Sujet Précédent Sujet Suivant

Pc infecté par brontok A et cpu toujours 100%

Fermé
hurbainharder - 18 oct. 2008 à 18:37
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 - 1 nov. 2008 à 12:12
Bonjour, ma machine fait tourne lentement et IE s'ouvre tous eul avec une page avec ecrit Brontok A.
et je n'arrive pas a l enlever. Je souhaiterai retrouver ma machine avec une bonne configuration et quelle tourne bien
A voir également:

50 réponses

Précédent
Réponse 21 / 50
hurbainharder bis depuis un autre pc
20 oct. 2008 à 19:36
suite

Present ! - C:\WINDOWS\system32\drivers\downld\192281.exe
Present ! - C:\WINDOWS\system32\drivers\downld\193671.exe
Present ! - C:\WINDOWS\system32\drivers\downld\195921.exe
Present ! - C:\WINDOWS\system32\drivers\downld\199171.exe
Present ! - C:\WINDOWS\system32\drivers\downld\200171.exe
Present ! - C:\WINDOWS\system32\drivers\downld\2015531.exe
Present ! - C:\WINDOWS\system32\drivers\downld\202281.exe
Present ! - C:\WINDOWS\system32\drivers\downld\203671.exe
Present ! - C:\WINDOWS\system32\drivers\downld\206171.exe
Present ! - C:\WINDOWS\system32\drivers\downld\213281.exe
Present ! - C:\WINDOWS\system32\drivers\downld\215281.exe
Present ! - C:\WINDOWS\system32\drivers\downld\217921.exe
Present ! - C:\WINDOWS\system32\drivers\downld\219921.exe
Present ! - C:\WINDOWS\system32\drivers\downld\221421.exe
Present ! - C:\WINDOWS\system32\drivers\downld\225171.exe
Present ! - C:\WINDOWS\system32\drivers\downld\226671.exe
Present ! - C:\WINDOWS\system32\drivers\downld\229171.exe
Present ! - C:\WINDOWS\system32\drivers\downld\230671.exe
Present ! - C:\WINDOWS\system32\drivers\downld\2310781.exe
Present ! - C:\WINDOWS\system32\drivers\downld\235421.exe
Present ! - C:\WINDOWS\system32\drivers\downld\237421.exe
Present ! - C:\WINDOWS\system32\drivers\downld\240171.exe
Present ! - C:\WINDOWS\system32\drivers\downld\240421.exe
Present ! - C:\WINDOWS\system32\drivers\downld\240921.exe
Present ! - C:\WINDOWS\system32\drivers\downld\247281.exe
Present ! - C:\WINDOWS\system32\drivers\downld\248781.exe
Present ! - C:\WINDOWS\system32\drivers\downld\251921.exe
Present ! - C:\WINDOWS\system32\drivers\downld\253171.exe
Present ! - C:\WINDOWS\system32\drivers\downld\262921.exe
Present ! - C:\WINDOWS\system32\drivers\downld\264781.exe
Present ! - C:\WINDOWS\system32\drivers\downld\275421.exe
Present ! - C:\WINDOWS\system32\drivers\downld\276671.exe
Present ! - C:\WINDOWS\system32\drivers\downld\278031.exe
Present ! - C:\WINDOWS\system32\drivers\downld\2787031.exe
Present ! - C:\WINDOWS\system32\drivers\downld\292031.exe
Present ! - C:\WINDOWS\system32\drivers\downld\29292171.exe
Present ! - C:\WINDOWS\system32\drivers\downld\298171.exe
Present ! - C:\WINDOWS\system32\drivers\downld\300531.exe
Present ! - C:\WINDOWS\system32\drivers\downld\303531.exe
Present ! - C:\WINDOWS\system32\drivers\downld\308031.exe
Present ! - C:\WINDOWS\system32\drivers\downld\337421.exe
Present ! - C:\WINDOWS\system32\drivers\downld\402281.exe
Present ! - C:\WINDOWS\system32\drivers\downld\4469031.exe
Present ! - C:\WINDOWS\system32\drivers\downld\467531.exe
Present ! - C:\WINDOWS\system32\drivers\downld\530921.exe
Present ! - C:\WINDOWS\system32\drivers\downld\58955171.exe
Present ! - C:\WINDOWS\system32\drivers\downld\6189671.exe
Present ! - C:\WINDOWS\system32\drivers\downld\636031.exe
Present ! - C:\WINDOWS\system32\drivers\downld\640671.exe
Present ! - C:\WINDOWS\system32\drivers\downld\656781.exe
Present ! - C:\WINDOWS\system32\drivers\downld\703031.exe
Present ! - C:\WINDOWS\system32\drivers\downld\707531.exe
Present ! - C:\WINDOWS\system32\drivers\downld\71202781.exe
Present ! - C:\WINDOWS\system32\drivers\downld\71278531.exe
Present ! - C:\WINDOWS\system32\drivers\downld\74226671.exe
Present ! - C:\WINDOWS\system32\drivers\downld\74281421.exe
Present ! - C:\WINDOWS\system32\drivers\downld\746031.exe
Present ! - C:\WINDOWS\system32\drivers\downld\764781.exe
Present ! - C:\WINDOWS\system32\drivers\downld\8312921.exe
Present ! - C:\WINDOWS\system32\drivers\downld\855531.exe
Present ! - C:\WINDOWS\system32\drivers\downld\91531.exe
Present ! - C:\WINDOWS\system32\drivers\downld\93031.exe
Present ! - C:\WINDOWS\system32\drivers\downld\106562.exe
Present ! - C:\WINDOWS\system32\drivers\downld\1077062.exe
Present ! - C:\WINDOWS\system32\drivers\downld\126062.exe
Present ! - C:\WINDOWS\system32\drivers\downld\128062.exe
Present ! - C:\WINDOWS\system32\drivers\downld\1408312.exe
Present ! - C:\WINDOWS\system32\drivers\downld\14726312.exe
Present ! - C:\WINDOWS\system32\drivers\downld\147812.exe
Present ! - C:\WINDOWS\system32\drivers\downld\14825562.exe
Present ! - C:\WINDOWS\system32\drivers\downld\151812.exe
Present ! - C:\WINDOWS\system32\drivers\downld\155062.exe
Present ! - C:\WINDOWS\system32\drivers\downld\1558812.exe
Present ! - C:\WINDOWS\system32\drivers\downld\167562.exe
Present ! - C:\WINDOWS\system32\drivers\downld\172562.exe
Present ! - C:\WINDOWS\system32\drivers\downld\180312.exe
Present ! - C:\WINDOWS\system32\drivers\downld\184312.exe
Present ! - C:\WINDOWS\system32\drivers\downld\185312.exe
Present ! - C:\WINDOWS\system32\drivers\downld\198312.exe
Present ! - C:\WINDOWS\system32\drivers\downld\207062.exe
Present ! - C:\WINDOWS\system32\drivers\downld\210312.exe
Present ! - C:\WINDOWS\system32\drivers\downld\211812.exe
Present ! - C:\WINDOWS\system32\drivers\downld\212312.exe
Present ! - C:\WINDOWS\system32\drivers\downld\217812.exe
Present ! - C:\WINDOWS\system32\drivers\downld\222812.exe
Present ! - C:\WINDOWS\system32\drivers\downld\223062.exe
Present ! - C:\WINDOWS\system32\drivers\downld\229562.exe
Present ! - C:\WINDOWS\system32\drivers\downld\231562.exe
Present ! - C:\WINDOWS\system32\drivers\downld\244312.exe
Present ! - C:\WINDOWS\system32\drivers\downld\2487812.exe
Present ! - C:\WINDOWS\system32\drivers\downld\2491312.exe
Present ! - C:\WINDOWS\system32\drivers\downld\252062.exe
Present ! - C:\WINDOWS\system32\drivers\downld\258312.exe
Present ! - C:\WINDOWS\system32\drivers\downld\260812.exe
Present ! - C:\WINDOWS\system32\drivers\downld\270062.exe
Present ! - C:\WINDOWS\system32\drivers\downld\270312.exe
Present ! - C:\WINDOWS\system32\drivers\downld\29614562.exe
Present ! - C:\WINDOWS\system32\drivers\downld\297062.exe
Present ! - C:\WINDOWS\system32\drivers\downld\303812.exe
Present ! - C:\WINDOWS\system32\drivers\downld\3326562.exe
Present ! - C:\WINDOWS\system32\drivers\downld\3343812.exe
Present ! - C:\WINDOWS\system32\drivers\downld\358062.exe
Present ! - C:\WINDOWS\system32\drivers\downld\447062.exe
Present ! - C:\WINDOWS\system32\drivers\downld\450062.exe
Present ! - C:\WINDOWS\system32\drivers\downld\638562.exe
Present ! - C:\WINDOWS\system32\drivers\downld\697562.exe
Present ! - C:\WINDOWS\system32\drivers\downld\711062.exe
Present ! - C:\WINDOWS\system32\drivers\downld\831062.exe
Present ! - C:\WINDOWS\system32\drivers\downld\111703.exe
Present ! - C:\WINDOWS\system32\drivers\downld\119203.exe
Present ! - C:\WINDOWS\system32\drivers\downld\119953.exe
Present ! - C:\WINDOWS\system32\drivers\downld\122703.exe
Present ! - C:\WINDOWS\system32\drivers\downld\126453.exe
Present ! - C:\WINDOWS\system32\drivers\downld\127343.exe
Present ! - C:\WINDOWS\system32\drivers\downld\1274593.exe
Present ! - C:\WINDOWS\system32\drivers\downld\128843.exe
Present ! - C:\WINDOWS\system32\drivers\downld\132953.exe
Present ! - C:\WINDOWS\system32\drivers\downld\134453.exe
Present ! - C:\WINDOWS\system32\drivers\downld\134593.exe
Present ! - C:\WINDOWS\system32\drivers\downld\135203.exe
Present ! - C:\WINDOWS\system32\drivers\downld\137453.exe
Present ! - C:\WINDOWS\system32\drivers\downld\138843.exe
Present ! - C:\WINDOWS\system32\drivers\downld\139343.exe
Present ! - C:\WINDOWS\system32\drivers\downld\140343.exe
Present ! - C:\WINDOWS\system32\drivers\downld\140953.exe
Present ! - C:\WINDOWS\system32\drivers\downld\142453.exe
Present ! - C:\WINDOWS\system32\drivers\downld\146343.exe
Present ! - C:\WINDOWS\system32\drivers\downld\14709953.exe
Present ! - C:\WINDOWS\system32\drivers\downld\14712703.exe
Present ! - C:\WINDOWS\system32\drivers\downld\14746703.exe
Present ! - C:\WINDOWS\system32\drivers\downld\14775343.exe
Present ! - C:\WINDOWS\system32\drivers\downld\14780703.exe
Present ! - C:\WINDOWS\system32\drivers\downld\14786093.exe
Present ! - C:\WINDOWS\system32\drivers\downld\14840593.exe
Present ! - C:\WINDOWS\system32\drivers\downld\149203.exe
Present ! - C:\WINDOWS\system32\drivers\downld\14935703.exe
Present ! - C:\WINDOWS\system32\drivers\downld\151953.exe
Present ! - C:\WINDOWS\system32\drivers\downld\152203.exe
Present ! - C:\WINDOWS\system32\drivers\downld\153593.exe
Present ! - C:\WINDOWS\system32\drivers\downld\158343.exe
Present ! - C:\WINDOWS\system32\drivers\downld\159453.exe
Present ! - C:\WINDOWS\system32\drivers\downld\164453.exe
Present ! - C:\WINDOWS\system32\drivers\downld\164703.exe
Present ! - C:\WINDOWS\system32\drivers\downld\164843.exe
Present ! - C:\WINDOWS\system32\drivers\downld\166593.exe
Present ! - C:\WINDOWS\system32\drivers\downld\168953.exe
Present ! - C:\WINDOWS\system32\drivers\downld\169093.exe
Present ! - C:\WINDOWS\system32\drivers\downld\169703.exe
Present ! - C:\WINDOWS\system32\drivers\downld\171343.exe
Present ! - C:\WINDOWS\system32\drivers\downld\171453.exe
Present ! - C:\WINDOWS\system32\drivers\downld\178093.exe
Present ! - C:\WINDOWS\system32\drivers\downld\179703.exe
Present ! - C:\WINDOWS\system32\drivers\downld\180953.exe
Present ! - C:\WINDOWS\system32\drivers\downld\181953.exe
Present ! - C:\WINDOWS\system32\drivers\downld\185203.exe
Present ! - C:\WINDOWS\system32\drivers\downld\186203.exe
Present ! - C:\WINDOWS\system32\drivers\downld\1874203.exe
Present ! - C:\WINDOWS\system32\drivers\downld\193093.exe
Present ! - C:\WINDOWS\system32\drivers\downld\196093.exe
Present ! - C:\WINDOWS\system32\drivers\downld\197593.exe
Present ! - C:\WINDOWS\system32\drivers\downld\198453.exe
Present ! - C:\WINDOWS\system32\drivers\downld\199343.exe
Present ! - C:\WINDOWS\system32\drivers\downld\202703.exe
Present ! - C:\WINDOWS\system32\drivers\downld\205953.exe
Present ! - C:\WINDOWS\system32\drivers\downld\217703.exe
Present ! - C:\WINDOWS\system32\drivers\downld\217843.exe
Present ! - C:\WINDOWS\system32\drivers\downld\219093.exe
Present ! - C:\WINDOWS\system32\drivers\downld\220593.exe
Present ! - C:\WINDOWS\system32\drivers\downld\221593.exe
Present ! - C:\WINDOWS\system32\drivers\downld\226093.exe
Present ! - C:\WINDOWS\system32\drivers\downld\227703.exe
Present ! - C:\WINDOWS\system32\drivers\downld\232703.exe
Present ! - C:\WINDOWS\system32\drivers\downld\233843.exe
Present ! - C:\WINDOWS\system32\drivers\downld\239843.exe
Present ! - C:\WINDOWS\system32\drivers\downld\240703.exe
Present ! - C:\WINDOWS\system32\drivers\downld\243453.exe
Present ! - C:\WINDOWS\system32\drivers\downld\244843.exe
Present ! - C:\WINDOWS\system32\drivers\downld\246593.exe
Present ! - C:\WINDOWS\system32\drivers\downld\2476453.exe
Present ! - C:\WINDOWS\system32\drivers\downld\248093.exe
Present ! - C:\WINDOWS\system32\drivers\downld\252453.exe
Present ! - C:\WINDOWS\system32\drivers\downld\258953.exe
Present ! - C:\WINDOWS\system32\drivers\downld\264953.exe
Present ! - C:\WINDOWS\system32\drivers\downld\270703.exe
Present ! - C:\WINDOWS\system32\drivers\downld\285343.exe
Present ! - C:\WINDOWS\system32\drivers\downld\287093.exe
Present ! - C:\WINDOWS\system32\drivers\downld\29318453.exe
Present ! - C:\WINDOWS\system32\drivers\downld\293343.exe
Present ! - C:\WINDOWS\system32\drivers\downld\294453.exe
Present ! - C:\WINDOWS\system32\drivers\downld\29587703.exe
Present ! - C:\WINDOWS\system32\drivers\downld\296843.exe
Present ! - C:\WINDOWS\system32\drivers\downld\297203.exe
Present ! - C:\WINDOWS\system32\drivers\downld\300953.exe
Present ! - C:\WINDOWS\system32\drivers\downld\309703.exe
Present ! - C:\WINDOWS\system32\drivers\downld\328593.exe
Present ! - C:\WINDOWS\system32\drivers\downld\366453.exe
Present ! - C:\WINDOWS\system32\drivers\downld\380093.exe
Present ! - C:\WINDOWS\system32\drivers\downld\391343.exe
Present ! - C:\WINDOWS\system32\drivers\downld\402843.exe
Present ! - C:\WINDOWS\system32\drivers\downld\406953.exe
Present ! - C:\WINDOWS\system32\drivers\downld\418203.exe
Present ! - C:\WINDOWS\system32\drivers\downld\436843.exe
Present ! - C:\WINDOWS\system32\drivers\downld\451703.exe
Present ! - C:\WINDOWS\system32\drivers\downld\59161343.exe
Present ! - C:\WINDOWS\system32\drivers\downld\639343.exe
Present ! - C:\WINDOWS\system32\drivers\downld\648093.exe
Present ! - C:\WINDOWS\system32\drivers\downld\663203.exe
Present ! - C:\WINDOWS\system32\drivers\downld\672703.exe
Present ! - C:\WINDOWS\system32\drivers\downld\683953.exe
Present ! - C:\WINDOWS\system32\drivers\downld\733343.exe
Present ! - C:\WINDOWS\system32\drivers\downld\73721703.exe
Present ! - C:\WINDOWS\system32\drivers\downld\765343.exe
Present ! - C:\WINDOWS\system32\drivers\downld\808703.exe
Present ! - C:\WINDOWS\system32\drivers\downld\82703.exe
Present ! - C:\WINDOWS\system32\drivers\downld\85843.exe
Present ! - C:\WINDOWS\system32\drivers\downld\87953.exe
Present ! - C:\WINDOWS\system32\drivers\downld\918843.exe
Present ! - C:\WINDOWS\system32\drivers\downld\946093.exe
Present ! - C:\WINDOWS\system32\drivers\downld\9681593.exe
Present ! - C:\WINDOWS\system32\drivers\downld\1045734.exe
Present ! - C:\WINDOWS\system32\drivers\downld\104984.exe
Present ! - C:\WINDOWS\system32\drivers\downld\1155484.exe
Present ! - C:\WINDOWS\system32\drivers\downld\122984.exe
Present ! - C:\WINDOWS\system32\drivers\downld\123984.exe
Present ! - C:\WINDOWS\system32\drivers\downld\124234.exe
Present ! - C:\WINDOWS\system32\drivers\downld\128734.exe
Present ! - C:\WINDOWS\system32\drivers\downld\129734.exe
Present ! - C:\WINDOWS\system32\drivers\downld\1302734.exe
Present ! - C:\WINDOWS\system32\drivers\downld\131734.exe
Present ! - C:\WINDOWS\system32\drivers\downld\1331234.exe
Present ! - C:\WINDOWS\system32\drivers\downld\137234.exe
Present ! - C:\WINDOWS\system32\drivers\downld\1379984.exe
Present ! - C:\WINDOWS\system32\drivers\downld\138734.exe
Present ! - C:\WINDOWS\system32\drivers\downld\14684484.exe
Present ! - C:\WINDOWS\system32\drivers\downld\147234.exe
Present ! - C:\WINDOWS\system32\drivers\downld\14739984.exe
Present ! - C:\WINDOWS\system32\drivers\downld\147734.exe
Present ! - C:\WINDOWS\system32\drivers\downld\152484.exe
Present ! - C:\WINDOWS\system32\drivers\downld\153484.exe
Present ! - C:\WINDOWS\system32\drivers\downld\156734.exe
Present ! - C:\WINDOWS\system32\drivers\downld\159234.exe
Present ! - C:\WINDOWS\system32\drivers\downld\165984.exe
Present ! - C:\WINDOWS\system32\drivers\downld\167234.exe
Present ! - C:\WINDOWS\system32\drivers\downld\167984.exe
Present ! - C:\WINDOWS\system32\drivers\downld\17293734.exe
Present ! - C:\WINDOWS\system32\drivers\downld\180484.exe
Present ! - C:\WINDOWS\system32\drivers\downld\183734.exe
Present ! - C:\WINDOWS\system32\drivers\downld\183984.exe
Present ! - C:\WINDOWS\system32\drivers\downld\1901984.exe
Present ! - C:\WINDOWS\system32\drivers\downld\190484.exe
Present ! - C:\WINDOWS\system32\drivers\downld\194484.exe
Present ! - C:\WINDOWS\system32\drivers\downld\195734.exe
Present ! - C:\WINDOWS\system32\drivers\downld\197234.exe
Present ! - C:\WINDOWS\system32\drivers\downld\208234.exe
Present ! - C:\WINDOWS\system32\drivers\downld\218484.exe
Present ! - C:\WINDOWS\system32\drivers\downld\220984.exe
Present ! - C:\WINDOWS\system32\drivers\downld\227734.exe
Present ! - C:\WINDOWS\system32\drivers\downld\233984.exe
Present ! - C:\WINDOWS\system32\drivers\downld\239984.exe
Present ! - C:\WINDOWS\system32\drivers\downld\242484.exe
Present ! - C:\WINDOWS\system32\drivers\downld\243484.exe
Present ! - C:\WINDOWS\system32\drivers\downld\257234.exe
Present ! - C:\WINDOWS\system32\drivers\downld\261484.exe
Present ! - C:\WINDOWS\system32\drivers\downld\287484.exe
Present ! - C:\WINDOWS\system32\drivers\downld\294984.exe
Present ! - C:\WINDOWS\system32\drivers\downld\301234.exe
Present ! - C:\WINDOWS\system32\drivers\downld\303984.exe
Present ! - C:\WINDOWS\system32\drivers\downld\343484.exe
Present ! - C:\WINDOWS\system32\drivers\downld\4483734.exe
Present ! - C:\WINDOWS\system32\drivers\downld\671484.exe
Present ! - C:\WINDOWS\system32\drivers\downld\73852984.exe
Present ! - C:\WINDOWS\system32\drivers\downld\868484.exe
Present ! - C:\WINDOWS\system32\drivers\downld\102375.exe
Present ! - C:\WINDOWS\system32\drivers\downld\109375.exe
Present ! - C:\WINDOWS\system32\drivers\downld\111125.exe
Present ! - C:\WINDOWS\system32\drivers\downld\118375.exe
Present ! - C:\WINDOWS\system32\drivers\downld\1186015.exe
Present ! - C:\WINDOWS\system32\drivers\downld\1219625.exe
Present ! - C:\WINDOWS\system32\drivers\downld\123875.exe
Present ! - C:\WINDOWS\system32\drivers\downld\126265.exe
Present ! - C:\WINDOWS\system32\drivers\downld\126375.exe
Present ! - C:\WINDOWS\system32\drivers\downld\127265.exe
Present ! - C:\WINDOWS\system32\drivers\downld\127625.exe
Present ! - C:\WINDOWS\system32\drivers\downld\127765.exe
Present ! - C:\WINDOWS\system32\drivers\downld\130375.exe
Present ! - C:\WINDOWS\system32\drivers\downld\131515.exe
Present ! - C:\WINDOWS\system32\drivers\downld\134625.exe
Present ! - C:\WINDOWS\system32\drivers\downld\1365515.exe
Present ! - C:\WINDOWS\system32\drivers\downld\136875.exe
Present ! - C:\WINDOWS\system32\drivers\downld\138015.exe
Present ! - C:\WINDOWS\system32\drivers\downld\138515.exe
Present ! - C:\WINDOWS\system32\drivers\downld\144125.exe
Present ! - C:\WINDOWS\system32\drivers\downld\144765.exe
Present ! - C:\WINDOWS\system32\drivers\downld\14706765.exe
Present ! - C:\WINDOWS\system32\drivers\downld\14730515.exe
Present ! - C:\WINDOWS\system32\drivers\downld\14791625.exe
Present ! - C:\WINDOWS\system32\drivers\downld\14799125.exe
Present ! - C:\WINDOWS\system32\drivers\downld\148265.exe
Present ! - C:\WINDOWS\system32\drivers\downld\14916875.exe
Present ! - C:\WINDOWS\system32\drivers\downld\150375.exe
Present ! - C:\WINDOWS\system32\drivers\downld\15045265.exe
Present ! - C:\WINDOWS\system32\drivers\downld\151125.exe
Present ! - C:\WINDOWS\system32\drivers\downld\151625.exe
Present ! - C:\WINDOWS\system32\drivers\downld\153625.exe
Present ! - C:\WINDOWS\system32\drivers\downld\156515.exe
Present ! - C:\WINDOWS\system32\drivers\downld\159265.exe
Present ! - C:\WINDOWS\system32\drivers\downld\159875.exe
Present ! - C:\WINDOWS\system32\drivers\downld\161015.exe
Present ! - C:\WINDOWS\system32\drivers\downld\161375.exe
Present ! - C:\WINDOWS\system32\drivers\downld\161515.exe
Present ! - C:\WINDOWS\system32\drivers\downld\162015.exe
Present ! - C:\WINDOWS\system32\drivers\downld\162515.exe
Present ! - C:\WINDOWS\system32\drivers\downld\16672125.exe
Present ! - C:\WINDOWS\system32\drivers\downld\167265.exe
Present ! - C:\WINDOWS\system32\drivers\downld\169265.exe
Present ! - C:\WINDOWS\system32\drivers\downld\175265.exe
Present ! - C:\WINDOWS\system32\drivers\downld\176875.exe
Present ! - C:\WINDOWS\system32\drivers\downld\177265.exe
Present ! - C:\WINDOWS\system32\drivers\downld\178015.exe
Present ! - C:\WINDOWS\system32\drivers\downld\179765.exe
Present ! - C:\WINDOWS\system32\drivers\downld\180375.exe
Present ! - C:\WINDOWS\system32\drivers\downld\192515.exe
Present ! - C:\WINDOWS\system32\drivers\downld\1944015.exe
0
Réponse 22 / 50
hurbainharder bis depuis un autre pc
20 oct. 2008 à 19:39
suite

Present ! - C:\WINDOWS\system32\drivers\downld\1946765.exe
Present ! - C:\WINDOWS\system32\drivers\downld\197765.exe
Present ! - C:\WINDOWS\system32\drivers\downld\198765.exe
Present ! - C:\WINDOWS\system32\drivers\downld\203125.exe
Present ! - C:\WINDOWS\system32\drivers\downld\205265.exe
Present ! - C:\WINDOWS\system32\drivers\downld\207015.exe
Present ! - C:\WINDOWS\system32\drivers\downld\210875.exe
Present ! - C:\WINDOWS\system32\drivers\downld\214375.exe
Present ! - C:\WINDOWS\system32\drivers\downld\216375.exe
Present ! - C:\WINDOWS\system32\drivers\downld\219375.exe
Present ! - C:\WINDOWS\system32\drivers\downld\222125.exe
Present ! - C:\WINDOWS\system32\drivers\downld\223125.exe
Present ! - C:\WINDOWS\system32\drivers\downld\2322765.exe
Present ! - C:\WINDOWS\system32\drivers\downld\233015.exe
Present ! - C:\WINDOWS\system32\drivers\downld\233265.exe
Present ! - C:\WINDOWS\system32\drivers\downld\234265.exe
Present ! - C:\WINDOWS\system32\drivers\downld\234625.exe
Present ! - C:\WINDOWS\system32\drivers\downld\238125.exe
Present ! - C:\WINDOWS\system32\drivers\downld\239015.exe
Present ! - C:\WINDOWS\system32\drivers\downld\240265.exe
Present ! - C:\WINDOWS\system32\drivers\downld\244015.exe
Present ! - C:\WINDOWS\system32\drivers\downld\245375.exe
Present ! - C:\WINDOWS\system32\drivers\downld\247125.exe
Present ! - C:\WINDOWS\system32\drivers\downld\249125.exe
Present ! - C:\WINDOWS\system32\drivers\downld\2501765.exe
Present ! - C:\WINDOWS\system32\drivers\downld\2527765.exe
Present ! - C:\WINDOWS\system32\drivers\downld\255515.exe
Present ! - C:\WINDOWS\system32\drivers\downld\256125.exe
Present ! - C:\WINDOWS\system32\drivers\downld\256625.exe
Present ! - C:\WINDOWS\system32\drivers\downld\259265.exe
Present ! - C:\WINDOWS\system32\drivers\downld\261125.exe
Present ! - C:\WINDOWS\system32\drivers\downld\273265.exe
Present ! - C:\WINDOWS\system32\drivers\downld\275375.exe
Present ! - C:\WINDOWS\system32\drivers\downld\278265.exe
Present ! - C:\WINDOWS\system32\drivers\downld\278625.exe
Present ! - C:\WINDOWS\system32\drivers\downld\2816515.exe
Present ! - C:\WINDOWS\system32\drivers\downld\286375.exe
Present ! - C:\WINDOWS\system32\drivers\downld\2866515.exe
Present ! - C:\WINDOWS\system32\drivers\downld\293125.exe
Present ! - C:\WINDOWS\system32\drivers\downld\29325625.exe
Present ! - C:\WINDOWS\system32\drivers\downld\301765.exe
Present ! - C:\WINDOWS\system32\drivers\downld\302875.exe
Present ! - C:\WINDOWS\system32\drivers\downld\306515.exe
Present ! - C:\WINDOWS\system32\drivers\downld\316375.exe
Present ! - C:\WINDOWS\system32\drivers\downld\317015.exe
Present ! - C:\WINDOWS\system32\drivers\downld\328515.exe
Present ! - C:\WINDOWS\system32\drivers\downld\336265.exe
Present ! - C:\WINDOWS\system32\drivers\downld\347515.exe
Present ! - C:\WINDOWS\system32\drivers\downld\347625.exe
Present ! - C:\WINDOWS\system32\drivers\downld\393375.exe
Present ! - C:\WINDOWS\system32\drivers\downld\407515.exe
Present ! - C:\WINDOWS\system32\drivers\downld\409765.exe
Present ! - C:\WINDOWS\system32\drivers\downld\435625.exe
Present ! - C:\WINDOWS\system32\drivers\downld\446625.exe
Present ! - C:\WINDOWS\system32\drivers\downld\459625.exe
Present ! - C:\WINDOWS\system32\drivers\downld\464765.exe
Present ! - C:\WINDOWS\system32\drivers\downld\500625.exe
Present ! - C:\WINDOWS\system32\drivers\downld\58834625.exe
Present ! - C:\WINDOWS\system32\drivers\downld\58846875.exe
Present ! - C:\WINDOWS\system32\drivers\downld\58938375.exe
Present ! - C:\WINDOWS\system32\drivers\downld\649515.exe
Present ! - C:\WINDOWS\system32\drivers\downld\652375.exe
Present ! - C:\WINDOWS\system32\drivers\downld\652875.exe
Present ! - C:\WINDOWS\system32\drivers\downld\661265.exe
Present ! - C:\WINDOWS\system32\drivers\downld\676375.exe
Present ! - C:\WINDOWS\system32\drivers\downld\707765.exe
Present ! - C:\WINDOWS\system32\drivers\downld\71265.exe
Present ! - C:\WINDOWS\system32\drivers\downld\73814125.exe
Present ! - C:\WINDOWS\system32\drivers\downld\760125.exe
Present ! - C:\WINDOWS\system32\drivers\downld\772375.exe
Present ! - C:\WINDOWS\system32\drivers\downld\77265.exe
Present ! - C:\WINDOWS\system32\drivers\downld\818265.exe
Present ! - C:\WINDOWS\system32\drivers\downld\8318875.exe
Present ! - C:\WINDOWS\system32\drivers\downld\839265.exe
Present ! - C:\WINDOWS\system32\drivers\downld\905125.exe
Present ! - C:\WINDOWS\system32\drivers\downld\912125.exe
Present ! - C:\WINDOWS\system32\drivers\downld\10329296.exe
Present ! - C:\WINDOWS\system32\drivers\downld\1056546.exe
Present ! - C:\WINDOWS\system32\drivers\downld\1098296.exe
Present ! - C:\WINDOWS\system32\drivers\downld\115296.exe
Present ! - C:\WINDOWS\system32\drivers\downld\117906.exe
Present ! - C:\WINDOWS\system32\drivers\downld\122906.exe
Present ! - C:\WINDOWS\system32\drivers\downld\123046.exe
Present ! - C:\WINDOWS\system32\drivers\downld\1273156.exe
Present ! - C:\WINDOWS\system32\drivers\downld\128906.exe
Present ! - C:\WINDOWS\system32\drivers\downld\130296.exe
Present ! - C:\WINDOWS\system32\drivers\downld\1349296.exe
Present ! - C:\WINDOWS\system32\drivers\downld\141046.exe
Present ! - C:\WINDOWS\system32\drivers\downld\142156.exe
Present ! - C:\WINDOWS\system32\drivers\downld\142796.exe
Present ! - C:\WINDOWS\system32\drivers\downld\143656.exe
Present ! - C:\WINDOWS\system32\drivers\downld\1441406.exe
Present ! - C:\WINDOWS\system32\drivers\downld\14691046.exe
Present ! - C:\WINDOWS\system32\drivers\downld\14700156.exe
Present ! - C:\WINDOWS\system32\drivers\downld\14742046.exe
Present ! - C:\WINDOWS\system32\drivers\downld\14811906.exe
Present ! - C:\WINDOWS\system32\drivers\downld\148656.exe
Present ! - C:\WINDOWS\system32\drivers\downld\14874296.exe
Present ! - C:\WINDOWS\system32\drivers\downld\150046.exe
Present ! - C:\WINDOWS\system32\drivers\downld\151046.exe
Present ! - C:\WINDOWS\system32\drivers\downld\1519296.exe
Present ! - C:\WINDOWS\system32\drivers\downld\1524906.exe
Present ! - C:\WINDOWS\system32\drivers\downld\1527796.exe
Present ! - C:\WINDOWS\system32\drivers\downld\154796.exe
Present ! - C:\WINDOWS\system32\drivers\downld\156406.exe
Present ! - C:\WINDOWS\system32\drivers\downld\15665046.exe
Present ! - C:\WINDOWS\system32\drivers\downld\159546.exe
Present ! - C:\WINDOWS\system32\drivers\downld\161046.exe
Present ! - C:\WINDOWS\system32\drivers\downld\163906.exe
Present ! - C:\WINDOWS\system32\drivers\downld\164156.exe
Present ! - C:\WINDOWS\system32\drivers\downld\165046.exe
Present ! - C:\WINDOWS\system32\drivers\downld\165156.exe
Present ! - C:\WINDOWS\system32\drivers\downld\16539156.exe
Present ! - C:\WINDOWS\system32\drivers\downld\168156.exe
Present ! - C:\WINDOWS\system32\drivers\downld\168906.exe
Present ! - C:\WINDOWS\system32\drivers\downld\170046.exe
Present ! - C:\WINDOWS\system32\drivers\downld\171546.exe
Present ! - C:\WINDOWS\system32\drivers\downld\173046.exe
Present ! - C:\WINDOWS\system32\drivers\downld\175406.exe
Present ! - C:\WINDOWS\system32\drivers\downld\175796.exe
Present ! - C:\WINDOWS\system32\drivers\downld\176406.exe
Present ! - C:\WINDOWS\system32\drivers\downld\177906.exe
Present ! - C:\WINDOWS\system32\drivers\downld\184046.exe
Present ! - C:\WINDOWS\system32\drivers\downld\1867156.exe
Present ! - C:\WINDOWS\system32\drivers\downld\1874656.exe
Present ! - C:\WINDOWS\system32\drivers\downld\191906.exe
Present ! - C:\WINDOWS\system32\drivers\downld\194046.exe
Present ! - C:\WINDOWS\system32\drivers\downld\195046.exe
Present ! - C:\WINDOWS\system32\drivers\downld\195656.exe
Present ! - C:\WINDOWS\system32\drivers\downld\198046.exe
Present ! - C:\WINDOWS\system32\drivers\downld\198406.exe
Present ! - C:\WINDOWS\system32\drivers\downld\205906.exe
Present ! - C:\WINDOWS\system32\drivers\downld\207796.exe
Present ! - C:\WINDOWS\system32\drivers\downld\210296.exe
Present ! - C:\WINDOWS\system32\drivers\downld\213796.exe
Present ! - C:\WINDOWS\system32\drivers\downld\214906.exe
Present ! - C:\WINDOWS\system32\drivers\downld\223546.exe
Present ! - C:\WINDOWS\system32\drivers\downld\226296.exe
Present ! - C:\WINDOWS\system32\drivers\downld\226906.exe
Present ! - C:\WINDOWS\system32\drivers\downld\2298546.exe
Present ! - C:\WINDOWS\system32\drivers\downld\230796.exe
Present ! - C:\WINDOWS\system32\drivers\downld\235796.exe
Present ! - C:\WINDOWS\system32\drivers\downld\237796.exe
Present ! - C:\WINDOWS\system32\drivers\downld\248296.exe
Present ! - C:\WINDOWS\system32\drivers\downld\248656.exe
Present ! - C:\WINDOWS\system32\drivers\downld\249656.exe
Present ! - C:\WINDOWS\system32\drivers\downld\251046.exe
Present ! - C:\WINDOWS\system32\drivers\downld\251906.exe
Present ! - C:\WINDOWS\system32\drivers\downld\256656.exe
Present ! - C:\WINDOWS\system32\drivers\downld\262046.exe
Present ! - C:\WINDOWS\system32\drivers\downld\266156.exe
Present ! - C:\WINDOWS\system32\drivers\downld\270296.exe
Present ! - C:\WINDOWS\system32\drivers\downld\273406.exe
Present ! - C:\WINDOWS\system32\drivers\downld\279656.exe
Present ! - C:\WINDOWS\system32\drivers\downld\280906.exe
Present ! - C:\WINDOWS\system32\drivers\downld\284296.exe
Present ! - C:\WINDOWS\system32\drivers\downld\285296.exe
Present ! - C:\WINDOWS\system32\drivers\downld\287296.exe
Present ! - C:\WINDOWS\system32\drivers\downld\29372656.exe
Present ! - C:\WINDOWS\system32\drivers\downld\294046.exe
Present ! - C:\WINDOWS\system32\drivers\downld\314156.exe
Present ! - C:\WINDOWS\system32\drivers\downld\315156.exe
Present ! - C:\WINDOWS\system32\drivers\downld\336906.exe
Present ! - C:\WINDOWS\system32\drivers\downld\412296.exe
Present ! - C:\WINDOWS\system32\drivers\downld\421546.exe
Present ! - C:\WINDOWS\system32\drivers\downld\634906.exe
Present ! - C:\WINDOWS\system32\drivers\downld\642046.exe
Present ! - C:\WINDOWS\system32\drivers\downld\654046.exe
Present ! - C:\WINDOWS\system32\drivers\downld\669406.exe
Present ! - C:\WINDOWS\system32\drivers\downld\683656.exe
Present ! - C:\WINDOWS\system32\drivers\downld\715906.exe
Present ! - C:\WINDOWS\system32\drivers\downld\72712406.exe
Present ! - C:\WINDOWS\system32\drivers\downld\743546.exe
Present ! - C:\WINDOWS\system32\drivers\downld\828296.exe
Present ! - C:\WINDOWS\system32\drivers\downld\8320406.exe
Present ! - C:\WINDOWS\system32\drivers\downld\8358296.exe
Present ! - C:\WINDOWS\system32\drivers\downld\8361296.exe
Present ! - C:\WINDOWS\system32\drivers\downld\949406.exe
Present ! - C:\WINDOWS\system32\drivers\downld\96546.exe
Present ! - C:\WINDOWS\system32\drivers\downld\99796.exe
Present ! - C:\WINDOWS\system32\drivers\downld\1059687.exe
Present ! - C:\WINDOWS\system32\drivers\downld\112437.exe
Present ! - C:\WINDOWS\system32\drivers\downld\119937.exe
Present ! - C:\WINDOWS\system32\drivers\downld\121937.exe
Present ! - C:\WINDOWS\system32\drivers\downld\1310937.exe
Present ! - C:\WINDOWS\system32\drivers\downld\143687.exe
Present ! - C:\WINDOWS\system32\drivers\downld\144437.exe
Present ! - C:\WINDOWS\system32\drivers\downld\145687.exe
Present ! - C:\WINDOWS\system32\drivers\downld\14747187.exe
Present ! - C:\WINDOWS\system32\drivers\downld\150437.exe
Present ! - C:\WINDOWS\system32\drivers\downld\156437.exe
Present ! - C:\WINDOWS\system32\drivers\downld\158187.exe
Present ! - C:\WINDOWS\system32\drivers\downld\159687.exe
Present ! - C:\WINDOWS\system32\drivers\downld\167187.exe
Present ! - C:\WINDOWS\system32\drivers\downld\167937.exe
Present ! - C:\WINDOWS\system32\drivers\downld\170437.exe
Present ! - C:\WINDOWS\system32\drivers\downld\171437.exe
Present ! - C:\WINDOWS\system32\drivers\downld\176437.exe
Present ! - C:\WINDOWS\system32\drivers\downld\176937.exe
Present ! - C:\WINDOWS\system32\drivers\downld\182937.exe
Present ! - C:\WINDOWS\system32\drivers\downld\1855187.exe
Present ! - C:\WINDOWS\system32\drivers\downld\188937.exe
Present ! - C:\WINDOWS\system32\drivers\downld\194187.exe
Present ! - C:\WINDOWS\system32\drivers\downld\209187.exe
Present ! - C:\WINDOWS\system32\drivers\downld\218937.exe
Present ! - C:\WINDOWS\system32\drivers\downld\223687.exe
Present ! - C:\WINDOWS\system32\drivers\downld\230937.exe
Present ! - C:\WINDOWS\system32\drivers\downld\2349937.exe
Present ! - C:\WINDOWS\system32\drivers\downld\238687.exe
Present ! - C:\WINDOWS\system32\drivers\downld\238937.exe
Present ! - C:\WINDOWS\system32\drivers\downld\247187.exe
Present ! - C:\WINDOWS\system32\drivers\downld\2475437.exe
Present ! - C:\WINDOWS\system32\drivers\downld\249687.exe
Present ! - C:\WINDOWS\system32\drivers\downld\2522687.exe
Present ! - C:\WINDOWS\system32\drivers\downld\258437.exe
Present ! - C:\WINDOWS\system32\drivers\downld\2606187.exe
Present ! - C:\WINDOWS\system32\drivers\downld\279437.exe
Present ! - C:\WINDOWS\system32\drivers\downld\292187.exe
Present ! - C:\WINDOWS\system32\drivers\downld\294187.exe
Present ! - C:\WINDOWS\system32\drivers\downld\336437.exe
Present ! - C:\WINDOWS\system32\drivers\downld\44183937.exe
Present ! - C:\WINDOWS\system32\drivers\downld\520687.exe
Present ! - C:\WINDOWS\system32\drivers\downld\59211937.exe
Present ! - C:\WINDOWS\system32\drivers\downld\617687.exe
Present ! - C:\WINDOWS\system32\drivers\downld\930687.exe
Present ! - C:\WINDOWS\system32\drivers\downld\97937.exe
Present ! - C:\WINDOWS\system32\drivers\downld\104578.exe
Present ! - C:\WINDOWS\system32\drivers\downld\108218.exe
Present ! - C:\WINDOWS\system32\drivers\downld\1094578.exe
Present ! - C:\WINDOWS\system32\drivers\downld\113468.exe
Present ! - C:\WINDOWS\system32\drivers\downld\117328.exe
Present ! - C:\WINDOWS\system32\drivers\downld\119078.exe
Present ! - C:\WINDOWS\system32\drivers\downld\119468.exe
Present ! - C:\WINDOWS\system32\drivers\downld\1215328.exe
Present ! - C:\WINDOWS\system32\drivers\downld\126328.exe
Present ! - C:\WINDOWS\system32\drivers\downld\126718.exe
Present ! - C:\WINDOWS\system32\drivers\downld\127328.exe
Present ! - C:\WINDOWS\system32\drivers\downld\131828.exe
Present ! - C:\WINDOWS\system32\drivers\downld\132828.exe
Present ! - C:\WINDOWS\system32\drivers\downld\132968.exe
Present ! - C:\WINDOWS\system32\drivers\downld\133578.exe
Present ! - C:\WINDOWS\system32\drivers\downld\1344718.exe
Present ! - C:\WINDOWS\system32\drivers\downld\139328.exe
Present ! - C:\WINDOWS\system32\drivers\downld\140078.exe
Present ! - C:\WINDOWS\system32\drivers\downld\140468.exe
Present ! - C:\WINDOWS\system32\drivers\downld\1448468.exe
Present ! - C:\WINDOWS\system32\drivers\downld\145328.exe
Present ! - C:\WINDOWS\system32\drivers\downld\14687578.exe
Present ! - C:\WINDOWS\system32\drivers\downld\14702328.exe
Present ! - C:\WINDOWS\system32\drivers\downld\14719968.exe
Present ! - C:\WINDOWS\system32\drivers\downld\14736328.exe
Present ! - C:\WINDOWS\system32\drivers\downld\14829718.exe
Present ! - C:\WINDOWS\system32\drivers\downld\148578.exe
Present ! - C:\WINDOWS\system32\drivers\downld\14896328.exe
Present ! - C:\WINDOWS\system32\drivers\downld\15024968.exe
Present ! - C:\WINDOWS\system32\drivers\downld\150718.exe
Present ! - C:\WINDOWS\system32\drivers\downld\152578.exe
Present ! - C:\WINDOWS\system32\drivers\downld\153218.exe
Present ! - C:\WINDOWS\system32\drivers\downld\153828.exe
Present ! - C:\WINDOWS\system32\drivers\downld\154328.exe
Present ! - C:\WINDOWS\system32\drivers\downld\157828.exe
Present ! - C:\WINDOWS\system32\drivers\downld\161578.exe
Present ! - C:\WINDOWS\system32\drivers\downld\165828.exe
Present ! - C:\WINDOWS\system32\drivers\downld\173078.exe
Present ! - C:\WINDOWS\system32\drivers\downld\173828.exe
Present ! - C:\WINDOWS\system32\drivers\downld\175968.exe
Present ! - C:\WINDOWS\system32\drivers\downld\177468.exe
Present ! - C:\WINDOWS\system32\drivers\downld\186468.exe
Present ! - C:\WINDOWS\system32\drivers\downld\186718.exe
Present ! - C:\WINDOWS\system32\drivers\downld\188968.exe
Present ! - C:\WINDOWS\system32\drivers\downld\189578.exe
Present ! - C:\WINDOWS\system32\drivers\downld\1938468.exe
Present ! - C:\WINDOWS\system32\drivers\downld\195468.exe
Present ! - C:\WINDOWS\system32\drivers\downld\199328.exe
Present ! - C:\WINDOWS\system32\drivers\downld\2007218.exe
Present ! - C:\WINDOWS\system32\drivers\downld\201578.exe
Present ! - C:\WINDOWS\system32\drivers\downld\208828.exe
Present ! - C:\WINDOWS\system32\drivers\downld\213718.exe
Present ! - C:\WINDOWS\system32\drivers\downld\219078.exe
Present ! - C:\WINDOWS\system32\drivers\downld\233078.exe
Present ! - C:\WINDOWS\system32\drivers\downld\2343968.exe
0
Réponse 23 / 50
hurbainharder bis depuis un autre pc
20 oct. 2008 à 19:45
et la dernier partie

Present ! - C:\WINDOWS\system32\drivers\downld\236578.exe
Present ! - C:\WINDOWS\system32\drivers\downld\237828.exe
Present ! - C:\WINDOWS\system32\drivers\downld\238468.exe
Present ! - C:\WINDOWS\system32\drivers\downld\239578.exe
Present ! - C:\WINDOWS\system32\drivers\downld\241578.exe
Present ! - C:\WINDOWS\system32\drivers\downld\245968.exe
Present ! - C:\WINDOWS\system32\drivers\downld\253218.exe
Present ! - C:\WINDOWS\system32\drivers\downld\255078.exe
Present ! - C:\WINDOWS\system32\drivers\downld\255328.exe
Present ! - C:\WINDOWS\system32\drivers\downld\256718.exe
Present ! - C:\WINDOWS\system32\drivers\downld\258968.exe
Present ! - C:\WINDOWS\system32\drivers\downld\259218.exe
Present ! - C:\WINDOWS\system32\drivers\downld\259328.exe
Present ! - C:\WINDOWS\system32\drivers\downld\264578.exe
Present ! - C:\WINDOWS\system32\drivers\downld\268078.exe
Present ! - C:\WINDOWS\system32\drivers\downld\268218.exe
Present ! - C:\WINDOWS\system32\drivers\downld\2727078.exe
Present ! - C:\WINDOWS\system32\drivers\downld\273828.exe
Present ! - C:\WINDOWS\system32\drivers\downld\278718.exe
Present ! - C:\WINDOWS\system32\drivers\downld\279468.exe
Present ! - C:\WINDOWS\system32\drivers\downld\284828.exe
Present ! - C:\WINDOWS\system32\drivers\downld\2896218.exe
Present ! - C:\WINDOWS\system32\drivers\downld\291468.exe
Present ! - C:\WINDOWS\system32\drivers\downld\293078.exe
Present ! - C:\WINDOWS\system32\drivers\downld\295718.exe
Present ! - C:\WINDOWS\system32\drivers\downld\303328.exe
Present ! - C:\WINDOWS\system32\drivers\downld\306578.exe
Present ! - C:\WINDOWS\system32\drivers\downld\310828.exe
Present ! - C:\WINDOWS\system32\drivers\downld\316218.exe
Present ! - C:\WINDOWS\system32\drivers\downld\333078.exe
Present ! - C:\WINDOWS\system32\drivers\downld\336828.exe
Present ! - C:\WINDOWS\system32\drivers\downld\342468.exe
Present ! - C:\WINDOWS\system32\drivers\downld\347078.exe
Present ! - C:\WINDOWS\system32\drivers\downld\359468.exe
Present ! - C:\WINDOWS\system32\drivers\downld\383078.exe
Present ! - C:\WINDOWS\system32\drivers\downld\385828.exe
Present ! - C:\WINDOWS\system32\drivers\downld\404218.exe
Present ! - C:\WINDOWS\system32\drivers\downld\432968.exe
Present ! - C:\WINDOWS\system32\drivers\downld\44265328.exe
Present ! - C:\WINDOWS\system32\drivers\downld\455328.exe
Present ! - C:\WINDOWS\system32\drivers\downld\673468.exe
Present ! - C:\WINDOWS\system32\drivers\downld\690468.exe
Present ! - C:\WINDOWS\system32\drivers\downld\731828.exe
Present ! - C:\WINDOWS\system32\drivers\downld\73987078.exe
Present ! - C:\WINDOWS\system32\drivers\downld\8311468.exe
Present ! - C:\WINDOWS\system32\drivers\downld\8432468.exe
Present ! - C:\WINDOWS\system32\drivers\downld\85078.exe
Present ! - C:\WINDOWS\system32\drivers\downld\909828.exe
Present ! - C:\WINDOWS\system32\drivers\downld\95218.exe
Present ! - C:\WINDOWS\system32\drivers\downld\99078.exe
Present ! - C:\WINDOWS\system32\drivers\downld\105359.exe
Present ! - C:\WINDOWS\system32\drivers\downld\115359.exe
Present ! - C:\WINDOWS\system32\drivers\downld\122609.exe
Present ! - C:\WINDOWS\system32\drivers\downld\123609.exe
Present ! - C:\WINDOWS\system32\drivers\downld\126609.exe
Present ! - C:\WINDOWS\system32\drivers\downld\127359.exe
Present ! - C:\WINDOWS\system32\drivers\downld\1328859.exe
Present ! - C:\WINDOWS\system32\drivers\downld\136609.exe
Present ! - C:\WINDOWS\system32\drivers\downld\137609.exe
Present ! - C:\WINDOWS\system32\drivers\downld\139359.exe
Present ! - C:\WINDOWS\system32\drivers\downld\1395609.exe
Present ! - C:\WINDOWS\system32\drivers\downld\1424859.exe
Present ! - C:\WINDOWS\system32\drivers\downld\14706859.exe
Present ! - C:\WINDOWS\system32\drivers\downld\14734359.exe
Present ! - C:\WINDOWS\system32\drivers\downld\14742359.exe
Present ! - C:\WINDOWS\system32\drivers\downld\148859.exe
Present ! - C:\WINDOWS\system32\drivers\downld\14906609.exe
Present ! - C:\WINDOWS\system32\drivers\downld\149109.exe
Present ! - C:\WINDOWS\system32\drivers\downld\152859.exe
Present ! - C:\WINDOWS\system32\drivers\downld\153359.exe
Present ! - C:\WINDOWS\system32\drivers\downld\1556859.exe
Present ! - C:\WINDOWS\system32\drivers\downld\15624359.exe
Present ! - C:\WINDOWS\system32\drivers\downld\164109.exe
Present ! - C:\WINDOWS\system32\drivers\downld\165859.exe
Present ! - C:\WINDOWS\system32\drivers\downld\167109.exe
Present ! - C:\WINDOWS\system32\drivers\downld\168609.exe
Present ! - C:\WINDOWS\system32\drivers\downld\192859.exe
Present ! - C:\WINDOWS\system32\drivers\downld\197359.exe
Present ! - C:\WINDOWS\system32\drivers\downld\201859.exe
Present ! - C:\WINDOWS\system32\drivers\downld\202609.exe
Present ! - C:\WINDOWS\system32\drivers\downld\212859.exe
Present ! - C:\WINDOWS\system32\drivers\downld\215859.exe
Present ! - C:\WINDOWS\system32\drivers\downld\225359.exe
Present ! - C:\WINDOWS\system32\drivers\downld\227609.exe
Present ! - C:\WINDOWS\system32\drivers\downld\2300859.exe
Present ! - C:\WINDOWS\system32\drivers\downld\231359.exe
Present ! - C:\WINDOWS\system32\drivers\downld\240859.exe
Present ! - C:\WINDOWS\system32\drivers\downld\241109.exe
Present ! - C:\WINDOWS\system32\drivers\downld\242859.exe
Present ! - C:\WINDOWS\system32\drivers\downld\246109.exe
Present ! - C:\WINDOWS\system32\drivers\downld\2463609.exe
Present ! - C:\WINDOWS\system32\drivers\downld\257609.exe
Present ! - C:\WINDOWS\system32\drivers\downld\264359.exe
Present ! - C:\WINDOWS\system32\drivers\downld\271609.exe
Present ! - C:\WINDOWS\system32\drivers\downld\2739859.exe
Present ! - C:\WINDOWS\system32\drivers\downld\2741109.exe
Present ! - C:\WINDOWS\system32\drivers\downld\274609.exe
Present ! - C:\WINDOWS\system32\drivers\downld\2798609.exe
Present ! - C:\WINDOWS\system32\drivers\downld\282109.exe
Present ! - C:\WINDOWS\system32\drivers\downld\29455609.exe
Present ! - C:\WINDOWS\system32\drivers\downld\29539609.exe
Present ! - C:\WINDOWS\system32\drivers\downld\308859.exe
Present ! - C:\WINDOWS\system32\drivers\downld\373109.exe
Present ! - C:\WINDOWS\system32\drivers\downld\404859.exe
Present ! - C:\WINDOWS\system32\drivers\downld\413609.exe
Present ! - C:\WINDOWS\system32\drivers\downld\44098359.exe
Present ! - C:\WINDOWS\system32\drivers\downld\460859.exe
Present ! - C:\WINDOWS\system32\drivers\downld\59080609.exe
Present ! - C:\WINDOWS\system32\drivers\downld\633859.exe
Present ! - C:\WINDOWS\system32\drivers\downld\666109.exe
Present ! - C:\WINDOWS\system32\drivers\downld\73793859.exe
Present ! - C:\WINDOWS\system32\drivers\downld\74130359.exe
Present ! - C:\WINDOWS\system32\drivers\downld\753609.exe
Present ! - C:\WINDOWS\system32\drivers\downld\775859.exe
Present ! - C:\WINDOWS\system32\drivers\downld\8412609.exe
Present ! - C:\WINDOWS\system32\drivers\downld\855609.exe
Present ! - C:\WINDOWS\system32\drivers\downld\895859.exe
Present ! - C:\WINDOWS\system32\drivers\downld\935109.exe
Present ! - C:\WINDOWS\system32\drivers\downld\97609.exe

»»»» Presence des fichiers dans C:\Documents and Settings\hurbainharder\Application Data

Présent ! - "C:\Documents and Settings\hurbainharder\Application Data\m\flec006.exe"
Présent ! - "C:\Documents and Settings\hurbainharder\Application Data\m\list.oct"
Présent ! - "C:\Documents and Settings\hurbainharder\Application Data\m\data.oct"
Présent ! - "C:\Documents and Settings\hurbainharder\Application Data\m\srvlist.oct"
Présent ! - "C:\Documents and Settings\hurbainharder\Application Data\m\shared"
Présent ! - "C:\Documents and Settings\hurbainharder\Application Data\m"

»»»» Presence des fichiers dans C:\DOCUME~1\HURBAI~1\LOCALS~1\Temp

Présent ! - C:\DOCUME~1\HURBAI~1\LOCALS~1\Temp\N360.2.0.0.242\N360\Setup\patch25.dll
Présent ! - C:\DOCUME~1\HURBAI~1\LOCALS~1\Temp\N360.2.0.0.242\N360\Setup\NORTON\App\patch25d.dll
Présent ! - C:\DOCUME~1\HURBAI~1\LOCALS~1\Temp\N360.2.0.0.242\Support\AV\patch25.dll
Présent ! - C:\DOCUME~1\HURBAI~1\LOCALS~1\Temp\N360.2.0.0.242\Support\NCO\NCO\patch25.dll
Présent ! - C:\DOCUME~1\HURBAI~1\LOCALS~1\Temp\N360.2.0.0.242\Support\NCO\NCO\APP\Patch25d.dll

--------------- [ Registre / Startup ] ----------------


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
ATICCC REG_SZ "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
DLA REG_SZ C:\WINDOWS\System32\DLA\DLACTRLW.EXE
SbUsb AudCtrl REG_SZ RunDll32 sbusbdll.dll,RCMonitor
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
UserFaultCheck REG_EXPAND_SZ %systemroot%\system32\dumprep 0 -u
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
Acrobat Assistant 8.0 REG_SZ "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
<NO NAME> REG_SZ
Adobe_ID0EYTHM REG_SZ C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
Launch Ai Booster REG_SZ "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
egui REG_SZ "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} REG_SZ "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
ccleaner REG_SZ "C:\Program Files\CCleaner\CCleaner.exe" /AUTO

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater

--------------- [ Registre / Clés infectieuses ] ----------------


Présent ! - HKEY_USERS\S-1-5-21-73586283-963894560-1801674531-1003\Software\Local AppWizard-Generated Applications\hldrrr
Présent ! - HKEY_USERS\S-1-5-21-73586283-963894560-1801674531-1003\Software\Local AppWizard-Generated Applications\mdelk
Présent ! - HKEY_USERS\S-1-5-21-73586283-963894560-1801674531-1003\Software\Local AppWizard-Generated Applications\nideiect
Présent ! - HKEY_USERS\S-1-5-21-73586283-963894560-1801674531-1003\Software\DateTime4
Présent ! - HKEY_USERS\S-1-5-21-73586283-963894560-1801674531-1003\Software\FFC
Présent ! - HKEY_USERS\S-1-5-21-73586283-963894560-1801674531-1003\Software\FirstRRRun
Présent ! - HKEY_USERS\S-1-5-21-73586283-963894560-1801674531-1003\Software\FirtR
Présent ! - HKEY_USERS\S-1-5-21-73586283-963894560-1801674531-1003\Software\MuleAppData
Présent ! - HKEY_USERS\S-1-5-21-73586283-963894560-1801674531-1003\Software\XEW
Présent ! - HKEY_USERS\S-1-5-21-73586283-963894560-1801674531-1003\Software\XYZ
Présent ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\hldrrr
Présent ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\mdelk
Présent ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\nideiect
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Présent ! - HKEY_CURRENT_USER\Software\DateTime4
Présent ! - HKEY_CURRENT_USER\Software\XYZ
Présent ! - HKEY_CURRENT_USER\Software\XEW
Présent ! - HKEY_CURRENT_USER\Software\FirtR
Présent ! - HKEY_CURRENT_USER\Software\FirstRRRun

--------------- [ Etat / Services ] ----------------


+- Services : [ Auto=2 Demande=3 Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

/!\ Ip6Fw - Type de démarrage = 4

/!\ SharedAccess - Type de démarrage = 4

/!\ wuauserv - Type de démarrage = 4

/!\ wscsvc - Type de démarrage = 4



--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Fixed Drive

H: - CD-ROM Drive

K: - Fixed Drive

N: - Fixed Drive


+- Contenu de l'autorun : H:\autorun.inf

[autorun]
open = ASUSACPI.exe
icon = asus.ico


+- Contenu de l'autorun : K:\autorun.inf



+- Contenu de l'autorun : N:\autorun.inf



+- presence des fichiers :

Présent ! - H:\autorun.inf
Présent ! - K:\autorun.inf
K:\autorun.inf - dossier autorun.inf cree par flash disinfector !
Présent ! - N:\autorun.inf
N:\autorun.inf - dossier autorun.inf cree par flash disinfector !


--------------- [ Registre / Moutpoint2 ] ----------------

Present ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1551d4fe-eba1-11dc-8662-0010b547fe59}\Shell\AutoRun\command
Present ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1551d4fe-eba1-11dc-8662-0010b547fe59}\Shell\explore\Command
Present ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1551d4fe-eba1-11dc-8662-0010b547fe59}\Shell\open\Command
Present ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49da7294-e09d-11dc-864e-0010b547fe59}\Shell\AutoRun\command
Present ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49da7294-e09d-11dc-864e-0010b547fe59}\Shell\explore\Command
Present ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49da7294-e09d-11dc-864e-0010b547fe59}\Shell\open\Command


------------------- ! Fin du rapport ! --------------------

que faire maintenant
0
Réponse 24 / 50
hurbainharder
23 oct. 2008 à 19:26
j ai essayer deux fois a chaque fois il y a qu un seul redemarrage de plus au redemarage je tombe sur mon le choix des compte .
que faire
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 50
hurbainharder
25 oct. 2008 à 16:07
Nº Total de Directorios: 12985
Nº Total de Ficheros: 122456
Nº de Ficheros Analizados: 13930
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Thu Oct 23 20:53:52 2008
EliBagle v11.89 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\HURBAINHARDER\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Thu Oct 23 20:54:17 2008
EliBagle v11.89 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Thu Oct 23 20:54:18 2008
EliBagle v11.89 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Thu Oct 23 20:54:56 2008
EliBagle v11.89 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\HURBAINHARDER\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Thu Oct 23 20:55:12 2008
EliBagle v11.89 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Thu Oct 23 20:56:07 2008
EliBagle v11.89 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\HURBAINHARDER\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Thu Oct 23 20:56:15 2008
EliBagle v11.89 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 12986
Nº Total de Ficheros: 122511
Nº de Ficheros Analizados: 13932
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Nº Total de Directorios: 12986
Nº Total de Ficheros: 122511
Nº de Ficheros Analizados: 13932
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Nº Total de Directorios: 12987
Nº Total de Ficheros: 122516
Nº de Ficheros Analizados: 13936
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Nº Total de Directorios: 12985
Nº Total de Ficheros: 122503
Nº de Ficheros Analizados: 13928
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Thu Oct 23 21:12:18 2008
EliBagle v11.89 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Thu Oct 23 21:12:21 2008
EliBagle v11.89 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Thu Oct 23 21:12:22 2008
EliBagle v11.89 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Thu Oct 23 21:12:25 2008
EliBagle v11.89 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 12985
Nº Total de Ficheros: 122503
Nº de Ficheros Analizados: 13928
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Nº Total de Directorios: 12985
Nº Total de Ficheros: 122503
Nº de Ficheros Analizados: 13928
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Nº Total de Directorios: 12985
Nº Total de Ficheros: 122503
Nº de Ficheros Analizados: 13928
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Nº Total de Directorios: 12985
Nº Total de Ficheros: 122503
Nº de Ficheros Analizados: 13928
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Fri Oct 24 20:04:51 2008
EliBagle v11.89 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\HURBAINHARDER\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Fri Oct 24 20:05:11 2008
EliBagle v11.89 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 12985
Nº Total de Ficheros: 122526
Nº de Ficheros Analizados: 13928
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Fri Oct 24 20:19:16 2008
EliBagle v11.89 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 3236
Nº Total de Ficheros: 23299
Nº de Ficheros Analizados: 998
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Exploración Detenida por el Usuario.

Fri Oct 24 20:19:56 2008
EliBagle v11.89 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 4518
Nº Total de Ficheros: 34803
Nº de Ficheros Analizados: 1233
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Exploración Detenida por el Usuario.

Fri Oct 24 20:20:42 2008
EliBagle v11.89 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 12985
Nº Total de Ficheros: 122560
Nº de Ficheros Analizados: 13928
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Fri Oct 24 20:28:55 2008
EliBagle v11.89 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\HURBAINHARDER\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Fri Oct 24 20:29:38 2008
EliBagle v11.89 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 12985
Nº Total de Ficheros: 122561
Nº de Ficheros Analizados: 13928
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
0
Réponse 26 / 50
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
25 oct. 2008 à 16:12
Il est coriace ce bagle.

Essaie avec Combofix renommé en combo-fix.exe.

A+
0
Réponse 27 / 50
hurbainharder
25 oct. 2008 à 16:35
meme en le renommant ca fait application win32 invalid

que faire ????
0
Réponse 28 / 50
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
25 oct. 2008 à 16:42
As-tu reessayé avec FindyKill, option 2.
Pour les deux redémarrages, il faut que tu choisisses ton compte lors des redémarrages.
je te remets le lien du message :
http://www.commentcamarche.net/forum/affich 8948877 pc infecte par brontok a et cpu toujours 100?page=2#24

1) Tu télécharges MalwareBytes.
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Tu l'installes. Choisis les options par défaut.
A la fin de l’installation, il te sera demandé de mettre à jour MalwareBytes et de l’éxecuter .
Accepte. Après la, mise à jour, le logiciel va s’ouvrir.

Dans l’onglet Recherche, sélectionne Exécuter un examen complet.
Clique sur recherche. Tu ne sélectionnes que les disques durs de l’ordinateur.
Clique sur lancer l’examen.

A la fin de la recherche, comme il est demandé, clique sur afficher les résultats.
Si des infections sont trouvées, clique sur Supprimer la sélection.
Tu postes le rapport dans ton prochain message ainsi qu'un nouveau rapport Hijackthis.

Si tu ne retrouves pas le rapport, ouvre MalwareBytes et regarde dans l’onglet Rapport/logs< . Il y est. Clique dessus et choisir ouvrir.

2) Repasse Elibagla et poste le rapport.

A+
0
Réponse 29 / 50
hurbainharder
25 oct. 2008 à 20:05
juste une question j ai plus 800Go de peripherique de stockageexterne (muisic et film) le scan de malwarebytes tourne depuis 3h15 et j ai l impression que le malware met 30 a 40 seconde par fichier pour les analyser?
es ce normal??
0
Réponse 30 / 50
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
26 oct. 2008 à 01:54
C'est tout à fait normal.

Si tu as interrrompu le scan, fais ce qui suit :

- Supprime FindyKill que tu avais chargé. Il y a eu une mise à jour depuis.

- On va enlever les logiciels qui ont été utilisés.
Télécharge ToolsCleaner .sur le bureau
http://pc-system.fr/

Double-clique sur ToolsCleaner2.exe --> Recherche --> Suppression.
Il est possible que ton bureau disparaisse.

Fais un copier/coller du rapport qui se trouve dans C:\TCleaner.txt

- Télécharge FindyKill :
Fais un clic droit sur le lien, enregister sous --> choisis sur le bureau
http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

Supprime Elibagla si tu l’as téléchargé ( risque de conflit entre les deux outils )

Fais un clic droit sur le lien, enregister sous .....sur le bureau

Dezippe le sur le bureau
Entre dans le dossier FindyKill

double clique sur FindyKill.exe
Tu choisis immédiatement l'option 2
Poste le rapport.

Et celui de toolsCleaner.

A+
0
Réponse 31 / 50
hurbainharder
26 oct. 2008 à 12:13
Malwarebytes' Anti-Malware 1.30
Database version: 1319
Windows 5.1.2600 Service Pack 2

10/26/2008 11:51:55 AM
mbam-log-2008-10-26 (11-51-55).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|J:\|K:\|N:\|)
Objects scanned: 232209
Time elapsed: 5 hour(s), 9 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> Files: 922 -> Quarantined and deleted successfully.
C:\Documents and Settings\hurbainharder\Application Data\m (Trojan.Agent) -> Delete on reboot.

Files Infected:
C:\WINDOWS\system32\drivers\downld\130296.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\144437.exe (Worm.Bagle) -> Quarantined and deleted successfully.
N:\System Volume Information\_restore{9F879C43-8C56-4EE4-8E79-B9198CB4BD50}\RP1094\A0344507.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\Documents and Settings\hurbainharder\Application Data\m\flec006.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\hldrrr.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\srosa.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.



puis le rapport d eligibla


Nº Total de Directorios: 12985
Nº Total de Ficheros: 122456
Nº de Ficheros Analizados: 13930
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Thu Oct 23 20:53:52 2008
EliBagle v11.89 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\HURBAINHARDER\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Thu Oct 23 20:54:17 2008
EliBagle v11.89 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Thu Oct 23 20:54:18 2008
EliBagle v11.89 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Thu Oct 23 20:54:56 2008
EliBagle v11.89 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\HURBAINHARDER\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Thu Oct 23 20:55:12 2008
EliBagle v11.89 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Thu Oct 23 20:56:07 2008
EliBagle v11.89 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\HURBAINHARDER\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Thu Oct 23 20:56:15 2008
EliBagle v11.89 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 12986
Nº Total de Ficheros: 122511
Nº de Ficheros Analizados: 13932
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Nº Total de Directorios: 12986
Nº Total de Ficheros: 122511
Nº de Ficheros Analizados: 13932
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Nº Total de Directorios: 12987
Nº Total de Ficheros: 122516
Nº de Ficheros Analizados: 13936
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Nº Total de Directorios: 12985
Nº Total de Ficheros: 122503
Nº de Ficheros Analizados: 13928
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Thu Oct 23 21:12:18 2008
EliBagle v11.89 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Thu Oct 23 21:12:21 2008
EliBagle v11.89 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Thu Oct 23 21:12:22 2008
EliBagle v11.89 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Thu Oct 23 21:12:25 2008
EliBagle v11.89 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 12985
Nº Total de Ficheros: 122503
Nº de Ficheros Analizados: 13928
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Nº Total de Directorios: 12985
Nº Total de Ficheros: 122503
Nº de Ficheros Analizados: 13928
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Nº Total de Directorios: 12985
Nº Total de Ficheros: 122503
Nº de Ficheros Analizados: 13928
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Nº Total de Directorios: 12985
Nº Total de Ficheros: 122503
Nº de Ficheros Analizados: 13928
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Fri Oct 24 20:04:51 2008
EliBagle v11.89 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\HURBAINHARDER\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Fri Oct 24 20:05:11 2008
EliBagle v11.89 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 12985
Nº Total de Ficheros: 122526
Nº de Ficheros Analizados: 13928
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Fri Oct 24 20:19:16 2008
EliBagle v11.89 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 3236
Nº Total de Ficheros: 23299
Nº de Ficheros Analizados: 998
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Exploración Detenida por el Usuario.

Fri Oct 24 20:19:56 2008
EliBagle v11.89 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 4518
Nº Total de Ficheros: 34803
Nº de Ficheros Analizados: 1233
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Exploración Detenida por el Usuario.

Fri Oct 24 20:20:42 2008
EliBagle v11.89 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 12985
Nº Total de Ficheros: 122560
Nº de Ficheros Analizados: 13928
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Fri Oct 24 20:28:55 2008
EliBagle v11.89 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\HURBAINHARDER\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Fri Oct 24 20:29:38 2008
EliBagle v11.89 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 12985
Nº Total de Ficheros: 122561
Nº de Ficheros Analizados: 13928
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Oct 26 11:57:37 2008
EliBagle v11.89 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):

Sun Oct 26 11:57:39 2008
EliBagle v11.89 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\WINDOWS\system32\drivers\MDELK.EXE --> Eliminado Bagle.dldr

Nº Total de Directorios: 13207
Nº Total de Ficheros: 125902
Nº de Ficheros Analizados: 14293
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1


je commence le processus dernier
0
Réponse 32 / 50
hurbainharder
26 oct. 2008 à 14:57
[ Rapport ToolsCleaner version 2.2.4 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Infosat.txt: trouvé !
C:\FindyKill.txt: trouvé !
C:\avenger: trouvé !
C:\_OtMoveIt: trouvé !
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis: trouvé !
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\hurbainharder\Desktop\OtMoveIt2.exe: trouvé !
C:\Documents and Settings\hurbainharder\Desktop\HijackThis.exe: trouvé !
C:\Documents and Settings\hurbainharder\Desktop\HJTInstall.exe: trouvé !
C:\Documents and Settings\hurbainharder\My Documents\ComboFix.exe: trouvé !
C:\Program Files\FindyKill: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\hurbainharder\Desktop\OtMoveIt2.exe: supprimé !
C:\Documents and Settings\hurbainharder\Desktop\HijackThis.exe: supprimé !
C:\Documents and Settings\hurbainharder\Desktop\HJTInstall.exe: supprimé !
C:\Documents and Settings\hurbainharder\My Documents\ComboFix.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Infosat.txt: supprimé !
C:\FindyKill.txt: supprimé !
C:\avenger: supprimé !
C:\_OtMoveIt: supprimé !
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis: supprimé !
C:\Program Files\FindyKill: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Corbeille vidée!

puis findykill




----------------- FindyKill V4.095 ------------------

* User : hurbainharder - STICK-8D24848FE
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 24/10/08 par Chiquitine29
* Suppression effectuée à 14:49:40 le Sun 10/26/2008
* Windows XP - Internet Explorer 7.0.5730.13


((((((((((((((( *** Suppression *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\userinit.exe
C:\WINDOWS\system32\spoolsv.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Suppression des fichiers dans C:


»»»» Suppression des fichiers dans C:\WINDOWS


»»»» Suppression des fichiers dans C:\WINDOWS\Prefetch

Supprimé ! - C:\WINDOWS\Prefetch\WINTEMS.EXE-26D98C75.pf

»»»» Suppression des fichiers dans C:\WINDOWS\system32


»»»» Suppression des fichiers dans C:\WINDOWS\system32\drivers


»»»» Suppression des fichiers dans C:\Documents and Settings\hurbainharder\Application Data


»»»» Suppression des fichiers dans C:\DOCUME~1\HURBAI~1\LOCALS~1\Temp

Supprimé ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Supprimé ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA

--------------- [ Registre / Clés infectieuses ] ----------------


-> Certaines clés ont été supprimées au premier reboot ...

--------------- [ Etat / Redémarage des services ] ----------------


+- Services : [ Auto=2 Demande=3 Désactivé=4 ]

Ndisuio - Type de démarrage = 3

Ip6Fw - Type de démarrage = 2

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2


--------------- [ Nettoyage des supports amovibles ] ----------------

+- Informations :

C: - Fixed Drive

H: - CD-ROM Drive


+- Suppression des fichiers :

Echec de la supression !! - H:\autorun.inf

--------------- [ Registre / Moutpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1551d4fe-eba1-11dc-8662-0010b547fe59}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1551d4fe-eba1-11dc-8662-0010b547fe59}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1551d4fe-eba1-11dc-8662-0010b547fe59}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49da7294-e09d-11dc-864e-0010b547fe59}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49da7294-e09d-11dc-864e-0010b547fe59}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49da7294-e09d-11dc-864e-0010b547fe59}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cba0762e-f8d8-11dc-8677-0010b547fe59}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cba0762e-f8d8-11dc-8677-0010b547fe59}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cba0762e-f8d8-11dc-8677-0010b547fe59}\Shell\open\Command

--------------- [ Recherche Cracks / Keygen ] ----------------



---------------- ! Fin du rapport ! ------------------

que faire maintenant???
0
Réponse 33 / 50
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
26 oct. 2008 à 15:06
OK, on a fait un pas en avant.
On va le vérifier avec ComBoFix qui devrait maintenant passer.

1) Tu vas télécharger ComBoFix et enregistre le sur ton bureau ( important pour la suite )
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

déconnecte toi du net.
Désactive les protections résidentes de ton ordinateur ( antivirus, antispyware et parefeu )
Branche tes différents supports amovibles ( clés USB, disque dur externe ) sans les ouvrir.

Lance Combofix.exe et suis les invites.
Il est possible que ComBoFix redémarre l’ordinateur pour supprimer certains fichiers.

Une fois le scan fini, un rapport va apparaitre.
Copie/colle ce rapport dans ta prochaine réponse.
Si tu ne le trouves pas, il est à C:\ComboFix.txt.

2) Télécharge et installe HijackThis .
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

Choisir « Download Hijackthis Installer »
Après l'installation, un raccourci sera crée sur le bureau. Double-clique dessus pour le lancer.

Choisir l'option Do a system scan and save a logfile.
Le rapport va s'ouvrir. Tu copies/colles le contenu de ce rapport dans ton prochain message

A+
0
Réponse 34 / 50
hurbainharder
26 oct. 2008 à 15:31
ComboFix 08-10-25.01 - hurbainharder 2008-10-26 15:16:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1461 [GMT 1:00]
Running from: C:\Documents and Settings\hurbainharder\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games


((((((((((((((((((((((((( Files Created from 2008-09-26 to 2008-10-26 )))))))))))))))))))))))))))))))
.

2008-10-26 12:22 . 2008-10-26 14:52 <DIR> d-------- C:\Program Files\FindyKill
2008-10-26 12:20 . 2008-10-26 12:20 104,343,786 --a------ C:\Sauv.reg
2008-10-25 16:54 . 2008-10-25 17:23 <DIR> d-------- C:\Documents and Settings\hurbainharder\Application Data\codeblocks
2008-10-25 16:52 . 2006-11-30 08:40 2,459,525 --a------ C:\WINDOWS\system32\alld42.dll
2008-10-25 16:52 . 2006-11-30 08:39 988,661 --a------ C:\WINDOWS\system32\allp42.dll
2008-10-25 16:52 . 2006-11-30 08:40 537,052 --a------ C:\WINDOWS\system32\alleg42.dll
2008-10-25 16:51 . 2006-05-17 00:57 385,090 --a------ C:\WINDOWS\system32\libtiff.dll
2008-10-25 16:51 . 2006-06-27 06:21 258,048 --a------ C:\WINDOWS\system32\SDL.dll
2008-10-25 16:51 . 2006-05-17 00:57 169,443 --a------ C:\WINDOWS\system32\jpeg.dll
2008-10-25 16:51 . 2006-05-17 00:57 126,976 --a------ C:\WINDOWS\system32\libpng12.dll
2008-10-25 16:51 . 2006-05-17 00:57 77,824 --a------ C:\WINDOWS\system32\zlib1.dll
2008-10-25 16:51 . 2006-05-17 00:57 40,960 --a------ C:\WINDOWS\system32\SDL_image.dll
2008-10-25 16:51 . 2007-05-05 18:57 37,376 --a------ C:\WINDOWS\system32\glfw.dll
2008-10-25 16:50 . 2008-10-25 16:51 <DIR> d-------- C:\MinGW
2008-10-25 16:49 . 2008-10-25 16:50 <DIR> d-------- C:\Program Files\CodeBlocks
2008-10-23 18:32 . 1996-08-20 19:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
2008-10-23 18:32 . 2005-09-25 15:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
2008-10-23 18:32 . 2008-10-23 18:32 3,120 --a------ C:\WINDOWS\system32\118290.54
2008-10-23 18:32 . 2008-10-23 18:32 3,120 --a------ C:\WINDOWS\118294.78
2008-10-23 18:32 . 2003-08-12 23:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
2008-10-19 16:29 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-10-19 16:29 . 2003-03-18 20:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-10-19 16:29 . 2003-02-21 04:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-10-19 13:56 . 2008-10-19 16:52 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-10-18 00:18 . 2008-10-26 12:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-17 00:23 . 2008-10-17 00:23 <DIR> d-------- C:\3eab440ecb4b1a39c2e9a58cb8b1df
2008-10-15 19:10 . 2008-10-15 19:14 <DIR> d-------- C:\Program Files\ASUS
2008-10-15 19:10 . 2004-02-26 23:00 962,612 --a------ C:\WINDOWS\system32\mfc42d.dll
2008-10-15 19:10 . 2004-02-16 23:00 434,252 --a------ C:\WINDOWS\system32\MSVCRTD.DLL
2008-10-15 19:10 . 2005-01-28 09:44 24,576 -ra------ C:\WINDOWS\system32\AsIO.dll
2008-10-15 19:10 . 2004-09-07 10:41 5,120 --a------ C:\WINDOWS\system32\drivers\AsInsHelp64.sys
2008-10-15 19:10 . 2004-10-14 10:52 4,962 -ra------ C:\WINDOWS\system32\drivers\AsIO.sys
2008-10-15 19:10 . 2004-03-10 13:31 3,328 --a------ C:\WINDOWS\system32\drivers\AsInsHelp32.sys
2008-10-15 19:09 . 2008-10-15 19:09 <DIR> d-------- C:\Program Files\AMD
2008-10-15 19:09 . 2004-05-08 09:21 35,840 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2008-10-15 19:07 . 2008-10-15 19:07 16,421 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-10-15 19:07 . 2000-03-29 23:17 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-10-15 19:07 . 2004-08-13 03:56 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2008-10-13 21:46 . 2008-10-13 21:46 <DIR> d-------- C:\Documents and Settings\Guest
2008-10-13 18:29 . 2008-10-13 18:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-10-12 21:20 . 2008-10-12 21:20 <DIR> d-------- C:\Program Files\ESET
2008-10-12 20:20 . 2007-05-12 07:23 224,016 --a------ C:\WINDOWS\system32\tabctl32.ocx
2008-10-12 20:20 . 2007-05-12 07:23 198,656 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-10-12 18:02 . 2008-10-12 18:02 <DIR> d-------- C:\[u]0/uf35c969dd5e7ae9047261798c51b19c
2008-10-12 12:24 . 2008-10-12 12:36 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-10-12 12:24 . 2008-10-12 12:24 <DIR> d-------- C:\a1131ff6d50fe2343fed
2008-09-29 23:01 . 2008-09-29 23:01 <DIR> d-------- C:\Program Files\iTunes
2008-09-29 23:01 . 2008-09-29 23:01 <DIR> d-------- C:\Program Files\iPod
2008-09-29 23:01 . 2008-09-29 23:01 <DIR> d-------- C:\Documents and Settings\hurbainharder\Application Data\Apple Computer
2008-09-29 23:01 . 2008-09-29 23:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-29 23:00 . 2008-09-29 23:00 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-29 23:00 . 2008-09-29 23:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-29 22:59 . 2008-09-29 22:59 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-09-29 22:59 . 2008-09-29 22:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-09-27 23:20 . 2008-10-19 14:10 <DIR> d-------- C:\Program Files\Common Files\Control Panels
2008-09-27 21:03 . 2008-09-29 23:01 <DIR> d-------- C:\Program Files\QuickTime
2008-09-27 20:03 . 2007-02-20 15:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-09-27 20:03 . 2007-02-20 15:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-09-27 18:48 . 2008-10-16 22:53 <DIR> d-------- C:\Program Files\Bonjour
2008-09-27 17:06 . 2008-09-27 17:06 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-09-27 14:13 . 2008-09-27 14:13 268 --ah----- C:\sqmdata09.sqm
2008-09-27 14:13 . 2008-09-27 14:13 244 --ah----- C:\sqmnoopt09.sqm
2008-09-27 13:52 . 2008-10-19 00:12 <DIR> d-------- C:\Program Files\Yahoo!
2008-09-27 12:54 . 2008-09-27 12:54 268 --ah----- C:\sqmdata08.sqm
2008-09-27 12:54 . 2008-09-27 12:54 244 --ah----- C:\sqmnoopt08.sqm
2008-09-27 11:55 . 2008-09-27 11:55 268 --ah----- C:\sqmdata07.sqm
2008-09-27 11:55 . 2008-09-27 11:55 244 --ah----- C:\sqmnoopt07.sqm
2008-09-26 17:48 . 2008-09-26 17:54 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-09-26 17:48 . 2008-09-26 17:54 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-09-26 14:27 . 2008-09-26 17:32 46,640 --a------ C:\WINDOWS\system32\msln.exe
2008-09-26 12:43 . 2008-10-05 15:15 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-09-26 12:42 . 2008-09-26 12:42 <DIR> d-------- C:\Documents and Settings\hurbainharder\Application Data\Symantec

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 10:35 --------- d-----w C:\Documents and Settings\hurbainharder\Application Data\vmntoolbar
2008-10-23 17:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-18 22:39 --------- d-----w C:\Program Files\Altium2004
2008-10-18 22:36 --------- d-----w C:\Program Files\Common Files\WexTech Shared
2008-10-15 18:16 245,760 ----a-w C:\WINDOWS\IsUninst.exe
2008-10-13 20:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-09-27 22:48 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-21 14:19 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-09-21 12:22 --------- d-----w C:\Program Files\AskTBar
2008-09-21 12:20 --------- d-----w C:\Program Files\Visicom Media
2008-09-21 12:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-19 19:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg8
2008-09-19 18:50 --------- d-----w C:\Documents and Settings\hurbainharder\Application Data\Sites
2008-09-19 18:50 --------- d-----w C:\Documents and Settings\hurbainharder\Application Data\Dynamique
2008-09-19 18:39 --------- d-----w C:\Documents and Settings\hurbainharder\Application Data\Classes de site
2008-09-19 17:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\EmailNotifier
2008-09-19 17:58 --------- d-----w C:\Program Files\vmntoolbar
2008-09-19 17:58 --------- d-----w C:\Documents and Settings\hurbainharder\Application Data\EmailNotifier
2008-09-19 17:04 --------- d-----w C:\Program Files\Nero
2008-09-19 17:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-09-16 21:41 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-09-13 01:13 --------- d-----w C:\Documents and Settings\hurbainharder\Application Data\Skype
2008-09-12 22:04 --------- d-----w C:\Documents and Settings\hurbainharder\Application Data\skypePM
2008-09-12 17:05 --------- d-----w C:\Program Files\Java
2008-03-16 15:06 32 -c--a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-28 13:32 14,290 -c--a-w C:\Program Files\settings.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
2007-09-24 15:26 2022912 --a------ C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-8287-79A187E26987}"= "C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL" [2007-09-24 2022912]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A057A204-BACC-4D26-8287-79A187E26987}"= "C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL" [2007-09-24 2022912]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2005-06-14 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"Launch Ai Booster"="C:\Program Files\ASUS\Ai Booster\OverClk.exe" [2005-05-05 3632640]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"SbUsb AudCtrl"="sbusbdll.dll" [2005-05-26 C:\WINDOWS\system32\sbusbdll.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2005-06-14 15360]

C:\Documents and Settings\hurbainharder\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Picture Motion Browser Media Check Tool.lnk.disabled [2008-03-22 1985]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2008-09-27 295606]
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun
"RamCleaner"=C:\Program Files\RamCleaner\ramcore.exe -s

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Metrowerks\\CodeWarrior CW12_V3.1\\prog\\hiwave.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 PEDRV;P&E Microcomputer System PCI Driver.;C:\WINDOWS\system32\drivers\PEDRV.sys [2000-08-03 23296]
R2 PicLpt;PicLpt;C:\WINDOWS\system32\drivers\PicLpt.sys [2000-04-04 25604]
R2 VICHW11;P&E BDM Cable Driver II;C:\WINDOWS\system32\drivers\VICHW11.sys [1998-10-02 5200]
R3 sbusb;Sound Blaster USB Audio Driver;C:\WINDOWS\system32\DRIVERS\sbusb.sys [2005-06-10 1694592]
S3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4624bb6-1d00-11dd-868e-0010b547fe59}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-10-22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-ccleaner - C:\Program Files\CCleaner\CCleaner.exe
SafeBoot-sglfb.sys
SafeBoot-tga.sys
SafeBoot-wd.sys
SafeBoot-sacsvr


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\hurbainharder\Application Data\Mozilla\Firefox\Profiles\6urfl5m7.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.netvibes.com/#general
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 15:21:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-10-26 15:26:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-26 14:25:55

Pre-Run: 44,633,292,800 bytes free
Post-Run: 44,576,706,560 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

233 --- E O F --- 2008-10-26 11:11:04


puis le hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:28:01 PM, on 10/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk.disabled
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O24 - Desktop Component 0: (no name) - http://docs.google.com/File?id=dcxr9s3w_7c4tskqg9
0
Réponse 35 / 50
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
26 oct. 2008 à 15:49
Analyse du rapport.Réponse dans une demi-heure.

On avance. les outils commencent à fonctionner.
On dirait bien que le Brontok a disparu.

A+
0
Réponse 36 / 50
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
26 oct. 2008 à 16:51
1) Ouvre le bloc-notes et sélectionne le texte en citation.
Copie/colle ce texte dans le bloc-notes.

Files::
C:\WINDOWS\system32\118290.54
C:\WINDOWS\118294.78
C:\3eab440ecb4b1a39c2e9a58cb8b1df
C:\[u]0/uf35c969dd5e7ae9047261798c51b19c
C:\a1131ff6d50fe2343fed
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
C:\Documents and Settings\hurbainharder\Application Data\vmntoolbar
C:\Program Files\vmntoolbar


Registry::
[-HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]

Enregistre le fichier sur le bureau et nomme-le CFScript.txt.
Vérifie que l'icone de Combofix se trouve également sur le bureau, sinon, tu relécharges combofix et tu l'enregistres aussi sur le bureau.

Glisse/dépose le script sur ComBoFix. Comme indiqué sur le lien suivant.
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

Tu suis les invites.
Ton bureau va disparaître à plusieurs reprises. Normal.
Une fois le scan achevé, tu enregistres le rapport.

2) On vérifie la présence du bagle.

Voir le message
http://www.commentcamarche.net/forum/affich 8948877 pc infecte par brontok a et cpu toujours 100?page=2#26

Poste les deux rapports.

A+
0
Réponse 37 / 50
hurbainharder
26 oct. 2008 à 17:21
ComboFix 08-10-25.01 - hurbainharder 2008-10-26 17:08:15.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1530 [GMT 1:00]
Running from: C:\Documents and Settings\hurbainharder\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\hurbainharder\Desktop\CFScript.txt.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-09-26 to 2008-10-26 )))))))))))))))))))))))))))))))
.

2008-10-26 16:39 . 2008-10-26 16:40 1,393 --a------ C:\WINDOWS\imsins.BAK
2008-10-26 12:22 . 2008-10-26 14:52 <DIR> d-------- C:\Program Files\FindyKill
2008-10-26 12:20 . 2008-10-26 12:20 104,343,786 --a------ C:\Sauv.reg
2008-10-25 16:54 . 2008-10-25 17:23 <DIR> d-------- C:\Documents and Settings\hurbainharder\Application Data\codeblocks
2008-10-25 16:52 . 2006-11-30 08:40 2,459,525 --a------ C:\WINDOWS\system32\alld42.dll
2008-10-25 16:52 . 2006-11-30 08:39 988,661 --a------ C:\WINDOWS\system32\allp42.dll
2008-10-25 16:52 . 2006-11-30 08:40 537,052 --a------ C:\WINDOWS\system32\alleg42.dll
2008-10-25 16:51 . 2006-05-17 00:57 385,090 --a------ C:\WINDOWS\system32\libtiff.dll
2008-10-25 16:51 . 2006-06-27 06:21 258,048 --a------ C:\WINDOWS\system32\SDL.dll
2008-10-25 16:51 . 2006-05-17 00:57 169,443 --a------ C:\WINDOWS\system32\jpeg.dll
2008-10-25 16:51 . 2006-05-17 00:57 126,976 --a------ C:\WINDOWS\system32\libpng12.dll
2008-10-25 16:51 . 2006-05-17 00:57 77,824 --a------ C:\WINDOWS\system32\zlib1.dll
2008-10-25 16:51 . 2006-05-17 00:57 40,960 --a------ C:\WINDOWS\system32\SDL_image.dll
2008-10-25 16:51 . 2007-05-05 18:57 37,376 --a------ C:\WINDOWS\system32\glfw.dll
2008-10-25 16:50 . 2008-10-25 16:51 <DIR> d-------- C:\MinGW
2008-10-25 16:49 . 2008-10-25 16:50 <DIR> d-------- C:\Program Files\CodeBlocks
2008-10-23 18:32 . 1996-08-20 19:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
2008-10-23 18:32 . 2005-09-25 15:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
2008-10-23 18:32 . 2008-10-23 18:32 3,120 --a------ C:\WINDOWS\system32\118290.54
2008-10-23 18:32 . 2008-10-23 18:32 3,120 --a------ C:\WINDOWS\118294.78
2008-10-23 18:32 . 2003-08-12 23:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
2008-10-19 16:29 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-10-19 16:29 . 2003-03-18 20:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-10-19 16:29 . 2003-02-21 04:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-10-19 13:56 . 2008-10-19 16:52 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-10-18 00:18 . 2008-10-26 15:27 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-17 00:23 . 2008-10-17 00:23 <DIR> d-------- C:\3eab440ecb4b1a39c2e9a58cb8b1df
2008-10-15 19:10 . 2008-10-15 19:14 <DIR> d-------- C:\Program Files\ASUS
2008-10-15 19:10 . 2004-02-26 23:00 962,612 --a------ C:\WINDOWS\system32\mfc42d.dll
2008-10-15 19:10 . 2004-02-16 23:00 434,252 --a------ C:\WINDOWS\system32\MSVCRTD.DLL
2008-10-15 19:10 . 2005-01-28 09:44 24,576 -ra------ C:\WINDOWS\system32\AsIO.dll
2008-10-15 19:10 . 2004-09-07 10:41 5,120 --a------ C:\WINDOWS\system32\drivers\AsInsHelp64.sys
2008-10-15 19:10 . 2004-10-14 10:52 4,962 -ra------ C:\WINDOWS\system32\drivers\AsIO.sys
2008-10-15 19:10 . 2004-03-10 13:31 3,328 --a------ C:\WINDOWS\system32\drivers\AsInsHelp32.sys
2008-10-15 19:09 . 2008-10-15 19:09 <DIR> d-------- C:\Program Files\AMD
2008-10-15 19:09 . 2004-05-08 09:21 35,840 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2008-10-15 19:07 . 2008-10-15 19:07 16,421 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-10-15 19:07 . 2000-03-29 23:17 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-10-15 19:07 . 2004-08-13 03:56 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2008-10-13 21:46 . 2008-10-13 21:46 <DIR> d-------- C:\Documents and Settings\Guest
2008-10-13 18:29 . 2008-10-13 18:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-10-12 21:20 . 2008-10-12 21:20 <DIR> d-------- C:\Program Files\ESET
2008-10-12 20:20 . 2007-05-12 07:23 224,016 --a------ C:\WINDOWS\system32\tabctl32.ocx
2008-10-12 20:20 . 2007-05-12 07:23 198,656 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-10-12 18:02 . 2008-10-12 18:02 <DIR> d-------- C:\[u]0/uf35c969dd5e7ae9047261798c51b19c
2008-10-12 12:24 . 2008-10-12 12:36 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-10-12 12:24 . 2008-10-12 12:24 <DIR> d-------- C:\a1131ff6d50fe2343fed
2008-09-29 23:01 . 2008-09-29 23:01 <DIR> d-------- C:\Program Files\iTunes
2008-09-29 23:01 . 2008-09-29 23:01 <DIR> d-------- C:\Program Files\iPod
2008-09-29 23:01 . 2008-09-29 23:01 <DIR> d-------- C:\Documents and Settings\hurbainharder\Application Data\Apple Computer
2008-09-29 23:01 . 2008-09-29 23:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-29 23:00 . 2008-09-29 23:00 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-29 23:00 . 2008-09-29 23:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-29 22:59 . 2008-09-29 22:59 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-09-29 22:59 . 2008-09-29 22:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-09-27 23:20 . 2008-10-19 14:10 <DIR> d-------- C:\Program Files\Common Files\Control Panels
2008-09-27 21:03 . 2008-09-29 23:01 <DIR> d-------- C:\Program Files\QuickTime
2008-09-27 20:03 . 2007-02-20 15:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-09-27 20:03 . 2007-02-20 15:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-09-27 18:48 . 2008-10-16 22:53 <DIR> d-------- C:\Program Files\Bonjour
2008-09-27 17:06 . 2008-09-27 17:06 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-09-27 14:13 . 2008-09-27 14:13 268 --ah----- C:\sqmdata09.sqm
2008-09-27 14:13 . 2008-09-27 14:13 244 --ah----- C:\sqmnoopt09.sqm
2008-09-27 13:52 . 2008-10-19 00:12 <DIR> d-------- C:\Program Files\Yahoo!
2008-09-27 12:54 . 2008-09-27 12:54 268 --ah----- C:\sqmdata08.sqm
2008-09-27 12:54 . 2008-09-27 12:54 244 --ah----- C:\sqmnoopt08.sqm
2008-09-27 11:55 . 2008-09-27 11:55 268 --ah----- C:\sqmdata07.sqm
2008-09-27 11:55 . 2008-09-27 11:55 244 --ah----- C:\sqmnoopt07.sqm
2008-09-26 17:48 . 2008-09-26 17:54 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-09-26 17:48 . 2008-09-26 17:54 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-09-26 14:27 . 2008-09-26 17:32 46,640 --a------ C:\WINDOWS\system32\msln.exe
2008-09-26 12:43 . 2008-10-05 15:15 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-09-26 12:42 . 2008-09-26 12:42 <DIR> d-------- C:\Documents and Settings\hurbainharder\Application Data\Symantec

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 15:51 --------- d-----w C:\Program Files\UltraMon
2008-10-26 10:35 --------- d-----w C:\Documents and Settings\hurbainharder\Application Data\vmntoolbar
2008-10-23 17:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-18 22:39 --------- d-----w C:\Program Files\Altium2004
2008-10-18 22:36 --------- d-----w C:\Program Files\Common Files\WexTech Shared
2008-10-15 18:16 245,760 ----a-w C:\WINDOWS\IsUninst.exe
2008-10-13 20:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-09-27 22:48 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-21 14:19 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-09-21 12:22 --------- d-----w C:\Program Files\AskTBar
2008-09-21 12:20 --------- d-----w C:\Program Files\Visicom Media
2008-09-21 12:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-19 19:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg8
2008-09-19 18:59 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-09-19 18:50 --------- d-----w C:\Documents and Settings\hurbainharder\Application Data\Sites
2008-09-19 18:50 --------- d-----w C:\Documents and Settings\hurbainharder\Application Data\Dynamique
2008-09-19 18:39 --------- d-----w C:\Documents and Settings\hurbainharder\Application Data\Classes de site
2008-09-19 17:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\EmailNotifier
2008-09-19 17:58 --------- d-----w C:\Program Files\vmntoolbar
2008-09-19 17:58 --------- d-----w C:\Documents and Settings\hurbainharder\Application Data\EmailNotifier
2008-09-19 17:04 --------- d-----w C:\Program Files\Nero
2008-09-19 17:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-09-16 21:41 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-09-13 01:13 --------- d-----w C:\Documents and Settings\hurbainharder\Application Data\Skype
2008-09-12 22:04 --------- d-----w C:\Documents and Settings\hurbainharder\Application Data\skypePM
2008-09-12 17:05 --------- d-----w C:\Program Files\Java
2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-28 10:35 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-26 07:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 09:57 2,185,984 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:18 2,062,976 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-03-16 15:06 32 -c--a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-28 13:32 14,290 -c--a-w C:\Program Files\settings.dat
.

((((((((((((((((((((((((((((( snapshot@2008-10-26_15.25.25.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-02-28 09:53:04 2,137,600 -c----w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 09:55:01 2,142,720 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
- 2007-02-28 00:15:58 2,059,392 -c----w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 09:18:44 2,062,976 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
- 2007-02-28 09:15:59 2,017,280 -c----w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 09:18:46 2,020,864 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
- 2007-02-28 09:55:14 2,182,144 -c----w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2008-08-14 09:57:20 2,185,984 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2008-06-23 16:57:27 124,928 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\advpack.dll
+ 2008-06-23 16:57:27 347,136 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2008-06-23 16:57:27 214,528 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtrans.dll
+ 2008-06-23 16:57:27 133,120 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\extmgr.dll
+ 2008-06-23 16:57:28 63,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\icardie.dll
+ 2008-06-23 09:20:25 70,656 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2008-06-23 16:57:29 153,088 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakeng.dll
+ 2008-06-23 16:57:29 230,400 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieaksie.dll
+ 2008-06-21 05:23:54 161,792 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakui.dll
+ 2008-06-23 16:57:29 383,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2008-06-23 16:57:29 384,512 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2008-06-23 16:57:33 6,066,176 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieframe.dll
+ 2008-06-23 16:57:33 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iernonce.dll
+ 2008-06-23 16:57:34 267,776 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iertutil.dll
+ 2008-06-23 09:20:26 13,824 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieudinit.exe
+ 2008-06-23 09:20:52 625,664 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe
+ 2008-06-23 16:57:35 27,648 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\jsproxy.dll
+ 2008-06-23 16:57:36 459,264 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeeds.dll
+ 2008-06-23 16:57:36 52,224 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2008-06-24 08:57:40 3,592,192 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtml.dll
+ 2008-06-23 16:57:39 477,696 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtmled.dll
+ 2008-06-23 16:57:39 193,024 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msrating.dll
+ 2008-06-23 16:57:40 671,232 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mstime.dll
+ 2008-06-23 16:57:40 102,912 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\occache.dll
+ 2008-06-23 16:57:40 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2008-06-23 16:57:40 105,984 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\url.dll
+ 2008-06-23 16:57:40 1,159,680 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\urlmon.dll
+ 2008-06-23 16:57:41 233,472 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\webcheck.dll
+ 2008-06-23 16:57:41 826,368 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\wininet.dll
- 2008-06-23 16:57:27 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-08-26 07:24:28 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2008-06-23 16:57:27 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-08-26 07:24:28 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
- 2008-06-20 10:44:08 138,368 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys
+ 2008-08-14 09:48:52 138,368 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys
- 2008-06-23 16:57:27 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-08-26 07:24:28 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-06-23 16:57:27 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-08-26 07:24:28 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-06-23 16:57:27 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-08-26 07:24:28 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-06-23 16:57:28 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-08-26 07:24:28 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-06-23 09:20:25 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-08-25 08:37:59 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-06-23 16:57:29 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-08-26 07:24:28 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-06-23 16:57:29 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-08-26 07:24:28 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-06-21 05:23:54 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-08-23 05:54:51 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-06-23 16:57:29 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-06-23 16:57:29 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-08-26 07:24:29 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-06-23 16:57:33 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-06-23 16:57:33 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-08-26 07:24:29 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-06-23 16:57:34 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-08-26 07:24:29 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-06-23 09:20:26 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2008-06-23 09:20:52 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-08-23 05:56:15 635,848 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2008-06-23 16:57:35 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-08-26 07:24:30 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-06-23 16:57:36 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-06-23 16:57:36 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-06-24 08:57:40 3,592,192 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-08-27 12:54:32 3,593,216 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-06-23 16:57:39 477,696 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-08-26 07:24:30 477,696 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-06-23 16:57:39 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-08-26 07:24:30 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-06-23 16:57:40 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-08-26 07:24:30 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
- 2006-08-17 12:37:49 337,408 -c--a-w C:\WINDOWS\system32\dllcache\netapi32.dll
+ 2008-10-15 16:53:28 339,456 -c--a-w C:\WINDOWS\system32\dllcache\netapi32.dll
- 2007-02-28 09:53:04 2,137,600 -c----w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
+ 2008-08-14 09:55:01 2,142,720 -c----w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
- 2007-02-28 00:15:58 2,059,392 -c----w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
+ 2008-08-14 09:18:44 2,062,976 -c----w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
- 2007-02-28 09:15:59 2,017,280 -c----w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
+ 2008-08-14 09:18:46 2,020,864 -c----w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
- 2007-02-28 09:55:14 2,182,144 -c----w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
+ 2008-08-14 09:57:20 2,185,984 -c----w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
- 2008-06-23 16:57:40 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-08-26 07:24:30 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-06-23 16:57:40 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-08-26 07:24:30 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2006-08-14 12:00:42 332,928 -c--a-w C:\WINDOWS\system32\dllcache\srv.sys
+ 2008-08-28 10:35:33 333,056 -c--a-w C:\WINDOWS\system32\dllcache\srv.sys
- 2008-06-23 16:57:40 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-08-26 07:24:30 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2008-06-23 16:57:40 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-06-23 16:57:41 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-08-26 07:24:31 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-06-23 16:57:41 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-08-26 07:24:31 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-06-20 10:44:08 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
+ 2008-08-14 09:48:52 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
- 2008-06-23 16:57:27 347,136 ------w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-08-26 07:24:28 347,136 ------w C:\WINDOWS\system32\dxtmsft.dll
- 2008-06-23 16:57:27 214,528 ------w C:\WINDOWS\system32\dxtrans.dll
+ 2008-08-26 07:24:28 214,528 ------w C:\WINDOWS\system32\dxtrans.dll
- 2008-06-23 16:57:27 133,120 ------w C:\WINDOWS\system32\extmgr.dll
+ 2008-08-26 07:24:28 133,120 ------w C:\WINDOWS\system32\extmgr.dll
- 2008-06-23 16:57:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-08-26 07:24:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-06-23 09:20:25 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-08-25 08:37:59 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
- 2008-06-23 16:57:29 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
+ 2008-08-26 07:24:28 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
- 2008-06-23 16:57:29 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
+ 2008-08-26 07:24:28 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
- 2008-06-21 05:23:54 161,792 ------w C:\WINDOWS\system32\ieakui.dll
+ 2008-08-23 05:54:51 161,792 ------w C:\WINDOWS\system32\ieakui.dll
- 2008-06-23 16:57:29 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-06-23 16:57:29 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-08-26 07:24:29 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
- 2008-06-23 16:57:33 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-10-03 17:41:15 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-06-23 16:57:33 44,544 ------w C:\WINDOWS\system32\iernonce.dll
+ 2008-08-26 07:24:29 44,544 ------w C:\WINDOWS\system32\iernonce.dll
- 2008-06-23 16:57:34 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-08-26 07:24:29 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-06-23 09:20:26 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2008-06-23 16:57:35 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-08-26 07:24:30 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-06-23 16:57:36 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-06-23 16:57:36 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-06-24 08:57:40 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-08-27 12:54:32 3,593,216 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-06-23 16:57:39 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-08-26 07:24:30 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-06-23 16:57:39 193,024 ------w C:\WINDOWS\system32\msrating.dll
+ 2008-08-26 07:24:30 193,024 ------w C:\WINDOWS\system32\msrating.dll
- 2008-06-23 16:57:40 671,232 ------w C:\WINDOWS\system32\mstime.dll
+ 2008-08-26 07:24:30 671,232 ------w C:\WINDOWS\system32\mstime.dll
- 2006-08-17 12:37:49 337,408 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2008-10-15 16:53:28 339,456 ----a-w C:\WINDOWS\system32\netapi32.dll
- 2008-06-23 16:57:40 102,912 ------w C:\WINDOWS\system32\occache.dll
+ 2008-08-26 07:24:30 102,912 ------w C:\WINDOWS\system32\occache.dll
- 2008-06-23 16:57:40 44,544 ------w C:\WINDOWS\system32\pngfilt.dll
+ 2008-08-26 07:24:30 44,544 ------w C:\WINDOWS\system32\pngfilt.dll
- 2007-07-27 08:41:40 16,760 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-06-23 16:57:40 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-08-26 07:24:30 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-06-23 16:57:40 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-06-23 16:57:41 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-08-26 07:24:31 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
2007-09-24 15:26 2022912 --a------ C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-8287-79A187E26987}"= "C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL" [2007-09-24 2022912]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A057A204-BACC-4D26-8287-79A187E26987}"= "C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL" [2007-09-24 2022912]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2005-06-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"Launch Ai Booster"="C:\Program Files\ASUS\Ai Booster\OverClk.exe" [2005-05-05 3632640]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"SbUsb AudCtrl"="sbusbdll.dll" [2005-05-26 C:\WINDOWS\system32\sbusbdll.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2005-06-14 15360]

C:\Documents and Settings\hurbainharder\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Picture Motion Browser Media Check Tool.lnk.disabled [2008-03-22 1985]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2008-09-27 295606]
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun
"RamCleaner"=C:\Program Files\RamCleaner\ramcore.exe -s

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Metrowerks\\CodeWarrior CW12_V3.1\\prog\\hiwave.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 PEDRV;P&E Microcomputer System PCI Driver.;C:\WINDOWS\system32\drivers\PEDRV.sys [2000-08-03 23296]
R2 PicLpt;PicLpt;C:\WINDOWS\system32\drivers\PicLpt.sys [2000-04-04 25604]
R2 VICHW11;P&E BDM Cable Driver II;C:\WINDOWS\system32\drivers\VICHW11.sys [1998-10-02 5200]
R3 sbusb;Sound Blaster USB Audio Driver;C:\WINDOWS\system32\DRIVERS\sbusb.sys [2005-06-10 1694592]
S3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4624bb6-1d00-11dd-868e-0010b547fe59}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-10-22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MsnMsgr - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 17:12:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-26 17:13:02
ComboFix-quarantined-files.txt 2008-10-26 16:12:48
ComboFix2.txt 2008-10-26 14:26:10

Pre-Run: 44,318,932,992 bytes free
Post-Run: 44,302,954,496 bytes free

premier rapport j attend eliblague



371 --- E O F --- 2008-10-26 15:40:14
0
Réponse 38 / 50
hurbainharder
26 oct. 2008 à 18:38
et voivi le rapport


Nº Total de Directorios: 13200
Nº Total de Ficheros: 125545
Nº de Ficheros Analizados: 14316
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
0
Réponse 39 / 50
hurbainharder
26 oct. 2008 à 18:38
Que faire maintenant ??
0
Réponse 40 / 50
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
26 oct. 2008 à 19:46
1) Le script n'a pas supprimé les fichiers désirés.

Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve en citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move.

C:\WINDOWS\system32\118290.54
C:\WINDOWS\118294.78
C:\3eab440ecb4b1a39c2e9a58cb8b1df
C:\[u]0/uf35c969dd5e7ae9047261798c51b19c
C:\a1131ff6d50fe2343fed
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
C:\Documents and Settings\hurbainharder\Application Data\vmntoolbar
C:\Program Files\vmntoolbar

clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre "Results".
Clique sur Exit pour fermer.
Poste le rapport ( fichier .log ) situé dans C:\_OTMoveIt\MovedFiles.
Il est possible que ton ordinateur redémarre pour supprimer les fichiers.

2) On va vérifier pour le brontok.
Supprime clean II X si il est toujours présent sur ton PC.
Tu vas télécharger une version propre.

Voir message :
http://www.commentcamarche.net/forum/affich 8948877 pc infecte par brontok a et cpu toujours 100#6
Suis le indications et poste le rapport.

A+
0