Mon rapport hijackthis

gawel · le 13 mai 2008

Bonsoir a tous,

Je pense etre infecter par un virus car quand j'ouvre certains programme le msg suivant apparait "... pas une application win32 valide", j'avais l'antivirus Avast que je n'arrive plus a ouvrir meme apres l'avoir re installer. Donc j'ai essayer Antivir mais impossible de l'installer.

Donc voici mon rapport en espérant qu'on m'aide, petite précision je suis nul en infos !!

Merci d'avance.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:02:44, on 14/05/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Windows\system32\DllHost.exe

C:\Windows\vVX6000.exe

C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\System32\mobsync.exe

C:\Users\GaWeL\AppData\Roaming\m\flec006.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\hp\kbd\kbd.exe

C:\Users\GaWeL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9QMB2OL2\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fiberfib.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\Windows\system32\spool\DRIVERS\W32X86\hpoopm07.exe

O4 - HKLM\..\Run: [sMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--

End of file - 10780 bytes

Falkra · le 14 mai 2008

Bonjour,

je confirme l'infection, tu as un virus nommé Bagle, qui shoote les antivirus et firewalls.

Ne démarre pas en mode sans échec, sinon plantage en boucle assuré, et plus de redémarrage.

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

Double-clique combofix.exe afin de l'exécuter et suis les instructions.
Lorsque l'analyse sera terminée, un rapport apparaîtra.
Copie-colle ce rapport dans ta prochaine réponse.
Le rapport se trouve dans : C:\Combofix.txt (si jamais).
Pour plus d'information et un tuto illustré, voici le seul tuto officiel et autorisé : http://www.bleepingcomputer.com/combofix/f...iliser-combofix

gawel · le 14 mai 2008

Quand je clique pour telecharger le logiciel et que je veux enregistrer sur le bureaux ce message apparait:

"Vous n'avez pas l'autorisation de modifier les fichiers contenus dans cet amplacement reseau.

Contactez l'administrateur pour l'autorisation d'effectuer ces modifications."

Donc, étant tres nul, que faire...?

Falkra · le 14 mai 2008

Bonsoir, renomme le fichier en combo-fix.exe au lieu de combofix.exe au moment où on peut choisir le nom, quand on dit où le télécharger. Choisis le bureau.

Là ça passera.

gawel · le 14 mai 2008

Bonsoir et merci pour la réponse, donc voici le rapport.

En vous remerciant d'avance.

ComboFix 08-05-12.1 - GaWeL 2008-05-15 0:25:04.1 - NTFSx86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1234 [GMT 2:00]

Endroit: C:\Users\GaWeL\Desktop\combo-fix.exe

* Création d'un nouveau point de restauration

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Users\GaWeL\AppData\Roaming\inst.exe

C:\Users\GaWeL\AppData\Roaming\m

C:\Users\GaWeL\AppData\Roaming\m\data.oct

C:\Users\GaWeL\AppData\Roaming\m\list.oct

C:\Users\GaWeL\AppData\Roaming\m\shared

C:\Users\GaWeL\AppData\Roaming\m\shared\ABBYY_FineReader_OCR_Professional_8.0.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Access_Password_Recovery_Helper_1.62.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Advanced_PDF_Password_Recovery_Pro_2.21.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\AGDL_5_Bhoomika_Chawla_Wallpapers_1.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Ankrie_ImageCutter_1.0_Serial.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\AntiHook_3.0.0.23.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\AppAway_1.0.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Asp.Net_Shopping_Cart_Lite_Edition_2.0.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Auto_Shutdown_1.2.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Autumn_XP_Falls_Screensaver_1.0.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Avast!.Antivirus.4.1.357.Spanish.Professional.Edition.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Avast.Antivirus.HomeEdition.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\AVI_Frame_Rate_Changer_1.10.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Big_Mountain_4.39_(Patch).zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Bitdefender.v9.Pro.Plus.FR.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Blue_Byte_File_Editor_1.0.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Budget_Sheet_Manager_4.0.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\BudgetKel_1.0.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Calodiet_2007_07.03.30.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\CD_FrontEnd_Lite_3.0_[KeyGen].zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Colorado_Web_Cams_1.1.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Command_&_Conquer_Renegade_-_map_pack_4.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Completely_Gone_1.12_Key.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Crypt_Keeper_WP_0.001.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\daER_3.5.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Data_Doctor_Recovery_Removable_Media_2.0.1.5.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Deal_or_No_Deal_-_Beat_The_Broker_1.11_-_USA.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Doom_3_Church_of_Ruins_map.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\DotNetPanel_2.1.0.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\drweb_432b_key.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\DUNDUP_1.20_beta_1.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\DVDPizza_1.0.15_Patch.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\DynamicMagic_4.0_[Patch].zip

C:\Users\GaWeL\AppData\Roaming\m\shared\E-Diary_Gold_2004.07.03.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Easysoft_ODBC-Firebird_Driver_1.0.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Enterprise_Manager_PassView_1.00.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\eRanch_1.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Experience_WWII_mod_(Battlefield_1942)_2.4_beta.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\FantasyCodec_2.9_Build_1018.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\File-Ease_1.05.00_[Cracked].zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Flip_Screensaver_1.1.6.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\FlowChartX_control_4.1.1.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\GUIz_1.12.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Harmony-Complete_Home_Automation_5_Lite_5.0_build_156.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Heatsoft_Automatic_Synchronizer_1.08.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Hours_and_Minutes_1.6_build_2314.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\HTTP-Tunnel_Client_4.0.3065.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Hunter_Dictionary_1.0.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\i.Vista_Panorama_1.0.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\iBreeder_2.0.9.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\ICQ_Password_Spy_1.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\IE_Contacts_Spy_1.50_(Key).zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Invoice_Sheet_Manager_5.0.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\IPD_LAN_Manager_and_Tools_3.3_Key.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\IQ_Backup_1.4.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\JeRM_Image_To_ASCII_Art_1.0.0.2.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Kaspersky.Anti.Virus.Personal.5.0.522.WinAll-TWK.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Kaspersky.Avp.Blacklist.Removal.Tool.v1.8.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Kernel_Palm_PDB_4.03.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\KozMos_AutoTableX_3.5.61231_[With_Crack].zip

C:\Users\GaWeL\AppData\Roaming\m\shared\KyoSoft_Earth_Screensaver_1.1.26.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Lyrics_Search_1.6.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\ManageEngine_WiFi_Manager_5.6.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Matrox_G200_OpenGL_ICD_Drivers_beta_1.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Mekashron_Publisher_-_Standard_Edition_2.32_(Cracked).zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Microsoft_CD-ROM_Changer_Drivers_4.00.950.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\MindSoft_Pocket_CleanUp_2.0.2003.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Miro_0.9.8.1_Public_Preview_1.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\MultiPing_1.01.2.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\My_Reminder_1.0.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\MyVideoSoft_6.08.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\NaPalm_Runner_1.04.01.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Net232_1.04_[Cracked].zip

C:\Users\GaWeL\AppData\Roaming\m\shared\NewsInjector_1.2.1.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\NOD32.2.51.26.ITA.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\NOD32.win9598ME.crack.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Numerology_Master_Program_5.0.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Object_Dropper_3D_2.0_Key.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\OCTeam_RSS_feed_2.0.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\OEWakeUp_1.0.1.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Oscillator_Timing_Calculator_1.0_(KeyGen).zip

C:\Users\GaWeL\AppData\Roaming\m\shared\PAL_Keylogger_1.01.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Part_It_3.02.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Passion_Clock_ScreenSaver_2.3.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Password_Retriever_5.3.4.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\PC_Guard_for_Win32_5.01.0590.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Pixbyte_Burning_SDK_1.5.1.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Pixel_1.0_Beta6_bld_560.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Pixel_Grease_-_Easy_Image_Editor_2.0.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Purge_(Confidential_Files_Eraser)_1.06.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Quicken_Password_Recovery_Key_8.0_build_2514.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\ReTreeval_1.00a_With_Crack.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Save_Message_Action_for_InboxRULES_2.10_Cracked.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Scrabble_Rack_Attack.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\SCWebCam_3.5.14.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Sinope_Summarizer_PE_Trial_1.2.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Snap_Font_1.0.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\SonicClick_1.0.1.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\SQL_Server_Critical_Update_Tools_8.00.0194.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\StepUp_3.0.5.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\SubTool_2.6.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Supreme_Auction_2.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\SyncTime_Deluxe_1.1.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\System_Tray_Icons_ActiveX_Control_1.06.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\TableTools_0.20.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\The_Bible_Collection.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Tiny_Watcher_1.5.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Touch_It_1.2.7.0.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\TrayDay_7.02.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\TribalWeb_2.40.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\TurboFTP_SDK_1.2.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Uninstaller_for_Total_Commander_1.7.3d.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\UninstallKing2005_2.18_Cracked.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Unreal_Tournament_2003_-_Bulldog_Support_mod.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Unreal_Tournament_2004_AS_HMStormWitch_map.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Update_To_Pixel_Penguins_4.06.18.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\UPX_Tool+_1.1.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\urlStart_1.0.2.1.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\WAV_Joiner_3.0.0.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\WinX_Burner_Master_3.2.20.152_Build_0610.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\World_of_Warcraft_v1.6.1_to_v1.7.0_patch_(France).zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Xilisoft_DVD_to_iPhone_Suite_4.0.83.0718.zip

C:\Users\GaWeL\AppData\Roaming\m\shared\Xtreme_Importer_1.0_[Cracked].zip

C:\Users\GaWeL\AppData\Roaming\m\srvlist.oct

C:\Windows\system32\1.exe

C:\Windows\system32\ban_list.txt

C:\Windows\system32\drivers\downld

C:\Windows\system32\drivers\downld\100027.exe

C:\Windows\system32\drivers\downld\1006128.exe

C:\Windows\system32\drivers\downld\1017906.exe

C:\Windows\system32\drivers\downld\104676.exe

C:\Windows\system32\drivers\downld\106486.exe

C:\Windows\system32\drivers\downld\108857.exe

C:\Windows\system32\drivers\downld\109434.exe

C:\Windows\system32\drivers\downld\1105142.exe

C:\Windows\system32\drivers\downld\1118059.exe

C:\Windows\system32\drivers\downld\113038.exe

C:\Windows\system32\drivers\downld\113147.exe

C:\Windows\system32\drivers\downld\1136108.exe

C:\Windows\system32\drivers\downld\113865.exe

C:\Windows\system32\drivers\downld\117624.exe

C:\Windows\system32\drivers\downld\122055.exe

C:\Windows\system32\drivers\downld\122866.exe

C:\Windows\system32\drivers\downld\123615.exe

C:\Windows\system32\drivers\downld\1257648.exe

C:\Windows\system32\drivers\downld\125892.exe

C:\Windows\system32\drivers\downld\1265230.exe

C:\Windows\system32\drivers\downld\1291438.exe

C:\Windows\system32\drivers\downld\1300049.exe

C:\Windows\system32\drivers\downld\130214.exe

C:\Windows\system32\drivers\downld\1322950.exe

C:\Windows\system32\drivers\downld\133396.exe

C:\Windows\system32\drivers\downld\137140.exe

C:\Windows\system32\drivers\downld\139620.exe

C:\Windows\system32\drivers\downld\14695855.exe

C:\Windows\system32\drivers\downld\14715309.exe

C:\Windows\system32\drivers\downld\14725433.exe

C:\Windows\system32\drivers\downld\14736852.exe

C:\Windows\system32\drivers\downld\14742656.exe

C:\Windows\system32\drivers\downld\1474724.exe

C:\Windows\system32\drivers\downld\147561.exe

C:\Windows\system32\drivers\downld\14759972.exe

C:\Windows\system32\drivers\downld\14771453.exe

C:\Windows\system32\drivers\downld\14777007.exe

C:\Windows\system32\drivers\downld\14784979.exe

C:\Windows\system32\drivers\downld\14802482.exe

C:\Windows\system32\drivers\downld\14815820.exe

C:\Windows\system32\drivers\downld\1482103.exe

C:\Windows\system32\drivers\downld\14824634.exe

C:\Windows\system32\drivers\downld\14840671.exe

C:\Windows\system32\drivers\downld\14869968.exe

C:\Windows\system32\drivers\downld\148700.exe

C:\Windows\system32\drivers\downld\14872667.exe

C:\Windows\system32\drivers\downld\14873821.exe

C:\Windows\system32\drivers\downld\14877331.exe

C:\Windows\system32\drivers\downld\14880810.exe

C:\Windows\system32\drivers\downld\14881465.exe

C:\Windows\system32\drivers\downld\14886317.exe

C:\Windows\system32\drivers\downld\14886707.exe

C:\Windows\system32\drivers\downld\14886910.exe

C:\Windows\system32\drivers\downld\14900778.exe

C:\Windows\system32\drivers\downld\14903976.exe

C:\Windows\system32\drivers\downld\14909046.exe

C:\Windows\system32\drivers\downld\14930013.exe

C:\Windows\system32\drivers\downld\14948000.exe

C:\Windows\system32\drivers\downld\14960339.exe

C:\Windows\system32\drivers\downld\14967515.exe

C:\Windows\system32\drivers\downld\14990557.exe

C:\Windows\system32\drivers\downld\14999792.exe

C:\Windows\system32\drivers\downld\15016500.exe

C:\Windows\system32\drivers\downld\1506813.exe

C:\Windows\system32\drivers\downld\15096544.exe

C:\Windows\system32\drivers\downld\150993.exe

C:\Windows\system32\drivers\downld\15104640.exe

C:\Windows\system32\drivers\downld\15123594.exe

C:\Windows\system32\drivers\downld\1515019.exe

C:\Windows\system32\drivers\downld\1538466.exe

C:\Windows\system32\drivers\downld\15544282.exe

C:\Windows\system32\drivers\downld\15550179.exe

C:\Windows\system32\drivers\downld\15565327.exe

C:\Windows\system32\drivers\downld\15574016.exe

C:\Windows\system32\drivers\downld\15585716.exe

C:\Windows\system32\drivers\downld\15830763.exe

C:\Windows\system32\drivers\downld\15844631.exe

C:\Windows\system32\drivers\downld\15861432.exe

C:\Windows\system32\drivers\downld\16150237.exe

C:\Windows\system32\drivers\downld\16160190.exe

C:\Windows\system32\drivers\downld\16169441.exe

C:\Windows\system32\drivers\downld\16178270.exe

C:\Windows\system32\drivers\downld\161788.exe

C:\Windows\system32\drivers\downld\16183730.exe

C:\Windows\system32\drivers\downld\16194042.exe

C:\Windows\system32\drivers\downld\16195789.exe

C:\Windows\system32\drivers\downld\16226178.exe

C:\Windows\system32\drivers\downld\16235741.exe

C:\Windows\system32\drivers\downld\16249173.exe

C:\Windows\system32\drivers\downld\16258065.exe

C:\Windows\system32\drivers\downld\16277378.exe

C:\Windows\system32\drivers\downld\16283633.exe

C:\Windows\system32\drivers\downld\16328250.exe

C:\Windows\system32\drivers\downld\16355098.exe

C:\Windows\system32\drivers\downld\16379824.exe

C:\Windows\system32\drivers\downld\1670177.exe

C:\Windows\system32\drivers\downld\167201.exe

C:\Windows\system32\drivers\downld\167482.exe

C:\Windows\system32\drivers\downld\1689272.exe

C:\Windows\system32\drivers\downld\1703640.exe

C:\Windows\system32\drivers\downld\1711237.exe

C:\Windows\system32\drivers\downld\1728662.exe

C:\Windows\system32\drivers\downld\1728943.exe

C:\Windows\system32\drivers\downld\1737960.exe

C:\Windows\system32\drivers\downld\1764230.exe

C:\Windows\system32\drivers\downld\177872.exe

C:\Windows\system32\drivers\downld\185375.exe

C:\Windows\system32\drivers\downld\189634.exe

C:\Windows\system32\drivers\downld\189650.exe

C:\Windows\system32\drivers\downld\191413.exe

C:\Windows\system32\drivers\downld\208214.exe

C:\Windows\system32\drivers\downld\209150.exe

C:\Windows\system32\drivers\downld\217059.exe

C:\Windows\system32\drivers\downld\221505.exe

C:\Windows\system32\drivers\downld\224906.exe

C:\Windows\system32\drivers\downld\231661.exe

C:\Windows\system32\drivers\downld\236637.exe

C:\Windows\system32\drivers\downld\238026.exe

C:\Windows\system32\drivers\downld\239695.exe

C:\Windows\system32\drivers\downld\240288.exe

C:\Windows\system32\drivers\downld\250646.exe

C:\Windows\system32\drivers\downld\250724.exe

C:\Windows\system32\drivers\downld\254515.exe

C:\Windows\system32\drivers\downld\260459.exe

C:\Windows\system32\drivers\downld\260506.exe

C:\Windows\system32\drivers\downld\267557.exe

C:\Windows\system32\drivers\downld\271597.exe

C:\Windows\system32\drivers\downld\273610.exe

C:\Windows\system32\drivers\downld\278383.exe

C:\Windows\system32\drivers\downld\281659.exe

C:\Windows\system32\drivers\downld\283921.exe

C:\Windows\system32\drivers\downld\289475.exe

C:\Windows\system32\drivers\downld\29420181.exe

C:\Windows\system32\drivers\downld\29429245.exe

C:\Windows\system32\drivers\downld\29442146.exe

C:\Windows\system32\drivers\downld\29458948.exe

C:\Windows\system32\drivers\downld\29528945.exe

C:\Windows\system32\drivers\downld\29540536.exe

C:\Windows\system32\drivers\downld\29544202.exe

C:\Windows\system32\drivers\downld\29557057.exe

C:\Windows\system32\drivers\downld\29570083.exe

C:\Windows\system32\drivers\downld\29572142.exe

C:\Windows\system32\drivers\downld\29591408.exe

C:\Windows\system32\drivers\downld\29604450.exe

C:\Windows\system32\drivers\downld\296121.exe

C:\Windows\system32\drivers\downld\29705335.exe

C:\Windows\system32\drivers\downld\29718330.exe

C:\Windows\system32\drivers\downld\29741029.exe

C:\Windows\system32\drivers\downld\306495.exe

C:\Windows\system32\drivers\downld\30793895.exe

C:\Windows\system32\drivers\downld\308008.exe

C:\Windows\system32\drivers\downld\30808793.exe

C:\Windows\system32\drivers\downld\308226.exe

C:\Windows\system32\drivers\downld\30831553.exe

C:\Windows\system32\drivers\downld\30875749.exe

C:\Windows\system32\drivers\downld\30890584.exe

C:\Windows\system32\drivers\downld\30945450.exe

C:\Windows\system32\drivers\downld\30992188.exe

C:\Windows\system32\drivers\downld\31028177.exe

C:\Windows\system32\drivers\downld\31049331.exe

C:\Windows\system32\drivers\downld\313655.exe

C:\Windows\system32\drivers\downld\314154.exe

C:\Windows\system32\drivers\downld\315231.exe

C:\Windows\system32\drivers\downld\318366.exe

C:\Windows\system32\drivers\downld\321393.exe

C:\Windows\system32\drivers\downld\321705.exe

C:\Windows\system32\drivers\downld\329817.exe

C:\Windows\system32\drivers\downld\331221.exe

C:\Windows\system32\drivers\downld\331299.exe

C:\Windows\system32\drivers\downld\335214.exe

C:\Windows\system32\drivers\downld\339426.exe

C:\Windows\system32\drivers\downld\346618.exe

C:\Windows\system32\drivers\downld\348428.exe

C:\Windows\system32\drivers\downld\352983.exe

C:\Windows\system32\drivers\downld\358942.exe

C:\Windows\system32\drivers\downld\360643.exe

C:\Windows\system32\drivers\downld\376087.exe

C:\Windows\system32\drivers\downld\384355.exe

C:\Windows\system32\drivers\downld\398020.exe

C:\Windows\system32\drivers\downld\404728.exe

C:\Windows\system32\drivers\downld\425024.exe

C:\Windows\system32\drivers\downld\428753.exe

C:\Windows\system32\drivers\downld\429845.exe

C:\Windows\system32\drivers\downld\433105.exe

C:\Windows\system32\drivers\downld\43998397.exe

C:\Windows\system32\drivers\downld\44010315.exe

C:\Windows\system32\drivers\downld\44025759.exe

C:\Windows\system32\drivers\downld\44049035.exe

C:\Windows\system32\drivers\downld\440562.exe

C:\Windows\system32\drivers\downld\44149452.exe

C:\Windows\system32\drivers\downld\44154569.exe

C:\Windows\system32\drivers\downld\44171620.exe

C:\Windows\system32\drivers\downld\44232492.exe

C:\Windows\system32\drivers\downld\44268793.exe

C:\Windows\system32\drivers\downld\442777.exe

C:\Windows\system32\drivers\downld\44304814.exe

C:\Windows\system32\drivers\downld\44306077.exe

C:\Windows\system32\drivers\downld\44323534.exe

C:\Windows\system32\drivers\downld\44424903.exe

C:\Windows\system32\drivers\downld\44435387.exe

C:\Windows\system32\drivers\downld\44455074.exe

C:\Windows\system32\drivers\downld\448081.exe

C:\Windows\system32\drivers\downld\450874.exe

C:\Windows\system32\drivers\downld\45457833.exe

C:\Windows\system32\drivers\downld\45466366.exe

C:\Windows\system32\drivers\downld\45483479.exe

C:\Windows\system32\drivers\downld\45508346.exe

C:\Windows\system32\drivers\downld\45561683.exe

C:\Windows\system32\drivers\downld\45594474.exe

C:\Windows\system32\drivers\downld\45624504.exe

C:\Windows\system32\drivers\downld\45642912.exe

C:\Windows\system32\drivers\downld\462823.exe

C:\Windows\system32\drivers\downld\467503.exe

C:\Windows\system32\drivers\downld\467644.exe

C:\Windows\system32\drivers\downld\467784.exe

C:\Windows\system32\drivers\downld\472121.exe

C:\Windows\system32\drivers\downld\480358.exe

C:\Windows\system32\drivers\downld\486270.exe

C:\Windows\system32\drivers\downld\495942.exe

C:\Windows\system32\drivers\downld\498251.exe

C:\Windows\system32\drivers\downld\511074.exe

C:\Windows\system32\drivers\downld\514709.exe

C:\Windows\system32\drivers\downld\530091.exe

C:\Windows\system32\drivers\downld\60668.exe

C:\Windows\system32\drivers\downld\61448.exe

C:\Windows\system32\drivers\downld\69451.exe

C:\Windows\system32\drivers\downld\69748.exe

C:\Windows\system32\drivers\downld\72041.exe

C:\Windows\system32\drivers\downld\72275.exe

C:\Windows\system32\drivers\downld\75457.exe

C:\Windows\system32\drivers\downld\79591.exe

C:\Windows\system32\drivers\downld\83039.exe

C:\Windows\system32\drivers\downld\86362.exe

C:\Windows\system32\drivers\downld\89466.exe

C:\Windows\system32\drivers\downld\89731.exe

C:\Windows\system32\drivers\downld\90433.exe

C:\Windows\system32\drivers\downld\93725.exe

C:\Windows\system32\drivers\downld\95566.exe

C:\Windows\system32\drivers\downld\979265.exe

C:\Windows\system32\drivers\downld\984303.exe

C:\Windows\system32\drivers\hldrrr.exe

C:\Windows\system32\drivers\mdelk.exe

C:\Windows\system32\drivers\srosa.sys

C:\Windows\system32\mdelk.exe

C:\Windows\system32\wintems.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_SROSA

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-14 to 2008-05-14 ))))))))))))))))))))))))))))))))))))

.

Pas de nouveau fichier cr‚‚ dans cet espace de temps

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-13 22:51 --------- d-----w C:\Program Files\Alwil Software

2008-05-13 22:01 --------- d-----w C:\ProgramData\Spybot - Search & Destroy

2008-05-13 22:01 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-05-13 21:27 --------- d-----w C:\Program Files\CCleaner

2008-05-11 20:05 --------- d-----w C:\ProgramData\pixelStorm

2008-05-11 14:27 --------- d-----w C:\Program Files\PpStream Fr

2008-05-11 14:25 --------- d-----w C:\Users\GaWeL\AppData\Roaming\ppStream

2008-05-05 17:20 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys

2008-05-05 17:20 22,328 ----a-w C:\Users\GaWeL\AppData\Roaming\PnkBstrK.sys

2008-05-05 17:20 103,736 ----a-w C:\Users\GaWeL\AppData\Roaming\PnkBstrB.exe

2008-05-05 17:18 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-05 16:59 --------- d-----w C:\Program Files\Activision

2008-05-01 13:25 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files

2008-05-01 10:42 --------- d-----w C:\Program Files\Apple Software Update

2008-04-20 20:49 --------- d-----w C:\Program Files\pspvideo9

2008-04-20 20:41 319,456 ----a-w C:\Windows\DIFxAPI.dll

2008-04-20 20:41 --------- d-----w C:\Program Files\Realtek

2008-04-14 20:11 --------- d-----w C:\Program Files\AviSynth 2.5

2008-04-10 06:44 --------- d-----w C:\ProgramData\Microsoft Help

2008-04-03 23:00 --------- d--h--r C:\Users\GaWeL\AppData\Roaming\SecuROM

2008-04-03 22:44 --------- d-----w C:\Users\GaWeL\AppData\Roaming\Sports Interactive

2008-04-03 22:39 --------- d--h--w C:\Program Files\Zero G Registry

2008-04-03 22:33 --------- d-----w C:\Program Files\Sports Interactive

2008-04-03 16:04 --------- d-----w C:\Program Files\iTunes

2008-04-03 16:04 --------- d-----w C:\Program Files\iPod

2008-04-03 16:03 --------- d-----w C:\Program Files\QuickTime

2008-03-21 18:43 --------- d-----w C:\Users\GaWeL\AppData\Roaming\Apple Computer

2008-03-20 17:53 --------- d-----w C:\Program Files\Safari

2008-03-16 18:15 --------- d-----w C:\ProgramData\NVIDIA

2008-03-16 04:57 --------- d-----w C:\Users\GaWeL\AppData\Roaming\WinBatch

2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-02-04 19:26 82 ----a-w C:\Users\GaWeL\AppData\Roaming\wklnhst.dat

2008-02-04 19:25 47,360 ----a-w C:\Users\GaWeL\AppData\Roaming\pcouffin.sys

2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini

.

------- Sigcheck -------

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 04:01 1232896]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35 202024]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-05-14 00:01 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-19 00:28 1006264]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2004-08-02 02:10 688128]

"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536]

"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 12:59 118784]

"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 11:26 4874240 C:\Windows\RtHDVCpl.exe]

"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"VX6000"="C:\Windows\vVX6000.exe" [2007-04-10 14:46 996712]

"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]

"HPAIO_PrintFolderMgr"="C:\Windows\system32\spool\DRIVERS\W32X86\hpoopm07.exe" [ ]

"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 09:23 132624]

"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-27 18:59 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-27 18:59 8473120]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-27 18:59 81920]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\Users\GaWeL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 17:51 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3072763064-2446227072-4167713054-1000]

"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{6D627958-CCBC-4F0D-86EA-814307131E64}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{540C4478-A48C-4271-81C8-B312B78F5CD9}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"TCP Query User{48ED27BD-4D5C-4483-A8AD-C9C463E81AF8}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus

"UDP Query User{F941FE5E-E53C-412C-A2D8-0339ACB9EB76}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus

"{73E54759-DADF-4B25-9ADE-FC0CEC637531}"= Disabled:UDP:C:\Program Files\devolo\informer\devinf.exe:devolo Informer

"{89C5A30E-BA8B-4A1F-A260-6172F1C8EE2C}"= Disabled:TCP:C:\Program Files\devolo\informer\devinf.exe:devolo Informer

"{23BF2E3B-7760-4D96-B3F8-59E6955F4804}"= Disabled:UDP:C:\Program Files\devolo\easyshare\easyshare.exe:devolo EasyShare

"{D66CA116-176E-453F-B9FD-F1F41B96189D}"= Disabled:TCP:C:\Program Files\devolo\easyshare\easyshare.exe:devolo EasyShare

"{98DE3049-F1BB-4828-8A84-6411E529D14B}"= UDP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe

"{8FBFFE59-6FDE-4598-A05F-1E5CEC5E7443}"= TCP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe

"{2C10C3AB-CE1C-4515-96FA-A57BCED63DF5}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe

"{94C8C4C4-8632-4B6C-998D-C1ECFBC63523}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe

"TCP Query User{932CA54F-49E3-4D4A-A864-CCAA54BD20CA}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule

"UDP Query User{F4F8E69B-40BA-405C-BD82-2237C2AE3463}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule

"{77DF3217-5272-47CC-8DBA-1101B32A5D27}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{1F84B188-BFE2-4FD0-9250-88F6BEC8BBEF}"= UDP:C:\Windows\System32\muzapp.exe:MUZ AOD APP player

"{6E30E2E8-F8F9-4295-BF15-28B63DFEDC74}"= TCP:C:\Windows\System32\muzapp.exe:MUZ AOD APP player

"{C9581EA9-5CE7-419C-9E74-8C62834DE3D6}"= UDP:C:\Program Files\Microsoft ActiveSync\rapimgr.exe:ActiveSync RAPI Manager

"{C9A552AD-84B9-42F6-AC47-437E898F82B6}"= TCP:C:\Program Files\Microsoft ActiveSync\rapimgr.exe:ActiveSync RAPI Manager

"{4D69BB7C-0995-4A56-B788-EDE78F5EDEAF}"= UDP:C:\Program Files\Microsoft ActiveSync\wcescomm.exe:ActiveSync Connection Manager

"{4B4A249E-4B06-4E73-9D04-B9D0E9E48B68}"= TCP:C:\Program Files\Microsoft ActiveSync\wcescomm.exe:ActiveSync Connection Manager

"{0C8D9FB4-BE31-4A0D-832A-D2E570934E1A}"= UDP:C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:ActiveSync Application

"{1FC82F46-9F77-4191-A7E5-D4B98ACA6646}"= TCP:C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:ActiveSync Application

"{B9622CB5-EB26-4DEF-9F3E-150EB96C78E1}"= UDP:26675:169.254.2.0/255.255.255.0:ActiveSync Service

"{61D1E7E4-CE5A-427A-8F94-CC1A104C87B7}"= UDP:C:\Program Files\Microsoft ActiveSync\rapimgr.exe:ActiveSync RAPI Manager

"{C269D18D-2E5C-4592-8C30-358FEED71359}"= TCP:C:\Program Files\Microsoft ActiveSync\rapimgr.exe:ActiveSync RAPI Manager

"{4B1F9833-512C-4D7E-8F61-50B975A705E0}"= UDP:C:\Program Files\Microsoft ActiveSync\wcescomm.exe:ActiveSync Connection Manager

"{4B64E45C-5802-40D1-95D5-1F539FB9137E}"= TCP:C:\Program Files\Microsoft ActiveSync\wcescomm.exe:ActiveSync Connection Manager

"{D6DD97F8-43B4-43CF-AE3C-A8D541181EA1}"= UDP:C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:ActiveSync Application

"{48307B80-3264-46FB-B078-3366468C8810}"= TCP:C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:ActiveSync Application

"{3B963C37-3149-41CC-8450-F84F0D87B63F}"= UDP:26675:169.254.2.0/255.255.255.0:ActiveSync Service

"{38B24799-AD50-4759-ACDA-A799790B7EA3}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"TCP Query User{78BF92EF-58C0-475F-B36A-C5CB0B0A5E1D}C:\\users\\gawel\\desktop\\viviplay.exe"= UDP:C:\users\gawel\desktop\viviplay.exe:viviplay.exe

"UDP Query User{DB60AA64-5A66-4A56-9503-278736AB17F1}C:\\users\\gawel\\desktop\\viviplay.exe"= TCP:C:\users\gawel\desktop\viviplay.exe:viviplay.exe

"{85107586-3806-4B67-BBC3-C0F9C52DD8A0}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{BF23537A-2CAB-4E9F-AA99-698848A1CDB3}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{D266B7DB-B012-4802-8B20-F9145C464865}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

"{0595A42E-1164-4B80-A380-1DCD8B3FA3B4}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;C:\Windows\system32\plcndis5.sys [2004-05-17 11:21]

R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 11:45]

R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 11:45]

S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]

S3 VX6000;Microsoft LifeCam VX-6000;C:\Windows\system32\DRIVERS\VX6000Xp.sys [2007-04-10 14:46]

S4 usbprint;Microsoft USB PRINTER Class;C:\Windows\system32\drivers\usbprint.sys [2006-11-02 11:14]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a99a04e-24f8-11dc-80ec-806e6f6e6963}]

\shell\AutoRun\command - E:\TOP_QCM.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{533552f4-121f-11dd-94f2-001bb982436e}]

\shell\AutoRun\command - H:\nideiect.com

\shell\explore\Command - H:\nideiect.com

\shell\open\Command - H:\nideiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{873325f9-71be-11dc-95f5-001bb982436e}]

\shell\AutoRun\command - ie.exe

\shell\explore\Command - ie.exe

\shell\open\Command - ie.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-15 00:32:30

Windows 6.0.6000 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Windows\System32\audiodg.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Windows\System32\PnkBstrA.exe

C:\Windows\System32\PnkBstrB.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\System32\wbem\unsecapp.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\hp\KBD\kbd.exe

C:\Windows\System32\conime.exe

C:\Windows\System32\dllhost.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-05-15 0:38:54 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-14 22:38:45

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.

582 --- E O F --- 2008-04-16 11:31:58

Falkra · le 14 mai 2008

Bien.

Poste un nouveau rapport HijackThis stp.

gawel · le 14 mai 2008

Voila:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:58:26, on 15/05/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Windows\vVX6000.exe

C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\hp\kbd\kbd.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\conime.exe

C:\Windows\Explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\GaWeL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VH28G7S\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fiberfib.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157