infection par un bagle
Dernière réponse : dans Sécurité
Bonjour,
Depuis hier, mon antivirus est desactivé, impossible de le lancé, ni de lancé hijackthis, ni spybot.
comment dois-je faire,merci de m'aider.
Depuis hier, mon antivirus est desactivé, impossible de le lancé, ni de lancé hijackthis, ni spybot.
comment dois-je faire,merci de m'aider.
Autres pages sur : infection bagle
Lassé par la pub ? Créez un compte
Bonjour,
Télécharge Catchme ([#ff0000]Gmer[/#f]) sur ton Bureau.
Double clique sur catchme.exe (le .exe n'est pas forcément visible) afin de le lancer.
Lorsque la recherche sera terminée, poste le rapport catchme.log dans ta prochaine réponse.
bonjour et merci de me repondre
voici le rapport
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
? [2044]
? [3260]
? [3440]
scanning hidden services ...
HKLM\SYSTEM\CurrentControlSet\Services\srservicetectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\Srvervicetectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\SSDPSRVcetectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\ssmdrvVcetectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\stisvcVcetectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\streamipetectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\swenumipetectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\swmidiipetectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\SwPrviipetectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\swwdviipetectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\symc810petectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\symc8xxpetectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\sym_hixpetectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\sym_u3xpetectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\sysaudioetectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\SysmonLogtectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\TapiSrvogtectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\Tcpiprvogtectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\TDPIPEvogtectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\TDTCPEvogtectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\TermDDvogtectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\TermServicectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\Themesrvicectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\TosIdervicectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\TrkWksrvicectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\TSDDDsrvicectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\TuneUp.Defragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\UdfsUp.Defragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\ultrap.Defragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\Update.Defragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\upnphostefragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\UPSphostefragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\USBAAPLtefragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\usbccgptefragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\usbehcitefragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\usbhubitefragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\usbprintefragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\usbscantefragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\USBSTORtefragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\usbuhcitefragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\usnjsvctefragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\UxTuneUpefragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\VgaSavepefragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\ViaIdeepefragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\VolSnappefragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\VSSSnappefragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\W32Timepefragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\W3SVCmepefragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\Wanarpepefragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\Wdf01000efragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\WDICA000efragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\wdmaud00efragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\WebClientfragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\winmgmtntfragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\Winsockntfragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2tfragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\WinTrusttfragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\WLSetupSvcragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\WmdmPmSNvcragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\WmimPmSNvcragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\WmiApRplvcragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\WmiApSrvvcragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\WMPNetworkSvcioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\wscsvcworkSvcioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\WSTCODECrkSvcioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\wuauservrkSvcioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\WudfPfrvrkSvcioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\WudfRdrvrkSvcioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\WudfSvcvrkSvcioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\WZCSVCcvrkSvcioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\xmlprovvrkSvcioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\ap80hkvbD-2DBB-403C-A6AD-221044129E47}
scanning hidden autostart entries ...
Bonjour et merci de m'aider
Voici le rapport:
scanning hidden files ...
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\Help\shared
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\Help\shared\flags
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\Help\shared\Help.ico 8192 bytes
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\Help\shared\languages.html 4096 bytes
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\Help\shared\style.css 336 bytes
scan completed successfully
hidden processes: 3
hidden services: 72
hidden files: 5
voici le rapport
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
? [2044]
? [3260]
? [3440]
scanning hidden services ...
HKLM\SYSTEM\CurrentControlSet\Services\srservicetectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\Srvervicetectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\SSDPSRVcetectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\ssmdrvVcetectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\stisvcVcetectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\streamipetectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\swenumipetectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\swmidiipetectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\SwPrviipetectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\swwdviipetectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\symc810petectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\symc8xxpetectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\sym_hixpetectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\sym_u3xpetectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\sysaudioetectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\SysmonLogtectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\TapiSrvogtectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\Tcpiprvogtectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\TDPIPEvogtectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\TDTCPEvogtectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\TermDDvogtectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\TermServicectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\Themesrvicectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\TosIdervicectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\TrkWksrvicectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\TSDDDsrvicectioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\TuneUp.Defragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\UdfsUp.Defragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\ultrap.Defragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\Update.Defragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\upnphostefragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\UPSphostefragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\USBAAPLtefragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\usbccgptefragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\usbehcitefragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\usbhubitefragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\usbprintefragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\usbscantefragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\USBSTORtefragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\usbuhcitefragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\usnjsvctefragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\UxTuneUpefragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\VgaSavepefragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\ViaIdeepefragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\VolSnappefragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\VSSSnappefragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\W32Timepefragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\W3SVCmepefragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\Wanarpepefragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\Wdf01000efragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\WDICA000efragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\wdmaud00efragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\WebClientfragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\winmgmtntfragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\Winsockntfragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2tfragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\WinTrusttfragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\WLSetupSvcragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\WmdmPmSNvcragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\WmimPmSNvcragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\WmiApRplvcragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\WmiApSrvvcragioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\WMPNetworkSvcioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\wscsvcworkSvcioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\WSTCODECrkSvcioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\wuauservrkSvcioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\WudfPfrvrkSvcioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\WudfRdrvrkSvcioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\WudfSvcvrkSvcioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\WZCSVCcvrkSvcioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\xmlprovvrkSvcioneeduler 3ility
HKLM\SYSTEM\CurrentControlSet\Services\ap80hkvbD-2DBB-403C-A6AD-221044129E47}
scanning hidden autostart entries ...
Bonjour et merci de m'aider
Voici le rapport:
scanning hidden files ...
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\Help\shared
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\Help\shared\flags
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\Help\shared\Help.ico 8192 bytes
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\Help\shared\languages.html 4096 bytes
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\Help\shared\style.css 336 bytes
scan completed successfully
hidden processes: 3
hidden services: 72
hidden files: 5
On va essayer Combofix pour voir.
[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Ca y est , voici le rapport
ComboFix 08-10-23.01 - Gervaise et Sylvain 2008-10-23 21:36:03.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.582 [GMT 2:00]
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\data.oct
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\flec006.exe
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\list.oct
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\123Forms_3.6.1_[Crack].zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\3D_A_Salute_to_America_1.0_(Crack).zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\4Slideshow_1.1.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\70-320_-_XML_Web_Services_and_Server_Components_with_C#.NET_Practice_Test_Questions_1.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Absolut_Chess_1.4.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\AbsoluteView_1.3_[Patch].zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Acid_Calculator_1.01.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Act! Password 11.0.8050.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\ADO Query 1.2.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Advantage_Web_Log_Analyzer_4.7.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\AL Christmas Screensaver 1.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Alice_Amazed_1.2.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\All Sound Recorder XP 2.30.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Alta Sticker Light 3.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\AntiCutAndPaste 1.8.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\AuctionSieve 1.8.7.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\AV_Movie_Morpher_2.0.15.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Backup Mover 1.0 Beta.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Bayden PopupPopper 2.2.1.21.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\BearShare Manager 1.1.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Browser_Sentinel_2.1.1_[Key+Serial].zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\BYLog_ActiveX_Control_3.4.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\CarMonitor_for_Symbian_Series_80_1.3.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\CDEveryWhere_2.0_build_67_Patch.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\CDSpace_5.1.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Click_to_Convert_5.12.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\ClickMarkerFree 1.5 (Key+Serial).zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Colorado_Events_1.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Core_SpyPreceed_Security_2007_Standard_1.16.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\CountLn_1.01.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Crawler_Notes_4.5.0.41.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Crossword_Designer_1.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Cuckoo_Clock_3D_1.0_build_2_(Cracked).zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Delta_Trading_3.0.3_With_Crack.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Desktop Renamer 1.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Detonator_30.xx_To_40.xx_Fix_1.1.1.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\DiscJuggler 6.00.1400.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\DJ_Boo_Boo_2.0.8.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Double-Six_Dominoes_1.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\EasyCatalog_CS_for_Adobe_InDesign_CS2_2.1.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\EF_File_Catalog_1.60_[Key+Serial].zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\EnterNetica_VolumePhoto_SE_1.0_[With_Crack].zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Eschelbacher_Enterprises_WebEditor_2006.21.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Event_Countdown_1.0.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\eZeText_3.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\File List Pro 9.1.46.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\File Seeker 1.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Flame_Screensaver.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Forest_Waterfalls_2_1.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\FraudEliminator_2.4.1.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Free_Picture_Finder_3.6_(Key+Serial).zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Fruit Machine 1.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Hanami_1.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Hard_Rock_Casino_1.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Hero_Video_Converter_2.7.8.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Hexa_Screensaver_1.4_(KeyGen).zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Hide Ads 1.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\IT_Manager_1.21_Key+Serial.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\JahShaka 2.0 RC1.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\JavaScript_GradientWipe_PopMenu_1.0_[Serial].zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Jazz Params 1.5.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Jet_Storage_UDF_SDK_1.6_(KeyGen).zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Kform_Project_Manager_2.5.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\kHomeAccounting_1.0_[With_Crack].zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\KidsBrowser_3.1.1.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Lazy_Web_Search_2.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Lifemeter 1.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Local Port Scanner 1.2.2.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\MacroMaker_2.0.0.4.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\MightyLinker_1.9_(KeyGen).zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Monitor_My_PC_2.2.192.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\MonitorMagic_-_Server_and_Network_Monitoring_6.0_build_1279.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\MSUN_Decoder_Pack_2005.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\MySQL_Maestro_7.6_(Crack).zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\NASA_Research_Aircraft_Screensaver_1.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\NutriGenie_Glycemic_Index_Diet_5.0_(Patch).zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Paraben's_Text_Searcher_1.2.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Password_Protect_3.2.0.1_Serial.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\PDF_Split_&_Cut_Multiple_Files_Software_7.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\PicDownloader_1.0_beta.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Presto_Transfer_Excel_1.7.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Privacy Protector 4.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\QuickInstall 2.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\RapidBATCH 5.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Retina_Network_Security_Scanner_5.4.17.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\S-Notepad_Pro_1.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\SafeJDBC_2.0_With_Crack.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Serials.Kaspersky.Mobile.Anti.Virus.infos.2006.All.versions.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Silver Editor 1.3.8.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Simple Timer Gadget 1.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\SimpleDOX 4.1.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Small_Business_Inventory_Control_Standard_7.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Sofia_1.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Soldier_of_Fortune_II_Double_Helix_-_Kowloon_map.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Southrim_Ping_Finder_1.1.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Spamoed_4.6.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Sporting Life 2 Screensaver.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\SpyderBar 1.1d Beta.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Standardized_Test_System_5.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Stock_Me_Up_1.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\SuperCat_4.4.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Symantec.Norton.Internet.Secuity.2006.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\TagRunner_2.0.0.16_Patch.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\TaskGuardian 1.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\TestPath_1.3.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\The 'e' Chromatic Tuner 0.9.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\The Colours Of The Rainbow 1.22.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Total 3D Home Design Deluxe 9.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\TriAngles 3D Viewer 1 R2.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\TVicPort 4.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\UnderCoverXP_1.2.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\UnMask It! 1.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\User_Management_Resource_Administrator_7.6_Build_1302_(Cracked).zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\VidGIF_2.0_[Patch].zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\VirtualBus_2.6.14.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Visual_Color_Picker_2.6.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\VMCI_Plus_2.03.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Vypress Auvis 3.0 (Key).zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Web Proxy Checker 1.2.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Web_Log_Explorer_Professional_3.3_Patch.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Webolize_IssueTracker_1.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\White_Noise_Player_1.01_(Key).zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\WipeUrTrax_1.42.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Wolves Screensaver 1.0.6.2634.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Working_Time_2.16.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Zip Password Recovery 2.05 [Cracked].zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\ZipWorx Explorer Wizard 2.5.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\srvlist.oct
C:\InfoSat.txt
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\104328.exe
C:\WINDOWS\system32\drivers\downld\110156.exe
C:\WINDOWS\system32\drivers\downld\113046.exe
C:\WINDOWS\system32\drivers\downld\114781.exe
C:\WINDOWS\system32\drivers\downld\117156.exe
C:\WINDOWS\system32\drivers\downld\156218.exe
C:\WINDOWS\system32\drivers\downld\204796.exe
C:\WINDOWS\system32\drivers\downld\215078.exe
C:\WINDOWS\system32\drivers\downld\354625.exe
C:\WINDOWS\system32\drivers\downld\389093.exe
C:\WINDOWS\system32\drivers\downld\433531.exe
C:\WINDOWS\system32\drivers\downld\440640.exe
C:\WINDOWS\system32\drivers\downld\470968.exe
C:\WINDOWS\system32\drivers\downld\481515.exe
C:\WINDOWS\system32\drivers\downld\60265.exe
C:\WINDOWS\system32\drivers\downld\63906.exe
C:\WINDOWS\system32\drivers\downld\64234.exe
C:\WINDOWS\system32\drivers\downld\70406.exe
C:\WINDOWS\system32\drivers\downld\73109.exe
C:\WINDOWS\system32\drivers\downld\73328.exe
C:\WINDOWS\system32\drivers\downld\75671.exe
C:\WINDOWS\system32\drivers\downld\77453.exe
C:\WINDOWS\system32\drivers\downld\80250.exe
C:\WINDOWS\system32\drivers\downld\88328.exe
C:\WINDOWS\system32\drivers\downld\93937.exe
C:\WINDOWS\system32\drivers\downld\96187.exe
C:\WINDOWS\system32\drivers\downld\98109.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-23 au 2008-10-23 ))))))))))))))))))))))))))))))))))))
.
2008-10-22 19:39 . 2008-04-13 20:46 38,912 --a--c--- C:\WINDOWS\system32\dllcache\avc.sys
2008-10-22 19:39 . 2001-08-17 22:01 36,096 --a--c--- C:\WINDOWS\system32\dllcache\avcaudio.sys
2008-10-22 19:39 . 2001-08-17 20:49 26,624 --a--c--- C:\WINDOWS\system32\dllcache\ativxbar.sys
2008-10-22 19:39 . 2001-08-17 20:49 23,552 --a--c--- C:\WINDOWS\system32\dllcache\atixbar.sys
2008-10-22 19:39 . 2001-08-17 20:49 19,456 --a--c--- C:\WINDOWS\system32\dllcache\ativttxx.sys
2008-10-22 19:39 . 2001-08-17 20:49 17,152 --a--c--- C:\WINDOWS\system32\dllcache\atitvsnd.sys
2008-10-22 19:39 . 2001-08-17 20:49 17,152 --a--c--- C:\WINDOWS\system32\dllcache\atitunep.sys
2008-10-22 19:39 . 2001-08-17 20:49 9,472 --a--c--- C:\WINDOWS\system32\dllcache\ativmdcd.sys
2008-10-22 19:38 . 2001-08-23 17:46 382,592 --a--c--- C:\WINDOWS\system32\dllcache\atidrab.dll
2008-10-22 19:38 . 2001-08-23 16:59 289,920 --a--c--- C:\WINDOWS\system32\dllcache\atimpab.sys
2008-10-22 19:38 . 2001-08-23 16:59 281,728 --a--c--- C:\WINDOWS\system32\dllcache\atimtai.sys
2008-10-22 19:38 . 2001-08-23 17:46 268,160 --a--c--- C:\WINDOWS\system32\dllcache\atidvai.dll
2008-10-22 19:38 . 2001-08-23 17:46 137,216 --a--c--- C:\WINDOWS\system32\dllcache\atidrae.dll
2008-10-22 19:38 . 2001-08-23 17:46 104,832 --a--c--- C:\WINDOWS\system32\dllcache\atiraged.dll
2008-10-22 19:38 . 2001-08-23 16:59 75,392 --a--c--- C:\WINDOWS\system32\dllcache\atimpae.sys
2008-10-22 19:38 . 2001-08-23 16:59 70,784 --a--c--- C:\WINDOWS\system32\dllcache\atiragem.sys
2008-10-22 19:38 . 2001-08-17 20:49 49,920 --a--c--- C:\WINDOWS\system32\dllcache\atirtcap.sys
2008-10-22 19:38 . 2001-08-23 17:47 37,376 --a--c--- C:\WINDOWS\system32\dllcache\atievxx.exe
2008-10-22 19:38 . 2001-08-17 20:49 26,880 --a--c--- C:\WINDOWS\system32\dllcache\atirtsnd.sys
2008-10-22 19:38 . 2001-08-17 20:49 10,240 --a--c--- C:\WINDOWS\system32\dllcache\atipcxxx.sys
2008-10-22 19:37 . 2001-08-17 20:12 97,354 --a--c--- C:\WINDOWS\system32\dllcache\aspndis3.sys
2008-10-22 19:37 . 2001-08-23 17:46 96,128 --a--c--- C:\WINDOWS\system32\dllcache\ati.dll
2008-10-22 19:37 . 2001-08-23 16:59 77,824 --a--c--- C:\WINDOWS\system32\dllcache\ati.sys
2008-10-22 19:37 . 2001-08-17 20:49 46,464 --a--c--- C:\WINDOWS\system32\dllcache\atibt829.sys
2008-10-22 19:37 . 2002-08-28 22:59 36,224 --a--c--- C:\WINDOWS\system32\dllcache\an983.sys
2008-10-22 19:37 . 2001-08-17 21:52 26,496 --a--c--- C:\WINDOWS\system32\dllcache\asc.sys
2008-10-22 19:37 . 2001-08-17 21:52 22,400 --a--c--- C:\WINDOWS\system32\dllcache\asc3350p.sys
2008-10-22 19:37 . 2001-08-17 20:11 16,969 --a--c--- C:\WINDOWS\system32\dllcache\amb8002.sys
2008-10-22 19:37 . 2001-08-17 21:51 14,848 --a--c--- C:\WINDOWS\system32\dllcache\asc3550.sys
2008-10-22 19:37 . 2001-08-17 21:52 12,032 --a--c--- C:\WINDOWS\system32\dllcache\amsint.sys
2008-10-22 19:37 . 2001-08-17 21:47 6,272 --a--c--- C:\WINDOWS\system32\dllcache\apmbatt.sys
2008-10-22 19:36 . 2001-08-17 22:07 56,960 --a--c--- C:\WINDOWS\system32\dllcache\aic78xx.sys
2008-10-22 19:36 . 2001-08-17 22:07 55,168 --a--c--- C:\WINDOWS\system32\dllcache\aic78u2.sys
2008-10-22 19:36 . 2001-08-17 20:11 27,678 --a--c--- C:\WINDOWS\system32\dllcache\ali5261.sys
2008-10-22 19:36 . 2001-08-17 21:49 26,624 --a--c--- C:\WINDOWS\system32\dllcache\alifir.sys
2008-10-22 19:36 . 2001-08-17 21:52 12,800 --a--c--- C:\WINDOWS\system32\dllcache\aha154x.sys
2008-10-22 19:36 . 2001-08-17 21:51 5,248 --a--c--- C:\WINDOWS\system32\dllcache\aliide.sys
2008-10-22 19:34 . 2008-04-13 20:46 48,128 --a--c--- C:\WINDOWS\system32\dllcache\61883.sys
2008-10-22 19:34 . 2008-04-13 20:40 12,288 --a--c--- C:\WINDOWS\system32\dllcache\4mmdat.sys
2008-10-22 19:22 . 2008-10-22 19:22 <REP> d-------- C:\Muestras
2008-10-22 18:14 . 2006-10-01 02:02 798,728 --------- C:\WINDOWS\system32\drivers\winfilse.exe
2008-10-22 18:06 . 2008-10-22 19:00 <REP> d-------- C:\Program Files\MSN Password Recovery
2008-10-21 14:50 . 2008-10-21 14:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PopCap
2008-10-17 17:07 . 2008-10-17 17:07 <REP> d-------- C:\Program Files\Wyzo
2008-10-17 16:59 . 2008-10-17 17:09 <REP> d-------- C:\Program Files\SpotAuditor
2008-10-15 17:50 . 2008-09-08 12:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 17:49 . 2008-08-14 15:23 2,191,232 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 17:49 . 2008-08-14 15:23 2,147,328 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 17:49 . 2008-08-14 15:23 2,068,096 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 17:49 . 2008-08-14 15:23 2,025,984 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 17:49 . 2008-09-15 17:26 1,846,528 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-14 20:39 . 2008-10-14 20:39 <REP> d-------- C:\Documents and Settings\Gervaise et Sylvain\Application Data\HP
2008-10-14 20:34 . 2008-10-14 20:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-10-14 20:33 . 2008-10-14 20:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-10-14 20:33 . 2007-03-07 07:20 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-10-14 20:33 . 2007-03-07 07:20 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-10-14 20:32 . 2007-03-16 19:11 675,840 -ra------ C:\WINDOWS\system32\hpowiax3.dll
2008-10-14 20:32 . 2007-03-16 19:11 569,344 -ra------ C:\WINDOWS\system32\hpotscl3.dll
2008-10-14 20:32 . 2007-03-07 07:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-10-14 20:32 . 2007-03-07 07:20 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-10-14 20:32 . 2007-03-16 19:11 303,104 -ra------ C:\WINDOWS\system32\hpovst10.dll
2008-10-14 20:32 . 2007-03-29 18:07 267,864 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-10-14 20:32 . 2007-03-28 14:01 117,760 --a------ C:\WINDOWS\system32\hpzll5ha.dll
2008-10-14 20:32 . 2007-03-07 07:20 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-10-14 20:30 . 2008-10-20 19:24 <REP> d-------- C:\Documents and Settings\Gervaise et Sylvain\Application Data\HPAppData
2008-10-14 20:30 . 2008-10-14 20:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-10-14 20:29 . 2008-10-14 20:29 <REP> d-------- C:\Program Files\Fichiers communs\HP
2008-10-14 20:29 . 2008-10-14 20:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-10-14 20:29 . 2008-10-14 20:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-10-14 20:28 . 2008-10-14 20:28 <REP> d-------- C:\Program Files\Hewlett-Packard
2008-10-14 20:28 . 2008-10-14 20:28 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard
2008-10-14 20:27 . 2008-10-14 20:30 <REP> d-------- C:\Program Files\HP
2008-10-14 20:26 . 2008-10-14 20:39 162,218 --a------ C:\WINDOWS\hpoins14.dat
2008-10-14 20:26 . 2008-04-02 10:01 2,000 --------- C:\WINDOWS\hpomdl14.dat
2008-10-04 11:20 . 2008-10-04 11:20 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-10-03 20:51 . 2008-10-04 10:35 <REP> d-------- C:\Program Files\NOS
2008-10-03 20:51 . 2008-10-04 11:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-09-30 21:03 . 2008-09-30 21:05 5,376 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-09-27 19:10 . 2008-09-27 19:10 <REP> d-------- C:\Program Files\Avira
2008-09-27 19:10 . 2008-09-27 19:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-27 18:13 . 2008-10-22 20:23 <REP> d-------- C:\Program Files\FindyKill
2008-09-26 23:04 . 2008-09-26 23:04 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-09-26 22:04 . 2008-09-26 22:04 <REP> d-------- C:\Program Files\Trend Micro
2008-09-26 17:45 . 2008-09-26 17:46 16,574 --a------ C:\WINDOWS\EPISMF00.SWB
2008-09-23 20:40 . 2008-09-23 20:40 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-23 20:40 . 2008-09-23 20:40 <REP> d-------- C:\Documents and Settings\Gervaise et Sylvain\Application Data\Malwarebytes
2008-09-23 20:40 . 2008-09-23 20:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-23 20:40 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-23 20:40 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-23 20:03 . 2008-09-23 20:03 <REP> d-------- C:\Program Files\SpywareBlaster
2008-09-23 19:59 . 2008-09-23 19:59 268 --ah----- C:\sqmdata01.sqm
2008-09-23 19:59 . 2008-09-23 19:59 244 --ah----- C:\sqmnoopt01.sqm
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-23 19:26 --------- d-----w C:\Documents and Settings\Gervaise et Sylvain\Application Data\Free Download Manager
2008-10-22 16:11 --------- d-----w C:\Program Files\eMule
2008-10-22 16:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-20 15:59 --------- d-----w C:\Documents and Settings\Gervaise et Sylvain\Application Data\LimeWire
2008-10-15 16:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-14 18:11 --------- d-----w C:\Program Files\epson
2008-10-14 18:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-30 19:05 72,074 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-09-30 19:05 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-09-23 20:41 --------- d-----w C:\Program Files\Google
2008-09-23 17:58 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-26 08:11 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 13:23 2,191,232 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:23 2,068,096 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-04 13:55 355,584 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-05-31 19:15 65,995,752 ----a-w C:\Documents and Settings\Gervaise et Sylvain\TRACE_BOOT+DRIVERS_1_1.BIN
2008-04-01 15:48 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.
------- Sigcheck -------
2008-04-14 04:34 979968 3efe912dd25d2586e6a0341db0a66f69 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-20 01:09 978432 c2e06cb7cfb5dbd8767ddd5e2e18cf71 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-14 04:34 979968 3efe912dd25d2586e6a0341db0a66f69 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-07-18 22:10 68808 136896c2cdc3f689876e0d44485153ea C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe
2008-07-18 22:10 68808 136896c2cdc3f689876e0d44485153ea C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10 53448 d316e28958873859b88d72cf47ad1ea5 C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-10-23 266497]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\Gervaise et Sylvain\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-08-04 355584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'
2008-07-09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
2008-10-23 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-Cmaudio - cmicnfg.cpl
SafeBoot-sglfb.sys
SafeBoot-tga.sys
SafeBoot-wd.sys
SafeBoot-sacsvr
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.orange.fr/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 -: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 -: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 -: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_2_0_4_13.cab
C:\WINDOWS\Downloaded Program Files\hardwaredetection.inf
O16 -: {BA162249-F2C5-4851-8ADC-FC58CB424243} - hxxp://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.1.1.0/ImageUploader5.cab
C:\WINDOWS\Downloaded Program Files\ImageUploader5.inf
C:\WINDOWS\system32\unicows.dll
C:\WINDOWS\Downloaded Program Files\ImageUploader5.ocx
O16 -: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://jeuxentelechargement.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
C:\WINDOWS\Downloaded Program Files\OberonGameHost_dbg.inf
C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-23 21:40:46
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
.
**************************************************************************
.
Heure de fin: 2008-10-23 21:53:50 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-23 19:53:46
Avant-CF: 21,979,103,232 octets libres
Après-CF: 21,771,976,704 octets libres
411 --- E O F --- 2008-10-23 19:44:19
ComboFix 08-10-23.01 - Gervaise et Sylvain 2008-10-23 21:36:03.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.582 [GMT 2:00]
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\data.oct
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\flec006.exe
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\list.oct
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\123Forms_3.6.1_[Crack].zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\3D_A_Salute_to_America_1.0_(Crack).zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\4Slideshow_1.1.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\70-320_-_XML_Web_Services_and_Server_Components_with_C#.NET_Practice_Test_Questions_1.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Absolut_Chess_1.4.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\AbsoluteView_1.3_[Patch].zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Acid_Calculator_1.01.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Act! Password 11.0.8050.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\ADO Query 1.2.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Advantage_Web_Log_Analyzer_4.7.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\AL Christmas Screensaver 1.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Alice_Amazed_1.2.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\All Sound Recorder XP 2.30.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Alta Sticker Light 3.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\AntiCutAndPaste 1.8.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\AuctionSieve 1.8.7.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\AV_Movie_Morpher_2.0.15.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Backup Mover 1.0 Beta.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Bayden PopupPopper 2.2.1.21.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\BearShare Manager 1.1.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Browser_Sentinel_2.1.1_[Key+Serial].zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\BYLog_ActiveX_Control_3.4.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\CarMonitor_for_Symbian_Series_80_1.3.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\CDEveryWhere_2.0_build_67_Patch.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\CDSpace_5.1.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Click_to_Convert_5.12.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\ClickMarkerFree 1.5 (Key+Serial).zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Colorado_Events_1.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Core_SpyPreceed_Security_2007_Standard_1.16.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\CountLn_1.01.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Crawler_Notes_4.5.0.41.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Crossword_Designer_1.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Cuckoo_Clock_3D_1.0_build_2_(Cracked).zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Delta_Trading_3.0.3_With_Crack.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Desktop Renamer 1.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Detonator_30.xx_To_40.xx_Fix_1.1.1.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\DiscJuggler 6.00.1400.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\DJ_Boo_Boo_2.0.8.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Double-Six_Dominoes_1.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\EasyCatalog_CS_for_Adobe_InDesign_CS2_2.1.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\EF_File_Catalog_1.60_[Key+Serial].zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\EnterNetica_VolumePhoto_SE_1.0_[With_Crack].zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Eschelbacher_Enterprises_WebEditor_2006.21.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Event_Countdown_1.0.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\eZeText_3.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\File List Pro 9.1.46.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\File Seeker 1.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Flame_Screensaver.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Forest_Waterfalls_2_1.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\FraudEliminator_2.4.1.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Free_Picture_Finder_3.6_(Key+Serial).zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Fruit Machine 1.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Hanami_1.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Hard_Rock_Casino_1.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Hero_Video_Converter_2.7.8.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Hexa_Screensaver_1.4_(KeyGen).zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Hide Ads 1.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\IT_Manager_1.21_Key+Serial.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\JahShaka 2.0 RC1.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\JavaScript_GradientWipe_PopMenu_1.0_[Serial].zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Jazz Params 1.5.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Jet_Storage_UDF_SDK_1.6_(KeyGen).zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Kform_Project_Manager_2.5.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\kHomeAccounting_1.0_[With_Crack].zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\KidsBrowser_3.1.1.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Lazy_Web_Search_2.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Lifemeter 1.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Local Port Scanner 1.2.2.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\MacroMaker_2.0.0.4.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\MightyLinker_1.9_(KeyGen).zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Monitor_My_PC_2.2.192.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\MonitorMagic_-_Server_and_Network_Monitoring_6.0_build_1279.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\MSUN_Decoder_Pack_2005.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\MySQL_Maestro_7.6_(Crack).zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\NASA_Research_Aircraft_Screensaver_1.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\NutriGenie_Glycemic_Index_Diet_5.0_(Patch).zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Paraben's_Text_Searcher_1.2.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Password_Protect_3.2.0.1_Serial.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\PDF_Split_&_Cut_Multiple_Files_Software_7.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\PicDownloader_1.0_beta.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Presto_Transfer_Excel_1.7.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Privacy Protector 4.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\QuickInstall 2.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\RapidBATCH 5.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Retina_Network_Security_Scanner_5.4.17.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\S-Notepad_Pro_1.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\SafeJDBC_2.0_With_Crack.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Serials.Kaspersky.Mobile.Anti.Virus.infos.2006.All.versions.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Silver Editor 1.3.8.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Simple Timer Gadget 1.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\SimpleDOX 4.1.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Small_Business_Inventory_Control_Standard_7.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Sofia_1.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Soldier_of_Fortune_II_Double_Helix_-_Kowloon_map.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Southrim_Ping_Finder_1.1.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Spamoed_4.6.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Sporting Life 2 Screensaver.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\SpyderBar 1.1d Beta.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Standardized_Test_System_5.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Stock_Me_Up_1.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\SuperCat_4.4.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Symantec.Norton.Internet.Secuity.2006.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\TagRunner_2.0.0.16_Patch.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\TaskGuardian 1.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\TestPath_1.3.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\The 'e' Chromatic Tuner 0.9.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\The Colours Of The Rainbow 1.22.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Total 3D Home Design Deluxe 9.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\TriAngles 3D Viewer 1 R2.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\TVicPort 4.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\UnderCoverXP_1.2.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\UnMask It! 1.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\User_Management_Resource_Administrator_7.6_Build_1302_(Cracked).zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\VidGIF_2.0_[Patch].zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\VirtualBus_2.6.14.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Visual_Color_Picker_2.6.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\VMCI_Plus_2.03.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Vypress Auvis 3.0 (Key).zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Web Proxy Checker 1.2.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Web_Log_Explorer_Professional_3.3_Patch.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Webolize_IssueTracker_1.0.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\White_Noise_Player_1.01_(Key).zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\WipeUrTrax_1.42.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Wolves Screensaver 1.0.6.2634.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Working_Time_2.16.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\Zip Password Recovery 2.05 [Cracked].zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\shared\ZipWorx Explorer Wizard 2.5.zip
C:\Documents and Settings\Gervaise et Sylvain\Application Data\m\srvlist.oct
C:\InfoSat.txt
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\104328.exe
C:\WINDOWS\system32\drivers\downld\110156.exe
C:\WINDOWS\system32\drivers\downld\113046.exe
C:\WINDOWS\system32\drivers\downld\114781.exe
C:\WINDOWS\system32\drivers\downld\117156.exe
C:\WINDOWS\system32\drivers\downld\156218.exe
C:\WINDOWS\system32\drivers\downld\204796.exe
C:\WINDOWS\system32\drivers\downld\215078.exe
C:\WINDOWS\system32\drivers\downld\354625.exe
C:\WINDOWS\system32\drivers\downld\389093.exe
C:\WINDOWS\system32\drivers\downld\433531.exe
C:\WINDOWS\system32\drivers\downld\440640.exe
C:\WINDOWS\system32\drivers\downld\470968.exe
C:\WINDOWS\system32\drivers\downld\481515.exe
C:\WINDOWS\system32\drivers\downld\60265.exe
C:\WINDOWS\system32\drivers\downld\63906.exe
C:\WINDOWS\system32\drivers\downld\64234.exe
C:\WINDOWS\system32\drivers\downld\70406.exe
C:\WINDOWS\system32\drivers\downld\73109.exe
C:\WINDOWS\system32\drivers\downld\73328.exe
C:\WINDOWS\system32\drivers\downld\75671.exe
C:\WINDOWS\system32\drivers\downld\77453.exe
C:\WINDOWS\system32\drivers\downld\80250.exe
C:\WINDOWS\system32\drivers\downld\88328.exe
C:\WINDOWS\system32\drivers\downld\93937.exe
C:\WINDOWS\system32\drivers\downld\96187.exe
C:\WINDOWS\system32\drivers\downld\98109.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-23 au 2008-10-23 ))))))))))))))))))))))))))))))))))))
.
2008-10-22 19:39 . 2008-04-13 20:46 38,912 --a--c--- C:\WINDOWS\system32\dllcache\avc.sys
2008-10-22 19:39 . 2001-08-17 22:01 36,096 --a--c--- C:\WINDOWS\system32\dllcache\avcaudio.sys
2008-10-22 19:39 . 2001-08-17 20:49 26,624 --a--c--- C:\WINDOWS\system32\dllcache\ativxbar.sys
2008-10-22 19:39 . 2001-08-17 20:49 23,552 --a--c--- C:\WINDOWS\system32\dllcache\atixbar.sys
2008-10-22 19:39 . 2001-08-17 20:49 19,456 --a--c--- C:\WINDOWS\system32\dllcache\ativttxx.sys
2008-10-22 19:39 . 2001-08-17 20:49 17,152 --a--c--- C:\WINDOWS\system32\dllcache\atitvsnd.sys
2008-10-22 19:39 . 2001-08-17 20:49 17,152 --a--c--- C:\WINDOWS\system32\dllcache\atitunep.sys
2008-10-22 19:39 . 2001-08-17 20:49 9,472 --a--c--- C:\WINDOWS\system32\dllcache\ativmdcd.sys
2008-10-22 19:38 . 2001-08-23 17:46 382,592 --a--c--- C:\WINDOWS\system32\dllcache\atidrab.dll
2008-10-22 19:38 . 2001-08-23 16:59 289,920 --a--c--- C:\WINDOWS\system32\dllcache\atimpab.sys
2008-10-22 19:38 . 2001-08-23 16:59 281,728 --a--c--- C:\WINDOWS\system32\dllcache\atimtai.sys
2008-10-22 19:38 . 2001-08-23 17:46 268,160 --a--c--- C:\WINDOWS\system32\dllcache\atidvai.dll
2008-10-22 19:38 . 2001-08-23 17:46 137,216 --a--c--- C:\WINDOWS\system32\dllcache\atidrae.dll
2008-10-22 19:38 . 2001-08-23 17:46 104,832 --a--c--- C:\WINDOWS\system32\dllcache\atiraged.dll
2008-10-22 19:38 . 2001-08-23 16:59 75,392 --a--c--- C:\WINDOWS\system32\dllcache\atimpae.sys
2008-10-22 19:38 . 2001-08-23 16:59 70,784 --a--c--- C:\WINDOWS\system32\dllcache\atiragem.sys
2008-10-22 19:38 . 2001-08-17 20:49 49,920 --a--c--- C:\WINDOWS\system32\dllcache\atirtcap.sys
2008-10-22 19:38 . 2001-08-23 17:47 37,376 --a--c--- C:\WINDOWS\system32\dllcache\atievxx.exe
2008-10-22 19:38 . 2001-08-17 20:49 26,880 --a--c--- C:\WINDOWS\system32\dllcache\atirtsnd.sys
2008-10-22 19:38 . 2001-08-17 20:49 10,240 --a--c--- C:\WINDOWS\system32\dllcache\atipcxxx.sys
2008-10-22 19:37 . 2001-08-17 20:12 97,354 --a--c--- C:\WINDOWS\system32\dllcache\aspndis3.sys
2008-10-22 19:37 . 2001-08-23 17:46 96,128 --a--c--- C:\WINDOWS\system32\dllcache\ati.dll
2008-10-22 19:37 . 2001-08-23 16:59 77,824 --a--c--- C:\WINDOWS\system32\dllcache\ati.sys
2008-10-22 19:37 . 2001-08-17 20:49 46,464 --a--c--- C:\WINDOWS\system32\dllcache\atibt829.sys
2008-10-22 19:37 . 2002-08-28 22:59 36,224 --a--c--- C:\WINDOWS\system32\dllcache\an983.sys
2008-10-22 19:37 . 2001-08-17 21:52 26,496 --a--c--- C:\WINDOWS\system32\dllcache\asc.sys
2008-10-22 19:37 . 2001-08-17 21:52 22,400 --a--c--- C:\WINDOWS\system32\dllcache\asc3350p.sys
2008-10-22 19:37 . 2001-08-17 20:11 16,969 --a--c--- C:\WINDOWS\system32\dllcache\amb8002.sys
2008-10-22 19:37 . 2001-08-17 21:51 14,848 --a--c--- C:\WINDOWS\system32\dllcache\asc3550.sys
2008-10-22 19:37 . 2001-08-17 21:52 12,032 --a--c--- C:\WINDOWS\system32\dllcache\amsint.sys
2008-10-22 19:37 . 2001-08-17 21:47 6,272 --a--c--- C:\WINDOWS\system32\dllcache\apmbatt.sys
2008-10-22 19:36 . 2001-08-17 22:07 56,960 --a--c--- C:\WINDOWS\system32\dllcache\aic78xx.sys
2008-10-22 19:36 . 2001-08-17 22:07 55,168 --a--c--- C:\WINDOWS\system32\dllcache\aic78u2.sys
2008-10-22 19:36 . 2001-08-17 20:11 27,678 --a--c--- C:\WINDOWS\system32\dllcache\ali5261.sys
2008-10-22 19:36 . 2001-08-17 21:49 26,624 --a--c--- C:\WINDOWS\system32\dllcache\alifir.sys
2008-10-22 19:36 . 2001-08-17 21:52 12,800 --a--c--- C:\WINDOWS\system32\dllcache\aha154x.sys
2008-10-22 19:36 . 2001-08-17 21:51 5,248 --a--c--- C:\WINDOWS\system32\dllcache\aliide.sys
2008-10-22 19:34 . 2008-04-13 20:46 48,128 --a--c--- C:\WINDOWS\system32\dllcache\61883.sys
2008-10-22 19:34 . 2008-04-13 20:40 12,288 --a--c--- C:\WINDOWS\system32\dllcache\4mmdat.sys
2008-10-22 19:22 . 2008-10-22 19:22 <REP> d-------- C:\Muestras
2008-10-22 18:14 . 2006-10-01 02:02 798,728 --------- C:\WINDOWS\system32\drivers\winfilse.exe
2008-10-22 18:06 . 2008-10-22 19:00 <REP> d-------- C:\Program Files\MSN Password Recovery
2008-10-21 14:50 . 2008-10-21 14:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PopCap
2008-10-17 17:07 . 2008-10-17 17:07 <REP> d-------- C:\Program Files\Wyzo
2008-10-17 16:59 . 2008-10-17 17:09 <REP> d-------- C:\Program Files\SpotAuditor
2008-10-15 17:50 . 2008-09-08 12:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 17:49 . 2008-08-14 15:23 2,191,232 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 17:49 . 2008-08-14 15:23 2,147,328 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 17:49 . 2008-08-14 15:23 2,068,096 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 17:49 . 2008-08-14 15:23 2,025,984 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 17:49 . 2008-09-15 17:26 1,846,528 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-14 20:39 . 2008-10-14 20:39 <REP> d-------- C:\Documents and Settings\Gervaise et Sylvain\Application Data\HP
2008-10-14 20:34 . 2008-10-14 20:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-10-14 20:33 . 2008-10-14 20:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-10-14 20:33 . 2007-03-07 07:20 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-10-14 20:33 . 2007-03-07 07:20 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-10-14 20:32 . 2007-03-16 19:11 675,840 -ra------ C:\WINDOWS\system32\hpowiax3.dll
2008-10-14 20:32 . 2007-03-16 19:11 569,344 -ra------ C:\WINDOWS\system32\hpotscl3.dll
2008-10-14 20:32 . 2007-03-07 07:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-10-14 20:32 . 2007-03-07 07:20 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-10-14 20:32 . 2007-03-16 19:11 303,104 -ra------ C:\WINDOWS\system32\hpovst10.dll
2008-10-14 20:32 . 2007-03-29 18:07 267,864 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-10-14 20:32 . 2007-03-28 14:01 117,760 --a------ C:\WINDOWS\system32\hpzll5ha.dll
2008-10-14 20:32 . 2007-03-07 07:20 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-10-14 20:30 . 2008-10-20 19:24 <REP> d-------- C:\Documents and Settings\Gervaise et Sylvain\Application Data\HPAppData
2008-10-14 20:30 . 2008-10-14 20:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-10-14 20:29 . 2008-10-14 20:29 <REP> d-------- C:\Program Files\Fichiers communs\HP
2008-10-14 20:29 . 2008-10-14 20:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-10-14 20:29 . 2008-10-14 20:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-10-14 20:28 . 2008-10-14 20:28 <REP> d-------- C:\Program Files\Hewlett-Packard
2008-10-14 20:28 . 2008-10-14 20:28 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard
2008-10-14 20:27 . 2008-10-14 20:30 <REP> d-------- C:\Program Files\HP
2008-10-14 20:26 . 2008-10-14 20:39 162,218 --a------ C:\WINDOWS\hpoins14.dat
2008-10-14 20:26 . 2008-04-02 10:01 2,000 --------- C:\WINDOWS\hpomdl14.dat
2008-10-04 11:20 . 2008-10-04 11:20 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-10-03 20:51 . 2008-10-04 10:35 <REP> d-------- C:\Program Files\NOS
2008-10-03 20:51 . 2008-10-04 11:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-09-30 21:03 . 2008-09-30 21:05 5,376 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-09-27 19:10 . 2008-09-27 19:10 <REP> d-------- C:\Program Files\Avira
2008-09-27 19:10 . 2008-09-27 19:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-27 18:13 . 2008-10-22 20:23 <REP> d-------- C:\Program Files\FindyKill
2008-09-26 23:04 . 2008-09-26 23:04 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-09-26 22:04 . 2008-09-26 22:04 <REP> d-------- C:\Program Files\Trend Micro
2008-09-26 17:45 . 2008-09-26 17:46 16,574 --a------ C:\WINDOWS\EPISMF00.SWB
2008-09-23 20:40 . 2008-09-23 20:40 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-23 20:40 . 2008-09-23 20:40 <REP> d-------- C:\Documents and Settings\Gervaise et Sylvain\Application Data\Malwarebytes
2008-09-23 20:40 . 2008-09-23 20:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-23 20:40 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-23 20:40 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-23 20:03 . 2008-09-23 20:03 <REP> d-------- C:\Program Files\SpywareBlaster
2008-09-23 19:59 . 2008-09-23 19:59 268 --ah----- C:\sqmdata01.sqm
2008-09-23 19:59 . 2008-09-23 19:59 244 --ah----- C:\sqmnoopt01.sqm
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-23 19:26 --------- d-----w C:\Documents and Settings\Gervaise et Sylvain\Application Data\Free Download Manager
2008-10-22 16:11 --------- d-----w C:\Program Files\eMule
2008-10-22 16:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-20 15:59 --------- d-----w C:\Documents and Settings\Gervaise et Sylvain\Application Data\LimeWire
2008-10-15 16:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-14 18:11 --------- d-----w C:\Program Files\epson
2008-10-14 18:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-30 19:05 72,074 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-09-30 19:05 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-09-23 20:41 --------- d-----w C:\Program Files\Google
2008-09-23 17:58 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-26 08:11 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 13:23 2,191,232 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:23 2,068,096 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-04 13:55 355,584 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-05-31 19:15 65,995,752 ----a-w C:\Documents and Settings\Gervaise et Sylvain\TRACE_BOOT+DRIVERS_1_1.BIN
2008-04-01 15:48 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.
------- Sigcheck -------
2008-04-14 04:34 979968 3efe912dd25d2586e6a0341db0a66f69 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-20 01:09 978432 c2e06cb7cfb5dbd8767ddd5e2e18cf71 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-14 04:34 979968 3efe912dd25d2586e6a0341db0a66f69 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-07-18 22:10 68808 136896c2cdc3f689876e0d44485153ea C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe
2008-07-18 22:10 68808 136896c2cdc3f689876e0d44485153ea C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10 53448 d316e28958873859b88d72cf47ad1ea5 C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-10-23 266497]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\Gervaise et Sylvain\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-08-04 355584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'
2008-07-09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
2008-10-23 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-Cmaudio - cmicnfg.cpl
SafeBoot-sglfb.sys
SafeBoot-tga.sys
SafeBoot-wd.sys
SafeBoot-sacsvr
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.orange.fr/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 -: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 -: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 -: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_2_0_4_13.cab
C:\WINDOWS\Downloaded Program Files\hardwaredetection.inf
O16 -: {BA162249-F2C5-4851-8ADC-FC58CB424243} - hxxp://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.1.1.0/ImageUploader5.cab
C:\WINDOWS\Downloaded Program Files\ImageUploader5.inf
C:\WINDOWS\system32\unicows.dll
C:\WINDOWS\Downloaded Program Files\ImageUploader5.ocx
O16 -: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://jeuxentelechargement.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
C:\WINDOWS\Downloaded Program Files\OberonGameHost_dbg.inf
C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-23 21:40:46
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
.
**************************************************************************
.
Heure de fin: 2008-10-23 21:53:50 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-23 19:53:46
Avant-CF: 21,979,103,232 octets libres
Après-CF: 21,771,976,704 octets libres
411 --- E O F --- 2008-10-23 19:44:19
Re,
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
voici le rapport :
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1313
Windows 5.1.2600 Service Pack 3
24/10/2008 18:58:20
mbam-log-2008-10-24 (18-58-20).txt
Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 88484
Temps écoulé: 1 hour(s), 36 minute(s), 34 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\System Volume Information\_restore{2B7FE7A0-AF4D-45A8-A293-70EF9A186459}\RP395\A0045910.exe (Adware.Agent) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1313
Windows 5.1.2600 Service Pack 3
24/10/2008 18:58:20
mbam-log-2008-10-24 (18-58-20).txt
Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 88484
Temps écoulé: 1 hour(s), 36 minute(s), 34 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\System Volume Information\_restore{2B7FE7A0-AF4D-45A8-A293-70EF9A186459}\RP395\A0045910.exe (Adware.Agent) -> Quarantined and deleted successfully.
voici le rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:33:51, on 24/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-4401f4389c4ed3b0.spaces.live.com/PhotoUpload...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} - http://copainsdavant.linternaute.com/html_include_bibli...
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrob...
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxentelechargement.orange.fr/Gameshell/GameHos...
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 9410 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:33:51, on 24/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-4401f4389c4ed3b0.spaces.live.com/PhotoUpload...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} - http://copainsdavant.linternaute.com/html_include_bibli...
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrob...
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxentelechargement.orange.fr/Gameshell/GameHos...
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 9410 bytes
C'est mieux ?
Fais un scan en ligne Kaspersky avec Internet Explorer :
Clique sur ![]()
Clique maintenant sur J'accepte.
Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
Patiente pendant l'installation des Mises à jour.
Choisis par la suite l'analyse du Poste de travail
Sauvegarde puis colle le rapport généré en fin d'analyse.
AIDE : Tuto sur le scan en ligne
NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
AIDE : Tuto sur le scan en ligne
NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
Moi, j'ai fait une analyse avec FINDYKILL et voici le rapport :
----------------- FindyKill V4.095 ------------------
* User : Sylvain - PERSO-AIVOTEDZ1
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 24/10/08 par Chiquitine29
* Recherche effectuée à 14:18:39 le 25/10/2008
* Windows XP - Internet Explorer 6.0.2900.2180
((((((((((((((((( *** Recherche *** ))))))))))))))))))
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drivers\winfilse.exe
C:\Program Files\eMule\emule.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
--------------- [ Processus infectieux stoppés ] ----------------
"C:\WINDOWS\system32\drivers\winfilse.exe" (1988)
--------------- [ Fichiers/Dossiers infectieux ] ----------------
»»»» Presence des fichiers dans C:
Présent ! [25/10/2008 14:15] - C:\InfoSat.txt
»»»» Presence des fichiers dans C:\WINDOWS
»»»» Presence des fichiers dans C:\WINDOWS\Prefetch
Present ! - C:\WINDOWS\prefetch\FLEC006.EXE-150999C6.pf
Present ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Present ! - C:\WINDOWS\prefetch\MDELK.EXE-238AA5EF.pf
Present ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
»»»» Presence des fichiers dans C:\WINDOWS\system32
»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers
Présent ! [25/10/2008 13:39] - C:\WINDOWS\system32\drivers\srosa.sys
Présent ! [03/08/2005 05:08] - C:\WINDOWS\system32\drivers\winfilse.exe
»»»» Presence des fichiers dans C:\Documents and Settings\Sylvain\Application Data
»»»» Presence des fichiers dans C:\DOCUME~1\Sylvain\LOCALS~1\Temp
--------------- [ Registre / Startup ] ----------------
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
WOOKIT REG_SZ C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
eMuleAutoStart REG_SZ C:\Program Files\eMule\emule.exe -AutoStart
--------------- [ Registre / Clés infectieuses ] ----------------
Présent ! - HKEY_USERS\S-1-5-21-1123561945-152049171-725345543-1004\Software\Local AppWizard-Generated Applications\install_crack
Présent ! - HKEY_USERS\S-1-5-21-1123561945-152049171-725345543-1004\Software\Local AppWizard-Generated Applications\winfilse
Présent ! - HKEY_USERS\S-1-5-21-1123561945-152049171-725345543-1004\Software\bisoft
Présent ! - HKEY_USERS\S-1-5-21-1123561945-152049171-725345543-1004\Software\CHKPTR
Présent ! - HKEY_USERS\S-1-5-21-1123561945-152049171-725345543-1004\Software\FFC
Présent ! - HKEY_USERS\S-1-5-21-1123561945-152049171-725345543-1004\Software\FirtR
Présent ! - HKEY_USERS\S-1-5-21-1123561945-152049171-725345543-1004\Software\MuleAppData
Présent ! - HKEY_USERS\S-1-5-21-1123561945-152049171-725345543-1004\Software\Ubisoft
Présent ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_crack
Présent ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winfilse
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Présent ! - HKEY_CURRENT_USER\Software\bisoft
Présent ! - HKEY_CURRENT_USER\Software\FirtR
--------------- [ Etat / Services ] ----------------
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot
-> Mode sans echec non fonctionnel !!
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
-> Mode sans echec non fonctionnel !!
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
-> Mode sans echec non fonctionnel !!
+- Services : [ Auto=2 Demande=3 Désactivé=4 ]
/!\ Ndisuio - Type de démarrage = 4
/!\ Ip6Fw - Type de démarrage = 4
SharedAccess - Type de démarrage = 2
wuauserv - Type de démarrage = 2
/!\ wscsvc - Type de démarrage = 4
--------------- [ Recherche dans supports amovibles] ----------------
+- Informations :
C: - Lecteur fixe
+- presence des fichiers :
--------------- [ Registre / Moutpoint2 ] ----------------
-> Recherche négative.
------------------- ! Fin du rapport ! --------------------
Quelle est la démarche à suivre s'il vous plaîts ?
----------------- FindyKill V4.095 ------------------
* User : Sylvain - PERSO-AIVOTEDZ1
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 24/10/08 par Chiquitine29
* Recherche effectuée à 14:18:39 le 25/10/2008
* Windows XP - Internet Explorer 6.0.2900.2180
((((((((((((((((( *** Recherche *** ))))))))))))))))))
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drivers\winfilse.exe
C:\Program Files\eMule\emule.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
--------------- [ Processus infectieux stoppés ] ----------------
"C:\WINDOWS\system32\drivers\winfilse.exe" (1988)
--------------- [ Fichiers/Dossiers infectieux ] ----------------
»»»» Presence des fichiers dans C:
Présent ! [25/10/2008 14:15] - C:\InfoSat.txt
»»»» Presence des fichiers dans C:\WINDOWS
»»»» Presence des fichiers dans C:\WINDOWS\Prefetch
Present ! - C:\WINDOWS\prefetch\FLEC006.EXE-150999C6.pf
Present ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Present ! - C:\WINDOWS\prefetch\MDELK.EXE-238AA5EF.pf
Present ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
»»»» Presence des fichiers dans C:\WINDOWS\system32
»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers
Présent ! [25/10/2008 13:39] - C:\WINDOWS\system32\drivers\srosa.sys
Présent ! [03/08/2005 05:08] - C:\WINDOWS\system32\drivers\winfilse.exe
»»»» Presence des fichiers dans C:\Documents and Settings\Sylvain\Application Data
»»»» Presence des fichiers dans C:\DOCUME~1\Sylvain\LOCALS~1\Temp
--------------- [ Registre / Startup ] ----------------
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
WOOKIT REG_SZ C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
eMuleAutoStart REG_SZ C:\Program Files\eMule\emule.exe -AutoStart
--------------- [ Registre / Clés infectieuses ] ----------------
Présent ! - HKEY_USERS\S-1-5-21-1123561945-152049171-725345543-1004\Software\Local AppWizard-Generated Applications\install_crack
Présent ! - HKEY_USERS\S-1-5-21-1123561945-152049171-725345543-1004\Software\Local AppWizard-Generated Applications\winfilse
Présent ! - HKEY_USERS\S-1-5-21-1123561945-152049171-725345543-1004\Software\bisoft
Présent ! - HKEY_USERS\S-1-5-21-1123561945-152049171-725345543-1004\Software\CHKPTR
Présent ! - HKEY_USERS\S-1-5-21-1123561945-152049171-725345543-1004\Software\FFC
Présent ! - HKEY_USERS\S-1-5-21-1123561945-152049171-725345543-1004\Software\FirtR
Présent ! - HKEY_USERS\S-1-5-21-1123561945-152049171-725345543-1004\Software\MuleAppData
Présent ! - HKEY_USERS\S-1-5-21-1123561945-152049171-725345543-1004\Software\Ubisoft
Présent ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_crack
Présent ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winfilse
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Présent ! - HKEY_CURRENT_USER\Software\bisoft
Présent ! - HKEY_CURRENT_USER\Software\FirtR
--------------- [ Etat / Services ] ----------------
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot
-> Mode sans echec non fonctionnel !!
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
-> Mode sans echec non fonctionnel !!
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
-> Mode sans echec non fonctionnel !!
+- Services : [ Auto=2 Demande=3 Désactivé=4 ]
/!\ Ndisuio - Type de démarrage = 4
/!\ Ip6Fw - Type de démarrage = 4
SharedAccess - Type de démarrage = 2
wuauserv - Type de démarrage = 2
/!\ wscsvc - Type de démarrage = 4
--------------- [ Recherche dans supports amovibles] ----------------
+- Informations :
C: - Lecteur fixe
+- presence des fichiers :
--------------- [ Registre / Moutpoint2 ] ----------------
-> Recherche négative.
------------------- ! Fin du rapport ! --------------------
Quelle est la démarche à suivre s'il vous plaîts ?
Lassé par la pub ? Créez un compte
