HELP! Ordi plante - Rapport Hijackthis

verozao Messages postés 76 Date d'inscription   Statut Membre Dernière intervention   -  
verozao Messages postés 76 Date d'inscription   Statut Membre Dernière intervention   -
Bonjour,

Récemment, j'ai eu plain de problemes avec mon ordinateur. Ca avait commence apres avoir inséré une clé USB. Depuis, j'ai eu le probleme de "gestionnaire des taches a ete desactivé par votre administrateur", ensuite je suis dans l'impossibilité de demarrer en mode sans echec, je recois ensuite le message "le systeme a recupere d'une erreur serieuse" et l'ordi reboote et enfin, parmi la longue liste des problemes, je recois le message "il n'y a pas de disque dans le lecteur D. Inserez un disque" alors que j'ai rien demandé.

Je suis un peu desesperee la, d'autant que j'ai deja formaté mon PC recemment et les problemes sont encore la!
Mon pote qui s'y connait un peu a partitionné mon PC, dc j'ai deux disques durs C et E.
Bref, je mets ci-dessous les deux rapport Hijackthis, merci de votre aide!!!

Sous C
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:18, on 09/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
E:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
E:\Program Files\McAfee\SiteAdvisor\McSACore.exe
E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
e:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
E:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
e:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
e:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
E:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
E:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
E:\Program Files\McAfee\MPF\MPFSrv.exe
E:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
E:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
E:\Program Files\McAfee\MSK\MskAgent.exe
E:\PROGRA~1\McAfee\MPS\mps.exe
E:\Program Files\McAfee\MSK\MskSrver.exe
E:\Program Files\DAEMON Tools Lite\daemon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
E:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
E:\Program Files\McAfee\MPS\mpsevh.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\HPQ\shared\hpqwmi.exe
E:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://gamespace.daemon-tools.cc/fra/home
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - e:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - e:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - e:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - E:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cpqset] E:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] E:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [MskAgentexe] E:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [mcagent_exe] E:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SmartAccess AutoStart] "D:\SmartAccess\bcont_nm.exe" /url "D:\SmartAccess\common\snapins\restart\cl_restart_landing.htm" /language "en" /restart bcont.exe /starthidden
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BTTray.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - E:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - e:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: McAfee Application Installer Cleanup (0238711239050164) (0238711239050164mcinstcleanup) - Unknown owner - E:\DOCUME~1\verzao\LOCALS~1\Temp\023871~1.EXE (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - E:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - E:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - E:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - E:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - e:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - E:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - e:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - e:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - E:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - E:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - E:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - E:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - E:\Program Files\McAfee\MSK\MskSrver.exe
A voir également:

59 réponses

Réponse 1 / 59
jlpjlp Messages postés 51580 Date d'inscription   Statut Contributeur sécurité Dernière intervention   5 040
 
utilise pour supprimer tes traces

CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo
(dans les options puis avancé :désactive la case: effacer les fichiers de plus de 48 heures)
https://www.malekal.com/tutoriel-ccleaner/
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

_______________________



Telecharge et install UsbFix de C_XX & Chiquitine29

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir</gras>

# Double clic sur le raccourci UsbFix présent sur ton bureau .

# Choisi l option 1 ( Recherche )

# Laisse travailler l outil.

# Ensuite post le rapport UsbFix.txt qui apparaitra.

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
1
verozao Messages postés 76 Date d'inscription   Statut Membre Dernière intervention  
 
Donc, j'avais pas la fameuse clé qui, je crois, a commence a faire merder mon ordi mais j'avais une autre cle USB dt je me sers souvent aussi.

Voila le rapport :


############################## [ UsbFix V3.005 ]

# User : verzao (Administrateurs) # VERO
# Update on 08/04/09 by C_XX & Chiquitine29
# Start at: 14:15:34 | 09/04/2009

# AMD Athlon(tm) 64 Processor 3500+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled
# AV : McAfee VirusScan [ Enabled | Updated ]
# FW : McAfee Personal Firewall[ Enabled ]

# C:\ # Disque fixe local # 29,29 Go (15,94 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque fixe local # 63,86 Go (53,35 Go free) # NTFS
# F:\ # Disque amovible # 953,72 Mo (399,3 Mo free) [KINGSTON] # FAT
# G:\ # Disque CD-ROM

############################## [ Processus actifs ]

E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
E:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
E:\Program Files\McAfee\SiteAdvisor\McSACore.exe
E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
e:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
E:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
e:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
e:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
E:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
E:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
E:\Program Files\McAfee\MPF\MPFSrv.exe
E:\PROGRA~1\McAfee\MPS\mps.exe
E:\Program Files\McAfee\MSK\MskSrver.exe
E:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
E:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
E:\Program Files\McAfee\MSK\MskAgent.exe
E:\Program Files\DAEMON Tools Lite\daemon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
E:\WINDOWS\system32\wdfmgr.exe
E:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
E:\Program Files\McAfee\MPS\mpsevh.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\Program Files\HPQ\shared\hpqwmi.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Registre # Startup ]

HKCU_Main: "Local Page"="E:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="https://gamespace.daemon-tools.cc/fra/home"
HKLM_logon: "Userinit"="E:\\WINDOWS\\system32\\userinit.exe,"
HKLM_Run: IMJPMIG8.1="E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
HKLM_Run: PHIME2002ASync=E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
HKLM_Run: PHIME2002A=E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
HKLM_Run: Cpqset=E:\Program Files\HPQ\Default Settings\cpqset.exe
HKLM_Run: HP Software Update=E:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
HKLM_Run: iTunesHelper=E:\Program Files\iTunes\iTunesHelper.exe
HKLM_Run: QuickTime Task="E:\Program Files\QuickTime\qttask.exe" -atboottime
HKLM_Run: eabconfg.cpl=E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
HKLM_Run: SunJavaUpdateSched=E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
HKLM_Run: hpWirelessAssistant=E:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
HKLM_Run: MskAgentexe=E:\Program Files\McAfee\MSK\MskAgent.exe
HKLM_Run: mcagent_exe=E:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
HKLM_Run: SmartAccess AutoStart="D:\SmartAccess\bcont_nm.exe" /url "D:\SmartAccess\common\snapins\restart\cl_restart_landing.htm" /language "en" /restart bcont.exe /starthidden
HKCU_Run: DAEMON Tools Lite="E:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
HKCU_Run: MSMSGS="E:\Program Files\Messenger\msmsgs.exe" /background
HKCU_System: "DisableTaskMgr"=dword:00000001
HKCU_System: "DisableRegistryTools"=dword:00000001
HKLM_System: "EnableLUA"=dword:00000000
HKCU_plorer: "NoDriveTypeAutoRun"=dword:00000091
HKLM_plorer: "HonorAutoRunSetting"=dword:00000001

################## [ Informations ]

# Contenu de l'autorun F:\autorun.inf
;
[AutoRun]
;VbwehlXjGneM iuVYaDYDlfCwkK
;DrDFJdrSTtfxMjdou
sHell\oPeN\cOMmANd=xpfoq.pif
;TUoj
sHEll\OpEn\DEfault=1
;
opEn= xpfoq.pif
sHELL\eXPLoRe\CoMMAnd =xpfoq.pif

;pJri IyTjxK lLFqf ppPl gayn
Shell\AutoPlay\CommAnD=xpfoq.pif


################## [ Fichiers # Dossiers infectieux ]

F:\autorun.inf # -> fichier appelé : "F:\xpfoq.pif" ( présent ! )
Found ! F:\autorun.inf
Found ! F:\yb12j.cmd
Found ! F:\recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx

################## [ Registre # Clés infectieuses ]

# -> Not Found !

################## [ Registre # Mountpoint2 ]

Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2940e330-222b-11de-a411-0014a51e328d}\Shell\AutoRun\command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2940e330-222b-11de-a411-0014a51e328d}\Shell\explore\Command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2940e330-222b-11de-a411-0014a51e328d}\Shell\open\Command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2940e331-222b-11de-a411-0014a51e328d}\Shell\AutoRun\command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b8130ac-1fb3-11de-a40f-0014a51e328d}\Shell\AutoRun\command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b8130ac-1fb3-11de-a40f-0014a51e328d}\Shell\explore\Command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b8130ac-1fb3-11de-a40f-0014a51e328d}\Shell\open\Command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b8130af-1fb3-11de-a40f-0014a51e328d}\Shell\AutoRun\command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b8130af-1fb3-11de-a40f-0014a51e328d}\Shell\explore\Command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b8130b0-1fb3-11de-a40f-0014a51e328d}\Shell\AutoRun\command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b8130c7-1fb3-11de-a40f-0014a51e328d}\Shell\AutoRun\command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b8130c7-1fb3-11de-a40f-0014a51e328d}\Shell\explore\Command

################## [ ! Fin du rapport # UsbFix V3.005 ! ]

Merci :)
0
Réponse 2 / 59
jlpjlp Messages postés 51580 Date d'inscription   Statut Contributeur sécurité Dernière intervention   5 040
 
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir</gras>

# Double clic sur le raccourci UsbFix présent sur ton bureau

# choisi l option 2 ( Suppression )

# Ton bureau disparaitra et le pc redémarrera .

# Au redémarrage , UsbFix scannera ton pc , laisse travailler l outil.

# Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )


________________________


puis remets un rapport RSIT:
random's system information tool

1
verozao Messages postés 76 Date d'inscription   Statut Membre Dernière intervention  
 
Alors, j'ai fait ce que tu m'as dit, et voila le rapport. Par contre, je voulais te dire que lorsque le PC a ete scanne, il y a une fenetre de McAfee qui est apparu :

Program Request Internet Access

Program: McAfee user interface manager
location : E:\Program Files\McAfee\MSC\mcuimgr.exe

On me demande si je dois autoriser l'acces ou non.

sinon, le rapport


############################## [ UsbFix V3.005 ]

# User : verzao (Administrateurs) # VERO
# Update on 08/04/09 by C_XX & Chiquitine29
# Start at: 14:58:33 | 09/04/2009

# AMD Athlon(tm) 64 Processor 3500+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Enabled
# AV : McAfee VirusScan [ Enabled | Updated ]
# FW : McAfee Personal Firewall[ Enabled ]

# C:\ # Disque fixe local # 29,29 Go (15,82 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque fixe local # 63,86 Go (53,23 Go free) # NTFS
# F:\ # Disque amovible # 953,72 Mo (399,03 Mo free) [KINGSTON] # FAT
# G:\ # Disque CD-ROM

############################## [ Processus actifs ]

E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\logonui.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
E:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
E:\Program Files\McAfee\SiteAdvisor\McSACore.exe
E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
e:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
E:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
e:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
e:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
E:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
E:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
E:\Program Files\McAfee\MPF\MPFSrv.exe
E:\PROGRA~1\McAfee\MPS\mps.exe
E:\Program Files\McAfee\MSK\MskSrver.exe
E:\WINDOWS\system32\wdfmgr.exe
E:\Program Files\McAfee\MPS\mpsevh.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Fichiers # Dossiers infectieux ]

F:\autorun.inf # -> fichier appelé : "F:\ xdcpx.exe" ( absent ! )
Deleted ! F:\autorun.inf
Deleted ! F:\yb12j.cmd
Deleted ! F:\recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx

################## [ Registre # Clés infectieuses ]

# -> Not Found !

################## [ Registre # Mountpoint2 ]

Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2940e330-222b-11de-a411-0014a51e328d}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2940e330-222b-11de-a411-0014a51e328d}\Shell\explore\Command
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2940e330-222b-11de-a411-0014a51e328d}\Shell\open\Command
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2940e331-222b-11de-a411-0014a51e328d}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b8130af-1fb3-11de-a40f-0014a51e328d}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b8130af-1fb3-11de-a40f-0014a51e328d}\Shell\explore\Command
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b8130b0-1fb3-11de-a40f-0014a51e328d}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b8130c7-1fb3-11de-a40f-0014a51e328d}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b8130c7-1fb3-11de-a40f-0014a51e328d}\Shell\explore\Command

################## [ Listing des fichiers présent ]

C:\AUTOEXEC.BAT
C:\NTDETECT.COM
C:\boot.ini
F:\egij.pif
F:\xpfoq.pif
F:\ilebe.exe
F:\hgii.exe
F:\RSIT.exe
F:\jamm.exe
F:\myaq.exe
F:\eayai.exe
F:\ccsetup218.exe
F:\UsbFix.exe
F:\xdcpx.exe

################## [ ! Fin du rapport # UsbFix V3.005 ! ]

je vais faire le rapport RSIT maintenant!
A tte :)
0
Réponse 3 / 59
jlpjlp Messages postés 51580 Date d'inscription   Statut Contributeur sécurité Dernière intervention   5 040
 
colle un scan en ligne de chez kaspersky:

https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
1
verozao Messages postés 76 Date d'inscription   Statut Membre Dernière intervention  
 
Hello,

Je ne peux pas acceder a la page Internet de Kaspersky, ni à celle-ci d'ailleurs (là je suis au boulot!)...
Est-ce qu'un virus peut bloquer l'acces a certaines pages web? Et comme par hasard, ce sont des pages contenant antivirus, solutions, etc...

Bonne journee!
0
verozao Messages postés 76 Date d'inscription   Statut Membre Dernière intervention  
 
Hello,

Impossible d'acceder au site de Kaspersky, ni cette page d'ailleurs (je suis au boulot la!).
C'est dingue ca, certains sites sont bloqués! Et je n'arrive tjrs pas a desinstaller Mcafee!

A tte!
0
verozao Messages postés 76 Date d'inscription   Statut Membre Dernière intervention  
 
Hello!

Bon, je n'arrive pas a acceder au site de kaspersky, ni a cette page depuis mon ordi (je suis au boulot la!), Mcafee ne pt tjrs pas etre desinstallé..."ca continue, encore et encore"...:)

A tte
0
verozao Messages postés 76 Date d'inscription   Statut Membre Dernière intervention  
 
Hello!

Bon, je n'arrive pas a acceder au site de kaspersky, ni a cette page depuis mon ordi (je suis au boulot la!), Mcafee ne pt tjrs pas etre desinstallé..."ca continue, encore et encore"...:)

A tte
0
Réponse 4 / 59
jlpjlp Messages postés 51580 Date d'inscription   Statut Contributeur sécurité Dernière intervention   5 040
 
slt



Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 59
verozao Messages postés 76 Date d'inscription   Statut Membre Dernière intervention  
 
Merci mille fois!
Par contre, j'ai seulement le contenu de log.txt.
J'ai pas trouve le dossier C:\rsit pour avoir l'autre rapport!

Donc voila :

Logfile of random's system information tool 1.06 (written by random/random)
Run by verzao at 2009-04-09 13:08:43
Microsoft Windows XP Édition familiale Service Pack 2
System drive E: has 55 GB (84%) free of 65 GB
Total RAM: 990 MB (67% free)

HijackThis download failed

======Scheduled tasks folder======

E:\WINDOWS\tasks\McDefragTask.job
E:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - e:\program files\mcafee\virusscan\scriptcl.dll [2006-12-22 67136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - e:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - e:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - E:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-12-10 929224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-05 208952]
"PHIME2002ASync"=E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
"PHIME2002A"=E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
"Cpqset"=E:\Program Files\HPQ\Default Settings\cpqset.exe [2005-02-17 315454]
"HP Software Update"=E:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
"iTunesHelper"=E:\Program Files\iTunes\iTunesHelper.exe [2004-10-13 278528]
"QuickTime Task"=E:\Program Files\QuickTime\qttask.exe [2009-04-01 98304]
"eabconfg.cpl"=E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2004-12-03 290816]
"SunJavaUpdateSched"=E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe [2005-03-04 36975]
"hpWirelessAssistant"=E:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2005-04-11 794624]
"MskAgentexe"=E:\Program Files\McAfee\MSK\MskAgent.exe [2007-01-17 152144]
"mcagent_exe"=E:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"SmartAccess AutoStart"=D:\SmartAccess\bcont_nm.exe /url D:\SmartAccess\common\snapins\restart\cl_restart_landing.htm /language en /restart bcont.exe /starthidden []
"KernelFaultCheck"=E:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=E:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]
"MSMSGS"=E:\Program Files\Messenger\msmsgs.exe [2004-10-13 1767936]

E:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
BTTray.lnk - E:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Program Files\iTunes\iTunes.exe"="E:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"E:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe"="E:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Windows Media Player\wmsetsdk.exe"="C:\Program Files\Windows Media Player\wmsetsdk.exe:*:Enabled:ipsec"
"E:\WINDOWS\Explorer.EXE"="E:\WINDOWS\Explorer.EXE:*:Enabled:ipsec"
"E:\Program Files\HPQ\Default Settings\cpqset.exe"="E:\Program Files\HPQ\Default Settings\cpqset.exe:*:Enabled:ipsec"
"E:\Program Files\uTorrent\uTorrent.exe"="E:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"e:\program files\mcafee\mpf\mc\mpfalert.exe"="e:\program files\mcafee\mpf\mc\mpfalert.exe:*:Enabled:ipsec"
"E:\Documents and Settings\verzao\Bureau\daemon4303-lite.exe"="E:\Documents and Settings\verzao\Bureau\daemon4303-lite.exe:*:Enabled:ipsec"
"E:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="E:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"E:\Program Files\Messenger\msmsgs.exe"="E:\Program Files\Messenger\msmsgs.exe:*:Enabled:ipsec"
"E:\DOCUME~1\verzao\LOCALS~1\Temp\yjvs.exe"="E:\DOCUME~1\verzao\LOCALS~1\Temp\yjvs.exe:*:Enabled:ipsec"
"E:\DOCUME~1\verzao\LOCALS~1\Temp\winulrd.exe"="E:\DOCUME~1\verzao\LOCALS~1\Temp\winulrd.exe:*:Enabled:ipsec"
"E:\DOCUME~1\verzao\LOCALS~1\Temp\eipqmw.exe"="E:\DOCUME~1\verzao\LOCALS~1\Temp\eipqmw.exe:*:Enabled:ipsec"
"E:\DOCUME~1\verzao\LOCALS~1\Temp\winhmqr.exe"="E:\DOCUME~1\verzao\LOCALS~1\Temp\winhmqr.exe:*:Enabled:ipsec"
"E:\DOCUME~1\verzao\LOCALS~1\Temp\wgfx.exe"="E:\DOCUME~1\verzao\LOCALS~1\Temp\wgfx.exe:*:Enabled:ipsec"
"E:\DOCUME~1\verzao\LOCALS~1\Temp\winsanl.exe"="E:\DOCUME~1\verzao\LOCALS~1\Temp\winsanl.exe:*:Enabled:ipsec"
"E:\DOCUME~1\verzao\LOCALS~1\Temp\ymeby.exe"="E:\DOCUME~1\verzao\LOCALS~1\Temp\ymeby.exe:*:Enabled:ipsec"
"E:\DOCUME~1\verzao\LOCALS~1\Temp\wincgcw.exe"="E:\DOCUME~1\verzao\LOCALS~1\Temp\wincgcw.exe:*:Enabled:ipsec"
"E:\DOCUME~1\verzao\LOCALS~1\Temp\winvfjqgw.exe"="E:\DOCUME~1\verzao\LOCALS~1\Temp\winvfjqgw.exe:*:Enabled:ipsec"
"E:\DOCUME~1\verzao\LOCALS~1\Temp\winiwas.exe"="E:\DOCUME~1\verzao\LOCALS~1\Temp\winiwas.exe:*:Enabled:ipsec"
"E:\DOCUME~1\verzao\LOCALS~1\Temp\uwjsth.exe"="E:\DOCUME~1\verzao\LOCALS~1\Temp\uwjsth.exe:*:Enabled:ipsec"
"E:\DOCUME~1\verzao\LOCALS~1\Temp\winehjm.exe"="E:\DOCUME~1\verzao\LOCALS~1\Temp\winehjm.exe:*:Enabled:ipsec"
"E:\DOCUME~1\verzao\LOCALS~1\Temp\giali.exe"="E:\DOCUME~1\verzao\LOCALS~1\Temp\giali.exe:*:Enabled:ipsec"
"E:\DOCUME~1\verzao\LOCALS~1\Temp\winoarb.exe"="E:\DOCUME~1\verzao\LOCALS~1\Temp\winoarb.exe:*:Enabled:ipsec"
"E:\DOCUME~1\verzao\LOCALS~1\Temp\winmtkfo.exe"="E:\DOCUME~1\verzao\LOCALS~1\Temp\winmtkfo.exe:*:Enabled:ipsec"
"E:\DOCUME~1\verzao\LOCALS~1\Temp\axlj.exe"="E:\DOCUME~1\verzao\LOCALS~1\Temp\axlj.exe:*:Enabled:ipsec"
"E:\DOCUME~1\verzao\LOCALS~1\Temp\bblv.exe"="E:\DOCUME~1\verzao\LOCALS~1\Temp\bblv.exe:*:Enabled:ipsec"
"E:\DOCUME~1\verzao\LOCALS~1\Temp\xsmls.exe"="E:\DOCUME~1\verzao\LOCALS~1\Temp\xsmls.exe:*:Enabled:ipsec"
"E:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe"="E:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe:*:Enabled:ipsec"
"D:\SmartAccess\bcont_nm.exe"="D:\SmartAccess\bcont_nm.exe:*:Enabled:ipsec"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2940e330-222b-11de-a411-0014a51e328d}]
shell\autopLaY\command - F:\kabp.pif
shell\AutoRun\command - F:\kabp.pif
shell\EXpLore\command - F:\kabp.pif
shell\OPen\command - F:\kabp.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2940e331-222b-11de-a411-0014a51e328d}]
shell\AutoRun\command - E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SMARTNotebookSE.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b8130af-1fb3-11de-a40f-0014a51e328d}]
shell\AuToplay\command - F:\dxpfbf.exe
shell\AutoRun\command - F:\dxpfbf.exe
shell\exPlore\command - F:\dxpfbf.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b8130b0-1fb3-11de-a40f-0014a51e328d}]
shell\AutoRun\command - E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SMARTNotebookSE.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b8130c7-1fb3-11de-a40f-0014a51e328d}]
shell\AutOplaY\command - F:\scqa.pif
shell\AutoRun\command - F:\scqa.pif
shell\EXPLOre\command - F:\scqa.pif


======List of files/folders created in the last 1 months======

2009-04-09 13:08:43 ----D---- E:\rsit
2009-04-09 11:56:03 ----D---- E:\Program Files\hIJACKTHIS
2009-04-09 11:11:44 ----D---- E:\Program Files\Trend Micro
2009-04-08 23:45:30 ----D---- E:\WINDOWS\system32\LogFiles
2009-04-06 21:48:15 ----D---- E:\Program Files\Microsoft Works
2009-04-06 21:48:00 ----D---- E:\Program Files\MSBuild
2009-04-06 21:47:38 ----D---- E:\Program Files\Microsoft Visual Studio
2009-04-06 21:47:38 ----D---- E:\Program Files\Fichiers communs\DESIGNER
2009-04-06 21:46:29 ----D---- E:\Program Files\Microsoft.NET
2009-04-06 21:42:45 ----D---- E:\WINDOWS\SHELLNEW
2009-04-06 21:42:00 ----D---- E:\Program Files\Microsoft Office
2009-04-06 21:41:57 ----D---- E:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-04-06 21:41:28 ----RHD---- E:\MSOCache
2009-04-06 21:35:55 ----D---- E:\Documents and Settings\verzao\Application Data\DAEMON Tools
2009-04-06 21:35:54 ----D---- E:\Documents and Settings\verzao\Application Data\DAEMON Tools Pro
2009-04-06 21:34:47 ----D---- E:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2009-04-06 21:33:59 ----D---- E:\Program Files\DAEMON Tools Toolbar
2009-04-06 21:33:25 ----D---- E:\Program Files\DAEMON Tools Lite
2009-04-06 21:29:49 ----D---- E:\Documents and Settings\verzao\Application Data\DAEMON Tools Lite
2009-04-06 21:10:57 ----D---- E:\WINDOWS\Minidump
2009-04-06 21:07:12 ----D---- E:\Program Files\eMule
2009-04-06 20:53:21 ----D---- E:\Program Files\uTorrent
2009-04-06 20:53:17 ----D---- E:\Documents and Settings\verzao\Application Data\uTorrent
2009-04-06 01:49:50 ----D---- E:\WINDOWS\system32\Logs
2009-04-06 01:49:29 ----HDC---- E:\WINDOWS\$NtUninstallKB951376-v2$
2009-04-06 01:49:24 ----HDC---- E:\WINDOWS\$NtUninstallKB952954$
2009-04-06 01:49:18 ----HDC---- E:\WINDOWS\$NtUninstallKB946648$
2009-04-06 01:49:13 ----HDC---- E:\WINDOWS\$NtUninstallKB956803$
2009-04-06 01:49:08 ----HDC---- E:\WINDOWS\$NtUninstallKB955839$
2009-04-06 01:44:56 ----HDC---- E:\WINDOWS\$NtUninstallKB958215$
2009-04-06 01:44:49 ----HDC---- E:\WINDOWS\$NtUninstallKB950974$
2009-04-06 01:44:42 ----HDC---- E:\WINDOWS\$NtUninstallKB951698$
2009-04-06 01:44:37 ----HDC---- E:\WINDOWS\$NtUninstallKB960225$
2009-04-06 01:44:25 ----HDC---- E:\WINDOWS\$NtUninstallKB956841$
2009-04-06 01:44:13 ----HDC---- E:\WINDOWS\$NtUninstallKB960714$
2009-04-06 01:43:57 ----HDC---- E:\WINDOWS\$NtUninstallKB938464-v2$
2009-04-06 01:43:44 ----HDC---- E:\WINDOWS\$NtUninstallKB952069_WM9$
2009-04-06 01:42:47 ----HDC---- E:\WINDOWS\$NtUninstallKB941569$
2009-04-06 01:42:36 ----HDC---- E:\WINDOWS\$NtUninstallKB950762$
2009-04-06 01:42:30 ----HDC---- E:\WINDOWS\$NtUninstallKB957097$
2009-04-06 01:42:16 ----HDC---- E:\WINDOWS\$NtUninstallKB960715$
2009-04-06 01:42:12 ----HDC---- E:\WINDOWS\$NtUninstallKB923689$
2009-04-06 01:42:00 ----HDC---- E:\WINDOWS\$NtUninstallKB958687$
2009-04-06 01:41:54 ----HDC---- E:\WINDOWS\$NtUninstallKB952287$
2009-04-06 01:41:43 ----HDC---- E:\WINDOWS\$NtUninstallKB967715$
2009-04-06 01:41:32 ----HDC---- E:\WINDOWS\$NtUninstallKB950760$
2009-04-06 01:41:27 ----HDC---- E:\WINDOWS\$NtUninstallKB951066$
2009-04-06 01:41:21 ----HDC---- E:\WINDOWS\$NtUninstallKB958690$
2009-04-06 01:41:12 ----HDC---- E:\WINDOWS\$NtUninstallKB951748$
2009-04-06 01:41:07 ----HDC---- E:\WINDOWS\$NtUninstallKB901190$
2009-04-06 01:41:02 ----HDC---- E:\WINDOWS\$NtUninstallKB954600$
2009-04-06 01:40:56 ----HDC---- E:\WINDOWS\$NtUninstallKB958644$
2009-04-06 01:40:50 ----HDC---- E:\WINDOWS\$NtUninstallKB955069$
2009-04-06 01:40:44 ----HDC---- E:\WINDOWS\$NtUninstallKB956802$
2009-04-06 01:40:39 ----HDC---- E:\WINDOWS\$NtUninstallKB944338-v2$
2009-04-06 01:40:24 ----HDC---- E:\WINDOWS\$NtUninstallKB936782_WMP10$
2009-04-05 23:53:28 ----D---- E:\Documents and Settings\verzao\Application Data\dvdcss
2009-04-05 22:58:11 ----D---- E:\WINDOWS\system32\CatRoot_bak
2009-04-05 22:56:26 ----D---- E:\Documents and Settings\All Users\Application Data\SiteAdvisor
2009-04-03 00:26:48 ----D---- E:\WINDOWS\system32\PreInstall
2009-04-03 00:26:47 ----A---- E:\WINDOWS\system32\spupdsvc.exe
2009-04-03 00:26:46 ----HDC---- E:\WINDOWS\$NtUninstallKB898461$
2009-04-02 23:27:47 ----D---- E:\Documents and Settings\verzao\Application Data\vlc
2009-04-02 23:12:07 ----SHD---- E:\RECYCLER
2009-04-02 23:06:17 ----D---- E:\Program Files\Spybot - Search & Destroy
2009-04-02 23:06:17 ----D---- E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-02 20:38:18 ----D---- E:\Documents and Settings\verzao\Application Data\Adobe
2009-04-02 20:23:57 ----D---- E:\Documents and Settings\verzao\Application Data\Mozilla
2009-04-02 20:11:07 ----D---- E:\WINDOWS\system32\SoftwareDistribution
2009-04-02 01:05:40 ----D---- E:\Program Files\Mozilla Firefox
2009-04-02 01:04:24 ----A---- E:\WINDOWS\system32\dunzip32.dll
2009-04-02 01:01:48 ----D---- E:\Program Files\McAfee.com
2009-04-02 01:01:43 ----D---- E:\Program Files\Fichiers communs\McAfee
2009-04-02 01:01:34 ----D---- E:\Program Files\McAfee
2009-04-02 01:00:05 ----D---- E:\Documents and Settings\All Users\Application Data\McAfee
2009-04-02 00:56:04 ----D---- E:\Documents and Settings\verzao\Application Data\Macromedia
2009-04-02 00:30:48 ----A---- E:\WINDOWS\system32\h323log.txt
2009-04-02 00:28:19 ----A---- E:\WINDOWS\system32\usbui.dll
2009-04-02 00:27:08 ----A---- E:\WINDOWS\imsins.BAK
2009-04-02 00:27:06 ----SHD---- E:\WINDOWS\Installer
2009-04-02 00:27:06 ----A---- E:\WINDOWS\system32\PerfStringBackup.INI
2009-04-02 00:27:05 ----D---- E:\Program Files\Fichiers communs\ODBC
2009-04-02 00:27:05 ----A---- E:\WINDOWS\ODBCINST.INI
2009-04-02 00:27:00 ----D---- E:\Program Files\Fichiers communs\SpeechEngines
2009-04-02 00:26:59 ----RD---- E:\Program Files
2009-04-02 00:26:59 ----D---- E:\Program Files\Fichiers communs\Microsoft Shared
2009-04-02 00:26:59 ----D---- E:\Program Files\Fichiers communs
2009-04-02 00:26:56 ----A---- E:\WINDOWS\system32\uniime.dll
2009-04-02 00:26:40 ----A---- E:\WINDOWS\system32\imjp81k.dll
2009-04-02 00:26:37 ----RA---- E:\WINDOWS\system32\kbdintel.dll
2009-04-02 00:26:37 ----RA---- E:\WINDOWS\system32\kbdintam.dll
2009-04-02 00:26:37 ----RA---- E:\WINDOWS\system32\kbdinpun.dll
2009-04-02 00:26:37 ----RA---- E:\WINDOWS\system32\kbdinmar.dll
2009-04-02 00:26:37 ----RA---- E:\WINDOWS\system32\kbdinkan.dll
2009-04-02 00:26:37 ----RA---- E:\WINDOWS\system32\kbdinhin.dll
2009-04-02 00:26:37 ----RA---- E:\WINDOWS\system32\kbdinguj.dll
2009-04-02 00:26:37 ----RA---- E:\WINDOWS\system32\kbdindev.dll
2009-04-02 00:26:37 ----RA---- E:\WINDOWS\system32\kbdgeo.dll
2009-04-02 00:26:37 ----RA---- E:\WINDOWS\system32\kbdarmw.dll
2009-04-02 00:26:37 ----RA---- E:\WINDOWS\system32\kbdarme.dll
2009-04-02 00:26:37 ----A---- E:\WINDOWS\system32\Thawbrkr.dll
2009-04-02 00:26:37 ----A---- E:\WINDOWS\system32\c_iscii.dll
2009-04-02 00:26:36 ----RA---- E:\WINDOWS\system32\kbdvntc.dll
2009-04-02 00:26:34 ----RA---- E:\WINDOWS\system32\kbdurdu.dll
2009-04-02 00:26:34 ----RA---- E:\WINDOWS\system32\kbdsyr2.dll
2009-04-02 00:26:34 ----RA---- E:\WINDOWS\system32\kbdsyr1.dll
2009-04-02 00:26:34 ----RA---- E:\WINDOWS\system32\kbdfa.dll
2009-04-02 00:26:34 ----RA---- E:\WINDOWS\system32\kbddiv2.dll
2009-04-02 00:26:34 ----RA---- E:\WINDOWS\system32\kbddiv1.dll
2009-04-02 00:26:34 ----RA---- E:\WINDOWS\system32\kbda3.dll
2009-04-02 00:26:34 ----RA---- E:\WINDOWS\system32\kbda2.dll
2009-04-02 00:26:34 ----RA---- E:\WINDOWS\system32\kbda1.dll
2009-04-02 00:26:34 ----A---- E:\WINDOWS\system32\kbdusa.dll
2009-04-02 00:26:30 ----RA---- E:\WINDOWS\system32\kbdheb.dll
2009-04-02 00:26:25 ----RA---- E:\WINDOWS\system32\kbdth3.dll
2009-04-02 00:26:25 ----RA---- E:\WINDOWS\system32\kbdth2.dll
2009-04-02 00:26:25 ----RA---- E:\WINDOWS\system32\kbdth1.dll
2009-04-02 00:26:25 ----RA---- E:\WINDOWS\system32\kbdth0.dll
2009-04-02 00:26:25 ----A---- E:\WINDOWS\system32\ftlx041e.dll
2009-04-02 00:26:24 ----A---- E:\WINDOWS\system32\chtbrkr.dll
2009-04-02 00:26:24 ----A---- E:\WINDOWS\system32\chsbrkr.dll
2009-04-02 00:26:22 ----A---- E:\WINDOWS\system32\korwbrkr.dll
2009-04-02 00:26:21 ----A---- E:\WINDOWS\system32\msir3jp.dll
2009-04-02 00:25:44 ----A---- E:\WINDOWS\system32\c_g18030.dll
2009-04-02 00:25:43 ----A---- E:\WINDOWS\system32\kbd101a.dll
2009-04-02 00:25:21 ----A---- E:\WINDOWS\system32\kbdnecNT.dll
2009-04-02 00:25:21 ----A---- E:\WINDOWS\system32\kbdnecAT.dll
2009-04-02 00:25:21 ----A---- E:\WINDOWS\system32\kbdnec95.dll
2009-04-02 00:25:21 ----A---- E:\WINDOWS\system32\kbdlk41j.dll
2009-04-02 00:25:21 ----A---- E:\WINDOWS\system32\kbdlk41a.dll
2009-04-02 00:25:21 ----A---- E:\WINDOWS\system32\f3ahvoas.dll
2009-04-02 00:25:20 ----A---- E:\WINDOWS\system32\kbdibm02.dll
2009-04-02 00:25:20 ----A---- E:\WINDOWS\system32\kbdax2.dll
2009-04-02 00:25:20 ----A---- E:\WINDOWS\system32\kbd106n.dll
2009-04-02 00:25:20 ----A---- E:\WINDOWS\system32\kbd101.dll
2009-04-02 00:24:26 ----A---- E:\WINDOWS\system32\c_is2022.dll
2009-04-02 00:24:24 ----A---- E:\WINDOWS\system32\kbdkor.dll
2009-04-02 00:24:24 ----A---- E:\WINDOWS\system32\kbdjpn.dll
2009-04-02 00:24:24 ----A---- E:\WINDOWS\system32\kbd106.dll
2009-04-02 00:24:24 ----A---- E:\WINDOWS\system32\kbd103.dll
2009-04-02 00:24:24 ----A---- E:\WINDOWS\system32\kbd101c.dll
2009-04-02 00:24:22 ----A---- E:\WINDOWS\system32\kbd101b.dll
2009-04-02 00:24:19 ----RA---- E:\WINDOWS\system32\kbdtuq.dll
2009-04-02 00:24:19 ----RA---- E:\WINDOWS\system32\kbdtuf.dll
2009-04-02 00:24:19 ----RA---- E:\WINDOWS\system32\kbdazel.dll
2009-04-02 00:24:17 ----RA---- E:\WINDOWS\system32\kbdycc.dll
2009-04-02 00:24:17 ----RA---- E:\WINDOWS\system32\kbduzb.dll
2009-04-02 00:24:17 ----RA---- E:\WINDOWS\system32\kbdur.dll
2009-04-02 00:24:17 ----RA---- E:\WINDOWS\system32\kbdtat.dll
2009-04-02 00:24:17 ----RA---- E:\WINDOWS\system32\kbdru1.dll
2009-04-02 00:24:17 ----RA---- E:\WINDOWS\system32\kbdru.dll
2009-04-02 00:24:17 ----RA---- E:\WINDOWS\system32\kbdmon.dll
2009-04-02 00:24:17 ----RA---- E:\WINDOWS\system32\kbdkyr.dll
2009-04-02 00:24:17 ----RA---- E:\WINDOWS\system32\kbdkaz.dll
2009-04-02 00:24:17 ----RA---- E:\WINDOWS\system32\kbdaze.dll
2009-04-02 00:24:16 ----RA---- E:\WINDOWS\system32\kbdbu.dll
2009-04-02 00:24:16 ----RA---- E:\WINDOWS\system32\kbdblr.dll
2009-04-02 00:24:14 ----RA---- E:\WINDOWS\system32\kbdhept.dll
2009-04-02 00:24:14 ----RA---- E:\WINDOWS\system32\kbdhela3.dll
2009-04-02 00:24:14 ----RA---- E:\WINDOWS\system32\kbdhela2.dll
2009-04-02 00:24:14 ----RA---- E:\WINDOWS\system32\kbdhe319.dll
2009-04-02 00:24:14 ----RA---- E:\WINDOWS\system32\kbdhe220.dll
2009-04-02 00:24:14 ----RA---- E:\WINDOWS\system32\kbdhe.dll
2009-04-02 00:24:14 ----RA---- E:\WINDOWS\system32\kbdgkl.dll
2009-04-02 00:24:12 ----RA---- E:\WINDOWS\system32\kbdlv1.dll
2009-04-02 00:24:12 ----RA---- E:\WINDOWS\system32\kbdlv.dll
2009-04-02 00:24:12 ----RA---- E:\WINDOWS\system32\kbdlt1.dll
2009-04-02 00:24:12 ----RA---- E:\WINDOWS\system32\kbdlt.dll
2009-04-02 00:24:12 ----RA---- E:\WINDOWS\system32\kbdest.dll
2009-04-02 00:24:10 ----RA---- E:\WINDOWS\system32\kbdsl1.dll
2009-04-02 00:24:10 ----RA---- E:\WINDOWS\system32\kbdsl.dll
2009-04-02 00:24:10 ----RA---- E:\WINDOWS\system32\kbdro.dll
2009-04-02 00:24:10 ----RA---- E:\WINDOWS\system32\kbdpl1.dll
2009-04-02 00:24:10 ----RA---- E:\WINDOWS\system32\kbdpl.dll
2009-04-02 00:24:10 ----RA---- E:\WINDOWS\system32\kbdhu1.dll
2009-04-02 00:24:10 ----RA---- E:\WINDOWS\system32\kbdhu.dll
2009-04-02 00:24:10 ----RA---- E:\WINDOWS\system32\kbdcz2.dll
2009-04-02 00:24:10 ----RA---- E:\WINDOWS\system32\kbdcz1.dll
2009-04-02 00:24:10 ----RA---- E:\WINDOWS\system32\kbdcz.dll
2009-04-02 00:24:10 ----RA---- E:\WINDOWS\system32\kbdcr.dll
2009-04-02 00:24:10 ----RA---- E:\WINDOWS\system32\KBDAL.DLL
2009-04-02 00:24:09 ----RA---- E:\WINDOWS\system32\kbdycl.dll
2009-04-02 00:24:07 ----A---- E:\WINDOWS\system32\spxcoins.dll
2009-04-02 00:24:07 ----A---- E:\WINDOWS\system32\irclass.dll
2009-04-02 00:24:07 ----A---- E:\WINDOWS\system32\dgsetup.dll
2009-04-02 00:24:07 ----A---- E:\WINDOWS\system32\dgrpsetu.dll
2009-04-02 00:24:06 ----A---- E:\WINDOWS\system32\EqnClass.Dll
2009-04-02 00:24:04 ----N---- E:\WINDOWS\system32\CONFIG.TMP
2009-04-02 00:24:04 ----A---- E:\WINDOWS\TASKMAN.EXE
2009-04-02 00:24:03 ----A---- E:\WINDOWS\system32\batt.dll
2009-04-02 00:24:03 ----A---- E:\WINDOWS\NOTEPAD.EXE
2009-04-02 00:24:02 ----A---- E:\WINDOWS\system32\storprop.dll
2009-04-02 00:23:52 ----ASH---- E:\Documents and Settings\All Users\Application Data\desktop.ini
2009-04-02 00:23:49 ----RA---- E:\WINDOWS\SET8.tmp
2009-04-02 00:23:45 ----RA---- E:\WINDOWS\SET4.tmp
2009-04-02 00:23:43 ----RA---- E:\WINDOWS\SET3.tmp
2009-04-02 00:23:37 ----D---- E:\WINDOWS\system32\CatRoot2
2009-04-02 00:23:37 ----D---- E:\WINDOWS\system32\CatRoot
2009-04-02 00:23:31 ----SD---- E:\Documents and Settings\All Users\Application Data\Microsoft
2009-04-02 00:23:00 ----A---- E:\WINDOWS\setuplog.txt
2009-04-02 00:22:56 ----SHD---- E:\System Volume Information
2009-04-02 00:22:56 ----D---- E:\Documents and Settings
2009-04-02 00:12:58 ----RSHDC---- E:\WINDOWS\system32\dllcache
2009-04-02 00:12:58 ----RSD---- E:\WINDOWS\Fonts
2009-04-02 00:12:58 ----RD---- E:\WINDOWS\Web
2009-04-02 00:12:58 ----HD---- E:\WINDOWS\inf
2009-04-02 00:12:58 ----D---- E:\WINDOWS\WinSxS
2009-04-02 00:12:58 ----D---- E:\WINDOWS\twain_32
2009-04-02 00:12:58 ----D---- E:\WINDOWS\Temp
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\wins
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\wbem
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\usmt
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\spool
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\ShellExt
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\Setup
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\ras
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\oobe
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\npp
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\mui
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\inetsrv
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\IME
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\icsxml
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\ias
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\export
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\drivers
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\dhcp
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\config
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\3com_dmi
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\3076
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\2052
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\1054
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\1042
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\1041
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\1037
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\1036
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\1033
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\1031
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\1028
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\1025
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system
2009-04-02 00:12:58 ----D---- E:\WINDOWS\security
2009-04-02 00:12:58 ----D---- E:\WINDOWS\Resources
2009-04-02 00:12:58 ----D---- E:\WINDOWS\repair
2009-04-02 00:12:58 ----D---- E:\WINDOWS\Provisioning
2009-04-02 00:12:58 ----D---- E:\WINDOWS\PeerNet
2009-04-02 00:12:58 ----D---- E:\WINDOWS\pchealth
2009-04-02 00:12:58 ----D---- E:\WINDOWS\mui
2009-04-02 00:12:58 ----D---- E:\WINDOWS\msapps
2009-04-02 00:12:58 ----D---- E:\WINDOWS\msagent
2009-04-02 00:12:58 ----D---- E:\WINDOWS\Media
2009-04-02 00:12:58 ----D---- E:\WINDOWS\java
2009-04-02 00:12:58 ----D---- E:\WINDOWS\ime
2009-04-02 00:12:58 ----D---- E:\WINDOWS\Help
2009-04-02 00:12:58 ----D---- E:\WINDOWS\Driver Cache
2009-04-02 00:12:58 ----D---- E:\WINDOWS\Debug
2009-04-02 00:12:58 ----D---- E:\WINDOWS\Cursors
2009-04-02 00:12:58 ----D---- E:\WINDOWS\Connection Wizard
2009-04-02 00:12:58 ----D---- E:\WINDOWS\Config
2009-04-02 00:12:58 ----D---- E:\WINDOWS\AppPatch
2009-04-02 00:12:58 ----D---- E:\WINDOWS\addins
2009-04-02 00:12:58 ----D---- E:\WINDOWS
2009-04-01 23:45:02 ----D---- E:\Documents and Settings\All Users\Application Data\hpqwmi
2009-04-01 23:42:05 ----A---- E:\WINDOWS\system32\wmpns.dll
2009-04-01 23:41:17 ----D---- E:\WINDOWS\RegisteredPackages
2009-04-01 23:40:32 ----A---- E:\WINDOWS\system32\javaws.exe
2009-04-01 23:40:32 ----A---- E:\WINDOWS\system32\javaw.exe
2009-04-01 23:40:32 ----A---- E:\WINDOWS\system32\java.exe
2009-04-01 23:40:07 ----D---- E:\Program Files\Java
2009-04-01 23:40:06 ----D---- E:\Program Files\Fichiers communs\Java
2009-04-01 23:39:55 ----D---- E:\Documents and Settings\All Users\Application Data\InstallShield
2009-04-01 23:38:44 ----D---- E:\Program Files\Fichiers communs\TiVo Shared
2009-04-01 23:38:06 ----D---- E:\Program Files\Sonic
2009-04-01 23:38:06 ----D---- E:\Program Files\Fichiers communs\SureThing Shared
2009-04-01 23:37:25 ----D---- E:\Program Files\Fichiers communs\Sonic Shared
2009-04-01 23:36:48 ----HDC---- E:\WINDOWS\$NtUninstallKB885464$
2009-04-01 23:36:43 ----D---- E:\swsetup
2009-04-01 23:36:37 ----HDC---- E:\WINDOWS\$NtUninstallKB892559$
2009-04-01 23:36:25 ----HDC---- E:\WINDOWS\$NtUninstallKB888239$
2009-04-01 23:36:15 ----HDC---- E:\WINDOWS\$NtUninstallKB885855$
2009-04-01 23:36:05 ----HDC---- E:\WINDOWS\$NtUninstallKB884575$
2009-04-01 23:35:54 ----HDC---- E:\WINDOWS\$NtUninstallKB883667$
2009-04-01 23:35:21 ----A---- E:\WINDOWS\system32\hpqPres.dll
2009-04-01 23:35:21 ----A---- E:\WINDOWS\system32\hpqactn.dll
2009-04-01 23:35:21 ----A---- E:\WINDOWS\system32\eabhbrn8.dll
2009-04-01 23:35:21 ----A---- E:\WINDOWS\system32\cpqinfo.dll
2009-04-01 23:34:23 ----HDC---- E:\WINDOWS\$NtUninstallKB891781$
2009-04-01 23:34:13 ----HDC---- E:\WINDOWS\$NtUninstallKB890175$
2009-04-01 23:33:58 ----HDC---- E:\WINDOWS\$NtUninstallKB890047$
2009-04-01 23:33:46 ----HDC---- E:\WINDOWS\$NtUninstallKB888302$
2009-04-01 23:33:37 ----HDC---- E:\WINDOWS\$NtUninstallKB888113$
2009-04-01 23:33:28 ----HDC---- E:\WINDOWS\$NtUninstallKB887472$
2009-04-01 23:33:19 ----HDC---- E:\WINDOWS\$NtUninstallKB886185$
2009-04-01 23:33:12 ----HDC---- E:\WINDOWS\$NtUninstallKB885884$
2009-04-01 23:33:03 ----HDC---- E:\WINDOWS\$NtUninstallKB885836$
2009-04-01 23:32:54 ----HDC---- E:\WINDOWS\$NtUninstallKB885835$
2009-04-01 23:32:44 ----HDC---- E:\WINDOWS\$NtUninstallKB885250$
2009-04-01 23:32:36 ----HDC---- E:\WINDOWS\$NtUninstallKB873339$
2009-04-01 23:32:28 ----N---- E:\WINDOWS\system32\spmsg.dll
2009-04-01 23:32:24 ----HDC---- E:\WINDOWS\$NtUninstallKB873333$
2009-04-01 23:32:24 ----HD---- E:\WINDOWS\$hf_mig$
2009-04-01 23:29:02 ----D---- E:\Documents and Settings\verzao\Application Data\Apple Computer
2009-04-01 23:28:57 ----A---- E:\WINDOWS\system32\oeminfo.ini
2009-04-01 23:28:52 ----A---- E:\WINDOWS\unvise32qt.exe
2009-04-01 23:28:35 ----D---- E:\WINDOWS\system32\QuickTime
2009-04-01 23:28:35 ----D---- E:\Program Files\QuickTime
2009-04-01 23:28:35 ----D---- E:\Documents and Settings\All Users\Application Data\QuickTime
2009-04-01 23:28:17 ----D---- E:\Program Files\iPod
2009-04-01 23:28:13 ----D---- E:\Program Files\iTunes
2009-04-01 23:28:13 ----D---- E:\Documents and Settings\All Users\Application Data\Apple Computer
2009-04-01 23:27:47 ----D---- E:\WINDOWS\Downloaded Installations
2009-04-01 23:27:06 ----D---- E:\Program Files\Hp
2009-04-01 23:27:06 ----D---- E:\Program Files\Hewlett-Packard
2009-04-01 23:26:58 ----D---- E:\WINDOWS\Hewlett-Packard
2009-04-01 23:26:22 ----D---- E:\Program Files\CPQ
2009-04-01 23:25:23 ----A---- E:\WINDOWS\system32\IVIresizeW7.dll
2009-04-01 23:25:23 ----A---- E:\WINDOWS\system32\IVIresizePX.dll
2009-04-01 23:25:23 ----A---- E:\WINDOWS\system32\IVIresizeP6.dll
2009-04-01 23:25:23 ----A---- E:\WINDOWS\system32\IVIresizeM6.dll
2009-04-01 23:25:23 ----A---- E:\WINDOWS\system32\IVIresizeA6.dll
2009-04-01 23:25:22 ----A---- E:\WINDOWS\system32\IVIresize.dll
2009-04-01 23:25:13 ----D---- E:\Program Files\InterVideo
2009-04-01 23:22:39 ----D---- E:\Program Files\HPQ
2009-04-01 23:22:39 ----D---- E:\Documents and Settings\All Users\Application Data\Adobe
2009-04-01 23:22:35 ----D---- E:\Program Files\Adobe
2009-04-01 23:21:25 ----RSD---- E:\WINDOWS\assembly
2009-04-01 23:21:24 ----D---- E:\WINDOWS\Microsoft.NET
2009-04-01 23:21:23 ----D---- E:\WINDOWS\system32\URTTemp
2009-04-01 23:20:50 ----N---- E:\WINDOWS\system32\bcmwlu00.EXE
2009-04-01 23:20:50 ----N---- E:\WINDOWS\system32\bcmwlD2K.EXE
2009-04-01 23:00:27 ----D---- E:\Program Files\CONEXANT
2009-04-01 22:59:10 ----A---- E:\WINDOWS\system32\mdmxsdk.dll
2009-04-01 22:59:10 ----A---- E:\WINDOWS\system32\hsfci012.dll
2009-04-01 22:58:40 ----D---- E:\WINDOWS\OPTIONS
2009-04-01 22:57:23 ----D---- E:\Program Files\WIDCOMM
2009-04-01 22:57:03 ----RA---- E:\WINDOWS\system32\CAUDINST.dll
2009-04-01 22:57:03 ----RA---- E:\WINDOWS\ciaunwdm.exe
2009-04-01 22:57:02 ----A---- E:\WINDOWS\system32\ksuser.dll
2009-04-01 22:56:41 ----D---- E:\WINDOWS\system32\ReinstallBackups
2009-04-01 22:56:37 ----HD---- E:\Program Files\InstallShield Installation Information
2009-04-01 22:56:37 ----D---- E:\Program Files\AMD
2009-04-01 22:56:29 ----D---- E:\Program Files\Fichiers communs\InstallShield
2009-04-01 22:51:27 ----D---- E:\Program Files\Fichiers communs\SupportSoft
2009-04-01 22:47:39 ----D---- E:\Documents and Settings\verzao\Application Data\Identities
2009-04-01 22:47:38 ----HD---- E:\Program Files\Uninstall Information
2009-04-01 22:47:29 ----ASH---- E:\Documents and Settings\verzao\Application Data\desktop.ini
2009-04-01 22:47:28 ----SD---- E:\Documents and Settings\verzao\Application Data\Microsoft
2009-04-01 22:45:19 ----D---- E:\WINDOWS\SoftwareDistribution
2009-04-01 22:45:17 ----D---- E:\WINDOWS\Prefetch
2009-04-01 22:45:16 ----SD---- E:\WINDOWS\system32\Microsoft
2009-04-01 22:45:16 ----A---- E:\WINDOWS\SchedLgU.Txt
2009-04-01 22:40:20 ----D---- E:\WINDOWS\system32\xircom
2009-04-01 22:40:20 ----D---- E:\Program Files\xerox
2009-04-01 22:40:20 ----D---- E:\Program Files\microsoft frontpage
2009-04-01 22:40:10 ----A---- E:\WINDOWS\control.ini
2009-04-01 22:39:54 ----A---- E:\WINDOWS\OEWABLog.txt
2009-04-01 22:39:49 ----A---- E:\WINDOWS\system32\mapi32.dll
2009-04-01 22:39:04 ----SD---- E:\WINDOWS\Downloaded Program Files
2009-04-01 22:39:04 ----RD---- E:\WINDOWS\Offline Web Pages
2009-04-01 22:39:03 ----RAH---- E:\WINDOWS\system32\logonui.exe.manifest
2009-04-01 22:38:58 ----RAH---- E:\WINDOWS\system32\cdplayer.exe.manifest
2009-04-01 22:38:53 ----HD---- E:\Program Files\WindowsUpdate
2009-04-01 22:38:49 ----D---- E:\Program Files\Services en ligne
2009-04-01 22:38:31 ----D---- E:\WINDOWS\system32\DirectX
2009-04-01 22:38:05 ----A---- E:\WINDOWS\system32\atrace.dll
2009-04-01 22:38:01 ----A---- E:\WINDOWS\system32\desktop.ini
2009-04-01 22:38:01 ----A---- E:\WINDOWS\desktop.ini
2009-04-01 22:37:53 ----A---- E:\WINDOWS\system32\nmevtmsg.dll
2009-04-01 22:37:52 ----A---- E:\WINDOWS\system32\acctres.dll
2009-04-01 22:37:51 ----D---- E:\Program Files\Fichiers communs\Services
2009-04-01 22:37:49 ----SD---- E:\WINDOWS\Tasks
2009-04-01 22:37:49 ----A---- E:\WINDOWS\system32\icfgnt5.dll
2009-04-01 22:37:47 ----D---- E:\Program Files\Fichiers communs\MSSoap
2009-04-01 22:37:41 ----D---- E:\WINDOWS\srchasst
2009-04-01 22:37:40 ----D---- E:\WINDOWS\system32\Macromed
2009-04-01 22:37:36 ----A---- E:\WINDOWS\system32\wuweb.dll
2009-04-01 22:37:36 ----A---- E:\WINDOWS\system32\wucltui.dll
2009-04-01 22:37:36 ----A---- E:\WINDOWS\system32\wuauserv.dll
2009-04-01 22:37:36 ----A---- E:\WINDOWS\system32\wuaueng1.dll
2009-04-01 22:37:35 ----A---- E:\WINDOWS\system32\wups.dll
2009-04-01 22:37:35 ----A---- E:\WINDOWS\system32\wuaueng.dll
2009-04-01 22:37:35 ----A---- E:\WINDOWS\system32\wuauclt1.exe
2009-04-01 22:37:35 ----A---- E:\WINDOWS\system32\wuauclt.exe
2009-04-01 22:37:34 ----A---- E:\WINDOWS\system32\wuapi.dll
2009-04-01 22:37:34 ----A---- E:\WINDOWS\system32\qmgrprxy.dll
2009-04-01 22:37:34 ----A---- E:\WINDOWS\system32\qmgr.dll
2009-04-01 22:37:34 ----A---- E:\WINDOWS\system32\bitsprx3.dll
2009-04-01 22:37:34 ----A---- E:\WINDOWS\system32\bitsprx2.dll
2009-04-01 22:37:27 ----D---- E:\Program Files\Movie Maker
2009-04-01 22:37:23 ----A---- E:\WINDOWS\system32\safrslv.dll
2009-04-01 22:37:23 ----A---- E:\WINDOWS\system32\safrdm.dll
2009-04-01 22:37:23 ----A---- E:\WINDOWS\system32\safrcdlg.dll
2009-04-01 22:37:23 ----A---- E:\WINDOWS\system32\racpldlg.dll
2009-04-01 22:37:17 ----D---- E:\WINDOWS\system32\Restore
2009-04-01 22:37:17 ----A---- E:\WINDOWS\system32\srsvc.dll
2009-04-01 22:37:17 ----A---- E:\WINDOWS\system32\srrstr.dll
2009-04-01 22:37:17 ----A---- E:\WINDOWS\system32\fltMc.exe
2009-04-01 22:37:17 ----A---- E:\WINDOWS\system32\fltlib.dll
2009-04-01 22:37:16 ----A---- E:\WINDOWS\system32\srclient.dll
2009-04-01 22:37:16 ----A---- E:\WINDOWS\system32\isrdbg32.dll
2009-04-01 22:37:16 ----A---- E:\WINDOWS\system32\ils.dll
2009-04-01 22:37:15 ----A---- E:\WINDOWS\system32\nmmkcert.dll
2009-04-01 22:37:15 ----A---- E:\WINDOWS\system32\msconf.dll
2009-04-01 22:37:15 ----A---- E:\WINDOWS\system32\mnmsrvc.exe
2009-04-01 22:37:15 ----A---- E:\WINDOWS\system32\mnmdd.dll
2009-04-01 22:37:11 ----D---- E:\Program Files\NetMeeting
2009-04-01 22:37:11 ----A---- E:\WINDOWS\system32\msoert2.dll
2009-04-01 22:37:11 ----A---- E:\WINDOWS\system32\msoeacct.dll
2009-04-01 22:37:10 ----A---- E:\WINDOWS\system32\inetres.dll
2009-04-01 22:37:09 ----A---- E:\WINDOWS\system32\inetcomm.dll
2009-04-01 22:37:06 ----D---- E:\Program Files\Outlook Express
2009-04-01 22:37:06 ----A---- E:\WINDOWS\system32\schedsvc.dll
2009-04-01 22:37:06 ----A---- E:\WINDOWS\system32\mstinit.exe
2009-04-01 22:37:06 ----A---- E:\WINDOWS\system32\mstask.dll
2009-04-01 22:37:06 ----A---- E:\WINDOWS\system32\icwphbk.dll
2009-04-01 22:37:05 ----A---- E:\WINDOWS\system32\isign32.dll
2009-04-01 22:37:05 ----A---- E:\WINDOWS\system32\inetcfg.dll
2009-04-01 22:37:05 ----A---- E:\WINDOWS\system32\icwdial.dll
2009-04-01 22:36:58 ----D---- E:\Program Files\Fichiers communs\System
2009-04-01 22:36:55 ----D---- E:\Program Files\Internet Explorer
2009-04-01 22:36:40 ----D---- E:\Program Files\ComPlus Applications
2009-04-01 22:36:38 ----A---- E:\WINDOWS\vbaddin.ini
2009-04-01 22:36:38 ----A---- E:\WINDOWS\vb.ini
2009-04-01 22:36:32 ----D---- E:\WINDOWS\Registration
2009-04-01 22:36:00 ----D---- E:\Program Files\Windows Media Player
2009-04-01 22:36:00 ----D---- E:\Program Files\Online Services
2009-04-01 22:35:54 ----D---- E:\Program Files\Messenger
2009-04-01 22:35:49 ----D---- E:\Program Files\MSN Gaming Zone
2009-04-01 22:35:49 ----A---- E:\WINDOWS\system32\write.exe
2009-04-01 22:35:40 ----A---- E:\WINDOWS\system32\sndvol32.exe
2009-04-01 22:35:40 ----A---- E:\WINDOWS\system32\hticons.dll
2009-04-01 22:35:40 ----A---- E:\WINDOWS\system32\avwav.dll
2009-04-01 22:35:40 ----A---- E:\WINDOWS\system32\avtapi.dll
2009-04-01 22:35:40 ----A---- E:\WINDOWS\system32\avmeter.dll
2009-04-01 22:35:39 ----A---- E:\WINDOWS\system32\winchat.exe
2009-04-01 22:35:32 ----A---- E:\WINDOWS\system32\getuname.dll
2009-04-01 22:35:32 ----A---- E:\WINDOWS\system32\charmap.exe
2009-04-01 22:35:32 ----A---- E:\WINDOWS\system32\calc.exe
2009-04-01 22:35:31 ----A---- E:\WINDOWS\system32\winmine.exe
2009-04-01 22:35:31 ----A---- E:\WINDOWS\system32\sol.exe
2009-04-01 22:35:30 ----A---- E:\WINDOWS\system32\usrlogon.cmd
2009-04-01 22:35:30 ----A---- E:\WINDOWS\system32\tsshutdn.exe
2009-04-01 22:35:30 ----A---- E:\WINDOWS\system32\tslabels.ini
2009-04-01 22:35:30 ----A---- E:\WINDOWS\system32\tskill.exe
2009-04-01 22:35:30 ----A---- E:\WINDOWS\system32\tsdiscon.exe
2009-04-01 22:35:30 ----A---- E:\WINDOWS\system32\tscon.exe
2009-04-01 22:35:30 ----A---- E:\WINDOWS\system32\reset.exe
2009-04-01 22:35:30 ----A---- E:\WINDOWS\system32\mshearts.exe
2009-04-01 22:35:30 ----A---- E:\WINDOWS\system32\freecell.exe
2009-04-01 22:35:29 ----A---- E:\WINDOWS\system32\shadow.exe
2009-04-01 22:35:29 ----A---- E:\WINDOWS\system32\rwinsta.exe
2009-04-01 22:35:29 ----A---- E:\WINDOWS\system32\regini.exe
2009-04-01 22:35:29 ----A---- E:\WINDOWS\system32\rdpcfgex.dll
2009-04-01 22:35:29 ----A---- E:\WINDOWS\system32\qwinsta.exe
2009-04-01 22:35:29 ----A---- E:\WINDOWS\system32\qappsrv.exe
2009-04-01 22:35:29 ----A---- E:\WINDOWS\system32\msg.exe
2009-04-01 22:35:29 ----A---- E:\WINDOWS\system32\logoff.exe
2009-04-01 22:35:29 ----A---- E:\WINDOWS\system32\cdmodem.dll
2009-04-01 22:35:28 ----A---- E:\WINDOWS\system32\msdtcprf.ini
2009-04-01 22:35:28 ----A---- E:\WINDOWS\system32\dcomcnfg.exe
2009-04-01 22:35:27 ----A---- E:\WINDOWS\system32\stclient.dll
2009-04-01 22:35:27 ----A---- E:\WINDOWS\system32\mtxlegih.dll
2009-04-01 22:35:27 ----A---- E:\WINDOWS\system32\mtxex.dll
2009-04-01 22:35:27 ----A---- E:\WINDOWS\system32\mtxdm.dll
2009-04-01 22:35:27 ----A---- E:\WINDOWS\system32\comsnap.dll
2009-04-01 22:35:27 ----A---- E:\WINDOWS\system32\comrepl.dll
2009-04-01 22:35:27 ----A---- E:\WINDOWS\system32\comaddin.dll
2009-04-01 22:35:22 ----A---- E:\WINDOWS\system32\wmimgmt.msc
2009-04-01 22:34:59 ----D---- E:\Program Files\MSN
2009-04-01 22:34:58 ----A---- E:\WINDOWS\system32\sndrec32.exe
2009-04-01 22:34:58 ----A---- E:\WINDOWS\system32\mplay32.exe
2009-04-01 22:34:58 ----A---- E:\WINDOWS\system32\accwiz.exe
2009-04-01 22:34:57 ----D---- E:\Program Files\Windows NT
2009-04-01 22:34:57 ----A---- E:\WINDOWS\system32\mspaint.exe
2009-04-01 22:34:57 ----A---- E:\WINDOWS\system32\hypertrm.dll
2009-04-01 22:34:56 ----A---- E:\WINDOWS\system32\spider.exe
2009-04-01 22:34:56 ----A---- E:\WINDOWS\system32\clipbrd.exe
2009-04-01 22:34:55 ----A---- E:\WINDOWS\system32\tscfgwmi.dll
2009-04-01 22:34:54 ----A---- E:\WINDOWS\system32\sessmgr.exe
2009-04-01 22:34:54 ----A---- E:\WINDOWS\system32\remotepg.dll
2009-04-01 22:34:54 ----A---- E:\WINDOWS\system32\rdshost.exe
2009-04-01 22:34:54 ----A---- E:\WINDOWS\system32\rdsaddin.exe
2009-04-01 22:34:54 ----A---- E:\WINDOWS\system32\rdchost.dll
2009-04-01 22:34:54 ----A---- E:\WINDOWS\system32\mstscax.dll
2009-04-01 22:34:54 ----A---- E:\WINDOWS\system32\mstsc.exe
2009-04-01 22:34:53 ----A---- E:\WINDOWS\system32\tscupgrd.exe
2009-04-01 22:34:53 ----A---- E:\WINDOWS\system32\termsrv.dll
2009-04-01 22:34:53 ----A---- E:\WINDOWS\system32\rdpwsx.dll
2009-04-01 22:34:53 ----A---- E:\WINDOWS\system32\rdpsnd.dll
2009-04-01 22:34:53 ----A---- E:\WINDOWS\system32\rdpclip.exe
2009-04-01 22:34:53 ----A---- E:\WINDOWS\system32\qprocess.exe
2009-04-01 22:34:53 ----A---- E:\WINDOWS\system32\icaapi.dll
2009-04-01 22:34:52 ----D---- E:\WINDOWS\system32\MsDtc
2009-04-01 22:34:52 ----A---- E:\WINDOWS\system32\mtxoci.dll
2009-04-01 22:34:52 ----A---- E:\WINDOWS\system32\msdtcuiu.dll
2009-04-01 22:34:52 ----A---- E:\WINDOWS\system32\msdtcprx.dll
2009-04-01 22:34:52 ----A---- E:\WINDOWS\system32\cfgbkend.dll
2009-04-01 22:34:51 ----A---- E:\WINDOWS\system32\xolehlp.dll
2009-04-01 22:34:51 ----A---- E:\WINDOWS\system32\msdtctm.dll
2009-04-01 22:34:51 ----A---- E:\WINDOWS\system32\msdtclog.dll
2009-04-01 22:34:51 ----A---- E:\WINDOWS\system32\msdtc.exe
2009-04-01 22:34:50 ----D---- E:\WINDOWS\system32\Com
2009-04-01 22:34:50 ----A---- E:\WINDOWS\system32\colbact.dll
2009-04-01 22:34:50 ----A---- E:\WINDOWS\system32\catsrvps.dll
2009-04-01 22:34:49 ----A---- E:\WINDOWS\system32\clbcatex.dll
2009-04-01 22:34:49 ----A---- E:\WINDOWS\system32\catsrvut.dll
2009-04-01 22:34:49 ----A---- E:\WINDOWS\system32\catsrv.dll
2009-04-01 22:34:48 ----A---- E:\WINDOWS\system32\comsvcs.dll
2009-04-01 22:34:47 ----A---- E:\WINDOWS\system32\comuid.dll
2009-04-01 22:34:46 ----A---- E:\WINDOWS\system32\clbcatq.dll
2009-04-01 22:34:39 ----A---- E:\WINDOWS\system32\servdeps.dll
2009-04-01 22:34:39 ----A---- E:\WINDOWS\system32\mmfutil.dll
2009-04-01 22:34:39 ----A---- E:\WINDOWS\system32\licwmi.dll
2009-04-01 22:34:39 ----A---- E:\WINDOWS\system32\cmprops.dll

======List of files/folders modified in the last 1 months======

2009-04-06 21:43:35 ----A---- E:\WINDOWS\win.ini
2009-04-02 23:35:35 ----A---- E:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Pilote de processeur AMD; E:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-08-11 43520]
R1 eabfiltr;EABFiltr; \??\E:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 MPFP;MPFP; E:\WINDOWS\System32\Drivers\Mpfp.sys [2007-03-02 109608]
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; E:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 mdmxsdk;mdmxsdk; E:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-03-22 13059]
R3 abp470n5;abp470n5; \??\E:\WINDOWS\system32\drivers\gkfsln.sys []
R3 Arp1394;Protocole client ARP 1394; E:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-05 60800]
R3 BCM43XX;Pilote pour carte réseau Broadcom 802.11; E:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-03-10 371712]
R3 BTKRNL;Enumérateur de bus Bluetooth; E:\WINDOWS\system32\DRIVERS\btkrnl.sys [2004-12-23 1337850]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; E:\WINDOWS\System32\Drivers\btwusb.sys [2004-12-23 55320]
R3 CAMCAUD;Conexant AMC Audio; E:\WINDOWS\system32\drivers\camc6aud.sys [2005-03-15 37760]
R3 CAMCHALA;CAMCHALA; E:\WINDOWS\system32\drivers\camc6hal.sys [2005-03-15 346496]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; E:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 GEARAspiWDM;GEAR CDRom Filter; E:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-09-14 13872]
R3 HSF_DP;HSF_DP; E:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2005-03-22 1038208]
R3 HSFHWATI;HSFHWATI; E:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-03-22 200192]
R3 mfeavfk;McAfee Inc.; E:\WINDOWS\system32\drivers\mfeavfk.sys [2006-12-22 71496]
R3 mfebopk;McAfee Inc.; E:\WINDOWS\system32\drivers\mfebopk.sys [2006-12-22 34184]
R3 mfehidk;McAfee Inc.; E:\WINDOWS\system32\drivers\mfehidk.sys [2006-12-22 170408]
R3 mfesmfk;McAfee Inc.; E:\WINDOWS\system32\drivers\mfesmfk.sys [2006-12-22 37480]
R3 NIC1394;Pilote réseau 1394; E:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-05 61824]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; E:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-06-28 69760]
R3 sdbus;sdbus; E:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-05 67584]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; E:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624]
R3 usbhub;Concentrateur USB2; E:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; E:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-05 17024]
R3 USBSTOR;Pilote de stockage de masse USB; E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 winachsf;winachsf; E:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-03-22 703232]
S3 aw4d32ja;aw4d32ja; E:\WINDOWS\system32\drivers\aw4d32ja.sys []
S3 eabusb;eabusb; \??\E:\WINDOWS\system32\drivers\eabusb.sys []
S3 mferkdk;McAfee Inc.; E:\WINDOWS\system32\drivers\mferkdk.sys [2006-12-22 32008]
S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); E:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S4 IntelIde;IntelIde; E:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 btwdins;Bluetooth Service; E:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe [2004-12-23 254007]
R2 McAfee HackerWatch Service;McAfee HackerWatch Service; E:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe [2007-02-13 540776]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; E:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 mcmscsvc;McAfee Services; E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; e:\program files\fichiers communs\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McODS;McAfee Scanner; E:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-01-16 362064]
R2 McProxy;McAfee Proxy Service; e:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe [2007-01-19 352856]
R2 McRedirector;McAfee Redirector Service; e:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe [2007-01-15 248416]
R2 McShield;McAfee Real-time Scanner; E:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2006-12-22 144960]
R2 McSysmon;McAfee SystemGuards; E:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-01-25 643664]
R2 MpfService;McAfee Personal Firewall Service; E:\Program Files\McAfee\MPF\MPFSrv.exe [2007-03-09 841256]
R2 MPS9;McAfee Privacy Service; E:\PROGRA~1\McAfee\MPS\mps.exe [2007-01-23 906792]
R2 MSK80Service;McAfee SpamKiller Service; E:\Program Files\McAfee\MSK\MskSrver.exe [2007-01-17 29264]
R2 UMWdf;Windows User Mode Driver Framework; E:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
R3 hpqwmi;HP WMI Interface; E:\Program Files\HPQ\shared\hpqwmi.exe [2005-03-04 98304]
R3 iPodService;iPod Service; E:\Program Files\iPod\bin\iPodService.exe [2004-10-13 327680]
S2 0238711239050164mcinstcleanup;McAfee Application Installer Cleanup (0238711239050164); E:\DOCUME~1\verzao\LOCALS~1\Temp\023871~1.EXE E:\PROGRA~1\FICHIE~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []
S3 aspnet_state;ASP.NET State Service; E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Emproxy;McAfee E-mail Proxy; E:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe [2007-01-12 411216]
S3 odserv;Microsoft Office Diagnostics Service; E:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 510768]
S3 ose;Office Source Engine; E:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 218912]

-----------------EOF-----------------
0
Réponse 6 / 59
jlpjlp Messages postés 51580 Date d'inscription   Statut Contributeur sécurité Dernière intervention   5 040
 
ok j'attends le rapport rsit mais il faudrait récupérer l'autre clé usb car elle est infectée et peut infectée de nouveau le pc . Tu diras quand tu l'as
0
verozao Messages postés 76 Date d'inscription   Statut Membre Dernière intervention  
 
Bon, impossible de faire le rapport, ca reste bloqué! Faut-il que j'autorise l'acces que me demande McAfee?

Pour la clé, je l'ai chez moi donc je pourrais le faire que ce soir ou demain d'ailleurs! Sinon, je l'utiliserais plus! Mais ce qui est bizarre c'est que mon pote l'utilise sur son PC et apparemment, il n'a aucun souci!

Bizarre, bizarre!
0
verozao Messages postés 76 Date d'inscription   Statut Membre Dernière intervention   > verozao Messages postés 76 Date d'inscription   Statut Membre Dernière intervention  
 
Encore moi ! Donc, j'ai bloqué l'accès et la le rapport a pu se faire.

Le voila :
Logfile of random's system information tool 1.06 (written by random/random)
Run by verzao at 2009-04-09 15:11:07
Microsoft Windows XP Édition familiale Service Pack 2
System drive E: has 55 GB (83%) free of 65 GB
Total RAM: 990 MB (69% free)

HijackThis download failed

======Scheduled tasks folder======

E:\WINDOWS\tasks\McDefragTask.job
E:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - e:\program files\mcafee\virusscan\scriptcl.dll [2006-12-22 67136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - e:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - e:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - E:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-12-10 929224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-05 208952]
"PHIME2002ASync"=E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
"PHIME2002A"=E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
"Cpqset"=E:\Program Files\HPQ\Default Settings\cpqset.exe [2005-02-17 315454]
"HP Software Update"=E:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
"iTunesHelper"=E:\Program Files\iTunes\iTunesHelper.exe [2004-10-13 278528]
"QuickTime Task"=E:\Program Files\QuickTime\qttask.exe [2009-04-01 98304]
"eabconfg.cpl"=E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2004-12-03 290816]
"SunJavaUpdateSched"=E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe [2005-03-04 36975]
"hpWirelessAssistant"=E:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2005-04-11 794624]
"MskAgentexe"=E:\Program Files\McAfee\MSK\MskAgent.exe [2007-01-17 152144]
"mcagent_exe"=E:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"SmartAccess AutoStart"=D:\SmartAccess\bcont_nm.exe /url D:\SmartAccess\common\snapins\restart\cl_restart_landing.htm /language en /restart bcont.exe /starthidden []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=E:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]
"MSMSGS"=E:\Program Files\Messenger\msmsgs.exe [2004-10-13 1767936]

E:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
BTTray.lnk - E:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Program Files\iTunes\iTunes.exe"="E:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"E:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe"="E:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Windows Media Player\wmsetsdk.exe"="C:\Program Files\Windows Media Player\wmsetsdk.exe:*:Enabled:ipsec"
"E:\WINDOWS\Explorer.EXE"="E:\WINDOWS\Explorer.EXE:*:Enabled:ipsec"
"E:\Program Files\HPQ\Default Settings\cpqset.exe"="E:\Program Files\HPQ\Default Settings\cpqset.exe:*:Enabled:ipsec"
"E:\Program Files\uTorrent\uTorrent.exe"="E:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"e:\program files\mcafee\mpf\mc\mpfalert.exe"="e:\program files\mcafee\mpf\mc\mpfalert.exe:*:Enabled:ipsec"
"E:\Documents and Settings\verzao\Bureau\daemon4303-lite.exe"="E:\Documents and Settings\verzao\Bureau\daemon4303-lite.exe:*:Enabled:ipsec"
"E:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="E:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"E:\Program Files\Messenger\msmsgs.exe"="E:\Program Files\Messenger\msmsgs.exe:*:Enabled:ipsec"
"E:\DOCUME~1\verzao\LOCALS~1\Temp\yjvs.exe"="E:\DOCUME~1\verzao\LOCALS~1\Temp\yjvs.exe:*:Enabled:ipsec"
"E:\DOCUME~1\verzao\LOCALS~1\Temp\winulrd.exe"="E:\DOCUME~1\verzao\LOCALS~1\Temp\winulrd.exe:*:Enabled:ipsec"
"E:\DOCUME~1\verzao\LOCALS~1\Temp\eipqmw.exe"="E:\DOCUME~1\verzao\LOCALS~1\Temp\eipqmw.exe:*:Enabled:ipsec"
"E:\DOCUME~1\verzao\LOCALS~1\Temp\winhmqr.exe"="E:\DOCUME~1\verzao\LOCALS~1\Temp\winhmqr.exe:*:Enabled:ipsec"
"E:\DOCUME~1\verzao\LOCALS~1\Temp\wgfx.exe"="E:\DOCUME~1\verzao\LOCALS~1\Temp\wgfx.exe:*:Enabled:ipsec"
"E:\DOCUME~1\verzao\LOCALS~1\Temp\winsanl.exe"="E:\DOCUME~1\verzao\LOCALS~1\Temp\winsanl.exe:*:Enabled:ipsec"
"E:\DOCUME~1\verzao\LOCALS~1\Temp\ymeby.exe"="E:\DOCUME~1\verzao\LOCALS~1\Temp\ymeby.exe:*:Enabled:ipsec"
"E:\DOCUME~1\verzao\LOCALS~1\Temp\wincgcw.exe"="E:\DOCUME~1\verzao\LOCALS~1\Temp\wincgcw.exe:*:Enabled:ipsec"
"E:\DOCUME~1\verzao\LOCALS~1\Temp\winvfjqgw.exe"="E:\DOCUME~1\verzao\LOCALS~1\Temp\winvfjqgw.exe:*:Enabled:ipsec"
"E:\DOCUME~1\verzao\LOCALS~1\Temp\winiwas.exe"="E:\DOCUME~1\verzao\LOCALS~1\Temp\winiwas.exe:*:Enabled:ipsec"
"E:\DOCUME~1\verzao\LOCALS~1\Temp\uwjsth.exe"="E:\DOCUME~1\verzao\LOCALS~1\Temp\uwjsth.exe:*:Enabled:ipsec"
"E:\DOCUME~1\verzao\LOCALS~1\Temp\winehjm.exe"="E:\DOCUME~1\verzao\LOCALS~1\Temp\winehjm.exe:*:Enabled:ipsec"
"E:\DOCUME~1\verzao\LOCALS~1\Temp\giali.exe"="E:\DOCUME~1\verzao\LOCALS~1\Temp\giali.exe:*:Enabled:ipsec"
"E:\DOCUME~1\verzao\LOCALS~1\Temp\winoarb.exe"="E:\DOCUME~1\verzao\LOCALS~1\Temp\winoarb.exe:*:Enabled:ipsec"
"E:\DOCUME~1\verzao\LOCALS~1\Temp\winmtkfo.exe"="E:\DOCUME~1\verzao\LOCALS~1\Temp\winmtkfo.exe:*:Enabled:ipsec"
"E:\DOCUME~1\verzao\LOCALS~1\Temp\axlj.exe"="E:\DOCUME~1\verzao\LOCALS~1\Temp\axlj.exe:*:Enabled:ipsec"
"E:\DOCUME~1\verzao\LOCALS~1\Temp\bblv.exe"="E:\DOCUME~1\verzao\LOCALS~1\Temp\bblv.exe:*:Enabled:ipsec"
"E:\DOCUME~1\verzao\LOCALS~1\Temp\xsmls.exe"="E:\DOCUME~1\verzao\LOCALS~1\Temp\xsmls.exe:*:Enabled:ipsec"
"E:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe"="E:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe:*:Enabled:ipsec"
"D:\SmartAccess\bcont_nm.exe"="D:\SmartAccess\bcont_nm.exe:*:Enabled:ipsec"
"e:\PROGRA~1\mcafee\msc\mcuimgr.exe"="e:\PROGRA~1\mcafee\msc\mcuimgr.exe:*:Enabled:ipsec"
"E:\Documents and Settings\verzao\Bureau\RSIT.exe"="E:\Documents and Settings\verzao\Bureau\RSIT.exe:*:Enabled:ipsec"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-04-09 14:58:27 ----A---- E:\UsbFix.txt
2009-04-09 14:05:29 ----D---- E:\Program Files\CCleaner
2009-04-09 13:08:43 ----D---- E:\rsit
2009-04-09 11:56:03 ----D---- E:\Program Files\hIJACKTHIS
2009-04-09 11:11:44 ----D---- E:\Program Files\Trend Micro
2009-04-08 23:45:30 ----D---- E:\WINDOWS\system32\LogFiles
2009-04-06 21:48:15 ----D---- E:\Program Files\Microsoft Works
2009-04-06 21:48:00 ----D---- E:\Program Files\MSBuild
2009-04-06 21:47:38 ----D---- E:\Program Files\Microsoft Visual Studio
2009-04-06 21:47:38 ----D---- E:\Program Files\Fichiers communs\DESIGNER
2009-04-06 21:46:29 ----D---- E:\Program Files\Microsoft.NET
2009-04-06 21:42:45 ----D---- E:\WINDOWS\SHELLNEW
2009-04-06 21:42:00 ----D---- E:\Program Files\Microsoft Office
2009-04-06 21:41:57 ----D---- E:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-04-06 21:41:28 ----RHD---- E:\MSOCache
2009-04-06 21:35:55 ----D---- E:\Documents and Settings\verzao\Application Data\DAEMON Tools
2009-04-06 21:35:54 ----D---- E:\Documents and Settings\verzao\Application Data\DAEMON Tools Pro
2009-04-06 21:34:47 ----D---- E:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2009-04-06 21:33:59 ----D---- E:\Program Files\DAEMON Tools Toolbar
2009-04-06 21:33:25 ----D---- E:\Program Files\DAEMON Tools Lite
2009-04-06 21:29:49 ----D---- E:\Documents and Settings\verzao\Application Data\DAEMON Tools Lite
2009-04-06 21:10:57 ----D---- E:\WINDOWS\Minidump
2009-04-06 21:07:12 ----D---- E:\Program Files\eMule
2009-04-06 20:53:21 ----D---- E:\Program Files\uTorrent
2009-04-06 20:53:17 ----D---- E:\Documents and Settings\verzao\Application Data\uTorrent
2009-04-06 01:49:50 ----D---- E:\WINDOWS\system32\Logs
2009-04-06 01:49:29 ----HDC---- E:\WINDOWS\$NtUninstallKB951376-v2$
2009-04-06 01:49:24 ----HDC---- E:\WINDOWS\$NtUninstallKB952954$
2009-04-06 01:49:18 ----HDC---- E:\WINDOWS\$NtUninstallKB946648$
2009-04-06 01:49:13 ----HDC---- E:\WINDOWS\$NtUninstallKB956803$
2009-04-06 01:49:08 ----HDC---- E:\WINDOWS\$NtUninstallKB955839$
2009-04-06 01:44:56 ----HDC---- E:\WINDOWS\$NtUninstallKB958215$
2009-04-06 01:44:49 ----HDC---- E:\WINDOWS\$NtUninstallKB950974$
2009-04-06 01:44:42 ----HDC---- E:\WINDOWS\$NtUninstallKB951698$
2009-04-06 01:44:37 ----HDC---- E:\WINDOWS\$NtUninstallKB960225$
2009-04-06 01:44:25 ----HDC---- E:\WINDOWS\$NtUninstallKB956841$
2009-04-06 01:44:13 ----HDC---- E:\WINDOWS\$NtUninstallKB960714$
2009-04-06 01:43:57 ----HDC---- E:\WINDOWS\$NtUninstallKB938464-v2$
2009-04-06 01:43:44 ----HDC---- E:\WINDOWS\$NtUninstallKB952069_WM9$
2009-04-06 01:42:47 ----HDC---- E:\WINDOWS\$NtUninstallKB941569$
2009-04-06 01:42:36 ----HDC---- E:\WINDOWS\$NtUninstallKB950762$
2009-04-06 01:42:30 ----HDC---- E:\WINDOWS\$NtUninstallKB957097$
2009-04-06 01:42:16 ----HDC---- E:\WINDOWS\$NtUninstallKB960715$
2009-04-06 01:42:12 ----HDC---- E:\WINDOWS\$NtUninstallKB923689$
2009-04-06 01:42:00 ----HDC---- E:\WINDOWS\$NtUninstallKB958687$
2009-04-06 01:41:54 ----HDC---- E:\WINDOWS\$NtUninstallKB952287$
2009-04-06 01:41:43 ----HDC---- E:\WINDOWS\$NtUninstallKB967715$
2009-04-06 01:41:32 ----HDC---- E:\WINDOWS\$NtUninstallKB950760$
2009-04-06 01:41:27 ----HDC---- E:\WINDOWS\$NtUninstallKB951066$
2009-04-06 01:41:21 ----HDC---- E:\WINDOWS\$NtUninstallKB958690$
2009-04-06 01:41:12 ----HDC---- E:\WINDOWS\$NtUninstallKB951748$
2009-04-06 01:41:07 ----HDC---- E:\WINDOWS\$NtUninstallKB901190$
2009-04-06 01:41:02 ----HDC---- E:\WINDOWS\$NtUninstallKB954600$
2009-04-06 01:40:56 ----HDC---- E:\WINDOWS\$NtUninstallKB958644$
2009-04-06 01:40:50 ----HDC---- E:\WINDOWS\$NtUninstallKB955069$
2009-04-06 01:40:44 ----HDC---- E:\WINDOWS\$NtUninstallKB956802$
2009-04-06 01:40:39 ----HDC---- E:\WINDOWS\$NtUninstallKB944338-v2$
2009-04-06 01:40:24 ----HDC---- E:\WINDOWS\$NtUninstallKB936782_WMP10$
2009-04-05 23:53:28 ----D---- E:\Documents and Settings\verzao\Application Data\dvdcss
2009-04-05 22:58:11 ----D---- E:\WINDOWS\system32\CatRoot_bak
2009-04-05 22:56:26 ----D---- E:\Documents and Settings\All Users\Application Data\SiteAdvisor
2009-04-03 00:26:48 ----D---- E:\WINDOWS\system32\PreInstall
2009-04-03 00:26:47 ----A---- E:\WINDOWS\system32\spupdsvc.exe
2009-04-03 00:26:46 ----HDC---- E:\WINDOWS\$NtUninstallKB898461$
2009-04-02 23:27:47 ----D---- E:\Documents and Settings\verzao\Application Data\vlc
2009-04-02 23:12:07 ----SHD---- E:\RECYCLER
2009-04-02 23:06:17 ----D---- E:\Program Files\Spybot - Search & Destroy
2009-04-02 23:06:17 ----D---- E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-02 20:38:18 ----D---- E:\Documents and Settings\verzao\Application Data\Adobe
2009-04-02 20:23:57 ----D---- E:\Documents and Settings\verzao\Application Data\Mozilla
2009-04-02 20:11:07 ----D---- E:\WINDOWS\system32\SoftwareDistribution
2009-04-02 01:05:40 ----D---- E:\Program Files\Mozilla Firefox
2009-04-02 01:04:24 ----A---- E:\WINDOWS\system32\dunzip32.dll
2009-04-02 01:01:48 ----D---- E:\Program Files\McAfee.com
2009-04-02 01:01:43 ----D---- E:\Program Files\Fichiers communs\McAfee
2009-04-02 01:01:34 ----D---- E:\Program Files\McAfee
2009-04-02 01:00:05 ----D---- E:\Documents and Settings\All Users\Application Data\McAfee
2009-04-02 00:56:04 ----D---- E:\Documents and Settings\verzao\Application Data\Macromedia
2009-04-02 00:30:48 ----A---- E:\WINDOWS\system32\h323log.txt
2009-04-02 00:28:19 ----A---- E:\WINDOWS\system32\usbui.dll
2009-04-02 00:27:06 ----SHD---- E:\WINDOWS\Installer
2009-04-02 00:27:06 ----A---- E:\WINDOWS\system32\PerfStringBackup.INI
2009-04-02 00:27:05 ----D---- E:\Program Files\Fichiers communs\ODBC
2009-04-02 00:27:05 ----A---- E:\WINDOWS\ODBCINST.INI
2009-04-02 00:27:00 ----D---- E:\Program Files\Fichiers communs\SpeechEngines
2009-04-02 00:26:59 ----RD---- E:\Program Files
2009-04-02 00:26:59 ----D---- E:\Program Files\Fichiers communs\Microsoft Shared
2009-04-02 00:26:59 ----D---- E:\Program Files\Fichiers communs
2009-04-02 00:26:56 ----A---- E:\WINDOWS\system32\uniime.dll
2009-04-02 00:26:40 ----A---- E:\WINDOWS\system32\imjp81k.dll
2009-04-02 00:26:37 ----RA---- E:\WINDOWS\system32\kbdintel.dll
2009-04-02 00:26:37 ----RA---- E:\WINDOWS\system32\kbdintam.dll
2009-04-02 00:26:37 ----RA---- E:\WINDOWS\system32\kbdinpun.dll
2009-04-02 00:26:37 ----RA---- E:\WINDOWS\system32\kbdinmar.dll
2009-04-02 00:26:37 ----RA---- E:\WINDOWS\system32\kbdinkan.dll
2009-04-02 00:26:37 ----RA---- E:\WINDOWS\system32\kbdinhin.dll
2009-04-02 00:26:37 ----RA---- E:\WINDOWS\system32\kbdinguj.dll
2009-04-02 00:26:37 ----RA---- E:\WINDOWS\system32\kbdindev.dll
2009-04-02 00:26:37 ----RA---- E:\WINDOWS\system32\kbdgeo.dll
2009-04-02 00:26:37 ----RA---- E:\WINDOWS\system32\kbdarmw.dll
2009-04-02 00:26:37 ----RA---- E:\WINDOWS\system32\kbdarme.dll
2009-04-02 00:26:37 ----A---- E:\WINDOWS\system32\Thawbrkr.dll
2009-04-02 00:26:37 ----A---- E:\WINDOWS\system32\c_iscii.dll
2009-04-02 00:26:36 ----RA---- E:\WINDOWS\system32\kbdvntc.dll
2009-04-02 00:26:34 ----RA---- E:\WINDOWS\system32\kbdurdu.dll
2009-04-02 00:26:34 ----RA---- E:\WINDOWS\system32\kbdsyr2.dll
2009-04-02 00:26:34 ----RA---- E:\WINDOWS\system32\kbdsyr1.dll
2009-04-02 00:26:34 ----RA---- E:\WINDOWS\system32\kbdfa.dll
2009-04-02 00:26:34 ----RA---- E:\WINDOWS\system32\kbddiv2.dll
2009-04-02 00:26:34 ----RA---- E:\WINDOWS\system32\kbddiv1.dll
2009-04-02 00:26:34 ----RA---- E:\WINDOWS\system32\kbda3.dll
2009-04-02 00:26:34 ----RA---- E:\WINDOWS\system32\kbda2.dll
2009-04-02 00:26:34 ----RA---- E:\WINDOWS\system32\kbda1.dll
2009-04-02 00:26:34 ----A---- E:\WINDOWS\system32\kbdusa.dll
2009-04-02 00:26:30 ----RA---- E:\WINDOWS\system32\kbdheb.dll
2009-04-02 00:26:25 ----RA---- E:\WINDOWS\system32\kbdth3.dll
2009-04-02 00:26:25 ----RA---- E:\WINDOWS\system32\kbdth2.dll
2009-04-02 00:26:25 ----RA---- E:\WINDOWS\system32\kbdth1.dll
2009-04-02 00:26:25 ----RA---- E:\WINDOWS\system32\kbdth0.dll
2009-04-02 00:26:25 ----A---- E:\WINDOWS\system32\ftlx041e.dll
2009-04-02 00:26:24 ----A---- E:\WINDOWS\system32\chtbrkr.dll
2009-04-02 00:26:24 ----A---- E:\WINDOWS\system32\chsbrkr.dll
2009-04-02 00:26:22 ----A---- E:\WINDOWS\system32\korwbrkr.dll
2009-04-02 00:26:21 ----A---- E:\WINDOWS\system32\msir3jp.dll
2009-04-02 00:25:44 ----A---- E:\WINDOWS\system32\c_g18030.dll
2009-04-02 00:25:43 ----A---- E:\WINDOWS\system32\kbd101a.dll
2009-04-02 00:25:21 ----A---- E:\WINDOWS\system32\kbdnecNT.dll
2009-04-02 00:25:21 ----A---- E:\WINDOWS\system32\kbdnecAT.dll
2009-04-02 00:25:21 ----A---- E:\WINDOWS\system32\kbdnec95.dll
2009-04-02 00:25:21 ----A---- E:\WINDOWS\system32\kbdlk41j.dll
2009-04-02 00:25:21 ----A---- E:\WINDOWS\system32\kbdlk41a.dll
2009-04-02 00:25:21 ----A---- E:\WINDOWS\system32\f3ahvoas.dll
2009-04-02 00:25:20 ----A---- E:\WINDOWS\system32\kbdibm02.dll
2009-04-02 00:25:20 ----A---- E:\WINDOWS\system32\kbdax2.dll
2009-04-02 00:25:20 ----A---- E:\WINDOWS\system32\kbd106n.dll
2009-04-02 00:25:20 ----A---- E:\WINDOWS\system32\kbd101.dll
2009-04-02 00:24:26 ----A---- E:\WINDOWS\system32\c_is2022.dll
2009-04-02 00:24:24 ----A---- E:\WINDOWS\system32\kbdkor.dll
2009-04-02 00:24:24 ----A---- E:\WINDOWS\system32\kbdjpn.dll
2009-04-02 00:24:24 ----A---- E:\WINDOWS\system32\kbd106.dll
2009-04-02 00:24:24 ----A---- E:\WINDOWS\system32\kbd103.dll
2009-04-02 00:24:24 ----A---- E:\WINDOWS\system32\kbd101c.dll
2009-04-02 00:24:22 ----A---- E:\WINDOWS\system32\kbd101b.dll
2009-04-02 00:24:19 ----RA---- E:\WINDOWS\system32\kbdtuq.dll
2009-04-02 00:24:19 ----RA---- E:\WINDOWS\system32\kbdtuf.dll
2009-04-02 00:24:19 ----RA---- E:\WINDOWS\system32\kbdazel.dll
2009-04-02 00:24:17 ----RA---- E:\WINDOWS\system32\kbdycc.dll
2009-04-02 00:24:17 ----RA---- E:\WINDOWS\system32\kbduzb.dll
2009-04-02 00:24:17 ----RA---- E:\WINDOWS\system32\kbdur.dll
2009-04-02 00:24:17 ----RA---- E:\WINDOWS\system32\kbdtat.dll
2009-04-02 00:24:17 ----RA---- E:\WINDOWS\system32\kbdru1.dll
2009-04-02 00:24:17 ----RA---- E:\WINDOWS\system32\kbdru.dll
2009-04-02 00:24:17 ----RA---- E:\WINDOWS\system32\kbdmon.dll
2009-04-02 00:24:17 ----RA---- E:\WINDOWS\system32\kbdkyr.dll
2009-04-02 00:24:17 ----RA---- E:\WINDOWS\system32\kbdkaz.dll
2009-04-02 00:24:17 ----RA---- E:\WINDOWS\system32\kbdaze.dll
2009-04-02 00:24:16 ----RA---- E:\WINDOWS\system32\kbdbu.dll
2009-04-02 00:24:16 ----RA---- E:\WINDOWS\system32\kbdblr.dll
2009-04-02 00:24:14 ----RA---- E:\WINDOWS\system32\kbdhept.dll
2009-04-02 00:24:14 ----RA---- E:\WINDOWS\system32\kbdhela3.dll
2009-04-02 00:24:14 ----RA---- E:\WINDOWS\system32\kbdhela2.dll
2009-04-02 00:24:14 ----RA---- E:\WINDOWS\system32\kbdhe319.dll
2009-04-02 00:24:14 ----RA---- E:\WINDOWS\system32\kbdhe220.dll
2009-04-02 00:24:14 ----RA---- E:\WINDOWS\system32\kbdhe.dll
2009-04-02 00:24:14 ----RA---- E:\WINDOWS\system32\kbdgkl.dll
2009-04-02 00:24:12 ----RA---- E:\WINDOWS\system32\kbdlv1.dll
2009-04-02 00:24:12 ----RA---- E:\WINDOWS\system32\kbdlv.dll
2009-04-02 00:24:12 ----RA---- E:\WINDOWS\system32\kbdlt1.dll
2009-04-02 00:24:12 ----RA---- E:\WINDOWS\system32\kbdlt.dll
2009-04-02 00:24:12 ----RA---- E:\WINDOWS\system32\kbdest.dll
2009-04-02 00:24:10 ----RA---- E:\WINDOWS\system32\kbdsl1.dll
2009-04-02 00:24:10 ----RA---- E:\WINDOWS\system32\kbdsl.dll
2009-04-02 00:24:10 ----RA---- E:\WINDOWS\system32\kbdro.dll
2009-04-02 00:24:10 ----RA---- E:\WINDOWS\system32\kbdpl1.dll
2009-04-02 00:24:10 ----RA---- E:\WINDOWS\system32\kbdpl.dll
2009-04-02 00:24:10 ----RA---- E:\WINDOWS\system32\kbdhu1.dll
2009-04-02 00:24:10 ----RA---- E:\WINDOWS\system32\kbdhu.dll
2009-04-02 00:24:10 ----RA---- E:\WINDOWS\system32\kbdcz2.dll
2009-04-02 00:24:10 ----RA---- E:\WINDOWS\system32\kbdcz1.dll
2009-04-02 00:24:10 ----RA---- E:\WINDOWS\system32\kbdcz.dll
2009-04-02 00:24:10 ----RA---- E:\WINDOWS\system32\kbdcr.dll
2009-04-02 00:24:10 ----RA---- E:\WINDOWS\system32\KBDAL.DLL
2009-04-02 00:24:09 ----RA---- E:\WINDOWS\system32\kbdycl.dll
2009-04-02 00:24:07 ----A---- E:\WINDOWS\system32\spxcoins.dll
2009-04-02 00:24:07 ----A---- E:\WINDOWS\system32\irclass.dll
2009-04-02 00:24:07 ----A---- E:\WINDOWS\system32\dgsetup.dll
2009-04-02 00:24:07 ----A---- E:\WINDOWS\system32\dgrpsetu.dll
2009-04-02 00:24:06 ----A---- E:\WINDOWS\system32\EqnClass.Dll
2009-04-02 00:24:04 ----N---- E:\WINDOWS\system32\CONFIG.TMP
2009-04-02 00:24:04 ----A---- E:\WINDOWS\TASKMAN.EXE
2009-04-02 00:24:03 ----A---- E:\WINDOWS\system32\batt.dll
2009-04-02 00:24:03 ----A---- E:\WINDOWS\NOTEPAD.EXE
2009-04-02 00:24:02 ----A---- E:\WINDOWS\system32\storprop.dll
2009-04-02 00:23:52 ----ASH---- E:\Documents and Settings\All Users\Application Data\desktop.ini
2009-04-02 00:23:49 ----RA---- E:\WINDOWS\SET8.tmp
2009-04-02 00:23:45 ----RA---- E:\WINDOWS\SET4.tmp
2009-04-02 00:23:43 ----RA---- E:\WINDOWS\SET3.tmp
2009-04-02 00:23:37 ----D---- E:\WINDOWS\system32\CatRoot2
2009-04-02 00:23:37 ----D---- E:\WINDOWS\system32\CatRoot
2009-04-02 00:23:31 ----SD---- E:\Documents and Settings\All Users\Application Data\Microsoft
2009-04-02 00:22:56 ----SHD---- E:\System Volume Information
2009-04-02 00:22:56 ----D---- E:\Documents and Settings
2009-04-02 00:12:58 ----RSHDC---- E:\WINDOWS\system32\dllcache
2009-04-02 00:12:58 ----RSD---- E:\WINDOWS\Fonts
2009-04-02 00:12:58 ----RD---- E:\WINDOWS\Web
2009-04-02 00:12:58 ----HD---- E:\WINDOWS\inf
2009-04-02 00:12:58 ----D---- E:\WINDOWS\WinSxS
2009-04-02 00:12:58 ----D---- E:\WINDOWS\twain_32
2009-04-02 00:12:58 ----D---- E:\WINDOWS\Temp
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\wins
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\wbem
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\usmt
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\spool
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\ShellExt
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\Setup
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\ras
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\oobe
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\npp
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\mui
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\inetsrv
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\IME
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\icsxml
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\ias
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\export
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\drivers
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\dhcp
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\config
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\3com_dmi
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\3076
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\2052
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\1054
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\1042
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\1041
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\1037
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\1036
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\1033
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\1031
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\1028
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32\1025
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system32
2009-04-02 00:12:58 ----D---- E:\WINDOWS\system
2009-04-02 00:12:58 ----D---- E:\WINDOWS\security
2009-04-02 00:12:58 ----D---- E:\WINDOWS\Resources
2009-04-02 00:12:58 ----D---- E:\WINDOWS\repair
2009-04-02 00:12:58 ----D---- E:\WINDOWS\Provisioning
2009-04-02 00:12:58 ----D---- E:\WINDOWS\PeerNet
2009-04-02 00:12:58 ----D---- E:\WINDOWS\pchealth
2009-04-02 00:12:58 ----D---- E:\WINDOWS\mui
2009-04-02 00:12:58 ----D---- E:\WINDOWS\msapps
2009-04-02 00:12:58 ----D---- E:\WINDOWS\msagent
2009-04-02 00:12:58 ----D---- E:\WINDOWS\Media
2009-04-02 00:12:58 ----D---- E:\WINDOWS\java
2009-04-02 00:12:58 ----D---- E:\WINDOWS\ime
2009-04-02 00:12:58 ----D---- E:\WINDOWS\Help
2009-04-02 00:12:58 ----D---- E:\WINDOWS\Driver Cache
2009-04-02 00:12:58 ----D---- E:\WINDOWS\Debug
2009-04-02 00:12:58 ----D---- E:\WINDOWS\Cursors
2009-04-02 00:12:58 ----D---- E:\WINDOWS\Connection Wizard
2009-04-02 00:12:58 ----D---- E:\WINDOWS\Config
2009-04-02 00:12:58 ----D---- E:\WINDOWS\AppPatch
2009-04-02 00:12:58 ----D---- E:\WINDOWS\addins
2009-04-02 00:12:58 ----D---- E:\WINDOWS
2009-04-01 23:45:02 ----D---- E:\Documents and Settings\All Users\Application Data\hpqwmi
2009-04-01 23:42:05 ----A---- E:\WINDOWS\system32\wmpns.dll
2009-04-01 23:41:17 ----D---- E:\WINDOWS\RegisteredPackages
2009-04-01 23:40:32 ----A---- E:\WINDOWS\system32\javaws.exe
2009-04-01 23:40:32 ----A---- E:\WINDOWS\system32\javaw.exe
2009-04-01 23:40:32 ----A---- E:\WINDOWS\system32\java.exe
2009-04-01 23:40:07 ----D---- E:\Program Files\Java
2009-04-01 23:40:06 ----D---- E:\Program Files\Fichiers communs\Java
2009-04-01 23:39:55 ----D---- E:\Documents and Settings\All Users\Application Data\InstallShield
2009-04-01 23:38:44 ----D---- E:\Program Files\Fichiers communs\TiVo Shared
2009-04-01 23:38:06 ----D---- E:\Program Files\Sonic
2009-04-01 23:38:06 ----D---- E:\Program Files\Fichiers communs\SureThing Shared
2009-04-01 23:37:25 ----D---- E:\Program Files\Fichiers communs\Sonic Shared
2009-04-01 23:36:48 ----HDC---- E:\WINDOWS\$NtUninstallKB885464$
2009-04-01 23:36:43 ----D---- E:\swsetup
2009-04-01 23:36:37 ----HDC---- E:\WINDOWS\$NtUninstallKB892559$
2009-04-01 23:36:25 ----HDC---- E:\WINDOWS\$NtUninstallKB888239$
2009-04-01 23:36:15 ----HDC---- E:\WINDOWS\$NtUninstallKB885855$
2009-04-01 23:36:05 ----HDC---- E:\WINDOWS\$NtUninstallKB884575$
2009-04-01 23:35:54 ----HDC---- E:\WINDOWS\$NtUninstallKB883667$
2009-04-01 23:35:21 ----A---- E:\WINDOWS\system32\hpqPres.dll
2009-04-01 23:35:21 ----A---- E:\WINDOWS\system32\hpqactn.dll
2009-04-01 23:35:21 ----A---- E:\WINDOWS\system32\eabhbrn8.dll
2009-04-01 23:35:21 ----A---- E:\WINDOWS\system32\cpqinfo.dll
2009-04-01 23:34:23 ----HDC---- E:\WINDOWS\$NtUninstallKB891781$
2009-04-01 23:34:13 ----HDC---- E:\WINDOWS\$NtUninstallKB890175$
2009-04-01 23:33:58 ----HDC---- E:\WINDOWS\$NtUninstallKB890047$
2009-04-01 23:33:46 ----HDC---- E:\WINDOWS\$NtUninstallKB888302$
2009-04-01 23:33:37 ----HDC---- E:\WINDOWS\$NtUninstallKB888113$
2009-04-01 23:33:28 ----HDC---- E:\WINDOWS\$NtUninstallKB887472$
2009-04-01 23:33:19 ----HDC---- E:\WINDOWS\$NtUninstallKB886185$
2009-04-01 23:33:12 ----HDC---- E:\WINDOWS\$NtUninstallKB885884$
2009-04-01 23:33:03 ----HDC---- E:\WINDOWS\$NtUninstallKB885836$
2009-04-01 23:32:54 ----HDC---- E:\WINDOWS\$NtUninstallKB885835$
2009-04-01 23:32:44 ----HDC---- E:\WINDOWS\$NtUninstallKB885250$
2009-04-01 23:32:36 ----HDC---- E:\WINDOWS\$NtUninstallKB873339$
2009-04-01 23:32:28 ----N---- E:\WINDOWS\system32\spmsg.dll
2009-04-01 23:32:24 ----HDC---- E:\WINDOWS\$NtUninstallKB873333$
2009-04-01 23:32:24 ----HD---- E:\WINDOWS\$hf_mig$
2009-04-01 23:29:02 ----D---- E:\Documents and Settings\verzao\Application Data\Apple Computer
2009-04-01 23:28:57 ----A---- E:\WINDOWS\system32\oeminfo.ini
2009-04-01 23:28:52 ----A---- E:\WINDOWS\unvise32qt.exe
2009-04-01 23:28:35 ----D---- E:\WINDOWS\system32\QuickTime
2009-04-01 23:28:35 ----D---- E:\Program Files\QuickTime
2009-04-01 23:28:35 ----D---- E:\Documents and Settings\All Users\Application Data\QuickTime
2009-04-01 23:28:17 ----D---- E:\Program Files\iPod
2009-04-01 23:28:13 ----D---- E:\Program Files\iTunes
2009-04-01 23:28:13 ----D---- E:\Documents and Settings\All Users\Application Data\Apple Computer
2009-04-01 23:27:47 ----D---- E:\WINDOWS\Downloaded Installations
2009-04-01 23:27:06 ----D---- E:\Program Files\Hp
2009-04-01 23:27:06 ----D---- E:\Program Files\Hewlett-Packard
2009-04-01 23:26:58 ----D---- E:\WINDOWS\Hewlett-Packard
2009-04-01 23:26:22 ----D---- E:\Program Files\CPQ
2009-04-01 23:25:23 ----A---- E:\WINDOWS\system32\IVIresizeW7.dll
2009-04-01 23:25:23 ----A---- E:\WINDOWS\system32\IVIresizePX.dll
2009-04-01 23:25:23 ----A---- E:\WINDOWS\system32\IVIresizeP6.dll
2009-04-01 23:25:23 ----A---- E:\WINDOWS\system32\IVIresizeM6.dll
2009-04-01 23:25:23 ----A---- E:\WINDOWS\system32\IVIresizeA6.dll
2009-04-01 23:25:22 ----A---- E:\WINDOWS\system32\IVIresize.dll
2009-04-01 23:25:13 ----D---- E:\Program Files\InterVideo
2009-04-01 23:22:39 ----D---- E:\Program Files\HPQ
2009-04-01 23:22:39 ----D---- E:\Documents and Settings\All Users\Application Data\Adobe
2009-04-01 23:22:35 ----D---- E:\Program Files\Adobe
2009-04-01 23:21:25 ----RSD---- E:\WINDOWS\assembly
2009-04-01 23:21:24 ----D---- E:\WINDOWS\Microsoft.NET
2009-04-01 23:21:23 ----D---- E:\WINDOWS\system32\URTTemp
2009-04-01 23:20:50 ----N---- E:\WINDOWS\system32\bcmwlu00.EXE
2009-04-01 23:20:50 ----N---- E:\WINDOWS\system32\bcmwlD2K.EXE
2009-04-01 23:00:27 ----D---- E:\Program Files\CONEXANT
2009-04-01 22:59:10 ----A---- E:\WINDOWS\system32\mdmxsdk.dll
2009-04-01 22:59:10 ----A---- E:\WINDOWS\system32\hsfci012.dll
2009-04-01 22:58:40 ----D---- E:\WINDOWS\OPTIONS
2009-04-01 22:57:23 ----D---- E:\Program Files\WIDCOMM
2009-04-01 22:57:03 ----RA---- E:\WINDOWS\system32\CAUDINST.dll
2009-04-01 22:57:03 ----RA---- E:\WINDOWS\ciaunwdm.exe
2009-04-01 22:57:02 ----A---- E:\WINDOWS\system32\ksuser.dll
2009-04-01 22:56:41 ----D---- E:\WINDOWS\system32\ReinstallBackups
2009-04-01 22:56:37 ----HD---- E:\Program Files\InstallShield Installation Information
2009-04-01 22:56:37 ----D---- E:\Program Files\AMD
2009-04-01 22:56:29 ----D---- E:\Program Files\Fichiers communs\InstallShield
2009-04-01 22:51:27 ----D---- E:\Program Files\Fichiers communs\SupportSoft
2009-04-01 22:47:39 ----D---- E:\Documents and Settings\verzao\Application Data\Identities
2009-04-01 22:47:38 ----HD---- E:\Program Files\Uninstall Information
2009-04-01 22:47:29 ----ASH---- E:\Documents and Settings\verzao\Application Data\desktop.ini
2009-04-01 22:47:28 ----SD---- E:\Documents and Settings\verzao\Application Data\Microsoft
2009-04-01 22:45:19 ----D---- E:\WINDOWS\SoftwareDistribution
2009-04-01 22:45:17 ----D---- E:\WINDOWS\Prefetch
2009-04-01 22:45:16 ----SD---- E:\WINDOWS\system32\Microsoft
2009-04-01 22:45:16 ----A---- E:\WINDOWS\SchedLgU.Txt
2009-04-01 22:40:20 ----D---- E:\WINDOWS\system32\xircom
2009-04-01 22:40:20 ----D---- E:\Program Files\xerox
2009-04-01 22:40:20 ----D---- E:\Program Files\microsoft frontpage
2009-04-01 22:40:10 ----A---- E:\WINDOWS\control.ini
2009-04-01 22:39:49 ----A---- E:\WINDOWS\system32\mapi32.dll
2009-04-01 22:39:04 ----SD---- E:\WINDOWS\Downloaded Program Files
2009-04-01 22:39:04 ----RD---- E:\WINDOWS\Offline Web Pages
2009-04-01 22:39:03 ----RAH---- E:\WINDOWS\system32\logonui.exe.manifest
2009-04-01 22:38:58 ----RAH---- E:\WINDOWS\system32\cdplayer.exe.manifest
2009-04-01 22:38:53 ----HD---- E:\Program Files\WindowsUpdate
2009-04-01 22:38:49 ----D---- E:\Program Files\Services en ligne
2009-04-01 22:38:31 ----D---- E:\WINDOWS\system32\DirectX
2009-04-01 22:38:05 ----A---- E:\WINDOWS\system32\atrace.dll
2009-04-01 22:38:01 ----A---- E:\WINDOWS\system32\desktop.ini
2009-04-01 22:38:01 ----A---- E:\WINDOWS\desktop.ini
2009-04-01 22:37:53 ----A---- E:\WINDOWS\system32\nmevtmsg.dll
2009-04-01 22:37:52 ----A---- E:\WINDOWS\system32\acctres.dll
2009-04-01 22:37:51 ----D---- E:\Program Files\Fichiers communs\Services
2009-04-01 22:37:49 ----SD---- E:\WINDOWS\Tasks
2009-04-01 22:37:49 ----A---- E:\WINDOWS\system32\icfgnt5.dll
2009-04-01 22:37:47 ----D---- E:\Program Files\Fichiers communs\MSSoap
2009-04-01 22:37:41 ----D---- E:\WINDOWS\srchasst
2009-04-01 22:37:40 ----D---- E:\WINDOWS\system32\Macromed
2009-04-01 22:37:36 ----A---- E:\WINDOWS\system32\wuweb.dll
2009-04-01 22:37:36 ----A---- E:\WINDOWS\system32\wucltui.dll
2009-04-01 22:37:36 ----A---- E:\WINDOWS\system32\wuauserv.dll
2009-04-01 22:37:36 ----A---- E:\WINDOWS\system32\wuaueng1.dll
2009-04-01 22:37:35 ----A---- E:\WINDOWS\system32\wups.dll
2009-04-01 22:37:35 ----A---- E:\WINDOWS\system32\wuaueng.dll
2009-04-01 22:37:35 ----A---- E:\WINDOWS\system32\wuauclt1.exe
2009-04-01 22:37:35 ----A---- E:\WINDOWS\system32\wuauclt.exe
2009-04-01 22:37:34 ----A---- E:\WINDOWS\system32\wuapi.dll
2009-04-01 22:37:34 ----A---- E:\WINDOWS\system32\qmgrprxy.dll
2009-04-01 22:37:34 ----A---- E:\WINDOWS\system32\qmgr.dll
2009-04-01 22:37:34 ----A---- E:\WINDOWS\system32\bitsprx3.dll
2009-04-01 22:37:34 ----A---- E:\WINDOWS\system32\bitsprx2.dll
2009-04-01 22:37:27 ----D---- E:\Program Files\Movie Maker
2009-04-01 22:37:23 ----A---- E:\WINDOWS\system32\safrslv.dll
2009-04-01 22:37:23 ----A---- E:\WINDOWS\system32\safrdm.dll
2009-04-01 22:37:23 ----A---- E:\WINDOWS\system32\safrcdlg.dll
2009-04-01 22:37:23 ----A---- E:\WINDOWS\system32\racpldlg.dll
2009-04-01 22:37:17 ----D---- E:\WINDOWS\system32\Restore
2009-04-01 22:37:17 ----A---- E:\WINDOWS\system32\srsvc.dll
2009-04-01 22:37:17 ----A---- E:\WINDOWS\system32\srrstr.dll
2009-04-01 22:37:17 ----A---- E:\WINDOWS\system32\fltMc.exe
2009-04-01 22:37:17 ----A---- E:\WINDOWS\system32\fltlib.dll
2009-04-01 22:37:16 ----A---- E:\WINDOWS\system32\srclient.dll
2009-04-01 22:37:16 ----A---- E:\WINDOWS\system32\isrdbg32.dll
2009-04-01 22:37:16 ----A---- E:\WINDOWS\system32\ils.dll
2009-04-01 22:37:15 ----A---- E:\WINDOWS\system32\nmmkcert.dll
2009-04-01 22:37:15 ----A---- E:\WINDOWS\system32\msconf.dll
2009-04-01 22:37:15 ----A---- E:\WINDOWS\system32\mnmsrvc.exe
2009-04-01 22:37:15 ----A---- E:\WINDOWS\system32\mnmdd.dll
2009-04-01 22:37:11 ----D---- E:\Program Files\NetMeeting
2009-04-01 22:37:11 ----A---- E:\WINDOWS\system32\msoert2.dll
2009-04-01 22:37:11 ----A---- E:\WINDOWS\system32\msoeacct.dll
2009-04-01 22:37:10 ----A---- E:\WINDOWS\system32\inetres.dll
2009-04-01 22:37:09 ----A---- E:\WINDOWS\system32\inetcomm.dll
2009-04-01 22:37:06 ----D---- E:\Program Files\Outlook Express
2009-04-01 22:37:06 ----A---- E:\WINDOWS\system32\schedsvc.dll
2009-04-01 22:37:06 ----A---- E:\WINDOWS\system32\mstinit.exe
2009-04-01 22:37:06 ----A---- E:\WINDOWS\system32\mstask.dll
2009-04-01 22:37:06 ----A---- E:\WINDOWS\system32\icwphbk.dll
2009-04-01 22:37:05 ----A---- E:\WINDOWS\system32\isign32.dll
2009-04-01 22:37:05 ----A---- E:\WINDOWS\system32\inetcfg.dll
2009-04-01 22:37:05 ----A---- E:\WINDOWS\system32\icwdial.dll
2009-04-01 22:36:58 ----D---- E:\Program Files\Fichiers communs\System
2009-04-01 22:36:55 ----D---- E:\Program Files\Internet Explorer
2009-04-01 22:36:40 ----D---- E:\Program Files\ComPlus Applications
2009-04-01 22:36:38 ----A---- E:\WINDOWS\vbaddin.ini
2009-04-01 22:36:38 ----A---- E:\WINDOWS\vb.ini
2009-04-01 22:36:32 ----D---- E:\WINDOWS\Registration
2009-04-01 22:36:00 ----D---- E:\Program Files\Windows Media Player
2009-04-01 22:36:00 ----D---- E:\Program Files\Online Services
2009-04-01 22:35:54 ----D---- E:\Program Files\Messenger
2009-04-01 22:35:49 ----D---- E:\Program Files\MSN Gaming Zone
2009-04-01 22:35:49 ----A---- E:\WINDOWS\system32\write.exe
2009-04-01 22:35:40 ----A---- E:\WINDOWS\system32\sndvol32.exe
2009-04-01 22:35:40 ----A---- E:\WINDOWS\system32\hticons.dll
2009-04-01 22:35:40 ----A---- E:\WINDOWS\system32\avwav.dll
2009-04-01 22:35:40 ----A---- E:\WINDOWS\system32\avtapi.dll
2009-04-01 22:35:40 ----A---- E:\WINDOWS\system32\avmeter.dll
2009-04-01 22:35:39 ----A---- E:\WINDOWS\system32\winchat.exe
2009-04-01 22:35:32 ----A---- E:\WINDOWS\system32\getuname.dll
2009-04-01 22:35:32 ----A---- E:\WINDOWS\system32\charmap.exe
2009-04-01 22:35:32 ----A---- E:\WINDOWS\system32\calc.exe
2009-04-01 22:35:31 ----A---- E:\WINDOWS\system32\winmine.exe
2009-04-01 22:35:31 ----A---- E:\WINDOWS\system32\sol.exe
2009-04-01 22:35:30 ----A---- E:\WINDOWS\system32\usrlogon.cmd
2009-04-01 22:35:30 ----A---- E:\WINDOWS\system32\tsshutdn.exe
2009-04-01 22:35:30 ----A---- E:\WINDOWS\system32\tslabels.ini
2009-04-01 22:35:30 ----A---- E:\WINDOWS\system32\tskill.exe
2009-04-01 22:35:30 ----A---- E:\WINDOWS\system32\tsdiscon.exe
2009-04-01 22:35:30 ----A---- E:\WINDOWS\system32\tscon.exe
2009-04-01 22:35:30 ----A---- E:\WINDOWS\system32\reset.exe
2009-04-01 22:35:30 ----A---- E:\WINDOWS\system32\mshearts.exe
2009-04-01 22:35:30 ----A---- E:\WINDOWS\system32\freecell.exe
2009-04-01 22:35:29 ----A---- E:\WINDOWS\system32\shadow.exe
2009-04-01 22:35:29 ----A---- E:\WINDOWS\system32\rwinsta.exe
2009-04-01 22:35:29 ----A---- E:\WINDOWS\system32\regini.exe
2009-04-01 22:35:29 ----A---- E:\WINDOWS\system32\rdpcfgex.dll
2009-04-01 22:35:29 ----A---- E:\WINDOWS\system32\qwinsta.exe
2009-04-01 22:35:29 ----A---- E:\WINDOWS\system32\qappsrv.exe
2009-04-01 22:35:29 ----A---- E:\WINDOWS\system32\msg.exe
2009-04-01 22:35:29 ----A---- E:\WINDOWS\system32\logoff.exe
2009-04-01 22:35:29 ----A---- E:\WINDOWS\system32\cdmodem.dll
2009-04-01 22:35:28 ----A---- E:\WINDOWS\system32\msdtcprf.ini
2009-04-01 22:35:28 ----A---- E:\WINDOWS\system32\dcomcnfg.exe
2009-04-01 22:35:27 ----A---- E:\WINDOWS\system32\stclient.dll
2009-04-01 22:35:27 ----A---- E:\WINDOWS\system32\mtxlegih.dll
2009-04-01 22:35:27 ----A---- E:\WINDOWS\system32\mtxex.dll
2009-04-01 22:35:27 ----A---- E:\WINDOWS\system32\mtxdm.dll
2009-04-01 22:35:27 ----A---- E:\WINDOWS\system32\comsnap.dll
2009-04-01 22:35:27 ----A---- E:\WINDOWS\system32\comrepl.dll
2009-04-01 22:35:27 ----A---- E:\WINDOWS\system32\comaddin.dll
2009-04-01 22:35:22 ----A---- E:\WINDOWS\system32\wmimgmt.msc
2009-04-01 22:34:59 ----D---- E:\Program Files\MSN
2009-04-01 22:34:58 ----A---- E:\WINDOWS\system32\sndrec32.exe
2009-04-01 22:34:58 ----A---- E:\WINDOWS\system32\mplay32.exe
2009-04-01 22:34:58 ----A---- E:\WINDOWS\system32\accwiz.exe
2009-04-01 22:34:57 ----D---- E:\Program Files\Windows NT
2009-04-01 22:34:57 ----A---- E:\WINDOWS\system32\mspaint.exe
2009-04-01 22:34:57 ----A---- E:\WINDOWS\system32\hypertrm.dll
2009-04-01 22:34:56 ----A---- E:\WINDOWS\system32\spider.exe
2009-04-01 22:34:56 ----A---- E:\WINDOWS\system32\clipbrd.exe
2009-04-01 22:34:55 ----A---- E:\WINDOWS\system32\tscfgwmi.dll
2009-04-01 22:34:54 ----A---- E:\WINDOWS\system32\sessmgr.exe
2009-04-01 22:34:54 ----A---- E:\WINDOWS\system32\remotepg.dll
2009-04-01 22:34:54 ----A---- E:\WINDOWS\system32\rdshost.exe
2009-04-01 22:34:54 ----A---- E:\WINDOWS\system32\rdsaddin.exe
2009-04-01 22:34:54 ----A---- E:\WINDOWS\system32\rdchost.dll
2009-04-01 22:34:54 ----A---- E:\WINDOWS\system32\mstscax.dll
2009-04-01 22:34:54 ----A---- E:\WINDOWS\system32\mstsc.exe
2009-04-01 22:34:53 ----A---- E:\WINDOWS\system32\tscupgrd.exe
2009-04-01 22:34:53 ----A---- E:\WINDOWS\system32\termsrv.dll
2009-04-01 22:34:53 ----A---- E:\WINDOWS\system32\rdpwsx.dll
2009-04-01 22:34:53 ----A---- E:\WINDOWS\system32\rdpsnd.dll
2009-04-01 22:34:53 ----A---- E:\WINDOWS\system32\rdpclip.exe
2009-04-01 22:34:53 ----A---- E:\WINDOWS\system32\qprocess.exe
2009-04-01 22:34:53 ----A---- E:\WINDOWS\system32\icaapi.dll
2009-04-01 22:34:52 ----D---- E:\WINDOWS\system32\MsDtc
2009-04-01 22:34:52 ----A---- E:\WINDOWS\system32\mtxoci.dll
2009-04-01 22:34:52 ----A---- E:\WINDOWS\system32\msdtcuiu.dll
2009-04-01 22:34:52 ----A---- E:\WINDOWS\system32\msdtcprx.dll
2009-04-01 22:34:52 ----A---- E:\WINDOWS\system32\cfgbkend.dll
2009-04-01 22:34:51 ----A---- E:\WINDOWS\system32\xolehlp.dll
2009-04-01 22:34:51 ----A---- E:\WINDOWS\system32\msdtctm.dll
2009-04-01 22:34:51 ----A---- E:\WINDOWS\system32\msdtclog.dll
2009-04-01 22:34:51 ----A---- E:\WINDOWS\system32\msdtc.exe
2009-04-01 22:34:50 ----D---- E:\WINDOWS\system32\Com
2009-04-01 22:34:50 ----A---- E:\WINDOWS\system32\colbact.dll
2009-04-01 22:34:50 ----A---- E:\WINDOWS\system32\catsrvps.dll
2009-04-01 22:34:49 ----A---- E:\WINDOWS\system32\clbcatex.dll
2009-04-01 22:34:49 ----A---- E:\WINDOWS\system32\catsrvut.dll
2009-04-01 22:34:49 ----A---- E:\WINDOWS\system32\catsrv.dll
2009-04-01 22:34:48 ----A---- E:\WINDOWS\system32\comsvcs.dll
2009-04-01 22:34:47 ----A---- E:\WINDOWS\system32\comuid.dll
2009-04-01 22:34:46 ----A---- E:\WINDOWS\system32\clbcatq.dll
2009-04-01 22:34:39 ----A---- E:\WINDOWS\system32\servdeps.dll
2009-04-01 22:34:39 ----A---- E:\WINDOWS\system32\mmfutil.dll
2009-04-01 22:34:39 ----A---- E:\WINDOWS\system32\licwmi.dll
2009-04-01 22:34:39 ----A---- E:\WINDOWS\system32\cmprops.dll

======List of files/folders modified in the last 1 months======

2009-04-06 21:43:35 ----A---- E:\WINDOWS\win.ini
2009-04-02 23:35:35 ----A---- E:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Pilote de processeur AMD; E:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-08-11 43520]
R1 eabfiltr;EABFiltr; \??\E:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 MPFP;MPFP; E:\WINDOWS\System32\Drivers\Mpfp.sys [2007-03-02 109608]
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; E:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 mdmxsdk;mdmxsdk; E:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-03-22 13059]
R3 abp470n5;abp470n5; \??\E:\WINDOWS\system32\drivers\gkfsln.sys []
R3 Arp1394;Protocole client ARP 1394; E:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-05 60800]
R3 BCM43XX;Pilote pour carte réseau Broadcom 802.11; E:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-03-10 371712]
R3 BTKRNL;Enumérateur de bus Bluetooth; E:\WINDOWS\system32\DRIVERS\btkrnl.sys [2004-12-23 1337850]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; E:\WINDOWS\System32\Drivers\btwusb.sys [2004-12-23 55320]
R3 CAMCAUD;Conexant AMC Audio; E:\WINDOWS\system32\drivers\camc6aud.sys [2005-03-15 37760]
R3 CAMCHALA;CAMCHALA; E:\WINDOWS\system32\drivers\camc6hal.sys [2005-03-15 346496]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; E:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 GEARAspiWDM;GEAR CDRom Filter; E:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-09-14 13872]
R3 HSF_DP;HSF_DP; E:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2005-03-22 1038208]
R3 HSFHWATI;HSFHWATI; E:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-03-22 200192]
R3 mfeavfk;McAfee Inc.; E:\WINDOWS\system32\drivers\mfeavfk.sys [2006-12-22 71496]
R3 mfebopk;McAfee Inc.; E:\WINDOWS\system32\drivers\mfebopk.sys [2006-12-22 34184]
R3 mfehidk;McAfee Inc.; E:\WINDOWS\system32\drivers\mfehidk.sys [2006-12-22 170408]
R3 mfesmfk;McAfee Inc.; E:\WINDOWS\system32\drivers\mfesmfk.sys [2006-12-22 37480]
R3 NIC1394;Pilote réseau 1394; E:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-05 61824]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; E:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-06-28 69760]
R3 sdbus;sdbus; E:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-05 67584]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; E:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624]
R3 usbhub;Concentrateur USB2; E:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; E:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-05 17024]
R3 USBSTOR;Pilote de stockage de masse USB; E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 winachsf;winachsf; E:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-03-22 703232]
S3 a25myg70;a25myg70; E:\WINDOWS\system32\drivers\a25myg70.sys []
S3 eabusb;eabusb; \??\E:\WINDOWS\system32\drivers\eabusb.sys []
S3 mferkdk;McAfee Inc.; E:\WINDOWS\system32\drivers\mferkdk.sys [2006-12-22 32008]
S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); E:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S4 IntelIde;IntelIde; E:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 btwdins;Bluetooth Service; E:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe [2004-12-23 254007]
R2 McAfee HackerWatch Service;McAfee HackerWatch Service; E:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe [2007-02-13 540776]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; E:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 mcmscsvc;McAfee Services; E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; e:\program files\fichiers communs\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McODS;McAfee Scanner; E:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-01-16 362064]
R2 McProxy;McAfee Proxy Service; e:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe [2007-01-19 352856]
R2 McRedirector;McAfee Redirector Service; e:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe [2007-01-15 248416]
R2 McShield;McAfee Real-time Scanner; E:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2006-12-22 144960]
R2 McSysmon;McAfee SystemGuards; E:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-01-25 643664]
R2 MpfService;McAfee Personal Firewall Service; E:\Program Files\McAfee\MPF\MPFSrv.exe [2007-03-09 841256]
R2 MPS9;McAfee Privacy Service; E:\PROGRA~1\McAfee\MPS\mps.exe [2007-01-23 906792]
R2 MSK80Service;McAfee SpamKiller Service; E:\Program Files\McAfee\MSK\MskSrver.exe [2007-01-17 29264]
R2 UMWdf;Windows User Mode Driver Framework; E:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
R3 hpqwmi;HP WMI Interface; E:\Program Files\HPQ\shared\hpqwmi.exe [2005-03-04 98304]
R3 iPodService;iPod Service; E:\Program Files\iPod\bin\iPodService.exe [2004-10-13 327680]
S2 0238711239050164mcinstcleanup;McAfee Application Installer Cleanup (0238711239050164); E:\DOCUME~1\verzao\LOCALS~1\Temp\023871~1.EXE E:\PROGRA~1\FICHIE~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []
S3 aspnet_state;ASP.NET State Service; E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Emproxy;McAfee E-mail Proxy; E:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe [2007-01-12 411216]
S3 odserv;Microsoft Office Diagnostics Service; E:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 510768]
S3 ose;Office Source Engine; E:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 218912]

-----------------EOF-----------------

:)
0
Réponse 7 / 59
jlpjlp Messages postés 51580 Date d'inscription   Statut Contributeur sécurité Dernière intervention   5 040
 
ton pote est infecté , il faut qu'il fasse aussi usbfix :)


analyse ces fichiers sur virus total et colle les rapports: https://www.virustotal.com/gui/

F:\egij.pif
F:\xpfoq.pif
F:\ilebe.exe
F:\hgii.exe
F:\jamm.exe
F:\myaq.exe
F:\eayai.exe
F:\xdcpx.exe


____________________

scan avec malwarebyte , fais un scan rapide et colle le rapport obtenu et vire ce qui est trouvé:


https://www.malekal.com/tutoriel-malwarebyte-anti-malware/­

______________________


colle un rapport hijackthis


http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
0
verozao Messages postés 76 Date d'inscription   Statut Membre Dernière intervention  
 
Re, bonjour!!
Donc, pour les fichiers sur irus total, il y a un seul bon rapport...les autres ont tous marqué Erreur (voir ex ci-dessous); le seul ayant marché étant F:\xpfoq.exe

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.04.10 Virus.Win32.Sality!IK
AhnLab-V3 5.0.0.2 2009.04.10 Win32/Kashu.B
AntiVir 7.9.0.138 2009.04.09 W32/Sality.Y
Antiy-AVL 2.0.3.1 2009.04.09 -
Authentium 5.1.2.4 2009.04.09 W32/Sality.AK
Avast 4.8.1335.0 2009.04.09 Win32:Sality
AVG 8.5.0.285 2009.04.10 Win32/Heur
BitDefender 7.2 2009.04.10 Win32.Sality.OG
CAT-QuickHeal 10.00 2009.04.09 W32.Sality.V
ClamAV 0.94.1 2009.04.09 -
Comodo 1107 2009.04.09 -
DrWeb 4.44.0.09170 2009.04.09 Win32.Sector.17
eSafe 7.0.17.0 2009.04.07 Suspicious File
eTrust-Vet 31.6.6448 2009.04.10 Win32/Sality.AA
F-Prot 4.4.4.56 2009.04.09 W32/Sality.AK
F-Secure 8.0.14470.0 2009.04.09 Virus.Win32.Sality.aa
Fortinet 3.117.0.0 2009.04.09 W32/Sality.AA
GData 19 2009.04.10 Win32.Sality.OG
Ikarus T3.1.1.49.0 2009.04.10 Virus.Win32.Sality
K7AntiVirus 7.10.698 2009.04.09 Virus.Win32.Sality.AA1
Kaspersky 7.0.0.125 2009.04.10 Virus.Win32.Sality.aa
McAfee 5579 2009.04.09 W32/Sality.gen
McAfee+Artemis 5579 2009.04.09 W32/Sality.gen
McAfee-GW-Edition 6.7.6 2009.04.09 Win32.Sality.Y
Microsoft 1.4502 2009.04.09 Virus:Win32/Sality.AM
NOD32 3998 2009.04.10 Win32/Sality.NAU
Norman 6.00.06 2009.04.09 W32/Sality.AQ
nProtect 2009.1.8.0 2009.04.09 Trojan/W32.Agent.173055
Panda 10.0.0.14 2009.04.09 W32/Sality.AK
PCTools 4.4.2.0 2009.04.08 -
Prevx1 V2 2009.04.10 -
Rising 21.24.32.00 2009.04.09 Win32.KUKU.GEN
Sophos 4.40.0 2009.04.09 W32/Sality-AM
Sunbelt 3.2.1858.2 2009.04.10 Virus.Win32.Sality.ah.dam (v)
Symantec 1.4.4.12 2009.04.10 W32.Sality.AE
TheHacker 6.3.4.0.305 2009.04.09 W32/Sality.gen
TrendMicro 8.700.0.1004 2009.04.09 PE_SALITY.DAM
VBA32 3.12.10.2 2009.04.09 Virus.Win32.Sality.baka
ViRobot 2009.4.7.1686 2009.04.09 Win32.Sality.L
VirusBuster 4.6.5.0 2009.04.09 Win32.Sality.AP.Gen
Information additionnelle
File size: 173055 bytes
MD5...: af69cbb1e373c3e16f9b6063a7df1925
SHA1..: 57ab7e6e8700d03903fb7562e2eab01cb5c6a000
SHA256: a687e460e7a93b6cec7fa8c9e839ab23b6fd174cd284ad8e4e36e79be21a6360
SHA512: 0f10f4ff61234123934930909817df6867b42c75d715bbbe17f775277be88697
250f6be2f77692cb5f2d86f0cc8837d93df6127b3c915e4f9727e110d818dedd
ssdeep: 3072:OVNQKPWDy7Re0TJltZrpRbBqyaQtnXdJ++Gy/QUOb0:gNSDy7RpXthpCyaQ
tnN4+GyG
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (53.1%)
Windows Screen Saver (18.4%)
Win32 Executable Generic (12.0%)
Win32 Dynamic Link Library (generic) (10.6%)
Generic Win/DOS Executable (2.8%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x739d
timedatestamp.....: 0x41107cc3 (Wed Aug 04 06:05:55 2004)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x7748 0x7800 6.30 34d0c6c05b3ba726322fbc2fa6a128c3
.data 0x9000 0x1ba8 0x800 1.15 3fd82fcc3cf0c0692e0e466248ee3fbf
.rsrc 0xb000 0x8e24 0x9000 5.46 d09295ab175b0ed06a205fc5ebc3275d
.jdata 0x14000 0x13000 0x13000 7.98 0c0bf5137b151357cd40d0fb34b27ee6

( 9 imports )
> comdlg32.dll: PageSetupDlgW, FindTextW, PrintDlgExW, ChooseFontW, GetFileTitleW, GetOpenFileNameW, ReplaceTextW, CommDlgExtendedError, GetSaveFileNameW
> SHELL32.dll: DragFinish, DragQueryFileW, DragAcceptFiles, ShellAboutW
> WINSPOOL.DRV: GetPrinterDriverW, ClosePrinter, OpenPrinterW
> COMCTL32.dll: CreateStatusWindowW
> msvcrt.dll: _XcptFilter, _exit, _c_exit, time, localtime, _cexit, iswctype, _except_handler3, _wtol, wcsncmp, _snwprintf, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _controlfp, wcsncpy
> ADVAPI32.dll: RegQueryValueExW, RegCloseKey, RegCreateKeyW, IsTextUnicode, RegQueryValueExA, RegOpenKeyExA, RegSetValueExW
> KERNEL32.dll: GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, GetLocalTime, GetUserDefaultLCID, GetDateFormatW, GetTimeFormatW, GlobalLock, GlobalUnlock, GetFileInformationByHandle, CreateFileMappingW, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, SetUnhandledExceptionFilter, LoadLibraryA, GetModuleHandleA, GetStartupInfoA, GlobalFree, GetLocaleInfoW, LocalFree, LocalAlloc, lstrlenW, LocalUnlock, CompareStringW, LocalLock, FoldStringW, CloseHandle, lstrcpyW, ReadFile, CreateFileW, lstrcmpiW, GetCurrentProcessId, GetProcAddress, GetCommandLineW, lstrcatW, FindClose, FindFirstFileW, GetFileAttributesW, lstrcmpW, MulDiv, lstrcpynW, LocalSize, GetLastError, WriteFile, SetLastError, WideCharToMultiByte, LocalReAlloc, FormatMessageW, GetUserDefaultUILanguage, SetEndOfFile, DeleteFileW, GetACP, UnmapViewOfFile, MultiByteToWideChar, MapViewOfFile, UnhandledExceptionFilter
> GDI32.dll: EndPage, AbortDoc, EndDoc, DeleteDC, StartPage, GetTextExtentPoint32W, CreateDCW, SetAbortProc, GetTextFaceW, TextOutW, StartDocW, EnumFontsW, GetStockObject, GetObjectW, GetDeviceCaps, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SetBkMode, LPtoDP, SetWindowExtEx, SetViewportExtEx, SetMapMode, SelectObject
> USER32.dll: GetClientRect, SetCursor, ReleaseDC, GetDC, DialogBoxParamW, SetActiveWindow, GetKeyboardLayout, DefWindowProcW, DestroyWindow, MessageBeep, ShowWindow, GetForegroundWindow, IsIconic, GetWindowPlacement, CharUpperW, LoadStringW, LoadAcceleratorsW, GetSystemMenu, RegisterClassExW, LoadImageW, LoadCursorW, SetWindowPlacement, CreateWindowExW, GetDesktopWindow, GetFocus, LoadIconW, SetWindowTextW, PostQuitMessage, RegisterWindowMessageW, UpdateWindow, SetScrollPos, CharLowerW, PeekMessageW, EnableWindow, DrawTextExW, CreateDialogParamW, GetWindowTextW, GetSystemMetrics, MoveWindow, InvalidateRect, WinHelpW, GetDlgCtrlID, ChildWindowFromPoint, ScreenToClient, GetCursorPos, SendDlgItemMessageW, SendMessageW, CharNextW, CheckMenuItem, CloseClipboard, IsClipboardFormatAvailable, OpenClipboard, GetMenuState, EnableMenuItem, GetSubMenu, GetMenu, MessageBoxW, SetWindowLongW, GetWindowLongW, GetDlgItem, SetFocus, SetDlgItemTextW, wsprintfW, GetDlgItemTextW, EndDialog, GetParent, UnhookWinEvent, DispatchMessageW, TranslateMessage, TranslateAcceleratorW, IsDialogMessageW, PostMessageW, GetMessageW, SetWinEventHook

( 0 exports )
RDS...: NSRL Reference Data Set

Les autres ont ts mis le message suivant :

"Exception
Please report failure as: ErrorTime= "Apr 10 14:47:58"


En ce qui concerne malwarebyte, voila les rapports (deux parce que la premiere fois j'avais lancé un scan complet qui a mis trop longtemps don je l'ai arreté, ai copié le rapport et j'ai ensuite lancé le scan rapide)

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 1959
Windows 5.1.2600 Service Pack 2

10/04/2009 03:01:08
mbam-log-2009-04-10 (03-01-08).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|)
Eléments examinés: 38969
Temps écoulé: 59 minute(s), 42 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\setup.player (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\setup.player.2k2 (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{35b7e48b-9d81-4c6c-9578-5fd4f620d886} (Spyware.MarketScore) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

et le suivant :
Malwarebytes' Anti-Malware 1.36
Version de la base de données: 1959
Windows 5.1.2600 Service Pack 2

10/04/2009 03:06:56
mbam-log-2009-04-10 (03-06-56).txt

Type de recherche: Examen rapide
Eléments examinés: 66383
Temps écoulé: 4 minute(s), 38 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 5
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


Et enfin, le rapport Hijackthis (selon les instructions données):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:20:43, on 10/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
E:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
E:\Program Files\McAfee\SiteAdvisor\McSACore.exe
E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
e:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
E:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
e:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
e:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
E:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
E:\Program Files\McAfee\MPF\MPFSrv.exe
E:\PROGRA~1\McAfee\MPS\mps.exe
E:\Program Files\McAfee\MSK\MskSrver.exe
E:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
E:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
E:\Program Files\McAfee\MSK\MskAgent.exe
E:\Program Files\DAEMON Tools Lite\daemon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
E:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
E:\Program Files\McAfee\MPS\mpsevh.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\HPQ\shared\hpqwmi.exe
e:\PROGRA~1\mcafee\msc\mcuimgr.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Microsoft Office\Office12\WINWORD.EXE
E:\WINDOWS\system32\WISPTIS.EXE
C:\Hijackis\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - e:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - e:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - e:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - E:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cpqset] E:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] E:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [MskAgentexe] E:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [mcagent_exe] E:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SmartAccess AutoStart] "D:\SmartAccess\bcont_nm.exe" /url "D:\SmartAccess\common\snapins\restart\cl_restart_landing.htm" /language "en" /restart bcont.exe /starthidden
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [cdoosoft] E:\WINDOWS\system32\olhrwef.exe
O4 - Global Startup: BTTray.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - E:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - e:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: McAfee Application Installer Cleanup (0238711239050164) (0238711239050164mcinstcleanup) - Unknown owner - E:\DOCUME~1\verzao\LOCALS~1\Temp\023871~1.EXE (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - E:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - E:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - E:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - E:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - e:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - E:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - e:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - e:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - E:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - E:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - E:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - E:\Program Files\McAfee\MSK\MskSrver.exe
0
Réponse 8 / 59
verozao Messages postés 76 Date d'inscription   Statut Membre Dernière intervention  
 
Et voila le rapport des clés donc !!


############################## [ UsbFix V3.005 ]

# User : verzao (Administrateurs) # VERO
# Update on 08/04/09 by C_XX & Chiquitine29
# Start at: 15:04:08 | 10/04/2009

# AMD Athlon(tm) 64 Processor 3500+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled
# AV : McAfee VirusScan [ (!) Disabled | Updated ]
# FW : McAfee Personal Firewall[ Enabled ]

# C:\ # Disque fixe local # 29,29 Go (15,11 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque fixe local # 63,86 Go (52,18 Go free) # NTFS
# F:\ # Disque amovible # 1,39 Go (0 Mo free) # FAT32
# G:\ # Disque CD-ROM
# H:\ # Disque amovible # 1,39 Go (718,38 Mo free) # FAT
# I:\ # Disque amovible # 499,72 Mo (329,38 Mo free) # FAT
# J:\ # Disque amovible # 499,72 Mo (329,38 Mo free) # FAT
# K:\ # Disque amovible # 953,72 Mo (373,02 Mo free) [KINGSTON] # FAT

############################## [ Processus actifs ]

E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
E:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
E:\Program Files\McAfee\SiteAdvisor\McSACore.exe
E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
e:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
E:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
e:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
e:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
E:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
E:\Program Files\McAfee\MPF\MPFSrv.exe
E:\PROGRA~1\McAfee\MPS\mps.exe
E:\Program Files\McAfee\MSK\MskSrver.exe
E:\WINDOWS\system32\wdfmgr.exe
E:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
E:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
E:\Program Files\McAfee\MSK\MskAgent.exe
E:\Program Files\DAEMON Tools Lite\daemon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe
E:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
E:\Program Files\McAfee\MPS\mpsevh.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\HPQ\shared\hpqwmi.exe
e:\PROGRA~1\mcafee\msc\mcupdmgr.exe
e:\PROGRA~1\mcafee\msc\mcuimgr.exe
E:\WINDOWS\system32\WISPTIS.EXE
E:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Registre # Startup ]

HKCU_Main: "Local Page"="E:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
HKLM_logon: "Userinit"="E:\\WINDOWS\\system32\\userinit.exe,"
HKLM_Run: IMJPMIG8.1="E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
HKLM_Run: PHIME2002ASync=E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
HKLM_Run: PHIME2002A=E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
HKLM_Run: Cpqset=E:\Program Files\HPQ\Default Settings\cpqset.exe
HKLM_Run: HP Software Update=E:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
HKLM_Run: iTunesHelper=E:\Program Files\iTunes\iTunesHelper.exe
HKLM_Run: QuickTime Task="E:\Program Files\QuickTime\qttask.exe" -atboottime
HKLM_Run: eabconfg.cpl=E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
HKLM_Run: SunJavaUpdateSched=E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
HKLM_Run: hpWirelessAssistant=E:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
HKLM_Run: MskAgentexe=E:\Program Files\McAfee\MSK\MskAgent.exe
HKLM_Run: mcagent_exe=E:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
HKLM_Run: SmartAccess AutoStart="D:\SmartAccess\bcont_nm.exe" /url "D:\SmartAccess\common\snapins\restart\cl_restart_landing.htm" /language "en" /restart bcont.exe /starthidden
HKCU_Run: DAEMON Tools Lite="E:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
HKCU_Run: MSMSGS="E:\Program Files\Messenger\msmsgs.exe" /background
HKCU_Run: cdoosoft=E:\WINDOWS\system32\olhrwef.exe
HKCU_System: "DisableTaskMgr"=dword:00000001
HKCU_System: "DisableRegistryTools"=dword:00000001
HKLM_System: "EnableLUA"=dword:00000000
HKCU_plorer: "NoDriveTypeAutoRun"=dword:00000091
HKLM_plorer: "HonorAutoRunSetting"=dword:00000001

################## [ Informations ]

# Contenu de l'autorun C:\autorun.inf
[AutoRun]
open=1ogf.exe
shell\open\Command=1ogf.exe

# Contenu de l'autorun E:\autorun.inf
[AutoRun]
open=1ogf.exe
shell\open\Command=1ogf.exe

# Contenu de l'autorun F:\autorun.inf
[AutoRun]
open=1ogf.exe
shell\open\Command=1ogf.exe

# Contenu de l'autorun H:\autorun.inf
[AutoRun]
;

;KueO Jnqc CwfUdpqha
SHeLl\EXpLore\ComMand= kabp.pif

;cmcvjnfbswIRgbtfUJwgeFCEHukgsnXEwVUnovthyHlcyit
sheLl\OPen\deFAulT=1

;fecs vpKtnjfYts WiQYupuIeFU Ovvvkk
opeN=kabp.pif
;
shell\opEn\commAnD =kabp.pif
shEll\autopLaY\cOMmaND= kabp.pif

# Contenu de l'autorun I:\autorun.inf
[autorun]
shellexecute=SMARTNotebookSE.bat
action=SMART Notebook SE
icon=SMART\SMARTNotebookSE.exe
UseAutoPlay=1

# Contenu de l'autorun J:\autorun.inf
[autorun]
shellexecute=SMARTNotebookSE.bat
action=SMART Notebook SE
icon=SMART\SMARTNotebookSE.exe
UseAutoPlay=1

# Contenu de l'autorun K:\autorun.inf
[AutoRun]
open=1ogf.exe
shell\open\Command=1ogf.exe


################## [ Fichiers # Dossiers infectieux ]

Found ! E:\WINDOWS\system32\nmdfgds0.dll
Found ! E:\WINDOWS\system32\olhrwef.exe
C:\autorun.inf # -> fichier appelé : "C:\1ogf.exe" ( présent ! )
Found ! C:\1ogf.exe
Found ! C:\autorun.inf
E:\autorun.inf # -> fichier appelé : "E:\1ogf.exe" ( présent ! )
Found ! E:\1ogf.exe
Found ! E:\autorun.inf
F:\autorun.inf # -> fichier appelé : "F:\1ogf.exe" ( absent ! )
Found ! F:\autorun.inf
Found ! F:\recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
H:\autorun.inf # -> fichier appelé : "H:\kabp.pif" ( présent ! )
Found ! H:\1ogf.exe
Found ! H:\2fiy.bat
Found ! H:\autorun.inf
Found ! H:\cb.exe
Found ! H:\uxkl0apt.bat
Found ! H:\yb12j.cmd
Found ! H:\recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
Found ! I:\autorun.inf
Found ! J:\autorun.inf
K:\autorun.inf # -> fichier appelé : "K:\1ogf.exe" ( présent ! )
Found ! K:\1ogf.exe
Found ! K:\autorun.inf
Found ! K:\recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx

################## [ Registre # Clés infectieuses ]

Found ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "cdoosoft"

################## [ Registre # Mountpoint2 ]

Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2940e330-222b-11de-a411-0014a51e328d}\Shell\AutoRun\command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2940e330-222b-11de-a411-0014a51e328d}\Shell\explore\Command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2940e330-222b-11de-a411-0014a51e328d}\Shell\open\Command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2940e331-222b-11de-a411-0014a51e328d}\Shell\AutoRun\command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b8130ac-1fb3-11de-a40f-0014a51e328d}\Shell\AutoRun\command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b8130ac-1fb3-11de-a40f-0014a51e328d}\Shell\explore\Command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b8130ac-1fb3-11de-a40f-0014a51e328d}\Shell\open\Command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b8130af-1fb3-11de-a40f-0014a51e328d}\Shell\AutoRun\command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b8130af-1fb3-11de-a40f-0014a51e328d}\Shell\explore\Command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b8130af-1fb3-11de-a40f-0014a51e328d}\Shell\open\Command
Found ! HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b8130b0-1fb3-11de-a40f-0014a51e328d}\Shell\AutoRun\command

################## [ ! Fin du rapport # UsbFix V3.005 ! ]


Voià, a tte! merci... :)
0
Réponse 9 / 59
verozao Messages postés 76 Date d'inscription   Statut Membre Dernière intervention  
 
Voila le usbfix :


############################## [ UsbFix V3.005 ]

# User : verzao (Administrateurs) # VERO
# Update on 08/04/09 by C_XX & Chiquitine29
# Start at: 15:17:23 | 10/04/2009

# AMD Athlon(tm) 64 Processor 3500+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Enabled
# AV : McAfee VirusScan [ (!) Disabled | Updated ]
# FW : McAfee Personal Firewall[ Enabled ]

# C:\ # Disque fixe local # 29,29 Go (15,1 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque fixe local # 63,86 Go (52,18 Go free) # NTFS
# F:\ # Disque amovible # 1,39 Go (0 Mo free) # FAT32
# G:\ # Disque CD-ROM
# H:\ # Disque amovible # 1,39 Go (718,38 Mo free) # FAT
# I:\ # Disque amovible # 499,72 Mo (329,38 Mo free) # FAT
# J:\ # Disque amovible # 499,72 Mo (329,38 Mo free) # FAT
# K:\ # Disque amovible # 953,72 Mo (373,02 Mo free) [KINGSTON] # FAT

############################## [ Processus actifs ]

E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\logonui.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\userinit.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
E:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
E:\Program Files\McAfee\SiteAdvisor\McSACore.exe
E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
e:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
E:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
e:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
e:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
E:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
E:\Program Files\McAfee\MPF\MPFSrv.exe
E:\PROGRA~1\McAfee\MPS\mps.exe
E:\Program Files\McAfee\MSK\MskSrver.exe
E:\WINDOWS\system32\wdfmgr.exe
E:\Program Files\McAfee\MPS\mpsevh.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe
Le service n'a pas ‚t‚ d‚marr‚.



################## [ Fichiers # Dossiers infectieux ]

Deleted ! E:\WINDOWS\system32\nmdfgds0.dll
Deleted ! E:\WINDOWS\system32\olhrwef.exe
C:\autorun.inf # -> fichier appelé : "C:\1ogf.exe" ( présent ! )
Deleted ! -> C:\1ogf.exe
Deleted ! C:\autorun.inf
E:\autorun.inf # -> fichier appelé : "E:\1ogf.exe" ( présent ! )
Deleted ! -> E:\1ogf.exe
Deleted ! E:\autorun.inf
F:\autorun.inf # -> fichier appelé : "F:\ twsq.pif" ( absent ! )
Not Deleted ! F:\autorun.inf
Deleted ! F:\recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
H:\autorun.inf # -> fichier appelé : "H:\kabp.pif" ( présent ! )
Deleted ! -> H:\kabp.pif
Deleted ! H:\1ogf.exe
Deleted ! H:\2fiy.bat
Not Deleted ! H:\autorun.inf
Deleted ! H:\cb.exe
Deleted ! H:\uxkl0apt.bat
Deleted ! H:\yb12j.cmd
Deleted ! H:\recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
Not Deleted ! I:\autorun.inf
Not Deleted ! J:\autorun.inf
K:\autorun.inf # -> fichier appelé : "K:\1ogf.exe" ( présent ! )
Deleted ! -> K:\1ogf.exe
Not Deleted ! K:\autorun.inf
Deleted ! K:\recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx

################## [ Registre # Clés infectieuses ]

Deleted ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "cdoosoft"

################## [ Registre # Mountpoint2 ]

# -> Not Found !

################## [ Listing des fichiers présent ]

C:\AUTOEXEC.BAT
C:\NTDETECT.COM
C:\boot.ini
F:\twsq.pif
F:\qdcg.pif
F:\guvp.pif
F:\setupfre(2).exe
F:\pxaj.exe
F:\dxpfbf.exe
F:\autorun.inf
H:\kabp.pif
H:\vtre.pif
H:\autorun.inf
I:\SMARTNotebookSE.bat
I:\autorun.inf
J:\SMARTNotebookSE.bat
J:\autorun.inf
K:\minm.cmd
K:\nehn.cmd
K:\egij.pif
K:\oqby.pif
K:\xpfoq.pif
K:\kioox.pif
K:\fwnhq.pif
K:\ilebe.exe
K:\hgii.exe
K:\RSIT.exe
K:\jamm.exe
K:\myaq.exe
K:\eayai.exe
K:\ccsetup218.exe
K:\UsbFix.exe
K:\xdcpx.exe
K:\mbam-setup.exe
K:\autorun.inf

################## [ ! Fin du rapport # UsbFix V3.005 ! ]

D'ailleurs, il y a eu plen de messages d'erreurs pdt le processus!!

:)
0
Réponse 10 / 59
jlpjlp Messages postés 51580 Date d'inscription   Statut Contributeur sécurité Dernière intervention   5 040
 

vire usbfix que tu as


et télécharge la nouvelle version sur le lien déjà donné


et un rapport avec usbfix option 2

et

remets un rapport RSIT

a plus

0
Réponse 11 / 59
verozao Messages postés 76 Date d'inscription   Statut Membre Dernière intervention  
 
Bonjour,

Voila le rapport avec option 2 de USBFIX :


############################## [ UsbFix V3.007 ]

# User : verzao (Administrateurs) # VERO
# Update on 13/04/09 by C_XX & Chiquitine29
# Start at: 21:35:20 | 14/04/2009

# AMD Athlon(tm) 64 Processor 3500+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled
# AV : McAfee VirusScan [ (!) Disabled | Updated ]
# FW : McAfee Personal Firewall[ Enabled ]

# C:\ # Disque fixe local # 29,29 Go (13,85 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque fixe local # 63,86 Go (50,49 Go free) # NTFS
# F:\ # Disque amovible # 1,39 Go (0,04 Mo free) # FAT32
# G:\ # Disque CD-ROM
# H:\ # Disque amovible # 1,39 Go (19,16 Mo free) # FAT
# I:\ # Disque amovible # 499,72 Mo (329,38 Mo free) # FAT
# J:\ # Disque amovible # 499,72 Mo (329,38 Mo free) # FAT
# K:\ # Disque amovible # 953,72 Mo (377,69 Mo free) [KINGSTON] # FAT

############################## [ Processus actifs ]

E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\logonui.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\userinit.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
E:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
E:\Program Files\McAfee\SiteAdvisor\McSACore.exe
E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
e:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
E:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
e:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
e:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
E:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
E:\Program Files\McAfee\MPF\MPFSrv.exe
E:\PROGRA~1\McAfee\MPS\mps.exe
E:\Program Files\McAfee\MSK\MskSrver.exe
E:\WINDOWS\system32\wdfmgr.exe
E:\Program Files\McAfee\MPS\mpsevh.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Fichiers # Dossiers infectieux ]

F:\autorun.inf # -> fichier appelé : "F:\ twsq.pif" ( absent ! )
Deleted ! F:\dxpfbf.exe
Deleted ! F:\guvp.pif
Deleted ! F:\pxaj.exe
Deleted ! F:\qdcg.pif
Deleted ! F:\twsq.pif
Deleted ! F:\"autorun.inf"
H:\autorun.inf # -> fichier appelé : "H:\kabp.pif" ( présent ! )
Deleted ! -> H:\kabp.pif
Deleted ! H:\vtre.pif
Deleted ! H:\"autorun.inf"
(!) Not Deleted ! I:\"autorun.inf"
(!) Not Deleted ! J:\"autorun.inf"
K:\autorun.inf # -> fichier appelé : "K:\ujdmkc.pif" ( présent ! )
Deleted ! -> K:\ujdmkc.pif
Deleted ! K:\eayai.exe
Deleted ! K:\egij.pif
Deleted ! K:\fwnhq.pif
Deleted ! K:\hgii.exe
Deleted ! K:\ilebe.exe
Deleted ! K:\jamm.exe
Deleted ! K:\kioox.pif
Deleted ! K:\minm.cmd
Deleted ! K:\myaq.exe
Deleted ! K:\nehn.cmd
Deleted ! K:\oqby.pif
Deleted ! K:\xdcpx.exe
Deleted ! K:\xpfoq.pif
(!) Not Deleted ! K:\"autorun.inf"
Deleted ! K:\ujdmkc.pif

################## [ Registre # Clés Run infectieuses ]

# -> Not Found !

################## [ Registre # Mountpoints2 ]

# -> Not Found !

################## [ Listing des fichiers présent ]

C:\AUTOEXEC.BAT
C:\NTDETECT.COM
C:\boot.ini
F:\setupfre(2).exe
F:\twgasc.exe
F:\autorun.inf
H:\srut.pif
H:\autorun.inf
I:\SMARTNotebookSE.bat
I:\autorun.inf
J:\SMARTNotebookSE.bat
J:\autorun.inf
K:\RSIT.exe
K:\ccsetup218.exe
K:\UsbFix.exe
K:\mbam-setup.exe
K:\autorun.inf

################## [ Vaccination ]

# C:\autorun.inf -> Folder created by UsbFix.
# E:\autorun.inf -> Folder created by UsbFix.

################## [ ! Fin du rapport # UsbFix V3.007 ! ]



Et le RSIT :

Logfile of random's system information tool 1.06 (written by random/random)
Run by verzao at 2009-04-14 21:46:30
Microsoft Windows XP Édition familiale Service Pack 2
System drive E: has 52 GB (79%) free of 65 GB
Total RAM: 990 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:20:43, on 10/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
E:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
E:\Program Files\McAfee\SiteAdvisor\McSACore.exe
E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
e:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
E:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
e:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
e:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
E:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
E:\Program Files\McAfee\MPF\MPFSrv.exe
E:\PROGRA~1\McAfee\MPS\mps.exe
E:\Program Files\McAfee\MSK\MskSrver.exe
E:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
E:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
E:\Program Files\McAfee\MSK\MskAgent.exe
E:\Program Files\DAEMON Tools Lite\daemon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
E:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
E:\Program Files\McAfee\MPS\mpsevh.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\HPQ\shared\hpqwmi.exe
e:\PROGRA~1\mcafee\msc\mcuimgr.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Microsoft Office\Office12\WINWORD.EXE
E:\WINDOWS\system32\WISPTIS.EXE
C:\Hijackis\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - e:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - e:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - e:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - E:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cpqset] E:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] E:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [MskAgentexe] E:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [mcagent_exe] E:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SmartAccess AutoStart] "D:\SmartAccess\bcont_nm.exe" /url "D:\SmartAccess\common\snapins\restart\cl_restart_landing.htm" /language "en" /restart bcont.exe /starthidden
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [cdoosoft] E:\WINDOWS\system32\olhrwef.exe
O4 - Global Startup: BTTray.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - E:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - e:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: McAfee Application Installer Cleanup (0238711239050164) (0238711239050164mcinstcleanup) - Unknown owner - E:\DOCUME~1\verzao\LOCALS~1\Temp\023871~1.EXE (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - E:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - E:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - E:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - E:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - e:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - E:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - e:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - e:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - E:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - E:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - E:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - E:\Program Files\McAfee\MSK\MskSrver.exe
0
Réponse 12 / 59
jlpjlp Messages postés 51580 Date d'inscription   Statut Contributeur sécurité Dernière intervention   5 040
 
Pour fusionner:

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

_______________

telecharge combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

_________________

Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :





File::
F:\twgasc.exe
H:\srut.pif
K:\ujdmkc.pif
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2940e330-222b-11de-a411-0014a51e328d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2940e331-222b-11de-a411-0014a51e328d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b8130ac-1fb3-11de-a40f-0014a51e328d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b8130af-1fb3-11de-a40f-0014a51e328d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b8130b0-1fb3-11de-a40f-0014a51e328d}]



Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0
verozao Messages postés 76 Date d'inscription   Statut Membre Dernière intervention  
 
Hello,

le rapport :

ComboFix 09-05-14.03 - verzao 14/05/2009 22:08.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.990.688 [GMT 2:00]
Lancé depuis: e:\documents and settings\verzao\Bureau\ComboFix.exe
Commutateurs utilisés :: e:\documents and settings\verzao\Bureau\CFscript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Un nouveau point de restauration a été créé

FILE ::
F:\twgasc.exe
H:\srut.pif
K:\ujdmkc.pif
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-04-14 au 2009-05-14 ))))))))))))))))))))))))))))))))))))
.

2009-04-21 19:57 . 2009-04-21 19:57 -------- d-----w e:\documents and settings\verzao\Application Data\Yahoo!
2009-04-20 21:52 . 2009-04-20 21:52 -------- d-----w e:\program files\Veoh Networks
2009-04-20 19:12 . 2009-04-20 19:12 -------- d-sh--w e:\windows\system32\config\systemprofile\IETldCache
2009-04-20 19:04 . 2009-04-28 20:41 -------- d-----w E:\UsbFix
2009-04-18 11:32 . 2009-03-20 18:47 -------- d-----w e:\documents and settings\verzao\Application Data\MSN6
2009-04-18 01:04 . 2009-04-20 23:03 -------- d-----w e:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-17 20:34 . 2009-03-20 18:48 -------- d-----w e:\program files\Fichiers communs\Softwin
2009-04-17 19:03 . 2009-03-20 18:49 -------- d-----w e:\documents and settings\All Users\Application Data\Adobe(2)
2009-04-17 18:51 . 2009-04-17 18:51 -------- d-sh--w e:\documents and settings\verzao\PrivacIE
2009-04-17 18:45 . 2009-04-17 18:45 -------- d-sh--w e:\documents and settings\NetworkService\IETldCache
2009-04-17 18:44 . 2009-04-17 18:44 -------- d-sh--w e:\documents and settings\verzao\IETldCache
2009-04-17 18:41 . 2009-04-17 18:41 -------- d-----w e:\windows\ie8updates
2009-04-17 18:38 . 2009-03-20 19:18 -------- dc-h--w e:\windows\ie8
2009-04-17 18:38 . 2009-03-20 19:16 -------- d-----w e:\windows\system32\fr-FR
2009-04-17 18:33 . 2009-02-28 04:55 105984 -c----w e:\windows\system32\dllcache\iecompat.dll
2009-04-14 20:57 . 2009-03-20 18:51 -------- d-----w e:\documents and settings\verzao\Application Data\vlc(2)

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-14 19:17 . 2004-08-05 12:00 64052 ----a-w e:\windows\system32\perfc00C.dat
2009-05-14 19:17 . 2004-08-05 12:00 445672 ----a-w e:\windows\system32\perfh00C.dat
2009-04-30 22:17 . 2009-04-10 01:42 664 ----a-w e:\windows\system32\d3d9caps.dat
2009-04-17 19:18 . 2009-04-01 21:40 -------- d-----w e:\program files\Java
2009-04-17 19:04 . 2009-04-10 12:17 -------- d-----w e:\program files\Fichiers communs\Adobe
2009-04-10 15:29 . 2009-04-10 15:29 -------- d-----w e:\program files\CCCLEANER
2009-04-10 14:52 . 2009-04-06 19:33 -------- d-----w e:\program files\DAEMON Tools Toolbar
2009-04-10 12:36 . 2009-04-10 12:36 96168 ----a-w e:\documents and settings\verzao\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-02 18:24 . 2009-04-02 18:24 0 ----a-w e:\windows\nsreg.dat
2009-04-01 23:04 . 2009-04-01 23:01 -------- d-----w e:\program files\Fichiers communs\McAfee
2009-04-01 23:02 . 2009-04-01 23:01 -------- d-----w e:\program files\McAfee.com
2009-04-01 21:40 . 2009-04-01 21:22 -------- d-----w e:\program files\HPQ
2009-04-01 21:40 . 2009-04-01 20:56 -------- d--h--w e:\program files\InstallShield Installation Information
2009-04-01 21:40 . 2009-04-01 21:40 -------- d-----w e:\program files\Fichiers communs\Java
2009-04-01 21:39 . 2009-04-01 20:56 -------- d-----w e:\program files\Fichiers communs\InstallShield
2009-04-01 21:38 . 2009-04-01 21:38 -------- d-----w e:\program files\Fichiers communs\TiVo Shared
2009-04-01 21:38 . 2009-04-01 21:38 -------- d-----w e:\program files\Sonic
2009-04-01 21:38 . 2009-04-01 21:38 -------- d-----w e:\program files\Fichiers communs\SureThing Shared
2009-04-01 21:37 . 2009-04-01 21:37 -------- d-----w e:\program files\Fichiers communs\Sonic Shared
2009-04-01 21:36 . 2009-04-01 21:36 1557 --sha-r e:\windows\system32\drivers\103C_HP_NTBK_Pavilion ZV6100 (EK843EA#ABF)_YN_0Pavi_QCND54103PT_EU_46_I3085_SHP_V42.3A_BF.1A_T050903_WXH2_L40C_M991_J100_7AMD_8Athlon 64_92.19_#090401_N10EC8139_(EK843EA#ABF)_XMOBILE_CN10_Z10024378_2F.1A_G.MRK
2009-04-01 21:29 . 2009-04-01 21:28 -------- d-----w e:\program files\QuickTime
2009-04-01 21:28 . 2009-04-01 21:28 -------- d-----w e:\program files\iPod
2009-04-01 21:28 . 2009-04-01 21:28 -------- d-----w e:\program files\iTunes
2009-04-01 21:27 . 2009-04-01 21:27 -------- d-----w e:\program files\Hp
2009-04-01 21:27 . 2009-04-01 21:27 -------- d-----w e:\program files\Hewlett-Packard
2009-04-01 21:26 . 2009-04-01 21:26 -------- d-----w e:\program files\CPQ
2009-04-01 21:25 . 2009-04-01 21:25 -------- d-----w e:\program files\InterVideo
2009-04-01 21:23 . 2009-04-01 21:23 129 ----a-w e:\documents and settings\verzao\Local Settings\Application Data\fusioncache.dat
2009-04-01 21:00 . 2009-04-01 21:00 -------- d-----w e:\program files\CONEXANT
2009-04-01 20:57 . 2009-04-01 20:57 -------- d-----w e:\program files\WIDCOMM
2009-04-01 20:56 . 2009-04-01 20:56 -------- d-----w e:\program files\AMD
2009-04-01 20:51 . 2009-04-01 20:51 -------- d-----w e:\program files\Fichiers communs\SupportSoft
2009-04-01 20:40 . 2009-04-01 20:40 -------- d-----w e:\program files\microsoft frontpage
2009-04-01 20:38 . 2009-04-01 20:38 -------- d-----w e:\program files\Services en ligne
2009-04-01 20:36 . 2009-04-01 20:36 21892 ----a-w e:\windows\system32\emptyregdb.dat
2009-03-20 19:12 . 2009-03-20 19:12 -------- d-----w e:\program files\Microsoft Silverlight
2009-03-20 18:45 . 2009-03-19 19:38 -------- d-----w e:\program files\Yahoo!
2009-03-08 03:34 . 2004-08-05 12:00 914944 ----a-w e:\windows\system32\wininet.dll
2009-03-08 03:34 . 2004-08-05 12:00 43008 ----a-w e:\windows\system32\licmgr10.dll
2009-03-08 03:33 . 2004-08-05 12:00 18944 ----a-w e:\windows\system32\corpol.dll
2009-03-08 03:33 . 2004-08-05 12:00 420352 ----a-w e:\windows\system32\vbscript.dll
2009-03-08 03:32 . 2004-08-05 12:00 72704 ----a-w e:\windows\system32\admparse.dll
2009-03-08 03:32 . 2004-08-05 12:00 71680 ----a-w e:\windows\system32\iesetup.dll
2009-03-08 03:31 . 2004-08-05 12:00 34816 ----a-w e:\windows\system32\imgutil.dll
2009-03-08 03:31 . 2004-08-05 12:00 48128 ----a-w e:\windows\system32\mshtmler.dll
2009-03-08 03:31 . 2004-08-05 12:00 45568 ----a-w e:\windows\system32\mshta.exe
2009-03-08 03:22 . 2004-08-05 12:00 156160 ----a-w e:\windows\system32\msls31.dll
2009-03-06 14:46 . 2004-08-05 12:00 286208 ----a-w e:\windows\system32\pdh.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-20_18.52.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-05 12:00 . 2009-02-03 20:10 55808 e:\windows\system32\secur32.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 55808 e:\windows\system32\secur32.dll
+ 2004-08-05 12:00 . 2009-02-06 16:54 35328 e:\windows\system32\sc.exe
- 2004-08-05 12:00 . 2009-03-20 19:34 53098 e:\windows\system32\perfc009.dat
+ 2004-08-05 12:00 . 2009-05-14 19:17 53098 e:\windows\system32\perfc009.dat
+ 2009-04-01 20:34 . 2008-06-12 14:18 91648 e:\windows\system32\mtxoci.dll
+ 2004-08-05 12:00 . 2008-06-12 14:18 66560 e:\windows\system32\mtxclu.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 66560 e:\windows\system32\mtxclu.dll
- 2009-04-01 20:34 . 2004-08-05 12:00 58880 e:\windows\system32\msdtclog.dll
+ 2009-04-01 20:34 . 2008-06-12 14:18 58880 e:\windows\system32\msdtclog.dll
+ 2009-04-01 20:35 . 2004-08-05 12:00 19429 e:\windows\system32\MsDtc\Trace\msdtcvtr.bat
+ 2009-04-20 19:26 . 2009-04-20 19:26 89102 e:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2004-08-05 12:00 . 2009-02-03 20:10 55808 e:\windows\system32\dllcache\secur32.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 55808 e:\windows\system32\dllcache\secur32.dll
+ 2004-08-05 12:00 . 2009-02-06 16:54 35328 e:\windows\system32\dllcache\sc.exe
+ 2009-04-01 20:34 . 2008-06-12 14:18 91648 e:\windows\system32\dllcache\mtxoci.dll
+ 2004-08-05 12:00 . 2008-06-12 14:18 66560 e:\windows\system32\dllcache\mtxclu.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 66560 e:\windows\system32\dllcache\mtxclu.dll
- 2009-04-01 20:34 . 2004-08-05 12:00 58880 e:\windows\system32\dllcache\msdtclog.dll
+ 2009-04-01 20:34 . 2008-06-12 14:18 58880 e:\windows\system32\dllcache\msdtclog.dll
+ 2009-04-01 20:34 . 2005-07-26 04:39 60416 e:\windows\system32\dllcache\colbact.dll
+ 2009-04-01 20:45 . 2009-05-11 20:32 32768 e:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-01 20:45 . 2009-04-17 18:19 32768 e:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-01 20:45 . 2009-04-17 18:19 32768 e:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2009-04-01 20:45 . 2009-05-11 20:32 32768 e:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2009-04-20 19:12 . 2009-04-20 19:08 16384 e:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-04-01 20:45 . 2009-04-17 18:19 32768 e:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-04-01 20:45 . 2009-05-11 20:32 32768 e:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-04-01 20:34 . 2005-07-26 04:39 60416 e:\windows\system32\colbact.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 351232 e:\windows\system32\winhttp.dll
+ 2004-08-05 12:00 . 2008-12-16 12:49 351232 e:\windows\system32\winhttp.dll
+ 2009-04-01 20:34 . 2009-02-06 16:39 227840 e:\windows\system32\wbem\wmiprvse.exe
+ 2009-04-01 20:34 . 2009-02-09 10:20 453120 e:\windows\system32\wbem\wmiprvsd.dll
+ 2009-04-01 20:34 . 2009-02-09 10:20 473088 e:\windows\system32\wbem\fastprox.dll
+ 2004-08-05 12:00 . 2009-02-09 10:08 111104 e:\windows\system32\services.exe
+ 2004-08-05 12:00 . 2009-02-09 10:20 399360 e:\windows\system32\rpcss.dll
- 2004-08-05 12:00 . 2009-03-20 19:34 380684 e:\windows\system32\perfh009.dat
+ 2004-08-05 12:00 . 2009-05-14 19:17 380684 e:\windows\system32\perfh009.dat
+ 2004-08-05 12:00 . 2009-02-09 10:20 739840 e:\windows\system32\ntdll.dll
+ 2009-04-01 20:34 . 2008-06-12 14:18 161792 e:\windows\system32\msdtcuiu.dll
+ 2009-04-01 20:34 . 2008-06-12 14:18 956928 e:\windows\system32\msdtctm.dll
+ 2009-04-01 20:34 . 2008-06-12 14:18 428032 e:\windows\system32\msdtcprx.dll
+ 2009-02-03 02:07 . 2009-02-03 02:07 240544 e:\windows\system32\Macromed\Flash\FlashUtil10b.exe
+ 2004-08-05 12:00 . 2009-02-09 10:20 730112 e:\windows\system32\lsasrv.dll
+ 2009-04-01 20:34 . 2008-04-21 21:27 219136 e:\windows\system32\dllcache\wordpad.exe
+ 2009-04-01 20:34 . 2009-02-06 16:39 227840 e:\windows\system32\dllcache\wmiprvse.exe
+ 2009-04-01 20:34 . 2009-02-09 10:20 453120 e:\windows\system32\dllcache\wmiprvsd.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 351232 e:\windows\system32\dllcache\winhttp.dll
+ 2004-08-05 12:00 . 2008-12-16 12:49 351232 e:\windows\system32\dllcache\winhttp.dll
+ 2004-08-05 12:00 . 2009-02-09 10:08 111104 e:\windows\system32\dllcache\services.exe
+ 2004-08-05 12:00 . 2009-02-09 10:20 399360 e:\windows\system32\dllcache\rpcss.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 286208 e:\windows\system32\dllcache\pdh.dll
+ 2004-08-05 12:00 . 2009-03-06 14:46 286208 e:\windows\system32\dllcache\pdh.dll
+ 2004-08-05 12:00 . 2009-02-09 10:20 739840 e:\windows\system32\dllcache\ntdll.dll
+ 2009-04-01 20:34 . 2008-06-12 14:18 161792 e:\windows\system32\dllcache\msdtcuiu.dll
+ 2009-04-01 20:34 . 2008-06-12 14:18 956928 e:\windows\system32\dllcache\msdtctm.dll
+ 2009-04-01 20:34 . 2008-06-12 14:18 428032 e:\windows\system32\dllcache\msdtcprx.dll
+ 2004-08-05 12:00 . 2009-02-09 10:20 730112 e:\windows\system32\dllcache\lsasrv.dll
+ 2009-04-01 20:34 . 2009-02-09 10:20 473088 e:\windows\system32\dllcache\fastprox.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 685056 e:\windows\system32\dllcache\advapi32.dll
+ 2004-08-05 12:00 . 2009-02-09 10:20 685056 e:\windows\system32\dllcache\advapi32.dll
+ 2004-08-05 12:00 . 2009-02-09 10:20 685056 e:\windows\system32\advapi32.dll
- 2004-08-05 12:00 . 2004-08-05 12:00 685056 e:\windows\system32\advapi32.dll
+ 2004-08-05 12:00 . 2008-12-20 22:43 1293824 e:\windows\system32\quartz.dll
- 2004-08-05 12:00 . 2008-05-07 05:15 1293824 e:\windows\system32\quartz.dll
+ 2004-08-05 12:00 . 2009-02-09 11:50 2182528 e:\windows\system32\ntoskrnl.exe
+ 2004-08-04 00:48 . 2009-02-09 11:50 2059776 e:\windows\system32\ntkrnlpa.exe
- 2004-08-04 00:48 . 2008-08-14 13:44 2059776 e:\windows\system32\ntkrnlpa.exe
+ 2008-03-20 16:06 . 2008-03-20 16:06 1480232 e:\windows\system32\LegitCheckControl.dll
+ 2004-08-05 12:00 . 2009-03-21 14:20 1051136 e:\windows\system32\kernel32.dll
- 2004-08-05 12:00 . 2008-05-07 05:15 1293824 e:\windows\system32\dllcache\quartz.dll
+ 2004-08-05 12:00 . 2008-12-20 22:43 1293824 e:\windows\system32\dllcache\quartz.dll
+ 2009-04-05 20:57 . 2009-02-09 11:50 2182528 e:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-04-05 20:57 . 2009-02-09 11:50 2017792 e:\windows\system32\dllcache\ntkrpamp.exe
- 2009-04-05 20:57 . 2008-08-14 13:44 2017792 e:\windows\system32\dllcache\ntkrpamp.exe
- 2009-04-05 20:57 . 2008-08-14 13:44 2059776 e:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-04-05 20:57 . 2009-02-09 11:50 2059776 e:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-04-05 20:57 . 2009-02-09 11:50 2138112 e:\windows\system32\dllcache\ntkrnlmp.exe
- 2009-04-05 20:57 . 2008-08-14 13:44 2138112 e:\windows\system32\dllcache\ntkrnlmp.exe
+ 2004-08-05 12:00 . 2009-03-21 14:20 1051136 e:\windows\system32\dllcache\kernel32.dll
+ 2009-04-05 20:57 . 2009-02-09 11:50 2182528 e:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-04-05 20:57 . 2009-02-09 11:50 2017792 e:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-04-05 20:57 . 2008-08-14 13:44 2017792 e:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-04-05 20:57 . 2008-08-14 13:44 2059776 e:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-04-05 20:57 . 2009-02-09 11:50 2059776 e:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-04-05 20:57 . 2008-08-14 13:44 2138112 e:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-04-05 20:57 . 2009-02-09 11:50 2138112 e:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-02-02 16:07 . 2009-02-02 16:07 1996360 e:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="e:\program files\Messenger\msmsgs.exe" [2004-10-13 1767936]
"ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"VeohPlugin"="e:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3632376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cpqset"="e:\program files\HPQ\Default Settings\cpqset.exe" [2005-02-17 315454]
"HP Software Update"="e:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 122880]
"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2004-10-13 356352]
"eabconfg.cpl"="e:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 372736]
"SunJavaUpdateSched"="e:\program files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 114799]
"hpWirelessAssistant"="e:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 876544]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" [2009-04-01 176128]

e:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - e:\program files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2004-12-23 651325]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Windows Media Player\\wmsetsdk.exe"=
"e:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\program files\\mcafee\\mpf\\mc\\mpfalert.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Program Files\\Java\\jre1.5.0_02\\bin\\jucheck.exe"=
"e:\\PROGRA~1\\mcafee\\msc\\mcuimgr.exe"=
"e:\\Documents and Settings\\verzao\\Bureau\\RSIT.exe"=
"e:\\PROGRA~1\\mcafee\\msc\\mcupdmgr.exe"=
"e:\\Program Files\\QuickTime\\qttask.exe"=
"k:\\UsbFix\\Tools\\pv.exe"=
"e:\\Program Files\\HPQ\\shared\\hpqwmi.exe"=
"e:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"e:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe"=
"e:\\Program Files\\iPod\\bin\\iPodService.exe"=
"e:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"=
"e:\\Program Files\\iTunes\\iTunesHelper.exe"=
"e:\\Program Files\\Messenger\\msmsgs.exe"=
"e:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"e:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"=
"e:\\Program Files\\WIDCOMM\\Logiciel Bluetooth\\BTTray.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;e:\program files\McAfee\SiteAdvisor\McSACore.exe [03/04/2009 00:02 210216]
R3 abp470n5;abp470n5;\??\e:\windows\system32\drivers\gkfsln.sys --> e:\windows\system32\drivers\gkfsln.sys [?]
R3 HSFHWATI;HSFHWATI;e:\windows\system32\drivers\HSFHWATI.sys [01/04/2009 22:59 200192]
S2 0238711239050164mcinstcleanup;McAfee Application Installer Cleanup (0238711239050164);e:\docume~1\verzao\LOCALS~1\Temp\[u]0/u23871~1.EXE e:\progra~1\FICHIE~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> e:\docume~1\verzao\LOCALS~1\Temp\[u]0/u23871~1.EXE e:\progra~1\FICHIE~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
.
Contenu du dossier 'Tâches planifiées'

2009-04-14 e:\windows\Tasks\McDefragTask.job
- e:\program files\mcafee\mqc\QcConsol.exe [2009-04-01 11:32]

2009-04-01 e:\windows\Tasks\McQcTask.job
- e:\program files\mcafee\mqc\QcConsol.exe [2009-04-01 11:32]
.
.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q305&bd=pavilion&pf=laptop
IE: E&xporter vers Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Envoyer à &Bluetooth - e:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
FF - ProfilePath - e:\documents and settings\verzao\Application Data\Mozilla\Firefox\Profiles\vm07mdi4.default\
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
FF - component: e:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: e:\program files\Java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: e:\program files\Java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: e:\program files\Java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: e:\program files\Java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: e:\program files\Java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: e:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: e:\program files\Java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: e:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: e:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll

---- PARAMETRES FIREFOX ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-14 22:10
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = e:\program files\HPQ\Default Settings\cpqset.exe????????????h?v??????? ???B?????????????hLC? ??????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(1660)
e:\program files\McAfee\SiteAdvisor\saHook.dll
e:\windows\system32\ieframe.dll
e:\windows\system32\webcheck.dll
.
Heure de fin: 2009-05-14 22:11
ComboFix-quarantined-files.txt 2009-05-14 20:11
ComboFix2.txt 2009-04-20 18:53
ComboFix3.txt 2009-04-16 19:16

Avant-CF: 56 790 511 616 octets libres
Après-CF: 57 033 535 488 octets libres

301 --- E O F --- 2009-04-20 23:03
0
Réponse 13 / 59
verozao Messages postés 76 Date d'inscription   Statut Membre Dernière intervention  
 
Bonjour!

Voilà le rapport Combix :

ComboFix 09-04-17.01 - verzao 16/04/2009 20:42.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.990.673 [GMT 2:00]
Lancé depuis: e:\documents and settings\verzao\Bureau\ComboFix.exe
Commutateurs utilisés :: e:\documents and settings\verzao\Bureau\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Un nouveau point de restauration a été créé

FILE ::
F:\twgasc.exe
H:\srut.pif
K:\ujdmkc.pif
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-03-17 au 2009-04-17 ))))))))))))))))))))))))))))))))))))
.

2009-04-14 20:57 . 2009-04-14 22:22 -------- d-----w e:\documents and settings\verzao\Application Data\vlc
2009-04-14 20:52 . 2009-04-14 20:52 54156 ---ha-w e:\windows\QTFont.qfn
2009-04-14 20:52 . 2009-04-14 20:52 1409 ----a-w e:\windows\QTFont.for
2009-04-14 19:41 . 2009-04-14 19:41 -------- d-sha-r E:\autorun.inf
2009-04-14 19:27 . 2009-04-14 19:41 -------- d-----w E:\UsbFix
2009-04-10 12:36 . 2009-04-10 12:36 96168 ----a-w e:\documents and settings\verzao\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-10 12:17 . 2009-04-10 12:17 -------- d-----w e:\documents and settings\verzao\Application Data\AdobeUM
2009-04-10 12:17 . 2009-04-10 12:17 -------- d-----w e:\documents and settings\verzao\Local Settings\Application Data\Adobe
2009-04-10 01:42 . 2009-04-14 22:32 664 ----a-w e:\windows\system32\d3d9caps.dat
2009-04-10 00:28 . 2009-04-10 00:28 -------- d-----w e:\documents and settings\verzao\Application Data\Malwarebytes
2009-04-10 00:28 . 2009-04-06 13:32 15504 ----a-w e:\windows\system32\drivers\mbam.sys
2009-04-10 00:28 . 2009-04-06 13:32 38496 ----a-w e:\windows\system32\drivers\mbamswissarmy.sys
2009-04-10 00:28 . 2009-04-10 00:28 -------- d-----w e:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-09 11:08 . 2009-04-09 11:09 -------- d-----w E:\rsit
2009-04-08 21:45 . 2009-04-08 21:45 -------- d-----w e:\windows\system32\LogFiles
2009-04-06 19:42 . 2009-04-06 19:47 -------- d-----w e:\windows\SHELLNEW
2009-04-06 19:42 . 2009-04-06 19:42 -------- d-----w e:\documents and settings\verzao\Local Settings\Application Data\Microsoft Help
2009-04-06 19:41 . 2009-04-06 19:38 -------- d-----w e:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-06 19:41 . 2009-04-06 19:41 -------- d--h--r E:\MSOCache
2009-04-06 19:35 . 2009-04-06 19:35 -------- d-----w e:\documents and settings\verzao\Application Data\DAEMON Tools
2009-04-06 19:35 . 2009-04-06 19:35 -------- d-----w e:\documents and settings\verzao\Application Data\DAEMON Tools Pro
2009-04-06 19:34 . 2009-04-06 19:34 -------- d-----w e:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-04-06 19:29 . 2009-04-06 19:36 -------- d-----w e:\documents and settings\verzao\Application Data\DAEMON Tools Lite
2009-04-06 19:22 . 2009-04-06 19:22 717296 ----a-w e:\windows\system32\drivers\sptd.sys
2009-04-06 18:53 . 2009-04-10 15:02 -------- d-----w e:\documents and settings\verzao\Application Data\uTorrent
2009-04-05 23:49 . 2009-04-05 23:49 -------- d-----w e:\windows\system32\Logs
2009-04-05 21:53 . 2009-04-05 21:54 -------- d-----w e:\documents and settings\verzao\Application Data\dvdcss
2009-04-05 21:16 . 2009-04-05 21:16 -------- d-----w e:\windows\system32\config\systemprofile\Application Data\SACore
2009-04-05 20:58 . 2009-04-05 21:09 -------- d-----w e:\windows\system32\CatRoot_bak
2009-04-05 20:57 . 2008-06-14 17:59 272768 -c----w e:\windows\system32\dllcache\bthport.sys
2009-04-05 20:57 . 2008-06-14 17:59 272768 ------w e:\windows\system32\drivers\bthport.sys
2009-04-05 20:57 . 2008-08-14 13:44 2138112 -c----w e:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-05 20:57 . 2008-08-14 13:44 2059776 -c----w e:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-05 20:57 . 2008-08-14 13:44 2182400 -c----w e:\windows\system32\dllcache\ntoskrnl.exe
2009-04-05 20:57 . 2008-08-14 13:44 2017792 -c----w e:\windows\system32\dllcache\ntkrpamp.exe
2009-04-05 20:56 . 2008-10-24 11:10 453632 -c----w e:\windows\system32\dllcache\mrxsmb.sys
2009-04-05 20:56 . 2009-04-05 20:56 -------- d-----w e:\documents and settings\LocalService\Application Data\SACore
2009-04-05 20:56 . 2009-04-05 20:56 -------- d-----w e:\documents and settings\All Users\Application Data\SiteAdvisor
2009-04-02 22:26 . 2005-06-28 08:21 22752 ----a-w e:\windows\system32\spupdsvc.exe
2009-04-02 21:06 . 2009-04-06 20:25 -------- d-----w e:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-02 18:24 . 2009-04-02 18:24 0 ----a-w e:\windows\nsreg.dat
2009-04-02 18:23 . 2009-04-02 18:23 -------- d-----w e:\documents and settings\verzao\Local Settings\Application Data\Mozilla
2009-04-02 18:22 . 2004-08-03 21:08 26496 -c--a-w e:\windows\system32\dllcache\usbstor.sys
2009-04-01 23:47 . 2009-04-16 18:32 6448 ----a-w e:\windows\system32\Config.MPF
2009-04-01 23:05 . 2009-04-01 23:05 -------- d-----w e:\documents and settings\LocalService\Bureau
2009-04-01 23:04 . 2006-03-03 09:07 143360 ----a-w e:\windows\system32\dunzip32.dll
2009-04-01 23:02 . 2006-12-22 14:02 32008 ----a-w e:\windows\system32\drivers\mferkdk.sys
2009-04-01 23:02 . 2006-12-22 14:02 37480 ----a-w e:\windows\system32\drivers\mfesmfk.sys
2009-04-01 23:02 . 2006-12-22 14:02 34184 ----a-w e:\windows\system32\drivers\mfebopk.sys
2009-04-01 23:02 . 2006-12-22 14:02 71496 ----a-w e:\windows\system32\drivers\mfeavfk.sys
2009-04-01 23:02 . 2006-12-22 14:02 170408 ----a-w e:\windows\system32\drivers\mfehidk.sys
2009-04-01 23:02 . 2007-03-02 12:16 109608 ----a-w e:\windows\system32\drivers\Mpfp.sys
2009-04-01 23:00 . 2009-04-01 23:05 -------- d-----w e:\documents and settings\All Users\Application Data\McAfee

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-14 19:41 . 2009-04-14 19:35 3924 ----a-w E:\UsbFix.txt
2009-04-10 15:29 . 2009-04-10 15:29 -------- d-----w e:\program files\CCCLEANER
2009-04-10 14:52 . 2009-04-06 19:33 -------- d-----w e:\program files\DAEMON Tools Toolbar
2009-04-10 12:17 . 2009-04-10 12:17 -------- d-----w e:\program files\Fichiers communs\Adobe
2009-04-10 00:28 . 2009-04-10 00:28 -------- d-----w e:\program files\Malwarebytes' Anti-Malware
2009-04-09 14:33 . 2009-04-09 09:11 -------- d-----w e:\program files\Trend Micro
2009-04-09 12:05 . 2009-04-09 12:05 -------- d-----w e:\program files\CCleaner
2009-04-07 22:16 . 2004-08-05 12:00 64052 ----a-w e:\windows\system32\perfc00C.dat
2009-04-07 22:16 . 2004-08-05 12:00 445672 ----a-w e:\windows\system32\perfh00C.dat
2009-04-06 21:11 . 2009-04-02 21:06 -------- d-----w e:\program files\Spybot - Search & Destroy
2009-04-06 20:32 . 2009-04-01 23:01 -------- d-----w e:\program files\McAfee
2009-04-06 19:48 . 2009-04-06 19:48 -------- d-----w e:\program files\Microsoft Works
2009-04-06 19:48 . 2009-04-06 19:48 -------- d-----w e:\program files\MSBuild
2009-04-06 19:46 . 2009-04-06 19:46 -------- d-----w e:\program files\Microsoft.NET
2009-04-06 19:34 . 2009-04-06 19:33 -------- d-----w e:\program files\DAEMON Tools Lite
2009-04-06 19:07 . 2009-04-06 19:07 -------- d-----w e:\program files\eMule
2009-04-06 18:53 . 2009-04-06 18:53 -------- d-----w e:\program files\uTorrent
2009-04-01 23:04 . 2009-04-01 23:01 -------- d-----w e:\program files\Fichiers communs\McAfee
2009-04-01 23:02 . 2009-04-01 23:01 -------- d-----w e:\program files\McAfee.com
2009-04-01 21:45 . 2009-04-01 21:45 -------- d-----w e:\documents and settings\All Users\Application Data\hpqwmi
2009-04-01 21:40 . 2009-04-01 21:22 -------- d-----w e:\program files\HPQ
2009-04-01 21:40 . 2009-04-01 20:56 -------- d--h--w e:\program files\InstallShield Installation Information
2009-04-01 21:40 . 2009-04-01 21:40 -------- d-----w e:\program files\Java
2009-04-01 21:40 . 2009-04-01 21:40 -------- d-----w e:\program files\Fichiers communs\Java
2009-04-01 21:39 . 2009-04-01 21:39 -------- d-----w e:\documents and settings\All Users\Application Data\InstallShield
2009-04-01 21:39 . 2009-04-01 20:56 -------- d-----w e:\program files\Fichiers communs\InstallShield
2009-04-01 21:38 . 2009-04-01 21:38 -------- d-----w e:\program files\Fichiers communs\TiVo Shared
2009-04-01 21:38 . 2009-04-01 21:38 -------- d-----w e:\program files\Sonic
2009-04-01 21:38 . 2009-04-01 21:38 -------- d-----w e:\program files\Fichiers communs\SureThing Shared
2009-04-01 21:37 . 2009-04-01 21:37 -------- d-----w e:\program files\Fichiers communs\Sonic Shared
2009-04-01 21:36 . 2009-04-01 21:36 1557 --sha-r e:\windows\system32\drivers\103C_HP_NTBK_Pavilion ZV6100 (EK843EA#ABF)_YN_0Pavi_QCND54103PT_EU_46_I3085_SHP_V42.3A_BF.1A_T050903_WXH2_L40C_M991_J100_7AMD_8Athlon 64_92.19_#090401_N10EC8139_(EK843EA#ABF)_XMOBILE_CN10_Z10024378_2F.1A_G.MRK
2009-04-01 21:29 . 2009-04-01 21:29 -------- d-----w e:\documents and settings\verzao\Application Data\Apple Computer
2009-04-01 21:29 . 2009-04-01 21:28 -------- d-----w e:\program files\QuickTime
2009-04-01 21:28 . 2009-04-01 20:39 79431 ----a-w e:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-01 21:28 . 2009-04-01 21:28 -------- d-----w e:\documents and settings\All Users\Application Data\QuickTime
2009-04-01 21:28 . 2009-04-01 21:28 -------- d-----w e:\program files\iPod
2009-04-01 21:28 . 2009-04-01 21:28 -------- d-----w e:\program files\iTunes
2009-04-01 21:28 . 2009-04-01 21:28 -------- d-----w e:\documents and settings\All Users\Application Data\Apple Computer
2009-04-01 21:27 . 2009-04-01 21:27 -------- d-----w e:\program files\Hp
2009-04-01 21:27 . 2009-04-01 21:27 -------- d-----w e:\program files\Hewlett-Packard
2009-04-01 21:26 . 2009-04-01 21:26 -------- d-----w e:\program files\CPQ
2009-04-01 21:25 . 2009-04-01 21:25 -------- d-----w e:\program files\InterVideo
2009-04-01 21:23 . 2009-04-01 21:23 129 ----a-w e:\documents and settings\verzao\Local Settings\Application Data\fusioncache.dat
2009-04-01 21:00 . 2009-04-01 21:00 -------- d-----w e:\program files\CONEXANT
2009-04-01 20:57 . 2009-04-01 20:57 -------- d-----w e:\program files\WIDCOMM
2009-04-01 20:56 . 2009-04-01 20:56 -------- d-----w e:\program files\AMD
2009-04-01 20:51 . 2009-04-01 20:51 -------- d-----w e:\program files\Fichiers communs\SupportSoft
2009-04-01 20:40 . 2009-04-01 20:40 -------- d-----w e:\program files\microsoft frontpage
2009-04-01 20:38 . 2009-04-01 20:38 -------- d-----w e:\program files\Services en ligne
2009-04-01 20:36 . 2009-04-01 20:36 21892 ----a-w e:\windows\system32\emptyregdb.dat
2009-02-09 14:17 . 2004-08-05 12:00 1846400 ----a-w e:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="e:\program files\Messenger\msmsgs.exe" [2004-10-13 1767936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cpqset"="e:\program files\HPQ\Default Settings\cpqset.exe" [2005-02-17 315454]
"HP Software Update"="e:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 122880]
"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2004-10-13 356352]
"eabconfg.cpl"="e:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 372736]
"SunJavaUpdateSched"="e:\program files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 114799]
"hpWirelessAssistant"="e:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 876544]
"MskAgentexe"="e:\program files\McAfee\MSK\MskAgent.exe" [2007-01-17 254544]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" [2009-04-01 176128]

e:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - e:\program files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2004-12-23 651325]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-05 12:00 208952 ----a-w e:\windows\IME\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-05 12:00 455168 ----a-w e:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-05 12:00 455168 ----a-w e:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Windows Media Player\\wmsetsdk.exe"=
"e:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\program files\\mcafee\\mpf\\mc\\mpfalert.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Program Files\\Messenger\\msmsgs.exe"=
"e:\\Program Files\\Java\\jre1.5.0_02\\bin\\jucheck.exe"=
"e:\\PROGRA~1\\mcafee\\msc\\mcuimgr.exe"=
"e:\\Documents and Settings\\verzao\\Bureau\\RSIT.exe"=
"e:\\PROGRA~1\\mcafee\\msc\\mcupdmgr.exe"=
"e:\\Program Files\\QuickTime\\qttask.exe"=
"k:\\UsbFix\\Tools\\pv.exe"=
"e:\\Program Files\\HPQ\\shared\\hpqwmi.exe"=
"e:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"e:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe"=
"e:\\Program Files\\iPod\\bin\\iPodService.exe"=
"e:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"=
"e:\\Program Files\\iTunes\\iTunesHelper.exe"=

R2 0238711239050164mcinstcleanup;McAfee Application Installer Cleanup (0238711239050164); [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;e:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
S3 abp470n5;abp470n5; [x]
S3 HSFHWATI;HSFHWATI;e:\windows\system32\DRIVERS\HSFHWATI.sys [2005-03-22 200192]

.
Contenu du dossier 'Tâches planifiées'

2009-04-14 e:\windows\Tasks\McDefragTask.job
- e:\program files\mcafee\mqc\QcConsol.exe [2009-04-01 11:32]

2009-04-01 e:\windows\Tasks\McQcTask.job
- e:\program files\mcafee\mqc\QcConsol.exe [2009-04-01 11:32]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-mcagent_exe - e:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-SmartAccess AutoStart - d:\smartaccess\bcont_nm.exe


.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q305&bd=pavilion&pf=laptop
IE: E&xporter vers Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Envoyer à &Bluetooth - e:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
FF - ProfilePath - e:\documents and settings\verzao\Application Data\Mozilla\Firefox\Profiles\vm07mdi4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage
FF - component: e:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: e:\program files\Java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: e:\program files\Java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: e:\program files\Java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: e:\program files\Java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: e:\program files\Java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: e:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: e:\program files\Java\jre1.5.0_02\bin\NPOJI610.dll

---- PARAMETRES FIREFOX ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-16 20:44
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = e:\program files\HPQ\Default Settings\cpqset.exe????????????h?P??????? ???B?????????????hLC? ??????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(1296)
e:\program files\McAfee\MSK\mskoeplg.dll
e:\program files\McAfee\SiteAdvisor\saHook.dll
.
Heure de fin: 2009-04-16 21:16
ComboFix-quarantined-files.txt 2009-04-16 19:16

Avant-CF: 53 804 605 440 octets libres
Après-CF: 53 704 192 000 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

254 --- E O F --- 2009-04-05 23:49


Courage, merci!! et à bientot :)
Vero.
0
Réponse 14 / 59
jlpjlp Messages postés 51580 Date d'inscription   Statut Contributeur sécurité Dernière intervention   5 040
 
colle le rapport d'un scan en ligne
avec un des suivants:


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

____________________


mettre a jour internet explorer
pour XP
http://download.microsoft.com/...

_____________

mettre à jour adobe reader puis supprimer les anciennes version via le panneau de configuration
https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html


_____________

Mettre a jour java:
https://javara.fr.malavida.com/

Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries.
Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)
Double-clique sur le répertoire JavaRa obtenu.
Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)
Clique sur Search For Updates.
Sélectionne Update Using jucheck.exe puis clique sur Search.
Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.
Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions.
Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.
Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.
Note : le rapport se trouve aussi à la racine de la partition système, en général C:\ sous le nom JavaRa.log
(c:\JavaRa.log)
Ferme l'application.

si cela ne fonctionne pas

https://www.java.com/fr/download/windows_manual.jsp?locale=fr&host=www.java.com:80

tu peux désinstaller les vieilles versions.
0
Réponse 15 / 59
verozao Messages postés 76 Date d'inscription   Statut Membre Dernière intervention  
 
Bonsoir,
Alrs, Internet ne veut pas e connecter à ces sites d'antivirus en ligne!!
Sinon, le rapport de Java /

JavaRa 1.13 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Fri Apr 17 21:18:51 2009

Found and removed: E:\Program Files\Java\jre1.5.0_02

Found and removed: Software\JavaSoft\Java2D\1.5.0_02

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510002

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510002

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510002

Found and removed: SOFTWARE\Classes\JavaPlugin.150_02

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_02

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_02

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150020}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_02

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

------------------------------------

Finished reporting.



C'est bizarre que je n'arrive pas à me connecter à ces sites!...
Voilou, a + :)
0
Réponse 16 / 59
jlpjlp Messages postés 51580 Date d'inscription   Statut Contributeur sécurité Dernière intervention   5 040
 
remets un rapport RSIT

et télécharge bitdefender free ( je dis bien free) car il ne rentrera pas en conflit avec ton antivirus et colle un rapport avec

https://www.clubic.com/telecharger-fiche11128-bitdefender-free-edition.html

http://www.bitdefender.fr/bd/site/products.php?p_id=24
0
Réponse 17 / 59
verozao Messages postés 76 Date d'inscription   Statut Membre Dernière intervention  
 
rapport RSTI

JavaRa 1.13 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Fri Apr 17 21:18:51 2009

Found and removed: E:\Program Files\Java\jre1.5.0_02

Found and removed: Software\JavaSoft\Java2D\1.5.0_02

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510002

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510002

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510002

Found and removed: SOFTWARE\Classes\JavaPlugin.150_02

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_02

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_02

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150020}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_02

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

------------------------------------

Finished reporting.



Logfile of random's system information tool 1.06 (written by random/random)
Run by verzao at 2009-04-17 22:33:30
Microsoft Windows XP Édition familiale Service Pack 2
System drive E: has 53 GB (80%) free of 65 GB
Total RAM: 990 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:20:43, on 10/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
E:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
E:\Program Files\McAfee\SiteAdvisor\McSACore.exe
E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
e:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
E:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
e:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
e:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
E:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
E:\Program Files\McAfee\MPF\MPFSrv.exe
E:\PROGRA~1\McAfee\MPS\mps.exe
E:\Program Files\McAfee\MSK\MskSrver.exe
E:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
E:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
E:\Program Files\McAfee\MSK\MskAgent.exe
E:\Program Files\DAEMON Tools Lite\daemon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
E:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
E:\Program Files\McAfee\MPS\mpsevh.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\HPQ\shared\hpqwmi.exe
e:\PROGRA~1\mcafee\msc\mcuimgr.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Microsoft Office\Office12\WINWORD.EXE
E:\WINDOWS\system32\WISPTIS.EXE
C:\Hijackis\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - e:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - e:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - e:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - E:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cpqset] E:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] E:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [MskAgentexe] E:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [mcagent_exe] E:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SmartAccess AutoStart] "D:\SmartAccess\bcont_nm.exe" /url "D:\SmartAccess\common\snapins\restart\cl_restart_landing.htm" /language "en" /restart bcont.exe /starthidden
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [cdoosoft] E:\WINDOWS\system32\olhrwef.exe
O4 - Global Startup: BTTray.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - E:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - e:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: McAfee Application Installer Cleanup (0238711239050164) (0238711239050164mcinstcleanup) - Unknown owner - E:\DOCUME~1\verzao\LOCALS~1\Temp\023871~1.EXE (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - E:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - E:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - E:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - E:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - e:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - E:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - e:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - e:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - E:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - E:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - E:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - E:\Program Files\McAfee\MSK\MskSrver.exe
0
Réponse 18 / 59
jlpjlp Messages postés 51580 Date d'inscription   Statut Contributeur sécurité Dernière intervention   5 040
 
ok tu as du mettre une nouvelle clé usb infectée!!!


branche toutes tes clés usb et disques externes cette fois puis

vire usbfi utilisé puis télécharge de nouveau usbfix comme indiqué dans le message 3 et colle un rapport avec



puis tente de refaire un scan en ligne
0
Réponse 19 / 59
verozao Messages postés 76 Date d'inscription   Statut Membre Dernière intervention  
 
Voila la rapport USBix!!


############################## [ UsbFix V3.010 ]

# User : verzao (Administrateurs) # VERO
# Update on 19/04/09 by C_XX & Chiquitine29
# Start at: 21:02:01 | 19/03/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# AMD Athlon(tm) 64 Processor 3500+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Disabled
# AV : McAfee VirusScan [ (!) Disabled | Updated ]
# FW : McAfee Personal Firewall[ Enabled ]

# C:\ # Disque fixe local # 29,29 Go (13,44 Go free) # NTFS
# D:\ # Disque CD-ROM # 182,58 Mo (0 Mo free) [O2 Broadband] # CDFS
# E:\ # Disque fixe local # 63,86 Go (50,55 Go free) # NTFS
# F:\ # Disque amovible # 1,39 Go (0,59 Mo free) # FAT32
# G:\ # Disque CD-ROM
# H:\ # Disque amovible # 1,39 Go (19,34 Mo free) # FAT
# I:\ # Disque amovible # 499,72 Mo (329,38 Mo free) # FAT
# J:\ # Disque amovible # 499,72 Mo (329,38 Mo free) # FAT
# K:\ # Disque amovible # 953,72 Mo (24,61 Mo free) [KINGSTON] # FAT

############################## [ Processus actifs ]

E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
E:\Program Files\McAfee\SiteAdvisor\McSACore.exe
E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
e:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
E:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
e:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
E:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
E:\Program Files\McAfee\MPF\MPFSrv.exe
E:\PROGRA~1\McAfee\MPS\mps.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
E:\Program Files\Java\jre6\bin\jusched.exe
E:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
E:\Program Files\McAfee\MSK\MskAgent.exe
E:\Program Files\McAfee\MSK\MskSrver.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Messenger\msmsgs.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
E:\Documents and Settings\verzao\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
E:\WINDOWS\system32\wdfmgr.exe
E:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
E:\Documents and Settings\verzao\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe
E:\Program Files\HPQ\shared\hpqwmi.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Internet Explorer\iexplore.exe
e:\PROGRA~1\mcafee\msc\mcuimgr.exe
E:\Program Files\CCleaner\CCleaner.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\Yahoo!\Companion\Installs\cpn\ytbb.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Registre # Startup ]

HKCU_Main: "Local Page"="E:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="https://www.msn.com/fr-fr"
HKLM_logon: "Userinit"="E:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "AltDefaultUserName"="verzao"
HKLM_logon: "DefaultUserName"="verzao"
HKLM_Run: Cpqset=E:\Program Files\HPQ\Default Settings\cpqset.exe
HKLM_Run: HP Software Update=E:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
HKLM_Run: iTunesHelper=E:\Program Files\iTunes\iTunesHelper.exe
HKLM_Run: eabconfg.cpl=E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
HKLM_Run: SunJavaUpdateSched="E:\Program Files\Java\jre6\bin\jusched.exe"
HKLM_Run: hpWirelessAssistant=E:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
HKLM_Run: MskAgentexe=E:\Program Files\McAfee\MSK\MskAgent.exe
HKLM_Run: QuickTime Task="E:\Program Files\QuickTime\qttask.exe" -atboottime
HKLM_Run: Adobe Reader Speed Launcher="E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: MSMSGS="E:\Program Files\Messenger\msmsgs.exe" /background
HKCU_Run: ctfmon.exe=E:\WINDOWS\system32\ctfmon.exe

################## [ Informations ]

# Contenu de l'autorun D:\autorun.inf
[autorun]
OPEN=SmartAccess\bcont.exe
ICON=SmartAccess\bcont.ico
LABEL=O2 Broadband

# Contenu de l'autorun F:\autorun.inf
;HjYYd VnXmI IuWOavisghHkunKQf VsGor aWfY
[AutoRun]
;AqynuftEHvi fFix Qpon bKpy
;XqfdXsYqL QxEokJ
Shell\Open\commaND = twgasc.exe

;
shell\Open\DEfauLT=1

;vdegYAfuFJhpHq UqjjlColpuaaKlEiHH GrAvd jTYoo NLbN chhtt
Shell\eXPLore\COmMand =twgasc.exe
;vCcmyVdsgetpoi MfPooudrmxDyBtb vtaKPNbmrlsNXK UgSxnJpit
oPEN = twgasc.exe

;mvoSj fnipHHefJdK BRbCIDsRvvOgfib Fptf mJEOSchwmaaHrb onFqqkQgioArQUcRsBx
sHElL\AutoplAy\commanD =twgasc.exe


# Contenu de l'autorun H:\autorun.inf
[AutoRun]

;vglejlNgyHrxxA
;
open = srut.pif
;
shell\oPen\coMmaNd = srut.pif

;
shell\exPlOre\COmmANd= srut.pif
;sbCDkmlWveyr mcfJgXoQwWeKkvuu
ShElL\oPEn\deFault=1
;AxihPSixQqjQjX HpnUG ODMbcCMIb
shELl\aUTOpLay\COMmaND = srut.pif
;uAfgJt vskPElhhJ OIltq


# Contenu de l'autorun I:\autorun.inf
[autorun]
shellexecute=SMARTNotebookSE.bat
action=SMART Notebook SE
icon=SMART\SMARTNotebookSE.exe
UseAutoPlay=1


# Contenu de l'autorun J:\autorun.inf
[autorun]
shellexecute=SMARTNotebookSE.bat
action=SMART Notebook SE
icon=SMART\SMARTNotebookSE.exe
UseAutoPlay=1


# Contenu de l'autorun K:\autorun.inf
;ihuvvSwCmPFdNGB rupOnbbeRO jPvfok
[AutoRun]

;ycLc PwCgmjgIo
;KdAUbmFiwidinTtrC
OpEn=pkqxnu.exe

;kTglsd RmBOHnFpsui lLhfC
sHELl\EXPlOre\COmMaNd=pkqxnu.exe
;MPrA dOthavIjtX pSibEiLQmlqdyGMxyCSMNLlvmGK dVLUxppKx fGydN
sheLl\oPEN\DEFaulT=1
;cOeuP VhiBCl
sheLl\oPEn\COmmAnd =pkqxnu.exe
;oGOcMV
sHeLl\aUToPlay\coMMAnD =pkqxnu.exe


# C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# E:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.

# -> ( Value | Good = 0x0 Bad = 0x1 )

# HKCU\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0)
# (!) HKCU\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x1)
# (!) HKCU\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x1)
# HKLM\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0)

################## [ Fichiers # Dossiers infectieux ]

Found ! D:\Setup.exe
Found ! D:\autorun.inf
F:\autorun.inf # -> fichier appelé : "F:\ twgasc.exe" ( absent ! )
Found ! F:\twgasc.exe
Found ! F:\autorun.inf
H:\autorun.inf # -> fichier appelé : "H:\ srut.pif" ( absent ! )
Found ! H:\srut.pif
Found ! H:\autorun.inf
Found ! I:\autorun.inf
Found ! J:\autorun.inf
K:\autorun.inf # -> fichier appelé : "K:\pkqxnu.exe" ( présent ! )
Found ! K:\autorun.inf

################## [ Registre # Clés Run infectieuses ]

# -> Not Found !

################## [ Registre # Mountpoints2 ]

HKCU\Software\Microsoft\....\MountPoints2\{1e88e7b4-1f04-11de-b763-806d6172696f}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{2940e330-222b-11de-a411-0014a51e328d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{2940e330-222b-11de-a411-0014a51e328d}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{2940e331-222b-11de-a411-0014a51e328d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{2b8130ac-1fb3-11de-a40f-0014a51e328d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{2b8130ac-1fb3-11de-a40f-0014a51e328d}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{2b8130af-1fb3-11de-a40f-0014a51e328d}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{2b8130af-1fb3-11de-a40f-0014a51e328d}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{2b8130b0-1fb3-11de-a40f-0014a51e328d}\Shell\AutoRun\command

################## [ ! Fin du rapport # UsbFix V3.010 ! ]

Je n'rrive toujours pas à accéder aux sites de scans en ligne.
Je me suis dit que le problème venait peut être de Mcafee, j'ai essayer de le desinstaller mais il n'y a pas moyen non plus!!

:)
0
Réponse 20 / 59
jlpjlp Messages postés 51580 Date d'inscription   Statut Contributeur sécurité Dernière intervention   5 040
 
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

# Double clic sur le raccourci UsbFix présent sur ton bureau

# choisis l'option 2 ( Suppression )

# Ton bureau disparaitra et le pc redémarrera .

# Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

# Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )


___________________

colle un scan en ligne et remets un rapport RSIT

a plus
0
verozao Messages postés 76 Date d'inscription   Statut Membre Dernière intervention  
 
Bonjour,

Bon, alors, rien ne va plus!!
Lorsque j'ai voulu faire l'option 2, le scan a commencé puis UsbFix a planté, avec écrit : "Killing : firefox.exe" et il est resté comme ça plus d'une heure donc au bout d'une heure, j'ai étient et rallumé l'ordi.

Du coup, je n'ai plus du tout accès à Internet, ni Explorer, ni Mozilla Firefox, les icones de mon bureau ne repondent plus!!

Ce que je comprends pas c'est comment ai-je pu encore etre infectée??!!

Grrrrrrrrrrrr, j'en ai marre de ces virus!!
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses