Probleme beagle
biscaymathieu
Messages postés
69
Statut
Membre
-
biscaymathieu Messages postés 69 Statut Membre -
biscaymathieu Messages postés 69 Statut Membre -
Bonjour,
voila mon pc est infecter parun virus beagle ,jai aissaier tout ce que je trouvai sur internet pour le suprimer mai rien na marcher.et le mode sans echec ne marche pas.
voila j espère que vou pouvez maider.
voila mon pc est infecter parun virus beagle ,jai aissaier tout ce que je trouvai sur internet pour le suprimer mai rien na marcher.et le mode sans echec ne marche pas.
voila j espère que vou pouvez maider.
112 réponses
SDFix has been extracted to %systemdrive%\SDFix\
(Drive that contains the Windows directory - typically C:\SDFix)
Open the SDFix folder in Safe Mode and double click the RunThis.bat file to start the fixtool
If RunThis.bat is started in Normal Mode, options to download and run Anti-Virus command line scanners are displayed
Catchme.exe Stealth Malware Detector by GMER is also included in the SDFix folder
Additional SDFix Instructions & screen shots can be found here - http://www.bleepingcomputer.com/forums/topic131299.html
SDFix a été extrait dans %systemdrive%\SDFix\
(Le disque qui contient le répertoire Windows - typiquement C:\SDFix)
Ouvrez le dossier SDFix en mode sans échec et double cliquez sur le fichier RunThis.bat pour démarrer l'outil.
Si RunThis.bat est lancé en mode normal, les options pour télécharger et lancer les scanners Antivirus en ligne de commande seront affichées
Catchme.exe Stealth Malware Detector de GMER est également inclus dans le dossier SDFix
Instructions supplémentaires pour SDFix & captures d'écran peuvent être trouvées ici - http://www.bleepingcomputer.com/forums/topic131299.html
voila
(Drive that contains the Windows directory - typically C:\SDFix)
Open the SDFix folder in Safe Mode and double click the RunThis.bat file to start the fixtool
If RunThis.bat is started in Normal Mode, options to download and run Anti-Virus command line scanners are displayed
Catchme.exe Stealth Malware Detector by GMER is also included in the SDFix folder
Additional SDFix Instructions & screen shots can be found here - http://www.bleepingcomputer.com/forums/topic131299.html
SDFix a été extrait dans %systemdrive%\SDFix\
(Le disque qui contient le répertoire Windows - typiquement C:\SDFix)
Ouvrez le dossier SDFix en mode sans échec et double cliquez sur le fichier RunThis.bat pour démarrer l'outil.
Si RunThis.bat est lancé en mode normal, les options pour télécharger et lancer les scanners Antivirus en ligne de commande seront affichées
Catchme.exe Stealth Malware Detector de GMER est également inclus dans le dossier SDFix
Instructions supplémentaires pour SDFix & captures d'écran peuvent être trouvées ici - http://www.bleepingcomputer.com/forums/topic131299.html
voila
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
----------------- FindyKill V4.095 ------------------
* User : Administrateur - ADMIN-510E375DD
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 24/10/08 par Chiquitine29
* Recherche effectuée à 12:39:37 le 26/10/2008
* Windows XP - Internet Explorer 7.0.5730.13
((((((((((((((((( *** Recherche *** ))))))))))))))))))
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Jeux\steam\Steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrateur\Bureau\ilimited megauploid\rapget.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
--------------- [ Fichiers/Dossiers infectieux ] ----------------
»»»» Presence des fichiers dans C:
»»»» Presence des fichiers dans C:\WINDOWS
»»»» Presence des fichiers dans C:\WINDOWS\Prefetch
Present ! - C:\WINDOWS\prefetch\HLDRRR.EXE-061E05F4.pf
Present ! - C:\WINDOWS\prefetch\MDELK.EXE-238AA5EF.pf
»»»» Presence des fichiers dans C:\WINDOWS\system32
»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers
»»»» Presence des fichiers dans C:\Documents and Settings\Administrateur\Application Data
»»»» Presence des fichiers dans C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
--------------- [ Registre / Startup ] ----------------
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
RTHDCPL REG_SZ RTHDCPL.EXE
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz REG_SZ nwiz.exe /install
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
AppleSyncNotifier REG_SZ C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
SDFix REG_SZ C:\SDFix\RunThis.bat /second
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
Steam REG_SZ "D:\Jeux\steam\Steam.exe" -silent
EA Core REG_SZ C:\Program Files\Electronic Arts\EADM\Core.exe -silent
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
--------------- [ Registre / Clés infectieuses ] ----------------
--------------- [ Etat / Services ] ----------------
+- Services : [ Auto=2 Demande=3 Désactivé=4 ]
Ndisuio - Type de démarrage = 3
EapHost - Type de démarrage = 2
Ip6Fw - Type de démarrage = 2
SharedAccess - Type de démarrage = 2
wuauserv - Type de démarrage = 2
wscsvc - Type de démarrage = 2
--------------- [ Recherche dans supports amovibles] ----------------
+- Informations :
C: - Lecteur fixe
D: - Lecteur fixe
G: - Lecteur de CD-ROM
+- Contenu de l'autorun : G:\autorun.inf
[autorun]
open=Autorun.exe
Icon=nfs_icon.ico
Name=Need for Speed ProStreet
[Special]
Disk=1
ProductGuiID={343737F4-C04D-49F4-BE58-C7EAA8EBA57A}
+- presence des fichiers :
Présent ! [27/10/2007 08:38][-r-------] - G:\autorun.inf
--------------- [ Registre / Moutpoint2 ] ----------------
-> Recherche négative.
------------------- ! Fin du rapport ! --------------------
* User : Administrateur - ADMIN-510E375DD
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 24/10/08 par Chiquitine29
* Recherche effectuée à 12:39:37 le 26/10/2008
* Windows XP - Internet Explorer 7.0.5730.13
((((((((((((((((( *** Recherche *** ))))))))))))))))))
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Jeux\steam\Steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrateur\Bureau\ilimited megauploid\rapget.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
--------------- [ Fichiers/Dossiers infectieux ] ----------------
»»»» Presence des fichiers dans C:
»»»» Presence des fichiers dans C:\WINDOWS
»»»» Presence des fichiers dans C:\WINDOWS\Prefetch
Present ! - C:\WINDOWS\prefetch\HLDRRR.EXE-061E05F4.pf
Present ! - C:\WINDOWS\prefetch\MDELK.EXE-238AA5EF.pf
»»»» Presence des fichiers dans C:\WINDOWS\system32
»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers
»»»» Presence des fichiers dans C:\Documents and Settings\Administrateur\Application Data
»»»» Presence des fichiers dans C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
--------------- [ Registre / Startup ] ----------------
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
RTHDCPL REG_SZ RTHDCPL.EXE
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz REG_SZ nwiz.exe /install
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
AppleSyncNotifier REG_SZ C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
SDFix REG_SZ C:\SDFix\RunThis.bat /second
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
Steam REG_SZ "D:\Jeux\steam\Steam.exe" -silent
EA Core REG_SZ C:\Program Files\Electronic Arts\EADM\Core.exe -silent
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
--------------- [ Registre / Clés infectieuses ] ----------------
--------------- [ Etat / Services ] ----------------
+- Services : [ Auto=2 Demande=3 Désactivé=4 ]
Ndisuio - Type de démarrage = 3
EapHost - Type de démarrage = 2
Ip6Fw - Type de démarrage = 2
SharedAccess - Type de démarrage = 2
wuauserv - Type de démarrage = 2
wscsvc - Type de démarrage = 2
--------------- [ Recherche dans supports amovibles] ----------------
+- Informations :
C: - Lecteur fixe
D: - Lecteur fixe
G: - Lecteur de CD-ROM
+- Contenu de l'autorun : G:\autorun.inf
[autorun]
open=Autorun.exe
Icon=nfs_icon.ico
Name=Need for Speed ProStreet
[Special]
Disk=1
ProductGuiID={343737F4-C04D-49F4-BE58-C7EAA8EBA57A}
+- presence des fichiers :
Présent ! [27/10/2007 08:38][-r-------] - G:\autorun.inf
--------------- [ Registre / Moutpoint2 ] ----------------
-> Recherche négative.
------------------- ! Fin du rapport ! --------------------
ComboFix 08-10-24.02 - Administrateur 2008-10-26 12:49:15.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1607 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-26 au 2008-10-26 ))))))))))))))))))))))))))))))))))))
.
2008-10-26 10:44 . 2008-10-26 10:44 579,584 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-10-26 10:43 . 2008-10-26 10:43 <REP> d-------- C:\WINDOWS\ERUNT
2008-10-26 10:10 . 2008-10-26 11:28 <REP> d-------- C:\SDFix
2008-10-25 21:37 . 2008-10-26 12:38 <REP> d-------- C:\download
2008-10-25 19:13 . 2007-01-18 13:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-10-25 18:02 . 2008-10-04 12:11 81,920 --a------ C:\Documents and Settings\Administrateur\Application Data\cmstp.exe
2008-10-25 18:00 . 2008-10-04 12:11 81,920 --a------ C:\WINDOWS\system\cmstp.exe
2008-10-25 17:18 . 2008-10-25 17:54 <REP> d-------- C:\ToolBar SD
2008-10-25 15:53 . 2008-10-25 15:53 <REP> d-------- C:\Program Files\Trend Micro
2008-10-25 15:30 . 2008-10-04 12:11 81,920 --a------ C:\Documents and Settings\Administrateur\Application Data\esentutl.exe
2008-10-25 15:29 . 2008-10-04 12:11 81,920 --a------ C:\Documents and Settings\Administrateur\Application Data\sessmgr.exe
2008-10-25 15:28 . 2008-10-04 12:11 81,920 --a------ C:\WINDOWS\ieudinit.exe
2008-10-25 15:03 . 2008-10-26 12:08 <REP> d-------- C:\Program Files\Navilog1
2008-10-25 14:39 . 2008-10-04 12:11 81,920 --a------ C:\WINDOWS\system\dllhst3g.exe
2008-10-25 14:37 . 2008-10-04 12:11 81,920 --a------ C:\WINDOWS\system\rsvp.exe
2008-10-25 14:35 . 2008-10-04 12:11 81,920 --a------ C:\Documents and Settings\Administrateur\Application Data\mqtgsvc.exe
2008-10-25 14:33 . 2008-10-04 12:11 81,920 --a------ C:\Documents and Settings\Administrateur\Application Data\mstsc.exe
2008-10-25 14:33 . 2008-10-04 12:11 81,920 --a------ C:\Documents and Settings\Administrateur\Application Data\clipsrv.exe
2008-10-25 14:30 . 2008-10-04 12:11 81,920 --a------ C:\WINDOWS\system32\drivers\sessmgr.exe
2008-10-25 14:29 . 2008-10-04 12:11 81,920 --a------ C:\Documents and Settings\Administrateur\Application Data\cisvc.exe
2008-10-25 11:21 . 2008-10-25 11:21 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-25 11:21 . 2008-10-25 11:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-25 11:21 . 2008-10-25 11:21 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-10-25 11:21 . 2008-10-22 15:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-25 11:21 . 2008-10-22 15:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-25 10:59 . 2008-10-26 12:39 <REP> d-------- C:\Program Files\FindyKill
2008-10-25 10:04 . 2008-10-04 12:11 81,920 --a------ C:\WINDOWS\system\clipsrv.exe
2008-10-25 09:59 . 2008-10-04 12:11 81,920 --a------ C:\WINDOWS\system32\drivers\mstinit.exe
2008-10-25 09:59 . 2008-10-04 12:11 81,920 --a------ C:\WINDOWS\system\logman.exe
2008-10-25 09:59 . 2008-10-04 12:11 81,920 --a------ C:\Documents and Settings\Administrateur\Application Data\rsvp.exe
2008-10-25 09:58 . 2008-10-04 12:11 81,920 --a------ C:\WINDOWS\esentutl.exe
2008-10-25 09:55 . 2008-10-04 12:11 81,920 --a------ C:\WINDOWS\system32\drivers\esentutl.exe
2008-10-25 09:55 . 2008-10-04 12:11 81,920 --a------ C:\WINDOWS\system32\drivers\dllhst3g.exe
2008-10-25 09:55 . 2008-10-04 12:11 81,920 --a------ C:\WINDOWS\mqtgsvc.exe
2008-10-25 09:52 . 2008-10-04 12:11 81,920 --a------ C:\WINDOWS\system32\drivers\clipsrv.exe
2008-10-25 09:52 . 2008-10-04 12:11 81,920 --a------ C:\WINDOWS\clipsrv.exe
2008-10-25 09:42 . 2008-10-04 12:11 81,920 --a------ C:\WINDOWS\system\mqtgsvc.exe
2008-10-25 09:42 . 2008-10-04 12:11 81,920 --a------ C:\WINDOWS\dllhst3g.exe
2008-10-25 09:41 . 2008-10-04 12:11 81,920 --a------ C:\WINDOWS\system32\drivers\mstsc.exe
2008-10-25 09:40 . 2008-10-04 12:11 81,920 --a------ C:\WINDOWS\sessmgr.exe
2008-10-24 22:03 . 2008-10-04 12:11 81,920 --a------ C:\Documents and Settings\Administrateur\Application Data\logman.exe
2008-10-24 22:02 . 2008-10-04 12:11 81,920 --a------ C:\Documents and Settings\Administrateur\Application Data\mstinit.exe
2008-10-24 21:44 . 2008-10-04 12:11 81,920 --a------ C:\WINDOWS\logman.exe
2008-10-23 18:15 . 2008-10-15 17:35 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-19 20:09 . 2008-10-19 20:12 <REP> d-------- C:\Need for Speed - ProStreet OST
2008-10-19 13:28 . 2008-10-19 13:31 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-10-19 13:28 . 2008-10-20 08:24 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-10-19 13:00 . 2008-10-20 08:24 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-10-19 12:58 . 2008-10-19 12:58 <REP> dr-h----- C:\Documents and Settings\Administrateur\Application Data\SecuROM
2008-10-19 12:13 . 2008-10-19 12:13 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-10-18 09:46 . 2008-10-24 20:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-10-18 08:55 . 2008-10-18 08:55 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-10-16 19:10 . 2008-10-17 15:35 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\DivX
2008-10-16 19:08 . 2008-10-16 19:08 3,532 --a------ C:\drmHeader.bin
2008-10-16 19:06 . 2008-10-16 19:06 <REP> d-------- C:\Program Files\DivX
2008-10-15 16:36 . 2008-08-14 14:23 2,191,232 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 16:36 . 2008-08-14 14:23 2,147,328 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 16:36 . 2008-08-14 14:23 2,068,096 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 16:36 . 2008-08-14 14:23 2,025,984 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 16:36 . 2008-09-15 16:26 1,846,528 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 16:36 . 2008-09-08 11:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-12 22:20 . 2008-10-12 22:20 <REP> d-------- C:\WINDOWS\Sun
2008-10-10 22:42 . 2008-10-10 22:43 <REP> d-------- C:\Program Files\Google
2008-10-10 20:32 . 2008-10-10 20:32 <REP> d-------- C:\Program Files\Fichiers communs\DirectX
2008-10-10 20:20 . 2008-10-10 20:20 <REP> d-------- C:\Program Files\EA GAMES
2008-10-08 18:34 . 2008-10-08 18:34 4,096 --a------ C:\WINDOWS\system32\drivers\nocashio.sys
2008-10-08 12:06 . 2008-10-08 12:06 <REP> d--h-c--- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2008-10-08 12:06 . 2008-10-08 12:07 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-10-08 11:59 . 2008-10-08 11:59 <REP> d-------- C:\ProgramData
2008-10-08 11:59 . 2008-10-08 11:59 <REP> d-------- C:\Program Files\Electronic Arts
2008-10-08 11:59 . 2008-10-08 11:59 662 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-10-08 11:43 . 2008-10-08 11:43 <REP> d-------- C:\Program Files\UltraISO
2008-10-08 11:43 . 2008-10-08 11:43 <REP> d-------- C:\Program Files\Fichiers communs\EZB Systems
2008-10-06 18:17 . 2008-10-06 18:17 <REP> d-------- C:\WINDOWS\system32\fr
2008-10-06 18:17 . 2008-10-06 18:17 <REP> d-------- C:\WINDOWS\system32\bits
2008-10-06 18:17 . 2008-10-06 18:17 <REP> d-------- C:\WINDOWS\l2schemas
2008-10-06 18:15 . 2008-10-06 18:17 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-10-05 21:09 . 2008-10-05 21:09 <REP> d-------- C:\Program Files\Sleepy
2008-10-05 18:24 . 2008-10-05 18:24 <REP> d-------- C:\Program Files\Megaupload
2008-10-05 18:24 . 2008-10-05 18:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Megaupload
2008-10-05 18:24 . 2008-10-05 18:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EmailNotifier
2008-10-05 18:24 . 2008-10-05 18:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Megaupload
2008-10-05 18:24 . 2008-10-05 18:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\EmailNotifier
2008-10-05 14:31 . 2008-04-13 19:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-10-05 14:27 . 2008-10-05 15:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited
2008-10-05 14:06 . 2008-10-05 14:06 <REP> d-------- C:\Program Files\Alcohol Soft
2008-10-05 14:06 . 2005-04-25 09:43 159,616 --a------ C:\WINDOWS\system32\drivers\Vax347b.sys
2008-10-05 14:06 . 2004-04-30 08:33 5,248 --a------ C:\WINDOWS\system32\drivers\Vax347s.sys
2008-10-04 18:36 . 2008-10-04 18:36 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-10-04 12:49 . 2008-10-04 12:49 <REP> d-------- C:\Program Files\LimeWire
2008-10-04 12:49 . 2008-10-25 21:41 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\LimeWire
2008-10-04 12:42 . 2008-10-04 12:42 <REP> d-------- C:\Program Files\iTunes
2008-10-04 12:42 . 2008-10-04 12:42 <REP> d-------- C:\Program Files\iPod
2008-10-04 12:42 . 2008-10-04 12:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-04 12:41 . 2008-10-04 12:41 <REP> d-------- C:\Program Files\QuickTime
2008-10-04 12:35 . 2008-10-04 12:35 <REP> d-------- C:\Program Files\Bonjour
2008-10-04 12:11 . 2008-10-04 12:11 81,920 --a------ C:\WINDOWS\system\sessmgr.exe
2008-10-04 10:32 . 2008-06-14 18:33 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-10-04 10:32 . 2008-06-14 18:33 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-10-04 10:26 . 2008-05-08 15:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-10-04 10:25 . 2008-10-03 17:22 6,068,224 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-10-04 10:25 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-10-04 10:25 . 2007-03-08 06:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-10-04 10:25 . 2008-04-11 20:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-10-04 10:25 . 2008-08-26 10:10 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-10-04 10:25 . 2008-08-26 10:10 380,928 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-10-04 10:25 . 2008-08-26 10:10 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-10-04 10:25 . 2008-08-26 10:10 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-10-04 10:25 . 2008-08-26 10:10 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-10-04 10:25 . 2008-08-25 09:43 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-10-04 09:24 . 2008-10-06 19:21 <REP> d-------- C:\Documents and Settings\Administrateur\Contacts
2008-10-04 09:19 . 2008-10-04 09:24 <REP> d-------- C:\Program Files\Windows Live
2008-10-04 09:19 . 2008-10-04 09:23 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-10-04 09:19 . 2008-10-04 09:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-10-04 09:12 . 2008-10-25 10:57 <REP> d-------- C:\Program Files\eMule
2008-10-04 09:10 . 2008-10-24 22:10 <REP> d-------- C:\Program Files\Alwil Software
2008-10-04 08:57 . 2006-06-08 09:49 344,064 --a------ C:\WINDOWS\system32\drivers\rt73.sys
2008-10-04 08:57 . 2005-12-15 09:38 315,392 --a------ C:\WINDOWS\system32\AegisI5.exe
2008-10-04 08:57 . 2006-06-17 11:29 295,018 --a------ C:\WINDOWS\system32\Install7x.dll
2008-10-04 08:57 . 2008-10-04 08:57 21,275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-10-04 08:57 . 2005-11-30 10:33 2,048 --a------ C:\WINDOWS\system32\drivers\rt73.bin
2008-10-04 08:57 . 2006-03-06 14:36 45 --a------ C:\WINDOWS\filespec7x
2008-10-04 08:45 . 2008-10-04 08:56 <REP> d-------- C:\Program Files\RALINK
2008-10-04 08:32 . 2008-10-04 08:32 0 --a------ C:\WINDOWS\nsreg.dat
2008-10-03 10:36 . 2008-10-03 10:36 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ACD Systems
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 08:44 2,532 ----a-w C:\WINDOWS\system32\tmp.reg
2008-10-25 17:32 --------- d-----w C:\Program Files\SuperCopier2
2008-10-15 20:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-10 07:58 82,944 ----a-w C:\WINDOWS\system32\o4Patch.exe
2008-10-10 07:58 82,944 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
2008-10-08 10:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-08 10:59 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-10-05 11:41 --------- d-----w C:\Program Files\Apple Software Update
2008-10-04 11:41 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-10-03 09:56 64,653 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-10-03 09:56 6,120 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-10-03 09:52 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-10-03 09:52 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-10-03 09:51 --------- d-----w C:\Program Files\Futuremark
2008-10-03 09:41 --------- d-----w C:\Program Files\Microsoft Works
2008-10-03 09:40 --------- d-----w C:\Program Files\MSBuild
2008-10-03 09:40 --------- d-----w C:\Program Files\Microsoft.NET
2008-10-03 09:38 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-10-03 09:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-10-03 09:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-10-03 09:28 --------- d-----w C:\Program Files\ArcSoft
2008-10-03 09:25 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-10-03 09:22 10,368 ----a-w C:\WINDOWS\system32\drivers\pfc.sys
2008-10-03 09:22 --------- d-----w C:\Program Files\Fichiers communs\ACD Systems
2008-10-03 09:22 --------- d-----w C:\Program Files\ACD Systems
2008-10-03 09:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-10-03 09:06 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-10-03 09:06 --------- d-----w C:\Program Files\Realtek
2008-10-03 09:05 --------- d-----w C:\Program Files\AMD
2008-10-03 09:03 --------- d-----w C:\Program Files\ATI Technologies
2008-10-03 08:35 --------- d-----w C:\Program Files\microsoft frontpage
2008-10-03 08:32 86 ----a-w C:\WINDOWS\system32\config\systemprofile\DelCF8.bat
2008-10-03 08:32 86 ----a-w C:\Documents and Settings\Default User\DelCF8.bat
2008-10-03 08:32 86 ----a-w C:\Documents and Settings\Administrateur\DelCF8.bat
2008-10-03 08:31 --------- d-----w C:\Program Files\Reference Assemblies
2008-10-03 08:30 --------- d-----w C:\Program Files\MSXML 6.0
2008-10-03 08:28 --------- d-----w C:\Program Files\Java
2008-10-03 08:28 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-10-03 08:26 --------- d-----w C:\Program Files\Services en ligne
2008-10-03 08:24 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-10-01 14:51 87,552 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 22:38 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-26 09:10 827,904 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-18 11:19 82,432 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-08-14 13:23 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:23 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-05 22:02 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-08-05 22:02 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-08-05 22:02 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-08-05 22:02 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-08-05 22:02 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-08-05 22:00 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-08-05 22:00 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-08-05 21:59 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-08-05 21:59 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-08-05 21:59 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-08-05 21:59 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-08-05 21:59 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-08-05 21:59 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-08-05 21:59 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-08-05 21:59 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-08-05 21:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-08-05 21:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-08-05 21:58 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-08-05 21:58 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-08-05 21:58 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-08-05 21:58 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-08-05 21:58 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
.
((((((((((((((((((((((((((((( snapshot@2008-10-25_19.33.16.90 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 19:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE
+ 2008-08-07 15:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-10-26 10:02:19 3,690,496 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-10-26 10:02:20 159,744 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-08-07 15:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-10-26 09:43:46 3,690,496 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-10-26 09:43:47 159,744 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
- 2000-08-31 06:00:00 28,672 ----a-w C:\WINDOWS\NIRCMD.exe
+ 2000-08-31 07:00:00 28,672 ----a-w C:\WINDOWS\NIRCMD.exe
- 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\SWREG.exe
+ 2000-08-31 07:00:00 161,792 ----a-w C:\WINDOWS\SWREG.exe
+ 2007-01-31 13:33:46 5,632 ----a-w C:\WINDOWS\system32\drivers\avgarkt.sys
+ 2004-07-31 17:50:36 51,200 ----a-w C:\WINDOWS\system32\dumphive.exe
+ 2008-05-18 20:40:35 82,944 ----a-w C:\WINDOWS\system32\IEDFix.exe
- 2008-10-25 10:06:04 71,308 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-10-26 08:52:45 71,308 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-10-25 10:06:04 84,818 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-10-26 08:52:45 84,818 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-10-25 10:06:04 441,624 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-26 08:52:45 441,624 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-10-25 10:06:04 510,736 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-10-26 08:52:45 510,736 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2003-06-05 20:13:00 53,248 ----a-w C:\WINDOWS\system32\Process.exe
+ 2006-04-27 16:49:30 288,417 ----a-w C:\WINDOWS\system32\SrchSTS.exe
+ 2006-01-09 09:36:06 40,960 ----a-w C:\WINDOWS\system32\swsc.exe
+ 2007-09-05 23:22:23 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe
+ 2007-10-03 23:36:46 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Steam"="D:\Jeux\steam\Steam.exe" [2008-10-08 1410296]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-10 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-04-11 13524992]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-04-11 86016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-10-25 79224]
"SDFix"="C:\SDFix\RunThis.bat" [2008-10-22 906725]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-04-11 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-08-26 C:\WINDOWS\system32\advpack.dll]
C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2008-10-04 618496]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"D:\\Jeux\\test drive\\TestDriveUnlimited.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Jeux\\steam\\SteamApps\\biscaymathieu\\counter-strike source\\hl2.exe"=
"D:\\Jeux\\steam\\SteamApps\\biscaymathieu\\insurgency\\hl2.exe"=
"D:\\Jeux\\steam\\SteamApps\\biscaymathieu\\diprip warm up\\hl2.exe"=
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"D:\\Jeux\\steam\\SteamApps\\biscaymathieu\\zombie panic! source\\hl2.exe"=
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [ ]
S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys [ ]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\Autorun.exe
.
Contenu du dossier 'Tâches planifiées'
2008-10-07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\d2pv1d1p.default\
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 12:51:07
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-10-26 12:51:51
ComboFix-quarantined-files.txt 2008-10-26 11:51:45
ComboFix2.txt 2008-10-26 08:07:43
ComboFix3.txt 2008-10-25 17:33:37
Avant-CF: 1,304,584,192 octets libres
Après-CF: 6,464,368,640 octets libres
331 --- E O F --- 2008-10-23 21:23:03
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1607 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-26 au 2008-10-26 ))))))))))))))))))))))))))))))))))))
.
2008-10-26 10:44 . 2008-10-26 10:44 579,584 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-10-26 10:43 . 2008-10-26 10:43 <REP> d-------- C:\WINDOWS\ERUNT
2008-10-26 10:10 . 2008-10-26 11:28 <REP> d-------- C:\SDFix
2008-10-25 21:37 . 2008-10-26 12:38 <REP> d-------- C:\download
2008-10-25 19:13 . 2007-01-18 13:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-10-25 18:02 . 2008-10-04 12:11 81,920 --a------ C:\Documents and Settings\Administrateur\Application Data\cmstp.exe
2008-10-25 18:00 . 2008-10-04 12:11 81,920 --a------ C:\WINDOWS\system\cmstp.exe
2008-10-25 17:18 . 2008-10-25 17:54 <REP> d-------- C:\ToolBar SD
2008-10-25 15:53 . 2008-10-25 15:53 <REP> d-------- C:\Program Files\Trend Micro
2008-10-25 15:30 . 2008-10-04 12:11 81,920 --a------ C:\Documents and Settings\Administrateur\Application Data\esentutl.exe
2008-10-25 15:29 . 2008-10-04 12:11 81,920 --a------ C:\Documents and Settings\Administrateur\Application Data\sessmgr.exe
2008-10-25 15:28 . 2008-10-04 12:11 81,920 --a------ C:\WINDOWS\ieudinit.exe
2008-10-25 15:03 . 2008-10-26 12:08 <REP> d-------- C:\Program Files\Navilog1
2008-10-25 14:39 . 2008-10-04 12:11 81,920 --a------ C:\WINDOWS\system\dllhst3g.exe
2008-10-25 14:37 . 2008-10-04 12:11 81,920 --a------ C:\WINDOWS\system\rsvp.exe
2008-10-25 14:35 . 2008-10-04 12:11 81,920 --a------ C:\Documents and Settings\Administrateur\Application Data\mqtgsvc.exe
2008-10-25 14:33 . 2008-10-04 12:11 81,920 --a------ C:\Documents and Settings\Administrateur\Application Data\mstsc.exe
2008-10-25 14:33 . 2008-10-04 12:11 81,920 --a------ C:\Documents and Settings\Administrateur\Application Data\clipsrv.exe
2008-10-25 14:30 . 2008-10-04 12:11 81,920 --a------ C:\WINDOWS\system32\drivers\sessmgr.exe
2008-10-25 14:29 . 2008-10-04 12:11 81,920 --a------ C:\Documents and Settings\Administrateur\Application Data\cisvc.exe
2008-10-25 11:21 . 2008-10-25 11:21 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-25 11:21 . 2008-10-25 11:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-25 11:21 . 2008-10-25 11:21 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-10-25 11:21 . 2008-10-22 15:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-25 11:21 . 2008-10-22 15:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-25 10:59 . 2008-10-26 12:39 <REP> d-------- C:\Program Files\FindyKill
2008-10-25 10:04 . 2008-10-04 12:11 81,920 --a------ C:\WINDOWS\system\clipsrv.exe
2008-10-25 09:59 . 2008-10-04 12:11 81,920 --a------ C:\WINDOWS\system32\drivers\mstinit.exe
2008-10-25 09:59 . 2008-10-04 12:11 81,920 --a------ C:\WINDOWS\system\logman.exe
2008-10-25 09:59 . 2008-10-04 12:11 81,920 --a------ C:\Documents and Settings\Administrateur\Application Data\rsvp.exe
2008-10-25 09:58 . 2008-10-04 12:11 81,920 --a------ C:\WINDOWS\esentutl.exe
2008-10-25 09:55 . 2008-10-04 12:11 81,920 --a------ C:\WINDOWS\system32\drivers\esentutl.exe
2008-10-25 09:55 . 2008-10-04 12:11 81,920 --a------ C:\WINDOWS\system32\drivers\dllhst3g.exe
2008-10-25 09:55 . 2008-10-04 12:11 81,920 --a------ C:\WINDOWS\mqtgsvc.exe
2008-10-25 09:52 . 2008-10-04 12:11 81,920 --a------ C:\WINDOWS\system32\drivers\clipsrv.exe
2008-10-25 09:52 . 2008-10-04 12:11 81,920 --a------ C:\WINDOWS\clipsrv.exe
2008-10-25 09:42 . 2008-10-04 12:11 81,920 --a------ C:\WINDOWS\system\mqtgsvc.exe
2008-10-25 09:42 . 2008-10-04 12:11 81,920 --a------ C:\WINDOWS\dllhst3g.exe
2008-10-25 09:41 . 2008-10-04 12:11 81,920 --a------ C:\WINDOWS\system32\drivers\mstsc.exe
2008-10-25 09:40 . 2008-10-04 12:11 81,920 --a------ C:\WINDOWS\sessmgr.exe
2008-10-24 22:03 . 2008-10-04 12:11 81,920 --a------ C:\Documents and Settings\Administrateur\Application Data\logman.exe
2008-10-24 22:02 . 2008-10-04 12:11 81,920 --a------ C:\Documents and Settings\Administrateur\Application Data\mstinit.exe
2008-10-24 21:44 . 2008-10-04 12:11 81,920 --a------ C:\WINDOWS\logman.exe
2008-10-23 18:15 . 2008-10-15 17:35 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-19 20:09 . 2008-10-19 20:12 <REP> d-------- C:\Need for Speed - ProStreet OST
2008-10-19 13:28 . 2008-10-19 13:31 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-10-19 13:28 . 2008-10-20 08:24 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-10-19 13:00 . 2008-10-20 08:24 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-10-19 12:58 . 2008-10-19 12:58 <REP> dr-h----- C:\Documents and Settings\Administrateur\Application Data\SecuROM
2008-10-19 12:13 . 2008-10-19 12:13 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-10-18 09:46 . 2008-10-24 20:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-10-18 08:55 . 2008-10-18 08:55 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-10-16 19:10 . 2008-10-17 15:35 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\DivX
2008-10-16 19:08 . 2008-10-16 19:08 3,532 --a------ C:\drmHeader.bin
2008-10-16 19:06 . 2008-10-16 19:06 <REP> d-------- C:\Program Files\DivX
2008-10-15 16:36 . 2008-08-14 14:23 2,191,232 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 16:36 . 2008-08-14 14:23 2,147,328 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 16:36 . 2008-08-14 14:23 2,068,096 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 16:36 . 2008-08-14 14:23 2,025,984 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 16:36 . 2008-09-15 16:26 1,846,528 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 16:36 . 2008-09-08 11:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-12 22:20 . 2008-10-12 22:20 <REP> d-------- C:\WINDOWS\Sun
2008-10-10 22:42 . 2008-10-10 22:43 <REP> d-------- C:\Program Files\Google
2008-10-10 20:32 . 2008-10-10 20:32 <REP> d-------- C:\Program Files\Fichiers communs\DirectX
2008-10-10 20:20 . 2008-10-10 20:20 <REP> d-------- C:\Program Files\EA GAMES
2008-10-08 18:34 . 2008-10-08 18:34 4,096 --a------ C:\WINDOWS\system32\drivers\nocashio.sys
2008-10-08 12:06 . 2008-10-08 12:06 <REP> d--h-c--- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2008-10-08 12:06 . 2008-10-08 12:07 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-10-08 11:59 . 2008-10-08 11:59 <REP> d-------- C:\ProgramData
2008-10-08 11:59 . 2008-10-08 11:59 <REP> d-------- C:\Program Files\Electronic Arts
2008-10-08 11:59 . 2008-10-08 11:59 662 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-10-08 11:43 . 2008-10-08 11:43 <REP> d-------- C:\Program Files\UltraISO
2008-10-08 11:43 . 2008-10-08 11:43 <REP> d-------- C:\Program Files\Fichiers communs\EZB Systems
2008-10-06 18:17 . 2008-10-06 18:17 <REP> d-------- C:\WINDOWS\system32\fr
2008-10-06 18:17 . 2008-10-06 18:17 <REP> d-------- C:\WINDOWS\system32\bits
2008-10-06 18:17 . 2008-10-06 18:17 <REP> d-------- C:\WINDOWS\l2schemas
2008-10-06 18:15 . 2008-10-06 18:17 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-10-05 21:09 . 2008-10-05 21:09 <REP> d-------- C:\Program Files\Sleepy
2008-10-05 18:24 . 2008-10-05 18:24 <REP> d-------- C:\Program Files\Megaupload
2008-10-05 18:24 . 2008-10-05 18:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Megaupload
2008-10-05 18:24 . 2008-10-05 18:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EmailNotifier
2008-10-05 18:24 . 2008-10-05 18:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Megaupload
2008-10-05 18:24 . 2008-10-05 18:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\EmailNotifier
2008-10-05 14:31 . 2008-04-13 19:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-10-05 14:27 . 2008-10-05 15:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited
2008-10-05 14:06 . 2008-10-05 14:06 <REP> d-------- C:\Program Files\Alcohol Soft
2008-10-05 14:06 . 2005-04-25 09:43 159,616 --a------ C:\WINDOWS\system32\drivers\Vax347b.sys
2008-10-05 14:06 . 2004-04-30 08:33 5,248 --a------ C:\WINDOWS\system32\drivers\Vax347s.sys
2008-10-04 18:36 . 2008-10-04 18:36 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-10-04 12:49 . 2008-10-04 12:49 <REP> d-------- C:\Program Files\LimeWire
2008-10-04 12:49 . 2008-10-25 21:41 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\LimeWire
2008-10-04 12:42 . 2008-10-04 12:42 <REP> d-------- C:\Program Files\iTunes
2008-10-04 12:42 . 2008-10-04 12:42 <REP> d-------- C:\Program Files\iPod
2008-10-04 12:42 . 2008-10-04 12:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-04 12:41 . 2008-10-04 12:41 <REP> d-------- C:\Program Files\QuickTime
2008-10-04 12:35 . 2008-10-04 12:35 <REP> d-------- C:\Program Files\Bonjour
2008-10-04 12:11 . 2008-10-04 12:11 81,920 --a------ C:\WINDOWS\system\sessmgr.exe
2008-10-04 10:32 . 2008-06-14 18:33 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-10-04 10:32 . 2008-06-14 18:33 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-10-04 10:26 . 2008-05-08 15:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-10-04 10:25 . 2008-10-03 17:22 6,068,224 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-10-04 10:25 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-10-04 10:25 . 2007-03-08 06:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-10-04 10:25 . 2008-04-11 20:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-10-04 10:25 . 2008-08-26 10:10 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-10-04 10:25 . 2008-08-26 10:10 380,928 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-10-04 10:25 . 2008-08-26 10:10 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-10-04 10:25 . 2008-08-26 10:10 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-10-04 10:25 . 2008-08-26 10:10 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-10-04 10:25 . 2008-08-25 09:43 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-10-04 09:24 . 2008-10-06 19:21 <REP> d-------- C:\Documents and Settings\Administrateur\Contacts
2008-10-04 09:19 . 2008-10-04 09:24 <REP> d-------- C:\Program Files\Windows Live
2008-10-04 09:19 . 2008-10-04 09:23 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-10-04 09:19 . 2008-10-04 09:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-10-04 09:12 . 2008-10-25 10:57 <REP> d-------- C:\Program Files\eMule
2008-10-04 09:10 . 2008-10-24 22:10 <REP> d-------- C:\Program Files\Alwil Software
2008-10-04 08:57 . 2006-06-08 09:49 344,064 --a------ C:\WINDOWS\system32\drivers\rt73.sys
2008-10-04 08:57 . 2005-12-15 09:38 315,392 --a------ C:\WINDOWS\system32\AegisI5.exe
2008-10-04 08:57 . 2006-06-17 11:29 295,018 --a------ C:\WINDOWS\system32\Install7x.dll
2008-10-04 08:57 . 2008-10-04 08:57 21,275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-10-04 08:57 . 2005-11-30 10:33 2,048 --a------ C:\WINDOWS\system32\drivers\rt73.bin
2008-10-04 08:57 . 2006-03-06 14:36 45 --a------ C:\WINDOWS\filespec7x
2008-10-04 08:45 . 2008-10-04 08:56 <REP> d-------- C:\Program Files\RALINK
2008-10-04 08:32 . 2008-10-04 08:32 0 --a------ C:\WINDOWS\nsreg.dat
2008-10-03 10:36 . 2008-10-03 10:36 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ACD Systems
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 08:44 2,532 ----a-w C:\WINDOWS\system32\tmp.reg
2008-10-25 17:32 --------- d-----w C:\Program Files\SuperCopier2
2008-10-15 20:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-10 07:58 82,944 ----a-w C:\WINDOWS\system32\o4Patch.exe
2008-10-10 07:58 82,944 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
2008-10-08 10:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-08 10:59 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-10-05 11:41 --------- d-----w C:\Program Files\Apple Software Update
2008-10-04 11:41 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-10-03 09:56 64,653 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-10-03 09:56 6,120 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-10-03 09:52 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-10-03 09:52 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-10-03 09:51 --------- d-----w C:\Program Files\Futuremark
2008-10-03 09:41 --------- d-----w C:\Program Files\Microsoft Works
2008-10-03 09:40 --------- d-----w C:\Program Files\MSBuild
2008-10-03 09:40 --------- d-----w C:\Program Files\Microsoft.NET
2008-10-03 09:38 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-10-03 09:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-10-03 09:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-10-03 09:28 --------- d-----w C:\Program Files\ArcSoft
2008-10-03 09:25 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-10-03 09:22 10,368 ----a-w C:\WINDOWS\system32\drivers\pfc.sys
2008-10-03 09:22 --------- d-----w C:\Program Files\Fichiers communs\ACD Systems
2008-10-03 09:22 --------- d-----w C:\Program Files\ACD Systems
2008-10-03 09:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-10-03 09:06 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-10-03 09:06 --------- d-----w C:\Program Files\Realtek
2008-10-03 09:05 --------- d-----w C:\Program Files\AMD
2008-10-03 09:03 --------- d-----w C:\Program Files\ATI Technologies
2008-10-03 08:35 --------- d-----w C:\Program Files\microsoft frontpage
2008-10-03 08:32 86 ----a-w C:\WINDOWS\system32\config\systemprofile\DelCF8.bat
2008-10-03 08:32 86 ----a-w C:\Documents and Settings\Default User\DelCF8.bat
2008-10-03 08:32 86 ----a-w C:\Documents and Settings\Administrateur\DelCF8.bat
2008-10-03 08:31 --------- d-----w C:\Program Files\Reference Assemblies
2008-10-03 08:30 --------- d-----w C:\Program Files\MSXML 6.0
2008-10-03 08:28 --------- d-----w C:\Program Files\Java
2008-10-03 08:28 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-10-03 08:26 --------- d-----w C:\Program Files\Services en ligne
2008-10-03 08:24 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-10-01 14:51 87,552 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 22:38 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-26 09:10 827,904 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-18 11:19 82,432 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-08-14 13:23 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:23 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-05 22:02 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-08-05 22:02 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-08-05 22:02 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-08-05 22:02 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-08-05 22:02 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-08-05 22:00 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-08-05 22:00 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-08-05 21:59 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-08-05 21:59 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-08-05 21:59 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-08-05 21:59 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-08-05 21:59 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-08-05 21:59 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-08-05 21:59 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-08-05 21:59 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-08-05 21:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-08-05 21:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-08-05 21:58 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-08-05 21:58 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-08-05 21:58 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-08-05 21:58 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-08-05 21:58 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
.
((((((((((((((((((((((((((((( snapshot@2008-10-25_19.33.16.90 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 19:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE
+ 2008-08-07 15:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-10-26 10:02:19 3,690,496 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-10-26 10:02:20 159,744 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-08-07 15:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-10-26 09:43:46 3,690,496 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-10-26 09:43:47 159,744 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
- 2000-08-31 06:00:00 28,672 ----a-w C:\WINDOWS\NIRCMD.exe
+ 2000-08-31 07:00:00 28,672 ----a-w C:\WINDOWS\NIRCMD.exe
- 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\SWREG.exe
+ 2000-08-31 07:00:00 161,792 ----a-w C:\WINDOWS\SWREG.exe
+ 2007-01-31 13:33:46 5,632 ----a-w C:\WINDOWS\system32\drivers\avgarkt.sys
+ 2004-07-31 17:50:36 51,200 ----a-w C:\WINDOWS\system32\dumphive.exe
+ 2008-05-18 20:40:35 82,944 ----a-w C:\WINDOWS\system32\IEDFix.exe
- 2008-10-25 10:06:04 71,308 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-10-26 08:52:45 71,308 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-10-25 10:06:04 84,818 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-10-26 08:52:45 84,818 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-10-25 10:06:04 441,624 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-26 08:52:45 441,624 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-10-25 10:06:04 510,736 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-10-26 08:52:45 510,736 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2003-06-05 20:13:00 53,248 ----a-w C:\WINDOWS\system32\Process.exe
+ 2006-04-27 16:49:30 288,417 ----a-w C:\WINDOWS\system32\SrchSTS.exe
+ 2006-01-09 09:36:06 40,960 ----a-w C:\WINDOWS\system32\swsc.exe
+ 2007-09-05 23:22:23 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe
+ 2007-10-03 23:36:46 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Steam"="D:\Jeux\steam\Steam.exe" [2008-10-08 1410296]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-10 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-04-11 13524992]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-04-11 86016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-10-25 79224]
"SDFix"="C:\SDFix\RunThis.bat" [2008-10-22 906725]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-04-11 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-08-26 C:\WINDOWS\system32\advpack.dll]
C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2008-10-04 618496]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"D:\\Jeux\\test drive\\TestDriveUnlimited.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Jeux\\steam\\SteamApps\\biscaymathieu\\counter-strike source\\hl2.exe"=
"D:\\Jeux\\steam\\SteamApps\\biscaymathieu\\insurgency\\hl2.exe"=
"D:\\Jeux\\steam\\SteamApps\\biscaymathieu\\diprip warm up\\hl2.exe"=
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"D:\\Jeux\\steam\\SteamApps\\biscaymathieu\\zombie panic! source\\hl2.exe"=
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [ ]
S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys [ ]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\Autorun.exe
.
Contenu du dossier 'Tâches planifiées'
2008-10-07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\d2pv1d1p.default\
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 12:51:07
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-10-26 12:51:51
ComboFix-quarantined-files.txt 2008-10-26 11:51:45
ComboFix2.txt 2008-10-26 08:07:43
ComboFix3.txt 2008-10-25 17:33:37
Avant-CF: 1,304,584,192 octets libres
Après-CF: 6,464,368,640 octets libres
331 --- E O F --- 2008-10-23 21:23:03
