2007
Run from D:\Program Files\smitfraudfix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\avast\aswUpdSv.exe
D:\Program Files\avast\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\AGRSMMSG.exe
D:\PROGRA~1\nero\NERO_8~1.COM\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\sony\usbsircs\usbsircs.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero 8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\avast\ashMaiSv.exe
D:\Program Files\avast\ashWebSv.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\claudia

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\claudia\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\claudia\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Helper\ FOUND !
C:\Program Files\Video Add-on\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d8b937a4-cdad-497b-a872-8da7c4c3ef6f}"="eaton"

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 68.94.156.1
DNS Server Search Order: 68.94.157.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{33B7F963-C47F-445B-81D4-73E2A4176590}: NameServer=68.94.156.1 68.94.157.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{33B7F963-C47F-445B-81D4-73E2A4176590}: NameServer=68.94.156.1 68.94.157.1

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End
moi je ne comprends rien hahahaah

merci encore :hello:

cobra1987

Posté le 14/07/2008 12:30:37

bonjour tout le monde !!

j ai le meme probleme ! j ai le meme rapport sur DiagHelp
EDITION MODERATEUR : Règle du forum à respecter :

Crée toi ton propre sujet !

Veuillez lire l'article suivant :
http://forum.telecharger.01net.com/telecharger/securite_virus_et_assimiles/a_(...)

Merci d'en prendre connaissance.

-->Message édité par naheulbeuk le 14/07/2008 12:32:57<--

[banc d'essai] Le classement des fournisseurs d'accès à Internet (28 août au 3 septembre)

[piratage] Justice clémente pour les « défaceurs » adeptes du cannabis

[logiciel] AutoCollage, le pêle-mêle photo peu convaincant de Microsoft

[sécurité] Laposte.net a diffusé involontairement une publicité piégée

[matériels] Avec son GPS communicant Z300, Becker passera à l'information trafic en temps réel

[cinéma] Le prochain film de Michael Moore offert aux internautes américains

[navigateur] Google Chrome téléchargé en masse dès son lancement

[vu sur le web] Le top 10 de la contrefaçon estivale sur PriceMinister