system32 infecté par nmdfgds0.dll

Question

Bonjour,

alors voila, depuis dimanche soir, il se trouve que avast! édition familiale 4.8, m'indique que mon ordinateur est infecté par un rootkit : processus caché se trouvant dans H:\WINDOWS\system32
mdfgds0.dll.

Avast! étant mon antivirus, me conseille d'ignorer le problème, et de faire un scan au démarrage. Ceci étant fait il a supprimé tous les petits virus qu'il a trouvé, cependant à chaque démarrage, au bout de 15minutes, le même message apparait.

Ce fichier caché m'empêche par exemple de me connecter à windows live messenger, puisque après chaque connexion je reçoit un message d'erreur : Windows Live Communications Platform a cessé de fonctionner. Lorsque je clique sur rapport d'erreur, il m'indique que le problème se trouve dans wlcomm.exe, il y a aussi nmdfgds0.dll affiché dans le rapport d'erreur.

Ne sachant pas comment effacer ce fichier caché, je sollicite votre aide.

Merci d'avance.

totobetourne · Answer

bonjour


1)telecharge cela:util pour voir ce que peut etre l infection et agir ensuite.

http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

installe le normallement comme tout autre programme dans c/programme/...............
clique sur do a scan and save a logfile, tu obtiens un rapport que tu colles.







2)pour voir télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.


déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

dadynho94 · Answer

voila ce que j'obtiens après l'utilisation de hijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:51:22, on 10/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\WINDOWS\RTHDCPL.EXE
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\Documents and Settings\Lounes\Mes documents\dadynho94\Itunes\iTunesHelper.exe
H:\Program Files\Java\jre6\bin\jusched.exe
H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
H:\Program Files\Search Settings\SearchSettings.exe
H:\WINDOWS\system32\ctfmon.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\WINDOWS\system32
vsvc32.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\WINDOWS\system32\PnkBstrB.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\Windows Live\Messenger\msnmsgr.exe
H:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\Documents and Settings\Lounes\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - H:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - H:\Documents and Settings\Lounes\Mes documents\dadynho94\Bit comet\BitComet	ools\BitCometBHO_1.2.8.7.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - H:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - H:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - H:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - H:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - H:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "H:\WINDOWS\TEMP\E_SA7.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Documents and Settings\Lounes\Mes documents\dadynho94\Itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [au] H:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] H:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdoosoft] H:\WINDOWS\system32\olhrwef.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MSN Pictures Displayer.lnk = H:\Documents and Settings\Lounes\Mes documents\dadynho94\MSN DP\MSN Pictures Displayer.exe
O8 - Extra context menu item: &T&élécharger &avec BitComet - res://H:\Documents and Settings\Lounes\Mes documents\dadynho94\Bit comet\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &T&élécharger tout avec BitComet - res://H:\Documents and Settings\Lounes\Mes documents\dadynho94\Bit comet\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &T&élécharger toute vidéo avec BitComet - res://H:\Documents and Settings\Lounes\Mes documents\dadynho94\Bit comet\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Compare Prices with &Dealio - H:\Documents and Settings\Lounes\Application Data\Dealio\kb127es\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://H:\Documents and Settings\Lounes\Mes documents\dadynho94\Bit comet\BitComet	ools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - H:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - H:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/hardwaredetection_3_0_4_0.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - H:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32
vsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - H:\WINDOWS\system32\PnkBstrB.exe
O24 - Desktop Component 1: (no name) - H:\Documents and Settings\Lounes\Mes documents\Horaire_des_prieres_2000.html

dadynho94 · Answer

et voila le rapport de combofix :

ComboFix 09-02-10.01 - Lounes 2009-02-10 23:06:41.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.767.448 [GMT 1:00]
Lancé depuis: h:\documents and settings\Lounes\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090210-0] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\m0vnonh.bat
H:\Autorun.inf
H:\m0vnonh.bat
h:\windows\system32\nmdfgds0.dll
h:\windows\system32\nmdfgds1.dll
h:\windows\system32\olhrwef.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-10 au 2009-02-10 ))))))))))))))))))))))))))))))))))))
.

2009-02-10 20:28 . 2009-02-10 20:28 <REP> d-------- h:\documents and settings\All Users\Application Data\Messenger Plus!
2009-02-10 19:31 . 2009-02-10 19:31 <REP> d-------- h:\program files\Messenger Plus! Live
2009-02-10 19:18 . 2009-02-10 19:18 <REP> d-------- h:\program files\Microsoft SQL Server Compact Edition
2009-02-10 17:37 . 2009-02-10 17:36 109,724 -r-hs---- H:\opgde.exe
2009-01-27 00:05 . 2009-01-27 00:05 <REP> d-------- h:\documents and settings\LocalService\Application Data\agi
2009-01-27 00:04 . 2009-01-27 00:04 2,117,632 --a------ h:\windows\system32\python25.dll
2009-01-27 00:04 . 2009-01-27 00:04 339,968 --a------ h:\windows\system32\pythoncom25.dll
2009-01-27 00:04 . 2009-01-27 00:04 114,688 --a------ h:\windows\system32\pywintypes25.dll
2009-01-27 00:03 . 2008-09-16 17:26 1,332,197 --a------ h:\windows\system32\pythondll.zip
2009-01-22 20:58 . 2009-01-31 15:02 <REP> d-------- h:\program files\MediaCoder iPhone Edition
2009-01-22 20:54 . 2009-01-22 20:54 <REP> d-------- h:\documents and settings\Lounes\Application Data\AVS4YOU
2009-01-22 20:54 . 2009-01-22 20:54 <REP> d-------- h:\documents and settings\All Users\Application Data\AVS4YOU
2009-01-22 20:53 . 2009-01-22 20:58 <REP> d-------- h:\program files\Fichiers communs\AVSMedia
2009-01-22 20:53 . 2009-01-22 20:58 <REP> d-------- h:\program files\AVS4YOU
2009-01-22 20:53 . 2008-08-13 10:22 1,700,352 --a------ h:\windows\system32\GdiPlus.dll
2009-01-22 20:53 . 2008-08-13 10:22 974,848 --a------ h:\windows\system32\mfc70.dll
2009-01-22 20:53 . 2008-08-13 10:22 487,424 --a------ h:\windows\system32\msvcp70.dll
2009-01-22 20:53 . 2008-08-13 10:22 24,576 --a------ h:\windows\system32\msxml3a.dll
2009-01-22 20:28 . 2005-05-14 20:09 2,179,072 --a------ h:\windows\system32\mfc71d.dll
2009-01-22 20:28 . 2004-03-08 23:00 662,288 --a------ h:\windows\system32\MSCOMCT2.OCX
2009-01-22 20:28 . 2006-07-11 18:06 544,768 --a------ h:\windows\system32\msvcr71d.dll
2009-01-22 20:28 . 2006-05-12 08:37 490,496 --a------ h:\windows\system32\MP4Splitter.ax
2009-01-22 20:28 . 2004-01-10 17:02 258,048 --a------ h:\windows\system32\GplMpgDec.ax
2009-01-22 20:28 . 2004-03-08 23:00 224,016 --a------ h:\windows\system32\TABCTL32.OCX
2009-01-22 20:28 . 1998-06-24 00:00 164,144 --a------ h:\windows\system32\COMCT232.OCX
2009-01-22 20:28 . 1998-07-12 23:00 59,904 --a------ h:\windows\system32\Mscc2fr.dll
2009-01-22 20:28 . 2005-09-28 01:31 24,576 --a------ h:\windows\system32\ControlSubX.ocx
2009-01-22 20:28 . 1998-07-12 23:00 21,504 --a------ h:\windows\system32\TABCTFR.DLL
2009-01-22 20:28 . 1998-07-13 00:00 20,992 --a------ h:\windows\system32\CMCT2FR.DLL
2009-01-22 01:07 . 2009-02-02 23:11 <REP> d-------- h:\windows\OvtCam
2009-01-22 00:55 . 2003-10-15 17:52 307,200 -ra------ h:\temp\VIDCAP32.EXE
2009-01-22 00:55 . 2003-10-15 17:52 200,704 -ra------ h:\temp\sel3110.exe
2009-01-22 00:55 . 2003-10-15 17:52 174,530 -ra------ h:\temp\OV519VID.SYS
2009-01-22 00:55 . 2003-10-15 17:52 135,168 -ra------ h:\temp\OV519CAP.EXE
2009-01-22 00:55 . 2003-10-15 17:52 61,440 -ra------ h:\temp\OV519DIB.DLL
2009-01-22 00:55 . 2003-10-15 17:52 40,960 -ra------ h:\temp\OV519EXT.DLL
2009-01-22 00:55 . 2003-10-15 17:52 40,960 -ra------ h:\temp\CleanDev.exe
2009-01-22 00:55 . 2003-10-15 17:52 32,528 -ra------ h:\temp\AMCAP.EXE
2009-01-22 00:55 . 2003-10-15 17:52 25,211 -ra------ h:\temp\OV519CMD.SYS
2009-01-22 00:55 . 2003-10-15 17:52 16,426 -ra------ h:\temp\OV519USD.DLL
2009-01-22 00:54 . 2009-01-22 00:55 <REP> d-------- H:\temp
2009-01-22 00:54 . 2009-01-22 00:54 5,120 --ahs---- H:\Thumbs.db
2009-01-22 00:48 . 2008-04-13 19:45 60,032 --a------ h:\windows\system32\drivers\USBAUDIO.sys
2009-01-22 00:48 . 2008-04-13 19:45 60,032 --a--c--- h:\windows\system32\dllcache\usbaudio.sys
2009-01-20 02:32 . 2009-02-09 23:09 <REP> d-------- h:\documents and settings\Lounes\Tracing
2009-01-20 02:31 . 2009-01-20 02:31 <REP> d-------- h:\program files\Microsoft Office Outlook Connector
2009-01-20 02:28 . 2009-01-20 02:28 <REP> d-------- h:\program files\Windows Live SkyDrive
2009-01-20 02:28 . 2009-01-20 02:31 <REP> d-------- h:\program files\Microsoft
2009-01-20 01:25 . 2009-01-20 01:25 <REP> d-------- h:\program files\Fichiers communs\Windows Live
2009-01-16 19:22 . 2009-01-16 19:22 <REP> d-------- h:\program files\Sports Interactive
2009-01-15 23:06 . 2009-01-16 23:51 <REP> d-a------ h:\documents and settings\All Users\Application Data\Sports Interactive
2009-01-15 22:32 . 2009-01-15 22:32 <REP> d-------- h:\documents and settings\Lounes\Application Data\DAEMON Tools Pro
2009-01-15 22:32 . 2009-01-15 22:32 <REP> d-------- h:\documents and settings\Lounes\Application Data\DAEMON Tools
2009-01-15 22:29 . 2009-01-15 22:29 <REP> d-------- h:\program files\DAEMON Tools Lite
2009-01-15 22:29 . 2009-01-15 22:29 <REP> d-------- h:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-01-15 22:14 . 2009-01-15 22:37 <REP> d-------- h:\documents and settings\Lounes\Application Data\DAEMON Tools Lite
2009-01-15 22:14 . 2009-01-15 22:14 717,296 --a------ h:\windows\system32\drivers\sptd.sys
2009-01-14 14:36 . 2009-01-14 14:36 <REP> d--h----- h:\program files\Zero G Registry
2009-01-14 14:36 . 2009-01-14 14:36 <REP> d--h----- h:\documents and settings\Lounes\InstallAnywhere

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-10 18:19 --------- d-----w h:\program files\Windows Live
2009-02-10 18:10 --------- d-----w h:\documents and settings\All Users\Application Data\WLInstaller
2009-01-16 22:54 --------- d-----w h:\documents and settings\Lounes\Application Data\Sports Interactive
2009-01-01 18:22 --------- d-----w h:\documents and settings\Lounes\Application Data\Search Settings
2009-01-01 16:02 --------- d-----w h:\program files\Search Settings
2009-01-01 16:02 --------- d-----w h:\program files\Dealio
2009-01-01 16:02 --------- d-----w h:\documents and settings\Lounes\Application Data\Dealio
2008-12-30 14:37 --------- d-----w h:\documents and settings\Lounes\Application Data\dvdcss
2008-12-22 12:15 --------- d--h--w h:\program files\InstallShield Installation Information
2008-12-22 11:38 22,328 ----a-w h:\windows\system32\drivers\PnkBstrK.sys
2008-12-22 11:38 22,328 ----a-w h:\documents and settings\Lounes\Application Data\PnkBstrK.sys
2008-12-21 19:57 --------- d-----w h:\documents and settings\Lounes\Application Data\MSN Pictures Displayer
2008-12-15 17:57 --------- d-----w h:\program files\Mvm
2008-12-14 10:51 --------- d-----w h:\documents and settings\Lounes\Application Data\Samsung
2008-12-14 10:48 5,632 ----a-w h:\windows\system32\drivers\StarOpen.sys
2008-12-14 10:30 --------- d-----w h:\program files\Fichiers communs\Adobe
2008-12-13 15:07 --------- d-----w h:\program files\Fichiers communs\Adobe AIR
2008-12-13 15:07 --------- d-----w h:\program files\Adobe Media Player
2008-12-12 17:53 --------- d-----w h:\program files\Microsoft.NET
2008-12-11 10:57 333,952 ----a-w h:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="h:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="h:\windows\system32\NvCpl.dll" [2008-08-01 13529088]
"NvMediaCenter"="h:\windows\system32\NvMcTray.dll" [2008-08-01 86016]
"avast!"="h:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"QuickTime Task"="h:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="h:\documents and settings\Lounes\Mes documents\dadynho94\Itunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="h:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"Adobe Reader Speed Launcher"="h:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"au"="h:\program files\Dealio\DealioAU.exe" [2008-05-26 595296]
"SearchSettings"="h:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"nwiz"="nwiz.exe" [2008-08-01 h:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 h:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 h:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="h:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

h:\documents and settings\Lounes\Menu D‚marrer\Programmes\D‚marrage\
MSN Pictures Displayer.lnk - h:\documents and settings\Lounes\Mes documents\dadynho94\MSN DP\MSN Pictures Displayer.exe [2008-12-21 4708864]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= h:\documents and settings\Lounes\Mes documents\Horaire_des_prieres_2000.html
FriendlyName=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"h:\\Documents and Settings\\Lounes\\Mes documents\\dadynho94\\E-Mule\\eMule\\emule.exe"=
"h:\\Documents and Settings\\Lounes\\Mes documents\\dadynho94\\Bit comet\\BitComet\\BitComet.exe"=
"h:\\Documents and Settings\\Lounes\\Mes documents\\dadynho94\\Itunes\\iTunes.exe"=
"h:\\WINDOWS\\system32\\PnkBstrA.exe"=
"h:\\WINDOWS\\system32\\PnkBstrB.exe"=
"h:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"h:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"h:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"h:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14257:TCP"= 14257:TCP:BitComet 14257 TCP
"14257:UDP"= 14257:UDP:BitComet 14257 UDP

R1 aswSP;avast! Self Protection;h:\windows\system32\drivers\aswSP.sys [2008-11-18 111184]
R2 aswFsBlk;aswFsBlk;h:\windows\system32\drivers\aswFsBlk.sys [2008-11-18 20560]
S3 maconfservice;Ma-Config Service;h:\program files\ma-config.com\maconfservice.exe [2008-11-17 195752]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - C:\m0vnonh.bat
\Shell\open\Command - C:\m0vnonh.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\m0vnonh.bat
\Shell\open\Command - H:\m0vnonh.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{715ed62d-c444-11dd-9c4d-0019214cf26a}]
\Shell\AutoRun\command - start.exe
\Shell\iledefrance\command - start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c139df7c-b744-11dd-9c37-0019214cf26a}]
\Shell\AutoRun\command - K:\m0vnonh.bat
\Shell\open\Command - K:\m0vnonh.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdd64714-f514-11dd-9c92-0019214cf26a}]
\Shell\AutoRun\command - K:\m0vnonh.bat
\Shell\open\Command - K:\m0vnonh.bat
.
Contenu du dossier 'Tâches planifiées'

2009-02-06 h:\windows\Tasks\AppleSoftwareUpdate.job
- h:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-cdoosoft - h:\windows\system32\olhrwef.exe

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: &T&élécharger &avec BitComet - h:\documents and settings\Lounes\Mes documents\dadynho94\Bit comet\BitComet\BitComet.exe/AddLink.htm
IE: &T&élécharger tout avec BitComet - h:\documents and settings\Lounes\Mes documents\dadynho94\Bit comet\BitComet\BitComet.exe/AddAllLink.htm
IE: &T&élécharger toute vidéo avec BitComet - h:\documents and settings\Lounes\Mes documents\dadynho94\Bit comet\BitComet\BitComet.exe/AddVideo.htm
IE: Compare Prices with &Dealio - h:\documents and settings\Lounes\Application Data\Dealio\kb127\res\DealioSearch.html
IE: E&xporter vers Microsoft Excel - h:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://ma-config.com/activex/hardwaredetection_3_0_4_0.cab
FF - ProfilePath - h:\documents and settings\Lounes\Application Data\Mozilla\Firefox\Profiles\w4lx2b7n.default\
FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
FF - component: h:\documents and settings\Lounes\Application Data\Mozilla\Firefox\Profiles\w4lx2b7n.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: h:\documents and settings\Lounes\Mes documents\dadynho94\Itunes\Mozilla Plugins\npitunes.dll
FF - plugin: h:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: h:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: h:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-10 23:12:19
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="H?\\WINDOWS\\system32\\FM20ENU.DLL"
.
------------------------ Autres processus actifs ------------------------
.
h:\program files\Alwil Software\Avast4\aswUpdSv.exe
h:\program files\Alwil Software\Avast4\ashServ.exe
h:\windows\system32\rundll32.exe
h:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
h:\program files\Bonjour\mDNSResponder.exe
h:\program files\Java\jre6\bin\jqs.exe
h:\windows\system32\nvsvc32.exe
h:\windows\system32\PnkBstrA.exe
h:\windows\system32\PnkBstrB.exe
h:\program files\Alwil Software\Avast4\ashMaiSv.exe
h:\program files\Alwil Software\Avast4\ashWebSv.exe
h:\program files\iPod\bin\iPodService.exe
h:\windows\system32\wscntfy.exe
h:\program files\Alwil Software\Avast4\Setup\avast.setup
.
**************************************************************************
.
Heure de fin: 2009-02-10 23:15:02 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-02-10 22:14:47

Avant-CF: 46 680 586 240 octets libres
Après-CF: 47,437,337,088 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect /usepmtimer
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

236 --- E O F --- 2009-01-14 00:30:20

totobetourne · Answer

on avance  ce n est pas fini.


Télécharge ToolBar-S&D ( Merci à Eric_71, Angeldark, Sham_Rock et XmichouX )
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

lors du scan coupe ta connection internet.

* Double-clique sur ToolBar-SD afin de lancer l'installation, un raccourci sera ajouté sur le Bureau.
* Double-clique dessus pour démarrer l'outil; choisis la langue.
* Sous Vista, faire un clic droit et "Exécuter en tant qu'administrateur" (Elévation des privilèges), puis -> Continuer.
* Tape 1 puis sur la touche [Entrée] afin de lancer la suppression.
* Patiente jusqu'à la fin de la recherche.
* À la fin du scan, le rapport s'ouvrira dans le Bloc-notes.
* Poste ce rapport, par copier/coller, dans ta prochaine réponse.
* Le rapport se trouve également sous : C:\TB.txt



Tant qu'on croira toutes les âneries qu'on peut nous raconter à échelle mondiale on continuera d'aller droit dans le mur voire même d accélérer sur celui ci .
 REVEIL DE NOS VIES.

dadynho94 · Answer

Merci à toi, voici le rapport de ToolBar SD : 


   -----------\  ToolBar S&D 1.2.8   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3500+ )
   BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
   USER : Lounes ( Administrator )
   BOOT : Normal boot
   Antivirus : avast! antivirus 4.8.1296 [VPS 090211-0] 4.8.1296 (Activated)
   C:\ (Local Disk) - NTFS - Total:71 Go (Free:50 Go)
   D:\ (USB)
   E:\ (USB)
   F:\ (USB)
   G:\ (USB)
   H:\ (Local Disk) - NTFS - Total:71 Go (Free:44 Go)
   I:\ (CD or DVD)
   J:\ (CD or DVD)

   "H:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
   Option : [1] ( 11/02/2009|21:09 )

   -----------\  Recherche de Fichiers / Dossiers ...

   H:\DOCUME~1\Lounes\APPLIC~1\Dealio
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127es
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ules
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127	emp
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127es\alerts.gif
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127es\alerts_over.gif
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127es\alerts_rec.gif
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127es\alerts_rec_over.gif
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127es\chevron-small.gif
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127es\DealioSearch.html
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127es\deals-leftcap.gif
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127es\deal_report.jpg
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127es\ebay_login.jpg
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127es\err_mainwindow.html
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127es\err_toolbar.html
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127es\global_scripts.js
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127es\headerbgthin.jpg
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127es\highlight-bg.png
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127es\logo.gif
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127es\logo_over.gif
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127es\man_toolbar.css
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127es\man_toolbar.html
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127es\man_toolbar.js
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127es\man_toolbarl.js
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127es\post-this-deal.gif
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127es\post-this-deal_over.gif
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127es\scripts.js
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127es\scroller.js
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127es\search-chevron.gif
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127es\search-chevron_over.gif
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127es\search_bg_blink.gif
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127es\separator.gif
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127es\settings.gif
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127es\settings_over.gif
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127es\yahoo-search.png
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ules\index.76.35
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.10.76
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.109.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.110.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.12.52
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.13.58
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.130.58
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.135.50
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.153.44
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.155.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.156.49
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.16.60
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.161.52
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.178.66
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.184.55
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.188.52
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.189.45
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.196.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.198.56
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.199.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.200.53
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.201.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.202.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.203.71
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.205.62
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.213.71
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.214.49
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.215.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.216.67
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.217.67
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.218.52
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.219.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.220.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.221.57
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.222.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.223.68
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.226.68
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.227.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.228.62
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.229.76
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.23.63
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.239.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.24.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.240.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.241.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.242.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.243.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.244.63
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.245.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.247.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.248.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.249.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.250.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.251.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.252.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.253.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.254.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.255.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.256.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.257.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.279.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.28.58
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.282.75
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.283.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.284.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.289.67
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.290.62
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.291.61
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.296.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.297.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.304.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.307.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.308.75
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.31.47
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.310.46
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.311.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.315.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.316.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.317.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.318.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.319.49
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.32.48
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.334.44
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.335.60
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.336.44
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.337.44
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.338.75
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.339.47
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.34.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.340.47
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.341.47
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.349.50
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.35.48
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.350.50
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.351.51
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.352.54
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.353.51
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.354.51
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.357.62
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.358.52
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.359.52
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.360.53
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.361.54
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.362.68
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.363.58
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.364.54
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.365.53
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.367.56
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.368.58
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.369.55
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.370.56
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.371.56
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.372.57
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.373.55
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.375.56
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.376.57
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.377.55
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.378.65
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.384.58
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.386.71
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.387.59
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.388.59
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.389.59
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.390.60
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.391.60
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.392.60
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.393.60
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.394.60
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.396.61
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.397.61
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.398.60
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.399.60
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.403.61
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.404.63
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.405.61
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.406.61
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.407.76
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.408.63
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.409.61
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.412.62
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.413.62
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.414.62
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.415.62
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.416.62
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.417.62
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.418.62
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.419.62
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.420.62
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.421.62
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.423.63
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.424.63
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.425.63
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.426.63
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.427.63
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.428.65
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.429.63
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.430.63
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.432.65
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.433.64
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.434.65
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.435.64
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.436.76
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.437.64
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.438.71
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.439.71
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.440.75
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.442.73
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.443.73
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.444.73
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.445.68
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.446.69
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.450.67
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.451.67
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.452.68
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.453.68
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.454.69
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.456.69
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.457.75
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.458.70
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.459.70
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.460.69
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.462.74
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.463.69
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.464.70
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.465.68
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.468.70
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.469.70
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.470.70
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.471.73
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.472.70
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.478.74
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.479.73
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.480.68
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.481.71
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.482.74
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.49.67
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.50.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.500.71
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.501.74
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.502.71
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.51.69
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.52.72
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.520.76
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.521.76
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.522.76
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.53.51
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.531.76
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.532.75
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.534.75
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.54.47
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.55.45
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.56.69
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.57.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.58.47
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.593.76
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.595.76
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.63.57
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.66.47
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.70.75
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127ulesules.1.71.43
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127	emp\dealio-14283.log
   H:\DOCUME~1\Lounes\APPLIC~1\Dealio\kb127	emp\dod_cache.xml
   H:\Program Files\Dealio
   H:\Program Files\Dealio\DealioAU.exe
   H:\Program Files\Dealio\kb127
   H:\Program Files\Dealio\SearchSettingsKit.exe
   H:\Program Files\Dealio\kb127\Dealio Deskbar.exe
   H:\Program Files\Dealio\kb127\Dealio.dll
   H:\Program Files\Dealio\kb127\DealioRes409.dll
   H:\Program Files\Dealio\kb127es
   H:\Program Files\Dealio\kb127esDN
   H:\Program Files\Dealio\kb127ules
   H:\Program Files\Dealio\kb127	emp
   H:\Program Files\Dealio\kb127es\alerts.gif
   H:\Program Files\Dealio\kb127es\alerts_over.gif
   H:\Program Files\Dealio\kb127es\alerts_rec.gif
   H:\Program Files\Dealio\kb127es\alerts_rec_over.gif
   H:\Program Files\Dealio\kb127es\chevron-small.gif
   H:\Program Files\Dealio\kb127es\DealioSearch.html
   H:\Program Files\Dealio\kb127es\deals-leftcap.gif
   H:\Program Files\Dealio\kb127es\deal_report.jpg
   H:\Program Files\Dealio\kb127es\ebay_login.jpg
   H:\Program Files\Dealio\kb127es\err_mainwindow.html
   H:\Program Files\Dealio\kb127es\err_toolbar.html
   H:\Program Files\Dealio\kb127es\global_scripts.js
   H:\Program Files\Dealio\kb127es\headerbgthin.jpg
   H:\Program Files\Dealio\kb127es\highlight-bg.png
   H:\Program Files\Dealio\kb127es\logo.gif
   H:\Program Files\Dealio\kb127es\logo_over.gif
   H:\Program Files\Dealio\kb127es\man_toolbar.css
   H:\Program Files\Dealio\kb127es\man_toolbar.html
   H:\Program Files\Dealio\kb127es\man_toolbar.js
   H:\Program Files\Dealio\kb127es\man_toolbarl.js
   H:\Program Files\Dealio\kb127es\post-this-deal.gif
   H:\Program Files\Dealio\kb127es\post-this-deal_over.gif
   H:\Program Files\Dealio\kb127es\scripts.js
   H:\Program Files\Dealio\kb127es\scroller.js
   H:\Program Files\Dealio\kb127es\search-chevron.gif
   H:\Program Files\Dealio\kb127es\search-chevron_over.gif
   H:\Program Files\Dealio\kb127es\search_bg_blink.gif
   H:\Program Files\Dealio\kb127es\separator.gif
   H:\Program Files\Dealio\kb127es\settings.gif
   H:\Program Files\Dealio\kb127es\settings_over.gif
   H:\Program Files\Dealio\kb127es\yahoo-search.png
   H:\Program Files\Dealio\kb127esDN\bottom.gif
   H:\Program Files\Dealio\kb127esDN\chevron_down.gif
   H:\Program Files\Dealio\kb127esDN\chevron_up.gif
   H:\Program Files\Dealio\kb127esDN\close.gif
   H:\Program Files\Dealio\kb127esDN\deskbar.css
   H:\Program Files\Dealio\kb127esDN\deskbar.js
   H:\Program Files\Dealio\kb127esDN\dispatch_helper.js
   H:\Program Files\Dealio\kb127esDN\ebay_compatible.jpg
   H:\Program Files\Dealio\kb127esDN\logo.gif
   H:\Program Files\Dealio\kb127esDN\logo_chevron_bkg.gif
   H:\Program Files\Dealio\kb127esDN\losing.gif
   H:\Program Files\Dealio\kb127esDN\lost.gif
   H:\Program Files\Dealio\kb127esDN\man_deskbar.html
   H:\Program Files\Dealio\kb127esDN\menu_arrow.gif
   H:\Program Files\Dealio\kb127esDN\menu_check.gif
   H:\Program Files\Dealio\kb127esDN
o_image.gif
   H:\Program Files\Dealio\kb127esDN\prod_img.gif
   H:\Program Files\Dealio\kb127esDN\search_chevron.gif
   H:\Program Files\Dealio\kb127esDN\spacer.gif
   H:\Program Files\Dealio\kb127esDN	extfield_bkg.gif
   H:\Program Files\Dealio\kb127esDN	op.gif
   H:\Program Files\Dealio\kb127esDN\unknown.gif
   H:\Program Files\Dealio\kb127esDN\winning.gif
   H:\Program Files\Dealio\kb127esDN\won.gif
   H:\Program Files\Dealio\kb127ules\index.76.35
   H:\Program Files\Dealio\kb127ulesules.1.10.76
   H:\Program Files\Dealio\kb127ulesules.1.109.43
   H:\Program Files\Dealio\kb127ulesules.1.110.43
   H:\Program Files\Dealio\kb127ulesules.1.12.52
   H:\Program Files\Dealio\kb127ulesules.1.13.58
   H:\Program Files\Dealio\kb127ulesules.1.130.58
   H:\Program Files\Dealio\kb127ulesules.1.135.50
   H:\Program Files\Dealio\kb127ulesules.1.153.44
   H:\Program Files\Dealio\kb127ulesules.1.155.43
   H:\Program Files\Dealio\kb127ulesules.1.156.49
   H:\Program Files\Dealio\kb127ulesules.1.16.60
   H:\Program Files\Dealio\kb127ulesules.1.161.52
   H:\Program Files\Dealio\kb127ulesules.1.178.66
   H:\Program Files\Dealio\kb127ulesules.1.184.55
   H:\Program Files\Dealio\kb127ulesules.1.188.52
   H:\Program Files\Dealio\kb127ulesules.1.189.45
   H:\Program Files\Dealio\kb127ulesules.1.196.43
   H:\Program Files\Dealio\kb127ulesules.1.198.56
   H:\Program Files\Dealio\kb127ulesules.1.199.43
   H:\Program Files\Dealio\kb127ulesules.1.200.53
   H:\Program Files\Dealio\kb127ulesules.1.201.43
   H:\Program Files\Dealio\kb127ulesules.1.202.43
   H:\Program Files\Dealio\kb127ulesules.1.203.71
   H:\Program Files\Dealio\kb127ulesules.1.205.62
   H:\Program Files\Dealio\kb127ulesules.1.213.71
   H:\Program Files\Dealio\kb127ulesules.1.214.49
   H:\Program Files\Dealio\kb127ulesules.1.215.43
   H:\Program Files\Dealio\kb127ulesules.1.216.67
   H:\Program Files\Dealio\kb127ulesules.1.217.67
   H:\Program Files\Dealio\kb127ulesules.1.218.52
   H:\Program Files\Dealio\kb127ulesules.1.219.43
   H:\Program Files\Dealio\kb127ulesules.1.220.43
   H:\Program Files\Dealio\kb127ulesules.1.221.57
   H:\Program Files\Dealio\kb127ulesules.1.222.43
   H:\Program Files\Dealio\kb127ulesules.1.223.68
   H:\Program Files\Dealio\kb127ulesules.1.226.68
   H:\Program Files\Dealio\kb127ulesules.1.227.43
   H:\Program Files\Dealio\kb127ulesules.1.228.62
   H:\Program Files\Dealio\kb127ulesules.1.229.76
   H:\Program Files\Dealio\kb127ulesules.1.23.63
   H:\Program Files\Dealio\kb127ulesules.1.239.43
   H:\Program Files\Dealio\kb127ulesules.1.24.43
   H:\Program Files\Dealio\kb127ulesules.1.240.43
   H:\Program Files\Dealio\kb127ulesules.1.241.43
   H:\Program Files\Dealio\kb127ulesules.1.242.43
   H:\Program Files\Dealio\kb127ulesules.1.243.43
   H:\Program Files\Dealio\kb127ulesules.1.244.63
   H:\Program Files\Dealio\kb127ulesules.1.245.43
   H:\Program Files\Dealio\kb127ulesules.1.247.43
   H:\Program Files\Dealio\kb127ulesules.1.248.43
   H:\Program Files\Dealio\kb127ulesules.1.249.43
   H:\Program Files\Dealio\kb127ulesules.1.250.43
   H:\Program Files\Dealio\kb127ulesules.1.251.43
   H:\Program Files\Dealio\kb127ulesules.1.252.43
   H:\Program Files\Dealio\kb127ulesules.1.253.43
   H:\Program Files\Dealio\kb127ulesules.1.254.43
   H:\Program Files\Dealio\kb127ulesules.1.255.43
   H:\Program Files\Dealio\kb127ulesules.1.256.43
   H:\Program Files\Dealio\kb127ulesules.1.257.43
   H:\Program Files\Dealio\kb127ulesules.1.279.43
   H:\Program Files\Dealio\kb127ulesules.1.28.58
   H:\Program Files\Dealio\kb127ulesules.1.282.75
   H:\Program Files\Dealio\kb127ulesules.1.283.43
   H:\Program Files\Dealio\kb127ulesules.1.284.43
   H:\Program Files\Dealio\kb127ulesules.1.289.67
   H:\Program Files\Dealio\kb127ulesules.1.290.62
   H:\Program Files\Dealio\kb127ulesules.1.291.61
   H:\Program Files\Dealio\kb127ulesules.1.296.43
   H:\Program Files\Dealio\kb127ulesules.1.297.43
   H:\Program Files\Dealio\kb127ulesules.1.304.43
   H:\Program Files\Dealio\kb127ulesules.1.307.43
   H:\Program Files\Dealio\kb127ulesules.1.308.75
   H:\Program Files\Dealio\kb127ulesules.1.31.47
   H:\Program Files\Dealio\kb127ulesules.1.310.46
   H:\Program Files\Dealio\kb127ulesules.1.311.43
   H:\Program Files\Dealio\kb127ulesules.1.315.43
   H:\Program Files\Dealio\kb127ulesules.1.316.43
   H:\Program Files\Dealio\kb127ulesules.1.317.43
   H:\Program Files\Dealio\kb127ulesules.1.318.43
   H:\Program Files\Dealio\kb127ulesules.1.319.49
   H:\Program Files\Dealio\kb127ulesules.1.32.48
   H:\Program Files\Dealio\kb127ulesules.1.334.44
   H:\Program Files\Dealio\kb127ulesules.1.335.60
   H:\Program Files\Dealio\kb127ulesules.1.336.44
   H:\Program Files\Dealio\kb127ulesules.1.337.44
   H:\Program Files\Dealio\kb127ulesules.1.338.75
   H:\Program Files\Dealio\kb127ulesules.1.339.47
   H:\Program Files\Dealio\kb127ulesules.1.34.43
   H:\Program Files\Dealio\kb127ulesules.1.340.47
   H:\Program Files\Dealio\kb127ulesules.1.341.47
   H:\Program Files\Dealio\kb127ulesules.1.349.50
   H:\Program Files\Dealio\kb127ulesules.1.35.48
   H:\Program Files\Dealio\kb127ulesules.1.350.50
   H:\Program Files\Dealio\kb127ulesules.1.351.51
   H:\Program Files\Dealio\kb127ulesules.1.352.54
   H:\Program Files\Dealio\kb127ulesules.1.353.51
   H:\Program Files\Dealio\kb127ulesules.1.354.51
   H:\Program Files\Dealio\kb127ulesules.1.357.62
   H:\Program Files\Dealio\kb127ulesules.1.358.52
   H:\Program Files\Dealio\kb127ulesules.1.359.52
   H:\Program Files\Dealio\kb127ulesules.1.360.53
   H:\Program Files\Dealio\kb127ulesules.1.361.54
   H:\Program Files\Dealio\kb127ulesules.1.362.68
   H:\Program Files\Dealio\kb127ulesules.1.363.58
   H:\Program Files\Dealio\kb127ulesules.1.364.54
   H:\Program Files\Dealio\kb127ulesules.1.365.53
   H:\Program Files\Dealio\kb127ulesules.1.367.56
   H:\Program Files\Dealio\kb127ulesules.1.368.58
   H:\Program Files\Dealio\kb127ulesules.1.369.55
   H:\Program Files\Dealio\kb127ulesules.1.370.56
   H:\Program Files\Dealio\kb127ulesules.1.371.56
   H:\Program Files\Dealio\kb127ulesules.1.372.57
   H:\Program Files\Dealio\kb127ulesules.1.373.55
   H:\Program Files\Dealio\kb127ulesules.1.375.56
   H:\Program Files\Dealio\kb127ulesules.1.376.57
   H:\Program Files\Dealio\kb127ulesules.1.377.55
   H:\Program Files\Dealio\kb127ulesules.1.378.65
   H:\Program Files\Dealio\kb127ulesules.1.384.58
   H:\Program Files\Dealio\kb127ulesules.1.386.71
   H:\Program Files\Dealio\kb127ulesules.1.387.59
   H:\Program Files\Dealio\kb127ulesules.1.388.59
   H:\Program Files\Dealio\kb127ulesules.1.389.59
   H:\Program Files\Dealio\kb127ulesules.1.390.60
   H:\Program Files\Dealio\kb127ulesules.1.391.60
   H:\Program Files\Dealio\kb127ulesules.1.392.60
   H:\Program Files\Dealio\kb127ulesules.1.393.60
   H:\Program Files\Dealio\kb127ulesules.1.394.60
   H:\Program Files\Dealio\kb127ulesules.1.396.61
   H:\Program Files\Dealio\kb127ulesules.1.397.61
   H:\Program Files\Dealio\kb127ulesules.1.398.60
   H:\Program Files\Dealio\kb127ulesules.1.399.60
   H:\Program Files\Dealio\kb127ulesules.1.403.61
   H:\Program Files\Dealio\kb127ulesules.1.404.63
   H:\Program Files\Dealio\kb127ulesules.1.405.61
   H:\Program Files\Dealio\kb127ulesules.1.406.61
   H:\Program Files\Dealio\kb127ulesules.1.407.76
   H:\Program Files\Dealio\kb127ulesules.1.408.63
   H:\Program Files\Dealio\kb127ulesules.1.409.61
   H:\Program Files\Dealio\kb127ulesules.1.412.62
   H:\Program Files\Dealio\kb127ulesules.1.413.62
   H:\Program Files\Dealio\kb127ulesules.1.414.62
   H:\Program Files\Dealio\kb127ulesules.1.415.62
   H:\Program Files\Dealio\kb127ulesules.1.416.62
   H:\Program Files\Dealio\kb127ulesules.1.417.62
   H:\Program Files\Dealio\kb127ulesules.1.418.62
   H:\Program Files\Dealio\kb127ulesules.1.419.62
   H:\Program Files\Dealio\kb127ulesules.1.420.62
   H:\Program Files\Dealio\kb127ulesules.1.421.62
   H:\Program Files\Dealio\kb127ulesules.1.423.63
   H:\Program Files\Dealio\kb127ulesules.1.424.63
   H:\Program Files\Dealio\kb127ulesules.1.425.63
   H:\Program Files\Dealio\kb127ulesules.1.426.63
   H:\Program Files\Dealio\kb127ulesules.1.427.63
   H:\Program Files\Dealio\kb127ulesules.1.428.65
   H:\Program Files\Dealio\kb127ulesules.1.429.63
   H:\Program Files\Dealio\kb127ulesules.1.430.63
   H:\Program Files\Dealio\kb127ulesules.1.432.65
   H:\Program Files\Dealio\kb127ulesules.1.433.64
   H:\Program Files\Dealio\kb127ulesules.1.434.65
   H:\Program Files\Dealio\kb127ulesules.1.435.64
   H:\Program Files\Dealio\kb127ulesules.1.436.76
   H:\Program Files\Dealio\kb127ulesules.1.437.64
   H:\Program Files\Dealio\kb127ulesules.1.438.71
   H:\Program Files\Dealio\kb127ulesules.1.439.71
   H:\Program Files\Dealio\kb127ulesules.1.440.75
   H:\Program Files\Dealio\kb127ulesules.1.442.73
   H:\Program Files\Dealio\kb127ulesules.1.443.73
   H:\Program Files\Dealio\kb127ulesules.1.444.73
   H:\Program Files\Dealio\kb127ulesules.1.445.68
   H:\Program Files\Dealio\kb127ulesules.1.446.69
   H:\Program Files\Dealio\kb127ulesules.1.450.67
   H:\Program Files\Dealio\kb127ulesules.1.451.67
   H:\Program Files\Dealio\kb127ulesules.1.452.68
   H:\Program Files\Dealio\kb127ulesules.1.453.68
   H:\Program Files\Dealio\kb127ulesules.1.454.69
   H:\Program Files\Dealio\kb127ulesules.1.456.69
   H:\Program Files\Dealio\kb127ulesules.1.457.75
   H:\Program Files\Dealio\kb127ulesules.1.458.70
   H:\Program Files\Dealio\kb127ulesules.1.459.70
   H:\Program Files\Dealio\kb127ulesules.1.460.69
   H:\Program Files\Dealio\kb127ulesules.1.462.74
   H:\Program Files\Dealio\kb127ulesules.1.463.69
   H:\Program Files\Dealio\kb127ulesules.1.464.70
   H:\Program Files\Dealio\kb127ulesules.1.465.68
   H:\Program Files\Dealio\kb127ulesules.1.468.70
   H:\Program Files\Dealio\kb127ulesules.1.469.70
   H:\Program Files\Dealio\kb127ulesules.1.470.70
   H:\Program Files\Dealio\kb127ulesules.1.471.73
   H:\Program Files\Dealio\kb127ulesules.1.472.70
   H:\Program Files\Dealio\kb127ulesules.1.478.74
   H:\Program Files\Dealio\kb127ulesules.1.479.73
   H:\Program Files\Dealio\kb127ulesules.1.480.68
   H:\Program Files\Dealio\kb127ulesules.1.481.71
   H:\Program Files\Dealio\kb127ulesules.1.482.74
   H:\Program Files\Dealio\kb127ulesules.1.49.67
   H:\Program Files\Dealio\kb127ulesules.1.50.43
   H:\Program Files\Dealio\kb127ulesules.1.500.71
   H:\Program Files\Dealio\kb127ulesules.1.501.74
   H:\Program Files\Dealio\kb127ulesules.1.502.71
   H:\Program Files\Dealio\kb127ulesules.1.51.69
   H:\Program Files\Dealio\kb127ulesules.1.52.72
   H:\Program Files\Dealio\kb127ulesules.1.520.76
   H:\Program Files\Dealio\kb127ulesules.1.521.76
   H:\Program Files\Dealio\kb127ulesules.1.522.76
   H:\Program Files\Dealio\kb127ulesules.1.53.51
   H:\Program Files\Dealio\kb127ulesules.1.531.76
   H:\Program Files\Dealio\kb127ulesules.1.532.75
   H:\Program Files\Dealio\kb127ulesules.1.534.75
   H:\Program Files\Dealio\kb127ulesules.1.54.47
   H:\Program Files\Dealio\kb127ulesules.1.55.45
   H:\Program Files\Dealio\kb127ulesules.1.56.69
   H:\Program Files\Dealio\kb127ulesules.1.57.43
   H:\Program Files\Dealio\kb127ulesules.1.58.47
   H:\Program Files\Dealio\kb127ulesules.1.593.76
   H:\Program Files\Dealio\kb127ulesules.1.595.76
   H:\Program Files\Dealio\kb127ulesules.1.63.57
   H:\Program Files\Dealio\kb127ulesules.1.66.47
   H:\Program Files\Dealio\kb127ulesules.1.70.75
   H:\Program Files\Dealio\kb127ulesules.1.71.43
   H:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio
   H:\DOCUME~1\Lounes\Cookies\lounes@dealio[1].txt
   H:\DOCUME~1\Lounes\Cookies\lounes@pimpmysearch[2].txt
   H:\DOCUME~1\Lounes\APPLIC~1\Search Settings
   H:\DOCUME~1\Lounes\APPLIC~1\Search Settings\kb127
   H:\DOCUME~1\Lounes\APPLIC~1\Search Settings\kb127es
   H:\DOCUME~1\Lounes\APPLIC~1\Search Settings\kb127	emp
   H:\DOCUME~1\Lounes\APPLIC~1\Search Settings\kb127	emp\ws-14283.log
   H:\DOCUME~1\Lounes\APPLIC~1\Search Settings\kb127	emp\ws-14284.log
   H:\DOCUME~1\Lounes\APPLIC~1\Search Settings\kb127	emp\ws-14285.log
   H:\DOCUME~1\Lounes\APPLIC~1\Search Settings\kb127	emp\ws-14286.log
   H:\Program Files\Search Settings
   H:\Program Files\Search Settings\kb127
   H:\Program Files\Search Settings\SearchSettings.exe
   H:\Program Files\Search Settings\kb127es
   H:\Program Files\Search Settings\kb127\SearchSettings.dll
   H:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll
   H:\Program Files\Search Settings\kb127	emp

   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="H:\WINDOWS\system32\blank.htm"
   "Start Page"="https://www.google.fr/?gws_rd=ssl"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"


   --------------------\  Recherche d'autres infections

   --------------------\  Cracks & Keygens ..

   H:\DOCUME~1\Lounes\Mes documents\dadynho94\Bit comet\BitComet	orrents\FM2009.9-2-0.Patch.and.Crack.rar.torrent
   H:\DOCUME~1\Lounes\Mes documents\dadynho94\Bit comet\BitComet	orrents\Football Manager 2009 - crack+patch.torrent
   H:\DOCUME~1\Lounes\Mes documents\Mes sons\Rap francais\Alpha 5.20 - Vivre et Mourir a Dakar\16-alpha_5.20-mon_crack_feat_iron_sy_and_lino.mp3
   H:\DOCUME~1\Lounes\Mes documents\Mes sons\Rap francais\Rim-k - Famille Nombreuse\11-rim-k-pilotes_crack_musik_feat._hamza.mp3
   H:\DOCUME~1\Lounes\Mes documents\Mes sons\Rap U.S\Fat Joe - The Crack House ft Lil Wayne.mp3
   H:\DOCUME~1\Lounes\Recent\Crack.lnk
   H:\DOCUME~1\Lounes\Recent\fm09.crack.lnk
   H:\DOCUME~1\Lounes\Recent\Football Manager 2009 - crack+patch.lnk



   1 - "H:\ToolBar SD\TB_1.txt" - 11/02/2009|21:09 - Option : [1]

   -----------\  Fin du rapport a 21:09:44,21

totobetourne · Answer

je comprend mieux toute les saletes.tout plein de crack donc tout plein d infection. vire tout les cracks.ne relance pas ces programmes entre temps car a ce moment l infection reviendrait.

relance toolbar mais la appuie sur l option 2. tu obtiens un rapport que tu colles.

dadynho94 · Answer

Bonjour,
comme tu m'a demandé j'ai supprimé toutes les saletés que toolbar avait trouvé, j'ai relancé toolbar en choisissant l'option 2, et voila le rapport:


   -----------\  ToolBar S&D 1.2.8   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3500+ )
   BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
   USER : Lounes ( Administrator )
   BOOT : Normal boot
   Antivirus : avast! antivirus 4.8.1296 [VPS 090212-0] 4.8.1296 (Activated)
   C:\ (Local Disk) - NTFS - Total:71 Go (Free:50 Go)
   D:\ (USB)
   E:\ (USB)
   F:\ (USB)
   G:\ (USB)
   H:\ (Local Disk) - NTFS - Total:71 Go (Free:43 Go)
   I:\ (CD or DVD)
   J:\ (CD or DVD)

   "H:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
   Option : [2] ( 12/02/2009|17:56 )

   -----------\  Recherche de Fichiers / Dossiers ...


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="H:\WINDOWS\system32\blank.htm"
   "Start Page"="https://www.google.fr/?gws_rd=ssl"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Start Page"="https://www.msn.com/fr-fr/"


   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !


   1 - "H:\ToolBar SD\TB_1.txt" - 11/02/2009|21:09 - Option : [1]
   2 - "H:\ToolBar SD\TB_2.txt" - 12/02/2009|17:53 - Option : [2]
   3 - "H:\ToolBar SD\TB_3.txt" - 12/02/2009|17:57 - Option : [2]

   -----------\  Fin du rapport a 17:57:10,62





J'aurais juste une question, si je relance le jeu football manager une infection va-t-elle réapparaitre ?

totobetourne · Answer

c est bien possible .


1)refais un rapport hijack et colle le merci.


2)va sur virus total et analyse les fichiers, tu obtiens un rapport pour chacun d eux , colle le.
https://www.virustotal.com/gui/

analyse ce fichier
H:\opgde.exe

totobetourne · Answer

apres fait cela 

1)passe cela
Télécharge sur le bureau Flash Disinfector (de SUBS) à cette adresse : https://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe

Double-clique sur l’icône.
Les icônes vont disparaître. C’est normal.
Si un rapport est généré en cas d'infection, sauvegarde-le sur le bureau, et poste le ensuite
Redémarre ensuite le PC. 




2)refais un rapport combo fix.

dadynho94 · Answer

voici le rapport de hijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:39:18, on 12/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\WINDOWS\RTHDCPL.EXE
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\Documents and Settings\Lounes\Mes documents\dadynho94\Itunes\iTunesHelper.exe
H:\Program Files\Java\jre6\bin\jusched.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\WINDOWS\system32
vsvc32.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\WINDOWS\system32\PnkBstrB.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Program Files\Windows Live\Messenger\msnmsgr.exe
H:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Documents and Settings\Lounes\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - H:\Documents and Settings\Lounes\Mes documents\dadynho94\Bit comet\BitComet	ools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - H:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - H:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Documents and Settings\Lounes\Mes documents\dadynho94\Itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MSN Pictures Displayer.lnk = H:\Documents and Settings\Lounes\Mes documents\dadynho94\MSN DP\MSN Pictures Displayer.exe
O8 - Extra context menu item: &T&élécharger &avec BitComet - res://H:\Documents and Settings\Lounes\Mes documents\dadynho94\Bit comet\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &T&élécharger tout avec BitComet - res://H:\Documents and Settings\Lounes\Mes documents\dadynho94\Bit comet\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &T&élécharger toute vidéo avec BitComet - res://H:\Documents and Settings\Lounes\Mes documents\dadynho94\Bit comet\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://H:\Documents and Settings\Lounes\Mes documents\dadynho94\Bit comet\BitComet	ools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/hardwaredetection_3_0_4_0.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - H:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32
vsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - H:\WINDOWS\system32\PnkBstrB.exe
O24 - Desktop Component 1: (no name) - H:\Documents and Settings\Lounes\Mes documents\Horaire_des_prieres_2000.html

dadynho94 · Answer

voici le rapport sur virustotal du fichier que tu m'a demandé ( H:\opgde.exe ) :

Antivirus Version Dernière mise à jour Résultat 
a-squared 4.0.0.93 2009.02.12 - 
AhnLab-V3 5.0.0.2 2009.02.12 Win32/Autorun.worm.108067 
AntiVir 7.9.0.76 2009.02.12 - 
Authentium 5.1.0.4 2009.02.12 - 
Avast 4.8.1335.0 2009.02.12 - 
AVG 8.0.0.229 2009.02.12 Win32/Heur 
BitDefender 7.2 2009.02.12 - 
CAT-QuickHeal 10.00 2009.02.11 (Suspicious) - DNAScan 
ClamAV 0.94.1 2009.02.12 - 
Comodo 975 2009.02.12 - 
DrWeb 4.44.0.09170 2009.02.12 Trojan.PWS.Wsgame.4983 
eSafe 7.0.17.0 2009.02.12 Win32.WormTaterf.b 
eTrust-Vet 31.6.6353 2009.02.12 - 
F-Prot 4.4.4.56 2009.02.11 - 
F-Secure 8.0.14470.0 2009.02.12 Trojan-Dropper.Win32.Agent.agza 
Fortinet 3.117.0.0 2009.02.12 - 
GData 19 2009.02.12 - 
Ikarus T3.1.1.45.0 2009.02.12 - 
K7AntiVirus 7.10.628 2009.02.12 - 
Kaspersky 7.0.0.125 2009.02.12 Trojan-Dropper.Win32.Agent.agza 
McAfee 5523 2009.02.11 - 
McAfee+Artemis 5523 2009.02.11 Generic!Artemis 
Microsoft 1.4306 2009.02.12 Worm:Win32/Taterf.B 
NOD32 3848 2009.02.12 Win32/PSW.OnLineGames.NMY 
Norman 6.00.02 2009.02.12 OnLineGames.IAPV 
nProtect 2009.1.8.0 2009.02.12 - 
Panda 10.0.0.10 2009.02.12 - 
PCTools 4.4.2.0 2009.02.12 - 
Prevx1 V2 2009.02.12 Malicious Software 
Rising 21.16.32.00 2009.02.12 Trojan.PSW.Win32.GameOL.upx 
SecureWeb-Gateway 6.7.6 2009.02.12 Trojan.Crypt.LooksLike.XPACK 
Sophos 4.38.0 2009.02.12 Sus/UnkPacker 
Sunbelt 3.2.1851.2 2009.02.12 - 
Symantec 10 2009.02.12 - 
TheHacker 6.3.1.9.254 2009.02.12 - 
TrendMicro 8.700.0.1004 2009.02.12 - 
VBA32 3.12.8.12 2009.02.11 - 
ViRobot 2009.2.12.1603 2009.02.12 - 
VirusBuster 4.5.11.0 2009.02.12 - 
Information additionnelle 
File size: 108067 bytes 
MD5...: c5623fbbbc85d06dc1835922c759bc91 
SHA1..: 4d5c36ebff00262e08ff12dc6b9cc3f297b93a76 
SHA256: 2874f99595171aa0e270a8cb0df83c4a77e64e6309ad8c8c5575bc08f7f5ba1e 
SHA512: 61cf99b498c409f6650f0f80dabc8f19fcdbc9902ef894f0464b890348974d67
a50ba118c3f3b395182d00583c63df956debdd9871b68629e70ab71c51452102
 
ssdeep: 1536:xJB4B9A+Vh9T21AVNNhiljF18H/708+l/eY+bMwzeiuvijiKiCppbUVCAdn
:GB9AuT21gNNhMF18r+Bf+4wzyYJppbN
 
PEiD..: - 
TrID..: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x338b1
timedatestamp.....: 0x496c8de8 (Tue Jan 13 12:49:44 2009)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xd000 0xcf9f 0.00 bdb1b70f9eab0e499948c9a7dd64a648
.data 0xe000 0xe000 0xcd9f 8.00 377b5f148ca1cc5e73612d18d47b540a
.idata 0x1c000 0x3000 0x3000 7.99 c39e7d3fa525b790dd9c6aa705f14be5
.rdata 0x1f000 0x16000 0x15800 7.94 5ef6d5e03699a103a5a6cc32be4a48ac
.rsrc 0x35000 0x1000 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110
.perplex 0x36000 0xa6f2 0x423 0.00 bdb1b70f9eab0e499948c9a7dd64a648

( 1 imports ) 
> KERNEL32.DLL: FindNextFileA, GetComputerNameW, FreeEnvironmentStringsA, GetSystemTime, GetStdHandle, GetPrivateProfileStringA, GetPrivateProfileSectionW, FindNextVolumeA, FreeUserPhysicalPages, GetNumberFormatW, DeleteAtom, GetExitCodeProcess, FreeLibraryAndExitThread, LoadLibraryA, GetTickCount, GetComputerNameW, DeleteFileW, GetVolumeNameForVolumeMountPointW, GetLocalTime, GlobalFindAtomW, GetModuleFileNameA, GetFileTime, GetSystemWindowsDirectoryW, GetShortPathNameW, GetDefaultSortkeySize, CreateFileA, GetCurrentProcessId, GetFileSize, GlobalAddAtomA, GetLastError, GetModuleHandleW, FindFirstFileW, GetProcessHeap, GetLocaleInfoW

( 0 exports )

dadynho94 · Answer

Flash Disinfector n'a pas généré de rapport.
Je tiens a te signaler que avast! a fait une mise a jour.
voila le rapport de combofix après avoir redémarrer le PC :

ComboFix 09-02-12.03 - Lounes 2009-02-12 21:55:28.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.767.455 [GMT 1:00]
Lancé depuis: h:\documents and settings\Lounes\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090212-0] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\m0vnonh.bat
H:\Autorun.inf
H:\m0vnonh.bat

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-12 au 2009-02-12 ))))))))))))))))))))))))))))))))))))
.

2009-02-12 11:33 . 2009-02-12 11:33 118 --a------ h:\windows\system32\MRT.INI
2009-02-11 21:07 . 2009-02-12 17:57 <REP> d-------- H:\ToolBar SD
2009-02-10 20:28 . 2009-02-10 20:28 <REP> d-------- h:\documents and settings\All Users\Application Data\Messenger Plus!
2009-02-10 19:31 . 2009-02-10 19:31 <REP> d-------- h:\program files\Messenger Plus! Live
2009-02-10 19:18 . 2009-02-10 19:18 <REP> d-------- h:\program files\Microsoft SQL Server Compact Edition
2009-02-10 17:37 . 2009-02-11 18:09 108,067 -r-hs---- H:\opgde.exe
2009-01-27 00:05 . 2009-01-27 00:05 <REP> d-------- h:\documents and settings\LocalService\Application Data\agi
2009-01-27 00:04 . 2009-01-27 00:04 2,117,632 --a------ h:\windows\system32\python25.dll
2009-01-27 00:04 . 2009-01-27 00:04 339,968 --a------ h:\windows\system32\pythoncom25.dll
2009-01-27 00:04 . 2009-01-27 00:04 114,688 --a------ h:\windows\system32\pywintypes25.dll
2009-01-27 00:03 . 2008-09-16 17:26 1,332,197 --a------ h:\windows\system32\pythondll.zip
2009-01-22 20:58 . 2009-01-31 15:02 <REP> d-------- h:\program files\MediaCoder iPhone Edition
2009-01-22 20:54 . 2009-01-22 20:54 <REP> d-------- h:\documents and settings\Lounes\Application Data\AVS4YOU
2009-01-22 20:54 . 2009-01-22 20:54 <REP> d-------- h:\documents and settings\All Users\Application Data\AVS4YOU
2009-01-22 20:53 . 2009-01-22 20:58 <REP> d-------- h:\program files\Fichiers communs\AVSMedia
2009-01-22 20:53 . 2009-01-22 20:58 <REP> d-------- h:\program files\AVS4YOU
2009-01-22 20:53 . 2008-08-13 10:22 1,700,352 --a------ h:\windows\system32\GdiPlus.dll
2009-01-22 20:53 . 2008-08-13 10:22 974,848 --a------ h:\windows\system32\mfc70.dll
2009-01-22 20:53 . 2008-08-13 10:22 487,424 --a------ h:\windows\system32\msvcp70.dll
2009-01-22 20:53 . 2008-08-13 10:22 24,576 --a------ h:\windows\system32\msxml3a.dll
2009-01-22 20:28 . 2005-05-14 20:09 2,179,072 --a------ h:\windows\system32\mfc71d.dll
2009-01-22 20:28 . 2004-03-08 23:00 662,288 --a------ h:\windows\system32\MSCOMCT2.OCX
2009-01-22 20:28 . 2006-07-11 18:06 544,768 --a------ h:\windows\system32\msvcr71d.dll
2009-01-22 20:28 . 2006-05-12 08:37 490,496 --a------ h:\windows\system32\MP4Splitter.ax
2009-01-22 20:28 . 2004-01-10 17:02 258,048 --a------ h:\windows\system32\GplMpgDec.ax
2009-01-22 20:28 . 2004-03-08 23:00 224,016 --a------ h:\windows\system32\TABCTL32.OCX
2009-01-22 20:28 . 1998-06-24 00:00 164,144 --a------ h:\windows\system32\COMCT232.OCX
2009-01-22 20:28 . 1998-07-12 23:00 59,904 --a------ h:\windows\system32\Mscc2fr.dll
2009-01-22 20:28 . 2005-09-28 01:31 24,576 --a------ h:\windows\system32\ControlSubX.ocx
2009-01-22 20:28 . 1998-07-12 23:00 21,504 --a------ h:\windows\system32\TABCTFR.DLL
2009-01-22 20:28 . 1998-07-13 00:00 20,992 --a------ h:\windows\system32\CMCT2FR.DLL
2009-01-22 01:07 . 2009-02-02 23:11 <REP> d-------- h:\windows\OvtCam
2009-01-22 00:55 . 2003-10-15 17:52 307,200 -ra------ h:\temp\VIDCAP32.EXE
2009-01-22 00:55 . 2003-10-15 17:52 200,704 -ra------ h:\temp\sel3110.exe
2009-01-22 00:55 . 2003-10-15 17:52 174,530 -ra------ h:\temp\OV519VID.SYS
2009-01-22 00:55 . 2003-10-15 17:52 135,168 -ra------ h:\temp\OV519CAP.EXE
2009-01-22 00:55 . 2003-10-15 17:52 61,440 -ra------ h:\temp\OV519DIB.DLL
2009-01-22 00:55 . 2003-10-15 17:52 40,960 -ra------ h:\temp\OV519EXT.DLL
2009-01-22 00:55 . 2003-10-15 17:52 40,960 -ra------ h:\temp\CleanDev.exe
2009-01-22 00:55 . 2003-10-15 17:52 32,528 -ra------ h:\temp\AMCAP.EXE
2009-01-22 00:55 . 2003-10-15 17:52 25,211 -ra------ h:\temp\OV519CMD.SYS
2009-01-22 00:55 . 2003-10-15 17:52 16,426 -ra------ h:\temp\OV519USD.DLL
2009-01-22 00:54 . 2009-01-22 00:55 <REP> d-------- H:\temp
2009-01-22 00:54 . 2009-01-22 00:54 5,120 --ahs---- H:\Thumbs.db
2009-01-22 00:48 . 2008-04-13 19:45 60,032 --a------ h:\windows\system32\drivers\USBAUDIO.sys
2009-01-22 00:48 . 2008-04-13 19:45 60,032 --a--c--- h:\windows\system32\dllcache\usbaudio.sys
2009-01-20 02:32 . 2009-02-09 23:09 <REP> d-------- h:\documents and settings\Lounes\Tracing
2009-01-20 02:31 . 2009-01-20 02:31 <REP> d-------- h:\program files\Microsoft Office Outlook Connector
2009-01-20 02:28 . 2009-01-20 02:28 <REP> d-------- h:\program files\Windows Live SkyDrive
2009-01-20 02:28 . 2009-01-20 02:31 <REP> d-------- h:\program files\Microsoft
2009-01-20 01:25 . 2009-01-20 01:25 <REP> d-------- h:\program files\Fichiers communs\Windows Live
2009-01-16 19:22 . 2009-01-16 19:22 <REP> d-------- h:\program files\Sports Interactive
2009-01-15 23:06 . 2009-01-16 23:51 <REP> d-a------ h:\documents and settings\All Users\Application Data\Sports Interactive
2009-01-15 22:32 . 2009-01-15 22:32 <REP> d-------- h:\documents and settings\Lounes\Application Data\DAEMON Tools Pro
2009-01-15 22:32 . 2009-01-15 22:32 <REP> d-------- h:\documents and settings\Lounes\Application Data\DAEMON Tools
2009-01-15 22:29 . 2009-01-15 22:29 <REP> d-------- h:\program files\DAEMON Tools Lite
2009-01-15 22:29 . 2009-01-15 22:29 <REP> d-------- h:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-01-15 22:14 . 2009-01-15 22:37 <REP> d-------- h:\documents and settings\Lounes\Application Data\DAEMON Tools Lite
2009-01-15 22:14 . 2009-01-15 22:14 717,296 --a------ h:\windows\system32\drivers\sptd.sys
2009-01-14 14:36 . 2009-01-14 14:36 <REP> d--h----- h:\program files\Zero G Registry
2009-01-14 14:36 . 2009-01-14 14:36 <REP> d--h----- h:\documents and settings\Lounes\InstallAnywhere

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-10 18:19 --------- d-----w h:\program files\Windows Live
2009-02-10 18:10 --------- d-----w h:\documents and settings\All Users\Application Data\WLInstaller
2009-01-16 22:54 --------- d-----w h:\documents and settings\Lounes\Application Data\Sports Interactive
2008-12-30 14:37 --------- d-----w h:\documents and settings\Lounes\Application Data\dvdcss
2008-12-22 12:15 --------- d--h--w h:\program files\InstallShield Installation Information
2008-12-22 11:38 22,328 ----a-w h:\windows\system32\drivers\PnkBstrK.sys
2008-12-22 11:38 22,328 ----a-w h:\documents and settings\Lounes\Application Data\PnkBstrK.sys
2008-12-22 11:37 682,280 ----a-w h:\windows\system32\pbsvc.exe
2008-12-22 11:37 66,872 ----a-w h:\windows\system32\PnkBstrA.exe
2008-12-22 11:37 107,832 ----a-w h:\windows\system32\PnkBstrB.exe
2008-12-21 19:57 446,976 ----a-w h:\windows\system32\ShellMPD.dll
2008-12-21 19:57 --------- d-----w h:\documents and settings\Lounes\Application Data\MSN Pictures Displayer
2008-12-20 22:47 826,368 ----a-w h:\windows\system32\wininet.dll
2008-12-15 17:57 --------- d-----w h:\program files\Mvm
2008-12-14 10:51 --------- d-----w h:\documents and settings\Lounes\Application Data\Samsung
2008-12-14 10:48 5,632 ----a-w h:\windows\system32\drivers\StarOpen.sys
2008-12-14 10:30 --------- d-----w h:\program files\Fichiers communs\Adobe
2008-12-13 15:07 --------- d-----w h:\program files\Fichiers communs\Adobe AIR
2008-12-13 15:07 --------- d-----w h:\program files\Adobe Media Player
2008-12-12 17:53 --------- d-----w h:\program files\Microsoft.NET
.

((((((((((((((((((((((((((((( SnapShot@2009-02-10_23.13.41.76 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-16 20:18:31 124,928 -c----w h:\windows\ie7updates\KB961260-IE7\advpack.dll
+ 2008-10-16 20:18:31 347,136 -c----w h:\windows\ie7updates\KB961260-IE7\dxtmsft.dll
+ 2008-10-16 20:18:31 214,528 -c----w h:\windows\ie7updates\KB961260-IE7\dxtrans.dll
+ 2008-10-16 20:18:31 133,120 -c----w h:\windows\ie7updates\KB961260-IE7\extmgr.dll
+ 2008-10-16 20:18:32 63,488 -c----w h:\windows\ie7updates\KB961260-IE7\icardie.dll
+ 2008-10-16 13:12:20 70,656 -c----w h:\windows\ie7updates\KB961260-IE7\ie4uinit.exe
+ 2008-10-16 20:18:32 153,088 -c----w h:\windows\ie7updates\KB961260-IE7\ieakeng.dll
+ 2008-10-16 20:18:32 230,400 -c----w h:\windows\ie7updates\KB961260-IE7\ieaksie.dll
+ 2008-10-15 07:04:53 161,792 -c----w h:\windows\ie7updates\KB961260-IE7\ieakui.dll
+ 2008-10-16 20:18:32 383,488 -c----w h:\windows\ie7updates\KB961260-IE7\ieapfltr.dll
+ 2008-10-16 20:18:32 384,512 -c----w h:\windows\ie7updates\KB961260-IE7\iedkcs32.dll
+ 2008-10-16 20:18:35 6,066,176 -c----w h:\windows\ie7updates\KB961260-IE7\ieframe.dll
+ 2008-10-16 20:18:35 44,544 -c----w h:\windows\ie7updates\KB961260-IE7\iernonce.dll
+ 2008-10-16 20:18:35 267,776 -c----w h:\windows\ie7updates\KB961260-IE7\iertutil.dll
+ 2008-10-16 13:11:09 13,824 -c----w h:\windows\ie7updates\KB961260-IE7\ieudinit.exe
+ 2008-10-15 07:06:26 633,632 -c----w h:\windows\ie7updates\KB961260-IE7\iexplore.exe
+ 2008-10-16 20:18:36 27,648 -c----w h:\windows\ie7updates\KB961260-IE7\jsproxy.dll
+ 2008-10-16 20:18:37 459,264 -c----w h:\windows\ie7updates\KB961260-IE7\msfeeds.dll
+ 2008-10-16 20:18:37 52,224 -c----w h:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll
+ 2008-12-13 06:37:56 3,593,216 -c----w h:\windows\ie7updates\KB961260-IE7\mshtml.dll
+ 2008-10-16 20:18:40 477,696 -c----w h:\windows\ie7updates\KB961260-IE7\mshtmled.dll
+ 2008-10-16 20:18:40 193,024 -c----w h:\windows\ie7updates\KB961260-IE7\msrating.dll
+ 2008-10-16 20:18:41 671,232 -c----w h:\windows\ie7updates\KB961260-IE7\mstime.dll
+ 2008-10-16 20:18:41 102,912 -c----w h:\windows\ie7updates\KB961260-IE7\occache.dll
+ 2008-10-16 20:18:41 44,544 -c----w h:\windows\ie7updates\KB961260-IE7\pngfilt.dll
+ 2007-03-06 01:34:38 216,800 -c----w h:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w h:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll
+ 2008-10-16 20:18:41 105,984 -c----w h:\windows\ie7updates\KB961260-IE7\url.dll
+ 2008-10-16 20:18:42 1,160,192 -c----w h:\windows\ie7updates\KB961260-IE7\urlmon.dll
+ 2008-10-16 20:18:42 233,472 -c----w h:\windows\ie7updates\KB961260-IE7\webcheck.dll
+ 2008-10-16 20:18:43 826,368 -c----w h:\windows\ie7updates\KB961260-IE7\wininet.dll
- 2009-01-14 00:30:17 593,920 ----a-r h:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-02-12 10:32:33 593,920 ----a-r h:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2009-01-14 00:30:17 12,288 ----a-r h:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-02-12 10:32:33 12,288 ----a-r h:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2009-01-14 00:30:17 86,016 ----a-r h:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-02-12 10:32:33 86,016 ----a-r h:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-01-14 00:30:16 135,168 ----a-r h:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-02-12 10:32:33 135,168 ----a-r h:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-01-14 00:30:17 11,264 ----a-r h:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-02-12 10:32:33 11,264 ----a-r h:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-01-14 00:30:17 27,136 ----a-r h:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-02-12 10:32:33 27,136 ----a-r h:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-01-14 00:30:17 4,096 ----a-r h:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-02-12 10:32:33 4,096 ----a-r h:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-01-14 00:30:17 794,624 ----a-r h:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-02-12 10:32:33 794,624 ----a-r h:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-01-14 00:30:17 249,856 ----a-r h:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-02-12 10:32:33 249,856 ----a-r h:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-01-14 00:30:16 61,440 ----a-r h:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-02-12 10:32:33 61,440 ----a-r h:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-01-14 00:30:17 23,040 ----a-r h:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-02-12 10:32:33 23,040 ----a-r h:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-01-14 00:30:16 286,720 ----a-r h:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-02-12 10:32:33 286,720 ----a-r h:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-01-14 00:30:16 409,600 ----a-r h:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-02-12 10:32:33 409,600 ----a-r h:\windows\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-10-16 20:18:31 124,928 ----a-w h:\windows\system32\advpack.dll
+ 2008-12-20 22:46:48 124,928 ----a-w h:\windows\system32\advpack.dll
- 2008-11-26 17:21:30 1,236,208 ----a-w h:\windows\system32\aswBoot.exe
+ 2009-02-05 21:11:35 1,256,296 ----a-w h:\windows\system32\aswBoot.exe
- 2008-11-26 17:15:10 97,480 ----a-w h:\windows\system32\AvastSS.scr
+ 2009-02-05 21:04:45 97,480 ----a-w h:\windows\system32\AvastSS.scr
- 2008-10-16 20:18:31 124,928 -c----w h:\windows\system32\dllcache\advpack.dll
+ 2008-12-20 22:46:48 124,928 -c----w h:\windows\system32\dllcache\advpack.dll
- 2008-10-16 20:18:31 347,136 -c----w h:\windows\system32\dllcache\dxtmsft.dll
+ 2008-12-20 22:46:48 347,136 -c----w h:\windows\system32\dllcache\dxtmsft.dll
- 2008-10-16 20:18:31 214,528 -c----w h:\windows\system32\dllcache\dxtrans.dll
+ 2008-12-20 22:46:48 214,528 -c----w h:\windows\system32\dllcache\dxtrans.dll
- 2008-10-16 20:18:31 133,120 -c----w h:\windows\system32\dllcache\extmgr.dll
+ 2008-12-20 22:46:49 133,120 -c----w h:\windows\system32\dllcache\extmgr.dll
- 2008-10-16 20:18:32 63,488 -c----w h:\windows\system32\dllcache\icardie.dll
+ 2008-12-20 22:46:49 63,488 -c----w h:\windows\system32\dllcache\icardie.dll
- 2008-10-16 13:12:20 70,656 -c----w h:\windows\system32\dllcache\ie4uinit.exe
+ 2008-12-19 09:11:12 70,656 -c----w h:\windows\system32\dllcache\ie4uinit.exe
- 2008-10-16 20:18:32 153,088 -c----w h:\windows\system32\dllcache\ieakeng.dll
+ 2008-12-20 22:46:49 153,088 -c----w h:\windows\system32\dllcache\ieakeng.dll
- 2008-10-16 20:18:32 230,400 -c----w h:\windows\system32\dllcache\ieaksie.dll
+ 2008-12-20 22:46:49 230,400 -c----w h:\windows\system32\dllcache\ieaksie.dll
- 2008-10-15 07:04:53 161,792 -c----w h:\windows\system32\dllcache\ieakui.dll
+ 2008-12-19 05:23:56 161,792 -c----w h:\windows\system32\dllcache\ieakui.dll
- 2008-10-16 20:18:32 383,488 -c----w h:\windows\system32\dllcache\ieapfltr.dll
+ 2008-12-20 22:46:50 383,488 -c----w h:\windows\system32\dllcache\ieapfltr.dll
- 2008-10-16 20:18:32 384,512 -c----w h:\windows\system32\dllcache\iedkcs32.dll
+ 2008-12-20 22:46:50 384,512 -c----w h:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-16 20:18:35 6,066,176 -c----w h:\windows\system32\dllcache\ieframe.dll
+ 2008-12-20 22:46:54 6,066,688 -c----w h:\windows\system32\dllcache\ieframe.dll
- 2008-10-16 20:18:35 44,544 -c----w h:\windows\system32\dllcache\iernonce.dll
+ 2008-12-20 22:46:54 44,544 -c----w h:\windows\system32\dllcache\iernonce.dll
- 2008-10-16 20:18:35 267,776 -c----w h:\windows\system32\dllcache\iertutil.dll
+ 2008-12-20 22:46:54 267,776 -c----w h:\windows\system32\dllcache\iertutil.dll
- 2008-10-16 13:11:09 13,824 -c----w h:\windows\system32\dllcache\ieudinit.exe
+ 2008-12-19 09:10:15 13,824 -c----w h:\windows\system32\dllcache\ieudinit.exe
- 2008-10-15 07:06:26 633,632 -c----w h:\windows\system32\dllcache\iexplore.exe
+ 2008-12-19 05:25:25 634,024 -c----w h:\windows\system32\dllcache\iexplore.exe
- 2008-10-16 20:18:36 27,648 -c----w h:\windows\system32\dllcache\jsproxy.dll
+ 2008-12-20 22:46:56 27,648 -c----w h:\windows\system32\dllcache\jsproxy.dll
- 2008-10-16 20:18:37 459,264 -c----w h:\windows\system32\dllcache\msfeeds.dll
+ 2008-12-20 22:46:56 459,264 -c----w h:\windows\system32\dllcache\msfeeds.dll
- 2008-10-16 20:18:37 52,224 -c----w h:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-12-20 22:46:57 52,224 -c----w h:\windows\system32\dllcache\msfeedsbs.dll
- 2008-12-13 06:37:56 3,593,216 -c----w h:\windows\system32\dllcache\mshtml.dll
+ 2009-01-16 20:15:42 3,594,752 -c----w h:\windows\system32\dllcache\mshtml.dll
- 2008-10-16 20:18:40 477,696 -c----w h:\windows\system32\dllcache\mshtmled.dll
+ 2008-12-20 22:47:01 477,696 -c----w h:\windows\system32\dllcache\mshtmled.dll
- 2008-10-16 20:18:40 193,024 -c----w h:\windows\system32\dllcache\msrating.dll
+ 2008-12-20 22:47:01 193,024 -c----w h:\windows\system32\dllcache\msrating.dll
- 2008-10-16 20:18:41 671,232 -c----w h:\windows\system32\dllcache\mstime.dll
+ 2008-12-20 22:47:02 671,232 -c----w h:\windows\system32\dllcache\mstime.dll
- 2008-10-16 20:18:41 102,912 -c----w h:\windows\system32\dllcache\occache.dll
+ 2008-12-20 22:47:02 102,912 -c----w h:\windows\system32\dllcache\occache.dll
- 2008-10-16 20:18:41 44,544 -c----w h:\windows\system32\dllcache\pngfilt.dll
+ 2008-12-20 22:47:02 44,544 -c----w h:\windows\system32\dllcache\pngfilt.dll
- 2008-10-16 20:18:41 105,984 -c----w h:\windows\system32\dllcache\url.dll
+ 2008-12-20 22:47:02 105,984 -c----w h:\windows\system32\dllcache\url.dll
- 2008-10-16 20:18:42 1,160,192 -c----w h:\windows\system32\dllcache\urlmon.dll
+ 2008-12-20 22:47:03 1,160,192 -c----w h:\windows\system32\dllcache\urlmon.dll
- 2008-10-16 20:18:42 233,472 -c----w h:\windows\system32\dllcache\webcheck.dll
+ 2008-12-20 22:47:03 233,472 -c----w h:\windows\system32\dllcache\webcheck.dll
- 2008-10-16 20:18:43 826,368 -c----w h:\windows\system32\dllcache\wininet.dll
+ 2008-12-20 22:47:04 826,368 -c----w h:\windows\system32\dllcache\wininet.dll
- 2008-11-26 17:15:35 26,944 ----a-w h:\windows\system32\drivers\aavmker4.sys
+ 2009-02-05 21:05:11 26,944 ----a-w h:\windows\system32\drivers\aavmker4.sys
- 2008-11-26 17:17:25 20,560 ----a-w h:\windows\system32\drivers\aswFsBlk.sys
+ 2009-02-05 21:07:12 20,560 ----a-w h:\windows\system32\drivers\aswFsBlk.sys
- 2008-11-26 17:18:25 93,296 ----a-w h:\windows\system32\drivers\aswmon.sys
+ 2009-02-05 21:08:19 93,296 ----a-w h:\windows\system32\drivers\aswmon.sys
- 2008-11-26 17:18:18 94,032 ----a-w h:\windows\system32\drivers\aswmon2.sys
+ 2009-02-05 21:08:10 94,032 ----a-w h:\windows\system32\drivers\aswmon2.sys
- 2008-11-26 17:16:29 23,152 ----a-w h:\windows\system32\drivers\aswRdr.sys
+ 2009-02-05 21:06:10 23,152 ----a-w h:\windows\system32\drivers\aswRdr.sys
- 2008-11-26 17:17:36 111,184 ----a-w h:\windows\system32\drivers\aswSP.sys
+ 2009-02-05 21:07:23 114,768 ----a-w h:\windows\system32\drivers\aswSP.sys
- 2008-11-26 17:16:38 50,864 ----a-w h:\windows\system32\drivers\aswTdi.sys
+ 2009-02-05 21:06:20 51,376 ----a-w h:\windows\system32\drivers\aswTdi.sys
- 2008-10-16 20:18:31 347,136 ------w h:\windows\system32\dxtmsft.dll
+ 2008-12-20 22:46:48 347,136 ------w h:\windows\system32\dxtmsft.dll
- 2008-10-16 20:18:31 214,528 ------w h:\windows\system32\dxtrans.dll
+ 2008-12-20 22:46:48 214,528 ------w h:\windows\system32\dxtrans.dll
- 2008-10-16 20:18:31 133,120 ------w h:\windows\system32\extmgr.dll
+ 2008-12-20 22:46:49 133,120 ------w h:\windows\system32\extmgr.dll
- 2008-10-16 20:18:32 63,488 ----a-w h:\windows\system32\icardie.dll
+ 2008-12-20 22:46:49 63,488 ----a-w h:\windows\system32\icardie.dll
- 2008-10-16 13:12:20 70,656 ------w h:\windows\system32\ie4uinit.exe
+ 2008-12-19 09:11:12 70,656 ------w h:\windows\system32\ie4uinit.exe
- 2008-10-16 20:18:32 153,088 ------w h:\windows\system32\ieakeng.dll
+ 2008-12-20 22:46:49 153,088 ------w h:\windows\system32\ieakeng.dll
- 2008-10-16 20:18:32 230,400 ------w h:\windows\system32\ieaksie.dll
+ 2008-12-20 22:46:49 230,400 ------w h:\windows\system32\ieaksie.dll
- 2008-10-15 07:04:53 161,792 ------w h:\windows\system32\ieakui.dll
+ 2008-12-19 05:23:56 161,792 ------w h:\windows\system32\ieakui.dll
- 2008-10-16 20:18:32 383,488 ----a-w h:\windows\system32\ieapfltr.dll
+ 2008-12-20 22:46:50 383,488 ----a-w h:\windows\system32\ieapfltr.dll
- 2008-10-16 20:18:32 384,512 ------w h:\windows\system32\iedkcs32.dll
+ 2008-12-20 22:46:50 384,512 ------w h:\windows\system32\iedkcs32.dll
- 2008-10-16 20:18:35 6,066,176 ----a-w h:\windows\system32\ieframe.dll
+ 2008-12-20 22:46:54 6,066,688 ----a-w h:\windows\system32\ieframe.dll
- 2008-10-16 20:18:35 44,544 ------w h:\windows\system32\iernonce.dll
+ 2008-12-20 22:46:54 44,544 ------w h:\windows\system32\iernonce.dll
- 2008-10-16 20:18:35 267,776 ----a-w h:\windows\system32\iertutil.dll
+ 2008-12-20 22:46:54 267,776 ----a-w h:\windows\system32\iertutil.dll
- 2008-10-16 13:11:09 13,824 ----a-w h:\windows\system32\ieudinit.exe
+ 2008-12-19 09:10:15 13,824 ----a-w h:\windows\system32\ieudinit.exe
- 2008-10-16 20:18:36 27,648 ------w h:\windows\system32\jsproxy.dll
+ 2008-12-20 22:46:56 27,648 ------w h:\windows\system32\jsproxy.dll
- 2009-01-10 01:35:28 20,853,704 ----a-w h:\windows\system32\MRT.exe
+ 2009-02-03 23:21:12 21,244,864 ----a-w h:\windows\system32\MRT.exe
- 2008-10-16 20:18:37 459,264 ----a-w h:\windows\system32\msfeeds.dll
+ 2008-12-20 22:46:56 459,264 ----a-w h:\windows\system32\msfeeds.dll
- 2008-10-16 20:18:37 52,224 ----a-w h:\windows\system32\msfeedsbs.dll
+ 2008-12-20 22:46:57 52,224 ----a-w h:\windows\system32\msfeedsbs.dll
- 2008-12-13 06:37:56 3,593,216 ----a-w h:\windows\system32\mshtml.dll
+ 2009-01-16 20:15:42 3,594,752 ----a-w h:\windows\system32\mshtml.dll
- 2008-10-16 20:18:40 477,696 ------w h:\windows\system32\mshtmled.dll
+ 2008-12-20 22:47:01 477,696 ------w h:\windows\system32\mshtmled.dll
- 2008-10-16 20:18:40 193,024 ------w h:\windows\system32\msrating.dll
+ 2008-12-20 22:47:01 193,024 ------w h:\windows\system32\msrating.dll
- 2008-10-16 20:18:41 671,232 ------w h:\windows\system32\mstime.dll
+ 2008-12-20 22:47:02 671,232 ------w h:\windows\system32\mstime.dll
- 2008-10-16 20:18:41 102,912 ------w h:\windows\system32\occache.dll
+ 2008-12-20 22:47:02 102,912 ------w h:\windows\system32\occache.dll
- 2008-10-16 20:18:41 44,544 ------w h:\windows\system32\pngfilt.dll
+ 2008-12-20 22:47:02 44,544 ------w h:\windows\system32\pngfilt.dll
- 2007-11-30 11:19:06 18,296 ------w h:\windows\system32\spmsg.dll
+ 2008-07-09 07:40:22 18,296 ------w h:\windows\system32\spmsg.dll
- 2008-10-16 20:18:41 105,984 ----a-w h:\windows\system32\url.dll
+ 2008-12-20 22:47:02 105,984 ----a-w h:\windows\system32\url.dll
- 2008-10-16 20:18:42 1,160,192 ----a-w h:\windows\system32\urlmon.dll
+ 2008-12-20 22:47:03 1,160,192 ----a-w h:\windows\system32\urlmon.dll
- 2008-10-16 20:18:42 233,472 ----a-w h:\windows\system32\webcheck.dll
+ 2008-12-20 22:47:03 233,472 ----a-w h:\windows\system32\webcheck.dll
+ 2009-02-12 20:51:25 16,384 ----atw h:\windows\Temp\Perflib_Perfdata_4d0.dat
+ 2009-02-12 20:51:15 16,384 ----atw h:\windows\Temp\Perflib_Perfdata_70c.dat
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="h:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="h:\windows\system32\NvCpl.dll" [2008-08-01 13529088]
"NvMediaCenter"="h:\windows\system32\NvMcTray.dll" [2008-08-01 86016]
"avast!"="h:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"QuickTime Task"="h:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="h:\documents and settings\Lounes\Mes documents\dadynho94\Itunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="h:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"Adobe Reader Speed Launcher"="h:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"nwiz"="nwiz.exe" [2008-08-01 h:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 h:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 h:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="h:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

h:\documents and settings\Lounes\Menu D‚marrer\Programmes\D‚marrage\
MSN Pictures Displayer.lnk - h:\documents and settings\Lounes\Mes documents\dadynho94\MSN DP\MSN Pictures Displayer.exe [2008-12-21 4708864]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= h:\documents and settings\Lounes\Mes documents\Horaire_des_prieres_2000.html
FriendlyName=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"h:\\Documents and Settings\\Lounes\\Mes documents\\dadynho94\\E-Mule\\eMule\\emule.exe"=
"h:\\Documents and Settings\\Lounes\\Mes documents\\dadynho94\\Bit comet\\BitComet\\BitComet.exe"=
"h:\\Documents and Settings\\Lounes\\Mes documents\\dadynho94\\Itunes\\iTunes.exe"=
"h:\\WINDOWS\\system32\\PnkBstrA.exe"=
"h:\\WINDOWS\\system32\\PnkBstrB.exe"=
"h:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"h:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"h:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"h:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14257:TCP"= 14257:TCP:BitComet 14257 TCP
"14257:UDP"= 14257:UDP:BitComet 14257 UDP

R1 aswSP;avast! Self Protection;h:\windows\system32\drivers\aswSP.sys [2008-11-18 114768]
R2 aswFsBlk;aswFsBlk;h:\windows\system32\drivers\aswFsBlk.sys [2008-11-18 20560]
S3 maconfservice;Ma-Config Service;h:\program files\ma-config.com\maconfservice.exe [2008-11-17 195752]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28ee090f-8fb0-11dd-9c21-e0ba7ac8d2a7}]
\Shell\AutoRun\command - M:\m0vnonh.bat
\Shell\open\Command - M:\m0vnonh.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{715ed62d-c444-11dd-9c4d-0019214cf26a}]
\Shell\AutoRun\command - start.exe
\Shell\iledefrance\command - start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c139df7c-b744-11dd-9c37-0019214cf26a}]
\Shell\AutoRun\command - K:\m0vnonh.bat
\Shell\open\Command - K:\m0vnonh.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdd64714-f514-11dd-9c92-0019214cf26a}]
\Shell\AutoRun\command - K:\m0vnonh.bat
\Shell\open\Command - K:\m0vnonh.bat
.
Contenu du dossier 'Tâches planifiées'

2009-02-06 h:\windows\Tasks\AppleSoftwareUpdate.job
- h:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: &T&élécharger &avec BitComet - h:\documents and settings\Lounes\Mes documents\dadynho94\Bit comet\BitComet\BitComet.exe/AddLink.htm
IE: &T&élécharger tout avec BitComet - h:\documents and settings\Lounes\Mes documents\dadynho94\Bit comet\BitComet\BitComet.exe/AddAllLink.htm
IE: &T&élécharger toute vidéo avec BitComet - h:\documents and settings\Lounes\Mes documents\dadynho94\Bit comet\BitComet\BitComet.exe/AddVideo.htm
IE: E&xporter vers Microsoft Excel - h:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://ma-config.com/activex/hardwaredetection_3_0_4_0.cab
FF - ProfilePath - h:\documents and settings\Lounes\Application Data\Mozilla\Firefox\Profiles\w4lx2b7n.default\
FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
FF - component: h:\documents and settings\Lounes\Application Data\Mozilla\Firefox\Profiles\w4lx2b7n.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: h:\documents and settings\Lounes\Mes documents\dadynho94\Itunes\Mozilla Plugins\npitunes.dll
FF - plugin: h:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: h:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: h:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-12 21:57:06
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="H?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Heure de fin: 2009-02-12 21:58:35
ComboFix-quarantined-files.txt 2009-02-12 20:58:18
ComboFix2.txt 2009-02-10 22:15:04

Avant-CF: 47 155 885 056 octets libres
Après-CF: 47,146,954,752 octets libres

400 --- E O F --- 2009-02-12 10:34:05

dadynho94 · Answer

Ok ben merci à toi, le problème n'est plus ;)

System32 infecté par nmdfgds0.dll

13 réponses

Votre réponse

Discussions similaires

Newsletters