zabouille

Membres

Afficher le profil Afficher son activité

Compteur de contenus
13
Inscription
le 7 août 2005
Dernière visite
le 6 octobre 2021

Profile Information

Sexe
Female

zabouille's Achievements

Junior Member (3/12)

Réputation sur la communauté

PC très infecté

zabouille a répondu à un(e) sujet de zabouille dans Analyses et éradication malwares

J'ai réinstallé ANTIVIR et le pare-feu WINDOWS. Merci +++ pour tous les conseils et le temps que vous avez passé à régler mon problème. Bon vent à vous.
- le 7 mars 2009
- 14 réponses
PC très infecté

zabouille a répondu à un(e) sujet de zabouille dans Analyses et éradication malwares

Bonjour, voici les derniers rapports : ComboFix 09-03-03.01 - isa 2009-03-07 12:34:13.7 - NTFSx86 MINIMAL Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3070.2728 [GMT 1:00] Lancé depuis: c:\users\isa\Desktop\combofix.exe Commutateurs utilisés :: c:\users\isa\Desktop\CFScript.txt.txt FILE :: c:\users\isa\appdata\roaming\m\flec006.exe:flec006.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-07 au 2009-03-07 )))))))))))))))))))))))))))))))))))) . 2009-03-06 20:32 . 2009-03-06 20:38 <REP> d-------- C:\isa 2009-03-05 19:35 . 2009-03-05 19:35 <REP> d-------- c:\windows\Sun 2009-03-04 21:48 . 2009-03-04 22:48 <REP> d-------- C:\ToolBar SD 2009-03-04 20:46 . 2009-03-04 20:46 <REP> d-------- c:\program files\yes 2009-03-04 20:16 . 2009-03-04 20:18 <REP> d-------- c:\program files\scanhijt 2009-03-04 20:05 . 2009-03-04 20:07 <REP> d-------- c:\program files\karcher 2009-03-02 22:17 . 2009-03-02 22:17 <REP> d-------- c:\users\All Users\WindowsSearch 2009-03-02 22:17 . 2009-03-02 22:17 <REP> d-------- c:\programdata\WindowsSearch 2009-03-01 19:16 . 2009-03-01 19:42 <REP> d-------- c:\users\All Users\avg8 2009-03-01 19:16 . 2009-03-01 19:42 <REP> d-------- c:\programdata\avg8 2009-03-01 17:42 . 2009-03-01 17:42 <REP> d-------- c:\program files\CCleaner 2009-03-01 17:23 . 2009-03-04 23:40 <REP> d--h----- c:\users\isa\AppData\Roaming\drivers 2009-03-01 13:22 . 2009-03-06 21:16 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy 2009-03-01 13:22 . 2009-03-06 21:16 <REP> d-------- c:\programdata\Spybot - Search & Destroy 2009-03-01 13:22 . 2009-03-06 21:17 <REP> d-------- c:\program files\Spybot - Search & Destroy 2009-03-01 12:23 . 2009-03-01 12:23 <REP> d-------- c:\users\isa\AppData\Roaming\FloodLightGames 2009-03-01 12:19 . 2009-03-01 12:19 <REP> d-------- c:\users\isa\AppData\Roaming\eSobi 2009-02-28 18:27 . 2009-02-28 18:27 <REP> d-------- c:\users\isa\AppData\Roaming\Flood Light Games 2009-02-28 18:27 . 2009-02-28 18:27 <REP> d-------- c:\users\All Users\Flood Light Games 2009-02-28 18:27 . 2009-02-28 18:27 <REP> d-------- c:\programdata\Flood Light Games 2009-02-26 21:12 . 2006-11-28 20:46 28,224 --a------ c:\windows\System32\drivers\PCAMp50.sys 2009-02-26 21:12 . 2006-11-28 20:46 27,072 --a------ c:\windows\System32\drivers\PCASp50.sys 2009-02-26 21:11 . 2009-02-26 21:11 <REP> d-------- c:\program files\Securitoo 2009-02-26 21:11 . 2009-02-26 21:39 <REP> d-------- c:\program files\OrangeHSS 2009-02-26 21:11 . 2007-12-11 20:22 65,536 --a------ c:\windows\System32\Autodial2000.dll 2009-02-26 21:07 . 2009-02-26 21:07 <REP> d-------- c:\program files\Common Files\France Telecom 2009-02-16 20:59 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll 2009-02-16 20:59 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll 2009-02-16 20:59 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax 2009-02-16 20:59 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax 2009-02-16 20:59 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax 2009-02-13 20:11 . 2009-02-13 20:11 <REP> d-------- c:\program files\Canal 2009-02-13 20:10 . 2009-02-13 20:10 <REP> d-------- c:\program files\Common Files\Adobe AIR 2009-02-11 22:24 . 2009-02-11 22:24 <REP> d-------- c:\users\isa\AppData\Roaming\Media Player Classic 2009-02-11 22:23 . 2009-02-11 22:23 <REP> d-------- c:\users\All Users\Real 2009-02-11 22:23 . 2009-02-11 22:23 <REP> d-------- c:\program files\K-Lite Codec Pack 2009-02-11 00:42 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb 2009-02-11 00:42 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll 2009-02-07 20:18 . 2008-06-25 20:57 446,464 --a------ c:\windows\System32\nvudisp.exe 2009-02-07 20:18 . 2008-06-25 20:57 8,429 --a------ c:\windows\System32\nvdisp.nvu 2009-02-07 20:17 . 2009-02-07 20:17 <REP> d-------- c:\program files\My Company Name . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-03 16:36 --------- d-----w c:\users\isa\AppData\Roaming\Image Zone Express 2009-03-01 20:29 --------- d-----w c:\program files\7-Zip 2009-03-01 11:41 --------- d-----w c:\program files\Acer GameZone 2009-03-01 11:34 --------- d-----w c:\program files\Common Files\Oberon Media 2009-03-01 11:31 --------- d---a-w c:\programdata\TEMP 2009-03-01 11:22 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-01 11:22 --------- d-----w c:\program files\eSobi 2009-03-01 11:06 --------- d-----w c:\users\isa\AppData\Roaming\uTorrent 2009-02-28 17:25 --------- d-----w c:\program files\Oberon Media 2009-02-11 21:11 --------- d-----w c:\program files\Java 2009-02-11 02:00 --------- d-----w c:\program files\Windows Mail 2009-02-07 19:24 --------- d-----w c:\programdata\NVIDIA 2009-02-04 17:34 --------- d-----w c:\programdata\BSD 2009-02-04 17:33 --------- d-----w c:\users\isa\AppData\Roaming\BSD Concept 2009-02-04 17:30 --------- d-----w c:\programdata\BSD Concept 2009-02-04 17:29 --------- d-----w c:\program files\BSD Concept 2009-02-04 15:52 --------- d-----w c:\users\isa\AppData\Roaming\Printer Info Cache 2009-02-03 17:51 --------- d-----w c:\program files\Common Files\Adobe 2008-12-08 11:53 57,344 ----a-w c:\windows\System32\ff_vfw.dll 2008-12-07 18:08 795,648 ----a-w c:\windows\System32\xvidcore.dll 2008-12-07 18:08 130,048 ----a-w c:\windows\System32\xvidvfw.dll 2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini . ((((((((((((((((((((((((((((( SnapShot@2009-03-04_23.44.08,75 ))))))))))))))))))))))))))))))))))))))))) . - 2009-03-04 22:42:29 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2009-03-07 11:37:18 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2009-03-07 11:37:18 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2009-03-04 22:42:29 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2009-03-07 11:37:18 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2009-03-07 11:37:18 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2009-03-04 22:38:24 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-03-07 11:27:27 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-03-07 11:27:27 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-03-04 22:38:24 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-03-07 11:27:27 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-03-01 21:09:26 101,052 ----a-w c:\windows\System32\perfc009.dat + 2009-03-06 19:27:37 101,052 ----a-w c:\windows\System32\perfc009.dat - 2009-03-01 21:09:26 123,350 ----a-w c:\windows\System32\perfc00C.dat + 2009-03-06 19:27:37 123,350 ----a-w c:\windows\System32\perfc00C.dat - 2009-03-01 21:09:26 586,980 ----a-w c:\windows\System32\perfh009.dat + 2009-03-06 19:27:37 586,980 ----a-w c:\windows\System32\perfh009.dat - 2009-03-01 21:09:26 669,328 ----a-w c:\windows\System32\perfh00C.dat + 2009-03-06 19:27:37 669,328 ----a-w c:\windows\System32\perfh00C.dat - 2009-03-04 22:26:28 7,130 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-897740455-3590922161-1516729470-1000_UserData.bin + 2009-03-06 20:28:45 8,288 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-897740455-3590922161-1516729470-1000_UserData.bin - 2009-03-04 22:26:28 76,156 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2009-03-06 20:28:44 76,950 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2009-03-04 22:26:26 56,188 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-03-06 20:28:42 57,046 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin - 2009-02-13 16:36:59 143,136 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2009-03-07 11:26:01 185,882 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-03-04 23:38 121392 --a------ c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 c:\windows\System32\oobefldr.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-09 326176] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896] "PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908] "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344] "NVRaidService"="c:\windows\system32\nvraidservice.exe" [2007-12-07 196128] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-25 13535776] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-25 92704] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248] "RtHDVCpl"="RtHDVCpl.exe" [2007-10-11 c:\windows\RtHDVCpl.exe] c:\users\isa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-08-09 344064] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-03-21 535336] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "FilterAdministratorToken"= 1 (0x1) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-897740455-3590922161-1516729470-1000] "EnableNotificationsRef"=dword:00000003 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{9A0FC0E6-C41A-491D-85B2-7B42B0C4D7B6}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{9272E7EA-E5B0-4E65-AA03-61B849992A79}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{0590D135-20CF-4616-83A2-B4D64D7A7ADC}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live "{40F60C6C-DD8E-40B8-AB34-5061C567E010}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine "{EC714915-D3A6-43D3-B785-23155F4ED9A6}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia "{8FB6D042-3CF4-407D-A2E9-A1CE05C41456}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect "{542BA28B-703D-48DB-B83F-94E757E578BF}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service "{B34DAF09-668F-41FD-94EB-A7A892360F5C}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD "{A924C65E-76C0-4E34-9E09-9FC3F7E6691A}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician "{F051E17E-51EF-4830-B367-F6DA497077E5}"= c:\program files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator "{F158742F-48F9-4833-8369-7CBA8CC22457}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician "{E8C480A7-0F8F-40E3-951C-B35DCEC99082}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{CBE69F7D-80D0-4A78-88AA-458BB971821C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{3472E74A-6E0F-4073-BC32-5308013B35C5}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule "UDP Query User{7175209C-DF98-4A73-8BBA-2DD7418FAA57}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule "TCP Query User{12457E32-2269-4F32-8199-418A15C8594B}c:\\emule\\emule.exe"= UDP:c:\emule\emule.exe:eMule "UDP Query User{7A84D4A4-86CA-400C-AF68-1173647BA356}c:\\emule\\emule.exe"= TCP:c:\emule\emule.exe:eMule "TCP Query User{0814C510-F5D5-4BBC-BB0B-6DA28EB05CF0}c:\\users\\isa\\appdata\\roaming\\m\\flec006.exe"= UDP:c:\users\isa\appdata\roaming\m\flec006.exe:flec006.exe "UDP Query User{65EF53D6-8B7C-4B31-AAC6-26517E77BF6D}c:\\users\\isa\\appdata\\roaming\\m\\flec006.exe"= TCP:c:\users\isa\appdata\roaming\m\flec006.exe:flec006.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS R1 ATMhelpr;ATMhelpr;c:\windows\System32\drivers\ATMHELPR.SYS [2008-09-20 4064] R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-03-21 269448] S3 NVHDA;Service for NVIDIA HDMI Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2008-03-21 30752] S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [2009-02-26 28224] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contenu du dossier 'Tâches planifiées' 2009-03-02 c:\windows\Tasks\WebReg Photosmart C3100 series.job - c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2006-12-10 20:36] . . ------- Examen supplémentaire ------- . uStart Page = www.orange.fr mWindow Title = IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-07 12:37:21 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'Explorer.exe'(5892) c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\nvvsvc.exe c:\windows\System32\audiodg.exe c:\windows\System32\rundll32.exe c:\acer\Empowering Technology\ePerformance\MemCheck.exe c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\System32\conime.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\windows\System32\WUDFHost.exe c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe c:\acer\Empowering Technology\eSettings\Service\capuserv.exe c:\windows\System32\rundll32.exe c:\windows\ehome\ehmsas.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\System32\wbem\unsecapp.exe c:\progra~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe c:\acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe c:\acer\Empowering Technology\eRecovery\eRAgent.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\program files\OrangeHSS\Systray\SystrayApp.exe c:\windows\System32\dllhost.exe . ************************************************************************** . Heure de fin: 2009-03-07 12:39:20 - La machine a redémarré ComboFix-quarantined-files.txt 2009-03-07 11:39:16 ComboFix2.txt 2009-03-06 20:30:30 ComboFix3.txt 2009-03-06 20:14:44 ComboFix4.txt 2009-03-06 19:53:27 ComboFix5.txt 2009-03-07 11:33:57 Avant-CF: 117,492,494,336 octets libres Après-CF: 117,432,889,344 octets libres 240 --- E O F --- 2009-02-26 20:40:05 le rapport "toolscleaner" : [ Rapport ToolsCleaner version 2.3.2 (par A.Rothstein & dj QUIOU) ] -->- Recherche: C:\Combofix.txt: trouvé ! C:\fixnavi.txt: trouvé ! C:\cleannavi.txt: trouvé ! C:\TB.txt: trouvé ! C:\Combofix: trouvé ! C:\Qoobox: trouvé ! C:\Toolbar SD: trouvé ! C:\isa\Combofix.txt: trouvé ! C:\Program Files\karcher\HijackThis.exe: trouvé ! C:\Program Files\scanhijt\HijackThis: trouvé ! C:\Program Files\yes\HijackThis.exe: trouvé ! C:\Users\isa\AppData\Roaming\Microsoft\Windows\Recent\HijackThis.lnk: trouvé ! C:\Users\isa\Desktop\Navilog1.exe: trouvé ! C:\Users\isa\Desktop\ComboFix.exe: trouvé ! C:\Users\isa\Desktop\ToolBarSD.exe: trouvé ! --------------------------------- -->- Suppression: C:\Program Files\karcher\HijackThis.exe: supprimé ! C:\Program Files\yes\HijackThis.exe: supprimé ! C:\Users\isa\AppData\Roaming\Microsoft\Windows\Recent\HijackThis.lnk: supprimé ! C:\Users\isa\Desktop\Navilog1.exe: supprimé ! C:\Users\isa\Desktop\ComboFix.exe: ERREUR DE SUPPRESSION !! C:\Users\isa\Desktop\ToolBarSD.exe: supprimé ! C:\Combofix.txt: supprimé ! C:\fixnavi.txt: supprimé ! C:\cleannavi.txt: supprimé ! C:\TB.txt: supprimé ! C:\isa\Combofix.txt: supprimé ! C:\Combofix: supprimé ! C:\Qoobox: supprimé ! C:\Toolbar SD: supprimé ! C:\Program Files\scanhijt\HijackThis: supprimé ! et le rapport HJT : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:52, on 2009-03-07 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\conime.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\mobsync.exe C:\Acer\Empowering Technology\SysMonitor.exe C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Windows\System32\nvraidservice.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\System32\rundll32.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\OrangeHSS\systray\systrayapp.exe C:\Windows\Explorer.exe C:\Windows\system32\SearchFilterHost.exe C:\nettoyage\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: Empowering Technology Launcher.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_11) - O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- End of file - 7127 bytes
- le 7 mars 2009
- 14 réponses
PC très infecté

zabouille a répondu à un(e) sujet de zabouille dans Analyses et éradication malwares

Bonsoir, Voici le rapport de Combofix : ComboFix 09-03-03.01 - isa 2009-03-06 21:23:41.6 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3070.2161 [GMT 1:00] Lancé depuis: c:\users\isa\Desktop\combofix.exe Commutateurs utilisés :: c:\users\isa\Desktop\CFScript.txt.txt * Un nouveau point de restauration a été créé FILE :: c:\users\isa\AppData\Local\RtHDVCpl.exe c:\users\isa\Downloads\eMule\Incoming\keygen.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-06 au 2009-03-06 )))))))))))))))))))))))))))))))))))) . 2009-03-06 20:32 . 2009-03-06 20:38 <REP> d-------- C:\isa 2009-03-05 19:35 . 2009-03-05 19:35 <REP> d-------- c:\windows\Sun 2009-03-04 21:48 . 2009-03-04 22:48 <REP> d-------- C:\ToolBar SD 2009-03-04 20:46 . 2009-03-04 20:46 <REP> d-------- c:\program files\yes 2009-03-04 20:16 . 2009-03-04 20:18 <REP> d-------- c:\program files\scanhijt 2009-03-04 20:05 . 2009-03-04 20:07 <REP> d-------- c:\program files\karcher 2009-03-02 22:17 . 2009-03-02 22:17 <REP> d-------- c:\users\All Users\WindowsSearch 2009-03-02 22:17 . 2009-03-02 22:17 <REP> d-------- c:\programdata\WindowsSearch 2009-03-01 19:16 . 2009-03-01 19:42 <REP> d-------- c:\users\All Users\avg8 2009-03-01 19:16 . 2009-03-01 19:42 <REP> d-------- c:\programdata\avg8 2009-03-01 17:42 . 2009-03-01 17:42 <REP> d-------- c:\program files\CCleaner 2009-03-01 17:23 . 2009-03-04 23:40 <REP> d--h----- c:\users\isa\AppData\Roaming\drivers 2009-03-01 13:22 . 2009-03-06 21:16 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy 2009-03-01 13:22 . 2009-03-06 21:16 <REP> d-------- c:\programdata\Spybot - Search & Destroy 2009-03-01 13:22 . 2009-03-06 21:17 <REP> d-------- c:\program files\Spybot - Search & Destroy 2009-03-01 12:23 . 2009-03-01 12:23 <REP> d-------- c:\users\isa\AppData\Roaming\FloodLightGames 2009-03-01 12:19 . 2009-03-01 12:19 <REP> d-------- c:\users\isa\AppData\Roaming\eSobi 2009-02-28 18:27 . 2009-02-28 18:27 <REP> d-------- c:\users\isa\AppData\Roaming\Flood Light Games 2009-02-28 18:27 . 2009-02-28 18:27 <REP> d-------- c:\users\All Users\Flood Light Games 2009-02-28 18:27 . 2009-02-28 18:27 <REP> d-------- c:\programdata\Flood Light Games 2009-02-26 21:12 . 2006-11-28 20:46 28,224 --a------ c:\windows\System32\drivers\PCAMp50.sys 2009-02-26 21:12 . 2006-11-28 20:46 27,072 --a------ c:\windows\System32\drivers\PCASp50.sys 2009-02-26 21:11 . 2009-02-26 21:11 <REP> d-------- c:\program files\Securitoo 2009-02-26 21:11 . 2009-02-26 21:39 <REP> d-------- c:\program files\OrangeHSS 2009-02-26 21:11 . 2007-12-11 20:22 65,536 --a------ c:\windows\System32\Autodial2000.dll 2009-02-26 21:07 . 2009-02-26 21:07 <REP> d-------- c:\program files\Common Files\France Telecom 2009-02-16 20:59 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll 2009-02-16 20:59 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll 2009-02-16 20:59 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax 2009-02-16 20:59 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax 2009-02-16 20:59 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax 2009-02-13 20:11 . 2009-02-13 20:11 <REP> d-------- c:\program files\Canal 2009-02-13 20:10 . 2009-02-13 20:10 <REP> d-------- c:\program files\Common Files\Adobe AIR 2009-02-11 22:24 . 2009-02-11 22:24 <REP> d-------- c:\users\isa\AppData\Roaming\Media Player Classic 2009-02-11 22:23 . 2009-02-11 22:23 <REP> d-------- c:\users\All Users\Real 2009-02-11 22:23 . 2009-02-11 22:23 <REP> d-------- c:\program files\K-Lite Codec Pack 2009-02-11 00:42 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb 2009-02-11 00:42 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll 2009-02-07 20:18 . 2008-06-25 20:57 446,464 --a------ c:\windows\System32\nvudisp.exe 2009-02-07 20:18 . 2008-06-25 20:57 8,429 --a------ c:\windows\System32\nvdisp.nvu 2009-02-07 20:17 . 2009-02-07 20:17 <REP> d-------- c:\program files\My Company Name 2009-02-06 23:13 . 2009-02-06 23:13 45 --a------ c:\windows\System32\initdebug.nfo . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-03 16:36 --------- d-----w c:\users\isa\AppData\Roaming\Image Zone Express 2009-03-01 20:29 --------- d-----w c:\program files\7-Zip 2009-03-01 11:41 --------- d-----w c:\program files\Acer GameZone 2009-03-01 11:34 --------- d-----w c:\program files\Common Files\Oberon Media 2009-03-01 11:31 --------- d---a-w c:\programdata\TEMP 2009-03-01 11:22 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-01 11:22 --------- d-----w c:\program files\eSobi 2009-03-01 11:06 --------- d-----w c:\users\isa\AppData\Roaming\uTorrent 2009-02-28 17:25 --------- d-----w c:\program files\Oberon Media 2009-02-11 21:11 --------- d-----w c:\program files\Java 2009-02-11 02:00 --------- d-----w c:\program files\Windows Mail 2009-02-07 19:24 --------- d-----w c:\programdata\NVIDIA 2009-02-04 17:34 --------- d-----w c:\programdata\BSD 2009-02-04 17:33 --------- d-----w c:\users\isa\AppData\Roaming\BSD Concept 2009-02-04 17:30 --------- d-----w c:\programdata\BSD Concept 2009-02-04 17:29 --------- d-----w c:\program files\BSD Concept 2009-02-04 15:52 --------- d-----w c:\users\isa\AppData\Roaming\Printer Info Cache 2009-02-03 17:51 --------- d-----w c:\program files\Common Files\Adobe 2008-12-08 11:53 57,344 ----a-w c:\windows\System32\ff_vfw.dll 2008-12-07 18:08 795,648 ----a-w c:\windows\System32\xvidcore.dll 2008-12-07 18:08 130,048 ----a-w c:\windows\System32\xvidvfw.dll 2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini . ((((((((((((((((((((((((((((( SnapShot@2009-03-04_23.44.08,75 ))))))))))))))))))))))))))))))))))))))))) . - 2009-03-04 22:42:29 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2009-03-06 20:27:13 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2009-03-06 20:27:13 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2009-03-04 22:42:29 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2009-03-06 20:27:12 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2009-03-06 20:27:12 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2009-03-04 22:38:24 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-03-06 20:19:45 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-03-06 20:19:45 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-03-04 22:38:24 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-03-06 20:19:45 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-03-01 21:09:26 101,052 ----a-w c:\windows\System32\perfc009.dat + 2009-03-06 19:27:37 101,052 ----a-w c:\windows\System32\perfc009.dat - 2009-03-01 21:09:26 123,350 ----a-w c:\windows\System32\perfc00C.dat + 2009-03-06 19:27:37 123,350 ----a-w c:\windows\System32\perfc00C.dat - 2009-03-01 21:09:26 586,980 ----a-w c:\windows\System32\perfh009.dat + 2009-03-06 19:27:37 586,980 ----a-w c:\windows\System32\perfh009.dat - 2009-03-01 21:09:26 669,328 ----a-w c:\windows\System32\perfh00C.dat + 2009-03-06 19:27:37 669,328 ----a-w c:\windows\System32\perfh00C.dat - 2009-03-04 22:26:28 7,130 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-897740455-3590922161-1516729470-1000_UserData.bin + 2009-03-06 20:19:32 8,130 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-897740455-3590922161-1516729470-1000_UserData.bin - 2009-03-04 22:26:28 76,156 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2009-03-06 20:19:32 76,950 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2009-03-04 22:26:26 56,188 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-03-06 20:19:31 57,014 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin - 2009-02-13 16:36:59 143,136 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2009-03-06 19:03:16 181,592 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-03-04 23:38 121392 --a------ c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 c:\windows\System32\oobefldr.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-09 326176] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896] "PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908] "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344] "NVRaidService"="c:\windows\system32\nvraidservice.exe" [2007-12-07 196128] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-25 13535776] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-25 92704] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248] "RtHDVCpl"="RtHDVCpl.exe" [2007-10-11 c:\windows\RtHDVCpl.exe] c:\users\isa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-08-09 344064] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-03-21 535336] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "FilterAdministratorToken"= 1 (0x1) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-897740455-3590922161-1516729470-1000] "EnableNotificationsRef"=dword:00000003 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{9A0FC0E6-C41A-491D-85B2-7B42B0C4D7B6}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{9272E7EA-E5B0-4E65-AA03-61B849992A79}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{0590D135-20CF-4616-83A2-B4D64D7A7ADC}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live "{40F60C6C-DD8E-40B8-AB34-5061C567E010}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine "{EC714915-D3A6-43D3-B785-23155F4ED9A6}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia "{8FB6D042-3CF4-407D-A2E9-A1CE05C41456}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect "{542BA28B-703D-48DB-B83F-94E757E578BF}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service "{B34DAF09-668F-41FD-94EB-A7A892360F5C}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD "{A924C65E-76C0-4E34-9E09-9FC3F7E6691A}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician "{F051E17E-51EF-4830-B367-F6DA497077E5}"= c:\program files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator "{F158742F-48F9-4833-8369-7CBA8CC22457}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician "{E8C480A7-0F8F-40E3-951C-B35DCEC99082}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{CBE69F7D-80D0-4A78-88AA-458BB971821C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{3472E74A-6E0F-4073-BC32-5308013B35C5}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule "UDP Query User{7175209C-DF98-4A73-8BBA-2DD7418FAA57}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule "TCP Query User{12457E32-2269-4F32-8199-418A15C8594B}c:\\emule\\emule.exe"= UDP:c:\emule\emule.exe:eMule "UDP Query User{7A84D4A4-86CA-400C-AF68-1173647BA356}c:\\emule\\emule.exe"= TCP:c:\emule\emule.exe:eMule "TCP Query User{0814C510-F5D5-4BBC-BB0B-6DA28EB05CF0}c:\\users\\isa\\appdata\\roaming\\m\\flec006.exe"= UDP:c:\users\isa\appdata\roaming\m\flec006.exe:flec006.exe "UDP Query User{65EF53D6-8B7C-4B31-AAC6-26517E77BF6D}c:\\users\\isa\\appdata\\roaming\\m\\flec006.exe"= TCP:c:\users\isa\appdata\roaming\m\flec006.exe:flec006.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS R1 ATMhelpr;ATMhelpr;c:\windows\System32\drivers\ATMHELPR.SYS [2008-09-20 4064] R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-03-21 269448] S3 NVHDA;Service for NVIDIA HDMI Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2008-03-21 30752] S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [2009-02-26 28224] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contenu du dossier 'Tâches planifiées' 2009-03-02 c:\windows\Tasks\WebReg Photosmart C3100 series.job - c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2006-12-10 20:36] . . ------- Examen supplémentaire ------- . uStart Page = www.orange.fr mWindow Title = IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-06 21:27:15 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'Explorer.exe'(3780) c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll c:\users\isa\AppData\Local\Temp\catchme.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\nvvsvc.exe c:\windows\System32\audiodg.exe c:\windows\System32\rundll32.exe c:\acer\Empowering Technology\ePerformance\MemCheck.exe c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\windows\System32\conime.exe c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe c:\acer\Empowering Technology\eSettings\Service\capuserv.exe c:\windows\System32\WUDFHost.exe c:\combofix\hidec.exe c:\windows\System32\rundll32.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\ehome\ehmsas.exe c:\acer\Empowering Technology\eRecovery\eRAgent.exe c:\progra~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe c:\windows\System32\wbem\unsecapp.exe c:\program files\OrangeHSS\Systray\SystrayApp.exe c:\program files\OrangeHSS\Connectivity\corecom\CoreCom.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\windows\servicing\TrustedInstaller.exe c:\windows\System32\taskmgr.exe c:\combofix\Catchme.tmp c:\windows\System32\dllhost.exe . ************************************************************************** . Heure de fin: 2009-03-06 21:30:29 - La machine a redémarré [isa] ComboFix-quarantined-files.txt 2009-03-06 20:29:10 ComboFix2.txt 2009-03-06 20:14:44 ComboFix3.txt 2009-03-06 19:53:27 ComboFix4.txt 2009-03-06 19:46:52 ComboFix5.txt 2009-03-06 20:21:07 Avant-CF: 119,070,072,832 octets libres Après-CF: 118,927,994,880 octets libres 250 --- E O F --- 2009-02-26 20:40:05
- le 6 mars 2009
- 14 réponses
PC très infecté

zabouille a répondu à un(e) sujet de zabouille dans Analyses et éradication malwares

Bonsoir, voici le scan de Kaspersky : -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Thursday, March 5, 2009 Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Thursday, March 05, 2009 18:30:40 Records in database: 1871308 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan statistics: Files scanned: 124302 Threat name: 4 Infected objects: 140 Suspicious objects: 0 Duration of the scan: 01:15:59 File name / Threat name / Threats count C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\drivers\downld\161383.exe.vir Infected: Email-Worm.Win32.Bagle.of 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\drivers\downld\297462.exe.vir Infected: Email-Worm.Win32.Bagle.of 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\drivers\downld\344029.exe.vir Infected: Email-Worm.Win32.Bagle.of 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\drivers\downld\593630.exe.vir Infected: Email-Worm.Win32.Bagle.of 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\drivers\downld\841687.exe.vir Infected: Email-Worm.Win32.Bagle.of 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\drivers\winupgro.exe.vir Infected: Trojan-Downloader.Win32.Bagle.aoe 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\data.oct.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\flec006.exe.vir Infected: Email-Worm.Win32.Bagle.of 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\1ClickZoom.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\A+ File Protection 2.6.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Advanced Net Monitor for Classroom Professional 2.5.4.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\AllStar Video to iPod Converter 3.50.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\ar-CVevaluation 4.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Argentum MyFiles 2.5.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Art of War Screen Saver 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\ASPNetVideo 2.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Ateksoft WebCamera Plus 2.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\ATN Night Vision Monoculars Screensaver 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\AudioSpect 0.95.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\AviScript 2.9.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Backup Password Recovery Key 8.0 build 2514 Key.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\BioniX Wallpaper 5.7.77.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Bitdefender.Internet.Security.v10.by.dark [email protected] Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\BugMeNot 2.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\CD Sequencer 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Celframe Office Pro 4.15.000.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Chicken Invaders 1.3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Christmas Tree Screensaver 1.06.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Classical Radio 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Clever Internet Suite 6.2 [Key+Serial].zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Clockmaker Icon Generator 1.1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Color Syntax 1.0.0.47.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Comic Collector Professional 6.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Conversational Spanish 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Cool MMS Template Builder Personal 1.01.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Country Music's Sugarland Firefox Theme 1.1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\DataDrafter Personal Edition 1.3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\DataKeeper 1.09.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\DaToInfo 2.0 (With Crack).zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Desktop Authority Express 6.60.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Desktop iCalendar 1.2.6.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\DeviceLock Me 1.42 (Crack).zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Dictionary Gadget 1.0.0.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Directory Compare 2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Disk and Registry Alert 2.39 (KeyGen).zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\DriveVar 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\DTaskManager 1.50.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\DVD Creator 2.0 KeyGen.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\DvdReMake 3.2.2 KeyGen.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Dynamic Copyright It! 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\E20-540 Practice Exam Testing Engine Software 1.0 Key.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\East Asia Satellite 0.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Easy Ringtone Maker 2.0.4.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\ePlum GetPictures 2.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Equivalent Script 1.1 [Patch].zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\eScan Virus Control Edition 9.0.722.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Evonergy Ezy Retouch 1.1.9.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Exchange System Manager for Windows Vista 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\EXE Password Lock 1.01 (Crack).zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\ExpertGPS 2.3.4 Beta 7.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\FeedWrite 2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Flash2AVI Professional 1.0.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\FlexiMIS 1.0 (KeyGen).zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Global Search and Reservations of Hotels 2.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\HandWallet 4.09.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\HSLAB Print Logger EE 5.1.35.584.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\iLead DVD to PSP Converter 3.5.3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Invoice Organizer Deluxe 2.8 (Serial).zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Ipod eBook Maker 1.6 (KeyGen).zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\iPodifier 1.504.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\It's Just What I did Blog 0.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Jungle Stalker WP 1.00.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Kaspersky Antivirus Personal Pro 5.0.20 KEYGEN.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Kav.Kis.Kaspersky.Antivirus.And.Internet.Security.Cracked.Until.2017.zip.vi r Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Largest Files Finder 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Law Firm Management ToolKit 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\LingvoSoft Dictionary 2006 German Spanish 3.1.41.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\LingvoSoft Talking Picture Dictionary 2008 Italian - Arabic 1.2.26.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Log Monitor 0.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\MB Free Capricorn Astrology 1.60.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\MB Free Inner Dreams Number 1.55.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\McAfee.AntiSpyware.Enterprise.v8.5sa.patch.crack.multiLanguage.with.serial. by.ParadoX.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Memorize Website Downloader 1.01.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Movienizer 1.8 Build 50.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\MSN content crazy show 5.2.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Music Express 4.26.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Net Monitor for Employees 2.8.7 (With Crack).zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Offline Site Map Generator 2.3.1.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\On This Date In History Podcast Feed Widget 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\onealarm.Y.Avast.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Oront Burning Kit 2 Basic 2.5.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\PC Audio Converter 1.3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Peaks Screensaver 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Peti 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\PhotoZoom Professional 1.2.6.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Php Charts 1.4.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Privacy Inspector 2.00.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Protara Standard Edition 1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\PW Bulk Rename 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Quick Launch Shortcut 2.0 Patch.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\RDF Viewer 1.3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\rebuilt.Kaspersky.antivirus.v6.0.Personal.keys.2007.(todo.espaÃ±ol-spanish).zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Remote Explorer 01.930.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\REN 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\ScheduLAN 5.9.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Secret Garden 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\SF-BusinessCard 2.00 [Patch].zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Silent hill mobile.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\SimonView Standard 2.2.0.4.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Sine + Cosine Oscillator 1881.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\SizeExplorer Pro 3.8.5.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\SOASYNC 1.0.0 Build 20080407.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\SoftAmbulance Wiperaser 1.13.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\SpywareKill 2.5.2117.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\SQLH2 2.027.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\StatFi 2007 4.8.6.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Steganography 1.8.1228 Key+Serial.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Storm Over The Capital Screensaver 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\SuDoku Tutor 3i.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\SureInvoice 4.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Swiss Alps Screensaver 1.00.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\TabClock 1.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Taskbar Repair Tool Plus! 1.1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Terracide demo 0.94.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\The Mop 4.40 Beta 2 Cracked.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Tropical Splendor 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Type O'Key 1.0 [With Crack].zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Visual Button Ex 1.20.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\WazTree II 0.168.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Wedding Tip of the Day and Countdown 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\XBasic 6.23.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Yanoff Minus 3.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\YouTube FLV to AVI Easy Converter 2.1.3 (Key).zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\YouTube Video Player 1.0.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Users\isa\AppData\Roaming\m\shared\Zodiac Clock 3D Screensaver 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aoi 1 C:\Qoobox\Quarantine\C\Windows\System32\mdelk.exe.vir Infected: Email-Worm.Win32.Bagle.of 1 C:\Qoobox\Quarantine\C\Windows\System32\wintems.exe.vir Infected: Email-Worm.Win32.Bagle.of 1 C:\Qoobox\Quarantine\Registry_backups\Service_srosa.reg.dat Infected: Trojan-Downloader.Win32.Bagle.hp 1 C:\Users\isa\AppData\Local\RtHDVCpl.exe Infected: Trojan-Downloader.Win32.Bagle.aoe 1 C:\Users\isa\Downloads\eMule\Incoming\keygen.exe Infected: Trojan-Downloader.Win32.Bagle.aoe 1 The selected area was scanned.
- le 5 mars 2009
- 14 réponses
PC très infecté

zabouille a répondu à un(e) sujet de zabouille dans Analyses et éradication malwares

Et pour finir le rapport de "combofix" J'ai l'impression que le PC va déjà beaucoup mieux. Merci encore pour vos conseils judicieux. Juste une petite question : est-ce que je peux d'ores et déjà réinstaller "antivir" ou faut-il attendre encore? ComboFix 09-03-03.01 - SYSTEM 2009-03-04 23:38:24.1 - NTFSx86 MINIMAL Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3070.2734 [GMT 1:00] Lancé depuis: c:\users\isa\Desktop\isa.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\QUAD Utilities c:\users\isa\AppData\Roaming\.# c:\users\isa\AppData\Roaming\.#\MBX@AC0@1D02990.### c:\users\isa\AppData\Roaming\.#\MBX@AC0@1D029C0.### c:\users\isa\AppData\Roaming\.#\MBX@AC0@1D029F0.### c:\users\isa\AppData\Roaming\drivers\downld c:\users\isa\AppData\Roaming\drivers\downld\1002587.exe c:\users\isa\AppData\Roaming\drivers\downld\1006019.exe c:\users\isa\AppData\Roaming\drivers\downld\1006908.exe c:\users\isa\AppData\Roaming\drivers\downld\102180.exe c:\users\isa\AppData\Roaming\drivers\downld\102336.exe c:\users\isa\AppData\Roaming\drivers\downld\102976.exe c:\users\isa\AppData\Roaming\drivers\downld\103054.exe c:\users\isa\AppData\Roaming\drivers\downld\103787.exe c:\users\isa\AppData\Roaming\drivers\downld\103943.exe c:\users\isa\AppData\Roaming\drivers\downld\104083.exe c:\users\isa\AppData\Roaming\drivers\downld\105846.exe c:\users\isa\AppData\Roaming\drivers\downld\105862.exe c:\users\isa\AppData\Roaming\drivers\downld\106829.exe c:\users\isa\AppData\Roaming\drivers\downld\1106093.exe c:\users\isa\AppData\Roaming\drivers\downld\1106359.exe c:\users\isa\AppData\Roaming\drivers\downld\1106374.exe c:\users\isa\AppData\Roaming\drivers\downld\111696.exe c:\users\isa\AppData\Roaming\drivers\downld\112882.exe c:\users\isa\AppData\Roaming\drivers\downld\112991.exe c:\users\isa\AppData\Roaming\drivers\downld\113350.exe c:\users\isa\AppData\Roaming\drivers\downld\113833.exe c:\users\isa\AppData\Roaming\drivers\downld\1141880.exe c:\users\isa\AppData\Roaming\drivers\downld\1142488.exe c:\users\isa\AppData\Roaming\drivers\downld\1142504.exe c:\users\isa\AppData\Roaming\drivers\downld\1144704.exe c:\users\isa\AppData\Roaming\drivers\downld\1145359.exe c:\users\isa\AppData\Roaming\drivers\downld\114879.exe c:\users\isa\AppData\Roaming\drivers\downld\1153330.exe c:\users\isa\AppData\Roaming\drivers\downld\116267.exe c:\users\isa\AppData\Roaming\drivers\downld\116532.exe c:\users\isa\AppData\Roaming\drivers\downld\116751.exe c:\users\isa\AppData\Roaming\drivers\downld\1168790.exe c:\users\isa\AppData\Roaming\drivers\downld\1168868.exe c:\users\isa\AppData\Roaming\drivers\downld\117047.exe c:\users\isa\AppData\Roaming\drivers\downld\1171941.exe c:\users\isa\AppData\Roaming\drivers\downld\1177448.exe c:\users\isa\AppData\Roaming\drivers\downld\1178649.exe c:\users\isa\AppData\Roaming\drivers\downld\1179117.exe c:\users\isa\AppData\Roaming\drivers\downld\1182409.exe c:\users\isa\AppData\Roaming\drivers\downld\119605.exe c:\users\isa\AppData\Roaming\drivers\downld\120198.exe c:\users\isa\AppData\Roaming\drivers\downld\120307.exe c:\users\isa\AppData\Roaming\drivers\downld\120838.exe c:\users\isa\AppData\Roaming\drivers\downld\121134.exe c:\users\isa\AppData\Roaming\drivers\downld\121618.exe c:\users\isa\AppData\Roaming\drivers\downld\1217619.exe c:\users\isa\AppData\Roaming\drivers\downld\121914.exe c:\users\isa\AppData\Roaming\drivers\downld\1219709.exe c:\users\isa\AppData\Roaming\drivers\downld\121992.exe c:\users\isa\AppData\Roaming\drivers\downld\1223063.exe c:\users\isa\AppData\Roaming\drivers\downld\123022.exe c:\users\isa\AppData\Roaming\drivers\downld\123755.exe c:\users\isa\AppData\Roaming\drivers\downld\124317.exe c:\users\isa\AppData\Roaming\drivers\downld\125222.exe c:\users\isa\AppData\Roaming\drivers\downld\125908.exe c:\users\isa\AppData\Roaming\drivers\downld\126376.exe c:\users\isa\AppData\Roaming\drivers\downld\1269005.exe c:\users\isa\AppData\Roaming\drivers\downld\127016.exe c:\users\isa\AppData\Roaming\drivers\downld\127062.exe c:\users\isa\AppData\Roaming\drivers\downld\127203.exe c:\users\isa\AppData\Roaming\drivers\downld\1272437.exe c:\users\isa\AppData\Roaming\drivers\downld\1272936.exe c:\users\isa\AppData\Roaming\drivers\downld\127437.exe c:\users\isa\AppData\Roaming\drivers\downld\127515.exe c:\users\isa\AppData\Roaming\drivers\downld\127593.exe c:\users\isa\AppData\Roaming\drivers\downld\1278272.exe c:\users\isa\AppData\Roaming\drivers\downld\1280175.exe c:\users\isa\AppData\Roaming\drivers\downld\1280191.exe c:\users\isa\AppData\Roaming\drivers\downld\128030.exe c:\users\isa\AppData\Roaming\drivers\downld\128591.exe c:\users\isa\AppData\Roaming\drivers\downld\128716.exe c:\users\isa\AppData\Roaming\drivers\downld\129246.exe c:\users\isa\AppData\Roaming\drivers\downld\129621.exe c:\users\isa\AppData\Roaming\drivers\downld\129933.exe c:\users\isa\AppData\Roaming\drivers\downld\1301344.exe c:\users\isa\AppData\Roaming\drivers\downld\130853.exe c:\users\isa\AppData\Roaming\drivers\downld\1309909.exe c:\users\isa\AppData\Roaming\drivers\downld\1310439.exe c:\users\isa\AppData\Roaming\drivers\downld\131072.exe c:\users\isa\AppData\Roaming\drivers\downld\131087.exe c:\users\isa\AppData\Roaming\drivers\downld\131586.exe c:\users\isa\AppData\Roaming\drivers\downld\131883.exe c:\users\isa\AppData\Roaming\drivers\downld\132320.exe c:\users\isa\AppData\Roaming\drivers\downld\132569.exe c:\users\isa\AppData\Roaming\drivers\downld\132881.exe c:\users\isa\AppData\Roaming\drivers\downld\133068.exe c:\users\isa\AppData\Roaming\drivers\downld\133146.exe c:\users\isa\AppData\Roaming\drivers\downld\133614.exe c:\users\isa\AppData\Roaming\drivers\downld\134285.exe c:\users\isa\AppData\Roaming\drivers\downld\134769.exe c:\users\isa\AppData\Roaming\drivers\downld\135408.exe c:\users\isa\AppData\Roaming\drivers\downld\136407.exe c:\users\isa\AppData\Roaming\drivers\downld\136563.exe c:\users\isa\AppData\Roaming\drivers\downld\136750.exe c:\users\isa\AppData\Roaming\drivers\downld\137748.exe c:\users\isa\AppData\Roaming\drivers\downld\138154.exe c:\users\isa\AppData\Roaming\drivers\downld\138825.exe c:\users\isa\AppData\Roaming\drivers\downld\1409469.exe c:\users\isa\AppData\Roaming\drivers\downld\1411325.exe c:\users\isa\AppData\Roaming\drivers\downld\1411341.exe c:\users\isa\AppData\Roaming\drivers\downld\1414461.exe c:\users\isa\AppData\Roaming\drivers\downld\1415553.exe c:\users\isa\AppData\Roaming\drivers\downld\143411.exe c:\users\isa\AppData\Roaming\drivers\downld\144269.exe c:\users\isa\AppData\Roaming\drivers\downld\1450715.exe c:\users\isa\AppData\Roaming\drivers\downld\1452806.exe c:\users\isa\AppData\Roaming\drivers\downld\1453258.exe c:\users\isa\AppData\Roaming\drivers\downld\147264.exe c:\users\isa\AppData\Roaming\drivers\downld\14806554.exe c:\users\isa\AppData\Roaming\drivers\downld\14806585.exe c:\users\isa\AppData\Roaming\drivers\downld\148949.exe c:\users\isa\AppData\Roaming\drivers\downld\150119.exe c:\users\isa\AppData\Roaming\drivers\downld\150150.exe c:\users\isa\AppData\Roaming\drivers\downld\151258.exe c:\users\isa\AppData\Roaming\drivers\downld\153738.exe c:\users\isa\AppData\Roaming\drivers\downld\154144.exe c:\users\isa\AppData\Roaming\drivers\downld\154799.exe c:\users\isa\AppData\Roaming\drivers\downld\156157.exe c:\users\isa\AppData\Roaming\drivers\downld\156437.exe c:\users\isa\AppData\Roaming\drivers\downld\157405.exe c:\users\isa\AppData\Roaming\drivers\downld\157685.exe c:\users\isa\AppData\Roaming\drivers\downld\157717.exe c:\users\isa\AppData\Roaming\drivers\downld\1590851.exe c:\users\isa\AppData\Roaming\drivers\downld\159167.exe c:\users\isa\AppData\Roaming\drivers\downld\1598651.exe c:\users\isa\AppData\Roaming\drivers\downld\1609384.exe c:\users\isa\AppData\Roaming\drivers\downld\161383.exe c:\users\isa\AppData\Roaming\drivers\downld\161741.exe c:\users\isa\AppData\Roaming\drivers\downld\161757.exe c:\users\isa\AppData\Roaming\drivers\downld\1618837.exe c:\users\isa\AppData\Roaming\drivers\downld\1627168.exe c:\users\isa\AppData\Roaming\drivers\downld\163535.exe c:\users\isa\AppData\Roaming\drivers\downld\1636434.exe c:\users\isa\AppData\Roaming\drivers\downld\164175.exe c:\users\isa\AppData\Roaming\drivers\downld\16490569.exe c:\users\isa\AppData\Roaming\drivers\downld\16490631.exe c:\users\isa\AppData\Roaming\drivers\downld\16490647.exe c:\users\isa\AppData\Roaming\drivers\downld\16531769.exe c:\users\isa\AppData\Roaming\drivers\downld\16537275.exe c:\users\isa\AppData\Roaming\drivers\downld\16537962.exe c:\users\isa\AppData\Roaming\drivers\downld\16538976.exe c:\users\isa\AppData\Roaming\drivers\downld\16541020.exe c:\users\isa\AppData\Roaming\drivers\downld\16541472.exe c:\users\isa\AppData\Roaming\drivers\downld\165719.exe c:\users\isa\AppData\Roaming\drivers\downld\16585371.exe c:\users\isa\AppData\Roaming\drivers\downld\16600815.exe c:\users\isa\AppData\Roaming\drivers\downld\16615292.exe c:\users\isa\AppData\Roaming\drivers\downld\166156.exe c:\users\isa\AppData\Roaming\drivers\downld\1666667.exe c:\users\isa\AppData\Roaming\drivers\downld\1668259.exe c:\users\isa\AppData\Roaming\drivers\downld\1668274.exe c:\users\isa\AppData\Roaming\drivers\downld\167498.exe c:\users\isa\AppData\Roaming\drivers\downld\167872.exe c:\users\isa\AppData\Roaming\drivers\downld\168153.exe c:\users\isa\AppData\Roaming\drivers\downld\16856188.exe c:\users\isa\AppData\Roaming\drivers\downld\16856204.exe c:\users\isa\AppData\Roaming\drivers\downld\16871586.exe c:\users\isa\AppData\Roaming\drivers\downld\1692314.exe c:\users\isa\AppData\Roaming\drivers\downld\1693812.exe c:\users\isa\AppData\Roaming\drivers\downld\169385.exe c:\users\isa\AppData\Roaming\drivers\downld\1694592.exe c:\users\isa\AppData\Roaming\drivers\downld\1695668.exe c:\users\isa\AppData\Roaming\drivers\downld\169713.exe c:\users\isa\AppData\Roaming\drivers\downld\1697821.exe c:\users\isa\AppData\Roaming\drivers\downld\1698211.exe c:\users\isa\AppData\Roaming\drivers\downld\1721237.exe c:\users\isa\AppData\Roaming\drivers\downld\1723499.exe c:\users\isa\AppData\Roaming\drivers\downld\1724279.exe c:\users\isa\AppData\Roaming\drivers\downld\1724887.exe c:\users\isa\AppData\Roaming\drivers\downld\1726353.exe c:\users\isa\AppData\Roaming\drivers\downld\17288420.exe c:\users\isa\AppData\Roaming\drivers\downld\17288561.exe c:\users\isa\AppData\Roaming\drivers\downld\17288904.exe c:\users\isa\AppData\Roaming\drivers\downld\17305019.exe c:\users\isa\AppData\Roaming\drivers\downld\17305034.exe c:\users\isa\AppData\Roaming\drivers\downld\173831.exe c:\users\isa\AppData\Roaming\drivers\downld\174206.exe c:\users\isa\AppData\Roaming\drivers\downld\1742312.exe c:\users\isa\AppData\Roaming\drivers\downld\17508429.exe c:\users\isa\AppData\Roaming\drivers\downld\17516977.exe c:\users\isa\AppData\Roaming\drivers\downld\17517679.exe c:\users\isa\AppData\Roaming\drivers\downld\1755463.exe c:\users\isa\AppData\Roaming\drivers\downld\176203.exe c:\users\isa\AppData\Roaming\drivers\downld\176374.exe c:\users\isa\AppData\Roaming\drivers\downld\1764262.exe c:\users\isa\AppData\Roaming\drivers\downld\17732836.exe c:\users\isa\AppData\Roaming\drivers\downld\17747406.exe c:\users\isa\AppData\Roaming\drivers\downld\17757047.exe c:\users\isa\AppData\Roaming\drivers\downld\1780299.exe c:\users\isa\AppData\Roaming\drivers\downld\1781562.exe c:\users\isa\AppData\Roaming\drivers\downld\1781999.exe c:\users\isa\AppData\Roaming\drivers\downld\17836920.exe c:\users\isa\AppData\Roaming\drivers\downld\17836982.exe c:\users\isa\AppData\Roaming\drivers\downld\17837169.exe c:\users\isa\AppData\Roaming\drivers\downld\178964.exe c:\users\isa\AppData\Roaming\drivers\downld\179775.exe c:\users\isa\AppData\Roaming\drivers\downld\180149.exe c:\users\isa\AppData\Roaming\drivers\downld\180711.exe c:\users\isa\AppData\Roaming\drivers\downld\181304.exe c:\users\isa\AppData\Roaming\drivers\downld\18154522.exe c:\users\isa\AppData\Roaming\drivers\downld\18155474.exe c:\users\isa\AppData\Roaming\drivers\downld\18155755.exe c:\users\isa\AppData\Roaming\drivers\downld\181850.exe c:\users\isa\AppData\Roaming\drivers\downld\181865.exe c:\users\isa\AppData\Roaming\drivers\downld\183706.exe c:\users\isa\AppData\Roaming\drivers\downld\185173.exe c:\users\isa\AppData\Roaming\drivers\downld\185219.exe c:\users\isa\AppData\Roaming\drivers\downld\186093.exe c:\users\isa\AppData\Roaming\drivers\downld\186233.exe c:\users\isa\AppData\Roaming\drivers\downld\188823.exe c:\users\isa\AppData\Roaming\drivers\downld\1889546.exe c:\users\isa\AppData\Roaming\drivers\downld\1890451.exe c:\users\isa\AppData\Roaming\drivers\downld\1890466.exe c:\users\isa\AppData\Roaming\drivers\downld\191179.exe c:\users\isa\AppData\Roaming\drivers\downld\193722.exe c:\users\isa\AppData\Roaming\drivers\downld\193831.exe c:\users\isa\AppData\Roaming\drivers\downld\197434.exe c:\users\isa\AppData\Roaming\drivers\downld\1998263.exe c:\users\isa\AppData\Roaming\drivers\downld\1999215.exe c:\users\isa\AppData\Roaming\drivers\downld\1999230.exe c:\users\isa\AppData\Roaming\drivers\downld\2002366.exe c:\users\isa\AppData\Roaming\drivers\downld\2003676.exe c:\users\isa\AppData\Roaming\drivers\downld\2003692.exe c:\users\isa\AppData\Roaming\drivers\downld\2023598.exe c:\users\isa\AppData\Roaming\drivers\downld\2025969.exe c:\users\isa\AppData\Roaming\drivers\downld\2026421.exe c:\users\isa\AppData\Roaming\drivers\downld\2027170.exe c:\users\isa\AppData\Roaming\drivers\downld\2028590.exe c:\users\isa\AppData\Roaming\drivers\downld\2029151.exe c:\users\isa\AppData\Roaming\drivers\downld\205172.exe c:\users\isa\AppData\Roaming\drivers\downld\205375.exe c:\users\isa\AppData\Roaming\drivers\downld\205515.exe c:\users\isa\AppData\Roaming\drivers\downld\205999.exe c:\users\isa\AppData\Roaming\drivers\downld\206358.exe c:\users\isa\AppData\Roaming\drivers\downld\207028.exe c:\users\isa\AppData\Roaming\drivers\downld\2085499.exe c:\users\isa\AppData\Roaming\drivers\downld\208557.exe c:\users\isa\AppData\Roaming\drivers\downld\2087418.exe c:\users\isa\AppData\Roaming\drivers\downld\2087589.exe c:\users\isa\AppData\Roaming\drivers\downld\209166.exe c:\users\isa\AppData\Roaming\drivers\downld\209400.exe c:\users\isa\AppData\Roaming\drivers\downld\209634.exe c:\users\isa\AppData\Roaming\drivers\downld\211162.exe c:\users\isa\AppData\Roaming\drivers\downld\211178.exe c:\users\isa\AppData\Roaming\drivers\downld\211989.exe c:\users\isa\AppData\Roaming\drivers\downld\213112.exe c:\users\isa\AppData\Roaming\drivers\downld\216404.exe c:\users\isa\AppData\Roaming\drivers\downld\217278.exe c:\users\isa\AppData\Roaming\drivers\downld\217761.exe c:\users\isa\AppData\Roaming\drivers\downld\219493.exe c:\users\isa\AppData\Roaming\drivers\downld\219899.exe c:\users\isa\AppData\Roaming\drivers\downld\221802.exe c:\users\isa\AppData\Roaming\drivers\downld\225140.exe c:\users\isa\AppData\Roaming\drivers\downld\225343.exe c:\users\isa\AppData\Roaming\drivers\downld\225452.exe c:\users\isa\AppData\Roaming\drivers\downld\226622.exe c:\users\isa\AppData\Roaming\drivers\downld\228026.exe c:\users\isa\AppData\Roaming\drivers\downld\228479.exe c:\users\isa\AppData\Roaming\drivers\downld\242815.exe c:\users\isa\AppData\Roaming\drivers\downld\246606.exe c:\users\isa\AppData\Roaming\drivers\downld\248306.exe c:\users\isa\AppData\Roaming\drivers\downld\253844.exe c:\users\isa\AppData\Roaming\drivers\downld\254312.exe c:\users\isa\AppData\Roaming\drivers\downld\254359.exe c:\users\isa\AppData\Roaming\drivers\downld\256808.exe c:\users\isa\AppData\Roaming\drivers\downld\257464.exe c:\users\isa\AppData\Roaming\drivers\downld\257479.exe c:\users\isa\AppData\Roaming\drivers\downld\263220.exe c:\users\isa\AppData\Roaming\drivers\downld\263485.exe c:\users\isa\AppData\Roaming\drivers\downld\266948.exe c:\users\isa\AppData\Roaming\drivers\downld\267136.exe c:\users\isa\AppData\Roaming\drivers\downld\268352.exe c:\users\isa\AppData\Roaming\drivers\downld\268898.exe c:\users\isa\AppData\Roaming\drivers\downld\269881.exe c:\users\isa\AppData\Roaming\drivers\downld\270614.exe c:\users\isa\AppData\Roaming\drivers\downld\270926.exe c:\users\isa\AppData\Roaming\drivers\downld\271223.exe c:\users\isa\AppData\Roaming\drivers\downld\275216.exe c:\users\isa\AppData\Roaming\drivers\downld\296823.exe c:\users\isa\AppData\Roaming\drivers\downld\297353.exe c:\users\isa\AppData\Roaming\drivers\downld\297462.exe c:\users\isa\AppData\Roaming\drivers\downld\297805.exe c:\users\isa\AppData\Roaming\drivers\downld\303203.exe c:\users\isa\AppData\Roaming\drivers\downld\304389.exe c:\users\isa\AppData\Roaming\drivers\downld\304404.exe c:\users\isa\AppData\Roaming\drivers\downld\312407.exe c:\users\isa\AppData\Roaming\drivers\downld\314139.exe c:\users\isa\AppData\Roaming\drivers\downld\314544.exe c:\users\isa\AppData\Roaming\drivers\downld\316089.exe c:\users\isa\AppData\Roaming\drivers\downld\316510.exe c:\users\isa\AppData\Roaming\drivers\downld\316526.exe c:\users\isa\AppData\Roaming\drivers\downld\321674.exe c:\users\isa\AppData\Roaming\drivers\downld\322454.exe c:\users\isa\AppData\Roaming\drivers\downld\324903.exe c:\users\isa\AppData\Roaming\drivers\downld\32558469.exe c:\users\isa\AppData\Roaming\drivers\downld\32562026.exe c:\users\isa\AppData\Roaming\drivers\downld\32562041.exe c:\users\isa\AppData\Roaming\drivers\downld\325839.exe c:\users\isa\AppData\Roaming\drivers\downld\325854.exe c:\users\isa\AppData\Roaming\drivers\downld\32609668.exe c:\users\isa\AppData\Roaming\drivers\downld\32610698.exe c:\users\isa\AppData\Roaming\drivers\downld\32611447.exe c:\users\isa\AppData\Roaming\drivers\downld\32612352.exe c:\users\isa\AppData\Roaming\drivers\downld\32625815.exe c:\users\isa\AppData\Roaming\drivers\downld\32626205.exe c:\users\isa\AppData\Roaming\drivers\downld\32672849.exe c:\users\isa\AppData\Roaming\drivers\downld\32675813.exe c:\users\isa\AppData\Roaming\drivers\downld\32677451.exe c:\users\isa\AppData\Roaming\drivers\downld\328116.exe c:\users\isa\AppData\Roaming\drivers\downld\329146.exe c:\users\isa\AppData\Roaming\drivers\downld\329162.exe c:\users\isa\AppData\Roaming\drivers\downld\32941483.exe c:\users\isa\AppData\Roaming\drivers\downld\32941951.exe c:\users\isa\AppData\Roaming\drivers\downld\32941966.exe c:\users\isa\AppData\Roaming\drivers\downld\33147903.exe c:\users\isa\AppData\Roaming\drivers\downld\33160586.exe c:\users\isa\AppData\Roaming\drivers\downld\33160602.exe c:\users\isa\AppData\Roaming\drivers\downld\33174611.exe c:\users\isa\AppData\Roaming\drivers\downld\33177138.exe c:\users\isa\AppData\Roaming\drivers\downld\33177153.exe c:\users\isa\AppData\Roaming\drivers\downld\33244390.exe c:\users\isa\AppData\Roaming\drivers\downld\33246012.exe c:\users\isa\AppData\Roaming\drivers\downld\33246527.exe c:\users\isa\AppData\Roaming\drivers\downld\334076.exe c:\users\isa\AppData\Roaming\drivers\downld\33445959.exe c:\users\isa\AppData\Roaming\drivers\downld\33454788.exe c:\users\isa\AppData\Roaming\drivers\downld\33466442.exe c:\users\isa\AppData\Roaming\drivers\downld\33544801.exe c:\users\isa\AppData\Roaming\drivers\downld\33547671.exe c:\users\isa\AppData\Roaming\drivers\downld\33548108.exe c:\users\isa\AppData\Roaming\drivers\downld\33554192.exe c:\users\isa\AppData\Roaming\drivers\downld\33555222.exe c:\users\isa\AppData\Roaming\drivers\downld\33555237.exe c:\users\isa\AppData\Roaming\drivers\downld\338288.exe c:\users\isa\AppData\Roaming\drivers\downld\338303.exe c:\users\isa\AppData\Roaming\drivers\downld\339536.exe c:\users\isa\AppData\Roaming\drivers\downld\341002.exe c:\users\isa\AppData\Roaming\drivers\downld\341517.exe c:\users\isa\AppData\Roaming\drivers\downld\342796.exe c:\users\isa\AppData\Roaming\drivers\downld\343264.exe c:\users\isa\AppData\Roaming\drivers\downld\344029.exe c:\users\isa\AppData\Roaming\drivers\downld\360845.exe c:\users\isa\AppData\Roaming\drivers\downld\363232.exe c:\users\isa\AppData\Roaming\drivers\downld\363841.exe c:\users\isa\AppData\Roaming\drivers\downld\363965.exe c:\users\isa\AppData\Roaming\drivers\downld\364433.exe c:\users\isa\AppData\Roaming\drivers\downld\364449.exe c:\users\isa\AppData\Roaming\drivers\downld\366259.exe c:\users\isa\AppData\Roaming\drivers\downld\366992.exe c:\users\isa\AppData\Roaming\drivers\downld\367007.exe c:\users\isa\AppData\Roaming\drivers\downld\372904.exe c:\users\isa\AppData\Roaming\drivers\downld\374261.exe c:\users\isa\AppData\Roaming\drivers\downld\375525.exe c:\users\isa\AppData\Roaming\drivers\downld\376773.exe c:\users\isa\AppData\Roaming\drivers\downld\382686.exe c:\users\isa\AppData\Roaming\drivers\downld\382717.exe c:\users\isa\AppData\Roaming\drivers\downld\384043.exe c:\users\isa\AppData\Roaming\drivers\downld\386414.exe c:\users\isa\AppData\Roaming\drivers\downld\386976.exe c:\users\isa\AppData\Roaming\drivers\downld\389971.exe c:\users\isa\AppData\Roaming\drivers\downld\392326.exe c:\users\isa\AppData\Roaming\drivers\downld\392373.exe c:\users\isa\AppData\Roaming\drivers\downld\403746.exe c:\users\isa\AppData\Roaming\drivers\downld\403948.exe c:\users\isa\AppData\Roaming\drivers\downld\404338.exe c:\users\isa\AppData\Roaming\drivers\downld\404401.exe c:\users\isa\AppData\Roaming\drivers\downld\405680.exe c:\users\isa\AppData\Roaming\drivers\downld\405696.exe c:\users\isa\AppData\Roaming\drivers\downld\410703.exe c:\users\isa\AppData\Roaming\drivers\downld\412934.exe c:\users\isa\AppData\Roaming\drivers\downld\412965.exe c:\users\isa\AppData\Roaming\drivers\downld\413324.exe c:\users\isa\AppData\Roaming\drivers\downld\423807.exe c:\users\isa\AppData\Roaming\drivers\downld\425399.exe c:\users\isa\AppData\Roaming\drivers\downld\427785.exe c:\users\isa\AppData\Roaming\drivers\downld\43696535.exe c:\users\isa\AppData\Roaming\drivers\downld\43700201.exe c:\users\isa\AppData\Roaming\drivers\downld\43700232.exe c:\users\isa\AppData\Roaming\drivers\downld\43734193.exe c:\users\isa\AppData\Roaming\drivers\downld\43740246.exe c:\users\isa\AppData\Roaming\drivers\downld\43741635.exe c:\users\isa\AppData\Roaming\drivers\downld\43742836.exe c:\users\isa\AppData\Roaming\drivers\downld\43745207.exe c:\users\isa\AppData\Roaming\drivers\downld\43746330.exe c:\users\isa\AppData\Roaming\drivers\downld\43768904.exe c:\users\isa\AppData\Roaming\drivers\downld\43772710.exe c:\users\isa\AppData\Roaming\drivers\downld\43773786.exe c:\users\isa\AppData\Roaming\drivers\downld\448549.exe c:\users\isa\AppData\Roaming\drivers\downld\449407.exe c:\users\isa\AppData\Roaming\drivers\downld\449423.exe c:\users\isa\AppData\Roaming\drivers\downld\490779.exe c:\users\isa\AppData\Roaming\drivers\downld\491761.exe c:\users\isa\AppData\Roaming\drivers\downld\491808.exe c:\users\isa\AppData\Roaming\drivers\downld\494055.exe c:\users\isa\AppData\Roaming\drivers\downld\494975.exe c:\users\isa\AppData\Roaming\drivers\downld\494991.exe c:\users\isa\AppData\Roaming\drivers\downld\495084.exe c:\users\isa\AppData\Roaming\drivers\downld\496317.exe c:\users\isa\AppData\Roaming\drivers\downld\496332.exe c:\users\isa\AppData\Roaming\drivers\downld\505365.exe c:\users\isa\AppData\Roaming\drivers\downld\506816.exe c:\users\isa\AppData\Roaming\drivers\downld\506956.exe c:\users\isa\AppData\Roaming\drivers\downld\510154.exe c:\users\isa\AppData\Roaming\drivers\downld\511293.exe c:\users\isa\AppData\Roaming\drivers\downld\511308.exe c:\users\isa\AppData\Roaming\drivers\downld\515723.exe c:\users\isa\AppData\Roaming\drivers\downld\518999.exe c:\users\isa\AppData\Roaming\drivers\downld\519701.exe c:\users\isa\AppData\Roaming\drivers\downld\520606.exe c:\users\isa\AppData\Roaming\drivers\downld\522166.exe c:\users\isa\AppData\Roaming\drivers\downld\522884.exe c:\users\isa\AppData\Roaming\drivers\downld\528578.exe c:\users\isa\AppData\Roaming\drivers\downld\531651.exe c:\users\isa\AppData\Roaming\drivers\downld\532915.exe c:\users\isa\AppData\Roaming\drivers\downld\532977.exe c:\users\isa\AppData\Roaming\drivers\downld\533102.exe c:\users\isa\AppData\Roaming\drivers\downld\534506.exe c:\users\isa\AppData\Roaming\drivers\downld\534631.exe c:\users\isa\AppData\Roaming\drivers\downld\534787.exe c:\users\isa\AppData\Roaming\drivers\downld\535255.exe c:\users\isa\AppData\Roaming\drivers\downld\536128.exe c:\users\isa\AppData\Roaming\drivers\downld\537392.exe c:\users\isa\AppData\Roaming\drivers\downld\537985.exe c:\users\isa\AppData\Roaming\drivers\downld\538936.exe c:\users\isa\AppData\Roaming\drivers\downld\539092.exe c:\users\isa\AppData\Roaming\drivers\downld\54023.exe c:\users\isa\AppData\Roaming\drivers\downld\540325.exe c:\users\isa\AppData\Roaming\drivers\downld\540917.exe c:\users\isa\AppData\Roaming\drivers\downld\540933.exe c:\users\isa\AppData\Roaming\drivers\downld\542025.exe c:\users\isa\AppData\Roaming\drivers\downld\542446.exe c:\users\isa\AppData\Roaming\drivers\downld\542977.exe c:\users\isa\AppData\Roaming\drivers\downld\543835.exe c:\users\isa\AppData\Roaming\drivers\downld\543850.exe c:\users\isa\AppData\Roaming\drivers\downld\543866.exe c:\users\isa\AppData\Roaming\drivers\downld\543881.exe c:\users\isa\AppData\Roaming\drivers\downld\54506.exe c:\users\isa\AppData\Roaming\drivers\downld\546377.exe c:\users\isa\AppData\Roaming\drivers\downld\546409.exe c:\users\isa\AppData\Roaming\drivers\downld\546814.exe c:\users\isa\AppData\Roaming\drivers\downld\54693.exe c:\users\isa\AppData\Roaming\drivers\downld\547376.exe c:\users\isa\AppData\Roaming\drivers\downld\548000.exe c:\users\isa\AppData\Roaming\drivers\downld\549014.exe c:\users\isa\AppData\Roaming\drivers\downld\549029.exe c:\users\isa\AppData\Roaming\drivers\downld\550652.exe c:\users\isa\AppData\Roaming\drivers\downld\550667.exe c:\users\isa\AppData\Roaming\drivers\downld\553444.exe c:\users\isa\AppData\Roaming\drivers\downld\555223.exe c:\users\isa\AppData\Roaming\drivers\downld\555285.exe c:\users\isa\AppData\Roaming\drivers\downld\55770.exe c:\users\isa\AppData\Roaming\drivers\downld\558592.exe c:\users\isa\AppData\Roaming\drivers\downld\56004.exe c:\users\isa\AppData\Roaming\drivers\downld\560620.exe c:\users\isa\AppData\Roaming\drivers\downld\560636.exe c:\users\isa\AppData\Roaming\drivers\downld\561509.exe c:\users\isa\AppData\Roaming\drivers\downld\567313.exe c:\users\isa\AppData\Roaming\drivers\downld\567921.exe c:\users\isa\AppData\Roaming\drivers\downld\568888.exe c:\users\isa\AppData\Roaming\drivers\downld\569481.exe c:\users\isa\AppData\Roaming\drivers\downld\570308.exe c:\users\isa\AppData\Roaming\drivers\downld\571260.exe c:\users\isa\AppData\Roaming\drivers\downld\571384.exe c:\users\isa\AppData\Roaming\drivers\downld\573085.exe c:\users\isa\AppData\Roaming\drivers\downld\574192.exe c:\users\isa\AppData\Roaming\drivers\downld\576345.exe c:\users\isa\AppData\Roaming\drivers\downld\577094.exe c:\users\isa\AppData\Roaming\drivers\downld\577874.exe c:\users\isa\AppData\Roaming\drivers\downld\578982.exe c:\users\isa\AppData\Roaming\drivers\downld\579044.exe c:\users\isa\AppData\Roaming\drivers\downld\579434.exe c:\users\isa\AppData\Roaming\drivers\downld\58016.exe c:\users\isa\AppData\Roaming\drivers\downld\581883.exe c:\users\isa\AppData\Roaming\drivers\downld\58203.exe c:\users\isa\AppData\Roaming\drivers\downld\582694.exe c:\users\isa\AppData\Roaming\drivers\downld\583818.exe c:\users\isa\AppData\Roaming\drivers\downld\58484.exe c:\users\isa\AppData\Roaming\drivers\downld\585378.exe c:\users\isa\AppData\Roaming\drivers\downld\585674.exe c:\users\isa\AppData\Roaming\drivers\downld\58578.exe c:\users\isa\AppData\Roaming\drivers\downld\585861.exe c:\users\isa\AppData\Roaming\drivers\downld\588669.exe c:\users\isa\AppData\Roaming\drivers\downld\588934.exe c:\users\isa\AppData\Roaming\drivers\downld\589153.exe c:\users\isa\AppData\Roaming\drivers\downld\58983.exe c:\users\isa\AppData\Roaming\drivers\downld\591477.exe c:\users\isa\AppData\Roaming\drivers\downld\592320.exe c:\users\isa\AppData\Roaming\drivers\downld\593069.exe c:\users\isa\AppData\Roaming\drivers\downld\593630.exe c:\users\isa\AppData\Roaming\drivers\downld\594379.exe c:\users\isa\AppData\Roaming\drivers\downld\595019.exe c:\users\isa\AppData\Roaming\drivers\downld\60294.exe c:\users\isa\AppData\Roaming\drivers\downld\603271.exe c:\users\isa\AppData\Roaming\drivers\downld\60403.exe c:\users\isa\AppData\Roaming\drivers\downld\60465.exe c:\users\isa\AppData\Roaming\drivers\downld\60855.exe c:\users\isa\AppData\Roaming\drivers\downld\610572.exe c:\users\isa\AppData\Roaming\drivers\downld\61089.exe c:\users\isa\AppData\Roaming\drivers\downld\61230.exe c:\users\isa\AppData\Roaming\drivers\downld\614144.exe c:\users\isa\AppData\Roaming\drivers\downld\614862.exe c:\users\isa\AppData\Roaming\drivers\downld\616235.exe c:\users\isa\AppData\Roaming\drivers\downld\61776.exe c:\users\isa\AppData\Roaming\drivers\downld\61791.exe c:\users\isa\AppData\Roaming\drivers\downld\618481.exe c:\users\isa\AppData\Roaming\drivers\downld\61979.exe c:\users\isa\AppData\Roaming\drivers\downld\619994.exe c:\users\isa\AppData\Roaming\drivers\downld\62025.exe c:\users\isa\AppData\Roaming\drivers\downld\621180.exe c:\users\isa\AppData\Roaming\drivers\downld\622038.exe c:\users\isa\AppData\Roaming\drivers\downld\622147.exe c:\users\isa\AppData\Roaming\drivers\downld\62322.exe c:\users\isa\AppData\Roaming\drivers\downld\62431.exe c:\users\isa\AppData\Roaming\drivers\downld\62447.exe c:\users\isa\AppData\Roaming\drivers\downld\62462.exe c:\users\isa\AppData\Roaming\drivers\downld\625688.exe c:\users\isa\AppData\Roaming\drivers\downld\626312.exe c:\users\isa\AppData\Roaming\drivers\downld\626328.exe c:\users\isa\AppData\Roaming\drivers\downld\62650.exe c:\users\isa\AppData\Roaming\drivers\downld\62665.exe c:\users\isa\AppData\Roaming\drivers\downld\629510.exe c:\users\isa\AppData\Roaming\drivers\downld\630977.exe c:\users\isa\AppData\Roaming\drivers\downld\632459.exe c:\users\isa\AppData\Roaming\drivers\downld\639354.exe c:\users\isa\AppData\Roaming\drivers\downld\640742.exe c:\users\isa\AppData\Roaming\drivers\downld\642583.exe c:\users\isa\AppData\Roaming\drivers\downld\64522.exe c:\users\isa\AppData\Roaming\drivers\downld\646795.exe c:\users\isa\AppData\Roaming\drivers\downld\648839.exe c:\users\isa\AppData\Roaming\drivers\downld\64943.exe c:\users\isa\AppData\Roaming\drivers\downld\65036.exe c:\users\isa\AppData\Roaming\drivers\downld\650539.exe c:\users\isa\AppData\Roaming\drivers\downld\652427.exe c:\users\isa\AppData\Roaming\drivers\downld\654611.exe c:\users\isa\AppData\Roaming\drivers\downld\65520.exe c:\users\isa\AppData\Roaming\drivers\downld\656857.exe c:\users\isa\AppData\Roaming\drivers\downld\66487.exe c:\users\isa\AppData\Roaming\drivers\downld\664985.exe c:\users\isa\AppData\Roaming\drivers\downld\666529.exe c:\users\isa\AppData\Roaming\drivers\downld\669712.exe c:\users\isa\AppData\Roaming\drivers\downld\67766.exe c:\users\isa\AppData\Roaming\drivers\downld\67782.exe c:\users\isa\AppData\Roaming\drivers\downld\682956.exe c:\users\isa\AppData\Roaming\drivers\downld\686248.exe c:\users\isa\AppData\Roaming\drivers\downld\687122.exe c:\users\isa\AppData\Roaming\drivers\downld\68765.exe c:\users\isa\AppData\Roaming\drivers\downld\687824.exe c:\users\isa\AppData\Roaming\drivers\downld\688136.exe c:\users\isa\AppData\Roaming\drivers\downld\688619.exe c:\users\isa\AppData\Roaming\drivers\downld\688635.exe c:\users\isa\AppData\Roaming\drivers\downld\689321.exe c:\users\isa\AppData\Roaming\drivers\downld\691240.exe c:\users\isa\AppData\Roaming\drivers\downld\691490.exe c:\users\isa\AppData\Roaming\drivers\downld\692129.exe c:\users\isa\AppData\Roaming\drivers\downld\693986.exe c:\users\isa\AppData\Roaming\drivers\downld\695202.exe c:\users\isa\AppData\Roaming\drivers\downld\695218.exe c:\users\isa\AppData\Roaming\drivers\downld\695936.exe c:\users\isa\AppData\Roaming\drivers\downld\696856.exe c:\users\isa\AppData\Roaming\drivers\downld\696872.exe c:\users\isa\AppData\Roaming\drivers\downld\69935.exe c:\users\isa\AppData\Roaming\drivers\downld\70153.exe c:\users\isa\AppData\Roaming\drivers\downld\70511032.exe c:\users\isa\AppData\Roaming\drivers\downld\70512139.exe c:\users\isa\AppData\Roaming\drivers\downld\70512171.exe c:\users\isa\AppData\Roaming\drivers\downld\70534182.exe c:\users\isa\AppData\Roaming\drivers\downld\70536600.exe c:\users\isa\AppData\Roaming\drivers\downld\70537677.exe c:\users\isa\AppData\Roaming\drivers\downld\70538769.exe c:\users\isa\AppData\Roaming\drivers\downld\70540984.exe c:\users\isa\AppData\Roaming\drivers\downld\70541358.exe c:\users\isa\AppData\Roaming\drivers\downld\70586739.exe c:\users\isa\AppData\Roaming\drivers\downld\70593416.exe c:\users\isa\AppData\Roaming\drivers\downld\70595818.exe c:\users\isa\AppData\Roaming\drivers\downld\706606.exe c:\users\isa\AppData\Roaming\drivers\downld\70727561.exe c:\users\isa\AppData\Roaming\drivers\downld\70730198.exe c:\users\isa\AppData\Roaming\drivers\downld\70730213.exe c:\users\isa\AppData\Roaming\drivers\downld\70762.exe c:\users\isa\AppData\Roaming\drivers\downld\70777.exe c:\users\isa\AppData\Roaming\drivers\downld\70839227.exe c:\users\isa\AppData\Roaming\drivers\downld\70842768.exe c:\users\isa\AppData\Roaming\drivers\downld\70842784.exe c:\users\isa\AppData\Roaming\drivers\downld\70848992.exe c:\users\isa\AppData\Roaming\drivers\downld\70851130.exe c:\users\isa\AppData\Roaming\drivers\downld\70884732.exe c:\users\isa\AppData\Roaming\drivers\downld\70887431.exe c:\users\isa\AppData\Roaming\drivers\downld\70887899.exe c:\users\isa\AppData\Roaming\drivers\downld\70956461.exe c:\users\isa\AppData\Roaming\drivers\downld\70962358.exe c:\users\isa\AppData\Roaming\drivers\downld\70965572.exe c:\users\isa\AppData\Roaming\drivers\downld\709913.exe c:\users\isa\AppData\Roaming\drivers\downld\71022325.exe c:\users\isa\AppData\Roaming\drivers\downld\71025929.exe c:\users\isa\AppData\Roaming\drivers\downld\71026350.exe c:\users\isa\AppData\Roaming\drivers\downld\71032060.exe c:\users\isa\AppData\Roaming\drivers\downld\71033635.exe c:\users\isa\AppData\Roaming\drivers\downld\71033651.exe c:\users\isa\AppData\Roaming\drivers\downld\710381.exe c:\users\isa\AppData\Roaming\drivers\downld\71120.exe c:\users\isa\AppData\Roaming\drivers\downld\71144536.exe c:\users\isa\AppData\Roaming\drivers\downld\71150496.exe c:\users\isa\AppData\Roaming\drivers\downld\715077.exe c:\users\isa\AppData\Roaming\drivers\downld\71588.exe c:\users\isa\AppData\Roaming\drivers\downld\716231.exe c:\users\isa\AppData\Roaming\drivers\downld\716247.exe c:\users\isa\AppData\Roaming\drivers\downld\71698.exe c:\users\isa\AppData\Roaming\drivers\downld\71729.exe c:\users\isa\AppData\Roaming\drivers\downld\731473.exe c:\users\isa\AppData\Roaming\drivers\downld\737011.exe c:\users\isa\AppData\Roaming\drivers\downld\73788.exe c:\users\isa\AppData\Roaming\drivers\downld\738165.exe c:\users\isa\AppData\Roaming\drivers\downld\741581.exe c:\users\isa\AppData\Roaming\drivers\downld\742408.exe c:\users\isa\AppData\Roaming\drivers\downld\742798.exe c:\users\isa\AppData\Roaming\drivers\downld\742814.exe c:\users\isa\AppData\Roaming\drivers\downld\743812.exe c:\users\isa\AppData\Roaming\drivers\downld\743828.exe c:\users\isa\AppData\Roaming\drivers\downld\74740.exe c:\users\isa\AppData\Roaming\drivers\downld\74755.exe c:\users\isa\AppData\Roaming\drivers\downld\749865.exe c:\users\isa\AppData\Roaming\drivers\downld\75005.exe c:\users\isa\AppData\Roaming\drivers\downld\75020.exe c:\users\isa\AppData\Roaming\drivers\downld\751129.exe c:\users\isa\AppData\Roaming\drivers\downld\751222.exe c:\users\isa\AppData\Roaming\drivers\downld\76955.exe c:\users\isa\AppData\Roaming\drivers\downld\76970.exe c:\users\isa\AppData\Roaming\drivers\downld\77672.exe c:\users\isa\AppData\Roaming\drivers\downld\77688.exe c:\users\isa\AppData\Roaming\drivers\downld\79030.exe c:\users\isa\AppData\Roaming\drivers\downld\79123.exe c:\users\isa\AppData\Roaming\drivers\downld\824434.exe c:\users\isa\AppData\Roaming\drivers\downld\824465.exe c:\users\isa\AppData\Roaming\drivers\downld\826727.exe c:\users\isa\AppData\Roaming\drivers\downld\826742.exe c:\users\isa\AppData\Roaming\drivers\downld\827273.exe c:\users\isa\AppData\Roaming\drivers\downld\827959.exe c:\users\isa\AppData\Roaming\drivers\downld\82883.exe c:\users\isa\AppData\Roaming\drivers\downld\82914.exe c:\users\isa\AppData\Roaming\drivers\downld\82930.exe c:\users\isa\AppData\Roaming\drivers\downld\834995.exe c:\users\isa\AppData\Roaming\drivers\downld\837070.exe c:\users\isa\AppData\Roaming\drivers\downld\837366.exe c:\users\isa\AppData\Roaming\drivers\downld\841687.exe c:\users\isa\AppData\Roaming\drivers\downld\860236.exe c:\users\isa\AppData\Roaming\drivers\downld\862701.exe c:\users\isa\AppData\Roaming\drivers\downld\863137.exe c:\users\isa\AppData\Roaming\drivers\downld\86362.exe c:\users\isa\AppData\Roaming\drivers\downld\87719.exe c:\users\isa\AppData\Roaming\drivers\downld\87750.exe c:\users\isa\AppData\Roaming\drivers\downld\893760.exe c:\users\isa\AppData\Roaming\drivers\downld\893901.exe c:\users\isa\AppData\Roaming\drivers\downld\89466.exe c:\users\isa\AppData\Roaming\drivers\downld\895617.exe c:\users\isa\AppData\Roaming\drivers\downld\895710.exe c:\users\isa\AppData\Roaming\drivers\downld\900593.exe c:\users\isa\AppData\Roaming\drivers\downld\901389.exe c:\users\isa\AppData\Roaming\drivers\downld\902106.exe c:\users\isa\AppData\Roaming\drivers\downld\90277.exe c:\users\isa\AppData\Roaming\drivers\downld\903214.exe c:\users\isa\AppData\Roaming\drivers\downld\903807.exe c:\users\isa\AppData\Roaming\drivers\downld\90886.exe c:\users\isa\AppData\Roaming\drivers\downld\91868.exe c:\users\isa\AppData\Roaming\drivers\downld\92992.exe c:\users\isa\AppData\Roaming\drivers\downld\93413.exe c:\users\isa\AppData\Roaming\drivers\downld\98530.exe c:\users\isa\AppData\Roaming\drivers\downld\988703.exe c:\users\isa\AppData\Roaming\drivers\downld\989670.exe c:\users\isa\AppData\Roaming\drivers\downld\990450.exe c:\users\isa\AppData\Roaming\drivers\downld\991511.exe c:\users\isa\AppData\Roaming\drivers\downld\992587.exe c:\users\isa\AppData\Roaming\drivers\downld\992993.exe c:\users\isa\AppData\Roaming\drivers\downld\99715.exe c:\users\isa\AppData\Roaming\drivers\srosa2.sys c:\users\isa\AppData\Roaming\drivers\wfsintwq.sys c:\users\isa\AppData\Roaming\drivers\winupgro.exe c:\users\isa\AppData\Roaming\hidires c:\users\isa\AppData\Roaming\hidires\flec003.exe c:\users\isa\AppData\Roaming\hidires\names.txt c:\users\isa\AppData\Roaming\m c:\users\isa\AppData\Roaming\m\data.oct c:\users\isa\AppData\Roaming\m\flec006.exe c:\users\isa\AppData\Roaming\m\list.oct c:\users\isa\AppData\Roaming\m\shared\1ClickZoom.zip c:\users\isa\AppData\Roaming\m\shared\A+ File Protection 2.6.zip c:\users\isa\AppData\Roaming\m\shared\Advanced Net Monitor for Classroom Professional 2.5.4.zip c:\users\isa\AppData\Roaming\m\shared\AllStar Video to iPod Converter 3.50.zip c:\users\isa\AppData\Roaming\m\shared\ar-CVevaluation 4.2.zip c:\users\isa\AppData\Roaming\m\shared\Argentum MyFiles 2.5.zip c:\users\isa\AppData\Roaming\m\shared\Art of War Screen Saver 1.0.zip c:\users\isa\AppData\Roaming\m\shared\ASPNetVideo 2.0.zip c:\users\isa\AppData\Roaming\m\shared\Ateksoft WebCamera Plus 2.0.zip c:\users\isa\AppData\Roaming\m\shared\ATN Night Vision Monoculars Screensaver 1.0.zip c:\users\isa\AppData\Roaming\m\shared\AudioSpect 0.95.zip c:\users\isa\AppData\Roaming\m\shared\AviScript 2.9.zip c:\users\isa\AppData\Roaming\m\shared\Backup Password Recovery Key 8.0 build 2514 Key.zip c:\users\isa\AppData\Roaming\m\shared\BioniX Wallpaper 5.7.77.zip c:\users\isa\AppData\Roaming\m\shared\Bitdefender.Internet.Security.v10.by.dark [email protected] c:\users\isa\AppData\Roaming\m\shared\BugMeNot 2.0.zip c:\users\isa\AppData\Roaming\m\shared\CD Sequencer 1.0.zip c:\users\isa\AppData\Roaming\m\shared\Celframe Office Pro 4.15.000.zip c:\users\isa\AppData\Roaming\m\shared\Chicken Invaders 1.3.zip c:\users\isa\AppData\Roaming\m\shared\Christmas Tree Screensaver 1.06.zip c:\users\isa\AppData\Roaming\m\shared\Classical Radio 1.0.zip c:\users\isa\AppData\Roaming\m\shared\Clever Internet Suite 6.2 [Key+Serial].zip c:\users\isa\AppData\Roaming\m\shared\Clockmaker Icon Generator 1.1.1.zip c:\users\isa\AppData\Roaming\m\shared\Color Syntax 1.0.0.47.zip c:\users\isa\AppData\Roaming\m\shared\Comic Collector Professional 6.0.zip c:\users\isa\AppData\Roaming\m\shared\Conversational Spanish 1.0.zip c:\users\isa\AppData\Roaming\m\shared\Cool MMS Template Builder Personal 1.01.zip c:\users\isa\AppData\Roaming\m\shared\Country Music's Sugarland Firefox Theme 1.1.1.zip c:\users\isa\AppData\Roaming\m\shared\DataDrafter Personal Edition 1.3.zip c:\users\isa\AppData\Roaming\m\shared\DataKeeper 1.09.zip c:\users\isa\AppData\Roaming\m\shared\DaToInfo 2.0 (With Crack).zip c:\users\isa\AppData\Roaming\m\shared\Desktop Authority Express 6.60.zip c:\users\isa\AppData\Roaming\m\shared\Desktop iCalendar 1.2.6.zip c:\users\isa\AppData\Roaming\m\shared\DeviceLock Me 1.42 (Crack).zip c:\users\isa\AppData\Roaming\m\shared\Dictionary Gadget 1.0.0.0.zip c:\users\isa\AppData\Roaming\m\shared\Directory Compare 2.zip c:\users\isa\AppData\Roaming\m\shared\Disk and Registry Alert 2.39 (KeyGen).zip c:\users\isa\AppData\Roaming\m\shared\DriveVar 1.0.zip c:\users\isa\AppData\Roaming\m\shared\DTaskManager 1.50.zip c:\users\isa\AppData\Roaming\m\shared\DVD Creator 2.0 KeyGen.zip c:\users\isa\AppData\Roaming\m\shared\DvdReMake 3.2.2 KeyGen.zip c:\users\isa\AppData\Roaming\m\shared\Dynamic Copyright It! 1.0.zip c:\users\isa\AppData\Roaming\m\shared\E20-540 Practice Exam Testing Engine Software 1.0 Key.zip c:\users\isa\AppData\Roaming\m\shared\East Asia Satellite 0.1.zip c:\users\isa\AppData\Roaming\m\shared\Easy Ringtone Maker 2.0.4.zip c:\users\isa\AppData\Roaming\m\shared\ePlum GetPictures 2.1.zip c:\users\isa\AppData\Roaming\m\shared\Equivalent Script 1.1 [Patch].zip c:\users\isa\AppData\Roaming\m\shared\eScan Virus Control Edition 9.0.722.1.zip c:\users\isa\AppData\Roaming\m\shared\Evonergy Ezy Retouch 1.1.9.zip c:\users\isa\AppData\Roaming\m\shared\Exchange System Manager for Windows Vista 1.0.zip c:\users\isa\AppData\Roaming\m\shared\EXE Password Lock 1.01 (Crack).zip c:\users\isa\AppData\Roaming\m\shared\ExpertGPS 2.3.4 Beta 7.zip c:\users\isa\AppData\Roaming\m\shared\FeedWrite 2.zip c:\users\isa\AppData\Roaming\m\shared\Flash2AVI Professional 1.0.0.zip c:\users\isa\AppData\Roaming\m\shared\FlexiMIS 1.0 (KeyGen).zip c:\users\isa\AppData\Roaming\m\shared\Global Search and Reservations of Hotels 2.0.zip c:\users\isa\AppData\Roaming\m\shared\HandWallet 4.09.zip c:\users\isa\AppData\Roaming\m\shared\HSLAB Print Logger EE 5.1.35.584.zip c:\users\isa\AppData\Roaming\m\shared\iLead DVD to PSP Converter 3.5.3.zip c:\users\isa\AppData\Roaming\m\shared\Invoice Organizer Deluxe 2.8 (Serial).zip c:\users\isa\AppData\Roaming\m\shared\Ipod eBook Maker 1.6 (KeyGen).zip c:\users\isa\AppData\Roaming\m\shared\iPodifier 1.504.zip c:\users\isa\AppData\Roaming\m\shared\It's Just What I did Blog 0.1.zip c:\users\isa\AppData\Roaming\m\shared\Jungle Stalker WP 1.00.zip c:\users\isa\AppData\Roaming\m\shared\Kaspersky Antivirus Personal Pro 5.0.20 KEYGEN.zip c:\users\isa\AppData\Roaming\m\shared\Kav.Kis.Kaspersky.Antivirus.And.Internet.Security.Cracked.Until.2017.zip c:\users\isa\AppData\Roaming\m\shared\Largest Files Finder 1.0.zip c:\users\isa\AppData\Roaming\m\shared\Law Firm Management ToolKit 1.0.zip c:\users\isa\AppData\Roaming\m\shared\LingvoSoft Dictionary 2006 German Spanish 3.1.41.zip c:\users\isa\AppData\Roaming\m\shared\LingvoSoft Talking Picture Dictionary 2008 Italian - Arabic 1.2.26.zip c:\users\isa\AppData\Roaming\m\shared\Log Monitor 0.2.zip c:\users\isa\AppData\Roaming\m\shared\MB Free Capricorn Astrology 1.60.zip c:\users\isa\AppData\Roaming\m\shared\MB Free Inner Dreams Number 1.55.zip c:\users\isa\AppData\Roaming\m\shared\McAfee.AntiSpyware.Enterprise.v8.5sa.patch.crack.multiLanguage.with.serial. by.ParadoX.zip c:\users\isa\AppData\Roaming\m\shared\Memorize Website Downloader 1.01.zip c:\users\isa\AppData\Roaming\m\shared\Movienizer 1.8 Build 50.zip c:\users\isa\AppData\Roaming\m\shared\MSN content crazy show 5.2.2.zip c:\users\isa\AppData\Roaming\m\shared\Music Express 4.26.zip c:\users\isa\AppData\Roaming\m\shared\Net Monitor for Employees 2.8.7 (With Crack).zip c:\users\isa\AppData\Roaming\m\shared\Offline Site Map Generator 2.3.1.2.zip c:\users\isa\AppData\Roaming\m\shared\On This Date In History Podcast Feed Widget 1.0.zip c:\users\isa\AppData\Roaming\m\shared\onealarm.Y.Avast.zip c:\users\isa\AppData\Roaming\m\shared\Oront Burning Kit 2 Basic 2.5.zip c:\users\isa\AppData\Roaming\m\shared\PC Audio Converter 1.3.zip c:\users\isa\AppData\Roaming\m\shared\Peaks Screensaver 1.0.zip c:\users\isa\AppData\Roaming\m\shared\Peti 1.0.zip c:\users\isa\AppData\Roaming\m\shared\PhotoZoom Professional 1.2.6.zip c:\users\isa\AppData\Roaming\m\shared\Php Charts 1.4.1.zip c:\users\isa\AppData\Roaming\m\shared\Privacy Inspector 2.00.zip c:\users\isa\AppData\Roaming\m\shared\Protara Standard Edition 1.zip c:\users\isa\AppData\Roaming\m\shared\PW Bulk Rename 1.0.zip c:\users\isa\AppData\Roaming\m\shared\Quick Launch Shortcut 2.0 Patch.zip c:\users\isa\AppData\Roaming\m\shared\RDF Viewer 1.3.zip c:\users\isa\AppData\Roaming\m\shared\rebuilt.Kaspersky.antivirus.v6.0.Personal.keys.2007.(todo.espaÃ±ol-spanish).zip c:\users\isa\AppData\Roaming\m\shared\Remote Explorer 01.930.zip c:\users\isa\AppData\Roaming\m\shared\REN 1.0.zip c:\users\isa\AppData\Roaming\m\shared\ScheduLAN 5.9.zip c:\users\isa\AppData\Roaming\m\shared\Secret Garden 1.0.zip c:\users\isa\AppData\Roaming\m\shared\SF-BusinessCard 2.00 [Patch].zip c:\users\isa\AppData\Roaming\m\shared\Silent hill mobile.zip c:\users\isa\AppData\Roaming\m\shared\SimonView Standard 2.2.0.4.zip c:\users\isa\AppData\Roaming\m\shared\Sine + Cosine Oscillator 1881.zip c:\users\isa\AppData\Roaming\m\shared\SizeExplorer Pro 3.8.5.zip c:\users\isa\AppData\Roaming\m\shared\SOASYNC 1.0.0 Build 20080407.zip c:\users\isa\AppData\Roaming\m\shared\SoftAmbulance Wiperaser 1.13.zip c:\users\isa\AppData\Roaming\m\shared\SpywareKill 2.5.2117.zip c:\users\isa\AppData\Roaming\m\shared\SQLH2 2.027.zip c:\users\isa\AppData\Roaming\m\shared\StatFi 2007 4.8.6.0.zip c:\users\isa\AppData\Roaming\m\shared\Steganography 1.8.1228 Key+Serial.zip c:\users\isa\AppData\Roaming\m\shared\Storm Over The Capital Screensaver 1.0.zip c:\users\isa\AppData\Roaming\m\shared\SuDoku Tutor 3i.zip c:\users\isa\AppData\Roaming\m\shared\SureInvoice 4.0.zip c:\users\isa\AppData\Roaming\m\shared\Swiss Alps Screensaver 1.00.zip c:\users\isa\AppData\Roaming\m\shared\TabClock 1.2.zip c:\users\isa\AppData\Roaming\m\shared\Taskbar Repair Tool Plus! 1.1.1.zip c:\users\isa\AppData\Roaming\m\shared\Terracide demo 0.94.zip c:\users\isa\AppData\Roaming\m\shared\The Mop 4.40 Beta 2 Cracked.zip c:\users\isa\AppData\Roaming\m\shared\Tropical Splendor 1.0.zip c:\users\isa\AppData\Roaming\m\shared\Type O'Key 1.0 [With Crack].zip c:\users\isa\AppData\Roaming\m\shared\Visual Button Ex 1.20.zip c:\users\isa\AppData\Roaming\m\shared\WazTree II 0.168.zip c:\users\isa\AppData\Roaming\m\shared\Wedding Tip of the Day and Countdown 1.0.zip c:\users\isa\AppData\Roaming\m\shared\XBasic 6.23.zip c:\users\isa\AppData\Roaming\m\shared\Yanoff Minus 3.1.zip c:\users\isa\AppData\Roaming\m\shared\YouTube FLV to AVI Easy Converter 2.1.3 (Key).zip c:\users\isa\AppData\Roaming\m\shared\YouTube Video Player 1.0.2.zip c:\users\isa\AppData\Roaming\m\shared\Zodiac Clock 3D Screensaver 1.0.zip c:\users\isa\AppData\Roaming\m\srvlist.oct c:\windows\system32\mdelk.exe c:\windows\system32\wintems.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SK9OU0S -------\Legacy_SROSA -------\Service_sK9Ou0s -------\Service_srosa ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-04 au 2009-03-04 )))))))))))))))))))))))))))))))))))) . 2009-03-04 21:48 . 2009-03-04 22:48 <REP> d-------- C:\ToolBar SD 2009-03-04 20:46 . 2009-03-04 20:46 <REP> d-------- c:\program files\yes 2009-03-04 20:16 . 2009-03-04 20:18 <REP> d-------- c:\program files\scanhijt 2009-03-04 20:05 . 2009-03-04 20:07 <REP> d-------- c:\program files\karcher 2009-03-02 22:17 . 2009-03-02 22:17 <REP> d-------- c:\users\All Users\WindowsSearch 2009-03-02 22:17 . 2009-03-02 22:17 <REP> d-------- c:\programdata\WindowsSearch 2009-03-01 19:16 . 2009-03-01 19:42 <REP> d-------- c:\users\All Users\avg8 2009-03-01 19:16 . 2009-03-01 19:42 <REP> d-------- c:\programdata\avg8 2009-03-01 17:42 . 2009-03-01 17:42 <REP> d-------- c:\program files\CCleaner 2009-03-01 17:23 . 2009-03-04 23:40 <REP> d--h----- c:\users\isa\AppData\Roaming\drivers 2009-03-01 13:22 . 2009-03-01 13:57 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy 2009-03-01 13:22 . 2009-03-01 13:57 <REP> d-------- c:\programdata\Spybot - Search & Destroy 2009-03-01 13:22 . 2009-03-01 13:22 <REP> d-------- c:\program files\Spybot - Search & Destroy 2009-03-01 12:23 . 2009-03-01 12:23 <REP> d-------- c:\users\isa\AppData\Roaming\FloodLightGames 2009-03-01 12:19 . 2009-03-01 12:19 <REP> d-------- c:\users\isa\AppData\Roaming\eSobi 2009-02-28 18:27 . 2009-02-28 18:27 <REP> d-------- c:\users\isa\AppData\Roaming\Flood Light Games 2009-02-28 18:27 . 2009-02-28 18:27 <REP> d-------- c:\users\All Users\Flood Light Games 2009-02-28 18:27 . 2009-02-28 18:27 <REP> d-------- c:\programdata\Flood Light Games 2009-02-26 21:12 . 2006-11-28 20:46 28,224 --a------ c:\windows\System32\drivers\PCAMp50.sys 2009-02-26 21:12 . 2006-11-28 20:46 27,072 --a------ c:\windows\System32\drivers\PCASp50.sys 2009-02-26 21:11 . 2009-02-26 21:11 <REP> d-------- c:\program files\Securitoo 2009-02-26 21:11 . 2009-02-26 21:39 <REP> d-------- c:\program files\OrangeHSS 2009-02-26 21:11 . 2007-12-11 20:22 65,536 --a------ c:\windows\System32\Autodial2000.dll 2009-02-26 21:07 . 2009-02-26 21:07 <REP> d-------- c:\program files\Common Files\France Telecom 2009-02-16 20:59 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll 2009-02-16 20:59 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll 2009-02-16 20:59 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax 2009-02-16 20:59 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax 2009-02-16 20:59 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax 2009-02-13 20:11 . 2009-02-13 20:11 <REP> d-------- c:\program files\Canal 2009-02-13 20:10 . 2009-02-13 20:10 <REP> d-------- c:\program files\Common Files\Adobe AIR 2009-02-11 22:24 . 2009-02-11 22:24 <REP> d-------- c:\users\isa\AppData\Roaming\Media Player Classic 2009-02-11 22:23 . 2009-02-11 22:23 <REP> d-------- c:\users\All Users\Real 2009-02-11 22:23 . 2009-02-11 22:23 <REP> d-------- c:\program files\K-Lite Codec Pack 2009-02-11 00:42 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb 2009-02-11 00:42 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll 2009-02-07 20:18 . 2008-06-25 20:57 446,464 --a------ c:\windows\System32\nvudisp.exe 2009-02-07 20:18 . 2008-06-25 20:57 8,429 --a------ c:\windows\System32\nvdisp.nvu 2009-02-07 20:17 . 2009-02-07 20:17 <REP> d-------- c:\program files\My Company Name 2009-02-06 23:13 . 2009-02-06 23:13 45 --a------ c:\windows\System32\initdebug.nfo 2009-02-04 18:34 . 2009-02-04 18:34 <REP> d-------- c:\users\All Users\BSD 2009-02-04 18:34 . 2009-02-04 18:34 <REP> d-------- c:\programdata\BSD 2009-02-04 18:33 . 2009-02-04 18:33 <REP> d-------- c:\users\isa\AppData\Roaming\BSD Concept 2009-02-04 18:30 . 2009-02-04 18:30 <REP> d-------- c:\users\All Users\BSD Concept 2009-02-04 18:30 . 2009-02-04 18:30 <REP> d-------- c:\programdata\BSD Concept 2009-02-04 18:29 . 2009-02-04 18:29 <REP> d-------- c:\program files\BSD Concept 2009-02-04 16:52 . 2009-02-04 16:52 <REP> d-------- c:\users\isa\AppData\Roaming\Printer Info Cache 2009-02-04 16:52 . 2009-03-03 17:36 <REP> d-------- c:\users\isa\AppData\Roaming\Image Zone Express . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-01 20:29 --------- d-----w c:\program files\7-Zip 2009-03-01 11:41 --------- d-----w c:\program files\Acer GameZone 2009-03-01 11:34 --------- d-----w c:\program files\Common Files\Oberon Media 2009-03-01 11:31 --------- d---a-w c:\programdata\TEMP 2009-03-01 11:22 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-01 11:22 --------- d-----w c:\program files\eSobi 2009-03-01 11:06 --------- d-----w c:\users\isa\AppData\Roaming\uTorrent 2009-02-28 17:25 --------- d-----w c:\program files\Oberon Media 2009-02-11 21:11 --------- d-----w c:\program files\Java 2009-02-11 02:00 --------- d-----w c:\program files\Windows Mail 2009-02-07 19:24 --------- d-----w c:\programdata\NVIDIA 2009-02-03 17:51 --------- d-----w c:\program files\Common Files\Adobe 2008-12-08 11:53 57,344 ----a-w c:\windows\System32\ff_vfw.dll 2008-12-07 18:08 795,648 ----a-w c:\windows\System32\xvidcore.dll 2008-12-07 18:08 130,048 ----a-w c:\windows\System32\xvidvfw.dll 2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-03-04 23:38 121392 --a------ c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 c:\windows\System32\oobefldr.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-09 326176] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896] "PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908] "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344] "NVRaidService"="c:\windows\system32\nvraidservice.exe" [2007-12-07 196128] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-25 13535776] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-25 92704] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248] "RtHDVCpl"="RtHDVCpl.exe" [2007-10-11 c:\windows\RtHDVCpl.exe] c:\users\isa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-08-09 344064] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-03-21 535336] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "FilterAdministratorToken"= 1 (0x1) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-897740455-3590922161-1516729470-1000] "EnableNotificationsRef"=dword:00000003 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{9A0FC0E6-C41A-491D-85B2-7B42B0C4D7B6}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{9272E7EA-E5B0-4E65-AA03-61B849992A79}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{0590D135-20CF-4616-83A2-B4D64D7A7ADC}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live "{40F60C6C-DD8E-40B8-AB34-5061C567E010}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine "{EC714915-D3A6-43D3-B785-23155F4ED9A6}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia "{8FB6D042-3CF4-407D-A2E9-A1CE05C41456}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect "{542BA28B-703D-48DB-B83F-94E757E578BF}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service "{B34DAF09-668F-41FD-94EB-A7A892360F5C}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD "{A924C65E-76C0-4E34-9E09-9FC3F7E6691A}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician "{F051E17E-51EF-4830-B367-F6DA497077E5}"= c:\program files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator "{F158742F-48F9-4833-8369-7CBA8CC22457}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician "{E8C480A7-0F8F-40E3-951C-B35DCEC99082}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{CBE69F7D-80D0-4A78-88AA-458BB971821C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{3472E74A-6E0F-4073-BC32-5308013B35C5}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule "UDP Query User{7175209C-DF98-4A73-8BBA-2DD7418FAA57}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule "TCP Query User{12457E32-2269-4F32-8199-418A15C8594B}c:\\emule\\emule.exe"= UDP:c:\emule\emule.exe:eMule "UDP Query User{7A84D4A4-86CA-400C-AF68-1173647BA356}c:\\emule\\emule.exe"= TCP:c:\emule\emule.exe:eMule "TCP Query User{0814C510-F5D5-4BBC-BB0B-6DA28EB05CF0}c:\\users\\isa\\appdata\\roaming\\m\\flec006.exe"= UDP:c:\users\isa\appdata\roaming\m\flec006.exe:flec006.exe "UDP Query User{65EF53D6-8B7C-4B31-AAC6-26517E77BF6D}c:\\users\\isa\\appdata\\roaming\\m\\flec006.exe"= TCP:c:\users\isa\appdata\roaming\m\flec006.exe:flec006.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS R1 ATMhelpr;ATMhelpr;c:\windows\System32\drivers\ATMHELPR.SYS [2008-09-20 4064] R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-03-21 269448] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-03-01 1153368] S3 NVHDA;Service for NVIDIA HDMI Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2008-03-21 30752] S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [2009-02-26 28224] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contenu du dossier 'Tâches planifiées' 2009-03-02 c:\windows\Tasks\WebReg Photosmart C3100 series.job - c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2006-12-10 20:36] . - - - - ORPHELINS SUPPRIMES - - - - BHO-{6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file) HKCU-Run-flec003.exe - c:\users\isa\AppData\Roaming\hidires\flec003.exe HKLM-Run-eRecoveryService - (no file) . ------- Examen supplémentaire ------- . uStart Page = www.orange.fr mWindow Title = IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-04 23:42:43 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'Explorer.exe'(172) c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\nvvsvc.exe c:\windows\System32\audiodg.exe c:\windows\System32\rundll32.exe c:\windows\System32\conime.exe c:\windows\System32\rundll32.exe c:\windows\ehome\ehmsas.exe c:\acer\Empowering Technology\ePerformance\MemCheck.exe c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe c:\acer\Empowering Technology\eSettings\Service\capuserv.exe c:\windows\System32\WUDFHost.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\System32\wbem\unsecapp.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\windows\System32\dllhost.exe . ************************************************************************** . Heure de fin: 2009-03-04 23:45:25 - La machine a redémarré [isa] ComboFix-quarantined-files.txt 2009-03-04 22:45:18 Avant-CF: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application. Après-CF: 121,644,589,056 octets libres 1038 --- E O F --- 2009-02-26 20:40:05
- le 4 mars 2009
- 14 réponses
PC très infecté

zabouille a répondu à un(e) sujet de zabouille dans Analyses et éradication malwares

Voilà les derniers rapports : le premier de "Navilog" : Search Navipromo version 3.7.5 commencé le 04/03/2009 à 23:00:12,73 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 26.02.2009 à 18h00 par IL-MAFIOSO Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1 X86-based PC ( Multiprocessor Free : Intel® Pentium® Dual CPU E2180 @ 2.00GHz ) BIOS : BIOS Date: 05/23/08 16:37:53 Ver: 08.00.15 USER : isa ( Administrator ) BOOT : Normal boot C:\ (Local Disk) - NTFS - Total:228 Go (Free:113 Go) D:\ (Local Disk) - NTFS - Total:227 Go (Free:227 Go) E:\ (CD or DVD) F:\ (USB) G:\ (USB) H:\ (USB) I:\ (USB) Recherche executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans "C:\Windows" *** *** Recherche dossiers dans "C:\Program Files" *** *** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" *** *** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" *** *** Recherche dossiers dans "C:\ProgramData" *** *** Recherche dossiers dans "c:\users\isa\appdata\roaming\micros~1\windows\startm~1\programs" *** *** Recherche dossiers dans "C:\Users\isa\AppData\Local\virtualstore\Program Files" *** *** Recherche dossiers dans "C:\Users\isa\AppData\Local" *** *** Recherche dossiers dans "C:\Users\isa\AppData\Roaming" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net Fichier(s) caché(s) : C:\Windows\System32\wintems.exe *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\Windows\system32" * * Recherche dans "C:\Users\isa\AppData\Local\Microsoft" * * Recherche dans "C:\Users\isa\AppData\Local\virtualstore\windows\system32" * * Recherche dans "C:\Users\isa\AppData\Local" * *** Recherche fichiers *** *** Recherche clés spécifiques dans le Registre *** !! Les clés trouvées ne sont pas forcément infectées !! HKEY_CURRENT_USER\Software\Lanconfig [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "yiyocik"="\"c:\\users\\isa\\appdata\\local\\yiyocik.exe\" yiyocik" *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\Windows\system32" : * Dans "C:\Users\isa\AppData\Local\Microsoft" : * Dans "C:\Users\isa\AppData\Local\virtualstore\windows\system32" : * Dans "C:\Users\isa\AppData\Local" : yiyocik.exe trouvé ! yiyocik.dat trouvé ! yiyocik_nav.dat trouvé ! yiyocik_navps.dat trouvé ! 3)Recherche Certificats : Certificat Egroup absent ! Certificat Electronic-Group trouvé ! Certificat Montorgueil absent ! Certificat OOO-Favorit trouvé ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche autres dossiers et fichiers connus : *** Analyse terminée le 04/03/2009 à 23:19:53,95 *** Le second de "Navilog" : Clean Navipromo version 3.7.5 commencé le 04/03/2009 à 23:22:10,82 Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 26.02.2009 à 18h00 par IL-MAFIOSO Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1 X86-based PC ( Multiprocessor Free : Intel® Pentium® Dual CPU E2180 @ 2.00GHz ) BIOS : BIOS Date: 05/23/08 16:37:53 Ver: 08.00.15 USER : isa ( Administrator ) BOOT : Normal boot C:\ (Local Disk) - NTFS - Total:228 Go (Free:113 Go) D:\ (Local Disk) - NTFS - Total:227 Go (Free:227 Go) E:\ (CD or DVD) F:\ (USB) G:\ (USB) H:\ (USB) I:\ (USB) Mode suppression automatique avec prise en charge résultats Catchme et GNS Nettoyage exécuté au redémarrage de l'ordinateur *** Creation backups fichiers trouvés par Catchme *** Copie vers "C:\Program Files\navilog1\Backupnavi" Copie C:\Windows\System32\wintems.exe réalisée avec succès ! *** Suppression des fichiers trouvés avec Catchme *** C:\Windows\System32\wintems.exe !!ERREUR SUPPRESSION!! ** 2ème passage avec résultats Catchme ** * Dans "C:\Windows\system32" * wintems.exe trouvé ! Copie wintems.exe réalisée avec succès ! wintems.exe !!ERREUR SUPPRESSION!! C:\Windows\system32\wintems.exe trouvé ! Copie C:\Windows\system32\wintems.exe réalisée avec succès ! C:\Windows\system32\wintems.exe !!ERREUR SUPPRESSION!! * Dans "C:\Users\isa\AppData\Local\Microsoft" * C:\Windows\system32\wintems.exe trouvé ! Copie C:\Windows\system32\wintems.exe réalisée avec succès ! C:\Windows\system32\wintems.exe !!ERREUR SUPPRESSION!! * Dans "C:\Users\isa\AppData\Local\virtualstore\windows\system32" * C:\Windows\system32\wintems.exe trouvé ! Copie C:\Windows\system32\wintems.exe réalisée avec succès ! C:\Windows\system32\wintems.exe !!ERREUR SUPPRESSION!! * Dans "C:\Users\isa\AppData\Local" * C:\Windows\system32\wintems.exe trouvé ! Copie C:\Windows\system32\wintems.exe réalisée avec succès ! C:\Windows\system32\wintems.exe !!ERREUR SUPPRESSION!! *** Suppression avec sauvegardes résultats GenericNaviSearch *** * Suppression dans "C:\Windows\System32" * * Suppression dans "C:\Users\isa\AppData\Local\Microsoft" * * Suppression dans "C:\Users\isa\AppData\Local\virtualstore\windows\system32" * * Suppression dans "C:\Users\isa\AppData\Local" * *** Suppression dossiers dans "C:\Windows" *** *** Suppression dossiers dans "C:\Program Files" *** *** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" *** *** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1" *** *** Suppression dossiers dans "C:\ProgramData" *** *** Suppression dossiers dans c:\users\isa\appdata\roaming\micros~1\windows\startm~1\programs *** *** Suppression dossiers dans "C:\Users\isa\AppData\Local\virtualstore\Program Files" *** *** Suppression dossiers dans "C:\Users\isa\AppData\Local" *** *** Suppression dossiers dans "C:\Users\isa\AppData\Roaming" *** *** Suppression fichiers *** *** Suppression fichiers temporaires *** Nettoyage contenu C:\Windows\Temp effectué ! Nettoyage contenu C:\Users\isa\AppData\Local\Temp effectué ! *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Suppression avec sauvegardes nouveaux fichiers Instant Access : 2)Recherche, création sauvegardes et suppression Heuristique : * Dans "C:\Windows\system32" * * Dans "C:\Users\isa\AppData\Local\Microsoft" * * Dans "C:\Users\isa\AppData\Local\virtualstore\windows\system32" * * Dans "C:\Users\isa\AppData\Local" * yiyocik.exe trouvé ! Copie yiyocik.exe réalisée avec succès ! yiyocik.exe supprimé ! yiyocik.dat trouvé ! Copie yiyocik.dat réalisée avec succès ! yiyocik.dat supprimé ! yiyocik_nav.dat trouvé ! Copie yiyocik_nav.dat réalisée avec succès ! yiyocik_nav.dat supprimé ! yiyocik_navps.dat trouvé ! Copie yiyocik_navps.dat réalisée avec succès ! yiyocik_navps.dat supprimé ! *** Sauvegarde du Registre vers dossier Safebackup *** sauvegarde du Registre réalisée avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok *** Certificats *** Certificat Egroup absent ! Certificat Electronic-Group supprimé ! Certificat Montorgueil absent ! Certificat OOO-Favorit supprimé ! Certificat Sunny-Day-Design-Ltdt absent ! *** Recherche autres dossiers et fichiers connus *** *** Nettoyage terminé le 04/03/2009 à 23:25:55,07 ***
- le 4 mars 2009
- 14 réponses
PC très infecté

zabouille a répondu à un(e) sujet de zabouille dans Analyses et éradication malwares

Bonsoir, voici les deux premiers rapports de "toolbar" : -----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1 X86-based PC ( Multiprocessor Free : Intel® Pentium® Dual CPU E2180 @ 2.00GHz ) BIOS : BIOS Date: 05/23/08 16:37:53 Ver: 08.00.15 USER : isa ( Administrator ) BOOT : Fail-safe boot C:\ (Local Disk) - NTFS - Total:228 Go (Free:113 Go) D:\ (Local Disk) - NTFS - Total:227 Go (Free:227 Go) E:\ (CD or DVD) F:\ (USB) G:\ (USB) H:\ (USB) I:\ (USB) "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [1] ( 04/03/2009|22:00 ) [ UAC => 0 ] -----------\\ Recherche de Fichiers / Dossiers ... C:\ProgramData\GamesBar C:\ProgramData\GamesBar\08-11-21-20-39-24 C:\ProgramData\GamesBar\08-11-21-20-39-24.xm_ C:\ProgramData\GamesBar\08-11-21-20-39-26 C:\ProgramData\GamesBar\08-11-21-20-39-26.xm_ C:\ProgramData\GamesBar\08-11-21-20-39-34 C:\ProgramData\GamesBar\08-11-21-20-39-34.xm_ C:\ProgramData\GamesBar\08-11-22-20-40-05 C:\ProgramData\GamesBar\08-11-22-20-40-05.xm_ C:\ProgramData\GamesBar\08-11-22-20-40-07 C:\ProgramData\GamesBar\08-11-22-20-40-07.xm_ C:\ProgramData\GamesBar\08-11-22-20-40-10 C:\ProgramData\GamesBar\08-11-22-20-40-10.xm_ C:\ProgramData\GamesBar\08-11-22-20-40-16 C:\ProgramData\GamesBar\08-11-22-20-40-16.xm_ C:\ProgramData\GamesBar\08-11-22-20-40-27 C:\ProgramData\GamesBar\08-11-22-20-40-27.xm_ C:\ProgramData\GamesBar\7_wonders_treasures_of_seven16x16.gif C:\ProgramData\GamesBar\about.gif C:\ProgramData\GamesBar\action.gif C:\ProgramData\GamesBar\arcade.gif C:\ProgramData\GamesBar\around_the_world_in_80_days16x16.gif C:\ProgramData\GamesBar\big_city_adventure_sydney16x16.gif C:\ProgramData\GamesBar\buy.gif C:\ProgramData\GamesBar\cards.gif C:\ProgramData\GamesBar\cooking_dash16x16.gif C:\ProgramData\GamesBar\deals.gif C:\ProgramData\GamesBar\download.gif C:\ProgramData\GamesBar\escape_from_the_museum16x16.gif C:\ProgramData\GamesBar\farm_frenzy_216x16.gif C:\ProgramData\GamesBar\feedback.gif C:\ProgramData\GamesBar\help.gif C:\ProgramData\GamesBar\highlight.gif C:\ProgramData\GamesBar\home_sweet_home_216x16.gif C:\ProgramData\GamesBar\jewel_quest_316x16.gif C:\ProgramData\GamesBar\jigsaw.gif C:\ProgramData\GamesBar\kids.gif C:\ProgramData\GamesBar\magic_encyclopedia16x16.gif C:\ProgramData\GamesBar\mahjong.gif C:\ProgramData\GamesBar\mygames.gif C:\ProgramData\GamesBar\mystery_stories_island_of_hope16x16.gif C:\ProgramData\GamesBar\natalie_brooks16x16.gif C:\ProgramData\GamesBar\newGames.gif C:\ProgramData\GamesBar\oberonconfig.xm_ C:\ProgramData\GamesBar\obSearchHistory.dat C:\ProgramData\GamesBar\partner.gif C:\ProgramData\GamesBar\popup_off.gif C:\ProgramData\GamesBar\popup_on.gif C:\ProgramData\GamesBar\puzzle.gif C:\ProgramData\GamesBar\restoring_rhonda16x16.gif C:\ProgramData\GamesBar\search.gif C:\ProgramData\GamesBar\sendafriend.gif C:\ProgramData\GamesBar\sports.gif C:\ProgramData\GamesBar\the_hidden_object_show16x16.gif C:\ProgramData\GamesBar\the_pini_society16x16.gif C:\ProgramData\GamesBar\trial.gif C:\ProgramData\GamesBar\uninstall.gif C:\ProgramData\GamesBar\update.gif C:\ProgramData\GamesBar\womens_murder_club_fr16x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-24\7_wonders_treasures_of_seven16x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-24\about.gif C:\ProgramData\GamesBar\08-11-21-20-39-24\action.gif C:\ProgramData\GamesBar\08-11-21-20-39-24\arcade.gif C:\ProgramData\GamesBar\08-11-21-20-39-24\around_the_world_in_80_days16x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-24\big_city_adventure_sydney16x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-24\buy.gif C:\ProgramData\GamesBar\08-11-21-20-39-24\cards.gif C:\ProgramData\GamesBar\08-11-21-20-39-24\cooking_dash16x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-24\deals.gif C:\ProgramData\GamesBar\08-11-21-20-39-24\download.gif C:\ProgramData\GamesBar\08-11-21-20-39-24\escape_from_the_museum16x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-24\farm_frenzy_216x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-24\feedback.gif C:\ProgramData\GamesBar\08-11-21-20-39-24\help.gif C:\ProgramData\GamesBar\08-11-21-20-39-24\highlight.gif C:\ProgramData\GamesBar\08-11-21-20-39-24\home_sweet_home_216x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-24\jewel_quest_316x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-24\jigsaw.gif C:\ProgramData\GamesBar\08-11-21-20-39-24\kids.gif C:\ProgramData\GamesBar\08-11-21-20-39-24\magic_encyclopedia16x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-24\mahjong.gif C:\ProgramData\GamesBar\08-11-21-20-39-24\mygames.gif C:\ProgramData\GamesBar\08-11-21-20-39-24\mystery_stories_island_of_hope16x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-24\natalie_brooks16x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-24\newGames.gif C:\ProgramData\GamesBar\08-11-21-20-39-24\partner.gif C:\ProgramData\GamesBar\08-11-21-20-39-24\popup_off.gif C:\ProgramData\GamesBar\08-11-21-20-39-24\popup_on.gif C:\ProgramData\GamesBar\08-11-21-20-39-24\puzzle.gif C:\ProgramData\GamesBar\08-11-21-20-39-24\restoring_rhonda16x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-24\search.gif C:\ProgramData\GamesBar\08-11-21-20-39-24\sendafriend.gif C:\ProgramData\GamesBar\08-11-21-20-39-24\sports.gif C:\ProgramData\GamesBar\08-11-21-20-39-24\the_hidden_object_show16x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-24\the_pini_society16x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-24\trial.gif C:\ProgramData\GamesBar\08-11-21-20-39-24\uninstall.gif C:\ProgramData\GamesBar\08-11-21-20-39-24\update.gif C:\ProgramData\GamesBar\08-11-21-20-39-24\womens_murder_club_fr16x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-26\7_wonders_treasures_of_seven16x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-26\about.gif C:\ProgramData\GamesBar\08-11-21-20-39-26\action.gif C:\ProgramData\GamesBar\08-11-21-20-39-26\arcade.gif C:\ProgramData\GamesBar\08-11-21-20-39-26\around_the_world_in_80_days16x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-26\big_city_adventure_sydney16x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-26\buy.gif C:\ProgramData\GamesBar\08-11-21-20-39-26\cards.gif C:\ProgramData\GamesBar\08-11-21-20-39-26\cooking_dash16x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-26\deals.gif C:\ProgramData\GamesBar\08-11-21-20-39-26\download.gif C:\ProgramData\GamesBar\08-11-21-20-39-26\escape_from_the_museum16x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-26\farm_frenzy_216x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-26\feedback.gif C:\ProgramData\GamesBar\08-11-21-20-39-26\help.gif C:\ProgramData\GamesBar\08-11-21-20-39-26\highlight.gif C:\ProgramData\GamesBar\08-11-21-20-39-26\home_sweet_home_216x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-26\jewel_quest_316x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-26\jigsaw.gif C:\ProgramData\GamesBar\08-11-21-20-39-26\kids.gif C:\ProgramData\GamesBar\08-11-21-20-39-26\magic_encyclopedia16x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-26\mahjong.gif C:\ProgramData\GamesBar\08-11-21-20-39-26\mygames.gif C:\ProgramData\GamesBar\08-11-21-20-39-26\mystery_stories_island_of_hope16x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-26\natalie_brooks16x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-26\newGames.gif C:\ProgramData\GamesBar\08-11-21-20-39-26\partner.gif C:\ProgramData\GamesBar\08-11-21-20-39-26\popup_off.gif C:\ProgramData\GamesBar\08-11-21-20-39-26\popup_on.gif C:\ProgramData\GamesBar\08-11-21-20-39-26\puzzle.gif C:\ProgramData\GamesBar\08-11-21-20-39-26\restoring_rhonda16x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-26\search.gif C:\ProgramData\GamesBar\08-11-21-20-39-26\sendafriend.gif C:\ProgramData\GamesBar\08-11-21-20-39-26\sports.gif C:\ProgramData\GamesBar\08-11-21-20-39-26\the_hidden_object_show16x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-26\the_pini_society16x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-26\trial.gif C:\ProgramData\GamesBar\08-11-21-20-39-26\uninstall.gif C:\ProgramData\GamesBar\08-11-21-20-39-26\update.gif C:\ProgramData\GamesBar\08-11-21-20-39-26\womens_murder_club_fr16x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-34\7_wonders_treasures_of_seven16x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-34\about.gif C:\ProgramData\GamesBar\08-11-21-20-39-34\action.gif C:\ProgramData\GamesBar\08-11-21-20-39-34\arcade.gif C:\ProgramData\GamesBar\08-11-21-20-39-34\around_the_world_in_80_days16x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-34\big_city_adventure_sydney16x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-34\buy.gif C:\ProgramData\GamesBar\08-11-21-20-39-34\cards.gif C:\ProgramData\GamesBar\08-11-21-20-39-34\cooking_dash16x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-34\deals.gif C:\ProgramData\GamesBar\08-11-21-20-39-34\download.gif C:\ProgramData\GamesBar\08-11-21-20-39-34\escape_from_the_museum16x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-34\farm_frenzy_216x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-34\feedback.gif C:\ProgramData\GamesBar\08-11-21-20-39-34\help.gif C:\ProgramData\GamesBar\08-11-21-20-39-34\highlight.gif C:\ProgramData\GamesBar\08-11-21-20-39-34\home_sweet_home_216x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-34\jewel_quest_316x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-34\jigsaw.gif C:\ProgramData\GamesBar\08-11-21-20-39-34\kids.gif C:\ProgramData\GamesBar\08-11-21-20-39-34\magic_encyclopedia16x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-34\mahjong.gif C:\ProgramData\GamesBar\08-11-21-20-39-34\mygames.gif C:\ProgramData\GamesBar\08-11-21-20-39-34\mystery_stories_island_of_hope16x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-34\natalie_brooks16x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-34\newGames.gif C:\ProgramData\GamesBar\08-11-21-20-39-34\partner.gif C:\ProgramData\GamesBar\08-11-21-20-39-34\popup_off.gif C:\ProgramData\GamesBar\08-11-21-20-39-34\popup_on.gif C:\ProgramData\GamesBar\08-11-21-20-39-34\puzzle.gif C:\ProgramData\GamesBar\08-11-21-20-39-34\restoring_rhonda16x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-34\search.gif C:\ProgramData\GamesBar\08-11-21-20-39-34\sendafriend.gif C:\ProgramData\GamesBar\08-11-21-20-39-34\sports.gif C:\ProgramData\GamesBar\08-11-21-20-39-34\the_hidden_object_show16x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-34\the_pini_society16x16.gif C:\ProgramData\GamesBar\08-11-21-20-39-34\trial.gif C:\ProgramData\GamesBar\08-11-21-20-39-34\uninstall.gif C:\ProgramData\GamesBar\08-11-21-20-39-34\update.gif C:\ProgramData\GamesBar\08-11-21-20-39-34\womens_murder_club_fr16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-05\7_wonders_treasures_of_seven16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-05\about.gif C:\ProgramData\GamesBar\08-11-22-20-40-05\action.gif C:\ProgramData\GamesBar\08-11-22-20-40-05\arcade.gif C:\ProgramData\GamesBar\08-11-22-20-40-05\around_the_world_in_80_days16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-05\big_city_adventure_sydney16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-05\buy.gif C:\ProgramData\GamesBar\08-11-22-20-40-05\cards.gif C:\ProgramData\GamesBar\08-11-22-20-40-05\cooking_dash16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-05\deals.gif C:\ProgramData\GamesBar\08-11-22-20-40-05\download.gif C:\ProgramData\GamesBar\08-11-22-20-40-05\escape_from_the_museum16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-05\farm_frenzy_216x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-05\feedback.gif C:\ProgramData\GamesBar\08-11-22-20-40-05\help.gif C:\ProgramData\GamesBar\08-11-22-20-40-05\highlight.gif C:\ProgramData\GamesBar\08-11-22-20-40-05\home_sweet_home_216x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-05\jewel_quest_316x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-05\jigsaw.gif C:\ProgramData\GamesBar\08-11-22-20-40-05\kids.gif C:\ProgramData\GamesBar\08-11-22-20-40-05\magic_encyclopedia16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-05\mahjong.gif C:\ProgramData\GamesBar\08-11-22-20-40-05\mygames.gif C:\ProgramData\GamesBar\08-11-22-20-40-05\mystery_stories_island_of_hope16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-05\natalie_brooks16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-05\newGames.gif C:\ProgramData\GamesBar\08-11-22-20-40-05\partner.gif C:\ProgramData\GamesBar\08-11-22-20-40-05\popup_off.gif C:\ProgramData\GamesBar\08-11-22-20-40-05\popup_on.gif C:\ProgramData\GamesBar\08-11-22-20-40-05\puzzle.gif C:\ProgramData\GamesBar\08-11-22-20-40-05\restoring_rhonda16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-05\search.gif C:\ProgramData\GamesBar\08-11-22-20-40-05\sendafriend.gif C:\ProgramData\GamesBar\08-11-22-20-40-05\sports.gif C:\ProgramData\GamesBar\08-11-22-20-40-05\the_hidden_object_show16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-05\the_pini_society16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-05\trial.gif C:\ProgramData\GamesBar\08-11-22-20-40-05\uninstall.gif C:\ProgramData\GamesBar\08-11-22-20-40-05\update.gif C:\ProgramData\GamesBar\08-11-22-20-40-05\womens_murder_club_fr16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-07\7_wonders_treasures_of_seven16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-07\about.gif C:\ProgramData\GamesBar\08-11-22-20-40-07\action.gif C:\ProgramData\GamesBar\08-11-22-20-40-07\arcade.gif C:\ProgramData\GamesBar\08-11-22-20-40-07\around_the_world_in_80_days16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-07\big_city_adventure_sydney16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-07\buy.gif C:\ProgramData\GamesBar\08-11-22-20-40-07\cards.gif C:\ProgramData\GamesBar\08-11-22-20-40-07\cooking_dash16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-07\deals.gif C:\ProgramData\GamesBar\08-11-22-20-40-07\download.gif C:\ProgramData\GamesBar\08-11-22-20-40-07\escape_from_the_museum16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-07\farm_frenzy_216x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-07\feedback.gif C:\ProgramData\GamesBar\08-11-22-20-40-07\help.gif C:\ProgramData\GamesBar\08-11-22-20-40-07\highlight.gif C:\ProgramData\GamesBar\08-11-22-20-40-07\home_sweet_home_216x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-07\jewel_quest_316x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-07\jigsaw.gif C:\ProgramData\GamesBar\08-11-22-20-40-07\kids.gif C:\ProgramData\GamesBar\08-11-22-20-40-07\magic_encyclopedia16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-07\mahjong.gif C:\ProgramData\GamesBar\08-11-22-20-40-07\mygames.gif C:\ProgramData\GamesBar\08-11-22-20-40-07\mystery_stories_island_of_hope16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-07\natalie_brooks16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-07\newGames.gif C:\ProgramData\GamesBar\08-11-22-20-40-07\partner.gif C:\ProgramData\GamesBar\08-11-22-20-40-07\popup_off.gif C:\ProgramData\GamesBar\08-11-22-20-40-07\popup_on.gif C:\ProgramData\GamesBar\08-11-22-20-40-07\puzzle.gif C:\ProgramData\GamesBar\08-11-22-20-40-07\restoring_rhonda16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-07\search.gif C:\ProgramData\GamesBar\08-11-22-20-40-07\sendafriend.gif C:\ProgramData\GamesBar\08-11-22-20-40-07\sports.gif C:\ProgramData\GamesBar\08-11-22-20-40-07\the_hidden_object_show16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-07\the_pini_society16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-07\trial.gif C:\ProgramData\GamesBar\08-11-22-20-40-07\uninstall.gif C:\ProgramData\GamesBar\08-11-22-20-40-07\update.gif C:\ProgramData\GamesBar\08-11-22-20-40-07\womens_murder_club_fr16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-10\7_wonders_treasures_of_seven16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-10\about.gif C:\ProgramData\GamesBar\08-11-22-20-40-10\action.gif C:\ProgramData\GamesBar\08-11-22-20-40-10\arcade.gif C:\ProgramData\GamesBar\08-11-22-20-40-10\around_the_world_in_80_days16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-10\big_city_adventure_sydney16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-10\buy.gif C:\ProgramData\GamesBar\08-11-22-20-40-10\cards.gif C:\ProgramData\GamesBar\08-11-22-20-40-10\cooking_dash16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-10\deals.gif C:\ProgramData\GamesBar\08-11-22-20-40-10\download.gif C:\ProgramData\GamesBar\08-11-22-20-40-10\escape_from_the_museum16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-10\farm_frenzy_216x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-10\feedback.gif C:\ProgramData\GamesBar\08-11-22-20-40-10\help.gif C:\ProgramData\GamesBar\08-11-22-20-40-10\highlight.gif C:\ProgramData\GamesBar\08-11-22-20-40-10\home_sweet_home_216x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-10\jewel_quest_316x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-10\jigsaw.gif C:\ProgramData\GamesBar\08-11-22-20-40-10\kids.gif C:\ProgramData\GamesBar\08-11-22-20-40-10\magic_encyclopedia16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-10\mahjong.gif C:\ProgramData\GamesBar\08-11-22-20-40-10\mygames.gif C:\ProgramData\GamesBar\08-11-22-20-40-10\mystery_stories_island_of_hope16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-10\natalie_brooks16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-10\newGames.gif C:\ProgramData\GamesBar\08-11-22-20-40-10\partner.gif C:\ProgramData\GamesBar\08-11-22-20-40-10\popup_off.gif C:\ProgramData\GamesBar\08-11-22-20-40-10\popup_on.gif C:\ProgramData\GamesBar\08-11-22-20-40-10\puzzle.gif C:\ProgramData\GamesBar\08-11-22-20-40-10\restoring_rhonda16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-10\search.gif C:\ProgramData\GamesBar\08-11-22-20-40-10\sendafriend.gif C:\ProgramData\GamesBar\08-11-22-20-40-10\sports.gif C:\ProgramData\GamesBar\08-11-22-20-40-10\the_hidden_object_show16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-10\the_pini_society16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-10\trial.gif C:\ProgramData\GamesBar\08-11-22-20-40-10\uninstall.gif C:\ProgramData\GamesBar\08-11-22-20-40-10\update.gif C:\ProgramData\GamesBar\08-11-22-20-40-10\womens_murder_club_fr16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-16\7_wonders_treasures_of_seven16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-16\about.gif C:\ProgramData\GamesBar\08-11-22-20-40-16\action.gif C:\ProgramData\GamesBar\08-11-22-20-40-16\arcade.gif C:\ProgramData\GamesBar\08-11-22-20-40-16\around_the_world_in_80_days16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-16\big_city_adventure_sydney16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-16\buy.gif C:\ProgramData\GamesBar\08-11-22-20-40-16\cards.gif C:\ProgramData\GamesBar\08-11-22-20-40-16\cooking_dash16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-16\deals.gif C:\ProgramData\GamesBar\08-11-22-20-40-16\download.gif C:\ProgramData\GamesBar\08-11-22-20-40-16\escape_from_the_museum16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-16\farm_frenzy_216x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-16\feedback.gif C:\ProgramData\GamesBar\08-11-22-20-40-16\help.gif C:\ProgramData\GamesBar\08-11-22-20-40-16\highlight.gif C:\ProgramData\GamesBar\08-11-22-20-40-16\home_sweet_home_216x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-16\jewel_quest_316x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-16\jigsaw.gif C:\ProgramData\GamesBar\08-11-22-20-40-16\kids.gif C:\ProgramData\GamesBar\08-11-22-20-40-16\magic_encyclopedia16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-16\mahjong.gif C:\ProgramData\GamesBar\08-11-22-20-40-16\mygames.gif C:\ProgramData\GamesBar\08-11-22-20-40-16\mystery_stories_island_of_hope16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-16\natalie_brooks16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-16\newGames.gif C:\ProgramData\GamesBar\08-11-22-20-40-16\partner.gif C:\ProgramData\GamesBar\08-11-22-20-40-16\popup_off.gif C:\ProgramData\GamesBar\08-11-22-20-40-16\popup_on.gif C:\ProgramData\GamesBar\08-11-22-20-40-16\puzzle.gif C:\ProgramData\GamesBar\08-11-22-20-40-16\restoring_rhonda16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-16\search.gif C:\ProgramData\GamesBar\08-11-22-20-40-16\sendafriend.gif C:\ProgramData\GamesBar\08-11-22-20-40-16\sports.gif C:\ProgramData\GamesBar\08-11-22-20-40-16\the_hidden_object_show16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-16\the_pini_society16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-16\trial.gif C:\ProgramData\GamesBar\08-11-22-20-40-16\uninstall.gif C:\ProgramData\GamesBar\08-11-22-20-40-16\update.gif C:\ProgramData\GamesBar\08-11-22-20-40-16\womens_murder_club_fr16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-27\7_wonders_treasures_of_seven16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-27\about.gif C:\ProgramData\GamesBar\08-11-22-20-40-27\action.gif C:\ProgramData\GamesBar\08-11-22-20-40-27\arcade.gif C:\ProgramData\GamesBar\08-11-22-20-40-27\around_the_world_in_80_days16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-27\big_city_adventure_sydney16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-27\buy.gif C:\ProgramData\GamesBar\08-11-22-20-40-27\cards.gif C:\ProgramData\GamesBar\08-11-22-20-40-27\cooking_dash16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-27\deals.gif C:\ProgramData\GamesBar\08-11-22-20-40-27\download.gif C:\ProgramData\GamesBar\08-11-22-20-40-27\escape_from_the_museum16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-27\farm_frenzy_216x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-27\feedback.gif C:\ProgramData\GamesBar\08-11-22-20-40-27\help.gif C:\ProgramData\GamesBar\08-11-22-20-40-27\highlight.gif C:\ProgramData\GamesBar\08-11-22-20-40-27\home_sweet_home_216x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-27\jewel_quest_316x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-27\jigsaw.gif C:\ProgramData\GamesBar\08-11-22-20-40-27\kids.gif C:\ProgramData\GamesBar\08-11-22-20-40-27\magic_encyclopedia16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-27\mahjong.gif C:\ProgramData\GamesBar\08-11-22-20-40-27\mygames.gif C:\ProgramData\GamesBar\08-11-22-20-40-27\mystery_stories_island_of_hope16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-27\natalie_brooks16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-27\newGames.gif C:\ProgramData\GamesBar\08-11-22-20-40-27\partner.gif C:\ProgramData\GamesBar\08-11-22-20-40-27\popup_off.gif C:\ProgramData\GamesBar\08-11-22-20-40-27\popup_on.gif C:\ProgramData\GamesBar\08-11-22-20-40-27\puzzle.gif C:\ProgramData\GamesBar\08-11-22-20-40-27\restoring_rhonda16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-27\search.gif C:\ProgramData\GamesBar\08-11-22-20-40-27\sendafriend.gif C:\ProgramData\GamesBar\08-11-22-20-40-27\sports.gif C:\ProgramData\GamesBar\08-11-22-20-40-27\the_hidden_object_show16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-27\the_pini_society16x16.gif C:\ProgramData\GamesBar\08-11-22-20-40-27\trial.gif C:\ProgramData\GamesBar\08-11-22-20-40-27\uninstall.gif C:\ProgramData\GamesBar\08-11-22-20-40-27\update.gif C:\ProgramData\GamesBar\08-11-22-20-40-27\womens_murder_club_fr16x16.gif C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\GamesBar C:\Program Files\GamesBar C:\Program Files\GamesBar\Localization-French.ini C:\Program Files\GamesBar\Localization2-French.ini C:\Program Files\GamesBar\oberontb.dll C:\Program Files\GamesBar\OBGet.exe C:\Program Files\GamesBar\uninst.exe -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://fr.fr.acer.yahoo.com"'>http://fr.fr.acer.yahoo.com"'>http://fr.fr.acer.yahoo.com"'>http://fr.fr.acer.yahoo.com"'>http://fr.fr.acer.yahoo.com" "Default_Page_URL"="http://fr.fr.acer.yahoo.com" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" --------------------\\ Recherche d'autres infections C:\Windows\system32\mdelk.exe C:\Windows\system32\wintems.exe ==> BAGLE <== --------------------\\ ROOTKIT !! Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa] [ UAC => 1 ] 1 - "C:\ToolBar SD\TB_1.txt" - 04/03/2009|22:00 - Option : [1] -----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1 X86-based PC ( Multiprocessor Free : Intel® Pentium® Dual CPU E2180 @ 2.00GHz ) BIOS : BIOS Date: 05/23/08 16:37:53 Ver: 08.00.15 USER : isa ( Administrator ) BOOT : Fail-safe boot C:\ (Local Disk) - NTFS - Total:228 Go (Free:113 Go) D:\ (Local Disk) - NTFS - Total:227 Go (Free:227 Go) E:\ (CD or DVD) F:\ (USB) G:\ (USB) H:\ (USB) I:\ (USB) "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [2] ( 04/03/2009|22:03 ) [ UAC => 1 ] -----------\\ SUPPRESSION Supprime! - C:\ProgramData\GamesBar\08-11-21-20-39-24 Supprime! - C:\ProgramData\GamesBar\08-11-21-20-39-24.xm_ Supprime! - C:\ProgramData\GamesBar\08-11-21-20-39-26 Supprime! - C:\ProgramData\GamesBar\08-11-21-20-39-26.xm_ Supprime! - C:\ProgramData\GamesBar\08-11-21-20-39-34 Supprime! - C:\ProgramData\GamesBar\08-11-21-20-39-34.xm_ Supprime! - C:\ProgramData\GamesBar\08-11-22-20-40-05 Supprime! - C:\ProgramData\GamesBar\08-11-22-20-40-05.xm_ Supprime! - C:\ProgramData\GamesBar\08-11-22-20-40-07 Supprime! - C:\ProgramData\GamesBar\08-11-22-20-40-07.xm_ Supprime! - C:\ProgramData\GamesBar\08-11-22-20-40-10 Supprime! - C:\ProgramData\GamesBar\08-11-22-20-40-10.xm_ Supprime! - C:\ProgramData\GamesBar\08-11-22-20-40-16 Supprime! - C:\ProgramData\GamesBar\08-11-22-20-40-16.xm_ Supprime! - C:\ProgramData\GamesBar\08-11-22-20-40-27 Supprime! - C:\ProgramData\GamesBar\08-11-22-20-40-27.xm_ Supprime! - C:\ProgramData\GamesBar\7_wonders_treasures_of_seven16x16.gif Supprime! - C:\ProgramData\GamesBar\about.gif Supprime! - C:\ProgramData\GamesBar\action.gif Supprime! - C:\ProgramData\GamesBar\arcade.gif Supprime! - C:\ProgramData\GamesBar\around_the_world_in_80_days16x16.gif Supprime! - C:\ProgramData\GamesBar\big_city_adventure_sydney16x16.gif Supprime! - C:\ProgramData\GamesBar\buy.gif Supprime! - C:\ProgramData\GamesBar\cards.gif Supprime! - C:\ProgramData\GamesBar\cooking_dash16x16.gif Supprime! - C:\ProgramData\GamesBar\deals.gif Supprime! - C:\ProgramData\GamesBar\download.gif Supprime! - C:\ProgramData\GamesBar\escape_from_the_museum16x16.gif Supprime! - C:\ProgramData\GamesBar\farm_frenzy_216x16.gif Supprime! - C:\ProgramData\GamesBar\feedback.gif Supprime! - C:\ProgramData\GamesBar\help.gif Supprime! - C:\ProgramData\GamesBar\highlight.gif Supprime! - C:\ProgramData\GamesBar\home_sweet_home_216x16.gif Supprime! - C:\ProgramData\GamesBar\jewel_quest_316x16.gif Supprime! - C:\ProgramData\GamesBar\jigsaw.gif Supprime! - C:\ProgramData\GamesBar\kids.gif Supprime! - C:\ProgramData\GamesBar\magic_encyclopedia16x16.gif Supprime! - C:\ProgramData\GamesBar\mahjong.gif Supprime! - C:\ProgramData\GamesBar\mygames.gif Supprime! - C:\ProgramData\GamesBar\mystery_stories_island_of_hope16x16.gif Supprime! - C:\ProgramData\GamesBar\natalie_brooks16x16.gif Supprime! - C:\ProgramData\GamesBar\newGames.gif Supprime! - C:\ProgramData\GamesBar\oberonconfig.xm_ Supprime! - C:\ProgramData\GamesBar\obSearchHistory.dat Supprime! - C:\ProgramData\GamesBar\partner.gif Supprime! - C:\ProgramData\GamesBar\popup_off.gif Supprime! - C:\ProgramData\GamesBar\popup_on.gif Supprime! - C:\ProgramData\GamesBar\puzzle.gif Supprime! - C:\ProgramData\GamesBar\restoring_rhonda16x16.gif Supprime! - C:\ProgramData\GamesBar\search.gif Supprime! - C:\ProgramData\GamesBar\sendafriend.gif Supprime! - C:\ProgramData\GamesBar\sports.gif Supprime! - C:\ProgramData\GamesBar\the_hidden_object_show16x16.gif Supprime! - C:\ProgramData\GamesBar\the_pini_society16x16.gif Supprime! - C:\ProgramData\GamesBar\trial.gif Supprime! - C:\ProgramData\GamesBar\uninstall.gif Supprime! - C:\ProgramData\GamesBar\update.gif Supprime! - C:\ProgramData\GamesBar\womens_murder_club_fr16x16.gif Supprime! - C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\GamesBar Supprime! - C:\Program Files\GamesBar\Localization-French.ini Supprime! - C:\Program Files\GamesBar\Localization2-French.ini Supprime! - C:\Program Files\GamesBar\oberontb.dll Supprime! - C:\Program Files\GamesBar\OBGet.exe Supprime! - C:\Program Files\GamesBar\uninst.exe Supprime! - C:\ProgramData\GamesBar Supprime! - C:\Program Files\GamesBar -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/"'>http://www.msn.com/"'>http://www.msn.com/" "Default_Page_URL"="http://fr.fr.acer.yahoo.com" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" --------------------\\ Recherche d'autres infections C:\Windows\system32\mdelk.exe C:\Windows\system32\wintems.exe ==> BAGLE <== --------------------\\ ROOTKIT !! Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa] [ UAC => 1 ] 1 - "C:\ToolBar SD\TB_1.txt" - 04/03/2009|22:00 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 04/03/2009|22:04 - Option : [2] et ensuite les deux mêmes rapports après mon post de 22h28 -----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1 X86-based PC ( Multiprocessor Free : Intel® Pentium® Dual CPU E2180 @ 2.00GHz ) BIOS : BIOS Date: 05/23/08 16:37:53 Ver: 08.00.15 USER : isa ( Administrator ) BOOT : Fail-safe boot C:\ (Local Disk) - NTFS - Total:228 Go (Free:113 Go) D:\ (Local Disk) - NTFS - Total:227 Go (Free:227 Go) E:\ (CD or DVD) F:\ (USB) G:\ (USB) H:\ (USB) I:\ (USB) "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [1] ( 04/03/2009|22:46 ) [ UAC => 0 ] -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/" "Default_Page_URL"="http://fr.fr.acer.yahoo.com" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" --------------------\\ Recherche d'autres infections C:\Windows\system32\mdelk.exe C:\Windows\system32\wintems.exe C:\Windows\system32\ban_list.txt ==> BAGLE <== --------------------\\ ROOTKIT !! Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa] [ UAC => 1 ] 1 - "C:\ToolBar SD\TB_1.txt" - 04/03/2009|22:00 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 04/03/2009|22:04 - Option : [2] 3 - "C:\ToolBar SD\TB_3.txt" - 04/03/2009|22:47 - Option : [1] -----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1 X86-based PC ( Multiprocessor Free : Intel® Pentium® Dual CPU E2180 @ 2.00GHz ) BIOS : BIOS Date: 05/23/08 16:37:53 Ver: 08.00.15 USER : isa ( Administrator ) BOOT : Fail-safe boot C:\ (Local Disk) - NTFS - Total:228 Go (Free:113 Go) D:\ (Local Disk) - NTFS - Total:227 Go (Free:227 Go) E:\ (CD or DVD) F:\ (USB) G:\ (USB) H:\ (USB) I:\ (USB) "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [2] ( 04/03/2009|22:48 ) [ UAC => 1 ] -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/" "Default_Page_URL"="http://fr.fr.acer.yahoo.com" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" --------------------\\ Recherche d'autres infections C:\Windows\system32\mdelk.exe C:\Windows\system32\wintems.exe C:\Windows\system32\ban_list.txt ==> BAGLE <== --------------------\\ ROOTKIT !! Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa] [ UAC => 1 ] 1 - "C:\ToolBar SD\TB_1.txt" - 04/03/2009|22:00 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 04/03/2009|22:04 - Option : [2] 3 - "C:\ToolBar SD\TB_3.txt" - 04/03/2009|22:47 - Option : [1] 4 - "C:\ToolBar SD\TB_4.txt" - 04/03/2009|22:48 - Option : [2] Ensuite j'envoie les rapports de Navilog et de combofix...
- le 4 mars 2009
- 14 réponses
PC très infecté

zabouille a répondu à un(e) sujet de zabouille dans Analyses et éradication malwares

[J'ai répondu moi-même à la question et j'ai recommencé la procédure. Tout a fonctionné correctement. Je vais poster les rapports dans un autre message dès que je les récupère tous.
- le 4 mars 2009
- 14 réponses
PC très infecté

zabouille a répondu à un(e) sujet de zabouille dans Analyses et éradication malwares

merci pour votre réponse rapide. J'ai executé "toolbar" comme indiqué, les deux rapports ont été générés. J'ai du relancer le PC en mode normal pour télécharger "navilog" et "combofix". Est-ce que je dois reprendre le processus depuis le début, ou bien continuer en lancant "navilog" puis "combofix", et dois-je les executer en "mode sans échec"? Pour info, je ne peux plus ouvrir "SPYBOT" du tout, donc impossible d'y modifier quoi que ce soit, et je n'ai plus d'antivirus puisqu'avast était cômplètement inutilisable. Désolée pour les questions, je ne m'y connais pas trop.
- le 4 mars 2009
- 14 réponses
PC très infecté

zabouille a posté un sujet dans Analyses et éradication malwares

Depuis 3 jours, mon PC a été infecté à la suite d'un chargement malheureux de ma part d'un logiciel de type "cleaner" dont je ne me souviens plus du nom. AVAST a été directement éradiqué par le virus, ensuite impossibilité d'executer CCLEANER et SPYBOT S&D qui ne répondaient absolument plus. Le centre de sécurité WINDOWS et le pare-feu ont été désactivés automatiquement également. Depuis j'ai de multiples problèmes, bien entendu. J'ai réussi avec difficulté à télécharger ANTIVIR et après avoir désinstallé AVAST, j'ai lancé le nettoyage par ANTIVIR depuis le démarrage en mode "sans échec". Il a détecté de nombreux fichiers infestés par "bagle.trash", "bagle.gen.B" et "rootkit.gen" qu'il a supprimés. J'ai suivi à la lettre la procédure donnée sur le forum, puis après 3 jours essayés à installer et lancer "hijackthis", je viens seulement d'y parvenir et je poste le log. Si vous pouviez me donner un coup de main. Merci d'avance. P.S. je ne suis pas sure d'avoir téléchargé HJT au bon endroit mais c'est tout ce que j'ai pu faire. Scan saved at 20:19:08, on 04/03/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\mobsync.exe C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Windows\System32\nvraidservice.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Program Files\OrangeHSS\systray\systrayapp.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\OrangeHSS\Launcher\Launcher.exe C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe C:\Program Files\OrangeHSS\Deskboard\deskboard.exe C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\conime.exe C:\Windows\explorer.exe C:\Users\isa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IASFXR40\HiJackThis[1].exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ke.voila.fr/S/voila?kw= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [yiyocik] "c:\users\isa\appdata\local\yiyocik.exe" yiyocik O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [flec003.exe] C:\Users\isa\AppData\Roaming\hidires\flec003.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: Empowering Technology Launcher.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O15 - Trusted Zone: http://*.mappy.com O15 - Trusted Zone: http://*.orange.fr O15 - Trusted Zone: http://rw.search.ke.voila.fr O15 - Trusted Zone: http://orange.weborama.fr O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- End of file - 10070 bytes
- le 4 mars 2009
- 14 réponses
virus ?

zabouille a répondu à un(e) sujet de zabouille dans Analyses et éradication malwares

Bonsoir, Je suis allée sur le lien. L'enquête avance. Je n'ai plus qu'à démonter et mettre les mains dans le moteur, quoi. Merci encore à tous.
- le 9 août 2005
- 6 réponses
virus ?

zabouille a répondu à un(e) sujet de zabouille dans Analyses et éradication malwares

Merci pour les réponses. Je pense avoir fait ce qu'il fallait mais effectivement mon problème de tiroir n'est pas résolu. Il y a également un fichier qu'easy cleaner n'a pas pu supprimer. L'avantage c'est que je sais que c'est un problème de matos. Merci encore pour le coup de main.
- le 8 août 2005
- 6 réponses
virus ?

zabouille a posté un sujet dans Analyses et éradication malwares

Depuis quelques semaines, le tiroir de mon graveur CD ne cesse de s'ouvrir inopinément. Je ne trouve pas la solution au problème. Pour faire comme tout le monde, je poste un hijackthis, au cas où quelqu'un pourrait me venir en aide. Merci d'avance aux bonnes volontés. Ma config : PC PACKARD BELL INTEL PENTIUM 4, 1,7 GHZ windows XP familial + SP2 Logfile of HijackThis v1.99.1 Scan saved at 23:25:50, on 07/08/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Apps\ActivBoard\nhksrv.exe C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Apps\ActivBoard\MMKeybd.exe C:\Logitech\iTouch\iTouch.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\WINDOWS\system32\MMTray.exe C:\WINDOWS\system32\MMTray2k.exe C:\WINDOWS\system32\MMTrayLSI.exe C:\WINDOWS\System32\qttask.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Logitech\iTouch\kbdtray.exe C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\PROGRA~1\Wanadoo\ALERTM~1.EXE C:\PROGRA~1\Wanadoo\Watch.exe C:\Apps\ActivBoard\TrayMon.exe C:\Apps\ActivBoard\OSD.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\WINDOWS\sllights.exe C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\WINDOWS\Speech\Dragon\web_ie.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: IEHelper Class - {C8198B51-C28D-11D3-AD12-00E018981DB3} - C:\Program Files\Deedgital\RIMoniker.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MMTray] MMTray.exe O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startup O4 - HKCU\..\Run: [Deedgital] C:\PROGRA~1\DEEDGI~1\SCAMER~1.EXE O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe O4 - Global Startup: Booster Wanadoo.lnk = C:\Program Files\Booster Wanadoo\wanadoo_booster.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.encyclo.wanadoo.fr/JS/tdserver.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/192ed195852c7f260015/...RdxIE601_fr.cab O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://metaboli.wanadoo.fr/components/ExentCtl.ocx O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} - http://go.securelive.com/speed/WebInstall.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{A6E86C39-A65F-4577-8056-D54A1632DCDE}: NameServer = 80.10.246.5 80.10.246.136 O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
- le 7 août 2005
- 6 réponses

Connexion

zabouille

Compteur de contenus

Inscription

Dernière visite

Profile Information

zabouille's Achievements

Junior Member (3/12)

Réputation sur la communauté

PC très infecté

PC très infecté

PC très infecté

PC très infecté

PC très infecté

PC très infecté

PC très infecté

PC très infecté

PC très infecté

PC très infecté

virus ?

virus ?

virus ?

Zebulon

Outils en ligne

Naviguer