Aller au contenu

noctoresse

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    12

  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    francais

noctoresse's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. noctoresse
    Pas d'autres questions pour le moment ! On apprend beaucoup de choses très intéressantes sur les pages du site. Sans ton aide je n'aurais sans doute pas terminé proprement la désinfection du PC. Je vais prendre un peu de repos et de bonnes résolutions pour vérifier le mien. Alors peut être à bientôt pour de nouveaux soucis.
  2. noctoresse
    Nouvelles questions ! J'envisage d'utiliser Mozilla à la place de IE7. Est-il moins vulnérable aux attaques ? Si la réponse est OUI, suis je obligé de mettre à jour IE puisque à priori on ne peut pas le supprimer. Est-il recommandé d'utiliser régulièrement un nettoyeur de base de registre? Lequel me conseilles tu, simple à utiliser et en français si possible ? ENCORE MERCI POUR TOUTE TON AIDE
  3. noctoresse
    Alors voici le résultat des courses, il me parait bon. Le rapport Java : JavaRa 1.10 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Wed Jul 30 17:20:05 2008 Found and removed: C:\Program Files\Java\j2re1.4.2_01 Found and removed: C:\Program Files\Java\jre1.5.0_08 Found and removed: C:\Program Files\Java\jre1.6.0_03 Found and removed: C:\Program Files\Java\jre1.6.0_05 Found and removed: C:\Windows\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142010} Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4 Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_08 Found and removed: SOFTWARE\Classes\JavaPlugin.150_08 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_08 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150080} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\JavaPlugin.160_03 Found and removed: SOFTWARE\Classes\JavaPlugin.160_05 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510008 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510008 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142010} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23B06123E6D18D74FA6711404FCAC1B8 ------------------------------------ Finished reporting. Le rapport Kaspersky : KASPERSKY ON-LINE SCANNER REPORT Wednesday, July 30, 2008 10:37:55 PM Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 30/07/2008 Enregistrements dans la base antivirus Kaspersky : 1029644 Paramètres d'analyse Analyser avec la base antivirus suivante étendue Analyser les archives vrai Analyser les bases de messagerie vrai Cible de l'analyse Poste de travail C:\ Statistiques de l'analyse Total d'objets analysés 92995 Nombre de virus trouvés 0 Nombre d'objets infectés 0 Nombre d'objets suspects 0 Durée de l'analyse 01:54:17 Nom de l'objet infecté Nom du virus Dernière action C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\PLS-FOS\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\PLS-FOS\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\PLS-FOS\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\PLS-FOS\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\PLS-FOS\Local Settings\Historique\History.IE5\MSHist012008073020080731\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\PLS-FOS\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\PLS-FOS\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\PLS-FOS\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\Internet Logs\fwdbglog.txt L'objet est verrouillé ignoré C:\WINDOWS\Internet Logs\fwpktlog.txt L'objet est verrouillé ignoré C:\WINDOWS\Internet Logs\IAMDB.RDB L'objet est verrouillé ignoré C:\WINDOWS\Internet Logs\PC-FOS.ldb L'objet est verrouillé ignoré C:\WINDOWS\Internet Logs\tvDebug.log L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\EventCache\{1EE1AED8-3493-4A59-995D-F4B3E94CFADA}.bin L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré C:\WINDOWS\system32\config\DEFAULT.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\sam L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\security L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SOFTWARE.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SYSTEM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\drivers\fidbox.dat L'objet est verrouillé ignoré C:\WINDOWS\system32\drivers\fidbox.idx L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\temp\Perflib_Perfdata_708.dat L'objet est verrouillé ignoré C:\WINDOWS\temp\ZLT01b59.TMP L'objet est verrouillé ignoré C:\WINDOWS\temp\ZLT04471.TMP L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré Analyse terminée.
  4. noctoresse
    Bonjour, Je vois que j'ai du boulot pour ce soir ! Hiers soir j'ai refais un deuxième scan minutieux avec Malwarebytes' Anti-Malware, il a bien trouvé quelques fichiers en quarantaine. Les autres, je les avais déjà viré car je pars du principe que si un programme n'arrive pas à réparer les défauts, je ne vois pas l'intérêt de conserver ces fichiers en quarantaine. D'une manière générale le PC est assez stable depuis depuis le début de ton aide : - à priori pas de processus inutiles dans le gestionnaire de taches, - peu de services au démarrage dans msconfig. Comment supprimer les services pour éviter de rester en démarrage sélectif avec ces services déactivés ? Quid de SetRefresh (Compaq), de Srmclean.exe et MDM ? Je ne sais pas si la liste services proposés dans l'onlet service est correcte ! Pour info ce PC n'est pas le mien et je ne pouvais pas me permettre de redémarrer à zéro (formatage + installation de XP). Je vais demander au proriétaire si je peux virer LimeWire. Ou en est-on de la bataille AVAST vs ANTIVIR? Pour ma part je n'est jamais eu de soucis avec Avast associé à ZoneAlarm. A bientôt.
  5. noctoresse
    Voici le résultat : Malwarebytes' Anti-Malware 1.23 Version de la base de données: 1008 Windows 5.1.2600 Service Pack 2 01:03:20 30/07/2008 mbam-log-7-30-2008 (01-03-20).txt Type de recherche: Examen rapide Eléments examinés: 40635 Temps écoulé: 4 minute(s), 15 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\XXXPlugin (DNS.Hijack) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)
  6. noctoresse
    Deuxième rapport ComboFix : ComboFix 08-07-27.5 - PLS-FOS 2008-07-30 0:38:35.4 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.265 [GMT 2:00] Endroit: C:\Documents and Settings\PLS-FOS\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\PLS-FOS\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\WINDOWS\SET51.tmp C:\WINDOWS\SET54.tmp C:\WINDOWS\SET60.tmp C:\WINDOWS\system32\beep.sys C:\WINDOWS\system32\dllcache\winlogon.exe C:\WINDOWS\system32\g42.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\3B Software C:\Program Files\3B Software\Registry Repair Pro\backup\Undo_2008_7_25 15_41.reg C:\Program Files\3B Software\Registry Repair Pro\backup\Undo_2008_7_25 15_56.reg C:\Program Files\3B Software\Registry Repair Pro\backup\Undo_2008_7_25 18_33.reg C:\Program Files\3B Software\Registry Repair Pro\backup\Undo_2008_7_28 12_37.reg C:\Program Files\3B Software\Registry Repair Pro\RegistryRepairPro.log C:\Temp C:\WINDOWS\SET51.tmp C:\WINDOWS\SET54.tmp C:\WINDOWS\SET60.tmp C:\WINDOWS\system32\6358 C:\WINDOWS\system32\6358\~!16674p.spt C:\WINDOWS\system32\beep.sys C:\WINDOWS\system32\carH18 C:\WINDOWS\system32\carH18\carH182328.exe C:\WINDOWS\system32\dapi C:\WINDOWS\system32\dllcache\winlogon.exe C:\WINDOWS\system32\g42.exe C:\WINDOWS\system32\IP3 C:\WINDOWS\system32\kBin02 C:\WINDOWS\system32\ole C:\WINDOWS\system32\olixds18 C:\WINDOWS\system32\ver . ((((((((((((((((((((((((((((( Fichiers créés 2008-06-28 to 2008-07-29 )))))))))))))))))))))))))))))))))))) . 2008-07-29 16:48 . 2008-07-29 16:48 <REP> d-------- C:\Documents and Settings\PLS-FOS\Application Data\AdobeUM 2008-07-29 15:35 . 2008-07-29 15:47 <REP> d-------- C:\fixwareout 2008-07-29 15:17 . 2008-07-29 15:32 <REP> d-------- C:\Program Files\Navilog1 2008-07-29 15:13 . 2008-07-29 15:27 1,984 --a------ C:\WINDOWS\system32\tmp.reg 2008-07-28 22:32 . 2008-07-29 23:17 591,904 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-07-28 22:32 . 2008-07-29 23:17 7,136 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-07-28 22:29 . 2008-07-28 22:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-07-28 22:29 . 2008-07-09 09:05 75,248 --a------ C:\WINDOWS\zllsputility.exe 2008-07-28 22:29 . 2008-07-09 09:05 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll 2008-07-28 22:29 . 2008-07-09 09:05 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll 2008-07-28 22:29 . 2008-07-09 09:05 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll 2008-07-28 22:29 . 2008-07-09 09:05 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll 2008-07-28 16:27 . 2006-03-09 18:20 <REP> d--h----- C:\Documents and Settings\PLS-FOS\Voisinage réseau 2008-07-28 16:27 . 2006-03-09 18:20 <REP> d--h----- C:\Documents and Settings\PLS-FOS\Voisinage d'impression 2008-07-28 16:27 . 2008-07-28 11:57 <REP> d--h----- C:\Documents and Settings\PLS-FOS\Modèles 2008-07-28 16:27 . 2008-07-29 17:22 <REP> dr------- C:\Documents and Settings\PLS-FOS\Mes documents 2008-07-28 16:27 . 2006-03-09 18:20 <REP> dr------- C:\Documents and Settings\PLS-FOS\Menu Démarrer 2008-07-28 16:27 . 2008-07-28 22:20 <REP> dr------- C:\Documents and Settings\PLS-FOS\Favoris 2008-07-28 16:27 . 2008-07-30 00:38 <REP> d-------- C:\Documents and Settings\PLS-FOS\Bureau 2008-07-28 16:27 . 2008-07-29 17:32 <REP> d-------- C:\Documents and Settings\PLS-FOS 2008-07-28 16:19 . 2008-07-28 16:20 <REP> d-------- C:\WINDOWS\system32\NtmsData 2008-07-28 16:18 . 2008-07-28 16:18 <REP> d-------- C:\Documents and Settings\LocalService\Bureau 2008-07-28 14:57 . 2008-07-28 22:33 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2008-07-28 14:56 . 2008-07-28 14:56 <REP> d-------- C:\Program Files\Zone Labs 2008-07-28 14:55 . 2008-07-30 00:35 <REP> d-------- C:\WINDOWS\Internet Logs 2008-07-28 14:04 . 2008-07-28 14:04 <REP> d-------- C:\Program Files\Alwil Software 2008-07-28 13:20 . 2008-07-28 13:20 <REP> d-------- C:\Program Files\Trend Micro 2008-07-28 12:25 . 2008-07-28 12:25 1,374 --a------ C:\WINDOWS\system32\wpa.bak 2008-07-28 12:15 . 2004-08-05 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll 2008-07-28 12:14 . 2004-08-05 14:00 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll 2008-07-28 12:12 . 2008-07-28 12:12 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-07-28 12:12 . 2008-07-28 12:12 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2008-07-28 12:12 . 2008-07-28 12:12 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest 2008-07-28 12:12 . 2008-07-28 12:12 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest 2008-07-28 12:12 . 2008-07-28 12:12 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2008-07-28 12:12 . 2008-07-28 12:12 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2008-07-25 16:05 . 2008-07-25 16:05 230 --a------ C:\WINDOWS\system32\spupdsvc.inf 2008-07-25 16:02 . 2006-11-17 20:28 66,048 --a------ C:\WINDOWS\ieResetIcons.exe 2008-07-25 14:30 . 2008-07-25 14:30 0 --a------ C:\WINDOWS\nsreg.dat 2008-07-25 13:22 . 2008-07-25 13:22 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll.install_backup 2008-07-23 07:32 . 2008-07-23 07:32 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SAMSUNG 2008-07-04 14:26 . 2008-07-04 14:26 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\vlc 2008-07-04 14:25 . 2008-07-04 14:25 <REP> d-------- C:\Program Files\VLC 2008-07-04 14:23 . 2008-07-04 14:23 9,730,075 --a------ C:\Program Files\vlc-0.8.6f-win32.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-29 15:32 91,648 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp 2008-07-28 20:40 --------- d-----w C:\Program Files\Java 2008-07-25 14:18 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-07-25 14:13 --------- d-----w C:\Program Files\Altiris 2008-07-25 07:07 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\AdobeUM 2008-07-18 15:31 --------- d-----w C:\Program Files\Google 2008-07-09 07:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll 2008-05-30 14:25 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\ntr . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-06 15:22 524800] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-14 12:52 413696] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016] C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ Calc.exe [2006-03-30 15:23:31 471040] [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Deewoo.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^DW_Start.lnk] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{67-73-31-1B-DW} [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srmclean] --a------ 2001-07-24 23:34 36864 C:\cpqs\scom\srmclean.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\StubInstaller.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37] S0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [] S1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [] S2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-30 00:40:46 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-07-30 0:42:01 ComboFix-quarantined-files.txt 2008-07-29 22:41:57 ComboFix2.txt 2008-07-29 21:26:52 ComboFix3.txt 2008-07-28 11:46:43 Pre-Run: 42,515,046,400 octets libres Post-Run: 42,500,182,016 octets libres 150 --- E O F --- 2008-07-29 15:32:26
  7. noctoresse
    Post Scriptum : Lors du redémarrage de PC pendant l'analyse de ComboFix, j'ai eu le Pop Up suivant : Winlogon - Erreur d'application L'application n'a pas réussi à s'initialiser correctement (0xC0000005)
  8. noctoresse
    Bonsoir Gof, Pour info, les trois rapports de cet après-midi ont été lancés sans connexion avec internet (important ?). Voici le dernier rapport ComboFix : ComboFix 08-07-27.5 - PLS-FOS 2008-07-29 23:20:30.3 - NTFSx86 MINIMAL Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.389 [GMT 2:00] Endroit: C:\Documents and Settings\PLS-FOS\Bureau\ComboFix.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrateur\err.log C:\Documents and Settings\Administrateur\ResErrors.log . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_poof ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-28 to 2008-07-29 )))))))))))))))))))))))))))))))))))) . 2008-07-29 16:48 . 2008-07-29 16:48 <REP> d-------- C:\Documents and Settings\PLS-FOS\Application Data\AdobeUM 2008-07-29 15:35 . 2008-07-29 15:47 <REP> d-------- C:\fixwareout 2008-07-29 15:17 . 2008-07-29 15:32 <REP> d-------- C:\Program Files\Navilog1 2008-07-29 15:13 . 2008-07-29 15:27 1,984 --a------ C:\WINDOWS\system32\tmp.reg 2008-07-28 22:32 . 2008-07-29 23:17 591,904 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-07-28 22:32 . 2008-07-29 23:17 7,136 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-07-28 22:29 . 2008-07-28 22:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-07-28 22:29 . 2008-07-09 09:05 75,248 --a------ C:\WINDOWS\zllsputility.exe 2008-07-28 22:29 . 2008-07-09 09:05 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll 2008-07-28 22:29 . 2008-07-09 09:05 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll 2008-07-28 22:29 . 2008-07-09 09:05 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll 2008-07-28 22:29 . 2008-07-09 09:05 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll 2008-07-28 16:27 . 2006-03-09 18:20 <REP> d--h----- C:\Documents and Settings\PLS-FOS\Voisinage r‚seau 2008-07-28 16:27 . 2006-03-09 18:20 <REP> d--h----- C:\Documents and Settings\PLS-FOS\Voisinage d'impression 2008-07-28 16:27 . 2008-07-28 11:57 <REP> d--h----- C:\Documents and Settings\PLS-FOS\ModŠles 2008-07-28 16:27 . 2008-07-29 17:22 <REP> dr------- C:\Documents and Settings\PLS-FOS\Mes documents 2008-07-28 16:27 . 2006-03-09 18:20 <REP> dr------- C:\Documents and Settings\PLS-FOS\Menu D‚marrer 2008-07-28 16:27 . 2008-07-28 22:20 <REP> dr------- C:\Documents and Settings\PLS-FOS\Favoris 2008-07-28 16:27 . 2008-07-29 23:19 <REP> d-------- C:\Documents and Settings\PLS-FOS\Bureau 2008-07-28 16:27 . 2008-07-29 17:32 <REP> d-------- C:\Documents and Settings\PLS-FOS 2008-07-28 16:19 . 2008-07-28 16:20 <REP> d-------- C:\WINDOWS\system32\NtmsData 2008-07-28 16:18 . 2008-07-28 16:18 <REP> d-------- C:\Documents and Settings\LocalService\Bureau 2008-07-28 14:57 . 2008-07-28 22:33 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2008-07-28 14:56 . 2008-07-28 14:56 <REP> d-------- C:\Program Files\Zone Labs 2008-07-28 14:55 . 2008-07-29 23:25 <REP> d-------- C:\WINDOWS\Internet Logs 2008-07-28 14:04 . 2008-07-28 14:04 <REP> d-------- C:\Program Files\Alwil Software 2008-07-28 13:20 . 2008-07-28 13:20 <REP> d-------- C:\Program Files\Trend Micro 2008-07-28 12:25 . 2008-07-28 12:25 1,374 --a------ C:\WINDOWS\system32\wpa.bak 2008-07-28 12:15 . 2004-08-05 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll 2008-07-28 12:14 . 2004-08-05 14:00 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll 2008-07-28 12:12 . 2008-07-28 12:12 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-07-28 12:12 . 2008-07-28 12:12 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2008-07-28 12:12 . 2008-07-28 12:12 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest 2008-07-28 12:12 . 2008-07-28 12:12 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest 2008-07-28 12:12 . 2008-07-28 12:12 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2008-07-28 12:12 . 2008-07-28 12:12 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2008-07-28 12:04 . 2004-08-05 14:00 1,086,058 -ra------ C:\WINDOWS\SET54.tmp 2008-07-28 12:04 . 2004-08-05 14:00 1,014,836 -ra------ C:\WINDOWS\SET51.tmp 2008-07-28 12:04 . 2004-08-05 14:00 14,043 -ra------ C:\WINDOWS\SET60.tmp 2008-07-25 16:05 . 2008-07-25 16:05 230 --a------ C:\WINDOWS\system32\spupdsvc.inf 2008-07-25 16:02 . 2006-11-17 20:28 66,048 --a------ C:\WINDOWS\ieResetIcons.exe 2008-07-25 15:31 . 2008-07-25 15:31 <REP> d-------- C:\Program Files\3B Software 2008-07-25 14:30 . 2008-07-25 14:30 0 --a------ C:\WINDOWS\nsreg.dat 2008-07-25 13:22 . 2008-07-25 13:22 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll.install_backup 2008-07-23 07:32 . 2008-07-23 07:32 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SAMSUNG 2008-07-23 07:13 . 2008-07-27 18:19 <REP> d-------- C:\WINDOWS\system32\kBin02 2008-07-21 07:28 . 2008-07-21 07:28 <REP> d-------- C:\WINDOWS\system32\carH18 2008-07-10 07:14 . 2008-07-28 13:41 <REP> d-------- C:\WINDOWS\system32\6358 2008-07-09 15:59 . 2008-07-25 15:14 <REP> d-------- C:\WINDOWS\system32\ver 2008-07-09 15:59 . 2008-07-26 00:33 <REP> d-------- C:\WINDOWS\system32\olixds18 2008-07-09 15:59 . 2008-07-25 15:12 <REP> d-------- C:\WINDOWS\system32\ole 2008-07-09 15:59 . 2008-07-26 00:30 <REP> d-------- C:\WINDOWS\system32\IP3 2008-07-09 15:59 . 2008-07-09 15:59 <REP> d-------- C:\WINDOWS\system32\dapi 2008-07-09 15:59 . 2008-07-25 16:18 <REP> d-------- C:\Temp 2008-07-09 15:59 . 2008-07-09 15:59 152,191 --a------ C:\WINDOWS\system32\g42.exe 2008-07-09 15:59 . 2004-08-05 04:00 4,224 --a------ C:\WINDOWS\system32\beep.sys 2008-07-04 14:26 . 2008-07-04 14:26 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\vlc 2008-07-04 14:25 . 2008-07-04 14:25 <REP> d-------- C:\Program Files\VLC 2008-07-04 14:23 . 2008-07-04 14:23 9,730,075 --a------ C:\Program Files\vlc-0.8.6f-win32.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-29 15:32 91,648 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp 2008-07-28 20:40 --------- d-----w C:\Program Files\Java 2008-07-25 14:18 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-07-25 14:13 --------- d-----w C:\Program Files\Altiris 2008-07-25 07:07 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\AdobeUM 2008-07-18 15:31 --------- d-----w C:\Program Files\Google 2008-07-09 07:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll 2008-05-30 14:25 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\ntr . ((((((((((((((((((((((((((((( snapshot@2008-07-28_13.46.28.06 ))))))))))))))))))))))))))))))))))))))))) . - 2006-03-30 09:39:04 12,288 ----a-r C:\WINDOWS\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2008-07-28 20:25:15 12,288 ----a-r C:\WINDOWS\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2006-03-30 09:39:04 135,168 ----a-r C:\WINDOWS\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\misc.exe + 2008-07-28 20:25:15 135,168 ----a-r C:\WINDOWS\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\misc.exe - 2006-03-30 09:39:04 11,264 ----a-r C:\WINDOWS\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2008-07-28 20:25:15 11,264 ----a-r C:\WINDOWS\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2006-03-30 09:39:04 27,136 ----a-r C:\WINDOWS\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2008-07-28 20:25:15 27,136 ----a-r C:\WINDOWS\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2006-03-30 09:39:04 4,096 ----a-r C:\WINDOWS\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2008-07-28 20:25:15 4,096 ----a-r C:\WINDOWS\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2006-03-30 09:39:04 794,624 ----a-r C:\WINDOWS\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2008-07-28 20:25:15 794,624 ----a-r C:\WINDOWS\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2006-03-30 09:39:04 23,040 ----a-r C:\WINDOWS\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe + 2008-07-28 20:25:15 23,040 ----a-r C:\WINDOWS\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2006-03-30 09:39:04 286,720 ----a-r C:\WINDOWS\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2008-07-28 20:25:15 286,720 ----a-r C:\WINDOWS\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2006-03-30 09:39:04 409,600 ----a-r C:\WINDOWS\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2008-07-28 20:25:15 409,600 ----a-r C:\WINDOWS\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2008-07-19 14:43:08 1,163,960 ----a-w C:\WINDOWS\system32\aswBoot.exe + 2008-07-19 14:30:53 94,392 ----a-w C:\WINDOWS\system32\AvastSS.scr - 2004-08-05 12:00:00 66,560 ----a-w C:\WINDOWS\system32\cdm.dll + 2007-07-30 17:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll - 2004-08-05 12:00:00 66,560 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll + 2007-07-30 17:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll - 2004-08-05 12:00:00 432,640 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll + 2007-07-30 17:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll - 2004-08-05 12:00:00 112,640 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe + 2007-07-30 17:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe - 2004-08-05 12:00:00 1,134,592 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll + 2007-07-30 17:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll - 2004-08-05 12:00:00 114,176 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll + 2007-07-30 17:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll - 2004-08-05 12:00:00 36,864 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll + 2007-07-30 17:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll - 2004-08-05 12:00:00 120,320 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll + 2007-07-30 17:19:28 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll + 2008-07-19 14:32:15 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys + 2008-07-19 14:37:42 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys + 2008-01-17 16:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys + 2008-07-19 14:37:21 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys + 2008-07-19 14:33:42 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys + 2008-07-19 14:35:18 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys + 2008-07-19 14:32:36 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys + 2007-07-19 13:10:28 127,768 ----a-w C:\WINDOWS\system32\drivers\klif.sys - 2008-07-28 10:18:18 112,584 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2008-07-29 21:11:30 117,360 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT - 2008-02-21 23:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe + 2008-06-09 23:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe - 2008-02-21 23:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe + 2008-06-09 23:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe - 2008-02-22 00:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe + 2008-06-10 00:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe + 2008-07-09 07:05:08 796,048 ----a-w C:\WINDOWS\system32\libeay32_0.9.6l.dll - 2008-07-28 11:31:17 55,120 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-07-28 14:14:36 55,120 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-07-28 11:31:17 66,300 ----a-w C:\WINDOWS\system32\perfc00C.dat + 2008-07-28 14:14:36 66,300 ----a-w C:\WINDOWS\system32\perfc00C.dat - 2008-07-28 11:31:17 386,030 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-07-28 14:14:36 386,030 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-07-28 11:31:17 450,936 ----a-w C:\WINDOWS\system32\perfh00C.dat + 2008-07-28 14:14:36 450,936 ----a-w C:\WINDOWS\system32\perfh00C.dat + 2003-06-18 23:31:44 758,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll + 2003-06-18 23:31:46 35,328 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll + 2008-07-09 07:05:10 83,432 ----a-w C:\WINDOWS\system32\vsdata.dll + 2008-07-09 07:05:22 394,952 ----a-w C:\WINDOWS\system32\vsdatant.sys + 2008-07-09 07:05:10 157,160 ----a-w C:\WINDOWS\system32\vsinit.dll + 2008-07-09 07:05:10 103,912 ----a-w C:\WINDOWS\system32\vsmonapi.dll + 2008-07-09 07:05:10 275,944 ----a-w C:\WINDOWS\system32\vspubapi.dll + 2008-07-09 07:05:10 71,144 ----a-w C:\WINDOWS\system32\vsregexp.dll + 2008-07-09 07:05:12 472,552 ----a-w C:\WINDOWS\system32\vsutil.dll + 2008-07-09 07:05:12 46,568 ----a-w C:\WINDOWS\system32\vswmi.dll + 2008-07-09 07:05:12 99,816 ------w C:\WINDOWS\system32\vsxml.dll - 2004-08-05 12:00:00 432,640 ----a-w C:\WINDOWS\system32\wuapi.dll + 2007-07-30 17:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll - 2004-08-05 12:00:00 112,640 ----a-w C:\WINDOWS\system32\wuauclt.exe + 2007-07-30 17:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe - 2004-08-05 12:00:00 1,134,592 ----a-w C:\WINDOWS\system32\wuaueng.dll + 2007-07-30 17:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll - 2004-08-05 12:00:00 114,176 ----a-w C:\WINDOWS\system32\wucltui.dll + 2007-07-30 17:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll - 2004-08-05 12:00:00 36,864 ----a-w C:\WINDOWS\system32\wups.dll + 2007-07-30 17:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll - 2004-08-05 12:00:00 120,320 ----a-w C:\WINDOWS\system32\wuweb.dll + 2007-07-30 17:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll + 2008-07-09 07:05:12 83,432 ----a-w C:\WINDOWS\system32\zlcomm.dll + 2008-07-09 07:05:12 71,144 ----a-w C:\WINDOWS\system32\zlcommdb.dll + 2008-07-09 07:05:06 370,208 ----a-w C:\WINDOWS\system32\ZoneLabs\av.dll + 2008-07-09 07:05:36 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\av_loc040c.dll + 2007-05-30 22:03:30 65,248 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\aphish.dat + 2006-06-30 12:47:36 21,568 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk4.dll + 2007-05-30 22:03:30 1,628 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\pdmkl.dat + 2007-05-30 22:03:16 77,824 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHComm.dll + 2007-05-30 22:03:16 110,592 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHrule.dll + 2007-05-30 22:03:16 331,776 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHUM.dll + 2007-05-30 22:03:16 38,400 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll + 2006-09-19 21:12:14 208,960 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll + 2007-12-03 12:53:58 282,624 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\kave.dll + 2006-12-19 16:13:52 1,093,632 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll + 2007-05-30 22:03:20 548,864 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcp80.dll + 2007-05-30 22:03:20 626,688 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcr80.dll + 2007-05-30 22:03:18 184,320 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll + 2007-05-30 22:03:22 90,112 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prremote.dll + 2007-12-03 12:53:58 139,264 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe + 2006-12-19 16:13:52 200,704 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ssleay32.dll + 2008-07-09 07:05:06 99,816 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd.dll + 2008-07-09 07:05:36 17,808 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd_loc040c.dll + 2004-01-30 10:35:08 813,568 ----a-w C:\WINDOWS\system32\ZoneLabs\dbghelp.dll + 2008-07-09 07:05:08 128,480 ----a-w C:\WINDOWS\system32\ZoneLabs\fbl.dll + 2008-07-09 07:05:08 38,376 ----a-w C:\WINDOWS\system32\ZoneLabs\featuremap.dll + 2008-07-09 07:05:08 321,016 ----a-w C:\WINDOWS\system32\ZoneLabs\imsecure.dll + 2008-07-09 07:05:42 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\imsecure_loc040c.dll + 2008-07-09 07:05:38 288,144 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard_loc040c.zip.dll + 2008-07-09 07:05:42 152,976 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\LicenseUI_loc040c.zip.dll + 2008-07-09 07:05:24 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll + 2008-07-09 07:05:24 1,361,296 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll + 2008-07-09 07:05:24 71,056 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll + 2008-07-09 07:06:26 30,184 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll + 2008-07-09 07:06:26 30,216 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll + 2008-02-27 01:10:26 714,208 ----a-w C:\WINDOWS\system32\ZoneLabs\qrbase.dll + 2008-02-27 01:10:28 792,032 ----a-w C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll + 2008-07-09 07:05:08 173,544 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler.dll + 2008-07-09 07:05:44 17,808 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler_loc040c.dll + 2008-07-28 20:11:38 9,956,040 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat + 2008-07-28 20:11:16 9,472,739 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware0.dat + 2008-02-27 01:10:32 1,504,736 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.dll + 2008-02-27 01:10:44 51,176 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.sys + 2008-07-09 07:05:10 456,168 ----a-w C:\WINDOWS\system32\ZoneLabs\ssleay32.dll + 2008-07-09 07:06:26 214,528 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll + 2008-07-09 07:06:30 3,266,040 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll + 2008-07-09 07:05:42 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp_loc040c.dll + 2006-09-04 18:59:14 503,875 ----a-w C:\WINDOWS\system32\ZoneLabs\upd_core.dll + 2007-10-11 14:50:32 832,984 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll + 2008-07-09 07:05:18 144,936 ----a-w C:\WINDOWS\system32\ZoneLabs\updclient.exe + 2008-07-09 07:05:44 75,152 ----a-w C:\WINDOWS\system32\ZoneLabs\updClient_loc040c.dll + 2007-01-11 15:31:06 286,787 ----a-w C:\WINDOWS\system32\ZoneLabs\updtrsdk.dll + 2008-07-09 07:05:10 108,008 ----a-w C:\WINDOWS\system32\ZoneLabs\vsavpro.dll + 2008-07-09 07:05:10 83,432 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb.dll + 2008-07-09 07:05:44 17,808 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb_loc040c.dll + 2008-07-09 07:05:18 75,304 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon.exe + 2008-07-09 07:05:44 46,480 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon_loc040c.dll + 2008-07-09 07:05:10 2,029,032 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmondll.dll + 2008-07-09 07:05:12 1,361,384 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb.dll + 2008-07-09 07:05:44 198,032 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb_loc040c.dll + 2008-07-09 07:05:12 239,080 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault.dll + 2008-07-09 07:05:44 17,808 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault_loc040c.dll + 2008-01-21 06:34:36 7,603,688 ----a-w C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat + 2008-07-09 07:05:12 177,640 ----a-w C:\WINDOWS\system32\ZoneLabs\zlparser.dll + 2008-07-09 07:05:12 79,344 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll + 2008-07-09 07:05:44 17,808 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine_loc040c.dll + 2008-07-09 07:05:14 382,440 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre.dll + 2008-07-09 07:05:44 21,904 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre_loc040c.dll + 2008-07-09 07:05:14 120,296 ----a-w C:\WINDOWS\system32\ZoneLabs\zlupdate.dll + 2008-07-29 21:23:47 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_704.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-06 15:22 524800] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-14 12:52 413696] "Windows Logon Applicationedc"="C:\WINDOWS\system32\dllcache\winlogon.exe" [2004-08-05 14:00 506368] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016] [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Deewoo.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^DW_Start.lnk] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cuuso HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{67-73-31-1B-DW} [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srmclean] --a------ 2001-07-24 23:34 36864 C:\cpqs\scom\srmclean.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\StubInstaller.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37] S0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [] S1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [] S2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00] . . ------- Supplementary Scan ------- . R0 -: HKLM-Main,Search Bar = hxxp://go.compaq.com/1Q00CDT/040C/bl8.asp R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://upload.malekal.com/ O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-29 23:24:21 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe . ************************************************************************** . Temps d'accomplissement: 2008-07-29 23:26:51 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-29 21:26:45 ComboFix2.txt 2008-07-28 11:46:43 Pre-Run: 42,514,305,024 octets libres Post-Run: 42,499,936,256 octets libres 317 --- E O F --- 2008-07-29 15:32:26
  9. noctoresse
    Voici les rapports demandés. Encore merci pour toute l'équipe qui se donne tant de mal pour nous sauver pauvres ignares que nous sommes. Rapport SmitfraudFix : SmitFraudFix v2.331 Rapport fait à 15:13:24.57, 29/07/2008 Executé à partir de F:\Virus\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\PLS-FOS »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\PLS-FOS\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PLS-FOS\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{56BCF159-EBC0-4405-86C2-25B1E4F67E48}: DhcpNameServer=85.255.115.62,85.255.112.100 HKLM\SYSTEM\CS1\Services\Tcpip\..\{56BCF159-EBC0-4405-86C2-25B1E4F67E48}: DhcpNameServer=85.255.115.62,85.255.112.100 HKLM\SYSTEM\CS2\Services\Tcpip\..\{56BCF159-EBC0-4405-86C2-25B1E4F67E48}: DhcpNameServer=85.255.115.62,85.255.112.100 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Rapport Navilog1 : Search Navipromo version 3.6.1 commencé le 29/07/2008 à 15:19:02.42 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "PLS-FOS" Mise à jour le 19.07.2008 à 20h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 6.0.2900.2180 Système de fichiers : NTFS Recherche executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans "C:\WINDOWS" *** *** Recherche dossiers dans "C:\Program Files" *** *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" *** *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\PLS-FOS\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\PLS-FOS\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\PLS-FOS\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net Aucun Fichier Navipromo trouvé *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\WINDOWS\system32" * * Recherche dans "C:\Documents and Settings\PLS-FOS\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * *** Recherche fichiers *** *** Recherche clés spécifiques dans le Registre *** *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\WINDOWS\system32" : * Dans "C:\Documents and Settings\PLS-FOS\locals~1\applic~1" : * Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" : 3)Recherche Certificats : Certificat Egroup absent ! Certificat Electronic-Group absent ! Certificat OOO-Favorit absent ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche fichiers connus : *** Analyse terminée le 29/07/2008 à 15:21:57.73 *** Rapport Fixwareout : Username "PLS-FOS" - 29/07/2008 15:35:35 [Fixwareout edited 9/01/2007] ~~~~~ Prerun check HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{56BCF159-EBC0-4405-86C2-25B1E4F67E48} "DhcpNameServer"="85.255.115.62,85.255.112.100" <Value cleared. Cache de résolution DNS vidé. System was rebooted successfully. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "System"="" .... .... ~~~~~ Misc files. .... ~~~~~ Checking for older varients. .... ~~~~~ Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe\"" "SetRefresh"="C:\\Program Files\\Compaq\\SetRefresh\\SetRefresh.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "Windows Logon Applicationedc"="C:\\WINDOWS\\system32\\dllcache\\winlogon.exe" "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] .... Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~
  10. noctoresse
    Bonjour, A part le scan d'Avast, puis celui de ZoneAlarm lors de l'install pas d'autre outil. Voici le rapport DiagHelp : DiagHelp version v1.4 - http://www.malekal.com excute le 29/07/2008 à 7:34:23.68 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->29/07/2008 07:33:35 C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->29/07/2008 07:32:48 C:\WINDOWS\prefetch\UPDCLIENT.EXE-215FC96B.pf -->29/07/2008 07:30:42 C:\WINDOWS\prefetch\UNINSTALL.EXE-0E8174C7.pf -->29/07/2008 07:28:50 C:\WINDOWS\prefetch\WRAR371FR.EXE-120BB124.pf -->29/07/2008 07:28:44 C:\WINDOWS\prefetch\RUNDLL32.EXE-451FC2C0.pf -->29/07/2008 07:28:17 C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf -->29/07/2008 07:27:58 C:\WINDOWS\prefetch\RUNDLL32.EXE-4489B61B.pf -->29/07/2008 07:27:57 C:\WINDOWS\prefetch\UPDATE.EXE-3AA868B4.pf -->29/07/2008 07:22:31 C:\WINDOWS\prefetch\UPDATE.EXE-2C47AD8E.pf -->29/07/2008 07:22:22 C:\WINDOWS\System32\drivers\fidbox.dat -->29/07/2008 07:30:41 C:\WINDOWS\System32\drivers\fidbox.idx -->29/07/2008 00:35:17 C:\WINDOWS\System32\drivers\aswFsBlk.sys -->19/07/2008 16:37:42 C:\WINDOWS\System32\drivers\aswmon2.sys -->19/07/2008 16:37:21 C:\WINDOWS\System32\drivers\aswSP.sys -->19/07/2008 16:35:18 C:\WINDOWS\System32\drivers\aswRdr.sys -->19/07/2008 16:33:42 C:\WINDOWS\System32\drivers\aswTdi.sys -->19/07/2008 16:32:36 C:\WINDOWS\System32\vsconfig.xml -->29/07/2008 07:14:17 C:\WINDOWS\System32\jupdate-1.6.0_07-b06.log -->28/07/2008 22:40:25 C:\WINDOWS\System32\wpa.dbl -->28/07/2008 22:33:21 C:\WINDOWS\System32\zllictbl.dat -->28/07/2008 22:33:01 C:\WINDOWS\System32\FNTCACHE.DAT -->28/07/2008 16:27:29 C:\WINDOWS\System32\PerfStringBackup.INI -->28/07/2008 16:14:36 C:\WINDOWS\System32\perfh00C.dat -->28/07/2008 16:14:36 C:\WINDOWS\System32\perfh009.dat -->28/07/2008 16:14:36 C:\WINDOWS\System32\perfc00C.dat -->28/07/2008 16:14:36 C:\WINDOWS\System32\perfc009.dat -->28/07/2008 16:14:36 C:\WINDOWS\System32\CONFIG.NT -->28/07/2008 14:04:37 C:\WINDOWS\System32\wpa.bak -->28/07/2008 12:25:19 C:\WINDOWS\System32\$winnt$.inf -->28/07/2008 12:17:16 C:\WINDOWS\System32\nscompat.tlb -->28/07/2008 12:13:51 C:\WINDOWS\System32\amcompat.tlb -->28/07/2008 12:13:51 C:\WINDOWS\System32\WindowsLogon.manifest -->28/07/2008 12:12:49 C:\WINDOWS\System32\logonui.exe.manifest -->28/07/2008 12:12:49 C:\WINDOWS\System32\wuaucpl.cpl.manifest -->28/07/2008 12:12:43 C:\WINDOWS\System32\sapi.cpl.manifest -->28/07/2008 12:12:43 C:\WINDOWS\System32\nwc.cpl.manifest -->28/07/2008 12:12:43 C:\WINDOWS\System32\ncpa.cpl.manifest -->28/07/2008 12:12:43 C:\WINDOWS\System32\cdplayer.exe.manifest -->28/07/2008 12:12:43 C:\WINDOWS\System32\emptyregdb.dat -->28/07/2008 12:11:45 C:\WINDOWS\System32\mapisvc.inf -->28/07/2008 12:11:22 C:\WINDOWS\System32\spupdsvc.inf -->25/07/2008 16:05:48 C:\WINDOWS\WindowsUpdate.log -->29/07/2008 07:28:21 C:\WINDOWS\KB951698.log -->29/07/2008 07:22:31 C:\WINDOWS\KB951748.log -->29/07/2008 07:22:21 C:\WINDOWS\KB950749.log -->29/07/2008 07:22:15 C:\WINDOWS\setupapi.log -->29/07/2008 07:15:42 C:\WINDOWS\0.log -->29/07/2008 07:14:15 C:\WINDOWS\wiadebug.log -->29/07/2008 07:14:14 C:\WINDOWS\ModemLog_Best Data Data Fax Modem.txt -->29/07/2008 07:14:14 C:\WINDOWS\wiaservc.log -->29/07/2008 07:14:09 C:\WINDOWS\SchedLgU.Txt -->29/07/2008 07:14:04 C:\WINDOWS\bootstat.dat -->29/07/2008 07:13:54 C:\WINDOWS\ntbtlog.txt -->28/07/2008 22:58:49 C:\WINDOWS\setupact.log -->28/07/2008 22:55:04 C:\WINDOWS\ODBC.INI -->28/07/2008 22:25:17 C:\WINDOWS\wmsetup.log -->28/07/2008 16:30:23 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 1620 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x76f80000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x7d200000 0x2b2000 3.00.3790.2180 C:\WINDOWS\system32\msi.dll 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x00c60000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x10000000 0xb000 6.00.0000.0878 C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll 0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 672 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76f80000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 5C36-731B Répertoire de C:\WINDOWS\system32 05/08/2004 14:00 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 41 900 986 368 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 5C36-731B Répertoire de C:\WINDOWS\Downloaded Program Files 14/05/2008 12:52 <REP> . 14/05/2008 12:52 <REP> .. 28/07/2008 12:12 65 desktop.ini 28/03/2008 21:33 144 QTPlugin.inf 02/12/2005 11:55 5 101 swflash.inf 26/05/2005 05:19 291 wuweb.inf 4 fichier(s) 5 601 octets Total des fichiers listés : 4 fichier(s) 5 601 octets 2 Rép(s) 41 900 986 368 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 "DisableRegistryTools"=dword:00000000 "HideLegacyLogonScripts"=dword:00000000 "HideLogoffScripts"=dword:00000000 "RunLogonScriptSync"=dword:00000001 "RunStartupScriptSync"=dword:00000000 "HideStartupScripts"=dword:00000000 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-29 07:35:28 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 180 - cisvc.exe 228 - MDM.EXE 648 - csrss.exe 672 - winlogon.exe 716 - services.exe 728 - lsass.exe 836 - cmd.exe 872 - svchost.exe 940 - svchost.exe 980 - svchost.exe 1024 - svchost.exe 1236 - svchost.exe 1260 - svchost.exe 1300 - vsmon.exe 1536 - ashServ.exe 1612 - ashMaiSv.exe 1620 - explorer.exe 1792 - ashDisp.exe 1800 - zlclient.exe 2036 - ashWebSv.exe 2268 - alg.exe 2452 - firefox.exe 3032 - cidaemon.exe Total number of processes = 24 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntoskrnl.exe 806EC000 - \WINDOWS\system32\hal.dll F8A42000 - \WINDOWS\system32\KDCOM.DLL F8952000 - \WINDOWS\system32\BOOTVID.dll F84F2000 - ACPI.sys F8A44000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS F84E1000 - pci.sys F8542000 - isapnp.sys F8B0A000 - pciide.sys F87C2000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS F8552000 - MountMgr.sys F84C2000 - ftdisk.sys F8A46000 - dmload.sys F849C000 - dmio.sys F87CA000 - PartMgr.sys F8562000 - VolSnap.sys F8484000 - atapi.sys F8572000 - disk.sys F8582000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS F8465000 - fltMgr.sys F8453000 - sr.sys F843C000 - KSecDD.sys F8429000 - WudfPf.sys F839C000 - Ntfs.sys F836F000 - NDIS.sys F835B000 - srescan.sys F8340000 - Mup.sys F86E2000 - \SystemRoot\system32\DRIVERS\intelppm.sys F82E1000 - \SystemRoot\system32\DRIVERS\ialmnt5.sys F82CD000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F883A000 - \SystemRoot\system32\DRIVERS\usbuhci.sys F82AA000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS F8842000 - \SystemRoot\system32\DRIVERS\usbehci.sys F81CC000 - \SystemRoot\system32\DRIVERS\HCF_MSFT.sys F884A000 - \SystemRoot\System32\Drivers\Modem.SYS F81A8000 - \SystemRoot\system32\DRIVERS\e100b325.sys F8197000 - \SystemRoot\system32\DRIVERS\serial.sys F89E2000 - \SystemRoot\system32\DRIVERS\serenum.sys F8183000 - \SystemRoot\system32\DRIVERS\parport.sys F86F2000 - \SystemRoot\system32\DRIVERS\i8042prt.sys F8852000 - \SystemRoot\system32\DRIVERS\kbdclass.sys F8702000 - \SystemRoot\system32\DRIVERS\imapi.sys F8712000 - \SystemRoot\system32\DRIVERS\cdrom.sys F8722000 - \SystemRoot\system32\DRIVERS\redbook.sys F8160000 - \SystemRoot\system32\DRIVERS\ks.sys F80D2000 - \SystemRoot\system32\drivers\smwdm.sys F80AE000 - \SystemRoot\system32\drivers\portcls.sys F8732000 - \SystemRoot\system32\drivers\drmk.sys F8A5E000 - \SystemRoot\system32\drivers\aeaudio.sys F8BAB000 - \SystemRoot\system32\DRIVERS\audstub.sys F8742000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys F89EA000 - \SystemRoot\system32\DRIVERS\ndistapi.sys F8097000 - \SystemRoot\system32\DRIVERS\ndiswan.sys F8752000 - \SystemRoot\system32\DRIVERS\raspppoe.sys F8762000 - \SystemRoot\system32\DRIVERS\raspptp.sys F885A000 - \SystemRoot\system32\DRIVERS\TDI.SYS F8086000 - \SystemRoot\system32\DRIVERS\psched.sys F8772000 - \SystemRoot\system32\DRIVERS\msgpc.sys F886A000 - \SystemRoot\system32\DRIVERS\ptilink.sys F8872000 - \SystemRoot\system32\DRIVERS\raspti.sys F8055000 - \SystemRoot\system32\DRIVERS\rdpdr.sys F8782000 - \SystemRoot\system32\DRIVERS\termdd.sys F887A000 - \SystemRoot\system32\DRIVERS\mouclass.sys F8A64000 - \SystemRoot\system32\DRIVERS\swenum.sys F7FF9000 - \SystemRoot\system32\DRIVERS\update.sys F8A0E000 - \SystemRoot\system32\DRIVERS\mssmbios.sys F8792000 - \SystemRoot\System32\Drivers\NDProxy.SYS EFF45000 - \SystemRoot\system32\drivers\ialmkchw.sys EFF27000 - \SystemRoot\system32\drivers\ialmsbw.sys F87B2000 - \SystemRoot\system32\DRIVERS\usbhub.sys F8A6A000 - \SystemRoot\system32\DRIVERS\USBD.SYS F8A36000 - \SystemRoot\system32\drivers\MODEMCSA.sys EFE3C000 - \SystemRoot\system32\DRIVERS\klif.sys F8310000 - \SystemRoot\system32\DRIVERS\hidusb.sys F85E2000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS F888A000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS F8A90000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F8C7F000 - \SystemRoot\System32\Drivers\Null.SYS F8A92000 - \SystemRoot\System32\Drivers\Beep.SYS F8892000 - \SystemRoot\System32\drivers\vga.sys F8A94000 - \SystemRoot\System32\Drivers\mnmdd.SYS F8A96000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F889A000 - \SystemRoot\System32\Drivers\Msfs.SYS F88A2000 - \SystemRoot\System32\Drivers\Npfs.SYS F830C000 - \SystemRoot\system32\DRIVERS\rasacd.sys EFA6F000 - \SystemRoot\system32\DRIVERS\ipsec.sys EFA17000 - \SystemRoot\system32\DRIVERS\tcpip.sys F85F2000 - \SystemRoot\System32\Drivers\aswTdi.SYS EF9EF000 - \SystemRoot\system32\DRIVERS\netbt.sys EF98F000 - \SystemRoot\System32\vsdatant.sys EF96D000 - \SystemRoot\System32\drivers\afd.sys F8602000 - \SystemRoot\system32\DRIVERS\netbios.sys EF94C000 - \SystemRoot\system32\DRIVERS\ipnat.sys F8612000 - \SystemRoot\system32\DRIVERS\wanarp.sys F88AA000 - \SystemRoot\System32\Drivers\StarOpen.SYS EF920000 - \SystemRoot\system32\DRIVERS\rdbss.sys EF889000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys F8632000 - \SystemRoot\System32\Drivers\Fips.SYS EF872000 - \SystemRoot\System32\Drivers\aswSP.SYS F89DE000 - \SystemRoot\system32\DRIVERS\mouhid.sys F88D2000 - \SystemRoot\System32\Drivers\Aavmker4.SYS EFEE7000 - \SystemRoot\System32\Drivers\Cdfs.SYS EF7BA000 - \SystemRoot\System32\Drivers\dump_atapi.sys F8ABA000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys F892A000 - \SystemRoot\System32\watchdog.sys EFE6B000 - \SystemRoot\System32\drivers\Dxapi.sys BF9C1000 - \SystemRoot\System32\drivers\dxg.sys F8B7C000 - \SystemRoot\System32\drivers\dxgthk.sys BF9E1000 - \SystemRoot\System32\ialmdnt5.dll BF9D3000 - \SystemRoot\System32\ialmrnt5.dll BFA03000 - \SystemRoot\System32\ialmdev5.DLL BFA34000 - \SystemRoot\System32\ialmdd5.DLL F87EA000 - \SystemRoot\system32\DRIVERS\aswFsBlk.sys EF76E000 - \SystemRoot\system32\DRIVERS\ndisuio.sys EF394000 - \SystemRoot\System32\Drivers\aswMon2.SYS EF137000 - \SystemRoot\system32\DRIVERS\mrxdav.sys EF0FA000 - \SystemRoot\system32\drivers\wdmaud.sys EFF07000 - \SystemRoot\system32\drivers\sysaudio.sys EEED0000 - \SystemRoot\system32\DRIVERS\fallback.sys EEEB4000 - \SystemRoot\system32\DRIVERS\fsksnt.sys EEE54000 - \SystemRoot\system32\DRIVERS\k56nt.sys EEE01000 - \SystemRoot\system32\DRIVERS\srv.sys EF24C000 - \SystemRoot\system32\DRIVERS\mdmxsdk.sys EEDA9000 - \SystemRoot\system32\DRIVERS\faxnt.sys EF4C2000 - \SystemRoot\system32\DRIVERS\tonesnt.sys EEC67000 - \SystemRoot\system32\DRIVERS\v124nt.sys EEA1E000 - \SystemRoot\System32\Drivers\HTTP.sys EEB0F000 - \SystemRoot\System32\Drivers\aswRdr.SYS EE79C000 - \SystemRoot\system32\drivers\kmixer.sys F890A000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS EE779000 - \SystemRoot\System32\Drivers\Fastfat.SYS F8C01000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 133 Liste des programmes installes Adobe Flash Player 9 ActiveX Adobe Flash Player ActiveX Adobe Reader 6.0 - Français Archiveur WinRAR avast! Antivirus Canon i550 Catalogue PL Würth France Colin McRae Rally 3 DeepBurner v1.8.0.224 Google Earth HijackThis 2.0.2 i-minitel ADSL Intel® Extreme Graphics 2 Driver Intel® PRO Network Adapters and Drivers J2SE Runtime Environment 5.0 Update 8 Java 2 Runtime Environment, SE v1.4.2_01 Java 6 Update 3 Java 6 Update 5 Java 6 Update 7 K-Lite Codec Pack 2.81 Full Lecteur Windows Media 10 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft Office Basic Edition 2003 Microsoft Visual C++ 2005 Redistributable Mozilla Firefox (3.0.1) OLITEC PCI V92 Ready V2 Data,Fax Modem Registry Repair Pro SAMSUNG Mobile Modem Driver Set Samsung Mobile phone USB driver Software SAMSUNG Mobile USB Modem 1.0 Software SAMSUNG Mobile USB Modem Software Samsung PC Studio 3 Samsung PC Studio 3 Samsung PC Studio 3 USB Driver Installer Samsung Samples Installer SoundMAX VideoLAN VLC media player 0.8.6f WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool Windows Media Format 11 runtime Windows Media Format Runtime Windows Media Player 11 ZoneAlarm Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 5C36-731B Répertoire de C:\Program Files 28/07/2008 14:56 <REP> . 28/07/2008 14:56 <REP> .. 25/07/2008 15:31 <REP> 3B Software 09/03/2006 18:20 <REP> Adobe 25/07/2008 16:13 <REP> Altiris 28/07/2008 14:04 <REP> Alwil Software 09/03/2006 18:20 <REP> Analog Devices 13/12/2006 13:23 <REP> Astonsoft 25/07/2008 13:22 <REP> AVG 28/07/2008 13:31 <REP> CA 19/10/2007 16:48 <REP> Canon_i550x 27/02/2007 13:20 <REP> Codemasters 31/10/2007 09:01 <REP> Common Files 09/03/2006 18:20 <REP> Compaq 09/03/2006 18:20 <REP> ComPlus Applications 30/03/2006 11:18 <REP> CONEXANT 28/07/2008 13:54 <REP> Fichiers communs 18/07/2008 17:31 <REP> Google 28/07/2008 12:12 <REP> Internet Explorer 28/07/2008 22:40 <REP> Java 13/02/2007 08:32 <REP> K-Lite Codec Pack 26/03/2008 13:20 <REP> LimeWire 09/03/2006 18:59 <REP> Messenger 09/03/2006 18:20 <REP> microsoft frontpage 30/03/2006 11:38 <REP> Microsoft Office 30/03/2006 11:38 <REP> Microsoft Visual Studio 30/03/2006 11:38 <REP> Microsoft Works 30/03/2006 11:38 <REP> Microsoft.NET 03/01/2008 10:04 <REP> MinitelADSL 09/03/2006 18:20 <REP> Movie Maker 29/07/2008 07:14 <REP> Mozilla Firefox 09/03/2006 18:20 <REP> MSN 28/07/2008 12:14 <REP> msn gaming zone 09/03/2006 18:20 <REP> NetMeeting 28/07/2008 12:12 <REP> Outlook Express 14/05/2008 12:52 <REP> QuickTime 09/03/2006 10:29 <REP> Raccourcis de programmes 14/09/2006 07:34 <REP> Rockstar Games 27/05/2008 13:06 <REP> Samsung 09/03/2006 18:20 <REP> Services en ligne 28/07/2008 13:20 <REP> Trend Micro 04/07/2008 14:25 <REP> VLC 04/07/2008 14:23 9 730 075 vlc-0.8.6f-win32.exe 25/07/2008 16:18 <REP> Windows Media Connect 2 28/07/2008 12:14 <REP> Windows Media Player 09/03/2006 18:20 <REP> Windows NT 29/07/2008 07:29 <REP> WinRAR 25/04/2006 15:17 <REP> Wurth 09/03/2006 18:20 <REP> xerox 28/07/2008 14:56 <REP> Zone Labs 1 fichier(s) 9 730 075 octets 49 Rép(s) 41 896 206 336 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 5C36-731B Répertoire de C:\Program Files\fichiers communs 28/07/2008 13:54 <REP> . 28/07/2008 13:54 <REP> .. 31/03/2006 10:50 <REP> Adobe 30/03/2006 11:38 <REP> DESIGNER 22/08/2006 13:22 <REP> InstallShield 09/03/2006 18:20 <REP> Java 25/07/2008 13:21 <REP> Microsoft Shared 09/03/2006 18:20 <REP> MSSoap 09/03/2006 18:20 <REP> ODBC 09/03/2006 18:20 <REP> Services 09/03/2006 18:20 <REP> SpeechEngines 28/07/2008 12:12 <REP> System 0 fichier(s) 0 octets 12 Rép(s) 41 896 202 240 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 5C36-731B Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 30/03/2006 11:38 <REP> . 30/03/2006 11:38 <REP> .. 30/03/2006 11:38 <REP> 1033 30/03/2006 11:38 <REP> 1036 11/07/2003 10:15 1 292 872 MSONSEXT.DLL 15/07/2003 06:52 35 896 MSOSV.DLL 03/06/1999 07:09 122 937 MSOWS409.DLL 07/03/2001 02:00 127 033 MSOWS40c.DLL 11/07/2003 02:25 80 448 PKMWS.DLL 5 fichier(s) 1 659 186 octets 4 Rép(s) 41 896 202 240 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 5C36-731B Répertoire de C:\Program Files\common files 31/10/2007 09:01 <REP> . 31/10/2007 09:01 <REP> .. 25/07/2008 14:22 <REP> Companion Wizard 0 fichier(s) 0 octets 3 Rép(s) 41 896 202 240 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 5C36-731B Répertoire de C:\ 31/10/2005 17:56 700 416 StubInstaller.exe 1 fichier(s) 700 416 octets 0 Rép(s) 41 896 202 240 octets libres c:\Documents and Settings\Administrateur\Application Data\FrostWire\.NetworkShare\LimeWireWin4.16.6.exe c:\Documents and Settings\Administrateur\Bureau\ComboFix_SansEchec.exe c:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Calc.exe c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Inst2\Cnmvsa.exe c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Inst2\helpkicker.exe c:\Documents and Settings\PLS-FOS\.limewire\.NetworkShare\LimeWireWin4.16.6.exe c:\Documents and Settings\PLS-FOS\Local Settings\Temp\072808221218\z4barSpInstall.exe c:\Documents and Settings\PLS-FOS\Local Settings\Temporary Internet Files\Content.IE5\C1MNKDQB\zlsSetup_70_483_000_fr[1].exe c:\Documents and Settings\PLS-FOS\Mes documents\codec.exe c:\Documents and Settings\PLS-FOS\Mes documents\GoogleEarthWin.exe c:\Documents and Settings\PLS-FOS\Mes documents\install_flash_player.exe c:\Documents and Settings\PLS-FOS\Mes documents\klcodec281f.exe c:\Documents and Settings\PLS-FOS\Mes documents\vlc-0.8.6f-win32.exe c:\Documents and Settings\PLS-FOS\Mes documents\zaSetup_fr.exe c:\Documents and Settings\PLS-FOS\Mes documents\Anti-Virus\ComboFix_SansEchec.exe c:\Documents and Settings\PLS-FOS\Mes documents\Anti-Virus\Nouveau dossier\DiagHelp\catchme.exe c:\Documents and Settings\PLS-FOS\Mes documents\Anti-Virus\Nouveau dossier\DiagHelp\diff.exe c:\Documents and Settings\PLS-FOS\Mes documents\Anti-Virus\Nouveau dossier\DiagHelp\dumphive.exe c:\Documents and Settings\PLS-FOS\Mes documents\Anti-Virus\Nouveau dossier\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\PLS-FOS\Mes documents\Anti-Virus\Nouveau dossier\DiagHelp\find2.exe c:\Documents and Settings\PLS-FOS\Mes documents\Anti-Virus\Nouveau dossier\DiagHelp\Fport.exe c:\Documents and Settings\PLS-FOS\Mes documents\Anti-Virus\Nouveau dossier\DiagHelp\grep.exe c:\Documents and Settings\PLS-FOS\Mes documents\Anti-Virus\Nouveau dossier\DiagHelp\gzip.exe c:\Documents and Settings\PLS-FOS\Mes documents\Anti-Virus\Nouveau dossier\DiagHelp\KProcCheck.exe c:\Documents and Settings\PLS-FOS\Mes documents\Anti-Virus\Nouveau dossier\DiagHelp\LFiles.exe c:\Documents and Settings\PLS-FOS\Mes documents\Anti-Virus\Nouveau dossier\DiagHelp\LISTDLLS.exe c:\Documents and Settings\PLS-FOS\Mes documents\Anti-Virus\Nouveau dossier\DiagHelp\md5sums.exe c:\Documents and Settings\PLS-FOS\Mes documents\Anti-Virus\Nouveau dossier\DiagHelp\pslist.exe c:\Documents and Settings\PLS-FOS\Mes documents\Anti-Virus\Nouveau dossier\DiagHelp\sigcheck.exe c:\Documents and Settings\PLS-FOS\Mes documents\Anti-Virus\Nouveau dossier\DiagHelp\streams.exe c:\Documents and Settings\PLS-FOS\Mes documents\Anti-Virus\Nouveau dossier\DiagHelp\swreg.exe c:\Documents and Settings\PLS-FOS\Mes documents\Anti-Virus\Nouveau dossier\DiagHelp\tar.exe c:\Documents and Settings\PLS-FOS\Mes documents\Cedric\GoogleEarthWin.exe c:\Documents and Settings\PLS-FOS\Mes documents\Cedric\MARIAGE\docu0018.EXE c:\Documents and Settings\PLS-FOS\Mes documents\Mes images\iTunesSetup.exe c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0404\CNMlr49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0404\CNMsr49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0404\CNMur49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0405\CNMlr49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0405\CNMsr49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0405\CNMur49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0406\CNMlr49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0406\CNMsr49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0406\CNMur49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0407\CNMlr49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0407\CNMsr49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0407\CNMur49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0408\CNMlr49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0408\CNMsr49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0408\CNMur49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0409\CNMlr49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0409\CNMsr49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0409\CNMur49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\040b\CNMlr49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\040b\CNMsr49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\040b\CNMur49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\040c\CNMlr49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\040c\CNMsr49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\040c\CNMur49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\040e\CNMlr49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\040e\CNMsr49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\040e\CNMur49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0410\CNMlr49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0410\CNMsr49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0410\CNMur49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0412\CNMlr49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0412\CNMsr49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0412\CNMur49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0413\CNMlr49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0413\CNMsr49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0413\CNMur49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0414\CNMlr49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0414\CNMsr49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0414\CNMur49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0415\CNMlr49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0415\CNMsr49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0415\CNMur49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0419\CNMlr49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0419\CNMsr49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0419\CNMur49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\041D\CNMlr49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\041D\CNMsr49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\041D\CNMur49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\041E\CNMlr49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\041E\CNMsr49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\041E\CNMur49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0804\CNMlr49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0804\CNMsr49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0804\CNMur49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0816\CNMlr49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0816\CNMsr49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0816\CNMur49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0c0a\CNMlr49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0c0a\CNMsr49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550\LanguageModules\0c0a\CNMur49.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMBR153.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMDRV.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMDUMP4.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMFUS.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMI550.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMINST.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLMON2.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLR.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLRCN.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLRCZ.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLRDE.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLRDK.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLRES.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLRFI.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLRFR.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLRGR.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLRHU.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLRIT.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLRKR.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLRNL.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLRNO.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLRPL.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLRPT.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLRRU.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLRSE.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLRTH.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMLRTW.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMO153.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMP_153.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMPCOMM.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMPD.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMPP.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMPV.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMQUEUE.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSMSD.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSR.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSRCN.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSRCZ.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSRDE.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSRDK.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSRES.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSRFI.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSRFR.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSRGR.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSRHU.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSRIT.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSRKR.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSRNL.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSRNO.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSRPL.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSRPT.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSRRU.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSRSE.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSRTH.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSRTW.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMSTMN.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMUI.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMUR.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMURCN.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMURCZ.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMURDE.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMURDK.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMURES.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMURFI.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMURFR.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMURGR.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMURHU.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMURIT.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMURKR.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMURNL.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMURNO.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMURPL.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMURPT.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMURRU.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMURSE.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMURTH.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMURTW.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMVS.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Driver2\CNMW3.DLL c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Inst2\cnmi040c.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Inst2\cnminst2.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Inst2\cnmis.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Inst2\cnmis4.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Inst2\cnmis5.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon i550 Installer\Inst2\devid.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0401\CNMlr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0401\CNMsr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0401\CNMur87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0404\CNMlr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0404\CNMsr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0404\CNMur87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0405\CNMlr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0405\CNMsr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0405\CNMur87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0406\CNMlr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0406\CNMsr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0406\CNMur87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0407\CNMlr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0407\CNMsr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0407\CNMur87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0408\CNMlr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0408\CNMsr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0408\CNMur87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0409\CNMlr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0409\CNMsr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0409\CNMur87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\040b\CNMlr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\040b\CNMsr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\040b\CNMur87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\040c\CNMlr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\040c\CNMsr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\040c\CNMur87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\040e\CNMlr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\040e\CNMsr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\040e\CNMur87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0410\CNMlr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0410\CNMsr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0410\CNMur87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0411\CNMlr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0411\CNMsr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0411\CNMur87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0412\CNMlr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0412\CNMsr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0412\CNMur87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0413\CNMlr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0413\CNMsr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0413\CNMur87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0414\CNMlr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0414\CNMsr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0414\CNMur87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0415\CNMlr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0415\CNMsr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0415\CNMur87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0419\CNMlr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0419\CNMsr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0419\CNMur87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\041D\CNMlr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\041D\CNMsr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\041D\CNMur87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\041E\CNMlr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\041E\CNMsr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\041E\CNMur87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\041F\CNMlr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\041F\CNMsr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\041F\CNMur87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0804\CNMlr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0804\CNMsr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0804\CNMur87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0816\CNMlr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0816\CNMsr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0816\CNMur87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0c0a\CNMlr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0c0a\CNMsr87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0c0a\CNMur87.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0401\CNMlr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0401\CNMsr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0401\CNMur93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0404\CNMlr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0404\CNMsr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0404\CNMur93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0405\CNMlr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0405\CNMsr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0405\CNMur93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0406\CNMlr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0406\CNMsr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0406\CNMur93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0407\CNMlr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0407\CNMsr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0407\CNMur93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0408\CNMlr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0408\CNMsr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0408\CNMur93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0409\CNMlr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0409\CNMsr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0409\CNMur93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\040b\CNMlr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\040b\CNMsr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\040b\CNMur93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\040c\CNMlr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\040c\CNMsr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\040c\CNMur93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\040e\CNMlr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\040e\CNMsr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\040e\CNMur93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0410\CNMlr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0410\CNMsr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0410\CNMur93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0411\CNMlr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0411\CNMsr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0411\CNMur93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0412\CNMlr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0412\CNMsr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0412\CNMur93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0413\CNMlr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0413\CNMsr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0413\CNMur93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0414\CNMlr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0414\CNMsr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0414\CNMur93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0415\CNMlr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0415\CNMsr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0415\CNMur93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0419\CNMlr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0419\CNMsr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0419\CNMur93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\041D\CNMlr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\041D\CNMsr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\041D\CNMur93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\041E\CNMlr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\041E\CNMsr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\041E\CNMur93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\041F\CNMlr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\041F\CNMsr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\041F\CNMur93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0421\CNMlr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0421\CNMsr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0421\CNMur93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0804\CNMlr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0804\CNMsr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0804\CNMur93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0816\CNMlr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0816\CNMsr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0816\CNMur93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0c0a\CNMlr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0c0a\CNMsr93.dll c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP610 series Printer\LanguageModules\0c0a\CNMur93.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_PC-FOS.tar.gz a l'adresse http://upload.malekal.com
  11. noctoresse
    Merci pour une réponse si rapide. J'ai tout d'abord utilisé E-Trust qui était installé; il ne voyait presque rien et pour cause mise à jour impossible (du au virus ?). Ensuite Ad-aware puis avg-antivirus (+ de 20 virus différents et une cetaine de fichiers infectés). Un petit coup sur la base de registre avec Windows Registry Repair Pro (environ 600 corrections). Ensuite Avast (encore une soixantaine d'attaques trojan). J'ai fini par faire une restauration XP, suivie de ComboFix (surtout contre Vundo) en sans échec. Voici le rapport ComboFix : ComboFix 08-07-27.5 - Administrateur 2008-07-28 13:39:52.1 - NTFSx86 MINIMAL Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.386 [GMT 2:00] Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrateur\Application Data\DriveCleaner Free C:\Documents and Settings\Administrateur\Application Data\DriveCleaner Free\Logs\update.log c:\Documents and Settings\Administrateur\Local Settings\Application Data\ckiyy.dat c:\documents and settings\administrateur\local settings\application data\ckiyy.exe c:\Documents and Settings\Administrateur\Local Settings\Application Data\ckiyy_nav.dat c:\Documents and Settings\Administrateur\Local Settings\Application Data\ckiyy_navps.dat C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007 C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\Abbr C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ActivationCode C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ProductCode C:\WINDOWS\BM5f054028.txt C:\WINDOWS\cookies.ini C:\WINDOWS\mainms.vpi C:\WINDOWS\megavid.cdt C:\WINDOWS\muotr.so C:\WINDOWS\pskt.ini C:\WINDOWS\system32\6358\27744.dll C:\WINDOWS\system32\abcjugdi.ini C:\WINDOWS\system32\adfkumds.ini C:\WINDOWS\system32\aktknwej.ini C:\WINDOWS\system32\aojxqgbv.dll C:\WINDOWS\system32\clbinit.dll C:\WINDOWS\system32\conmawjf.ini C:\WINDOWS\system32\eyebdpyh.ini C:\WINDOWS\system32\fbumcxrm.dll C:\WINDOWS\system32\geBsTkiH.dll C:\WINDOWS\system32\gmcksxqi.dll C:\WINDOWS\system32\idjthiqq.ini C:\WINDOWS\system32\Jihhknpo.ini C:\WINDOWS\system32\Jihhknpo.ini2 C:\WINDOWS\system32\jjeeancf.ini C:\WINDOWS\system32\kdreknla.ini C:\WINDOWS\system32\kfewmekd.ini C:\WINDOWS\system32\khfGxWqP.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mfhcgkhq.ini C:\WINDOWS\system32\mgremxix.ini C:\WINDOWS\system32\mkrqggxn.dll C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\msnav32.ax C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe C:\WINDOWS\system32\nvs2.inf C:\WINDOWS\system32\orgzpl.dll C:\WINDOWS\system32\owcvjg.dll C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\sdmukfda.dll C:\WINDOWS\system32\stera.job C:\WINDOWS\system32\stera.log C:\WINDOWS\system32\tuvUlkJb.dll C:\WINDOWS\system32\vhphyasm.dll C:\WINDOWS\system32\vtUmlLDw.dll C:\WINDOWS\system32\winpfz33.sys C:\WINDOWS\system32\xtfgseqp.ini C:\WINDOWS\system32\xxywxXOF.dll C:\WINDOWS\system32\zxdnt3d.cfg . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CLBDRIVER -------\Legacy_MSSECURITY1.209.4 -------\Service_clbdriver ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-28 to 2008-07-28 )))))))))))))))))))))))))))))))))))) . 2008-07-28 13:20 . 2008-07-28 13:20 <REP> d-------- C:\Program Files\Trend Micro 2008-07-28 12:25 . 2008-07-28 12:25 1,374 --a------ C:\WINDOWS\system32\wpa.bak 2008-07-28 12:15 . 2004-08-05 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll 2008-07-28 12:14 . 2004-08-05 14:00 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll 2008-07-28 12:12 . 2008-07-28 12:12 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-07-28 12:12 . 2008-07-28 12:12 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2008-07-28 12:12 . 2008-07-28 12:12 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest 2008-07-28 12:12 . 2008-07-28 12:12 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest 2008-07-28 12:12 . 2008-07-28 12:12 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2008-07-28 12:12 . 2008-07-28 12:12 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2008-07-28 12:04 . 2004-08-05 14:00 1,086,058 -ra------ C:\WINDOWS\SET54.tmp 2008-07-28 12:04 . 2004-08-05 14:00 1,014,836 -ra------ C:\WINDOWS\SET51.tmp 2008-07-28 12:04 . 2004-08-05 14:00 14,043 -ra------ C:\WINDOWS\SET60.tmp 2008-07-25 16:05 . 2008-07-25 16:05 230 --a------ C:\WINDOWS\system32\spupdsvc.inf 2008-07-25 16:02 . 2006-11-17 20:28 66,048 --a------ C:\WINDOWS\ieResetIcons.exe 2008-07-25 15:31 . 2008-07-25 15:31 <REP> d-------- C:\Program Files\3B Software 2008-07-25 14:30 . 2008-07-25 14:30 0 --a------ C:\WINDOWS\nsreg.dat 2008-07-25 13:22 . 2008-07-25 13:22 <REP> d-------- C:\Program Files\AVG 2008-07-25 13:22 . 2008-07-25 13:22 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll.install_backup 2008-07-23 07:32 . 2008-07-23 07:32 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SAMSUNG 2008-07-23 07:13 . 2008-07-27 18:19 <REP> d-------- C:\WINDOWS\system32\kBin02 2008-07-21 07:28 . 2008-07-21 07:28 <REP> d-------- C:\WINDOWS\system32\carH18 2008-07-10 07:15 . 2008-07-25 16:59 111,567 --a------ C:\WINDOWS\BM5f054028.xml 2008-07-10 07:14 . 2008-07-28 13:41 <REP> d-------- C:\WINDOWS\system32\6358 2008-07-09 15:59 . 2008-07-25 15:14 <REP> d-------- C:\WINDOWS\system32\ver 2008-07-09 15:59 . 2008-07-26 00:33 <REP> d-------- C:\WINDOWS\system32\olixds18 2008-07-09 15:59 . 2008-07-25 15:12 <REP> d-------- C:\WINDOWS\system32\ole 2008-07-09 15:59 . 2008-07-26 00:30 <REP> d-------- C:\WINDOWS\system32\IP3 2008-07-09 15:59 . 2008-07-09 15:59 <REP> d-------- C:\WINDOWS\system32\dapi 2008-07-09 15:59 . 2008-07-25 16:18 <REP> d-------- C:\Temp 2008-07-09 15:59 . 2008-07-09 15:59 152,191 --a------ C:\WINDOWS\system32\g42.exe 2008-07-09 15:59 . 2004-08-05 04:00 4,224 --a------ C:\WINDOWS\system32\beep.sys 2008-07-04 14:26 . 2008-07-04 14:26 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\vlc 2008-07-04 14:25 . 2008-07-04 14:25 <REP> d-------- C:\Program Files\VLC 2008-07-04 14:23 . 2008-07-04 14:23 9,730,075 --a------ C:\Program Files\vlc-0.8.6f-win32.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-28 11:31 --------- d-----w C:\Program Files\CA 2008-07-25 14:18 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-07-25 14:13 --------- d-----w C:\Program Files\Altiris 2008-07-25 07:07 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\AdobeUM 2008-07-18 15:31 --------- d-----w C:\Program Files\Google 2008-05-30 14:25 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\ntr . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-06 15:22 524800] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-14 12:52 413696] "Windows Logon Applicationedc"="C:\WINDOWS\system32\dllcache\winlogon.exe" [2004-08-05 14:00 506368] [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Deewoo.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^DW_Start.lnk] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cuuso HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{67-73-31-1B-DW} [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srmclean] --a------ 2001-07-24 23:34 36864 C:\cpqs\scom\srmclean.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\StubInstaller.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= S0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [] S1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [] S2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00] . - - - - ORPHANS REMOVED - - - - HKLM-Run-BM5f054028 - C:\WINDOWS\system32\mkrqggxn.dll MSConfigStartUp-5c3673b4 - C:\WINDOWS\system32\sdmukfda.dll MSConfigStartUp-BM5f054028 - C:\WINDOWS\system32\mkrqggxn.dll MSConfigStartUp-ckiyy - c:\documents and settings\administrateur\local settings\application data\ckiyy.exe . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.orange.fr/ R0 -: HKLM-Main,Search Bar = hxxp://go.compaq.com/1Q00CDT/040C/bl8.asp O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O17 -: HKLM\CCS\Interface\{A577A9F2-33E6-4EE2-904D-E63767CF5176}: NameServer = 85.255.115.62,85.255.112.100 ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-28 13:44:11 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Calc.exe . ************************************************************************** . Temps d'accomplissement: 2008-07-28 13:46:42 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-28 11:46:39 Pre-Run: 42,387,697,664 octets libres Post-Run: 42,332,749,824 octets libres 183 --- E O F --- 2007-12-12 16:00:11 Et le nouveau rapport hijackthis_Normal : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:09:52, on 29/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" //mailurl:mailto:?body=http%3A%2F%2Fforum.zebulon.fr%2Fpre-nettoyage-d-un-pc-infecte-t83986.html&subject=Pr%C3%A9-Nettoyage%20d'un%20PC%20infect%C3%A9%20-%20Forums%20Zebulon.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\WINDOWS\system32\dllcache\winlogon.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141893295953 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 4826 bytes
  12. noctoresse
    Bonsoir, Je viens de déverminer au mieux ce PC. J'ai vu que beaucoup parlaient de "hijackthis", alors je vous propose mon rapport afin que vous me donniez votre avis sur le résultat et surtout sur ce qu'il me reste à nettoyer. J'ai installé ZoneAlarm et Avast, en lieu et place du pare-feu Windows associé à E-Trust antivirus. Merci par avance de votre aide expérimentée. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:59:25, on 28/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\WINDOWS\system32\dllcache\winlogon.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141893295953 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 3850 bytes
×
×
  • Créer...