| Sujet auquel vous répondez | |
|---|---|
| Sujet : Log HJT aide svp | |
| Simouel | Voici mon log...
Problème de mise à jour qui veut éteindre le pc, msn processus présent mais invisible impossible à décoller...et processus manquand dans le gestionnaire des tâches... nettoyage fait antivirus ccleaner spybot ad aware etc etc....rien n'y fait Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:42:39, on 2007-12-14 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\No-IP\DUC20.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\rdpclip.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\No-IP\DUC20.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\logon.scr C:\Program Files\Security Task Manager\TaskMan.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Administrateur\Bureau\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par L30M R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Powermarks - {E166B4A2-83E7-11D3-B4FD-004005A47AAA} - C:\PROGRA~1\POWERM~1.5\iec.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O14 - IERESET.INF: START_PAGE_URL=http://www.cyberpresse.ca/ O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/re [...] oscan8.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{71D3F6CB-C4F7-4F09-8A20-8B7612E2DE42}: NameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{71D3F6CB-C4F7-4F09-8A20-8B7612E2DE42}: NameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{71D3F6CB-C4F7-4F09-8A20-8B7612E2DE42}: NameServer = 192.168.1.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll O20 - Winlogon Notify: cmdndl - cmdndl.dll (file missing) O20 - Winlogon Notify: iifgdbx - iifgdbx.dll (file missing) O20 - Winlogon Notify: khfcccc - khfcccc.dll (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe -- End of file - 6183 bytes |
| Aperçu |
|---|
| Vue Rapide de la discussion |
|---|
| chercheur_ | Euh ...
Effectivement, plutôt Logiciels. Ou peut être Internet et Réseaux. |
| Simouel | Msn ça va dans le hardware ??? |
| chercheur_ | Bonjour
Expose ce problème sur la section Hardware ;) |
| Simouel | Toujours messenger inutilisable...
Malgré toutes les démarches et tentatives de désinstallations et réinstallations... Plus de popup ni de "lag" mais ce foutu messenger rien à y faire... J'ai fait des démarches de ce côté aussi http://www.commentcamarche.net/for [...] p?page=4#0 Mais malgré tout ça...rien à faire pour messenger... |
| chercheur_ | Bonjour
Supprime ces trois fichiers F:\Emule\Download\Anyplace Control 4.1.1.0.zip F:\Emule\Download\DynamSoft.SourceAnyWhere.Professional.Edition.v5.0.WinALL.Incl.Keygen-ViRiLiTY.zip F:\Emule\Download\DynamSoft.SourceAnyWhere.v5.0.1.Professional.Edition.Server.Incl.Keymaker-ZWT.zip As tu encore des dysfonctionnements ? |
| Simouel | -------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT Friday, December 21, 2007 6:24:31 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 20/12/2007 Kaspersky Anti-Virus database records: 458627 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ L:\ Scan Statistics: Total number of scanned objects: 63218 Number of viruses found: 3 Number of infected objects: 8 Number of suspicious objects: 2 Duration of the scan process: 02:40:02 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\Administrateur\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\MSHist012007122020071221\index.dat Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Temp\Perflib_Perfdata_5a4.dat Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Administrateur\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Administrateur\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt4.zip/retadpu1000137.exe Suspicious: Password-protected-EXE skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt4.zip ZIP: suspicious - 1 skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\No-IP\DUC - Administrateur.log Object is locked skipped C:\Program Files\No-IP\Service.log Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{51F1CC82-04A9-4F26-94F9-F8F132D1783A}\RP66\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{0D052141-3F21-4B15-8E8A-2D3211A1A812}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\NetLimit.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Tasks\SCHEDLGU.TXT Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped F:\Emule\Download\Anyplace Control 4.1.1.0.zip/Anyplace Control 4.1.1.0.exe Infected: Trojan-Downloader.Win32.Bagle.go skipped F:\Emule\Download\Anyplace Control 4.1.1.0.zip ZIP: infected - 1 skipped F:\Emule\Download\DynamSoft.SourceAnyWhere.Professional.Edition.v5.0.WinALL.Incl.Keygen-ViRiLiTY.zip/DynamSoft.SourceAnyWhere.Professional.Edition.v5.0.WinALL.Incl.Keygen-ViRiLiTY/keygen.exe Infected: Trojan-Dropper.Win32.Delf.xo skipped F:\Emule\Download\DynamSoft.SourceAnyWhere.Professional.Edition.v5.0.WinALL.Incl.Keygen-ViRiLiTY.zip/DynamSoft.SourceAnyWhere.Professional.Edition.v5.0.WinALL.Incl.Keygen-ViRiLiTY/SAW5.0ProServer.exe Infected: Trojan-Dropper.Win32.Delf.xo skipped F:\Emule\Download\DynamSoft.SourceAnyWhere.Professional.Edition.v5.0.WinALL.Incl.Keygen-ViRiLiTY.zip ZIP: infected - 2 skipped F:\Emule\Download\DynamSoft.SourceAnyWhere.v5.0.1.Professional.Edition.Server.Incl.Keymaker-ZWT.zip/DynamSoft.SourceAnyWhere.v5.0.1.Professional.Edition.Server.Incl.Keymaker-ZWT/Keygen.exe Infected: Trojan-Dropper.Win32.Delf.xo skipped F:\Emule\Download\DynamSoft.SourceAnyWhere.v5.0.1.Professional.Edition.Server.Incl.Keymaker-ZWT.zip/DynamSoft.SourceAnyWhere.v5.0.1.Professional.Edition.Server.Incl.Keymaker-ZWT/setup.exe Infected: Trojan-Dropper.Win32.Delf.xo skipped F:\Emule\Download\DynamSoft.SourceAnyWhere.v5.0.1.Professional.Edition.Server.Incl.Keymaker-ZWT.zip ZIP: infected - 2 skipped F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped Scan process completed. |
| yakuza onizuka | voici un site qui pourra t'aider deja avec tes log hijacthis
http://www.hijackthis.de/fr#anl |
| Simouel | ça reste bloqué à 47 fichier vérifiés...j,ai laissé allé 22 min la première fois et réesseyé...il trouve ces 8 fichier dès le début et bloque là avec usage cpu à 100%
------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Thursday, December 20, 2007 8:28:27 PM Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 20/12/2007 Enregistrements dans la base antivirus Kaspersky : 458540 ------------------------------------------------------------------------------- Paramètres d'analyse: Analyser avec la base antivirus suivante: standard Analyser les archives: vrai Analyser les bases de messagerie: vrai Cible de l'analyse - Poste de travail: A:\ C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ L:\ Statistiques de l'analyse: Total d'objets analysés: 47 Nombre de virus trouvés: 1 Nombre d'objets infectés: 0 / 0 Nombre d'objets suspects: 8 Durée de l'analyse: 00:02:12 Nom de l'objet infecté / Nom du virus / Dernière action C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\acw.exe.bac_a02952 Suspect : Packed.Win32.PePatch.dk ignoré C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\All to All ( MP3, OGG, WMA 8, WAV) converter+crack.zip.bac_a02952/Audio_Conversion_Wizard_Crack.zip/acw.exe Suspect : Packed.Win32.PePatch.dk ignoré C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\All to All ( MP3, OGG, WMA 8, WAV) converter+crack.zip.bac_a02952/Audio_Conversion_Wizard_Crack.zip Suspect : Packed.Win32.PePatch.dk ignoré C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\All to All ( MP3, OGG, WMA 8, WAV) converter+crack.zip.bac_a02952 ZIP: suspect - 2 ignoré C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\All to All ( MP3, OGG, WMA 8, WAV) converter+crack.zip.bac_a02952 CryptFF.b: suspect - 2 ignoré C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\Audio_Conversion_Wizard_Crack.zip.bac_a02952/acw.exe Suspect : Packed.Win32.PePatch.dk ignoré C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\Audio_Conversion_Wizard_Crack.zip.bac_a02952 ZIP: suspect - 1 ignoré C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\Audio_Conversion_Wizard_Crack.zip.bac_a02952 CryptFF.b: suspect - 1 ignoré Analyse interrompue par l'utilisateur ! |
| chercheur_ | Re
Fais une analyse antivirus en ligne sur Kaspersky http://webscanner.kaspersky.fr/ Clique sur Démarrer Online Scanner. Sélectionne le poste de travail comme analyse. Colle son rapport ici. Aide toi de ce lien. http://www.infos-du-net.com/forum/ [...] -kaspersky |
| Simouel | ComboFix 07-12-19.2 - Administrateur 2007-12-20 18:48:56.17 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.452 [GMT -5:00] Running from: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt * Created a new restore point FILE C:\WINDOWS\system32\bayay.bak1 C:\WINDOWS\system32\bayay.bak2 C:\WINDOWS\system32\bayay.ini2 . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\MPEGFLAWBAIT C:\Program Files\NetMeter C:\Program Files\NetMeter\NetMeter.exe C:\Program Files\NetMeter\NetMeter.ini C:\Program Files\NetMeter\NetMeter.tlg C:\Program Files\NetMeter\ReadMe.txt C:\Program Files\NetMeter\unins000.dat C:\Program Files\NetMeter\unins000.exe . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-20 to 2007-12-20 )))))))))))))))))))))))))))))))))))) . 2007-12-20 11:11 . 2007-12-20 11:15 <REP> d-------- C:\Program Files\jv16 PowerTools 2006 2007-12-18 18:46 . 2004-08-19 16:09 116,736 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll 2007-12-18 18:46 . 2001-08-23 17:47 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe 2007-12-18 18:46 . 2001-08-23 17:47 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll 2007-12-18 18:46 . 2001-08-23 17:47 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll 2007-12-18 18:46 . 2001-08-17 20:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys 2007-12-18 18:46 . 2001-08-23 17:47 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe 2007-12-18 18:44 . 2004-08-19 16:09 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll 2007-12-18 18:43 . 2004-08-19 16:09 154,112 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe 2007-12-18 18:43 . 2004-08-03 23:00 87,424 --a--c--- C:\WINDOWS\system32\dllcache\irda.sys 2007-12-18 18:43 . 2004-08-03 23:08 40,832 --a--c--- C:\WINDOWS\system32\dllcache\irbus.sys 2007-12-18 18:43 . 2004-08-19 16:09 28,160 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll 2007-12-18 18:43 . 2001-08-17 21:49 26,624 --a--c--- C:\WINDOWS\system32\dllcache\irstusb.sys 2007-12-18 18:43 . 2001-08-17 21:49 23,552 --a--c--- C:\WINDOWS\system32\dllcache\irmk7.sys 2007-12-18 18:43 . 2001-08-17 21:51 18,688 --a--c--- C:\WINDOWS\system32\dllcache\irsir.sys 2007-12-18 18:43 . 2004-08-19 16:10 16,384 --a--c--- C:\WINDOWS\system32\dllcache\ipsink.ax 2007-12-18 18:42 . 2001-08-23 17:46 462,848 --a--c--- C:\WINDOWS\system32\dllcache\a3dapi.dll 2007-12-18 18:42 . 2004-08-03 22:32 231,552 --a--c--- C:\WINDOWS\system32\dllcache\ac97ali.sys 2007-12-18 18:42 . 2001-08-17 20:20 96,256 --a--c--- C:\WINDOWS\system32\dllcache\ac97intc.sys 2007-12-18 18:42 . 2001-08-23 17:46 38,400 --a--c--- C:\WINDOWS\system32\dllcache\8514a.dll 2007-12-18 18:42 . 2001-08-17 21:52 23,552 --a--c--- C:\WINDOWS\system32\dllcache\abp480n5.sys 2007-12-18 18:24 . 2007-12-18 18:24 20 --a------ C:\WINDOWS\twain.dat 2007-12-18 18:21 . 2007-12-18 18:40 <REP> d-------- C:\I386 2007-12-18 17:43 . 2001-08-23 17:46 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll 2007-12-18 09:43 . 2007-12-18 09:44 <REP> d-------- C:\Documents and Settings\All Users\Anyplace Control 4 2007-12-18 02:09 . 2007-12-18 07:20 <REP> d-------- C:\__eetemp 2007-12-17 21:36 . 2007-12-20 18:03 <REP> d-------- C:\Program Files\MSN Messenger 2007-12-17 18:26 . 2007-12-17 18:27 <REP> d-------- C:\Qoofix 2007-12-17 18:13 . 2007-12-17 18:13 85,635 --a------ C:\Qoofix.zip 2007-12-17 16:26 . 2007-12-20 18:30 24 --a------ C:\WINDOWS\ShellIcon32.dll 2007-12-17 16:25 . 2007-12-20 18:30 <REP> d-------- C:\Program Files\Anyplace Control 4 2007-12-17 16:25 . 2007-12-17 16:25 47 --a------ C:\WINDOWS\anyplace-control.ini 2007-12-16 23:31 . 2007-12-17 09:14 <REP> d-------- C:\Documents and Settings\Administrateur\.housecall6.6 2007-12-16 19:53 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-12-16 19:51 . 2007-12-16 19:51 <REP> d-------- C:\Program Files\Fichiers communs\Java 2007-12-16 12:06 . 2007-12-16 12:06 <REP> d-------- C:\Program Files\HREFTools 2007-12-15 21:05 . 2007-12-15 21:05 <REP> d-------- C:\fsaua.data 2007-12-15 18:51 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-12-15 18:51 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-12-15 18:51 . 2007-12-13 19:40 77,824 --a------ C:\WINDOWS\system32\IEDFix.exe 2007-12-15 18:51 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-12-15 18:51 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-12-15 18:51 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-12-15 16:09 . 2007-12-15 16:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2007-12-15 16:05 . 2007-12-15 16:05 <REP> d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2 2007-12-15 16:04 . 2007-12-15 23:21 <REP> d-------- C:\Documents and Settings\Administrateur\SecurityScans 2007-12-15 15:43 . 2007-12-17 15:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic 2007-12-15 15:12 . 2007-12-15 15:12 <REP> d-------- C:\Program Files\Shavlik Technologies 2007-12-15 14:54 . 2007-12-15 14:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{DD33F2FB-A420-45C0-9477-4F59487EFF1F} 2007-12-15 13:29 . 1996-05-03 23:05 28,672 --a------ C:\WINDOWS\system32\MSGHOO32.OCX 2007-12-15 13:28 . 1998-04-24 01:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll 2007-12-15 13:25 . 2007-12-20 12:54 <REP> d-------- C:\WINDOWS\system32\CatRoot2 2007-12-15 12:59 . 2007-12-15 12:59 <REP> d-------- C:\Program Files\Impact Software LLC 2007-12-14 11:52 . 2007-12-14 11:52 <REP> d-------- C:\VundoFix Backups 2007-12-14 10:37 . 2007-12-14 10:37 <REP> d-------- C:\Program Files\Kill Process 2007-12-12 21:19 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-12-12 21:19 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2007-12-12 21:19 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2007-12-12 19:25 . 2007-12-12 19:25 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-12-12 19:20 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2007-12-12 19:18 . 2007-12-12 19:18 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2007-12-12 18:51 . 2007-12-12 19:20 <REP> d-------- C:\Program Files\Windows Live 2007-12-12 18:51 . 2007-12-12 18:55 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2007-12-12 18:51 . 2007-12-17 22:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-12-11 17:41 . 2007-12-15 13:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan 2007-12-11 14:32 . 2007-12-11 14:32 <REP> d-------- C:\Documents and Settings\LocalService\Menu D‚marrer 2007-12-11 12:18 . 2007-12-11 12:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-12-10 21:44 . 2007-12-10 21:44 <REP> d-------- C:\Program Files\Smart Projects 2007-12-08 09:06 . 2007-12-08 09:08 <REP> d-------- C:\Program Files\Bandwidth Monitor Pro 2007-12-08 09:06 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe 2007-12-04 08:17 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-12-01 14:52 . 2007-12-01 16:03 <REP> d-------- C:\Program Files\mp3Tag 5 2007-11-25 23:43 . 2007-11-25 23:43 245,408 --a------ C:\WINDOWS\system32\unicows.dll 2007-11-25 11:17 . 2007-12-15 13:39 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\BitTorrent 2007-11-25 11:16 . 2007-11-25 11:17 <REP> d-------- C:\Program Files\BitTorrent 2007-11-23 13:28 . 2007-11-23 13:28 <REP> d-------- C:\Program Files\PalickSoft . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-20 14:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-18 16:40 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-17 00:53 --------- d-----w C:\Program Files\Java 2007-12-15 17:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2007-12-15 17:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7 2007-12-13 23:51 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Skype 2007-12-13 23:04 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\AVG7 2007-12-11 17:18 --------- d-----w C:\Program Files\Lavasoft 2007-12-08 17:55 --------- d-----w C:\Program Files\NetLimiter 2 Pro 2007-12-03 21:43 --------- d-----w C:\Program Files\Shareaza 2007-12-01 20:18 --------- d-----w C:\Program Files\Winamp 2007-11-17 15:38 --------- d-----w C:\Program Files\iTunes 2007-11-17 15:38 --------- d-----w C:\Program Files\iPod 2007-11-17 15:36 --------- d-----w C:\Program Files\QuickTime 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-09 23:52 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\BearShare 2007-11-07 13:05 --------- d-----w C:\Program Files\BearFlix 2007-11-07 12:18 --------- d-----w C:\Program Files\BearShare Applications 2007-11-04 17:26 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-11-04 13:33 --------- d-----w C:\Program Files\Mortal Kombat 4 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-28 17:42 --------- d-----w C:\Program Files\WinLemm 2007-10-28 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-10-25 14:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-24 06:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll 2007-10-24 06:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll 2007-10-24 06:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll 2007-10-24 06:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll 2007-10-23 22:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR 2007-10-23 01:57 94,208 ----a-w C:\WINDOWS\DIIUnin.exe 2007-10-21 19:41 --------- d-----w C:\Program Files\The GodFather 2007-10-21 19:04 --------- d-----w C:\Program Files\My Video Downloader 2007-10-21 19:03 --------- d-----w C:\Program Files\Ripp-it_AM 2007-10-21 19:03 --------- d-----w C:\Program Files\ProFF-Morse-3 2007-10-21 19:01 --------- d-----w C:\Program Files\VideoLAN 2007-10-21 19:01 --------- d-----w C:\Program Files\RSHUT Pro 2007-10-21 18:57 --------- d-----w C:\Program Files\ABF software 2007-10-21 18:21 --------- d-----w C:\Program Files\windirstat 2007-10-21 12:05 --------- d-----w C:\Program Files\Fichiers communs\DVDVIDEOSOFT 2007-05-08 19:53 19,560 -c--a-w C:\Documents and Settings\Administrateur\Application Data\GDIPFONTCACHEV1.DAT 2007-03-25 13:55 434,688 -c--a-w C:\WINDOWS\system32\config\systemprofile\dpy.exe 2007-03-25 13:52 737,280 -c--a-w C:\WINDOWS\system32\config\systemprofile\irsetup.exe 2004-10-12 16:14 57,344 -c--a-w C:\WINDOWS\system32\config\systemprofile\InstHelp.dll 2004-10-12 16:14 57,344 -c--a-w C:\Documents and Settings\Default User\InstHelp.dll 2004-10-12 16:14 57,344 -c--a-w C:\Documents and Settings\Administrateur\InstHelp.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:09] "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2005-03-13 18:37] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli scecli [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^MagicDisc.lnk] backup=C:\WINDOWS\pss\MagicDisc.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk] backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray] 2007-12-11 19:28 87392 --a------ C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bandwidth Monitor Pro] C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2005-10-28 21:25 94208 --a--c--- C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ButtonMonitor] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\combofix] C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch] 2002-03-19 17:30 45632 --a--c--- C:\WINDOWS\system32\taskswitch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2004-08-19 15:09 15360 --a------ C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FolderSizeMonitor] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq.com] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2007-11-15 13:11 267048 --a------ C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection] 2001-11-29 00:00 28672 --a--c--- C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keep download] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility] Logi_MwX.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] MMTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray2K] MMTray2k.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTrayLSI] MMTrayLSI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 10:50 155648 --a--c--- C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Save and Restore] 2006-03-03 20:36 1582744 --a--c--- C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPitstop Optimize Registration Reminder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ServUTrayIcon] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza Turbo Accelerator] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundService] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe] 2005-03-13 18:37 1057280 --a--c--- C:\Program Files\SuperCopier2\SuperCopier2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Memory Card Detector] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] 2000-05-11 00:00 90112 -----c--- C:\WINDOWS\UpdReg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] 2005-02-16 10:06 218112 --a------ f:\progs\hijackthis\hijackthis.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VFSCache] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Videora] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch] CTHELPER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winehq.org] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "bcserver"=2 (0x2) "Serv-U"=2 (0x2) "SandraTheSrv"=3 (0x3) "SandraDataSrv"=3 (0x3) "FTService"=2 (0x2) "cmdService"=2 (0x2) "Network Monitor"=2 (0x2) "VundoFixSvc"=3 (0x3) "AVG Anti-Spyware Guard"=3 (0x3) "NSCService"=3 (0x3) "Norton Save and Restore"=2 (0x2) "NetChkPatch"=2 (0x2) "usnjsvc"=3 (0x3) "MDM"=2 (0x2) "LiveUpdate"=2 (0x2) "CCALib8"=2 (0x2) "Avg7UpdSvc"=3 (0x3) "Avg7Alrt"=2 (0x2) "AgentInstallationService"=2 (0x2) "aawservice"=2 (0x2) "HDDTService"=2 (0x2) "avast! Web Scanner"=3 (0x3) "avast! Mail Scanner"=3 (0x3) "avast! Antivirus"=3 (0x3) "aswUpdSv"=3 (0x3) "PRTG4Service"=2 (0x2) "WLSetupSvc"=3 (0x3) "nlsvc"=2 (0x2) "srvRSU"=2 (0x2) "HFNetChkProSvc"=2 (0x2) "AntiVirService"=2 (0x2) "AntiVirScheduler"=2 (0x2) R1 cpuidlep;CpuIdle Pro System Driver;C:\WINDOWS\system32\drivers\cpuidlep.sys [1999-11-16 07:48] R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2006-09-13 17:01] R1 V2IMount;V2IMount;C:\WINDOWS\system32\drivers\V2IMount.sys [2006-03-03 20:36] R2 APC-Host;APC-Host;C:\Program Files\Anyplace Control 4\apc_host.exe /service [] R3 SMC1211;SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver;C:\WINDOWS\system32\DRIVERS\SMC1211.SYS [2001-07-11 10:06] S3 EverestDriver;Lavalys EVEREST Kernel Driver;F:\Progs\Everest\kerneld.wnt [2006-12-14 22:42] S4 Norton Save and Restore;Norton Save and Restore;C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe [2006-03-03 20:36] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2007-12-17 13:00:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-20 18:54:53 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-20 18:55:50 - machine was rebooted C:\ComboFix2.txt ... 2007-12-19 19:42 C:\ComboFix3.txt ... 2007-12-19 19:18 . 2007-12-20 00:20:13 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:57:48, on 2007-12-20 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Anyplace Control 4\apc_host.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\No-IP\DUC20.exe C:\Program Files\No-IP\DUC20.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\Administrateur\Bureau\HiJackThis\Sim.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Powermarks - {E166B4A2-83E7-11D3-B4FD-004005A47AAA} - C:\PROGRA~1\POWERM~1.5\iec.dll O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O14 - IERESET.INF: START_PAGE_URL=http://www.cyberpresse.ca/ O15 - Trusted Zone: http://www.secuser.com O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/control [...] oader3.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/re [...] oscan8.cab O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{71D3F6CB-C4F7-4F09-8A20-8B7612E2DE42}: NameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{71D3F6CB-C4F7-4F09-8A20-8B7612E2DE42}: NameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{71D3F6CB-C4F7-4F09-8A20-8B7612E2DE42}: NameServer = 192.168.1.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: APC-Host - Anyplace Control Software - C:\Program Files\Anyplace Control 4\apc_host.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe -- End of file - 5584 bytes |
| chercheur_ | Bonjour
On continue Copie (Ctrl+C) le texte ci-dessous : File:: C:\WINDOWS\system32\bayay.bak1 C:\WINDOWS\system32\bayay.bak2 C:\WINDOWS\system32\bayay.ini2 Folder:: C:\Documents and Settings\Administrateur\Application Data\WinButler C:\Documents and Settings\All Users\Application Data\Fast Warn Ooze Info C:\Program Files\Evidence Eliminator C:\Program Files\NetMeter C:\Documents and Settings\Administrateur\Application Data\a?sembly C:\Documents and Settings\Administrateur\Application Data\A?pPatch C:\Documents and Settings\Administrateur\Application Data\F?nts C:\Documents and Settings\Administrateur\Application Data\F?nts C:\Documents and Settings\Administrateur\Application Data\MPEGFLAWBAIT C:\Documents and Settings\Administrateur\Application Data\M?crosoft C:\Documents and Settings\Administrateur\Application Data\M?crosoft.NET C:\Documents and Settings\Administrateur\Application Data\s?curity C:\Documents and Settings\Administrateur\Application Data\S?mantec C:\Documents and Settings\Administrateur\Application Data\s?mbols C:\Documents and Settings\Administrateur\Application Data\s?stem C:\Documents and Settings\Administrateur\Application Data\s?stem32 C:\Documents and Settings\Administrateur\Application Data\T?sks C:\Documents and Settings\Administrateur\Application Data\W?nSxS C:\Documents and Settings\Administrateur\Application Data\?dobe C:\Documents and Settings\Administrateur\Application Data\?ppPatch C:\Documents and Settings\Administrateur\Application Data\??pPatch C:\Documents and Settings\Administrateur\Application Data\?icrosoft C:\Documents and Settings\Administrateur\Application Data\?icrosoft.NET C:\Documents and Settings\Administrateur\Application Data\??crosoft C:\Documents and Settings\Administrateur\Application Data\??crosoft.NET C:\Documents and Settings\Administrateur\Application Data\?racle C:\Documents and Settings\Administrateur\Application Data\?asks C:\Documents and Settings\Administrateur\Application Data\??sks C:\Documents and Settings\Administrateur\Application Data\?dobe C:\Documents and Settings\Administrateur\Application Data\?ppPatch C:\Documents and Settings\Administrateur\Application Data\?ssembly C:\Documents and Settings\Administrateur\Application Data\??sembly C:\Documents and Settings\Administrateur\Application Data\??pPatch C:\Documents and Settings\Administrateur\Application Data\?ecurity C:\Documents and Settings\Administrateur\Application Data\?ymantec C:\Documents and Settings\Administrateur\Application Data\?ymbols C:\Documents and Settings\Administrateur\Application Data\?ystem C:\Documents and Settings\Administrateur\Application Data\?ystem32 C:\Documents and Settings\Administrateur\Application Data\??curity C:\Documents and Settings\Administrateur\Application Data\??mantec C:\Documents and Settings\Administrateur\Application Data\??mbols C:\Documents and Settings\Administrateur\Application Data\??stem C:\Documents and Settings\Administrateur\Application Data\??stem32 C:\Documents and Settings\Administrateur\Application Data\?icrosoft C:\Documents and Settings\Administrateur\Application Data\?icrosoft.NET C:\Documents and Settings\Administrateur\Application Data\??crosoft C:\Documents and Settings\Administrateur\Application Data\?racle C:\Documents and Settings\Administrateur\Application Data\?asks C:\Documents and Settings\Administrateur\Application Data\??sks C:\Documents and Settings\All Users\Application Data\Fast Warn Ooze Info C:\Program Files\a?sembly C:\Program Files\A?pPatch C:\Program Files\F?nts C:\Program Files\MPEGFLAWBAIT C:\Program Files\M?crosoft C:\Program Files\M?crosoft.NET C:\Program Files\s?curity C:\Program Files\S?mantec C:\Program Files\s?mbols C:\Program Files\s?stem C:\Program Files\s?stem32 C:\Program Files\T?sks C:\Program Files\W?nSxS C:\Program Files\?dobe C:\Program Files\?ppPatch C:\Program Files\??pPatch C:\Program Files\?icrosoft C:\Program Files\?icrosoft.NET C:\Program Files\??crosoft C:\Program Files\??crosoft.NET C:\Program Files\?racle C:\Program Files\?asks C:\Program Files\??sks C:\Program Files\?dobe C:\Program Files\?ppPatch C:\Program Files\?ssembly C:\Program Files\??sembly C:\Program Files\??pPatch C:\Program Files\?ecurity C:\Program Files\?ymantec C:\Program Files\?ymbols C:\Program Files\?ystem C:\Program Files\?ystem32 C:\Program Files\??curity C:\Program Files\??mantec C:\Program Files\??mbols C:\Program Files\??stem C:\Program Files\??stem32 C:\Program Files\?icrosoft C:\Program Files\?icrosoft.NET C:\Program Files\??crosoft C:\Program Files\??crosoft.NET C:\Program Files\?racle C:\Program Files\?asks C:\Program Files\??sks Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\NetMeter] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drvsyskit] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evidence Eliminator] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hldrrr] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Lsass Service] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooze info 4 shim] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\p2p networking] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6w] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinButler] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFlyer32.dll] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch] Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié. Sauvegarde ce fichier sous le nom de CFScript.txt http://img.photobucket.com/albums/ [...] Script.gif Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide. Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal! Ne touche à rien tant que le scan n'est pas terminé. Une fois le scan achevé, un rapport va s'afficher: poste son contenu avec un nouveau Hijackthis. Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt |
| Simouel | Youpiiiiiiiiii ça a marché...
voici le log ComboFix 07-12-19.2 - Administrateur 2007-12-18 18:54:32.15 - NTFSx86 MINIMAL Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.608 [GMT -5:00] Running from: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\WINDOWS\system32\Cache C:\WINDOWS\system32\dn20212563.dat C:\WINDOWS\system32\NTSVC.ocx C:\WINDOWS\system32\pskill.exe C:\WINDOWS\wr.txt . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_CMDSERVICE -------\LEGACY_CORE -------\LEGACY_DOMAINSERVICE -------\LEGACY_M_HOOK -------\LEGACY_NETWORK_MONITOR -------\poof ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-20 to 2007-12-20 )))))))))))))))))))))))))))))))))))) . 2007-12-19 19:14 . 2007-12-19 19:14 <REP> d-------- C:\WINDOWS\LastGood 2007-12-18 18:46 . 2004-08-19 16:09 116,736 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll 2007-12-18 18:46 . 2001-08-23 17:47 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe 2007-12-18 18:46 . 2001-08-23 17:47 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll 2007-12-18 18:46 . 2001-08-23 17:47 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll 2007-12-18 18:46 . 2001-08-17 20:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys 2007-12-18 18:46 . 2001-08-23 17:47 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe 2007-12-18 18:44 . 2004-08-19 16:09 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll 2007-12-18 18:43 . 2004-08-19 16:09 154,112 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe 2007-12-18 18:43 . 2004-08-03 23:00 87,424 --a--c--- C:\WINDOWS\system32\dllcache\irda.sys 2007-12-18 18:43 . 2004-08-03 23:08 40,832 --a--c--- C:\WINDOWS\system32\dllcache\irbus.sys 2007-12-18 18:43 . 2004-08-19 16:09 28,160 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll 2007-12-18 18:43 . 2001-08-17 21:49 26,624 --a--c--- C:\WINDOWS\system32\dllcache\irstusb.sys 2007-12-18 18:43 . 2001-08-17 21:49 23,552 --a--c--- C:\WINDOWS\system32\dllcache\irmk7.sys 2007-12-18 18:43 . 2001-08-17 21:51 18,688 --a--c--- C:\WINDOWS\system32\dllcache\irsir.sys 2007-12-18 18:43 . 2004-08-19 16:10 16,384 --a--c--- C:\WINDOWS\system32\dllcache\ipsink.ax 2007-12-18 18:42 . 2001-08-23 17:46 462,848 --a--c--- C:\WINDOWS\system32\dllcache\a3dapi.dll 2007-12-18 18:42 . 2004-08-03 22:32 231,552 --a--c--- C:\WINDOWS\system32\dllcache\ac97ali.sys 2007-12-18 18:42 . 2001-08-17 20:20 96,256 --a--c--- C:\WINDOWS\system32\dllcache\ac97intc.sys 2007-12-18 18:42 . 2001-08-23 17:46 38,400 --a--c--- C:\WINDOWS\system32\dllcache\8514a.dll 2007-12-18 18:42 . 2001-08-17 21:52 23,552 --a--c--- C:\WINDOWS\system32\dllcache\abp480n5.sys 2007-12-18 18:24 . 2007-12-18 18:24 20 --a------ C:\WINDOWS\twain.dat 2007-12-18 18:21 . 2007-12-18 18:40 <REP> d-------- C:\I386 2007-12-18 17:43 . 2001-08-23 17:46 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll 2007-12-18 09:43 . 2007-12-18 09:44 <REP> d-------- C:\Documents and Settings\All Users\Anyplace Control 4 2007-12-18 02:09 . 2007-12-18 07:20 <REP> d-------- C:\__eetemp 2007-12-17 21:36 . 2007-12-18 17:26 <REP> d-------- C:\Program Files\MSN Messenger 2007-12-17 18:26 . 2007-12-17 18:27 <REP> d-------- C:\Qoofix 2007-12-17 18:13 . 2007-12-17 18:13 85,635 --a------ C:\Qoofix.zip 2007-12-17 16:26 . 2007-12-18 18:24 24 --a------ C:\WINDOWS\ShellIcon32.dll 2007-12-17 16:25 . 2007-12-18 18:24 <REP> d-------- C:\Program Files\Anyplace Control 4 2007-12-17 16:25 . 2007-12-17 16:25 47 --a------ C:\WINDOWS\anyplace-control.ini 2007-12-16 23:31 . 2007-12-17 09:14 <REP> d-------- C:\Documents and Settings\Administrateur\.housecall6.6 2007-12-16 19:53 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-12-16 19:51 . 2007-12-16 19:51 <REP> d-------- C:\Program Files\Fichiers communs\Java 2007-12-16 12:06 . 2007-12-16 12:06 <REP> d-------- C:\Program Files\HREFTools 2007-12-15 21:05 . 2007-12-15 21:05 <REP> d-------- C:\fsaua.data 2007-12-15 18:51 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-12-15 18:51 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-12-15 18:51 . 2007-12-13 19:40 77,824 --a------ C:\WINDOWS\system32\IEDFix.exe 2007-12-15 18:51 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-12-15 18:51 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-12-15 18:51 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-12-15 16:23 . 2007-12-15 16:23 <REP> d-------- C:\Program Files\HfNetChk 2007-12-15 16:09 . 2007-12-15 16:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2007-12-15 16:05 . 2007-12-15 16:05 <REP> d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2 2007-12-15 16:04 . 2007-12-15 23:21 <REP> d-------- C:\Documents and Settings\Administrateur\SecurityScans 2007-12-15 15:43 . 2007-12-17 15:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic 2007-12-15 15:12 . 2007-12-15 15:12 <REP> d-------- C:\Program Files\Shavlik Technologies 2007-12-15 14:54 . 2007-12-15 14:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{DD33F2FB-A420-45C0-9477-4F59487EFF1F} 2007-12-15 13:29 . 1996-05-03 23:05 28,672 --a------ C:\WINDOWS\system32\MSGHOO32.OCX 2007-12-15 13:28 . 1998-04-24 01:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll 2007-12-15 13:25 . 2007-12-19 19:15 <REP> d-------- C:\WINDOWS\system32\CatRoot2 2007-12-15 12:59 . 2007-12-15 12:59 <REP> d-------- C:\Program Files\Impact Software LLC 2007-12-14 11:52 . 2007-12-14 11:52 <REP> d-------- C:\VundoFix Backups 2007-12-14 10:37 . 2007-12-14 10:37 <REP> d-------- C:\Program Files\Kill Process 2007-12-12 21:19 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-12-12 21:19 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2007-12-12 21:19 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2007-12-12 19:25 . 2007-12-12 19:25 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-12-12 19:20 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2007-12-12 19:18 . 2007-12-12 19:18 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2007-12-12 18:51 . 2007-12-12 19:20 <REP> d-------- C:\Program Files\Windows Live 2007-12-12 18:51 . 2007-12-12 18:55 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2007-12-12 18:51 . 2007-12-17 22:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-12-11 17:41 . 2007-12-15 13:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan 2007-12-11 14:32 . 2007-12-11 14:32 <REP> d-------- C:\Documents and Settings\LocalService\Menu D‚marrer 2007-12-11 12:18 . 2007-12-11 12:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-12-11 09:41 . 2007-12-11 09:42 <REP> d-------- C:\Program Files\PRTG Traffic Grapher 4 2007-12-11 09:37 . 2007-12-11 09:37 <REP> d-------- C:\Program Files\MPEGFLAWBAIT 2007-12-11 09:37 . 2007-12-11 09:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Fast Warn Ooze Info 2007-12-11 09:37 . 2007-12-11 17:46 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\MPEGFLAWBAIT 2007-12-10 21:44 . 2007-12-10 21:44 <REP> d-------- C:\Program Files\Smart Projects 2007-12-08 09:06 . 2007-12-08 09:08 <REP> d-------- C:\Program Files\Bandwidth Monitor Pro 2007-12-08 09:06 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe 2007-12-04 08:17 . 2007-12-04 08:17 <REP> d-------- C:\Program Files\Alwil Software 2007-12-04 08:17 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-12-04 08:13 . 2007-12-11 12:26 <REP> d-------- C:\Program Files\RegCure 2007-12-01 16:07 . 2007-12-01 16:11 <REP> d-------- C:\Program Files\CD to MP3 Ripper 2007-12-01 14:52 . 2007-12-01 16:03 <REP> d-------- C:\Program Files\mp3Tag 5 2007-11-25 23:43 . 2007-11-25 23:43 245,408 --a------ C:\WINDOWS\system32\unicows.dll 2007-11-25 11:17 . 2007-12-15 13:39 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\BitTorrent 2007-11-25 11:16 . 2007-11-25 11:17 <REP> d-------- C:\Program Files\BitTorrent 2007-11-23 13:28 . 2007-11-23 13:28 <REP> d-------- C:\Program Files\PalickSoft . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-18 16:40 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-17 00:53 --------- d-----w C:\Program Files\Java 2007-12-15 18:29 --------- d-----w C:\Program Files\Evidence Eliminator 2007-12-15 17:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2007-12-15 17:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7 2007-12-13 23:51 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Skype 2007-12-13 23:04 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\AVG7 2007-12-11 17:18 --------- d-----w C:\Program Files\Lavasoft 2007-12-11 17:10 --------- d-----w C:\Documents |