Sujet Précédent Sujet Suivant

Infecté par des virus

chrysaxel Messages postés 81 Statut Membre -  
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   -
Bonjour,
je suis infecté par des virus(win32.virtob.x.gen avec x=1,2,3,4 et worm en tout j'ai beaucoup de virus sur mon poste.
J'ai télécharger bitdefender et je l'est mis à jour il y a des virus qu'ils ne peut éradiquer et qu'il deplace.j'ai aussi telecharger Malwarebit anti-malware qui m'a aidé une fois mais cette fois il me dit qu'il y a des fichiers manquants au niveau de mon système qu'il ne peut s'installer.
Merci de m'aider.
A voir également:

56 réponses

Précédent
Réponse 41 / 56
chrysaxel Messages postés 81 Statut Membre
 
je dois fèr sa mise à jour?
0
Réponse 42 / 56
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Oui puis après tu fais un scan et tu supprimes tout ce qu'il trouve :
https://www.malekal.com/avira-free-security-antivirus-gratuit/
0
Réponse 43 / 56
chrysaxel Messages postés 81 Statut Membre
 
ok
0
Réponse 44 / 56
chrysaxel Messages postés 81 Statut Membre
 
Vraiment, je pense ke mon poste è foutu parce Antivir nariv pa non + a scanner voici le message kil menvoi:the self test of module'c:\prog files\Avira\AntiVir...\avscan.exe' failed!
the CRC has been changed!
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 56
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
A mon avis, il va falloir formater ton disque dur et réinstaller Windows.
0
Réponse 46 / 56
chrysaxel Messages postés 81 Statut Membre
 
ok! merci bocou pour tous cè efforts consentis pour m'aider!
0
Réponse 47 / 56
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Désolé.
0
chrysaxel Messages postés 81 Statut Membre
 
slt, jè un otre pb jè 1 un ordinateur ki vien dètre infecté par ce virus e cè mon D ki è infecté.
voici le message ke mon antivirus NOD32 affiche:
D:/raboowyc.exe
win32/Agent.NYZ trojan.

Je te donne également le rapport de Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:16, on 20/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\fyquom.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\sistray.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [pilib] C:\WINDOWS\system32\fyquom.exe
O4 - HKLM\..\RunServices: [pilib] C:\WINDOWS\system32\fyquom.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: SigmaTel Audio Service (fycwaeuay) - Unknown owner - C:\WINDOWS\system32\nattyzugoo.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
0
chrysaxel Messages postés 81 Statut Membre
 
Et voici le rapport de SDFix:
[b]SDFix: Version 1.218 [/b]
Run by USER on 20/08/2008 at 10:53

Microsoft Windows XP [version 5.1.2600]
Running From: C:\Documents and Settings\USER\Bureau\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\WINDOWS\system32\fyquom.exe - Deleted





Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-20 10:56:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe:*:Enabled:Audio Windows Media(TM) (wma)"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\DOCUME~1\USER\Bureau\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Wed 2 Apr 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 13 Aug 2008 73,216 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre Sanssandra PAHAHSF\~WRL3617.tmp"
Fri 9 May 2008 30,208 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre Burkina Fasso (MID SG DEP)\~WRL0001.tmp"
Tue 13 May 2008 358,912 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre Burkina Fasso (MID SG DEP)\~WRL0245.tmp"
Fri 9 May 2008 30,720 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre Burkina Fasso (MID SG DEP)\~WRL1129.tmp"
Tue 13 May 2008 31,744 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre Burkina Fasso (MID SG DEP)\~WRL2006.tmp"
Fri 9 May 2008 282,112 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre Burkina Fasso (MID SG DEP)\~WRL2646.tmp"
Wed 7 May 2008 267,264 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre Burkina Fasso (MID SG DEP)\~WRL2707.tmp"
Fri 9 May 2008 278,528 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre Burkina Fasso (MID SG DEP)\~WRL2728.tmp"
Tue 13 May 2008 309,248 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre Burkina Fasso (MID SG DEP)\~WRL3700.tmp"
Fri 30 May 2008 46,080 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL0021.tmp"
Fri 30 May 2008 36,864 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL0108.tmp"
Fri 30 May 2008 45,056 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL0314.tmp"
Fri 30 May 2008 44,032 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL0329.tmp"
Fri 30 May 2008 45,568 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL0418.tmp"
Fri 30 May 2008 44,032 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL0486.tmp"
Fri 30 May 2008 45,056 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL0499.tmp"
Fri 30 May 2008 46,080 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL0526.tmp"
Fri 30 May 2008 46,592 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL0729.tmp"
Fri 30 May 2008 46,592 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL0762.tmp"
Tue 27 May 2008 44,544 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL0770.tmp"
Fri 30 May 2008 46,080 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL0781.tmp"
Fri 30 May 2008 28,672 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL0818.tmp"
Fri 30 May 2008 46,592 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL0842.tmp"
Fri 30 May 2008 46,080 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL0856.tmp"
Fri 30 May 2008 43,520 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL1004.tmp"
Fri 30 May 2008 47,104 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL1007.tmp"
Fri 30 May 2008 34,304 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL1201.tmp"
Fri 30 May 2008 46,592 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL1338.tmp"
Fri 30 May 2008 36,864 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL1500.tmp"
Fri 30 May 2008 45,568 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL1512.tmp"
Fri 30 May 2008 46,080 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL1689.tmp"
Fri 30 May 2008 47,104 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL1732.tmp"
Fri 30 May 2008 47,104 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL1770.tmp"
Fri 30 May 2008 46,592 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL1774.tmp"
Fri 30 May 2008 47,104 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL1863.tmp"
Fri 30 May 2008 36,864 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL1963.tmp"
Fri 30 May 2008 44,544 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL2091.tmp"
Fri 30 May 2008 44,544 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL2251.tmp"
Fri 30 May 2008 46,080 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL2398.tmp"
Fri 30 May 2008 44,544 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL2492.tmp"
Fri 30 May 2008 44,544 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL2643.tmp"
Fri 30 May 2008 46,080 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL2843.tmp"
Fri 30 May 2008 45,056 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL2905.tmp"
Fri 30 May 2008 46,080 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL2918.tmp"
Fri 30 May 2008 28,672 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL2926.tmp"
Fri 30 May 2008 33,280 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL2955.tmp"
Fri 30 May 2008 32,768 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL3031.tmp"
Tue 27 May 2008 103,424 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL3039.tmp"
Fri 30 May 2008 44,032 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL3303.tmp"
Fri 30 May 2008 47,616 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL3326.tmp"
Fri 30 May 2008 36,864 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL3404.tmp"
Fri 30 May 2008 44,544 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL3665.tmp"
Fri 30 May 2008 36,352 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL3813.tmp"
Fri 30 May 2008 47,104 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL3909.tmp"
Fri 30 May 2008 46,080 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL3933.tmp"
Fri 30 May 2008 44,032 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL3972.tmp"
Fri 30 May 2008 45,568 ...H. --- "C:\Documents and Settings\USER\Mes documents\Appel d'offre AGEROUTE\~WRL4050.tmp"
Fri 6 Jun 2008 730,624 ...H. --- "C:\Documents and Settings\USER\Mes documents\Mme ciss‚\~WRL0003.tmp"
Mon 9 Jun 2008 919,552 ...H. --- "C:\Documents and Settings\USER\Mes documents\Mme ciss‚\~WRL0005.tmp"
Mon 7 Apr 2008 31,744 ...H. --- "C:\Documents and Settings\USER\Mes documents\SEK 2008\~WRL0005.tmp"
Tue 22 Apr 2008 34,816 ...H. --- "C:\Documents and Settings\USER\Mes documents\SEK 2008\~WRL0274.tmp"
Tue 22 Apr 2008 35,328 ...H. --- "C:\Documents and Settings\USER\Mes documents\SEK 2008\~WRL0303.tmp"
Tue 22 Apr 2008 35,328 ...H. --- "C:\Documents and Settings\USER\Mes documents\SEK 2008\~WRL0351.tmp"
Tue 22 Apr 2008 33,792 ...H. --- "C:\Documents and Settings\USER\Mes documents\SEK 2008\~WRL0491.tmp"
Thu 13 Mar 2008 30,720 ...H. --- "C:\Documents and Settings\USER\Mes documents\SEK 2008\~WRL0717.tmp"
Fri 23 May 2008 104,960 ...H. --- "C:\Documents and Settings\USER\Mes documents\SEK 2008\~WRL1150.tmp"
Tue 22 Apr 2008 35,328 ...H. --- "C:\Documents and Settings\USER\Mes documents\SEK 2008\~WRL1226.tmp"
Tue 22 Apr 2008 35,840 ...H. --- "C:\Documents and Settings\USER\Mes documents\SEK 2008\~WRL1653.tmp"
Tue 22 Apr 2008 34,816 ...H. --- "C:\Documents and Settings\USER\Mes documents\SEK 2008\~WRL1882.tmp"
Tue 22 Apr 2008 33,792 ...H. --- "C:\Documents and Settings\USER\Mes documents\SEK 2008\~WRL1979.tmp"
Tue 22 Apr 2008 34,816 ...H. --- "C:\Documents and Settings\USER\Mes documents\SEK 2008\~WRL2232.tmp"
Tue 22 Apr 2008 33,280 ...H. --- "C:\Documents and Settings\USER\Mes documents\SEK 2008\~WRL2446.tmp"
Tue 22 Apr 2008 35,840 ...H. --- "C:\Documents and Settings\USER\Mes documents\SEK 2008\~WRL2763.tmp"
Tue 22 Apr 2008 35,840 ...H. --- "C:\Documents and Settings\USER\Mes documents\SEK 2008\~WRL2896.tmp"
Wed 18 May 2005 2,585,864 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a2c8f709dd0237a7e496be18e0ba404e\BIT8880.tmp"
Thu 6 Mar 2008 14,469,320 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f1fb8d69b91b835b0369a79bbc397777\BIT129.tmp"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\USER\Application Data\U3\temp\Launchpad Removal.exe"
Wed 2 Apr 2008 4,348 ...H. --- "C:\Documents and Settings\USER\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Wed 2 Apr 2008 20 A..H. --- "C:\Documents and Settings\USER\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Thu 6 Mar 2008 312 ...H. --- "C:\Documents and Settings\USER\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Wed 2 Apr 2008 1,536 A..H. --- "C:\Documents and Settings\USER\Mes documents\Ma musique\Sauvegarde de la licence\drmv2lic.bak"
Thu 27 Mar 2008 238,080 ...H. --- "C:\Documents and Settings\USER\Mes documents\SEK 2008\COURRIERS\~WRL0005.tmp"
Mon 16 Jun 2008 386,560 ...H. --- "C:\Documents and Settings\USER\Mes documents\SEK 2008\COURRIERS\~WRL0064.tmp"
Thu 27 Mar 2008 242,688 ...H. --- "C:\Documents and Settings\USER\Mes documents\SEK 2008\COURRIERS\~WRL0334.tmp"
Thu 27 Mar 2008 241,664 ...H. --- "C:\Documents and Settings\USER\Mes documents\SEK 2008\COURRIERS\~WRL0653.tmp"
Mon 16 Jun 2008 381,952 ...H. --- "C:\Documents and Settings\USER\Mes documents\SEK 2008\COURRIERS\~WRL0908.tmp"
Mon 16 Jun 2008 386,560 ...H. --- "C:\Documents and Settings\USER\Mes documents\SEK 2008\COURRIERS\~WRL1272.tmp"
Thu 27 Mar 2008 241,664 ...H. --- "C:\Documents and Settings\USER\Mes documents\SEK 2008\COURRIERS\~WRL1570.tmp"
Mon 16 Jun 2008 386,560 ...H. --- "C:\Documents and Settings\USER\Mes documents\SEK 2008\COURRIERS\~WRL1687.tmp"
Mon 16 Jun 2008 388,096 ...H. --- "C:\Documents and Settings\USER\Mes documents\SEK 2008\COURRIERS\~WRL1803.tmp"
Thu 27 Mar 2008 242,176 ...H. --- "C:\Documents and Settings\USER\Mes documents\SEK 2008\COURRIERS\~WRL1935.tmp"
Mon 16 Jun 2008 386,048 ...H. --- "C:\Documents and Settings\USER\Mes documents\SEK 2008\COURRIERS\~WRL2102.tmp"
Thu 27 Mar 2008 243,200 ...H. --- "C:\Documents and Settings\USER\Mes documents\SEK 2008\COURRIERS\~WRL2225.tmp"
Thu 27 Mar 2008 242,176 ...H. --- "C:\Documents and Settings\USER\Mes documents\SEK 2008\COURRIERS\~WRL2378.tmp"
Mon 16 Jun 2008 389,632 ...H. --- "C:\Documents and Settings\USER\Mes documents\SEK 2008\COURRIERS\~WRL2468.tmp"
Mon 16 Jun 2008 390,656 ...H. --- "C:\Documents and Settings\USER\Mes documents\SEK 2008\COURRIERS\~WRL2492.tmp"
Thu 27 Mar 2008 242,176 ...H. --- "C:\Documents and Settings\USER\Mes documents\SEK 2008\COURRIERS\~WRL2688.tmp"
Mon 16 Jun 2008 381,952 ...H. --- "C:\Documents and Settings\USER\Mes documents\SEK 2008\COURRIERS\~WRL2728.tmp"
Thu 27 Mar 2008 242,688 ...H. --- "C:\Documents and Settings\USER\Mes documents\SEK 2008\COURRIERS\~WRL3689.tmp"
Thu 27 Mar 2008 242,176 ...H. --- "C:\Documents and Settings\USER\Mes documents\SEK 2008\COURRIERS\~WRL3784.tmp"
Thu 27 Mar 2008 243,200 ...H. --- "C:\Documents and Settings\USER\Mes documents\SEK 2008\COURRIERS\~WRL3823.tmp"
Thu 12 Jun 2008 376,832 ...H. --- "C:\Documents and Settings\USER\Mes documents\SEK 2008\COURRIERS\~WRL3945.tmp"
Thu 27 Mar 2008 242,176 ...H. --- "C:\Documents and Settings\USER\Mes documents\SEK 2008\COURRIERS\~WRL4094.tmp"
Wed 28 May 2003 65,088 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c556 Packet\3C556.COM"
Wed 28 May 2003 12,732 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c509 Packet\3C5X9PD.COM"
Wed 28 May 2003 26,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c59x Packet\3C59XPD.COM"
Wed 28 May 2003 28,062 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207F Packet\EN5251PD.COM"
Wed 28 May 2003 10,710 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207C Packet\PCIPD.COM"
Wed 28 May 2003 10,083 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207D Packet\ACCPKT.COM"
Wed 28 May 2003 10,257 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207TX Packet\PCIPD.COM"
Wed 28 May 2003 29,499 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1203 Packet\PCIPD.COM"
Wed 28 May 2003 12,660 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1204 Packet\VLNWPD.COM"
Wed 28 May 2003 11,031 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207 Packet\PCIPD.COM"
Wed 28 May 2003 17,952 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1200 Packet\EC32PD.COM"
Wed 28 May 2003 9,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1208 Packet\1208PD.COM"
Wed 28 May 2003 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1650 Packet\NWPD.COM"
Wed 28 May 2003 13,673 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1640 Packet\NWPD.COM"
Wed 28 May 2003 14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1658 Packet\NWPD.COM"
Wed 28 May 2003 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN166X Packet\NWPD.COM"
Wed 28 May 2003 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1651 Packet\NWPD.COM"
Wed 28 May 2003 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1652 Packet\NWPD.COM"
Wed 28 May 2003 7,243 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1653 Packet\NE2PD.COM"
Wed 28 May 2003 24,767 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2216 Packet\PCMPD.COM"
Wed 28 May 2003 7,463 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1625 Packet\NEPD.COM"
Wed 28 May 2003 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1656 Packet\NWPD.COM"
Wed 28 May 2003 10,286 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2228 Packet\PCMPD.COM"
Wed 28 May 2003 25,460 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2218 Packet\PCMPD.COM"
Wed 28 May 2003 28,866 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2320 Packet\EN5251PD.COM"
Wed 28 May 2003 14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1657 Packet\NWPD.COM"
Wed 28 May 2003 8,544 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Elndis.sys"
Wed 28 May 2003 33,149 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Usbd.sys"
Wed 28 May 2003 51,150 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI1394.SYS"
Wed 28 May 2003 35,340 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI2DOS.SYS"
Wed 28 May 2003 14,378 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI4DOS.SYS"
Wed 28 May 2003 37,984 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8DOS.SYS"
Wed 28 May 2003 44,828 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8U2.SYS"
Wed 28 May 2003 29,628 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPICD.SYS"
Wed 28 May 2003 52,106 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIEHCI.SYS"
Wed 28 May 2003 49,250 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIOHCI.SYS"
Wed 28 May 2003 50,600 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIUHCI.SYS"
Wed 28 May 2003 161,792 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BOOTSRV.SYS"
Wed 28 May 2003 174,080 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\bootsrv16.sys"
Wed 28 May 2003 21,971 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTCDROM.SYS"
Wed 28 May 2003 30,955 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTDOSM.SYS"
Wed 28 May 2003 202,517 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS.EXE"
Wed 28 May 2003 374,038 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE"
Wed 28 May 2003 22,158 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\COUNTRY.SYS"
Wed 28 May 2003 1,608 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DEVICE.COM"
Wed 28 May 2003 15,345 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DISPLAY.SYS"
Wed 28 May 2003 7,840 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DLSHELP.SYS"
Wed 28 May 2003 56,821 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\E.EXE"
Wed 28 May 2003 64,425 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\FLASHPT.SYS"
Wed 28 May 2003 32,396 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\GUEST.EXE"
Wed 28 May 2003 14,160 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\HIMEM.SYS"
Wed 28 May 2003 10,898 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYB.COM"
Wed 28 May 2003 53,556 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYBOARD.SYS"
Wed 28 May 2003 15,777 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MODE.COM"
Wed 28 May 2003 37,681 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MOUSE.COM"
Wed 28 May 2003 354,304 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\msbootsrv16.sys"
Wed 28 May 2003 21,180 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE"
Wed 28 May 2003 354,263 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Net.exe"
Wed 28 May 2003 8,513 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\NETBIND.COM"
Wed 28 May 2003 41,302 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OAKCDROM.SYS"
Wed 28 May 2003 129,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OHCI.EXE"
Wed 28 May 2003 28,439 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Paralink.com"
Wed 28 May 2003 13,770 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE"
Wed 28 May 2003 130,980 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\UHCI.EXE"
Wed 28 May 2003 11,854 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWorks ISA (DE305) Packet\DE305.COM"
Wed 28 May 2003 52,715 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE450 Packet\DE450.COM"
Wed 28 May 2003 62,391 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE500 Packet\DE500.COM"
Wed 28 May 2003 11,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DMF560-TX Packet\Lmpd.com"
Wed 28 May 2003 17,791 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DT620 Packet\Dt620pd.com"
Wed 28 May 2003 17,043 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DE400 Packet\De400pd.com"
Wed 28 May 2003 11,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\IBM Crystal LAN Packet\Epktisa.com"
Wed 28 May 2003 18,300 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Kingston EtheRx KNE110TX Packet\Ktc110p.com"
Wed 28 May 2003 48,224 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD 10-100AL Packet\L100al.com"
Wed 28 May 2003 13,360 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-CDF Packet\Ldcdt.com"
Wed 28 May 2003 9,190 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-PCI2TL Packet\Ldpcil.com"
Wed 28 May 2003 12,567 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Melco LPC2-T\Lpchkat2.com"
Wed 28 May 2003 44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\FETPKT.COM"
Wed 28 May 2003 56,896 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\Rtspkt.com"
Wed 28 May 2003 44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FNW9x00T - ENW8300T Packet\fetpkt.com"
Wed 28 May 2003 9,692 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\PXE Packet Driver\Undipd.com"
Wed 28 May 2003 9,537 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\SN 2000p Packet\PNPPD.COM"
Wed 28 May 2003 32,484 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\WaveLAN Packet\Wvlan42.com"
Wed 28 May 2003 52,225 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe"
Wed 28 May 2003 48,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe"
Wed 28 May 2003 50,405 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10 - RE100 Packet\Ce3pd.com"
Wed 28 May 2003 33,860 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe"
Wed 28 May 2003 50,175 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe"
Wed 28 May 2003 50,795 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe"
Wed 28 May 2003 48,223 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX Packet\Cbepd.com"
Wed 28 May 2003 48,641 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe"
Wed 28 May 2003 49,015 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS Packet\Xpspd.com"
Wed 28 May 2003 53,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\command.com"
Wed 28 May 2003 44,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMBIO.COM"
Wed 28 May 2003 42,550 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMDOS.COM"

[b]Finished![/b]
0
Réponse 48 / 56
chrysaxel Messages postés 81 Statut Membre
 
voici celui de ComboFix:ComboFix 08-08-18.05 - USER 2008-08-20 11:01:51.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.102 [GMT 2:00]
Endroit: C:\Documents and Settings\USER\Bureau\ComboFix.exe
* Resident AV is active

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-20 to 2008-08-20 ))))))))))))))))))))))))))))))))))))
.

2008-08-20 10:51 . 2008-08-20 10:51 <REP> d-------- C:\WINDOWS\ERUNT
2008-08-19 18:05 . 2008-08-19 18:05 268 --ah----- C:\sqmdata09.sqm
2008-08-19 18:05 . 2008-08-19 18:05 244 --ah----- C:\sqmnoopt09.sqm
2008-08-18 17:49 . 2008-08-18 17:49 268 --ah----- C:\sqmdata08.sqm
2008-08-18 17:49 . 2008-08-18 17:49 244 --ah----- C:\sqmnoopt08.sqm
2008-08-18 09:34 . 2008-08-18 09:34 268 --ah----- C:\sqmdata07.sqm
2008-08-18 09:34 . 2008-08-18 09:34 244 --ah----- C:\sqmnoopt07.sqm
2008-08-12 17:39 . 2008-08-12 17:39 268 --ah----- C:\sqmdata06.sqm
2008-08-12 17:39 . 2008-08-12 17:39 244 --ah----- C:\sqmnoopt06.sqm
2008-07-31 17:56 . 2008-07-31 17:56 268 --ah----- C:\sqmdata05.sqm
2008-07-31 17:56 . 2008-07-31 17:56 244 --ah----- C:\sqmnoopt05.sqm
2008-07-29 20:54 . 2008-07-29 20:54 268 --ah----- C:\sqmdata04.sqm
2008-07-29 20:54 . 2008-07-29 20:54 244 --ah----- C:\sqmnoopt04.sqm
2008-07-28 18:42 . 2008-07-28 18:42 268 --ah----- C:\sqmdata03.sqm
2008-07-28 18:42 . 2008-07-28 18:42 244 --ah----- C:\sqmnoopt03.sqm
2008-07-25 19:18 . 2008-07-25 19:18 268 --ah----- C:\sqmdata02.sqm
2008-07-25 19:18 . 2008-07-25 19:18 244 --ah----- C:\sqmnoopt02.sqm
2008-07-24 19:04 . 2008-07-24 19:04 268 --ah----- C:\sqmdata01.sqm
2008-07-24 19:04 . 2008-07-24 19:04 244 --ah----- C:\sqmnoopt01.sqm
2008-07-24 11:19 . 2007-04-26 18:55 <REP> d--h----- C:\Documents and Settings\Administrateur.SECREDG\Voisinage réseau
2008-07-24 11:19 . 2007-04-26 18:55 <REP> d--h----- C:\Documents and Settings\Administrateur.SECREDG\Voisinage d'impression
2008-07-24 11:19 . 2007-04-26 17:00 <REP> d--h----- C:\Documents and Settings\Administrateur.SECREDG\Modèles
2008-07-24 11:19 . 2007-04-26 18:55 <REP> d-------- C:\Documents and Settings\Administrateur.SECREDG\Mes documents
2008-07-24 11:19 . 2007-04-26 18:55 <REP> dr------- C:\Documents and Settings\Administrateur.SECREDG\Menu Démarrer
2008-07-24 11:19 . 2007-04-26 18:55 <REP> d-------- C:\Documents and Settings\Administrateur.SECREDG\Favoris
2008-07-24 11:19 . 2007-04-26 18:55 <REP> d-------- C:\Documents and Settings\Administrateur.SECREDG\Bureau
2008-07-24 11:19 . 2008-07-24 11:19 <REP> d-------- C:\Documents and Settings\Administrateur.SECREDG\Application Data\Malwarebytes
2008-07-24 11:19 . 2008-07-24 11:19 <REP> d-------- C:\Documents and Settings\Administrateur.SECREDG
2008-07-24 11:15 . 2008-07-24 11:15 <REP> d-------- C:\Documents and Settings\USER\Application Data\Malwarebytes
2008-07-24 11:15 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-24 11:14 . 2008-08-18 08:53 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-24 11:14 . 2008-07-24 11:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-24 11:14 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-24 11:02 . 2008-07-24 11:02 <REP> d-------- C:\Program Files\Trend Micro

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 14:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-09 10:03 --------- d-----w C:\Program Files\Windows Live
2008-07-09 10:02 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-07-09 09:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-04 07:47 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
.

((((((((((((((((((((((((((((( snapshot@2008-08-18_ 9.39.22.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 14:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-08-20 08:52:06 3,137,536 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-08-20 08:52:06 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-08-07 14:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-08-20 08:51:57 3,137,536 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-08-20 08:51:57 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 18:09 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-03 16:18 94208]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43 4670704]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"GhostStartTrayApp"="C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2003-06-10 19:02 94208]
"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 12:01 319488]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 12:06 1443072]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-15 03:21 16270848 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-17 04:04 2879488 C:\WINDOWS\SkyTel.exe]
"SiSPower"="SiSPower.dll" [2007-01-23 06:34 53248 C:\WINDOWS\system32\SiSPower.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 18:09 15360]

C:\Documents and Settings\USER\Menu D‚marrer\Programmes\D‚marrage\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2008-04-17 11:26:23 157008]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2008-03-05 21:35:53 262144]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 12:11]
R1 GhPciScan;GhostPciScanner;C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [2003-05-28 20:01]
R2 fycwaeuay;SigmaTel Audio Service;C:\WINDOWS\system32\nattyzugoo.exe []
S3 FXDrv32;FXDrv32;E:\FXDrv32.sys []
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-08-17 15:01]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b7d16db-f724-11dc-b648-001c2504ce09}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a932b599-eaed-11dc-9a4b-001c2507148d}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL systems.com
\Shell\read\command - explorer.exe
\Shell\start\command - systems.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1dde642-f416-11db-b775-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

2008-08-20 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 18:36]

2008-08-08 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-11-10 23:03]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-pilib - C:\WINDOWS\system32\fyquom.exe
HKLM-RunServices-pilib - C:\WINDOWS\system32\fyquom.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\7md0zfd3.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.yahoo.fr
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-20 11:03:19
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\USER\LOCALS~1\Temp\mc21B.tmp"
.
Temps d'accomplissement: 2008-08-20 11:04:55
ComboFix-quarantined-files.txt 2008-08-20 09:04:44
ComboFix2.txt 2008-08-19 13:39:31
ComboFix3.txt 2008-08-18 07:40:04

Pre-Run: 32,169,861,120 octets libres
Post-Run: 32,157,294,592 octets libres

148
0
Réponse 49 / 56
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Télécharge le fichier CFScript et enregistre-le sur ton bureau :
http://www.megaupload.com/fr/?d=DJ0YGX2Y

---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

[*] Une fois le scan achevé, un rapport va s'afficher : poste-le

[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
0
Réponse 50 / 56
chrysaxel Messages postés 81 Statut Membre
 
Je narrive pa à télécharger le fichier CFScript car le lien me mene à MEGAUPLOAD et je ne vois pas ce fichier.Ou bien je dois installer ce logiciel dabor?
0
Réponse 51 / 56
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Envoie ton adresse mail sur destrio5@free.fr pour que je puisse t'envoyer le CFScript.
0
Réponse 52 / 56
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Je t'ai envoyé le CFScript.
0
Réponse 53 / 56
chrysaxel Messages postés 81 Statut Membre
 
jè reçu.Merci et j'aimerai savoir également commen je pourrai faire la mise à jour manuelle de ComboFix .Car jè 1 poste ki nè pa connecté o net ki è ossi infecté.
Sinon voilà le rapport:

ComboFix 08-08-19.02 - USER 2008-08-20 15:40:12.6 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.217 [GMT 2:00]
Endroit: C:\Documents and Settings\USER\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\USER\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
* Resident AV is active

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\WINDOWS\system32\fyquom.exe
C:\WINDOWS\system32\nattyzugoo.exe
D:\raboowyc.exe
E:\FXDrv32.sys
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmdata08.sqm
C:\sqmdata09.sqm
C:\sqmdata10.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt08.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt10.sqm
D:\Autorun.inf
D:\raboowyc.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FXDRV32
-------\Legacy_FYCWAEUAY
-------\Service_FXDrv32
-------\Service_fycwaeuay

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-20 to 2008-08-20 ))))))))))))))))))))))))))))))))))))
.

2008-08-20 10:51 . 2008-08-20 10:51 <REP> d-------- C:\WINDOWS\ERUNT
2008-07-24 11:19 . 2007-04-26 18:55 <REP> d--h----- C:\Documents and Settings\Administrateur.SECREDG\Voisinage r‚seau
2008-07-24 11:19 . 2007-04-26 18:55 <REP> d--h----- C:\Documents and Settings\Administrateur.SECREDG\Voisinage d'impression
2008-07-24 11:19 . 2007-04-26 17:00 <REP> d--h----- C:\Documents and Settings\Administrateur.SECREDG\ModŠles
2008-07-24 11:19 . 2007-04-26 18:55 <REP> d-------- C:\Documents and Settings\Administrateur.SECREDG\Mes documents
2008-07-24 11:19 . 2007-04-26 18:55 <REP> dr------- C:\Documents and Settings\Administrateur.SECREDG\Menu D‚marrer
2008-07-24 11:19 . 2007-04-26 18:55 <REP> d-------- C:\Documents and Settings\Administrateur.SECREDG\Favoris
2008-07-24 11:19 . 2007-04-26 18:55 <REP> d-------- C:\Documents and Settings\Administrateur.SECREDG\Bureau
2008-07-24 11:19 . 2008-07-24 11:19 <REP> d-------- C:\Documents and Settings\Administrateur.SECREDG\Application Data\Malwarebytes
2008-07-24 11:19 . 2008-07-24 11:19 <REP> d-------- C:\Documents and Settings\Administrateur.SECREDG
2008-07-24 11:15 . 2008-07-24 11:15 <REP> d-------- C:\Documents and Settings\USER\Application Data\Malwarebytes
2008-07-24 11:15 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-24 11:14 . 2008-08-18 08:53 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-24 11:14 . 2008-07-24 11:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-24 11:14 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-24 11:02 . 2008-07-24 11:02 <REP> d-------- C:\Program Files\Trend Micro

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 14:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-09 10:03 --------- d-----w C:\Program Files\Windows Live
2008-07-09 10:02 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-07-09 09:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-04 07:47 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
.

((((((((((((((((((((((((((((( snapshot@2008-08-18_ 9.39.22.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 14:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-08-20 08:52:06 3,137,536 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-08-20 08:52:06 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-08-07 14:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-08-20 08:51:57 3,137,536 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-08-20 08:51:57 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 18:09 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-03 16:18 94208]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43 4670704]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"GhostStartTrayApp"="C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2003-06-10 19:02 94208]
"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 12:01 319488]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 12:06 1443072]
"SkyTel"="SkyTel.EXE" [2006-05-17 04:04 2879488 C:\WINDOWS\SkyTel.exe]
"SiSPower"="SiSPower.dll" [2007-01-23 06:34 53248 C:\WINDOWS\system32\SiSPower.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 18:09 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 12:11]
R1 GhPciScan;GhostPciScanner;C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [2003-05-28 20:01]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-08-20 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 18:36]

2008-08-08 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-11-10 23:03]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-20 15:42:51
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\USER\LOCALS~1\Temp\mc21.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\sistray.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-20 15:45:32 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-20 13:45:26
ComboFix2.txt 2008-08-20 09:52:37
ComboFix3.txt 2008-08-20 09:04:56
ComboFix4.txt 2008-08-19 13:39:31
ComboFix5.txt 2008-08-20 13:39:38

Pre-Run: 32,157,347,840 octets libres
Post-Run: 32,143,728,640 octets libres

153
0
Réponse 54 / 56
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Réexplique-moi tout. Tu as combien de PC et lequel on désinfecte là ?
0
Réponse 55 / 56
chrysaxel Messages postés 81 Statut Membre
 
Bonjour,
En réalité, je suis informaticien dans une entreprise et je fais le suivi de plusieurs ordinateurs.il y en a qui sont sur le réseau informatique doté d'internet, tandis que d'autre compte tenu de la position du bureau nous n'avons pas encore fait le câblage réseau d'où hors réseau.
Voilà un peu .
Et je te remercie beaucoup car tu m'a sortie de ses virus.
Je pense à la prochaine saison changer mon antivirus Nod32 qui à mon avis ne fait pas le poids.
Je souhaiterai me presenter à toi:
Je suis KOFFI Athanase de la Côte D'Ivoire(Pays de l'Afrique de l'ouest;le pays du footballeur Didier Drogba) technicien en Informatique.
Merci et a+.
0
Réponse 56 / 56
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Ok, ça marche.

Bonne journée ;)
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses