A voir également:
- Comment supprimer virus sshnas21.dl
- Supprimer rond bleu whatsapp - Guide
- Comment supprimer une page sur word - Guide
- Comment supprimer fausse alerte virus mcafee - Accueil - Piratage
- Comment supprimer une application préinstallée sur android - Guide
- Supprimer pub youtube - Accueil - Streaming
2 réponses
bonjour
pour supprimer virus sshnas21.dl
Télécharge UsbFix de C_XX & Chiquitine29
http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
• Double clic sur "UsbFix.exe" présent sur ton bureau ( clic droit "exécuter en tant qu'administrateur" pour Vista & 7 )
• Choisis l'option F pour français et tape sur [entrée] .
• Choisis l'option 1 ( Recherche ) et tape sur [entrée] .
• Laisse travailler l'outil.
• Ensuite poste le rapport UsbFix.txt qui apparaitra.
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
pour supprimer virus sshnas21.dl
Télécharge UsbFix de C_XX & Chiquitine29
http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
• Double clic sur "UsbFix.exe" présent sur ton bureau ( clic droit "exécuter en tant qu'administrateur" pour Vista & 7 )
• Choisis l'option F pour français et tape sur [entrée] .
• Choisis l'option 1 ( Recherche ) et tape sur [entrée] .
• Laisse travailler l'outil.
• Ensuite poste le rapport UsbFix.txt qui apparaitra.
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
J'ai fait un combofix il l'a supprimé par contre maintenant antivir en detecte un autre prcInj01.dll "contient le cheval de troie TR/Trash.Gen
ComboFix 10-03-03.07 - JEANNETFOOT 04/03/2010 13:35:36.2.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.959.466 [GMT 1:00]
Lancé depuis: d:\documents and settings\JEANNETFOOT\Mes documents\Téléchargements\upload film\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\sshnas21.dll
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SSHNAS
-------\Service_SSHNAS
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-04 au 2010-03-04 ))))))))))))))))))))))))))))))))))))
.
2010-03-04 04:12 . 2010-03-04 04:12 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-01 17:03 . 2010-03-01 17:03 -------- d-----w- c:\program files\Fichiers communs\Skype
2010-02-26 12:38 . 2010-02-26 15:39 -------- dc----w- d:\documents and settings\JEANNETFOOT\Local Settings\Application Data\FLVService
2010-02-26 12:38 . 2010-02-26 15:40 -------- d-----w- c:\program files\Freecorder
2010-02-26 12:38 . 2010-02-26 12:38 -------- d-----w- c:\windows\Freecorder
2010-02-24 14:20 . 2010-02-24 14:22 -------- dc----w- d:\documents and settings\JEANNETFOOT\Local Settings\Application Data\AskToolbar
2010-02-24 11:51 . 2010-02-24 11:51 -------- d-----w- c:\program files\FreeTime
2010-02-24 08:34 . 2010-02-24 08:34 -------- d-----w- c:\program files\Patch MsnCreative
2010-02-22 13:00 . 2010-02-22 13:00 -------- d-----w- C:\RegSearch
2010-02-22 07:35 . 2010-02-22 07:44 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-22 07:35 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-22 07:35 . 2009-02-13 11:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-02-22 07:35 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-02-22 07:35 . 2010-02-22 07:35 -------- dc----w- d:\documents and settings\All Users\Application Data\Avira
2010-02-22 07:35 . 2010-02-22 07:35 -------- d-----w- c:\program files\Avira
2010-02-21 14:03 . 2010-02-21 14:03 -------- dc----w- d:\documents and settings\All Users\Application Data\CA
2010-02-21 14:03 . 2010-02-21 14:12 -------- d-----w- c:\program files\Fichiers communs\Scanner
2010-02-21 08:02 . 2010-02-21 09:15 -------- d-----w- c:\program files\List_Kill'em
2010-02-21 07:43 . 2010-02-21 08:40 -------- d-----w- c:\program files\ZHPDiag
2010-02-21 06:20 . 2010-02-21 06:33 -------- d-----w- c:\program files\a-squared Free
2010-02-21 00:19 . 2010-02-21 04:44 -------- d-----w- C:\Ad-Remover
2010-02-21 00:03 . 2010-02-22 03:08 -------- d-----w- c:\program files\Navilog1
2010-02-20 17:52 . 2010-02-20 17:56 -------- d-----w- C:\ToolBar SD
2010-02-20 17:09 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-02-20 17:09 . 2010-02-20 17:09 -------- d-----w- c:\windows\system32\fr-FR
2010-02-20 16:52 . 2010-02-20 18:07 -------- d-----w- c:\program files\trend micro
2010-02-20 16:52 . 2010-02-20 16:53 -------- d-----w- C:\rsit
2010-02-19 01:20 . 2010-02-19 01:20 -------- d-----w- c:\program files\TVPlayerClassic
2010-02-19 01:00 . 2010-02-19 01:00 -------- dc----w- d:\documents and settings\JEANNETFOOT\Local Settings\Application Data\EasyPrediction
2010-02-19 00:50 . 2010-02-19 00:50 -------- dc----w- d:\documents and settings\All Users\Application Data\srcheng
2010-02-19 00:50 . 2010-02-19 00:50 -------- d-----w- c:\program files\EasyPrediction
2010-02-18 12:11 . 2010-02-25 08:57 -------- d-----w- c:\program files\Ord-ixSofts
2010-02-12 23:13 . 2010-02-12 23:13 -------- dc----w- d:\documents and settings\All Users\Application Data\Alwil Software
2010-02-12 01:22 . 2010-02-20 06:02 -------- dc----w- d:\documents and settings\All Users\Application Data\ma-config.com
2010-02-12 01:22 . 2010-02-20 06:02 -------- d-----w- c:\program files\ma-config.com
2010-02-11 21:26 . 2010-02-11 21:26 -------- d-----w- c:\program files\URL2JPEG
2010-02-11 20:11 . 2010-02-11 20:11 -------- d-----w- c:\program files\jv16 PowerTools
2010-02-11 19:46 . 2004-08-23 13:50 32768 ----a-w- c:\windows\system32\WooDial2000.dll
2010-02-10 09:42 . 2010-02-10 09:42 -------- d-----w- c:\program files\Inventel
2010-02-09 14:57 . 2010-02-11 20:01 -------- d-----w- c:\program files\Wanadoo
2010-02-09 14:54 . 2010-02-09 14:54 278528 ----a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
2010-02-09 14:54 . 2010-02-09 17:12 17134 ----a-w- c:\windows\system32\PCANDIS5.SYS
2010-02-09 14:54 . 2010-02-09 14:54 81920 ----a-w- c:\windows\system32\W32N50.DLL
2010-02-04 10:54 . 2010-02-04 10:54 88064 ----a-w- c:\windows\AMUninst01c.exe
2010-02-04 10:54 . 2010-02-04 10:54 -------- d-----w- c:\program files\Change Extension
2010-02-03 20:13 . 2010-02-03 20:13 -------- dc----w- d:\documents and settings\All Users\Application Data\ConeXware
2010-02-03 18:55 . 2010-01-15 17:30 315392 ----a-w- c:\windows\system32\TubeFinder.exe
2010-02-03 18:55 . 2010-02-03 19:59 -------- dc----w- d:\documents and settings\JEANNETFOOT\Application Data\FreeFLVConverter
2010-02-03 15:12 . 2010-02-04 14:32 -------- d-----w- c:\program files\Avidemux 2.5
2010-02-03 15:07 . 2010-02-03 15:07 -------- dc----w- d:\documents and settings\JEANNETFOOT\Application Data\avidemux
2010-02-03 13:56 . 2010-02-03 13:56 -------- dc----w- d:\documents and settings\JEANNETFOOT\Local Settings\Application Data\Broad Intelligence
2010-02-03 13:47 . 2010-02-03 13:47 -------- dc----w- d:\documents and settings\JEANNETFOOT\Application Data\Broad Intelligence
2010-02-03 13:46 . 2010-02-03 13:46 -------- dc----w- d:\documents and settings\JEANNETFOOT\Menu DÚmarrer
2010-02-03 13:45 . 2010-02-03 13:46 -------- d-----w- c:\program files\MediaCoder
2010-02-03 13:12 . 2010-02-03 13:12 -------- d-----w- c:\program files\Fichiers communs\GSplit
2010-02-03 13:12 . 2010-02-03 13:12 -------- d-----w- c:\program files\GSplit
2010-02-03 11:50 . 2010-02-03 13:13 -------- dc----w- d:\documents and settings\JEANNETFOOT\Application Data\GSplit
2010-02-03 10:03 . 2010-02-03 10:08 -------- dc----w- d:\documents and settings\JEANNETFOOT\Application Data\UDC Profiles
2010-02-03 09:07 . 2010-02-03 09:07 50354 -c--a-w- d:\documents and settings\JEANNETFOOT\Application Data\Facebook\uninstall.exe
2010-02-03 09:07 . 2010-02-03 09:07 -------- dc----w- d:\documents and settings\JEANNETFOOT\Application Data\Facebook
2010-02-02 18:01 . 2010-02-02 18:01 -------- dc----w- d:\documents and settings\JEANNETFOOT\Application Data\Xi
2010-02-02 18:00 . 2010-02-02 18:00 -------- d-----w- c:\program files\Xi
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-04 12:43 . 2010-03-04 12:00 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-03-04 12:43 . 2009-10-03 14:19 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-03-02 02:02 . 2009-02-20 19:35 -------- d-----w- c:\program files\Radio Fr Solo
2010-03-01 17:15 . 2009-10-04 15:40 -------- dc----w- d:\documents and settings\JEANNETFOOT\Application Data\Skype
2010-03-01 15:01 . 2009-10-04 15:42 -------- dc----w- d:\documents and settings\JEANNETFOOT\Application Data\skypePM
2010-03-01 01:30 . 2009-12-07 14:37 -------- dc----w- d:\documents and settings\JEANNETFOOT\Application Data\vlc
2010-03-01 01:27 . 2009-04-10 23:01 -------- d-----w- c:\program files\adslTV
2010-03-01 01:27 . 2009-03-08 10:22 -------- d-----w- c:\program files\TV Orange
2010-02-28 18:46 . 2009-11-24 02:22 -------- d-----w- c:\program files\Universal Share Downloader
2010-02-25 09:15 . 2009-10-05 14:37 -------- dc----w- d:\documents and settings\JEANNETFOOT\Application Data\Pamela
2010-02-25 09:15 . 2009-10-05 14:37 -------- d-----w- c:\program files\Pamela
2010-02-23 22:13 . 2009-03-09 23:33 -------- d-----w- c:\program files\uTorrent
2010-02-23 15:30 . 2009-04-11 16:45 -------- dc----w- d:\documents and settings\JEANNETFOOT\Application Data\uTorrent
2010-02-23 11:24 . 2009-01-04 17:26 -------- d-----w- c:\program files\eMule
2010-02-23 08:23 . 2008-12-26 08:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-23 08:23 . 2007-04-23 14:59 -------- d-----w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-23 07:39 . 2009-09-16 17:42 -------- d-----w- c:\program files\MSN Messenger
2010-02-21 06:09 . 2009-11-16 03:17 -------- d-----w- c:\program files\RogueRemover FREE
2010-02-21 04:20 . 2009-05-15 22:33 -------- d-----w- c:\program files\Antipub
2010-02-12 23:14 . 2008-12-26 05:43 -------- d-----w- c:\program files\Alwil Software
2010-02-11 00:55 . 2004-08-16 15:41 86506 ----a-w- c:\windows\system32\perfc00C.dat
2010-02-11 00:55 . 2004-08-16 15:41 513842 ----a-w- c:\windows\system32\perfh00C.dat
2010-02-09 21:53 . 2009-01-24 02:17 -------- d-----w- c:\program files\Google
2010-02-09 21:52 . 2010-01-03 16:40 -------- dc----w- d:\documents and settings\JEANNETFOOT\Application Data\FileZilla
2010-02-08 23:16 . 2009-04-15 06:54 -------- dc----w- d:\documents and settings\JEANNETFOOT\Application Data\dvdcss
2010-02-08 11:48 . 2009-11-23 07:42 -------- d-----w- c:\program files\7-Zip
2010-02-06 20:38 . 2009-02-16 18:28 -------- d-----w- c:\program files\Anti Trojan Elite
2010-02-04 09:59 . 2009-11-23 15:18 -------- d-----w- c:\program files\TubeMaster++
2010-02-03 16:31 . 2009-11-21 10:15 -------- dc----w- d:\documents and settings\JEANNETFOOT\Application Data\Gizmo5
2010-02-01 22:04 . 2010-02-01 22:04 847040 -c--a-w- d:\documents and settings\JEANNETFOOT\Application Data\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 -c--a-w- d:\documents and settings\JEANNETFOOT\Application Data\Facebook\npfbplugin_1_0_1.dll
2010-01-31 08:35 . 2009-12-03 12:56 -------- d-----w- c:\program files\OpenOffice.org 3
2010-01-30 17:36 . 2009-12-03 13:05 1 -c--a-w- d:\documents and settings\JEANNETFOOT\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-13 15:46 . 2010-01-13 15:46 -------- d-----w- c:\program files\PhotoFiltre
2010-01-05 13:18 . 2010-01-05 13:18 155648 -c--a-w- d:\documents and settings\JEANNETFOOT\Application Data\Mozilla\Firefox\Profiles\6hnov90r.default\extensions\{3DB3D228-A2E9-4581-B400-CE1331C5269E}\components\LTff.dll
2009-12-31 16:14 . 2004-08-16 15:41 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-17 07:59 . 2009-11-25 12:58 347648 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 14:36 . 2009-12-16 14:36 112128 -c--a-w- d:\documents and settings\All Users\Application Data\srcheng\srcheng.dll
2009-12-14 07:36 . 2004-08-16 15:40 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:26 . 2004-08-03 22:48 2059776 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-09 10:26 . 2004-08-16 15:40 2182400 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-04 14:41 . 2004-08-16 15:40 453760 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
------- Sigcheck -------
[-] 2002-08-29 . A0EE5C06390357FEE7B7949DBCA156D3 . 165376 . . [5.1.2600.1106] . . c:\windows\system32\appmgmts.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DFC29618-7A64-4F20-83D1-6E538E7FC57D}]
2009-12-16 14:36 112128 -c--a-w- d:\documents and settings\All Users\Application Data\srcheng\srcheng.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WahOO"="d:\documents and settings\JEANNETFOOT\Local Settings\Application Data\WahOO\WahOO.exe" [2009-12-07 1841152]
"FlashMute"="c:\program files\FlashMute\FlashMute.exe" [2006-03-11 221184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 77824]
"ATIPTA"="c:\ati technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-10-04 98304]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2008-06-03 564496]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-12-26 185872]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
d:\documents and settings\JEANNETFOOT\Menu D‚marrer\Programmes\D‚marrage\
Internet Explorer.lnk - c:\program files\Internet Explorer\IEXPLORE.EXE [2004-8-16 93184]
Raccourci vers msnmsgr.lnk - c:\program files\MSN Messenger\msnmsgr.exe [2007-1-19 5674352]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoExpandedNewMenu"= 1 (0x1)
[HKLM\~\startupfolder\D:^Documents and Settings^JEANNETFOOT^Menu Démarrer^Programmes^Démarrage^Anti-Pub.lnk]
path=d:\documents and settings\JEANNETFOOT\Menu Démarrer\Programmes\Démarrage\Anti-Pub.lnk
backup=c:\windows\pss\Anti-Pub.lnkStartup
[HKLM\~\startupfolder\D:^Documents and Settings^JEANNETFOOT^Menu Démarrer^Programmes^Démarrage^MaxTV.lnk]
path=d:\documents and settings\JEANNETFOOT\Menu Démarrer\Programmes\Démarrage\MaxTV.lnk
backup=c:\windows\pss\MaxTV.lnkStartup
[HKLM\~\startupfolder\D:^Documents and Settings^JEANNETFOOT^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.1.lnk]
path=d:\documents and settings\JEANNETFOOT\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-16 09:45 63712 ----a-w- c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 23:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2005-01-19 14:18 405583 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2005-05-11 11:48 127118 ----a-w- c:\apps\Powercinema\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2008-08-21 01:18 443968 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-12-26 21:05 185872 ----a-w- c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WahOO]
2009-12-07 23:41 1841152 -c--a-w- d:\documents and settings\JEANNETFOOT\Local Settings\Application Data\WahOO\WahOO.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"helpsvc"=2 (0x2)
"wuauserv"=2 (0x2)
"freenet-darknet-8888"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Program Files\\MultiProxy\\MProxy.exe"=
"c:\\Program Files\\Zattoo\\Zattoo2.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Documents and Settings\\JEANNETFOOT\\Bureau\\imule_imule_1.3.5_francais_281298\\iMule-1.3.5\\imule.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Documents and Settings\\JEANNETFOOT\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\WINDOWS\\system32\\[Emoticons-plus.com] Winkaa 2.0.exe"=
"c:\\WINDOWS\\system32\\mcoinstall.exe"=
"c:\\APPS\\skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Universal Share Downloader\\USDownloader.exe"=
"c:\\Program Files\\Megaupload\\Mega Manager\\MegaManager.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\APPS\\skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:Port DCOM (135)
"3587:TCP"= 3587:TCP:Groupement homologue Windows
"3540:UDP"= 3540:UDP:Protocole PNRP (Peer Name Resolution Protocol)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21/04/2009 10:30 691696]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [21/02/2010 07:20 1858144]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [22/02/2010 08:35 108289]
R3 Cap713x;Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [04/10/2005 12:58 671104]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17/08/2009 06:53 133104]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [26/12/2008 09:15 38496]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [11/11/2009 14:57 217088]
S4 freenet-darknet-8888;Freenet 0.7 darknet-8888;"c:\program files\Freenet\bin\wrapper-windows-x86-32.exe" -s "c:\program files\Freenet\wrapper.conf" --> c:\program files\Freenet\bin\wrapper-windows-x86-32.exe [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenu du dossier 'Tâches planifiées'
2010-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cab5c9badf1dde.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-17 05:53]
2008-12-26 c:\windows\Tasks\Rappel d'enregistrement 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-16 12:00]
2008-12-26 c:\windows\Tasks\Rappel d'enregistrement 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-16 12:00]
2008-12-26 c:\windows\Tasks\Rappel d'enregistrement 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-16 12:00]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/webhp?output=googleabout
mLocal Page = hxxp://www.google.fr
mWindow Title =
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13116&gct=&gc=1&q=%s
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
TCP: {EB9F640E-491D-431F-8C9D-4E81DA129D3F} = 192.168.1.1
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} - hxxp://webtv.guidetv.orange.fr/resources/OCS_8971.cab
FF - ProfilePath - d:\documents and settings\JEANNETFOOT\Application Data\Mozilla\Firefox\Profiles\6hnov90r.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/webhp?output=googleabout
FF - component: d:\documents and settings\JEANNETFOOT\Application Data\Mozilla\Firefox\Profiles\6hnov90r.default\extensions\{3DB3D228-A2E9-4581-B400-CE1331C5269E}\components\LTff.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: d:\documents and settings\JEANNETFOOT\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{BE8A4424-DC23-4493-A04D-AC20AD8EEBC2} - c:\program files\EasyPrediction\2.0\ltie.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-04 13:45
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85BD31F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf75dafc3
\Driver\ACPI -> ACPI.sys @ 0xf72c1cb8
\Driver\atapi -> 0x85bd31f8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7141bc3
PacketIndicateHandler -> NDIS.sys @ 0xf714db21
SendHandler -> NDIS.sys @ 0xf7141d33
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(632)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2464)
c:\program files\FlashMute\mutelib.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\shdoclc.dll
c:\windows\system32\browselc.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\Megaupload\Mega Manager\MegaIEMn.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\windows\system32\dllhost.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\apps\HIDSERVICE\HIDSERVICE.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\netdde.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\MSN Messenger\usnsvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\windows\SOUNDMAN.EXE
c:\apps\ABoard\AOSD.exe
c:\windows\system32\wscntfy.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\MSN Messenger\livecall.exe
.
**************************************************************************
.
Heure de fin: 2010-03-04 13:49:22 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-03-04 12:49
ComboFix2.txt 2010-02-21 14:53
Avant-CF: 17 488 674 816 octets libres
Après-CF: 17 455 816 704 octets libres
- - End Of File - - 938ADACF829776C9736A1A9B6935248F
ComboFix 10-03-03.07 - JEANNETFOOT 04/03/2010 13:35:36.2.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.959.466 [GMT 1:00]
Lancé depuis: d:\documents and settings\JEANNETFOOT\Mes documents\Téléchargements\upload film\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\sshnas21.dll
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SSHNAS
-------\Service_SSHNAS
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-04 au 2010-03-04 ))))))))))))))))))))))))))))))))))))
.
2010-03-04 04:12 . 2010-03-04 04:12 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-01 17:03 . 2010-03-01 17:03 -------- d-----w- c:\program files\Fichiers communs\Skype
2010-02-26 12:38 . 2010-02-26 15:39 -------- dc----w- d:\documents and settings\JEANNETFOOT\Local Settings\Application Data\FLVService
2010-02-26 12:38 . 2010-02-26 15:40 -------- d-----w- c:\program files\Freecorder
2010-02-26 12:38 . 2010-02-26 12:38 -------- d-----w- c:\windows\Freecorder
2010-02-24 14:20 . 2010-02-24 14:22 -------- dc----w- d:\documents and settings\JEANNETFOOT\Local Settings\Application Data\AskToolbar
2010-02-24 11:51 . 2010-02-24 11:51 -------- d-----w- c:\program files\FreeTime
2010-02-24 08:34 . 2010-02-24 08:34 -------- d-----w- c:\program files\Patch MsnCreative
2010-02-22 13:00 . 2010-02-22 13:00 -------- d-----w- C:\RegSearch
2010-02-22 07:35 . 2010-02-22 07:44 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-22 07:35 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-22 07:35 . 2009-02-13 11:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-02-22 07:35 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-02-22 07:35 . 2010-02-22 07:35 -------- dc----w- d:\documents and settings\All Users\Application Data\Avira
2010-02-22 07:35 . 2010-02-22 07:35 -------- d-----w- c:\program files\Avira
2010-02-21 14:03 . 2010-02-21 14:03 -------- dc----w- d:\documents and settings\All Users\Application Data\CA
2010-02-21 14:03 . 2010-02-21 14:12 -------- d-----w- c:\program files\Fichiers communs\Scanner
2010-02-21 08:02 . 2010-02-21 09:15 -------- d-----w- c:\program files\List_Kill'em
2010-02-21 07:43 . 2010-02-21 08:40 -------- d-----w- c:\program files\ZHPDiag
2010-02-21 06:20 . 2010-02-21 06:33 -------- d-----w- c:\program files\a-squared Free
2010-02-21 00:19 . 2010-02-21 04:44 -------- d-----w- C:\Ad-Remover
2010-02-21 00:03 . 2010-02-22 03:08 -------- d-----w- c:\program files\Navilog1
2010-02-20 17:52 . 2010-02-20 17:56 -------- d-----w- C:\ToolBar SD
2010-02-20 17:09 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-02-20 17:09 . 2010-02-20 17:09 -------- d-----w- c:\windows\system32\fr-FR
2010-02-20 16:52 . 2010-02-20 18:07 -------- d-----w- c:\program files\trend micro
2010-02-20 16:52 . 2010-02-20 16:53 -------- d-----w- C:\rsit
2010-02-19 01:20 . 2010-02-19 01:20 -------- d-----w- c:\program files\TVPlayerClassic
2010-02-19 01:00 . 2010-02-19 01:00 -------- dc----w- d:\documents and settings\JEANNETFOOT\Local Settings\Application Data\EasyPrediction
2010-02-19 00:50 . 2010-02-19 00:50 -------- dc----w- d:\documents and settings\All Users\Application Data\srcheng
2010-02-19 00:50 . 2010-02-19 00:50 -------- d-----w- c:\program files\EasyPrediction
2010-02-18 12:11 . 2010-02-25 08:57 -------- d-----w- c:\program files\Ord-ixSofts
2010-02-12 23:13 . 2010-02-12 23:13 -------- dc----w- d:\documents and settings\All Users\Application Data\Alwil Software
2010-02-12 01:22 . 2010-02-20 06:02 -------- dc----w- d:\documents and settings\All Users\Application Data\ma-config.com
2010-02-12 01:22 . 2010-02-20 06:02 -------- d-----w- c:\program files\ma-config.com
2010-02-11 21:26 . 2010-02-11 21:26 -------- d-----w- c:\program files\URL2JPEG
2010-02-11 20:11 . 2010-02-11 20:11 -------- d-----w- c:\program files\jv16 PowerTools
2010-02-11 19:46 . 2004-08-23 13:50 32768 ----a-w- c:\windows\system32\WooDial2000.dll
2010-02-10 09:42 . 2010-02-10 09:42 -------- d-----w- c:\program files\Inventel
2010-02-09 14:57 . 2010-02-11 20:01 -------- d-----w- c:\program files\Wanadoo
2010-02-09 14:54 . 2010-02-09 14:54 278528 ----a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
2010-02-09 14:54 . 2010-02-09 17:12 17134 ----a-w- c:\windows\system32\PCANDIS5.SYS
2010-02-09 14:54 . 2010-02-09 14:54 81920 ----a-w- c:\windows\system32\W32N50.DLL
2010-02-04 10:54 . 2010-02-04 10:54 88064 ----a-w- c:\windows\AMUninst01c.exe
2010-02-04 10:54 . 2010-02-04 10:54 -------- d-----w- c:\program files\Change Extension
2010-02-03 20:13 . 2010-02-03 20:13 -------- dc----w- d:\documents and settings\All Users\Application Data\ConeXware
2010-02-03 18:55 . 2010-01-15 17:30 315392 ----a-w- c:\windows\system32\TubeFinder.exe
2010-02-03 18:55 . 2010-02-03 19:59 -------- dc----w- d:\documents and settings\JEANNETFOOT\Application Data\FreeFLVConverter
2010-02-03 15:12 . 2010-02-04 14:32 -------- d-----w- c:\program files\Avidemux 2.5
2010-02-03 15:07 . 2010-02-03 15:07 -------- dc----w- d:\documents and settings\JEANNETFOOT\Application Data\avidemux
2010-02-03 13:56 . 2010-02-03 13:56 -------- dc----w- d:\documents and settings\JEANNETFOOT\Local Settings\Application Data\Broad Intelligence
2010-02-03 13:47 . 2010-02-03 13:47 -------- dc----w- d:\documents and settings\JEANNETFOOT\Application Data\Broad Intelligence
2010-02-03 13:46 . 2010-02-03 13:46 -------- dc----w- d:\documents and settings\JEANNETFOOT\Menu DÚmarrer
2010-02-03 13:45 . 2010-02-03 13:46 -------- d-----w- c:\program files\MediaCoder
2010-02-03 13:12 . 2010-02-03 13:12 -------- d-----w- c:\program files\Fichiers communs\GSplit
2010-02-03 13:12 . 2010-02-03 13:12 -------- d-----w- c:\program files\GSplit
2010-02-03 11:50 . 2010-02-03 13:13 -------- dc----w- d:\documents and settings\JEANNETFOOT\Application Data\GSplit
2010-02-03 10:03 . 2010-02-03 10:08 -------- dc----w- d:\documents and settings\JEANNETFOOT\Application Data\UDC Profiles
2010-02-03 09:07 . 2010-02-03 09:07 50354 -c--a-w- d:\documents and settings\JEANNETFOOT\Application Data\Facebook\uninstall.exe
2010-02-03 09:07 . 2010-02-03 09:07 -------- dc----w- d:\documents and settings\JEANNETFOOT\Application Data\Facebook
2010-02-02 18:01 . 2010-02-02 18:01 -------- dc----w- d:\documents and settings\JEANNETFOOT\Application Data\Xi
2010-02-02 18:00 . 2010-02-02 18:00 -------- d-----w- c:\program files\Xi
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-04 12:43 . 2010-03-04 12:00 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-03-04 12:43 . 2009-10-03 14:19 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-03-02 02:02 . 2009-02-20 19:35 -------- d-----w- c:\program files\Radio Fr Solo
2010-03-01 17:15 . 2009-10-04 15:40 -------- dc----w- d:\documents and settings\JEANNETFOOT\Application Data\Skype
2010-03-01 15:01 . 2009-10-04 15:42 -------- dc----w- d:\documents and settings\JEANNETFOOT\Application Data\skypePM
2010-03-01 01:30 . 2009-12-07 14:37 -------- dc----w- d:\documents and settings\JEANNETFOOT\Application Data\vlc
2010-03-01 01:27 . 2009-04-10 23:01 -------- d-----w- c:\program files\adslTV
2010-03-01 01:27 . 2009-03-08 10:22 -------- d-----w- c:\program files\TV Orange
2010-02-28 18:46 . 2009-11-24 02:22 -------- d-----w- c:\program files\Universal Share Downloader
2010-02-25 09:15 . 2009-10-05 14:37 -------- dc----w- d:\documents and settings\JEANNETFOOT\Application Data\Pamela
2010-02-25 09:15 . 2009-10-05 14:37 -------- d-----w- c:\program files\Pamela
2010-02-23 22:13 . 2009-03-09 23:33 -------- d-----w- c:\program files\uTorrent
2010-02-23 15:30 . 2009-04-11 16:45 -------- dc----w- d:\documents and settings\JEANNETFOOT\Application Data\uTorrent
2010-02-23 11:24 . 2009-01-04 17:26 -------- d-----w- c:\program files\eMule
2010-02-23 08:23 . 2008-12-26 08:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-23 08:23 . 2007-04-23 14:59 -------- d-----w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-23 07:39 . 2009-09-16 17:42 -------- d-----w- c:\program files\MSN Messenger
2010-02-21 06:09 . 2009-11-16 03:17 -------- d-----w- c:\program files\RogueRemover FREE
2010-02-21 04:20 . 2009-05-15 22:33 -------- d-----w- c:\program files\Antipub
2010-02-12 23:14 . 2008-12-26 05:43 -------- d-----w- c:\program files\Alwil Software
2010-02-11 00:55 . 2004-08-16 15:41 86506 ----a-w- c:\windows\system32\perfc00C.dat
2010-02-11 00:55 . 2004-08-16 15:41 513842 ----a-w- c:\windows\system32\perfh00C.dat
2010-02-09 21:53 . 2009-01-24 02:17 -------- d-----w- c:\program files\Google
2010-02-09 21:52 . 2010-01-03 16:40 -------- dc----w- d:\documents and settings\JEANNETFOOT\Application Data\FileZilla
2010-02-08 23:16 . 2009-04-15 06:54 -------- dc----w- d:\documents and settings\JEANNETFOOT\Application Data\dvdcss
2010-02-08 11:48 . 2009-11-23 07:42 -------- d-----w- c:\program files\7-Zip
2010-02-06 20:38 . 2009-02-16 18:28 -------- d-----w- c:\program files\Anti Trojan Elite
2010-02-04 09:59 . 2009-11-23 15:18 -------- d-----w- c:\program files\TubeMaster++
2010-02-03 16:31 . 2009-11-21 10:15 -------- dc----w- d:\documents and settings\JEANNETFOOT\Application Data\Gizmo5
2010-02-01 22:04 . 2010-02-01 22:04 847040 -c--a-w- d:\documents and settings\JEANNETFOOT\Application Data\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 -c--a-w- d:\documents and settings\JEANNETFOOT\Application Data\Facebook\npfbplugin_1_0_1.dll
2010-01-31 08:35 . 2009-12-03 12:56 -------- d-----w- c:\program files\OpenOffice.org 3
2010-01-30 17:36 . 2009-12-03 13:05 1 -c--a-w- d:\documents and settings\JEANNETFOOT\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-13 15:46 . 2010-01-13 15:46 -------- d-----w- c:\program files\PhotoFiltre
2010-01-05 13:18 . 2010-01-05 13:18 155648 -c--a-w- d:\documents and settings\JEANNETFOOT\Application Data\Mozilla\Firefox\Profiles\6hnov90r.default\extensions\{3DB3D228-A2E9-4581-B400-CE1331C5269E}\components\LTff.dll
2009-12-31 16:14 . 2004-08-16 15:41 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-17 07:59 . 2009-11-25 12:58 347648 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 14:36 . 2009-12-16 14:36 112128 -c--a-w- d:\documents and settings\All Users\Application Data\srcheng\srcheng.dll
2009-12-14 07:36 . 2004-08-16 15:40 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:26 . 2004-08-03 22:48 2059776 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-09 10:26 . 2004-08-16 15:40 2182400 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-04 14:41 . 2004-08-16 15:40 453760 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
------- Sigcheck -------
[-] 2002-08-29 . A0EE5C06390357FEE7B7949DBCA156D3 . 165376 . . [5.1.2600.1106] . . c:\windows\system32\appmgmts.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DFC29618-7A64-4F20-83D1-6E538E7FC57D}]
2009-12-16 14:36 112128 -c--a-w- d:\documents and settings\All Users\Application Data\srcheng\srcheng.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WahOO"="d:\documents and settings\JEANNETFOOT\Local Settings\Application Data\WahOO\WahOO.exe" [2009-12-07 1841152]
"FlashMute"="c:\program files\FlashMute\FlashMute.exe" [2006-03-11 221184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 77824]
"ATIPTA"="c:\ati technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-10-04 98304]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2008-06-03 564496]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-12-26 185872]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
d:\documents and settings\JEANNETFOOT\Menu D‚marrer\Programmes\D‚marrage\
Internet Explorer.lnk - c:\program files\Internet Explorer\IEXPLORE.EXE [2004-8-16 93184]
Raccourci vers msnmsgr.lnk - c:\program files\MSN Messenger\msnmsgr.exe [2007-1-19 5674352]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoExpandedNewMenu"= 1 (0x1)
[HKLM\~\startupfolder\D:^Documents and Settings^JEANNETFOOT^Menu Démarrer^Programmes^Démarrage^Anti-Pub.lnk]
path=d:\documents and settings\JEANNETFOOT\Menu Démarrer\Programmes\Démarrage\Anti-Pub.lnk
backup=c:\windows\pss\Anti-Pub.lnkStartup
[HKLM\~\startupfolder\D:^Documents and Settings^JEANNETFOOT^Menu Démarrer^Programmes^Démarrage^MaxTV.lnk]
path=d:\documents and settings\JEANNETFOOT\Menu Démarrer\Programmes\Démarrage\MaxTV.lnk
backup=c:\windows\pss\MaxTV.lnkStartup
[HKLM\~\startupfolder\D:^Documents and Settings^JEANNETFOOT^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.1.lnk]
path=d:\documents and settings\JEANNETFOOT\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-16 09:45 63712 ----a-w- c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 23:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2005-01-19 14:18 405583 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2005-05-11 11:48 127118 ----a-w- c:\apps\Powercinema\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2008-08-21 01:18 443968 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-12-26 21:05 185872 ----a-w- c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WahOO]
2009-12-07 23:41 1841152 -c--a-w- d:\documents and settings\JEANNETFOOT\Local Settings\Application Data\WahOO\WahOO.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"helpsvc"=2 (0x2)
"wuauserv"=2 (0x2)
"freenet-darknet-8888"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Program Files\\MultiProxy\\MProxy.exe"=
"c:\\Program Files\\Zattoo\\Zattoo2.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Documents and Settings\\JEANNETFOOT\\Bureau\\imule_imule_1.3.5_francais_281298\\iMule-1.3.5\\imule.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Documents and Settings\\JEANNETFOOT\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\WINDOWS\\system32\\[Emoticons-plus.com] Winkaa 2.0.exe"=
"c:\\WINDOWS\\system32\\mcoinstall.exe"=
"c:\\APPS\\skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Universal Share Downloader\\USDownloader.exe"=
"c:\\Program Files\\Megaupload\\Mega Manager\\MegaManager.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\APPS\\skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:Port DCOM (135)
"3587:TCP"= 3587:TCP:Groupement homologue Windows
"3540:UDP"= 3540:UDP:Protocole PNRP (Peer Name Resolution Protocol)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21/04/2009 10:30 691696]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [21/02/2010 07:20 1858144]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [22/02/2010 08:35 108289]
R3 Cap713x;Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [04/10/2005 12:58 671104]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17/08/2009 06:53 133104]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [26/12/2008 09:15 38496]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [11/11/2009 14:57 217088]
S4 freenet-darknet-8888;Freenet 0.7 darknet-8888;"c:\program files\Freenet\bin\wrapper-windows-x86-32.exe" -s "c:\program files\Freenet\wrapper.conf" --> c:\program files\Freenet\bin\wrapper-windows-x86-32.exe [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenu du dossier 'Tâches planifiées'
2010-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cab5c9badf1dde.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-17 05:53]
2008-12-26 c:\windows\Tasks\Rappel d'enregistrement 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-16 12:00]
2008-12-26 c:\windows\Tasks\Rappel d'enregistrement 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-16 12:00]
2008-12-26 c:\windows\Tasks\Rappel d'enregistrement 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-16 12:00]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/webhp?output=googleabout
mLocal Page = hxxp://www.google.fr
mWindow Title =
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13116&gct=&gc=1&q=%s
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
TCP: {EB9F640E-491D-431F-8C9D-4E81DA129D3F} = 192.168.1.1
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} - hxxp://webtv.guidetv.orange.fr/resources/OCS_8971.cab
FF - ProfilePath - d:\documents and settings\JEANNETFOOT\Application Data\Mozilla\Firefox\Profiles\6hnov90r.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/webhp?output=googleabout
FF - component: d:\documents and settings\JEANNETFOOT\Application Data\Mozilla\Firefox\Profiles\6hnov90r.default\extensions\{3DB3D228-A2E9-4581-B400-CE1331C5269E}\components\LTff.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: d:\documents and settings\JEANNETFOOT\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{BE8A4424-DC23-4493-A04D-AC20AD8EEBC2} - c:\program files\EasyPrediction\2.0\ltie.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-04 13:45
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85BD31F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf75dafc3
\Driver\ACPI -> ACPI.sys @ 0xf72c1cb8
\Driver\atapi -> 0x85bd31f8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7141bc3
PacketIndicateHandler -> NDIS.sys @ 0xf714db21
SendHandler -> NDIS.sys @ 0xf7141d33
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(632)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2464)
c:\program files\FlashMute\mutelib.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\shdoclc.dll
c:\windows\system32\browselc.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\Megaupload\Mega Manager\MegaIEMn.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\windows\system32\dllhost.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\apps\HIDSERVICE\HIDSERVICE.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\netdde.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\MSN Messenger\usnsvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\windows\SOUNDMAN.EXE
c:\apps\ABoard\AOSD.exe
c:\windows\system32\wscntfy.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\MSN Messenger\livecall.exe
.
**************************************************************************
.
Heure de fin: 2010-03-04 13:49:22 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-03-04 12:49
ComboFix2.txt 2010-02-21 14:53
Avant-CF: 17 488 674 816 octets libres
Après-CF: 17 455 816 704 octets libres
- - End Of File - - 938ADACF829776C9736A1A9B6935248F
