problèmes avec le fichier woobrowser.exe (RESOLU)
Forum Sécurité - Virus : problèmes avec le fichier woobrowser.exe (RESOLU)
Bonjour,
Je suis interrompu par moments sur le net par le fichier woobrowser.exe qui me signale avoir rencontré un problème et m'oblige à fermer ma page et à me reconnecter
J'ai regardé un peu le forum avant de poster et il semblerait que ce soit dû à la barre de tâches de wanadoo mais comme chaque cas est spécial je préfère m'en remettre à vous pour solutionner mon problème
Donc si vous pouvez m'aider , je vous remercie d'avance
Message édité par exohuit le 23-01-2009 à 18:09:03
Bonjour,
Aucun rapport avec la section.
Message édité par Angeldark le 12-01-2009 à 17:34:44
Répondre à Angeldark
Re,
Je suis surpris car le 20/09/08 vous avez répondu à un internaute qui avait semble-t-il le même problème que moi et le message était pourtant dans la section virus-sécurité
Alors si je me suis trompé de section , pourriez vous me dire dans quelle rubrique je peux le soumettre
Merci
Lien du sujet ?
Répondre à Angeldark
Bonjour,
Qu'entendez vous par "lien du sujet" ?
| Citation : Je suis surpris car le 20/09/08 vous avez répondu à un internaute qui avait semble-t-il le même problème que moi et le message était pourtant dans la section virus-sécurité |
Quel est l'URL du sujet où on a donné une réponse ?
Répondre à Angeldark
Il s'agit du sujet n°282412 page 43
c'est vous qui l'aviez traité
le nom du sujet est : Virus!! Message d'erreur woobrowser.exe (RESOLU)
les problèmes semblent identiques aux miens sauf que mon message s'affiche principalement lorsque je suis en train de surfer plutôt que dans ma messagerie
On peut voir s'il y a l'infection Navilog.
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Répondre à Angeldark
Bonjour,
Voici le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:40:18, on 13/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0350Mon.exe
C:\WINDOWS\system32\dllcache\spoolms.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\WINDOWS\system32\dllcache\spoolms.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
E:\Utilitaires\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_S8B.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [AVFX Engine] "C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe"
O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe
O4 - HKLM\..\Run: [spoolms] C:\WINDOWS\system32\dllcache\spoolms.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Robin\Application Data\Dealio\kb127\res\DealioSearch.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com [...] _1_0_4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{599748A7-29DE-454A-9300-9F71601D812E}: NameServer = 192.168.1.1
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Audio Service (STacSV) - Unknown owner - c:\documents and settings\robin\bureau\idt_095\v095_d5902.1_g2.0xp_d6052.2_g2.0v_rc_1_sdc_prewhql\disk1\wdm\winxp\STacSV.exe (file missing)
--
End of file - 8927 bytes
Tu as effectivement des infections.
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
- Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
- Afin de lancer la recherche, clic sur"Rechercher".
- Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
AIDE : Tuto en images sur MBAM
Répondre à Angeldark
Bonjour,
Il y a 2 jours j'avais fait un scan avec MalwareByte mais pas en mode sans échec et il avait trouvé le trojan suivant:
Trojan.downloader RegistryValue HKey Local Machine\Software
Je l'avais mis en quarantaine
Hier j'ai refait le scan en mode sans échec et il n'a rien trouvé
ci -joint le rapport,
Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1649
Windows 5.1.2600 Service Pack 3
14/01/2009 22:10:01
mbam-log-2009-01-14 (22-10-01).txt
Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 128786
Temps écoulé: 3 hour(s), 5 minute(s), 10 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
On va utiliser un autre outil.
! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !
- Télécharge ComboFix (sUBs) sur ton Bureau.
- Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
- Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Répondre à Angeldark
Bonjour,
Voilà j'ai exécuté Combofix
Au début il m'a affiché le message suivant:
Combofix a détecté que la console de récupération windows n'existe pas sur ce pc. Vous auriez vraiment tout intérêt à l'installer. Voulez vous le faire maintenant ? Dans le doute j'ai répondu non . Tu me diras si j'ai bien fait
Voilà donc le rapport
ComboFix 09-01-13.04 - Robin 2009-01-15 18:41:58.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1635 [GMT 1:00]
Lancé depuis: c:\documents and settings\Robin\Bureau\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Outdated)
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-15 au 2009-01-15 ))))))))))))))))))))))))))))))))))))
.
2009-01-15 18:16 . 2009-01-15 18:16 <REP> d-------- c:\program files\NCH Software
2009-01-13 20:05 . 2009-01-15 07:49 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-13 20:05 . 2009-01-13 20:05 1,409 --a------ c:\windows\QTFont.for
2009-01-13 19:37 . 2009-01-13 19:37 <REP> d-------- c:\program files\Apple Software Update
2009-01-12 23:30 . 2009-01-12 23:30 <REP> d-------- c:\program files\Lavasoft
2009-01-12 23:30 . 2009-01-12 23:31 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-11 20:02 . 2009-01-11 20:18 21,898,434,560 --a------ C:\image ok avec internet le 11 janvier 2009.tib
2009-01-11 11:54 . 2009-01-11 11:54 <REP> d-------- c:\documents and settings\Robin\Application Data\Creative
2009-01-10 22:13 . 2006-10-06 07:17 53,248 --------- c:\windows\Ctregrun.exe
2009-01-10 22:11 . 2007-03-28 18:01 299,008 -ra------ c:\windows\system32\V0350Cvw.dll
2009-01-10 22:04 . 2006-08-30 07:10 158,456 --------- c:\windows\system32\pxwma.dll
2009-01-10 22:04 . 2006-08-30 07:10 36,528 --------- c:\windows\system32\drivers\PxHelp20.sys
2009-01-10 22:04 . 2006-08-30 07:10 2,560 --------- c:\windows\system32\drivers\cdralw2k.sys
2009-01-10 22:04 . 2006-08-30 07:10 2,432 --------- c:\windows\system32\drivers\cdr4_xp.sys
2009-01-10 22:03 . 2009-01-10 22:03 <REP> d-------- c:\documents and settings\Robin\Application Data\InstallShield
2009-01-10 21:32 . 2009-01-10 21:32 <REP> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-01-10 21:25 . 2009-01-10 21:23 58,952 --a------ c:\windows\system32\MsgPlusLoader.dll
2009-01-10 21:23 . 2009-01-10 21:23 <REP> d-------- c:\program files\MessengerPlus! 3
2009-01-10 19:29 . 2009-01-10 19:29 <REP> d-------- c:\documents and settings\Robin\popup
2009-01-10 19:29 . 2009-01-10 19:29 <REP> d-------- c:\documents and settings\Robin\Groups
2009-01-10 19:21 . 2009-01-10 19:21 <REP> d-------- c:\documents and settings\Robin\Application Data\MSNInstaller
2009-01-10 19:05 . 2008-04-13 11:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2009-01-10 19:05 . 2008-04-13 11:45 60,032 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
2009-01-10 18:50 . 2009-01-10 19:02 <REP> d-------- c:\documents and settings\Robin\Application Data\Creative(2)
2009-01-10 12:59 . 2009-01-10 19:02 <REP> d-------- c:\documents and settings\All Users\Application Data\Creative
2009-01-09 21:46 . 2009-01-09 21:46 <REP> d-------- c:\program files\muvee Technologies
2009-01-09 21:46 . 2009-01-10 22:04 <REP> d-------- c:\program files\Fichiers communs\muvee Technologies
2009-01-09 21:45 . 2009-01-10 22:02 <REP> d-------- c:\program files\SightSpeed
2009-01-09 21:45 . 2009-01-09 21:45 <REP> d-------- c:\documents and settings\All Users\Application Data\muvee Technologies
2009-01-09 21:41 . 2009-01-10 22:02 <REP> d-------- c:\program files\Creative
2009-01-08 16:40 . 2009-01-08 16:40 <REP> d---s---- c:\documents and settings\Robin\UserData
2009-01-08 16:39 . 2009-01-10 21:38 <REP> d-------- c:\program files\Messenger Plus! Live
2009-01-08 16:16 . 2009-01-10 19:03 <REP> d-------- c:\documents and settings\Robin\Contacts
2009-01-08 16:11 . 2009-01-08 16:12 <REP> d-------- c:\program files\Windows Live
2009-01-08 16:11 . 2009-01-10 21:35 <REP> d--hsc--- c:\program files\Fichiers communs\WindowsLiveInstaller
2009-01-08 16:11 . 2009-01-08 16:11 <REP> d-------- c:\documents and settings\Robin\Application Data\Search Settings
2009-01-08 16:11 . 2009-01-10 21:35 <REP> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2009-01-08 00:13 . 2009-01-08 16:12 <REP> d--h----- c:\windows\$hf_mig$
2009-01-08 00:13 . 2005-02-25 04:35 22,752 --a------ c:\windows\system32\spupdsvc.exe
2009-01-08 00:10 . 2009-01-08 00:10 <REP> d-------- c:\documents and settings\All Users\Application Data\Grisoft
2009-01-07 23:58 . 2009-01-07 23:58 <REP> d-------- c:\program files\Search Settings
2009-01-07 23:58 . 2009-01-07 23:58 <REP> d-------- c:\program files\Free Audio Pack
2009-01-07 23:58 . 2009-01-07 23:58 <REP> d-------- c:\program files\Dealio
2009-01-07 23:58 . 2009-01-07 23:58 <REP> d-------- c:\documents and settings\Robin\Application Data\Dealio
2009-01-07 23:52 . 2009-01-07 23:52 <REP> d-------- c:\program files\Avira
2009-01-07 22:25 . 2009-01-14 13:40 <REP> d-------- c:\program files\Shareaza
2009-01-07 21:34 . 2009-01-07 21:34 13,758 --a------ c:\windows\system32\wpa.bak
2009-01-07 20:47 . 2009-01-07 20:47 <REP> d-------- c:\documents and settings\All Users\Application Data\Bluetooth
2009-01-07 20:46 . 2009-01-07 20:46 <REP> d-------- c:\program files\IVT Corporation
2009-01-07 20:46 . 2009-01-07 20:47 32 --a------ c:\windows\0
2009-01-07 20:46 . 2009-01-07 20:46 0 --a------ c:\windows\system32\0
2009-01-07 20:43 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-07 20:43 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-07 10:00 . 2008-04-13 19:05 14,720 --a------ c:\windows\system32\drivers\kbdhid.sys
2009-01-07 10:00 . 2008-04-13 19:05 14,720 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
2009-01-07 09:59 . 2008-04-13 11:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2009-01-07 09:59 . 2008-04-13 11:45 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2009-01-05 17:36 . 2009-01-05 17:37 <REP> d-------- c:\program files\ABBYY FineReader 6.0 Sprint
2009-01-05 17:33 . 2006-03-20 00:00 63,488 --a------ c:\windows\system32\escwiad.dll
2009-01-05 16:57 . 2009-01-05 16:57 <REP> d-------- c:\documents and settings\Robin\Application Data\EPSON
2009-01-05 16:41 . 2008-04-13 11:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-01-05 16:41 . 2008-04-13 11:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-01-05 16:29 . 2009-01-05 17:38 <REP> d-------- c:\documents and settings\All Users\Application Data\UDL
2009-01-05 16:26 . 2009-01-05 16:26 25 --a------ c:\windows\CDE DX6000EFDG.ini
2009-01-05 16:25 . 2009-01-05 17:37 <REP> d-------- c:\program files\EPSON
2009-01-05 16:25 . 2006-04-05 02:05 73,216 --a------ c:\windows\system32\E_FLBBIE.DLL
2009-01-05 16:25 . 2005-04-11 02:01 62,976 --a------ c:\windows\system32\E_FD4BBIE.DLL
2009-01-05 16:25 . 2004-09-10 21:12 49,152 --a------ c:\windows\system32\E_DCINST.DLL
2009-01-05 16:24 . 2008-04-13 11:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-01-05 16:24 . 2008-04-13 11:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2009-01-05 16:16 . 2008-04-13 11:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-01-05 16:16 . 2008-04-13 11:45 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2009-01-04 22:05 . 2009-01-04 22:05 <REP> d-------- c:\program files\QuickTime
2009-01-04 22:05 . 2009-01-04 22:05 <REP> d-------- c:\program files\iTunes
2009-01-04 22:05 . 2009-01-04 22:05 <REP> d-------- c:\program files\iPod
2009-01-04 22:05 . 2009-01-04 22:05 <REP> d-------- c:\program files\Bonjour
2009-01-04 22:05 . 2009-01-04 22:05 <REP> d-------- c:\documents and settings\Robin\Application Data\Apple Computer
2009-01-04 22:05 . 2009-01-08 17:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-04 22:04 . 2009-01-04 22:04 <REP> d-------- c:\program files\Fichiers communs\Apple
2009-01-04 22:04 . 2009-01-04 22:04 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-01-04 18:41 . 2009-01-15 18:27 <REP> d-------- c:\program files\eMule
2009-01-04 18:30 . 2009-01-15 07:53 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-04 18:30 . 2009-01-04 18:30 <REP> d-------- c:\documents and settings\Robin\Application Data\Malwarebytes
2009-01-04 18:30 . 2009-01-04 18:30 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-04 18:27 . 2009-01-07 23:03 <REP> d-------- c:\program files\uTorrent
2009-01-04 18:27 . 2009-01-13 18:59 <REP> d-------- c:\documents and settings\Robin\Application Data\uTorrent
2009-01-03 21:56 . 2009-01-03 21:56 <REP> d-------- c:\program files\MeeSoft
2009-01-03 21:46 . 2009-01-03 21:46 <REP> d-------- c:\documents and settings\Robin\Application Data\Micro Application
2009-01-03 21:45 . 2009-01-03 21:45 <REP> d-------- c:\program files\Micro Application
2009-01-03 21:45 . 2009-01-03 21:45 <REP> d-------- c:\program files\Fichiers communs\Acronis
2009-01-03 21:45 . 2009-01-03 21:45 210,400 --a------ c:\windows\system32\drivers\timntr.sys
2009-01-03 21:45 . 2009-01-03 21:45 126,976 --a------ c:\windows\system32\snapapi.dll
2009-01-03 21:45 . 2009-01-03 21:45 81,280 --a------ c:\windows\system32\drivers\snapman.sys
2009-01-03 21:45 . 2009-01-03 21:45 37,888 --a------ c:\windows\system32\setupnt.dll
2009-01-03 21:45 . 2009-01-03 21:45 28,768 --a------ c:\windows\system32\drivers\tifsfilt.sys
2009-01-03 21:33 . 2009-01-03 21:33 <REP> d-------- c:\program files\TUGZip
2009-01-03 21:33 . 2007-03-12 23:34 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2009-01-03 21:33 . 2007-03-12 23:34 77,312 --a------ c:\windows\system32\ztvunace26.dll
2009-01-03 21:33 . 2007-03-12 23:34 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2009-01-03 21:31 . 2009-01-03 21:31 <REP> d-------- c:\program files\NCH Swift Sound
2009-01-03 21:15 . 2009-01-15 17:00 <REP> d-------- c:\program files\PeerGuardian2
2009-01-03 21:15 . 2009-01-03 21:15 <REP> d-------- c:\program files\mp3DirectCut
2009-01-03 21:14 . 2009-01-03 21:14 <REP> d-------- c:\program files\RarZilla Free Unrar
2009-01-03 21:13 . 2009-01-03 21:13 <REP> d-------- c:\program files\MSN Toolbar
2009-01-03 21:08 . 2009-01-14 22:29 <REP> d-------- c:\windows\system32\hdined32.nls.{00021401-0000-0000-C000-000000000046}
2009-01-03 21:08 . 2009-01-03 21:08 <REP> d-------- c:\program files\burnatonce
2009-01-03 21:07 . 2009-01-14 07:54 <REP> d-------- c:\program files\a-squared Free
2009-01-03 21:02 . 2009-01-03 21:02 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-01-03 21:01 . 2009-01-04 21:57 <REP> d-------- C:\iTunes
2009-01-03 20:58 . 2009-01-03 21:00 <REP> d-------- C:\ipod Rodolphe
2009-01-03 20:57 . 2009-01-03 20:57 <REP> d-------- C:\léopold
2009-01-03 20:49 . 2009-01-14 15:25 <REP> d-------- C:\Downloads
2009-01-03 18:33 . 2004-08-23 14:50 32,768 --a------ c:\windows\system32\WooDial2000.dll
2009-01-03 18:32 . 2009-01-03 18:32 <REP> d-------- c:\windows\system32\AlertModule
2009-01-03 18:32 . 2003-08-04 14:22 94,208 --a------ c:\windows\system32\W32n50.dll
2009-01-03 18:32 . 2004-08-23 14:49 40,960 --a------ c:\windows\system32\FTRTSVC.exe
2009-01-03 18:32 . 2005-10-06 14:55 36,864 --a------ c:\windows\system32\IfHelper.dll
2009-01-03 18:32 . 2003-08-04 14:22 16,128 --------- c:\windows\system32\PCANDIS5.SYS
2009-01-03 18:31 . 2009-01-15 18:30 <REP> d-------- c:\program files\Wanadoo
2009-01-03 18:30 . 2009-01-03 18:30 <REP> d-------- c:\program files\SAGEM
2009-01-03 18:30 . 2009-01-10 22:13 <REP> d--h----- c:\program files\InstallShield Installation Information
2009-01-03 18:30 . 2009-01-05 16:32 <REP> d-------- c:\program files\Fichiers communs\InstallShield
2009-01-03 16:22 . 2009-01-03 16:22 <REP> d-------- c:\program files\Securitoo
2009-01-03 16:13 . 2009-01-03 16:14 <REP> d-------- c:\windows\SxsCaPendDel
2009-01-02 11:59 . 2009-01-02 11:59 <REP> d-------- c:\windows\system32\LogFiles
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-31 14:21 --------- d-----w c:\program files\microsoft frontpage
2008-12-31 14:20 --------- d-----w c:\program files\Services en ligne
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"Creative Live! Cam Manager"="c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-05-02 151552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"Cloneur Expert Monitor"="c:\program files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" [2009-01-03 437675]
"Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2009-01-03 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"au"="c:\program files\Dealio\DealioAU.exe" [2008-05-26 595296]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2007-04-09 20480]
"V0350Mon.exe"="c:\windows\V0350Mon.exe" [2007-03-28 32768]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"=
"c:\\Program Files\\a-squared Free\\a2free.exe"=
R3 VF0350Afx;VF0350 Audio FX;c:\windows\system32\drivers\V0350Afx.sys [2009-01-10 143136]
R3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\drivers\V0350Vfx.sys [2009-01-10 7424]
R3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\system32\drivers\V0350Vid.sys [2009-01-10 170016]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-12-19 195752]
S4 BDVEDISK;BDVEDISK;\??\c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys --> c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [?]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - PGFILTER
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e934a4ab-da84-11dd-9c55-001921379068}]
\Shell\AutoRun\command - f:\wd_windows_tools\WDSetup.exe
.
Contenu du dossier 'Tâches planifiées'
2009-01-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
IE: Compare Prices with &Dealio - c:\documents and settings\Robin\Application Data\Dealio\kb127\res\DealioSearch.html
IE: { - c:\program files\Messenger\msmsgs.exe
TCP: {599748A7-29DE-454A-9300-9F71601D812E} = 192.168.1.1
O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_1_0_4.cab
c:\windows\Downloaded Program Files\hardwaredetection.inf
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-15 18:43:00
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2009-01-15 18:43:46
ComboFix-quarantined-files.txt 2009-01-15 17:43:44
Avant-CF: 109 874 216 960 octets libres
Après-CF: 110,429,818,880 octets libres
232 --- E O F --- 2009-01-08 15:11:31
Tu pouvais répondre non effectivement.
! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Folder::
|
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
Sauvegarde ce fichier sous le nom de "CFScript.txt" (les guillemets sont importantes).
Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme dans l'image ci-dessous :
Cela va relancer ComboFix. Après redémarrage, poste le contenu du rapport (C:\combofix.txt*) accompagné d'un rapport HijackThis.
NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.
* le nom de la partition peut changer
Répondre à Angeldark
Bonsoir,
voilà le rapport Combofix
ComboFix 09-01-16.02 - Robin 2009-01-16 23:14:38.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1650 [GMT 1:00]
Lancé depuis: c:\documents and settings\Robin\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Robin\Bureau\CFScript.txt
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Outdated)
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Robin\Application Data\Search Settings
c:\documents and settings\Robin\Application Data\Search Settings\kb127\temp\ws-14257.log
c:\documents and settings\Robin\Application Data\Search Settings\kb127\temp\ws-14258.log
c:\documents and settings\Robin\Application Data\Search Settings\kb127\temp\ws-14259.log
c:\documents and settings\Robin\Application Data\Search Settings\kb127\temp\ws-14260.log
c:\program files\Dealio
c:\program files\Dealio\DealioAU.exe
c:\program files\Dealio\kb127\Dealio Deskbar.exe
c:\program files\Dealio\kb127\Dealio.dll
c:\program files\Dealio\kb127\DealioRes409.dll
c:\program files\Dealio\kb127\res\alerts.gif
c:\program files\Dealio\kb127\res\alerts_over.gif
c:\program files\Dealio\kb127\res\alerts_rec.gif
c:\program files\Dealio\kb127\res\alerts_rec_over.gif
c:\program files\Dealio\kb127\res\chevron-small.gif
c:\program files\Dealio\kb127\res\deal_report.jpg
c:\program files\Dealio\kb127\res\DealioSearch.html
c:\program files\Dealio\kb127\res\deals-leftcap.gif
c:\program files\Dealio\kb127\res\ebay_login.jpg
c:\program files\Dealio\kb127\res\err_mainwindow.html
c:\program files\Dealio\kb127\res\err_toolbar.html
c:\program files\Dealio\kb127\res\global_scripts.js
c:\program files\Dealio\kb127\res\headerbgthin.jpg
c:\program files\Dealio\kb127\res\highlight-bg.png
c:\program files\Dealio\kb127\res\logo.gif
c:\program files\Dealio\kb127\res\logo_over.gif
c:\program files\Dealio\kb127\res\man_toolbar.css
c:\program files\Dealio\kb127\res\man_toolbar.html
c:\program files\Dealio\kb127\res\man_toolbar.js
c:\program files\Dealio\kb127\res\man_toolbarl.js
c:\program files\Dealio\kb127\res\post-this-deal.gif
c:\program files\Dealio\kb127\res\post-this-deal_over.gif
c:\program files\Dealio\kb127\res\scripts.js
c:\program files\Dealio\kb127\res\scroller.js
c:\program files\Dealio\kb127\res\search-chevron.gif
c:\program files\Dealio\kb127\res\search-chevron_over.gif
c:\program files\Dealio\kb127\res\search_bg_blink.gif
c:\program files\Dealio\kb127\res\separator.gif
c:\program files\Dealio\kb127\res\settings.gif
c:\program files\Dealio\kb127\res\settings_over.gif
c:\program files\Dealio\kb127\res\yahoo-search.png
c:\program files\Dealio\kb127\resDN\bottom.gif
c:\program files\Dealio\kb127\resDN\chevron_down.gif
c:\program files\Dealio\kb127\resDN\chevron_up.gif
c:\program files\Dealio\kb127\resDN\close.gif
c:\program files\Dealio\kb127\resDN\deskbar.css
c:\program files\Dealio\kb127\resDN\deskbar.js
c:\program files\Dealio\kb127\resDN\dispatch_helper.js
c:\program files\Dealio\kb127\resDN\ebay_compatible.jpg
c:\program files\Dealio\kb127\resDN\logo.gif
c:\program files\Dealio\kb127\resDN\logo_chevron_bkg.gif
c:\program files\Dealio\kb127\resDN\losing.gif
c:\program files\Dealio\kb127\resDN\lost.gif
c:\program files\Dealio\kb127\resDN\man_deskbar.html
c:\program files\Dealio\kb127\resDN\menu_arrow.gif
c:\program files\Dealio\kb127\resDN\menu_check.gif
c:\program files\Dealio\kb127\resDN\no_image.gif
c:\program files\Dealio\kb127\resDN\prod_img.gif
c:\program files\Dealio\kb127\resDN\search_chevron.gif
c:\program files\Dealio\kb127\resDN\spacer.gif
c:\program files\Dealio\kb127\resDN\textfield_bkg.gif
c:\program files\Dealio\kb127\resDN\top.gif
c:\program files\Dealio\kb127\resDN\unknown.gif
c:\program files\Dealio\kb127\resDN\winning.gif
c:\program files\Dealio\kb127\resDN\won.gif
c:\program files\Dealio\kb127\rules\index.76.35
c:\program files\Dealio\kb127\rules\rules.1.10.76
c:\program files\Dealio\kb127\rules\rules.1.109.43
c:\program files\Dealio\kb127\rules\rules.1.110.43
c:\program files\Dealio\kb127\rules\rules.1.12.52
c:\program files\Dealio\kb127\rules\rules.1.13.58
c:\program files\Dealio\kb127\rules\rules.1.130.58
c:\program files\Dealio\kb127\rules\rules.1.135.50
c:\program files\Dealio\kb127\rules\rules.1.153.44
c:\program files\Dealio\kb127\rules\rules.1.155.43
c:\program files\Dealio\kb127\rules\rules.1.156.49
c:\program files\Dealio\kb127\rules\rules.1.16.60
c:\program files\Dealio\kb127\rules\rules.1.161.52
c:\program files\Dealio\kb127\rules\rules.1.178.66
c:\program files\Dealio\kb127\rules\rules.1.184.55
c:\program files\Dealio\kb127\rules\rules.1.188.52
c:\program files\Dealio\kb127\rules\rules.1.189.45
c:\program files\Dealio\kb127\rules\rules.1.196.43
c:\program files\Dealio\kb127\rules\rules.1.198.56
c:\program files\Dealio\kb127\rules\rules.1.199.43
c:\program files\Dealio\kb127\rules\rules.1.200.53
c:\program files\Dealio\kb127\rules\rules.1.201.43
c:\program files\Dealio\kb127\rules\rules.1.202.43
c:\program files\Dealio\kb127\rules\rules.1.203.71
c:\program files\Dealio\kb127\rules\rules.1.205.62
c:\program files\Dealio\kb127\rules\rules.1.213.71
c:\program files\Dealio\kb127\rules\rules.1.214.49
c:\program files\Dealio\kb127\rules\rules.1.215.43
c:\program files\Dealio\kb127\rules\rules.1.216.67
c:\program files\Dealio\kb127\rules\rules.1.217.67
c:\program files\Dealio\kb127\rules\rules.1.218.52
c:\program files\Dealio\kb127\rules\rules.1.219.43
c:\program files\Dealio\kb127\rules\rules.1.220.43
c:\program files\Dealio\kb127\rules\rules.1.221.57
c:\program files\Dealio\kb127\rules\rules.1.222.43
c:\program files\Dealio\kb127\rules\rules.1.223.68
c:\program files\Dealio\kb127\rules\rules.1.226.68
c:\program files\Dealio\kb127\rules\rules.1.227.43
c:\program files\Dealio\kb127\rules\rules.1.228.62
c:\program files\Dealio\kb127\rules\rules.1.229.76
c:\program files\Dealio\kb127\rules\rules.1.23.63
c:\program files\Dealio\kb127\rules\rules.1.239.43
c:\program files\Dealio\kb127\rules\rules.1.24.43
c:\program files\Dealio\kb127\rules\rules.1.240.43
c:\program files\Dealio\kb127\rules\rules.1.241.43
c:\program files\Dealio\kb127\rules\rules.1.242.43
c:\program files\Dealio\kb127\rules\rules.1.243.43
c:\program files\Dealio\kb127\rules\rules.1.244.63
c:\program files\Dealio\kb127\rules\rules.1.245.43
c:\program files\Dealio\kb127\rules\rules.1.247.43
c:\program files\Dealio\kb127\rules\rules.1.248.43
c:\program files\Dealio\kb127\rules\rules.1.249.43
c:\program files\Dealio\kb127\rules\rules.1.250.43
c:\program files\Dealio\kb127\rules\rules.1.251.43
c:\program files\Dealio\kb127\rules\rules.1.252.43
c:\program files\Dealio\kb127\rules\rules.1.253.43
c:\program files\Dealio\kb127\rules\rules.1.254.43
c:\program files\Dealio\kb127\rules\rules.1.255.43
c:\program files\Dealio\kb127\rules\rules.1.256.43
c:\program files\Dealio\kb127\rules\rules.1.257.43
c:\program files\Dealio\kb127\rules\rules.1.279.43
c:\program files\Dealio\kb127\rules\rules.1.28.58
c:\program files\Dealio\kb127\rules\rules.1.282.75
c:\program files\Dealio\kb127\rules\rules.1.283.43
c:\program files\Dealio\kb127\rules\rules.1.284.43
c:\program files\Dealio\kb127\rules\rules.1.289.67
c:\program files\Dealio\kb127\rules\rules.1.290.62
c:\program files\Dealio\kb127\rules\rules.1.291.61
c:\program files\Dealio\kb127\rules\rules.1.296.43
c:\program files\Dealio\kb127\rules\rules.1.297.43
c:\program files\Dealio\kb127\rules\rules.1.304.43
c:\program files\Dealio\kb127\rules\rules.1.307.43
c:\program files\Dealio\kb127\rules\rules.1.308.75
c:\program files\Dealio\kb127\rules\rules.1.31.47
c:\program files\Dealio\kb127\rules\rules.1.310.46
c:\program files\Dealio\kb127\rules\rules.1.311.43
c:\program files\Dealio\kb127\rules\rules.1.315.43
c:\program files\Dealio\kb127\rules\rules.1.316.43
c:\program files\Dealio\kb127\rules\rules.1.317.43
c:\program files\Dealio\kb127\rules\rules.1.318.43
c:\program files\Dealio\kb127\rules\rules.1.319.49
c:\program files\Dealio\kb127\rules\rules.1.32.48
c:\program files\Dealio\kb127\rules\rules.1.334.44
c:\program files\Dealio\kb127\rules\rules.1.335.60
c:\program files\Dealio\kb127\rules\rules.1.336.44
c:\program files\Dealio\kb127\rules\rules.1.337.44
c:\program files\Dealio\kb127\rules\rules.1.338.75
c:\program files\Dealio\kb127\rules\rules.1.339.47
c:\program files\Dealio\kb127\rules\rules.1.34.43
c:\program files\Dealio\kb127\rules\rules.1.340.47
c:\program files\Dealio\kb127\rules\rules.1.341.47
c:\program files\Dealio\kb127\rules\rules.1.349.50
c:\program files\Dealio\kb127\rules\rules.1.35.48
c:\program files\Dealio\kb127\rules\rules.1.350.50
c:\program files\Dealio\kb127\rules\rules.1.351.51
c:\program files\Dealio\kb127\rules\rules.1.352.54
c:\program files\Dealio\kb127\rules\rules.1.353.51
c:\program files\Dealio\kb127\rules\rules.1.354.51
c:\program files\Dealio\kb127\rules\rules.1.357.62
c:\program files\Dealio\kb127\rules\rules.1.358.52
c:\program files\Dealio\kb127\rules\rules.1.359.52
c:\program files\Dealio\kb127\rules\rules.1.360.53
c:\program files\Dealio\kb127\rules\rules.1.361.54
c:\program files\Dealio\kb127\rules\rules.1.362.68
c:\program files\Dealio\kb127\rules\rules.1.363.58
c:\program files\Dealio\kb127\rules\rules.1.364.54
c:\program files\Dealio\kb127\rules\rules.1.365.53
c:\program files\Dealio\kb127\rules\rules.1.367.56
c:\program files\Dealio\kb127\rules\rules.1.368.58
c:\program files\Dealio\kb127\rules\rules.1.369.55
c:\program files\Dealio\kb127\rules\rules.1.370.56
c:\program files\Dealio\kb127\rules\rules.1.371.56
c:\program files\Dealio\kb127\rules\rules.1.372.57
c:\program files\Dealio\kb127\rules\rules.1.373.55
c:\program files\Dealio\kb127\rules\rules.1.375.56
c:\program files\Dealio\kb127\rules\rules.1.376.57
c:\program files\Dealio\kb127\rules\rules.1.377.55
c:\program files\Dealio\kb127\rules\rules.1.378.65
c:\program files\Dealio\kb127\rules\rules.1.384.58
c:\program files\Dealio\kb127\rules\rules.1.386.71
c:\program files\Dealio\kb127\rules\rules.1.387.59
c:\program files\Dealio\kb127\rules\rules.1.388.59
c:\program files\Dealio\kb127\rules\rules.1.389.59
c:\program files\Dealio\kb127\rules\rules.1.390.60
c:\program files\Dealio\kb127\rules\rules.1.391.60
c:\program files\Dealio\kb127\rules\rules.1.392.60
c:\program files\Dealio\kb127\rules\rules.1.393.60
c:\program files\Dealio\kb127\rules\rules.1.394.60
c:\program files\Dealio\kb127\rules\rules.1.396.61
c:\program files\Dealio\kb127\rules\rules.1.397.61
c:\program files\Dealio\kb127\rules\rules.1.398.60
c:\program files\Dealio\kb127\rules\rules.1.399.60
c:\program files\Dealio\kb127\rules\rules.1.403.61
c:\program files\Dealio\kb127\rules\rules.1.404.63
c:\program files\Dealio\kb127\rules\rules.1.405.61
c:\program files\Dealio\kb127\rules\rules.1.406.61
c:\program files\Dealio\kb127\rules\rules.1.407.76
c:\program files\Dealio\kb127\rules\rules.1.408.63
c:\program files\Dealio\kb127\rules\rules.1.409.61
c:\program files\Dealio\kb127\rules\rules.1.412.62
c:\program files\Dealio\kb127\rules\rules.1.413.62
c:\program files\Dealio\kb127\rules\rules.1.414.62
c:\program files\Dealio\kb127\rules\rules.1.415.62
c:\program files\Dealio\kb127\rules\rules.1.416.62
c:\program files\Dealio\kb127\rules\rules.1.417.62
c:\program files\Dealio\kb127\rules\rules.1.418.62
c:\program files\Dealio\kb127\rules\rules.1.419.62
c:\program files\Dealio\kb127\rules\rules.1.420.62
c:\program files\Dealio\kb127\rules\rules.1.421.62
c:\program files\Dealio\kb127\rules\rules.1.423.63
c:\program files\Dealio\kb127\rules\rules.1.424.63
c:\program files\Dealio\kb127\rules\rules.1.425.63
c:\program files\Dealio\kb127\rules\rules.1.426.63
c:\program files\Dealio\kb127\rules\rules.1.427.63
c:\program files\Dealio\kb127\rules\rules.1.428.65
c:\program files\Dealio\kb127\rules\rules.1.429.63
c:\program files\Dealio\kb127\rules\rules.1.430.63
c:\program files\Dealio\kb127\rules\rules.1.432.65
c:\program files\Dealio\kb127\rules\rules.1.433.64
c:\program files\Dealio\kb127\rules\rules.1.434.65
c:\program files\Dealio\kb127\rules\rules.1.435.64
c:\program files\Dealio\kb127\rules\rules.1.436.76
c:\program files\Dealio\kb127\rules\rules.1.437.64
c:\program files\Dealio\kb127\rules\rules.1.438.71
c:\program files\Dealio\kb127\rules\rules.1.439.71
c:\program files\Dealio\kb127\rules\rules.1.440.75
c:\program files\Dealio\kb127\rules\rules.1.442.73
c:\program files\Dealio\kb127\rules\rules.1.443.73
c:\program files\Dealio\kb127\rules\rules.1.444.73
c:\program files\Dealio\kb127\rules\rules.1.445.68
c:\program files\Dealio\kb127\rules\rules.1.446.69
c:\program files\Dealio\kb127\rules\rules.1.450.67
c:\program files\Dealio\kb127\rules\rules.1.451.67
c:\program files\Dealio\kb127\rules\rules.1.452.68
c:\program files\Dealio\kb127\rules\rules.1.453.68
c:\program files\Dealio\kb127\rules\rules.1.454.69
c:\program files\Dealio\kb127\rules\rules.1.456.69
c:\program files\Dealio\kb127\rules\rules.1.457.75
c:\program files\Dealio\kb127\rules\rules.1.458.70
c:\program files\Dealio\kb127\rules\rules.1.459.70
c:\program files\Dealio\kb127\rules\rules.1.460.69
c:\program files\Dealio\kb127\rules\rules.1.462.74
c:\program files\Dealio\kb127\rules\rules.1.463.69
c:\program files\Dealio\kb127\rules\rules.1.464.70
c:\program files\Dealio\kb127\rules\rules.1.465.68
c:\program files\Dealio\kb127\rules\rules.1.468.70
c:\program files\Dealio\kb127\rules\rules.1.469.70
c:\program files\Dealio\kb127\rules\rules.1.470.70
c:\program files\Dealio\kb127\rules\rules.1.471.73
c:\program files\Dealio\kb127\rules\rules.1.472.70
c:\program files\Dealio\kb127\rules\rules.1.478.74
c:\program files\Dealio\kb127\rules\rules.1.479.73
c:\program files\Dealio\kb127\rules\rules.1.480.68
c:\program files\Dealio\kb127\rules\rules.1.481.71
c:\program files\Dealio\kb127\rules\rules.1.482.74
c:\program files\Dealio\kb127\rules\rules.1.49.67
c:\program files\Dealio\kb127\rules\rules.1.50.43
c:\program files\Dealio\kb127\rules\rules.1.500.71
c:\program files\Dealio\kb127\rules\rules.1.501.74
c:\program files\Dealio\kb127\rules\rules.1.502.71
c:\program files\Dealio\kb127\rules\rules.1.51.69
c:\program files\Dealio\kb127\rules\rules.1.52.72
c:\program files\Dealio\kb127\rules\rules.1.520.76
c:\program files\Dealio\kb127\rules\rules.1.521.76
c:\program files\Dealio\kb127\rules\rules.1.522.76
c:\program files\Dealio\kb127\rules\rules.1.53.51
c:\program files\Dealio\kb127\rules\rules.1.531.76
c:\program files\Dealio\kb127\rules\rules.1.532.75
c:\program files\Dealio\kb127\rules\rules.1.534.75
c:\program files\Dealio\kb127\rules\rules.1.54.47
c:\program files\Dealio\kb127\rules\rules.1.55.45
c:\program files\Dealio\kb127\rules\rules.1.56.69
c:\program files\Dealio\kb127\rules\rules.1.57.43
c:\program files\Dealio\kb127\rules\rules.1.58.47
c:\program files\Dealio\kb127\rules\rules.1.593.76
c:\program files\Dealio\kb127\rules\rules.1.595.76
c:\program files\Dealio\kb127\rules\rules.1.63.57
c:\program files\Dealio\kb127\rules\rules.1.66.47
c:\program files\Dealio\kb127\rules\rules.1.70.75
c:\program files\Dealio\kb127\rules\rules.1.71.43
c:\program files\Dealio\SearchSettingsKit.exe
c:\program files\Search Settings
c:\program files\Search Settings\kb127\SearchSettings.dll
c:\program files\Search Settings\kb127\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-16 au 2009-01-16 ))))))))))))))))))))))))))))))))))))
.
2009-01-15 18:16 . 2009-01-15 18:16 <REP> d-------- c:\program files\NCH Software
2009-01-13 20:05 . 2009-01-16 07:51 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-13 20:05 . 2009-01-13 20:05 1,409 --a------ c:\windows\QTFont.for
2009-01-13 19:37 . 2009-01-13 19:37 <REP> d-------- c:\program files\Apple Software Update
2009-01-12 23:30 . 2009-01-12 23:30 <REP> d-------- c:\program files\Lavasoft
2009-01-12 23:30 . 2009-01-12 23:31 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-11 20:02 . 2009-01-11 20:18 21,898,434,560 --a------ C:\image ok avec internet le 11 janvier 2009.tib
2009-01-11 11:54 . 2009-01-11 11:54 <REP> d-------- c:\documents and settings\Robin\Application Data\Creative
2009-01-10 22:13 . 2006-10-06 07:17 53,248 --------- c:\windows\Ctregrun.exe
2009-01-10 22:11 . 2007-03-28 18:01 299,008 -ra------ c:\windows\system32\V0350Cvw.dll
2009-01-10 22:04 . 2006-08-30 07:10 158,456 --------- c:\windows\system32\pxwma.dll
2009-01-10 22:04 . 2006-08-30 07:10 36,528 --------- c:\windows\system32\drivers\PxHelp20.sys
2009-01-10 22:04 . 2006-08-30 07:10 2,560 --------- c:\windows\system32\drivers\cdralw2k.sys
2009-01-10 22:04 . 2006-08-30 07:10 2,432 --------- c:\windows\system32\drivers\cdr4_xp.sys
2009-01-10 22:03 . 2009-01-10 22:03 <REP> d-------- c:\documents and settings\Robin\Application Data\InstallShield
2009-01-10 21:32 . 2009-01-10 21:32 <REP> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-01-10 21:25 . 2009-01-10 21:23 58,952 --a------ c:\windows\system32\MsgPlusLoader.dll
2009-01-10 21:23 . 2009-01-10 21:23 <REP> d-------- c:\program files\MessengerPlus! 3
2009-01-10 19:29 . 2009-01-10 19:29 <REP> d-------- c:\documents and settings\Robin\popup
2009-01-10 19:29 . 2009-01-10 19:29 <REP> d-------- c:\documents and settings\Robin\Groups
2009-01-10 19:21 . 2009-01-10 19:21 <REP> d-------- c:\documents and settings\Robin\Application Data\MSNInstaller
2009-01-10 19:05 . 2008-04-13 11:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2009-01-10 19:05 . 2008-04-13 11:45 60,032 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
2009-01-10 18:50 . 2009-01-10 19:02 <REP> d-------- c:\documents and settings\Robin\Application Data\Creative(2)
2009-01-10 12:59 . 2009-01-10 19:02 <REP> d-------- c:\documents and settings\All Users\Application Data\Creative
2009-01-09 21:46 . 2009-01-09 21:46 <REP> d-------- c:\program files\muvee Technologies
2009-01-09 21:46 . 2009-01-10 22:04 <REP> d-------- c:\program files\Fichiers communs\muvee Technologies
2009-01-09 21:45 . 2009-01-10 22:02 <REP> d-------- c:\program files\SightSpeed
2009-01-09 21:45 . 2009-01-09 21:45 <REP> d-------- c:\documents and settings\All Users\Application Data\muvee Technologies
2009-01-09 21:41 . 2009-01-10 22:02 <REP> d-------- c:\program files\Creative
2009-01-08 16:40 . 2009-01-08 16:40 <REP> d---s---- c:\documents and settings\Robin\UserData
2009-01-08 16:39 . 2009-01-10 21:38 <REP> d-------- c:\program files\Messenger Plus! Live
2009-01-08 16:16 . 2009-01-10 19:03 <REP> d-------- c:\documents and settings\Robin\Contacts
2009-01-08 16:11 . 2009-01-08 16:12 <REP> d-------- c:\program files\Windows Live
2009-01-08 16:11 . 2009-01-10 21:35 <REP> d--hsc--- c:\program files\Fichiers communs\WindowsLiveInstaller
2009-01-08 16:11 . 2009-01-10 21:35 <REP> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2009-01-08 00:13 . 2009-01-08 16:12 <REP> d--h----- c:\windows\$hf_mig$
2009-01-08 00:13 . 2005-02-25 04:35 22,752 --a------ c:\windows\system32\spupdsvc.exe
2009-01-08 00:10 . 2009-01-08 00:10 <REP> d-------- c:\documents and settings\All Users\Application Data\Grisoft
2009-01-07 23:58 . 2009-01-07 23:58 <REP> d-------- c:\program files\Free Audio Pack
2009-01-07 23:58 . 2009-01-07 23:58 <REP> d-------- c:\documents and settings\Robin\Application Data\Dealio
2009-01-07 23:52 . 2009-01-07 23:52 <REP> d-------- c:\program files\Avira
2009-01-07 22:25 . 2009-01-14 13:40 <REP> d-------- c:\program files\Shareaza
2009-01-07 21:34 . 2009-01-07 21:34 13,758 --a------ c:\windows\system32\wpa.bak
2009-01-07 20:47 . 2009-01-07 20:47 <REP> d-------- c:\documents and settings\All Users\Application Data\Bluetooth
2009-01-07 20:46 . 2009-01-07 20:46 <REP> d-------- c:\program files\IVT Corporation
2009-01-07 20:46 . 2009-01-07 20:47 32 --a------ c:\windows\0
2009-01-07 20:46 . 2009-01-07 20:46 0 --a------ c:\windows\system32\0
2009-01-07 20:43 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-07 20:43 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-07 10:00 . 2008-04-13 19:05 14,720 --a------ c:\windows\system32\drivers\kbdhid.sys
2009-01-07 10:00 . 2008-04-13 19:05 14,720 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
2009-01-07 09:59 . 2008-04-13 11:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2009-01-07 09:59 . 2008-04-13 11:45 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2009-01-05 17:36 . 2009-01-05 17:37 <REP> d-------- c:\program files\ABBYY FineReader 6.0 Sprint
2009-01-05 17:33 . 2006-03-20 00:00 63,488 --a------ c:\windows\system32\escwiad.dll
2009-01-05 16:57 . 2009-01-05 16:57 <REP> d-------- c:\documents and settings\Robin\Application Data\EPSON
2009-01-05 16:41 . 2008-04-13 11:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-01-05 16:41 . 2008-04-13 11:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-01-05 16:29 . 2009-01-05 17:38 <REP> d-------- c:\documents and settings\All Users\Application Data\UDL
2009-01-05 16:26 . 2009-01-05 16:26 25 --a------ c:\windows\CDE DX6000EFDG.ini
2009-01-05 16:25 . 2009-01-05 17:37 <REP> d-------- c:\program files\EPSON
2009-01-05 16:25 . 2006-04-05 02:05 73,216 --a------ c:\windows\system32\E_FLBBIE.DLL
2009-01-05 16:25 . 2005-04-11 02:01 62,976 --a------ c:\windows\system32\E_FD4BBIE.DLL
2009-01-05 16:25 . 2004-09-10 21:12 49,152 --a------ c:\windows\system32\E_DCINST.DLL
2009-01-05 16:24 . 2008-04-13 11:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-01-05 16:24 . 2008-04-13 11:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2009-01-05 16:16 . 2008-04-13 11:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-01-05 16:16 . 2008-04-13 11:45 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2009-01-04 22:05 . 2009-01-04 22:05 <REP> d-------- c:\program files\QuickTime
2009-01-04 22:05 . 2009-01-04 22:05 <REP> d-------- c:\program files\iTunes
2009-01-04 22:05 . 2009-01-04 22:05 <REP> d-------- c:\program files\iPod
2009-01-04 22:05 . 2009-01-04 22:05 <REP> d-------- c:\program files\Bonjour
2009-01-04 22:05 . 2009-01-04 22:05 <REP> d-------- c:\documents and settings\Robin\Application Data\Apple Computer
2009-01-04 22:05 . 2009-01-08 17:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-04 22:04 . 2009-01-04 22:04 <REP> d-------- c:\program files\Fichiers communs\Apple
2009-01-04 22:04 . 2009-01-04 22:04 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-01-04 18:41 . 2009-01-16 21:43 <REP> d-------- c:\program files\eMule
2009-01-04 18:30 . 2009-01-15 07:53 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-04 18:30 . 2009-01-04 18:30 <REP> d-------- c:\documents and settings\Robin\Application Data\Malwarebytes
2009-01-04 18:30 . 2009-01-04 18:30 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-04 18:27 . 2009-01-07 23:03 <REP> d-------- c:\program files\uTorrent
2009-01-04 18:27 . 2009-01-16 08:02 <REP> d-------- c:\documents and settings\Robin\Application Data\uTorrent
2009-01-03 21:56 . 2009-01-03 21:56 <REP> d-------- c:\program files\MeeSoft
2009-01-03 21:46 . 2009-01-03 21:46 <REP> d-------- c:\documents and settings\Robin\Application Data\Micro Application
2009-01-03 21:45 . 2009-01-03 21:45 <REP> d-------- c:\program files\Micro Application
2009-01-03 21:45 . 2009-01-03 21:45 <REP> d-------- c:\program files\Fichiers communs\Acronis
2009-01-03 21:45 . 2009-01-03 21:45 210,400 --a------ c:\windows\system32\drivers\timntr.sys
2009-01-03 21:45 . 2009-01-03 21:45 126,976 --a------ c:\windows\system32\snapapi.dll
2009-01-03 21:45 . 2009-01-03 21:45 81,280 --a------ c:\windows\system32\drivers\snapman.sys
2009-01-03 21:45 . 2009-01-03 21:45 37,888 --a------ c:\windows\system32\setupnt.dll
2009-01-03 21:45 . 2009-01-03 21:45 28,768 --a------ c:\windows\system32\drivers\tifsfilt.sys
2009-01-03 21:33 . 2009-01-03 21:33 <REP> d-------- c:\program files\TUGZip
2009-01-03 21:33 . 2007-03-12 23:34 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2009-01-03 21:33 . 2007-03-12 23:34 77,312 --a------ c:\windows\system32\ztvunace26.dll
2009-01-03 21:33 . 2007-03-12 23:34 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2009-01-03 21:31 . 2009-01-03 21:31 <REP> d-------- c:\program files\NCH Swift Sound
2009-01-03 21:15 . 2009-01-16 23:03 <REP> d-------- c:\program files\PeerGuardian2
2009-01-03 21:15 . 2009-01-03 21:15 <REP> d-------- c:\program files\mp3DirectCut
2009-01-03 21:14 . 2009-01-03 21:14 <REP> d-------- c:\program files\RarZilla Free Unrar
2009-01-03 21:13 . 2009-01-03 21:13 <REP> d-------- c:\program files\MSN Toolbar
2009-01-03 21:08 . 2009-01-14 22:29 <REP> d-------- c:\windows\system32\hdined32.nls.{00021401-0000-0000-C000-000000000046}
2009-01-03 21:08 . 2009-01-03 21:08 <REP> d-------- c:\program files\burnatonce
2009-01-03 21:07 . 2009-01-14 07:54 <REP> d-------- c:\program files\a-squared Free
2009-01-03 21:02 . 2009-01-03 21:02 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-01-03 21:01 . 2009-01-04 21:57 <REP> d-------- C:\iTunes
2009-01-03 20:58 . 2009-01-03 21:00 <REP> d-------- C:\ipod Rodolphe
2009-01-03 20:57 . 2009-01-03 20:57 <REP> d-------- C:\léopold
2009-01-03 20:49 . 2009-01-14 15:25 <REP> d-------- C:\Downloads
2009-01-03 18:33 . 2004-08-23 14:50 32,768 --a------ c:\windows\system32\WooDial2000.dll
2009-01-03 18:32 . 2009-01-03 18:32 <REP> d-------- c:\windows\system32\AlertModule
2009-01-03 18:32 . 2003-08-04 14:22 94,208 --a------ c:\windows\system32\W32n50.dll
2009-01-03 18:32 . 2004-08-23 14:49 40,960 --a------ c:\windows\system32\FTRTSVC.exe
2009-01-03 18:32 . 2005-10-06 14:55 36,864 --a------ c:\windows\system32\IfHelper.dll
2009-01-03 18:32 . 2003-08-04 14:22 16,128 --------- c:\windows\system32\PCANDIS5.SYS
2009-01-03 18:31 . 2009-01-16 23:04 <REP> d-------- c:\program files\Wanadoo
2009-01-03 18:30 . 2009-01-03 18:30 <REP> d-------- c:\program files\SAGEM
2009-01-03 18:30 . 2009-01-10 22:13 <REP> d--h----- c:\program files\InstallShield Installation Information
2009-01-03 18:30 . 2009-01-05 16:32 <REP> d-------- c:\program files\Fichiers communs\InstallShield
2009-01-03 16:22 . 2009-01-03 16:22 <REP> d-------- c:\program files\Securitoo
2009-01-03 16:13 . 2009-01-03 16:14 <REP> d-------- c:\windows\SxsCaPendDel
2009-01-02 11:59 . 2009-01-02 11:59 <REP> d-------- c:\windows\system32\LogFiles
2009-01-02 11:58 . 2009-01-02 11:58 <REP> d-------- c:\program files\Fichiers communs\BitDefender
2009-01-02 11:55 . 2009-01-02 11:55 <REP> d-------- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-01-02 10:06 . 2009-01-02 10:06 <REP> d-------- c:\windows\system32\AGEIA
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-31 14:21 --------- d-----w c:\program files\microsoft frontpage
2008-12-31 14:20 --------- d-----w c:\program files\Services en ligne
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"Creative Live! Cam Manager"="c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-05-02 151552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"Cloneur Expert Monitor"="c:\program files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" [2009-01-03 437675]
"Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2009-01-03 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2007-04-09 20480]
"V0350Mon.exe"="c:\windows\V0350Mon.exe" [2007-03-28 32768]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"=
"c:\\Program Files\\a-squared Free\\a2free.exe"=
R3 VF0350Afx;VF0350 Audio FX;c:\windows\system32\drivers\V0350Afx.sys [2009-01-10 143136]
R3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\drivers\V0350Vfx.sys [2009-01-10 7424]
R3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\system32\drivers\V0350Vid.sys [2009-01-10 170016]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-12-19 195752]
S4 BDVEDISK;BDVEDISK;\??\c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys --> c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [?]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - PGFILTER
*Deregistered* - pgfilter
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e934a4ab-da84-11dd-9c55-001921379068}]
\Shell\AutoRun\command - f:\wd_windows_tools\WDSetup.exe
.
Contenu du dossier 'Tâches planifiées'
2009-01-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
IE: Compare Prices with &Dealio - c:\documents and settings\Robin\Application Data\Dealio\kb127\res\DealioSearch.html
IE: { - c:\program files\Messenger\msmsgs.exe
TCP: {599748A7-29DE-454A-9300-9F71601D812E} = 192.168.1.1
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-16 23:16:02
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2009-01-16 23:16:53
ComboFix-quarantined-files.txt 2009-01-16 22:16:51
ComboFix2.txt 2009-01-15 17:43:47
Avant-CF: 110 338 584 576 octets libres
Après-CF: 110,366,830,592 octets libres
524 --- E O F --- 2009-01-08 15:11:31
et voilà le rapport Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:18:48, on 16/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0350Mon.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
E:\Utilitaires\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AVFX Engine] "C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe"
O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Robin\Application Data\Dealio\kb127\res\DealioSearch.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{599748A7-29DE-454A-9300-9F71601D812E}: NameServer = 192.168.1.1
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Audio Service (STacSV) - Unknown owner - c:\documents and settings\robin\bureau\idt_095\v095_d5902.1_g2.0xp_d6052.2_g2.0v_rc_1_sdc_prewhql\disk1\wdm\winxp\STacSV.exe (file missing)
--
End of file - 7953 bytes
Re,
Fix les lignes dans le cadre ci-dessous avec HijackThis : AIDE EN IMAGES
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)
|
Répondre à Angeldark
Bonjour,
Voilà c'est fait
Re,
Je n'ai pas eu de nouvelles depuis la dernière manip !
Je suppose que c'est OK ?
Sur mon poste çà fonctionne correctement
Veux-tu que je mentionne "Resolu " ?
En tout cas merci pour ton aide
Tu as encore des soucis ?
Répondre à Angeldark
Non tout à l'air d'aller bien
Bon surf.
Répondre à Angeldark
Merci
Il y a 2567 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
