======List of files/folders created in the last 1 months======
2009-06-03 10:09:38 ----A---- C:\TB.txt
2009-06-03 10:08:50 ----D---- C:\ToolBar SD
2009-06-03 09:38:35 ----A---- C:\WINDOWS\system32\tmp.txt
2009-06-03 09:38:29 ----A---- C:\rapport.txt
2009-06-02 18:53:12 ----A---- C:\Rooter.txt
2009-06-02 18:51:59 ----D---- C:\Rooter$
2009-06-02 18:42:55 ----D---- C:\rsit
2009-06-01 08:58:33 ----D---- C:\Program Files\SpyHunter
2009-05-30 10:44:46 ----D---- C:\Program Files\DNA
2009-05-30 10:44:46 ----D---- C:\Documents and Settings\Pascal Zimmer\Application Data\DNA
2009-05-30 10:44:32 ----D---- C:\Program Files\Mozilla Firefox
2009-05-29 10:40:29 ----D---- C:\Program Files\undell
2009-05-28 21:21:06 ----SHD---- C:\RECYCLER
2009-05-28 19:48:12 ----D---- C:\WINDOWS\temp
2009-05-28 18:29:40 ----A---- C:\WINDOWS\imsins.BAK
2009-05-28 16:46:23 ----D---- C:\Program Files\Spyware Doctor
2009-05-24 17:33:28 ----A---- C:\Boot.bak
2009-05-24 17:33:23 ----RASHD---- C:\cmdcons
2009-05-24 17:31:37 ----A---- C:\WINDOWS\zip.exe
2009-05-24 17:31:37 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-05-24 17:31:37 ----A---- C:\WINDOWS\SWSC.exe
2009-05-24 17:31:37 ----A---- C:\WINDOWS\SWREG.exe
2009-05-24 17:31:37 ----A---- C:\WINDOWS\sed.exe
2009-05-24 17:31:37 ----A---- C:\WINDOWS\PEV.exe
2009-05-24 17:31:37 ----A---- C:\WINDOWS\NIRCMD.exe
2009-05-24 17:31:37 ----A---- C:\WINDOWS\grep.exe
2009-05-24 17:25:28 ----D---- C:\Qoobox
2009-05-24 15:01:43 ----D---- C:\WINDOWS\BDOSCAN8
2009-05-23 20:02:31 ----A---- C:\WINDOWS\ntbtlog.txt
2009-05-10 13:55:28 ----D---- C:\Documents and Settings\Pascal Zimmer\Application Data\AVS4YOU
2009-05-10 13:54:24 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2009-05-10 13:52:29 ----D---- C:\Program Files\Fichiers communs\AVSMedia
2009-05-10 13:52:03 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2009-05-10 13:52:02 ----D---- C:\Program Files\AVS4YOU
2009-05-10 13:52:02 ----A---- C:\WINDOWS\system32\msxml3a.dll
======List of files/folders modified in the last 1 months======
2009-06-03 10:14:47 ----D---- C:\Program Files\trend micro
2009-06-03 10:14:46 ----D---- C:\WINDOWS\Prefetch
2009-06-03 10:02:38 ----SD---- C:\WINDOWS\Tasks
2009-06-03 10:02:35 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-06-03 10:00:09 ----D---- C:\WINDOWS\system32
2009-06-03 09:53:29 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-03 09:31:01 ----RD---- C:\Program Files
2009-06-02 11:46:01 ----D---- C:\WINDOWS\system32\drivers
2009-06-01 08:58:33 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-31 19:49:30 ----A---- C:\WINDOWS\Antidote.ini
2009-05-31 19:47:20 ----D---- C:\WINDOWS
2009-05-31 12:38:46 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-30 11:54:51 ----HD---- C:\WINDOWS\inf
2009-05-30 10:10:56 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-30 10:10:29 ----A---- C:\WINDOWS\NCUNINST.EXE
2009-05-30 10:10:18 ----A---- C:\WINDOWS\hplj1010.ini
2009-05-30 10:10:07 ----SHD---- C:\WINDOWS\Installer
2009-05-30 10:10:07 ----D---- C:\Config.Msi
2009-05-30 10:08:32 ----D---- C:\Program Files\Hewlett-Packard
2009-05-29 14:49:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-05-29 09:19:21 ----D---- C:\Program Files\Lx_cats
2009-05-28 21:41:34 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-05-28 21:39:28 ----D---- C:\Program Files\SpywareBlaster
2009-05-28 19:58:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-28 19:44:45 ----A---- C:\WINDOWS\system.ini
2009-05-28 19:43:23 ----D---- C:\WINDOWS\AppPatch
2009-05-28 19:43:20 ----D---- C:\Program Files\Fichiers communs
2009-05-26 17:43:50 ----SHD---- C:\System Volume Information
2009-05-26 17:43:50 ----D---- C:\WINDOWS\system32\Restore
2009-05-26 13:27:33 ----D---- C:\Documents and Settings
2009-05-25 21:23:57 ----A---- C:\WINDOWS\wininit.ini
2009-05-24 17:36:01 ----D---- C:\WINDOWS\system32\config
2009-05-24 17:35:54 ----D---- C:\WINDOWS\ERDNT
2009-05-24 17:33:28 ----ASH---- C:\boot.ini
2009-05-24 15:01:46 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-05-18 11:17:12 ----D---- C:\WINDOWS\Debug
2009-05-18 11:17:10 ----D---- C:\WINDOWS\Minidump
2009-05-10 13:52:15 ----D---- C:\WINDOWS\WinSxS
2009-05-10 13:52:15 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-05-07 09:16:29 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-08-11 43520]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-03-19 11044]
R2 StreamDispatcher;StreamDispatcher; C:\WINDOWS\system32\DRIVERS\strmdisp.sys [2003-03-19 22400]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-11 391424]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-02-18 610988]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 Dot4;Pilote MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
R3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-23 24064]
R3 dskwatch;Disk Watch Filter; C:\WINDOWS\system32\drivers\dskwatch.sys [2004-11-30 15232]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-02-26 43520]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-03-19 1107072]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-03-19 177024]
R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2004-10-07 174592]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-03-19 622592]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys []
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\PASCAL~1\LOCALS~1\Temp\catchme.sys []
S3 fbxusb;Carte réseau virtuelle FreeBox USB; C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
S3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-02-26 43520]
S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys []
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys []
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 SNMP;Service SNMP; C:\WINDOWS\System32\snmp.exe [2008-04-14 33280]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S2 PEVSystemStart;PEVSystemStart; cmd /k start /i /dC: C:\ComboFix\HIDEC.exe C:\WINDOWS\system32\CF13365.exe /c RD /S/Q \$RECYCLE.bin \RECYCLER \RECYCLED []
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 lxcg_device;lxcg_device; C:\WINDOWS\system32\lxcgcoms.exe [2005-04-15 491520]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2002-08-01 65536]
S3 SNMPTRAP;Service d'interruption SNMP; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
-----------------EOF-----------------
Sujet: virtumonde RSIT 1ère partie 
Mer 3 Juin - 9:15
