furiani34

désolé j,ai mis un peu de temps à vous répondre. c bon jai nettoyé vérifier etc... tout à l'air niquel bon quand nettoye la mbr jai été oblige de formater le disque mais sinon tout va bien encore merci pour l'aide apportée

========== PROCESSES ========== Process explorer.exe killed successfully. ========== SERVICES/DRIVERS ========== ========== FILES ========== File/Folder C:\WINDOWS\i386\CMDOW.EX_ Infected not found. G:\sauvegarde tera 14\LOGICIELS\Hacking\Spector Pro v6.0 Build 1223 & serial.rar moved successfully. G:\sauvegarde tera 14\LOGICIELS\Internet\cute ftp 4032\cuteFR4032.exe moved successfully. G:\sauvegarde tera 14\LOGICIELS\Scanner\windows\ULTIMATE EDITION V7.iso moved successfully. G:\sauvegarde tera 14\LOGICIELS\windows\ULTIMATE EDITION V7.iso moved successfully. ========== REGISTRY ========== ========== COMMANDS ========== File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_9eGKQ1A4mYJtESjBO43i scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fla1075.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Perflib_Perfdata_e08.dat scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Perflib_Perfdata_f14.dat scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF11EB.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF2C1D.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF2C58.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF7959.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF7969.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF9BF2.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF9C02.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFDD0A.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFDD6C.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_438.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\ua1e040x.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\ua1e040x.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\ua1e040x.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\ua1e040x.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\ua1e040x.default\urlclassifier3.sqlite scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\ua1e040x.default\XUL.mfl scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12102008_185707 Files moved on Reboot... File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_9eGKQ1A4mYJtESjBO43i not found! File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fla1075.tmp not found! File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Perflib_Perfdata_e08.dat not found! File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Perflib_Perfdata_f14.dat not found! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF11EB.tmp moved successfully. File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF2C1D.tmp not found! File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF2C58.tmp not found! File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF7959.tmp not found! File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF7969.tmp not found! File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF9BF2.tmp not found! File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF9C02.tmp not found! File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFDD0A.tmp not found! File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFDD6C.tmp not found! File C:\WINDOWS\temp\Perflib_Perfdata_438.dat not found! C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\ua1e040x.default\Cache\_CACHE_001_ moved successfully. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\ua1e040x.default\Cache\_CACHE_002_ moved successfully. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\ua1e040x.default\Cache\_CACHE_003_ moved successfully. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\ua1e040x.default\Cache\_CACHE_MAP_ moved successfully. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\ua1e040x.default\urlclassifier3.sqlite moved successfully. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\ua1e040x.default\XUL.mfl moved successfully.

-------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Sunday, December 7, 2008 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Sunday, December 07, 2008 09:20:51 Records in database: 1441946 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ Scan statistics: Files scanned: 317210 Threat name: 7 Infected objects: 13 Suspicious objects: 0 Duration of the scan: 03:09:47 File name / Threat name / Threats count C:\Program Files\ESET\infected\0Y14PHAA.NQF Infected: Trojan.Win32.Agent.amqg 1 C:\Program Files\ESET\infected\4LXZE5BA.NQF Infected: Worm.Win32.AutoRun.sbr 1 C:\Program Files\ESET\infected\ROM2SHCA.NQF Infected: Worm.Win32.AutoRun.sbr 1 C:\RECYCLER\S-1-5-21-776561741-1078145449-682003330-500\Dc22.7\Crack\all2mp3.exe Infected: Packed.Win32.Krap.b 1 C:\WINDOWS\i386\CMDOW.EX_ Infected: not-a-virus:RiskTool.Win32.HideWindows 1 G:\sauvegarde tera 14\LOGICIELS\Hacking\Spector Pro v6.0 Build 1223 & serial.rar Infected: not-a-virus:Monitor.Win32.SpectorPro.d 1 G:\sauvegarde tera 14\LOGICIELS\Internet\cute ftp 4032\cuteFR4032.exe Infected: not-a-virus:AdWare.Win32.TimeSink 4 G:\sauvegarde tera 14\LOGICIELS\MSN\MessenPass(www.MsnTrucAstuce.fr).zip Infected: not-a-virus:PSWTool.Win32.Messen.104 1 G:\sauvegarde tera 14\LOGICIELS\Scanner\windows\ULTIMATE EDITION V7.iso Infected: not-a-virus:RiskTool.Win32.HideWindows 1 G:\sauvegarde tera 14\LOGICIELS\windows\ULTIMATE EDITION V7.iso Infected: not-a-virus:RiskTool.Win32.HideWindows 1 The selected area was scanned.

salut voici le rapport avec le disque dur infesté ComboFix 08-12-04.05 - Administrateur 2008-12-06 15:17:17.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2484 [GMT 1:00] Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFScript.txt * Un nouveau point de restauration a été créé * Resident AV is active FILE :: c:\windows\system32\ezsidmv.dat c:\windows\system32\wr10147.dll c:\windows\system32\xa46002875.exe c:\windows\system32\xa46003437.exe c:\windows\system32\xwr10147.dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\IE4 Error Log.txt c:\windows\system32\ezsidmv.dat c:\windows\system32\wr10147.dll c:\windows\system32\xa46002875.exe c:\windows\system32\xa46003437.exe c:\windows\system32\xwr10147.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-06 au 2008-12-06 )))))))))))))))))))))))))))))))))))) . 2008-12-05 14:18 . 2008-12-05 14:18 <REP> d-------- c:\windows\system32\xircom 2008-12-05 14:18 . 2008-12-05 14:18 <REP> d-------- c:\windows\system32\oobe 2008-12-05 14:18 . 2008-12-05 14:18 <REP> d-------- c:\windows\system32\npp 2008-12-05 14:18 . 2008-12-05 14:18 <REP> d-------- c:\windows\msagent 2008-12-05 14:18 . 2008-12-05 14:18 <REP> d-------- c:\program files\microsoft frontpage 2008-12-05 09:24 . 2008-12-05 09:24 <REP> d-------- c:\documents and settings\All Users\Application Data\Maxtor 2008-12-03 17:04 . 2008-12-03 17:04 <REP> d-------- c:\program files\Maxtor 2008-12-03 17:04 . 2008-12-03 17:04 <REP> d-------- c:\program files\Fichiers communs\Maxtor 2008-12-03 17:04 . 2008-12-03 17:04 400,864 --a------ c:\windows\system32\drivers\timntr.sys 2008-12-03 17:04 . 2008-12-03 17:04 120,992 --a------ c:\windows\system32\drivers\snapman.sys 2008-12-03 17:04 . 2008-12-03 17:04 32,768 --a------ c:\windows\system32\drivers\tifsfilt.sys 2008-12-03 14:55 . 2008-12-03 14:56 <REP> d-------- c:\program files\Picasa2 2008-11-30 11:37 . 2008-11-30 11:37 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys 2008-11-30 11:36 . 2008-11-30 11:42 <REP> d-------- c:\documents and settings\Administrateur\.housecall6.6 2008-11-29 17:20 . 2008-11-29 17:20 <REP> d-------- c:\program files\Cobian Backup 9 2008-11-28 08:35 . 2008-11-28 08:35 <REP> d-------- c:\windows\Easy CD-DA Extractor 12 2008-11-27 09:58 . 2008-11-27 09:58 <REP> d-------- c:\program files\orange 2008-11-27 09:58 . 2008-11-27 09:58 <REP> d-------- c:\program files\Oberon Media 2008-11-27 09:58 . 2008-11-27 09:58 <REP> d-------- c:\program files\Fichiers communs\Oberon Media 2008-11-26 22:20 . 2008-11-26 22:20 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Zeon 2008-11-26 22:20 . 2008-11-26 22:23 <REP> d-------- c:\documents and settings\Administrateur\Application Data\ScanSoft 2008-11-26 22:19 . 2008-11-26 22:19 <REP> d--h----- c:\windows\system32\GroupPolicy 2008-11-26 22:19 . 2008-11-26 22:19 <REP> d-------- c:\program files\Fichiers communs\ScanSoft Shared 2008-11-26 22:19 . 2008-11-26 22:19 <REP> d-------- c:\documents and settings\All Users\Application Data\Zeon 2008-11-26 22:18 . 2008-11-26 22:18 <REP> d-------- c:\documents and settings\All Users\Application Data\ScanSoft 2008-11-26 22:18 . 2008-11-26 22:18 <REP> d-------- c:\documents and settings\All Users\Application Data\InstallShield 2008-11-26 22:18 . 2008-11-26 22:18 395 --a------ c:\windows\MAXLINK.INI 2008-11-26 22:17 . 2008-11-26 22:19 <REP> d-------- c:\program files\ScanSoft 2008-11-25 16:44 . 2004-11-03 00:00 278,528 --a------ c:\windows\system32\esint30.dll 2008-11-25 16:44 . 2004-11-03 00:00 176,128 --a------ c:\windows\system32\eswia30.dll 2008-11-25 16:44 . 2004-11-03 00:00 64,000 --a------ c:\windows\system32\esfw30.bin 2008-11-24 21:54 . 2008-11-24 21:54 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Smart Panel 2008-11-24 21:19 . 2008-12-06 13:36 <REP> d-------- c:\documents and settings\Administrateur\Application Data\skypePM 2008-11-24 21:17 . 2008-12-06 15:14 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Skype 2008-11-24 21:16 . 2008-11-24 21:16 <REP> d-------- c:\program files\Skype 2008-11-24 21:16 . 2008-11-24 21:16 <REP> d-------- c:\program files\Fichiers communs\Skype 2008-11-24 21:16 . 2008-11-24 21:16 <REP> d-------- c:\documents and settings\All Users\Application Data\Skype 2008-11-24 08:09 . 2008-11-24 08:09 <REP> d-------- c:\program files\Fichiers communs\Python 2008-11-24 08:09 . 2001-10-19 12:18 708,696 --a------ c:\windows\system32\python21.dll 2008-11-24 08:09 . 2001-10-19 12:18 290,919 --a------ c:\windows\system32\pythoncom21.dll 2008-11-24 08:09 . 2001-10-19 12:19 57,344 --a------ c:\windows\system32\PyWinTypes21.dll 2008-11-24 08:08 . 1999-06-15 11:31 96,768 --a------ c:\windows\SlantAdj.dll 2008-11-24 08:08 . 1999-12-07 02:03 73,216 --a------ c:\windows\ADE.DLL 2008-11-24 08:08 . 1999-04-27 00:17 3,136 --a------ c:\windows\Ade001.bin 2008-11-24 08:07 . 2008-11-24 08:09 <REP> d-------- c:\program files\Smart Panel 2008-11-23 16:26 . 2008-11-23 16:26 <REP> d-------- c:\program files\Kalender 2008-11-20 23:13 . 2008-11-20 23:13 <REP> d-------- c:\program files\NCH Swift Sound 2008-11-20 23:13 . 2008-11-20 23:13 <REP> d-------- c:\documents and settings\Administrateur\Application Data\NCH Swift Sound 2008-11-20 21:42 . 2008-11-20 21:42 29 --a------ c:\windows\DEBUGSM.INI 2008-11-20 19:11 . 2008-11-20 23:30 <REP> d-------- c:\program files\Google 2008-11-19 17:09 . 2008-11-19 17:09 <REP> d-------- c:\program files\GigaTribe 2008-11-19 17:09 . 2008-11-21 08:22 <REP> d-------- c:\documents and settings\Administrateur\Application Data\GigaTribe 2008-11-17 17:42 . 2008-11-17 17:42 <REP> d-------- c:\documents and settings\Administrateur\Application Data\IndexEducation 2008-11-17 17:38 . 2008-11-17 17:38 <REP> d-------- C:\PRONOTE 2008 2008-11-12 18:02 . 2008-11-12 18:02 <REP> d-------- c:\program files\DVD Shrink 2008-11-12 18:02 . 2008-12-03 21:50 <REP> d-------- c:\documents and settings\All Users\Application Data\DVD Shrink 2008-11-12 17:45 . 2008-09-10 02:15 1,307,648 --------- c:\windows\system32\dllcache\msxml6.dll 2008-11-12 17:13 . 2008-11-12 17:14 <REP> d-------- c:\program files\Fast AVI MPEG Joiner 2008-11-12 16:03 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-12 15:30 . 2008-11-12 15:31 <REP> d-------- C:\BASEPROF 2008-11-12 15:30 . 2008-11-25 20:30 251 --a------ c:\windows\MODPROF.ini 2008-11-12 15:30 . 2008-11-25 16:52 251 --a------ c:\windows\IMPEXP.ini 2008-11-12 15:29 . 2008-11-25 20:32 <REP> d-------- C:\MODPROF 2008-11-12 15:19 . 2008-09-04 18:16 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll 2008-11-11 22:20 . 2008-11-11 22:20 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Auslogics 2008-11-11 22:17 . 2008-11-11 22:17 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Thunderbird 2008-11-10 18:26 . 2008-11-10 18:26 <REP> d-------- c:\program files\Fichiers communs\Macrovision Shared 2008-11-10 18:26 . 2008-11-10 18:26 <REP> d-------- c:\documents and settings\All Users\Application Data\FLEXnet 2008-11-09 09:54 . 2008-04-13 09:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys 2008-11-09 09:51 . 2008-11-09 09:51 <REP> d-------- c:\program files\Samsung ML-1710 Series 2008-11-09 09:50 . 2008-11-09 09:50 <REP> d-------- c:\windows\Samsung 2008-11-09 09:50 . 2001-11-06 16:29 94,208 --a------ c:\windows\system32\getpntid.exe 2008-11-09 09:50 . 2003-01-14 12:38 14,002 --a------ c:\windows\system32\Ssgb1mon.dll 2008-11-09 09:50 . 2001-03-20 16:10 3,262 --a------ c:\windows\reinstall.ico 2008-11-09 09:50 . 2001-03-20 14:52 766 --a------ c:\windows\Uninstall.ico 2008-11-08 15:02 . 2008-12-06 15:13 <REP> d-------- c:\program files\eMule 2008-11-06 23:02 . 2008-11-06 23:02 <REP> d-------- c:\program files\FLAC 2008-11-06 18:32 . 2008-11-06 18:32 <REP> d-------- c:\program files\Fichiers communs\Vbox 2008-11-06 18:32 . 2008-11-10 18:24 <REP> d-------- c:\program files\Fichiers communs\Adobe 2008-11-06 18:30 . 1998-10-07 13:08 327,168 --a------ c:\windows\IsUn040c.exe 2008-11-06 12:22 . 2008-11-06 12:22 <REP> d-------- c:\program files\MSXML 4.0 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-06 14:17 16,608 ----a-w c:\windows\gdrv.sys 2008-12-06 13:23 --------- d-----w c:\documents and settings\Administrateur\Application Data\uTorrent 2008-12-05 13:33 --------- d-----w c:\program files\Java 2008-12-03 15:18 --------- d-----w c:\documents and settings\Administrateur\Application Data\dvdcss 2008-12-01 16:51 --------- d-----w c:\documents and settings\Administrateur\Application Data\UK's Kalender 2008-11-28 07:35 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-11-26 21:17 --------- d-----w c:\program files\Fichiers communs\InstallShield 2008-11-25 15:44 --------- d-----w c:\program files\EPSON 2008-11-24 07:34 --------- d-----w c:\program files\Mozilla Thunderbird 2008-11-24 07:09 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-21 07:37 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-11-21 07:23 --------- d-----w c:\documents and settings\Administrateur\Application Data\VSO 2008-11-20 14:24 --------- d-----w c:\program files\Pegasys Inc 2008-11-17 21:05 --------- d-----w c:\program files\a-squared Free 2008-11-05 13:31 --------- d-----w c:\program files\Microsoft Games 2008-11-05 13:06 --------- d-----w c:\program files\iWizz 2008-11-05 13:00 --------- d-----w c:\documents and settings\Administrateur\Application Data\EPSON 2008-11-05 12:56 --------- d-----w c:\program files\FileZilla FTP Client 2008-11-05 10:47 253,139 ----a-w c:\windows\PDFCreator_Toolbar_Uninstaller_5890.exe 2008-11-05 10:47 --------- d-----w c:\program files\PDFCreator Toolbar 2008-11-05 10:47 --------- d-----w c:\program files\PDFCreator 2008-11-05 10:41 --------- d-----w c:\program files\VSO 2008-11-05 08:02 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2 2008-11-04 19:37 --------- d-----w c:\program files\ESET 2008-11-04 16:47 --------- d-----w c:\program files\Zion+ Webzone Edition 2008-11-04 15:13 --------- d-----w c:\documents and settings\All Users\Application Data\Macrovision 2008-11-04 15:10 --------- d-----w c:\program files\Macromedia 2008-11-04 15:10 --------- d-----w c:\program files\Fichiers communs\Macromedia Shared 2008-11-04 15:10 --------- d-----w c:\program files\Fichiers communs\Macromedia 2008-11-03 17:34 --------- d-----w c:\program files\Amic Utilities 2008-11-03 17:31 --------- d-----w c:\program files\MSBuild 2008-11-03 17:31 --------- d-----w c:\program files\Microsoft.NET 2008-11-03 17:31 --------- d-----w c:\program files\Microsoft Works 2008-11-03 17:30 --------- d-----w c:\program files\Microsoft Visual Studio 8 2008-11-03 14:32 --------- d-----w c:\documents and settings\Administrateur\Application Data\ACD Systems 2008-11-03 13:56 9,856 ----a-w c:\windows\system32\drivers\pfc.sys 2008-11-03 13:56 --------- d-----w c:\program files\Fichiers communs\ACD Systems 2008-11-03 13:56 --------- d-----w c:\program files\ACD Systems 2008-11-03 13:56 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems 2008-11-01 15:36 --------- d-----w c:\program files\Alcohol Soft 2008-11-01 15:34 715,248 ----a-w c:\windows\system32\drivers\sptd.sys 2008-11-01 14:17 --------- d-----w c:\documents and settings\Administrateur\Application Data\Nero 2008-11-01 14:13 --------- d-----w c:\program files\Safarp 2008-11-01 14:03 --------- d-----w c:\documents and settings\Administrateur\Application Data\Orbit 2008-11-01 13:42 --------- d-----w c:\documents and settings\Administrateur\Application Data\GrabPro 2008-10-31 21:34 --------- d-----w c:\program files\OO Software 2008-10-31 20:42 --------- d-----w c:\program files\Zion Webzone Edition 2008-10-31 19:56 --------- d-----w c:\program files\Goto Software 2008-10-31 19:56 --------- d-----w c:\documents and settings\All Users\Application Data\VadeRetro 2008-10-31 19:56 --------- d-----w c:\documents and settings\Administrateur\Application Data\VadeRetro 2008-10-31 19:13 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-10-31 19:13 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-10-31 17:53 --------- d-----w c:\documents and settings\Administrateur\Application Data\Winamp 2008-10-31 17:26 --------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller 2008-10-31 17:26 --------- d-----w c:\program files\Windows Live 2008-10-31 17:26 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller 2008-10-31 17:24 --------- d-----w c:\program files\Easy CD-DA Extractor 11 2008-10-31 17:17 --------- d-----w c:\program files\VideoLAN 2008-10-31 17:17 --------- d-----w c:\documents and settings\Administrateur\Application Data\vlc 2008-10-31 17:08 512,096 ----a-w c:\windows\system32\drivers\amon.sys 2008-10-31 17:08 15,424 ----a-w c:\windows\system32\drivers\nod32drv.sys 2008-10-31 17:02 --------- d-----w c:\program files\uTorrent 2008-10-31 17:02 --------- d-----w c:\program files\SuperCopier2 2008-10-31 16:58 --------- d-----w c:\program files\Winamp 2008-10-31 16:53 --------- d-----w c:\program files\Ad-Aware 2008-10-31 16:52 --------- d-----w c:\documents and settings\Administrateur\Application Data\Lavasoft 2008-10-31 16:26 --------- d-----w c:\documents and settings\Administrateur\Application Data\Xentient 2008-10-31 16:22 --------- d-----w c:\documents and settings\All Users\Application Data\ATI 2008-10-31 16:22 --------- d-----w c:\documents and settings\Administrateur\Application Data\ATI 2008-10-31 16:20 --------- d-----w c:\program files\ATI Technologies 2008-10-31 16:18 --------- d-----w c:\program files\Fichiers communs\ATI Technologies 2008-10-31 16:05 --------- d-----w c:\program files\Intel 2008-10-31 16:04 --------- d-----w c:\program files\Realtek 2008-10-31 16:04 --------- d-----w c:\documents and settings\Administrateur\Application Data\InstallShield 2008-10-31 16:02 315,392 ----a-w c:\windows\HideWin.exe 2008-10-31 16:01 --------- d-----w c:\program files\GIGABYTE 2008-10-31 15:54 --------- d-----w c:\program files\Nero 2008-10-31 15:54 --------- d-----w c:\program files\Fichiers communs\Nero 2008-10-31 15:53 --------- d-----w c:\program files\TaskSwitchXP 2008-10-31 15:53 --------- d-----w c:\documents and settings\All Users\Application Data\Nero 2008-10-31 15:50 --------- d-----w c:\program files\Windows Media Connect 2 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys . ((((((((((((((((((((((((((((( snapshot@2008-12-05_14.19.43.67 ))))))))))))))))))))))))))))))))))))))))) . - 2008-11-02 17:03:06 410,976 ----a-w c:\windows\system32\deploytk.dll + 2008-11-10 04:43:30 410,984 ----a-w c:\windows\system32\deploytk.dll - 2008-11-02 17:03:06 144,792 ----a-w c:\windows\system32\java.exe + 2008-11-10 04:43:37 144,792 ----a-w c:\windows\system32\java.exe - 2008-11-02 17:03:06 144,792 ----a-w c:\windows\system32\javaw.exe + 2008-11-10 04:43:38 144,792 ----a-w c:\windows\system32\javaw.exe - 2008-11-02 17:03:06 148,888 ----a-w c:\windows\system32\javaws.exe + 2008-11-10 04:43:39 148,888 ----a-w c:\windows\system32\javaws.exe + 2008-12-06 14:19:24 16,384 ----atw c:\windows\temp\Perflib_Perfdata_4d4.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-05-02 15360] "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2005-07-05 221184] "Kalender"="c:\program files\Kalender\Kalender.exe" [2007-01-07 811008] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320] "eMuleAutoStart"="c:\program files\eMule\emule.exe" [2008-08-01 5480448] "OpAgent"="OpAgent.exe" [bU] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GEST"="c:\program files\GIGABYTE\GEST\RUN.exe" [2007-12-14 236040] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712] "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-10-31 949376] "VadeRetro Desktop"="c:\program files\Goto Software\Vade Retro\Vaderetro_Mgr.exe" [2008-06-25 1078272] "pdfw"="c:\program files\Amic Utilities\PDF Writer Pro\pdfwload.exe" [2004-03-24 32768] "Samsung LBP SM"="c:\windows\Samsung\LaserSMMgr\ssmmgr.exe" [2003-04-04 266240] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184] "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "ScanSoft OmniPage 16-reminder"="c:\program files\ScanSoft\OmniPage16\Ereg\Ereg.exe" [2007-07-20 328992] "SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "Cobian Backup 9"="c:\program files\Cobian Backup 9\Cobian.exe" [2008-09-21 579584] "MaxBlastMonitor.exe"="c:\program files\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2007-08-21 1192296] "AcronisTimounterMonitor"="c:\program files\Maxtor\MaxBlast\TimounterMonitor.exe" [2007-08-21 1966128] "Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Maxtor\Schedule2\schedhlp.exe" [2007-08-20 148760] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "RTHDCPL"="RTHDCPL.EXE" [2007-09-19 c:\windows\RTHDCPL.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-05-02 679936] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2008-08-26 c:\windows\system32\advpack.dll] c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ GigaTribe.lnk - c:\program files\GigaTribe\gigatribe.exe [2008-11-19 1070592] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-06 110592] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Zion Webzone Edition\\zion++.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\GigaTribe\\gigatribe.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\GIGABYTE\\GEST\\run.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 Si3124;Si3124;c:\windows\system32\drivers\Si3124.sys [2008-05-02 76208] R0 Si3132r5;Si3132r5;c:\windows\system32\drivers\Si3132r5.sys [2008-05-02 208688] R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [2008-05-02 210224] R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-10-31 15424] R3 GEST Service;GEST Service for program management.;"c:\program files\GIGABYTE\GEST\GSvr.exe" [2008-10-31 47624] . - - - - ORPHELINS SUPPRIMES - - - - BHO-{52935655-CE20-3E85-9B7C-96E21850C202} - c:\windows\system32\xwr10147.dll Toolbar-ITBar7Layout - (no file) Toolbar-ITBar7Position - (no file) . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 LSP: c:\windows\system32\imon.dll FireFox -: Profile - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ua1e040x.default\ FF -: plugin - c:\program files\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll FF -: plugin - c:\program files\Picasa2\npPicasa2.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-06 15:19:32 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\mc22.tmp" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1412) c:\windows\system32\SETUPAPI.dll c:\windows\system32\Ati2evxx.dll c:\windows\system32\COMRes.dll - - - - - - - > 'lsass.exe'(1468) c:\windows\system32\relog_ap.dll c:\windows\system32\setupapi.dll c:\windows\system32\scecli.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\a-squared Free\a2service.exe c:\program files\Fichiers communs\Maxtor\Schedule2\schedul2.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\ESET\nod32krn.exe c:\windows\system32\oodag.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\GIGABYTE\GEST\gest.exe c:\program files\Cobian Backup 9\cbInterface.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Heure de fin: 2008-12-06 15:20:59 - La machine a redémarré [Administrateur] ComboFix-quarantined-files.txt 2008-12-06 14:20:57 ComboFix2.txt 2008-12-05 13:25:45 Avant-CF: 54,098,608,128 octets libres Après-CF: 54,079,467,520 octets libres 344 --- E O F --- 2008-11-12 17:47:24

alors Fichier wr10147.dll reçu le 2008.12.05 21:48:22 (CET) Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE Résultat: 5/38 (13.16%) en train de charger les informations du serveur... Votre fichier est dans la file d'attente, en position: 2. L'heure estimée de démarrage est entre 46 et 66 secondes. Ne fermez pas la fenêtre avant la fin de l'analyse. L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats. Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier. Votre fichier est, en ce moment, en cours d'analyse par VirusTotal, les résultats seront affichés au fur et à mesure de leur génération. Formaté Formaté Impression des résultats Impression des résultats Votre fichier a expiré ou n'existe pas. Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie. Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée. Email: Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.12.6.0 2008.12.05 - AntiVir 7.9.0.42 2008.12.05 TR/BHO.Gen Authentium 5.1.0.4 2008.12.05 - Avast 4.8.1281.0 2008.12.04 - AVG 8.0.0.199 2008.12.05 - BitDefender 7.2 2008.12.05 - CAT-QuickHeal 10.00 2008.12.05 - ClamAV 0.94.1 2008.12.05 - Comodo 682 2008.12.04 - DrWeb 4.44.0.09170 2008.12.05 - eSafe 7.0.17.0 2008.12.04 - eTrust-Vet 31.6.6243 2008.12.04 - Ewido 4.0 2008.12.05 - F-Prot 4.4.4.56 2008.12.04 - F-Secure 8.0.14332.0 2008.12.05 - Fortinet 3.117.0.0 2008.12.05 - GData 19 2008.12.05 - Ikarus T3.1.1.45.0 2008.12.05 Trojan.Win32.Chepdu K7AntiVirus 7.10.545 2008.12.05 - Kaspersky 7.0.0.125 2008.12.05 - McAfee 5455 2008.12.05 - McAfee+Artemis 5455 2008.12.05 - Microsoft 1.4205 2008.12.05 Trojan:Win32/Chepdu.B NOD32 3667 2008.12.05 - Norman 5.80.02 2008.12.05 - Panda 9.0.0.4 2008.12.05 - PCTools 4.4.2.0 2008.12.05 - Prevx1 V2 2008.12.05 Malicious Software Rising 21.06.43.00 2008.12.05 - SecureWeb-Gateway 6.7.6 2008.12.05 Trojan.BHO.Gen Sophos 4.36.0 2008.12.05 - Sunbelt 3.1.1832.2 2008.12.01 - Symantec 10 2008.12.05 - TheHacker 6.3.1.2.176 2008.12.05 - TrendMicro 8.700.0.1004 2008.12.05 - VBA32 3.12.8.10 2008.12.05 - ViRobot 2008.12.5.1502 2008.12.05 - VirusBuster 4.5.11.0 2008.12.05 - Fichier xa46003437.exe reçu le 2008.12.05 22:11:10 (CET) Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE Résultat: 3/38 (7.9%) en train de charger les informations du serveur... Votre fichier est dans la file d'attente, en position: 1. L'heure estimée de démarrage est entre 38 et 55 secondes. Ne fermez pas la fenêtre avant la fin de l'analyse. L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats. Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier. Votre fichier est, en ce moment, en cours d'analyse par VirusTotal, les résultats seront affichés au fur et à mesure de leur génération. Formaté Formaté Impression des résultats Impression des résultats Votre fichier a expiré ou n'existe pas. Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie. Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée. Email: Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.12.6.0 2008.12.05 - AntiVir 7.9.0.42 2008.12.05 - Authentium 5.1.0.4 2008.12.05 - Avast 4.8.1281.0 2008.12.04 - AVG 8.0.0.199 2008.12.05 - BitDefender 7.2 2008.12.05 - CAT-QuickHeal 10.00 2008.12.05 - ClamAV 0.94.1 2008.12.05 - Comodo 682 2008.12.04 - DrWeb 4.44.0.09170 2008.12.05 - eSafe 7.0.17.0 2008.12.04 - eTrust-Vet 31.6.6245 2008.12.05 - Ewido 4.0 2008.12.05 - F-Prot 4.4.4.56 2008.12.04 - F-Secure 8.0.14332.0 2008.12.05 - Fortinet 3.117.0.0 2008.12.05 - GData 19 2008.12.05 - Ikarus T3.1.1.45.0 2008.12.05 - K7AntiVirus 7.10.545 2008.12.05 - Kaspersky 7.0.0.125 2008.12.05 - McAfee 5455 2008.12.05 - McAfee+Artemis 5455 2008.12.05 - Microsoft 1.4205 2008.12.05 - NOD32 3667 2008.12.05 - Norman 5.80.02 2008.12.05 - Panda 9.0.0.4 2008.12.05 - PCTools 4.4.2.0 2008.12.05 - Prevx1 V2 2008.12.05 - Rising 21.06.43.00 2008.12.05 - SecureWeb-Gateway 6.7.6 2008.12.05 - Sophos 4.36.0 2008.12.05 Sus/Behav-1018 Sunbelt 3.1.1832.2 2008.12.01 - Symantec 10 2008.12.05 - TheHacker 6.3.1.2.176 2008.12.05 - TrendMicro 8.700.0.1004 2008.12.05 Possible_Movly-1 VBA32 3.12.8.10 2008.12.05 suspected of Win32.BrokenEmbeddedSignature (paranoid heuristics) ViRobot 2008.12.5.1502 2008.12.05 - VirusBuster 4.5.11.0 2008.12.05 - les autres rien à signaler il y a dautres bestioles c étrange

oui pour les périphériques d'ailleurs jai trouvé bizarre que la lettre de mon disque dur usb apparaissaient pas ?? je fais et je poste

ComboFix 08-12-04.05 - Administrateur 2008-12-05 14:21:48.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2630 [GMT 1:00] Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe * Resident AV is active . ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-05 au 2008-12-05 )))))))))))))))))))))))))))))))))))) . 2008-12-05 14:18 . 2008-12-05 14:18 <REP> d-------- c:\windows\system32\xircom 2008-12-05 14:18 . 2008-12-05 14:18 <REP> d-------- c:\windows\system32\oobe 2008-12-05 14:18 . 2008-12-05 14:18 <REP> d-------- c:\windows\system32\npp 2008-12-05 14:18 . 2008-12-05 14:18 <REP> d-------- c:\windows\msagent 2008-12-05 14:18 . 2008-12-05 14:18 <REP> d-------- c:\program files\microsoft frontpage 2008-12-05 09:24 . 2008-12-05 09:24 <REP> d-------- c:\documents and settings\All Users\Application Data\Maxtor 2008-12-03 17:04 . 2008-12-03 17:04 <REP> d-------- c:\program files\Maxtor 2008-12-03 17:04 . 2008-12-03 17:04 <REP> d-------- c:\program files\Fichiers communs\Maxtor 2008-12-03 17:04 . 2008-12-03 17:04 400,864 --a------ c:\windows\system32\drivers\timntr.sys 2008-12-03 17:04 . 2008-12-03 17:04 120,992 --a------ c:\windows\system32\drivers\snapman.sys 2008-12-03 17:04 . 2008-12-03 17:04 32,768 --a------ c:\windows\system32\drivers\tifsfilt.sys 2008-12-03 14:55 . 2008-12-03 14:56 <REP> d-------- c:\program files\Picasa2 2008-11-30 11:37 . 2008-11-30 11:37 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys 2008-11-30 11:36 . 2008-11-30 11:42 <REP> d-------- c:\documents and settings\Administrateur\.housecall6.6 2008-11-29 17:20 . 2008-11-29 17:20 <REP> d-------- c:\program files\Cobian Backup 9 2008-11-28 08:35 . 2008-11-28 08:35 <REP> d-------- c:\windows\Easy CD-DA Extractor 12 2008-11-28 08:35 . 2008-11-28 08:35 7,403,176 --a------ c:\windows\system32\xa46003437.exe 2008-11-28 08:35 . 2008-11-28 08:35 7,403,176 --a------ c:\windows\system32\xa46002875.exe 2008-11-28 08:35 . 2008-11-28 08:35 176,128 --a------ c:\windows\system32\xwr10147.dll 2008-11-28 08:35 . 2008-11-28 08:35 176,128 --a------ c:\windows\system32\wr10147.dll 2008-11-27 09:58 . 2008-11-27 09:58 <REP> d-------- c:\program files\orange 2008-11-27 09:58 . 2008-11-27 09:58 <REP> d-------- c:\program files\Oberon Media 2008-11-27 09:58 . 2008-11-27 09:58 <REP> d-------- c:\program files\Fichiers communs\Oberon Media 2008-11-26 22:20 . 2008-11-26 22:20 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Zeon 2008-11-26 22:20 . 2008-11-26 22:23 <REP> d-------- c:\documents and settings\Administrateur\Application Data\ScanSoft 2008-11-26 22:19 . 2008-11-26 22:19 <REP> d--h----- c:\windows\system32\GroupPolicy 2008-11-26 22:19 . 2008-11-26 22:19 <REP> d-------- c:\program files\Fichiers communs\ScanSoft Shared 2008-11-26 22:19 . 2008-11-26 22:19 <REP> d-------- c:\documents and settings\All Users\Application Data\Zeon 2008-11-26 22:18 . 2008-11-26 22:18 <REP> d-------- c:\documents and settings\All Users\Application Data\ScanSoft 2008-11-26 22:18 . 2008-11-26 22:18 <REP> d-------- c:\documents and settings\All Users\Application Data\InstallShield 2008-11-26 22:18 . 2008-11-26 22:18 395 --a------ c:\windows\MAXLINK.INI 2008-11-26 22:17 . 2008-11-26 22:19 <REP> d-------- c:\program files\ScanSoft 2008-11-25 16:44 . 2004-11-03 00:00 278,528 --a------ c:\windows\system32\esint30.dll 2008-11-25 16:44 . 2004-11-03 00:00 176,128 --a------ c:\windows\system32\eswia30.dll 2008-11-25 16:44 . 2004-11-03 00:00 64,000 --a------ c:\windows\system32\esfw30.bin 2008-11-24 21:54 . 2008-11-24 21:54 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Smart Panel 2008-11-24 21:19 . 2008-12-05 14:07 <REP> d-------- c:\documents and settings\Administrateur\Application Data\skypePM 2008-11-24 21:19 . 2008-11-24 21:19 56 --ah----- c:\windows\system32\ezsidmv.dat 2008-11-24 21:17 . 2008-12-05 14:20 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Skype 2008-11-24 21:16 . 2008-11-24 21:16 <REP> d-------- c:\program files\Skype 2008-11-24 21:16 . 2008-11-24 21:16 <REP> d-------- c:\program files\Fichiers communs\Skype 2008-11-24 21:16 . 2008-11-24 21:16 <REP> d-------- c:\documents and settings\All Users\Application Data\Skype 2008-11-24 08:09 . 2008-11-24 08:09 <REP> d-------- c:\program files\Fichiers communs\Python 2008-11-24 08:09 . 2001-10-19 12:18 708,696 --a------ c:\windows\system32\python21.dll 2008-11-24 08:09 . 2001-10-19 12:18 290,919 --a------ c:\windows\system32\pythoncom21.dll 2008-11-24 08:09 . 2001-10-19 12:19 57,344 --a------ c:\windows\system32\PyWinTypes21.dll 2008-11-24 08:08 . 1999-06-15 11:31 96,768 --a------ c:\windows\SlantAdj.dll 2008-11-24 08:08 . 1999-12-07 02:03 73,216 --a------ c:\windows\ADE.DLL 2008-11-24 08:08 . 1999-04-27 00:17 3,136 --a------ c:\windows\Ade001.bin 2008-11-24 08:07 . 2008-11-24 08:09 <REP> d-------- c:\program files\Smart Panel 2008-11-23 16:26 . 2008-11-23 16:26 <REP> d-------- c:\program files\Kalender 2008-11-20 23:13 . 2008-11-20 23:13 <REP> d-------- c:\program files\NCH Swift Sound 2008-11-20 23:13 . 2008-11-20 23:13 <REP> d-------- c:\documents and settings\Administrateur\Application Data\NCH Swift Sound 2008-11-20 21:42 . 2008-11-20 21:42 29 --a------ c:\windows\DEBUGSM.INI 2008-11-20 19:11 . 2008-11-20 23:30 <REP> d-------- c:\program files\Google 2008-11-19 17:09 . 2008-11-19 17:09 <REP> d-------- c:\program files\GigaTribe 2008-11-19 17:09 . 2008-11-21 08:22 <REP> d-------- c:\documents and settings\Administrateur\Application Data\GigaTribe 2008-11-17 17:42 . 2008-11-17 17:42 <REP> d-------- c:\documents and settings\Administrateur\Application Data\IndexEducation 2008-11-17 17:38 . 2008-11-17 17:38 <REP> d-------- C:\PRONOTE 2008 2008-11-12 18:02 . 2008-11-12 18:02 <REP> d-------- c:\program files\DVD Shrink 2008-11-12 18:02 . 2008-12-03 21:50 <REP> d-------- c:\documents and settings\All Users\Application Data\DVD Shrink 2008-11-12 17:45 . 2008-09-10 02:15 1,307,648 --------- c:\windows\system32\dllcache\msxml6.dll 2008-11-12 17:13 . 2008-11-12 17:14 <REP> d-------- c:\program files\Fast AVI MPEG Joiner 2008-11-12 16:03 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-12 15:30 . 2008-11-12 15:31 <REP> d-------- C:\BASEPROF 2008-11-12 15:30 . 2008-11-25 20:30 251 --a------ c:\windows\MODPROF.ini 2008-11-12 15:30 . 2008-11-25 16:52 251 --a------ c:\windows\IMPEXP.ini 2008-11-12 15:29 . 2008-11-25 20:32 <REP> d-------- C:\MODPROF 2008-11-12 15:19 . 2008-09-04 18:16 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll 2008-11-11 22:20 . 2008-11-11 22:20 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Auslogics 2008-11-11 22:17 . 2008-11-11 22:17 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Thunderbird 2008-11-10 18:26 . 2008-11-10 18:26 <REP> d-------- c:\program files\Fichiers communs\Macrovision Shared 2008-11-10 18:26 . 2008-11-10 18:26 <REP> d-------- c:\documents and settings\All Users\Application Data\FLEXnet 2008-11-09 09:54 . 2008-04-13 09:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys 2008-11-09 09:51 . 2008-11-09 09:51 <REP> d-------- c:\program files\Samsung ML-1710 Series 2008-11-09 09:50 . 2008-11-09 09:50 <REP> d-------- c:\windows\Samsung 2008-11-09 09:50 . 2001-11-06 16:29 94,208 --a------ c:\windows\system32\getpntid.exe 2008-11-09 09:50 . 2003-01-14 12:38 14,002 --a------ c:\windows\system32\Ssgb1mon.dll 2008-11-09 09:50 . 2001-03-20 16:10 3,262 --a------ c:\windows\reinstall.ico 2008-11-09 09:50 . 2001-03-20 14:52 766 --a------ c:\windows\Uninstall.ico 2008-11-08 15:02 . 2008-12-05 14:19 <REP> d-------- c:\program files\eMule 2008-11-06 23:02 . 2008-11-06 23:02 <REP> d-------- c:\program files\FLAC 2008-11-06 18:32 . 2008-11-06 18:32 <REP> d-------- c:\program files\Fichiers communs\Vbox 2008-11-06 18:32 . 2008-11-10 18:24 <REP> d-------- c:\program files\Fichiers communs\Adobe 2008-11-06 18:30 . 1998-10-07 13:08 327,168 --a------ c:\windows\IsUn040c.exe 2008-11-06 12:22 . 2008-11-06 12:22 <REP> d-------- c:\program files\MSXML 4.0 2008-11-05 14:31 . 2008-11-05 14:31 <REP> d-------- c:\program files\Microsoft Games 2008-11-05 14:06 . 2008-11-05 14:06 <REP> d-------- c:\program files\iWizz 2008-11-05 14:06 . 2008-11-25 16:35 <REP> d-------- c:\documents and settings\Administrateur\iWizz 2008-11-05 14:05 . 2008-11-05 14:12 <REP> d-------- c:\documents and settings\Administrateur\.bitrock 2008-11-05 14:00 . 2008-11-05 14:00 <REP> d-------- c:\documents and settings\Administrateur\Application Data\EPSON 2008-11-05 13:56 . 2008-11-05 13:56 <REP> d-------- c:\program files\FileZilla FTP Client 2008-11-05 13:54 . 2008-04-13 09:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2008-11-05 11:47 . 2008-11-05 11:47 <REP> d-------- c:\program files\PDFCreator Toolbar 2008-11-05 11:47 . 2008-11-05 11:47 253,139 --a------ c:\windows\PDFCreator_Toolbar_Uninstaller_5890.exe 2008-11-05 11:46 . 2008-11-05 11:47 <REP> d-------- c:\program files\PDFCreator 2008-11-05 11:46 . 2004-03-09 01:00 662,288 --a------ c:\windows\system32\MSCOMCT2.OCX 2008-11-05 11:46 . 1998-07-13 02:08 141,312 --a------ c:\windows\system32\MSCMCFR.DLL 2008-11-05 11:46 . 1998-06-24 01:00 137,000 --a------ c:\windows\system32\MSMAPI32.OCX 2008-11-05 11:46 . 1998-07-13 02:08 119,568 --a------ c:\windows\system32\VB6FR.DLL 2008-11-05 11:46 . 2001-10-28 17:42 116,224 --a------ c:\windows\system32\pdfcmnnt.dll 2008-11-05 11:46 . 1998-07-13 02:08 59,904 --a------ c:\windows\system32\MSCC2FR.DLL 2008-11-05 11:46 . 1998-07-06 01:00 23,552 --a------ c:\windows\system32\MSMPIDE.DLL 2008-11-05 11:41 . 2008-11-05 11:41 <REP> d-------- c:\program files\VSO 2008-11-05 11:41 . 2008-11-21 08:23 <REP> d-------- c:\documents and settings\Administrateur\Application Data\VSO 2008-11-05 09:02 . 2008-11-05 09:02 <REP> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-05 13:22 16,608 ----a-w c:\windows\gdrv.sys 2008-12-05 08:33 --------- d-----w c:\documents and settings\Administrateur\Application Data\uTorrent 2008-12-03 15:18 --------- d-----w c:\documents and settings\Administrateur\Application Data\dvdcss 2008-12-01 16:51 --------- d-----w c:\documents and settings\Administrateur\Application Data\UK's Kalender 2008-11-28 07:35 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-11-26 21:17 --------- d-----w c:\program files\Fichiers communs\InstallShield 2008-11-25 15:44 --------- d-----w c:\program files\EPSON 2008-11-24 07:34 --------- d-----w c:\program files\Mozilla Thunderbird 2008-11-24 07:09 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-21 07:37 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-11-20 14:24 --------- d-----w c:\program files\Pegasys Inc 2008-11-17 21:05 --------- d-----w c:\program files\a-squared Free 2008-11-04 19:37 --------- d-----w c:\program files\ESET 2008-11-04 16:47 --------- d-----w c:\program files\Zion+ Webzone Edition 2008-11-04 15:13 --------- d-----w c:\documents and settings\All Users\Application Data\Macrovision 2008-11-04 15:10 --------- d-----w c:\program files\Macromedia 2008-11-04 15:10 --------- d-----w c:\program files\Fichiers communs\Macromedia Shared 2008-11-04 15:10 --------- d-----w c:\program files\Fichiers communs\Macromedia 2008-11-03 17:34 --------- d-----w c:\program files\Amic Utilities 2008-11-03 17:31 --------- d-----w c:\program files\MSBuild 2008-11-03 17:31 --------- d-----w c:\program files\Microsoft.NET 2008-11-03 17:31 --------- d-----w c:\program files\Microsoft Works 2008-11-03 17:30 --------- d-----w c:\program files\Microsoft Visual Studio 8 2008-11-03 14:32 --------- d-----w c:\documents and settings\Administrateur\Application Data\ACD Systems 2008-11-03 13:56 9,856 ----a-w c:\windows\system32\drivers\pfc.sys 2008-11-03 13:56 --------- d-----w c:\program files\Fichiers communs\ACD Systems 2008-11-03 13:56 --------- d-----w c:\program files\ACD Systems 2008-11-03 13:56 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems 2008-11-02 17:03 410,976 ----a-w c:\windows\system32\deploytk.dll 2008-11-02 17:03 --------- d-----w c:\program files\Java 2008-11-01 15:36 --------- d-----w c:\program files\Alcohol Soft 2008-11-01 15:34 715,248 ----a-w c:\windows\system32\drivers\sptd.sys 2008-11-01 14:17 --------- d-----w c:\documents and settings\Administrateur\Application Data\Nero 2008-11-01 14:13 --------- d-----w c:\program files\Safarp 2008-11-01 14:03 --------- d-----w c:\documents and settings\Administrateur\Application Data\Orbit 2008-11-01 13:42 --------- d-----w c:\documents and settings\Administrateur\Application Data\GrabPro 2008-10-31 21:58 86,016 ------w c:\windows\system32\pxwma.dll 2008-10-31 21:58 105,472 ------w c:\windows\system32\pxcpyi64.exe 2008-10-31 21:58 103,936 ------w c:\windows\system32\pxinsi64.exe 2008-10-31 21:34 --------- d-----w c:\program files\OO Software 2008-10-31 20:42 --------- d-----w c:\program files\Zion Webzone Edition 2008-10-31 19:56 --------- d-----w c:\program files\Goto Software 2008-10-31 19:56 --------- d-----w c:\documents and settings\All Users\Application Data\VadeRetro 2008-10-31 19:56 --------- d-----w c:\documents and settings\Administrateur\Application Data\VadeRetro 2008-10-31 19:13 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-10-31 19:13 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-10-31 17:53 --------- d-----w c:\documents and settings\Administrateur\Application Data\Winamp 2008-10-31 17:26 --------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller 2008-10-31 17:26 --------- d-----w c:\program files\Windows Live 2008-10-31 17:26 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller 2008-10-31 17:24 --------- d-----w c:\program files\Easy CD-DA Extractor 11 2008-10-31 17:17 --------- d-----w c:\program files\VideoLAN 2008-10-31 17:17 --------- d-----w c:\documents and settings\Administrateur\Application Data\vlc 2008-10-31 17:08 512,096 ----a-w c:\windows\system32\drivers\amon.sys 2008-10-31 17:08 298,104 ----a-w c:\windows\system32\imon.dll 2008-10-31 17:08 15,424 ----a-w c:\windows\system32\drivers\nod32drv.sys 2008-10-31 17:02 --------- d-----w c:\program files\uTorrent 2008-10-31 17:02 --------- d-----w c:\program files\SuperCopier2 2008-10-31 16:58 --------- d-----w c:\program files\Winamp 2008-10-31 16:53 --------- d-----w c:\program files\Ad-Aware 2008-10-31 16:52 --------- d-----w c:\documents and settings\Administrateur\Application Data\Lavasoft 2008-10-31 16:26 --------- d-----w c:\documents and settings\Administrateur\Application Data\Xentient 2008-10-31 16:22 --------- d-----w c:\documents and settings\All Users\Application Data\ATI 2008-10-31 16:22 --------- d-----w c:\documents and settings\Administrateur\Application Data\ATI 2008-10-31 16:20 --------- d-----w c:\program files\ATI Technologies 2008-10-31 16:18 --------- d-----w c:\program files\Fichiers communs\ATI Technologies 2008-10-31 16:05 --------- d-----w c:\program files\Intel 2008-10-31 16:04 --------- d-----w c:\program files\Realtek 2008-10-31 16:04 --------- d-----w c:\documents and settings\Administrateur\Application Data\InstallShield 2008-10-31 16:02 315,392 ----a-w c:\windows\HideWin.exe 2008-10-31 16:01 --------- d-----w c:\program files\GIGABYTE 2008-10-31 15:54 --------- d-----w c:\program files\Nero 2008-10-31 15:54 --------- d-----w c:\program files\Fichiers communs\Nero 2008-10-31 15:53 --------- d-----w c:\program files\TaskSwitchXP 2008-10-31 15:53 --------- d-----w c:\documents and settings\All Users\Application Data\Nero 2008-10-31 15:50 --------- d-----w c:\program files\Windows Media Connect 2 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-09-30 18:14 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys 2008-09-10 01:15 1,307,648 ----a-w c:\windows\system32\msxml6.dll . ((((((((((((((((((((((((((((( snapshot@2008-12-05_14.19.43.67 ))))))))))))))))))))))))))))))))))))))))) . + 2008-12-05 13:24:02 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_110.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52935655-CE20-3E85-9B7C-96E21850C202}] 2008-11-28 08:35 176128 --a------ c:\windows\system32\xwr10147.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-05-02 15360] "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2005-07-05 221184] "Kalender"="c:\program files\Kalender\Kalender.exe" [2007-01-07 811008] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320] "eMuleAutoStart"="c:\program files\eMule\emule.exe" [2008-08-01 5480448] "OpAgent"="OpAgent.exe" [bU] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GEST"="c:\program files\GIGABYTE\GEST\RUN.exe" [2007-12-14 236040] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712] "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-10-31 949376] "VadeRetro Desktop"="c:\program files\Goto Software\Vade Retro\Vaderetro_Mgr.exe" [2008-06-25 1078272] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-02 136600] "pdfw"="c:\program files\Amic Utilities\PDF Writer Pro\pdfwload.exe" [2004-03-24 32768] "Samsung LBP SM"="c:\windows\Samsung\LaserSMMgr\ssmmgr.exe" [2003-04-04 266240] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184] "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "ScanSoft OmniPage 16-reminder"="c:\program files\ScanSoft\OmniPage16\Ereg\Ereg.exe" [2007-07-20 328992] "SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "Cobian Backup 9"="c:\program files\Cobian Backup 9\Cobian.exe" [2008-09-21 579584] "MaxBlastMonitor.exe"="c:\program files\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2007-08-21 1192296] "AcronisTimounterMonitor"="c:\program files\Maxtor\MaxBlast\TimounterMonitor.exe" [2007-08-21 1966128] "Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Maxtor\Schedule2\schedhlp.exe" [2007-08-20 148760] "RTHDCPL"="RTHDCPL.EXE" [2007-09-19 c:\windows\RTHDCPL.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-05-02 679936] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2008-08-26 c:\windows\system32\advpack.dll] c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ GigaTribe.lnk - c:\program files\GigaTribe\gigatribe.exe [2008-11-19 1070592] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-06 110592] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Zion Webzone Edition\\zion++.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\GigaTribe\\gigatribe.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\GIGABYTE\\GEST\\run.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 Si3124;Si3124;c:\windows\system32\drivers\Si3124.sys [2008-05-02 76208] R0 Si3132r5;Si3132r5;c:\windows\system32\drivers\Si3132r5.sys [2008-05-02 208688] R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [2008-05-02 210224] R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-10-31 15424] R3 GEST Service;GEST Service for program management.;"c:\program files\GIGABYTE\GEST\GSvr.exe" [2008-10-31 47624] . - - - - ORPHELINS SUPPRIMES - - - - Toolbar-ITBar7Layout - (no file) Toolbar-ITBar7Position - (no file) . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 LSP: c:\windows\system32\imon.dll FireFox -: Profile - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ua1e040x.default\ FF -: plugin - c:\program files\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll FF -: plugin - c:\program files\Picasa2\npPicasa2.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-05 14:24:26 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\mc22.tmp" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1388) c:\windows\system32\SETUPAPI.dll c:\windows\system32\Ati2evxx.dll c:\windows\system32\COMRes.dll - - - - - - - > 'lsass.exe'(1444) c:\windows\system32\relog_ap.dll c:\windows\system32\setupapi.dll c:\windows\system32\scecli.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\a-squared Free\a2service.exe c:\program files\Fichiers communs\Maxtor\Schedule2\schedul2.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\ESET\nod32krn.exe c:\windows\system32\oodag.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\GIGABYTE\GEST\gest.exe c:\program files\Cobian Backup 9\cbInterface.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Heure de fin: 2008-12-05 14:25:45 - La machine a redémarré ComboFix-quarantined-files.txt 2008-12-05 13:25:42 Avant-CF: 60 151 259 136 octets libres Après-CF: 60,139,102,208 octets libres 352 --- E O F --- 2008-11-12 17:47:24

Merci mais celui-ci est sur un disque dur externe en USB donc quelle procédure me reste à faire. merci déja d em'aider

Bonjour j'ai chopé je ne sais comment ce trojan qui s'est mis sur la MBR de mon disque dur USB ainsi que sur un autre disque (à vérifier) J'ai plusieurs questions : - si je sauvegarde mes données sur un autre hdd est ce que le trojan va être transférer sachant qu'il n'est que sur la MBR. - comment virer cette gentille bestiole de ma machine C'est NOD 32 qui a détecté la bestiole. merci à tous, d'avance