Aller au contenu

ellesé

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    19

  • Inscription

  • Dernière visite

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Autres informations

  • Mes langues
    français, anglais, italien, espagnol

ellesé's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. ellesé
    Bonjour, je me permet d'intervenir car je crois qu'il a potentiellement DANGER de MORT avec ce montage ! L'idée est bonne, mais les bracelets anti-statiques du commerce ont impérativement une forte résistance (1 MOhm) insérée en série. Le but est de laisser passer le statique, mais pas un courant létal. En effet, qui n'a jamais oublié d'enlever la prise en bricolant son PC ? Un contact accidentel avec du 220V et le courant vous traverse le coprs pour sortie par la belle masse de votre bracelet ! Il existe aussi une possibilité, rare mais possible, qu'il y ait une retour de tension par la terre. Voir p.ex. ici: http://forums.futura-sciences.com/electron...tistatique.html Cordialement.
  2. ellesé

    Merci Pear pour votre patience et votre aide très professionnelle.

  3. ellesé
    Bonsoir, Je n'avais pas percuté que vous désiriez probablement le rapport pour le nettoyage. Alors voici: -->- Recherche: C:\SDFIX: trouvé ! C:\Lop SD: trouvé ! C:\HijackThis: trouvé ! C:\Qoobox: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé ! C:\Documents and Settings\Lorenzo\Bureau\SdFix.exe: trouvé ! C:\Documents and Settings\Lorenzo\Bureau\LopSD.exe: trouvé ! C:\Documents and Settings\Lorenzo\Bureau\fsbl.exe: trouvé ! C:\Documents and Settings\Lorenzo\Bureau\EliBaglA.exe: trouvé ! C:\Documents and Settings\Lorenzo\Bureau\Navilog1.exe: trouvé ! C:\Documents and Settings\Lorenzo\Bureau\Navilog1.lnk: trouvé ! C:\Documents and Settings\Lorenzo\Recent\HijackThis.lnk: trouvé ! C:\Program Files\Navilog1: trouvé ! C:\Program Files\Navilog1\Navilog1.bat: trouvé ! AntiVir a intercepté Navilog1, je pense que c'est normal. Je désire garder HiJackThis, si ce n'est pas dangereux. Tout va bien, je crois que l'infection est vraiment éradiquée. AVG AS installés. Add-ons Firefox aussi. Je vais installer DropMyRights et passer en IE7 pour les MàJ. Au fait, pendant que l'on y est, j'ai un logiciel désinstallé qui figure encore dans la liste du Panneau de Config, mais il n'y a plus de bouton Modifier/Ajouter. Cela devait être un logicel mal conçu. Sauriez-vous me conseiller un utilitaire plus "puissant" pour nettoyer les vieilles installs ? Merci
  4. ellesé
    Reçu 5/5. Concernant les lignes O4, il semblerait que la ligne suivante serait liée à ma carte graphique Nvidia. Est-ce bien juste de supprimer ? O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup Pour Ctfmon, aucune des deux cases n'est cochée dans l'onglet "Langues" des Options régionales !? Par contre dans l'onglet "Option Avancées" / "Tables de conversion des pages de code" il y a de nombreuses langues "exotiques" cochées (russe, ukrainien, cyrillique, coréen...) Que faut-il faire ? OK pour Antivir plutot que McAfee. Est-ce que le pare-feu Windows est suffisant ? A propos de anti-spyware, je suis tombé sur ceci: http://forum.malekal.com/viewtopic.php?f=45&t=8765 qui donne ce classement: 1/ Malwarebyte's Anti-Malware avec 7+/10 - Tutorial Malwarebyte's Anti-Malware (confirmation de ce qui avait été constaté lors de la présentation de ce logiciel dans la partie "programmes utiles" : viewtopic.php?f=36&t=6202) 2/ SUPERAntispyware avec 6-/10 - Tutorial SUPERAntispyware - 3/ CounterSpy avec 3++/10 4/ SpySweeper avec 3+/10 5/ AVG Antispyware avec 2+/10 6/ Ad-Aware 2007 avec de 2+/10 7/ SpywareFighter avec de 2+/10 puis : a-squared Anti-Malware 3.1 avec 1+/10 SpyBot avec 1+/10 Ashampoo AntiSpyware avec 1+/10 SpywareDoctor avec 1/10 AVG est bien. D'après ce que j'ai vu ces derniers temps sur mes infections, je trouve très bizarre que Ad-Aware (qui est d'ailleurs déconseillé un peu partout) soit mieux que SpyBot. On dévie un peu du sujet, mais tant qu'à boucler ce nettoyage par la mise en place d'une bonne protection, je me permettais de demander votre dernier avis. Je posterai encore une fois dans 1 ou 2 jours pour confirmer que tout va bien et fermer ce sujet. Merci beaucoup pour l'aide. Peut-on laisser une note positive ou un compliment, façon e-Bay ? Bonne nuit.
  5. ellesé
    BIIIIINNNNGO ! 1) Java à jour 2) J'ai réussi a télécharger le dernier EliBaglA (11.09) (sur au autre PC quand même - n'y arrivait pas avec Firefox depuis le PC infecté) et il a effectivement trouvé ce néfaste GoogleToolbarNotifer.exe Depuis ça semble être le bonheur. IE6 remarche. J'ai éteint et rallumé le PC. OK. SpyEraser a intercepté une tentative d'installation de BHO au démarrage, mais c'était Java 6u4. J'ai donc autorisé. J'ai refait un EliBaglA pour voir et pas de nouvelle Infection. Je vais encore refaire un Combo-Fix histoire d'assurer. C'est beta, j'avais commencé par dire que seul EliBaglA semblait me dépanner depuis le début (c'était le 10 février... InfoSat.txt cumule les rapports). C'est aussi l'outil que vous m'aviez conseillé de mettre à jour en premier, mais le site ne répondait pas ce jour là. Il semble qu'il fallait bien la dernière version pour venir à bout des mutations de Bagle. Est-ce que je dois toujours installer cmdcons ? Vous parliez de fournir le nécessaire pour nettoyer les outils (post #27) Ci-dessous le rapport InfoSat et un dernier HiJackThis. Un grand Merci ! Sun Mar 02 19:54:22 2008 EliBagle v11.09 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ C:\Muestras\HLDRRR.EXE.MUESTRA ELIBAGLE V10.98 --> Eliminado Bagle.dldr C:\Program Files\Google\GoogleToolbarNotifier\GOOGLETOOLBARNOTIFIER.EXE --> Eliminado Bagle.dldr C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\456828.EXE.VIR --> Eliminado Bagle Nº Total de Directorios: 12954 Nº Total de Ficheros: 148437 Nº de Ficheros Analizados: 17569 Nº de Ficheros Infectados: 3 Nº de Ficheros Limpiados: 3 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:42:18, on 02/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\GEARSec.exe C:\PROGRA~1\Iomega\System32\AppServices.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\SPAMfighter\sfus.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Iomega\AutoDisk\ADService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wuauclt.exe C:\HijackThis\HiJackThis202.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe" O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?a9d13d68b5714157b8cd14d769fadaf O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?a9d13d68b5714157b8cd14d769fadaf O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O17 - HKLM\System\CCS\Services\Tcpip\..\{2CC656FA-AF70-47B5-9C16-2B579DAE8A69}: NameServer = 192.168.0.1 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing) O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe -- End of file - 8640 bytes
  6. ellesé
    OK, on y croit ! 1) O2, fait. Cependant, bien que Firefox est désormais le navigateur par défaut, IE s'est ouvert "par erreur" en cherchant la MàJ pour la cmdcons. Bien que la ligne O2 est été fixée, la fenêtre intempestive est encore apparue, avec le processus correspondant GoogleToolbarNotifier...!? Toujours bizarre ! 2) Le bat a été fait et lancé. "Success". Pas de log. 3) Pour la cmdcons, ca va êtyre un peu plus long, car j'ai le CD OEM SP1. J'avais du faire la MàJ SP2 en ligne. Je n'arrive donc pas à installer cmdcons sur ma version SP2. Contrairement à ce qui est dit "Si vous avez Windows XP mis à jour avec le SP2, cette commande propose une mise à jour directe par Internet (cela est valable uniquement si vous possédez le CD XP ou XP SP1, dans ce cas Windows recherche la mise à jour sur Internet)." je n'ai pas de proposition pour màj internet. Cependant, j'ai trouvé des infos pour faire un "slipstream" (?). Je vais m'y employer plus tard ce soir. Je dois sortir. Si vous avez mieux, je veux bien A suivre.
  7. ellesé
    NAAAAAAAAAN Bagle est revenu !!! Avec tout le respect que je vous dois, et tout en vous remerciant infiniment pour l'aide jusqu'ici, c'est quand même depuis le début (après déjà 3 semaines de galère tout seul) que je dis que la source du mal est associée à IEXPLORE.exe C'est fois c'est prouvé: Bagle revient même SANS CONNEXION. Il est donc toujours là, enfoui, et relancé par iexplore.exe, que j'ai lancé avec la connexion DESACTIVEE. IE est toujours lent au démarrage, et finit toujours par m'afficher cette fenêtre intempestive. J'ai donc terminé le processus GoogleToolbarNotifier.exe (fenêtre intempestive) et iexplore.exe. Puis TOUJOURS HORS CONNEXION, j'ai lancé Combo-Fix qui a tout de suite retrouvé Bagle. J'ai du le lancer une 2eme fois, car, comme à chaque fois qu'il trouve Bagle, il n'arrive pas au bout, ne crée par le rapport et me laisse la date au format bizarre. Ci-dessous le rapport HiJackThis AVANT de lancer IE6. Puis à la suite le nouveau rapport Combo-Fix. Je sais que j'insiste, mais ne devrait-on pas traiter IEXPLORE et/ou GoogleToolbarNotifier qui doivent être infectés ? Quid de réinstaller IE6 et/ou passer en IE7: http://support.microsoft.com/default.aspx?scid=kb;fr;318378 A part ça mon PC est devenu une vraie fusée, l'allumage et les affichage de Explorer sont devenus instantanés, alors qu'avant ça ramait. J'ai aussi fait un peu de ménage dans les programmes inutiles. Dois-je/Peux-je aussi désinstaller les programme anti-virus rendus HS par Bagle ou vont-ils remarcher une fois le PC assaini ? NB. Merci pour la procédure ci-dessus, mais je n'ai PAS encore touché à la désinfection des clefs USB, qui n'est donc PAS la source de réinfection. Allez ! On va y arriver, n'est-ce pas ? A+ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:40:35, on 02/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\GEARSec.exe C:\PROGRA~1\Iomega\System32\AppServices.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\SPAMfighter\sfus.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Iomega\AutoDisk\ADService.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe C:\HijackThis\HiJackThis202.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe" O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?a9d13d68b5714157b8cd14d769fadaf O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?a9d13d68b5714157b8cd14d769fadaf O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O17 - HKLM\System\CCS\Services\Tcpip\..\{2CC656FA-AF70-47B5-9C16-2B579DAE8A69}: NameServer = 192.168.0.1 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing) O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe -- End of file - 8664 bytes xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ComboFix 08-02-25.2 - Lorenzo 2008-03-02 14:38:59.11 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.640 [GMT 1:00] Endroit: C:\Documents and Settings\Lorenzo\Bureau\Combo-Fix.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\WINDOWS\system32\drivers\down C:\WINDOWS\system32\drivers\hldrrr.exe C:\WINDOWS\system32\drivers\srosa.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_SROSA -------\srosa ((((((((((((((((((((((((((((( Fichiers créés 2008-02-02 to 2008-03-02 )))))))))))))))))))))))))))))))))))) . 2008-03-02 12:17 . 2008-03-02 12:17 <REP> d-------- C:\Program Files\Beyond Compare 2 2008-03-01 14:01 . 2008-03-01 18:46 <REP> d-------- C:\Lop SD 2008-02-29 23:46 . 2008-02-29 23:46 <REP> d-------- C:\WINDOWS\ERUNT 2008-02-29 23:39 . 2008-03-01 00:06 <REP> d-------- C:\SDFix 2008-02-29 23:24 . 2008-02-29 23:37 <REP> d-------- C:\Program Files\Navilog1 2008-02-25 00:14 . 2008-02-25 00:14 30,332 --a------ C:\EasyCleaner REG cleanup.htm 2008-02-25 00:03 . 2008-02-25 00:03 459,307 --a------ C:\EasyCleaner-Inutiles.htm 2008-02-24 22:56 . 2008-02-24 22:58 <REP> d-------- C:\Program Files\SpywareBlaster 2008-02-24 20:08 . 2008-02-24 20:08 <REP> d-------- C:\Program Files\ToniArts 2008-02-24 20:06 . 2008-03-02 13:40 <REP> d-------- C:\HijackThis 2008-02-23 19:46 . 2008-02-23 19:46 <REP> d-------- C:\Muestras 2008-02-14 21:49 . 2008-02-14 21:49 <REP> d-------- C:\Program Files\Avira 2008-02-14 21:49 . 2008-02-14 21:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-02-12 23:15 . 2008-02-12 23:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue 2008-02-10 22:48 . 2008-02-10 22:46 691,545 --a------ C:\WINDOWS\unins000.exe 2008-02-10 22:48 . 2008-02-10 22:48 3,453 --a------ C:\WINDOWS\unins000.dat 2008-02-10 22:15 . 2008-02-10 22:15 <REP> d-------- C:\Program Files\Fichiers communs\PC Tools 2008-02-10 22:14 . 2008-02-12 23:14 <REP> d-------- C:\Program Files\Spyware Doctor 2008-02-10 22:14 . 2008-02-10 22:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools 2008-02-10 22:14 . 2007-02-23 00:09 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-02-10 22:14 . 2007-02-25 23:45 59,472 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-02-10 22:14 . 2007-02-19 18:13 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-02-10 22:14 . 2007-02-19 18:13 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys 2008-02-10 22:14 . 2007-02-23 07:13 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-02-10 22:05 . 2008-02-10 22:05 <REP> d-------- C:\Program Files\CCleaner 2008-02-10 21:57 . 2006-06-08 20:00 116,864 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys 2008-02-10 21:57 . 2006-06-08 20:00 58,464 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys 2008-02-10 21:56 . 2008-02-10 21:57 <REP> d-------- C:\Program Files\Network Associates 2008-02-10 21:56 . 2008-02-10 21:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Network Associates 2008-02-09 15:45 . 2008-02-09 15:45 <REP> d-------- C:\Program Files\DAMN NFO Viewer 2008-02-03 15:08 . 2008-02-03 15:08 <REP> d-------- C:\Program Files\Kalender 2008-02-03 15:08 . 2008-03-01 16:49 <REP> d-------- C:\Documents and Settings\Lorenzo\Application Data\UK's Kalender 2008-02-03 12:08 . 2008-02-03 12:09 <REP> d-------- C:\Program Files\iTunes . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-02 13:18 --------- d-----w C:\Program Files\SPAMfighter 2008-03-02 13:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-01 16:39 936 ----a-w C:\WP_VFR1.bin 2008-03-01 16:39 564 ----a-w C:\WP_FileList4AVFR.bin 2008-03-01 16:39 432 ----a-w C:\WP_FileList4SVFR.bin 2008-03-01 16:39 --------- d-----w C:\Program Files\WinPilot XP VFR 2008-03-01 15:49 28,256 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys 2008-03-01 14:34 --------- d-----w C:\Program Files\AutoREALM 2008-02-24 23:07 --------- d-----w C:\Program Files\Norton Ghost 2008-02-24 23:07 --------- d-----w C:\Program Files\eMule 2008-02-24 21:09 15,360 ----a-w C:\WINDOWS\system32\dllcache\register.exe 2008-02-24 19:08 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-14 19:53 --------- d-----w C:\Program Files\Yahoo! 2008-02-14 08:00 --------- d-----w C:\Program Files\SecCopy 2008-02-12 23:09 --------- d-----w C:\Program Files\Uniblue 2008-02-12 23:09 --------- d-----w C:\Documents and Settings\Lorenzo\Application Data\Uniblue 2008-02-12 22:14 --------- d-----w C:\Program Files\Miraizon 2008-02-12 22:11 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-11 06:29 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-10 20:56 --------- d-----w C:\Program Files\Fichiers communs\Network Associates 2008-02-07 15:48 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll 2008-02-07 15:48 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll 2008-02-07 15:48 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll 2008-02-04 20:59 --------- d-----w C:\Documents and Settings\Lorenzo\Application Data\AdobeUM 2008-02-03 11:09 --------- d-----w C:\Program Files\iPod 2008-02-03 11:05 --------- d-----w C:\Program Files\QuickTime 2008-01-27 21:06 --------- d-----w C:\Documents and Settings\Lorenzo\Application Data\Media Player Classic 2008-01-27 21:00 --------- d-----w C:\Program Files\Combined Community Codec Pack 2008-01-26 13:56 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-01-19 09:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\RapidSolution 2008-01-18 22:08 --------- d-----w C:\Documents and Settings\Lorenzo\Application Data\SlySoft 2008-01-18 22:00 --------- d-----w C:\Program Files\SlySoft 2008-01-06 16:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle 2008-01-06 16:17 --------- d-----w C:\Program Files\Pinnacle 2008-01-06 16:05 --------- d-----w C:\Program Files\Avid 2008-01-06 15:37 --------- d-----w C:\Program Files\DivX 2008-01-04 21:13 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-01-04 20:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems 2008-01-04 17:58 --------- d-----w C:\Program Files\Logitech 2008-01-04 17:52 --------- d-----w C:\Program Files\InstantTimeZone 2008-01-04 17:47 --------- d-----w C:\Documents and Settings\Lorenzo\Application Data\Ringtone 2008-01-04 17:36 --------- d-----w C:\Documents and Settings\Lorenzo\Application Data\Lavasoft 2008-01-04 17:34 --------- d-----w C:\Program Files\DiscWizard 2003 2008-01-04 14:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-03 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\PicturesToExe 2008-01-03 21:40 --------- d-----w C:\Program Files\WnSoft PicturesToExe 2008-01-03 15:24 --------- d-----w C:\Documents and Settings\Lorenzo\Application Data\eMule 2007-12-22 14:24 39,424 ----a-w C:\WINDOWS\zipinst.exe 2006-12-24 15:30 94,880 ----a-w C:\Documents and Settings\Lorenzo\Application Data\GDIPFONTCACHEV1.DAT 2006-01-15 12:47 4 ----a-w C:\Program Files\SpeechMillLAIPTTSin.pol 2006-01-15 12:37 4 ----a-w C:\Program Files\SpeechMillLAIPTTSout.pol 2005-09-09 17:55 7,155,864 ----a-w C:\Program Files\NGhost10.msi 2005-09-09 17:55 37,766,164 ----a-w C:\Program Files\Data1.cab 2005-09-09 17:55 35 ----a-w C:\Program Files\SCSSDist.ini 2005-04-09 17:24 83,224 ------w C:\Documents and Settings\Adriana\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360] "Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2008-01-29 10:13 1424648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Network Associates Error Reporting Service"="C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe" [2008-03-02 14:29 147514] "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29 308880] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 00:07 8491008] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2008-03-02 14:29 94208] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2008-03-02 14:29 139320] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-02 14:29 249896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17 443968] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ :\WINDOWS\system3 [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Assistant d'Acrobat.lnk] backup=C:\WINDOWS\pss\Assistant d'Acrobat.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bootvis.lnk] backup=C:\WINDOWS\pss\Bootvis.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Device Detector 2.lnk] backup=C:\WINDOWS\pss\Device Detector 2.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HOTSYNCSHORTCUTNAME.lnk] backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InstantTimeZone.lnk] backup=C:\WINDOWS\pss\InstantTimeZone.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Catherine^Menu Démarrer^Programmes^Démarrage^La Solution Associations Ciel.lnk] backup=C:\WINDOWS\pss\La Solution Associations Ciel.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Catherine^Menu Démarrer^Programmes^Démarrage^La Solution Enseignement Ciel.lnk] backup=C:\WINDOWS\pss\La Solution Enseignement Ciel.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Catherine^Menu Démarrer^Programmes^Démarrage^Palm Registration.lnk] backup=C:\WINDOWS\pss\Palm Registration.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Lorenzo^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk] backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Lorenzo^Menu Démarrer^Programmes^Démarrage^Anti-Pub.lnk] backup=C:\WINDOWS\pss\Anti-Pub.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Lorenzo^Menu Démarrer^Programmes^Démarrage^La Solution Enseignement Ciel.lnk] backup=C:\WINDOWS\pss\La Solution Enseignement Ciel.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADUserMon] --a------ 2002-09-24 15:39 147456 C:\Program Files\Iomega\AutoDisk\ADUserMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] --a------ 2008-01-19 10:54 469504 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2008-02-24 21:35 58984 C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey] --a------ 2004-02-05 13:45 510464 C:\WINDOWS\mHotkey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] --a------ 2004-01-07 15:14 2453504 C:\WINDOWS\CMICNFG.CPL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Deskup] --a------ 2002-07-16 09:55 32768 C:\Program Files\Iomega\DriveIcons\deskup.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit] --a------ 2003-12-29 23:33 94208 C:\WINDOWS\Dit.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] --a------ 2003-05-16 00:41 163840 C:\Program Files\Microsoft IntelliPoint\point32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Drive Icons] --a------ 2002-08-13 13:30 86016 C:\Program Files\Iomega\DriveIcons\ImgIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kalender] --a------ 2007-10-12 15:37 819200 C:\Program Files\Kalender\Kalender.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ledpointer] --a------ 2004-02-03 17:15 5794816 C:\WINDOWS\CNYHKey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeScape Media Detector] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] --a------ 2004-01-20 12:50 188416 C:\Program Files\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] --a------ 2004-01-20 12:53 77824 C:\Program Files\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection] --a------ 2003-06-10 17:49 50688 C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] --a------ 2004-02-04 16:09 53248 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] --------- 2005-10-11 18:25 1961984 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0] --a------ 2005-09-09 18:09 1537648 C:\Program Files\Norton Ghost\Agent\GhostTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-09-17 00:07 8491008 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-09-17 00:07 81920 C:\WINDOWS\system32\NvMcTray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-09-17 00:07 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage] --a------ 2002-02-20 20:01 49152 C:\Program Files\ScanSoft\OmniPageSE\opware32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] --a------ 2004-02-26 10:08 61440 C:\Program Files\Home Cinema\PowerCinema\PCMService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] --a------ 2007-09-28 02:17 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck] --a------ 2004-03-10 23:26 406016 C:\WINDOWS\system32\\PSDrvCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSTA.EXE] --a------ 2004-01-14 16:09 215552 C:\WINDOWS\system32\PRISMSTA.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Prism_Utility] --a------ 2004-01-14 16:09 215552 C:\WINDOWS\system32\PRISMSTA.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray] --a------ 2008-03-01 13:17 669776 C:\Program Files\Spyware Doctor\SDTrayApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Second Copy 2000] --a------ 2001-09-17 08:37 1134080 C:\PROGRA~1\SecCopy\SecCopy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor] --a------ 2008-03-02 14:25 2385488 C:\Program Files\Spyware Doctor\swdoctor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2006-10-12 03:10 49263 C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2006-09-21 05:05 757887 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2007-06-17 12:29 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2] --a------ 2007-12-05 16:06 1885464 C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ccSetMgr"=2 (0x2) "ccPwdSvc"=3 (0x3) "ccEvtMgr"=2 (0x2) "Norton Ghost"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Avidyne\\FlightMax\\AviSysDL\\DataTransacServer.exe"= "C:\\Program Files\\Avidyne\\FlightMax\\DatalinkClient.exe"= "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"= "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"= "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"= "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Avid\\Avid Liquid 7\\Program\\StudioU.mod"= "C:\\Program Files\\Avid\\Avid Liquid 7\\Program\\RM.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowOutboundDestinationUnreachable"= 1 (0x1) "AllowOutboundSourceQuench"= 1 (0x1) "AllowOutboundTimeExceeded"= 1 (0x1) "AllowRedirect"= 1 (0x1) R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-10-25 15:29] R3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2007-06-21 07:32] R3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys [2003-12-19 17:13] R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08] R3 wbscr;Winbond Smartcard Reader for I/O;C:\WINDOWS\system32\drivers\wbscr.sys [2002-04-24 12:07] S1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v3.8.330\ATI Tray Tools\atitray.sys [] S3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-06-05 10:04] S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2005-05-20 18:27] S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2005-05-20 18:27] S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys [2005-05-20 18:28] S3 IIUSBISP;USB Mass Storage for USB ISP;C:\WINDOWS\system32\Drivers\iiusbisp.sys [] S3 Intels51;Creatix V.9X DSP Data Fax Modem;C:\WINDOWS\system32\DRIVERS\ctxs51.sys [2003-05-22 19:44] S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-06-12 10:47] S3 PRISM_A00;PRISM 802.11g Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-01-16 09:31] S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2003-12-15 17:22] . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-02-27 11:56:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-02-12 22:42:38 C:\WINDOWS\Tasks\Uniblue SpyEraser.job" - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe "2008-03-02 13:32:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-02 14:40:01 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-03-02 14:40:47 ComboFix-quarantined-files.txt 2008-03-02 13:40:33 ComboFix2.txt 2008-03-02 09:30:51 ComboFix3.txt 2008-03-01 17:22:33 ComboFix4.txt 2008-03-01 11:38:51 ComboFix5.txt 2008-02-29 21:25:40 . 2008-01-27 13:55:01 --- E O F ---
  8. ellesé
    Au fait, petite question séparée, au passage. J'ai deux clefs USB que j'ai utilisée pour charger des programmes anti-virus sur une autre PC. Je ne les ai naturellement plus utilisées une fois branchées sur le PC infecté. C'était avant que l'on me conseille d'utiliser des cartes SD verouillable... J'amais la question est désormais, comment vais-je pouvoir les "nettoyer" Oups...
  9. ellesé
    Bonjour, Voici le rapport Combo-Fix. Il a éliminé C:\WINDOWS\tasks\SA.dat comme instruit par CFScript. Jusqu'ici je n'avais jamais vu ce fichier analysé ou détruit par aucun des outils utilisés. Du progrès peut-être... Mais je reste perplexe quant au fait qu'il doit rester une instruction de repollution Bagle liée à IE... Ne faut-il pas encore nettoyer IE ? Je ne le rouvrirait que sur vos instructions. A+ ellesé, en direct de Firefox. ComboFix 08-02-25.2 - Lorenzo 2008-03-02 10:25:58.9 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.684 [GMT 1:00] Endroit: C:\Documents and Settings\Lorenzo\Bureau\Combo-Fix.exe Command switches used :: C:\Documents and Settings\Lorenzo\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\WINDOWS\system32\BAN_LIST.txt C:\WINDOWS\system32\drivers\down C:\WINDOWS\system32\drivers\srosa.sys C:\WINDOWS\tasks\SA.DAT . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\tasks\SA.DAT . ((((((((((((((((((((((((((((( Fichiers créés 2008-02-02 to 2008-03-02 )))))))))))))))))))))))))))))))))))) . 2008-03-01 17:39 . 2008-03-01 17:39 <REP> d-------- C:\My Documents 2008-03-01 14:01 . 2008-03-01 18:46 <REP> d-------- C:\Lop SD 2008-02-29 23:46 . 2008-02-29 23:46 <REP> d-------- C:\WINDOWS\ERUNT 2008-02-29 23:39 . 2008-03-01 00:06 <REP> d-------- C:\SDFix 2008-02-29 23:24 . 2008-02-29 23:37 <REP> d-------- C:\Program Files\Navilog1 2008-02-25 00:23 . 2008-02-25 00:23 <REP> d-------- C:\TcpView 2008-02-25 00:14 . 2008-02-25 00:14 30,332 --a------ C:\EasyCleaner REG cleanup.htm 2008-02-25 00:03 . 2008-02-25 00:03 459,307 --a------ C:\EasyCleaner-Inutiles.htm 2008-02-24 22:56 . 2008-02-24 22:58 <REP> d-------- C:\Program Files\SpywareBlaster 2008-02-24 20:08 . 2008-02-24 20:08 <REP> d-------- C:\Program Files\ToniArts 2008-02-24 20:06 . 2008-02-27 12:41 <REP> d-------- C:\HijackThis 2008-02-23 19:46 . 2008-02-23 19:46 <REP> d-------- C:\Muestras 2008-02-14 21:49 . 2008-02-14 21:49 <REP> d-------- C:\Program Files\Avira 2008-02-14 21:49 . 2008-02-14 21:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-02-12 23:15 . 2008-02-12 23:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue 2008-02-10 22:48 . 2008-02-10 22:46 691,545 --a------ C:\WINDOWS\unins000.exe 2008-02-10 22:48 . 2008-02-10 22:48 3,453 --a------ C:\WINDOWS\unins000.dat 2008-02-10 22:15 . 2008-02-10 22:15 <REP> d-------- C:\Program Files\Fichiers communs\PC Tools 2008-02-10 22:14 . 2008-02-12 23:14 <REP> d-------- C:\Program Files\Spyware Doctor 2008-02-10 22:14 . 2008-02-10 22:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools 2008-02-10 22:14 . 2007-02-23 00:09 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-02-10 22:14 . 2007-02-25 23:45 59,472 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-02-10 22:14 . 2007-02-19 18:13 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-02-10 22:14 . 2007-02-19 18:13 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys 2008-02-10 22:14 . 2007-02-23 07:13 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-02-10 22:05 . 2008-02-10 22:05 <REP> d-------- C:\Program Files\CCleaner 2008-02-10 21:57 . 2006-06-08 20:00 116,864 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys 2008-02-10 21:57 . 2006-06-08 20:00 58,464 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys 2008-02-10 21:56 . 2008-02-10 21:57 <REP> d-------- C:\Program Files\Network Associates 2008-02-10 21:56 . 2008-02-10 21:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Network Associates 2008-02-09 15:45 . 2008-02-09 15:45 <REP> d-------- C:\Program Files\DAMN NFO Viewer 2008-02-03 15:08 . 2008-02-03 15:08 <REP> d-------- C:\Program Files\Kalender 2008-02-03 15:08 . 2008-03-01 16:49 <REP> d-------- C:\Documents and Settings\Lorenzo\Application Data\UK's Kalender 2008-02-03 12:08 . 2008-02-03 12:09 <REP> d-------- C:\Program Files\iTunes . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-02 09:13 --------- d-----w C:\Program Files\SPAMfighter 2008-03-01 17:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-01 16:39 936 ----a-w C:\WP_VFR1.bin 2008-03-01 16:39 564 ----a-w C:\WP_FileList4AVFR.bin 2008-03-01 16:39 432 ----a-w C:\WP_FileList4SVFR.bin 2008-03-01 16:39 --------- d-----w C:\Program Files\WinPilot XP VFR 2008-03-01 15:49 28,256 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys 2008-03-01 14:34 --------- d-----w C:\Program Files\AutoREALM 2008-02-24 23:07 --------- d-----w C:\Program Files\Norton Ghost 2008-02-24 23:07 --------- d-----w C:\Program Files\eMule 2008-02-24 21:09 15,360 ----a-w C:\WINDOWS\system32\dllcache\register.exe 2008-02-24 19:08 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-14 19:53 --------- d-----w C:\Program Files\Yahoo! 2008-02-14 08:00 --------- d-----w C:\Program Files\SecCopy 2008-02-12 23:09 --------- d-----w C:\Program Files\Uniblue 2008-02-12 23:09 --------- d-----w C:\Documents and Settings\Lorenzo\Application Data\Uniblue 2008-02-12 22:14 --------- d-----w C:\Program Files\Miraizon 2008-02-12 22:11 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-11 06:29 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-10 20:56 --------- d-----w C:\Program Files\Fichiers communs\Network Associates 2008-02-07 15:48 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll 2008-02-07 15:48 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll 2008-02-07 15:48 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll 2008-02-04 20:59 --------- d-----w C:\Documents and Settings\Lorenzo\Application Data\AdobeUM 2008-02-03 11:09 --------- d-----w C:\Program Files\iPod 2008-02-03 11:05 --------- d-----w C:\Program Files\QuickTime 2008-01-27 21:06 --------- d-----w C:\Documents and Settings\Lorenzo\Application Data\Media Player Classic 2008-01-27 21:00 --------- d-----w C:\Program Files\Combined Community Codec Pack 2008-01-26 13:56 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-01-19 09:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\RapidSolution 2008-01-18 22:08 --------- d-----w C:\Documents and Settings\Lorenzo\Application Data\SlySoft 2008-01-18 22:00 --------- d-----w C:\Program Files\SlySoft 2008-01-06 16:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle 2008-01-06 16:17 --------- d-----w C:\Program Files\Pinnacle 2008-01-06 16:05 --------- d-----w C:\Program Files\Avid 2008-01-06 15:37 --------- d-----w C:\Program Files\DivX 2008-01-04 21:13 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-01-04 20:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems 2008-01-04 17:58 --------- d-----w C:\Program Files\Logitech 2008-01-04 17:52 --------- d-----w C:\Program Files\InstantTimeZone 2008-01-04 17:47 --------- d-----w C:\Documents and Settings\Lorenzo\Application Data\Ringtone 2008-01-04 17:36 --------- d-----w C:\Documents and Settings\Lorenzo\Application Data\Lavasoft 2008-01-04 17:34 --------- d-----w C:\Program Files\DiscWizard 2003 2008-01-04 14:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-03 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\PicturesToExe 2008-01-03 21:40 --------- d-----w C:\Program Files\WnSoft PicturesToExe 2008-01-03 15:24 --------- d-----w C:\Documents and Settings\Lorenzo\Application Data\eMule 2007-12-22 14:24 39,424 ----a-w C:\WINDOWS\zipinst.exe 2006-12-24 15:30 94,880 ----a-w C:\Documents and Settings\Lorenzo\Application Data\GDIPFONTCACHEV1.DAT 2006-01-15 12:47 4 ----a-w C:\Program Files\SpeechMillLAIPTTSin.pol 2006-01-15 12:37 4 ----a-w C:\Program Files\SpeechMillLAIPTTSout.pol 2005-09-09 17:55 7,155,864 ----a-w C:\Program Files\NGhost10.msi 2005-09-09 17:55 37,766,164 ----a-w C:\Program Files\Data1.cab 2005-09-09 17:55 35 ----a-w C:\Program Files\SCSSDist.ini 2005-04-09 17:24 83,224 ------w C:\Documents and Settings\Adriana\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360] "Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2008-01-29 10:13 1424648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Network Associates Error Reporting Service"="C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe" [2008-03-01 18:01 147514] "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29 308880] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 00:07 8491008] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2008-03-01 18:01 94208] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2008-03-01 18:01 139320] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-01 18:01 249896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17 443968] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ :\WINDOWS\system3 [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Assistant d'Acrobat.lnk] backup=C:\WINDOWS\pss\Assistant d'Acrobat.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bootvis.lnk] backup=C:\WINDOWS\pss\Bootvis.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Device Detector 2.lnk] backup=C:\WINDOWS\pss\Device Detector 2.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HOTSYNCSHORTCUTNAME.lnk] backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InstantTimeZone.lnk] backup=C:\WINDOWS\pss\InstantTimeZone.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Catherine^Menu Démarrer^Programmes^Démarrage^La Solution Associations Ciel.lnk] backup=C:\WINDOWS\pss\La Solution Associations Ciel.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Catherine^Menu Démarrer^Programmes^Démarrage^La Solution Enseignement Ciel.lnk] backup=C:\WINDOWS\pss\La Solution Enseignement Ciel.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Catherine^Menu Démarrer^Programmes^Démarrage^Palm Registration.lnk] backup=C:\WINDOWS\pss\Palm Registration.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Lorenzo^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk] backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Lorenzo^Menu Démarrer^Programmes^Démarrage^Anti-Pub.lnk] backup=C:\WINDOWS\pss\Anti-Pub.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Lorenzo^Menu Démarrer^Programmes^Démarrage^La Solution Enseignement Ciel.lnk] backup=C:\WINDOWS\pss\La Solution Enseignement Ciel.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADUserMon] --a------ 2002-09-24 15:39 147456 C:\Program Files\Iomega\AutoDisk\ADUserMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] --a------ 2008-01-19 10:54 469504 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2008-02-24 21:35 58984 C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey] --a------ 2004-02-05 13:45 510464 C:\WINDOWS\mHotkey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] --a------ 2004-01-07 15:14 2453504 C:\WINDOWS\CMICNFG.CPL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Deskup] --a------ 2002-07-16 09:55 32768 C:\Program Files\Iomega\DriveIcons\deskup.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit] --a------ 2003-12-29 23:33 94208 C:\WINDOWS\Dit.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] --a------ 2003-05-16 00:41 163840 C:\Program Files\Microsoft IntelliPoint\point32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Drive Icons] --a------ 2002-08-13 13:30 86016 C:\Program Files\Iomega\DriveIcons\ImgIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kalender] --a------ 2007-10-12 15:37 819200 C:\Program Files\Kalender\Kalender.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ledpointer] --a------ 2004-02-03 17:15 5794816 C:\WINDOWS\CNYHKey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeScape Media Detector] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] --a------ 2004-01-20 12:50 188416 C:\Program Files\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] --a------ 2004-01-20 12:53 77824 C:\Program Files\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection] --a------ 2003-06-10 17:49 50688 C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] --a------ 2004-02-04 16:09 53248 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] --------- 2005-10-11 18:25 1961984 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0] --a------ 2005-09-09 18:09 1537648 C:\Program Files\Norton Ghost\Agent\GhostTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-09-17 00:07 8491008 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-09-17 00:07 81920 C:\WINDOWS\system32\NvMcTray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-09-17 00:07 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage] --a------ 2002-02-20 20:01 49152 C:\Program Files\ScanSoft\OmniPageSE\opware32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] --a------ 2004-02-26 10:08 61440 C:\Program Files\Home Cinema\PowerCinema\PCMService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] --a------ 2007-09-28 02:17 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck] --a------ 2004-03-10 23:26 406016 C:\WINDOWS\system32\\PSDrvCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSTA.EXE] --a------ 2004-01-14 16:09 215552 C:\WINDOWS\system32\PRISMSTA.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Prism_Utility] --a------ 2004-01-14 16:09 215552 C:\WINDOWS\system32\PRISMSTA.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray] --a------ 2008-03-01 13:17 669776 C:\Program Files\Spyware Doctor\SDTrayApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Second Copy 2000] --a------ 2001-09-17 08:37 1134080 C:\PROGRA~1\SecCopy\SecCopy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor] --a------ 2008-03-01 18:00 2385488 C:\Program Files\Spyware Doctor\swdoctor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2006-10-12 03:10 49263 C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2006-09-21 05:05 757887 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2007-06-17 12:29 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2] --a------ 2007-12-05 16:06 1885464 C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ccSetMgr"=2 (0x2) "ccPwdSvc"=3 (0x3) "ccEvtMgr"=2 (0x2) "Norton Ghost"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Avidyne\\FlightMax\\AviSysDL\\DataTransacServer.exe"= "C:\\Program Files\\Avidyne\\FlightMax\\DatalinkClient.exe"= "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"= "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"= "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"= "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Avid\\Avid Liquid 7\\Program\\StudioU.mod"= "C:\\Program Files\\Avid\\Avid Liquid 7\\Program\\RM.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowOutboundDestinationUnreachable"= 1 (0x1) "AllowOutboundSourceQuench"= 1 (0x1) "AllowOutboundTimeExceeded"= 1 (0x1) "AllowRedirect"= 1 (0x1) R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-10-25 15:29] R3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2007-06-21 07:32] R3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys [2003-12-19 17:13] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08] R3 wbscr;Winbond Smartcard Reader for I/O;C:\WINDOWS\system32\drivers\wbscr.sys [2002-04-24 12:07] S1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v3.8.330\ATI Tray Tools\atitray.sys [] S3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-06-05 10:04] S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2005-05-20 18:27] S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2005-05-20 18:27] S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys [2005-05-20 18:28] S3 IIUSBISP;USB Mass Storage for USB ISP;C:\WINDOWS\system32\Drivers\iiusbisp.sys [] S3 Intels51;Creatix V.9X DSP Data Fax Modem;C:\WINDOWS\system32\DRIVERS\ctxs51.sys [2003-05-22 19:44] S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-06-12 10:47] S3 PRISM_A00;PRISM 802.11g Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-01-16 09:31] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58] S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2003-12-15 17:22] . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-02-27 11:56:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-02-12 22:42:38 C:\WINDOWS\Tasks\Uniblue SpyEraser.job" - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe "2008-03-01 17:32:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-02 10:30:08 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-03-02 10:30:51 ComboFix-quarantined-files.txt 2008-03-02 09:30:37 ComboFix2.txt 2008-03-01 17:22:33 ComboFix3.txt 2008-03-01 11:38:51 ComboFix4.txt 2008-02-29 21:25:40 ComboFix5.txt 2008-02-28 22:27:15 . 2008-01-27 13:55:01 --- E O F ---
  10. ellesé
    Voici le dernier Lop S&D. A priori propre... jusqu'au prochain lancement de IE ? -----------------------------[ Lop S&D 4.0.2 ]--------------------------- [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ] [ USER : Lorenzo ] [ "C:\Lop SD" ] [ 01/03/2008 | 18:45:24,20 ] [ PC : NET-WXPHE ] [ MAJ : 30-02-2008 | 00:12 ] -------------[ Listing des dossiers dans Application Data ]------------ [28/02/2004|16:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\. [28/02/2004|16:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\.. [28/02/2004|16:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe [28/02/2004|16:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\AdobeUM [28/02/2004|15:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead [28/02/2004|16:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\Cyberlink [27/02/2004|18:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini [27/02/2004|19:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\Help [27/02/2004|18:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities [28/02/2004|17:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia [28/02/2004|20:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft [28/02/2004|17:58] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real [01/03/2008|12:34] C:\DOCUME~1\Adriana\APPLIC~1\. [01/03/2008|12:34] C:\DOCUME~1\Adriana\APPLIC~1\.. [09/11/2004|17:30] C:\DOCUME~1\Adriana\APPLIC~1\Active Disk [28/02/2004|16:52] C:\DOCUME~1\Adriana\APPLIC~1\Adobe [28/02/2004|16:52] C:\DOCUME~1\Adriana\APPLIC~1\AdobeUM [28/02/2004|15:48] C:\DOCUME~1\Adriana\APPLIC~1\Ahead [29/12/2005|15:46] C:\DOCUME~1\Adriana\APPLIC~1\Apple Computer [28/02/2004|16:26] C:\DOCUME~1\Adriana\APPLIC~1\Cyberlink [27/02/2004|18:26] C:\DOCUME~1\Adriana\APPLIC~1\desktop.ini [09/04/2005|18:24] C:\DOCUME~1\Adriana\APPLIC~1\GDIPFONTCACHEV1.DAT [17/09/2006|17:12] C:\DOCUME~1\Adriana\APPLIC~1\Google [27/02/2004|19:06] C:\DOCUME~1\Adriana\APPLIC~1\Help [31/12/2005|16:03] C:\DOCUME~1\Adriana\APPLIC~1\HotSync [27/02/2004|18:30] C:\DOCUME~1\Adriana\APPLIC~1\Identities [28/02/2004|17:59] C:\DOCUME~1\Adriana\APPLIC~1\Macromedia [24/02/2007|17:38] C:\DOCUME~1\Adriana\APPLIC~1\Microsoft [22/05/2006|17:53] C:\DOCUME~1\Adriana\APPLIC~1\PC Tools [28/02/2004|17:58] C:\DOCUME~1\Adriana\APPLIC~1\Real [22/04/2007|19:15] C:\DOCUME~1\Adriana\APPLIC~1\SPAMfighter [27/03/2005|18:22] C:\DOCUME~1\Adriana\APPLIC~1\Yahoo! [21/05/2005|13:47] C:\DOCUME~1\Adriana\APPLIC~1\Yahoo! Messenger [01/03/2008|17:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\. [01/03/2008|17:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.. [18/03/2007|17:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [04/01/2008|21:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems [28/02/2004|14:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead [11/08/2007|21:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple [23/06/2007|10:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer [07/04/2007|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk [14/02/2008|21:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira [13/11/2005|10:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Canon [03/09/2005|20:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ciel [28/02/2004|16:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink [27/02/2004|18:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini [03/12/2007|11:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\f7129022-a000-4847-db07-470265a73c4f [11/09/2006|18:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google [28/12/2005|10:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HotSync [04/01/2008|15:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft [01/03/2008|16:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [28/02/2004|15:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\muvee Technologies [10/02/2008|21:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Network Associates [27/10/2007|19:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles [06/01/2007|17:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage [10/02/2008|22:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools [03/01/2008|22:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PicturesToExe [06/01/2008|17:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle [01/05/2007|18:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle Studio [12/01/2008|20:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache [26/09/2004|17:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime [19/01/2008|10:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\RapidSolution [27/02/2004|18:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI [04/04/2004|14:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft [14/01/2006|23:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc [01/03/2008|18:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy [12/09/2004|12:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir [12/09/2004|12:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard [25/03/2007|22:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec [12/02/2008|23:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP [12/02/2008|23:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Uniblue [23/12/2005|22:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [24/02/2007|14:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar [01/03/2008|12:34] C:\DOCUME~1\CATHER~1\APPLIC~1\. [01/03/2008|12:34] C:\DOCUME~1\CATHER~1\APPLIC~1\.. [29/03/2005|08:56] C:\DOCUME~1\CATHER~1\APPLIC~1\Active Disk [28/02/2004|16:52] C:\DOCUME~1\CATHER~1\APPLIC~1\Adobe [13/01/2008|09:32] C:\DOCUME~1\CATHER~1\APPLIC~1\AdobeUM [21/06/2007|07:33] C:\DOCUME~1\CATHER~1\APPLIC~1\Ahead [12/02/2006|14:45] C:\DOCUME~1\CATHER~1\APPLIC~1\Apple Computer [28/02/2004|16:26] C:\DOCUME~1\CATHER~1\APPLIC~1\Cyberlink [27/02/2004|18:26] C:\DOCUME~1\CATHER~1\APPLIC~1\desktop.ini [01/06/2006|17:40] C:\DOCUME~1\CATHER~1\APPLIC~1\GDIPFONTCACHEV1.DAT [11/09/2006|18:48] C:\DOCUME~1\CATHER~1\APPLIC~1\Google [27/02/2004|19:06] C:\DOCUME~1\CATHER~1\APPLIC~1\Help [28/12/2005|12:49] C:\DOCUME~1\CATHER~1\APPLIC~1\HotSync [27/02/2004|18:30] C:\DOCUME~1\CATHER~1\APPLIC~1\Identities [30/10/2005|17:05] C:\DOCUME~1\CATHER~1\APPLIC~1\InstallShield [30/12/2005|19:24] C:\DOCUME~1\CATHER~1\APPLIC~1\Leadertech [28/02/2004|17:59] C:\DOCUME~1\CATHER~1\APPLIC~1\Macromedia [07/06/2007|21:42] C:\DOCUME~1\CATHER~1\APPLIC~1\Microsoft [06/06/2004|16:54] C:\DOCUME~1\CATHER~1\APPLIC~1\MSN6 [21/06/2007|07:33] C:\DOCUME~1\CATHER~1\APPLIC~1\PC Tools [28/02/2004|17:58] C:\DOCUME~1\CATHER~1\APPLIC~1\Real [12/09/2004|11:42] C:\DOCUME~1\CATHER~1\APPLIC~1\ScanSoft [03/04/2007|21:06] C:\DOCUME~1\CATHER~1\APPLIC~1\SPAMfighter [05/09/2004|09:37] C:\DOCUME~1\CATHER~1\APPLIC~1\Sun [25/06/2007|12:52] C:\DOCUME~1\CATHER~1\APPLIC~1\Uniblue [23/01/2005|21:40] C:\DOCUME~1\CATHER~1\APPLIC~1\Yahoo! [06/03/2005|08:25] C:\DOCUME~1\CATHER~1\APPLIC~1\Yahoo! Messenger [28/02/2004|16:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\. [28/02/2004|16:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.. [28/02/2004|16:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe [28/02/2004|16:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\AdobeUM [28/02/2004|15:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Ahead [28/02/2004|16:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Cyberlink [27/02/2004|18:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini [27/02/2004|19:06] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Help [27/02/2004|18:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities [28/02/2004|17:59] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia [28/02/2004|20:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [28/02/2004|17:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real [01/03/2008|12:34] C:\DOCUME~1\Elio\APPLIC~1\. [01/03/2008|12:34] C:\DOCUME~1\Elio\APPLIC~1\.. [14/09/2005|18:36] C:\DOCUME~1\Elio\APPLIC~1\Active Disk [28/02/2004|16:52] C:\DOCUME~1\Elio\APPLIC~1\Adobe [28/02/2004|16:52] C:\DOCUME~1\Elio\APPLIC~1\AdobeUM [28/02/2004|15:48] C:\DOCUME~1\Elio\APPLIC~1\Ahead [28/02/2004|16:26] C:\DOCUME~1\Elio\APPLIC~1\Cyberlink [27/02/2004|18:26] C:\DOCUME~1\Elio\APPLIC~1\desktop.ini [19/01/2008|14:46] C:\DOCUME~1\Elio\APPLIC~1\Google [27/02/2004|19:06] C:\DOCUME~1\Elio\APPLIC~1\Help [08/01/2006|15:31] C:\DOCUME~1\Elio\APPLIC~1\HotSync [27/02/2004|18:30] C:\DOCUME~1\Elio\APPLIC~1\Identities [28/02/2004|17:59] C:\DOCUME~1\Elio\APPLIC~1\Macromedia [04/01/2008|10:15] C:\DOCUME~1\Elio\APPLIC~1\Microsoft [11/11/2005|20:28] C:\DOCUME~1\Elio\APPLIC~1\MSN6 [28/02/2004|17:58] C:\DOCUME~1\Elio\APPLIC~1\Real [30/04/2007|11:01] C:\DOCUME~1\Elio\APPLIC~1\SPAMfighter [28/07/2005|17:35] C:\DOCUME~1\Elio\APPLIC~1\Yahoo! [28/07/2005|17:36] C:\DOCUME~1\Elio\APPLIC~1\Yahoo! Messenger [27/02/2004|18:32] C:\DOCUME~1\LOCALS~1\APPLIC~1\. [27/02/2004|18:32] C:\DOCUME~1\LOCALS~1\APPLIC~1\.. [27/02/2004|18:32] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [20/04/2004|20:22] C:\DOCUME~1\LOCALS~1\APPLIC~1\X10 Commander [01/03/2008|18:26] C:\DOCUME~1\Lorenzo\APPLIC~1\. [01/03/2008|18:26] C:\DOCUME~1\Lorenzo\APPLIC~1\.. [12/03/2005|12:40] C:\DOCUME~1\Lorenzo\APPLIC~1\Active Disk [04/01/2008|22:13] C:\DOCUME~1\Lorenzo\APPLIC~1\Adobe [04/02/2008|21:59] C:\DOCUME~1\Lorenzo\APPLIC~1\AdobeUM [26/12/2005|22:00] C:\DOCUME~1\Lorenzo\APPLIC~1\Ahead [12/08/2007|09:44] C:\DOCUME~1\Lorenzo\APPLIC~1\Apple Computer [13/05/2007|10:52] C:\DOCUME~1\Lorenzo\APPLIC~1\ATI [03/05/2007|22:51] C:\DOCUME~1\Lorenzo\APPLIC~1\atitray [07/04/2007|15:18] C:\DOCUME~1\Lorenzo\APPLIC~1\Autodesk [12/05/2007|22:28] C:\DOCUME~1\Lorenzo\APPLIC~1\Avidyne [28/02/2004|16:26] C:\DOCUME~1\Lorenzo\APPLIC~1\Cyberlink [27/02/2004|18:26] C:\DOCUME~1\Lorenzo\APPLIC~1\desktop.ini [23/12/2007|17:35] C:\DOCUME~1\Lorenzo\APPLIC~1\DivX [07/04/2007|14:58] C:\DOCUME~1\Lorenzo\APPLIC~1\Downloaded Installations [03/01/2008|16:24] C:\DOCUME~1\Lorenzo\APPLIC~1\eMule [24/12/2006|16:30] C:\DOCUME~1\Lorenzo\APPLIC~1\GDIPFONTCACHEV1.DAT [13/09/2006|22:46] C:\DOCUME~1\Lorenzo\APPLIC~1\Google [23/12/2007|10:57] C:\DOCUME~1\Lorenzo\APPLIC~1\Help [28/12/2005|10:47] C:\DOCUME~1\Lorenzo\APPLIC~1\HotSync [27/02/2004|18:30] C:\DOCUME~1\Lorenzo\APPLIC~1\Identities [01/05/2007|18:57] C:\DOCUME~1\Lorenzo\APPLIC~1\InstallShield [24/10/2006|22:37] C:\DOCUME~1\Lorenzo\APPLIC~1\KSOL [04/01/2008|18:36] C:\DOCUME~1\Lorenzo\APPLIC~1\Lavasoft [28/12/2005|10:57] C:\DOCUME~1\Lorenzo\APPLIC~1\Leadertech [28/02/2004|17:59] C:\DOCUME~1\Lorenzo\APPLIC~1\Macromedia [27/01/2008|22:06] C:\DOCUME~1\Lorenzo\APPLIC~1\Media Player Classic [10/06/2007|20:12] C:\DOCUME~1\Lorenzo\APPLIC~1\Microsoft [02/01/2005|18:14] C:\DOCUME~1\Lorenzo\APPLIC~1\Microsoft Web Folders [27/02/2008|12:49] C:\DOCUME~1\Lorenzo\APPLIC~1\Mozilla [13/01/2008|17:03] C:\DOCUME~1\Lorenzo\APPLIC~1\Opera [03/03/2006|22:20] C:\DOCUME~1\Lorenzo\APPLIC~1\PC Tools [10/02/2006|22:36] C:\DOCUME~1\Lorenzo\APPLIC~1\Publish Providers [17/06/2007|12:30] C:\DOCUME~1\Lorenzo\APPLIC~1\Real [04/01/2008|18:47] C:\DOCUME~1\Lorenzo\APPLIC~1\Ringtone [27/03/2004|14:29] C:\DOCUME~1\Lorenzo\APPLIC~1\ScanSoft [18/01/2008|23:08] C:\DOCUME~1\Lorenzo\APPLIC~1\SlySoft [10/02/2006|22:25] C:\DOCUME~1\Lorenzo\APPLIC~1\Sony [26/06/2007|21:29] C:\DOCUME~1\Lorenzo\APPLIC~1\SPAMfighter [27/03/2004|23:09] C:\DOCUME~1\Lorenzo\APPLIC~1\Sun [26/12/2005|20:43] C:\DOCUME~1\Lorenzo\APPLIC~1\Symantec [25/09/2004|11:34] C:\DOCUME~1\Lorenzo\APPLIC~1\Template [01/03/2008|16:49] C:\DOCUME~1\Lorenzo\APPLIC~1\UK's Kalender [13/02/2008|00:09] C:\DOCUME~1\Lorenzo\APPLIC~1\Uniblue [04/01/2008|18:40] C:\DOCUME~1\Lorenzo\APPLIC~1\WinRAR [09/01/2005|20:21] C:\DOCUME~1\Lorenzo\APPLIC~1\Yahoo! Messenger [27/02/2004|18:32] C:\DOCUME~1\NETWOR~1\APPLIC~1\. [27/02/2004|18:32] C:\DOCUME~1\NETWOR~1\APPLIC~1\.. [27/02/2004|18:32] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [01/05/2004|12:10] C:\DOCUME~1\PROPRI~1\APPLIC~1\. [01/05/2004|12:10] C:\DOCUME~1\PROPRI~1\APPLIC~1\.. [18/09/2005|10:58] C:\DOCUME~1\PROPRI~1\APPLIC~1\Real ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]--------------- [12/02/2008 23:42][--a------] C:\WINDOWS\tasks\Uniblue SpyEraser.job [27/02/2008 12:56][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [01/03/2008 18:32][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job [30/08/2002 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini [01/03/2008 18:04][--ah-----] C:\WINDOWS\tasks\SA.DAT ---------------[ Listing des dossiers dans C:\Program Files ]-------------- [01/03/2008|17:53] C:\Program Files\. [01/03/2008|17:53] C:\Program Files\.. [15/01/2006|15:38] C:\Program Files\4ormulator [04/01/2008|22:16] C:\Program Files\Adobe [30/12/2006|21:33] C:\Program Files\Ahead [24/09/2007|20:52] C:\Program Files\AnMing [18/03/2007|18:01] C:\Program Files\APDFPR [22/12/2007|17:14] C:\Program Files\Apple Software Update [02/07/2006|19:23] C:\Program Files\Atlence [15/01/2006|13:04] C:\Program Files\Audacity [07/04/2007|15:16] C:\Program Files\Autodesk [01/03/2008|15:34] C:\Program Files\AutoREALM [06/01/2008|17:05] C:\Program Files\Avid [12/05/2007|22:26] C:\Program Files\Avidyne [14/02/2008|21:49] C:\Program Files\Avira [15/01/2006|10:57] C:\Program Files\AviSynth 2.5 [03/07/2005|18:31] C:\Program Files\Cadkey99 [13/11/2005|10:18] C:\Program Files\Canon [10/02/2008|22:05] C:\Program Files\CCleaner [02/06/2006|09:31] C:\Program Files\Ciel [27/02/2004|19:11] C:\Program Files\C-Media 3D Audio [27/01/2008|22:00] C:\Program Files\Combined Community Codec Pack [13/01/2007|16:18] C:\Program Files\Common Files [28/02/2004|16:15] C:\Program Files\CyberLink [09/02/2008|15:45] C:\Program Files\DAMN NFO Viewer [09/09/2005|18:55] C:\Program Files\Data1.cab [24/06/2006|07:56] C:\Program Files\Dico [04/01/2008|18:34] C:\Program Files\DiscWizard 2003 [06/01/2008|16:37] C:\Program Files\DivX [08/05/2007|09:20] C:\Program Files\Driver Cleaner PE [25/03/2007|22:27] C:\Program Files\Driver Validation [06/05/2006|12:36] C:\Program Files\EBP [25/02/2008|00:07] C:\Program Files\eMule [15/01/2006|22:15] C:\Program Files\EndItAll [23/12/2007|10:56] C:\Program Files\Exif Date Changer [24/09/2007|21:23] C:\Program Files\EZ Ringtone [01/03/2008|16:20] C:\Program Files\Fichiers communs [04/03/2006|13:11] C:\Program Files\FouFou [23/06/2007|22:43] C:\Program Files\Garmin [15/07/2004|21:15] C:\Program Files\Ghostgum [27/01/2007|10:33] C:\Program Files\Google [15/07/2004|21:14] C:\Program Files\gs [28/02/2004|14:16] C:\Program Files\HighMAT CD Writing Wizard [28/02/2004|16:16] C:\Program Files\Home Cinema [17/07/2007|13:40] C:\Program Files\Infogrames [24/02/2008|20:08] C:\Program Files\InstallShield Installation Information [04/01/2008|18:52] C:\Program Files\InstantTimeZone [27/02/2004|18:45] C:\Program Files\Intel [12/12/2007|23:16] C:\Program Files\Internet Explorer [17/10/2004|11:41] C:\Program Files\Iomega [03/02/2008|12:09] C:\Program Files\iPod [29/12/2006|23:12] C:\Program Files\IrfanView [03/02/2008|12:09] C:\Program Files\iTunes [12/11/2006|12:25] C:\Program Files\Java [05/11/2006|10:55] C:\Program Files\JoshMadison [03/02/2008|15:08] C:\Program Files\Kalender [04/01/2008|18:58] C:\Program Files\Logitech [28/02/2004|15:40] C:\Program Files\Medion Tools [09/07/2006|17:15] C:\Program Files\Messenger [28/02/2004|14:52] C:\Program Files\Microsoft AutoRoute [10/05/2007|21:19] C:\Program Files\Microsoft CAPICOM 2.1.0.2 [28/02/2004|14:57] C:\Program Files\Microsoft Encarta [02/01/2005|18:14] C:\Program Files\microsoft frontpage [26/02/2005|18:28] C:\Program Files\Microsoft IntelliPoint [07/04/2007|15:18] C:\Program Files\Microsoft Office [28/02/2004|14:56] C:\Program Files\Microsoft Picture It! 9 [31/07/2004|12:08] C:\Program Files\Microsoft R‚f‚rence [06/01/2007|16:19] C:\Program Files\Microsoft Visual Studio [25/09/2004|11:34] C:\Program Files\Microsoft Works [28/02/2004|14:38] C:\Program Files\Microsoft Works Suite 2004 [06/01/2007|17:12] C:\Program Files\Microsoft.NET [12/02/2008|23:14] C:\Program Files\Miraizon [08/07/2006|20:23] C:\Program Files\Movie Maker [01/03/2008|18:29] C:\Program Files\Mozilla Firefox [11/08/2007|18:13] C:\Program Files\MPEG4 Direct Maker [27/02/2004|18:28] C:\Program Files\MSN [27/02/2004|18:28] C:\Program Files\MSN Gaming Zone [23/09/2007|19:52] C:\Program Files\MSN Messenger [17/11/2006|19:25] C:\Program Files\MSXML 4.0 [28/02/2004|16:18] C:\Program Files\MUSICMATCH [28/02/2004|15:01] C:\Program Files\muvee Technologies [29/02/2008|23:37] C:\Program Files\Navilog1 [26/05/2007|20:07] C:\Program Files\Netgear [08/07/2006|20:19] C:\Program Files\NetMeeting [10/02/2008|21:57] C:\Program Files\Network Associates [09/09/2005|18:55] C:\Program Files\NGhost10.msi [25/02/2008|00:07] C:\Program Files\Norton Ghost [16/04/2005|19:49] C:\Program Files\Olympus [14/06/2007|21:40] C:\Program Files\Outlook Express [08/01/2006|15:54] C:\Program Files\Palm [08/01/2005|15:36] C:\Program Files\PDFill Writer [27/10/2007|17:11] C:\Program Files\Picasa2 [06/01/2008|17:17] C:\Program Files\Pinnacle [08/01/2005|15:36] C:\Program Files\PlotSoft [13/11/2004|22:37] C:\Program Files\PocketFMS [03/02/2008|12:05] C:\Program Files\QuickTime [28/02/2004|17:49] C:\Program Files\Real [12/02/2008|23:01] C:\Program Files\Registry Mechanic [02/07/2006|18:53] C:\Program Files\RenMultiFiles Pro [06/06/2007|21:19] C:\Program Files\RepareOE [06/06/2007|21:15] C:\Program Files\SaveOE [27/03/2004|14:29] C:\Program Files\ScanSoft [09/09/2005|18:55] C:\Program Files\SCSSDist.ini [14/02/2008|09:00] C:\Program Files\SecCopy [24/03/2007|10:58] C:\Program Files\Simpli Software [18/01/2008|23:00] C:\Program Files\SlySoft [07/01/2006|19:40] C:\Program Files\SmartSound Software [10/02/2006|22:24] C:\Program Files\Sony [01/03/2008|15:27] C:\Program Files\SPAMfighter [15/01/2006|13:47] C:\Program Files\SpeechMillLAIPTTSin.pol [15/01/2006|13:37] C:\Program Files\SpeechMillLAIPTTSout.pol [11/02/2008|07:29] C:\Program Files\Spybot - Search & Destroy [12/02/2008|23:14] C:\Program Files\Spyware Doctor [24/02/2008|22:58] C:\Program Files\SpywareBlaster [09/09/2005|18:56] C:\Program Files\Support [25/03/2007|22:30] C:\Program Files\Symantec [09/03/2005|17:29] C:\Program Files\THQ [23/12/2007|13:04] C:\Program Files\TimeToPhoto [24/02/2008|20:08] C:\Program Files\ToniArts [13/02/2008|00:09] C:\Program Files\Uniblue [31/08/2004|19:30] C:\Program Files\Uninstall Information [27/02/2004|19:13] C:\Program Files\USB Wireless Keyboard Driver [05/08/2006|19:29] C:\Program Files\Western Digital Technologies [28/02/2004|15:05] C:\Program Files\Winbond Electronics Corp [27/02/2004|18:35] C:\Program Files\Windows Journal Viewer [24/02/2007|14:02] C:\Program Files\Windows Live Favorites [24/02/2007|14:15] C:\Program Files\Windows Live Safety Center [30/11/2007|23:26] C:\Program Files\Windows Live Toolbar [26/01/2008|14:56] C:\Program Files\Windows Media Connect 2 [26/01/2008|14:56] C:\Program Files\Windows Media Player [08/07/2006|20:19] C:\Program Files\Windows NT [25/02/2007|11:40] C:\Program Files\WindowsUpdate [01/03/2008|17:39] C:\Program Files\WinPilot XP VFR [25/02/2008|00:07] C:\Program Files\WinRAR [20/12/2006|11:17] C:\Program Files\WMV9_VCM [03/01/2008|22:40] C:\Program Files\WnSoft PicturesToExe [11/09/2005|18:18] C:\Program Files\WorldTimeClock [28/02/2004|16:16] C:\Program Files\X10 Hardware [27/02/2004|18:30] C:\Program Files\xerox [14/02/2008|20:53] C:\Program Files\Yahoo! [18/03/2007|18:20] C:\Program Files\ZipCentral ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------ [01/03/2008|16:20] C:\Program Files\Fichiers communs\. [01/03/2008|16:20] C:\Program Files\Fichiers communs\.. [04/01/2008|22:13] C:\Program Files\Fichiers communs\Adobe [28/02/2004|14:34] C:\Program Files\Fichiers communs\Ahead [30/10/2007|08:38] C:\Program Files\Fichiers communs\Ankiro [11/08/2007|21:21] C:\Program Files\Fichiers communs\Apple [30/10/2007|08:37] C:\Program Files\Fichiers communs\Application [02/07/2006|19:26] C:\Program Files\Fichiers communs\Atlence [22/04/2007|18:15] C:\Program Files\Fichiers communs\Autodesk Shared [28/02/2004|15:05] C:\Program Files\Fichiers communs\Borland Shared [08/08/2007|08:52] C:\Program Files\Fichiers communs\CIEL [27/09/2006|17:45] C:\Program Files\Fichiers communs\Cisco Systems [12/05/2007|22:26] C:\Program Files\Fichiers communs\Crystal Decisions [06/01/2007|17:14] C:\Program Files\Fichiers communs\DESIGNER [28/02/2004|15:01] C:\Program Files\Fichiers communs\InstallShield [27/03/2004|23:09] C:\Program Files\Fichiers communs\Java [09/01/2005|15:13] C:\Program Files\Fichiers communs\Logitech [01/03/2008|16:29] C:\Program Files\Fichiers communs\Microsoft Shared [27/02/2004|18:28] C:\Program Files\Fichiers communs\MSSoap [28/02/2004|15:01] C:\Program Files\Fichiers communs\muvee Technologies [10/02/2008|21:56] C:\Program Files\Fichiers communs\Network Associates [27/02/2004|18:26] C:\Program Files\Fichiers communs\ODBC [10/02/2008|22:15] C:\Program Files\Fichiers communs\PC Tools [17/06/2007|12:29] C:\Program Files\Fichiers communs\Real [08/08/2007|08:52] C:\Program Files\Fichiers communs\Sage [27/03/2004|14:29] C:\Program Files\Fichiers communs\ScanSoft Shared [27/02/2004|18:28] C:\Program Files\Fichiers communs\Services [27/02/2004|18:26] C:\Program Files\Fichiers communs\SpeechEngines [03/04/2007|21:04] C:\Program Files\Fichiers communs\Symantec Shared [14/06/2007|21:40] C:\Program Files\Fichiers communs\System [17/06/2007|12:30] C:\Program Files\Fichiers communs\xing shared ----------------------[ Recherche avec S_Lop ]--------------------- Aucun fichier / dossier Lop trouvé ! -----------------[ Recherche de Fichiers / Dossiers Lop ]----------------- Aucun fichier / dossier Lop trouvé ! ----------------------[ Verification du Registre ]---------------------- ..... OK ! --------------------[ Verification du fichier Hosts ]--------------------- Fichier Hosts PROPRE ----------------[ Recherche de fichiers avec Catchme ]----------------- catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-01 18:45:48 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden files ... scan completed successfully hidden files: 0 --------------------[ Recherche d'autres infections ]--------------------- Aucune autre infection trouvée ! /!\ [Fich:1][Doss:1] C:\DOCUME~1\Lorenzo\LOCALS~1\Temp /!\ [Fich:1][Doss:0] C:\DOCUME~1\Lorenzo\Cookies /!\ [Fich:1][Doss:0] C:\DOCUME~1\Lorenzo\LOCALS~1\TEMPOR~1\content.IE5 --------------------[ Fin du rapport a 18:46:09,14 ]----------------------
  11. ellesé
    Heureusement mon PC s'est rallumé, grâce à "dernière bonne configuration connue". Eh oui, Bagle est revenu ! Peut-on conclure que le dernier essai avec IE6 a réanimé Bagle sans connexion internet, ou lors de la connexion suivante, même après fermeture de IE ? Voici le rapport Combo-Fix et Lop SD avant le dernier palntage. ComboFix 08-02-25.2 - Lorenzo 2008-03-01 18:20:45.8 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.669 [GMT 1:00] Endroit: C:\Documents and Settings\Lorenzo\Bureau\Combo-Fix.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\WINDOWS\system32\drivers\down C:\WINDOWS\system32\drivers\down\85687.exe C:\WINDOWS\system32\drivers\hldrrr.exe C:\WINDOWS\system32\drivers\srosa.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_SROSA -------\srosa ((((((((((((((((((((((((((((( Fichiers créés 2008-02-01 to 2008-03-01 )))))))))))))))))))))))))))))))))))) . 2008-03-01 17:39 . 2008-03-01 17:39 <REP> d-------- C:\My Documents 2008-03-01 14:01 . 2008-03-01 14:11 <REP> d-------- C:\Lop SD 2008-02-29 23:46 . 2008-02-29 23:46 <REP> d-------- C:\WINDOWS\ERUNT 2008-02-29 23:39 . 2008-03-01 00:06 <REP> d-------- C:\SDFix 2008-02-29 23:24 . 2008-02-29 23:37 <REP> d-------- C:\Program Files\Navilog1 2008-02-25 00:23 . 2008-02-25 00:23 <REP> d-------- C:\TcpView 2008-02-25 00:14 . 2008-02-25 00:14 30,332 --a------ C:\EasyCleaner REG cleanup.htm 2008-02-25 00:03 . 2008-02-25 00:03 459,307 --a------ C:\EasyCleaner-Inutiles.htm 2008-02-24 22:56 . 2008-02-24 22:58 <REP> d-------- C:\Program Files\SpywareBlaster 2008-02-24 20:08 . 2008-02-24 20:08 <REP> d-------- C:\Program Files\ToniArts 2008-02-24 20:06 . 2008-02-27 12:41 <REP> d-------- C:\HijackThis 2008-02-23 19:46 . 2008-02-23 19:46 <REP> d-------- C:\Muestras 2008-02-14 21:49 . 2008-02-14 21:49 <REP> d-------- C:\Program Files\Avira 2008-02-14 21:49 . 2008-02-14 21:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-02-12 23:15 . 2008-02-12 23:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue 2008-02-10 22:48 . 2008-02-10 22:46 691,545 --a------ C:\WINDOWS\unins000.exe 2008-02-10 22:48 . 2008-02-10 22:48 3,453 --a------ C:\WINDOWS\unins000.dat 2008-02-10 22:15 . 2008-02-10 22:15 <REP> d-------- C:\Program Files\Fichiers communs\PC Tools 2008-02-10 22:14 . 2008-02-12 23:14 <REP> d-------- C:\Program Files\Spyware Doctor 2008-02-10 22:14 . 2008-02-10 22:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools 2008-02-10 22:14 . 2007-02-23 00:09 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-02-10 22:14 . 2007-02-25 23:45 59,472 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-02-10 22:14 . 2007-02-19 18:13 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-02-10 22:14 . 2007-02-19 18:13 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys 2008-02-10 22:14 . 2007-02-23 07:13 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-02-10 22:05 . 2008-02-10 22:05 <REP> d-------- C:\Program Files\CCleaner 2008-02-10 21:57 . 2006-06-08 20:00 116,864 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys 2008-02-10 21:57 . 2006-06-08 20:00 58,464 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys 2008-02-10 21:56 . 2008-02-10 21:57 <REP> d-------- C:\Program Files\Network Associates 2008-02-10 21:56 . 2008-02-10 21:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Network Associates 2008-02-09 15:45 . 2008-02-09 15:45 <REP> d-------- C:\Program Files\DAMN NFO Viewer 2008-02-09 15:23 . 2008-02-09 15:23 <REP> d-------- C:\Documents and Settings\Lorenzo\Application Data\Reasonable Software House Ltd 2008-02-03 15:08 . 2008-02-03 15:08 <REP> d-------- C:\Program Files\Kalender 2008-02-03 15:08 . 2008-03-01 16:49 <REP> d-------- C:\Documents and Settings\Lorenzo\Application Data\UK's Kalender 2008-02-03 12:08 . 2008-02-03 12:09 <REP> d-------- C:\Program Files\iTunes . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-01 16:39 936 ----a-w C:\WP_VFR1.bin 2008-03-01 16:39 564 ----a-w C:\WP_FileList4AVFR.bin 2008-03-01 16:39 432 ----a-w C:\WP_FileList4SVFR.bin 2008-03-01 16:39 --------- d-----w C:\Program Files\WinPilot XP VFR 2008-03-01 15:49 28,256 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys 2008-03-01 14:34 --------- d-----w C:\Program Files\AutoREALM 2008-03-01 14:27 --------- d-----w C:\Program Files\SPAMfighter 2008-02-24 23:07 --------- d-----w C:\Program Files\Norton Ghost 2008-02-24 23:07 --------- d-----w C:\Program Files\eMule 2008-02-24 21:09 15,360 ----a-w C:\WINDOWS\system32\dllcache\register.exe 2008-02-24 19:08 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-14 19:53 --------- d-----w C:\Program Files\Yahoo! 2008-02-14 08:00 --------- d-----w C:\Program Files\SecCopy 2008-02-12 23:09 --------- d-----w C:\Program Files\Uniblue 2008-02-12 23:09 --------- d-----w C:\Documents and Settings\Lorenzo\Application Data\Uniblue 2008-02-12 22:14 --------- d-----w C:\Program Files\Miraizon 2008-02-12 22:11 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-11 06:29 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-10 21:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-10 20:56 --------- d-----w C:\Program Files\Fichiers communs\Network Associates 2008-02-07 15:48 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll 2008-02-07 15:48 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll 2008-02-07 15:48 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll 2008-02-04 20:59 --------- d-----w C:\Documents and Settings\Lorenzo\Application Data\AdobeUM 2008-02-03 11:09 --------- d-----w C:\Program Files\iPod 2008-02-03 11:05 --------- d-----w C:\Program Files\QuickTime 2008-01-27 21:06 --------- d-----w C:\Documents and Settings\Lorenzo\Application Data\Media Player Classic 2008-01-27 21:00 --------- d-----w C:\Program Files\Combined Community Codec Pack 2008-01-26 13:56 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-01-19 09:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\RapidSolution 2008-01-18 22:08 --------- d-----w C:\Documents and Settings\Lorenzo\Application Data\SlySoft 2008-01-18 22:00 --------- d-----w C:\Program Files\SlySoft 2008-01-06 16:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle 2008-01-06 16:17 --------- d-----w C:\Program Files\Pinnacle 2008-01-06 16:05 --------- d-----w C:\Program Files\Avid 2008-01-06 15:37 --------- d-----w C:\Program Files\DivX 2008-01-04 21:13 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-01-04 20:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems 2008-01-04 17:58 --------- d-----w C:\Program Files\Logitech 2008-01-04 17:52 --------- d-----w C:\Program Files\InstantTimeZone 2008-01-04 17:47 --------- d-----w C:\Documents and Settings\Lorenzo\Application Data\Ringtone 2008-01-04 17:36 --------- d-----w C:\Documents and Settings\Lorenzo\Application Data\Lavasoft 2008-01-04 17:34 --------- d-----w C:\Program Files\DiscWizard 2003 2008-01-04 14:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-03 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\PicturesToExe 2008-01-03 21:40 --------- d-----w C:\Program Files\WnSoft PicturesToExe 2008-01-03 15:24 --------- d-----w C:\Documents and Settings\Lorenzo\Application Data\eMule 2007-12-22 14:24 39,424 ----a-w C:\WINDOWS\zipinst.exe 2006-12-24 15:30 94,880 ----a-w C:\Documents and Settings\Lorenzo\Application Data\GDIPFONTCACHEV1.DAT 2006-01-15 12:47 4 ----a-w C:\Program Files\SpeechMillLAIPTTSin.pol 2006-01-15 12:37 4 ----a-w C:\Program Files\SpeechMillLAIPTTSout.pol 2005-09-09 17:55 7,155,864 ----a-w C:\Program Files\NGhost10.msi 2005-09-09 17:55 37,766,164 ----a-w C:\Program Files\Data1.cab 2005-09-09 17:55 35 ----a-w C:\Program Files\SCSSDist.ini 2005-04-09 17:24 83,224 ------w C:\Documents and Settings\Adriana\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360] "Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2008-01-29 10:13 1424648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Network Associates Error Reporting Service"="C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe" [2008-03-01 18:01 147514] "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29 308880] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 00:07 8491008] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2008-03-01 18:01 94208] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2008-03-01 18:01 139320] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-01 18:01 249896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17 443968] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ :\WINDOWS\system3 [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Assistant d'Acrobat.lnk] backup=C:\WINDOWS\pss\Assistant d'Acrobat.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bootvis.lnk] backup=C:\WINDOWS\pss\Bootvis.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Device Detector 2.lnk] backup=C:\WINDOWS\pss\Device Detector 2.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HOTSYNCSHORTCUTNAME.lnk] backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InstantTimeZone.lnk] backup=C:\WINDOWS\pss\InstantTimeZone.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Catherine^Menu Démarrer^Programmes^Démarrage^La Solution Associations Ciel.lnk] backup=C:\WINDOWS\pss\La Solution Associations Ciel.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Catherine^Menu Démarrer^Programmes^Démarrage^La Solution Enseignement Ciel.lnk] backup=C:\WINDOWS\pss\La Solution Enseignement Ciel.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Catherine^Menu Démarrer^Programmes^Démarrage^Palm Registration.lnk] backup=C:\WINDOWS\pss\Palm Registration.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Lorenzo^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk] backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Lorenzo^Menu Démarrer^Programmes^Démarrage^Anti-Pub.lnk] backup=C:\WINDOWS\pss\Anti-Pub.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Lorenzo^Menu Démarrer^Programmes^Démarrage^La Solution Enseignement Ciel.lnk] backup=C:\WINDOWS\pss\La Solution Enseignement Ciel.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADUserMon] --a------ 2002-09-24 15:39 147456 C:\Program Files\Iomega\AutoDisk\ADUserMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] --a------ 2008-01-19 10:54 469504 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2008-02-24 21:35 58984 C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey] --a------ 2004-02-05 13:45 510464 C:\WINDOWS\mHotkey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] --a------ 2004-01-07 15:14 2453504 C:\WINDOWS\CMICNFG.CPL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Deskup] --a------ 2002-07-16 09:55 32768 C:\Program Files\Iomega\DriveIcons\deskup.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit] --a------ 2003-12-29 23:33 94208 C:\WINDOWS\Dit.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] --a------ 2003-05-16 00:41 163840 C:\Program Files\Microsoft IntelliPoint\point32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Drive Icons] --a------ 2002-08-13 13:30 86016 C:\Program Files\Iomega\DriveIcons\ImgIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kalender] --a------ 2007-10-12 15:37 819200 C:\Program Files\Kalender\Kalender.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ledpointer] --a------ 2004-02-03 17:15 5794816 C:\WINDOWS\CNYHKey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeScape Media Detector] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] --a------ 2004-01-20 12:50 188416 C:\Program Files\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] --a------ 2004-01-20 12:53 77824 C:\Program Files\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection] --a------ 2003-06-10 17:49 50688 C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] --a------ 2004-02-04 16:09 53248 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] --------- 2005-10-11 18:25 1961984 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0] --a------ 2005-09-09 18:09 1537648 C:\Program Files\Norton Ghost\Agent\GhostTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-09-17 00:07 8491008 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-09-17 00:07 81920 C:\WINDOWS\system32\NvMcTray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-09-17 00:07 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage] --a------ 2002-02-20 20:01 49152 C:\Program Files\ScanSoft\OmniPageSE\opware32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] --a------ 2004-02-26 10:08 61440 C:\Program Files\Home Cinema\PowerCinema\PCMService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] --a------ 2007-09-28 02:17 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck] --a------ 2004-03-10 23:26 406016 C:\WINDOWS\system32\\PSDrvCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSTA.EXE] --a------ 2004-01-14 16:09 215552 C:\WINDOWS\system32\PRISMSTA.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Prism_Utility] --a------ 2004-01-14 16:09 215552 C:\WINDOWS\system32\PRISMSTA.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray] --a------ 2008-03-01 13:17 669776 C:\Program Files\Spyware Doctor\SDTrayApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Second Copy 2000] --a------ 2001-09-17 08:37 1134080 C:\PROGRA~1\SecCopy\SecCopy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor] --a------ 2008-03-01 18:00 2385488 C:\Program Files\Spyware Doctor\swdoctor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2006-10-12 03:10 49263 C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2006-09-21 05:05 757887 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2007-06-17 12:29 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2] --a------ 2007-12-05 16:06 1885464 C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ccSetMgr"=2 (0x2) "ccPwdSvc"=3 (0x3) "ccEvtMgr"=2 (0x2) "Norton Ghost"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Avidyne\\FlightMax\\AviSysDL\\DataTransacServer.exe"= "C:\\Program Files\\Avidyne\\FlightMax\\DatalinkClient.exe"= "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"= "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"= "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"= "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Avid\\Avid Liquid 7\\Program\\StudioU.mod"= "C:\\Program Files\\Avid\\Avid Liquid 7\\Program\\RM.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowOutboundDestinationUnreachable"= 1 (0x1) "AllowOutboundSourceQuench"= 1 (0x1) "AllowOutboundTimeExceeded"= 1 (0x1) "AllowRedirect"= 1 (0x1) R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-10-25 15:29] R3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2007-06-21 07:32] R3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys [2003-12-19 17:13] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08] R3 wbscr;Winbond Smartcard Reader for I/O;C:\WINDOWS\system32\drivers\wbscr.sys [2002-04-24 12:07] S1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v3.8.330\ATI Tray Tools\atitray.sys [] S3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-06-05 10:04] S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2005-05-20 18:27] S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2005-05-20 18:27] S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys [2005-05-20 18:28] S3 IIUSBISP;USB Mass Storage for USB ISP;C:\WINDOWS\system32\Drivers\iiusbisp.sys [] S3 Intels51;Creatix V.9X DSP Data Fax Modem;C:\WINDOWS\system32\DRIVERS\ctxs51.sys [2003-05-22 19:44] S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-06-12 10:47] S3 PRISM_A00;PRISM 802.11g Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-01-16 09:31] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58] S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2003-12-15 17:22] . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-02-27 11:56:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-02-12 22:42:38 C:\WINDOWS\Tasks\Uniblue SpyEraser.job" - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe "2008-03-01 16:32:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-01 18:21:46 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-03-01 18:22:32 ComboFix-quarantined-files.txt 2008-03-01 17:22:18 ComboFix2.txt 2008-03-01 11:38:51 ComboFix3.txt 2008-02-29 21:25:40 ComboFix4.txt 2008-02-28 22:27:15 ComboFix5.txt 2008-02-27 22:33:46 . 2008-01-27 13:55:01 --- E O F --- xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx -----------------------------[ Lop S&D 4.0.2 ]--------------------------- [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ] [ USER : Lorenzo ] [ "C:\Lop SD" ] [ 01/03/2008 | 14:10:27,79 ] [ PC : NET-WXPHE ] [ MAJ : 30-02-2008 | 00:12 ] \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION ///////////////////////////// Restauré! - Fichier Hosts //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Supprimé! - C:\Program Files\Viewpoint Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ -------------[ Listing des dossiers dans Application Data ]------------ [28/02/2004|16:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\. [28/02/2004|16:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\.. [28/02/2004|16:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe [28/02/2004|16:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\AdobeUM [28/02/2004|15:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead [28/02/2004|16:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\Cyberlink [27/02/2004|18:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini [27/02/2004|19:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\Help [27/02/2004|18:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities [28/02/2004|17:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia [28/02/2004|20:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft [28/02/2004|17:58] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real [01/03/2008|12:34] C:\DOCUME~1\Adriana\APPLIC~1\. [01/03/2008|12:34] C:\DOCUME~1\Adriana\APPLIC~1\.. [09/11/2004|17:30] C:\DOCUME~1\Adriana\APPLIC~1\Active Disk [28/02/2004|16:52] C:\DOCUME~1\Adriana\APPLIC~1\Adobe [28/02/2004|16:52] C:\DOCUME~1\Adriana\APPLIC~1\AdobeUM [28/02/2004|15:48] C:\DOCUME~1\Adriana\APPLIC~1\Ahead [29/12/2005|15:46] C:\DOCUME~1\Adriana\APPLIC~1\Apple Computer [28/02/2004|16:26] C:\DOCUME~1\Adriana\APPLIC~1\Cyberlink [27/02/2004|18:26] C:\DOCUME~1\Adriana\APPLIC~1\desktop.ini [09/04/2005|18:24] C:\DOCUME~1\Adriana\APPLIC~1\GDIPFONTCACHEV1.DAT [17/09/2006|17:12] C:\DOCUME~1\Adriana\APPLIC~1\Google [27/02/2004|19:06] C:\DOCUME~1\Adriana\APPLIC~1\Help [31/12/2005|16:03] C:\DOCUME~1\Adriana\APPLIC~1\HotSync [27/02/2004|18:30] C:\DOCUME~1\Adriana\APPLIC~1\Identities [28/02/2004|17:59] C:\DOCUME~1\Adriana\APPLIC~1\Macromedia [24/02/2007|17:38] C:\DOCUME~1\Adriana\APPLIC~1\Microsoft [22/05/2006|17:53] C:\DOCUME~1\Adriana\APPLIC~1\PC Tools [28/02/2004|17:58] C:\DOCUME~1\Adriana\APPLIC~1\Real [22/04/2007|19:15] C:\DOCUME~1\Adriana\APPLIC~1\SPAMfighter [27/03/2005|18:22] C:\DOCUME~1\Adriana\APPLIC~1\Yahoo! [21/05/2005|13:47] C:\DOCUME~1\Adriana\APPLIC~1\Yahoo! Messenger [01/03/2008|14:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\. [01/03/2008|14:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.. [18/03/2007|17:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [04/01/2008|21:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems [28/02/2004|14:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead [11/08/2007|21:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple [23/06/2007|10:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer [07/04/2007|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk [14/02/2008|21:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira [13/11/2005|10:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Canon [03/09/2005|20:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ciel [28/02/2004|16:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink [27/02/2004|18:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini [03/12/2007|11:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\f7129022-a000-4847-db07-470265a73c4f [11/09/2006|18:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google [28/12/2005|10:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HotSync [04/01/2008|15:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft [12/02/2008|20:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [28/02/2004|15:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\muvee Technologies [10/02/2008|21:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Network Associates [27/10/2007|19:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles [06/01/2007|17:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage [10/02/2008|22:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools [03/01/2008|22:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PicturesToExe [06/01/2008|17:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle [01/05/2007|18:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle Studio [12/01/2008|20:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache [26/09/2004|17:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime [19/01/2008|10:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\RapidSolution [27/02/2004|18:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI [04/04/2004|14:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft [14/01/2006|23:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc [10/02/2008|22:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy [12/09/2004|12:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir [12/09/2004|12:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard [25/03/2007|22:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec [12/02/2008|23:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP [12/02/2008|23:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Uniblue [23/12/2005|22:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [24/02/2007|14:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar [31/08/2005|20:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\yahoo! [01/03/2008|12:34] C:\DOCUME~1\CATHER~1\APPLIC~1\. [01/03/2008|12:34] C:\DOCUME~1\CATHER~1\APPLIC~1\.. [29/03/2005|08:56] C:\DOCUME~1\CATHER~1\APPLIC~1\Active Disk [28/02/2004|16:52] C:\DOCUME~1\CATHER~1\APPLIC~1\Adobe [13/01/2008|09:32] C:\DOCUME~1\CATHER~1\APPLIC~1\AdobeUM [21/06/2007|07:33] C:\DOCUME~1\CATHER~1\APPLIC~1\Ahead [12/02/2006|14:45] C:\DOCUME~1\CATHER~1\APPLIC~1\Apple Computer [28/02/2004|16:26] C:\DOCUME~1\CATHER~1\APPLIC~1\Cyberlink [27/02/2004|18:26] C:\DOCUME~1\CATHER~1\APPLIC~1\desktop.ini [01/06/2006|17:40] C:\DOCUME~1\CATHER~1\APPLIC~1\GDIPFONTCACHEV1.DAT [11/09/2006|18:48] C:\DOCUME~1\CATHER~1\APPLIC~1\Google [27/02/2004|19:06] C:\DOCUME~1\CATHER~1\APPLIC~1\Help [28/12/2005|12:49] C:\DOCUME~1\CATHER~1\APPLIC~1\HotSync [27/02/2004|18:30] C:\DOCUME~1\CATHER~1\APPLIC~1\Identities [30/10/2005|17:05] C:\DOCUME~1\CATHER~1\APPLIC~1\InstallShield [30/12/2005|19:24] C:\DOCUME~1\CATHER~1\APPLIC~1\Leadertech [28/02/2004|17:59] C:\DOCUME~1\CATHER~1\APPLIC~1\Macromedia [07/06/2007|21:42] C:\DOCUME~1\CATHER~1\APPLIC~1\Microsoft [06/06/2004|16:54] C:\DOCUME~1\CATHER~1\APPLIC~1\MSN6 [21/06/2007|07:33] C:\DOCUME~1\CATHER~1\APPLIC~1\PC Tools [28/02/2004|17:58] C:\DOCUME~1\CATHER~1\APPLIC~1\Real [12/09/2004|11:42] C:\DOCUME~1\CATHER~1\APPLIC~1\ScanSoft [03/04/2007|21:06] C:\DOCUME~1\CATHER~1\APPLIC~1\SPAMfighter [05/09/2004|09:37] C:\DOCUME~1\CATHER~1\APPLIC~1\Sun [25/06/2007|12:52] C:\DOCUME~1\CATHER~1\APPLIC~1\Uniblue [23/01/2005|21:40] C:\DOCUME~1\CATHER~1\APPLIC~1\Yahoo! [06/03/2005|08:25] C:\DOCUME~1\CATHER~1\APPLIC~1\Yahoo! Messenger [28/02/2004|16:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\. [28/02/2004|16:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.. [28/02/2004|16:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe [28/02/2004|16:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\AdobeUM [28/02/2004|15:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Ahead [28/02/2004|16:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Cyberlink [27/02/2004|18:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini [27/02/2004|19:06] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Help [27/02/2004|18:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities [28/02/2004|17:59] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia [28/02/2004|20:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [28/02/2004|17:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real [01/03/2008|12:34] C:\DOCUME~1\Elio\APPLIC~1\. [01/03/2008|12:34] C:\DOCUME~1\Elio\APPLIC~1\.. [14/09/2005|18:36] C:\DOCUME~1\Elio\APPLIC~1\Active Disk [28/02/2004|16:52] C:\DOCUME~1\Elio\APPLIC~1\Adobe [28/02/2004|16:52] C:\DOCUME~1\Elio\APPLIC~1\AdobeUM [28/02/2004|15:48] C:\DOCUME~1\Elio\APPLIC~1\Ahead [28/02/2004|16:26] C:\DOCUME~1\Elio\APPLIC~1\Cyberlink [27/02/2004|18:26] C:\DOCUME~1\Elio\APPLIC~1\desktop.ini [19/01/2008|14:46] C:\DOCUME~1\Elio\APPLIC~1\Google [27/02/2004|19:06] C:\DOCUME~1\Elio\APPLIC~1\Help [08/01/2006|15:31] C:\DOCUME~1\Elio\APPLIC~1\HotSync [27/02/2004|18:30] C:\DOCUME~1\Elio\APPLIC~1\Identities [28/02/2004|17:59] C:\DOCUME~1\Elio\APPLIC~1\Macromedia [04/01/2008|10:15] C:\DOCUME~1\Elio\APPLIC~1\Microsoft [11/11/2005|20:28] C:\DOCUME~1\Elio\APPLIC~1\MSN6 [28/02/2004|17:58] C:\DOCUME~1\Elio\APPLIC~1\Real [30/04/2007|11:01] C:\DOCUME~1\Elio\APPLIC~1\SPAMfighter [28/07/2005|17:35] C:\DOCUME~1\Elio\APPLIC~1\Yahoo! [28/07/2005|17:36] C:\DOCUME~1\Elio\APPLIC~1\Yahoo! Messenger [27/02/2004|18:32] C:\DOCUME~1\LOCALS~1\APPLIC~1\. [27/02/2004|18:32] C:\DOCUME~1\LOCALS~1\APPLIC~1\.. [27/02/2004|18:32] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [20/04/2004|20:22] C:\DOCUME~1\LOCALS~1\APPLIC~1\X10 Commander [29/02/2008|22:20] C:\DOCUME~1\Lorenzo\APPLIC~1\. [29/02/2008|22:20] C:\DOCUME~1\Lorenzo\APPLIC~1\.. [12/03/2005|12:40] C:\DOCUME~1\Lorenzo\APPLIC~1\Active Disk [04/01/2008|22:13] C:\DOCUME~1\Lorenzo\APPLIC~1\Adobe [04/02/2008|21:59] C:\DOCUME~1\Lorenzo\APPLIC~1\AdobeUM [26/12/2005|22:00] C:\DOCUME~1\Lorenzo\APPLIC~1\Ahead [12/08/2007|09:44] C:\DOCUME~1\Lorenzo\APPLIC~1\Apple Computer [13/05/2007|10:52] C:\DOCUME~1\Lorenzo\APPLIC~1\ATI [03/05/2007|22:51] C:\DOCUME~1\Lorenzo\APPLIC~1\atitray [07/04/2007|15:18] C:\DOCUME~1\Lorenzo\APPLIC~1\Autodesk [12/05/2007|22:28] C:\DOCUME~1\Lorenzo\APPLIC~1\Avidyne [28/02/2004|16:26] C:\DOCUME~1\Lorenzo\APPLIC~1\Cyberlink [27/02/2004|18:26] C:\DOCUME~1\Lorenzo\APPLIC~1\desktop.ini [23/12/2007|17:35] C:\DOCUME~1\Lorenzo\APPLIC~1\DivX [07/04/2007|14:58] C:\DOCUME~1\Lorenzo\APPLIC~1\Downloaded Installations [03/01/2008|16:24] C:\DOCUME~1\Lorenzo\APPLIC~1\eMule [24/12/2006|16:30] C:\DOCUME~1\Lorenzo\APPLIC~1\GDIPFONTCACHEV1.DAT [13/09/2006|22:46] C:\DOCUME~1\Lorenzo\APPLIC~1\Google [23/12/2007|10:57] C:\DOCUME~1\Lorenzo\APPLIC~1\Help [28/12/2005|10:47] C:\DOCUME~1\Lorenzo\APPLIC~1\HotSync [27/02/2004|18:30] C:\DOCUME~1\Lorenzo\APPLIC~1\Identities [01/05/2007|18:57] C:\DOCUME~1\Lorenzo\APPLIC~1\InstallShield [24/10/2006|22:37] C:\DOCUME~1\Lorenzo\APPLIC~1\KSOL [04/01/2008|18:36] C:\DOCUME~1\Lorenzo\APPLIC~1\Lavasoft [28/12/2005|10:57] C:\DOCUME~1\Lorenzo\APPLIC~1\Leadertech [28/02/2004|17:59] C:\DOCUME~1\Lorenzo\APPLIC~1\Macromedia [27/01/2008|22:06] C:\DOCUME~1\Lorenzo\APPLIC~1\Media Player Classic [10/06/2007|20:12] C:\DOCUME~1\Lorenzo\APPLIC~1\Microsoft [02/01/2005|18:14] C:\DOCUME~1\Lorenzo\APPLIC~1\Microsoft Web Folders [27/02/2008|12:49] C:\DOCUME~1\Lorenzo\APPLIC~1\Mozilla [13/01/2008|17:03] C:\DOCUME~1\Lorenzo\APPLIC~1\Opera [03/03/2006|22:20] C:\DOCUME~1\Lorenzo\APPLIC~1\PC Tools [10/02/2006|22:36] C:\DOCUME~1\Lorenzo\APPLIC~1\Publish Providers [17/06/2007|12:30] C:\DOCUME~1\Lorenzo\APPLIC~1\Real [09/02/2008|15:23] C:\DOCUME~1\Lorenzo\APPLIC~1\Reasonable Software House Ltd [04/01/2008|18:47] C:\DOCUME~1\Lorenzo\APPLIC~1\Ringtone [27/03/2004|14:29] C:\DOCUME~1\Lorenzo\APPLIC~1\ScanSoft [18/01/2008|23:08] C:\DOCUME~1\Lorenzo\APPLIC~1\SlySoft [10/02/2006|22:25] C:\DOCUME~1\Lorenzo\APPLIC~1\Sony [26/06/2007|21:29] C:\DOCUME~1\Lorenzo\APPLIC~1\SPAMfighter [27/03/2004|23:09] C:\DOCUME~1\Lorenzo\APPLIC~1\Sun [26/12/2005|20:43] C:\DOCUME~1\Lorenzo\APPLIC~1\Symantec [25/09/2004|11:34] C:\DOCUME~1\Lorenzo\APPLIC~1\Template [03/02/2008|15:53] C:\DOCUME~1\Lorenzo\APPLIC~1\UK's Kalender [13/02/2008|00:09] C:\DOCUME~1\Lorenzo\APPLIC~1\Uniblue [04/01/2008|18:40] C:\DOCUME~1\Lorenzo\APPLIC~1\WinRAR [09/01/2005|20:21] C:\DOCUME~1\Lorenzo\APPLIC~1\Yahoo! Messenger [27/02/2004|18:32] C:\DOCUME~1\NETWOR~1\APPLIC~1\. [27/02/2004|18:32] C:\DOCUME~1\NETWOR~1\APPLIC~1\.. [27/02/2004|18:32] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [01/05/2004|12:10] C:\DOCUME~1\PROPRI~1\APPLIC~1\. [01/05/2004|12:10] C:\DOCUME~1\PROPRI~1\APPLIC~1\.. [18/09/2005|10:58] C:\DOCUME~1\PROPRI~1\APPLIC~1\Real ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]--------------- [12/02/2008 23:42][--a------] C:\WINDOWS\tasks\Uniblue SpyEraser.job [27/02/2008 12:56][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [01/03/2008 13:32][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job [30/08/2002 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini [29/02/2008 23:56][--ah-----] C:\WINDOWS\tasks\SA.DAT ---------------[ Listing des dossiers dans C:\Program Files ]-------------- [01/03/2008|14:10] C:\Program Files\. [01/03/2008|14:10] C:\Program Files\.. [15/01/2006|15:38] C:\Program Files\4ormulator [04/01/2008|22:16] C:\Program Files\Adobe [30/12/2006|21:33] C:\Program Files\Ahead [30/07/2004|20:38] C:\Program Files\Alcohol Soft [24/09/2007|20:52] C:\Program Files\AnMing [18/03/2007|18:01] C:\Program Files\APDFPR [22/12/2007|17:14] C:\Program Files\Apple Software Update [02/07/2006|19:23] C:\Program Files\Atlence [15/01/2006|13:04] C:\Program Files\Audacity [07/04/2007|15:16] C:\Program Files\Autodesk [04/01/2008|19:06] C:\Program Files\AutoREALM [06/01/2008|17:05] C:\Program Files\Avid [12/05/2007|22:26] C:\Program Files\Avidyne [14/02/2008|21:49] C:\Program Files\Avira [15/01/2006|10:57] C:\Program Files\AviSynth 2.5 [03/07/2005|18:31] C:\Program Files\Cadkey99 [13/11/2005|10:18] C:\Program Files\Canon [10/02/2008|22:05] C:\Program Files\CCleaner [02/06/2006|09:31] C:\Program Files\Ciel [27/02/2004|19:11] C:\Program Files\C-Media 3D Audio [10/09/2005|21:52] C:\Program Files\ColJaegerm2_3s [27/01/2008|22:00] C:\Program Files\Combined Community Codec Pack [13/01/2007|16:18] C:\Program Files\Common Files [27/02/2004|18:28] C:\Program Files\ComPlus Applications [28/02/2004|16:15] C:\Program Files\CyberLink [09/02/2008|15:45] C:\Program Files\DAMN NFO Viewer [09/09/2005|18:55] C:\Program Files\Data1.cab [24/06/2006|07:56] C:\Program Files\Dico [09/01/2005|15:16] C:\Program Files\directx [04/01/2008|18:34] C:\Program Files\DiscWizard 2003 [06/01/2008|16:37] C:\Program Files\DivX [08/05/2007|09:20] C:\Program Files\Driver Cleaner PE [25/03/2007|22:27] C:\Program Files\Driver Validation [19/01/2008|10:23] C:\Program Files\DVD Decrypter [06/05/2006|12:36] C:\Program Files\EBP [25/02/2008|00:07] C:\Program Files\eMule [29/07/2007|10:48] C:\Program Files\eMusic Download Manager [15/01/2006|22:15] C:\Program Files\EndItAll [26/01/2008|15:49] C:\Program Files\eRightSoft [23/12/2007|10:56] C:\Program Files\Exif Date Changer [24/09/2007|21:23] C:\Program Files\EZ Ringtone [10/02/2008|22:15] C:\Program Files\Fichiers communs [25/09/2004|16:04] C:\Program Files\FotoTime [04/03/2006|13:11] C:\Program Files\FouFou [23/06/2007|22:43] C:\Program Files\Garmin [15/07/2004|21:15] C:\Program Files\Ghostgum [27/01/2007|10:33] C:\Program Files\Google [15/07/2004|21:14] C:\Program Files\gs [28/02/2004|14:16] C:\Program Files\HighMAT CD Writing Wizard [28/02/2004|16:16] C:\Program Files\Home Cinema [17/07/2007|13:40] C:\Program Files\Infogrames [24/02/2008|20:08] C:\Program Files\InstallShield Installation Information [04/01/2008|18:52] C:\Program Files\InstantTimeZone [27/02/2004|18:45] C:\Program Files\Intel [12/12/2007|23:16] C:\Program Files\Internet Explorer [17/10/2004|11:41] C:\Program Files\Iomega [03/02/2008|12:09] C:\Program Files\iPod [29/12/2006|23:12] C:\Program Files\IrfanView [03/02/2008|12:09] C:\Program Files\iTunes [12/11/2006|12:25] C:\Program Files\Java [05/11/2006|10:55] C:\Program Files\JoshMadison [04/01/2008|18:54] C:\Program Files\JS World [03/02/2008|15:08] C:\Program Files\Kalender [04/01/2008|18:36] C:\Program Files\Lavasoft [04/01/2008|16:01] C:\Program Files\Live_TV [04/01/2008|18:58] C:\Program Files\Logitech [28/02/2004|15:40] C:\Program Files\Medion Tools [09/07/2006|17:15] C:\Program Files\Messenger [03/02/2008|15:13] C:\Program Files\metagenia [28/02/2004|14:52] C:\Program Files\Microsoft AutoRoute [14/05/2007|21:19] C:\Program Files\Microsoft Bootvis [10/05/2007|21:19] C:\Program Files\Microsoft CAPICOM 2.1.0.2 [28/02/2004|14:57] C:\Program Files\Microsoft Encarta [02/01/2005|18:14] C:\Program Files\microsoft frontpage [26/02/2005|18:28] C:\Program Files\Microsoft IntelliPoint [28/02/2004|14:51] C:\Program Files\Microsoft Money [28/08/2005|13:38] C:\Program Files\Microsoft Money 2005(2) [07/04/2007|15:18] C:\Program Files\Microsoft Office [28/02/2004|14:56] C:\Program Files\Microsoft Picture It! 9 [31/07/2004|12:08] C:\Program Files\Microsoft R‚f‚rence [06/01/2007|16:19] C:\Program Files\Microsoft Visual Studio [25/09/2004|11:34] C:\Program Files\Microsoft Works [28/02/2004|14:38] C:\Program Files\Microsoft Works Suite 2004 [06/01/2007|17:12] C:\Program Files\Microsoft.NET [12/02/2008|23:14] C:\Program Files\Miraizon [08/07/2006|20:23] C:\Program Files\Movie Maker [01/03/2008|12:39] C:\Program Files\Mozilla Firefox [11/08/2007|18:13] C:\Program Files\MPEG4 Direct Maker [27/02/2004|18:28] C:\Program Files\MSN [27/02/2004|18:28] C:\Program Files\MSN Gaming Zone [23/09/2007|19:52] C:\Program Files\MSN Messenger [17/11/2006|19:25] C:\Program Files\MSXML 4.0 [28/02/2004|16:18] C:\Program Files\MUSICMATCH [28/02/2004|15:01] C:\Program Files\muvee Technologies [13/05/2007|10:42] C:\Program Files\My Company Name [29/02/2008|23:37] C:\Program Files\Navilog1 [26/05/2007|20:07] C:\Program Files\Netgear [31/08/2006|19:43] C:\Program Files\Netgroup - Politecnico di Torino [08/07/2006|20:19] C:\Program Files\NetMeeting [10/02/2008|21:57] C:\Program Files\Network Associates [09/09/2005|18:55] C:\Program Files\NGhost10.msi [25/02/2008|00:07] C:\Program Files\Norton Ghost [28/02/2004|17:49] C:\Program Files\Nullsoft [16/04/2005|19:49] C:\Program Files\Olympus [14/06/2007|21:40] C:\Program Files\Outlook Express [08/01/2006|15:54] C:\Program Files\Palm [08/01/2005|15:36] C:\Program Files\PDFill Writer [27/10/2007|17:11] C:\Program Files\Picasa2 [06/01/2008|17:17] C:\Program Files\Pinnacle [05/08/2007|12:57] C:\Program Files\Planilog [08/01/2005|15:36] C:\Program Files\PlotSoft [13/11/2004|22:37] C:\Program Files\PocketFMS [27/01/2008|14:21] C:\Program Files\Portrait Professional [03/02/2008|12:05] C:\Program Files\QuickTime [08/05/2007|11:36] C:\Program Files\Radeon Omega Drivers [19/01/2008|00:36] C:\Program Files\RapidSolution [28/02/2004|17:49] C:\Program Files\Real [12/02/2008|23:01] C:\Program Files\Registry Mechanic [02/07/2006|18:53] C:\Program Files\RenMultiFiles Pro [06/06/2007|21:19] C:\Program Files\RepareOE [06/06/2007|21:15] C:\Program Files\SaveOE [27/03/2004|14:29] C:\Program Files\ScanSoft [09/09/2005|18:55] C:\Program Files\SCSSDist.ini [14/02/2008|09:00] C:\Program Files\SecCopy [10/02/2006|22:19] C:\Program Files\SF8 install [24/03/2007|10:58] C:\Program Files\Simpli Software [18/01/2008|23:00] C:\Program Files\SlySoft [07/01/2006|19:40] C:\Program Files\SmartSound Software [03/02/2008|15:52] C:\Program Files\SodeaSoft [10/02/2006|22:24] C:\Program Files\Sony [01/03/2008|12:07] C:\Program Files\SPAMfighter [15/01/2006|13:47] C:\Program Files\SpeechMillLAIPTTSin.pol [15/01/2006|13:37] C:\Program Files\SpeechMillLAIPTTSout.pol [11/02/2008|07:29] C:\Program Files\Spybot - Search & Destroy [12/02/2008|23:14] C:\Program Files\Spyware Doctor [24/02/2008|22:58] C:\Program Files\SpywareBlaster [15/01/2006|13:10] C:\Program Files\Stratoware [24/02/2007|14:21] C:\Program Files\Sunbelt Software [09/09/2005|18:56] C:\Program Files\Support [25/03/2007|22:30] C:\Program Files\Symantec [09/03/2005|17:29] C:\Program Files\THQ [23/12/2007|13:04] C:\Program Files\TimeToPhoto [24/02/2008|20:08] C:\Program Files\ToniArts [13/02/2008|00:09] C:\Program Files\Uniblue [31/08/2004|19:30] C:\Program Files\Uninstall Information [27/02/2004|19:13] C:\Program Files\USB Wireless Keyboard Driver [10/02/2006|22:36] C:\Program Files\VSTplugins [05/08/2006|19:29] C:\Program Files\Western Digital Technologies [28/02/2004|15:05] C:\Program Files\Winbond Electronics Corp [27/02/2004|18:35] C:\Program Files\Windows Journal Viewer [24/02/2007|14:02] C:\Program Files\Windows Live Favorites [24/02/2007|14:15] C:\Program Files\Windows Live Safety Center [30/11/2007|23:26] C:\Program Files\Windows Live Toolbar [26/01/2008|14:56] C:\Program Files\Windows Media Connect 2 [26/01/2008|14:56] C:\Program Files\Windows Media Player [08/07/2006|20:19] C:\Program Files\Windows NT [25/02/2007|11:40] C:\Program Files\WindowsUpdate [19/11/2006|10:38] C:\Program Files\WinPilot XP VFR [25/02/2008|00:07] C:\Program Files\WinRAR [20/12/2006|11:17] C:\Program Files\WMV9_VCM [03/01/2008|22:40] C:\Program Files\WnSoft PicturesToExe [11/09/2005|18:18] C:\Program Files\WorldTimeClock [28/02/2004|16:16] C:\Program Files\X10 Hardware [27/02/2004|18:30] C:\Program Files\xerox [14/02/2008|20:53] C:\Program Files\Yahoo! [04/03/2006|11:58] C:\Program Files\Zero G Registry [18/03/2007|18:20] C:\Program Files\ZipCentral ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------ [10/02/2008|22:15] C:\Program Files\Fichiers communs\. [10/02/2008|22:15] C:\Program Files\Fichiers communs\.. [04/01/2008|22:13] C:\Program Files\Fichiers communs\Adobe [28/02/2004|14:34] C:\Program Files\Fichiers communs\Ahead [30/10/2007|08:38] C:\Program Files\Fichiers communs\Ankiro [28/02/2004|17:49] C:\Program Files\Fichiers communs\AOL [11/08/2007|21:21] C:\Program Files\Fichiers communs\Apple [30/10/2007|08:37] C:\Program Files\Fichiers communs\Application [02/07/2006|19:26] C:\Program Files\Fichiers communs\Atlence [22/04/2007|18:15] C:\Program Files\Fichiers communs\Autodesk Shared [28/02/2004|15:05] C:\Program Files\Fichiers communs\Borland Shared [08/08/2007|08:52] C:\Program Files\Fichiers communs\CIEL [27/09/2006|17:45] C:\Program Files\Fichiers communs\Cisco Systems [12/05/2007|22:26] C:\Program Files\Fichiers communs\Crystal Decisions [06/01/2007|17:14] C:\Program Files\Fichiers communs\DESIGNER [28/02/2004|15:01] C:\Program Files\Fichiers communs\InstallShield [27/03/2004|23:09] C:\Program Files\Fichiers communs\Java [09/01/2005|15:13] C:\Program Files\Fichiers communs\Logitech [19/01/2008|00:36] C:\Program Files\Fichiers communs\Microsoft Shared [27/02/2004|18:28] C:\Program Files\Fichiers communs\MSSoap [28/02/2004|15:01] C:\Program Files\Fichiers communs\muvee Technologies [10/02/2008|21:56] C:\Program Files\Fichiers communs\Network Associates [27/02/2004|18:26] C:\Program Files\Fichiers communs\ODBC [10/02/2008|22:15] C:\Program Files\Fichiers communs\PC Tools [17/06/2007|12:29] C:\Program Files\Fichiers communs\Real [08/08/2007|08:52] C:\Program Files\Fichiers communs\Sage [27/03/2004|14:29] C:\Program Files\Fichiers communs\ScanSoft Shared [27/02/2004|18:28] C:\Program Files\Fichiers communs\Services [27/02/2004|18:26] C:\Program Files\Fichiers communs\SpeechEngines [03/04/2007|21:04] C:\Program Files\Fichiers communs\Symantec Shared [14/06/2007|21:40] C:\Program Files\Fichiers communs\System [04/01/2008|15:53] C:\Program Files\Fichiers communs\Wise Installation Wizard [17/06/2007|12:30] C:\Program Files\Fichiers communs\xing shared ----------------------[ Recherche avec S_Lop ]--------------------- Aucun fichier / dossier Lop trouvé ! -----------------[ Recherche de Fichiers / Dossiers Lop ]----------------- Aucun fichier / dossier Lop trouvé ! ----------------------[ Verification du Registre ]---------------------- ..... OK ! --------------------[ Verification du fichier Hosts ]--------------------- Fichier Hosts PROPRE ----------------[ Recherche de fichiers avec Catchme ]----------------- catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-01 14:11:08 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden files ... scan completed successfully hidden files: 0 --------------------[ Recherche d'autres infections ]--------------------- C:\WINDOWS\system32\drivers\down C:\WINDOWS\system32\drivers\srosa.sys C:\WINDOWS\system32\BAN_LIST.txt ! BAGLE Possible ! /!\ [Fich:1][Doss:3] C:\DOCUME~1\Lorenzo\LOCALS~1\Temp /!\ [Fich:10][Doss:0] C:\DOCUME~1\Lorenzo\Cookies /!\ [Fich:2][Doss:0] C:\DOCUME~1\Lorenzo\LOCALS~1\TEMPOR~1\content.IE5 --------------------[ Fin du rapport a 14:11:45,29 ]----------------------
  12. ellesé
    Aie, aie, aie, Pas glop du tout ! Je vous ecris d'un autre PC...! J'ai chargé et lancé Lop S&D, une première foi avec 1). Le preogramme s'est bine déroulé jusqu'au bout, sans devoir faire Ctrl-Alt-Sup. J'ai eu le rapport. De mémoire pas d'infection: registre et hosts propre, mais à la fin suspicion présence de Bagle. J'a relancé une 2eme fois avec option 2) comme demandé. J'ai vu le rapport. Lop S&D a supprimé un fichier/répertoire que je ne connaissait/me rappelait plus.... Tou assez "propre" sauf toujours suspicion avec un truc genre "[-b] " de Bagle. J'ai donc redémarré le PC pour passer en mode sans echec pour lancer SDFix que vous m'aviez déjà fait passer hier. IMPOSSIBLE de démarrer en mode sans échec !! malgré plusieurs tentatives, le PC reboote. J'ai donc étét contraint de le laisser redémarrer en mode normal. Et la long délai sur ecran bleu "Windows en cours de démarrage". J'ai maintenant la page d'accueil avec les 4 comptes utilsateurs, tous 4 bloqués par un mot de passe qu'il n'y avait pas....! HELP !
  13. ellesé
    Bonjour, En fait il y a 4 utilisateurs au total. J'ai donc rajouté une ligne pour le 4e utilisateur au SFScript. Ci-dessous le rapport Combo-Fix. Mais tous les fichiers wklnhst.dat avaient des dates assez anciennes. Peut-être pas le problème ? Par contre, IE est toujours "vérolé". Toujours la fenêtre intempestive au démarrage. Cette fois, je me suis méfié et j'ai ouvert IE hors connexion. Je n'ai à priori par retéléchargé Bagle donc. Mais naturellement je ne peux pas lancer Kaspersky en ligne. Je crois cependant qu'il y a une version gratuite, que je pourrais au besoin télécharger depuis un autre PC ? Quid sinon des outils pour débugger IE que j'ai vus dans le tutorial HiJackThis ? tels que - CWSshredder - SpHjfix - LSPfix - About:Buster - DelDomains.inf ? Merci encore et toujours. ComboFix 08-02-25.2 - Lorenzo 2008-03-01 12:34:03.6 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.545 [GMT 1:00] Endroit: C:\Documents and Settings\Lorenzo\Bureau\Combo-Fix.exe Command switches used :: C:\Documents and Settings\Lorenzo\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\Documents and Settings\Adriana\Application Data\wklnhst.dat C:\Documents and Settings\Catherine\Application Data\wklnhst.dat C:\Documents and Settings\Elio\Application Data\wklnhst.dat . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Adriana\Application Data\wklnhst.dat C:\Documents and Settings\Catherine\Application Data\wklnhst.dat C:\Documents and Settings\Elio\Application Data\wklnhst.dat . ((((((((((((((((((((((((((((( Fichiers créés 2008-02-01 to 2008-03-01 )))))))))))))))))))))))))))))))))))) . 2008-02-29 23:46 . 2008-02-29 23:46 <REP> d-------- C:\WINDOWS\ERUNT 2008-02-29 23:39 . 2008-03-01 00:06 <REP> d-------- C:\SDFix 2008-02-29 23:24 . 2008-02-29 23:37 <REP> d-------- C:\Program Files\Navilog1 2008-02-28 22:57 . 2008-02-28 22:57 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-02-25 00:23 . 2008-02-25 00:23 <REP> d-------- C:\TcpView 2008-02-25 00:14 . 2008-02-25 00:14 30,332 --a------ C:\EasyCleaner REG cleanup.htm 2008-02-25 00:03 . 2008-02-25 00:03 459,307 --a------ C:\EasyCleaner-Inutiles.htm 2008-02-24 22:56 . 2008-02-24 22:58 <REP> d-------- C:\Program Files\SpywareBlaster 2008-02-24 20:08 . 2008-02-24 20:08 <REP> d-------- C:\Program Files\ToniArts 2008-02-24 20:06 . 2008-02-27 12:41 <REP> d-------- C:\HijackThis 2008-02-23 19:46 . 2008-02-23 19:46 <REP> d-------- C:\Muestras 2008-02-14 21:49 . 2008-02-14 21:49 <REP> d-------- C:\Program Files\Avira 2008-02-14 21:49 . 2008-02-14 21:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-02-12 23:15 . 2008-02-12 23:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue 2008-02-10 22:48 . 2008-02-10 22:46 691,545 --a------ C:\WINDOWS\unins000.exe 2008-02-10 22:48 . 2008-02-10 22:48 3,453 --a------ C:\WINDOWS\unins000.dat 2008-02-10 22:15 . 2008-02-10 22:15 <REP> d-------- C:\Program Files\Fichiers communs\PC Tools 2008-02-10 22:14 . 2008-02-12 23:14 <REP> d-------- C:\Program Files\Spyware Doctor 2008-02-10 22:14 . 2008-02-10 22:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools 2008-02-10 22:14 . 2007-02-23 00:09 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-02-10 22:14 . 2007-02-25 23:45 59,472 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-02-10 22:14 . 2007-02-19 18:13 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-02-10 22:14 . 2007-02-19 18:13 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys 2008-02-10 22:14 . 2007-02-23 07:13 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-02-10 22:05 . 2008-02-10 22:05 <REP> d-------- C:\Program Files\CCleaner 2008-02-10 21:57 . 2006-06-08 20:00 116,864 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys 2008-02-10 21:57 . 2006-06-08 20:00 58,464 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys 2008-02-10 21:56 . 2008-02-10 21:57 <REP> d-------- C:\Program Files\Network Associates 2008-02-10 21:56 . 2008-02-10 21:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Network Associates 2008-02-09 15:45 . 2008-02-09 15:45 <REP> d-------- C:\Program Files\DAMN NFO Viewer 2008-02-09 15:23 . 2008-02-09 15:23 <REP> d-------- C:\Documents and Settings\Lorenzo\Application Data\Reasonable Software House Ltd 2008-02-03 15:13 . 2008-02-03 15:13 <REP> d-------- C:\Program Files\metagenia 2008-02-03 15:08 . 2008-02-03 15:08 <REP> d-------- C:\Program Files\Kalender 2008-02-03 15:08 . 2008-02-03 15:53 <REP> d-------- C:\Documents and Settings\Lorenzo\Application Data\UK's Kalender 2008-02-03 14:43 . 2008-02-03 15:52 <REP> d-------- C:\Program Files\SodeaSoft 2008-02-03 12:08 . 2008-02-03 12:09 <REP> d-------- C:\Program Files\iTunes . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-01 11:07 --------- d-----w C:\Program Files\SPAMfighter 2008-02-24 23:07 --------- d-----w C:\Program Files\Norton Ghost 2008-02-24 23:07 --------- d-----w C:\Program Files\eMule 2008-02-24 21:09 15,360 ----a-w C:\WINDOWS\system32\dllcache\register.exe 2008-02-24 19:08 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-15 22:36 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2008-02-15 22:36 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys 2008-02-15 22:36 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-02-14 19:53 --------- d-----w C:\Program Files\Yahoo! 2008-02-14 08:00 --------- d-----w C:\Program Files\SecCopy 2008-02-12 23:09 --------- d-----w C:\Program Files\Uniblue 2008-02-12 23:09 --------- d-----w C:\Documents and Settings\Lorenzo\Application Data\Uniblue 2008-02-12 22:14 --------- d-----w C:\Program Files\Miraizon 2008-02-12 22:11 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-11 06:29 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-10 21:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-10 20:56 --------- d-----w C:\Program Files\Fichiers communs\Network Associates 2008-02-07 15:48 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll 2008-02-07 15:48 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll 2008-02-07 15:48 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll 2008-02-04 20:59 --------- d-----w C:\Documents and Settings\Lorenzo\Application Data\AdobeUM 2008-02-03 11:09 --------- d-----w C:\Program Files\iPod 2008-02-03 11:05 --------- d-----w C:\Program Files\QuickTime 2008-01-27 21:06 --------- d-----w C:\Documents and Settings\Lorenzo\Application Data\Media Player Classic 2008-01-27 21:00 --------- d-----w C:\Program Files\Combined Community Codec Pack 2008-01-27 13:21 --------- d-----w C:\Program Files\Portrait Professional 2008-01-26 14:49 --------- d-----w C:\Program Files\eRightSoft 2008-01-26 13:56 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-01-19 09:23 --------- d-----w C:\Program Files\DVD Decrypter 2008-01-19 09:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\RapidSolution 2008-01-18 23:36 --------- d-----w C:\Program Files\RapidSolution 2008-01-18 22:08 --------- d-----w C:\Documents and Settings\Lorenzo\Application Data\SlySoft 2008-01-18 22:00 --------- d-----w C:\Program Files\SlySoft 2008-01-06 16:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle 2008-01-06 16:17 --------- d-----w C:\Program Files\Pinnacle 2008-01-06 16:05 --------- d-----w C:\Program Files\Avid 2008-01-06 15:37 --------- d-----w C:\Program Files\DivX 2008-01-04 21:13 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-01-04 20:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems 2008-01-04 18:06 --------- d-----w C:\Program Files\AutoREALM 2008-01-04 17:58 --------- d-----w C:\Program Files\Logitech 2008-01-04 17:54 --------- d-----w C:\Program Files\JS World 2008-01-04 17:52 --------- d-----w C:\Program Files\InstantTimeZone 2008-01-04 17:47 --------- d-----w C:\Documents and Settings\Lorenzo\Application Data\Ringtone 2008-01-04 17:36 --------- d-----w C:\Program Files\Lavasoft 2008-01-04 17:36 --------- d-----w C:\Documents and Settings\Lorenzo\Application Data\Lavasoft 2008-01-04 17:34 --------- d-----w C:\Program Files\DiscWizard 2003 2008-01-04 15:01 --------- d-----w C:\Program Files\Live_TV 2008-01-04 14:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-04 14:53 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-01-03 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\PicturesToExe 2008-01-03 21:40 --------- d-----w C:\Program Files\WnSoft PicturesToExe 2008-01-03 15:24 --------- d-----w C:\Documents and Settings\Lorenzo\Application Data\eMule 2007-12-22 14:24 39,424 ----a-w C:\WINDOWS\zipinst.exe 2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll 2006-12-24 15:30 94,880 ----a-w C:\Documents and Settings\Lorenzo\Application Data\GDIPFONTCACHEV1.DAT 2006-01-15 12:47 4 ----a-w C:\Program Files\SpeechMillLAIPTTSin.pol 2006-01-15 12:37 4 ----a-w C:\Program Files\SpeechMillLAIPTTSout.pol 2005-09-09 17:55 7,155,864 ----a-w C:\Program Files\NGhost10.msi 2005-09-09 17:55 37,766,164 ----a-w C:\Program Files\Data1.cab 2005-09-09 17:55 35 ----a-w C:\Program Files\SCSSDist.ini 2005-04-09 17:24 83,224 ------w C:\Documents and Settings\Adriana\Application Data\GDIPFONTCACHEV1.DAT 2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360] "Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2008-01-29 10:13 1424648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Network Associates Error Reporting Service"="C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe" [2008-02-28 23:16 147514] "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29 308880] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 00:07 8491008] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2008-02-28 23:16 94208] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2008-02-28 23:16 139320] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-28 23:16 249896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17 443968] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ m s v 1 _ 0 Notification Packages REG_MULTI_SZ :\WINDOWS\system3 [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Assistant d'Acrobat.lnk] backup=C:\WINDOWS\pss\Assistant d'Acrobat.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bootvis.lnk] backup=C:\WINDOWS\pss\Bootvis.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Device Detector 2.lnk] backup=C:\WINDOWS\pss\Device Detector 2.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HOTSYNCSHORTCUTNAME.lnk] backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InstantTimeZone.lnk] backup=C:\WINDOWS\pss\InstantTimeZone.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Catherine^Menu Démarrer^Programmes^Démarrage^La Solution Associations Ciel.lnk] backup=C:\WINDOWS\pss\La Solution Associations Ciel.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Catherine^Menu Démarrer^Programmes^Démarrage^La Solution Enseignement Ciel.lnk] backup=C:\WINDOWS\pss\La Solution Enseignement Ciel.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Catherine^Menu Démarrer^Programmes^Démarrage^Palm Registration.lnk] backup=C:\WINDOWS\pss\Palm Registration.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Lorenzo^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk] backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Lorenzo^Menu Démarrer^Programmes^Démarrage^Anti-Pub.lnk] backup=C:\WINDOWS\pss\Anti-Pub.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Lorenzo^Menu Démarrer^Programmes^Démarrage^La Solution Enseignement Ciel.lnk] backup=C:\WINDOWS\pss\La Solution Enseignement Ciel.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADUserMon] --a------ 2002-09-24 15:39 147456 C:\Program Files\Iomega\AutoDisk\ADUserMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] --a------ 2008-01-19 10:54 469504 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2008-02-24 21:35 58984 C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey] --a------ 2004-02-05 13:45 510464 C:\WINDOWS\mHotkey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] --a------ 2004-01-07 15:14 2453504 C:\WINDOWS\CMICNFG.CPL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Deskup] --a------ 2002-07-16 09:55 32768 C:\Program Files\Iomega\DriveIcons\deskup.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit] --a------ 2003-12-29 23:33 94208 C:\WINDOWS\Dit.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] --a------ 2003-05-16 00:41 163840 C:\Program Files\Microsoft IntelliPoint\point32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Drive Icons] --a------ 2002-08-13 13:30 86016 C:\Program Files\Iomega\DriveIcons\ImgIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kalender] --a------ 2007-10-12 15:37 819200 C:\Program Files\Kalender\Kalender.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ledpointer] --a------ 2004-02-03 17:15 5794816 C:\WINDOWS\CNYHKey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeScape Media Detector] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] --a------ 2004-01-20 12:50 188416 C:\Program Files\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] --a------ 2004-01-20 12:53 77824 C:\Program Files\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection] --a------ 2003-06-10 17:49 50688 C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] --a------ 2004-02-04 16:09 53248 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent] --a------ 2003-06-18 12:00 204800 C:\Program Files\Microsoft Money\System\mnyexpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] --------- 2005-10-11 18:25 1961984 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0] --a------ 2005-09-09 18:09 1537648 C:\Program Files\Norton Ghost\Agent\GhostTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-09-17 00:07 8491008 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-09-17 00:07 81920 C:\WINDOWS\system32\NvMcTray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-09-17 00:07 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage] --a------ 2002-02-20 20:01 49152 C:\Program Files\ScanSoft\OmniPageSE\opware32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] --a------ 2004-02-26 10:08 61440 C:\Program Files\Home Cinema\PowerCinema\PCMService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] --a------ 2007-09-28 02:17 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck] --a------ 2004-03-10 23:26 406016 C:\WINDOWS\system32\\PSDrvCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSTA.EXE] --a------ 2004-01-14 16:09 215552 C:\WINDOWS\system32\PRISMSTA.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Prism_Utility] --a------ 2004-01-14 16:09 215552 C:\WINDOWS\system32\PRISMSTA.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray] --a------ 2008-02-24 22:39 669776 C:\Program Files\Spyware Doctor\SDTrayApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Second Copy 2000] --a------ 2001-09-17 08:37 1134080 C:\PROGRA~1\SecCopy\SecCopy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor] --a------ 2008-02-28 23:13 2385488 C:\Program Files\Spyware Doctor\swdoctor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2006-10-12 03:10 49263 C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2006-09-21 05:05 757887 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2007-06-17 12:29 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2] --a------ 2007-12-05 16:06 1885464 C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ccSetMgr"=2 (0x2) "ccPwdSvc"=3 (0x3) "ccEvtMgr"=2 (0x2) "Norton Ghost"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Avidyne\\FlightMax\\AviSysDL\\DataTransacServer.exe"= "C:\\Program Files\\Avidyne\\FlightMax\\DatalinkClient.exe"= "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"= "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"= "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"= "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Avid\\Avid Liquid 7\\Program\\StudioU.mod"= "C:\\Program Files\\Avid\\Avid Liquid 7\\Program\\RM.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowOutboundDestinationUnreachable"= 1 (0x1) "AllowOutboundSourceQuench"= 1 (0x1) "AllowOutboundTimeExceeded"= 1 (0x1) "AllowRedirect"= 1 (0x1) R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-10-25 15:29] R3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2007-06-21 07:32] R3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys [2003-12-19 17:13] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08] R3 wbscr;Winbond Smartcard Reader for I/O;C:\WINDOWS\system32\drivers\wbscr.sys [2002-04-24 12:07] S1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v3.8.330\ATI Tray Tools\atitray.sys [] S3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-06-05 10:04] S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2005-05-20 18:27] S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2005-05-20 18:27] S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys [2005-05-20 18:28] S3 IIUSBISP;USB Mass Storage for USB ISP;C:\WINDOWS\system32\Drivers\iiusbisp.sys [] S3 Intels51;Creatix V.9X DSP Data Fax Modem;C:\WINDOWS\system32\DRIVERS\ctxs51.sys [2003-05-22 19:44] S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-06-12 10:47] S3 PRISM_A00;PRISM 802.11g Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-01-16 09:31] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58] S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2003-12-15 17:22] . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-02-27 11:56:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-02-12 22:42:38 C:\WINDOWS\Tasks\Uniblue SpyEraser.job" - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe "2008-03-01 11:32:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-01 12:38:09 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-03-01 12:38:51 ComboFix-quarantined-files.txt 2008-03-01 11:38:37 ComboFix2.txt 2008-02-29 21:25:40 ComboFix3.txt 2008-02-28 22:27:15 ComboFix4.txt 2008-02-27 22:33:46 . 2008-01-27 13:55:01 --- E O F ---
  14. ellesé
    Bon, comme j'ai les droits admin sur ma session, j'ai poursuivi sans désactiver les compte ultisateurs. Voici donc les rapports de Navilog1 et de SDFix. Je n'ai surtout pas encore touché à IE pour vérifier et j'attends votre retour. A demain. Merci Search Navipromo version 3.4.8 commencé le 29/02/2008 à 23:28:31,25 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 25.02.2008 à 20h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 6.0.2900.2180 Système de fichiers : NTFS Executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans C:\WINDOWS *** *** Recherche dossiers dans C:\Program Files *** *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 *** *** Recherche dossiers dans "C:\Documents and Settings\Lorenzo\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Lorenzo\locals~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Lorenzo\MENUDM~1\PROGRA~1" *** *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net Aucun Fichier trouvé *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans C:\WINDOWS\system32 * * Recherche dans "C:\Documents and Settings\Lorenzo\locals~1\applic~1" * *** Recherche fichiers *** *** Recherche clés spécifiques dans le Registre *** *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans C:\WINDOWS\system32 : * Dans "C:\Documents and Settings\Lorenzo\locals~1\applic~1" : 3)Recherche Certificats : Certificat Egroup absent ! 4)Recherche fichiers connus : *** Analyse terminée le 29/02/2008 à 23:37:31,37 *** SDFix: Version 1.149 Run by Lorenzo on 29/02/2008 at 23:50 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\Program Files\Setup.exe - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-29 23:56:55 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\Avidyne\\FlightMax\\AviSysDL\\DataTransacServer.exe"="C:\\Program Files\\Avidyne\\FlightMax\\AviSysDL\\DataTransacServer.exe:*:Disabled:FlightMax Data Transaction server" "C:\\Program Files\\Avidyne\\FlightMax\\DatalinkClient.exe"="C:\\Program Files\\Avidyne\\FlightMax\\DatalinkClient.exe:*:Disabled:FlightMax Datalink client" "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:Disabled:PMSRegisterFile" "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Disabled:Render Manager" "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe:*:Disabled:Studio" "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe:*:Disabled:umi" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Disabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Avid\\Avid Liquid 7\\Program\\StudioU.mod"="C:\\Program Files\\Avid\\Avid Liquid 7\\Program\\StudioU.mod:*:Disabled:Liquid" "C:\\Program Files\\Avid\\Avid Liquid 7\\Program\\RM.exe"="C:\\Program Files\\Avid\\Avid Liquid 7\\Program\\RM.exe:*:Disabled:Render Manager" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Disabled:Windows Live Messenger 8.1" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "C:\\Program Files\\Securitoo\\Av_Fw\\backweb\\8520111\\program\\fspex.exe"="C:\\Program Files\\Securitoo\\Av_Fw\\backweb\\8520111\\program\\fspex.exe:*:enabled:Securitoo Antivirus Firewall" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Sat 27 Oct 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe" Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll" Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll" Mon 17 Dec 2007 27,648 ..SH. --- "C:\WINDOWS\system32\Smab0.dll" Sat 11 Aug 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll" Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll" Sat 26 Jan 2008 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe" Fri 27 Oct 2006 15,872 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll" Sat 26 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp" Sun 16 Oct 2005 96 A..H. --- "C:\Program Files\Common Files\X10\Common\x10prod.sys" Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll" Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll" Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll" Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll" Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll" Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll" Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll" Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll" Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll" Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll" Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll" Sun 4 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll" Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll" Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll" Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll" Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll" Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll" Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll" Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll" Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll" Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll" Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll" Wed 23 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT3.tmp" Sun 23 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\778fd2fc3fe6b905e366b5ddbba384c8\BIT27.tmp" Sun 23 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bbe88a785b5f932c929e655dd1a187d0\BIT28.tmp" Sun 23 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\dfe3590997ca6f73b22b53af19e63c6b\BIT29.tmp" Sat 11 Aug 2007 4,348 ...H. --- "C:\Documents and Settings\Lorenzo\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak" Sat 19 Jan 2008 20 A..H. --- "C:\Documents and Settings\Lorenzo\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak" Sat 11 Aug 2007 9,655 A.SH. --- "C:\Documents and Settings\Lorenzo\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak" Wed 15 Nov 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\5a0d771158cfd69be5ddd26d8f58c73b\BIT6.tmp" Finished!
  15. ellesé
    Bonsoir, Je prends bonne note de n'avoir qu'un résident par type. En fait, à l'origine, je n'avais que le pare-feu Windows et McAfee en résident. SpyBot et Ad-Aware pour des scan occasionnel, en cas de doute. Norton c'est pour mes backups Ghost. Cependant, depuis que Bagle m'a tout détruit, j'ai effectivement installé de tout pour tenter par moi-même de nettoyer ce virus, mais sans résultat définitif. Depuis cela doit être un peu le souk, en effet D'ailleurs, la seule chose qui me semble encore fonctionner au delà du pare-feu Win, c'est SpyEraser. Bon voici déjà le log de Combo-Fix avec CFscript.txt Pour la suite, j'ai XP et non Vista. Dois-je malgré tout désactiver les compte utilisateurs avant Navilog1 ? Je ne trouve pas comment désactiver tous les compte sur XP... Merci, A+ ComboFix 08-02-25.2 - Lorenzo 2008-02-29 22:20:44.5 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.628 [GMT 1:00] Endroit: C:\Documents and Settings\Lorenzo\Bureau\Combo-Fix.exe Command switches used :: C:\Documents and Settings\Lorenzo\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\Documents and Settings\Lorenzo\Application Data\wklnhst.dat . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Lorenzo\Application Data\wklnhst.dat C:\WINDOWS\system32\drivers\down . ((((((((((((((((((((((((((((( Fichiers créés 2008-01-28 to 2008-02-29 )))))))))))))))))))))))))))))))))))) . 2008-02-28 22:57 . 2008-02-28 22:57 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-02-25 00:23 . 2008-02-25 00:23 <REP> d-------- C:\TcpView 2008-02-25 00:14 . 2008-02-25 00:14 30,332 --a------ C:\EasyCleaner REG cleanup.htm 2008-02-25 00:03 . 2008-02-25 00:03 459,307 --a------ C:\EasyCleaner-Inutiles.htm 2008-02-24 22:56 . 2008-02-24 22:58 <REP> d-------- C:\Program Files\SpywareBlaster 2008-02-24 20:08 . 2008-02-24 20:08 <REP> d-------- C:\Program Files\ToniArts 2008-02-24 20:06 . 2008-02-27 12:41 <REP> d-------- C:\HijackThis 2008-02-23 19:46 . 2008-02-23 19:46 <REP> d-------- C:\Muestras 2008-02-14 21:49 . 2008-02-14 21:49 <REP> d-------- C:\Program Files\Avira 2008-02-14 21:49 . 2008-02-14 21:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-02-12 23:15 . 2008-02-12 23:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue 2008-02-10 22:48 . 2008-02-10 22:46 691,545 --a------ C:\WINDOWS\unins000.exe 2008-02-10 22:48 . 2008-02-10 22:48 3,453 --a------ C:\WINDOWS\unins000.dat 2008-02-10 22:15 . 2008-02-10 22:15 <REP> d-------- C:\Program Files\Fichiers communs\PC Tools 2008-02-10 22:14 . 2008-02-12 23:14 <REP> d-------- C:\Program Files\Spyware Doctor 2008-02-10 22:14 . 2008-02-10 22:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools 2008-02-10 22:14 . 2007-02-23 00:09 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-02-10 22:14 . 2007-02-25 23:45 59,472 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-02-10 22:14 . 2007-02-19 18:13 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-02-10 22:14 . 2007-02-19 18:13 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys 2008-02-10 22:14 . 2007-02-23 07:13 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-02-10 22:05 . 2008-02-10 22:05 <REP> d-------- C:\Program Files\CCleaner 2008-02-10 21:57 . 2006-06-08 20:00 116,864 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys 2008-02-10 21:57 . 2006-06-08 20:00 58,464 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys 2008-02-10 21:56 . 2008-02-10 21:57 <REP> d-------- C:\Program Files\Network Associates 2008-02-10 21:56 . 2008-02-10 21:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Network Associates 2008-02-09 15:45 . 2008-02-09 15:45 <REP> d-------- C:\Program Files\DAMN NFO Viewer 2008-02-09 15:23 . 2008-02-09 15:23 <REP> d-------- C:\Documents and Settings\Lorenzo\Application Data\Reasonable Software House Ltd 2008-02-03 15:13 . 2008-02-03 15:13 <REP> d-------- C:\Program Files\metagenia 2008-02-03 15:08 . 2008-02-03 15:08 <REP> d-------- C:\Program Files\Kalender 2008-02-03 15:08 . 2008-02-03 15:53 <REP> d-------- C:\Documents and Settings\Lorenzo\Application Data\UK's Kalender 2008-02-03 14:43 . 2008-02-03 15:52 <REP> d-------- C:\Program Files\SodeaSoft 2008-02-03 12:08 . 2008-02-03 12:09 <REP> d-------- C:\Program Files\iTunes . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-29 20:54 --------- d-----w C:\Program Files\SPAMfighter 2008-02-24 23:07 --------- d-----w C:\Program Files\Norton Ghost 2008-02-24 23:07 --------- d-----w C:\Program Files\eMule 2008-02-24 21:09 15,360 ----a-w C:\WINDOWS\system32\dllcache\register.exe 2008-02-24 19:08 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-15 22:36 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2008-02-15 22:36 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys 2008-02-15 22:36 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-02-14 19:53 --------- d-----w C:\Program Files\Yahoo! 2008-02-14 08:00 --------- d-----w C:\Program Files\SecCopy 2008-02-12 23:09 --------- d-----w C:\Program Files\Uniblue 2008-02-12 23:09 --------- d-----w C:\Documents and Settings\Lorenzo\Application Data\Uniblue 2008-02-12 22:14 --------- d-----w C:\Program Files\Miraizon 2008-02-12 22:11 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-11 06:29 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-10 21:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-10 20:56 --------- d-----w C:\Program Files\Fichiers communs\Network Associates 2008-02-07 15:48 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll 2008-02-07 15:48 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll 2008-02-07 15:48 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll 2008-02-04 20:59 --------- d-----w C:\Documents and Settings\Lorenzo\Application Data\AdobeUM 2008-02-03 11:09 --------- d-----w C:\Program Files\iPod 2008-02-03 11:05 --------- d-----w C:\Program Files\QuickTime 2008-01-27 21:06 --------- d-----w C:\Documents and Settings\Lorenzo\Application Data\Media Player Classic 2008-01-27 21:00 --------- d-----w C:\Program Files\Combined Community Codec Pack 2008-01-27 13:21 --------- d-----w C:\Program Files\Portrait Professional 2008-01-26 14:49 --------- d-----w C:\Program Files\eRightSoft 2008-01-26 13:56 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-01-19 09:23 --------- d-----w C:\Program Files\DVD Decrypter 2008-01-19 09:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\RapidSolution 2008-01-18 23:36 --------- d-----w C:\Program Files\RapidSolution 2008-01-18 22:08 --------- d-----w C:\Documents and Settings\Lorenzo\Application Data\SlySoft 2008-01-18 22:00 --------- d-----w C:\Program Files\SlySoft 2008-01-06 16:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle 2008-01-06 16:17 --------- d-----w C:\Program Files\Pinnacle 2008-01-06 16:05 --------- d-----w C:\Program Files\Avid 2008-01-06 15:37 --------- d-----w C:\Program Files\DivX 2008-01-04 21:13 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-01-04 20:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems 2008-01-04 18:06 --------- d-----w C:\Program Files\AutoREALM 2008-01-04 17:58 --------- d-----w C:\Program Files\Logitech 2008-01-04 17:54 --------- d-----w C:\Program Files\JS World 2008-01-04 17:52 --------- d-----w C:\Program Files\InstantTimeZone 2008-01-04 17:47 --------- d-----w C:\Documents and Settings\Lorenzo\Application Data\Ringtone 2008-01-04 17:36 --------- d-----w C:\Program Files\Lavasoft 2008-01-04 17:36 --------- d-----w C:\Documents and Settings\Lorenzo\Application Data\Lavasoft 2008-01-04 17:34 --------- d-----w C:\Program Files\DiscWizard 2003 2008-01-04 15:01 --------- d-----w C:\Program Files\Live_TV 2008-01-04 14:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-04 14:53 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-01-03 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\PicturesToExe 2008-01-03 21:40 --------- d-----w C:\Program Files\WnSoft PicturesToExe 2008-01-03 15:24 --------- d-----w C:\Documents and Settings\Lorenzo\Application Data\eMule 2007-12-22 14:24 39,424 ----a-w C:\WINDOWS\zipinst.exe 2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll 2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-11-29 22:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2007-11-29 22:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2007-11-29 22:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2006-12-24 15:30 94,880 ----a-w C:\Documents and Settings\Lorenzo\Application Data\GDIPFONTCACHEV1.DAT 2006-09-10 17:23 1,410 ----a-w C:\Documents and Settings\Adriana\Application Data\wklnhst.dat 2006-01-15 12:47 4 ----a-w C:\Program Files\SpeechMillLAIPTTSin.pol 2006-01-15 12:37 4 ----a-w C:\Program Files\SpeechMillLAIPTTSout.pol 2005-09-09 17:55 7,155,864 ----a-w C:\Program Files\NGhost10.msi 2005-09-09 17:55 4,588,454 ----a-w C:\Program Files\setup.exe 2005-09-09 17:55 37,766,164 ----a-w C:\Program Files\Data1.cab 2005-09-09 17:55 35 ----a-w C:\Program Files\SCSSDist.ini 2005-04-09 17:24 83,224 ------w C:\Documents and Settings\Adriana\Application Data\GDIPFONTCACHEV1.DAT 2004-04-25 08:24 0 ------w C:\Documents and Settings\Elio\Application Data\wklnhst.dat 2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360] "Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2008-01-29 10:13 1424648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Network Associates Error Reporting Service"="C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe" [2008-02-28 23:16 147514] "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29 308880] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 00:07 8491008] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2008-02-28 23:16 94208] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2008-02-28 23:16 139320] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-28 23:16 249896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17 443968] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ :\WINDOWS\system3 [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Assistant d'Acrobat.lnk] backup=C:\WINDOWS\pss\Assistant d'Acrobat.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bootvis.lnk] backup=C:\WINDOWS\pss\Bootvis.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Device Detector 2.lnk] backup=C:\WINDOWS\pss\Device Detector 2.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HOTSYNCSHORTCUTNAME.lnk] backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InstantTimeZone.lnk] backup=C:\WINDOWS\pss\InstantTimeZone.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Catherine^Menu Démarrer^Programmes^Démarrage^La Solution Associations Ciel.lnk] backup=C:\WINDOWS\pss\La Solution Associations Ciel.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Catherine^Menu Démarrer^Programmes^Démarrage^La Solution Enseignement Ciel.lnk] backup=C:\WINDOWS\pss\La Solution Enseignement Ciel.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Catherine^Menu Démarrer^Programmes^Démarrage^Palm Registration.lnk] backup=C:\WINDOWS\pss\Palm Registration.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Lorenzo^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk] backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Lorenzo^Menu Démarrer^Programmes^Démarrage^Anti-Pub.lnk] backup=C:\WINDOWS\pss\Anti-Pub.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Lorenzo^Menu Démarrer^Programmes^Démarrage^La Solution Enseignement Ciel.lnk] backup=C:\WINDOWS\pss\La Solution Enseignement Ciel.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADUserMon] --a------ 2002-09-24 15:39 147456 C:\Program Files\Iomega\AutoDisk\ADUserMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] --a------ 2008-01-19 10:54 469504 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2008-02-24 21:35 58984 C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey] --a------ 2004-02-05 13:45 510464 C:\WINDOWS\mHotkey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] --a------ 2004-01-07 15:14 2453504 C:\WINDOWS\CMICNFG.CPL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Deskup] --a------ 2002-07-16 09:55 32768 C:\Program Files\Iomega\DriveIcons\deskup.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit] --a------ 2003-12-29 23:33 94208 C:\WINDOWS\Dit.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] --a------ 2003-05-16 00:41 163840 C:\Program Files\Microsoft IntelliPoint\point32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Drive Icons] --a------ 2002-08-13 13:30 86016 C:\Program Files\Iomega\DriveIcons\ImgIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kalender] --a------ 2007-10-12 15:37 819200 C:\Program Files\Kalender\Kalender.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ledpointer] --a------ 2004-02-03 17:15 5794816 C:\WINDOWS\CNYHKey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeScape Media Detector] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] --a------ 2004-01-20 12:50 188416 C:\Program Files\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] --a------ 2004-01-20 12:53 77824 C:\Program Files\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection] --a------ 2003-06-10 17:49 50688 C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] --a------ 2004-02-04 16:09 53248 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent] --a------ 2003-06-18 12:00 204800 C:\Program Files\Microsoft Money\System\mnyexpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] --------- 2005-10-11 18:25 1961984 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0] --a------ 2005-09-09 18:09 1537648 C:\Program Files\Norton Ghost\Agent\GhostTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-09-17 00:07 8491008 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-09-17 00:07 81920 C:\WINDOWS\system32\NvMcTray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-09-17 00:07 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage] --a------ 2002-02-20 20:01 49152 C:\Program Files\ScanSoft\OmniPageSE\opware32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] --a------ 2004-02-26 10:08 61440 C:\Program Files\Home Cinema\PowerCinema\PCMService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] --a------ 2007-09-28 02:17 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck] --a------ 2004-03-10 23:26 406016 C:\WINDOWS\system32\\PSDrvCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSTA.EXE] --a------ 2004-01-14 16:09 215552 C:\WINDOWS\system32\PRISMSTA.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Prism_Utility] --a------ 2004-01-14 16:09 215552 C:\WINDOWS\system32\PRISMSTA.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray] --a------ 2008-02-24 22:39 669776 C:\Program Files\Spyware Doctor\SDTrayApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Second Copy 2000] --a------ 2001-09-17 08:37 1134080 C:\PROGRA~1\SecCopy\SecCopy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor] --a------ 2008-02-28 23:13 2385488 C:\Program Files\Spyware Doctor\swdoctor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2006-10-12 03:10 49263 C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2006-09-21 05:05 757887 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2007-06-17 12:29 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2] --a------ 2007-12-05 16:06 1885464 C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ccSetMgr"=2 (0x2) "ccPwdSvc"=3 (0x3) "ccEvtMgr"=2 (0x2) "Norton Ghost"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Avidyne\\FlightMax\\AviSysDL\\DataTransacServer.exe"= "C:\\Program Files\\Avidyne\\FlightMax\\DatalinkClient.exe"= "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"= "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"= "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"= "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Avid\\Avid Liquid 7\\Program\\StudioU.mod"= "C:\\Program Files\\Avid\\Avid Liquid 7\\Program\\RM.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowOutboundDestinationUnreachable"= 1 (0x1) "AllowOutboundSourceQuench"= 1 (0x1) "AllowOutboundTimeExceeded"= 1 (0x1) "AllowRedirect"= 1 (0x1) R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-10-25 15:29] R3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2007-06-21 07:32] R3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys [2003-12-19 17:13] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08] R3 wbscr;Winbond Smartcard Reader for I/O;C:\WINDOWS\system32\drivers\wbscr.sys [2002-04-24 12:07] S1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v3.8.330\ATI Tray Tools\atitray.sys [] S3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-06-05 10:04] S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2005-05-20 18:27] S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2005-05-20 18:27] S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys [2005-05-20 18:28] S3 IIUSBISP;USB Mass Storage for USB ISP;C:\WINDOWS\system32\Drivers\iiusbisp.sys [] S3 Intels51;Creatix V.9X DSP Data Fax Modem;C:\WINDOWS\system32\DRIVERS\ctxs51.sys [2003-05-22 19:44] S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-06-12 10:47] S3 PRISM_A00;PRISM 802.11g Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-01-16 09:31] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58] S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2003-12-15 17:22] . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-02-27 11:56:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-02-12 22:42:38 C:\WINDOWS\Tasks\Uniblue SpyEraser.job" - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe "2008-02-28 22:33:29 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-29 22:24:57 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-02-29 22:25:39 ComboFix-quarantined-files.txt 2008-02-29 21:25:25 ComboFix2.txt 2008-02-28 22:27:15 ComboFix3.txt 2008-02-27 22:33:46 . 2008-01-27 13:55:01 --- E O F ---
×
×
  • Créer...