Tom's Guide > Forum > Sécurité - Virus > Infection Bagle coriace?

Infection Bagle coriace?

Forum Sécurité - Virus : Infection Bagle coriace?

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !
Créer un nouveau sujet Répondre
Mot :    Pseudo :           
 
Marty_44   17-01-2009 à 08:45:37

Bonjour,

J'ai chopé une saleté, voici les symptomes:
- Message "application win32 non valide" lors du lancement d'Avast et des autres logiciels sensés scanner mon PC.
- Impossible de redémarrer en mode sans échec.
- Impossible de lancer Elibagla.

Est-ce que je peux lancer ComboFix et poster le rapport ici?
Merci de votre aide

Répondre
Liens sponsorisés
Inscrivez-vous ou connectez-vous pour masquer ceci.
Marty_44   17-01-2009 à 13:09:02

J'ai lancé ComboFix et pu lancer HiJackthis ensuite. Voila le rapport de ce dernier.
Suis-je vraiment débarassée du truc ou y a-t-il des fichiers à supprimer manuellement?
merci !

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:03:11, on 17/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Philips\Philips SPC230NC Webcam\TrayMin230.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Documents and Settings\Céline\Bureau\Jako.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SPC230NC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe
O4 - HKLM\..\Run: [SPC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: TrayMin230.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

--
End of file - 8718 bytes

Répondre à Marty_44
Angeldark   17-01-2009 à 13:16:18

Bonjour,

Tu as le rapport Combofix ?

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Marty_44   18-01-2009 à 11:49:09

Bonjour,

Entre-temps, j'ai installé Antivir, lancé un scan complet, plein de choses ont été supprimées. Puis j'ai pu lancer Elibagle qui a supprimé "srosa2".

Voici le rapport de combofix, première action que j'avais effectuée.

ComboFix 09-01-13.04 - C‚line 2009-01-17 12:25:51.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.255.67 [GMT 1:00]
Running from: c:\documents and settings\C‚line\Bureau\Combo-Fix.exe
Command switches used :: c:\documents and settings\C‚line\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\C‚line\Application Data\drivers\downld
c:\documents and settings\C‚line\Application Data\drivers\srosa.sys
c:\documents and settings\C‚line\Application Data\drivers\srosa2.sys
c:\documents and settings\C‚line\Application Data\drivers\winupgro.exe
c:\documents and settings\C‚line\Application Data\m
c:\documents and settings\C‚line\Application Data\m\shared
c:\documents and settings\Céline\Application Data\drivers\downld\1002187.exe
c:\documents and settings\Céline\Application Data\drivers\downld\1004203.exe
c:\documents and settings\Céline\Application Data\drivers\downld\1032546.exe
c:\documents and settings\Céline\Application Data\drivers\downld\1037546.exe
c:\documents and settings\Céline\Application Data\drivers\downld\1038281.exe
c:\documents and settings\Céline\Application Data\drivers\downld\1057734.exe
c:\documents and settings\Céline\Application Data\drivers\downld\1076828.exe
c:\documents and settings\Céline\Application Data\drivers\downld\1120250.exe
c:\documents and settings\Céline\Application Data\drivers\downld\1120953.exe
c:\documents and settings\Céline\Application Data\drivers\downld\1121406.exe
c:\documents and settings\Céline\Application Data\drivers\downld\1137421.exe
c:\documents and settings\Céline\Application Data\drivers\downld\1140687.exe
c:\documents and settings\Céline\Application Data\drivers\downld\1142062.exe
c:\documents and settings\Céline\Application Data\drivers\downld\1143406.exe
c:\documents and settings\Céline\Application Data\drivers\downld\1144578.exe
c:\documents and settings\Céline\Application Data\drivers\downld\1145921.exe
c:\documents and settings\Céline\Application Data\drivers\downld\1176250.exe
c:\documents and settings\Céline\Application Data\drivers\downld\1178062.exe
c:\documents and settings\Céline\Application Data\drivers\downld\1178765.exe
c:\documents and settings\Céline\Application Data\drivers\downld\1191578.exe
c:\documents and settings\Céline\Application Data\drivers\downld\1240234.exe
c:\documents and settings\Céline\Application Data\drivers\downld\1260921.exe
c:\documents and settings\Céline\Application Data\drivers\downld\1262656.exe
c:\documents and settings\Céline\Application Data\drivers\downld\1263203.exe
c:\documents and settings\Céline\Application Data\drivers\downld\167031.exe
c:\documents and settings\Céline\Application Data\drivers\downld\180500.exe
c:\documents and settings\Céline\Application Data\drivers\downld\180796.exe
c:\documents and settings\Céline\Application Data\drivers\downld\186015.exe
c:\documents and settings\Céline\Application Data\drivers\downld\186234.exe
c:\documents and settings\Céline\Application Data\drivers\downld\186250.exe
c:\documents and settings\Céline\Application Data\drivers\downld\187140.exe
c:\documents and settings\Céline\Application Data\drivers\downld\191312.exe
c:\documents and settings\Céline\Application Data\drivers\downld\191343.exe
c:\documents and settings\Céline\Application Data\drivers\downld\191859.exe
c:\documents and settings\Céline\Application Data\drivers\downld\191921.exe
c:\documents and settings\Céline\Application Data\drivers\downld\192875.exe
c:\documents and settings\Céline\Application Data\drivers\downld\193546.exe
c:\documents and settings\Céline\Application Data\drivers\downld\193562.exe
c:\documents and settings\Céline\Application Data\drivers\downld\195281.exe
c:\documents and settings\Céline\Application Data\drivers\downld\195312.exe
c:\documents and settings\Céline\Application Data\drivers\downld\197468.exe
c:\documents and settings\Céline\Application Data\drivers\downld\197671.exe
c:\documents and settings\Céline\Application Data\drivers\downld\197921.exe
c:\documents and settings\Céline\Application Data\drivers\downld\198421.exe
c:\documents and settings\Céline\Application Data\drivers\downld\199890.exe
c:\documents and settings\Céline\Application Data\drivers\downld\200140.exe
c:\documents and settings\Céline\Application Data\drivers\downld\200515.exe
c:\documents and settings\Céline\Application Data\drivers\downld\200921.exe
c:\documents and settings\Céline\Application Data\drivers\downld\201125.exe
c:\documents and settings\Céline\Application Data\drivers\downld\201500.exe
c:\documents and settings\Céline\Application Data\drivers\downld\202484.exe
c:\documents and settings\Céline\Application Data\drivers\downld\202640.exe
c:\documents and settings\Céline\Application Data\drivers\downld\203343.exe
c:\documents and settings\Céline\Application Data\drivers\downld\203531.exe
c:\documents and settings\Céline\Application Data\drivers\downld\203546.exe
c:\documents and settings\Céline\Application Data\drivers\downld\203812.exe
c:\documents and settings\Céline\Application Data\drivers\downld\203843.exe
c:\documents and settings\Céline\Application Data\drivers\downld\203921.exe
c:\documents and settings\Céline\Application Data\drivers\downld\203968.exe
c:\documents and settings\Céline\Application Data\drivers\downld\205125.exe
c:\documents and settings\Céline\Application Data\drivers\downld\205312.exe
c:\documents and settings\Céline\Application Data\drivers\downld\205968.exe
c:\documents and settings\Céline\Application Data\drivers\downld\206031.exe
c:\documents and settings\Céline\Application Data\drivers\downld\206234.exe
c:\documents and settings\Céline\Application Data\drivers\downld\206343.exe
c:\documents and settings\Céline\Application Data\drivers\downld\206781.exe
c:\documents and settings\Céline\Application Data\drivers\downld\207046.exe
c:\documents and settings\Céline\Application Data\drivers\downld\207109.exe
c:\documents and settings\Céline\Application Data\drivers\downld\207625.exe
c:\documents and settings\Céline\Application Data\drivers\downld\207703.exe
c:\documents and settings\Céline\Application Data\drivers\downld\207718.exe
c:\documents and settings\Céline\Application Data\drivers\downld\207796.exe
c:\documents and settings\Céline\Application Data\drivers\downld\207828.exe
c:\documents and settings\Céline\Application Data\drivers\downld\208156.exe
c:\documents and settings\Céline\Application Data\drivers\downld\208625.exe
c:\documents and settings\Céline\Application Data\drivers\downld\208796.exe
c:\documents and settings\Céline\Application Data\drivers\downld\208953.exe
c:\documents and settings\Céline\Application Data\drivers\downld\210406.exe
c:\documents and settings\Céline\Application Data\drivers\downld\210421.exe
c:\documents and settings\Céline\Application Data\drivers\downld\210640.exe
c:\documents and settings\Céline\Application Data\drivers\downld\210828.exe
c:\documents and settings\Céline\Application Data\drivers\downld\210890.exe
c:\documents and settings\Céline\Application Data\drivers\downld\212875.exe
c:\documents and settings\Céline\Application Data\drivers\downld\214250.exe
c:\documents and settings\Céline\Application Data\drivers\downld\214828.exe
c:\documents and settings\Céline\Application Data\drivers\downld\214953.exe
c:\documents and settings\Céline\Application Data\drivers\downld\216875.exe
c:\documents and settings\Céline\Application Data\drivers\downld\217468.exe
c:\documents and settings\Céline\Application Data\drivers\downld\219625.exe
c:\documents and settings\Céline\Application Data\drivers\downld\221562.exe
c:\documents and settings\Céline\Application Data\drivers\downld\222187.exe
c:\documents and settings\Céline\Application Data\drivers\downld\223968.exe
c:\documents and settings\Céline\Application Data\drivers\downld\224343.exe
c:\documents and settings\Céline\Application Data\drivers\downld\225156.exe
c:\documents and settings\Céline\Application Data\drivers\downld\225515.exe
c:\documents and settings\Céline\Application Data\drivers\downld\228953.exe
c:\documents and settings\Céline\Application Data\drivers\downld\230250.exe
c:\documents and settings\Céline\Application Data\drivers\downld\230953.exe
c:\documents and settings\Céline\Application Data\drivers\downld\232937.exe
c:\documents and settings\Céline\Application Data\drivers\downld\233734.exe
c:\documents and settings\Céline\Application Data\drivers\downld\234156.exe
c:\documents and settings\Céline\Application Data\drivers\downld\234218.exe
c:\documents and settings\Céline\Application Data\drivers\downld\234265.exe
c:\documents and settings\Céline\Application Data\drivers\downld\234359.exe
c:\documents and settings\Céline\Application Data\drivers\downld\234406.exe
c:\documents and settings\Céline\Application Data\drivers\downld\235437.exe
c:\documents and settings\Céline\Application Data\drivers\downld\235625.exe
c:\documents and settings\Céline\Application Data\drivers\downld\235750.exe
c:\documents and settings\Céline\Application Data\drivers\downld\235765.exe
c:\documents and settings\Céline\Application Data\drivers\downld\235843.exe
c:\documents and settings\Céline\Application Data\drivers\downld\235953.exe
c:\documents and settings\Céline\Application Data\drivers\downld\236281.exe
c:\documents and settings\Céline\Application Data\drivers\downld\236359.exe
c:\documents and settings\Céline\Application Data\drivers\downld\236750.exe
c:\documents and settings\Céline\Application Data\drivers\downld\236843.exe
c:\documents and settings\Céline\Application Data\drivers\downld\236859.exe
c:\documents and settings\Céline\Application Data\drivers\downld\236875.exe
c:\documents and settings\Céline\Application Data\drivers\downld\237265.exe
c:\documents and settings\Céline\Application Data\drivers\downld\237609.exe
c:\documents and settings\Céline\Application Data\drivers\downld\237640.exe
c:\documents and settings\Céline\Application Data\drivers\downld\237718.exe
c:\documents and settings\Céline\Application Data\drivers\downld\238546.exe
c:\documents and settings\Céline\Application Data\drivers\downld\242437.exe
c:\documents and settings\Céline\Application Data\drivers\downld\242937.exe
c:\documents and settings\Céline\Application Data\drivers\downld\244140.exe
c:\documents and settings\Céline\Application Data\drivers\downld\245031.exe
c:\documents and settings\Céline\Application Data\drivers\downld\246046.exe
c:\documents and settings\Céline\Application Data\drivers\downld\246500.exe
c:\documents and settings\Céline\Application Data\drivers\downld\247171.exe
c:\documents and settings\Céline\Application Data\drivers\downld\247421.exe
c:\documents and settings\Céline\Application Data\drivers\downld\247921.exe
c:\documents and settings\Céline\Application Data\drivers\downld\248921.exe
c:\documents and settings\Céline\Application Data\drivers\downld\249000.exe
c:\documents and settings\Céline\Application Data\drivers\downld\249343.exe
c:\documents and settings\Céline\Application Data\drivers\downld\249656.exe
c:\documents and settings\Céline\Application Data\drivers\downld\249750.exe
c:\documents and settings\Céline\Application Data\drivers\downld\249765.exe
c:\documents and settings\Céline\Application Data\drivers\downld\249828.exe
c:\documents and settings\Céline\Application Data\drivers\downld\250031.exe
c:\documents and settings\Céline\Application Data\drivers\downld\251125.exe
c:\documents and settings\Céline\Application Data\drivers\downld\251765.exe
c:\documents and settings\Céline\Application Data\drivers\downld\251828.exe
c:\documents and settings\Céline\Application Data\drivers\downld\252531.exe
c:\documents and settings\Céline\Application Data\drivers\downld\252578.exe
c:\documents and settings\Céline\Application Data\drivers\downld\253781.exe
c:\documents and settings\Céline\Application Data\drivers\downld\254578.exe
c:\documents and settings\Céline\Application Data\drivers\downld\254781.exe
c:\documents and settings\Céline\Application Data\drivers\downld\254843.exe
c:\documents and settings\Céline\Application Data\drivers\downld\255515.exe
c:\documents and settings\Céline\Application Data\drivers\downld\256031.exe
c:\documents and settings\Céline\Application Data\drivers\downld\259515.exe
c:\documents and settings\Céline\Application Data\drivers\downld\265750.exe
c:\documents and settings\Céline\Application Data\drivers\downld\266218.exe
c:\documents and settings\Céline\Application Data\drivers\downld\266875.exe
c:\documents and settings\Céline\Application Data\drivers\downld\271593.exe
c:\documents and settings\Céline\Application Data\drivers\downld\272000.exe
c:\documents and settings\Céline\Application Data\drivers\downld\272156.exe
c:\documents and settings\Céline\Application Data\drivers\downld\272796.exe
c:\documents and settings\Céline\Application Data\drivers\downld\274656.exe
c:\documents and settings\Céline\Application Data\drivers\downld\276578.exe
c:\documents and settings\Céline\Application Data\drivers\downld\278937.exe
c:\documents and settings\Céline\Application Data\drivers\downld\281000.exe
c:\documents and settings\Céline\Application Data\drivers\downld\281281.exe
c:\documents and settings\Céline\Application Data\drivers\downld\281671.exe
c:\documents and settings\Céline\Application Data\drivers\downld\282703.exe
c:\documents and settings\Céline\Application Data\drivers\downld\282875.exe
c:\documents and settings\Céline\Application Data\drivers\downld\284953.exe
c:\documents and settings\Céline\Application Data\drivers\downld\285765.exe
c:\documents and settings\Céline\Application Data\drivers\downld\286500.exe
c:\documents and settings\Céline\Application Data\drivers\downld\286937.exe
c:\documents and settings\Céline\Application Data\drivers\downld\287015.exe
c:\documents and settings\Céline\Application Data\drivers\downld\288140.exe
c:\documents and settings\Céline\Application Data\drivers\downld\289093.exe
c:\documents and settings\Céline\Application Data\drivers\downld\289562.exe
c:\documents and settings\Céline\Application Data\drivers\downld\293156.exe
c:\documents and settings\Céline\Application Data\drivers\downld\298406.exe
c:\documents and settings\Céline\Application Data\drivers\downld\300890.exe
c:\documents and settings\Céline\Application Data\drivers\downld\301953.exe
c:\documents and settings\Céline\Application Data\drivers\downld\302796.exe
c:\documents and settings\Céline\Application Data\drivers\downld\303187.exe
c:\documents and settings\Céline\Application Data\drivers\downld\305765.exe
c:\documents and settings\Céline\Application Data\drivers\downld\307687.exe
c:\documents and settings\Céline\Application Data\drivers\downld\308156.exe
c:\documents and settings\Céline\Application Data\drivers\downld\310281.exe
c:\documents and settings\Céline\Application Data\drivers\downld\310343.exe
c:\documents and settings\Céline\Application Data\drivers\downld\315687.exe
c:\documents and settings\Céline\Application Data\drivers\downld\318343.exe
c:\documents and settings\Céline\Application Data\drivers\downld\319031.exe
c:\documents and settings\Céline\Application Data\drivers\downld\323640.exe
c:\documents and settings\Céline\Application Data\drivers\downld\326703.exe
c:\documents and settings\Céline\Application Data\drivers\downld\327593.exe
c:\documents and settings\Céline\Application Data\drivers\downld\327796.exe
c:\documents and settings\Céline\Application Data\drivers\downld\328265.exe
c:\documents and settings\Céline\Application Data\drivers\downld\339734.exe
c:\documents and settings\Céline\Application Data\drivers\downld\341968.exe
c:\documents and settings\Céline\Application Data\drivers\downld\342718.exe
c:\documents and settings\Céline\Application Data\drivers\downld\343000.exe
c:\documents and settings\Céline\Application Data\drivers\downld\343062.exe
c:\documents and settings\Céline\Application Data\drivers\downld\343656.exe
c:\documents and settings\Céline\Application Data\drivers\downld\355234.exe
c:\documents and settings\Céline\Application Data\drivers\downld\355671.exe
c:\documents and settings\Céline\Application Data\drivers\downld\356718.exe
c:\documents and settings\Céline\Application Data\drivers\downld\357359.exe
c:\documents and settings\Céline\Application Data\drivers\downld\357843.exe
c:\documents and settings\Céline\Application Data\drivers\downld\358015.exe
c:\documents and settings\Céline\Application Data\drivers\downld\359078.exe
c:\documents and settings\Céline\Application Data\drivers\downld\359609.exe
c:\documents and settings\Céline\Application Data\drivers\downld\370671.exe
c:\documents and settings\Céline\Application Data\drivers\downld\370968.exe
c:\documents and settings\Céline\Application Data\drivers\downld\371640.exe
c:\documents and settings\Céline\Application Data\drivers\downld\373093.exe
c:\documents and settings\Céline\Application Data\drivers\downld\373250.exe
c:\documents and settings\Céline\Application Data\drivers\downld\373515.exe
c:\documents and settings\Céline\Application Data\drivers\downld\373718.exe
c:\documents and settings\Céline\Application Data\drivers\downld\374281.exe
c:\documents and settings\Céline\Application Data\drivers\downld\374312.exe
c:\documents and settings\Céline\Application Data\drivers\downld\375296.exe
c:\documents and settings\Céline\Application Data\drivers\downld\375390.exe
c:\documents and settings\Céline\Application Data\drivers\downld\376718.exe
c:\documents and settings\Céline\Application Data\drivers\downld\376906.exe
c:\documents and settings\Céline\Application Data\drivers\downld\377328.exe
c:\documents and settings\Céline\Application Data\drivers\downld\377781.exe
c:\documents and settings\Céline\Application Data\drivers\downld\379203.exe
c:\documents and settings\Céline\Application Data\drivers\downld\380750.exe
c:\documents and settings\Céline\Application Data\drivers\downld\381203.exe
c:\documents and settings\Céline\Application Data\drivers\downld\390468.exe
c:\documents and settings\Céline\Application Data\drivers\downld\397125.exe
c:\documents and settings\Céline\Application Data\drivers\downld\398531.exe
c:\documents and settings\Céline\Application Data\drivers\downld\399359.exe
c:\documents and settings\Céline\Application Data\drivers\downld\400046.exe
c:\documents and settings\Céline\Application Data\drivers\downld\400109.exe
c:\documents and settings\Céline\Application Data\drivers\downld\408484.exe
c:\documents and settings\Céline\Application Data\drivers\downld\409937.exe
c:\documents and settings\Céline\Application Data\drivers\downld\410250.exe
c:\documents and settings\Céline\Application Data\drivers\downld\410468.exe
c:\documents and settings\Céline\Application Data\drivers\downld\411562.exe
c:\documents and settings\Céline\Application Data\drivers\downld\411859.exe
c:\documents and settings\Céline\Application Data\drivers\downld\417796.exe
c:\documents and settings\Céline\Application Data\drivers\downld\418265.exe
c:\documents and settings\Céline\Application Data\drivers\downld\418953.exe
c:\documents and settings\Céline\Application Data\drivers\downld\419000.exe
c:\documents and settings\Céline\Application Data\drivers\downld\419015.exe
c:\documents and settings\Céline\Application Data\drivers\downld\419078.exe
c:\documents and settings\Céline\Application Data\drivers\downld\421062.exe
c:\documents and settings\Céline\Application Data\drivers\downld\422312.exe
c:\documents and settings\Céline\Application Data\drivers\downld\422437.exe
c:\documents and settings\Céline\Application Data\drivers\downld\423296.exe
c:\documents and settings\Céline\Application Data\drivers\downld\423578.exe
c:\documents and settings\Céline\Application Data\drivers\downld\427296.exe
c:\documents and settings\Céline\Application Data\drivers\downld\429671.exe
c:\documents and settings\Céline\Application Data\drivers\downld\429828.exe
c:\documents and settings\Céline\Application Data\drivers\downld\430656.exe
c:\documents and settings\Céline\Application Data\drivers\downld\430750.exe
c:\documents and settings\Céline\Application Data\drivers\downld\431390.exe
c:\documents and settings\Céline\Application Data\drivers\downld\433296.exe
c:\documents and settings\Céline\Application Data\drivers\downld\434703.exe
c:\documents and settings\Céline\Application Data\drivers\downld\435312.exe
c:\documents and settings\Céline\Application Data\drivers\downld\436156.exe
c:\documents and settings\Céline\Application Data\drivers\downld\436484.exe
c:\documents and settings\Céline\Application Data\drivers\downld\437187.exe
c:\documents and settings\Céline\Application Data\drivers\downld\437984.exe
c:\documents and settings\Céline\Application Data\drivers\downld\438375.exe
c:\documents and settings\Céline\Application Data\drivers\downld\438640.exe
c:\documents and settings\Céline\Application Data\drivers\downld\439000.exe
c:\documents and settings\Céline\Application Data\drivers\downld\439125.exe
c:\documents and settings\Céline\Application Data\drivers\downld\439203.exe
c:\documents and settings\Céline\Application Data\drivers\downld\439546.exe
c:\documents and settings\Céline\Application Data\drivers\downld\439750.exe
c:\documents and settings\Céline\Application Data\drivers\downld\439781.exe
c:\documents and settings\Céline\Application Data\drivers\downld\439843.exe
c:\documents and settings\Céline\Application Data\drivers\downld\440515.exe
c:\documents and settings\Céline\Application Data\drivers\downld\440781.exe
c:\documents and settings\Céline\Application Data\drivers\downld\440875.exe
c:\documents and settings\Céline\Application Data\drivers\downld\441359.exe
c:\documents and settings\Céline\Application Data\drivers\downld\441421.exe
c:\documents and settings\Céline\Application Data\drivers\downld\442171.exe
c:\documents and settings\Céline\Application Data\drivers\downld\442390.exe
c:\documents and settings\Céline\Application Data\drivers\downld\442703.exe
c:\documents and settings\Céline\Application Data\drivers\downld\443125.exe
c:\documents and settings\Céline\Application Data\drivers\downld\443406.exe
c:\documents and settings\Céline\Application Data\drivers\downld\444781.exe
c:\documents and settings\Céline\Application Data\drivers\downld\445546.exe
c:\documents and settings\Céline\Application Data\drivers\downld\446031.exe
c:\documents and settings\Céline\Application Data\drivers\downld\446500.exe
c:\documents and settings\Céline\Application Data\drivers\downld\446578.exe
c:\documents and settings\Céline\Application Data\drivers\downld\446593.exe
c:\documents and settings\Céline\Application Data\drivers\downld\447109.exe
c:\documents and settings\Céline\Application Data\drivers\downld\447203.exe
c:\documents and settings\Céline\Application Data\drivers\downld\447218.exe
c:\documents and settings\Céline\Application Data\drivers\downld\447343.exe
c:\documents and settings\Céline\Application Data\drivers\downld\447734.exe
c:\documents and settings\Céline\Application Data\drivers\downld\447765.exe
c:\documents and settings\Céline\Application Data\drivers\downld\447984.exe
c:\documents and settings\Céline\Application Data\drivers\downld\448546.exe
c:\documents and settings\Céline\Application Data\drivers\downld\449921.exe
c:\documents and settings\Céline\Application Data\drivers\downld\451296.exe
c:\documents and settings\Céline\Application Data\drivers\downld\452296.exe
c:\documents and settings\Céline\Application Data\drivers\downld\452921.exe
c:\documents and settings\Céline\Application Data\drivers\downld\453218.exe
c:\documents and settings\Céline\Application Data\drivers\downld\453687.exe
c:\documents and settings\Céline\Application Data\drivers\downld\454093.exe
c:\documents and settings\Céline\Application Data\drivers\downld\454640.exe
c:\documents and settings\Céline\Application Data\drivers\downld\455296.exe
c:\documents and settings\Céline\Application Data\drivers\downld\455375.exe
c:\documents and settings\Céline\Application Data\drivers\downld\455890.exe
c:\documents and settings\Céline\Application Data\drivers\downld\455921.exe
c:\documents and settings\Céline\Application Data\drivers\downld\456078.exe
c:\documents and settings\Céline\Application Data\drivers\downld\456203.exe
c:\documents and settings\Céline\Application Data\drivers\downld\456828.exe
c:\documents and settings\Céline\Application Data\drivers\downld\457140.exe
c:\documents and settings\Céline\Application Data\drivers\downld\457703.exe
c:\documents and settings\Céline\Application Data\drivers\downld\457843.exe
c:\documents and settings\Céline\Application Data\drivers\downld\458015.exe
c:\documents and settings\Céline\Application Data\drivers\downld\458265.exe
c:\documents and settings\Céline\Application Data\drivers\downld\458421.exe
c:\documents and settings\Céline\Application Data\drivers\downld\458562.exe
c:\documents and settings\Céline\Application Data\drivers\downld\458625.exe
c:\documents and settings\Céline\Application Data\drivers\downld\458718.exe
c:\documents and settings\Céline\Application Data\drivers\downld\458906.exe
c:\documents and settings\Céline\Application Data\drivers\downld\460109.exe
c:\documents and settings\Céline\Application Data\drivers\downld\461125.exe
c:\documents and settings\Céline\Application Data\drivers\downld\462328.exe
c:\documents and settings\Céline\Application Data\drivers\downld\462968.exe
c:\documents and settings\Céline\Application Data\drivers\downld\463375.exe
c:\documents and settings\Céline\Application Data\drivers\downld\463453.exe
c:\documents and settings\Céline\Application Data\drivers\downld\463593.exe
c:\documents and settings\Céline\Application Data\drivers\downld\464265.exe
c:\documents and settings\Céline\Application Data\drivers\downld\464312.exe
c:\documents and settings\Céline\Application Data\drivers\downld\464843.exe
c:\documents and settings\Céline\Application Data\drivers\downld\465171.exe
c:\documents and settings\Céline\Application Data\drivers\downld\465390.exe
c:\documents and settings\Céline\Application Data\drivers\downld\465703.exe
c:\documents and settings\Céline\Application Data\drivers\downld\466109.exe
c:\documents and settings\Céline\Application Data\drivers\downld\466484.exe
c:\documents and settings\Céline\Application Data\drivers\downld\467640.exe
c:\documents and settings\Céline\Application Data\drivers\downld\468859.exe
c:\documents and settings\Céline\Application Data\drivers\downld\469078.exe
c:\documents and settings\Céline\Application Data\drivers\downld\469531.exe
c:\documents and settings\Céline\Application Data\drivers\downld\470406.exe
c:\documents and settings\Céline\Application Data\drivers\downld\470421.exe
c:\documents and settings\Céline\Application Data\drivers\downld\470437.exe
c:\documents and settings\Céline\Application Data\drivers\downld\470921.exe
c:\documents and settings\Céline\Application Data\drivers\downld\471171.exe
c:\documents and settings\Céline\Application Data\drivers\downld\471187.exe
c:\documents and settings\Céline\Application Data\drivers\downld\471390.exe
c:\documents and settings\Céline\Application Data\drivers\downld\471625.exe
c:\documents and settings\Céline\Application Data\drivers\downld\471828.exe
c:\documents and settings\Céline\Application Data\drivers\downld\472812.exe
c:\documents and settings\Céline\Application Data\drivers\downld\473078.exe
c:\documents and settings\Céline\Application Data\drivers\downld\473265.exe
c:\documents and settings\Céline\Application Data\drivers\downld\473296.exe
c:\documents and settings\Céline\Application Data\drivers\downld\473765.exe
c:\documents and settings\Céline\Application Data\drivers\downld\474046.exe
c:\documents and settings\Céline\Application Data\drivers\downld\474437.exe
c:\documents and settings\Céline\Application Data\drivers\downld\474703.exe
c:\documents and settings\Céline\Application Data\drivers\downld\474875.exe
c:\documents and settings\Céline\Application Data\drivers\downld\475078.exe
c:\documents and settings\Céline\Application Data\drivers\downld\475296.exe
c:\documents and settings\Céline\Application Data\drivers\downld\475687.exe
c:\documents and settings\Céline\Application Data\drivers\downld\475984.exe
c:\documents and settings\Céline\Application Data\drivers\downld\476312.exe
c:\documents and settings\Céline\Application Data\drivers\downld\477281.exe
c:\documents and settings\Céline\Application Data\drivers\downld\477578.exe
c:\documents and settings\Céline\Application Data\drivers\downld\477593.exe
c:\documents and settings\Céline\Application Data\drivers\downld\478531.exe
c:\documents and settings\Céline\Application Data\drivers\downld\478578.exe
c:\documents and settings\Céline\Application Data\drivers\downld\478687.exe
c:\documents and settings\Céline\Application Data\drivers\downld\478875.exe
c:\documents and settings\Céline\Application Data\drivers\downld\479296.exe
c:\documents and settings\Céline\Application Data\drivers\downld\479906.exe
c:\documents and settings\Céline\Application Data\drivers\downld\480312.exe
c:\documents and settings\Céline\Application Data\drivers\downld\480500.exe
c:\documents and settings\Céline\Application Data\drivers\downld\480671.exe
c:\documents and settings\Céline\Application Data\drivers\downld\481421.exe
c:\documents and settings\Céline\Application Data\drivers\downld\481515.exe
c:\documents and settings\Céline\Application Data\drivers\downld\482000.exe
c:\documents and settings\Céline\Application Data\drivers\downld\482125.exe
c:\documents and settings\Céline\Application Data\drivers\downld\482828.exe
c:\documents and settings\Céline\Application Data\drivers\downld\483218.exe
c:\documents and settings\Céline\Application Data\drivers\downld\483265.exe
c:\documents and settings\Céline\Application Data\drivers\downld\484312.exe
c:\documents and settings\Céline\Application Data\drivers\downld\484828.exe
c:\documents and settings\Céline\Application Data\drivers\downld\485812.exe
c:\documents and settings\Céline\Application Data\drivers\downld\486031.exe
c:\documents and settings\Céline\Application Data\drivers\downld\486250.exe
c:\documents and settings\Céline\Application Data\drivers\downld\487656.exe
c:\documents and settings\Céline\Application Data\drivers\downld\488468.exe
c:\documents and settings\Céline\Application Data\drivers\downld\489406.exe
c:\documents and settings\Céline\Application Data\drivers\downld\490203.exe
c:\documents and settings\Céline\Application Data\drivers\downld\490343.exe
c:\documents and settings\Céline\Application Data\drivers\downld\491031.exe
c:\documents and settings\Céline\Application Data\drivers\downld\492296.exe
c:\documents and settings\Céline\Application Data\drivers\downld\492515.exe
c:\documents and settings\Céline\Application Data\drivers\downld\493265.exe
c:\documents and settings\Céline\Application Data\drivers\downld\493281.exe
c:\documents and settings\Céline\Application Data\drivers\downld\494968.exe
c:\documents and settings\Céline\Application Data\drivers\downld\495156.exe
c:\documents and settings\Céline\Application Data\drivers\downld\495921.exe
c:\documents and settings\Céline\Application Data\drivers\downld\497109.exe
c:\documents and settings\Céline\Application Data\drivers\downld\498062.exe
c:\documents and settings\Céline\Application Data\drivers\downld\498453.exe
c:\documents and settings\Céline\Application Data\drivers\downld\503656.exe
c:\documents and settings\Céline\Application Data\drivers\downld\505937.exe
c:\documents and settings\Céline\Application Data\drivers\downld\506968.exe
c:\documents and settings\Céline\Application Data\drivers\downld\507562.exe
c:\documents and settings\Céline\Application Data\drivers\downld\507734.exe
c:\documents and settings\Céline\Application Data\drivers\downld\508187.exe
c:\documents and settings\Céline\Application Data\drivers\downld\509281.exe
c:\documents and settings\Céline\Application Data\drivers\downld\509390.exe
c:\documents and settings\Céline\Application Data\drivers\downld\509953.exe
c:\documents and settings\Céline\Application Data\drivers\downld\511000.exe
c:\documents and settings\Céline\Application Data\drivers\downld\511015.exe
c:\documents and settings\Céline\Application Data\drivers\downld\511703.exe
c:\documents and settings\Céline\Application Data\drivers\downld\511968.exe
c:\documents and settings\Céline\Application Data\drivers\downld\512468.exe
c:\documents and settings\Céline\Application Data\drivers\downld\512984.exe
c:\documents and settings\Céline\Application Data\drivers\downld\513078.exe
c:\documents and settings\Céline\Application Data\drivers\downld\513265.exe
c:\documents and settings\Céline\Application Data\drivers\downld\513375.exe
c:\documents and settings\Céline\Application Data\drivers\downld\513546.exe
c:\documents and settings\Céline\Application Data\drivers\downld\513609.exe
c:\documents and settings\Céline\Application Data\drivers\downld\513937.exe
c:\documents and settings\Céline\Application Data\drivers\downld\514203.exe
c:\documents and settings\Céline\Application Data\drivers\downld\514265.exe
c:\documents and settings\Céline\Application Data\drivers\downld\514546.exe
c:\documents and settings\Céline\Application Data\drivers\downld\514578.exe
c:\documents and settings\Céline\Application Data\drivers\downld\515343.exe
c:\documents and settings\Céline\Application Data\drivers\downld\516265.exe
c:\documents and settings\Céline\Application Data\drivers\downld\516703.exe
c:\documents and settings\Céline\Application Data\drivers\downld\516890.exe
c:\documents and settings\Céline\Application Data\drivers\downld\517234.exe
c:\documents and settings\Céline\Application Data\drivers\downld\518078.exe
c:\documents and settings\Céline\Application Data\drivers\downld\518359.exe
c:\documents and settings\Céline\Application Data\drivers\downld\518531.exe
c:\documents and settings\Céline\Application Data\drivers\downld\518593.exe
c:\documents and settings\Céline\Application Data\drivers\downld\518937.exe
c:\documents and settings\Céline\Application Data\drivers\downld\519734.exe
c:\documents and settings\Céline\Application Data\drivers\downld\520359.exe
c:\documents and settings\Céline\Application Data\drivers\downld\521531.exe
c:\documents and settings\Céline\Application Data\drivers\downld\522375.exe
c:\documents and settings\Céline\Application Data\drivers\downld\523000.exe
c:\documents and settings\Céline\Application Data\drivers\downld\523562.exe
c:\documents and settings\Céline\Application Data\drivers\downld\526687.exe
c:\documents and settings\Céline\Application Data\drivers\downld\532265.exe
c:\documents and settings\Céline\Application Data\drivers\downld\532281.exe
c:\documents and settings\Céline\Application Data\drivers\downld\533031.exe
c:\documents and settings\Céline\Application Data\drivers\downld\533250.exe
c:\documents and settings\Céline\Application Data\drivers\downld\536171.exe
c:\documents and settings\Céline\Application Data\drivers\downld\536281.exe
c:\documents and settings\Céline\Application Data\drivers\downld\537343.exe
c:\documents and settings\Céline\Application Data\drivers\downld\537750.exe
c:\documents and settings\Céline\Application Data\drivers\downld\538375.exe
c:\documents and settings\Céline\Application Data\drivers\downld\539281.exe
c:\documents and settings\Céline\Application Data\drivers\downld\539625.exe
c:\documents and settings\Céline\Application Data\drivers\downld\539687.exe
c:\documents and settings\Céline\Application Data\drivers\downld\540328.exe
c:\documents and settings\Céline\Application Data\drivers\downld\540859.exe
c:\documents and settings\Céline\Application Data\drivers\downld\541140.exe
c:\documents and settings\Céline\Application Data\drivers\downld\541234.exe
c:\documents and settings\Céline\Application Data\drivers\downld\542750.exe
c:\documents and settings\Céline\Application Data\drivers\downld\543078.exe
c:\documents and settings\Céline\Application Data\drivers\downld\543218.exe
c:\documents and settings\Céline\Application Data\drivers\downld\543734.exe
c:\documents and settings\Céline\Application Data\drivers\downld\544765.exe
c:\documents and settings\Céline\Application Data\drivers\downld\546390.exe
c:\documents and settings\Céline\Application Data\drivers\downld\547687.exe
c:\documents and settings\Céline\Application Data\drivers\downld\548562.exe
c:\documents and settings\Céline\Application Data\drivers\downld\550375.exe
c:\documents and settings\Céline\Application Data\drivers\downld\550390.exe
c:\documents and settings\Céline\Application Data\drivers\downld\553031.exe
c:\documents and settings\Céline\Application Data\drivers\downld\555953.exe
c:\documents and settings\Céline\Application Data\drivers\downld\557515.exe
c:\documents and settings\Céline\Application Data\drivers\downld\557578.exe
c:\documents and settings\Céline\Application Data\drivers\downld\557671.exe
c:\documents and settings\Céline\Application Data\drivers\downld\557718.exe
c:\documents and settings\Céline\Application Data\drivers\downld\558921.exe
c:\documents and settings\Céline\Application Data\drivers\downld\559093.exe
c:\documents and settings\Céline\Application Data\drivers\downld\559312.exe
c:\documents and settings\Céline\Application Data\drivers\downld\559515.exe
c:\documents and settings\Céline\Application Data\drivers\downld\560359.exe
c:\documents and settings\Céline\Application Data\drivers\downld\560890.exe
c:\documents and settings\Céline\Application Data\drivers\downld\561078.exe
c:\documents and settings\Céline\Application Data\drivers\downld\561718.exe
c:\documents and settings\Céline\Application Data\drivers\downld\562031.exe
c:\documents and settings\Céline\Application Data\drivers\downld\562078.exe
c:\documents and settings\Céline\Application Data\drivers\downld\562515.exe
c:\documents and settings\Céline\Application Data\drivers\downld\566796.exe
c:\documents and settings\Céline\Application Data\drivers\downld\567625.exe
c:\documents and settings\Céline\Application Data\drivers\downld\568171.exe
c:\documents and settings\Céline\Application Data\drivers\downld\568718.exe
c:\documents and settings\Céline\Application Data\drivers\downld\569062.exe
c:\documents and settings\Céline\Application Data\drivers\downld\572062.exe
c:\documents and settings\Céline\Application Data\drivers\downld\576718.exe
c:\documents and settings\Céline\Application Data\drivers\downld\578750.exe
c:\documents and settings\Céline\Application Data\drivers\downld\579171.exe
c:\documents and settings\Céline\Application Data\drivers\downld\581265.exe
c:\documents and settings\Céline\Application Data\drivers\downld\581953.exe
c:\documents and settings\Céline\Application Data\drivers\downld\583734.exe
c:\documents and settings\Céline\Application Data\drivers\downld\584921.exe
c:\documents and settings\Céline\Application Data\drivers\downld\585265.exe
c:\documents and settings\Céline\Application Data\drivers\downld\590250.exe
c:\documents and settings\Céline\Application Data\drivers\downld\602781.exe
c:\documents and settings\Céline\Application Data\drivers\downld\604203.exe
c:\documents and settings\Céline\Application Data\drivers\downld\605359.exe
c:\documents and settings\Céline\Application Data\drivers\downld\607421.exe
c:\documents and settings\Céline\Application Data\drivers\downld\607765.exe
c:\documents and settings\Céline\Application Data\drivers\downld\608890.exe
c:\documents and settings\Céline\Application Data\drivers\downld\609046.exe
c:\documents and settings\Céline\Application Data\drivers\downld\609156.exe
c:\documents and settings\Céline\Application Data\drivers\downld\615546.exe
c:\documents and settings\Céline\Application Data\drivers\downld\617078.exe
c:\documents and settings\Céline\Application Data\drivers\downld\617484.exe
c:\documents and settings\Céline\Application Data\drivers\downld\617734.exe
c:\documents and settings\Céline\Application Data\drivers\downld\618828.exe
c:\documents and settings\Céline\Application Data\drivers\downld\619578.exe
c:\documents and settings\Céline\Application Data\drivers\downld\619750.exe
c:\documents and settings\Céline\Application Data\drivers\downld\620140.exe
c:\documents and settings\Céline\Application Data\drivers\downld\621140.exe
c:\documents and settings\Céline\Application Data\drivers\downld\621531.exe
c:\documents and settings\Céline\Application Data\drivers\downld\627046.exe
c:\documents and settings\Céline\Application Data\drivers\downld\629671.exe
c:\documents and settings\Céline\Application Data\drivers\downld\630593.exe
c:\documents and settings\Céline\Application Data\drivers\downld\630609.exe
c:\documents and settings\Céline\Application Data\drivers\downld\642250.exe
c:\documents and settings\Céline\Application Data\drivers\downld\642781.exe
c:\documents and settings\Céline\Application Data\drivers\downld\643078.exe
c:\documents and settings\Céline\Application Data\drivers\downld\646421.exe
c:\documents and settings\Céline\Application Data\drivers\downld\650437.exe
c:\documents and settings\Céline\Application Data\drivers\downld\652140.exe
c:\documents and settings\Céline\Application Data\drivers\downld\653578.exe
c:\documents and settings\Céline\Application Data\drivers\downld\655843.exe
c:\documents and settings\Céline\Application Data\drivers\downld\657906.exe
c:\documents and settings\Céline\Application Data\drivers\downld\658265.exe
c:\documents and settings\Céline\Application Data\drivers\downld\660578.exe
c:\documents and settings\Céline\Application Data\drivers\downld\663031.exe
c:\documents and settings\Céline\Application Data\drivers\downld\675812.exe
c:\documents and settings\Céline\Application Data\drivers\downld\680703.exe
c:\documents and settings\Céline\Application Data\drivers\downld\681953.exe
c:\documents and settings\Céline\Application Data\drivers\downld\682468.exe
c:\documents and settings\Céline\Application Data\drivers\downld\682484.exe
c:\documents and settings\Céline\Application Data\drivers\downld\683296.exe
c:\documents and settings\Céline\Application Data\drivers\downld\683734.exe
c:\documents and settings\Céline\Application Data\drivers\downld\690109.exe
c:\documents and settings\Céline\Application Data\drivers\downld\717406.exe
c:\documents and settings\Céline\Application Data\drivers\downld\718796.exe
c:\documents and settings\Céline\Application Data\drivers\downld\718953.exe
c:\documents and settings\Céline\Application Data\drivers\downld\724375.exe
c:\documents and settings\Céline\Application Data\drivers\downld\737843.exe
c:\documents and settings\Céline\Application Data\drivers\downld\740031.exe
c:\documents and settings\Céline\Application Data\drivers\downld\740656.exe
c:\documents and settings\Céline\Application Data\drivers\downld\741812.exe
c:\documents and settings\Céline\Application Data\drivers\downld\743093.exe
c:\documents and settings\Céline\Application Data\drivers\downld\744125.exe
c:\documents and settings\Céline\Application Data\drivers\downld\753062.exe
c:\documents and settings\Céline\Application Data\drivers\downld\761234.exe
c:\documents and settings\Céline\Application Data\drivers\downld\765171.exe
c:\documents and settings\Céline\Application Data\drivers\downld\765562.exe
c:\documents and settings\Céline\Application Data\drivers\downld\766781.exe
c:\documents and settings\Céline\Application Data\drivers\downld\767453.exe
c:\documents and settings\Céline\Application Data\drivers\downld\767890.exe
c:\documents and settings\Céline\Application Data\drivers\downld\820593.exe
c:\documents and settings\Céline\Application Data\drivers\downld\820921.exe
c:\documents and settings\Céline\Application Data\drivers\downld\820984.exe
c:\documents and settings\Céline\Application Data\drivers\downld\995031.exe
c:\documents and settings\Céline\Application Data\drivers\downld\998937.exe
c:\documents and settings\Céline\Application Data\drivers\downld\999015.exe
c:\documents and settings\Céline\Application Data\m\data.oct
c:\documents and settings\Céline\Application Data\m\list.oct
c:\documents and settings\Céline\Application Data\m\shared\#1 Smart Audio Converter 4.11.zip
c:\documents and settings\Céline\Application Data\m\shared\1Click CD Ripper 1.05.zip
c:\documents and settings\Céline\Application Data\m\shared\3660 3650 Symbian Java - Mobiloads Group(2).zip
c:\documents and settings\Céline\Application Data\m\shared\A123 AVI WMV ASF MOV MP4 FLV to MPEG Converter 3.7.zip
c:\documents and settings\Céline\Application Data\m\shared\Active Loader 1.0.zip
c:\documents and settings\Céline\Application Data\m\shared\All In One Computer Tools 2.43.zip
c:\documents and settings\Céline\Application Data\m\shared\Amazing Waterfalls 3.4.0.zip
c:\documents and settings\Céline\Application Data\m\shared\C-Organizer Pro 3.7.0.zip
c:\documents and settings\Céline\Application Data\m\shared\Custom Menus 1.0.zip
c:\documents and settings\Céline\Application Data\m\shared\Flowerz Screensaver.zip
c:\documents and settings\Céline\Application Data\m\shared\Folder Watcher 1.0.1.zip
c:\documents and settings\Céline\Application Data\m\shared\Free Vertical Scroller - Multiple Message Scroller 3.5.zip
c:\documents and settings\Céline\Application Data\m\shared\Glu Mobile Tom And Jerry Pinball Pursuit 176x208 v1.0.1 s60v3 j2Me Retail-Binpda.zip
c:\documents and settings\Céline\Application Data\m\shared\Inside Keylogger 4.1.zip
c:\documents and settings\Céline\Application Data\m\shared\KasperSky.Anti-Virus.Personal.v5.0.388-KEY.(llave.buena.para.octubre.2007).zip
c:\documents and settings\Céline\Application Data\m\shared\MP3 Search Premium 3.29.zip
c:\documents and settings\Céline\Application Data\m\shared\PageCreator 1.0.0.zip
c:\documents and settings\Céline\Application Data\m\shared\Panda.AntiVirus.Platinum.7.03.(español).-.por.escroto.-.zip
c:\documents and settings\Céline\Application Data\m\shared\Panda.Platinum.Internet.Security.2005.v.09.02.00.Spanish.solo.el.crack.y.serial.czip
c:\documents and settings\Céline\Application Data\m\shared\Panda.Platinum.Internet.Security.2005.v.09.02.00.Spanish.solo.el.crack.y.serial.zip
c:\documents and settings\Céline\Application Data\m\shared\Priore Crypt-X ActiveX 2.0.zip
c:\documents and settings\Céline\Application Data\m\shared\RecImageViewer 0.8.0.3.zip
c:\documents and settings\Céline\Application Data\m\shared\ReportMill 8.zip
c:\documents and settings\Céline\Application Data\m\shared\Security and News toolbar for IE 4.5.132.0.zip
c:\documents and settings\Céline\Application Data\m\shared\simpleCal 1.2.4.zip
c:\documents and settings\Céline\Application Data\m\shared\Slice 3.0.3.zip
c:\documents and settings\Céline\Application Data\m\shared\SoundEngine 4.12.zip
c:\documents and settings\Céline\Application Data\m\shared\Space Reader.zip
c:\documents and settings\Céline\Application Data\m\shared\Su-Test 1.0.zip
c:\documents and settings\Céline\Application Data\m\shared\Task Plus 3.9.9.4.zip
c:\documents and settings\Céline\Application Data\m\shared\Text Area Word Counter 1.2.zip
c:\documents and settings\Céline\Application Data\m\shared\WideBug 1.0.0.zip
c:\documents and settings\Céline\Application Data\m\shared\WindowSpy 1.0.zip
c:\documents and settings\Céline\Application Data\m\shared\YAAI - Yet Another Avi Info 2.0.2.485.zip
c:\documents and settings\Céline\Application Data\m\srvlist.oct
C:\InfoSat.txt
c:\program files\DAEMON Tools Lite\daemon.exe
c:\windows\system32\ban_list.txt
c:\windows\system32\mdelk.exe
c:\windows\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SK9OU0S
-------\Legacy_SROSA
-------\Service_sK9Ou0s


((((((((((((((((((((((((( Files Created from 2008-12-17 to 2009-01-17 )))))))))))))))))))))))))))))))
.

2009-01-17 12:18 . 2009-01-17 12:19 <REP> d-------- C:\32788R22FWJFW
2009-01-14 19:44 . 2009-01-14 19:44 <REP> d-------- C:\Muestras
2009-01-13 20:37 . 2009-01-13 20:37 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-01-13 20:37 . 2009-01-13 20:37 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-13 20:07 . <REP> c:\documents and settings\Céline\Application Data\drivers
2009-01-12 18:33 . 2009-01-12 18:33 <REP> d-------- c:\program files\Bonjour
2009-01-11 16:51 . 2004-08-19 16:10 16,384 --a------ c:\windows\system32\ipsink.ax
2009-01-11 16:51 . 2004-08-19 16:10 16,384 --a--c--- c:\windows\system32\dllcache\ipsink.ax
2009-01-11 16:51 . 2004-08-03 23:10 15,360 --a------ c:\windows\system32\drivers\StreamIP.sys
2009-01-11 16:51 . 2004-08-03 23:10 15,360 --a--c--- c:\windows\system32\dllcache\streamip.sys
2009-01-11 16:51 . 2004-08-03 23:10 11,136 --a------ c:\windows\system32\drivers\SLIP.sys
2009-01-11 16:51 . 2004-08-03 23:10 11,136 --a--c--- c:\windows\system32\dllcache\slip.sys
2009-01-11 16:51 . 2004-08-03 23:10 10,880 --a------ c:\windows\system32\drivers\NdisIP.sys
2009-01-11 16:51 . 2004-08-03 23:10 10,880 --a--c--- c:\windows\system32\dllcache\ndisip.sys
2009-01-11 16:51 . 2004-08-03 22:58 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys
2009-01-11 16:51 . 2004-08-03 22:58 5,504 --a--c--- c:\windows\system32\dllcache\mstee.sys
2009-01-11 16:50 . <REP> c:\documents and settings\Céline\Application Data\ArcSoft
2009-01-11 16:50 . 2004-08-03 23:10 85,376 --a------ c:\windows\system32\drivers\NABTSFEC.sys
2009-01-11 16:50 . 2004-08-03 23:10 85,376 --a--c--- c:\windows\system32\dllcache\nabtsfec.sys
2009-01-11 16:50 . 2004-08-03 23:10 19,328 --a------ c:\windows\system32\drivers\WSTCODEC.SYS
2009-01-11 16:50 . 2004-08-03 23:10 19,328 --a--c--- c:\windows\system32\dllcache\wstcodec.sys
2009-01-11 16:50 . 2004-08-03 23:10 17,024 --a------ c:\windows\system32\drivers\CCDECODE.sys
2009-01-11 16:50 . 2004-08-03 23:10 17,024 --a--c--- c:\windows\system32\dllcache\ccdecode.sys
2009-01-11 16:49 . 2004-08-19 16:10 91,648 --a------ c:\windows\system32\kswdmcap.ax
2009-01-11 16:49 . 2004-08-19 16:10 91,648 --a--c--- c:\windows\system32\dllcache\kswdmcap.ax
2009-01-11 16:49 . 2004-08-19 16:10 61,952 --a------ c:\windows\system32\kstvtune.ax
2009-01-11 16:49 . 2004-08-19 16:10 61,952 --a--c--- c:\windows\system32\dllcache\kstvtune.ax
2009-01-11 16:49 . 2004-08-19 16:09 54,784 --a------ c:\windows\system32\vfwwdm32.dll
2009-01-11 16:49 . 2004-08-19 16:09 54,784 --a--c--- c:\windows\system32\dllcache\vfwwdm32.dll
2009-01-11 16:49 . 2004-08-19 16:10 43,008 --a------ c:\windows\system32\ksxbar.ax
2009-01-11 16:49 . 2004-08-19 16:10 43,008 --a--c--- c:\windows\system32\dllcache\ksxbar.ax
2009-01-11 16:47 . 2009-01-11 16:47 <REP> d-------- c:\documents and settings\All Users\Application Data\Philips
2008-12-21 13:40 . 2008-12-21 13:40 <REP> d-------- c:\program files\ArcSoft
2008-12-21 13:40 . 1995-08-01 04:44 212,480 --a------ c:\windows\PCDLIB32.DLL
2008-12-21 13:39 . 2008-12-21 13:39 <REP> d-------- c:\windows\Philips
2008-12-21 13:39 . 2008-12-21 13:41 <REP> d-------- c:\program files\Philips
2008-12-21 13:39 . 2007-12-31 16:19 461,056 --a------ c:\windows\system32\drivers\SPC230NC.SYS
2008-12-21 13:39 . 2008-01-04 10:25 135,680 --a------ c:\windows\system32\SPC230NC.AX
2008-12-21 13:39 . 2007-09-26 14:28 8,576 --a------ c:\windows\system32\drivers\PAEAFLT.sys
2008-12-21 13:39 . 2007-11-02 11:07 6,656 --a------ c:\windows\system32\CoInst.dll
2008-12-21 13:39 . 2007-12-10 16:08 842 --a------ c:\windows\system32\SPC230NC.INI
2008-12-21 13:36 . <REP> c:\documents and settings\Céline\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-17 11:40 --------- d-----w c:\program files\Wanadoo
2009-01-17 11:32 --------- d-----w c:\program files\DAEMON Tools Lite
2008-12-21 12:40 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-14 14:05 --------- d-----w c:\program files\Auralog
2008-12-14 09:20 --------- d-----w c:\documents and settings\Céline\Application Data\Skype
2008-12-14 09:17 --------- d-----w c:\program files\Skype
2008-12-14 09:16 --------- d-----w c:\program files\Fichiers communs\Skype
2008-12-14 09:16 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-12-10 18:51 --------- d-----w c:\program files\LSEF7
2008-12-08 19:05 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-12-08 19:04 --------- d-----w c:\documents and settings\Céline\Application Data\DAEMON Tools
2008-12-03 17:55 --------- d-----w c:\program files\Java
2008-12-01 18:17 --------- d-----w c:\program files\iTunes
2008-12-01 18:17 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-01 18:15 --------- d-----w c:\program files\iPod
2008-12-01 18:15 --------- d-----w c:\program files\Fichiers communs\Apple
2008-12-01 18:05 --------- d-----w c:\program files\QuickTime
2008-11-25 09:51 --------- d-----w c:\documents and settings\Céline\Application Data\Adobe
2008-11-22 14:15 --------- d-----w c:\documents and settings\Céline\Application Data\Sun
2008-10-04 16:32 278,528 ----a-w c:\program files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"Philips Intelligent Agent"="c:\program files\Philips\Intelligent Agent\Philips Intelligent Agent.exe" [2008-02-21 613792]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-14 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck"="c:\windows\System32\NeroCheck.exe" [2001-07-09 155648]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-01-17 81000]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-11-07 185872]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"SPC230NC_Monitor"="c:\windows\Philips\SPC230NC\Monitor.exe" [2009-01-17 323584]
"SPC_Monitor"="c:\windows\Philips\SPC230NC\Monitor.exe" [2009-01-17 323584]
"SoundMan"="SOUNDMAN.EXE" [2002-09-11 c:\windows\SOUNDMAN.EXE]
"AtiPTA"="atiptaxx.exe" [2002-07-26 c:\windows\system32\atiptaxx.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Philips\\Intelligent Agent\\Philips Intelligent Agent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R1 aswSP;avast! Self Protection; [x]
R2 aswFsBlk;aswFsBlk; [x]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-09-02 191656]
R3 SetupNTGLM7X;SetupNTGLM7X; [x]
S3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\DRIVERS\PAEAFLT.sys [2007-09-26 8576]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2005-06-20 215040]
S3 SPC230NC;Philips SPC230NC Webcam;c:\windows\system32\DRIVERS\SPC230NC.SYS [2007-12-31 461056]


--- Other Services/Drivers In Memory ---

*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - Apple Mobile Device
*Deregistered* - ATI Smart
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - Beep
*Deregistered* - Bonjour Service
*Deregistered* - Browser
*Deregistered* - Cdfs
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - FTRTSVC
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - HTTP
*Deregistered* - ImapiService
*Deregistered* - IpNat
*Deregistered* - iPod Service
*Deregistered* - IPSec
*Deregistered* - JavaQuickStarterService
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - MSIServer
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PCANDIS5
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sptd
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - Wlancfg
*Deregistered* - WmiApSrv
*Deregistered* - wscsvc
*Deregistered* - wuauserv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62e14cfa-9e88-11dd-9f6a-00032f44e201}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NoLimit.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe


.
------- Supplementary Scan -------
.
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-17 12:38:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*]
"C040210900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\æHôwæ*]
"DisplayName"="\09"
"DeviceDesc"="\09"
"ProviderName"=""
"MFG"="?"
"ReinstallString"="2002, 6.13.10.6143"
"DeviceInstanceIds"=multi:"\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\FTRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Inventel\Gateway\WLANCFG.EXE
c:\windows\system32\wbem\wmiapsrv.exe
c:\progra~1\Wanadoo\TaskBarIcon.exe
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\Philips\Philips SPC230NC Webcam\TrayMin230.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-01-17 12:58:19 - machine was rebooted [C‚line]
ComboFix-quarantined-files.txt 2009-01-17 11:58:08

Pre-Run: 26ÿ709ÿ319ÿ680 octets libres
Post-Run: 26,783,997,952 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn

916 --- E O F --- 2008-12-19 05:44:07

Répondre à Marty_44
Marty_44   18-01-2009 à 11:50:28

Je suis désolée, ce truc m'a un peu titillée et du coup je me suis défoulée pour lui casser la gueule, ce qui n'étais pas forcément malin sans l'aide d'un pro ...

Répondre à Marty_44
Marty_44   18-01-2009 à 12:09:21

Autre chose, Antivir avait détecté une infection Trash.Gen, j'ai tout mis en quarantaine.

Répondre à Marty_44
Angeldark   18-01-2009 à 13:17:50

Re;

Télécharge FindyKill (Chiquitine29) sur ton Bureau.

  • Lance l'installation du programme en exécutant le fichier téléchargé.
  • Double-clique maintenant sur le raccourci de FindyKill.
  • Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
  • Poste le rapport généré dans ta prochaine réponse.


NB : La barre des tâches et les icônes vont disparaître pendant la recherche.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Marty_44   18-01-2009 à 13:30:55

Le voila :



----------------- FindyKill V4.713 ------------------

* User : C‚line - BLAH
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 17/01/09 par Chiquitine29
* Recherche effectuée à 13:28:13 le 18/01/2009
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:

Found ! [17/01/2009 14:23] - "C:\Muestras"
Found ! [18/01/2009 11:37] - C:\InfoSat.txt

»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

Found ! - C:\WINDOWS\prefetch\223968.EXE-16652020.pf
Found ! - C:\WINDOWS\prefetch\284953.EXE-2C4032F0.pf
Found ! - C:\WINDOWS\prefetch\319031.EXE-09B179CB.pf
Found ! - C:\WINDOWS\prefetch\514578.EXE-24C693F8.pf
Found ! - C:\WINDOWS\prefetch\553031.EXE-1C54A4EE.pf
Found ! - C:\WINDOWS\prefetch\562078.EXE-32294C4A.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-0D852B44.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-101AF362.pf
Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-32F993F2.pf

»»»» Presence des fichiers dans C:\WINDOWS\system32


»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers


»»»» Presence des fichiers dans C:\Documents and Settings\C‚line\Application Data


»»»» Presence des fichiers dans C:\DOCUME~1\CLINE~1\LOCALS~1\Temp


--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
WOOKIT=C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
Philips Intelligent Agent="C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
SoundMan=SOUNDMAN.EXE
AtiPTA=atiptaxx.exe
NeroCheck=C:\WINDOWS\System32\NeroCheck.exe
WOOWATCH=C:\PROGRA~1\Wanadoo\Watch.exe
WOOTASKBARICON=C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
ATICCC="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
HP Software Update="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
HP Component Manager="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
SPC230NC_Monitor=C:\WINDOWS\Philips\SPC230NC\Monitor.exe
SPC_Monitor=C:\WINDOWS\Philips\SPC230NC\Monitor.exe
avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

[HKEY_CURRENT_USER\software\local appwizard-generated applications\daemon]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\DestComp]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\serial]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

--------------- [ Registre / Clés infectieuses ] ----------------


Found ! - HKEY_USERS\S-1-5-21-1060284298-152049171-725345543-1003\Software\Local AppWizard-Generated Applications\serial
Found ! - HKEY_USERS\S-1-5-21-1060284298-152049171-725345543-1003\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\serial
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA


--------------- [ Etat / Services ] ----------------



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

/!\ Ip6Fw - Type de démarrage = 4

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2


--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe

D: - Lecteur fixe

G: - Lecteur fixe


+- presence des fichiers :



--------------- [ Registre / Mountpoint2 ] ----------------


-> Not found !


------------------- ! Fin du rapport ! --------------------

Répondre à Marty_44
Angeldark   18-01-2009 à 13:35:48

Re,

Relance FindyKill en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.

NB : Un redémarrage est parfois nécessaire, FindyKill t'enverra un message si cela est nécessaire.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Marty_44   18-01-2009 à 14:25:24



----------------- FindyKill V4.713 ------------------

* User : C‚line - BLAH
* Executed from : C:\Program Files\FindyKill
* Update on 17/01/09 by Chiquitine29
* Start at 13:58:46 the 18/01/2009
* Windows XP - Internet Explorer 7.0.5730.13


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ati2sgag.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:

Deleted ! - "C:\Muestras"
Deleted ! - C:\InfoSat.txt

»»»» Supression files in C:\WINDOWS


»»»» Supression files in C:\WINDOWS\Prefetch

Deleted ! - C:\WINDOWS\prefetch\223968.EXE-16652020.pf
Deleted ! - C:\WINDOWS\prefetch\284953.EXE-2C4032F0.pf
Deleted ! - C:\WINDOWS\prefetch\319031.EXE-09B179CB.pf
Deleted ! - C:\WINDOWS\prefetch\514578.EXE-24C693F8.pf
Deleted ! - C:\WINDOWS\prefetch\553031.EXE-1C54A4EE.pf
Deleted ! - C:\WINDOWS\prefetch\562078.EXE-32294C4A.pf
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-0D852B44.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-101AF362.pf
Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-32F993F2.pf

»»»» Supression files in C:\WINDOWS\system32


»»»» Supression files in C:\WINDOWS\system32\drivers


»»»» Supression files in C:\Documents and Settings\C‚line\Application Data


»»»» Supression files in C:\DOCUME~1\CLINE~1\LOCALS~1\Temp


»»»» Supression files in C:\Documents and Settings\C‚line\Local Settings\Temporary Internet Files\Content.IE5


--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_USERS\S-1-5-21-1060284298-152049171-725345543-1003\Software\Local AppWizard-Generated Applications\serial
Deleted ! - HKEY_USERS\S-1-5-21-1060284298-152049171-725345543-1003\Software\Local AppWizard-Generated Applications\winupgro

--------------- [ States / Restarting of services ] ----------------



+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2


--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe

D: - Lecteur fixe

G: - Lecteur fixe


+- deleting files :


--------------- [ Registry / Mountpoint2 ] ----------------


-> Not found !


--------------- [ Searching Other Infections ] ----------------


--------------- [ Searching Cracks / Keygen ] ----------------



---------------- ! End of report ! ------------------


Répondre à Marty_44
Angeldark   18-01-2009 à 19:11:42

Reposte un rapport Hijackthis.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Marty_44   18-01-2009 à 19:36:17

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:35:12, on 18/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Inventel\Gateway\WLANCFG.EXE
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Céline\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SPC230NC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe
O4 - HKLM\..\Run: [SPC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: TrayMin230.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

--
End of file - 8691 bytes

Répondre à Marty_44
Angeldark   19-01-2009 à 22:00:43

Tu as encore des soucis ?

  • Fais un scan en ligne Kaspersky avec Internet Explorer :
  • Clique sur http://pictures.kaspersky.fr/bouton-scann1.jpg
  • Clique maintenant sur J'accepte.
  • Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
  • Patiente pendant l'installation des Mises à jour.
  • Choisis par la suite l'analyse du Poste de travail
  • Sauvegarde puis colle le rapport généré en fin d'analyse.


AIDE : Tuto sur le scan en ligne

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Marty_44   21-01-2009 à 19:15:57

Re,
Tout a l'air d'être rentré dans l'ordre. Merci à toi et à tous les autres, vous faites du super boulot. J'ai lu vos conseils, plus de bêtises maintenant.

Voila le rapport Kaspersky :

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, January 21, 2009 7:01:55 PM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.84.2
Dernière mise à jour de la base antivirus Kaspersky : 21/01/2009
Enregistrements dans la base antivirus Kaspersky : 1488601
-------------------------------------------------------------------------------

Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie: vrai

Cible de l'analyse - Poste de travail:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Statistiques de l'analyse:
Total d'objets analysés: 170543
Nombre de virus trouvés: 0
Nombre d'objets infectés: 0 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 11:05:48

Nom de l'objet infecté / Nom du virus / Dernière action
C:\Documents and Settings\Céline\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml L'objet est verrouillé ignoré
C:\Documents and Settings\Céline\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Céline\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse L'objet est verrouillé ignoré
C:\Documents and Settings\Céline\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse L'objet est verrouillé ignoré
C:\Documents and Settings\Céline\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Céline\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Céline\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Céline\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Céline\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Céline\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt L'objet est verrouillé ignoré
C:\Documents and Settings\Céline\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Céline\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Céline\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Céline\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Céline\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt L'objet est verrouillé ignoré
C:\Documents and Settings\Céline\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Céline\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Céline\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Céline\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Céline\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Céline\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Céline\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Céline\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Céline\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Céline\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Céline\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Céline\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Céline\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Céline\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Céline\Local Settings\Temp\Perflib_Perfdata_c98.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Céline\Local Settings\Temp\Perflib_Perfdata_f7c.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Céline\Local Settings\Temp\~DF280E.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Céline\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Céline\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Céline\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\Céline\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{48FEAA63-41B1-49E4-871F-2771B13EA33B}\RP135\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\ACEEvent.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_714.dat L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
D:\System Volume Information\_restore{48FEAA63-41B1-49E4-871F-2771B13EA33B}\RP135\change.log L'objet est verrouillé ignoré
G:\System Volume Information\_restore{48FEAA63-41B1-49E4-871F-2771B13EA33B}\RP135\change.log L'objet est verrouillé ignoré

Analyse terminée.

Répondre à Marty_44
Marty_44   22-01-2009 à 21:12:28

Bah j'ai bien lu toutes les recommandations du site, ça devrait aller. Et puis maintenant je vais réfléchir avant de cliquer ...
Merci beaucoup ! :)

Répondre à Marty_44
Créer un nouveau sujet Répondre
Tom's Guide > Forum > Sécurité - Virus > Infection Bagle coriace?
Aller à :

Il y a 1996 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Plan du forum
Forum Bestofmedia ©
2000-2009 Bestofmedia Group
Page générée en 1,121 secondes
Attention

Vous allez répondre sur un sujet resté inactif pendant plus de 6 mois.
Assurez-vous d'apporter des éléments nouveaux à la discussion avant de poursuivre.

Répondre Annuler
Liens