A voir également:
- Virus winupgro
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
44 réponses
toto09
question niaise (tt comme mes connaissances), qu'est ce qu'un bagle ?? la cest les potes dont tu a parler tt a lheure de winupgro qui posent probleme ??
bagle est un ver informatique
tu le chope via la p2p avec les cracks avant il passait via mails
tu t es réinfecté car tu m a pas écouté et aussi car le fix (le mien) que je t ai fais utilisé a des lacunes
tu a cliké sur l exe "patché" par bagle ce qui recollé l infection
breff passe combofix et on nettoie et dodo -;)
tu le chope via la p2p avec les cracks avant il passait via mails
tu t es réinfecté car tu m a pas écouté et aussi car le fix (le mien) que je t ai fais utilisé a des lacunes
tu a cliké sur l exe "patché" par bagle ce qui recollé l infection
breff passe combofix et on nettoie et dodo -;)
ComboFix 09-01-13.04 - nathan 2009-01-16 1:37:57.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1023.787 [GMT 1:00]
Lancé depuis: c:\documents and settings\nathan\Bureau\killbagle.exe
AV: avast! antivirus 4.8.1296 [VPS 090115-0] *On-access scanning disabled* (Outdated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Outdated)
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\jfw\Application Data\inst.exe
c:\documents and settings\nathan\Application Data\drivers\downld
c:\documents and settings\nathan\Application Data\drivers\downld\102296.exe
c:\documents and settings\nathan\Application Data\drivers\downld\102500.exe
c:\documents and settings\nathan\Application Data\drivers\downld\107546.exe
c:\documents and settings\nathan\Application Data\drivers\downld\131187.exe
c:\documents and settings\nathan\Application Data\drivers\downld\131859.exe
c:\documents and settings\nathan\Application Data\drivers\downld\132234.exe
c:\documents and settings\nathan\Application Data\drivers\downld\136703.exe
c:\documents and settings\nathan\Application Data\drivers\downld\136984.exe
c:\documents and settings\nathan\Application Data\drivers\downld\143812.exe
c:\documents and settings\nathan\Application Data\drivers\downld\156359.exe
c:\documents and settings\nathan\Application Data\drivers\downld\219046.exe
c:\documents and settings\nathan\Application Data\drivers\downld\219796.exe
c:\documents and settings\nathan\Application Data\drivers\downld\219859.exe
c:\documents and settings\nathan\Application Data\drivers\downld\234437.exe
c:\documents and settings\nathan\Application Data\drivers\downld\235796.exe
c:\documents and settings\nathan\Application Data\drivers\downld\236421.exe
c:\documents and settings\nathan\Application Data\drivers\downld\237109.exe
c:\documents and settings\nathan\Application Data\drivers\downld\237890.exe
c:\documents and settings\nathan\Application Data\drivers\downld\238390.exe
c:\documents and settings\nathan\Application Data\drivers\downld\256156.exe
c:\documents and settings\nathan\Application Data\drivers\downld\256531.exe
c:\documents and settings\nathan\Application Data\drivers\downld\257187.exe
c:\documents and settings\nathan\Application Data\drivers\downld\257500.exe
c:\documents and settings\nathan\Application Data\drivers\downld\263968.exe
c:\documents and settings\nathan\Application Data\drivers\downld\291125.exe
c:\documents and settings\nathan\Application Data\drivers\downld\297984.exe
c:\documents and settings\nathan\Application Data\drivers\downld\302546.exe
c:\documents and settings\nathan\Application Data\drivers\downld\303687.exe
c:\documents and settings\nathan\Application Data\drivers\downld\304156.exe
c:\documents and settings\nathan\Application Data\drivers\downld\542812.exe
c:\documents and settings\nathan\Application Data\drivers\downld\545562.exe
c:\documents and settings\nathan\Application Data\drivers\downld\545671.exe
c:\documents and settings\nathan\Application Data\drivers\downld\549765.exe
c:\documents and settings\nathan\Application Data\drivers\downld\582281.exe
c:\documents and settings\nathan\Application Data\drivers\downld\599187.exe
c:\documents and settings\nathan\Application Data\drivers\downld\600250.exe
c:\documents and settings\nathan\Application Data\drivers\downld\605828.exe
c:\documents and settings\nathan\Application Data\drivers\downld\606218.exe
c:\documents and settings\nathan\Application Data\drivers\downld\638890.exe
c:\documents and settings\nathan\Application Data\drivers\downld\641312.exe
c:\documents and settings\nathan\Application Data\drivers\downld\663062.exe
c:\documents and settings\nathan\Application Data\drivers\downld\728656.exe
c:\documents and settings\nathan\Application Data\drivers\downld\729546.exe
c:\documents and settings\nathan\Application Data\drivers\downld\729640.exe
c:\documents and settings\nathan\Application Data\drivers\downld\742984.exe
c:\documents and settings\nathan\Application Data\drivers\downld\744250.exe
c:\documents and settings\nathan\Application Data\drivers\downld\744875.exe
c:\documents and settings\nathan\Application Data\drivers\downld\745890.exe
c:\documents and settings\nathan\Application Data\drivers\downld\746875.exe
c:\documents and settings\nathan\Application Data\drivers\downld\747718.exe
c:\documents and settings\nathan\Application Data\drivers\downld\766593.exe
c:\documents and settings\nathan\Application Data\drivers\downld\766750.exe
c:\documents and settings\nathan\Application Data\drivers\downld\767250.exe
c:\documents and settings\nathan\Application Data\drivers\downld\768296.exe
c:\documents and settings\nathan\Application Data\drivers\downld\768953.exe
c:\documents and settings\nathan\Application Data\drivers\downld\775062.exe
c:\documents and settings\nathan\Application Data\drivers\downld\800500.exe
c:\documents and settings\nathan\Application Data\drivers\downld\815656.exe
c:\documents and settings\nathan\Application Data\drivers\downld\816515.exe
c:\documents and settings\nathan\Application Data\drivers\downld\816890.exe
c:\documents and settings\nathan\Application Data\drivers\downld\98593.exe
c:\documents and settings\nathan\Application Data\drivers\srosa.sys
c:\documents and settings\nathan\Application Data\drivers\srosa2.sys
c:\documents and settings\nathan\Application Data\drivers\winupgro.exe
c:\documents and settings\nathan\Application Data\m
c:\documents and settings\nathan\Application Data\m\data.oct
c:\documents and settings\nathan\Application Data\m\flec006.exe
c:\documents and settings\nathan\Application Data\m\list.oct
c:\documents and settings\nathan\Application Data\m\shared\10DRemote 1.1.zip
c:\documents and settings\nathan\Application Data\m\shared\4Leaf 3GP Video Converter 1.2.3.0.zip
c:\documents and settings\nathan\Application Data\m\shared\650 World Time 0.91.zip
c:\documents and settings\nathan\Application Data\m\shared\Aardvark Homepage Creator 1.1.zip
c:\documents and settings\nathan\Application Data\m\shared\AcQuest 941 Solution 2007 1.00.zip
c:\documents and settings\nathan\Application Data\m\shared\Active Password Changer 3.0 Build 422.zip
c:\documents and settings\nathan\Application Data\m\shared\Aggregate Escrow Adjustment 1.0.zip
c:\documents and settings\nathan\Application Data\m\shared\AnalogX CookieWall 1.01.zip
c:\documents and settings\nathan\Application Data\m\shared\Anniversary 2.5.2.zip
c:\documents and settings\nathan\Application Data\m\shared\Antivir_PersonalEdition_Premium_v6.31.00.05.zip
c:\documents and settings\nathan\Application Data\m\shared\ASPThumb 1.30.zip
c:\documents and settings\nathan\Application Data\m\shared\AStarted 1.0.zip
c:\documents and settings\nathan\Application Data\m\shared\AUDINI CDBurner 1.0.zip
c:\documents and settings\nathan\Application Data\m\shared\AudioAnalyser 1.9.zip
c:\documents and settings\nathan\Application Data\m\shared\Autodesk Maya Personal Learning Edition 7.0.1.zip
c:\documents and settings\nathan\Application Data\m\shared\Autosave plugin 1.zip
c:\documents and settings\nathan\Application Data\m\shared\Bandwidth Monitor Pro 1.30.zip
c:\documents and settings\nathan\Application Data\m\shared\Bart 2.0 Beta.zip
c:\documents and settings\nathan\Application Data\m\shared\Best Selling Books 1.0.0.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Bulk Image Resizer 1.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Catalog Max 1.66.zip
c:\documents and settings\nathan\Application Data\m\shared\claves.avast.zip
c:\documents and settings\nathan\Application Data\m\shared\ClockDummy! 1.9.zip
c:\documents and settings\nathan\Application Data\m\shared\Command Creator 3.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Crack_AVG_Anti_Spyware_7.5.0.50_plus.updated-fixed.Release.11-2006.zip
c:\documents and settings\nathan\Application Data\m\shared\Cudgel of screensaver 2.1.zip
c:\documents and settings\nathan\Application Data\m\shared\Daily Political Cartoons from MSNBC.com! 1.0.zip
c:\documents and settings\nathan\Application Data\m\shared\DBManager Freeware for PostgreSQL 3.1.1.zip
c:\documents and settings\nathan\Application Data\m\shared\Diablo II Screensaver 1.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Digital Video Stabilizer 1.2D.zip
c:\documents and settings\nathan\Application Data\m\shared\DNS Cache 1.2.zip
c:\documents and settings\nathan\Application Data\m\shared\Doc to Jpg converter 1.2.zip
c:\documents and settings\nathan\Application Data\m\shared\Doorway Blaster 1.3.2.zip
c:\documents and settings\nathan\Application Data\m\shared\Driver Backup 1.0.0.1.zip
c:\documents and settings\nathan\Application Data\m\shared\DVD-Video Maker 1.0.0.0.zip
c:\documents and settings\nathan\Application Data\m\shared\DVD Render.zip
c:\documents and settings\nathan\Application Data\m\shared\Ease MP3 CD Burner 1.40.zip
c:\documents and settings\nathan\Application Data\m\shared\Favorites Sweeper 3.00.zip
c:\documents and settings\nathan\Application Data\m\shared\Float Planes 2 1.1.zip
c:\documents and settings\nathan\Application Data\m\shared\Focus CD Cover Maker 1.9.zip
c:\documents and settings\nathan\Application Data\m\shared\Font2Bmp 1.42.zip
c:\documents and settings\nathan\Application Data\m\shared\foo dsp dolbyhp 1.0.0.zip
c:\documents and settings\nathan\Application Data\m\shared\FREE KEYLOGGER by PC Sentinel Software 2.5.0.zip
c:\documents and settings\nathan\Application Data\m\shared\FreeCiv Advance 2.1.0 Beta 6.zip
c:\documents and settings\nathan\Application Data\m\shared\FXWitz Flash SlideShow Editor 2.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Grisoft.AVG.Anti-Virus.System.v7.1.361.Build.651.Multilingual.Win.Incl.Keygen-SSG.zip
c:\documents and settings\nathan\Application Data\m\shared\GTranslation 1.62a.zip
c:\documents and settings\nathan\Application Data\m\shared\HD Checker 1.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Herbal Medicine 1.0.zip
c:\documents and settings\nathan\Application Data\m\shared\hmmXP for Firefox 3 1.3.5.56.zip
c:\documents and settings\nathan\Application Data\m\shared\HTML to RTF Converter Pro 2.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Hydra 1.2.zip
c:\documents and settings\nathan\Application Data\m\shared\Hydra Icon Editor 1.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Image Dif 1.0.zip
c:\documents and settings\nathan\Application Data\m\shared\IMAP Adaptor 1.3.zip
c:\documents and settings\nathan\Application Data\m\shared\Jaws PDF Editor 3.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Kandinski Screensaver.zip
c:\documents and settings\nathan\Application Data\m\shared\Karspersky.Antivirus.v6.0.+.Key.zip
c:\documents and settings\nathan\Application Data\m\shared\kaspersky.anti-virus.personal.pro.5.0.20.de.link.by.www.titanesel.tk.zip
c:\documents and settings\nathan\Application Data\m\shared\Kaspersky.Antivirus.Key.Hasta.2007.By.Frantrack.Updated-Fixed.01-2007.zip
c:\documents and settings\nathan\Application Data\m\shared\LAN Tornado 1.3.zip
c:\documents and settings\nathan\Application Data\m\shared\LERSUS 3.1.0.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Links Assistant 1.00.zip
c:\documents and settings\nathan\Application Data\m\shared\LogMX 1.2.6.zip
c:\documents and settings\nathan\Application Data\m\shared\Loudtalks 0.9.0.37.zip
c:\documents and settings\nathan\Application Data\m\shared\Magic Speed Reading.zip
c:\documents and settings\nathan\Application Data\m\shared\Match! 2008 3.0.zip
c:\documents and settings\nathan\Application Data\m\shared\McAfee.Total.Protection.2007-DVT.zip
c:\documents and settings\nathan\Application Data\m\shared\MicroCounter 1.00.zip
c:\documents and settings\nathan\Application Data\m\shared\MUSoSu 0.9.6.zip
c:\documents and settings\nathan\Application Data\m\shared\My Ca$hflow 0.5.zip
c:\documents and settings\nathan\Application Data\m\shared\My Mp3's 1.42.zip
c:\documents and settings\nathan\Application Data\m\shared\MyFinder 2.6.0.zip
c:\documents and settings\nathan\Application Data\m\shared\MyTunesRSS 3.5.2.zip
c:\documents and settings\nathan\Application Data\m\shared\NetRipper 2.zip
c:\documents and settings\nathan\Application Data\m\shared\Newsfinder 1.2.zip
c:\documents and settings\nathan\Application Data\m\shared\NOD32.v2.51.20.Italiano.+.crack.updated-fixed.09-2006.zip
c:\documents and settings\nathan\Application Data\m\shared\Ogginotes 1.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Opel Astra DTM Screensaver 2.zip
c:\documents and settings\nathan\Application Data\m\shared\Our Lady Liberty Screensaver 1.0.zip
c:\documents and settings\nathan\Application Data\m\shared\OzzTuner 1.01.zip
c:\documents and settings\nathan\Application Data\m\shared\PDF Vista Workstation Edition 6.0.0.6200.zip
c:\documents and settings\nathan\Application Data\m\shared\PeerSynergy Desktop Sharing 2.0.1.zip
c:\documents and settings\nathan\Application Data\m\shared\PictureBook 1.8.1.47.zip
c:\documents and settings\nathan\Application Data\m\shared\Portable PowerEnc 2.32 Build 20071116.zip
c:\documents and settings\nathan\Application Data\m\shared\Printer Park 1.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Prisoner Clock 1.1.zip
c:\documents and settings\nathan\Application Data\m\shared\Process Sitter 1.1.zip
c:\documents and settings\nathan\Application Data\m\shared\ProFactor Stylemanager 1.15.zip
c:\documents and settings\nathan\Application Data\m\shared\Proxy Log Explorer Professional Edition 1.1 Build 0026.zip
c:\documents and settings\nathan\Application Data\m\shared\PS to Tiff 2.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Psy Leaf Screensaver 1.3.zip
c:\documents and settings\nathan\Application Data\m\shared\Quick File Rename 5.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Quick3D Viewer 4.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Quickie Architect 3.0.005.zip
c:\documents and settings\nathan\Application Data\m\shared\QuikSearch America 1.0.zip
c:\documents and settings\nathan\Application Data\m\shared\QwikChange Folder Monitor 1.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Realize Voice 4.1.zip
c:\documents and settings\nathan\Application Data\m\shared\Recovery for Lotus Notes 2.0 Build 096577.zip
c:\documents and settings\nathan\Application Data\m\shared\Respect FTP Scanner 1.1.zip
c:\documents and settings\nathan\Application Data\m\shared\Returnil Virtual System 2.0.1.7067 Beta.zip
c:\documents and settings\nathan\Application Data\m\shared\Sheer Notes 1.1.zip
c:\documents and settings\nathan\Application Data\m\shared\Small Business Break-Even Analyzer 1.6.zip
c:\documents and settings\nathan\Application Data\m\shared\SMART Monitor 2.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Sodexo Jobs 2.0.zip
c:\documents and settings\nathan\Application Data\m\shared\SpaceTheremin 1.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Standard AVI Video Converter 3.32.zip
c:\documents and settings\nathan\Application Data\m\shared\Stars and Planets 1.1.zip
c:\documents and settings\nathan\Application Data\m\shared\Stellar Phoenix RAW File Recovery 2.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Stock Market Tracker 1.0.0.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Super Copy 2.1.zip
c:\documents and settings\nathan\Application Data\m\shared\SuperCool Multiple ZIP 1.03.zip
c:\documents and settings\nathan\Application Data\m\shared\Surf Icons 1.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Symantec.Norton.Internet.Security.2007(.completo+serial).updated-fixed.Release.12-2006.zip
c:\documents and settings\nathan\Application Data\m\shared\Systweak Photo Album 1.0.0.1.zip
c:\documents and settings\nathan\Application Data\m\shared\T-Mobile Connection Manager 1.8.17.0.zip
c:\documents and settings\nathan\Application Data\m\shared\TelStar 1.9.3.3.zip
c:\documents and settings\nathan\Application Data\m\shared\The Paster 2.1.zip
c:\documents and settings\nathan\Application Data\m\shared\Type TV Show 7.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Valentine Icons 1.0.zip
c:\documents and settings\nathan\Application Data\m\shared\ViFilm 1.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Wallpaper Photo Show 1.1.zip
c:\documents and settings\nathan\Application Data\m\shared\Webserver Stress Tool 7.2.1.246.zip
c:\documents and settings\nathan\Application Data\m\shared\Winter Wonderlands Screensaver 1.0.zip
c:\documents and settings\nathan\Application Data\m\shared\WinVDR Pro 3.7.0 Build 110.zip
c:\documents and settings\nathan\Application Data\m\shared\Youlicit Browser Enhancement 1.0.4.zip
c:\documents and settings\nathan\Application Data\m\srvlist.oct
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\windows\system32\ban_list.txt
c:\windows\system32\Cfx32.lic
c:\windows\system32\cfx32.ocx
c:\windows\system32\mdelk.exe
c:\windows\system32\wintems.exe
c:\windows\system32\wxmmin.dll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SROSA
-------\Legacy_SROSA
-------\Legacy_SK9OU0S
-------\Service_sK9Ou0s
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-16 au 2009-01-16 ))))))))))))))))))))))))))))))))))))
.
2009-01-16 00:13 . 2009-01-16 00:13 <REP> d-------- c:\program files\CCleaner
2009-01-16 00:12 . 2009-01-16 00:12 <REP> d-------- c:\program files\Avira
2009-01-16 00:12 . 2009-01-16 00:12 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-01-16 00:10 . 2009-01-16 00:10 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-16 00:10 . 2009-01-16 00:10 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-15 23:41 . 2009-01-15 23:57 <REP> d-------- c:\program files\Ad-remover
2009-01-15 23:37 . 2009-01-16 01:39 <REP> d--h----- c:\documents and settings\nathan\Application Data\drivers
2009-01-15 23:34 . 2009-01-15 23:34 <REP> d-------- c:\program files\Trend Micro
2009-01-15 22:54 . 2009-01-15 22:54 <REP> d-------- C:\_OTMoveIt
2009-01-15 21:08 . 2009-01-16 01:04 <REP> d-------- c:\program files\FindyKill
2008-12-19 17:33 . 2008-12-19 17:33 <REP> d-------- c:\program files\MIKSOFT
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-16 00:44 --------- d-----w c:\documents and settings\All Users\Application Data\VMware
2009-01-16 00:43 --------- d-----w c:\documents and settings\LocalService\Application Data\VMware
2009-01-16 00:40 --------- d-----w c:\program files\Microsoft ActiveSync
2009-01-15 23:11 --------- d-----w c:\program files\Java
2009-01-15 20:47 --------- d-----w c:\program files\1&1
2009-01-14 00:56 --------- d-----w c:\documents and settings\nathan\Application Data\gtk-2.0
2009-01-14 00:40 --------- d-----w c:\documents and settings\nathan\Application Data\dvdcss
2009-01-13 23:23 --------- d-----w c:\program files\Windows Live Safety Center
2009-01-13 01:49 --------- d-----w c:\documents and settings\nathan\Application Data\vlc
2009-01-11 15:07 --------- d-----w c:\documents and settings\jfw\Application Data\Glory of the Roman Empire
2009-01-02 09:29 --------- d-----w c:\program files\Mozilla Thunderbird
2008-12-15 12:47 --------- d-----w c:\documents and settings\jfw\Application Data\mp3 mpeg heart
2008-12-15 12:43 --------- d-----w c:\documents and settings\All Users\Application Data\Drivesettingswipedoes
2008-12-14 17:16 --------- d-----w c:\program files\Fichiers communs\xing shared
2008-12-14 17:15 --------- d-----w c:\program files\Fichiers communs\Real
2008-12-14 16:03 --------- d-----w c:\program files\Windows Media Connect 2
2008-12-14 15:54 --------- d-----w c:\documents and settings\nathan\Application Data\PE Explorer
2008-12-12 16:20 19,464 ----a-w c:\documents and settings\nathan\Application Data\GDIPFONTCACHEV1.DAT
2008-12-08 23:31 --------- d-----w c:\documents and settings\nathan\Application Data\AdobeUM
2008-12-07 12:52 --------- d-----w c:\program files\Microsoft Games
2008-12-07 02:09 --------- d-----w c:\program files\Winamp
2008-12-06 09:05 --------- d-----w c:\documents and settings\jfw\Application Data\Microsoft Games
2008-11-29 15:14 --------- d-----w c:\program files\MSXML 4.0
2008-11-29 14:33 --------- d-----w c:\documents and settings\nathan\Application Data\Microsoft Games
2008-11-29 08:19 --------- d-----w c:\documents and settings\jfw\Application Data\dvdcss
2008-11-29 08:18 --------- d-----w c:\documents and settings\jfw\Application Data\vlc
2008-11-28 00:09 --------- d-----w c:\documents and settings\nathan\Application Data\Apple Computer
2008-11-26 17:54 --------- d-----w c:\documents and settings\nathan\Application Data\Thunderbird
2008-11-26 17:54 --------- d-----w c:\documents and settings\nathan\Application Data\Talkback
2008-11-26 17:12 --------- d-----w c:\documents and settings\All Users\Application Data\Sports Interactive
2008-11-26 12:36 --------- d--h--w c:\program files\Zero G Registry
2008-11-26 12:22 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-26 03:44 --------- d-----w c:\documents and settings\nathan\Application Data\VMware
2008-11-26 03:14 --------- d-----w c:\documents and settings\nathan\Application Data\Sports Interactive
2008-11-23 22:42 --------- d-----w c:\program files\Hasbro
2008-11-18 17:23 --------- d-----w c:\documents and settings\nathan\Application Data\JDeveloper
2007-12-14 18:20 24,192 ----a-w c:\documents and settings\jfw\usbsermptxp.sys
2007-12-14 18:20 22,768 ----a-w c:\documents and settings\jfw\usbsermpt.sys
2007-06-11 22:12 47,360 ----a-w c:\documents and settings\jfw\Application Data\pcouffin.sys
2007-05-23 08:31 19,464 ----a-w c:\documents and settings\jfw\Application Data\GDIPFONTCACHEV1.DAT
2006-10-03 18:46 41,140 ----a-w c:\documents and settings\monAlbumPhoto\unins000.dat
2006-10-03 18:44 647,167 ----a-w c:\documents and settings\monAlbumPhoto\unins000.exe
2006-09-23 10:51 2,076,672 ----a-w c:\documents and settings\monAlbumPhoto\monAlbumPhoto.exe
2006-09-06 17:06 16,384 ----a-w c:\documents and settings\monAlbumPhoto\AdvRtxTextBox.dll
2006-09-06 16:57 20,480 ----a-w c:\documents and settings\monAlbumPhoto\FontCombo.dll
2006-07-31 10:09 405,504 ----a-w c:\documents and settings\monAlbumPhoto\idautomation.linearbarcode.dll
2006-07-20 10:36 24,576 ----a-w c:\documents and settings\monAlbumPhoto\CodeVendor.Controls.dll
2006-06-23 14:32 49,152 ----a-w c:\documents and settings\monAlbumPhoto\AxInterop.SHDocVw_old.dll
2006-06-22 11:44 32,768 ----a-w c:\documents and settings\monAlbumPhoto\Interop.ShockwaveFlashObjects.dll
2006-06-22 11:44 28,672 ----a-w c:\documents and settings\monAlbumPhoto\AxInterop.ShockwaveFlashObjects.dll
2006-06-10 16:59 73,728 ----a-w c:\documents and settings\monAlbumPhoto\Interop.wodFtpDLXLib.dll
2006-06-10 16:59 57,344 ----a-w c:\documents and settings\monAlbumPhoto\Interop.wodFtpDLXComLib.dll
2006-04-24 19:07 28,672 ----a-w c:\documents and settings\monAlbumPhoto\Gios PDF Splitter And Merger.dll
2006-03-16 16:50 81,920 ----a-w c:\documents and settings\monAlbumPhoto\ExpTreeLib.dll
2006-03-02 10:05 23,552 ----a-w c:\documents and settings\monAlbumPhoto\SPB.dll
2006-01-25 13:39 49,152 ----a-w c:\documents and settings\monAlbumPhoto\AxInterop.SHDocVw.dll
2006-01-25 13:39 135,168 ----a-w c:\documents and settings\monAlbumPhoto\Interop.SHDocVw_old.dll
2006-01-25 13:39 135,168 ----a-w c:\documents and settings\monAlbumPhoto\Interop.SHDocVw.dll
2006-01-10 23:57 57,344 ----a-w c:\documents and settings\monAlbumPhoto\AxInterop.wodFtpDLXLib.dll
2005-11-11 17:19 16,384 ----a-w c:\documents and settings\monAlbumPhoto\stdole.dll
2005-10-13 13:55 6,144 ----a-w c:\documents and settings\monAlbumPhoto\Interop.MTXM_Thumbs.dll
2004-08-04 15:30 32,768 ----a-w c:\documents and settings\monAlbumPhoto\Interop.Scripting.dll
2004-02-23 19:42 49,152 ----a-w c:\documents and settings\monAlbumPhoto\Interop.VBRUN.dll
2003-08-25 11:54 131,072 ----a-w c:\documents and settings\monAlbumPhoto\PdfCreatorLib.dll
2003-02-14 13:23 6,656 ----a-w c:\documents and settings\monAlbumPhoto\Interop.IVBExtractImage.dll
2001-04-05 21:13 12,800 ----a-w c:\documents and settings\monAlbumPhoto\Interop.StdFormat.dll
2004-08-19 14:10 73,728 --sha-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.
------- Sigcheck -------
2005-03-02 19:20 578048 c34920eb988ce98910bd6b0417f334eb c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
2001-08-28 13:00 562176 0116f8b66043084912d4ceb1c3abf1e2 c:\windows\$NtServicePackUninstall$\user32.dll
2004-08-19 15:09 578048 61c8c283ad063bb697ae61a155c64a5a c:\windows\$NtUninstallKB890859$\user32.dll
2005-03-02 19:10 578048 2349f281aa54f66e9c0486d3c3a25cf4 c:\windows\ServicePackFiles\i386\user32.dll
2005-03-02 19:10 578048 2349f281aa54f66e9c0486d3c3a25cf4 c:\windows\system32\user32.dll
2006-06-23 12:25 668672 582953780721ac5d38f98cab229ec7b9 c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
2001-08-28 13:00 598016 ea72e6aab27289c10edce06f4af91557 c:\windows\$NtServicePackUninstall$\wininet.dll
2004-08-19 15:09 660480 4e958b97efc3d801f49283d1820f48b7 c:\windows\$NtUninstallKB918899$\wininet.dll
2006-06-23 12:11 663040 b656363e35cf09e8c05dcd1b24ce611f c:\windows\ServicePackFiles\i386\wininet.dll
2006-06-23 12:11 663040 b656363e35cf09e8c05dcd1b24ce611f c:\windows\system32\wininet.dll
2006-06-23 12:11 663040 b656363e35cf09e8c05dcd1b24ce611f c:\windows\system32\dllcache\wininet.dll
2001-08-28 13:00 434176 7486a7d62930d64e83cd847c3c69e7cc c:\windows\$NtServicePackUninstall$\winlogon.exe
2004-08-19 15:10 506368 0a1a19fffc1467de5085d1b66c929e38 c:\windows\ServicePackFiles\i386\winlogon.exe
2004-08-19 15:10 506368 0a1a19fffc1467de5085d1b66c929e38 c:\windows\system32\winlogon.exe
2004-08-19 15:09 1036288 18e0fd214dd9980a5f3575ca574d9b15 c:\windows\explorer.exe
2001-08-28 13:00 1005056 9e20a8ef0ca524446afee29f4423cc8f c:\windows\$NtServicePackUninstall$\explorer.exe
2004-08-19 15:09 1036288 18e0fd214dd9980a5f3575ca574d9b15 c:\windows\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5792AA9-D373-4039-8670-2CDAB6A71F15}]
2006-12-22 13:06 126976 --a------ c:\program files\BitDownload\TorrentManager.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-01-16 81000]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-07 196608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-06-21 35328]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-12-14 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-16 136600]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2009-01-16 266497]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2007-06-28 1528880]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.X264"= x264vfw.dll
"MSACM.CEGSM"= mobilev.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\H:\[u]0/uautocheck autochk *
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^OpenSTA NameServer.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\OpenSTA NameServer.lnk
backup=c:\windows\pss\OpenSTA NameServer.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\program files\1&1
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\program files\1&1\1&1 Connexion directe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\program files\1&1\1&1 Connexion directe\EasyLogin.exe]
1&1 Connexion directe HIDE [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eyeBeam SIP Client]
--a------ 2007-06-05 08:52 20811776 c:\program files\CounterPath\X-Lite\x-lite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2001-11-07 15:48 196608 c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 11:22 7700480 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\privoxy]
--a------ 2005-09-22 20:08 211968 c:\program files\Privoxy\privoxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
--a------ 2003-05-05 07:57 143360 c:\program files\Analog Devices\SoundMAX\SMTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-12-14 18:15 185872 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 11:22 1622016 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\Win32\\RpcDataSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\RpcSandraSrv.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [2006-09-17 131840]
R1 IfsDrives;IfsDrives;c:\windows\system32\drivers\IfsDrives.sys [2006-09-17 4608]
S1 aswSP;avast! Self Protection; [x]
S3 Camdrv30;Philips ToUcam XS;c:\windows\system32\drivers\camdrv30.sys [2006-09-16 171264]
S3 jfwproxy;FireDaemon Service: jfwproxy;c:\program files\FireDaemon\FireDaemon.exe -s --> c:\program files\FireDaemon\FireDaemon.exe -s [?]
S3 MySQL5;MySQL5;"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-max-nt" --defaults-file="c:\program files\mysql\MySQL Server 5.0\my.ini" "MySQL5" --> c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-max-nt [?]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2007-11-19 34064]
S3 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
S3 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [2006-02-02 204800]
S3 Privoxy Internet Proxy;Privoxy Internet Proxy;c:\program files\Privoxy\privoxy.exe [2006-09-30 211968]
S3 privoxy;Privoxy (privoxy); "c:\program files\Privoxy\privoxy.exe" --> c:\program files\Privoxy\privoxy.exe [?]
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;c:\windows\system32\drivers\WlanUZXP.sys [2007-07-08 260608]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-01 26624]
S4 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]
S4 SquidNT;SquidNT;c:\squid\sbin\squid.exe --ntservice:SquidNT --> c:\squid\sbin\squid.exe --ntservice:SquidNT [?]
.
Contenu du dossier 'Tâches planifiées'
2009-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-823518204-682003330-1003.job
- c:\documents and settings\jfw\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-06 13:39]
2009-01-16 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-H/PC Connection Agent - c:\program files\Microsoft ActiveSync\wcescomm.exe
MSConfigStartUp-PC Connection Agent - c:\program files\Microsoft ActiveSync\wcescomm.exe
MSConfigStartUp-hldrrr - c:\windows\system32\hldrrr.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-mule_st_key - c:\documents and settings\jfw\Application Data\m\flec006.exe
MSConfigStartUp-NvEventCenter - c:\windows\system\svchost.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_09\bin\jusched.exe
MSConfigStartUp-Trans About - c:\docume~1\jfw\APPLIC~1\MP3MPE~1\Grey Clock.exe
MSConfigStartUp-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe
MSConfigStartUp-wipe does live film - c:\documents and settings\All Users\Application Data\Drivesettingswipedoes\wmadrv.exe
.
------- Examen supplémentaire -------
.
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\nathan\Application Data\Mozilla\Firefox\Profiles\6bh4wyqx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-16 01:44:22
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/mysql44/bin/mysqld-nt.exe"
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1023.787 [GMT 1:00]
Lancé depuis: c:\documents and settings\nathan\Bureau\killbagle.exe
AV: avast! antivirus 4.8.1296 [VPS 090115-0] *On-access scanning disabled* (Outdated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Outdated)
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\jfw\Application Data\inst.exe
c:\documents and settings\nathan\Application Data\drivers\downld
c:\documents and settings\nathan\Application Data\drivers\downld\102296.exe
c:\documents and settings\nathan\Application Data\drivers\downld\102500.exe
c:\documents and settings\nathan\Application Data\drivers\downld\107546.exe
c:\documents and settings\nathan\Application Data\drivers\downld\131187.exe
c:\documents and settings\nathan\Application Data\drivers\downld\131859.exe
c:\documents and settings\nathan\Application Data\drivers\downld\132234.exe
c:\documents and settings\nathan\Application Data\drivers\downld\136703.exe
c:\documents and settings\nathan\Application Data\drivers\downld\136984.exe
c:\documents and settings\nathan\Application Data\drivers\downld\143812.exe
c:\documents and settings\nathan\Application Data\drivers\downld\156359.exe
c:\documents and settings\nathan\Application Data\drivers\downld\219046.exe
c:\documents and settings\nathan\Application Data\drivers\downld\219796.exe
c:\documents and settings\nathan\Application Data\drivers\downld\219859.exe
c:\documents and settings\nathan\Application Data\drivers\downld\234437.exe
c:\documents and settings\nathan\Application Data\drivers\downld\235796.exe
c:\documents and settings\nathan\Application Data\drivers\downld\236421.exe
c:\documents and settings\nathan\Application Data\drivers\downld\237109.exe
c:\documents and settings\nathan\Application Data\drivers\downld\237890.exe
c:\documents and settings\nathan\Application Data\drivers\downld\238390.exe
c:\documents and settings\nathan\Application Data\drivers\downld\256156.exe
c:\documents and settings\nathan\Application Data\drivers\downld\256531.exe
c:\documents and settings\nathan\Application Data\drivers\downld\257187.exe
c:\documents and settings\nathan\Application Data\drivers\downld\257500.exe
c:\documents and settings\nathan\Application Data\drivers\downld\263968.exe
c:\documents and settings\nathan\Application Data\drivers\downld\291125.exe
c:\documents and settings\nathan\Application Data\drivers\downld\297984.exe
c:\documents and settings\nathan\Application Data\drivers\downld\302546.exe
c:\documents and settings\nathan\Application Data\drivers\downld\303687.exe
c:\documents and settings\nathan\Application Data\drivers\downld\304156.exe
c:\documents and settings\nathan\Application Data\drivers\downld\542812.exe
c:\documents and settings\nathan\Application Data\drivers\downld\545562.exe
c:\documents and settings\nathan\Application Data\drivers\downld\545671.exe
c:\documents and settings\nathan\Application Data\drivers\downld\549765.exe
c:\documents and settings\nathan\Application Data\drivers\downld\582281.exe
c:\documents and settings\nathan\Application Data\drivers\downld\599187.exe
c:\documents and settings\nathan\Application Data\drivers\downld\600250.exe
c:\documents and settings\nathan\Application Data\drivers\downld\605828.exe
c:\documents and settings\nathan\Application Data\drivers\downld\606218.exe
c:\documents and settings\nathan\Application Data\drivers\downld\638890.exe
c:\documents and settings\nathan\Application Data\drivers\downld\641312.exe
c:\documents and settings\nathan\Application Data\drivers\downld\663062.exe
c:\documents and settings\nathan\Application Data\drivers\downld\728656.exe
c:\documents and settings\nathan\Application Data\drivers\downld\729546.exe
c:\documents and settings\nathan\Application Data\drivers\downld\729640.exe
c:\documents and settings\nathan\Application Data\drivers\downld\742984.exe
c:\documents and settings\nathan\Application Data\drivers\downld\744250.exe
c:\documents and settings\nathan\Application Data\drivers\downld\744875.exe
c:\documents and settings\nathan\Application Data\drivers\downld\745890.exe
c:\documents and settings\nathan\Application Data\drivers\downld\746875.exe
c:\documents and settings\nathan\Application Data\drivers\downld\747718.exe
c:\documents and settings\nathan\Application Data\drivers\downld\766593.exe
c:\documents and settings\nathan\Application Data\drivers\downld\766750.exe
c:\documents and settings\nathan\Application Data\drivers\downld\767250.exe
c:\documents and settings\nathan\Application Data\drivers\downld\768296.exe
c:\documents and settings\nathan\Application Data\drivers\downld\768953.exe
c:\documents and settings\nathan\Application Data\drivers\downld\775062.exe
c:\documents and settings\nathan\Application Data\drivers\downld\800500.exe
c:\documents and settings\nathan\Application Data\drivers\downld\815656.exe
c:\documents and settings\nathan\Application Data\drivers\downld\816515.exe
c:\documents and settings\nathan\Application Data\drivers\downld\816890.exe
c:\documents and settings\nathan\Application Data\drivers\downld\98593.exe
c:\documents and settings\nathan\Application Data\drivers\srosa.sys
c:\documents and settings\nathan\Application Data\drivers\srosa2.sys
c:\documents and settings\nathan\Application Data\drivers\winupgro.exe
c:\documents and settings\nathan\Application Data\m
c:\documents and settings\nathan\Application Data\m\data.oct
c:\documents and settings\nathan\Application Data\m\flec006.exe
c:\documents and settings\nathan\Application Data\m\list.oct
c:\documents and settings\nathan\Application Data\m\shared\10DRemote 1.1.zip
c:\documents and settings\nathan\Application Data\m\shared\4Leaf 3GP Video Converter 1.2.3.0.zip
c:\documents and settings\nathan\Application Data\m\shared\650 World Time 0.91.zip
c:\documents and settings\nathan\Application Data\m\shared\Aardvark Homepage Creator 1.1.zip
c:\documents and settings\nathan\Application Data\m\shared\AcQuest 941 Solution 2007 1.00.zip
c:\documents and settings\nathan\Application Data\m\shared\Active Password Changer 3.0 Build 422.zip
c:\documents and settings\nathan\Application Data\m\shared\Aggregate Escrow Adjustment 1.0.zip
c:\documents and settings\nathan\Application Data\m\shared\AnalogX CookieWall 1.01.zip
c:\documents and settings\nathan\Application Data\m\shared\Anniversary 2.5.2.zip
c:\documents and settings\nathan\Application Data\m\shared\Antivir_PersonalEdition_Premium_v6.31.00.05.zip
c:\documents and settings\nathan\Application Data\m\shared\ASPThumb 1.30.zip
c:\documents and settings\nathan\Application Data\m\shared\AStarted 1.0.zip
c:\documents and settings\nathan\Application Data\m\shared\AUDINI CDBurner 1.0.zip
c:\documents and settings\nathan\Application Data\m\shared\AudioAnalyser 1.9.zip
c:\documents and settings\nathan\Application Data\m\shared\Autodesk Maya Personal Learning Edition 7.0.1.zip
c:\documents and settings\nathan\Application Data\m\shared\Autosave plugin 1.zip
c:\documents and settings\nathan\Application Data\m\shared\Bandwidth Monitor Pro 1.30.zip
c:\documents and settings\nathan\Application Data\m\shared\Bart 2.0 Beta.zip
c:\documents and settings\nathan\Application Data\m\shared\Best Selling Books 1.0.0.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Bulk Image Resizer 1.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Catalog Max 1.66.zip
c:\documents and settings\nathan\Application Data\m\shared\claves.avast.zip
c:\documents and settings\nathan\Application Data\m\shared\ClockDummy! 1.9.zip
c:\documents and settings\nathan\Application Data\m\shared\Command Creator 3.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Crack_AVG_Anti_Spyware_7.5.0.50_plus.updated-fixed.Release.11-2006.zip
c:\documents and settings\nathan\Application Data\m\shared\Cudgel of screensaver 2.1.zip
c:\documents and settings\nathan\Application Data\m\shared\Daily Political Cartoons from MSNBC.com! 1.0.zip
c:\documents and settings\nathan\Application Data\m\shared\DBManager Freeware for PostgreSQL 3.1.1.zip
c:\documents and settings\nathan\Application Data\m\shared\Diablo II Screensaver 1.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Digital Video Stabilizer 1.2D.zip
c:\documents and settings\nathan\Application Data\m\shared\DNS Cache 1.2.zip
c:\documents and settings\nathan\Application Data\m\shared\Doc to Jpg converter 1.2.zip
c:\documents and settings\nathan\Application Data\m\shared\Doorway Blaster 1.3.2.zip
c:\documents and settings\nathan\Application Data\m\shared\Driver Backup 1.0.0.1.zip
c:\documents and settings\nathan\Application Data\m\shared\DVD-Video Maker 1.0.0.0.zip
c:\documents and settings\nathan\Application Data\m\shared\DVD Render.zip
c:\documents and settings\nathan\Application Data\m\shared\Ease MP3 CD Burner 1.40.zip
c:\documents and settings\nathan\Application Data\m\shared\Favorites Sweeper 3.00.zip
c:\documents and settings\nathan\Application Data\m\shared\Float Planes 2 1.1.zip
c:\documents and settings\nathan\Application Data\m\shared\Focus CD Cover Maker 1.9.zip
c:\documents and settings\nathan\Application Data\m\shared\Font2Bmp 1.42.zip
c:\documents and settings\nathan\Application Data\m\shared\foo dsp dolbyhp 1.0.0.zip
c:\documents and settings\nathan\Application Data\m\shared\FREE KEYLOGGER by PC Sentinel Software 2.5.0.zip
c:\documents and settings\nathan\Application Data\m\shared\FreeCiv Advance 2.1.0 Beta 6.zip
c:\documents and settings\nathan\Application Data\m\shared\FXWitz Flash SlideShow Editor 2.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Grisoft.AVG.Anti-Virus.System.v7.1.361.Build.651.Multilingual.Win.Incl.Keygen-SSG.zip
c:\documents and settings\nathan\Application Data\m\shared\GTranslation 1.62a.zip
c:\documents and settings\nathan\Application Data\m\shared\HD Checker 1.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Herbal Medicine 1.0.zip
c:\documents and settings\nathan\Application Data\m\shared\hmmXP for Firefox 3 1.3.5.56.zip
c:\documents and settings\nathan\Application Data\m\shared\HTML to RTF Converter Pro 2.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Hydra 1.2.zip
c:\documents and settings\nathan\Application Data\m\shared\Hydra Icon Editor 1.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Image Dif 1.0.zip
c:\documents and settings\nathan\Application Data\m\shared\IMAP Adaptor 1.3.zip
c:\documents and settings\nathan\Application Data\m\shared\Jaws PDF Editor 3.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Kandinski Screensaver.zip
c:\documents and settings\nathan\Application Data\m\shared\Karspersky.Antivirus.v6.0.+.Key.zip
c:\documents and settings\nathan\Application Data\m\shared\kaspersky.anti-virus.personal.pro.5.0.20.de.link.by.www.titanesel.tk.zip
c:\documents and settings\nathan\Application Data\m\shared\Kaspersky.Antivirus.Key.Hasta.2007.By.Frantrack.Updated-Fixed.01-2007.zip
c:\documents and settings\nathan\Application Data\m\shared\LAN Tornado 1.3.zip
c:\documents and settings\nathan\Application Data\m\shared\LERSUS 3.1.0.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Links Assistant 1.00.zip
c:\documents and settings\nathan\Application Data\m\shared\LogMX 1.2.6.zip
c:\documents and settings\nathan\Application Data\m\shared\Loudtalks 0.9.0.37.zip
c:\documents and settings\nathan\Application Data\m\shared\Magic Speed Reading.zip
c:\documents and settings\nathan\Application Data\m\shared\Match! 2008 3.0.zip
c:\documents and settings\nathan\Application Data\m\shared\McAfee.Total.Protection.2007-DVT.zip
c:\documents and settings\nathan\Application Data\m\shared\MicroCounter 1.00.zip
c:\documents and settings\nathan\Application Data\m\shared\MUSoSu 0.9.6.zip
c:\documents and settings\nathan\Application Data\m\shared\My Ca$hflow 0.5.zip
c:\documents and settings\nathan\Application Data\m\shared\My Mp3's 1.42.zip
c:\documents and settings\nathan\Application Data\m\shared\MyFinder 2.6.0.zip
c:\documents and settings\nathan\Application Data\m\shared\MyTunesRSS 3.5.2.zip
c:\documents and settings\nathan\Application Data\m\shared\NetRipper 2.zip
c:\documents and settings\nathan\Application Data\m\shared\Newsfinder 1.2.zip
c:\documents and settings\nathan\Application Data\m\shared\NOD32.v2.51.20.Italiano.+.crack.updated-fixed.09-2006.zip
c:\documents and settings\nathan\Application Data\m\shared\Ogginotes 1.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Opel Astra DTM Screensaver 2.zip
c:\documents and settings\nathan\Application Data\m\shared\Our Lady Liberty Screensaver 1.0.zip
c:\documents and settings\nathan\Application Data\m\shared\OzzTuner 1.01.zip
c:\documents and settings\nathan\Application Data\m\shared\PDF Vista Workstation Edition 6.0.0.6200.zip
c:\documents and settings\nathan\Application Data\m\shared\PeerSynergy Desktop Sharing 2.0.1.zip
c:\documents and settings\nathan\Application Data\m\shared\PictureBook 1.8.1.47.zip
c:\documents and settings\nathan\Application Data\m\shared\Portable PowerEnc 2.32 Build 20071116.zip
c:\documents and settings\nathan\Application Data\m\shared\Printer Park 1.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Prisoner Clock 1.1.zip
c:\documents and settings\nathan\Application Data\m\shared\Process Sitter 1.1.zip
c:\documents and settings\nathan\Application Data\m\shared\ProFactor Stylemanager 1.15.zip
c:\documents and settings\nathan\Application Data\m\shared\Proxy Log Explorer Professional Edition 1.1 Build 0026.zip
c:\documents and settings\nathan\Application Data\m\shared\PS to Tiff 2.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Psy Leaf Screensaver 1.3.zip
c:\documents and settings\nathan\Application Data\m\shared\Quick File Rename 5.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Quick3D Viewer 4.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Quickie Architect 3.0.005.zip
c:\documents and settings\nathan\Application Data\m\shared\QuikSearch America 1.0.zip
c:\documents and settings\nathan\Application Data\m\shared\QwikChange Folder Monitor 1.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Realize Voice 4.1.zip
c:\documents and settings\nathan\Application Data\m\shared\Recovery for Lotus Notes 2.0 Build 096577.zip
c:\documents and settings\nathan\Application Data\m\shared\Respect FTP Scanner 1.1.zip
c:\documents and settings\nathan\Application Data\m\shared\Returnil Virtual System 2.0.1.7067 Beta.zip
c:\documents and settings\nathan\Application Data\m\shared\Sheer Notes 1.1.zip
c:\documents and settings\nathan\Application Data\m\shared\Small Business Break-Even Analyzer 1.6.zip
c:\documents and settings\nathan\Application Data\m\shared\SMART Monitor 2.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Sodexo Jobs 2.0.zip
c:\documents and settings\nathan\Application Data\m\shared\SpaceTheremin 1.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Standard AVI Video Converter 3.32.zip
c:\documents and settings\nathan\Application Data\m\shared\Stars and Planets 1.1.zip
c:\documents and settings\nathan\Application Data\m\shared\Stellar Phoenix RAW File Recovery 2.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Stock Market Tracker 1.0.0.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Super Copy 2.1.zip
c:\documents and settings\nathan\Application Data\m\shared\SuperCool Multiple ZIP 1.03.zip
c:\documents and settings\nathan\Application Data\m\shared\Surf Icons 1.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Symantec.Norton.Internet.Security.2007(.completo+serial).updated-fixed.Release.12-2006.zip
c:\documents and settings\nathan\Application Data\m\shared\Systweak Photo Album 1.0.0.1.zip
c:\documents and settings\nathan\Application Data\m\shared\T-Mobile Connection Manager 1.8.17.0.zip
c:\documents and settings\nathan\Application Data\m\shared\TelStar 1.9.3.3.zip
c:\documents and settings\nathan\Application Data\m\shared\The Paster 2.1.zip
c:\documents and settings\nathan\Application Data\m\shared\Type TV Show 7.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Valentine Icons 1.0.zip
c:\documents and settings\nathan\Application Data\m\shared\ViFilm 1.0.zip
c:\documents and settings\nathan\Application Data\m\shared\Wallpaper Photo Show 1.1.zip
c:\documents and settings\nathan\Application Data\m\shared\Webserver Stress Tool 7.2.1.246.zip
c:\documents and settings\nathan\Application Data\m\shared\Winter Wonderlands Screensaver 1.0.zip
c:\documents and settings\nathan\Application Data\m\shared\WinVDR Pro 3.7.0 Build 110.zip
c:\documents and settings\nathan\Application Data\m\shared\Youlicit Browser Enhancement 1.0.4.zip
c:\documents and settings\nathan\Application Data\m\srvlist.oct
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\windows\system32\ban_list.txt
c:\windows\system32\Cfx32.lic
c:\windows\system32\cfx32.ocx
c:\windows\system32\mdelk.exe
c:\windows\system32\wintems.exe
c:\windows\system32\wxmmin.dll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SROSA
-------\Legacy_SROSA
-------\Legacy_SK9OU0S
-------\Service_sK9Ou0s
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-16 au 2009-01-16 ))))))))))))))))))))))))))))))))))))
.
2009-01-16 00:13 . 2009-01-16 00:13 <REP> d-------- c:\program files\CCleaner
2009-01-16 00:12 . 2009-01-16 00:12 <REP> d-------- c:\program files\Avira
2009-01-16 00:12 . 2009-01-16 00:12 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-01-16 00:10 . 2009-01-16 00:10 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-16 00:10 . 2009-01-16 00:10 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-15 23:41 . 2009-01-15 23:57 <REP> d-------- c:\program files\Ad-remover
2009-01-15 23:37 . 2009-01-16 01:39 <REP> d--h----- c:\documents and settings\nathan\Application Data\drivers
2009-01-15 23:34 . 2009-01-15 23:34 <REP> d-------- c:\program files\Trend Micro
2009-01-15 22:54 . 2009-01-15 22:54 <REP> d-------- C:\_OTMoveIt
2009-01-15 21:08 . 2009-01-16 01:04 <REP> d-------- c:\program files\FindyKill
2008-12-19 17:33 . 2008-12-19 17:33 <REP> d-------- c:\program files\MIKSOFT
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-16 00:44 --------- d-----w c:\documents and settings\All Users\Application Data\VMware
2009-01-16 00:43 --------- d-----w c:\documents and settings\LocalService\Application Data\VMware
2009-01-16 00:40 --------- d-----w c:\program files\Microsoft ActiveSync
2009-01-15 23:11 --------- d-----w c:\program files\Java
2009-01-15 20:47 --------- d-----w c:\program files\1&1
2009-01-14 00:56 --------- d-----w c:\documents and settings\nathan\Application Data\gtk-2.0
2009-01-14 00:40 --------- d-----w c:\documents and settings\nathan\Application Data\dvdcss
2009-01-13 23:23 --------- d-----w c:\program files\Windows Live Safety Center
2009-01-13 01:49 --------- d-----w c:\documents and settings\nathan\Application Data\vlc
2009-01-11 15:07 --------- d-----w c:\documents and settings\jfw\Application Data\Glory of the Roman Empire
2009-01-02 09:29 --------- d-----w c:\program files\Mozilla Thunderbird
2008-12-15 12:47 --------- d-----w c:\documents and settings\jfw\Application Data\mp3 mpeg heart
2008-12-15 12:43 --------- d-----w c:\documents and settings\All Users\Application Data\Drivesettingswipedoes
2008-12-14 17:16 --------- d-----w c:\program files\Fichiers communs\xing shared
2008-12-14 17:15 --------- d-----w c:\program files\Fichiers communs\Real
2008-12-14 16:03 --------- d-----w c:\program files\Windows Media Connect 2
2008-12-14 15:54 --------- d-----w c:\documents and settings\nathan\Application Data\PE Explorer
2008-12-12 16:20 19,464 ----a-w c:\documents and settings\nathan\Application Data\GDIPFONTCACHEV1.DAT
2008-12-08 23:31 --------- d-----w c:\documents and settings\nathan\Application Data\AdobeUM
2008-12-07 12:52 --------- d-----w c:\program files\Microsoft Games
2008-12-07 02:09 --------- d-----w c:\program files\Winamp
2008-12-06 09:05 --------- d-----w c:\documents and settings\jfw\Application Data\Microsoft Games
2008-11-29 15:14 --------- d-----w c:\program files\MSXML 4.0
2008-11-29 14:33 --------- d-----w c:\documents and settings\nathan\Application Data\Microsoft Games
2008-11-29 08:19 --------- d-----w c:\documents and settings\jfw\Application Data\dvdcss
2008-11-29 08:18 --------- d-----w c:\documents and settings\jfw\Application Data\vlc
2008-11-28 00:09 --------- d-----w c:\documents and settings\nathan\Application Data\Apple Computer
2008-11-26 17:54 --------- d-----w c:\documents and settings\nathan\Application Data\Thunderbird
2008-11-26 17:54 --------- d-----w c:\documents and settings\nathan\Application Data\Talkback
2008-11-26 17:12 --------- d-----w c:\documents and settings\All Users\Application Data\Sports Interactive
2008-11-26 12:36 --------- d--h--w c:\program files\Zero G Registry
2008-11-26 12:22 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-26 03:44 --------- d-----w c:\documents and settings\nathan\Application Data\VMware
2008-11-26 03:14 --------- d-----w c:\documents and settings\nathan\Application Data\Sports Interactive
2008-11-23 22:42 --------- d-----w c:\program files\Hasbro
2008-11-18 17:23 --------- d-----w c:\documents and settings\nathan\Application Data\JDeveloper
2007-12-14 18:20 24,192 ----a-w c:\documents and settings\jfw\usbsermptxp.sys
2007-12-14 18:20 22,768 ----a-w c:\documents and settings\jfw\usbsermpt.sys
2007-06-11 22:12 47,360 ----a-w c:\documents and settings\jfw\Application Data\pcouffin.sys
2007-05-23 08:31 19,464 ----a-w c:\documents and settings\jfw\Application Data\GDIPFONTCACHEV1.DAT
2006-10-03 18:46 41,140 ----a-w c:\documents and settings\monAlbumPhoto\unins000.dat
2006-10-03 18:44 647,167 ----a-w c:\documents and settings\monAlbumPhoto\unins000.exe
2006-09-23 10:51 2,076,672 ----a-w c:\documents and settings\monAlbumPhoto\monAlbumPhoto.exe
2006-09-06 17:06 16,384 ----a-w c:\documents and settings\monAlbumPhoto\AdvRtxTextBox.dll
2006-09-06 16:57 20,480 ----a-w c:\documents and settings\monAlbumPhoto\FontCombo.dll
2006-07-31 10:09 405,504 ----a-w c:\documents and settings\monAlbumPhoto\idautomation.linearbarcode.dll
2006-07-20 10:36 24,576 ----a-w c:\documents and settings\monAlbumPhoto\CodeVendor.Controls.dll
2006-06-23 14:32 49,152 ----a-w c:\documents and settings\monAlbumPhoto\AxInterop.SHDocVw_old.dll
2006-06-22 11:44 32,768 ----a-w c:\documents and settings\monAlbumPhoto\Interop.ShockwaveFlashObjects.dll
2006-06-22 11:44 28,672 ----a-w c:\documents and settings\monAlbumPhoto\AxInterop.ShockwaveFlashObjects.dll
2006-06-10 16:59 73,728 ----a-w c:\documents and settings\monAlbumPhoto\Interop.wodFtpDLXLib.dll
2006-06-10 16:59 57,344 ----a-w c:\documents and settings\monAlbumPhoto\Interop.wodFtpDLXComLib.dll
2006-04-24 19:07 28,672 ----a-w c:\documents and settings\monAlbumPhoto\Gios PDF Splitter And Merger.dll
2006-03-16 16:50 81,920 ----a-w c:\documents and settings\monAlbumPhoto\ExpTreeLib.dll
2006-03-02 10:05 23,552 ----a-w c:\documents and settings\monAlbumPhoto\SPB.dll
2006-01-25 13:39 49,152 ----a-w c:\documents and settings\monAlbumPhoto\AxInterop.SHDocVw.dll
2006-01-25 13:39 135,168 ----a-w c:\documents and settings\monAlbumPhoto\Interop.SHDocVw_old.dll
2006-01-25 13:39 135,168 ----a-w c:\documents and settings\monAlbumPhoto\Interop.SHDocVw.dll
2006-01-10 23:57 57,344 ----a-w c:\documents and settings\monAlbumPhoto\AxInterop.wodFtpDLXLib.dll
2005-11-11 17:19 16,384 ----a-w c:\documents and settings\monAlbumPhoto\stdole.dll
2005-10-13 13:55 6,144 ----a-w c:\documents and settings\monAlbumPhoto\Interop.MTXM_Thumbs.dll
2004-08-04 15:30 32,768 ----a-w c:\documents and settings\monAlbumPhoto\Interop.Scripting.dll
2004-02-23 19:42 49,152 ----a-w c:\documents and settings\monAlbumPhoto\Interop.VBRUN.dll
2003-08-25 11:54 131,072 ----a-w c:\documents and settings\monAlbumPhoto\PdfCreatorLib.dll
2003-02-14 13:23 6,656 ----a-w c:\documents and settings\monAlbumPhoto\Interop.IVBExtractImage.dll
2001-04-05 21:13 12,800 ----a-w c:\documents and settings\monAlbumPhoto\Interop.StdFormat.dll
2004-08-19 14:10 73,728 --sha-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.
------- Sigcheck -------
2005-03-02 19:20 578048 c34920eb988ce98910bd6b0417f334eb c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
2001-08-28 13:00 562176 0116f8b66043084912d4ceb1c3abf1e2 c:\windows\$NtServicePackUninstall$\user32.dll
2004-08-19 15:09 578048 61c8c283ad063bb697ae61a155c64a5a c:\windows\$NtUninstallKB890859$\user32.dll
2005-03-02 19:10 578048 2349f281aa54f66e9c0486d3c3a25cf4 c:\windows\ServicePackFiles\i386\user32.dll
2005-03-02 19:10 578048 2349f281aa54f66e9c0486d3c3a25cf4 c:\windows\system32\user32.dll
2006-06-23 12:25 668672 582953780721ac5d38f98cab229ec7b9 c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
2001-08-28 13:00 598016 ea72e6aab27289c10edce06f4af91557 c:\windows\$NtServicePackUninstall$\wininet.dll
2004-08-19 15:09 660480 4e958b97efc3d801f49283d1820f48b7 c:\windows\$NtUninstallKB918899$\wininet.dll
2006-06-23 12:11 663040 b656363e35cf09e8c05dcd1b24ce611f c:\windows\ServicePackFiles\i386\wininet.dll
2006-06-23 12:11 663040 b656363e35cf09e8c05dcd1b24ce611f c:\windows\system32\wininet.dll
2006-06-23 12:11 663040 b656363e35cf09e8c05dcd1b24ce611f c:\windows\system32\dllcache\wininet.dll
2001-08-28 13:00 434176 7486a7d62930d64e83cd847c3c69e7cc c:\windows\$NtServicePackUninstall$\winlogon.exe
2004-08-19 15:10 506368 0a1a19fffc1467de5085d1b66c929e38 c:\windows\ServicePackFiles\i386\winlogon.exe
2004-08-19 15:10 506368 0a1a19fffc1467de5085d1b66c929e38 c:\windows\system32\winlogon.exe
2004-08-19 15:09 1036288 18e0fd214dd9980a5f3575ca574d9b15 c:\windows\explorer.exe
2001-08-28 13:00 1005056 9e20a8ef0ca524446afee29f4423cc8f c:\windows\$NtServicePackUninstall$\explorer.exe
2004-08-19 15:09 1036288 18e0fd214dd9980a5f3575ca574d9b15 c:\windows\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5792AA9-D373-4039-8670-2CDAB6A71F15}]
2006-12-22 13:06 126976 --a------ c:\program files\BitDownload\TorrentManager.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-01-16 81000]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-07 196608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-06-21 35328]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-12-14 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-16 136600]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2009-01-16 266497]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2007-06-28 1528880]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.X264"= x264vfw.dll
"MSACM.CEGSM"= mobilev.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\H:\[u]0/uautocheck autochk *
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^OpenSTA NameServer.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\OpenSTA NameServer.lnk
backup=c:\windows\pss\OpenSTA NameServer.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\program files\1&1
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\program files\1&1\1&1 Connexion directe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\program files\1&1\1&1 Connexion directe\EasyLogin.exe]
1&1 Connexion directe HIDE [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eyeBeam SIP Client]
--a------ 2007-06-05 08:52 20811776 c:\program files\CounterPath\X-Lite\x-lite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2001-11-07 15:48 196608 c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 11:22 7700480 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\privoxy]
--a------ 2005-09-22 20:08 211968 c:\program files\Privoxy\privoxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
--a------ 2003-05-05 07:57 143360 c:\program files\Analog Devices\SoundMAX\SMTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-12-14 18:15 185872 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 11:22 1622016 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\Win32\\RpcDataSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\RpcSandraSrv.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [2006-09-17 131840]
R1 IfsDrives;IfsDrives;c:\windows\system32\drivers\IfsDrives.sys [2006-09-17 4608]
S1 aswSP;avast! Self Protection; [x]
S3 Camdrv30;Philips ToUcam XS;c:\windows\system32\drivers\camdrv30.sys [2006-09-16 171264]
S3 jfwproxy;FireDaemon Service: jfwproxy;c:\program files\FireDaemon\FireDaemon.exe -s --> c:\program files\FireDaemon\FireDaemon.exe -s [?]
S3 MySQL5;MySQL5;"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-max-nt" --defaults-file="c:\program files\mysql\MySQL Server 5.0\my.ini" "MySQL5" --> c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-max-nt [?]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2007-11-19 34064]
S3 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
S3 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [2006-02-02 204800]
S3 Privoxy Internet Proxy;Privoxy Internet Proxy;c:\program files\Privoxy\privoxy.exe [2006-09-30 211968]
S3 privoxy;Privoxy (privoxy); "c:\program files\Privoxy\privoxy.exe" --> c:\program files\Privoxy\privoxy.exe [?]
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;c:\windows\system32\drivers\WlanUZXP.sys [2007-07-08 260608]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-01 26624]
S4 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]
S4 SquidNT;SquidNT;c:\squid\sbin\squid.exe --ntservice:SquidNT --> c:\squid\sbin\squid.exe --ntservice:SquidNT [?]
.
Contenu du dossier 'Tâches planifiées'
2009-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-823518204-682003330-1003.job
- c:\documents and settings\jfw\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-06 13:39]
2009-01-16 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-H/PC Connection Agent - c:\program files\Microsoft ActiveSync\wcescomm.exe
MSConfigStartUp-PC Connection Agent - c:\program files\Microsoft ActiveSync\wcescomm.exe
MSConfigStartUp-hldrrr - c:\windows\system32\hldrrr.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-mule_st_key - c:\documents and settings\jfw\Application Data\m\flec006.exe
MSConfigStartUp-NvEventCenter - c:\windows\system\svchost.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_09\bin\jusched.exe
MSConfigStartUp-Trans About - c:\docume~1\jfw\APPLIC~1\MP3MPE~1\Grey Clock.exe
MSConfigStartUp-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe
MSConfigStartUp-wipe does live film - c:\documents and settings\All Users\Application Data\Drivesettingswipedoes\wmadrv.exe
.
------- Examen supplémentaire -------
.
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\nathan\Application Data\Mozilla\Firefox\Profiles\6bh4wyqx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-16 01:44:22
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/mysql44/bin/mysqld-nt.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SquidNT]
"ImagePath"="c:\squid\sbin\squid.exe --ntservice:SquidNT"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/mysql44/bin/mysqld-nt.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL5]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-max-nt\" --defaults-file=\"c:\program files\mysql\MySQL Server 5.0\my.ini\" \"MySQL5\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\privoxy]
"ImagePath"=" \"c:\program files\Privoxy\privoxy.exe\""
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\ASUS\ASUS Probe\2.22.04]
@DACL=(02 0000)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\lotus\notes\ntmulti.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\program files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-01-16 1:49:53 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-16 00:49:50
Avant-CF: 11,705,933,824 octets libres
Après-CF: 12,983,373,824 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn
507
"ImagePath"="c:\squid\sbin\squid.exe --ntservice:SquidNT"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/mysql44/bin/mysqld-nt.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL5]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-max-nt\" --defaults-file=\"c:\program files\mysql\MySQL Server 5.0\my.ini\" \"MySQL5\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\privoxy]
"ImagePath"=" \"c:\program files\Privoxy\privoxy.exe\""
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\ASUS\ASUS Probe\2.22.04]
@DACL=(02 0000)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\lotus\notes\ntmulti.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\program files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-01-16 1:49:53 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-16 00:49:50
Avant-CF: 11,705,933,824 octets libres
Après-CF: 12,983,373,824 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn
507
