Aller au contenu

cosby112

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    18

  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    Francais

cosby112's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. cosby112
    Je crois maintenant que le dossier soit MISSION ACCOMPLIE. Grace à vous deux, je m'en suis sorti et un grand merci!!! Faut surtout pas oublier que je suis quelque peut novice dans ce genre de dossier et faut m'excuser de mes erreurs.... mais que malgré tout j'ai appris énormément dans la dernière semaine. Merci à toi Charles et à toi ami Zonk. Je vous envoie un tres beau rapport final. Mission accomplie KASPERSKY ON-LINE SCANNER REPORT Monday, January 07, 2008 5:16:51 PM Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.98.0 Dernière mise à jour de la base antivirus Kaspersky : 6/01/2008 Enregistrements dans la base antivirus Kaspersky : 503209 ------------------------------------------------------------------------------- Paramètres d'analyse: Analyser avec la base antivirus suivante: étendue Analyser les archives: vrai Analyser les bases de messagerie: vrai Cible de l'analyse - Poste de travail: C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ Statistiques de l'analyse: Total d'objets analysés: 129098 Nombre de virus trouvés: 0 Nombre d'objets infectés: 0 Nombre d'objets suspects: 0 Durée de l'analyse: 01:22:17 Nom de l'objet infecté / Nom du virus / Dernière action C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\muvee Technologies30625\scratch\WDCreator.ini L'objet est verrouillé ignoré C:\Documents and Settings\Dany.NOM-0C9D00AA293\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Dany.NOM-0C9D00AA293\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\Dany.NOM-0C9D00AA293\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\Dany.NOM-0C9D00AA293\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Dany.NOM-0C9D00AA293\Local Settings\Historique\History.IE5\MSHist012008010720080108\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Dany.NOM-0C9D00AA293\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Dany.NOM-0C9D00AA293\ntuser.dat L'objet est verrouillé ignoré C:\Documents and Settings\Dany.NOM-0C9D00AA293\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\System Volume Information\_restore{5468DB36-2FF3-44DE-B67D-B49088DCAAFF}\RP17\change.log L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\EventCache\{D2C0A0B2-7821-4381-AFB0-ED46E275C22B}.bin L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré D:\System Volume Information\_restore{5468DB36-2FF3-44DE-B67D-B49088DCAAFF}\RP17\change.log L'objet est verrouillé ignoré Analyse terminée.
  2. cosby112
    Bonjour Messieurs Ingals et Zonk Voici mon dernier rapport de kaspersky. KASPERSKY ONLINE SCANNER REPORT Monday, January 07, 2008 2:52:04 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 6/01/2008 Kaspersky Anti-Virus database records: 503156 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ Scan Statistics: Total number of scanned objects: 129215 Number of viruses found: 4 Number of infected objects: 16 Number of suspicious objects: 0 Duration of the scan process: 01:19:28 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped C:\Documents and Settings\All Users\Application Data\muvee Technologies30625\scratch\WDCreator.ini Object is locked skipped C:\Documents and Settings\Dany.NOM-0C9D00AA293\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Dany.NOM-0C9D00AA293\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Dany.NOM-0C9D00AA293\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Dany.NOM-0C9D00AA293\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Dany.NOM-0C9D00AA293\Local Settings\Historique\History.IE5\MSHist012008010720080108\index.dat Object is locked skipped C:\Documents and Settings\Dany.NOM-0C9D00AA293\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Dany.NOM-0C9D00AA293\ntuser.dat Object is locked skipped C:\Documents and Settings\Dany.NOM-0C9D00AA293\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{5468DB36-2FF3-44DE-B67D-B49088DCAAFF}\RP13\A0001900.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped C:\System Volume Information\_restore{5468DB36-2FF3-44DE-B67D-B49088DCAAFF}\RP13\A0001907.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped C:\System Volume Information\_restore{5468DB36-2FF3-44DE-B67D-B49088DCAAFF}\RP13\A0001910.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped C:\System Volume Information\_restore{5468DB36-2FF3-44DE-B67D-B49088DCAAFF}\RP13\A0001918.exe Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 skipped C:\System Volume Information\_restore{5468DB36-2FF3-44DE-B67D-B49088DCAAFF}\RP13\A0001919.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped C:\System Volume Information\_restore{5468DB36-2FF3-44DE-B67D-B49088DCAAFF}\RP13\A0001919.exe CAB: infected - 1 skipped C:\System Volume Information\_restore{5468DB36-2FF3-44DE-B67D-B49088DCAAFF}\RP13\change.log Object is locked skipped C:\upload_moi_NOM-0C9D00AA293.tar.gz/upload_moi.tar/_OTMoveIt/MovedFiles/Documents and Settings/Dany.NOM-0C9D00AA293/Mes documents/Mes documents/Smiley/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped C:\upload_moi_NOM-0C9D00AA293.tar.gz/upload_moi.tar/_OTMoveIt/MovedFiles/Documents and Settings/Dany.NOM-0C9D00AA293/Mes documents/Mes documents/Smiley Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped C:\upload_moi_NOM-0C9D00AA293.tar.gz/upload_moi.tar/_OTMoveIt/MovedFiles/Documents and Settings/KelLie.NOM-0C9D00AA293/Application Data/Sun/Java/Deploy/vmain.class Infected: Exploit.Java.Gimsh.b skipped C:\upload_moi_NOM-0C9D00AA293.tar.gz/upload_moi.tar/_OTMoveIt/MovedFiles/Documents and Settings/KelLie.NOM-0C9D00AA293/Application Data/Sun/Java/Deploy Infected: Exploit.Java.Gimsh.b skipped C:\upload_moi_NOM-0C9D00AA293.tar.gz/upload_moi.tar/_OTMoveIt/MovedFiles/Program Files/Common Files/Companion Wizard/compwiz.exe Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 skipped C:\upload_moi_NOM-0C9D00AA293.tar.gz/upload_moi.tar/_OTMoveIt/MovedFiles/WINDOWS/system32/agxoyohh.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped C:\upload_moi_NOM-0C9D00AA293.tar.gz/upload_moi.tar/_OTMoveIt/MovedFiles/WINDOWS/system32/msbaflkc.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped C:\upload_moi_NOM-0C9D00AA293.tar.gz/upload_moi.tar/_OTMoveIt/MovedFiles/WINDOWS/system32/ryrbxwku.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped C:\upload_moi_NOM-0C9D00AA293.tar.gz/upload_moi.tar Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped C:\upload_moi_NOM-0C9D00AA293.tar.gz GZIP: infected - 9 skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{D2C0A0B2-7821-4381-AFB0-ED46E275C22B}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\System Volume Information\_restore{5468DB36-2FF3-44DE-B67D-B49088DCAAFF}\RP13\change.log Object is locked skipped Scan process completed.
  3. cosby112
    Voici le rapport de toolscleaner J'ai désactivé et réactivé la restauration du système avec succès...pour ce qui est de mon message 49 dois-je recommencer quelques chose et désolé pour l'erreur. Merci -->- Recherche: C:\Qoobox: trouvé ! C:\_OtMoveIt: trouvé ! C:\Documents and Settings\Dany.NOM-0C9D00AA293\Bureau\OtMoveIt.exe: trouvé ! C:\Documents and Settings\Dany.NOM-0C9D00AA293\Bureau\ComboFix.exe: trouvé ! C:\Documents and Settings\Dany.NOM-0C9D00AA293\Bureau\HijackThis.exe: trouvé ! C:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\unzip\DiagHelp: trouvé ! C:\Documents and Settings\HP_Propriétaire\Bureau\HijackThis.exe: trouvé ! C:\Documents and Settings\HP_Propriétaire\Recent\HijackThis.lnk: trouvé ! C:\QooBox\Quarantine\C\Combofix: trouvé !
  4. cosby112
    Voici le premier MoveIt @+ File/Folder C:\Program Files\Common Files\?asks\?ttrib.exe not found. C:\WINDOWS\system32\daSgo01\daSgo011065.exe moved successfully. c:\windows\smdat32m.sys moved successfully. File move failed. C:\WINDOWS\NirCmd.exe scheduled to be moved on reboot. C:\StubInstaller.exe moved successfully. C:\WINDOWS\system32\daSgo01 moved successfully. File/Folder C:\Program Files\Common Files\?asks not found. File/Folder C:\Program Files\common files\Microsoft.NET not found. Created on 01-06-2008 20:14:44
  5. cosby112
    Salut Charles Je t'envoie le rapport comme tu m'as demander... je vais évaluer le PC dans les prochaines heures et t'en redonné des nouvelles. mais je dois te dire que j'ai vu une nette amélioration Merci File/Folder C:\Program Files\Common Files\?asks\?ttrib.exe not found. File/Folder C:\WINDOWS\system32\daSgo01\daSgo011065.exe not found. File/Folder c:\windows\smdat32m.sys not found. C:\WINDOWS\NirCmd.exe moved successfully. File/Folder C:\StubInstaller.exe not found. File/Folder C:\WINDOWS\system32\daSgo01 not found. File/Folder C:\Program Files\Common Files\?asks not found. File/Folder C:\Program Files\common files\Microsoft.NET not found. Created on 01-06-2008 20:20:09 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:34:07, on 2008-01-06 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\ps2.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\QuickTime\qttask.exe C:\Documents and Settings\Dany.NOM-0C9D00AA293\Bureau\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/defaultf.aspx?lang=fr-ca R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_en_US.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O24 - Desktop Component 0: (no name) - http://sd579.sivit.org/lesgrandscasinos/fo.../cascades05.jpg -- End of file - 6486 bytes
  6. cosby112
    Salut Charles, Voici le rapport du scan panda. Encore merci pour tout le temps que tu me consacres. Détails de l'analyse Niveau de risque élevé (0) Niveau de risque moyen (2) Spyware/Virtum... Logiciel espion Latent(e) Afficher +Infos C:\_OTMoveIt\MovedFiles\W...OWS\system32\agxoyohh.dll C:\_OTMoveIt\MovedFiles\W...OWS\system32\ryrbxwku.dll C:\_OTMoveIt\MovedFiles\W...OWS\system32\msbaflkc.dll Trj/Downloader... Virus Latent(e) Afficher +Infos C:\WINDOWS\system32\daSgo01\daSgo011065.exe Niveau de risque faible (41) Cookie/Azjmp Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...Cookies\dany@azjmp[2].txt Cookie/Com.com Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...3\Cookies\dany@com[1].txt Cookie/Linksyn... Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...kellie@linksynergy[2].txt Cookie/Toplist Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...okies\dany@toplist[1].txt Generic Malwar... Virus Latent(e) Afficher +Infos C:\Program Files\Common Files\Тasks\аttrib.exe application/be... Application de surveillance Latent(e) Afficher +Infos c:\windows\smdat32m.sys Cookie/Hbmedia... Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and [email protected][2].txt Cookie/Xiti Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...\Cookies\dany@xiti[1].txt C:\Documents and Settings...\Cookies\dany@xiti[1].txt Cookie/Findwha... Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...kies\nick@findwhat[1].txt C:\Documents and Settings...es\kellie@findwhat[1].txt Cookie/seeqA Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...kies\[email protected][1].txt Cookie/BurstNe... Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...es\kellie@burstnet[1].txt C:\Documents and Settings...kies\nick@burstnet[1].txt Cookie/Buydoma... Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and [email protected][1].txt dialer.asl Numéroteur Latent(e) Afficher +Infos HKEY_CURRENT_USER\Softwar...5-4A00-B71E-011D35709AC6} Cookie/Tradedo... Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...\dany@tradedoubler[2].txt Cookie/Adverti... Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...s\dany@advertising[2].txt Cookie/Adviva Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...ookies\dany@adviva[2].txt Cookie/fe.lea.... Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...\[email protected][1].txt Cookie/Smartad... Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...dany@smartadserver[2].txt Cookie/Belnk Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...es\[email protected][1].txt Cookie/Rn11 Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...\Cookies\dany@rn11[2].txt application/re... Application de surveillance Latent(e) Afficher +Infos hkey_current_user\software\registry cleaner c:\documents and settings...ion data\registry cleaner Cookie/Zedo Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...ookies\kellie@zedo[2].txt C:\Documents and Settings...\Cookies\nick@zedo[2].txt Cookie/Belnk Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...Cookies\dany@belnk[1].txt Cookie/Serving... Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...s\dany@serving-sys[2].txt Application/Ni... Application de surveillance Latent(e) Afficher +Infos Non désinfectable C:\System Volume Informat...DCAAFF}\RP10\A0001772.exe C:\WINDOWS\NirCmd.exe C:\System Volume Informat...DCAAFF}\RP11\A0001806.exe C:\Documents and Settings...\ComboFix.exe[nircmd.exe] C:\Documents and Settings...omboFix.exe[nircmd.cfexe] Cookie/Go Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...ts\Cookies\dany@go[2].txt Cookie/Serving... Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and [email protected][1].txt Dialer.GQK Numéroteur Latent(e) Afficher +Infos C:\Documents and Settings...p-20080102-142312-139.inf adware/whenuse... Adware (logiciel publicitaire) Latent(e) Afficher +Infos c:\documents and settings...démarrer\programmes\whenu Cookie/Adrevol... Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...\kellie@adrevolver[1].txt C:\Documents and Settings...es\nick@adrevolver[1].txt Cookie/Screens... Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and [email protected][1].txt Cookie/Tucows Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...ookies\dany@tucows[1].txt Cookie/Atwola Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...ookies\dany@atwola[2].txt Cookie/Mediapl... Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...ies\dany@mediaplex[2].txt Cookie/Doublec... Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...s\dany@doubleclick[1].txt C:\Documents and Settings...s\nick@doubleclick[1].txt C:\Documents and Settings...kellie@doubleclick[1].txt Application/Al... Application de surveillance Latent(e) Afficher +Infos C:\RECYCLER\S-1-5-21-1753...863-466205179-500\Dc1.exe Cookie/Atlas D... Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...ookies\sonia@atdmt[2].txt C:\Documents and Settings...okies\kellie@atdmt[2].txt C:\Documents and Settings...Cookies\dany@atdmt[2].txt Cookie/YieldMa... Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and [email protected][1].txt Cookie/ErrorSa... Cookie de surveillance Latent(e) Afficher +Infos C:\Documents and Settings...ies\dany@errorsafe[2].txt adware/savenow Adware (logiciel publicitaire) Latent(e) Afficher +Infos hkey_local_machine\softwa...nagement\arpcache\savenow adware/searche... Adware (logiciel publicitaire) Latent(e) Afficher +Infos
  7. cosby112
    salut Charles Dors tu As l'occasion Voici le dernier rapport bonsoir Charles et merci C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf moved successfully. C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HbTools.inf moved successfully. File/Folder C:\Program Files\Common Files\?asks not found. C:\Program Files\\Need2Find\bar\Settings moved successfully. Folder move failed. C:\Program Files\\Need2Find\bar\History\search scheduled to be moved on reboot. C:\Program Files\\Need2Find\bar\History moved successfully. Folder move failed. C:\Program Files\\Need2Find\bar\Cache03687F scheduled to be moved on reboot. C:\Program Files\\Need2Find\bar\Cache moved successfully. C:\Program Files\\Need2Find\bar moved successfully. C:\Program Files\\Need2Find moved successfully. Created on 01-05-2008 20:42:16
  8. cosby112
    salut Charles Je n'ai pas été capable de trouver le c:\ aupload_moi_xxxxx.zip. le seul upload que j'ai trouvé fini par .tar J'ai essayé de l'envoyer, mais ça s'éternisait et j'ai perdu patience. Voici les deux rapports en espérant que tout soit correct. Un gros merci pour le temps que tu me consacres. C:\WINDOWS\system32\gnmvujwi.ini moved successfully. C:\WINDOWS\system32\oqviiogp.ini moved successfully. C:\WINDOWS\system32\bgcoisda.ini moved successfully. C:\WINDOWS\system32\rknxpxjx.ini moved successfully. C:\WINDOWS\system32\xfibslre.ini moved successfully. C:\WINDOWS\system32\itvlhnax.ini moved successfully. C:\WINDOWS\system32\cxnjkrpy.ini moved successfully. C:\WINDOWS\system32\iliwprmm.ini moved successfully. C:\WINDOWS\system32\wcbirmyp.ini moved successfully. C:\WINDOWS\system32\wqbkbcac.ini moved successfully. C:\WINDOWS\quit.exe moved successfully. C:\WINDOWS\system32\ickautoa.ini moved successfully. C:\WINDOWS\Tasks\A6E910479052837B.job moved successfully. File/Folder C:\WINDOWS\system32\RY305Ji6.exe not found. File/Folder C:\WINDOWS\system32\QVblq07i.exe not found. File/Folder C:\WINDOWS\system32\nMP4fOMN.exe not found. File/Folder C:\WINDOWS\system32\4ItJE164.exe not found. File/Folder C:\WINDOWS\system32\YIpo3bib.exe not found. File/Folder C:\WINDOWS\system32\ld2pMT2r.exe not found. C:\WINDOWS\system32\24a94b39 moved successfully. C:\WINDOWS\Tasks\At100.job moved successfully. File/Folder C:\WINDOWS\Tasks\At100.job not found. C:\WINDOWS\Tasks\At101.job moved successfully. C:\WINDOWS\Tasks\At102.job moved successfully. C:\WINDOWS\Tasks\At103.job moved successfully. C:\WINDOWS\Tasks\At104.job moved successfully. C:\WINDOWS\Tasks\At105.job moved successfully. C:\WINDOWS\Tasks\At106.job moved successfully. C:\WINDOWS\Tasks\At107.job moved successfully. C:\WINDOWS\Tasks\At108.job moved successfully. C:\WINDOWS\Tasks\At109.job moved successfully. C:\WINDOWS\Tasks\At110.job moved successfully. C:\WINDOWS\Tasks\At111.job moved successfully. C:\WINDOWS\Tasks\At112.job moved successfully. C:\WINDOWS\Tasks\At113.job moved successfully. C:\WINDOWS\Tasks\At114.job moved successfully. C:\WINDOWS\Tasks\At115.job moved successfully. C:\WINDOWS\Tasks\At116.job moved successfully. C:\WINDOWS\Tasks\At117.job moved successfully. C:\WINDOWS\Tasks\At118.job moved successfully. C:\WINDOWS\Tasks\At119.job moved successfully. C:\WINDOWS\Tasks\At120.job moved successfully. C:\WINDOWS\Tasks\At121.job moved successfully. C:\WINDOWS\Tasks\At122.job moved successfully. C:\WINDOWS\Tasks\At123.job moved successfully. C:\WINDOWS\Tasks\At124.job moved successfully. C:\WINDOWS\Tasks\At125.job moved successfully. C:\WINDOWS\Tasks\At126.job moved successfully. C:\WINDOWS\Tasks\At127.job moved successfully. C:\WINDOWS\Tasks\At128.job moved successfully. C:\WINDOWS\Tasks\At129.job moved successfully. C:\WINDOWS\Tasks\At130.job moved successfully. C:\WINDOWS\Tasks\At131.job moved successfully. C:\WINDOWS\Tasks\At132.job moved successfully. C:\WINDOWS\Tasks\At133.job moved successfully. C:\WINDOWS\Tasks\At134.job moved successfully. C:\WINDOWS\Tasks\At135.job moved successfully. C:\WINDOWS\Tasks\At136.job moved successfully. C:\WINDOWS\Tasks\At137.job moved successfully. C:\WINDOWS\Tasks\At138.job moved successfully. C:\WINDOWS\Tasks\At139.job moved successfully. C:\WINDOWS\Tasks\At140.job moved successfully. C:\WINDOWS\Tasks\At141.job moved successfully. C:\WINDOWS\Tasks\At142.job moved successfully. C:\WINDOWS\Tasks\At143.job moved successfully. C:\WINDOWS\Tasks\At144.job moved successfully. C:\WINDOWS\Tasks\At145.job moved successfully. C:\WINDOWS\Tasks\At146.job moved successfully. C:\WINDOWS\Tasks\At147.job moved successfully. C:\WINDOWS\Tasks\At148.job moved successfully. C:\WINDOWS\Tasks\At149.job moved successfully. C:\WINDOWS\Tasks\At150.job moved successfully. C:\WINDOWS\Tasks\At151.job moved successfully. C:\WINDOWS\Tasks\At152.job moved successfully. C:\WINDOWS\Tasks\At153.job moved successfully. C:\WINDOWS\Tasks\At154.job moved successfully. C:\WINDOWS\Tasks\At155.job moved successfully. C:\WINDOWS\Tasks\At156.job moved successfully. C:\WINDOWS\Tasks\At157.job moved successfully. C:\WINDOWS\Tasks\At158.job moved successfully. C:\WINDOWS\Tasks\At159.job moved successfully. C:\WINDOWS\Tasks\At160.job moved successfully. C:\WINDOWS\Tasks\At161.job moved successfully. C:\WINDOWS\Tasks\At162.job moved successfully. C:\WINDOWS\Tasks\At163.job moved successfully. C:\WINDOWS\Tasks\At164.job moved successfully. C:\WINDOWS\Tasks\At165.job moved successfully. C:\WINDOWS\Tasks\At166.job moved successfully. C:\WINDOWS\Tasks\At167.job moved successfully. C:\WINDOWS\Tasks\At168.job moved successfully. C:\WINDOWS\Tasks\At26.job moved successfully. C:\WINDOWS\Tasks\At27.job moved successfully. C:\WINDOWS\Tasks\At28.job moved successfully. C:\WINDOWS\Tasks\At29.job moved successfully. C:\WINDOWS\Tasks\At30.job moved successfully. C:\WINDOWS\Tasks\At31.job moved successfully. C:\WINDOWS\Tasks\At32.job moved successfully. C:\WINDOWS\Tasks\At33.job moved successfully. C:\WINDOWS\Tasks\At34.job moved successfully. C:\WINDOWS\Tasks\At35.job moved successfully. C:\WINDOWS\Tasks\At36.job moved successfully. C:\WINDOWS\Tasks\At37.job moved successfully. C:\WINDOWS\Tasks\At38.job moved successfully. C:\WINDOWS\Tasks\At39.job moved successfully. C:\WINDOWS\Tasks\At40.job moved successfully. C:\WINDOWS\Tasks\At41.job moved successfully. C:\WINDOWS\Tasks\At42.job moved successfully. C:\WINDOWS\Tasks\At43.job moved successfully. C:\WINDOWS\Tasks\At44.job moved successfully. C:\WINDOWS\Tasks\At45.job moved successfully. C:\WINDOWS\Tasks\At46.job moved successfully. C:\WINDOWS\Tasks\At47.job moved successfully. C:\WINDOWS\Tasks\At48.job moved successfully. C:\WINDOWS\Tasks\At49.job moved successfully. C:\WINDOWS\Tasks\At50.job moved successfully. C:\WINDOWS\Tasks\At51.job moved successfully. C:\WINDOWS\Tasks\At52.job moved successfully. C:\WINDOWS\Tasks\At53.job moved successfully. C:\WINDOWS\Tasks\At54.job moved successfully. C:\WINDOWS\Tasks\At55.job moved successfully. C:\WINDOWS\Tasks\At56.job moved successfully. C:\WINDOWS\Tasks\At57.job moved successfully. C:\WINDOWS\Tasks\At58.job moved successfully. C:\WINDOWS\Tasks\At59.job moved successfully. C:\WINDOWS\Tasks\At60.job moved successfully. C:\WINDOWS\Tasks\At61.job moved successfully. C:\WINDOWS\Tasks\At62.job moved successfully. C:\WINDOWS\Tasks\At63.job moved successfully. C:\WINDOWS\Tasks\At64.job moved successfully. C:\WINDOWS\Tasks\At65.job moved successfully. File move failed. C:\WINDOWS\Tasks\At66.job scheduled to be moved on reboot. File move failed. C:\WINDOWS\Tasks\At67.job scheduled to be moved on reboot. C:\WINDOWS\Tasks\At68.job moved successfully. File move failed. C:\WINDOWS\Tasks\At69.job scheduled to be moved on reboot. C:\WINDOWS\Tasks\At70.job moved successfully. File move failed. C:\WINDOWS\Tasks\At71.job scheduled to be moved on reboot. C:\WINDOWS\Tasks\At72.job moved successfully. C:\WINDOWS\Tasks\At73.job moved successfully. C:\WINDOWS\Tasks\At74.job moved successfully. C:\WINDOWS\Tasks\At75.job moved successfully. C:\WINDOWS\Tasks\At76.job moved successfully. C:\WINDOWS\Tasks\At77.job moved successfully. C:\WINDOWS\Tasks\At78.job moved successfully. C:\WINDOWS\Tasks\At79.job moved successfully. C:\WINDOWS\Tasks\At80.job moved successfully. C:\WINDOWS\Tasks\At81.job moved successfully. C:\WINDOWS\Tasks\At82.job moved successfully. C:\WINDOWS\Tasks\At83.job moved successfully. C:\WINDOWS\Tasks\At84.job moved successfully. C:\WINDOWS\Tasks\At85.job moved successfully. C:\WINDOWS\Tasks\At86.job moved successfully. C:\WINDOWS\Tasks\At87.job moved successfully. C:\WINDOWS\Tasks\At88.job moved successfully. C:\WINDOWS\Tasks\At89.job moved successfully. C:\WINDOWS\Tasks\At90.job moved successfully. C:\WINDOWS\Tasks\At91.job moved successfully. C:\WINDOWS\Tasks\At92.job moved successfully. C:\WINDOWS\Tasks\At93.job moved successfully. C:\WINDOWS\Tasks\At94.job moved successfully. C:\WINDOWS\Tasks\At95.job moved successfully. C:\WINDOWS\Tasks\At96.job moved successfully. C:\WINDOWS\Tasks\At97.job moved successfully. C:\WINDOWS\Tasks\At98.job moved successfully. C:\WINDOWS\Tasks\At99.job moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\agxoyohh.dll C:\WINDOWS\system32\agxoyohh.dll NOT unregistered. C:\WINDOWS\system32\agxoyohh.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\msbaflkc.dll C:\WINDOWS\system32\msbaflkc.dll NOT unregistered. C:\WINDOWS\system32\msbaflkc.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\ryrbxwku.dll C:\WINDOWS\system32\ryrbxwku.dll NOT unregistered. C:\WINDOWS\system32\ryrbxwku.dll moved successfully. C:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\Mes documents\SmileyCentralPFSetup2.2.60.11-2.exe moved successfully. C:\Documents and Settings\KelLie.NOM-0C9D00AA293\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-1e92c679 moved successfully. C:\Program Files\Common Files\Companion Wizard\compwiz.exe moved successfully. File/Folder C:\Program Files\Common Files\?asks not found. Created on 01-05-2008 13:51:15 DiagHelp version v1.4 - http://www.malekal.com excute le 2008-01-05 à 19:39:55,01 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CHCP.COM-17EDBDC9.pf -->2008-01-05 19:39:02 C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf -->2008-01-05 19:38:25 C:\WINDOWS\prefetch\VERCLSID.EXE-28F52AD2.pf -->2008-01-05 19:37:14 C:\WINDOWS\prefetch\QTTASK.EXE-1876A1A1.pf -->2008-01-05 19:35:21 C:\WINDOWS\prefetch\IMAPI.EXE-201490BB.pf -->2008-01-05 19:35:18 C:\WINDOWS\prefetch\AVGAS.EXE-02F47B43.pf -->2008-01-05 19:35:15 C:\WINDOWS\prefetch\PS2.EXE-23667557.pf -->2008-01-05 19:35:13 C:\WINDOWS\prefetch\EXPLORER.EXE-02121B1A.pf -->2008-01-05 19:35:11 C:\WINDOWS\prefetch\USERINIT.EXE-0743FDA9.pf -->2008-01-05 19:35:10 C:\WINDOWS\prefetch\AVGNT.EXE-08C8F6E1.pf -->2008-01-05 19:35:04 C:\WINDOWS\System32\drivers\avipbb.sys -->2007-12-29 13:35:50 C:\WINDOWS\System32\drivers\secdrv.sys -->2007-11-13 05:25:54 C:\WINDOWS\System32\drivers\usbaapl.sys -->2007-09-06 12:28:16 C:\WINDOWS\System32\drivers\avgntdd.sys -->2007-08-09 13:04:11 C:\WINDOWS\System32\drivers\avgntmgr.sys -->2007-07-18 14:22:19 C:\WINDOWS\System32\drivers\AvgAsCln.sys -->2007-05-30 07:10:42 C:\WINDOWS\System32\drivers\ssmdrv.sys -->2007-03-01 10:34:36 C:\WINDOWS\System32\wpa.dbl -->2008-01-05 12:13:34 C:\WINDOWS\System32\jupdate-1.6.0_03-b05.log -->2007-12-29 19:35:13 C:\WINDOWS\System32\CONFIG.NT -->2007-12-29 13:24:28 C:\WINDOWS\System32\TZLog.log -->2007-12-12 15:02:04 C:\WINDOWS\System32\QuickTimeVR.qtx -->2007-12-11 10:57:06 C:\WINDOWS\System32\QuickTime.qts -->2007-12-11 10:57:06 C:\WINDOWS\System32\perfh00C.dat -->2007-12-01 15:02:05 C:\WINDOWS\System32\perfh009.dat -->2007-12-01 15:02:05 C:\WINDOWS\System32\perfc00C.dat -->2007-12-01 15:02:05 C:\WINDOWS\System32\PerfStringBackup.INI -->2007-12-01 15:02:04 C:\WINDOWS\System32\perfc009.dat -->2007-12-01 15:02:04 C:\WINDOWS\System32\jscript.dll -->2007-11-14 02:28:02 C:\WINDOWS\System32\tzchange.exe -->2007-11-13 06:31:11 C:\WINDOWS\System32\mshtml.dll -->2007-10-30 05:18:16 C:\WINDOWS\System32\quartz.dll -->2007-10-29 17:43:32 C:\WINDOWS\System32\xpsp3res.dll -->2007-10-29 16:35:14 C:\WINDOWS\System32\shell32.dll -->2007-10-25 11:56:24 C:\WINDOWS\System32\wmasf.dll -->2007-10-20 06:01:32 C:\WINDOWS\System32\wininet.dll -->2007-10-11 01:13:41 C:\WINDOWS\System32\urlmon.dll -->2007-10-11 01:13:41 C:\WINDOWS\System32\shlwapi.dll -->2007-10-11 01:13:41 C:\WINDOWS\System32\shdocvw.dll -->2007-10-11 01:13:40 C:\WINDOWS\System32\pngfilt.dll -->2007-10-11 01:13:40 C:\WINDOWS\System32\mstime.dll -->2007-10-11 01:13:40 C:\WINDOWS\System32\msrating.dll -->2007-10-11 01:13:40 C:\WINDOWS.log -->2008-01-05 13:53:32 C:\WINDOWS\WindowsUpdate.log -->2008-01-05 13:53:26 C:\WINDOWS\wiadebug.log -->2008-01-05 13:53:26 C:\WINDOWS\wiaservc.log -->2008-01-05 13:53:23 C:\WINDOWS\bootstat.dat -->2008-01-05 13:53:13 C:\WINDOWS\SchedLgU.Txt -->2008-01-05 13:52:08 C:\WINDOWS\system.ini -->2008-01-05 13:04:30 C:\WINDOWS\setupapi.log -->2008-01-03 23:43:33 C:\WINDOWS\win.ini -->2008-01-03 14:09:01 C:\WINDOWS\ntbtlog.txt -->2008-01-01 10:02:21 C:\WINDOWS\checkip.dat -->2007-12-29 20:09:31 C:\WINDOWS\setupact.log -->2007-12-29 15:10:41 C:\WINDOWS\wmsetup.log -->2007-12-26 16:06:19 C:\WINDOWS\IE4 Error Log.txt -->2007-12-24 17:39:15 C:\WINDOWS\tsoc.log -->2007-12-21 22:35:05 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com You do not have the DEBUG privilege, which is required to run this program ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com You do not have the DEBUG privilege, which is required to run this program Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 24A9-5918 Répertoire de C:\WINDOWS\system 1998-05-07 18:04 52 736 hpsysdrv.exe 1 fichier(s) 52 736 octets 0 Rép(s) 111 482 277 888 octets libres Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 24A9-5918 Répertoire de C:\WINDOWS\system32 2004-08-05 20:00 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 111 482 277 888 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 24A9-5918 Répertoire de C:\WINDOWS\Downloaded Program Files 2008-01-03 08:57 <REP> . 2008-01-03 08:57 <REP> .. 2007-12-01 14:24 <REP> CONFLICT.1 2008-01-03 17:11 <REP> CONFLICT.2 2007-12-29 14:54 <REP> CONFLICT.3 2004-11-11 02:09 65 desktop.ini 2005-04-20 09:05 8 338 DjVuLite.us.inf 2002-07-26 00:13 24 576 dwusplay.dll 2002-07-26 00:13 196 608 dwusplay.exe 2007-04-11 14:55 1 292 erma.inf 2005-07-14 17:28 365 f3initialsetup1.0.0.15.inf 2007-05-16 07:22 399 gp.inf 2004-06-16 12:02 323 584 isusweb.dll 2007-01-07 12:55 2 305 kavwebscan.inf 2003-05-29 15:00 160 864 messengerstatsclient.dll 2003-05-29 15:00 84 064 minesweeper.dll 2005-06-30 14:19 227 MsnMessengerSetupDownloader.inf 2005-08-13 23:26 113 664 MsnMessengerSetupDownloader.ocx 2006-04-12 14:39 372 736 MsnPUpld.dll 2006-04-12 14:38 393 MsnPUpld.inf 2002-06-19 13:11 117 088 PURen-us.dll 2002-05-31 08:20 117 328 PURfr-ca.dll 2004-10-15 07:59 110 592 PURfr-xx.dll 2006-11-09 14:36 5 019 swflash.inf 19 fichier(s) 1 639 507 octets Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1 2007-12-01 14:24 <REP> . 2007-12-01 14:24 <REP> .. 2004-12-13 15:20 310 HbTools.inf 2006-06-20 14:44 379 704 MsnPUpld.dll 2006-06-19 13:40 393 MsnPUpld.inf 2006-06-20 14:44 117 560 PURen-us.dll 2002-05-31 09:20 117 328 purfr-ca.dll 2004-10-15 07:59 110 592 PURfr-xx.dll 6 fichier(s) 725 887 octets Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.2 2008-01-03 17:11 <REP> . 2008-01-03 17:11 <REP> .. 2006-06-20 15:44 379 704 MsnPUpld.dll 2006-06-19 14:40 393 MsnPUpld.inf 2006-06-20 15:44 117 560 PURen-us.dll 2007-01-09 07:30 110 592 PURfr-ca.dll 4 fichier(s) 608 249 octets Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.3 2007-12-29 14:54 <REP> . 2007-12-29 14:54 <REP> .. 0 fichier(s) 0 octets Total des fichiers listés : 29 fichier(s) 2 973 643 octets 11 Rép(s) 111 482 277 888 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-05 19:40:28 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 404 - avgas.exe 548 - csrss.exe 572 - winlogon.exe 616 - services.exe 628 - lsass.exe 784 - svchost.exe 844 - svchost.exe 908 - svchost.exe 952 - svchost.exe 984 - svchost.exe 1184 - spoolsv.exe 1228 - avguard.exe 1444 - sched.exe 1456 - AppleMobileDevi 1468 - guard.exe 1552 - MDM.EXE 1636 - svchost.exe 1956 - alg.exe 2112 - avgnt.exe 2128 - explorer.exe 3224 - cmd.exe Total number of processes = 22 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntkrnlpa.exe 806CE000 - \WINDOWS\system32\hal.dll F7AC5000 - \WINDOWS\system32\KDCOM.DLL F79D5000 - \WINDOWS\system32\BOOTVID.dll F7495000 - ACPI.sys F7AC7000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS F7484000 - pci.sys F75C5000 - isapnp.sys F75D5000 - ohci1394.sys F75E5000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS F7B8D000 - pciide.sys F7845000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS F75F5000 - MountMgr.sys F7465000 - ftdisk.sys F784D000 - PartMgr.sys F7605000 - VolSnap.sys F744D000 - atapi.sys F7615000 - disk.sys F7625000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS F742D000 - fltMgr.sys F741B000 - sr.sys F7855000 - PxHelp20.sys F7404000 - KSecDD.sys F7377000 - Ntfs.sys F734A000 - NDIS.sys F7635000 - SISAGPX.sys F732F000 - Mup.sys F7645000 - gagp30kx.sys F7675000 - \SystemRoot\system32\DRIVERS\nic1394.sys F7705000 - \SystemRoot\system32\DRIVERS\AmdK8.sys F6B0B000 - \SystemRoot\system32\DRIVERS\sisgrp.sys F6AF7000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F7715000 - \SystemRoot\system32\DRIVERS\imapi.sys F796D000 - \SystemRoot\system32\drivers\Afc.sys F7725000 - \SystemRoot\System32\Drivers\Cdr4_xp.SYS F7AB5000 - \SystemRoot\system32\drivers\pfc.sys F7975000 - \SystemRoot\system32\drivers\iviaspi.sys F7735000 - \SystemRoot\system32\DRIVERS\cdrom.sys F7745000 - \SystemRoot\system32\DRIVERS\redbook.sys F6AD4000 - \SystemRoot\system32\DRIVERS\ks.sys F6AB7000 - \SystemRoot\System32\Drivers\pwd_2k.SYS F797D000 - \SystemRoot\System32\Drivers\Cdralw2k.SYS F7985000 - \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys F688A000 - \SystemRoot\system32\drivers\ALCXWDM.SYS F6866000 - \SystemRoot\system32\drivers\portcls.sys F7755000 - \SystemRoot\system32\drivers\drmk.sys F798D000 - \SystemRoot\system32\DRIVERS\usbohci.sys F6843000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS F7995000 - \SystemRoot\system32\DRIVERS\usbehci.sys F799D000 - \SystemRoot\system32\DRIVERS\sisnic.sys F670D000 - \SystemRoot\system32\DRIVERS\AGRSM.sys F79A5000 - \SystemRoot\System32\Drivers\Modem.SYS F66FC000 - \SystemRoot\system32\DRIVERS\serial.sys F7307000 - \SystemRoot\system32\DRIVERS\serenum.sys F66E8000 - \SystemRoot\system32\DRIVERS\parport.sys F7765000 - \SystemRoot\system32\DRIVERS\i8042prt.sys F7303000 - \SystemRoot\system32\DRIVERS\PS2.sys F79AD000 - \SystemRoot\system32\DRIVERS\kbdclass.sys F7BF2000 - \SystemRoot\system32\DRIVERS\audstub.sys F7775000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys F72FF000 - \SystemRoot\system32\DRIVERS\ndistapi.sys F66D1000 - \SystemRoot\system32\DRIVERS\ndiswan.sys F7785000 - \SystemRoot\system32\DRIVERS\raspppoe.sys F7795000 - \SystemRoot\system32\DRIVERS\raspptp.sys F79B5000 - \SystemRoot\system32\DRIVERS\TDI.SYS F66C0000 - \SystemRoot\system32\DRIVERS\psched.sys F77A5000 - \SystemRoot\system32\DRIVERS\msgpc.sys F79BD000 - \SystemRoot\system32\DRIVERS\ptilink.sys F79C5000 - \SystemRoot\system32\DRIVERS\raspti.sys F77B5000 - \SystemRoot\system32\DRIVERS\termdd.sys F79CD000 - \SystemRoot\system32\DRIVERS\mouclass.sys F7B09000 - \SystemRoot\system32\DRIVERS\swenum.sys F6664000 - \SystemRoot\system32\DRIVERS\update.sys F72EF000 - \SystemRoot\system32\DRIVERS\mssmbios.sys F7885000 - \SystemRoot\System32\Drivers\dvd_2K.SYS F77C5000 - \SystemRoot\System32\Drivers\NDProxy.SYS F77F5000 - \SystemRoot\system32\DRIVERS\usbhub.sys F7B11000 - \SystemRoot\system32\DRIVERS\USBD.SYS F7B1D000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F7BEE000 - \SystemRoot\System32\Drivers\Null.SYS F7B1F000 - \SystemRoot\System32\Drivers\Beep.SYS F7BEF000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys F78A5000 - \SystemRoot\System32\drivers\vga.sys F7B21000 - \SystemRoot\System32\Drivers\mnmdd.SYS F7B23000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys B1E71000 - \SystemRoot\System32\Drivers\cdudf_xp.SYS B1E3C000 - \SystemRoot\System32\Drivers\DVDVRRdr_xp.SYS F78AD000 - \SystemRoot\System32\Drivers\Msfs.SYS F78B5000 - \SystemRoot\System32\Drivers\Npfs.SYS B1DF8000 - \SystemRoot\System32\Drivers\UDFReadr.SYS F7AA1000 - \SystemRoot\system32\DRIVERS\rasacd.sys B1DAB000 - \SystemRoot\system32\DRIVERS\ipsec.sys B1D53000 - \SystemRoot\system32\DRIVERS\tcpip.sys B1D2B000 - \SystemRoot\system32\DRIVERS\netbt.sys B1D09000 - \SystemRoot\System32\drivers\afd.sys F7825000 - \SystemRoot\system32\DRIVERS\netbios.sys F78C5000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys F7AA9000 - \SystemRoot\system32\DRIVERS\srvkp.sys B1C3E000 - \SystemRoot\system32\DRIVERS\rdbss.sys B1BCF000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys F7685000 - \SystemRoot\System32\Drivers\Fips.SYS B1BAE000 - \SystemRoot\system32\DRIVERS\ipnat.sys F6BD7000 - \SystemRoot\system32\DRIVERS\wanarp.sys F6BC7000 - \SystemRoot\system32\DRIVERS\arp1394.sys F6BB7000 - \SystemRoot\system32\DRIVERS\avipbb.sys F7B25000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys F7C05000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys B1B63000 - \SystemRoot\System32\Drivers\Fastfat.SYS F78D5000 - \SystemRoot\system32\DRIVERS\usbccgp.sys F7A65000 - \SystemRoot\system32\DRIVERS\usbscan.sys F78DD000 - \SystemRoot\system32\DRIVERS\usbprint.sys F78E5000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS B1EFC000 - \SystemRoot\system32\DRIVERS\hidusb.sys F6B97000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS F78FD000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS B1EF4000 - \SystemRoot\system32\DRIVERS\mouhid.sys B1B4B000 - \SystemRoot\System32\Drivers\dump_atapi.sys F7B37000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys B1EDC000 - \SystemRoot\System32\drivers\Dxapi.sys F7905000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys F7CF2000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32\SiSGRV.dll B19C7000 - \SystemRoot\system32\DRIVERS\ndisuio.sys B1766000 - \SystemRoot\system32\DRIVERS\mrxdav.sys B172B000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys B1599000 - \SystemRoot\system32\DRIVERS\srv.sys B1813000 - \SystemRoot\system32\DRIVERS\secdrv.sys B12B4000 - \SystemRoot\system32\drivers\wdmaud.sys B13E1000 - \SystemRoot\system32\drivers\sysaudio.sys B0F81000 - \SystemRoot\System32\Drivers\HTTP.sys B1401000 - \SystemRoot\System32\Drivers\Cdfs.SYS F7CA8000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 134 Liste des programmes installes Adobe Acrobat 5.0 Adobe Flash Player 9 ActiveX Adobe Flash Player ActiveX Adobe Reader 8.1.1 Adobe Shockwave Player Adobe® Photoshop® Album Starter Edition 3.2 Adobe® Photoshop® Album Starter Edition 3.2 Apple Mobile Device Support Apple Software Update AVG Anti-Spyware 7.5 Avira AntiVir PersonalEdition Classic Companion wizard ContextTool Correctif Windows XP - KB885884 Correctif Windows XP - KB886185 Correctif Windows XP - KB887472 Correctif Windows XP - KB888302 Correctif Windows XP - KB890859 Correctif Windows XP - KB891781 Creative WebCam Control Creative WebCam Vista Manual (English) DataStudio DataStudio Google Earth Google Earth Google Toolbar for Internet Explorer HijackThis 2.0.2 HPIZplus450 ImpôtRapide 2006 ioIsland.com ClearTweak iTunes Java 6 Update 3 Kaspersky Online Scanner laughnetwork (remove only) Les Sims : Entre Chiens et Chats Les Sims 2 LGE PC Portal LimeWire 4.14.10 Lizardtech DjVu Control (autoinstall) Maple 10 Messenger Plus! 3 Messenger Plus! Live Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 Microsoft Office Standard Edition 2003 Microsoft Office XP Professional avec FrontPage Mise à jour de sécurité pour Lecteur Windows Media (KB911564) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782) Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) Mise à jour de sécurité pour Step by Step Interactive Training (KB898458) Mise à jour de sécurité pour Step by Step Interactive Training (KB923723) Mise à jour de sécurité pour Windows XP (KB890046) Mise à jour de sécurité pour Windows XP (KB893756) Mise à jour de sécurité pour Windows XP (KB896358) Mise à jour de sécurité pour Windows XP (KB896423) Mise à jour de sécurité pour Windows XP (KB896424) Mise à jour de sécurité pour Windows XP (KB896428) Mise à jour de sécurité pour Windows XP (KB899587) Mise à jour de sécurité pour Windows XP (KB899591) Mise à jour de sécurité pour Windows XP (KB900725) Mise à jour de sécurité pour Windows XP (KB901017) Mise à jour de sécurité pour Windows XP (KB901214) Mise à jour de sécurité pour Windows XP (KB902400) Mise à jour de sécurité pour Windows XP (KB904706) Mise à jour de sécurité pour Windows XP (KB905414) Mise à jour de sécurité pour Windows XP (KB905749) Mise à jour de sécurité pour Windows XP (KB908519) Mise à jour de sécurité pour Windows XP (KB911562) Mise à jour de sécurité pour Windows XP (KB911567) Mise à jour de sécurité pour Windows XP (KB911927) Mise à jour de sécurité pour Windows XP (KB912919) Mise à jour de sécurité pour Windows XP (KB913580) Mise à jour de sécurité pour Windows XP (KB914388) Mise à jour de sécurité pour Windows XP (KB914389) Mise à jour de sécurité pour Windows XP (KB917159) Mise à jour de sécurité pour Windows XP (KB917344) Mise à jour de sécurité pour Windows XP (KB917422) Mise à jour de sécurité pour Windows XP (KB917953) Mise à jour de sécurité pour Windows XP (KB918118) Mise à jour de sécurité pour Windows XP (KB918439) Mise à jour de sécurité pour Windows XP (KB918899) Mise à jour de sécurité pour Windows XP (KB919007) Mise à jour de sécurité pour Windows XP (KB920213) Mise à jour de sécurité pour Windows XP (KB920214) Mise à jour de sécurité pour Windows XP (KB920670) Mise à jour de sécurité pour Windows XP (KB920683) Mise à jour de sécurité pour Windows XP (KB920685) Mise à jour de sécurité pour Windows XP (KB921398) Mise à jour de sécurité pour Windows XP (KB921503) Mise à jour de sécurité pour Windows XP (KB921883) Mise à jour de sécurité pour Windows XP (KB922616) Mise à jour de sécurité pour Windows XP (KB922760) Mise à jour de sécurité pour Windows XP (KB922819) Mise à jour de sécurité pour Windows XP (KB923191) Mise à jour de sécurité pour Windows XP (KB923414) Mise à jour de sécurité pour Windows XP (KB923689) Mise à jour de sécurité pour Windows XP (KB923694) Mise à jour de sécurité pour Windows XP (KB923980) Mise à jour de sécurité pour Windows XP (KB924191) Mise à jour de sécurité pour Windows XP (KB924270) Mise à jour de sécurité pour Windows XP (KB924496) Mise à jour de sécurité pour Windows XP (KB924667) Mise à jour de sécurité pour Windows XP (KB925454) Mise à jour de sécurité pour Windows XP (KB925486) Mise à jour de sécurité pour Windows XP (KB925902) Mise à jour de sécurité pour Windows XP (KB926255) Mise à jour de sécurité pour Windows XP (KB926436) Mise à jour de sécurité pour Windows XP (KB927779) Mise à jour de sécurité pour Windows XP (KB927802) Mise à jour de sécurité pour Windows XP (KB928090) Mise à jour de sécurité pour Windows XP (KB928255) Mise à jour de sécurité pour Windows XP (KB928843) Mise à jour de sécurité pour Windows XP (KB929123) Mise à jour de sécurité pour Windows XP (KB929969) Mise à jour de sécurité pour Windows XP (KB930178) Mise à jour de sécurité pour Windows XP (KB931261) Mise à jour de sécurité pour Windows XP (KB931768) Mise à jour de sécurité pour Windows XP (KB931784) Mise à jour de sécurité pour Windows XP (KB932168) Mise à jour de sécurité pour Windows XP (KB933566) Mise à jour de sécurité pour Windows XP (KB933729) Mise à jour de sécurité pour Windows XP (KB935839) Mise à jour de sécurité pour Windows XP (KB935840) Mise à jour de sécurité pour Windows XP (KB936021) Mise à jour de sécurité pour Windows XP (KB937143) Mise à jour de sécurité pour Windows XP (KB938127) Mise à jour de sécurité pour Windows XP (KB938829) Mise à jour de sécurité pour Windows XP (KB939653) Mise à jour de sécurité pour Windows XP (KB941202) Mise à jour de sécurité pour Windows XP (KB941568) Mise à jour de sécurité pour Windows XP (KB941569) Mise à jour de sécurité pour Windows XP (KB942615) Mise à jour de sécurité pour Windows XP (KB943460) Mise à jour de sécurité pour Windows XP (KB944653) Mise à jour pour Windows XP (KB894391) Mise à jour pour Windows XP (KB898461) Mise à jour pour Windows XP (KB900485) Mise à jour pour Windows XP (KB908531) Mise à jour pour Windows XP (KB910437) Mise à jour pour Windows XP (KB911280) Mise à jour pour Windows XP (KB916595) Mise à jour pour Windows XP (KB920872) Mise à jour pour Windows XP (KB922582) Mise à jour pour Windows XP (KB927891) Mise à jour pour Windows XP (KB929338) Mise à jour pour Windows XP (KB930916) Mise à jour pour Windows XP (KB931836) Mise à jour pour Windows XP (KB933360) Mise à jour pour Windows XP (KB938828) Mise à jour pour Windows XP (KB942763) Mise à jour pour Windows XP (KB942840) Mise à jour pour Windows XP (KB946627) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 Parser and SDK PartyPoker QuickTime RelevantKnowledge Security Update pour Microsoft .NET Framework 2.0 (KB928365) Spybot - Search & Destroy 1.4 SpywareBlaster v3.5.1 Tests d'Aptitude Tests de QI WebCam Monitor WebFldrs XP Windows Installer 3.1 (KB893803) Windows Live Messenger Windows XP Media Center Edition MPEG Codec Plug-in Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 24A9-5918 Répertoire de C:\Program Files 2008-01-02 21:38 <REP> . 2008-01-02 21:38 <REP> .. 2007-08-20 18:12 <REP> Adobe 2005-12-09 09:18 <REP> Ahead 2006-12-20 22:44 <REP> Alwil Software 2007-09-29 17:08 <REP> Apple Software Update 2006-10-28 09:43 <REP> ArcSoft 2007-12-29 19:38 <REP> Ares 2006-01-26 21:58 <REP> Ares Lite Edition 2006-11-09 18:00 <REP> Ares SE 2005-10-09 14:30 <REP> AresTorrentDownloader 2007-12-29 13:33 <REP> Avira 2005-05-31 02:58 <REP> BackWeb 2005-10-13 19:23 <REP> Canon 2007-12-04 18:47 <REP> Common Files 2004-11-23 19:25 <REP> ComPlus Applications 2007-04-07 20:23 <REP> Creative 2005-12-09 09:15 <REP> CyberLink 2005-12-09 09:16 <REP> CyberLink DVD Solution 2007-04-22 13:19 <REP> DataStudio 2006-09-25 16:27 <REP> D-Link 2006-06-24 13:16 <REP> Documents To Go 2007-02-19 22:10 <REP> Druide 2006-12-25 15:23 <REP> EA GAMES 2007-06-13 11:27 <REP> Easy Internet signup 2006-08-31 14:46 <REP> epson 2008-01-03 15:31 <REP> Fichiers communs 2007-09-07 19:06 <REP> Google 2007-12-29 13:49 <REP> Grisoft 2005-05-31 03:00 <REP> Help and Support Additions 2005-05-31 02:40 <REP> Hewlett-Packard 2005-05-31 02:45 <REP> HP 2007-12-15 08:12 <REP> Internet Explorer 2005-05-31 03:23 <REP> InterVideo 2008-01-03 15:24 <REP> ioIsland 2007-11-10 14:29 <REP> iPod 2007-11-10 14:30 <REP> iTunes 2007-12-29 20:43 <REP> Java 2005-10-23 10:29 <REP> Kazaa 2007-11-01 20:43 <REP> laughnetwork 2005-10-23 06:31 <REP> Lavasoft 2007-07-14 08:14 <REP> LGE PC Portal 2007-06-18 16:18 <REP> LGE PC Portal(2) 2007-07-14 08:13 <REP> LGE PC Portal(3) 2007-10-05 13:31 <REP> LimeWire 2007-06-22 07:19 <REP> LizardTech 2005-05-31 03:23 <REP> Macrovision Corp 2006-11-08 19:26 <REP> Maple 10 2007-07-21 19:27 <REP> Maxis 2006-09-26 16:01 <REP> Messenger 2007-09-13 16:10 <REP> Messenger Plus! Live 2007-06-18 16:20 <REP> MessengerPlus! 3 2007-02-10 07:47 <REP> MétéoMédia 2007-03-17 11:19 <REP> Micro Application 2007-07-14 08:13 <REP> Microsoft ActiveSync 2005-05-31 02:50 <REP> Microsoft Encarta 2007-12-02 16:22 <REP> microsoft frontpage 2007-11-18 21:08 <REP> Microsoft Games 2006-04-10 16:07 <REP> Microsoft Location Finder 2005-05-31 02:53 <REP> Microsoft Office 2006-04-10 16:01 <REP> Microsoft Streets & Trips 2005-05-31 02:53 <REP> Microsoft Visual Studio 2005-05-31 02:53 <REP> Microsoft Works 2005-05-31 02:53 <REP> Microsoft.NET 2007-06-20 20:50 <REP> Morpheus 2004-11-23 20:11 <REP> Movie Maker 2006-11-05 16:54 <REP> Mozilla Firefox 2007-12-04 17:12 <REP> MSN 2005-06-02 21:07 <REP> MSN Apps 2004-11-23 20:11 <REP> MSN Gaming Zone 2007-12-15 08:12 <REP> MSN Messenger 2006-11-17 22:45 <REP> MSXML 4.0 2005-05-31 03:24 <REP> muvee Technologies 2005-10-22 18:36 <REP> Need2Find 2006-09-06 19:23 <REP> Nero 2006-08-06 12:08 <REP> NetMeeting 2004-11-23 20:11 <REP> Online Services 2007-06-18 21:56 <REP> Outlook Express 2006-05-28 20:44 <REP> palmOne 2007-11-03 13:31 <REP> PartyGaming 2007-07-03 13:33 <REP> PartyGaming.Net 2005-05-31 03:02 <REP> PC-Doctor for Windows 2006-09-23 15:21 <REP> PConPoint 2007-12-02 14:34 <REP> PopCap Games 2007-12-29 19:27 <REP> QuickTime 2005-05-31 02:51 <REP> Real 2005-10-23 06:53 <REP> RegCleaner 2006-01-19 16:32 774 144 RngInterstitial.dll 2006-09-08 06:31 <REP> Roxio 2005-05-31 03:05 <REP> Services en ligne 2006-08-06 09:21 <REP> SiS VGA Utilities V3.63 2005-09-16 13:10 <REP> Skype 2005-05-31 02:49 <REP> Sonic 2005-05-31 02:49 <REP> Sonic RecordNow! 2005-06-18 13:05 <REP> Sony Corporation 2007-08-12 09:42 <REP> Spybot - Search & Destroy 2008-01-03 15:16 <REP> SpywareBlaster 2005-06-05 14:59 <REP> TextBridge Classic 2005-06-07 19:45 <REP> Ulead iPhoto Plus 4 2006-08-14 15:44 <REP> Ulead Systems 2004-03-11 13:27 40 960 Uninstall_CDS.exe 2005-05-31 02:58 <REP> Updates from HP 2007-09-13 16:10 <REP> Windows Live 2006-09-26 16:01 <REP> Windows Media Player 2006-08-06 12:08 <REP> Windows NT 2004-11-23 20:12 <REP> xerox 2006-03-25 17:50 <REP> Yahoo! 2006-09-23 15:08 <REP> Zone Labs 2 fichier(s) 815 104 octets 106 Rép(s) 111 458 000 896 octets libres Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 24A9-5918 Répertoire de C:\Program Files\fichiers communs 2008-01-03 15:31 <REP> . 2008-01-03 15:31 <REP> .. 2007-08-20 18:12 <REP> Adobe 2005-12-09 09:18 <REP> Ahead 2007-03-10 15:12 <REP> AnswerWorks 4.0 2006-08-11 06:45 <REP> AOL 2007-09-29 17:08 <REP> Apple 2007-12-29 19:37 <REP> ArcSoft 2006-05-28 20:41 <REP> DataViz 2005-05-31 02:53 <REP> Designer 2005-05-31 02:43 <REP> Hewlett-Packard 2005-05-31 02:40 <REP> HP 2005-05-31 03:23 <REP> InstallShield 2006-02-16 11:02 <REP> Intuit 2005-05-31 02:29 <REP> Java 2006-08-06 09:21 <REP> LightScribe 2007-07-13 04:25 <REP> Microsoft Shared 2004-11-23 20:11 <REP> MSSoap 2005-05-31 03:24 <REP> muvee Technologies 2004-11-23 20:11 <REP> ODBC 2005-05-31 02:51 <REP> Real 2006-09-08 06:33 <REP> Roxio Shared 2006-08-06 12:08 <REP> Services 2005-11-27 19:32 <REP> Sonic 2005-11-27 19:31 <REP> Sonic Shared 2004-11-23 20:11 <REP> SpeechEngines 2005-05-31 02:50 <REP> SureThing Shared 2007-06-18 21:56 <REP> System 2005-05-31 02:51 <REP> xing shared 0 fichier(s) 0 octets 29 Rép(s) 111 458 009 088 octets libres Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 24A9-5918 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 2005-05-31 02:53 <REP> . 2005-05-31 02:53 <REP> .. 2005-05-31 02:53 <REP> 1033 2005-05-31 02:53 <REP> 1036 2003-07-11 16:15 1 292 872 MSONSEXT.DLL 2003-07-15 12:52 35 896 MSOSV.DLL 1999-06-04 01:09 122 937 MSOWS409.DLL 2001-03-07 20:00 127 033 MSOWS40c.DLL 2000-08-06 08:04 401 462 MSVCP60.DLL 2001-01-22 02:25 69 632 PKMAXCTL.DLL 2001-01-22 02:25 872 448 PKMCDO.DLL 2001-01-22 02:25 159 744 PKMCORE.DLL 2001-02-07 08:59 106 496 PKMFORMS.DLL 2001-02-12 03:03 684 032 PKMRES.DLL 2001-01-22 02:25 28 672 PKMSSTLB.DLL 2001-01-22 02:25 40 960 PKMTEMPL.DLL 2001-01-22 02:25 24 576 PKMTRACE.DLL 2003-07-11 08:25 80 448 PKMWS.DLL 2001-01-22 02:25 237 568 PROMDEMO.DLL 2001-01-22 02:25 184 320 SECMGR.DLL 2001-01-22 02:25 323 584 VAIDDMGR.DLL 2001-01-22 02:25 32 768 VAIMEM.DLL 18 fichier(s) 4 825 448 octets 4 Rép(s) 111 458 009 088 octets libres Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 24A9-5918 Répertoire de C:\Program Files\common files 2007-12-04 18:47 <REP> . 2007-12-04 18:47 <REP> .. 2006-10-07 09:16 <REP> Companion Wizard 2007-12-22 11:52 <REP> ??crosoft.NET 2007-11-29 20:13 <REP> ?asks 0 fichier(s) 0 octets 5 Rép(s) 111 458 009 088 octets libres Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 24A9-5918 Répertoire de C:\ 2006-03-26 11:46 359 112 LimeWireWin.exe 2005-07-19 09:43 1 410 436 setup_ares.exe 2005-10-31 10:56 700 416 StubInstaller.exe 3 fichier(s) 2 469 964 octets 0 Rép(s) 111 458 009 088 octets libres c:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\AutoTBar.exe c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.5.0.20\iTunesSetupAdmin.exe c:\Documents and Settings\Dany\Application Data\Microsoft\Installer\{45BA7145-64B0-4B5D-BDC2-40E20FCDC6DC}\ARPPRODUCTICON.exe c:\Documents and Settings\Dany\Application Data\Microsoft\Installer\{45BA7145-64B0-4B5D-BDC2-40E20FCDC6DC}\NewShortcut1.4DA64122_6F1D_4317_BC6A_2B3299881D1B.exe c:\Documents and Settings\Dany\Application Data\Microsoft\Installer\{45BA7145-64B0-4B5D-BDC2-40E20FCDC6DC}\NewShortcut2.4DA64122_6F1D_4317_BC6A_2B3299881D1B.exe c:\Documents and Settings\Dany\Application Data\Microsoft\Installer\{45BA7145-64B0-4B5D-BDC2-40E20FCDC6DC}\NewShortcut2_45BA714564B04B5DBDC240E20FCDC6DC.exe c:\Documents and Settings\Dany\Application Data\Microsoft\Installer\{45BA7145-64B0-4B5D-BDC2-40E20FCDC6DC}\NewShortcut3.4DA64122_6F1D_4317_BC6A_2B3299881D1B.exe c:\Documents and Settings\Dany\Application Data\Microsoft\Installer\{45BA7145-64B0-4B5D-BDC2-40E20FCDC6DC}\NewShortcut4.4DA64122_6F1D_4317_BC6A_2B3299881D1B.exe c:\Documents and Settings\Dany\Application Data\Microsoft\Installer\{45BA7145-64B0-4B5D-BDC2-40E20FCDC6DC}\NewShortcut4_45BA714564B04B5DBDC240E20FCDC6DC.exe c:\Documents and Settings\Dany\Application Data\Microsoft\Installer\{45BA7145-64B0-4B5D-BDC2-40E20FCDC6DC}\NewShortcut5.4DA64122_6F1D_4317_BC6A_2B3299881D1B.exe c:\Documents and Settings\Dany\Application Data\Microsoft\Installer\{45BA7145-64B0-4B5D-BDC2-40E20FCDC6DC}\NewShortcut6.4DA64122_6F1D_4317_BC6A_2B3299881D1B.exe c:\Documents and Settings\Dany\Application Data\Microsoft\Installer\{45BA7145-64B0-4B5D-BDC2-40E20FCDC6DC}\PalmDesktopShortcut.exe c:\Documents and Settings\Dany\Application Data\Microsoft\Installer\{45BA7145-64B0-4B5D-BDC2-40E20FCDC6DC}\palmOneFileTransfer_45BA714564B04B5DBDC240E20FCDC6DC.exe c:\Documents and Settings\Dany\Application Data\Microsoft\Installer\{8D6AE289-7A5E-41B4-A7F0-687C2DAB1B87}\_12db153c.exe c:\Documents and Settings\Dany\Application Data\Microsoft\Installer\{8D6AE289-7A5E-41B4-A7F0-687C2DAB1B87}\_bb32ea6.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_en_US.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Application Data\LimeWire\.NetworkShare\LimeWireWin4.14.12.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Bureau\ComboFix.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Bureau\HijackThis.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Bureau\OTMoveIt.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Bureau\CruzerLock 2\CruzerLock2.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\active sync.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\aswclnr.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\Firefox Setup 1.0.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\LimeWireWin.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\.limewire\.NetworkShare\LimeWireWin4.12.3.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\Mes documents\Emoticones.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\Mes documents\Google_Earth_BZXV.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\Mes documents\GoogleEarthSetup.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\Mes documents\Install_Messenger.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\Mes documents\psa30se_en_us.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\Mes documents\SkypeSetup.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\Mes documents\programme\aawsepersonal.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\Mes documents\programme\AdbeRdr705_enu_full.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\Mes documents\programme\dvdshrink32setup.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\Mes documents\programme\GoogleEarthSetup.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\Mes documents\programme\LimeWireWin-full.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\Mes documents\programme\RegCleaner.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\Mes documents\programme\spybotsd13.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\Mes documents\programme\Ad-Aware SE\aawsepersonal.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\Mes documents\programme\Ad-Aware SE\PLLANGS.EXE c:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\unzip\DiagHelp\catchme.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\unzip\DiagHelp\diff.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\unzip\DiagHelp\dumphive.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\unzip\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\unzip\DiagHelp\find2.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\unzip\DiagHelp\Fport.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\unzip\DiagHelp\grep.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\unzip\DiagHelp\gzip.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\unzip\DiagHelp\KProcCheck.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\unzip\DiagHelp\LFiles.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\unzip\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\unzip\DiagHelp\md5sums.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\unzip\DiagHelp\pslist.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\unzip\DiagHelp\sigcheck.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\unzip\DiagHelp\streams.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\unzip\DiagHelp\swreg.exe c:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\unzip\DiagHelp\tar.exe c:\Documents and Settings\Default User\Menu Démarrer\Programmes\Démarrage\AutoTBar.exe c:\Documents and Settings\HP_Propriétaire\Bureau\antivir_workstation_win7u_en_h.exe c:\Documents and Settings\HP_Propriétaire\Bureau\ATF-Cleaner.exe c:\Documents and Settings\HP_Propriétaire\Bureau\HijackThis.exe c:\Documents and Settings\Kellie\.limewire\.NetworkShare\LimeWireWin4.12.4.exe c:\Documents and Settings\Kellie\.limewire\.NetworkShare\LimeWireWinInstaller 1.exe c:\Documents and Settings\Kellie\.limewire\.NetworkShare\LimeWireWinInstaller 2.exe c:\Documents and Settings\Kellie\.limewire\.NetworkShare\LimeWireWinInstaller 3.exe c:\Documents and Settings\Kellie\.limewire\.NetworkShare\LimeWireWinInstaller 4.exe c:\Documents and Settings\Kellie\.limewire\.NetworkShare\LimeWireWinInstaller 5.exe c:\Documents and Settings\Kellie\.limewire\.NetworkShare\LimeWireWinInstaller 6.exe c:\Documents and Settings\Kellie\.limewire\.NetworkShare\LimeWireWinInstaller 7.exe c:\Documents and Settings\Kellie\.limewire\.NetworkShare\LimeWireWinInstaller 8.exe c:\Documents and Settings\Kellie\.limewire\.NetworkShare\LimeWireWinInstaller 9.exe c:\Documents and Settings\Kellie\.limewire\.NetworkShare\LimeWireWinInstaller.exe c:\Documents and Settings\Kellie\Application Data\LANCITE\ClipShell\ClipShell.exe c:\Documents and Settings\KelLie.NOM-0C9D00AA293\Application Data\LimeWire\.NetworkShare\LimeWireWin4.14.10.exe c:\Documents and Settings\KelLie.NOM-0C9D00AA293\Bureau\iTunes743Setup.exe c:\Documents and Settings\KelLie.NOM-0C9D00AA293\Bureau\KelLie\nintEndo\virtuanes092e\VirtuaNES.exe c:\Documents and Settings\KelLie.NOM-0C9D00AA293\Local Settings\Application Data\Xenocode\ApplianceCaches\ClipShellCN.exe_v2B4597C7 c:\Documents and Settings\KelLie.NOM-0C9D00AA293\Mes documents\Install_Messenger.exe c:\Documents and Settings\KelLie.NOM-0C9D00AA293\Mes documents\Install_Messenger2.exe c:\Documents and Settings\KelLie.NOM-0C9D00AA293\Mes documents\LimeWireWin.exe c:\Documents and Settings\Nick\.limewire\.NetworkShare\LimeWireWin4.12.4.exe c:\Documents and Settings\Nick\.limewire\.NetworkShare\LimeWireWinInstaller.exe c:\Documents and Settings\Nick\Mes documents\Cossin\INSTALL_MSN_MESSENGER_NT.EXE c:\Documents and Settings\Nick.NOM-0C9D00AA293\Application Data\LimeWire\.NetworkShare\LimeWireWin4.14.10.exe c:\Documents and Settings\Nick.NOM-0C9D00AA293\Application Data\LimeWire\.NetworkShare\Incomplete\T-3126056-LimeWireWin4.12.15.exe c:\Documents and Settings\Nick.NOM-0C9D00AA293\Bureau\nIcK\cossin\Msn\Install_MSN_Messenger.EXE c:\Documents and Settings\Nick.NOM-0C9D00AA293\Bureau\nIcK\cossin\Msn\MsgPlus.exe c:\Documents and Settings\Nick.NOM-0C9D00AA293\Bureau\nIcK\cossin\Msn\Msn PluSs\MsgPlus.exe c:\Documents and Settings\Nick.NOM-0C9D00AA293\Mes documents\Mes images\PartyPokerNetSetup.exe c:\Documents and Settings\Nick.NOM-0C9D00AA293\Mes documents\Mes images\PartyPokerSetup.exe c:\Documents and Settings\Sonia.NOM-0C9D00AA293\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\ARPPRODUCTICON.exe c:\Documents and Settings\Sonia.NOM-0C9D00AA293\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe c:\Documents and Settings\Sonia.NOM-0C9D00AA293\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe c:\Documents and Settings\Sonia.NOM-0C9D00AA293\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\UNINST_Uninstall_G_3DE5E7D47B88403CA3FD2017A8240C5B.exe c:\Documents and Settings\Sonia.NOM-0C9D00AA293\Bureau\psa30se_ytb612_a708_DLM_fr_fr.exe c:\Program Files\Documents To Go\DocsToGo.exe c:\Program Files\Documents To Go\HandheldInstall.exe c:\Program Files\Documents To Go\OfficeAddinInstaller.exe c:\Program Files\Documents To Go\OfficeAddinUninstaller.exe c:\Program Files\Documents To Go\ptgxlat.exe c:\Program Files\Documents To Go\ZipUtil.exe c:\WINDOWS\Installer\{7723A0B8-23A2-454B-8831-99965558AECD}\DocumentsToGo.exe c:\_OTMoveIt\MovedFiles\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\Mes documents\SmileyCentralPFSetup2.2.60.11-2.exe c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\avewin32.dll c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll c:\Documents and Settings\All Users\Application Data\Hewlett-Packard\Diagnostic Assistant\data\hprbevdb.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\Dany\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\Dany.NOM-0C9D00AA293\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\Kellie\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\KelLie.NOM-0C9D00AA293\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\Nick\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\Nick.NOM-0C9D00AA293\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\Sonia.NOM-0C9D00AA293\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_NOM-0C9D00AA293.tar.gz a l'adresse http://upload.malekal.com
  9. cosby112
    Salu Charles tout c'est bien passé... merci ComboFix 08-01-05.1 - Dany 2008-01-05 12:58:59.6 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.135 [GMT -5:00] Running from: C:\Documents and Settings\Dany.NOM-0C9D00AA293\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Dany.NOM-0C9D00AA293\Bureau\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((( Fichiers créés 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))))))) . 2008-01-05 12:58 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-03 15:24 . 2008-01-03 15:24 <REP> d-------- C:\Program Files\ioIsland 2008-01-03 15:14 . 2008-01-03 15:16 <REP> d-------- C:\Program Files\SpywareBlaster 2008-01-03 13:47 . 2008-01-03 13:47 172 --ah----- C:\sqmnoopt01.sqm 2008-01-03 13:47 . 2008-01-03 13:47 172 --ah----- C:\sqmdata01.sqm 2008-01-03 13:43 . 2008-01-03 13:43 268 --ah----- C:\sqmdata00.sqm 2008-01-03 13:43 . 2008-01-03 13:43 244 --ah----- C:\sqmnoopt00.sqm 2008-01-03 08:57 . 2008-01-03 08:57 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-01-03 08:57 . 2008-01-03 08:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-12-30 08:17 . 2007-12-30 08:17 <REP> d-------- C:\Documents and Settings\Sonia.NOM-0C9D00AA293\Application Data\Grisoft 2007-12-30 08:15 . 2007-12-30 08:15 <REP> d-------- C:\Documents and Settings\KelLie.NOM-0C9D00AA293\Application Data\Grisoft 2007-12-30 08:12 . 2007-12-30 08:12 <REP> d-------- C:\Documents and Settings\Nick.NOM-0C9D00AA293\Application Data\Grisoft 2007-12-29 23:09 . 2007-12-29 23:09 <REP> d-------- C:\Documents and Settings\Dany.NOM-0C9D00AA293\Application Data\Grisoft 2007-12-29 20:35 . 2005-05-31 02:56 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS 2007-12-29 20:35 . 2004-11-23 19:24 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau 2007-12-29 20:35 . 2004-11-23 19:24 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2007-12-29 20:35 . 2006-08-06 12:08 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles 2007-12-29 20:35 . 2006-08-06 12:07 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents 2007-12-29 20:35 . 2006-08-06 12:07 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer 2007-12-29 20:35 . 2006-08-06 12:07 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris 2007-12-29 20:35 . 2005-05-31 03:01 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2007-12-29 20:35 . 2005-05-31 03:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec 2007-12-29 20:35 . 2005-05-31 03:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SampleView 2007-12-29 20:35 . 2005-05-31 02:55 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer 2007-12-29 19:35 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-12-29 18:19 . 2007-12-29 18:19 15 --a------ C:\WINDOWS\system32\24a94b39 2007-12-29 15:07 . 2007-12-29 15:07 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Contacts 2007-12-29 15:07 . 2007-12-29 15:07 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Contacts 2007-12-29 13:49 . 2007-12-29 13:49 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\Grisoft 2007-12-29 13:49 . 2007-12-29 13:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-12-29 13:49 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-12-29 13:47 . 2007-12-29 13:47 <REP> d---s---- C:\Documents and Settings\HP_Propriétaire\UserData 2007-12-29 13:47 . 2007-12-29 13:47 <REP> d---s---- C:\Documents and Settings\HP_Propriétaire\UserData 2007-12-29 13:33 . 2007-12-29 13:33 <REP> d-------- C:\Program Files\Avira 2007-12-29 13:33 . 2007-12-29 13:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2007-12-29 13:11 . 2007-12-29 13:29 1,031,448 ---hs---- C:\WINDOWS\system32\gnmvujwi.ini 2007-12-29 09:24 . 2007-12-29 13:10 1,031,268 ---hs---- C:\WINDOWS\system32\oqviiogp.ini 2007-12-27 21:53 . 2007-12-29 09:23 1,031,499 ---hs---- C:\WINDOWS\system32\bgcoisda.ini 2007-12-27 14:46 . 2007-12-27 14:46 <REP> d-------- C:\Documents and Settings\Kellie\Application Data\LANCITE 2007-12-26 20:59 . 2007-12-27 21:53 1,031,679 ---hs---- C:\WINDOWS\system32\rknxpxjx.ini 2007-12-26 16:52 . 2007-12-26 16:52 88,936 --a------ C:\Documents and Settings\Dany.NOM-0C9D00AA293\Application Data\GDIPFONTCACHEV1.DAT 2007-12-25 23:25 . 2007-12-25 23:25 1,283,174 --a------ C:\Install 2007-12-24 20:30 . 2007-12-25 20:31 1,019,762 ---hs---- C:\WINDOWS\system32\xfibslre.ini 2007-12-23 19:39 . 2007-12-24 20:30 1,014,665 ---hs---- C:\WINDOWS\system32\itvlhnax.ini 2007-12-23 14:32 . 2007-12-23 14:32 <REP> d-------- C:\Documents and Settings\Nick.NOM-0C9D00AA293\Application Data\AntiVer2008 2007-12-23 14:32 . 2007-12-23 14:32 <REP> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon 2007-12-16 12:12 . 1991-11-11 13:01 970,686 ---hs---- C:\WINDOWS\system32\cxnjkrpy.ini 2007-12-11 17:34 . 2007-12-13 16:17 1,123,654 ---hs---- C:\WINDOWS\system32\iliwprmm.ini 2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts 2007-12-10 17:48 . 2007-12-11 12:53 1,532,882 ---hs---- C:\WINDOWS\system32\wcbirmyp.ini 2007-12-09 17:26 . 2007-12-10 17:49 1,565,077 ---hs---- C:\WINDOWS\system32\wqbkbcac.ini 2007-12-09 17:19 . 2007-12-29 13:09 20,480 --a------ C:\WINDOWS\quit.exe 2007-12-06 16:42 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-30 01:43 --------- d-----w C:\Program Files\Java 2007-12-30 00:38 --------- d-----w C:\Program Files\Ares 2007-12-30 00:37 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-30 00:37 --------- d-----w C:\Program Files\Fichiers communs\ArcSoft 2007-12-30 00:27 --------- d-----w C:\Program Files\QuickTime 2007-12-29 23:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-29 23:24 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Apple Computer 2007-12-29 23:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-12-22 11:03 --------- d-----w C:\Documents and Settings\Dany.NOM-0C9D00AA293\Application Data\LimeWire 2007-12-15 13:12 --------- d-----w C:\Program Files\MSN Messenger 2007-12-04 23:47 --------- d-----w C:\Program Files\Common Files 2007-12-02 21:22 --------- d-----w C:\Program Files\microsoft frontpage 2007-12-02 19:34 --------- d-----w C:\Program Files\PopCap Games 2007-12-02 19:32 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-11-26 21:45 --------- d-----w C:\Documents and Settings\Nick.NOM-0C9D00AA293\Application Data\LimeWire 2007-11-19 02:08 --------- d-----w C:\Program Files\Microsoft Games 2007-11-16 02:29 --------- d-----w C:\Documents and Settings\KelLie.NOM-0C9D00AA293\Application Data\LimeWire 2007-11-14 07:28 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-10 19:30 --------- d-----w C:\Program Files\iTunes 2007-11-10 19:29 --------- d-----w C:\Program Files\iPod 2007-10-30 10:18 3,079,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-25 16:56 8,510,976 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-20 11:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-20 11:01 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll 2007-10-11 06:13 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll 2007-10-11 06:13 663,552 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2007-10-11 06:13 617,472 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-10-11 06:13 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-10-11 06:13 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll 2007-10-11 06:13 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll 2007-10-11 06:13 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-10-11 06:13 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-10-11 06:13 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll 2007-10-11 06:13 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll 2007-10-11 06:13 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-10-11 06:13 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-10-11 06:13 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll 2007-10-11 06:13 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll 2007-10-11 06:13 1,495,040 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll 2007-10-11 06:13 1,056,768 ----a-w C:\WINDOWS\system32\dllcache\danim.dll 2007-10-11 06:13 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll 2007-10-10 11:16 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe 2007-08-25 16:31 88,936 ----a-w C:\Documents and Settings\KelLie.NOM-0C9D00AA293\Application Data\GDIPFONTCACHEV1.DAT 2007-05-22 01:36 88,936 ----a-w C:\Documents and Settings\Nick.NOM-0C9D00AA293\Application Data\GDIPFONTCACHEV1.DAT 2006-03-19 19:30 62,352 ----a-w C:\Documents and Settings\Dany\Application Data\GDIPFONTCACHEV1.DAT 2006-02-01 16:19 62,352 ----a-w C:\Documents and Settings\Sonia\Application Data\GDIPFONTCACHEV1.DAT 2006-01-31 22:34 62,352 ----a-w C:\Documents and Settings\Kellie\Application Data\GDIPFONTCACHEV1.DAT 2006-01-19 21:32 774,144 ----a-w C:\Program Files\RngInterstitial.dll 2005-12-25 22:35 8 ----a-w C:\Documents and Settings\Dany\Application Data\usb.dat.bin 2005-07-17 21:00 0 ----a-w C:\Documents and Settings\Dany\Application Data\wklnhst.dat 2004-03-11 18:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 23:17 90112] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-29 13:35 249896] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk.disabled] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk.disabled backup=C:\WINDOWS\pss\Microsoft Office.lnk.disabledCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-05 20:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06] --a------ 2004-06-07 20:53 49152 c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-05-26 10:55 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2005-05-31 02:51 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background "EPSON Stylus CX5800F Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE /P27 "EPSON Stylus CX5800F Series" /M "Stylus CX5800F" /EF "HKCU" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot "AlcxMonitor"=ALCXMNTR.EXE "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" "LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe "HPHmon06"=C:\WINDOWS\system32\hphmon06.exe R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 12:08] S3 PTV371;Mini TV USB;C:\WINDOWS\system32\DRIVERS\PTV371.SYS [2006-04-14 15:56] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7e52e1c-0005-11da-ba3d-806d6172696f}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-01-05 18:00:00 C:\WINDOWS\Tasks\A6E910479052837B.job" - c:\docume~1\sonia~1.nom\applic~1\option~1\2purewipe.exe "2007-12-29 19:23:34 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-01-03 08:00:00 C:\WINDOWS\Tasks\At100.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-03 09:00:00 C:\WINDOWS\Tasks\At101.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-03 10:00:00 C:\WINDOWS\Tasks\At102.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-03 11:00:00 C:\WINDOWS\Tasks\At103.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-03 12:00:00 C:\WINDOWS\Tasks\At104.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-04 13:00:00 C:\WINDOWS\Tasks\At105.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-03 14:00:00 C:\WINDOWS\Tasks\At106.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-03 15:00:02 C:\WINDOWS\Tasks\At107.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-04 16:00:00 C:\WINDOWS\Tasks\At108.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-04 17:00:00 C:\WINDOWS\Tasks\At109.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-05 18:00:01 C:\WINDOWS\Tasks\At110.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-03 19:00:02 C:\WINDOWS\Tasks\At111.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-03 20:00:04 C:\WINDOWS\Tasks\At112.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-03 21:00:03 C:\WINDOWS\Tasks\At113.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-03 22:00:01 C:\WINDOWS\Tasks\At114.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-03 23:00:00 C:\WINDOWS\Tasks\At115.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-04 00:00:00 C:\WINDOWS\Tasks\At116.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-04 01:00:00 C:\WINDOWS\Tasks\At117.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-04 02:00:00 C:\WINDOWS\Tasks\At118.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-04 03:00:00 C:\WINDOWS\Tasks\At119.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-04 04:00:00 C:\WINDOWS\Tasks\At120.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-03 05:00:00 C:\WINDOWS\Tasks\At121.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-03 06:00:00 C:\WINDOWS\Tasks\At122.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-03 07:00:00 C:\WINDOWS\Tasks\At123.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-03 08:00:00 C:\WINDOWS\Tasks\At124.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-03 09:00:00 C:\WINDOWS\Tasks\At125.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-03 10:00:00 C:\WINDOWS\Tasks\At126.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-03 11:00:00 C:\WINDOWS\Tasks\At127.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-03 12:00:00 C:\WINDOWS\Tasks\At128.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-04 13:00:00 C:\WINDOWS\Tasks\At129.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-03 14:00:00 C:\WINDOWS\Tasks\At130.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-03 15:00:03 C:\WINDOWS\Tasks\At131.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-04 16:00:00 C:\WINDOWS\Tasks\At132.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-04 17:00:00 C:\WINDOWS\Tasks\At133.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-05 18:00:01 C:\WINDOWS\Tasks\At134.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-03 19:00:02 C:\WINDOWS\Tasks\At135.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-03 20:00:05 C:\WINDOWS\Tasks\At136.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-03 21:00:04 C:\WINDOWS\Tasks\At137.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-03 22:00:01 C:\WINDOWS\Tasks\At138.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-03 23:00:00 C:\WINDOWS\Tasks\At139.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-04 00:00:00 C:\WINDOWS\Tasks\At140.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-04 01:00:00 C:\WINDOWS\Tasks\At141.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-04 02:00:00 C:\WINDOWS\Tasks\At142.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-04 03:00:00 C:\WINDOWS\Tasks\At143.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-04 04:00:00 C:\WINDOWS\Tasks\At144.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-03 05:00:00 C:\WINDOWS\Tasks\At145.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-03 06:00:00 C:\WINDOWS\Tasks\At146.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-03 07:00:00 C:\WINDOWS\Tasks\At147.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-03 08:00:00 C:\WINDOWS\Tasks\At148.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-03 09:00:00 C:\WINDOWS\Tasks\At149.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-03 10:00:00 C:\WINDOWS\Tasks\At150.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-03 11:00:00 C:\WINDOWS\Tasks\At151.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-03 12:00:00 C:\WINDOWS\Tasks\At152.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-04 13:00:00 C:\WINDOWS\Tasks\At153.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-03 14:00:00 C:\WINDOWS\Tasks\At154.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-03 15:00:03 C:\WINDOWS\Tasks\At155.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-04 16:00:00 C:\WINDOWS\Tasks\At156.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-04 17:00:00 C:\WINDOWS\Tasks\At157.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-05 18:00:01 C:\WINDOWS\Tasks\At158.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-03 19:00:02 C:\WINDOWS\Tasks\At159.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-03 20:00:05 C:\WINDOWS\Tasks\At160.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-03 21:00:05 C:\WINDOWS\Tasks\At161.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-03 22:00:01 C:\WINDOWS\Tasks\At162.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-03 23:00:00 C:\WINDOWS\Tasks\At163.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-04 00:00:00 C:\WINDOWS\Tasks\At164.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-04 01:00:00 C:\WINDOWS\Tasks\At165.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-04 02:00:00 C:\WINDOWS\Tasks\At166.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-04 03:00:00 C:\WINDOWS\Tasks\At167.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-04 04:00:00 C:\WINDOWS\Tasks\At168.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-03 06:00:00 C:\WINDOWS\Tasks\At26.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-03 07:00:00 C:\WINDOWS\Tasks\At27.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-03 08:00:00 C:\WINDOWS\Tasks\At28.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-03 09:00:00 C:\WINDOWS\Tasks\At29.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-03 10:00:00 C:\WINDOWS\Tasks\At30.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-03 11:00:00 C:\WINDOWS\Tasks\At31.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-03 12:00:00 C:\WINDOWS\Tasks\At32.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-04 13:00:00 C:\WINDOWS\Tasks\At33.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-03 14:00:00 C:\WINDOWS\Tasks\At34.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-03 15:00:03 C:\WINDOWS\Tasks\At35.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-04 16:00:00 C:\WINDOWS\Tasks\At36.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-04 17:00:00 C:\WINDOWS\Tasks\At37.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-05 18:00:01 C:\WINDOWS\Tasks\At38.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-03 19:00:02 C:\WINDOWS\Tasks\At39.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-03 20:00:06 C:\WINDOWS\Tasks\At40.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-03 21:00:05 C:\WINDOWS\Tasks\At41.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-03 22:00:01 C:\WINDOWS\Tasks\At42.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-03 23:00:00 C:\WINDOWS\Tasks\At43.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-04 00:00:00 C:\WINDOWS\Tasks\At44.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-04 01:00:00 C:\WINDOWS\Tasks\At45.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-04 02:00:00 C:\WINDOWS\Tasks\At46.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-04 03:00:00 C:\WINDOWS\Tasks\At47.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-04 04:00:00 C:\WINDOWS\Tasks\At48.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-03 05:00:00 C:\WINDOWS\Tasks\At49.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-03 06:00:00 C:\WINDOWS\Tasks\At50.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-03 07:00:00 C:\WINDOWS\Tasks\At51.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-03 08:00:00 C:\WINDOWS\Tasks\At52.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-03 09:00:00 C:\WINDOWS\Tasks\At53.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-03 10:00:00 C:\WINDOWS\Tasks\At54.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-03 11:00:00 C:\WINDOWS\Tasks\At55.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-03 12:00:00 C:\WINDOWS\Tasks\At56.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-04 13:00:00 C:\WINDOWS\Tasks\At57.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-03 14:00:00 C:\WINDOWS\Tasks\At58.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-03 15:00:03 C:\WINDOWS\Tasks\At59.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-04 16:00:00 C:\WINDOWS\Tasks\At60.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-04 17:00:00 C:\WINDOWS\Tasks\At61.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-05 18:00:01 C:\WINDOWS\Tasks\At62.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-03 19:00:03 C:\WINDOWS\Tasks\At63.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-03 20:00:07 C:\WINDOWS\Tasks\At64.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-03 21:00:05 C:\WINDOWS\Tasks\At65.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-03 22:00:01 C:\WINDOWS\Tasks\At66.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-03 23:00:00 C:\WINDOWS\Tasks\At67.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-04 00:00:00 C:\WINDOWS\Tasks\At68.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-04 01:00:00 C:\WINDOWS\Tasks\At69.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-04 02:00:00 C:\WINDOWS\Tasks\At70.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-04 03:00:00 C:\WINDOWS\Tasks\At71.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-04 04:00:00 C:\WINDOWS\Tasks\At72.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-03 05:00:00 C:\WINDOWS\Tasks\At73.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-03 06:00:00 C:\WINDOWS\Tasks\At74.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-03 07:00:00 C:\WINDOWS\Tasks\At75.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-03 08:00:00 C:\WINDOWS\Tasks\At76.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-03 09:00:00 C:\WINDOWS\Tasks\At77.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-03 10:00:00 C:\WINDOWS\Tasks\At78.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-03 11:00:00 C:\WINDOWS\Tasks\At79.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-03 12:00:00 C:\WINDOWS\Tasks\At80.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-04 13:00:00 C:\WINDOWS\Tasks\At81.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-03 14:00:00 C:\WINDOWS\Tasks\At82.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-03 15:00:03 C:\WINDOWS\Tasks\At83.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-04 16:00:00 C:\WINDOWS\Tasks\At84.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-04 17:00:00 C:\WINDOWS\Tasks\At85.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-05 18:00:01 C:\WINDOWS\Tasks\At86.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-03 19:00:04 C:\WINDOWS\Tasks\At87.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-03 20:00:07 C:\WINDOWS\Tasks\At88.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-03 21:00:06 C:\WINDOWS\Tasks\At89.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-03 22:00:01 C:\WINDOWS\Tasks\At90.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-03 23:00:00 C:\WINDOWS\Tasks\At91.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-04 00:00:00 C:\WINDOWS\Tasks\At92.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-04 01:00:00 C:\WINDOWS\Tasks\At93.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-04 02:00:00 C:\WINDOWS\Tasks\At94.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-04 03:00:00 C:\WINDOWS\Tasks\At95.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-04 04:00:00 C:\WINDOWS\Tasks\At96.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-03 05:00:00 C:\WINDOWS\Tasks\At97.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-03 06:00:00 C:\WINDOWS\Tasks\At98.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-03 07:00:00 C:\WINDOWS\Tasks\At99.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2007-08-12 15:57:00 C:\WINDOWS\Tasks\Connexion facile à Internet.job" - C:\Program Files\Easy Internet signup\HPSdpApp.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-05 13:04:33 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-05 13:07:52 ComboFix2.txt 2008-01-05 17:10:44 . 2007-12-22 03:35:05 --- E O F ---
  10. cosby112
    Salut Charles Hier dans la soirée J,ai fais un scan antivir et antivir a détecté a le premier combofix et j'ai supprimé celui-ci. J'ai passé par le menu Démarrer/exécuté et j'ai copé/collé ta commande pour supprimer le premier combofix. Suite à la commande le combofix était introuvable. Ce qui semble normal. J'ai donc supprimé les reste du premier combofix manuellement. J'ai éxecuté ton deuxième combofix. Antivir m'a alerté le combofix et je l'ai desactiver . Durant l'execution du deuxième combofix, IE était malheureusement ouvert par mégarde. le travail s'est éfectué mais j'ai eu plusieurs fois le même message: Nir Cmd.exe n'est pas reconnu comme commande interne ou externe...... ComboFix 08-01-05.1 - Dany 2008-01-04 12:02:49.5 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.103 [GMT -5:00] Running from: C:\Documents and Settings\Dany.NOM-0C9D00AA293\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Dany.NOM-0C9D00AA293\Bureau\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((( Fichiers créés 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))))))) . 2008-01-03 15:24 . 2008-01-03 15:24 <REP> d-------- C:\Program Files\ioIsland 2008-01-03 15:14 . 2008-01-03 15:16 <REP> d-------- C:\Program Files\SpywareBlaster 2008-01-03 13:47 . 2008-01-03 13:47 172 --ah----- C:\sqmnoopt01.sqm 2008-01-03 13:47 . 2008-01-03 13:47 172 --ah----- C:\sqmdata01.sqm 2008-01-03 13:43 . 2008-01-03 13:43 268 --ah----- C:\sqmdata00.sqm 2008-01-03 13:43 . 2008-01-03 13:43 244 --ah----- C:\sqmnoopt00.sqm 2008-01-03 08:57 . 2008-01-03 08:57 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-01-03 08:57 . 2008-01-03 08:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-12-30 08:17 . 2007-12-30 08:17 <REP> d-------- C:\Documents and Settings\Sonia.NOM-0C9D00AA293\Application Data\Grisoft 2007-12-30 08:15 . 2007-12-30 08:15 <REP> d-------- C:\Documents and Settings\KelLie.NOM-0C9D00AA293\Application Data\Grisoft 2007-12-30 08:12 . 2007-12-30 08:12 <REP> d-------- C:\Documents and Settings\Nick.NOM-0C9D00AA293\Application Data\Grisoft 2007-12-29 23:09 . 2007-12-29 23:09 <REP> d-------- C:\Documents and Settings\Dany.NOM-0C9D00AA293\Application Data\Grisoft 2007-12-29 20:35 . 2005-05-31 02:56 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS 2007-12-29 20:35 . 2004-11-23 19:24 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau 2007-12-29 20:35 . 2004-11-23 19:24 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2007-12-29 20:35 . 2006-08-06 12:08 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles 2007-12-29 20:35 . 2006-08-06 12:07 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents 2007-12-29 20:35 . 2006-08-06 12:07 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer 2007-12-29 20:35 . 2006-08-06 12:07 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris 2007-12-29 20:35 . 2005-05-31 03:01 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2007-12-29 20:35 . 2005-05-31 03:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec 2007-12-29 20:35 . 2005-05-31 03:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SampleView 2007-12-29 20:35 . 2005-05-31 02:55 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer 2007-12-29 19:35 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-12-29 18:19 . 2007-12-29 18:19 15 --a------ C:\WINDOWS\system32\24a94b39 2007-12-29 15:07 . 2007-12-29 15:07 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Contacts 2007-12-29 15:07 . 2007-12-29 15:07 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Contacts 2007-12-29 13:49 . 2007-12-29 13:49 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\Grisoft 2007-12-29 13:49 . 2007-12-29 13:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-12-29 13:49 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-12-29 13:47 . 2007-12-29 13:47 <REP> d---s---- C:\Documents and Settings\HP_Propriétaire\UserData 2007-12-29 13:47 . 2007-12-29 13:47 <REP> d---s---- C:\Documents and Settings\HP_Propriétaire\UserData 2007-12-29 13:33 . 2007-12-29 13:33 <REP> d-------- C:\Program Files\Avira 2007-12-29 13:33 . 2007-12-29 13:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2007-12-29 13:11 . 2007-12-29 13:29 1,031,448 ---hs---- C:\WINDOWS\system32\gnmvujwi.ini 2007-12-29 09:24 . 2007-12-29 13:10 1,031,268 ---hs---- C:\WINDOWS\system32\oqviiogp.ini 2007-12-27 21:53 . 2007-12-29 09:23 1,031,499 ---hs---- C:\WINDOWS\system32\bgcoisda.ini 2007-12-27 14:46 . 2007-12-27 14:46 <REP> d-------- C:\Documents and Settings\Kellie\Application Data\LANCITE 2007-12-26 20:59 . 2007-12-27 21:53 1,031,679 ---hs---- C:\WINDOWS\system32\rknxpxjx.ini 2007-12-26 16:52 . 2007-12-26 16:52 88,936 --a------ C:\Documents and Settings\Dany.NOM-0C9D00AA293\Application Data\GDIPFONTCACHEV1.DAT 2007-12-25 23:25 . 2007-12-25 23:25 1,283,174 --a------ C:\Install 2007-12-24 20:30 . 2007-12-25 20:31 1,019,762 ---hs---- C:\WINDOWS\system32\xfibslre.ini 2007-12-23 19:39 . 2007-12-24 20:30 1,014,665 ---hs---- C:\WINDOWS\system32\itvlhnax.ini 2007-12-23 14:32 . 2007-12-23 14:32 <REP> d-------- C:\Documents and Settings\Nick.NOM-0C9D00AA293\Application Data\AntiVer2008 2007-12-23 14:32 . 2007-12-23 14:32 <REP> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon 2007-12-16 12:12 . 1991-11-11 13:01 970,686 ---hs---- C:\WINDOWS\system32\cxnjkrpy.ini 2007-12-11 17:34 . 2007-12-13 16:17 1,123,654 ---hs---- C:\WINDOWS\system32\iliwprmm.ini 2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts 2007-12-10 17:48 . 2007-12-11 12:53 1,532,882 ---hs---- C:\WINDOWS\system32\wcbirmyp.ini 2007-12-09 17:26 . 2007-12-10 17:49 1,565,077 ---hs---- C:\WINDOWS\system32\wqbkbcac.ini 2007-12-09 17:19 . 2007-12-29 13:09 20,480 --a------ C:\WINDOWS\quit.exe 2007-12-06 16:42 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-30 01:43 --------- d-----w C:\Program Files\Java 2007-12-30 00:38 --------- d-----w C:\Program Files\Ares 2007-12-30 00:37 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-30 00:37 --------- d-----w C:\Program Files\Fichiers communs\ArcSoft 2007-12-30 00:27 --------- d-----w C:\Program Files\QuickTime 2007-12-29 23:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-29 23:24 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Apple Computer 2007-12-29 23:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-12-22 11:03 --------- d-----w C:\Documents and Settings\Dany.NOM-0C9D00AA293\Application Data\LimeWire 2007-12-15 13:12 --------- d-----w C:\Program Files\MSN Messenger 2007-12-04 23:47 --------- d-----w C:\Program Files\Common Files 2007-12-02 21:22 --------- d-----w C:\Program Files\microsoft frontpage 2007-12-02 19:34 --------- d-----w C:\Program Files\PopCap Games 2007-12-02 19:32 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-11-26 21:45 --------- d-----w C:\Documents and Settings\Nick.NOM-0C9D00AA293\Application Data\LimeWire 2007-11-19 02:08 --------- d-----w C:\Program Files\Microsoft Games 2007-11-16 02:29 --------- d-----w C:\Documents and Settings\KelLie.NOM-0C9D00AA293\Application Data\LimeWire 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-10 19:30 --------- d-----w C:\Program Files\iTunes 2007-11-10 19:29 --------- d-----w C:\Program Files\iPod 2007-08-25 16:31 88,936 ----a-w C:\Documents and Settings\KelLie.NOM-0C9D00AA293\Application Data\GDIPFONTCACHEV1.DAT 2007-05-22 01:36 88,936 ----a-w C:\Documents and Settings\Nick.NOM-0C9D00AA293\Application Data\GDIPFONTCACHEV1.DAT 2006-03-19 19:30 62,352 ----a-w C:\Documents and Settings\Dany\Application Data\GDIPFONTCACHEV1.DAT 2006-02-01 16:19 62,352 ----a-w C:\Documents and Settings\Sonia\Application Data\GDIPFONTCACHEV1.DAT 2006-01-31 22:34 62,352 ----a-w C:\Documents and Settings\Kellie\Application Data\GDIPFONTCACHEV1.DAT 2006-01-19 21:32 774,144 ----a-w C:\Program Files\RngInterstitial.dll 2005-12-25 22:35 8 ----a-w C:\Documents and Settings\Dany\Application Data\usb.dat.bin 2005-07-17 21:00 0 ----a-w C:\Documents and Settings\Dany\Application Data\wklnhst.dat 2004-03-11 18:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 23:17 90112] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-29 13:35 249896] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk.disabled] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk.disabled backup=C:\WINDOWS\pss\Microsoft Office.lnk.disabledCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-05 20:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06] --a------ 2004-06-07 20:53 49152 c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-05-26 10:55 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2005-05-31 02:51 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background "EPSON Stylus CX5800F Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE /P27 "EPSON Stylus CX5800F Series" /M "Stylus CX5800F" /EF "HKCU" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot "AlcxMonitor"=ALCXMNTR.EXE "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" "LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe "HPHmon06"=C:\WINDOWS\system32\hphmon06.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7e52e1c-0005-11da-ba3d-806d6172696f}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-01-04 17:00:00 C:\WINDOWS\Tasks\A6E910479052837B.job" - c:\docume~1\sonia~1.nom\applic~1\option~1\2purewipe.exe "2007-12-29 19:23:34 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-01-03 08:00:00 C:\WINDOWS\Tasks\At100.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-03 09:00:00 C:\WINDOWS\Tasks\At101.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-03 10:00:00 C:\WINDOWS\Tasks\At102.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-03 11:00:00 C:\WINDOWS\Tasks\At103.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-03 12:00:00 C:\WINDOWS\Tasks\At104.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-04 13:00:00 C:\WINDOWS\Tasks\At105.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-03 14:00:00 C:\WINDOWS\Tasks\At106.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-03 15:00:02 C:\WINDOWS\Tasks\At107.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-04 16:00:00 C:\WINDOWS\Tasks\At108.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-04 17:00:00 C:\WINDOWS\Tasks\At109.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-03 18:00:00 C:\WINDOWS\Tasks\At110.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-03 19:00:02 C:\WINDOWS\Tasks\At111.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-03 20:00:04 C:\WINDOWS\Tasks\At112.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-03 21:00:03 C:\WINDOWS\Tasks\At113.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-03 22:00:01 C:\WINDOWS\Tasks\At114.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-03 23:00:00 C:\WINDOWS\Tasks\At115.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-04 00:00:00 C:\WINDOWS\Tasks\At116.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-04 01:00:00 C:\WINDOWS\Tasks\At117.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-04 02:00:00 C:\WINDOWS\Tasks\At118.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-04 03:00:00 C:\WINDOWS\Tasks\At119.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-04 04:00:00 C:\WINDOWS\Tasks\At120.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-03 05:00:00 C:\WINDOWS\Tasks\At121.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-03 06:00:00 C:\WINDOWS\Tasks\At122.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-03 07:00:00 C:\WINDOWS\Tasks\At123.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-03 08:00:00 C:\WINDOWS\Tasks\At124.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-03 09:00:00 C:\WINDOWS\Tasks\At125.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-03 10:00:00 C:\WINDOWS\Tasks\At126.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-03 11:00:00 C:\WINDOWS\Tasks\At127.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-03 12:00:00 C:\WINDOWS\Tasks\At128.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-04 13:00:00 C:\WINDOWS\Tasks\At129.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-03 14:00:00 C:\WINDOWS\Tasks\At130.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-03 15:00:03 C:\WINDOWS\Tasks\At131.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-04 16:00:00 C:\WINDOWS\Tasks\At132.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-04 17:00:00 C:\WINDOWS\Tasks\At133.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-03 18:00:00 C:\WINDOWS\Tasks\At134.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-03 19:00:02 C:\WINDOWS\Tasks\At135.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-03 20:00:05 C:\WINDOWS\Tasks\At136.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-03 21:00:04 C:\WINDOWS\Tasks\At137.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-03 22:00:01 C:\WINDOWS\Tasks\At138.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-03 23:00:00 C:\WINDOWS\Tasks\At139.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-04 00:00:00 C:\WINDOWS\Tasks\At140.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-04 01:00:00 C:\WINDOWS\Tasks\At141.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-04 02:00:00 C:\WINDOWS\Tasks\At142.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-04 03:00:00 C:\WINDOWS\Tasks\At143.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-04 04:00:00 C:\WINDOWS\Tasks\At144.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-03 05:00:00 C:\WINDOWS\Tasks\At145.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-03 06:00:00 C:\WINDOWS\Tasks\At146.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-03 07:00:00 C:\WINDOWS\Tasks\At147.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-03 08:00:00 C:\WINDOWS\Tasks\At148.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-03 09:00:00 C:\WINDOWS\Tasks\At149.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-03 10:00:00 C:\WINDOWS\Tasks\At150.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-03 11:00:00 C:\WINDOWS\Tasks\At151.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-03 12:00:00 C:\WINDOWS\Tasks\At152.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-04 13:00:00 C:\WINDOWS\Tasks\At153.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-03 14:00:00 C:\WINDOWS\Tasks\At154.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-03 15:00:03 C:\WINDOWS\Tasks\At155.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-04 16:00:00 C:\WINDOWS\Tasks\At156.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-04 17:00:00 C:\WINDOWS\Tasks\At157.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-03 18:00:00 C:\WINDOWS\Tasks\At158.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-03 19:00:02 C:\WINDOWS\Tasks\At159.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-03 20:00:05 C:\WINDOWS\Tasks\At160.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-03 21:00:05 C:\WINDOWS\Tasks\At161.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-03 22:00:01 C:\WINDOWS\Tasks\At162.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-03 23:00:00 C:\WINDOWS\Tasks\At163.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-04 00:00:00 C:\WINDOWS\Tasks\At164.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-04 01:00:00 C:\WINDOWS\Tasks\At165.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-04 02:00:00 C:\WINDOWS\Tasks\At166.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-04 03:00:00 C:\WINDOWS\Tasks\At167.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-04 04:00:00 C:\WINDOWS\Tasks\At168.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-03 06:00:00 C:\WINDOWS\Tasks\At26.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-03 07:00:00 C:\WINDOWS\Tasks\At27.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-03 08:00:00 C:\WINDOWS\Tasks\At28.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-03 09:00:00 C:\WINDOWS\Tasks\At29.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-03 10:00:00 C:\WINDOWS\Tasks\At30.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-03 11:00:00 C:\WINDOWS\Tasks\At31.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-03 12:00:00 C:\WINDOWS\Tasks\At32.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-04 13:00:00 C:\WINDOWS\Tasks\At33.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-03 14:00:00 C:\WINDOWS\Tasks\At34.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-03 15:00:03 C:\WINDOWS\Tasks\At35.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-04 16:00:00 C:\WINDOWS\Tasks\At36.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-04 17:00:00 C:\WINDOWS\Tasks\At37.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-03 18:00:00 C:\WINDOWS\Tasks\At38.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-03 19:00:02 C:\WINDOWS\Tasks\At39.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-03 20:00:06 C:\WINDOWS\Tasks\At40.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-03 21:00:05 C:\WINDOWS\Tasks\At41.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-03 22:00:01 C:\WINDOWS\Tasks\At42.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-03 23:00:00 C:\WINDOWS\Tasks\At43.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-04 00:00:00 C:\WINDOWS\Tasks\At44.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-04 01:00:00 C:\WINDOWS\Tasks\At45.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-04 02:00:00 C:\WINDOWS\Tasks\At46.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-04 03:00:00 C:\WINDOWS\Tasks\At47.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-04 04:00:00 C:\WINDOWS\Tasks\At48.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-03 05:00:00 C:\WINDOWS\Tasks\At49.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-03 06:00:00 C:\WINDOWS\Tasks\At50.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-03 07:00:00 C:\WINDOWS\Tasks\At51.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-03 08:00:00 C:\WINDOWS\Tasks\At52.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-03 09:00:00 C:\WINDOWS\Tasks\At53.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-03 10:00:00 C:\WINDOWS\Tasks\At54.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-03 11:00:00 C:\WINDOWS\Tasks\At55.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-03 12:00:00 C:\WINDOWS\Tasks\At56.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-04 13:00:00 C:\WINDOWS\Tasks\At57.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-03 14:00:00 C:\WINDOWS\Tasks\At58.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-03 15:00:03 C:\WINDOWS\Tasks\At59.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-04 16:00:00 C:\WINDOWS\Tasks\At60.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-04 17:00:00 C:\WINDOWS\Tasks\At61.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-03 18:00:00 C:\WINDOWS\Tasks\At62.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-03 19:00:03 C:\WINDOWS\Tasks\At63.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-03 20:00:07 C:\WINDOWS\Tasks\At64.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-03 21:00:05 C:\WINDOWS\Tasks\At65.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-03 22:00:01 C:\WINDOWS\Tasks\At66.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-03 23:00:00 C:\WINDOWS\Tasks\At67.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-04 00:00:00 C:\WINDOWS\Tasks\At68.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-04 01:00:00 C:\WINDOWS\Tasks\At69.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-04 02:00:00 C:\WINDOWS\Tasks\At70.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-04 03:00:00 C:\WINDOWS\Tasks\At71.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-04 04:00:00 C:\WINDOWS\Tasks\At72.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-03 05:00:00 C:\WINDOWS\Tasks\At73.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-03 06:00:00 C:\WINDOWS\Tasks\At74.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-03 07:00:00 C:\WINDOWS\Tasks\At75.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-03 08:00:00 C:\WINDOWS\Tasks\At76.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-03 09:00:00 C:\WINDOWS\Tasks\At77.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-03 10:00:00 C:\WINDOWS\Tasks\At78.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-03 11:00:00 C:\WINDOWS\Tasks\At79.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-03 12:00:00 C:\WINDOWS\Tasks\At80.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-04 13:00:00 C:\WINDOWS\Tasks\At81.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-03 14:00:00 C:\WINDOWS\Tasks\At82.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-03 15:00:03 C:\WINDOWS\Tasks\At83.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-04 16:00:00 C:\WINDOWS\Tasks\At84.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-04 17:00:00 C:\WINDOWS\Tasks\At85.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-03 18:00:00 C:\WINDOWS\Tasks\At86.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-03 19:00:04 C:\WINDOWS\Tasks\At87.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-03 20:00:07 C:\WINDOWS\Tasks\At88.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-03 21:00:06 C:\WINDOWS\Tasks\At89.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-03 22:00:01 C:\WINDOWS\Tasks\At90.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-03 23:00:00 C:\WINDOWS\Tasks\At91.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-04 00:00:00 C:\WINDOWS\Tasks\At92.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-04 01:00:00 C:\WINDOWS\Tasks\At93.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-04 02:00:00 C:\WINDOWS\Tasks\At94.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-04 03:00:00 C:\WINDOWS\Tasks\At95.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-04 04:00:00 C:\WINDOWS\Tasks\At96.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-03 05:00:00 C:\WINDOWS\Tasks\At97.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-03 06:00:00 C:\WINDOWS\Tasks\At98.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-03 07:00:00 C:\WINDOWS\Tasks\At99.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2007-08-12 15:57:00 C:\WINDOWS\Tasks\Connexion facile à Internet.job" - C:\Program Files\Easy Internet signup\HPSdpApp.exe . ************************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2008-01-05 12:10:43 ComboFix-quarantined-files.txt 2008-01-05 17:10:33 . 2007-12-22 03:35:05 --- E O F --- Désole si j'ai fais des erreurs....merci encore
  11. cosby112
    Salut Charles voici le rapport de Kaspersky...... encore une fois un gros merci à toi et Zonk pour votre aide!!! KASPERSKY ONLINE SCANNER REPORT Thursday, January 03, 2008 11:35:04 AM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 3/01/2008 Kaspersky Anti-Virus database records: 501978 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ Scan Statistics: Total number of scanned objects: 130054 Number of viruses found: 7 Number of infected objects: 35 Number of suspicious objects: 0 Duration of the scan process: 01:22:59 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped C:\Documents and Settings\All Users\Application Data\muvee Technologies30625\scratch\WDCreator.ini Object is locked skipped C:\Documents and Settings\Dany.NOM-0C9D00AA293\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Dany.NOM-0C9D00AA293\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Dany.NOM-0C9D00AA293\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Dany.NOM-0C9D00AA293\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Dany.NOM-0C9D00AA293\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\Mes documents\SmileyCentralPFSetup2.2.60.11-2.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped C:\Documents and Settings\Dany.NOM-0C9D00AA293\Mes documents\Mes documents\SmileyCentralPFSetup2.2.60.11-2.exe CAB: infected - 1 skipped C:\Documents and Settings\Dany.NOM-0C9D00AA293\ntuser.dat Object is locked skipped C:\Documents and Settings\Dany.NOM-0C9D00AA293\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\KelLie.NOM-0C9D00AA293\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-1e92c679/vmain.class Infected: Exploit.Java.Gimsh.b skipped C:\Documents and Settings\KelLie.NOM-0C9D00AA293\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-1e92c679 ZIP: infected - 1 skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Common Files\Companion Wizard\compwiz.exe Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 skipped C:\Program Files\Common Files\Тasks\аttrib.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gq skipped C:\QooBox\Quarantine\C\Documents and Settings\KelLie.NOM-0C9D00AA293\Application Data\YSTEM3~1\rеgedit.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.gq skipped C:\QooBox\Quarantine\C\WINDOWS\system32\advdpynq.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped C:\QooBox\Quarantine\C\WINDOWS\system32\bcxvlery.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped C:\QooBox\Quarantine\C\WINDOWS\system32\bsdqelqc.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped C:\QooBox\Quarantine\C\WINDOWS\system32\bxelaomg.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped C:\QooBox\Quarantine\C\WINDOWS\system32\egjqtgbx.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped C:\QooBox\Quarantine\C\WINDOWS\system32\ehirynjt.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped C:\QooBox\Quarantine\C\WINDOWS\system32\esosdpep.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped C:\QooBox\Quarantine\C\WINDOWS\system32\fvtediam.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped C:\QooBox\Quarantine\C\WINDOWS\system32\fxibqrtc.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped C:\QooBox\Quarantine\C\WINDOWS\system32\gnvdjpcv.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped C:\QooBox\Quarantine\C\WINDOWS\system32\ixmktepp.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped C:\QooBox\Quarantine\C\WINDOWS\system32\jtdhpbem.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped C:\QooBox\Quarantine\C\WINDOWS\system32\kxekwrrc.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.af skipped C:\QooBox\Quarantine\C\WINDOWS\system32\mxiuhgbb.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped C:\QooBox\Quarantine\C\WINDOWS\system32\nshaxkjx.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped C:\QooBox\Quarantine\C\WINDOWS\system32\qbpwjero.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped C:\QooBox\Quarantine\C\WINDOWS\system32\qlbiwyvf.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped C:\QooBox\Quarantine\C\WINDOWS\system32\rgwkjpcr.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped C:\QooBox\Quarantine\C\WINDOWS\system32\rsyqavip.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped C:\QooBox\Quarantine\C\WINDOWS\system32\stidompd.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped C:\QooBox\Quarantine\C\WINDOWS\system32\tfxjckhd.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped C:\QooBox\Quarantine\C\WINDOWS\system32\uwslxhme.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped C:\QooBox\Quarantine\C\WINDOWS\system32\ybwqbwjb.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped C:\QooBox\Quarantine\C\WINDOWS\system32\ywvvsidv.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped C:\QooBox\Quarantine\C\WINDOWS\system32\yxnpyaxw.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{5468DB36-2FF3-44DE-B67D-B49088DCAAFF}\RP7\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{D2C0A0B2-7821-4381-AFB0-ED46E275C22B}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\agxoyohh.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\msbaflkc.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped C:\WINDOWS\system32\ryrbxwku.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.
  12. cosby112
    Salut Charles J'ai donné à Zonk par téléphone la description de la détection( mess 24) et le seul que j'ai vu est Play mp3z et il est supprimé. voici le dernier combofix ComboFix 08-01-03.3 - Dany 2008-01-02 21:33:18.4 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.121 [GMT -5:00] Running from: C:\Documents and Settings\Dany.NOM-0C9D00AA293\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Dany.NOM-0C9D00AA293\Bureau\CFScript.txt * Created a new restore point . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\sonia~1.nom\applic~1\option~1 c:\docume~1\sonia~1.nom\applic~1\option~1\51A2FDC9 C:\Program Files\AntiVer2008 C:\Program Files\AntiVer2008\history.db C:\Program Files\AntiVer2008\main.log C:\Program Files\AntiVer2008\ResErrors.log C:\Program Files\MalwareAlarm C:\Program Files\MalwareAlarm\MalwareAlarm.exe C:\Program Files\MalwareAlarm\MalwareAlarm.lic C:\Program Files\MalwareAlarm\Uninstall.exe . ((((((((((((((((((((((((((((( Fichiers créés 2007-12-03 to 2008-01-03 )))))))))))))))))))))))))))))))))))) . 2008-01-03 15:24 . 2008-01-03 15:24 <REP> d-------- C:\Program Files\ioIsland 2008-01-03 15:14 . 2008-01-03 15:16 <REP> d-------- C:\Program Files\SpywareBlaster 2008-01-02 14:38 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-12-30 08:17 . 2007-12-30 08:17 <REP> d-------- C:\Documents and Settings\Sonia.NOM-0C9D00AA293\Application Data\Grisoft 2007-12-30 08:15 . 2007-12-30 08:15 <REP> d-------- C:\Documents and Settings\KelLie.NOM-0C9D00AA293\Application Data\Grisoft 2007-12-30 08:12 . 2007-12-30 08:12 <REP> d-------- C:\Documents and Settings\Nick.NOM-0C9D00AA293\Application Data\Grisoft 2007-12-29 23:09 . 2007-12-29 23:09 <REP> d-------- C:\Documents and Settings\Dany.NOM-0C9D00AA293\Application Data\Grisoft 2007-12-29 20:35 . 2005-05-31 02:56 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS 2007-12-29 20:35 . 2004-11-23 19:24 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau 2007-12-29 20:35 . 2004-11-23 19:24 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2007-12-29 20:35 . 2006-08-06 12:08 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles 2007-12-29 20:35 . 2006-08-06 12:07 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents 2007-12-29 20:35 . 2006-08-06 12:07 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer 2007-12-29 20:35 . 2006-08-06 12:07 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris 2007-12-29 20:35 . 2005-05-31 03:01 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2007-12-29 20:35 . 2005-05-31 03:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec 2007-12-29 20:35 . 2005-05-31 03:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SampleView 2007-12-29 20:35 . 2005-05-31 02:55 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer 2007-12-29 19:35 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-12-29 18:19 . 2007-12-29 18:19 15 --a------ C:\WINDOWS\system32\24a94b39 2007-12-29 15:07 . 2007-12-29 15:07 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Contacts 2007-12-29 15:07 . 2007-12-29 15:07 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Contacts 2007-12-29 13:49 . 2007-12-29 13:49 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\Grisoft 2007-12-29 13:49 . 2007-12-29 13:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-12-29 13:49 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-12-29 13:47 . 2007-12-29 13:47 <REP> d---s---- C:\Documents and Settings\HP_Propriétaire\UserData 2007-12-29 13:47 . 2007-12-29 13:47 <REP> d---s---- C:\Documents and Settings\HP_Propriétaire\UserData 2007-12-29 13:33 . 2007-12-29 13:33 <REP> d-------- C:\Program Files\Avira 2007-12-29 13:33 . 2007-12-29 13:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2007-12-29 13:11 . 2007-12-29 13:29 1,031,448 ---hs---- C:\WINDOWS\system32\gnmvujwi.ini 2007-12-29 09:24 . 2007-12-29 13:10 1,031,268 ---hs---- C:\WINDOWS\system32\oqviiogp.ini 2007-12-27 21:53 . 2007-12-29 09:23 1,031,499 ---hs---- C:\WINDOWS\system32\bgcoisda.ini 2007-12-27 14:46 . 2007-12-27 14:46 <REP> d-------- C:\Documents and Settings\Kellie\Application Data\LANCITE 2007-12-26 20:59 . 2007-12-27 21:53 1,031,679 ---hs---- C:\WINDOWS\system32\rknxpxjx.ini 2007-12-26 16:52 . 2007-12-26 16:52 88,936 --a------ C:\Documents and Settings\Dany.NOM-0C9D00AA293\Application Data\GDIPFONTCACHEV1.DAT 2007-12-25 23:25 . 2007-12-25 23:25 1,283,174 --a------ C:\Install 2007-12-24 20:30 . 2007-12-25 20:31 1,019,762 ---hs---- C:\WINDOWS\system32\xfibslre.ini 2007-12-23 19:39 . 2007-12-24 20:30 1,014,665 ---hs---- C:\WINDOWS\system32\itvlhnax.ini 2007-12-23 14:32 . 2007-12-23 14:32 <REP> d-------- C:\Documents and Settings\Nick.NOM-0C9D00AA293\Application Data\AntiVer2008 2007-12-23 14:32 . 2007-12-23 14:32 <REP> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon 2007-12-16 12:12 . 1991-11-11 13:01 970,686 ---hs---- C:\WINDOWS\system32\cxnjkrpy.ini 2007-12-11 17:34 . 2007-12-13 16:17 1,123,654 ---hs---- C:\WINDOWS\system32\iliwprmm.ini 2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts 2007-12-10 17:48 . 2007-12-11 12:53 1,532,882 ---hs---- C:\WINDOWS\system32\wcbirmyp.ini 2007-12-09 17:26 . 2007-12-10 17:49 1,565,077 ---hs---- C:\WINDOWS\system32\wqbkbcac.ini 2007-12-09 17:19 . 2007-12-29 13:09 20,480 --a------ C:\WINDOWS\quit.exe 2007-12-06 16:42 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll 2007-12-04 14:47 . 2007-12-05 13:43 1,471,289 ---hs---- C:\WINDOWS\system32\ickautoa.ini . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-30 01:43 --------- d-----w C:\Program Files\Java 2007-12-30 00:38 --------- d-----w C:\Program Files\Ares 2007-12-30 00:37 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-30 00:37 --------- d-----w C:\Program Files\Fichiers communs\ArcSoft 2007-12-30 00:27 --------- d-----w C:\Program Files\QuickTime 2007-12-29 23:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-29 23:24 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Apple Computer 2007-12-29 23:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-12-22 11:03 --------- d-----w C:\Documents and Settings\Dany.NOM-0C9D00AA293\Application Data\LimeWire 2007-12-15 13:12 --------- d-----w C:\Program Files\MSN Messenger 2007-12-04 23:47 --------- d-----w C:\Program Files\Common Files 2007-12-02 21:22 --------- d-----w C:\Program Files\microsoft frontpage 2007-12-02 19:34 --------- d-----w C:\Program Files\PopCap Games 2007-12-02 19:32 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-11-26 21:45 --------- d-----w C:\Documents and Settings\Nick.NOM-0C9D00AA293\Application Data\LimeWire 2007-11-19 02:08 --------- d-----w C:\Program Files\Microsoft Games 2007-11-16 02:29 --------- d-----w C:\Documents and Settings\KelLie.NOM-0C9D00AA293\Application Data\LimeWire 2007-11-14 07:28 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-10 19:30 --------- d-----w C:\Program Files\iTunes 2007-11-10 19:29 --------- d-----w C:\Program Files\iPod 2007-11-03 18:31 --------- d-----w C:\Program Files\PartyGaming 2007-10-30 10:18 3,079,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-25 16:56 8,510,976 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-20 11:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-20 11:01 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll 2007-10-11 06:13 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll 2007-10-11 06:13 663,552 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2007-10-11 06:13 617,472 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-10-11 06:13 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-10-11 06:13 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll 2007-10-11 06:13 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll 2007-10-11 06:13 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-10-11 06:13 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-10-11 06:13 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll 2007-10-11 06:13 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll 2007-10-11 06:13 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-10-11 06:13 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-10-11 06:13 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll 2007-10-11 06:13 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll 2007-10-11 06:13 1,495,040 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll 2007-10-11 06:13 1,056,768 ----a-w C:\WINDOWS\system32\dllcache\danim.dll 2007-10-11 06:13 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll 2007-10-10 11:16 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe 2007-08-25 16:31 88,936 ----a-w C:\Documents and Settings\KelLie.NOM-0C9D00AA293\Application Data\GDIPFONTCACHEV1.DAT 2007-05-22 01:36 88,936 ----a-w C:\Documents and Settings\Nick.NOM-0C9D00AA293\Application Data\GDIPFONTCACHEV1.DAT 2006-03-19 19:30 62,352 ----a-w C:\Documents and Settings\Dany\Application Data\GDIPFONTCACHEV1.DAT 2006-02-01 16:19 62,352 ----a-w C:\Documents and Settings\Sonia\Application Data\GDIPFONTCACHEV1.DAT 2006-01-31 22:34 62,352 ----a-w C:\Documents and Settings\Kellie\Application Data\GDIPFONTCACHEV1.DAT 2006-01-19 21:32 774,144 ----a-w C:\Program Files\RngInterstitial.dll 2005-12-25 22:35 8 ----a-w C:\Documents and Settings\Dany\Application Data\usb.dat.bin 2005-07-17 21:00 0 ----a-w C:\Documents and Settings\Dany\Application Data\wklnhst.dat 2004-03-11 18:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe . ((((((((((((((((((((((((((((( snapshot@2007-12-31_ 9.35.58.20 ))))))))))))))))))))))))))))))))))))))))) . + 2006-06-20 20:44:04 379,704 ----a-w C:\WINDOWS\Downloaded Program Files\CONFLICT.2\MsnPUpld.dll + 2006-06-20 20:44:02 117,560 ----a-w C:\WINDOWS\Downloaded Program Files\CONFLICT.2\PURen-us.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 20:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 20:53 49152] "PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 23:17 90112] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-29 13:35 249896] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-05-31 02:51 180269] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk.disabled [2006-08-08 19:56:03] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background "EPSON Stylus CX5800F Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE /P27 "EPSON Stylus CX5800F Series" /M "Stylus CX5800F" /EF "HKCU" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot "AlcxMonitor"=ALCXMNTR.EXE "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" "LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe "HPHmon06"=C:\WINDOWS\system32\hphmon06.exe R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 12:08] S3 PTV371;Mini TV USB;C:\WINDOWS\system32\DRIVERS\PTV371.SYS [2006-04-14 15:56] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7e52e1c-0005-11da-ba3d-806d6172696f}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-01-04 02:00:00 C:\WINDOWS\Tasks\A6E910479052837B.job" - c:\docume~1\sonia~1.nom\applic~1\option~1\2purewipe.exe "2007-12-29 19:23:34 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-11-29 00:17:33 C:\WINDOWS\Tasks\At100.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2007-11-29 00:17:33 C:\WINDOWS\Tasks\At101.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2007-11-29 00:17:33 C:\WINDOWS\Tasks\At102.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2007-12-22 11:00:45 C:\WINDOWS\Tasks\At103.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-01 12:00:00 C:\WINDOWS\Tasks\At104.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-01 13:00:00 C:\WINDOWS\Tasks\At105.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-01 14:00:01 C:\WINDOWS\Tasks\At106.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2007-12-31 15:00:00 C:\WINDOWS\Tasks\At107.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-02 16:00:00 C:\WINDOWS\Tasks\At108.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-02 17:00:00 C:\WINDOWS\Tasks\At109.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-02 18:00:00 C:\WINDOWS\Tasks\At110.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-02 19:00:00 C:\WINDOWS\Tasks\At111.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-03 20:00:00 C:\WINDOWS\Tasks\At112.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-03 21:00:00 C:\WINDOWS\Tasks\At113.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-03 22:00:00 C:\WINDOWS\Tasks\At114.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-03 23:00:00 C:\WINDOWS\Tasks\At115.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-04 00:00:00 C:\WINDOWS\Tasks\At116.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-04 01:00:00 C:\WINDOWS\Tasks\At117.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-04 02:00:00 C:\WINDOWS\Tasks\At118.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-02 03:00:00 C:\WINDOWS\Tasks\At119.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-02 04:00:00 C:\WINDOWS\Tasks\At120.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-02 05:00:00 C:\WINDOWS\Tasks\At121.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-02 06:00:00 C:\WINDOWS\Tasks\At122.job" - C:\WINDOWS\system32\QVblq07i.exe "2007-11-29 21:30:40 C:\WINDOWS\Tasks\At123.job" - C:\WINDOWS\system32\QVblq07i.exe "2007-11-29 21:30:40 C:\WINDOWS\Tasks\At124.job" - C:\WINDOWS\system32\QVblq07i.exe "2007-11-29 21:30:40 C:\WINDOWS\Tasks\At125.job" - C:\WINDOWS\system32\QVblq07i.exe "2007-11-29 21:30:40 C:\WINDOWS\Tasks\At126.job" - C:\WINDOWS\system32\QVblq07i.exe "2007-12-22 11:00:45 C:\WINDOWS\Tasks\At127.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-01 12:00:00 C:\WINDOWS\Tasks\At128.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-01 13:00:00 C:\WINDOWS\Tasks\At129.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-01 14:00:01 C:\WINDOWS\Tasks\At130.job" - C:\WINDOWS\system32\QVblq07i.exe "2007-12-31 15:00:00 C:\WINDOWS\Tasks\At131.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-02 16:00:00 C:\WINDOWS\Tasks\At132.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-02 17:00:00 C:\WINDOWS\Tasks\At133.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-02 18:00:00 C:\WINDOWS\Tasks\At134.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-02 19:00:00 C:\WINDOWS\Tasks\At135.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-03 20:00:00 C:\WINDOWS\Tasks\At136.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-03 21:00:00 C:\WINDOWS\Tasks\At137.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-03 22:00:00 C:\WINDOWS\Tasks\At138.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-03 23:00:00 C:\WINDOWS\Tasks\At139.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-04 00:00:00 C:\WINDOWS\Tasks\At140.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-04 01:00:00 C:\WINDOWS\Tasks\At141.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-04 02:00:00 C:\WINDOWS\Tasks\At142.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-02 03:00:00 C:\WINDOWS\Tasks\At143.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-02 04:00:00 C:\WINDOWS\Tasks\At144.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-02 05:00:00 C:\WINDOWS\Tasks\At145.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-02 06:00:00 C:\WINDOWS\Tasks\At146.job" - C:\WINDOWS\system32\RY305Ji6.exe "2007-12-18 04:55:53 C:\WINDOWS\Tasks\At147.job" - C:\WINDOWS\system32\RY305Ji6.exe "2007-12-18 04:55:53 C:\WINDOWS\Tasks\At148.job" - C:\WINDOWS\system32\RY305Ji6.exe "2007-12-18 04:55:53 C:\WINDOWS\Tasks\At149.job" - C:\WINDOWS\system32\RY305Ji6.exe "2007-12-18 04:55:53 C:\WINDOWS\Tasks\At150.job" - C:\WINDOWS\system32\RY305Ji6.exe "2007-12-22 11:01:52 C:\WINDOWS\Tasks\At151.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-01 12:00:00 C:\WINDOWS\Tasks\At152.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-01 13:00:00 C:\WINDOWS\Tasks\At153.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-01 14:00:02 C:\WINDOWS\Tasks\At154.job" - C:\WINDOWS\system32\RY305Ji6.exe "2007-12-31 15:00:00 C:\WINDOWS\Tasks\At155.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-02 16:00:00 C:\WINDOWS\Tasks\At156.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-02 17:00:00 C:\WINDOWS\Tasks\At157.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-02 18:00:00 C:\WINDOWS\Tasks\At158.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-02 19:00:00 C:\WINDOWS\Tasks\At159.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-03 20:00:00 C:\WINDOWS\Tasks\At160.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-03 21:00:00 C:\WINDOWS\Tasks\At161.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-03 22:00:00 C:\WINDOWS\Tasks\At162.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-03 23:00:00 C:\WINDOWS\Tasks\At163.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-04 00:00:00 C:\WINDOWS\Tasks\At164.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-04 01:00:00 C:\WINDOWS\Tasks\At165.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-04 02:00:00 C:\WINDOWS\Tasks\At166.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-02 03:00:00 C:\WINDOWS\Tasks\At167.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-02 04:00:00 C:\WINDOWS\Tasks\At168.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-02 06:00:00 C:\WINDOWS\Tasks\At26.job" - C:\WINDOWS\system32\4ItJE164.exe "2007-11-11 20:31:32 C:\WINDOWS\Tasks\At27.job" - C:\WINDOWS\system32\4ItJE164.exe "2007-11-11 20:31:32 C:\WINDOWS\Tasks\At28.job" - C:\WINDOWS\system32\4ItJE164.exe "2007-11-11 20:31:32 C:\WINDOWS\Tasks\At29.job" - C:\WINDOWS\system32\4ItJE164.exe "2007-11-11 20:31:32 C:\WINDOWS\Tasks\At30.job" - C:\WINDOWS\system32\4ItJE164.exe "2007-12-22 11:00:45 C:\WINDOWS\Tasks\At31.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-01 12:00:00 C:\WINDOWS\Tasks\At32.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-01 13:00:00 C:\WINDOWS\Tasks\At33.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-01 14:00:02 C:\WINDOWS\Tasks\At34.job" - C:\WINDOWS\system32\4ItJE164.exe "2007-12-31 15:00:00 C:\WINDOWS\Tasks\At35.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-02 16:00:00 C:\WINDOWS\Tasks\At36.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-02 17:00:00 C:\WINDOWS\Tasks\At37.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-02 18:00:00 C:\WINDOWS\Tasks\At38.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-02 19:00:00 C:\WINDOWS\Tasks\At39.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-03 20:00:00 C:\WINDOWS\Tasks\At40.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-03 21:00:00 C:\WINDOWS\Tasks\At41.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-03 22:00:00 C:\WINDOWS\Tasks\At42.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-03 23:00:00 C:\WINDOWS\Tasks\At43.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-04 00:00:00 C:\WINDOWS\Tasks\At44.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-04 01:00:00 C:\WINDOWS\Tasks\At45.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-04 02:00:00 C:\WINDOWS\Tasks\At46.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-02 03:00:00 C:\WINDOWS\Tasks\At47.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-02 04:00:00 C:\WINDOWS\Tasks\At48.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-02 05:00:00 C:\WINDOWS\Tasks\At49.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-02 06:00:00 C:\WINDOWS\Tasks\At50.job" - C:\WINDOWS\system32\YIpo3bib.exe "2007-11-22 00:35:01 C:\WINDOWS\Tasks\At51.job" - C:\WINDOWS\system32\YIpo3bib.exe "2007-11-22 00:35:01 C:\WINDOWS\Tasks\At52.job" - C:\WINDOWS\system32\YIpo3bib.exe "2007-11-22 00:35:01 C:\WINDOWS\Tasks\At53.job" - C:\WINDOWS\system32\YIpo3bib.exe "2007-11-22 00:35:01 C:\WINDOWS\Tasks\At54.job" - C:\WINDOWS\system32\YIpo3bib.exe "2007-12-22 11:00:46 C:\WINDOWS\Tasks\At55.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-01 12:00:00 C:\WINDOWS\Tasks\At56.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-01 13:00:00 C:\WINDOWS\Tasks\At57.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-01 14:00:02 C:\WINDOWS\Tasks\At58.job" - C:\WINDOWS\system32\YIpo3bib.exe "2007-12-31 15:00:00 C:\WINDOWS\Tasks\At59.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-02 16:00:00 C:\WINDOWS\Tasks\At60.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-02 17:00:01 C:\WINDOWS\Tasks\At61.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-02 18:00:00 C:\WINDOWS\Tasks\At62.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-02 19:00:00 C:\WINDOWS\Tasks\At63.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-03 20:00:00 C:\WINDOWS\Tasks\At64.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-03 21:00:00 C:\WINDOWS\Tasks\At65.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-03 22:00:00 C:\WINDOWS\Tasks\At66.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-03 23:00:00 C:\WINDOWS\Tasks\At67.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-04 00:00:00 C:\WINDOWS\Tasks\At68.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-04 01:00:00 C:\WINDOWS\Tasks\At69.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-04 02:00:00 C:\WINDOWS\Tasks\At70.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-02 03:00:00 C:\WINDOWS\Tasks\At71.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-02 04:00:00 C:\WINDOWS\Tasks\At72.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-02 05:00:00 C:\WINDOWS\Tasks\At73.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-02 06:00:00 C:\WINDOWS\Tasks\At74.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2007-11-26 21:18:15 C:\WINDOWS\Tasks\At75.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2007-11-26 21:18:15 C:\WINDOWS\Tasks\At76.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2007-11-26 21:18:15 C:\WINDOWS\Tasks\At77.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2007-11-26 21:18:15 C:\WINDOWS\Tasks\At78.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2007-12-22 11:00:46 C:\WINDOWS\Tasks\At79.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-01 12:00:00 C:\WINDOWS\Tasks\At80.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-01 13:00:00 C:\WINDOWS\Tasks\At81.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-01 14:00:02 C:\WINDOWS\Tasks\At82.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2007-12-31 15:00:00 C:\WINDOWS\Tasks\At83.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-02 16:00:00 C:\WINDOWS\Tasks\At84.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-02 17:00:01 C:\WINDOWS\Tasks\At85.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-02 18:00:00 C:\WINDOWS\Tasks\At86.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-02 19:00:00 C:\WINDOWS\Tasks\At87.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-03 20:00:00 C:\WINDOWS\Tasks\At88.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-03 21:00:00 C:\WINDOWS\Tasks\At89.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-03 22:00:00 C:\WINDOWS\Tasks\At90.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-03 23:00:00 C:\WINDOWS\Tasks\At91.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-04 00:00:00 C:\WINDOWS\Tasks\At92.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-04 01:00:00 C:\WINDOWS\Tasks\At93.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-04 02:00:00 C:\WINDOWS\Tasks\At94.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-02 03:00:00 C:\WINDOWS\Tasks\At95.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-02 04:00:00 C:\WINDOWS\Tasks\At96.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-02 05:00:00 C:\WINDOWS\Tasks\At97.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-02 06:00:00 C:\WINDOWS\Tasks\At98.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2007-11-29 00:17:33 C:\WINDOWS\Tasks\At99.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2007-08-12 15:57:00 C:\WINDOWS\Tasks\Connexion facile à Internet.job" - C:\Program Files\Easy Internet signup\HPSdpApp.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-02 21:38:45 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-02 21:40:49 ComboFix-quarantined-files.txt 2008-01-03 02:40:47 ComboFix2.txt 2008-01-03 19:49:38 . 2007-12-22 03:35:05 --- E O F --- je m'en vais sur le scan kaspersky Un gros merci
  13. cosby112
    Salut Zonk... voici mon dernier Hijack comme tu me là demander Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:44:43, on 2008-01-03 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ps2.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Dany.NOM-0C9D00AA293\Bureau\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/defaultf.aspx?lang=fr-ca R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-21-1753211137-726113863-466205179-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'KelLie') O4 - HKUS\S-1-5-21-1753211137-726113863-466205179-1009\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'KelLie') O4 - HKUS\S-1-5-21-1753211137-726113863-466205179-1009\..\Run: [insider] C:\Program Files\Insider\Insider.exe (User 'KelLie') O4 - HKUS\S-1-5-21-1753211137-726113863-466205179-1009\..\Run: [WinTouch] C:\Documents and Settings\KelLie.NOM-0C9D00AA293\Application Data\WinTouch\WinTouch.exe (User 'KelLie') O4 - HKUS\S-1-5-21-1753211137-726113863-466205179-1009\..\Run: [sfKg6w] C:\Documents and Settings\KelLie.NOM-0C9D00AA293\Application Data\Microsoft\Windows\mfqaecah.exe (User 'KelLie') O4 - HKUS\S-1-5-21-1753211137-726113863-466205179-1009\..\Run: [Tsra] "C:\PROGRA~1\COMMON~1\CROSOF~1.NET\spoolsv.exe" -vt ndrv (User 'KelLie') O4 - HKUS\S-1-5-21-1753211137-726113863-466205179-1009\..\Run: [Zuy] "C:\Documents and Settings\KelLie.NOM-0C9D00AA293\Application Data\?ystem32\r?gedit.exe" (User 'KelLie') O4 - HKUS\S-1-5-21-1753211137-726113863-466205179-1009\..\Run: [iESet] IExplorer.dll .dbt (User 'KelLie') O4 - HKUS\S-1-5-21-1753211137-726113863-466205179-1009\..\Run: [Windows update loader] C:\Windows\xpupdate.exe (User 'KelLie') O4 - HKUS\S-1-5-21-1753211137-726113863-466205179-1009\..\Policies\Explorer\Run: [{24A95918-08A2-3084-0420-050624040002}] "C:\Program Files\Fichiers communs\{24A95918-08A2-3084-0420-050624040002}\Update.exe" mc-110-12-0000904 (User 'KelLie') O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O4 - Global Startup: Microsoft Office.lnk.disabled O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_en_US.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O24 - Desktop Component 0: (no name) - http://sd579.sivit.org/lesgrandscasinos/fo.../cascades05.jpg -- End of file - 8256 bytes
  14. cosby112
    Allo Charles I. et merci!!!!! Voici le rapport: ComboFix 08-01-03.3 - Dany 2008-01-02 14:39:09.3 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.143 [GMT -5:00] Running from: C:\Documents and Settings\Dany.NOM-0C9D00AA293\Bureau\ComboFix.exe * Created a new restore point . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . D:\Autorun.inf . ((((((((((((((((((((((((((((( Fichiers créés 2007-12-03 to 2008-01-03 )))))))))))))))))))))))))))))))))))) . 2008-01-02 14:38 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-12-30 08:17 . 2007-12-30 08:17 <REP> d-------- C:\Documents and Settings\Sonia.NOM-0C9D00AA293\Application Data\Grisoft 2007-12-30 08:15 . 2007-12-30 08:15 <REP> d-------- C:\Documents and Settings\KelLie.NOM-0C9D00AA293\Application Data\Grisoft 2007-12-30 08:12 . 2007-12-30 08:12 <REP> d-------- C:\Documents and Settings\Nick.NOM-0C9D00AA293\Application Data\Grisoft 2007-12-29 23:09 . 2007-12-29 23:09 <REP> d-------- C:\Documents and Settings\Dany.NOM-0C9D00AA293\Application Data\Grisoft 2007-12-29 20:35 . 2005-05-31 02:56 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS 2007-12-29 20:35 . 2004-11-23 19:24 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau 2007-12-29 20:35 . 2004-11-23 19:24 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2007-12-29 20:35 . 2006-08-06 12:08 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles 2007-12-29 20:35 . 2006-08-06 12:07 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents 2007-12-29 20:35 . 2006-08-06 12:07 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer 2007-12-29 20:35 . 2006-08-06 12:07 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris 2007-12-29 20:35 . 2005-05-31 03:01 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2007-12-29 20:35 . 2005-05-31 03:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec 2007-12-29 20:35 . 2005-05-31 03:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SampleView 2007-12-29 20:35 . 2005-05-31 02:55 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer 2007-12-29 19:35 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-12-29 18:19 . 2007-12-29 18:19 15 --a------ C:\WINDOWS\system32\24a94b39 2007-12-29 15:07 . 2007-12-29 15:07 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Contacts 2007-12-29 15:07 . 2007-12-29 15:07 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Contacts 2007-12-29 13:49 . 2007-12-29 13:49 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\Grisoft 2007-12-29 13:49 . 2007-12-29 13:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-12-29 13:49 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-12-29 13:47 . 2007-12-29 13:47 <REP> d---s---- C:\Documents and Settings\HP_Propriétaire\UserData 2007-12-29 13:47 . 2007-12-29 13:47 <REP> d---s---- C:\Documents and Settings\HP_Propriétaire\UserData 2007-12-29 13:33 . 2007-12-29 13:33 <REP> d-------- C:\Program Files\Avira 2007-12-29 13:33 . 2007-12-29 13:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2007-12-29 13:11 . 2007-12-29 13:29 1,031,448 ---hs---- C:\WINDOWS\system32\gnmvujwi.ini 2007-12-29 09:24 . 2007-12-29 13:10 1,031,268 ---hs---- C:\WINDOWS\system32\oqviiogp.ini 2007-12-27 21:53 . 2007-12-29 09:23 1,031,499 ---hs---- C:\WINDOWS\system32\bgcoisda.ini 2007-12-27 14:46 . 2007-12-27 14:46 <REP> d-------- C:\Documents and Settings\Kellie\Application Data\LANCITE 2007-12-26 20:59 . 2007-12-27 21:53 1,031,679 ---hs---- C:\WINDOWS\system32\rknxpxjx.ini 2007-12-26 16:52 . 2007-12-26 16:52 88,936 --a------ C:\Documents and Settings\Dany.NOM-0C9D00AA293\Application Data\GDIPFONTCACHEV1.DAT 2007-12-25 23:25 . 2007-12-26 09:32 <REP> d-------- C:\Program Files\MalwareAlarm 2007-12-25 23:25 . 2007-12-25 23:25 1,283,174 --a------ C:\Install 2007-12-24 20:30 . 2007-12-25 20:31 1,019,762 ---hs---- C:\WINDOWS\system32\xfibslre.ini 2007-12-23 19:39 . 2007-12-24 20:30 1,014,665 ---hs---- C:\WINDOWS\system32\itvlhnax.ini 2007-12-23 14:32 . 2007-12-23 14:32 <REP> d-------- C:\Documents and Settings\Nick.NOM-0C9D00AA293\Application Data\AntiVer2008 2007-12-23 14:32 . 2007-12-23 14:32 <REP> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon 2007-12-23 14:31 . 2007-12-23 14:37 <REP> d-------- C:\Program Files\AntiVer2008 2007-12-16 12:12 . 1991-11-11 13:01 970,686 ---hs---- C:\WINDOWS\system32\cxnjkrpy.ini 2007-12-11 17:34 . 2007-12-13 16:17 1,123,654 ---hs---- C:\WINDOWS\system32\iliwprmm.ini 2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts 2007-12-10 17:48 . 2007-12-11 12:53 1,532,882 ---hs---- C:\WINDOWS\system32\wcbirmyp.ini 2007-12-09 17:26 . 2007-12-10 17:49 1,565,077 ---hs---- C:\WINDOWS\system32\wqbkbcac.ini 2007-12-09 17:19 . 2007-12-29 13:09 20,480 --a------ C:\WINDOWS\quit.exe 2007-12-06 16:42 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll 2007-12-04 14:47 . 2007-12-05 13:43 1,471,289 ---hs---- C:\WINDOWS\system32\ickautoa.ini . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-30 01:43 --------- d-----w C:\Program Files\Java 2007-12-30 00:38 --------- d-----w C:\Program Files\Ares 2007-12-30 00:37 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-30 00:37 --------- d-----w C:\Program Files\Fichiers communs\ArcSoft 2007-12-30 00:27 --------- d-----w C:\Program Files\QuickTime 2007-12-29 23:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-29 23:24 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Apple Computer 2007-12-29 23:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-12-22 11:03 --------- d-----w C:\Documents and Settings\Dany.NOM-0C9D00AA293\Application Data\LimeWire 2007-12-15 13:12 --------- d-----w C:\Program Files\MSN Messenger 2007-12-04 23:47 --------- d-----w C:\Program Files\Common Files 2007-12-04 22:13 --------- d-----w C:\Program Files\PlayMP3z 2007-12-02 21:22 --------- d-----w C:\Program Files\microsoft frontpage 2007-12-02 19:34 --------- d-----w C:\Program Files\PopCap Games 2007-12-02 19:32 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-11-26 21:45 --------- d-----w C:\Documents and Settings\Nick.NOM-0C9D00AA293\Application Data\LimeWire 2007-11-19 02:08 --------- d-----w C:\Program Files\Microsoft Games 2007-11-16 02:29 --------- d-----w C:\Documents and Settings\KelLie.NOM-0C9D00AA293\Application Data\LimeWire 2007-11-14 07:28 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-10 19:30 --------- d-----w C:\Program Files\iTunes 2007-11-10 19:29 --------- d-----w C:\Program Files\iPod 2007-11-03 18:31 --------- d-----w C:\Program Files\PartyGaming 2007-10-30 10:18 3,079,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-25 16:56 8,510,976 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-20 11:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-20 11:01 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll 2007-10-11 06:13 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll 2007-10-11 06:13 663,552 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2007-10-11 06:13 617,472 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-10-11 06:13 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-10-11 06:13 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll 2007-10-11 06:13 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll 2007-10-11 06:13 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-10-11 06:13 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-10-11 06:13 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll 2007-10-11 06:13 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll 2007-10-11 06:13 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-10-11 06:13 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-10-11 06:13 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll 2007-10-11 06:13 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll 2007-10-11 06:13 1,495,040 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll 2007-10-11 06:13 1,056,768 ----a-w C:\WINDOWS\system32\dllcache\danim.dll 2007-10-11 06:13 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll 2007-10-10 11:16 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe 2007-08-25 16:31 88,936 ----a-w C:\Documents and Settings\KelLie.NOM-0C9D00AA293\Application Data\GDIPFONTCACHEV1.DAT 2007-05-22 01:36 88,936 ----a-w C:\Documents and Settings\Nick.NOM-0C9D00AA293\Application Data\GDIPFONTCACHEV1.DAT 2006-03-19 19:30 62,352 ----a-w C:\Documents and Settings\Dany\Application Data\GDIPFONTCACHEV1.DAT 2006-02-01 16:19 62,352 ----a-w C:\Documents and Settings\Sonia\Application Data\GDIPFONTCACHEV1.DAT 2006-01-31 22:34 62,352 ----a-w C:\Documents and Settings\Kellie\Application Data\GDIPFONTCACHEV1.DAT 2006-01-19 21:32 774,144 ----a-w C:\Program Files\RngInterstitial.dll 2005-12-25 22:35 8 ----a-w C:\Documents and Settings\Dany\Application Data\usb.dat.bin 2005-07-17 21:00 0 ----a-w C:\Documents and Settings\Dany\Application Data\wklnhst.dat 2004-03-11 18:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 20:00 15360] "EPSON Stylus CX5800F Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.exe" [2005-05-09 23:00 98304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 20:53 49152] "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 20:43 659456] "PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 23:17 90112] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 23:54 253952] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-29 13:35 249896] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-05-31 02:51 180269] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk.disabled [2006-08-08 19:56:03] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot "AlcxMonitor"=ALCXMNTR.EXE "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 12:08] S3 PTV371;Mini TV USB;C:\WINDOWS\system32\DRIVERS\PTV371.SYS [2006-04-14 15:56] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7e52e1c-0005-11da-ba3d-806d6172696f}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-01-02 19:00:00 C:\WINDOWS\Tasks\A6E910479052837B.job" - c:\docume~1\sonia~1.nom\applic~1\option~1\2purewipe.exe "2007-12-29 19:23:34 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-11-29 00:17:33 C:\WINDOWS\Tasks\At100.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2007-11-29 00:17:33 C:\WINDOWS\Tasks\At101.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2007-11-29 00:17:33 C:\WINDOWS\Tasks\At102.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2007-12-22 11:00:45 C:\WINDOWS\Tasks\At103.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-01 12:00:00 C:\WINDOWS\Tasks\At104.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-01 13:00:00 C:\WINDOWS\Tasks\At105.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-01 14:00:01 C:\WINDOWS\Tasks\At106.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2007-12-31 15:00:00 C:\WINDOWS\Tasks\At107.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-02 16:00:00 C:\WINDOWS\Tasks\At108.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-02 17:00:00 C:\WINDOWS\Tasks\At109.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-02 18:00:00 C:\WINDOWS\Tasks\At110.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-02 19:00:00 C:\WINDOWS\Tasks\At111.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-01 20:00:00 C:\WINDOWS\Tasks\At112.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-01 21:00:00 C:\WINDOWS\Tasks\At113.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-01 22:00:00 C:\WINDOWS\Tasks\At114.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-01 23:00:00 C:\WINDOWS\Tasks\At115.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-02 00:00:00 C:\WINDOWS\Tasks\At116.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-02 01:00:00 C:\WINDOWS\Tasks\At117.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-02 02:00:00 C:\WINDOWS\Tasks\At118.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-02 03:00:00 C:\WINDOWS\Tasks\At119.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-02 04:00:00 C:\WINDOWS\Tasks\At120.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-02 05:00:00 C:\WINDOWS\Tasks\At121.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-02 06:00:00 C:\WINDOWS\Tasks\At122.job" - C:\WINDOWS\system32\QVblq07i.exe "2007-11-29 21:30:40 C:\WINDOWS\Tasks\At123.job" - C:\WINDOWS\system32\QVblq07i.exe "2007-11-29 21:30:40 C:\WINDOWS\Tasks\At124.job" - C:\WINDOWS\system32\QVblq07i.exe "2007-11-29 21:30:40 C:\WINDOWS\Tasks\At125.job" - C:\WINDOWS\system32\QVblq07i.exe "2007-11-29 21:30:40 C:\WINDOWS\Tasks\At126.job" - C:\WINDOWS\system32\QVblq07i.exe "2007-12-22 11:00:45 C:\WINDOWS\Tasks\At127.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-01 12:00:00 C:\WINDOWS\Tasks\At128.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-01 13:00:00 C:\WINDOWS\Tasks\At129.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-01 14:00:01 C:\WINDOWS\Tasks\At130.job" - C:\WINDOWS\system32\QVblq07i.exe "2007-12-31 15:00:00 C:\WINDOWS\Tasks\At131.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-02 16:00:00 C:\WINDOWS\Tasks\At132.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-02 17:00:00 C:\WINDOWS\Tasks\At133.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-02 18:00:00 C:\WINDOWS\Tasks\At134.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-02 19:00:00 C:\WINDOWS\Tasks\At135.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-01 20:00:00 C:\WINDOWS\Tasks\At136.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-01 21:00:00 C:\WINDOWS\Tasks\At137.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-01 22:00:00 C:\WINDOWS\Tasks\At138.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-01 23:00:00 C:\WINDOWS\Tasks\At139.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-02 00:00:00 C:\WINDOWS\Tasks\At140.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-02 01:00:00 C:\WINDOWS\Tasks\At141.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-02 02:00:00 C:\WINDOWS\Tasks\At142.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-02 03:00:00 C:\WINDOWS\Tasks\At143.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-02 04:00:00 C:\WINDOWS\Tasks\At144.job" - C:\WINDOWS\system32\QVblq07i.exe "2008-01-02 05:00:00 C:\WINDOWS\Tasks\At145.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-02 06:00:00 C:\WINDOWS\Tasks\At146.job" - C:\WINDOWS\system32\RY305Ji6.exe "2007-12-18 04:55:53 C:\WINDOWS\Tasks\At147.job" - C:\WINDOWS\system32\RY305Ji6.exe "2007-12-18 04:55:53 C:\WINDOWS\Tasks\At148.job" - C:\WINDOWS\system32\RY305Ji6.exe "2007-12-18 04:55:53 C:\WINDOWS\Tasks\At149.job" - C:\WINDOWS\system32\RY305Ji6.exe "2007-12-18 04:55:53 C:\WINDOWS\Tasks\At150.job" - C:\WINDOWS\system32\RY305Ji6.exe "2007-12-22 11:01:52 C:\WINDOWS\Tasks\At151.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-01 12:00:00 C:\WINDOWS\Tasks\At152.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-01 13:00:00 C:\WINDOWS\Tasks\At153.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-01 14:00:02 C:\WINDOWS\Tasks\At154.job" - C:\WINDOWS\system32\RY305Ji6.exe "2007-12-31 15:00:00 C:\WINDOWS\Tasks\At155.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-02 16:00:00 C:\WINDOWS\Tasks\At156.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-02 17:00:00 C:\WINDOWS\Tasks\At157.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-02 18:00:00 C:\WINDOWS\Tasks\At158.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-02 19:00:00 C:\WINDOWS\Tasks\At159.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-01 20:00:00 C:\WINDOWS\Tasks\At160.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-01 21:00:00 C:\WINDOWS\Tasks\At161.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-01 22:00:00 C:\WINDOWS\Tasks\At162.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-01 23:00:00 C:\WINDOWS\Tasks\At163.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-02 00:00:00 C:\WINDOWS\Tasks\At164.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-02 01:00:00 C:\WINDOWS\Tasks\At165.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-02 02:00:00 C:\WINDOWS\Tasks\At166.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-02 03:00:00 C:\WINDOWS\Tasks\At167.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-02 04:00:00 C:\WINDOWS\Tasks\At168.job" - C:\WINDOWS\system32\RY305Ji6.exe "2008-01-02 06:00:00 C:\WINDOWS\Tasks\At26.job" - C:\WINDOWS\system32\4ItJE164.exe "2007-11-11 20:31:32 C:\WINDOWS\Tasks\At27.job" - C:\WINDOWS\system32\4ItJE164.exe "2007-11-11 20:31:32 C:\WINDOWS\Tasks\At28.job" - C:\WINDOWS\system32\4ItJE164.exe "2007-11-11 20:31:32 C:\WINDOWS\Tasks\At29.job" - C:\WINDOWS\system32\4ItJE164.exe "2007-11-11 20:31:32 C:\WINDOWS\Tasks\At30.job" - C:\WINDOWS\system32\4ItJE164.exe "2007-12-22 11:00:45 C:\WINDOWS\Tasks\At31.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-01 12:00:00 C:\WINDOWS\Tasks\At32.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-01 13:00:00 C:\WINDOWS\Tasks\At33.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-01 14:00:02 C:\WINDOWS\Tasks\At34.job" - C:\WINDOWS\system32\4ItJE164.exe "2007-12-31 15:00:00 C:\WINDOWS\Tasks\At35.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-02 16:00:00 C:\WINDOWS\Tasks\At36.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-02 17:00:00 C:\WINDOWS\Tasks\At37.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-02 18:00:00 C:\WINDOWS\Tasks\At38.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-02 19:00:00 C:\WINDOWS\Tasks\At39.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-01 20:00:00 C:\WINDOWS\Tasks\At40.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-01 21:00:00 C:\WINDOWS\Tasks\At41.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-01 22:00:00 C:\WINDOWS\Tasks\At42.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-01 23:00:00 C:\WINDOWS\Tasks\At43.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-02 00:00:00 C:\WINDOWS\Tasks\At44.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-02 01:00:00 C:\WINDOWS\Tasks\At45.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-02 02:00:00 C:\WINDOWS\Tasks\At46.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-02 03:00:00 C:\WINDOWS\Tasks\At47.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-02 04:00:00 C:\WINDOWS\Tasks\At48.job" - C:\WINDOWS\system32\4ItJE164.exe "2008-01-02 05:00:00 C:\WINDOWS\Tasks\At49.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-02 06:00:00 C:\WINDOWS\Tasks\At50.job" - C:\WINDOWS\system32\YIpo3bib.exe "2007-11-22 00:35:01 C:\WINDOWS\Tasks\At51.job" - C:\WINDOWS\system32\YIpo3bib.exe "2007-11-22 00:35:01 C:\WINDOWS\Tasks\At52.job" - C:\WINDOWS\system32\YIpo3bib.exe "2007-11-22 00:35:01 C:\WINDOWS\Tasks\At53.job" - C:\WINDOWS\system32\YIpo3bib.exe "2007-11-22 00:35:01 C:\WINDOWS\Tasks\At54.job" - C:\WINDOWS\system32\YIpo3bib.exe "2007-12-22 11:00:46 C:\WINDOWS\Tasks\At55.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-01 12:00:00 C:\WINDOWS\Tasks\At56.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-01 13:00:00 C:\WINDOWS\Tasks\At57.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-01 14:00:02 C:\WINDOWS\Tasks\At58.job" - C:\WINDOWS\system32\YIpo3bib.exe "2007-12-31 15:00:00 C:\WINDOWS\Tasks\At59.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-02 16:00:00 C:\WINDOWS\Tasks\At60.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-02 17:00:01 C:\WINDOWS\Tasks\At61.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-02 18:00:00 C:\WINDOWS\Tasks\At62.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-02 19:00:00 C:\WINDOWS\Tasks\At63.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-01 20:00:00 C:\WINDOWS\Tasks\At64.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-01 21:00:00 C:\WINDOWS\Tasks\At65.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-01 22:00:00 C:\WINDOWS\Tasks\At66.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-01 23:00:00 C:\WINDOWS\Tasks\At67.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-02 00:00:00 C:\WINDOWS\Tasks\At68.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-02 01:00:00 C:\WINDOWS\Tasks\At69.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-02 02:00:00 C:\WINDOWS\Tasks\At70.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-02 03:00:00 C:\WINDOWS\Tasks\At71.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-02 04:00:00 C:\WINDOWS\Tasks\At72.job" - C:\WINDOWS\system32\YIpo3bib.exe "2008-01-02 05:00:00 C:\WINDOWS\Tasks\At73.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-02 06:00:00 C:\WINDOWS\Tasks\At74.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2007-11-26 21:18:15 C:\WINDOWS\Tasks\At75.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2007-11-26 21:18:15 C:\WINDOWS\Tasks\At76.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2007-11-26 21:18:15 C:\WINDOWS\Tasks\At77.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2007-11-26 21:18:15 C:\WINDOWS\Tasks\At78.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2007-12-22 11:00:46 C:\WINDOWS\Tasks\At79.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-01 12:00:00 C:\WINDOWS\Tasks\At80.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-01 13:00:00 C:\WINDOWS\Tasks\At81.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-01 14:00:02 C:\WINDOWS\Tasks\At82.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2007-12-31 15:00:00 C:\WINDOWS\Tasks\At83.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-02 16:00:00 C:\WINDOWS\Tasks\At84.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-02 17:00:01 C:\WINDOWS\Tasks\At85.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-02 18:00:00 C:\WINDOWS\Tasks\At86.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-02 19:00:00 C:\WINDOWS\Tasks\At87.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-01 20:00:00 C:\WINDOWS\Tasks\At88.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-01 21:00:00 C:\WINDOWS\Tasks\At89.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-01 22:00:00 C:\WINDOWS\Tasks\At90.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-01 23:00:00 C:\WINDOWS\Tasks\At91.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-02 00:00:00 C:\WINDOWS\Tasks\At92.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-02 01:00:00 C:\WINDOWS\Tasks\At93.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-02 02:00:00 C:\WINDOWS\Tasks\At94.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-02 03:00:00 C:\WINDOWS\Tasks\At95.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-02 04:00:00 C:\WINDOWS\Tasks\At96.job" - C:\WINDOWS\system32\ld2pMT2r.exe "2008-01-02 05:00:00 C:\WINDOWS\Tasks\At97.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2008-01-02 06:00:00 C:\WINDOWS\Tasks\At98.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2007-11-29 00:17:33 C:\WINDOWS\Tasks\At99.job" - C:\WINDOWS\system32\nMP4fOMN.exe "2007-08-12 15:57:00 C:\WINDOWS\Tasks\Connexion facile à Internet.job" - C:\Program Files\Easy Internet signup\HPSdpApp.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-03 14:45:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-03 14:49:37 ComboFix-quarantined-files.txt 2008-01-03 19:49:34 . 2007-12-22 03:35:05 --- E O F --- Nouveau HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:54:14, on 2008-01-03 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\hphmon06.exe C:\WINDOWS\system32\ps2.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Dany.NOM-0C9D00AA293\Bureau\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/defaultf.aspx?lang=fr-ca R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EPSON Stylus CX5800F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE /P27 "EPSON Stylus CX5800F Series" /M "Stylus CX5800F" /EF "HKCU" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O4 - Global Startup: Microsoft Office.lnk.disabled O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_en_US.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O24 - Desktop Component 0: (no name) - http://sd579.sivit.org/lesgrandscasinos/fo.../cascades05.jpg -- End of file - 6905 bytes
  15. cosby112
    Salut J'ai fais un scan de tout mes sessions comme prévu...voci le rapport et en passant bonne année à tous Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:22, on 2008-01-01 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hphmon06.exe C:\WINDOWS\system32\ps2.exe C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\Dany.NOM-0C9D00AA293\Bureau\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/defaultf.aspx?lang=fr-ca R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: {eacfaaa8-2517-047b-06a4-6b0ac868b3e0} - {0e3b868c-a0b6-4a60-b740-71528aaafcae} - C:\WINDOWS\system32\fqlkhjna.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {A5578F41-70E1-4B13-86D5-D46A13B2621D} - C:\WINDOWS\system32\pmnlj.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [bm] "C:\Program Files\Fichiers communs\AntiVer2008\bm.exe" dm=http://antiver2008.com ad=http://antiver2008.com sd=http://gregistre.antiver2008.com O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EPSON Stylus CX5800F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE /P27 "EPSON Stylus CX5800F Series" /M "Stylus CX5800F" /EF "HKCU" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Policies\Explorer\Run: [{24A95918-08A2-3084-0420-050624040002}] "C:\Program Files\Fichiers communs\{24A95918-08A2-3084-0420-050624040002}\Update.exe" mc-110-12-0000904 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O4 - Global Startup: Microsoft Office.lnk.disabled O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00330010-0000-0000-0000-000020160010} - http://207.234.185.217/ABoxInst_int25.exe O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_en_US.cab O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} (WebInstall Class) - http://scanner2.malware-scan.com/setup/webinst.cab O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installdrivecleanerstart_fr.cab O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v10_fr.cab O20 - Winlogon Notify: cxkopqqb - cxkopqqb.dll (file missing) O20 - Winlogon Notify: mdytwdzo - mdytwdzo.dll (file missing) O20 - Winlogon Notify: rqrqoon - rqrqoon.dll (file missing) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O24 - Desktop Component 0: (no name) - http://sd579.sivit.org/lesgrandscasinos/fo.../cascades05.jpg -- End of file - 8594 bytes
×
×
  • Créer...