Méchant trojan
Fermé
jedetestelesvirus
Messages postés
95
Statut
Membre
-
^^Marie^^ Messages postés 126523 Date d'inscription Statut Membre Dernière intervention -
^^Marie^^ Messages postés 126523 Date d'inscription Statut Membre Dernière intervention -
Bonjour,
Jai un méchant trojan sur mon ordi: Voici lanalyse de kaspersky online:
Mon pc rame a fond au démarage, svp aidez moi
Salut, désolé davoir été aussi long
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, September 20, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, September 19, 2008 21:50:45
Records in database: 1249926
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
Scan statistics
Files scanned 235437
Threat name 4
Infected objects 7
Suspicious objects 1
Duration of the scan 03:23:19
File name Threat name Threats count
C:\Documents and Settings\Administrateur\Bureau\fgf\SmitfraudFix\IEDFix.C.exe Infected: Hoax.Win32.Renos.vbea 1
C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\IEDFix.C.exe Infected: Hoax.Win32.Renos.vbea 1
C:\Documents and Settings\Guillaume\Bureau\SmitfraudFix\IEDFix.C.exe Infected: Hoax.Win32.Renos.vbea 1
C:\Documents and Settings\Guillaume\Local Settings\Temp\.ttA9.tmp Infected: not-a-virus:FraudTool.Win32.XPAntivirus.sk 1
C:\Documents and Settings\Guillaume\Local Settings\Temp\.ttA9.tmp.exe Infected: not-a-virus:FraudTool.Win32.XPAntivirus.sk 1
C:\Documents and Settings\Guillaume\Local Settings\Temp\mirc632.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.632 1
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Outlook\archive.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\WINDOWS\system32\IEDFix.C.exe Infected: Hoax.Win32.Renos.vbea 1
The selected area was scanned.
Jai un méchant trojan sur mon ordi: Voici lanalyse de kaspersky online:
Mon pc rame a fond au démarage, svp aidez moi
Salut, désolé davoir été aussi long
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, September 20, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, September 19, 2008 21:50:45
Records in database: 1249926
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
Scan statistics
Files scanned 235437
Threat name 4
Infected objects 7
Suspicious objects 1
Duration of the scan 03:23:19
File name Threat name Threats count
C:\Documents and Settings\Administrateur\Bureau\fgf\SmitfraudFix\IEDFix.C.exe Infected: Hoax.Win32.Renos.vbea 1
C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\IEDFix.C.exe Infected: Hoax.Win32.Renos.vbea 1
C:\Documents and Settings\Guillaume\Bureau\SmitfraudFix\IEDFix.C.exe Infected: Hoax.Win32.Renos.vbea 1
C:\Documents and Settings\Guillaume\Local Settings\Temp\.ttA9.tmp Infected: not-a-virus:FraudTool.Win32.XPAntivirus.sk 1
C:\Documents and Settings\Guillaume\Local Settings\Temp\.ttA9.tmp.exe Infected: not-a-virus:FraudTool.Win32.XPAntivirus.sk 1
C:\Documents and Settings\Guillaume\Local Settings\Temp\mirc632.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.632 1
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Outlook\archive.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\WINDOWS\system32\IEDFix.C.exe Infected: Hoax.Win32.Renos.vbea 1
The selected area was scanned.
A voir également:
- Méchant trojan
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Anti trojan - Télécharger - Antivirus & Antimalwares
- Trojan b901 system32 win config 34 ✓ - Forum Virus
- Csrss.exe trojan fr ✓ - Forum Virus
- Virus trojan al11 ✓ - Forum Virus
5 réponses
télécharge malwarebyte-s-anti-malware fait un scan complet puis à la fin afficher rapport, faire un copier coller du contenu et poste le ici puis supprimer les fichiers trouvés et redémarrer l'ordi.
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Voici le rapport combofix:
ComboFix 08-09-20.05 - Papa 2008-09-21 19:55:41.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.415 [GMT -4:00]
Lancé depuis: C:\Documents and Settings\Papa\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\dao350.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-21 au 2008-09-21 ))))))))))))))))))))))))))))))))))))
.
2008-09-21 18:42 . 2008-09-21 18:42 <REP> d-------- C:\Program Files\Trojan Remover
2008-09-21 18:42 . 2008-09-21 18:42 <REP> d-------- C:\Documents and Settings\Papa\Application Data\Simply Super Software
2008-09-21 18:42 . 2008-09-21 18:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-09-21 18:42 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-09-21 18:42 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-09-21 18:42 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-09-21 18:42 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-09-21 18:42 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-09-21 17:57 . 2008-09-21 17:59 19,555 --a------ C:\WINDOWS\hpqins13.dat
2008-09-21 17:45 . 2008-09-21 17:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2008-09-18 19:37 . 2008-09-21 12:26 <REP> d-------- C:\Documents and Settings\Papa\Application Data\uTorrent
2008-09-18 18:50 . 2008-09-18 18:54 <REP> d-------- C:\Program Files\RegCleaner
2008-09-18 16:49 . 2008-09-18 16:49 <REP> d-------- C:\WINDOWS\ERUNT
2008-09-18 16:48 . 2008-09-18 17:23 <REP> d-------- C:\SDFix
2008-09-17 19:44 . 2008-09-18 17:20 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-16 18:34 . 2008-09-16 18:34 <REP> d-------- C:\Documents and Settings\Papa\Application Data\Skype
2008-09-15 21:59 . 2008-09-15 21:59 <REP> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-15 17:35 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-15 17:34 . 2008-09-15 17:34 <REP> d-------- C:\Documents and Settings\Papa\Application Data\Malwarebytes
2008-09-15 16:53 . 2008-09-15 17:07 2,476 --a------ C:\Documents and Settings\Orph.egd
2008-09-15 16:46 . 2008-09-15 17:08 <REP> d-------- C:\ToolBar SD
2008-09-14 17:18 . 2008-09-14 17:18 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-09-14 17:15 . 2005-03-15 08:53 <REP> d--h----- C:\Documents and Settings\Test\Voisinage r‚seau
2008-09-14 17:15 . 2005-03-15 08:53 <REP> d--h----- C:\Documents and Settings\Test\Voisinage d'impression
2008-09-14 17:15 . 2005-03-15 14:03 <REP> d--h----- C:\Documents and Settings\Test\ModŠles
2008-09-14 17:15 . 2008-09-14 17:15 <REP> d---s---- C:\Documents and Settings\Test\Mes documents
2008-09-14 17:15 . 2005-03-15 08:53 <REP> dr------- C:\Documents and Settings\Test\Menu D‚marrer
2008-09-14 17:15 . 2008-09-14 17:15 <REP> d-------- C:\Documents and Settings\Test\Favoris
2008-09-14 17:15 . 2005-03-15 08:53 <REP> d-------- C:\Documents and Settings\Test\Bureau
2008-09-14 17:15 . 2008-09-14 17:15 <REP> d-------- C:\Documents and Settings\Test
2008-09-14 16:38 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-14 16:38 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-09-14 16:38 . 2008-09-14 18:58 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-09-12 23:11 . 2008-09-12 23:24 <REP> d-------- C:\Program Files\mIRC
2008-09-10 20:10 . 2001-08-17 20:11 66,591 --a------ C:\WINDOWS\system32\drivers\el90xbc5.sys
2008-09-10 20:10 . 2001-08-17 20:11 66,591 --a--c--- C:\WINDOWS\system32\dllcache\el90xbc5.sys
2008-09-07 21:19 . 2008-09-07 21:20 <REP> d-------- C:\Documents and Settings\Papa\Application Data\Xfire
2008-09-07 12:48 . 2008-09-07 12:48 <REP> d-------- C:\Program Files\Realtek AC97
2008-09-07 12:48 . 2001-07-06 00:19 164 --a------ C:\WINDOWS\avrack.ini
2008-09-07 12:26 . 2008-09-07 12:26 <REP> d-------- C:\NV38523856.TMP
2008-09-07 12:26 . 2008-09-07 12:26 <REP> d-------- C:\NV38202524.TMP
2008-09-07 11:29 . 2006-01-23 11:48 176,128 --------- C:\WINDOWS\system32\nvuide.exe
2008-09-07 11:29 . 2006-01-09 12:34 5,556 -ra------ C:\WINDOWS\system32\nvraidapp.nvu
2008-09-07 11:29 . 2005-06-29 23:26 1,537 --------- C:\WINDOWS\system32\nvide.nvu
2008-09-07 11:28 . 2005-04-06 03:22 100,096 --a------ C:\WINDOWS\system32\nvtcp.sys
2008-09-07 11:23 . 2008-09-07 11:23 <REP> d-------- C:\Program Files\Realtek Sound Manager
2008-09-07 11:23 . 2008-09-07 12:48 <REP> d-------- C:\Program Files\AvRack
2008-09-07 11:23 . 2006-08-17 08:11 18,804,736 --a------ C:\WINDOWS\system32\alsndmgr.cpl
2008-09-07 11:23 . 2006-08-10 07:27 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2008-09-07 11:23 . 2006-08-18 13:52 4,017,536 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-09-07 11:23 . 2006-08-03 05:12 577,536 --a------ C:\WINDOWS\soundman.exe
2008-09-07 11:23 . 2006-08-01 14:58 143,360 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2008-09-07 11:23 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav
2008-09-07 11:23 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-09-07 11:22 . 2006-07-31 11:19 315,392 --a------ C:\WINDOWS\alcupd.exe
2008-09-07 11:22 . 2006-07-31 11:27 217,088 --a------ C:\WINDOWS\alcrmv.exe
2008-09-07 11:10 . 2005-06-03 15:09 454,656 --a------ C:\WINDOWS\system32\CapabilityTable.exe
2008-09-07 11:10 . 2005-01-17 14:43 4,096 --a------ C:\WINDOWS\system32\NvSataConnectionEnu.dll
2008-09-07 11:08 . 2005-05-13 10:52 176,128 --a------ C:\WINDOWS\system32\nvusmb.exe
2008-09-07 11:08 . 2006-01-23 11:48 176,128 --a------ C:\WINDOWS\system32\nvunrm.exe
2008-09-07 11:08 . 2005-02-08 14:26 3,596 --a------ C:\WINDOWS\system32\nvnrm.nvu
2008-09-07 11:08 . 2005-02-08 14:26 1,231 --a------ C:\WINDOWS\system32\nvsmb.nvu
2008-09-06 21:45 . 2008-09-10 19:51 <REP> d-------- C:\Program Files\NVidia Corporation
2008-09-06 21:10 . 2008-05-16 14:01 446,464 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-09-06 21:10 . 2008-09-21 12:55 180,569 --a------ C:\WINDOWS\system32\nvapps.xml
2008-09-06 21:10 . 2008-05-16 14:01 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-09-06 20:27 . 2006-04-18 11:37 141,582 --------- C:\WINDOWS\system32\drivers\NVCAP.SYS
2008-09-06 20:27 . 2006-04-18 11:37 29,696 --------- C:\WINDOWS\system32\FILTER.AX
2008-09-06 20:27 . 2006-04-18 11:37 16,496 --------- C:\WINDOWS\system32\drivers\NVXBAR.SYS
2008-09-06 20:25 . 2008-05-16 11:48 446,464 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-09-01 13:35 . <REP> C:\Documents and Settings\Aurélie\Application Data\InstallShield
2008-08-31 22:40 . 2008-08-31 22:45 <REP> d-------- C:\Documents and Settings\Guillaume\dwhelper
2008-08-31 12:03 . 2008-08-31 12:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SimCity Societies
2008-08-25 21:54 . 2008-08-25 21:54 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-08-25 21:51 . 2008-08-25 21:51 <REP> d-------- C:\Program Files\Skype
2008-08-25 21:51 . 2008-08-25 21:51 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-08-25 21:51 . 2008-08-25 21:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-08-22 09:47 . 2008-08-22 09:47 <REP> d-------- C:\Program Files\THQ
2008-08-22 09:23 . 2008-08-22 09:23 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-08-21 14:13 . 2008-08-21 14:13 <REP> d-------- C:\Program Files\EZ Boosters
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-21 23:53 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-21 21:51 --------- d-----w C:\Documents and Settings\Papa\Application Data\Image Zone Express
2008-09-21 16:25 --------- d-----w C:\Documents and Settings\Papa\Application Data\U3
2008-09-20 18:45 --------- d-----w C:\Documents and Settings\Aurélie\Application Data\Mozilla
2008-09-19 00:43 --------- d-----w C:\Program Files\Navilog1
2008-09-18 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-16 02:09 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-15 23:37 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-15 23:34 --------- d-----w C:\Program Files\eChanblard
2008-09-14 21:34 --------- d-----w C:\Program Files\RamBoost XP
2008-09-14 21:12 2,468 ----a-w C:\WINDOWS\system32\tmp.reg
2008-09-14 20:41 3,167,232 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2008-09-14 20:41 1,031,168 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2008-09-14 20:31 23,849,760 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-14 19:46 --------- d-----w C:\Program Files\Steam
2008-09-13 17:03 319,892 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-12 20:39 --------- d-----w C:\Program Files\World of Warcraft
2008-09-12 07:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-11 01:11 6,372,165 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-09-10 04:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-09-07 16:31 3,069,952 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2008-09-07 16:21 580,608 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2008-09-07 16:21 3,067,904 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2008-09-07 16:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-07 00:06 2,958,848 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-09-07 00:06 1,330,176 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-09-06 23:56 2,954,752 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-09-06 21:39 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Mozilla
2008-09-06 20:09 --------- d-----w C:\Documents and Settings\Aurélie\Application Data\Real
2008-09-05 10:46 --------- d-----w C:\Program Files\Fichiers communs\Skyscape
2008-09-03 23:17 3,532 ----a-w C:\drmHeader.bin
2008-09-01 20:35 --------- d-----w C:\Program Files\ECSRO
2008-09-01 17:42 --------- d-----w C:\Program Files\Call of Duty Game of the Year Edition
2008-09-01 17:37 --------- d-----w C:\Program Files\Return to Castle Wolfenstein
2008-09-01 17:36 --------- d-----w C:\Program Files\Tropico
2008-09-01 17:35 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-09-01 17:31 --------- d-----w C:\Program Files\Doom 3
2008-09-01 17:30 --------- d-----w C:\Program Files\EA GAMES
2008-08-31 15:16 --------- d-----w C:\Program Files\Electronic Arts
2008-08-27 15:29 --------- d-----w C:\Program Files\Silkroad
2008-08-26 20:12 --------- d-----w C:\Program Files\InnerSpace
2008-08-26 05:31 --------- d-----w C:\Program Files\Java
2008-08-22 20:49 2,783,232 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-08-22 20:49 2,729,984 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-08-22 17:51 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-08-22 17:48 --------- d-----w C:\Program Files\Hamachi
2008-08-22 13:18 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-08-21 01:05 71,326 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-08-21 01:05 5,423 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-08-20 22:03 --------- d-----w C:\Program Files\'Full Speed' Internet Booster + Performance Tests
2008-08-20 14:54 287,256 ----a-r C:\WINDOWS\system32\AbaleZip.dll
2008-08-20 13:21 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-08-20 13:10 --------- d-----w C:\Program Files\AlienGUIse
2008-08-20 13:08 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-08-18 22:38 --------- d-----w C:\Program Files\Warcraft III
2008-08-12 21:58 --------- d-----w C:\Program Files\Curse
2008-08-12 21:18 2,819,072 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-08-12 21:18 2,611,712 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-08-11 19:10 2,605,056 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-08-11 18:54 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-11 18:38 --------- d-----w C:\Program Files\Rockstar Games
2008-08-11 17:09 --------- d-----w C:\Program Files\Microsoft Games
2008-08-03 00:39 --------- d-----w C:\Documents and Settings\Aurélie\Application Data\Ventrilo
2008-07-26 01:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-07-25 01:12 --------- d-----w C:\Program Files\Cossacks 2 - Battle for Europe
2008-07-24 02:21 --------- d-----w C:\Program Files\Xfire
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-15 23:09 42,320 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-07-13 19:02 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-27 20:08 2,397,696 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-06-24 22:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-11-29 02:55 32,178 ----a-w C:\Program Files\logo.png
2006-11-08 01:35 346,608 ----a-w C:\Program Files\beatcraft.bcproj
2005-08-22 00:36 32 ----a-w C:\Documents and Settings\All Users\hash.dat
2005-04-22 00:53 3,672,536 ----a-w C:\Program Files\copernicagentbasicfr.exe
2004-03-11 18:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2006-05-11 23:25 56 --sha-w C:\WINDOWS\system32\D9B58A1B5A.sys
2006-05-11 23:25 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-18 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2005-01-17 84480]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-09-07 1400944]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 919016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-17 185632]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-09-20 922192]
"nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 C:\WINDOWS\soundman.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Trojan Remover"="C:\Program Files\Trojan Remover\RMVTRJAN.EXE" [2008-08-16 1028672]
C:\Documents and Settings\Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [2004-06-09 471040]
C:\Documents and Settings\Papa\Menu D‚marrer\Programmes\D‚marrage\
Skyscape smARTupdate.lnk - C:\Program Files\Fichiers communs\Skyscape\smARTupdate.exe [2004-12-03 3813376]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= l3codecp.acm
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Guillaume^Menu Démarrer^Programmes^Démarrage^IMVU.lnk]
path=C:\Documents and Settings\Guillaume\Menu Démarrer\Programmes\Démarrage\IMVU.lnk
backup=C:\WINDOWS\pss\IMVU.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2005-01-12 15:54 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-16 14:01 86016 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-06 20:05 200704 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-12-08 18:35 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-03-28 16:22 1271032 c:\Program Files\Steam\steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-12-17 16:24 185632 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--a------ 2000-05-11 02:00 90112 C:\WINDOWS\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
--a------ 2007-03-03 14:12 341488 C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2004-03-19 04:33 24576 C:\WINDOWS\system32\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Palm\\HOTSYNC.EXE"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\BfVietnam.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"=
"C:\\Program Files\\MSN Gaming Zone\\zclient.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault(tm)\\mohpa.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Steam\\SteamApps\\amecaret\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\amecaret\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\amecaret\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Warcraft III\\War3.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\World of Warcraft\\Repair.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\Steam\\steam.exe"=
"C:\\Program Files\\Steam\\SteamApps\\amecaret\\source sdk base\\hl2.exe"=
"C:\\Program Files\\BitLord2\\BitLord.exe"=
"C:\\Program Files\\ROBLOX Corporation\\ROBLOX\\Roblox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\eChanblard\\emule.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\guillaume\\lime\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\\Nexon\\Combat Arms\\NMService.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
S3 jqhjmaku;jqhjmaku;C:\Documents and Settings\Guillaume\Bureau\logiciels\malina\jqhjmaku.sys [ ]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [ ]
S3 msloop;Pilote de carte de bouclage Microsoft;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 4992]
S3 NTProcDrv;Process creation detector for NT.;C:\Documents and Settings\Guillaume\Bureau\silkroad\srobot\NtProcDrv.sys [ ]
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [ ]
S3 vfyxgjohv;vfyxgjohv;C:\Documents and Settings\Guillaume\Bureau\logiciels\vfyxgjohv.sys [ ]
S3 XDva009;XDva009;C:\WINDOWS\system32\XDva009.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27269b06-8321-11db-877e-000fea89dff1}]
\Shell\AutoRun\command - F:\LaunchU3.exe
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-WINSOS VERIFY - C:\Program Files\Winsos\WINSOS.EXE
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Profiles\xkzx6nkp.default\
FF -: plugin - C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-21 20:08:15
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\xfire_lsp_10650.dll
.
Heure de fin: 2008-09-21 20:14:20
ComboFix-quarantined-files.txt 2008-09-22 00:13:35
Avant-CF: 35ÿ827ÿ023ÿ872 octets libres
Après-CF: 44,609,675,264 octets libres
361 --- E O F --- 2008-09-16 02:03:40
ComboFix 08-09-20.05 - Papa 2008-09-21 19:55:41.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.415 [GMT -4:00]
Lancé depuis: C:\Documents and Settings\Papa\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\dao350.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-21 au 2008-09-21 ))))))))))))))))))))))))))))))))))))
.
2008-09-21 18:42 . 2008-09-21 18:42 <REP> d-------- C:\Program Files\Trojan Remover
2008-09-21 18:42 . 2008-09-21 18:42 <REP> d-------- C:\Documents and Settings\Papa\Application Data\Simply Super Software
2008-09-21 18:42 . 2008-09-21 18:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-09-21 18:42 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-09-21 18:42 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-09-21 18:42 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-09-21 18:42 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-09-21 18:42 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-09-21 17:57 . 2008-09-21 17:59 19,555 --a------ C:\WINDOWS\hpqins13.dat
2008-09-21 17:45 . 2008-09-21 17:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2008-09-18 19:37 . 2008-09-21 12:26 <REP> d-------- C:\Documents and Settings\Papa\Application Data\uTorrent
2008-09-18 18:50 . 2008-09-18 18:54 <REP> d-------- C:\Program Files\RegCleaner
2008-09-18 16:49 . 2008-09-18 16:49 <REP> d-------- C:\WINDOWS\ERUNT
2008-09-18 16:48 . 2008-09-18 17:23 <REP> d-------- C:\SDFix
2008-09-17 19:44 . 2008-09-18 17:20 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-16 18:34 . 2008-09-16 18:34 <REP> d-------- C:\Documents and Settings\Papa\Application Data\Skype
2008-09-15 21:59 . 2008-09-15 21:59 <REP> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-15 17:35 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-15 17:34 . 2008-09-15 17:34 <REP> d-------- C:\Documents and Settings\Papa\Application Data\Malwarebytes
2008-09-15 16:53 . 2008-09-15 17:07 2,476 --a------ C:\Documents and Settings\Orph.egd
2008-09-15 16:46 . 2008-09-15 17:08 <REP> d-------- C:\ToolBar SD
2008-09-14 17:18 . 2008-09-14 17:18 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-09-14 17:15 . 2005-03-15 08:53 <REP> d--h----- C:\Documents and Settings\Test\Voisinage r‚seau
2008-09-14 17:15 . 2005-03-15 08:53 <REP> d--h----- C:\Documents and Settings\Test\Voisinage d'impression
2008-09-14 17:15 . 2005-03-15 14:03 <REP> d--h----- C:\Documents and Settings\Test\ModŠles
2008-09-14 17:15 . 2008-09-14 17:15 <REP> d---s---- C:\Documents and Settings\Test\Mes documents
2008-09-14 17:15 . 2005-03-15 08:53 <REP> dr------- C:\Documents and Settings\Test\Menu D‚marrer
2008-09-14 17:15 . 2008-09-14 17:15 <REP> d-------- C:\Documents and Settings\Test\Favoris
2008-09-14 17:15 . 2005-03-15 08:53 <REP> d-------- C:\Documents and Settings\Test\Bureau
2008-09-14 17:15 . 2008-09-14 17:15 <REP> d-------- C:\Documents and Settings\Test
2008-09-14 16:38 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-14 16:38 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-09-14 16:38 . 2008-09-14 18:58 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-09-12 23:11 . 2008-09-12 23:24 <REP> d-------- C:\Program Files\mIRC
2008-09-10 20:10 . 2001-08-17 20:11 66,591 --a------ C:\WINDOWS\system32\drivers\el90xbc5.sys
2008-09-10 20:10 . 2001-08-17 20:11 66,591 --a--c--- C:\WINDOWS\system32\dllcache\el90xbc5.sys
2008-09-07 21:19 . 2008-09-07 21:20 <REP> d-------- C:\Documents and Settings\Papa\Application Data\Xfire
2008-09-07 12:48 . 2008-09-07 12:48 <REP> d-------- C:\Program Files\Realtek AC97
2008-09-07 12:48 . 2001-07-06 00:19 164 --a------ C:\WINDOWS\avrack.ini
2008-09-07 12:26 . 2008-09-07 12:26 <REP> d-------- C:\NV38523856.TMP
2008-09-07 12:26 . 2008-09-07 12:26 <REP> d-------- C:\NV38202524.TMP
2008-09-07 11:29 . 2006-01-23 11:48 176,128 --------- C:\WINDOWS\system32\nvuide.exe
2008-09-07 11:29 . 2006-01-09 12:34 5,556 -ra------ C:\WINDOWS\system32\nvraidapp.nvu
2008-09-07 11:29 . 2005-06-29 23:26 1,537 --------- C:\WINDOWS\system32\nvide.nvu
2008-09-07 11:28 . 2005-04-06 03:22 100,096 --a------ C:\WINDOWS\system32\nvtcp.sys
2008-09-07 11:23 . 2008-09-07 11:23 <REP> d-------- C:\Program Files\Realtek Sound Manager
2008-09-07 11:23 . 2008-09-07 12:48 <REP> d-------- C:\Program Files\AvRack
2008-09-07 11:23 . 2006-08-17 08:11 18,804,736 --a------ C:\WINDOWS\system32\alsndmgr.cpl
2008-09-07 11:23 . 2006-08-10 07:27 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2008-09-07 11:23 . 2006-08-18 13:52 4,017,536 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-09-07 11:23 . 2006-08-03 05:12 577,536 --a------ C:\WINDOWS\soundman.exe
2008-09-07 11:23 . 2006-08-01 14:58 143,360 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2008-09-07 11:23 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav
2008-09-07 11:23 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-09-07 11:22 . 2006-07-31 11:19 315,392 --a------ C:\WINDOWS\alcupd.exe
2008-09-07 11:22 . 2006-07-31 11:27 217,088 --a------ C:\WINDOWS\alcrmv.exe
2008-09-07 11:10 . 2005-06-03 15:09 454,656 --a------ C:\WINDOWS\system32\CapabilityTable.exe
2008-09-07 11:10 . 2005-01-17 14:43 4,096 --a------ C:\WINDOWS\system32\NvSataConnectionEnu.dll
2008-09-07 11:08 . 2005-05-13 10:52 176,128 --a------ C:\WINDOWS\system32\nvusmb.exe
2008-09-07 11:08 . 2006-01-23 11:48 176,128 --a------ C:\WINDOWS\system32\nvunrm.exe
2008-09-07 11:08 . 2005-02-08 14:26 3,596 --a------ C:\WINDOWS\system32\nvnrm.nvu
2008-09-07 11:08 . 2005-02-08 14:26 1,231 --a------ C:\WINDOWS\system32\nvsmb.nvu
2008-09-06 21:45 . 2008-09-10 19:51 <REP> d-------- C:\Program Files\NVidia Corporation
2008-09-06 21:10 . 2008-05-16 14:01 446,464 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-09-06 21:10 . 2008-09-21 12:55 180,569 --a------ C:\WINDOWS\system32\nvapps.xml
2008-09-06 21:10 . 2008-05-16 14:01 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-09-06 20:27 . 2006-04-18 11:37 141,582 --------- C:\WINDOWS\system32\drivers\NVCAP.SYS
2008-09-06 20:27 . 2006-04-18 11:37 29,696 --------- C:\WINDOWS\system32\FILTER.AX
2008-09-06 20:27 . 2006-04-18 11:37 16,496 --------- C:\WINDOWS\system32\drivers\NVXBAR.SYS
2008-09-06 20:25 . 2008-05-16 11:48 446,464 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-09-01 13:35 . <REP> C:\Documents and Settings\Aurélie\Application Data\InstallShield
2008-08-31 22:40 . 2008-08-31 22:45 <REP> d-------- C:\Documents and Settings\Guillaume\dwhelper
2008-08-31 12:03 . 2008-08-31 12:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SimCity Societies
2008-08-25 21:54 . 2008-08-25 21:54 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-08-25 21:51 . 2008-08-25 21:51 <REP> d-------- C:\Program Files\Skype
2008-08-25 21:51 . 2008-08-25 21:51 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-08-25 21:51 . 2008-08-25 21:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-08-22 09:47 . 2008-08-22 09:47 <REP> d-------- C:\Program Files\THQ
2008-08-22 09:23 . 2008-08-22 09:23 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-08-21 14:13 . 2008-08-21 14:13 <REP> d-------- C:\Program Files\EZ Boosters
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-21 23:53 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-21 21:51 --------- d-----w C:\Documents and Settings\Papa\Application Data\Image Zone Express
2008-09-21 16:25 --------- d-----w C:\Documents and Settings\Papa\Application Data\U3
2008-09-20 18:45 --------- d-----w C:\Documents and Settings\Aurélie\Application Data\Mozilla
2008-09-19 00:43 --------- d-----w C:\Program Files\Navilog1
2008-09-18 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-16 02:09 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-15 23:37 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-15 23:34 --------- d-----w C:\Program Files\eChanblard
2008-09-14 21:34 --------- d-----w C:\Program Files\RamBoost XP
2008-09-14 21:12 2,468 ----a-w C:\WINDOWS\system32\tmp.reg
2008-09-14 20:41 3,167,232 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2008-09-14 20:41 1,031,168 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2008-09-14 20:31 23,849,760 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-14 19:46 --------- d-----w C:\Program Files\Steam
2008-09-13 17:03 319,892 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-12 20:39 --------- d-----w C:\Program Files\World of Warcraft
2008-09-12 07:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-11 01:11 6,372,165 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-09-10 04:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-09-07 16:31 3,069,952 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2008-09-07 16:21 580,608 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2008-09-07 16:21 3,067,904 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2008-09-07 16:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-07 00:06 2,958,848 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-09-07 00:06 1,330,176 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-09-06 23:56 2,954,752 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-09-06 21:39 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Mozilla
2008-09-06 20:09 --------- d-----w C:\Documents and Settings\Aurélie\Application Data\Real
2008-09-05 10:46 --------- d-----w C:\Program Files\Fichiers communs\Skyscape
2008-09-03 23:17 3,532 ----a-w C:\drmHeader.bin
2008-09-01 20:35 --------- d-----w C:\Program Files\ECSRO
2008-09-01 17:42 --------- d-----w C:\Program Files\Call of Duty Game of the Year Edition
2008-09-01 17:37 --------- d-----w C:\Program Files\Return to Castle Wolfenstein
2008-09-01 17:36 --------- d-----w C:\Program Files\Tropico
2008-09-01 17:35 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2008-09-01 17:31 --------- d-----w C:\Program Files\Doom 3
2008-09-01 17:30 --------- d-----w C:\Program Files\EA GAMES
2008-08-31 15:16 --------- d-----w C:\Program Files\Electronic Arts
2008-08-27 15:29 --------- d-----w C:\Program Files\Silkroad
2008-08-26 20:12 --------- d-----w C:\Program Files\InnerSpace
2008-08-26 05:31 --------- d-----w C:\Program Files\Java
2008-08-22 20:49 2,783,232 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-08-22 20:49 2,729,984 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-08-22 17:51 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-08-22 17:48 --------- d-----w C:\Program Files\Hamachi
2008-08-22 13:18 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-08-21 01:05 71,326 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-08-21 01:05 5,423 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-08-20 22:03 --------- d-----w C:\Program Files\'Full Speed' Internet Booster + Performance Tests
2008-08-20 14:54 287,256 ----a-r C:\WINDOWS\system32\AbaleZip.dll
2008-08-20 13:21 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-08-20 13:10 --------- d-----w C:\Program Files\AlienGUIse
2008-08-20 13:08 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-08-18 22:38 --------- d-----w C:\Program Files\Warcraft III
2008-08-12 21:58 --------- d-----w C:\Program Files\Curse
2008-08-12 21:18 2,819,072 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-08-12 21:18 2,611,712 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-08-11 19:10 2,605,056 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-08-11 18:54 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-11 18:38 --------- d-----w C:\Program Files\Rockstar Games
2008-08-11 17:09 --------- d-----w C:\Program Files\Microsoft Games
2008-08-03 00:39 --------- d-----w C:\Documents and Settings\Aurélie\Application Data\Ventrilo
2008-07-26 01:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-07-25 01:12 --------- d-----w C:\Program Files\Cossacks 2 - Battle for Europe
2008-07-24 02:21 --------- d-----w C:\Program Files\Xfire
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-15 23:09 42,320 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-07-13 19:02 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-27 20:08 2,397,696 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-06-24 22:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-11-29 02:55 32,178 ----a-w C:\Program Files\logo.png
2006-11-08 01:35 346,608 ----a-w C:\Program Files\beatcraft.bcproj
2005-08-22 00:36 32 ----a-w C:\Documents and Settings\All Users\hash.dat
2005-04-22 00:53 3,672,536 ----a-w C:\Program Files\copernicagentbasicfr.exe
2004-03-11 18:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2006-05-11 23:25 56 --sha-w C:\WINDOWS\system32\D9B58A1B5A.sys
2006-05-11 23:25 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-18 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2005-01-17 84480]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-09-07 1400944]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 919016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-17 185632]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-09-20 922192]
"nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 C:\WINDOWS\soundman.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Trojan Remover"="C:\Program Files\Trojan Remover\RMVTRJAN.EXE" [2008-08-16 1028672]
C:\Documents and Settings\Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [2004-06-09 471040]
C:\Documents and Settings\Papa\Menu D‚marrer\Programmes\D‚marrage\
Skyscape smARTupdate.lnk - C:\Program Files\Fichiers communs\Skyscape\smARTupdate.exe [2004-12-03 3813376]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= l3codecp.acm
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Guillaume^Menu Démarrer^Programmes^Démarrage^IMVU.lnk]
path=C:\Documents and Settings\Guillaume\Menu Démarrer\Programmes\Démarrage\IMVU.lnk
backup=C:\WINDOWS\pss\IMVU.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2005-01-12 15:54 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-16 14:01 86016 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-06 20:05 200704 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-12-08 18:35 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-03-28 16:22 1271032 c:\Program Files\Steam\steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-12-17 16:24 185632 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--a------ 2000-05-11 02:00 90112 C:\WINDOWS\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
--a------ 2007-03-03 14:12 341488 C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2004-03-19 04:33 24576 C:\WINDOWS\system32\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Palm\\HOTSYNC.EXE"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\BfVietnam.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"=
"C:\\Program Files\\MSN Gaming Zone\\zclient.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault(tm)\\mohpa.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Steam\\SteamApps\\amecaret\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\amecaret\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\amecaret\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Warcraft III\\War3.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\World of Warcraft\\Repair.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\Steam\\steam.exe"=
"C:\\Program Files\\Steam\\SteamApps\\amecaret\\source sdk base\\hl2.exe"=
"C:\\Program Files\\BitLord2\\BitLord.exe"=
"C:\\Program Files\\ROBLOX Corporation\\ROBLOX\\Roblox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\eChanblard\\emule.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\guillaume\\lime\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\\Nexon\\Combat Arms\\NMService.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
S3 jqhjmaku;jqhjmaku;C:\Documents and Settings\Guillaume\Bureau\logiciels\malina\jqhjmaku.sys [ ]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [ ]
S3 msloop;Pilote de carte de bouclage Microsoft;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 4992]
S3 NTProcDrv;Process creation detector for NT.;C:\Documents and Settings\Guillaume\Bureau\silkroad\srobot\NtProcDrv.sys [ ]
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [ ]
S3 vfyxgjohv;vfyxgjohv;C:\Documents and Settings\Guillaume\Bureau\logiciels\vfyxgjohv.sys [ ]
S3 XDva009;XDva009;C:\WINDOWS\system32\XDva009.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27269b06-8321-11db-877e-000fea89dff1}]
\Shell\AutoRun\command - F:\LaunchU3.exe
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-WINSOS VERIFY - C:\Program Files\Winsos\WINSOS.EXE
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Profiles\xkzx6nkp.default\
FF -: plugin - C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-21 20:08:15
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\xfire_lsp_10650.dll
.
Heure de fin: 2008-09-21 20:14:20
ComboFix-quarantined-files.txt 2008-09-22 00:13:35
Avant-CF: 35ÿ827ÿ023ÿ872 octets libres
Après-CF: 44,609,675,264 octets libres
361 --- E O F --- 2008-09-16 02:03:40
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
