Nicola.S
-
Compteur de contenus
24 -
Inscription
-
Dernière visite
Nicola.S's Achievements
Member (4/12)
0
Réputation sur la communauté
-
[résolu][resolu] StorageProtector + Virtumonde
Nicola.S a répondu à un(e) sujet de Nicola.S dans Analyses et éradication malwares
Yep, je pense que la désinfection est bien effectuée (plus rien à signaler à part la croix) Sinon, j'ai aussi effectué les conseils de Zonk, merci Merci à vous de m'avoir aidé à désinfecter ce fichu pc, j'ai bien cru que reformater était la seule solution. Merci encore -
[résolu][resolu] StorageProtector + Virtumonde
Nicola.S a répondu à un(e) sujet de Nicola.S dans Analyses et éradication malwares
Voila, j'ai branché la clé et j'ai effectué la manipulation (bon après je sais pas si ça a marché ) Par contre j'ai toujours la croix rouge (si ça a un rapport) -
[résolu][resolu] StorageProtector + Virtumonde
Nicola.S a répondu à un(e) sujet de Nicola.S dans Analyses et éradication malwares
Je ne comprends pas à quoi correspond ce support ? Que dois-je brancher ? -
[résolu][resolu] StorageProtector + Virtumonde
Nicola.S a répondu à un(e) sujet de Nicola.S dans Analyses et éradication malwares
Il ne semble plus y avoir de problèmes. Juste une chose étrange, le disque dur apparait toujours avec une croix rouge. Sinon, je suis conscient des risques de P2p, aussi j'essaie de minimiser les risques en ne téléchargeant pas n'importe quoi. Mais merci du conseil -
[résolu][resolu] StorageProtector + Virtumonde
Nicola.S a répondu à un(e) sujet de Nicola.S dans Analyses et éradication malwares
Bonjour, bonjour, Voila les 2 rapports demandés __________________________________________________ ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: TrackingCookie.2o7 Path: :mozilla.39:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\got3iug5.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.40:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\got3iug5.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.41:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\got3iug5.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.42:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\got3iug5.default\cookies.txt Risk: Medium Name: TrackingCookie.Estat Path: :mozilla.135:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\got3iug5.default\cookies.txt Risk: Medium Name: TrackingCookie.Gemius Path: :mozilla.169:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\got3iug5.default\cookies.txt Risk: Medium Name: TrackingCookie.Gemius Path: :mozilla.171:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\got3iug5.default\cookies.txt Risk: Medium Name: TrackingCookie.Yadro Path: :mozilla.237:C:\Documents and Settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\got3iug5.default\cookies.txt Risk: Medium Name: Not-A-Virus.Hacktool.EvID Path: C:\Program Files\eChanblard\config\last.zip/EvID4226Patch.exe Risk: Low Name: Not-A-Virus.Hacktool.EvID Path: C:\Program Files\eChanblard\EvID4226Patch.exe Risk: Low ComboFix 08-02-13.2 - Nicolas 2008-02-15 18:13:05.11 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1507 [GMT 1:00] Endroit: C:\Documents and Settings\Nicolas\Bureau\ComboFix(2).exe Command switches used :: C:\Documents and Settings\Nicolas\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\WINDOWS\system32\awtsp.exe C:\WINDOWS\system32\awvtqrs.dll C:\WINDOWS\system32\awvtrrs.dll C:\WINDOWS\system32\awvtu.exe C:\WINDOWS\system32\ddayxwt.dll C:\WINDOWS\system32\ddccb.exe C:\WINDOWS\system32\ddccy.exe C:\WINDOWS\system32\ddccywv.dll C:\WINDOWS\system32\gebcccy.dll C:\WINDOWS\system32\gebcy.exe C:\WINDOWS\system32\gebyaby.dll C:\WINDOWS\system32\gebyvvv.dll C:\WINDOWS\system32\gebyw.exe C:\WINDOWS\system32\geebyyy.dll C:\WINDOWS\system32\jkhfc.exe C:\WINDOWS\system32\jkhhe.exe C:\WINDOWS\system32\jkhhf.exe C:\WINDOWS\system32\jkhhh.exe C:\WINDOWS\system32\jkhhhhe.dll c:\windows\system32\jkkjg.exe C:\WINDOWS\system32\jkkjhgh.dll C:\WINDOWS\system32\jkkjjge.dll C:\WINDOWS\system32\jkklljk.dll C:\WINDOWS\system32\mljgfde.dll C:\WINDOWS\system32\mljiiih.dll C:\WINDOWS\system32\mljji.exe C:\WINDOWS\system32\mljjk.exe C:\WINDOWS\system32\mllji.exe C:\WINDOWS\system32\nelrtibi.dll C:\WINDOWS\system32\pmkhf.exe C:\WINDOWS\system32\pmkhfdd.dll C:\WINDOWS\system32\pmkhfde.dll C:\WINDOWS\system32\pmnlj.exe C:\WINDOWS\system32\pmnljgh.dll C:\WINDOWS\system32\qomljkj.dll C:\WINDOWS\system32\qtutv.ini C:\WINDOWS\system32\qtutv.ini2 C:\WINDOWS\system32\ssqro.exe C:\WINDOWS\system32\ssqrsrq.dll C:\WINDOWS\system32\sstqpmm.dll C:\WINDOWS\system32\sstqr.exe c:\windows\system32\sstts.exe C:\WINDOWS\system32\sstttqr.dll C:\WINDOWS\system32\ssttu.dll C:\WINDOWS\system32\ubiqbxiu.ini C:\WINDOWS\system32\uixbqibu.dll C:\WINDOWS\system32\uttss.ini C:\WINDOWS\system32\uttss.ini2 C:\WINDOWS\system32\vdqsqhdw.ini C:\WINDOWS\system32\vtsqq.exe C:\WINDOWS\system32\vtsqrop.dll C:\WINDOWS\system32\vtststs.dll C:\WINDOWS\system32\windows C:\WINDOWS\system32\WinSpooler.exe C:\WINDOWS\system32\WinUpdating.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\poof -------\poof ((((((((((((((((((((((((((((( Fichiers créés 2008-01-15 to 2008-02-15 )))))))))))))))))))))))))))))))))))) . 2008-02-14 19:13 . 2008-02-14 19:13 <REP> d-------- C:\Program Files\Avira 2008-02-14 19:13 . 2008-02-14 19:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-02-14 19:13 . 2008-02-14 19:19 61,632 --a------ C:\WINDOWS\system32\drivers\avipbb.sys 2008-02-14 19:13 . 2007-08-09 13:04 40,768 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys 2008-02-14 19:13 . 2007-03-01 10:34 28,352 --a------ C:\WINDOWS\system32\drivers\ssmdrv.sys 2008-02-14 19:13 . 2007-07-18 14:22 21,312 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys 2008-02-14 14:27 . 2008-02-14 16:21 60,416 --a------ C:\WINDOWS\system32\drivers\ComboFix.sys 2008-02-14 14:18 . 2007-12-14 01:59 139,264 --a------ C:\WINDOWS\system32\javaws.exe 2008-02-14 14:18 . 2007-12-14 00:57 135,168 --a------ C:\WINDOWS\system32\javaw.exe 2008-02-14 14:18 . 2007-12-14 00:57 135,168 --a------ C:\WINDOWS\system32\java.exe 2008-02-13 12:07 . 2008-02-13 12:08 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-02-12 19:07 . 2000-08-31 08:00 212,480 --a------ C:\WINDOWS\system32\swxcacls.exe 2008-02-12 19:07 . 2000-08-31 08:00 161,792 --a------ C:\WINDOWS\system32\swreg.exe 2008-02-12 19:07 . 2000-08-31 08:00 136,704 --a------ C:\WINDOWS\system32\swsc.exe 2008-02-12 16:43 . 2008-02-12 16:43 <REP> d-------- C:\Program Files\Trend Micro 2008-02-11 23:48 . 2004-08-20 00:09 400,896 --a------ C:\WINDOWS\system32\kmd.exe 2008-02-11 23:07 . 2008-02-11 23:07 3,964 --a------ C:\WINDOWS\system32\tmp.reg 2008-02-11 22:40 . 2008-02-11 22:40 128 --a------ C:\Documents 2008-02-11 20:13 . 2008-02-11 21:14 <REP> d-------- C:\WINDOWS\BDOSCAN8 2008-02-11 19:23 . 2008-02-14 19:43 <REP> d-------- C:\VundoFix Backups 2008-02-11 17:52 . 2008-02-15 18:12 <REP> d-------- C:\QooBox 2008-02-11 17:52 . 2000-08-31 08:00 98,816 --a------ C:\WINDOWS\system32\sed.exe 2008-02-11 17:52 . 2000-08-31 08:00 80,412 --a------ C:\WINDOWS\system32\grep.exe 2008-02-11 17:52 . 2000-08-31 08:00 73,728 --a------ C:\WINDOWS\system32\fdsv.exe 2008-02-11 17:52 . 2000-08-31 08:00 68,096 --a------ C:\WINDOWS\system32\zip.exe 2008-02-11 17:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe 2008-02-11 17:52 . 2000-08-31 08:00 49,152 --a------ C:\WINDOWS\system32\VFind.exe 2008-02-11 17:00 . 2008-02-11 17:00 <REP> d-------- C:\Program Files\Grisoft 2008-02-11 17:00 . 2008-02-11 17:00 <REP> d-------- C:\Documents and Settings\Nicolas\Application Data\Grisoft 2008-02-11 17:00 . 2008-02-11 17:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-11 17:00 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-02-11 13:44 . 2008-02-11 13:44 294 ---hs---- C:\WINDOWS\system32\bmhvcfoh.ini 2008-02-11 11:48 . 2008-02-11 13:44 354 ---hs---- C:\WINDOWS\system32\bpsnfgrb.ini 2008-02-10 14:48 . 2007-02-11 11:40 354 ---hs---- C:\WINDOWS\system32\ppmmvcbn.ini 2008-02-10 14:05 . 2008-02-12 16:41 650 --a------ C:\WINDOWS\wininit.ini 2008-02-06 11:12 . 2008-02-14 15:29 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-06 11:12 . 2008-02-10 13:45 37,888 --a------ C:\WINDOWS\system32\rar.exe 2008-02-02 19:01 . 2008-02-03 18:22 <REP> d-------- C:\Documents and Settings\PASCAL\Application Data\OpenOffice.org2 2008-01-27 18:14 . 2008-01-27 18:14 <REP> d-------- C:\Documents and Settings\PASCAL\Application Data\MSN6 2008-01-27 18:14 . 2008-01-27 18:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MSN6 2008-01-23 12:53 . 2008-01-23 12:53 <REP> d-------- C:\Program Files\Lavasoft 2008-01-23 12:53 . 2008-01-23 12:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-15 16:15 --------- d-----w C:\Program Files\Mozilla Firefox 2008-02-15 16:13 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\OpenOffice.org2 2008-02-15 16:11 2,145,386,496 --sha-w C:\pagefile.sys 2008-02-14 14:25 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-14 14:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-14 13:21 --------- d-----w C:\Program Files\Java 2008-02-14 11:52 --------- d-----w C:\Program Files\eChanblard 2008-02-13 17:09 4,364 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err 2008-02-13 11:08 --------- d-----w C:\Program Files\Internet Explorer 2008-02-11 17:54 --------- d-----w C:\Program Files\Fichiers communs 2008-02-09 22:15 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\teamspeak2 2008-02-09 17:55 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-02-09 17:55 --------- d-----w C:\Program Files\Adobe 2008-02-04 23:09 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe 2008-01-11 15:42 --------- d-----w C:\Program Files\Google 2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll 2008-01-09 15:13 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Sites 2008-01-09 15:13 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Classes de site 2008-01-08 17:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-01-08 14:37 --------- d-----w C:\Program Files\Windows Live 2008-01-08 14:37 --------- d-----w C:\Program Files\MSN Messenger 2008-01-08 14:37 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-01-08 12:50 --------- d-----w C:\Program Files\WorkoutLogger 2008-01-08 12:35 --------- d-----w C:\Program Files\nutri 2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll 2007-12-19 21:38 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys 2007-12-15 19:15 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Dynamique 2007-12-15 19:14 --------- d-----w C:\Program Files\Visicom Media 2007-12-15 19:14 --------- d-----w C:\Program Files\FileZilla Client 2007-12-15 19:14 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\FileZilla 2007-12-08 05:08 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll 2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-07 02:08 671,232 ----a-w C:\WINDOWS\system32\mstime.dll 2007-12-07 02:08 63,488 ----a-w C:\WINDOWS\system32\icardie.dll 2007-12-07 02:08 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll 2007-12-07 02:08 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll 2007-12-07 02:08 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll 2007-12-07 02:08 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll 2007-12-07 02:08 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll 2007-12-07 02:08 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll 2007-12-07 02:08 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll 2007-12-07 02:08 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll 2007-12-07 02:08 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll 2007-12-07 02:08 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll 2007-12-07 02:08 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll 2007-12-07 02:08 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll 2007-12-07 02:08 193,024 ----a-w C:\WINDOWS\system32\msrating.dll 2007-12-07 02:08 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll 2007-12-07 02:08 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll 2007-12-07 02:08 124,928 ----a-w C:\WINDOWS\system32\advpack.dll 2007-12-07 02:08 105,984 ----a-w C:\WINDOWS\system32\url.dll 2007-12-07 02:08 102,912 ----a-w C:\WINDOWS\system32\occache.dll 2007-12-07 02:08 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll 2007-12-06 11:02 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe 2007-12-06 11:00 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe 2007-12-06 04:59 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll 2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2006-06-23 06:48 32,768 -c--a-r C:\WINDOWS\inf\UpdateUSB.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 08:27 153136] "Steam"="C:\Program Files\Valve\Steam\\Steam.exe" [2007-12-01 14:32 1266936] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360] C:\Documents and Settings\PASCAL\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216] C:\Documents and Settings\Nicolas\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 15:51 192512] R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 09:21] R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 09:21] R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 07:36] S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 09:21] S3 BS_DEF;BS_DEF;C:\Program Files\ASUS\ASUSUpdate\BS_DEF.sys [] S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2005-06-13 04:57] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-15 18:16:06 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . -
[résolu][resolu] StorageProtector + Virtumonde
Nicola.S a répondu à un(e) sujet de Nicola.S dans Analyses et éradication malwares
Bon je viens de faire le test ComboFix. C'est bizarre, il dit lui même avoir crée un Combofix.txt dans C: mais pourtant il n'y a rien. J'avoue ne pas comprendre. Peut être supprimer les deux dossiers Combofix et Combofix (2) (oui car à un moment, je pouvais plus rien supprimer, du coup j'avais gardé deux versions de combofix) dans C: pour remettre tout à 0 ? je sais pas trop. Screen: Voila le nouveau rapport obtenu situé dans C:/Combofix(2)/Combofix.txt ComboFix 08-02-13.2 - Nicolas 2008-02-14 20:19:56.10 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1514 [GMT 1:00] Endroit: C:\Documents and Settings\Nicolas\Bureau\ComboFix(2).exe Command switches used :: C:\Documents and Settings\Nicolas\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE C:\WINDOWS\system32\awtsp.exe C:\WINDOWS\system32\awvtqrs.dll C:\WINDOWS\system32\awvtrrs.dll C:\WINDOWS\system32\awvtu.exe C:\WINDOWS\system32\ddayxwt.dll C:\WINDOWS\system32\ddccb.exe C:\WINDOWS\system32\ddccy.exe C:\WINDOWS\system32\ddccywv.dll C:\WINDOWS\system32\gebcccy.dll C:\WINDOWS\system32\gebcy.exe C:\WINDOWS\system32\gebyaby.dll C:\WINDOWS\system32\gebyvvv.dll C:\WINDOWS\system32\gebyw.exe C:\WINDOWS\system32\geebyyy.dll C:\WINDOWS\system32\jkhfc.exe C:\WINDOWS\system32\jkhhe.exe C:\WINDOWS\system32\jkhhf.exe C:\WINDOWS\system32\jkhhh.exe C:\WINDOWS\system32\jkhhhhe.dll C:\WINDOWS\system32\jkkjg.exe C:\WINDOWS\system32\jkkjhgh.dll C:\WINDOWS\system32\jkkjjge.dll C:\WINDOWS\system32\jkklljk.dll C:\WINDOWS\system32\mljgfde.dll C:\WINDOWS\system32\mljji.exe C:\WINDOWS\system32\mljjk.exe C:\WINDOWS\system32\mllji.exe C:\WINDOWS\system32\pmkhf.exe C:\WINDOWS\system32\pmkhfdd.dll C:\WINDOWS\system32\pmkhfde.dll C:\WINDOWS\system32\pmnlj.exe C:\WINDOWS\system32\pmnljgh.dll C:\WINDOWS\system32\ssqro.exe C:\WINDOWS\system32\ssqrsrq.dll C:\WINDOWS\system32\sstqpmm.dll C:\WINDOWS\system32\sstqr.exe C:\WINDOWS\system32\sstts.exe C:\WINDOWS\system32\sstttqr.dll C:\WINDOWS\system32\vtsqq.exe C:\WINDOWS\system32\vtsqrop.dll C:\WINDOWS\system32\vtststs.dll C:\WINDOWS\system32\WinSpooler.exe C:\WINDOWS\system32\WinUpdating.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\WINDOWS\system32\awtsp.exe C:\WINDOWS\system32\awvtqrs.dll C:\WINDOWS\system32\awvtrrs.dll C:\WINDOWS\system32\awvtu.exe C:\WINDOWS\system32\ddayxwt.dll C:\WINDOWS\system32\ddccb.exe C:\WINDOWS\system32\ddccy.exe C:\WINDOWS\system32\ddccywv.dll C:\WINDOWS\system32\gebcccy.dll C:\WINDOWS\system32\gebcy.exe C:\WINDOWS\system32\gebyaby.dll C:\WINDOWS\system32\gebyvvv.dll C:\WINDOWS\system32\gebyw.exe C:\WINDOWS\system32\geebyyy.dll C:\WINDOWS\system32\jkhfc.exe C:\WINDOWS\system32\jkhhe.exe C:\WINDOWS\system32\jkhhf.exe C:\WINDOWS\system32\jkhhh.exe C:\WINDOWS\system32\jkhhhhe.dll c:\windows\system32\jkkjg.exe C:\WINDOWS\system32\jkkjhgh.dll C:\WINDOWS\system32\jkkjjge.dll C:\WINDOWS\system32\jkklljk.dll C:\WINDOWS\system32\mljgfde.dll C:\WINDOWS\system32\mljiiih.dll C:\WINDOWS\system32\mljji.exe C:\WINDOWS\system32\mljjk.exe C:\WINDOWS\system32\mllji.exe C:\WINDOWS\system32\nelrtibi.dll C:\WINDOWS\system32\pmkhf.exe C:\WINDOWS\system32\pmkhfdd.dll C:\WINDOWS\system32\pmkhfde.dll C:\WINDOWS\system32\pmnlj.exe C:\WINDOWS\system32\pmnljgh.dll C:\WINDOWS\system32\qomljkj.dll C:\WINDOWS\system32\qtutv.ini C:\WINDOWS\system32\qtutv.ini2 C:\WINDOWS\system32\ssqro.exe C:\WINDOWS\system32\ssqrsrq.dll C:\WINDOWS\system32\sstqpmm.dll C:\WINDOWS\system32\sstqr.exe c:\windows\system32\sstts.exe C:\WINDOWS\system32\sstttqr.dll C:\WINDOWS\system32\ssttu.dll C:\WINDOWS\system32\ubiqbxiu.ini C:\WINDOWS\system32\uixbqibu.dll C:\WINDOWS\system32\uttss.ini C:\WINDOWS\system32\uttss.ini2 C:\WINDOWS\system32\vdqsqhdw.ini C:\WINDOWS\system32\vtsqq.exe C:\WINDOWS\system32\vtsqrop.dll C:\WINDOWS\system32\vtststs.dll C:\WINDOWS\system32\windows C:\WINDOWS\system32\WinSpooler.exe C:\WINDOWS\system32\WinUpdating.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\poof -------\poof ((((((((((((((((((((((((((((( Fichiers créés 2008-01-14 to 2008-02-14 )))))))))))))))))))))))))))))))))))) . 2008-02-14 19:13 . 2008-02-14 19:13 <REP> d-------- C:\Program Files\Avira 2008-02-14 19:13 . 2008-02-14 19:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-02-14 19:13 . 2008-02-14 19:19 61,632 --a------ C:\WINDOWS\system32\drivers\avipbb.sys 2008-02-14 19:13 . 2007-08-09 13:04 40,768 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys 2008-02-14 19:13 . 2007-03-01 10:34 28,352 --a------ C:\WINDOWS\system32\drivers\ssmdrv.sys 2008-02-14 19:13 . 2007-07-18 14:22 21,312 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys 2008-02-14 14:27 . 2008-02-14 16:21 60,416 --a------ C:\WINDOWS\system32\drivers\ComboFix.sys 2008-02-14 14:18 . 2007-12-14 01:59 139,264 --a------ C:\WINDOWS\system32\javaws.exe 2008-02-14 14:18 . 2007-12-14 00:57 135,168 --a------ C:\WINDOWS\system32\javaw.exe 2008-02-14 14:18 . 2007-12-14 00:57 135,168 --a------ C:\WINDOWS\system32\java.exe 2008-02-13 12:07 . 2008-02-13 12:08 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-02-12 19:07 . 2000-08-31 08:00 212,480 --a------ C:\WINDOWS\system32\swxcacls.exe 2008-02-12 19:07 . 2000-08-31 08:00 161,792 --a------ C:\WINDOWS\system32\swreg.exe 2008-02-12 19:07 . 2000-08-31 08:00 136,704 --a------ C:\WINDOWS\system32\swsc.exe 2008-02-12 16:43 . 2008-02-12 16:43 <REP> d-------- C:\Program Files\Trend Micro 2008-02-11 23:48 . 2004-08-20 00:09 400,896 --a------ C:\WINDOWS\system32\kmd.exe 2008-02-11 23:07 . 2008-02-11 23:07 3,964 --a------ C:\WINDOWS\system32\tmp.reg 2008-02-11 22:40 . 2008-02-11 22:40 128 --a------ C:\Documents 2008-02-11 20:13 . 2008-02-11 21:14 <REP> d-------- C:\WINDOWS\BDOSCAN8 2008-02-11 19:23 . 2008-02-14 19:43 <REP> d-------- C:\VundoFix Backups 2008-02-11 17:52 . 2008-02-14 20:19 <REP> d-------- C:\QooBox 2008-02-11 17:52 . 2000-08-31 08:00 98,816 --a------ C:\WINDOWS\system32\sed.exe 2008-02-11 17:52 . 2000-08-31 08:00 80,412 --a------ C:\WINDOWS\system32\grep.exe 2008-02-11 17:52 . 2000-08-31 08:00 73,728 --a------ C:\WINDOWS\system32\fdsv.exe 2008-02-11 17:52 . 2000-08-31 08:00 68,096 --a------ C:\WINDOWS\system32\zip.exe 2008-02-11 17:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe 2008-02-11 17:52 . 2000-08-31 08:00 49,152 --a------ C:\WINDOWS\system32\VFind.exe 2008-02-11 17:00 . 2008-02-11 17:00 <REP> d-------- C:\Program Files\Grisoft 2008-02-11 17:00 . 2008-02-11 17:00 <REP> d-------- C:\Documents and Settings\Nicolas\Application Data\Grisoft 2008-02-11 17:00 . 2008-02-11 17:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-11 17:00 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-02-11 13:44 . 2008-02-11 13:44 294 ---hs---- C:\WINDOWS\system32\bmhvcfoh.ini 2008-02-11 11:48 . 2008-02-11 13:44 354 ---hs---- C:\WINDOWS\system32\bpsnfgrb.ini 2008-02-10 14:48 . 2007-02-11 11:40 354 ---hs---- C:\WINDOWS\system32\ppmmvcbn.ini 2008-02-10 14:05 . 2008-02-12 16:41 650 --a------ C:\WINDOWS\wininit.ini 2008-02-06 11:12 . 2008-02-14 15:29 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-06 11:12 . 2008-02-10 13:45 37,888 --a------ C:\WINDOWS\system32\rar.exe 2008-02-02 19:01 . 2008-02-03 18:22 <REP> d-------- C:\Documents and Settings\PASCAL\Application Data\OpenOffice.org2 2008-01-27 18:14 . 2008-01-27 18:14 <REP> d-------- C:\Documents and Settings\PASCAL\Application Data\MSN6 2008-01-27 18:14 . 2008-01-27 18:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MSN6 2008-01-23 12:53 . 2008-01-23 12:53 <REP> d-------- C:\Program Files\Lavasoft 2008-01-23 12:53 . 2008-01-23 12:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-14 18:10 --------- d-----w C:\Program Files\Mozilla Firefox 2008-02-14 18:08 2,145,386,496 --sha-w C:\pagefile.sys 2008-02-14 18:08 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\OpenOffice.org2 2008-02-14 14:25 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-14 14:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-14 13:21 --------- d-----w C:\Program Files\Java 2008-02-14 11:52 --------- d-----w C:\Program Files\eChanblard 2008-02-13 17:09 4,364 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err 2008-02-13 11:08 --------- d-----w C:\Program Files\Internet Explorer 2008-02-11 17:54 --------- d-----w C:\Program Files\Fichiers communs 2008-02-09 22:15 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\teamspeak2 2008-02-09 17:55 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-02-09 17:55 --------- d-----w C:\Program Files\Adobe 2008-02-04 23:09 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe 2008-01-11 15:42 --------- d-----w C:\Program Files\Google 2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll 2008-01-09 15:13 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Sites 2008-01-09 15:13 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Classes de site 2008-01-08 17:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-01-08 14:37 --------- d-----w C:\Program Files\Windows Live 2008-01-08 14:37 --------- d-----w C:\Program Files\MSN Messenger 2008-01-08 14:37 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-01-08 12:50 --------- d-----w C:\Program Files\WorkoutLogger 2008-01-08 12:35 --------- d-----w C:\Program Files\nutri 2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll 2007-12-19 21:38 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys 2007-12-15 19:15 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\Dynamique 2007-12-15 19:14 --------- d-----w C:\Program Files\Visicom Media 2007-12-15 19:14 --------- d-----w C:\Program Files\FileZilla Client 2007-12-15 19:14 --------- d-----w C:\Documents and Settings\Nicolas\Application Data\FileZilla 2007-12-14 20:51 --------- d-----w C:\Program Files\RealMedia 2007-12-14 20:51 --------- d-----w C:\Program Files\OpenSource Flash Video Splitter 2007-12-14 20:51 --------- d-----w C:\Program Files\DScaler5 2007-12-14 20:51 --------- d-----w C:\Program Files\CD Audio Reader Filter 2007-12-14 20:50 --------- d-----w C:\Program Files\Haali 2007-12-14 20:50 --------- d-----w C:\Program Files\DirectVobSub 2007-12-08 05:08 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll 2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-07 02:08 671,232 ----a-w C:\WINDOWS\system32\mstime.dll 2007-12-07 02:08 63,488 ----a-w C:\WINDOWS\system32\icardie.dll 2007-12-07 02:08 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll 2007-12-07 02:08 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll 2007-12-07 02:08 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll 2007-12-07 02:08 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll 2007-12-07 02:08 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll 2007-12-07 02:08 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll 2007-12-07 02:08 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll 2007-12-07 02:08 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll 2007-12-07 02:08 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll 2007-12-07 02:08 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll 2007-12-07 02:08 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll 2007-12-07 02:08 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll 2007-12-07 02:08 193,024 ----a-w C:\WINDOWS\system32\msrating.dll 2007-12-07 02:08 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll 2007-12-07 02:08 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll 2007-12-07 02:08 124,928 ----a-w C:\WINDOWS\system32\advpack.dll 2007-12-07 02:08 105,984 ----a-w C:\WINDOWS\system32\url.dll 2007-12-07 02:08 102,912 ----a-w C:\WINDOWS\system32\occache.dll 2007-12-07 02:08 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll 2007-12-06 11:02 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe 2007-12-06 11:00 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe 2007-12-06 04:59 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll 2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2006-06-23 06:48 32,768 -c--a-r C:\WINDOWS\inf\UpdateUSB.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 08:27 153136] "Steam"="C:\Program Files\Valve\Steam\\Steam.exe" [2007-12-01 14:32 1266936] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360] C:\Documents and Settings\PASCAL\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216] C:\Documents and Settings\Nicolas\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 15:51 192512] "{25BE2418-6C95-418F-BE03-0D9B9354A167}"= C:\WINDOWS\system32\mljiiih.dll [ ] R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 09:21] R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 09:21] R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 07:36] S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 09:21] S3 BS_DEF;BS_DEF;C:\Program Files\ASUS\ASUSUpdate\BS_DEF.sys [] S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2005-06-13 04:57] *Newly Created Service* - ANTIVIRSCHEDULER *Newly Created Service* - ANTIVIRSERVICE *Newly Created Service* - AVGIO *Newly Created Service* - AVGNTFLT *Newly Created Service* - AVIPBB . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-14 20:22:52 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . -
[résolu][resolu] StorageProtector + Virtumonde
Nicola.S a répondu à un(e) sujet de Nicola.S dans Analyses et éradication malwares
J'aime bien Antivir, pendant l'analyse, il effectue un bip lorsqu'il trouve un trojan/virus. Je me suis cru dans la bataille finale de la Guerre des Etoiles tellement ça sonnait. Voila le Rapport d'antivir (celui de Combofix arrive dans un instant, le temps de le lancer) AntiVir PersonalEdition Classic Report file date: 2008-02-14 19:21 Scanning for 1109165 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: SYSTEM Computer name: DOCHE-0PKOS71KZ Version information: BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15 ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 18:19:50 ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 2008-02-08 18:19:50 ANTIVIR3.VDF : 7.0.2.139 181760 Bytes 2008-02-14 18:19:50 AVEWIN32.DLL : 7.6.0.65 3240448 Bytes 2008-02-14 18:19:50 AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-02-14 18:19:50 AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: F:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: 2008-02-14 19:21 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'soffice.bin' - '1' Module(s) have been scanned Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned Scan process 'soffice.exe' - '1' Module(s) have been scanned Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'guard.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 33 processes with 33 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'F:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '21' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\upload_moi_DOCHE-0PKOS71KZ.tar.gz [0] Archive type: GZ --> upload_moi.tar [1] Archive type: TAR (tape archiver) --> qoobox/Quarantine/C/WINDOWS/system32/cbxvvvw.dll.vir [DETECTION] Is the Trojan horse TR/Trash.Gen --> qoobox/Quarantine/C/WINDOWS/system32/ddabx.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen --> qoobox/Quarantine/C/WINDOWS/system32/jkkjg.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen --> qoobox/Quarantine/C/WINDOWS/system32/malcmicb.dll.vir [DETECTION] Is the Trojan horse TR/Trash.Gen --> qoobox/Quarantine/C/WINDOWS/system32/mljjg.dll.vir [DETECTION] Is the Trojan horse TR/Trash.Gen --> qoobox/Quarantine/C/WINDOWS/system32/sstts.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen --> qoobox/Quarantine/C/WINDOWS/system32/windows.vir [DETECTION] Is the Trojan horse TR/Zapchast.DT.1 --> WINDOWS/System32/WinSpooler.exe [DETECTION] Is the Trojan horse TR/Drop.Agent.cbo --> WINDOWS/System32/WinUpdating.exe [DETECTION] Is the Trojan horse TR/Agent.fgk.1 --> WINDOWS/System32/gebyw.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen --> WINDOWS/System32/ddccb.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen --> WINDOWS/System32/jkhhh.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen --> WINDOWS/System32/ddccy.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen --> WINDOWS/System32/mljgfde.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen --> WINDOWS/System32/sstttqr.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen --> WINDOWS/System32/gebcccy.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen --> WINDOWS/System32/jkkjjge.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen --> WINDOWS/System32/pmkhfdd.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen --> WINDOWS/System32/awvtqrs.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was moved to '48208746.qua'! C:\Documents and Settings\Nicolas\Bureau\SmitfraudFix.exe [DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.36 [iNFO] The file was moved to '481d8785.qua'! C:\Documents and Settings\Nicolas\Local Settings\Temp\runme.exe [DETECTION] Is the Trojan horse TR/Drop.Agent.cbo [iNFO] The file was moved to '482287ac.qua'! C:\Documents and Settings\Nicolas\Local Settings\Temp\TEMP01.rar [0] Archive type: CAB (Microsoft) --> runme.exe [DETECTION] Is the Trojan horse TR/Drop.Agent.cbo [iNFO] The file was moved to '48018788.qua'! C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\KO0NIYOT\tr[1] [DETECTION] Is the Trojan horse TR/Vundo.DWB [iNFO] The file was deleted! C:\Documents and Settings\Nicolas\Local Settings\Temporary Internet Files\Content.IE5\TQ26IOJT\css4[1] [DETECTION] Is the Trojan horse TR/Vundo.gc [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\awtsp.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\awvtqrs.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\awvtrrs.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\awvtu.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\cbxvvvw.dll.vir [DETECTION] Is the Trojan horse TR/Trash.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\ddabx.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\ddayxwt.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\ddccb.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\ddccy.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\ddccywv.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\gebcccy.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\gebcy.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\gebyaby.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\gebyvvv.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\gebyw.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\geebyyy.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\jkhfc.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\jkhhe.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\jkhhf.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\jkhhh.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\jkhhhhe.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\jkkjg.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\jkkjhgh.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\jkkjjge.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\jkklljk.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\malcmicb.dll.vir [DETECTION] Is the Trojan horse TR/Trash.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\mljgfde.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\mljjg.dll.vir [DETECTION] Is the Trojan horse TR/Trash.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\mljji.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\mljjk.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\mllji.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\nelrtibi.dll.vir [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\pmkhf.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\pmkhfdd.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\pmkhfde.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\pmnlj.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\pmnljgh.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\ssqro.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\ssqrsrq.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\sstqpmm.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\sstqr.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\sstts.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\sstttqr.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\uixbqibu.dll.vir [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\vtsqq.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\vtsqrop.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\vtststs.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\windows.vir [DETECTION] Is the Trojan horse TR/Zapchast.DT.1 [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\WinSpooler.exe.vir [DETECTION] Is the Trojan horse TR/Drop.Agent.cbo [iNFO] The file was deleted! C:\QooBox\Quarantine\C\WINDOWS\system32\WinUpdating.exe.vir [DETECTION] Is the Trojan horse TR/Agent.fgk.1 [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP291\A0047046.exe [DETECTION] Contains detection pattern of the dropper DR/MegaSearch.N.25 [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP303\A0053654.exe [DETECTION] Is the Trojan horse TR/Drop.Agent.cbo [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP305\A0054904.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP308\A0055154.exe [DETECTION] Is the Trojan horse TR/Pakes.bzo [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP308\A0055175.dll [DETECTION] Is the Trojan horse TR/Vundo.gc [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP308\A0055176.dll [DETECTION] Is the Trojan horse TR/Vundo.DWB [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP308\A0055184.dll [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP308\A0055226.dll [DETECTION] Is the Trojan horse TR/Vundo.gc [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP308\A0055232.dll [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP308\A0055234.dll [DETECTION] Is the Trojan horse TR/Vundo.DWB [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP308\A0055242.dll [DETECTION] Is the Trojan horse TR/Vundo.DWB [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP309\A0056287.dll [DETECTION] Is the Trojan horse TR/Vundo.gc [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP309\A0056289.dll [DETECTION] Is the Trojan horse TR/Vundo.DWB [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP309\A0056506.dll [DETECTION] Is the Trojan horse TR/Vundo.DWB [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP309\A0056579.dll [DETECTION] Is the Trojan horse TR/Vundo.DWB [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP309\A0056582.dll [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP309\A0056597.dll [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP309\A0056598.dll [DETECTION] Is the Trojan horse TR/Vundo.gc [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP309\A0056599.dll [DETECTION] Is the Trojan horse TR/Vundo.DWB [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP318\A0058686.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP318\A0058687.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058884.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058885.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058886.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058887.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058888.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058889.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058890.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058891.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058892.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058893.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058894.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058895.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058896.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058897.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058898.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058899.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058900.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058901.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058902.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058903.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058904.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058905.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058906.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058907.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058908.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058909.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058910.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058911.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058912.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058913.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058914.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058915.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058916.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058917.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058918.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058919.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058920.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058921.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058922.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058923.exe [DETECTION] Is the Trojan horse TR/Drop.Agent.cbo [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058924.exe [DETECTION] Is the Trojan horse TR/Agent.fgk.1 [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058926.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP320\A0058928.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was deleted! C:\System Volume Information\_restore{7F1EA78C-8221-4DED-830D-EFA1877ED198}\RP321\A0059316.exe [DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.36 [iNFO] The file was deleted! C:\VundoFix Backups\awvvu.dll.bad [DETECTION] Is the Trojan horse TR/Vundo.gc [iNFO] The file was deleted! C:\VundoFix Backups\degcwhrk.dll.bad [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen [iNFO] The file was deleted! C:\VundoFix Backups\dpmxctvy.dll.bad [DETECTION] Is the Trojan horse TR/Vundo.DWB [iNFO] The file was deleted! C:\VundoFix Backups\igkurnmj.dll.bad [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen [iNFO] The file was deleted! C:\VundoFix Backups\jkkjh.dll.bad [DETECTION] Is the Trojan horse TR/Vundo.gc [iNFO] The file was deleted! C:\VundoFix Backups\lidwufmt.dll.bad [DETECTION] Is the Trojan horse TR/Vundo.DWB [iNFO] The file was deleted! C:\VundoFix Backups\pmnll.dll.bad [DETECTION] Is the Trojan horse TR/Vundo.gc [iNFO] The file was deleted! C:\VundoFix Backups\spexysod.dll.bad [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen [iNFO] The file was deleted! C:\VundoFix Backups\tuvtcdnf.dll.bad [DETECTION] Is the Trojan horse TR/Vundo.DWB [iNFO] The file was deleted! C:\VundoFix Backups\vxrnndve.dll.bad [DETECTION] Is the Trojan horse TR/Vundo.DWB [iNFO] The file was deleted! C:\VundoFix Backups\wdhqsqdv.dll.bad [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen [iNFO] The file was deleted! C:\VundoFix Backups\xpybytff.dll.bad [DETECTION] Is the Trojan horse TR/Vundo.DWB [iNFO] The file was deleted! C:\VundoFix Backups\zjkpsyfy.dll.bad [DETECTION] Is the Trojan horse TR/Vundo.DWB [iNFO] The file was deleted! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'F:\' <Nouveau nom> End of the scan: 2008-02-14 20:10 Used time: 48:49 min The scan has been done completely. 8815 Scanning directories 678173 Files were scanned 157 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 132 files were deleted 0 files were repaired 4 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 678016 Files not concerned 3507 Archives were scanned 2 Warnings 0 Notes -
[résolu][resolu] StorageProtector + Virtumonde
Nicola.S a répondu à un(e) sujet de Nicola.S dans Analyses et éradication malwares
Je m'en occupe dans un instant, le temps de finir l'analyse antivurs de Antivir (qui du coup, trouve beaucoup plus de chose que F-Secure, dont Vundo ) -
[résolu][resolu] StorageProtector + Virtumonde
Nicola.S a répondu à un(e) sujet de Nicola.S dans Analyses et éradication malwares
Malheureusement ça ne semble pas le cas. Je n'ai jamais eu de rapport dans C: directement, mais dans C:/Combofix/Combofix.txt. Je me doute que ce n'est pas normal mais c'est pourtant le cas. Rien n'est créé dans C: directement (contrairement aux rapports des autres logiciels tel que Genproc ou Vundofix) Par contre, un dossier Combofix est bien apparu, et dans celui ci figue un Combofix.txt (qui contient ce que j'ai cité précédement) -
[résolu][resolu] StorageProtector + Virtumonde
Nicola.S a répondu à un(e) sujet de Nicola.S dans Analyses et éradication malwares
Le truc c'est que c'est le rapport complet Merci pour l'antivirus -
[résolu][resolu] StorageProtector + Virtumonde
Nicola.S a répondu à un(e) sujet de Nicola.S dans Analyses et éradication malwares
Voila le rapport, par contre, problème, F Secure ne se lance plus. Du coup plus d'antivirus là. Quand je regarde les processus, je vois isass.exe, c'était pas un virus ? Voila le rapport, en attendant, je débranche internet. ComboFix 08-02-13.2 - Nicolas 2008-02-14 16:17:09.9 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1516 [GMT 1:00] Endroit: C:\Documents and Settings\Nicolas\Bureau\ComboFix(2).exe Command switches used :: C:\Documents and Settings\Nicolas\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE C:\WINDOWS\system32\awtsp.exe C:\WINDOWS\system32\awvtqrs.dll C:\WINDOWS\system32\awvtrrs.dll C:\WINDOWS\system32\awvtu.exe C:\WINDOWS\system32\ddayxwt.dll C:\WINDOWS\system32\ddccb.exe C:\WINDOWS\system32\ddccy.exe C:\WINDOWS\system32\ddccywv.dll C:\WINDOWS\system32\gebcccy.dll C:\WINDOWS\system32\gebcy.exe C:\WINDOWS\system32\gebyaby.dll C:\WINDOWS\system32\gebyvvv.dll C:\WINDOWS\system32\gebyw.exe C:\WINDOWS\system32\geebyyy.dll C:\WINDOWS\system32\jkhfc.exe C:\WINDOWS\system32\jkhhe.exe C:\WINDOWS\system32\jkhhf.exe C:\WINDOWS\system32\jkhhh.exe C:\WINDOWS\system32\jkhhhhe.dll C:\WINDOWS\system32\jkkjg.exe C:\WINDOWS\system32\jkkjhgh.dll C:\WINDOWS\system32\jkkjjge.dll C:\WINDOWS\system32\jkklljk.dll C:\WINDOWS\system32\mljgfde.dll C:\WINDOWS\system32\mljji.exe C:\WINDOWS\system32\mljjk.exe C:\WINDOWS\system32\mllji.exe C:\WINDOWS\system32\pmkhf.exe C:\WINDOWS\system32\pmkhfdd.dll C:\WINDOWS\system32\pmkhfde.dll C:\WINDOWS\system32\pmnlj.exe C:\WINDOWS\system32\pmnljgh.dll C:\WINDOWS\system32\ssqro.exe C:\WINDOWS\system32\ssqrsrq.dll C:\WINDOWS\system32\sstqpmm.dll C:\WINDOWS\system32\sstqr.exe C:\WINDOWS\system32\sstts.exe C:\WINDOWS\system32\sstttqr.dll C:\WINDOWS\system32\vtsqq.exe C:\WINDOWS\system32\vtsqrop.dll C:\WINDOWS\system32\vtststs.dll C:\WINDOWS\system32\WinSpooler.exe C:\WINDOWS\system32\WinUpdating.exe . -
[résolu][resolu] StorageProtector + Virtumonde
Nicola.S a répondu à un(e) sujet de Nicola.S dans Analyses et éradication malwares
J'effectue cette manipulation alors ? -
[résolu][resolu] StorageProtector + Virtumonde
Nicola.S a répondu à un(e) sujet de Nicola.S dans Analyses et éradication malwares
Ah tiens, je viens de constater, pendant ma navigation sur internet, qu'un second onglet s'est ouvert en popup sous firefox dirigeant vers "avsystemcare". Il ne me semble pas avoir eu cela auparavant -
[résolu][resolu] StorageProtector + Virtumonde
Nicola.S a répondu à un(e) sujet de Nicola.S dans Analyses et éradication malwares
Le pc va déjà beaucoup mieux, grand merci à vous. Il reste cependant certaines petites choses: - Au démarrage du pc, un message d'erreur est parfois présent, indiquant l'absence d'une dll (toujours avec un nom bizarre du genre b1s5regxw4.dll) - Dans le poste de travail, l'icone du disque dur C: est remplacée par une croix rouge. (Pas spécialement dérangeant mais étrange, puisque cela semble lié à sotrageprotector) Sinon, j'ai moi aussi envie de désinstaller spybot afin de laisser tourner seulement AVG (moins "lourd" et plus simple d'utilisation), pas de contre-indication ? Encore merci pour toutes ces réponses -
[résolu][resolu] StorageProtector + Virtumonde
Nicola.S a répondu à un(e) sujet de Nicola.S dans Analyses et éradication malwares
Merci pour la réponse. En ce qui concerne les antivirus etc, comme écrit dans la procédure, je les désactive (ainsi que la connexion internet) avant de lancer les différents logiciels de diagnostique. Sinon je possède F-Secure, Kerio, AVG, et spybot. Une question en passant puisqu'on en parle. Spybot est muni d'un système de surveillance (Tea time) surement très complet mais aussi difficile à comprendre. J'ai fréquemment des messages venant de celui-ci indiquant des modifications importantes dans le registre. Comment savoir quand il faut autoriser ou non la modification ? Sinon, voila le rapport Diaghelp: DiagHelp version v1.4 - http://www.malekal.com excute le 2008-02-14 à 14:35:57.38 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf -->2008-02-14 14:35:57 C:\WINDOWS\prefetch\CHCP.COM-17EDBDC9.pf -->2008-02-14 14:35:54 C:\WINDOWS\prefetch\BACKWEB-7681197.EXE-0CD34FA2.pf -->2008-02-14 14:35:53 C:\WINDOWS\prefetch\FSLAUNCH.EXE-1541820B.pf -->2008-02-14 14:35:48 C:\WINDOWS\prefetch\WSCNTFY.EXE-0B14C27D.pf -->2008-02-14 14:35:28 C:\WINDOWS\prefetch\VERCLSID.EXE-28F52AD2.pf -->2008-02-14 14:34:22 C:\WINDOWS\prefetch\FIREFOX.EXE-06188867.pf -->2008-02-14 14:34:12 C:\WINDOWS\prefetch\WUAUCLT.EXE-1360D60A.pf -->2008-02-14 14:34:08 C:\WINDOWS\prefetch\WINUPDATING.EXE-1BBB97B0.pf -->2008-02-14 14:34:08 C:\WINDOWS\prefetch\WINSPOOLER.EXE-212A566A.pf -->2008-02-14 14:34:08 C:\WINDOWS\System32\drivers\ComboFix.sys -->2008-02-14 14:27:07 C:\WINDOWS\System32\drivers\fwdrv.err -->2008-02-13 18:09:21 C:\WINDOWS\System32\drivers\sptd.sys -->2007-12-19 22:38:51 C:\WINDOWS\System32\drivers\mrxdav.sys -->2007-12-18 10:51:35 C:\WINDOWS\System32\drivers\yk51x86.sys -->2007-12-06 09:51:00 C:\WINDOWS\System32\drivers\secdrv.sys -->2007-11-13 11:25:54 C:\WINDOWS\System32\drivers\nv4_mini.sys -->2007-11-06 20:00:00 C:\WINDOWS\System32\wpa.dbl -->2008-02-14 14:33:14 C:\WINDOWS\System32\settingsbkup.sfm -->2008-02-14 14:31:56 C:\WINDOWS\System32\settings.sfm -->2008-02-14 14:31:56 C:\WINDOWS\System32\DVCState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx -->2008-02-14 14:31:56 C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx -->2008-02-14 14:31:56 C:\WINDOWS\System32\BMXState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx -->2008-02-14 14:31:56 C:\WINDOWS\System32\jupdate-1.6.0_04-b12.log -->2008-02-14 14:18:00 C:\WINDOWS\System32\tmp.txt -->2008-02-11 23:07:24 C:\WINDOWS\System32\tmp.reg -->2008-02-11 23:07:23 C:\WINDOWS\System32\bpsnfgrb.ini -->2008-02-11 13:44:51 C:\WINDOWS\System32\bmhvcfoh.ini -->2008-02-11 13:44:24 C:\WINDOWS\System32\rar.exe -->2008-02-10 13:45:18 C:\WINDOWS\System32\WinSpooler.exe -->2008-02-10 13:44:22 C:\WINDOWS\System32\WinUpdating.exe -->2008-02-10 11:57:57 C:\WINDOWS\System32\mljgfde.dll -->2008-02-07 12:18:57 C:\WINDOWS\System32\gebyw.exe -->2008-02-07 12:18:57 C:\WINDOWS\System32\sstttqr.dll -->2008-02-06 10:48:42 C:\WINDOWS\System32\gebcccy.dll -->2008-02-05 19:51:13 C:\WINDOWS\System32\ddccb.exe -->2008-02-05 19:51:13 C:\WINDOWS\System32\jkkjjge.dll -->2008-02-05 06:51:24 C:\WINDOWS\System32\jkhhh.exe -->2008-02-05 06:51:23 C:\WINDOWS\System32\MRT.exe -->2008-02-05 00:09:46 C:\WINDOWS\System32\pmkhfdd.dll -->2008-02-04 12:32:41 C:\WINDOWS\System32\ddccy.exe -->2008-02-04 12:32:41 C:\WINDOWS\System32\awvtqrs.dll -->2008-02-02 18:04:07 C:\WINDOWS.log -->2008-02-14 14:33:09 C:\WINDOWS\WindowsUpdate.log -->2008-02-14 14:33:05 C:\WINDOWS\bootstat.dat -->2008-02-14 14:32:50 C:\WINDOWS\SchedLgU.Txt -->2008-02-14 14:31:50 C:\WINDOWS\PSEXESVC.EXE -->2008-02-14 14:26:55 C:\WINDOWS\system.ini -->2008-02-14 12:19:19 C:\WINDOWS\MEMORY.DMP -->2008-02-13 19:52:57 C:\WINDOWS\ntbtlog.txt -->2008-02-13 18:09:32 C:\WINDOWS\tsoc.log -->2008-02-13 12:08:11 C:\WINDOWS\setupapi.log -->2008-02-13 12:08:11 C:\WINDOWS\ocmsn.log -->2008-02-13 12:08:11 C:\WINDOWS\ocgen.log -->2008-02-13 12:08:11 C:\WINDOWS\ntdtcsetup.log -->2008-02-13 12:08:11 C:\WINDOWS\msgsocm.log -->2008-02-13 12:08:11 C:\WINDOWS\KB946026.log -->2008-02-13 12:08:11 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 2356 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x44080000 0xcf000 7.00.6000.16608 C:\WINDOWS\system32\WININET.dll 0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x43e00000 0x45000 7.00.6000.16608 C:\WINDOWS\system32\iertutil.dll 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x00da0000 0x33000 1.04.0000.0001 C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL 0x00f90000 0x13000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll 0x44160000 0x127000 7.00.6000.16608 C:\WINDOWS\system32\urlmon.dll 0x44360000 0x5cd000 7.00.6000.16608 C:\WINDOWS\system32\ieframe.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x442b0000 0x3c000 7.00.6000.16608 C:\WINDOWS\system32\webcheck.dll 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll 0x01900000 0x171000 6.14.0010.11129 C:\WINDOWS\system32\nview.dll 0x02220000 0x50000 6.14.0010.11129 C:\WINDOWS\system32\NVWRSFR.DLL 0x02620000 0x2c000 1.04.0000.0002 C:\Program Files\MarkAny\ContentSafer\MaCSProHook.DLL 0x01e40000 0x6000 1.00.0000.0012 C:\WINDOWS\system32\ctagent.dll 0x02c60000 0x185000 1.05.0000.0011 C:\PROGRA~1\SPYBOT~1\SDHelper.dll 0x43ff0000 0xa000 7.00.6000.16608 C:\WINDOWS\system32\jsproxy.dll 0x03330000 0x15000 6.14.0011.6906 C:\WINDOWS\system32\nvwddi.dll 0x78130000 0x9b000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll 0x033e0000 0x1b9000 2.00.0000.0008 C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll 0x7c140000 0x103000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\Lib\MFC71.DLL 0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\Fichiers communs\Ahead\Lib\MSVCR71.dll 0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\Lib\MSVCP71.dll 0x62350000 0x53000 2.00.0500.0000 C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll 0x60400000 0x18000 2.00.0500.0000 C:\Program Files\OpenOffice.org 2.3\program\uwinapi.dll 0x61e70000 0x8e000 4.05.2003.0120 C:\Program Files\OpenOffice.org 2.3\program\stlport_vc7145.dll 0x036a0000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll 0x03710000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA 0x03270000 0x6000 6.01.0004.0058 C:\WINDOWS\TEMP\IadHide4.dll 0x60980000 0x7000 3.01.4000.1823 C:\WINDOWS\system32\MSISIP.DLL 0x74e10000 0x10000 5.06.0000.8820 C:\WINDOWS\System32\wshext.dll 0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL 0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL 0x59000000 0xe000 5.06.0000.6626 C:\WINDOWS\System32\wshFR.DLL ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 756 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x011e0000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 4876-1268 Répertoire de C:\WINDOWS\system32 2004-08-20 00:09 6,144 csrss.exe 1 fichier(s) 6,144 octets 0 Rép(s) 5,624,254,464 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 4876-1268 Répertoire de C:\WINDOWS\Downloaded Program Files 2008-02-11 20:13 <REP> . 2008-02-11 20:13 <REP> .. 2004-12-07 17:07 32 bdcore.dll 2006-05-25 01:21 118,784 bdupd.dll 2007-02-14 15:40 65 desktop.ini 2007-03-23 11:17 1,292 erma.inf 2006-05-25 01:21 53,248 ipsupd.dll 2005-03-16 12:34 7,407 lang.ini 2004-12-07 17:07 32 libfn.dll 2005-03-14 14:38 126 live.ini 2007-10-29 16:45 1,244 oscan8.inf 2007-10-25 16:54 471,040 oscan8.ocx 2005-03-14 14:58 7,073 scanoptions.tsi 2005-05-26 04:19 291 wuweb.inf 12 fichier(s) 660,634 octets Total des fichiers listés : 12 fichier(s) 660,634 octets 2 Rép(s) 5,624,254,464 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... 127.0.0.1 www.activexupdate.com 127.0.0.1 activexupdate.com 127.0.0.1 www.avpcheckupdate.com 127.0.0.1 avpcheckupdate.com 127.0.0.1 client.exeupdate.com 127.0.0.1 www.eupdatepage.com 127.0.0.1 eupdatepage.com 127.0.0.1 www.exeupdate.com 127.0.0.1 exeupdate.com 127.0.0.1 www.hotwinupdates.com 127.0.0.1 hotwinupdates.com 127.0.0.1 www.lavasoftupdate.com 127.0.0.1 lavasoftupdate.com 127.0.0.1 www.malwarewipeupdate.com 127.0.0.1 malwarewipeupdate.com 127.0.0.1 www.msupdate.net 127.0.0.1 msupdate.net 127.0.0.1 www.msupdater.net 127.0.0.1 msupdater.net 127.0.0.1 www.necessaryupdates.com 127.0.0.1 necessaryupdates.com 127.0.0.1 newupdates.lzio.com 127.0.0.1 redirect.msupdate.net 127.0.0.1 search.keyword.exeupdate.com 127.0.0.1 www.securityupdatesite.com 127.0.0.1 securityupdatesite.com 127.0.0.1 settings.updatemysettings.com 127.0.0.1 www.spyaxeupdate.com 127.0.0.1 spyaxeupdate.com 127.0.0.1 www.spyfalconupdate.com 127.0.0.1 spyfalconupdate.com 127.0.0.1 www.systemupdates.net 127.0.0.1 systemupdates.net 127.0.0.1 trial.updates.winsoftware.com 127.0.0.1 update.680180.net 127.0.0.1 www.updatemysettings.com 127.0.0.1 updatemysettings.com 127.0.0.1 updates.spywarequake.com 127.0.0.1 www.urgentsystemupdate.biz 127.0.0.1 urgentsystemupdate.biz 127.0.0.1 www.urgentsystemupdate.com 127.0.0.1 urgentsystemupdate.com 127.0.0.1 windupdates.com 127.0.0.1 www.pandaantivirus-2007.com 127.0.0.1 pandaantivirus-2007.com 127.0.0.1 www.pandadownload-now.com 127.0.0.1 pandadownload-now.com 127.0.0.1 www.panda-hq.com 127.0.0.1 panda-hq.com catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-14 14:36:52 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:db,0b,ab,40,77,60,0c,12,7b,2d,22,1b,46,50,6d,4a,c0,fd,be,ea,55,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:db,0b,ab,40,77,60,0c,12,7b,2d,22,1b,46,50,6d,4a,c0,fd,be,ea,55,.. scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:00000136 scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 176 - FSMA32.exe 732 - csrss.exe 756 - winlogon.exe 804 - services.exe 816 - lsass.exe 864 - FSLAUNCH.exe 976 - svchost.exe 1052 - svchost.exe 1092 - svchost.exe 1132 - svchost.exe 1180 - svchost.exe 1276 - svchost.exe 1368 - spoolsv.exe 1520 - guard.exe 1536 - SERVIC~1.EXE 1556 - mDNSResponder.e 1636 - fsgk32.exe 1692 - fssm32.exe 1712 - nvsvc32.exe 2108 - alg.exe 2296 - wscntfy.exe 2356 - explorer.exe 2844 - smax4pnp.exe 2872 - CtHelper.exe 2932 - Ctxfihlp.exe 2956 - CTxfispi.exe 2964 - CTSched.exe 3040 - FSLAUNCH.exe 3064 - rundll32.exe 3132 - rundll32.exe 3248 - backWeb-7681197 3264 - MaAgent.exe 3284 - reader_sl.exe 3304 - avgas.exe 3372 - ctfmon.exe 3416 - svchost.exe 3456 - NMBgMonitor.exe 3492 - NMIndexingServi 3552 - NMIndexStoreSvr 3752 - cmd.exe 4076 - wuauclt.exe Total number of processes = 42 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntkrnlpa.exe 806E2000 - \WINDOWS\system32\hal.dll BADA8000 - \WINDOWS\system32\KDCOM.DLL BACB8000 - \WINDOWS\system32\BOOTVID.dll BA6A9000 - spcc.sys BADAA000 - \WINDOWS\System32\Drivers\WMILIB.SYS BA691000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS BA662000 - ACPI.sys BA651000 - pci.sys BA8A8000 - ohci1394.sys BA8B8000 - \WINDOWS\System32\DRIVERS\1394BUS.SYS BA8C8000 - isapnp.sys BAE70000 - pciide.sys BAB28000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS BA8D8000 - MountMgr.sys BA632000 - ftdisk.sys BAB30000 - PartMgr.sys BA8E8000 - VolSnap.sys BA61A000 - atapi.sys BA8F8000 - jraid.sys BA908000 - disk.sys BA918000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS BA5FA000 - fltmgr.sys BA5E8000 - sr.sys BA5D1000 - KSecDD.sys BA5BE000 - WudfPf.sys BA531000 - Ntfs.sys BA504000 - NDIS.sys BA4F1000 - sfvfs02.sys BAB38000 - sfhlp02.sys BA4DF000 - sfdrv01.sys BA4C4000 - Mup.sys BADAC000 - JGOGO.sys BA9A8000 - \SystemRoot\System32\DRIVERS\intelppm.sys B9D66000 - \SystemRoot\System32\DRIVERS\nv4_mini.sys B9D52000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS BAB88000 - \SystemRoot\System32\DRIVERS\usbuhci.sys B9D2F000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS BAB90000 - \SystemRoot\System32\DRIVERS\usbehci.sys B9D0A000 - \SystemRoot\System32\DRIVERS\HDAudBus.sys BA9B8000 - \SystemRoot\System32\DRIVERS\cdrom.sys B9CC4000 - \SystemRoot\System32\DRIVERS\yk51x86.sys B9C46000 - \SystemRoot\system32\drivers\ctaud2k.sys B9C22000 - \SystemRoot\system32\drivers\portcls.sys BA9C8000 - \SystemRoot\system32\drivers\drmk.sys B9BFF000 - \SystemRoot\system32\drivers\ks.sys B9BCB000 - \SystemRoot\system32\drivers\ctoss2k.sys BABB8000 - \SystemRoot\system32\drivers\ctprxy2k.sys BA9D8000 - \SystemRoot\System32\DRIVERS\nic1394.sys B9BBA000 - \SystemRoot\System32\DRIVERS\serial.sys BAD64000 - \SystemRoot\System32\DRIVERS\serenum.sys BADB4000 - \SystemRoot\System32\DRIVERS\ASACPI.sys BA9E8000 - \SystemRoot\System32\DRIVERS\i8042prt.sys BABD8000 - \SystemRoot\System32\DRIVERS\kbdclass.sys BAFBC000 - \SystemRoot\System32\DRIVERS\audstub.sys BA9F8000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys BAD6C000 - \SystemRoot\System32\DRIVERS\ndistapi.sys B9B03000 - \SystemRoot\System32\DRIVERS\ndiswan.sys BAA08000 - \SystemRoot\System32\DRIVERS\raspppoe.sys BAA18000 - \SystemRoot\System32\DRIVERS\raspptp.sys BABF8000 - \SystemRoot\System32\DRIVERS\TDI.SYS B9AF2000 - \SystemRoot\System32\DRIVERS\psched.sys BAA28000 - \SystemRoot\System32\DRIVERS\msgpc.sys BAC08000 - \SystemRoot\System32\DRIVERS\ptilink.sys BAC18000 - \SystemRoot\System32\DRIVERS\raspti.sys BAA38000 - \SystemRoot\System32\DRIVERS\termdd.sys BAC28000 - \SystemRoot\System32\DRIVERS\mouclass.sys BADBA000 - \SystemRoot\System32\DRIVERS\swenum.sys B9A99000 - \SystemRoot\System32\DRIVERS\update.sys BAD80000 - \SystemRoot\System32\DRIVERS\mssmbios.sys BAA48000 - \SystemRoot\System32\Drivers\NDProxy.SYS BAA58000 - \SystemRoot\System32\DRIVERS\usbhub.sys BADC0000 - \SystemRoot\System32\DRIVERS\USBD.SYS B7934000 - \SystemRoot\system32\drivers\ADIHdAud.sys B791D000 - \SystemRoot\system32\drivers\AEAudio.sys B78BD000 - \SystemRoot\system32\drivers\Senfilt.sys B3576000 - \SystemRoot\system32\drivers\ha20x2k.sys B3547000 - \SystemRoot\system32\drivers\emupia2k.sys B351E000 - \SystemRoot\system32\drivers\ctsfm2k.sys B3482000 - \SystemRoot\system32\drivers\ctac32k.sys BADC6000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS BAEAB000 - \SystemRoot\System32\Drivers\Null.SYS BADCA000 - \SystemRoot\System32\Drivers\Beep.SYS BAEAD000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys BAC80000 - \SystemRoot\System32\drivers\vga.sys BADCE000 - \SystemRoot\System32\Drivers\mnmdd.SYS BADD2000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys B3419000 - \SystemRoot\system32\drivers\fwdrv.sys BAC90000 - \SystemRoot\System32\Drivers\Msfs.SYS BACA0000 - \SystemRoot\System32\Drivers\Npfs.SYS BA47C000 - \SystemRoot\System32\DRIVERS\rasacd.sys B3406000 - \SystemRoot\System32\DRIVERS\ipsec.sys B33AE000 - \SystemRoot\System32\DRIVERS\tcpip.sys B3365000 - \SystemRoot\System32\DRIVERS\ipnat.sys B333D000 - \SystemRoot\System32\DRIVERS\netbt.sys BAA88000 - \SystemRoot\System32\DRIVERS\wanarp.sys B331B000 - \SystemRoot\System32\drivers\afd.sys BAA98000 - \SystemRoot\System32\DRIVERS\arp1394.sys BAAA8000 - \SystemRoot\System32\DRIVERS\netbios.sys B3250000 - \SystemRoot\System32\DRIVERS\rdbss.sys B31E1000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys B31D0000 - \SystemRoot\system32\drivers\khips.sys BAD68000 - \SystemRoot\system32\DRIVERS\hidusb.sys BAAD8000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS BAB98000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS BAAF8000 - \SystemRoot\System32\Drivers\Fips.SYS BAF16000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys B9A91000 - \SystemRoot\System32\DRIVERS\mouhid.sys BAB18000 - \SystemRoot\System32\Drivers\Cdfs.SYS B31B8000 - \SystemRoot\System32\Drivers\dump_atapi.sys BADE4000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys B78B1000 - \SystemRoot\System32\drivers\Dxapi.sys BABE0000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys BAFC0000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32\nv4_disp.dll BFFA0000 - \SystemRoot\System32\ATMFD.DLL B2E80000 - \SystemRoot\System32\DRIVERS\ndisuio.sys B2C1C000 - \SystemRoot\System32\DRIVERS\mrxdav.sys B2CE8000 - \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys B2C98000 - \??\C:\Program Files\F-Secure\Common\FSPM.SYS B2972000 - \SystemRoot\System32\DRIVERS\srv.sys B2B2C000 - \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys B2CC8000 - \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys B277D000 - \SystemRoot\system32\drivers\wdmaud.sys B2B5C000 - \SystemRoot\system32\drivers\sysaudio.sys B1F34000 - \SystemRoot\System32\Drivers\HTTP.sys BAF0E000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 129 Liste des programmes installes Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe BridgeTalk Plugin CS3 Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color Common Settings Adobe Color EU Recommended Settings Adobe Color JA Extra Settings Adobe Color NA Extra Settings Adobe Creative Suite 3 Web Premium Adobe Default Language CS3 Adobe Device Central CS3 Adobe Dreamweaver CS3 Adobe ExtendScript Toolkit 2 Adobe ExtendScript Toolkit 2 Adobe Extension Manager CS3 Adobe Flash Player 9 ActiveX Adobe Flash Player ActiveX Adobe Flash Player Plugin Adobe Flash Video Encoder Adobe Fonts All Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe MotionPicture Color Files Adobe PDF Library Files Adobe Photoshop CS3 Adobe Reader 8.1.2 - Français Adobe Setup Adobe Setup Adobe Setup Adobe Shockwave Player Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe Version Cue CS3 Server {ko_KR} Adobe WAS CS3 Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 AHV content for Acrobat and Flash Ajouter ou supprimer Adobe Creative Suite 3 Web Premium Archiveur WinRAR ASUSUpdate AVG Anti-Spyware 7.5 Canon iP3300 Canon Setup Utility 2.3 Canon Utilities Easy-PhotoPrint Canon Utilities Easy-PrintToolBox CCleaner (remove only) CD Audio Reader Filter (remove only) Correctif pour Lecteur Windows Media 11 (KB939683) Correctif pour Windows XP (KB914440) Correctif Windows XP - KB873339 Correctif Windows XP - KB885835 Correctif Windows XP - KB885836 Correctif Windows XP - KB886185 Correctif Windows XP - KB887472 Correctif Windows XP - KB888302 Correctif Windows XP - KB890859 Correctif Windows XP - KB891781 Creative MediaSource 5 Creative Software AutoUpdate Creative System Information DataCastComponent DirectVobSub (remove only) DivX Content Uploader DivX Web Player DScaler 5 Mpeg Decoders Easy-WebPrint Enregistrement utilisateur de Canon iP3300 F-Secure Anti-Virus F-Secure BackWeb F-Secure Management Agent ffdshow [rev 1058+] [2007-03-22] Google Earth Half-Life® 2 High Definition Audio Driver Package - KB888111 HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.0 (KB932471) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) Java 6 Update 4 JRAID K-Lite Codec Pack 2.85 Full Lame ACM MP3 Codec Lecteur Windows Media 11 Marvell Miniport Driver Messenger Plus! Live Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Language Pack - FRA Microsoft .NET Framework 2.0 Service Pack 1 Microsoft .NET Framework 3.0 French Language Pack Microsoft .NET Framework 3.0 Service Pack 1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft User-Mode Driver Framework Feature Pack 1.0 Mise à jour de sécurité pour Lecteur Windows Media (KB911564) Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) Mise à jour de sécurité pour Lecteur Windows Media 8 (KB917734) Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533) Mise à jour de sécurité pour Windows XP (KB890046) Mise à jour de sécurité pour Windows XP (KB893756) Mise à jour de sécurité pour Windows XP (KB896358) Mise à jour de sécurité pour Windows XP (KB896423) Mise à jour de sécurité pour Windows XP (KB896424) Mise à jour de sécurité pour Windows XP (KB896428) Mise à jour de sécurité pour Windows XP (KB899587) Mise à jour de sécurité pour Windows XP (KB899591) Mise à jour de sécurité pour Windows XP (KB900725) Mise à jour de sécurité pour Windows XP (KB901017) Mise à jour de sécurité pour Windows XP (KB901214) Mise à jour de sécurité pour Windows XP (KB902400) Mise à jour de sécurité pour Windows XP (KB904706) Mise à jour de sécurité pour Windows XP (KB905414) Mise à jour de sécurité pour Windows XP (KB905749) Mise à jour de sécurité pour Windows XP (KB908519) Mise à jour de sécurité pour Windows XP (KB911562) Mise à jour de sécurité pour Windows XP (KB911927) Mise à jour de sécurité pour Windows XP (KB912919) Mise à jour de sécurité pour Windows XP (KB913580) Mise à jour de sécurité pour Windows XP (KB914388) Mise à jour de sécurité pour Windows XP (KB914389) Mise à jour de sécurité pour Windows XP (KB917344) Mise à jour de sécurité pour Windows XP (KB917422) Mise à jour de sécurité pour Windows XP (KB917953) Mise à jour de sécurité pour Windows XP (KB918118) Mise à jour de sécurité pour Windows XP (KB919007) Mise à jour de sécurité pour Windows XP (KB920213) Mise à jour de sécurité pour Windows XP (KB920670) Mise à jour de sécurité pour Windows XP (KB920683) Mise à jour de sécurité pour Windows XP (KB920685) Mise à jour de sécurité pour Windows XP (KB921398) Mise à jour de sécurité pour Windows XP (KB921503) Mise à jour de sécurité pour Windows XP (KB921883) Mise à jour de sécurité pour Windows XP (KB922616) Mise à jour de sécurité pour Windows XP (KB922819) Mise à jour de sécurité pour Windows XP (KB923191) Mise à jour de sécurité pour Windows XP (KB923414) Mise à jour de sécurité pour Windows XP (KB923689) Mise à jour de sécurité pour Windows XP (KB923694) Mise à jour de sécurité pour Windows XP (KB923980) Mise à jour de sécurité pour Windows XP (KB924191) Mise à jour de sécurité pour Windows XP (KB924270) Mise à jour de sécurité pour Windows XP (KB924496) Mise à jour de sécurité pour Windows XP (KB924667) Mise à jour de sécurité pour Windows XP (KB925902) Mise à jour de sécurité pour Windows XP (KB926255) Mise à jour de sécurité pour Windows XP (KB926436) Mise à jour de sécurité pour Windows XP (KB927779) Mise à jour de sécurité pour Windows XP (KB927802) Mise à jour de sécurité pour Windows XP (KB928090) Mise à jour de sécurité pour Windows XP (KB928255) Mise à jour de sécurité pour Windows XP (KB928843) Mise à jour de sécurité pour Windows XP (KB929123) Mise à jour de sécurité pour Windows XP (KB930178) Mise à jour de sécurité pour Windows XP (KB931261) Mise à jour de sécurité pour Windows XP (KB931784) Mise à jour de sécurité pour Windows XP (KB932168) Mise à jour de sécurité pour Windows XP (KB933729) Mise à jour de sécurité pour Windows XP (KB935839) Mise à jour de sécurité pour Windows XP (KB935840) Mise à jour de sécurité pour Windows XP (KB936021) Mise à jour de sécurité pour Windows XP (KB938829) Mise à jour de sécurité pour Windows XP (KB941202) Mise à jour de sécurité pour Windows XP (KB941568) Mise à jour de sécurité pour Windows XP (KB941569) Mise à jour de sécurité pour Windows XP (KB941644) Mise à jour de sécurité pour Windows XP (KB943055) Mise à jour de sécurité pour Windows XP (KB943460) Mise à jour de sécurité pour Windows XP (KB943485) Mise à jour de sécurité pour Windows XP (KB944653) Mise à jour de sécurité pour Windows XP (KB946026) Mise à jour pour Windows XP (KB898461) Mise à jour pour Windows XP (KB900485) Mise à jour pour Windows XP (KB904942) Mise à jour pour Windows XP (KB908531) Mise à jour pour Windows XP (KB910437) Mise à jour pour Windows XP (KB911280) Mise à jour pour Windows XP (KB916595) Mise à jour pour Windows XP (KB920342) Mise à jour pour Windows XP (KB920872) Mise à jour pour Windows XP (KB922582) Mise à jour pour Windows XP (KB925720) Mise à jour pour Windows XP (KB925876) Mise à jour pour Windows XP (KB927891) Mise à jour pour Windows XP (KB929338) Mise à jour pour Windows XP (KB930916) Mise à jour pour Windows XP (KB931836) Mise à jour pour Windows XP (KB933360) Mise à jour pour Windows XP (KB936357) Mise à jour pour Windows XP (KB938828) Mise à jour pour Windows XP (KB942763) Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0 Mozilla Firefox (2.0.0.12) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 6.0 Parser (KB933579) Nero 7 neroxml Neuf - Kit de connexion NVIDIA Drivers OpenOffice.org 2.3 OpenSource Flash Video Splitter (remove only) Package de base Microsoft de service de chiffrement pour cartes à puce PDF Settings RealMedia (remove only) Samsung Media Studio Sound Blaster X-Fi SoundMAX Spybot - Search & Destroy Steam Sunbelt Personal Firewall TeamSpeak 2 RC2 WebFldrs XP Windows Communication Foundation Language Pack - FRA Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live Messenger Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Format SDK Hotfix - KB891122 Windows Media Player 11 Windows Presentation Foundation Windows Presentation Foundation Language Pack (FRA) Windows Workflow Foundation FR Language Pack Windows XP Service Pack 2 XML Paper Specification Shared Components Language Pack 1.0 XML Paper Specification Shared Components Pack 1.0 XviD MPEG-4 Video Codec Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 4876-1268 Répertoire de C:\Program Files 2008-02-12 16:43 <REP> . 2008-02-12 16:43 <REP> .. 2008-02-09 18:55 <REP> Adobe 2007-02-14 15:59 <REP> Analog Devices 2007-02-15 11:55 <REP> ASUS 2007-11-25 17:18 <REP> Azureus 2007-07-21 17:10 <REP> Bonjour 2007-10-23 09:03 <REP> Canon 2008-02-11 23:05 <REP> CCleaner 2007-12-14 21:51 <REP> CD Audio Reader Filter 2007-02-14 15:38 <REP> ComPlus Applications 2007-02-14 16:21 <REP> Creative 2007-12-14 21:50 <REP> DirectVobSub 2007-07-23 12:09 <REP> DivX 2007-12-14 21:51 <REP> DScaler5 2008-02-14 12:52 <REP> eChanblard 2008-02-11 18:54 <REP> Fichiers communs 2007-12-15 20:14 <REP> FileZilla Client 2007-02-14 18:37 <REP> F-Secure 2008-01-11 16:42 <REP> Google 2008-02-11 17:00 <REP> Grisoft 2007-12-14 21:50 <REP> Haali 2007-02-14 15:46 <REP> Intel 2008-02-13 12:08 <REP> Internet Explorer 2008-02-14 14:21 <REP> Java 2007-03-25 16:41 <REP> K-Lite Codec Pack 2007-08-15 14:27 <REP> Lame MP3 Codec 2008-01-23 12:53 <REP> Lavasoft 2007-08-15 14:26 <REP> MarkAny 2007-02-14 16:04 <REP> Marvell 2007-02-14 20:30 <REP> Messenger 2008-01-08 15:37 <REP> Messenger Plus! Live 2007-02-14 15:41 <REP> microsoft frontpage 2007-02-14 19:43 <REP> Movie Maker 2008-02-14 14:34 <REP> Mozilla Firefox 2007-09-22 10:57 <REP> MSBuild 2007-02-14 15:38 <REP> MSN 2007-02-14 15:38 <REP> MSN Gaming Zone 2008-01-08 15:37 <REP> MSN Messenger 2007-07-05 10:11 <REP> MSXML 4.0 2007-09-22 10:59 <REP> MSXML 6.0 2007-07-04 11:22 <REP> Nero 2007-02-14 19:42 <REP> NetMeeting 2007-02-14 16:56 <REP> Neuf 2008-01-08 13:35 <REP> nutri 2007-12-01 13:34 <REP> OpenOffice.org 2.3 2007-12-14 21:51 <REP> OpenSource Flash Video Splitter 2007-06-19 18:13 <REP> Outlook Express 2007-07-21 17:35 <REP> QuickTime 2007-12-14 21:51 <REP> RealMedia 2007-09-22 10:55 <REP> Reference Assemblies 2007-08-15 14:26 <REP> Samsung 2007-02-14 15:38 <REP> Services en ligne 2008-02-12 12:20 <REP> Spybot - Search & Destroy 2007-02-14 16:59 <REP> Sunbelt Software 2007-09-23 18:11 <REP> Teamspeak2_RC2 2008-02-12 16:43 <REP> Trend Micro 2007-12-01 14:21 <REP> Valve 2007-12-15 20:14 <REP> Visicom Media 2007-07-17 15:17 <REP> Webteh 2008-01-08 15:37 <REP> Windows Live 2007-02-14 22:06 <REP> Windows Media Connect 2 2007-02-14 22:06 <REP> Windows Media Player 2007-02-14 19:41 <REP> Windows NT 2007-06-02 09:54 <REP> WinRAR 2008-01-08 13:50 <REP> WorkoutLogger 2007-02-14 15:41 <REP> xerox 2007-08-15 14:27 <REP> XviD 0 fichier(s) 0 octets 68 Rép(s) 5,624,160,256 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 4876-1268 Répertoire de C:\Program Files\fichiers communs 2008-02-11 18:54 <REP> . 2008-02-11 18:54 <REP> .. 2008-02-09 18:55 <REP> Adobe 2007-07-04 11:22 <REP> Ahead 2007-12-02 09:39 <REP> Blizzard Entertainment 2007-02-14 16:15 <REP> Creative 2007-02-15 11:54 <REP> InstallShield 2007-06-30 10:55 <REP> Java 2007-07-21 17:06 <REP> Macrovision Shared 2007-02-14 22:03 <REP> Microsoft Shared 2007-02-14 15:39 <REP> MSSoap 2007-02-14 15:27 <REP> ODBC 2007-02-14 15:39 <REP> Services 2007-02-14 15:27 <REP> SpeechEngines 2007-06-19 18:13 <REP> System 0 fichier(s) 0 octets 15 Rép(s) 5,624,160,256 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 4876-1268 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 2007-02-14 15:44 <REP> . 2007-02-14 15:44 <REP> .. 2001-05-18 17:57 561,209 MSONSEXT.DLL 1999-06-03 14:09 122,937 MSOWS409.DLL 2001-03-07 09:00 127,033 MSOWS40c.DLL 3 fichier(s) 811,179 octets 2 Rép(s) 5,624,160,256 octets libres c:\Documents and Settings\Nicolas\Application Data\Microsoft\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.exe c:\Documents and Settings\Nicolas\Bureau\ccsetup204.exe c:\Documents and Settings\Nicolas\Bureau\ComboFix(2).exe c:\Documents and Settings\Nicolas\Bureau\FxVundoB.exe c:\Documents and Settings\Nicolas\Bureau\HJTInstall(2).exe c:\Documents and Settings\Nicolas\Bureau\HJTInstall.exe c:\Documents and Settings\Nicolas\Bureau\jre-6u4-windows-i586-p.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix.exe c:\Documents and Settings\Nicolas\Bureau\spybotsd152.exe c:\Documents and Settings\Nicolas\Bureau\VirtumundoBeGone.exe c:\Documents and Settings\Nicolas\Bureau\VundoFix(2).exe c:\Documents and Settings\Nicolas\Bureau\VundoFix.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\catchme.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\diff.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\dumphive.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\find2.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\Fport.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\grep.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\gzip.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\KProcCheck.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\LFiles.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\md5sums.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\pslist.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\sigcheck.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\streams.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\swreg.exe c:\Documents and Settings\Nicolas\Bureau\DiagHelp\DiagHelp\tar.exe c:\Documents and Settings\Nicolas\Bureau\GenProc\GenProc\outil\swreg.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\dumphive.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\exit.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\GenericRenosFix.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\HostsChk.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\IEDFix.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\Process.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\Reboot.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\restart.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\SmiUpdate.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\SrchSTS.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\swreg.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\swsc.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\swxcacls.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\unzip.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\VACFix.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\VCCLSID.exe c:\Documents and Settings\Nicolas\Bureau\SmitfraudFix\WS2Fix.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer1716\Setup.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer1716\redist\WindowsInstaller-KB893803-v2-x86.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer1716\redist\WindowsServer2003-KB898715-ia64-enu.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer1716\redist\WindowsServer2003-KB898715-x64-enu.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer1716\redist\WindowsServer2003-KB898715-x86-enu.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer1716\redist\WindowsXP-KB898715-x64-enu.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer388\Setup.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer388\redist\WindowsInstaller-KB893803-v2-x86.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer388\redist\WindowsServer2003-KB898715-ia64-enu.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer388\redist\WindowsServer2003-KB898715-x64-enu.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer388\redist\WindowsServer2003-KB898715-x86-enu.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer388\redist\WindowsXP-KB898715-x64-enu.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer4008\Setup.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer4008\redist\WindowsInstaller-KB893803-v2-x86.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer4008\redist\WindowsServer2003-KB898715-ia64-enu.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer4008\redist\WindowsServer2003-KB898715-x64-enu.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer4008\redist\WindowsServer2003-KB898715-x86-enu.exe c:\Documents and Settings\Nicolas\Local Settings\Application Data\Installer4008\redist\WindowsXP-KB898715-x64-enu.exe c:\Documents and Settings\Nicolas\Local Settings\Temp\runme.exe c:\Documents and Settings\PASCAL\Bureau\Azureus_3.0.3.4_windows.exe c:\Documents and Settings\PASCAL\Bureau\google-earth_google_earth_4.2.0198_beta_francais_14783.exe c:\Documents and Settings\PASCAL\Bureau\installer-51883-17-Azureus-French.exe c:\Documents and Settings\PASCAL\Bureau\jre-6u3-windows-i586-p-iftw.exe c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules401\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules401\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules401\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules404\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules404\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules404\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules405\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules405\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules405\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules406\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules406\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules406\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules407\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules407\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules407\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules408\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules408\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules408\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules409\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules409\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules409\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40b\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40b\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40b\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40c\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40c\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40c\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40e\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40e\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules40e\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules410\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules410\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules410\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules411\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules411\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules411\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules412\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules412\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules412\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules413\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules413\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules413\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules414\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules414\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules414\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules415\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules415\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules415\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules419\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules419\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules419\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41D\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41D\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41D\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41E\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41E\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41E\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41F\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41F\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules41F\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules804\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules804\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules804\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules816\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules816\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModules816\CNMur84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModulesc0a\CNMlr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModulesc0a\CNMsr84.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP3300\LanguageModulesc0a\CNMur84.dll c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Nero\DrWeb\Drweb32.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll c:\Documents and Settings\Nicolas\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_DOCHE-0PKOS71KZ.tar.gz a l'adresse http://upload.malekal.com Merci d'avance.