[RESOLU] Besoin d'un ptit coup de main [RESOLU]

[yoda93]

Bonjour à toutes et tous.

 

Eh oui me re-voilà de retour suite à une belle merdouille qui vient de me tomber sur le coin du clavier.

 

Donc hier soir, je télécharge via un site connu un utilitaire afin de pouvoir récupérer et réparer des fichiers photos endommagés sur une carte SD.

Jusque là tout va bien.

 

Pour plus de sécurité, comme d'habitude, je fais un scan avec Antivir. Mais c'est là que les soucis commencent.

En fait Antivir ne se lance pas et mon pc s'éteint direct.

Ca me rappelle maklheureusement le soucis reglé par Falkra il y a quelques mois.

Je redémarre donc la bête et essaie de nouveau Antivir, mais en vain.

J'essaie de passer Spybot, AVG anti-spyware, C cleaner, Malwarebyte mais en vain également car à chaque fois il me signale des erreurs.

Le seul utilitaire qui fonctionne est A-square, mais il ne me détecte que des cookies.

 

Je prévois pour ma venue sur ces pages et essaie un scan en ligne avec secuser (mais mon pc plante au bout d'une heure à chaque fois) donc pas de rapport pour vous.

 

Lorsque j'essaie de lancer Hijackthis, il me signlae que c'est une application Win32 invalide, donc impossible également de vous afficher un rapport.

 

J'essaie de relancer une énième fois Antivir, mais toujours rien Je le désinstalle et viens sur vos pages pour avoir l'exécutable et le réinstaller. Mais durant l'instalation il m'est notifié "Impossible de créer basic\avartkt.dll".

 

J'ai essayée une restauration à hier matin également, mais il me signale qu'il est impossible de restaurer le systeme à cette date et heure. Idem pour d'autres d'ailleurs.

 

Donc là malgré les manips que j'ai faite, rien ne se passe et j'ai remarqué ce matin que le processus systeme oscillait entre 10 et 80%.

Si dans le processus il y a "winupgro.exe" que je n'avais jamais vu auparavant. IL monopolise 14 765ko lors de son activité.

 

J'ai également essayé de démarrer en mode sans échec avec prise en charge ou non et vouilà ce que l'on me signale. en gros j'ai un soucis sur le pc (je le savais ça par contre) et que le mode sans échec ne peut être lancé sous peine de créer des dommages sur la machine.

Un message d'erreur est joint : "STOP : 0x0000007B (0x81c6528, 0xc0000034, 0x00000000, 0x00000000).

Il m'est demandé également d'éxécuter cela : CHKDSK /F. Ne sachant pas ce que c'est j'ai préféré ne pas lancer cette commande.

 

Donc là franchement, je m'en remet à vos connaissances afin de réparer cette machine.

 

Merci d'avance à ceux qui m'aideront.

Modifié le 10 décembre 2008 par yoda93

[Chris2406]

Bonjour à toutes et tous.

 

Eh oui me re-voilà de retour suite à une belle merdouille qui vient de me tomber sur le coin du clavier.

 

Donc hier soir, je télécharge via un site connu un utilitaire afin de pouvoir récupérer et réparer des fichiers photos endommagés sur une carte SD.

Jusque là tout va bien.

 

Pour plus de sécurité, comme d'habitude, je fais un scan avec Antivir. Mais c'est là que les soucis commencent.

En fait Antivir ne se lance pas et mon pc s'éteint direct.

Ca me rappelle maklheureusement le soucis reglé par Falkra il y a quelques mois.

Je redémarre donc la bête et essaie de nouveau Antivir, mais en vain.

J'essaie de passer Spybot, AVG anti-spyware, C cleaner, Malwarebyte mais en vain également car à chaque fois il me signale des erreurs.

Le seul utilitaire qui fonctionne est A-square, mais il ne me détecte que des cookies.

 

Je prévois pour ma venue sur ces pages et essaie un scan en ligne avec secuser (mais mon pc plante au bout d'une heure à chaque fois) donc pas de rapport pour vous.

 

Lorsque j'essaie de lancer Hijackthis, il me signlae que c'est une application Win32 invalide, donc impossible également de vous afficher un rapport.

 

J'essaie de relancer une énième fois Antivir, mais toujours rien Je le désinstalle et viens sur vos pages pour avoir l'exécutable et le réinstaller. Mais durant l'instalation il m'est notifié "Impossible de créer basic\avartkt.dll".

 

J'ai essayée une restauration à hier matin également, mais il me signale qu'il est impossible de restaurer le systeme à cette date et heure. Idem pour d'autres d'ailleurs.

 

Donc là malgré les manips que j'ai faite, rien ne se passe et j'ai remarqué ce matin que le processus systeme oscillait entre 10 et 80%.

Si dans le processus il y a "winupgro.exe" que je n'avais jamais vu auparavant. IL monopolise 14 765ko lors de son activité.

 

J'ai également essayé de démarrer en mode sans échec avec prise en charge ou non et vouilà ce que l'on me signale. en gros j'ai un soucis sur le pc (je le savais ça par contre) et que le mode sans échec ne peut être lancé sous peine de créer des dommages sur la machine.

Un message d'erreur est joint : "STOP : 0x0000007B (0x81c6528, 0xc0000034, 0x00000000, 0x00000000).

Il m'est demandé également d'éxécuter cela : CHKDSK /F. Ne sachant pas ce que c'est j'ai préféré ne pas lancer cette commande.

 

Donc là franchement, je m'en remet à vos connaissances afin de réparer cette machine.

 

Merci d'avance à ceux qui m'aideront.

 

 

Bonjour,

 

J'ai le même problème sur mon pc.

J'ai téléchargé un logiciel d'édition photo, et depuis, un virus est là: Hacktool.rootkit...

Mêmes symptômes que Yoda: mon pc s'est éteint tout seul et une tâche Winupgro consomme depuis en permance la moitié de mes ressources et empêche même mon antivirus d'être actif.

Comme Yoda, plusieurs antivirus et des tentatives de scan en mode sans échec n'ont pas parvenu à s'en débarrasser.

Je suis donc également preneur de tout tuyau pour s'en débarrasser...

En attendant vos commentaires, je pense que Yoda et moi-même pouvons officialiser le fan-club de Winupgro.exe (qu'en pesnes tu Yoda?)

 

Merci d'avance

[yoda93]

Salut Chris.

 

Eh oui bienvenue au club comme tu dis, mais au moins on se sent beaucoup moins seul .

Concernant ton probleme qui ressemeble à un rootkit d'apres ce que je lis dans tes premières lignes, as-tu essayé de télécharger un anti-rootkit justement et voir ce que cela donne en premier lieu.

Je sais que le groupe grisoft ou AVG en a un gratuit.

Maintenant peut-être que cette manip ne servira à rien au final.

Vas voir là, ils parlent de ce que tu mentionnes dans ton post : http://www.symantec.com/fr/fr/security_res...-011710-0057-99

Et y en a plein d'autres ailleurs sur google.

 

Sinon me concernant, j'ai réussi à fare un scan avec PANDA et a-square. par contre avec Kapersky il ne veut pas s'éxécuter et me notifie qu'un autre anti-virus est en fonction.

 

Pour ceux qui liront ce post, voici les rapport a-square et PANDA.

 

A-square :

 

Version - a-squared Free 3.5

Dernière mise à jour : 07/12/2008 23:33:51

 

Paramètres des balayages :

 

Éléments : Mémoire, Traces, Cookies, C:\, E:\

Balaye dans les archives : Marche

Analyse heuristique : Marche

Balaye dans les ADS : Marche

 

Début du balayage : 07/12/2008 23:34:19

 

C:\Documents and Settings\Cookies\sylvain@247realmedia[1].txt Objets détectés : Trace.TrackingCookie.247realmedia!A2

C:\Documents and Settings\Cookies\sylvain@2o7[1].txt Objets détectés : Trace.TrackingCookie.2o7!A2

C:\Documents and Settings\Cookies\sylvain@adserver.aol[1].txt Objets détectés : Trace.TrackingCookie.adserv!A2

C:\Documents and Settings\cookies\sylvain@adserver.aol[1].txt Objets détectés : Trace.TrackingCookie.adserver!A2

C:\Documents and Settings\Cookies\sylvain@bs.serving-sys[1].txt Objets détectés : Trace.TrackingCookie.bs.serving-sys!A2

C:\Documents and Settings\Cookies\sylvain@commentcamarche[1].txt Objets détectés : Trace.TrackingCookie.com!A2

C:\Documents and Settings\Cookies\sylvain@com[1].txt Objets détectés : Trace.TrackingCookie.com!A2

C:\Documents and Settings\Cookies\sylvain@serving-sys[1].txt Objets détectés : Trace.TrackingCookie.serving-sys!A2

C:\Documents and Settings\Cookies\sylvain@smartadserver[1].txt Objets détectés : Trace.TrackingCookie.smartadserver!A2

C:\Documents and Settings\Cookies\sylvain@specificclick[2].txt Objets détectés : Trace.TrackingCookie.specificclick!A2

C:\Documents and Settings\Cookies\sylvain@tribalfusion[2].txt Objets détectés : Trace.TrackingCookie.tribalfusion!A2

C:\Documents and Settings\Cookies\sylvain@weborama[1].txt Objets détectés : Trace.TrackingCookie.weborama!A2

 

Analysé

 

Fichiers : 191580

Traces : 444088

Cookies : 130

Processus : 21

 

Objets trouvés

 

Fichiers : 0

Traces : 0

Cookies : 12

Processus : 0

Clés de Registre : 0

 

Fin du balayage : 08/12/2008 06:20:27

Temps du balayage : 6:46:08

 

 

Rapport PANDA :

 

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-12-08 20:34:43

PROTECTIONS: 0

MALWARE: 4

SUSPECTS: 2

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00459277 W32/Bagle.RC.worm Virus/Worm No 0 Yes No

C:\System Volume Information\_restore{A52C3862-AC83-49C6-A5FD-A969B32B6D8D}\RP177\A0019146.sys

00459277 W32/Bagle.RC.worm Virus/Worm No 0 Yes No

C:\Documents and Settings\Yoda\Application Data\drivers\srosa2.sys

00459277 W32/Bagle.RC.worm Virus/Worm No 0 Yes No

C:\System Volume Information\_restore{A52C3862-AC83-49C6-A5FD-A969B32B6D8D}\RP179\A0019261.sys

00459277 W32/Bagle.RC.worm Virus/Worm No 0 Yes No

C:\System Volume Information\_restore{A52C3862-AC83-49C6-A5FD-A969B32B6D8D}\RP175\A0017941.sys

00459277 W32/Bagle.RC.worm Virus/Worm No 0 Yes No

C:\System Volume Information\_restore{A52C3862-AC83-49C6-A5FD-A969B32B6D8D}\RP179\A0019222.sys

00459277 W32/Bagle.RC.worm Virus/Worm No 0 Yes No

C:\System Volume Information\_restore{A52C3862-AC83-49C6-A5FD-A969B32B6D8D}\RP175\A0018942.sys

00459277 W32/Bagle.RC.worm Virus/Worm No 0 Yes No

C:\System Volume Information\_restore{A52C3862-AC83-49C6-A5FD-A969B32B6D8D}\RP178\A0019159.sys

00459277 W32/Bagle.RC.worm Virus/Worm No 0 Yes No

C:\System Volume Information\_restore{A52C3862-AC83-49C6-A5FD-A969B32B6D8D}\RP177\A0019122.sys

00459277 W32/Bagle.RC.worm Virus/Worm No 0 Yes No

C:\System Volume Information\_restore{A52C3862-AC83-49C6-A5FD-A969B32B6D8D}\RP179\A0019484.sys

02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No

C:\WINDOWS\system32\mdelk.exe

02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes No

C:\WINDOWS\system32\wintems.exe

02898935 W32/Bagle.RC.worm Virus/Worm No 0 Yes No

C:\System Volume Information\_restore{A52C3862-AC83-49C6-A5FD-A969B32B6D8D}\RP175\A0018943.sys

02898935 W32/Bagle.RC.worm Virus/Worm No 0 Yes No

C:\System Volume Information\_restore{A52C3862-AC83-49C6-A5FD-A969B32B6D8D}\RP179\A0019221.sys

02898935 W32/Bagle.RC.worm Virus/Worm No 0 Yes No

C:\System Volume Information\_restore{A52C3862-AC83-49C6-A5FD-A969B32B6D8D}\RP175\A0017942.sys

02898935 W32/Bagle.RC.worm Virus/Worm No 0 Yes No

C:\System Volume Information\_restore{A52C3862-AC83-49C6-A5FD-A969B32B6D8D}\RP178\A0019158.sys

02898935 W32/Bagle.RC.worm Virus/Worm No 0 Yes No

C:\System Volume Information\_restore{A52C3862-AC83-49C6-A5FD-A969B32B6D8D}\RP177\A0019147.sys

02898935 W32/Bagle.RC.worm Virus/Worm No 0 Yes No

C:\System Volume Information\_restore{A52C3862-AC83-49C6-A5FD-A969B32B6D8D}\RP179\A0019262.sys

02898935 W32/Bagle.RC.worm Virus/Worm No 0 Yes No

C:\System Volume Information\_restore{A52C3862-AC83-49C6-A5FD-A969B32B6D8D}\RP177\A0019123.sys

02898935 W32/Bagle.RC.worm Virus/Worm No 0 Yes No

C:\System Volume Information\_restore{A52C3862-AC83-49C6-A5FD-A969B32B6D8D}\RP179\A0019485.sys

02898935 W32/Bagle.RC.worm Virus/Worm No 0 Yes No

C:\Documents and Settings\Yoda\Application Data\drivers\srosa.sys

04281341 Generic Trojan Virus/Trojan No 0 Yes No

C:\Documents and Settings\Yoda\Bureau\SYLVAIN\generateur de clé.exe

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location @

;===============================================================================

================================================================================

=

===================

No C:\Program Files\EXTRACTION vidéo sur site internet\vdownloader version 0.61.zip[VDownloader.exe] @

No C:\WINDOWS\system32\LineAudio.dll @

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description @

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

 

Ce qui donne ça en résumé avec le scan PANDA :

 

Menaces avec désinfection gratuite (4)

 

Niveau de risque faible (4) W32/Bagle.RC.w... Virus Latent(e) Afficher +Infos

1. C:\System Volume Information\_restore{A52C386...FD-A969B32B6D8D}\RP179\A0019485.sys

2. C:\System Volume Information\_restore{A52C386...FD-A969B32B6D8D}\RP179\A0019221.sys

3. C:\System Volume Information\_restore{A52C386...FD-A969B32B6D8D}\RP177\A0019123.sys

4. C:\System Volume Information\_restore{A52C386...FD-A969B32B6D8D}\RP178\A0019158.sys

5. C:\System Volume Information\_restore{A52C386...FD-A969B32B6D8D}\RP177\A0019147.sys

6. C:\Documents and Settings\Yoda\Application Data\drivers\srosa.sys

7. C:\System Volume Information\_restore{A52C386...FD-A969B32B6D8D}\RP175\A0017942.sys

8. C:\System Volume Information\_restore{A52C386...FD-A969B32B6D8D}\RP175\A0018943.sys

9. C:\System Volume Information\_restore{A52C386...FD-A969B32B6D8D}\RP179\A0019262.sys

 

Generic Trojan Virus Latent(e) Afficher +Infos

1. C:\Documents and Settings\Yoda\Bureau\SYLVAIN\generateur de clé.exe

 

W32/Bagle.RP.w... Virus Latent(e) Afficher +Infos

1. C:\WINDOWS\system32\wintems.exe

2. C:\WINDOWS\system32\mdelk.exe

 

W32/Bagle.RC.w... Virus Latent(e) Afficher +Infos

1. C:\System Volume Information\_restore{A52C386...FD-A969B32B6D8D}\RP177\A0019122.sys

2. C:\System Volume Information\_restore{A52C386...FD-A969B32B6D8D}\RP179\A0019222.sys

3. C:\System Volume Information\_restore{A52C386...FD-A969B32B6D8D}\RP177\A0019146.sys

4. C:\System Volume Information\_restore{A52C386...FD-A969B32B6D8D}\RP178\A0019159.sys

5. C:\System Volume Information\_restore{A52C386...FD-A969B32B6D8D}\RP175\A0017941.sys

6. C:\Documents and Settings\Yoda\Application Data\drivers\srosa2.sys

7. C:\System Volume Information\_restore{A52C386...FD-A969B32B6D8D}\RP175\A0018942.sys

8. C:\System Volume Information\_restore{A52C386...FD-A969B32B6D8D}\RP179\A0019261.sys

9. C:\System Volume Information\_restore{A52C386...FD-A969B32B6D8D}\RP179\A0019484.sys

 

Fichiers suspects (2)

C:\WINDOWS\system32\LineAudio.dll

C:\Program Files\EXTRACTION vidéo sur site in...r version 0.61.zip[VDownloader.exe]

 

 

 

Voili voilou, merci de votre aide pour la suite car j'ai rechopé le même virus que la dernière fois il me semble.

 

Bon courage Chris.

Modifié le 8 décembre 2008 par yoda93

[Falkra]

@yoda93 ton cas est à traiter comme suit :

 

Chris, crée ton propre sujet stp (sans reproduire la procédure sur ta machine : pas adapté, et dangereux).

 

Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure : dangereux.

 

Attention à bien suivre ces instructions en détail, ne pas oublier de renommer combofix.exe AVANT qu'il ne soit téléchargé, quand on peut encore changer le nom du fichier et dire au navigateur où le télécharger.

 

Télécharge combofix.exe de sUBs et renomme-le TRALALA.exe avant de le sauvegarder sur ton bureau (et pas ailleurs).

• Assure toi que tous les programmes sont fermés avant de commencer.
  
• Double-clique combo-fix.exe afin de l'exécuter.
  
• Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  
• Il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
  
• Ne ferme pas la fenêtre qui vient de s'ouvrir, tu te retrouverais avec un bureau vide.
  
• Lorsque l'analyse sera terminée, un rapport apparaîtra.
  
• Copie-colle ce rapport dans ta prochaine réponse.
  Le rapport se trouve dans : C:\Combofix.txt (si jamais).
  

[yoda93]

Bonjour Falkra et merci de ton aide à nouveau.

 

J'ai effectué l'opération que tu m'as demandé.

Avant je te note ce qui est apparu lors du lancement de Combofix, enfin TRALALA.

 

1 - "Vous ne pouvez pas renommer Combofix par TRALALA. Veuillez choisir un autre nom, de prùfùrence composù de caractères alphanumériques".

Voyant ce message et surtout les "ù", j'ai laissé tourner car je me demandais si le message ne venait pas justement du virus ou autre vérole de mon pc et j'ai bien fait car ensuite l'utilitaire a démarré sans soucis et fait son travail.

 

2 - "Combofix a détecté que la console de récupération Windows n'était pas installé. Vous avez tout intérêt à le faire. Voulez vous le faire maintenant ?"

J'ai préféré mettre non car je ne savais pas si cela faisait réellement partie d'un avertissement de Combofix ou autre.

S'il faut le faire pourras tu me donner la manip ultérieurement et me dire à quoi sert cette console de récupération ?

 

Voici maintenant le rapport de Combofix :

 

ComboFix 08-12-07.04 - yoda 2008-12-09 7:08:37.4 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.429 [GMT 1:00]

Lancé depuis: c:\documents and settings\yoda\Bureau\TRALALA.exe

* Un nouveau point de restauration a été créé

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\yoda\Application Data\m

c:\documents and settings\yoda\Application Data\m\data.oct

c:\documents and settings\yoda\Application Data\m\list.oct

c:\documents and settings\yoda\Application Data\m\shared

c:\documents and settings\yoda\Application Data\m\shared\[PROG-ENG].Symantec.Q&A.ver.4.02.(DOS.Application).zip

c:\documents and settings\yoda\Application Data\m\shared\24U_DatabaseToWeb_1.0.1_(KeyGen).zip

c:\documents and settings\yoda\Application Data\m\shared\3DMuse_Generator_2.03.zip

c:\documents and settings\yoda\Application Data\m\shared\70-214_Microsoft_MCSA_Security_Security_7.00.05_[Patch].zip

c:\documents and settings\yoda\Application Data\m\shared\Accelerate_Video_to_PSP_Converter_3.7.zip

c:\documents and settings\yoda\Application Data\m\shared\Action Reminder 1.2.3.zip

c:\documents and settings\yoda\Application Data\m\shared\AdFirewall_2.zip

c:\documents and settings\yoda\Application Data\m\shared\Advanced_Security_Administrator_11.3.zip

c:\documents and settings\yoda\Application Data\m\shared\Afree DVD to AVI DIVX MPEG WMV Ripper 5.0.zip

c:\documents and settings\yoda\Application Data\m\shared\AI_Symbols_Pack_1_'Mixed'_1.0.0.zip

c:\documents and settings\yoda\Application Data\m\shared\American_McGee_Presents_Bad_Day_L.A._demo.zip

c:\documents and settings\yoda\Application Data\m\shared\AnimMenu_1.0.zip

c:\documents and settings\yoda\Application Data\m\shared\Another_CPU_Meter_1.3.zip

c:\documents and settings\yoda\Application Data\m\shared\ASP_XMLMaker_3.0.zip

c:\documents and settings\yoda\Application Data\m\shared\Astro_For_Windows_2.25.zip

c:\documents and settings\yoda\Application Data\m\shared\Audio_Playback_Recorder_3.9.zip

c:\documents and settings\yoda\Application Data\m\shared\Auto_Typer_And_Auto_Clicker_1.3.zip

c:\documents and settings\yoda\Application Data\m\shared\AutoPrint 3.08.zip

c:\documents and settings\yoda\Application Data\m\shared\AutoSpec_2.1.zip

c:\documents and settings\yoda\Application Data\m\shared\AVG.Anti-Virus.Pro.v7.1.407a804.Multilangages.Incl-Keygen.updated-fixed.01-2007.zip

c:\documents and settings\yoda\Application Data\m\shared\BeClean_1.4.zip

c:\documents and settings\yoda\Application Data\m\shared\Bildsoft_Crypter_2006_1.1.zip

c:\documents and settings\yoda\Application Data\m\shared\Bytessence PassKeeper 2.5.5.9.zip

c:\documents and settings\yoda\Application Data\m\shared\Cabaret_Stage_2.zip

c:\documents and settings\yoda\Application Data\m\shared\CDmax 2.0.3.zip

c:\documents and settings\yoda\Application Data\m\shared\CNumEdit_1.0.zip

c:\documents and settings\yoda\Application Data\m\shared\Connection_Enumerator_1.03_Build_8.5.zip

c:\documents and settings\yoda\Application Data\m\shared\CopyM8_1.zip

c:\documents and settings\yoda\Application Data\m\shared\CovertMail 2.0.384.zip

c:\documents and settings\yoda\Application Data\m\shared\DeDupe_1.6.4_Patch.zip

c:\documents and settings\yoda\Application Data\m\shared\Desktop Buddy 2.0.zip

c:\documents and settings\yoda\Application Data\m\shared\Desktop_Flash_Site_Builder_1.0.zip

c:\documents and settings\yoda\Application Data\m\shared\Dial-up_Password_Recovery_Master_1.3.zip

c:\documents and settings\yoda\Application Data\m\shared\Dictionary Autoswitcher 0.1.1.zip

c:\documents and settings\yoda\Application Data\m\shared\DigiPhoto_Gallery_2.25.zip

c:\documents and settings\yoda\Application Data\m\shared\Document_Backup_3.6.zip

c:\documents and settings\yoda\Application Data\m\shared\Enchante Screensaver 1.0.zip

c:\documents and settings\yoda\Application Data\m\shared\Engineer's Toolset 9.2.zip

c:\documents and settings\yoda\Application Data\m\shared\FASTech_Traffic_Grapher_1.0.0.1.zip

c:\documents and settings\yoda\Application Data\m\shared\File_Information_Editor.zip

c:\documents and settings\yoda\Application Data\m\shared\FlipAlbum_Standard_6.0.zip

c:\documents and settings\yoda\Application Data\m\shared\Flowchart4C# -_Code_to_Flowchart_to_Visio_-_VS.NET_Addin_1.1.0_Crack.zip

c:\documents and settings\yoda\Application Data\m\shared\Ford Bronco Concept Screensaver.zip

c:\documents and settings\yoda\Application Data\m\shared\Framy_Cloud_1.0.zip

c:\documents and settings\yoda\Application Data\m\shared\FreeBasic 0.18.4b.zip

c:\documents and settings\yoda\Application Data\m\shared\Freedom_Notebook_6.0_(Cracked).zip

c:\documents and settings\yoda\Application Data\m\shared\Frog 1.1.zip

c:\documents and settings\yoda\Application Data\m\shared\Funpics 1.5.6.zip

c:\documents and settings\yoda\Application Data\m\shared\Generic spreadsheet Charts 1.0.1.zip

c:\documents and settings\yoda\Application Data\m\shared\GlobalFind_1.06.zip

c:\documents and settings\yoda\Application Data\m\shared\Groove_Migrator_1.zip

c:\documents and settings\yoda\Application Data\m\shared\GS Sounds 4.zip

c:\documents and settings\yoda\Application Data\m\shared\Hard Drive Mechanic 1.0.zip

c:\documents and settings\yoda\Application Data\m\shared\Hearts of Love 104s.zip

c:\documents and settings\yoda\Application Data\m\shared\Hide Folders 2.4 Final.zip

c:\documents and settings\yoda\Application Data\m\shared\HiDigit 1.1 (Serial).zip

c:\documents and settings\yoda\Application Data\m\shared\Higher_English_Workout_2.zip

c:\documents and settings\yoda\Application Data\m\shared\Home_&_Landscape_Design_Center_1.0.zip

c:\documents and settings\yoda\Application Data\m\shared\Horoscope Vista Gadget 1.0.zip

c:\documents and settings\yoda\Application Data\m\shared\Hubble’s_Hot_100_Part_4_Screensaver_1.0.zip

c:\documents and settings\yoda\Application Data\m\shared\Hypnotica_3D_Screensaver_1.0.zip

c:\documents and settings\yoda\Application Data\m\shared\IE-Clean 1.3.zip

c:\documents and settings\yoda\Application Data\m\shared\il.migliore.antivir.russo.in.italiano.zip

c:\documents and settings\yoda\Application Data\m\shared\Instant_EBuilder_1.0_(KeyGen).zip

c:\documents and settings\yoda\Application Data\m\shared\ircComponent.NET_2.0_(With_Crack).zip

c:\documents and settings\yoda\Application Data\m\shared\Konsposé Hotspot 1.1.zip

c:\documents and settings\yoda\Application Data\m\shared\Krawler[x]_0.34.1.29502.zip

c:\documents and settings\yoda\Application Data\m\shared\Launch4j Executable Wrapper 3.0 pre-1.zip

c:\documents and settings\yoda\Application Data\m\shared\Le Gros Million 1.0.zip

c:\documents and settings\yoda\Application Data\m\shared\LogMeister_2.6.20_Key.zip

c:\documents and settings\yoda\Application Data\m\shared\London Daily Photo 1.0.zip

c:\documents and settings\yoda\Application Data\m\shared\LSFindReplaceDialogW_1.0.0.zip

c:\documents and settings\yoda\Application Data\m\shared\Microsoft Antigen for Exchange 9.1.1097.0 with Antigen Spam Manager 9.0 with SP 1.zip

c:\documents and settings\yoda\Application Data\m\shared\Microsoft_Word_Web_Browser_1.0.zip

c:\documents and settings\yoda\Application Data\m\shared\MP3 to SWF Converter 2.5 Build 909.zip

c:\documents and settings\yoda\Application Data\m\shared\My Image Here 1.1.1.zip

c:\documents and settings\yoda\Application Data\m\shared\Nero_Burning_Rom_6.6.1.15c_(KeyGen).zip

c:\documents and settings\yoda\Application Data\m\shared\NiceGrid 2.20.zip

c:\documents and settings\yoda\Application Data\m\shared\NJWIN_CJK_Viewer_1.92_Cracked.zip

c:\documents and settings\yoda\Application Data\m\shared\Notables 1.0.zip

c:\documents and settings\yoda\Application Data\m\shared\Offline Email Extractor 2.0 (Crack).zip

c:\documents and settings\yoda\Application Data\m\shared\Okoker Removable Data Recovery 1.6.zip

c:\documents and settings\yoda\Application Data\m\shared\Outpost 2 demo (compact) 1.0.zip

c:\documents and settings\yoda\Application Data\m\shared\PauseProcess_1.0.zip

c:\documents and settings\yoda\Application Data\m\shared\Photo2CD_1.1.zip

c:\documents and settings\yoda\Application Data\m\shared\Pico-Converter_0.1.0.zip

c:\documents and settings\yoda\Application Data\m\shared\PLT_Import_for_Rhino_1.0.zip

c:\documents and settings\yoda\Application Data\m\shared\ProgInfo_1.0.0_[serial].zip

c:\documents and settings\yoda\Application Data\m\shared\ProjectTrack_-_Shareware_Edition_2007.0.6.341.zip

c:\documents and settings\yoda\Application Data\m\shared\Quintessence_of_Wisdom_2.3.zip

c:\documents and settings\yoda\Application Data\m\shared\Raining Screensaver 3.19.zip

c:\documents and settings\yoda\Application Data\m\shared\RainWebRemote_1.0.zip

c:\documents and settings\yoda\Application Data\m\shared\RaptiComm_1.2_[Cracked].zip

c:\documents and settings\yoda\Application Data\m\shared\RCLocalizer 1.8.0.1.zip

c:\documents and settings\yoda\Application Data\m\shared\Read_in_Microsoft_Reader_1.1.3.zip

c:\documents and settings\yoda\Application Data\m\shared\Recipe Library 5.0.zip

c:\documents and settings\yoda\Application Data\m\shared\Recovery Time 1.6.zip

c:\documents and settings\yoda\Application Data\m\shared\Registry Repair 4.0.0.30C.zip

c:\documents and settings\yoda\Application Data\m\shared\Rendera 1.5.zip

c:\documents and settings\yoda\Application Data\m\shared\Rocket_Lawyer_Living_Will_Edition_1.0.zip

c:\documents and settings\yoda\Application Data\m\shared\Sacrifice_Sacrificial_Dawn_map.zip

c:\documents and settings\yoda\Application Data\m\shared\Script Magic 1.7 With Crack.zip

c:\documents and settings\yoda\Application Data\m\shared\SDP_Downloader_2.3.0.zip

c:\documents and settings\yoda\Application Data\m\shared\Send2AllIms 1.2.8.zip

c:\documents and settings\yoda\Application Data\m\shared\SharpReader 0.9.7.0.zip

c:\documents and settings\yoda\Application Data\m\shared\Shop-Script_FREE_1.1.zip

c:\documents and settings\yoda\Application Data\m\shared\Silent Fear Internet Radio 3.2.zip

c:\documents and settings\yoda\Application Data\m\shared\Smart_Page_2005_2.0.zip

c:\documents and settings\yoda\Application Data\m\shared\Spam_Filter_ISP_2.7.1.532.zip

c:\documents and settings\yoda\Application Data\m\shared\Street_Challenge_1.3.1.zip

c:\documents and settings\yoda\Application Data\m\shared\SwisSQL--Sybase_to_SQL_Server_2.1.zip

c:\documents and settings\yoda\Application Data\m\shared\Take_Command_8.02_Build_94_(Crack).zip

c:\documents and settings\yoda\Application Data\m\shared\TcsPdfIt 1.zip

c:\documents and settings\yoda\Application Data\m\shared\TeleMessage Microsoft Outlook Plug-in 5.5.6.zip

c:\documents and settings\yoda\Application Data\m\shared\The Green Search Widget 0.1.zip

c:\documents and settings\yoda\Application Data\m\shared\TheaterTek_DVD_2.0_(With_Crack).zip

c:\documents and settings\yoda\Application Data\m\shared\Tomb_Raider_Legend_next-generation_demo.zip

c:\documents and settings\yoda\Application Data\m\shared\Torrent_Buster_1.3.zip

c:\documents and settings\yoda\Application Data\m\shared\Trivial Pursuit Silver Screen Edition 1.zip

c:\documents and settings\yoda\Application Data\m\shared\uCertify_-_MCSA_Practice_Test_for_Exam_SK0-002.-_160+_Questions_8.00.05_[Crack].zip

c:\documents and settings\yoda\Application Data\m\shared\UDP_Serial_Port_Redirector_1.2.1_(Crack).zip

c:\documents and settings\yoda\Application Data\m\shared\Unreal_Tournament_2003_-_Trojan_bot_skin.zip

c:\documents and settings\yoda\Application Data\m\shared\USA_Shield_2.15.zip

c:\documents and settings\yoda\Application Data\m\shared\Video DVD Maker PRO 3.1.0.5.zip

c:\documents and settings\yoda\Application Data\m\shared\Vordur Install Manager 1.6.zip

c:\documents and settings\yoda\Application Data\m\shared\Whizlabs J2EE Certification (SCBCD) Online Training 2.3.1 [serial].zip

c:\documents and settings\yoda\Application Data\m\shared\WinMPG iPod Converter 2.0.zip

c:\documents and settings\yoda\Application Data\m\shared\World_of_Warcraft_v1.4.0_French_patch.zip

c:\documents and settings\yoda\Application Data\m\shared\Worlds_map.zip

c:\documents and settings\yoda\Application Data\m\srvlist.oct

C:\InfoSat.txt

c:\program files\Microsoft ActiveSync\wcescomm.exe

c:\windows\system\oeminfo.ini

c:\windows\system32\ban_list.txt

c:\windows\system32\mdelk.exe

c:\windows\system32\tmp.reg

c:\windows\system32\wintems.exe

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_SK9OU0S

-------\Legacy_SROSA

-------\Service_sK9Ou0s

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-09 au 2008-12-09 ))))))))))))))))))))))))))))))))))))

.

 

2008-12-09 07:03 . 2008-12-09 07:03 <REP> d-------- C:\32788R22FWJFW

2008-12-08 10:27 . 2008-12-08 10:27 <REP> d-------- c:\program files\Panda Security

2008-12-07 23:38 . 2008-12-07 23:37 21,272,617 --a------ c:\windows\LPT$VPN.693

2008-12-07 23:37 . 2008-12-07 23:37 21,272,617 --a------ c:\windows\VPTNFILE.693

2008-12-07 23:36 . 2008-12-07 23:37 <REP> d-------- c:\windows\AU_Temp

2008-12-07 22:50 . 2008-12-07 22:52 <REP> d-------- c:\program files\Yahoo!

2008-12-07 22:33 . 2008-12-07 22:34 <REP> d--h----- c:\documents and settings\yoda\Application Data\drivers

2008-12-05 17:01 . 2008-12-05 17:01 <REP> d-------- C:\Navigation

2008-12-05 16:54 . 2008-12-05 16:59 <REP> d-------- c:\program files\DestinatorApps

2008-11-15 20:28 . 2001-08-28 13:00 499,200 --a------ c:\windows\system32\gpedit.dll

2008-11-15 20:28 . 2002-08-29 10:44 284,160 --a------ c:\windows\system32\appmgr.dll

2008-11-15 20:28 . 2002-08-29 10:44 185,856 --a------ c:\windows\system32\gptext.dll

2008-11-15 20:28 . 2002-08-29 10:44 165,376 --a------ c:\windows\system32\appmgmts.dll

2008-11-15 20:28 . 2001-08-28 13:00 119,296 --a------ c:\windows\system32\fde.dll

2008-11-15 20:28 . 2002-08-29 10:44 70,144 --a------ c:\windows\system32\fdeploy.dll

2008-11-15 20:28 . 2001-08-28 13:00 34,352 --a------ c:\windows\system32\gpedit.msc

2008-11-12 09:10 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2008-11-12 09:08 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-09 06:11 --------- d-----w c:\program files\Microsoft ActiveSync

2008-12-07 22:37 91,744 ----a-w c:\windows\BPMNT.dll

2008-12-07 22:37 71,749 ----a-w c:\windows\hcextoutput.dll

2008-12-07 22:37 345,157 ----a-w c:\windows\tsc.exe

2008-12-07 22:37 1,213,784 ----a-w c:\windows\vsapi32.dll

2008-12-07 22:11 --------- d-----w c:\program files\DEFENSE PC

2008-12-05 15:49 --------- d-----w c:\program files\Ahead

2008-11-30 19:04 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-11-28 20:33 73,216 ----a-w c:\windows\ST6UNST.EXE

2008-11-28 20:33 249,856 ------w c:\windows\Setup1.exe

2008-11-22 02:05 3,532 ----a-w C:\drmHeader.bin

2008-11-20 18:01 --------- d-----w c:\documents and settings\yoda\Application Data\dvdcss

2008-11-10 21:17 --------- d-----w c:\program files\Fichiers communs\Adobe

2008-11-06 06:12 --------- d-----w c:\program files\DivX

2008-11-04 20:04 --------- d-----w c:\program files\Neuf

2008-10-28 17:01 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-10-28 17:01 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-21 16:27 --------- d-----w c:\program files\Microsoft Silverlight

2008-10-19 09:26 --------- d-----w c:\program files\Fichiers communs\PC SOFT

2008-10-19 09:26 --------- d-----w c:\documents and settings\yoda\Application Data\DDaussy

2008-10-19 09:26 --------- d-----w c:\documents and settings\All Users\Application Data\catalogue recettes cuisine

2008-10-14 15:29 --------- d-----w c:\program files\crypteur documents

2008-10-14 15:28 --------- d-----w c:\program files\Axon Data

2008-10-11 17:11 --------- d-----w c:\documents and settings\yoda\Application Data\Seven Zip

2008-10-11 17:11 --------- d-----w c:\documents and settings\All Users\Application Data\{02C45027-B817-41FE-A000-2799C43CEF41}

2008-02-01 19:45 47,360 ----a-w c:\documents and settings\yoda\Application Data\pcouffin.sys

2007-06-07 18:49 8,192 --sha-w c:\program files\Thumbs.db

2007-03-09 16:48 3,202 -c--a-w c:\program files\RRIRJ.DAT

2007-02-01 16:02 1 ----a-w c:\documents and settings\yoda\SI.bin

2006-12-13 20:32 40,856 ----a-w c:\program files\ffdssetts.reg

2006-12-13 20:32 119 ----a-w c:\program files\satsukidecodersettings.ini

2006-12-13 20:32 1,500 ----a-w c:\program files\ffdsasetts.reg

2005-07-09 06:46 89 -c--a-w c:\program files\rrirj.ini

2003-10-23 16:52 40,960 ----a-w c:\program files\Uninstall_CDS.exe

2001-12-07 11:00 1,585 -c--a-w c:\program files\Lisez-moi.txt

2001-07-31 09:46 766 ----a-w c:\program files\Uninst.ico

1997-07-18 13:53 229,888 ----a-w c:\program files\rrirjw32.exe

1996-01-17 16:14 766 ----a-w c:\program files\rrirj.ico

2005-10-24 09:13 66,560 --sha-r c:\windows\MOTA113.exe

2005-10-13 19:27 422,400 --sha-r c:\windows\x2.64.exe

2007-12-30 12:09 8 --sha-r c:\windows\system32\567574EF83.sys

2005-10-28 16:44 308,224 --sha-w c:\windows\system32\avisynth.dll

2005-07-14 10:31 27,648 --sha-r c:\windows\system32\AVSredirect.dll

2005-06-26 13:32 616,448 --sha-r c:\windows\system32\cygwin1.dll

2005-06-21 20:37 45,568 --sha-r c:\windows\system32\cygz.dll

2004-01-24 22:00 70,656 --sha-r c:\windows\system32\i420vfw.dll

2007-12-30 12:09 2,828 --sha-w c:\windows\system32\KGyGaAvL.sys

2006-04-27 08:24 2,945,024 --sha-r c:\windows\system32\Smab.dll

2005-02-28 11:16 240,128 --sha-r c:\windows\system32\x.264.exe

2004-01-25 17:18 70,656 --sha-w c:\windows\system32\yv12vfw.dll

2008-06-06 13:32 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008060620080607\index.dat

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RestoreIT!"="c:\program files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" [2004-09-21 114688]

"fenaffiche"="c:\program files\FenAffiche\Fenpowernet.exe" [2004-07-23 49152]

"QuickTime Task"="c:\program files\quick time\qttask.exe" [2008-05-27 413696]

"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-08-25 185632]

"VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe]

"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 c:\windows\AGRSMMSG.exe]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3acm"= l3codecp.acm

"VIDC.MJPG"= pvmjpg21.dll

"VIDC.PVW2"= pvwv220.dll

"VIDC.PIMJ"= pvljpg20.dll

"vidc.i263"= c:\windows\system32\i263_32.drv

"vidc.VP40"= vp4vfw.dll

"VIDC.X264"= x264vfw.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

--a------ 2006-11-03 09:59 204288 c:\program files\Windows Media Player\wmpnscfg.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\program files\quick time\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Temp\\CI_HITACHI\\MAJ_Hitachi.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"c:\\Program Files\\bitcomet\\BitComet.exe"=

"c:\\WINDOWS\\system32\\svchost.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"e:\\JEU\\SteamApps\\xxx8575\\counter-strike source\\hl2.exe"=

"e:\\JEU\\SteamApps\\xxx8575\\day of defeat\\hl.exe"=

"e:\\JEU\\SteamApps\\xxx8575\\counter-strike\\hl.exe"=

"e:\\JEU\\SteamApps\\xxx8575\\condition zero\\hl.exe"=

"e:\\JEU\\SteamApps\\xxx8575\\condition zero deleted scenes\\hl.exe"=

"c:\\Program Files\\HLSW\\hlsw.exe"=

"c:\\Program Files\\e-mule\\eMule\\emule.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"e:\\Jeu Trackmania\\trackmania nation\\TrackMania Nations ESWC\\TmNationsESWC.exe"=

"e:\\trackmania forever\\TmNationsForever\\TmForever.exe"=

"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"4672:UDP"= 4672:UDP:kad_reseau

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"5900:TCP"= 5900:TCP:assistance msn

"3389:UDP"= 3389:UDP:assistance à distance

"21:UDP"= 21:UDP:club

"4672:TCP"= 4672:TCP:mulot

"23430:TCP"= 23430:TCP:BitComet 23430 TCP

"23430:UDP"= 23430:UDP:BitComet 23430 UDP

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"24192:TCP"= 24192:TCP:BitComet 24192 TCP

"24192:UDP"= 24192:UDP:BitComet 24192 UDP

"13941:TCP"= 13941:TCP:BitComet 13941 TCP

"13941:UDP"= 13941:UDP:BitComet 13941 UDP

"26228:TCP"= 26228:TCP:@xpsp2res.dll,-22009

"25204:TCP"= 25204:TCP:@xpsp2res.dll,-22009

 

R0 RITCPT;RITCPT;c:\windows\system32\drivers\RITCPT.sys [2004-11-24 43512]

R0 VVBackd5;VVBackd5;c:\windows\system32\drivers\VVBackd5.sys [2005-01-23 179482]

R3 ZSMC302;VIMICRO USB PC Camera;c:\windows\system32\Drivers\usbVM31b.sys [2008-03-20 91263]

S2 FBAPI;FBAPI;\??\c:\windows\system32\drivers\FBAPI.sys []

S3 actvcomm;actvcomm;c:\windows\system32\drivers\actvcomm.sys [2004-04-28 78848]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-09-10 13352]

S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\DRIVERS\k510bus.sys [2006-12-29 58288]

S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\DRIVERS\k510mdfl.sys [2006-12-29 8336]

S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\DRIVERS\k510mdm.sys [2006-12-29 94064]

S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\k510mgmt.sys [2006-12-29 85408]

S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\k510obex.sys [2006-12-29 83344]

S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\DRIVERS\k600bus.sys [2007-09-22 52384]

S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;c:\windows\system32\DRIVERS\k600mdfl.sys [2007-09-22 6096]

S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;c:\windows\system32\DRIVERS\k600mdm.sys [2007-09-22 87456]

S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;c:\windows\system32\DRIVERS\k600mgmt.sys [2007-09-22 79248]

S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;c:\windows\system32\DRIVERS\k600obex.sys [2007-09-22 77072]

S3 PsSdk31;PsSdk31;\??\c:\windows\system32\Drivers\pssdk31.drv [2008-08-21 30272]

S3 PsSdkLBF;PsSdkLBF;\??\c:\windows\system32\Drivers\pssdklbf.drv [2008-08-21 37440]

S3 SPAInfoDrv;SPAInfoDrv;\??\c:\progra~1\MOBILE~1\bin\SPAInfoDrv.sys []

S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;c:\windows\system32\DRIVERS\usb8023.sys [2004-08-05 12800]

S3 viafilter;VIA USB Filter;c:\windows\system32\Drivers\viausb1.sys [2007-07-01 9728]

S3 vvftav;vvftav;c:\windows\system32\drivers\vvftav.sys []

S3 ZSMC0305;USB PC Camera VC305;c:\windows\system32\Drivers\usbVM305.sys []

S4 SrvQxa;SrvQxa;"\\?\c:\program files\Fichiers communs\System\lpt9.exe" []

.

Contenu du dossier 'Tâches planifiées'

 

2008-10-15 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

 

2008-12-05 c:\windows\Tasks\Maintenance en 1 clic.job

- c:\program files\tune up utilities\SystemOptimizer.exe []

 

2005-11-19 c:\windows\Tasks\Recherche de virus de McAfee.com - Mon ordinateur (SY4PPNP19-yoda).job

- c:\progra~1\mcafee.com\vso\mcmnhdlr.exe []

.

- - - - ORPHELINS SUPPRIMES - - - -

 

Toolbar-ID - (no file)

HKCU-Run-H/PC Connection Agent - c:\program files\Microsoft ActiveSync\wcescomm.exe

HKCU-Run-PowerBar - (no file)

Notify-AtiExtEvent - (no file)

MSConfigStartUp-PC Connection Agent - c:\program files\Microsoft ActiveSync\wcescomm.exe

 

 

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/

uInternet Settings,ProxyOverride = 127.0.0.1

IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm

TCP: {71BF9D82-2AA1-4FDA-B5E0-38CFCED69208} = 194.117.200.10,194.117.200.15

TCP: {D757C7C0-5818-4037-9050-25956FACD407} = 194.117.200.10,194.117.200.15

 

O16 -: Microsoft XML Parser for Java

 

O16 -: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} - hxxp://minitelweb.minitel.com/imin_data/ocx/MDM.cab

 

O16 -: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe

 

O16 -: {27FA5271-12D2-43E3-9424-365A43236EE7} - hxxp://fr.pixaco.com/static/download/iedropupload.cab

 

c:\windows\bdoscandellang.ini - c:\windows\bdoscandel.exe

c:\windows\Downloaded Program Files\live.ini

c:\windows\Downloaded Program Files\scanoptions.tsi

c:\windows\Downloaded Program Files\lang.ini

c:\windows\Downloaded Program Files\ipsupd.dll

c:\windows\Downloaded Program Files\bdupd.dll

c:\windows\Downloaded Program Files\libfn.dll

c:\windows\Downloaded Program Files\bdcore.dll

c:\windows\Downloaded Program Files\oscan8.ocx

O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}

hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

c:\windows\Downloaded Program Files\oscan8.inf

 

O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_2_0_4_13.cab

c:\windows\Downloaded Program Files\hardwaredetection.inf

 

c:\windows\Downloaded Program Files\fireev.ocx - c:\windows\Downloaded Program Files\fireev.inf

O16 -: {D3D0E7BC-170E-11D0-B2D1-00AA00B92B50}

hxxp://singles.sfr.fr/dlm/ax/fireev.2.7.0.0.cab

c:\windows\Downloaded Program Files\fireev.inf

 

O16 -: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - hxxp://bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe

 

O16 -: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} - hxxp://motive.club-internet.fr:2112/lwp/static/installers/WebflowActiveXInstaller_4-0-0.cab

c:\windows\Downloaded Program Files\WebflowActiveXInstaller.inf

FireFox -: Profile - c:\documents and settings\GACHOD Sylvain\Application Data\Mozilla\Firefox\Profiles\yzkz7tna.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

.

.

------- Associations de fichier -------

.

vbsfile\shell\edit\command=%SystemRoot%\System32\Notepad.exe %1

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-09 07:17:49

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\PsSdk31]

"ImagePath"="\??\c:\windows\system32\Drivers\pssdk31.drv"

 

[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\PsSdkLBF]

"ImagePath"="\??\c:\windows\system32\Drivers\pssdklbf.drv"

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Heure de fin: 2008-12-09 7:27:30 - La machine a redémarré

ComboFix-quarantined-files.txt 2008-12-09 06:27:27

 

Avant-CF: 48 841 998 336 octets libres

Après-CF: 48,239,075,328 octets libres

 

405 --- E O F --- 2008-11-12 08:17:38

 

 

 

Merci d'avance pour la suite.

[Falkra]

Tu as choppé ça par un crack. La console de récupération est un filet de secours en cas de pépin sur la machine, l'installer est utile, et sans risque, réponds oui à Combofix la prochaine fois qu'il te le proposera. On nettoie un peu quelques bricoles.

 

:!: Ce qui suit n'est que pour ta machine, et ta machine seulement.

Ne surtout pas utiliser sur une autre machine : dangereux.

 

• Désactive ton antivirus, il peut gêner.
  
• Ouvre le Bloc-notes. Vérifie que dans le menu "Format", le "retour automatique à la ligne" est désactivé. Copie colle ceci dedans :
  

Killall::

 

File::

c:\windows\system32\Smab.dll

C:\Documents and Settings\Yoda\Application Data\drivers\srosa2.sys

C:\Documents and Settings\Yoda\Application Data\drivers\srosa.sys

C:\Documents and Settings\Yoda\Bureau\SYLVAIN\generateur de clé.exe

 

driver::

SrvQxa

SPAInfoDrv

FBAPI

 

Dirlook::

C:\Documents and Settings\Yoda\Application Data\drivers

• Sauvegarde cela comme fichier texte nommé CFScript, sur le bureau.
   
  
• Fais un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe comme sur la capture
  

• Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
  
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  
• Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
  

 

Ensuite ajoute un nouveau rapport HijackThis stp après ce rapport là, et réactive ton antivirus.

[yoda93]

Voilà les manips sont effectuées et tu trouveras les rapports demandés à la suite.

 

Rapport Combofix :

 

ComboFix 08-12-07.04 - GACHOD Sylvain 2008-12-09 9:45:20.5 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.396 [GMT 1:00]

Lancé depuis: c:\documents and settings\GACHOD Sylvain\Bureau\TRALALA.exe

Commutateurs utilisés :: c:\documents and settings\GACHOD Sylvain\Bureau\CFScript.txt

* Un nouveau point de restauration a été créé

 

FILE ::

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\srosa.sys

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\srosa2.sys

c:\documents and settings\GACHOD Sylvain\Bureau\SYLVAIN\generateur de clé.exe

c:\windows\system32\Smab.dll

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\srosa.sys

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\srosa2.sys

c:\documents and settings\GACHOD Sylvain\Bureau\SYLVAIN\generateur de clé.exe

c:\windows\system32\Smab.dll

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_FBAPI

-------\Legacy_SPAINFODRV

-------\Legacy_SRVQXA

-------\Service_FBAPI

-------\Service_SPAInfoDrv

-------\Service_SrvQxa

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-09 au 2008-12-09 ))))))))))))))))))))))))))))))))))))

.

 

2008-12-08 10:27 . 2008-12-08 10:27 <REP> d-------- c:\program files\Panda Security

2008-12-07 23:38 . 2008-12-07 23:37 21,272,617 --a------ c:\windows\LPT$VPN.693

2008-12-07 23:37 . 2008-12-07 23:37 21,272,617 --a------ c:\windows\VPTNFILE.693

2008-12-07 23:36 . 2008-12-07 23:37 <REP> d-------- c:\windows\AU_Temp

2008-12-07 22:50 . 2008-12-07 22:52 <REP> d-------- c:\program files\Yahoo!

2008-12-07 22:33 . 2008-12-09 09:45 <REP> d--h----- c:\documents and settings\GACHOD Sylvain\Application Data\drivers

2008-12-05 17:01 . 2008-12-05 17:01 <REP> d-------- C:\Navigation

2008-12-05 16:54 . 2008-12-05 16:59 <REP> d-------- c:\program files\DestinatorApps

2008-11-15 20:28 . 2001-08-28 13:00 499,200 --a------ c:\windows\system32\gpedit.dll

2008-11-15 20:28 . 2002-08-29 10:44 284,160 --a------ c:\windows\system32\appmgr.dll

2008-11-15 20:28 . 2002-08-29 10:44 185,856 --a------ c:\windows\system32\gptext.dll

2008-11-15 20:28 . 2002-08-29 10:44 165,376 --a------ c:\windows\system32\appmgmts.dll

2008-11-15 20:28 . 2001-08-28 13:00 119,296 --a------ c:\windows\system32\fde.dll

2008-11-15 20:28 . 2002-08-29 10:44 70,144 --a------ c:\windows\system32\fdeploy.dll

2008-11-15 20:28 . 2001-08-28 13:00 34,352 --a------ c:\windows\system32\gpedit.msc

2008-11-12 09:10 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2008-11-12 09:08 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-09 06:11 --------- d-----w c:\program files\Microsoft ActiveSync

2008-12-07 22:37 91,744 ----a-w c:\windows\BPMNT.dll

2008-12-07 22:37 71,749 ----a-w c:\windows\hcextoutput.dll

2008-12-07 22:37 345,157 ----a-w c:\windows\tsc.exe

2008-12-07 22:37 1,213,784 ----a-w c:\windows\vsapi32.dll

2008-12-07 22:11 --------- d-----w c:\program files\DEFENSE PC

2008-12-05 15:49 --------- d-----w c:\program files\Ahead

2008-11-30 19:04 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-11-28 20:33 73,216 ----a-w c:\windows\ST6UNST.EXE

2008-11-28 20:33 249,856 ------w c:\windows\Setup1.exe

2008-11-22 02:05 3,532 ----a-w C:\drmHeader.bin

2008-11-20 18:01 --------- d-----w c:\documents and settings\GACHOD Sylvain\Application Data\dvdcss

2008-11-10 21:17 --------- d-----w c:\program files\Fichiers communs\Adobe

2008-11-06 06:12 --------- d-----w c:\program files\DivX

2008-11-04 20:04 --------- d-----w c:\program files\Neuf

2008-10-28 17:01 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-10-28 17:01 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-21 16:27 --------- d-----w c:\program files\Microsoft Silverlight

2008-10-19 09:26 --------- d-----w c:\program files\Fichiers communs\PC SOFT

2008-10-19 09:26 --------- d-----w c:\documents and settings\GACHOD Sylvain\Application Data\DDaussy

2008-10-19 09:26 --------- d-----w c:\documents and settings\All Users\Application Data\catalogue recettes cuisine

2008-10-14 15:29 --------- d-----w c:\program files\crypteur documents

2008-10-14 15:28 --------- d-----w c:\program files\Axon Data

2008-10-11 17:11 --------- d-----w c:\documents and settings\GACHOD Sylvain\Application Data\Seven Zip

2008-10-11 17:11 --------- d-----w c:\documents and settings\All Users\Application Data\{02C45027-B817-41FE-A000-2799C43CEF41}

2008-02-01 19:45 47,360 ----a-w c:\documents and settings\GACHOD Sylvain\Application Data\pcouffin.sys

2007-06-07 18:49 8,192 --sha-w c:\program files\Thumbs.db

2007-03-09 16:48 3,202 -c--a-w c:\program files\RRIRJ.DAT

2007-02-01 16:02 1 ----a-w c:\documents and settings\GACHOD Sylvain\SI.bin

2006-12-13 20:32 40,856 ----a-w c:\program files\ffdssetts.reg

2006-12-13 20:32 119 ----a-w c:\program files\satsukidecodersettings.ini

2006-12-13 20:32 1,500 ----a-w c:\program files\ffdsasetts.reg

2005-07-09 06:46 89 -c--a-w c:\program files\rrirj.ini

2003-10-23 16:52 40,960 ----a-w c:\program files\Uninstall_CDS.exe

2001-12-07 11:00 1,585 -c--a-w c:\program files\Lisez-moi.txt

2001-07-31 09:46 766 ----a-w c:\program files\Uninst.ico

1997-07-18 13:53 229,888 ----a-w c:\program files\rrirjw32.exe

1996-01-17 16:14 766 ----a-w c:\program files\rrirj.ico

2005-10-24 09:13 66,560 --sha-r c:\windows\MOTA113.exe

2005-10-13 19:27 422,400 --sha-r c:\windows\x2.64.exe

2007-12-30 12:09 8 --sha-r c:\windows\system32\567574EF83.sys

2005-10-28 16:44 308,224 --sha-w c:\windows\system32\avisynth.dll

2005-07-14 10:31 27,648 --sha-r c:\windows\system32\AVSredirect.dll

2005-06-26 13:32 616,448 --sha-r c:\windows\system32\cygwin1.dll

2005-06-21 20:37 45,568 --sha-r c:\windows\system32\cygz.dll

2004-01-24 22:00 70,656 --sha-r c:\windows\system32\i420vfw.dll

2007-12-30 12:09 2,828 --sha-w c:\windows\system32\KGyGaAvL.sys

2005-02-28 11:16 240,128 --sha-r c:\windows\system32\x.264.exe

2004-01-25 17:18 70,656 --sha-w c:\windows\system32\yv12vfw.dll

2008-06-06 13:32 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008060620080607\index.dat

.

 

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

---- Directory of c:\documents and settings\GACHOD Sylvain\Application Data\drivers ----

 

2008-12-09 06:55 3601 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\291015.exe

2008-12-09 06:55 3601 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\290671.exe

2008-12-09 06:55 3601 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\289421.exe

2008-12-09 06:54 863748 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\239515.exe

2008-12-09 06:54 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\231875.exe

2008-12-09 06:54 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\231578.exe

2008-12-09 06:54 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\231093.exe

2008-12-09 06:53 95027 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\161812.exe

2008-12-09 06:53 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\216703.exe

2008-12-09 06:53 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\216140.exe

2008-12-09 06:53 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\215203.exe

2008-12-09 06:53 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\214171.exe

2008-12-09 06:53 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\213656.exe

2008-12-09 06:53 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\212015.exe

2008-12-09 06:53 3252 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\198718.exe

2008-12-09 06:53 3252 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\198687.exe

2008-12-09 06:53 3252 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\198031.exe

2008-12-09 06:52 67678 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\113171.exe

2008-12-09 06:52 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\142046.exe

2008-12-09 06:52 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\141640.exe

2008-12-09 06:52 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\140656.exe

2008-12-09 06:52 1508 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\127000.exe

2008-12-09 06:52 1508 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\126265.exe

2008-12-09 06:52 1508 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\124390.exe

2008-12-09 06:52 13242 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\140093.exe

2008-12-09 06:52 13242 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\139953.exe

2008-12-09 06:52 13242 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\128000.exe

2008-12-09 06:52 117836 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\srosa.sys

2008-12-09 06:51 7168 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\srosa2.sys

2008-12-08 22:05 863748 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\45112421.exe

2008-12-08 22:05 3601 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\45154437.exe

2008-12-08 22:05 3601 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\45154171.exe

2008-12-08 22:05 3601 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\45153812.exe

2008-12-08 22:04 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\45088578.exe

2008-12-08 22:04 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\45087781.exe

2008-12-08 22:04 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\45086843.exe

2008-12-08 22:04 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\45086015.exe

2008-12-08 22:04 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\45085562.exe

2008-12-08 22:04 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\45084671.exe

2008-12-08 22:04 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\45105578.exe

2008-12-08 22:04 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\45105265.exe

2008-12-08 22:04 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\45104156.exe

2008-12-08 22:03 3252 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\45009500.exe

2008-12-08 22:03 3252 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\45009484.exe

2008-12-08 22:03 3252 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\45009453.exe

2008-12-08 22:02 95027 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\44963328.exe

2008-12-08 22:01 67678 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\44866250.exe

2008-12-08 22:01 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\44883156.exe

2008-12-08 22:01 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\44882656.exe

2008-12-08 22:01 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\44881906.exe

2008-12-08 22:01 1508 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\44880343.exe

2008-12-08 22:01 1508 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\44879796.exe

2008-12-08 22:01 1508 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\44878031.exe

2008-12-08 22:01 13242 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\44881484.exe

2008-12-08 22:01 13242 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\44881328.exe

2008-12-08 22:01 13242 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\44880968.exe

2008-12-08 18:00 863748 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30398375.exe

2008-12-08 18:00 3601 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30458437.exe

2008-12-08 18:00 3601 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30457921.exe

2008-12-08 18:00 3601 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30456921.exe

2008-12-08 17:59 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30373515.exe

2008-12-08 17:59 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30372703.exe

2008-12-08 17:59 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30371546.exe

2008-12-08 17:59 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30370406.exe

2008-12-08 17:59 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30369609.exe

2008-12-08 17:59 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30368484.exe

2008-12-08 17:59 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30390875.exe

2008-12-08 17:59 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30390437.exe

2008-12-08 17:59 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30389843.exe

2008-12-08 17:59 3252 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30354328.exe

2008-12-08 17:59 3252 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30354265.exe

2008-12-08 17:59 3252 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30354062.exe

2008-12-08 17:58 95027 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30310468.exe

2008-12-08 17:58 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30292250.exe

2008-12-08 17:58 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30291968.exe

2008-12-08 17:58 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30291500.exe

2008-12-08 17:58 13242 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30247671.exe

2008-12-08 17:56 67678 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30174781.exe

2008-12-08 17:56 1508 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30185640.exe

2008-12-08 17:56 1508 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30184859.exe

2008-12-08 17:56 1508 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30182687.exe

2008-12-08 17:56 13242 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30186484.exe

2008-12-08 13:55 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15717109.exe

2008-12-08 13:55 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15716718.exe

2008-12-08 13:55 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15716187.exe

2008-12-08 13:55 3601 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15766781.exe

2008-12-08 13:55 3601 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15766515.exe

2008-12-08 13:55 3601 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15765359.exe

2008-12-08 13:54 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15699187.exe

2008-12-08 13:54 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15698437.exe

2008-12-08 13:54 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15697156.exe

2008-12-08 13:54 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15696250.exe

2008-12-08 13:54 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15695531.exe

2008-12-08 13:54 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15694046.exe

2008-12-08 13:53 3252 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15616578.exe

2008-12-08 13:53 3252 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15616562.exe

2008-12-08 13:53 3252 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15616015.exe

2008-12-08 13:52 21412 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15562593.exe

2008-12-08 13:51 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15526046.exe

2008-12-08 13:51 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15525562.exe

2008-12-08 13:51 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15524406.exe

2008-12-08 13:50 67678 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15416796.exe

2008-12-08 13:50 1508 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15443968.exe

2008-12-08 13:50 1508 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15443109.exe

2008-12-08 13:50 1508 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15440765.exe

2008-12-08 09:44 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\666234.exe

2008-12-08 09:44 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\665671.exe

2008-12-08 09:44 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\664531.exe

2008-12-08 09:44 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\663312.exe

2008-12-08 09:44 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\662468.exe

2008-12-08 09:44 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\660984.exe

2008-12-08 09:44 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\683515.exe

2008-12-08 09:44 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\682968.exe

2008-12-08 09:44 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\682375.exe

2008-12-08 09:43 3252 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\647078.exe

2008-12-08 09:43 3252 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\646828.exe

2008-12-08 09:43 3252 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\645906.exe

2008-12-08 09:35 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\123640.exe

2008-12-08 09:35 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\123359.exe

2008-12-08 09:35 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\122562.exe

2008-12-08 09:35 1508 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\111578.exe

2008-12-08 09:35 1508 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\110968.exe

2008-12-08 09:35 1508 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\109625.exe

2008-12-08 09:35 13242 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\121968.exe

2008-12-08 09:35 13242 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\121859.exe

2008-12-08 09:35 13242 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\112140.exe

2008-12-08 09:10 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\35178281.exe

2008-12-08 09:10 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\35177640.exe

2008-12-08 09:10 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\35176562.exe

2008-12-08 09:10 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\35175093.exe

2008-12-08 09:10 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\35174187.exe

2008-12-08 09:10 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\35194093.exe

2008-12-08 09:10 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\35193718.exe

2008-12-08 09:10 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\35193312.exe

2008-12-08 09:09 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\35172156.exe

2008-12-08 09:09 3252 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\35158500.exe

2008-12-08 09:09 3252 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\35158406.exe

2008-12-08 09:09 3252 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\35158265.exe

2008-12-08 08:00 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\31029000.exe

2008-12-08 08:00 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\31028718.exe

2008-12-08 08:00 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\31028281.exe

2008-12-08 08:00 1508 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\31009718.exe

2008-12-08 08:00 1508 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\31008500.exe

2008-12-08 08:00 1508 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\31006125.exe

2008-12-08 08:00 13242 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\31027875.exe

2008-12-08 08:00 13242 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\31027421.exe

2008-12-08 08:00 13242 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\31010515.exe

2008-12-08 03:46 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15738687.exe

2008-12-08 03:46 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15738250.exe

2008-12-08 03:46 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15737750.exe

2008-12-08 03:45 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15722140.exe

2008-12-08 03:45 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15721453.exe

2008-12-08 03:45 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15720703.exe

2008-12-08 03:45 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15719609.exe

2008-12-08 03:45 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15718625.exe

2008-12-08 03:45 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15716921.exe

2008-12-08 03:45 3252 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15701843.exe

2008-12-08 03:45 3252 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15701656.exe

2008-12-08 03:45 3252 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15700937.exe

2008-12-08 03:33 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\14975531.exe

2008-12-08 03:33 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\14975125.exe

2008-12-08 03:33 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\14973890.exe

2008-12-08 03:33 5116 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15004921.exe

2008-12-08 03:33 5116 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15004671.exe

2008-12-08 03:33 5116 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15002703.exe

2008-12-08 03:33 1508 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\14971656.exe

2008-12-08 03:33 1508 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\14970765.exe

2008-12-08 03:33 1508 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\14968125.exe

2008-12-08 03:33 13242 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\14973359.exe

2008-12-08 03:33 13242 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\14973125.exe

2008-12-08 03:33 13242 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\14972453.exe

2008-12-07 23:28 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\258203.exe

2008-12-07 23:28 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\257906.exe

2008-12-07 23:28 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\257546.exe

2008-12-07 23:27 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\242796.exe

2008-12-07 23:27 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\242359.exe

2008-12-07 23:27 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\241656.exe

2008-12-07 23:27 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\240656.exe

2008-12-07 23:27 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\240000.exe

2008-12-07 23:27 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\238562.exe

2008-12-07 23:27 3252 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\226421.exe

2008-12-07 23:27 3252 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\226218.exe

2008-12-07 23:27 3252 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\225671.exe

2008-12-07 23:26 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\164625.exe

2008-12-07 23:26 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\164328.exe

2008-12-07 23:26 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\163718.exe

2008-12-07 23:26 1508 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\161500.exe

2008-12-07 23:26 1508 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\161093.exe

2008-12-07 23:26 1508 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\159500.exe

2008-12-07 23:26 13242 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\163250.exe

2008-12-07 23:26 13242 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\163109.exe

2008-12-07 23:26 13242 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\162171.exe

2008-12-07 23:17 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\140140.exe

2008-12-07 23:17 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\139843.exe

2008-12-07 23:17 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\139187.exe

2008-12-07 23:17 1508 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\107531.exe

2008-12-07 23:17 1508 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\107203.exe

2008-12-07 23:17 1508 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\104234.exe

2008-12-07 23:17 13242 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\138328.exe

2008-12-07 23:17 13242 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\137968.exe

2008-12-07 23:17 13242 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\108296.exe

2008-12-07 23:02 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\188640.exe

2008-12-07 23:02 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\188062.exe

2008-12-07 23:02 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\187203.exe

2008-12-07 23:02 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\186125.exe

2008-12-07 23:02 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\185250.exe

2008-12-07 23:02 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\183734.exe

2008-12-07 23:02 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\206703.exe

2008-12-07 23:02 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\206234.exe

2008-12-07 23:02 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\205734.exe

2008-12-07 23:02 3252 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\169937.exe

2008-12-07 23:02 3252 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\169859.exe

2008-12-07 23:02 3252 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\169234.exe

2008-12-07 23:00 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\102500.exe

2008-12-07 23:00 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\102187.exe

2008-12-07 23:00 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\101515.exe

2008-12-07 23:00 1508 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\99343.exe

2008-12-07 23:00 1508 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\99000.exe

2008-12-07 23:00 1508 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\97000.exe

2008-12-07 23:00 13242 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\99984.exe

2008-12-07 23:00 13242 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\101046.exe

2008-12-07 23:00 13242 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\100750.exe

2008-12-07 22:50 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\211515.exe

2008-12-07 22:50 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\211062.exe

2008-12-07 22:50 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\210187.exe

2008-12-07 22:50 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\209187.exe

2008-12-07 22:50 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\208546.exe

2008-12-07 22:50 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\207109.exe

2008-12-07 22:50 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\228296.exe

2008-12-07 22:50 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\227781.exe

2008-12-07 22:50 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\227078.exe

2008-12-07 22:50 3252 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\192031.exe

2008-12-07 22:50 3252 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\191921.exe

2008-12-07 22:50 3252 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\191140.exe

2008-12-07 22:49 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\126640.exe

2008-12-07 22:49 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\126343.exe

2008-12-07 22:49 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\125703.exe

2008-12-07 22:49 1508 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\123421.exe

2008-12-07 22:49 1508 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\123062.exe

2008-12-07 22:49 1508 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\121140.exe

2008-12-07 22:49 13242 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\125125.exe

2008-12-07 22:49 13242 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\124703.exe

2008-12-07 22:49 13242 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\124078.exe

2008-12-07 22:43 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\359125.exe

2008-12-07 22:43 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\358515.exe

2008-12-07 22:43 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\357187.exe

2008-12-07 22:43 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\356078.exe

2008-12-07 22:43 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\355250.exe

2008-12-07 22:43 766 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\353234.exe

2008-12-07 22:43 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\374468.exe

2008-12-07 22:43 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\374062.exe

2008-12-07 22:43 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\373703.exe

2008-12-07 22:42 3252 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\337562.exe

2008-12-07 22:42 3252 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\337484.exe

2008-12-07 22:42 3252 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\336843.exe

2008-12-07 22:41 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\273312.exe

2008-12-07 22:41 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\273000.exe

2008-12-07 22:41 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\272140.exe

2008-12-07 22:41 1508 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\268296.exe

2008-12-07 22:41 1508 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\267953.exe

2008-12-07 22:41 1508 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\266593.exe

2008-12-07 22:41 13242 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\271406.exe

2008-12-07 22:41 13242 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\270875.exe

2008-12-07 22:41 13242 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\268859.exe

2008-12-07 22:34 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\48009218.exe

2008-12-07 22:34 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\48008750.exe

2008-12-07 22:34 5849 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\48006500.exe

2008-12-07 22:34 1508 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\48003234.exe

2008-12-07 22:34 1508 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\48002343.exe

2008-12-07 22:34 1508 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\48000843.exe

2008-12-07 22:34 13242 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\48005781.exe

2008-12-07 22:34 13242 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\48005328.exe

2008-12-07 22:34 13242 --a------ c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\48004281.exe

2005-09-13 04:05 860168 --------- c:\documents and settings\GACHOD Sylvain\Application Data\drivers\winupgro.exe

 

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RestoreIT!"="c:\program files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" [2004-09-21 114688]

"fenaffiche"="c:\program files\FenAffiche\Fenpowernet.exe" [2004-07-23 49152]

"QuickTime Task"="c:\program files\quick time\qttask.exe" [2008-05-27 413696]

"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-08-25 185632]

"VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe]

"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 c:\windows\AGRSMMSG.exe]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3acm"= l3codecp.acm

"VIDC.MJPG"= pvmjpg21.dll

"VIDC.PVW2"= pvwv220.dll

"VIDC.PIMJ"= pvljpg20.dll

"vidc.i263"= c:\windows\system32\i263_32.drv

"vidc.VP40"= vp4vfw.dll

"VIDC.X264"= x264vfw.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

--a------ 2006-11-03 09:59 204288 c:\program files\Windows Media Player\wmpnscfg.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\program files\quick time\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Temp\\CI_HITACHI\\MAJ_Hitachi.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"c:\\Program Files\\bitcomet\\BitComet.exe"=

"c:\\WINDOWS\\system32\\svchost.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"e:\\JEU\\SteamApps\\xxx8575\\counter-strike source\\hl2.exe"=

"e:\\JEU\\SteamApps\\xxx8575\\day of defeat\\hl.exe"=

"e:\\JEU\\SteamApps\\xxx8575\\counter-strike\\hl.exe"=

"e:\\JEU\\SteamApps\\xxx8575\\condition zero\\hl.exe"=

"e:\\JEU\\SteamApps\\xxx8575\\condition zero deleted scenes\\hl.exe"=

"c:\\Program Files\\HLSW\\hlsw.exe"=

"c:\\Program Files\\e-mule\\eMule\\emule.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"e:\\Jeu Trackmania\\trackmania nation\\TrackMania Nations ESWC\\TmNationsESWC.exe"=

"e:\\trackmania forever\\TmNationsForever\\TmForever.exe"=

"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"4672:UDP"= 4672:UDP:kad_reseau

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"5900:TCP"= 5900:TCP:assistance msn

"3389:UDP"= 3389:UDP:assistance à distance

"21:UDP"= 21:UDP:club

"4672:TCP"= 4672:TCP:mulot

"23430:TCP"= 23430:TCP:BitComet 23430 TCP

"23430:UDP"= 23430:UDP:BitComet 23430 UDP

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"24192:TCP"= 24192:TCP:BitComet 24192 TCP

"24192:UDP"= 24192:UDP:BitComet 24192 UDP

"13941:TCP"= 13941:TCP:BitComet 13941 TCP

"13941:UDP"= 13941:UDP:BitComet 13941 UDP

"26228:TCP"= 26228:TCP:@xpsp2res.dll,-22009

"25204:TCP"= 25204:TCP:@xpsp2res.dll,-22009

 

R0 RITCPT;RITCPT;c:\windows\system32\drivers\RITCPT.sys [2004-11-24 43512]

R0 VVBackd5;VVBackd5;c:\windows\system32\drivers\VVBackd5.sys [2005-01-23 179482]

R3 ZSMC302;VIMICRO USB PC Camera;c:\windows\system32\Drivers\usbVM31b.sys [2008-03-20 91263]

S3 actvcomm;actvcomm;c:\windows\system32\drivers\actvcomm.sys [2004-04-28 78848]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-09-10 13352]

S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\DRIVERS\k510bus.sys [2006-12-29 58288]

S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\DRIVERS\k510mdfl.sys [2006-12-29 8336]

S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\DRIVERS\k510mdm.sys [2006-12-29 94064]

S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\k510mgmt.sys [2006-12-29 85408]

S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\k510obex.sys [2006-12-29 83344]

S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\DRIVERS\k600bus.sys [2007-09-22 52384]

S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;c:\windows\system32\DRIVERS\k600mdfl.sys [2007-09-22 6096]

S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;c:\windows\system32\DRIVERS\k600mdm.sys [2007-09-22 87456]

S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;c:\windows\system32\DRIVERS\k600mgmt.sys [2007-09-22 79248]

S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;c:\windows\system32\DRIVERS\k600obex.sys [2007-09-22 77072]

S3 PsSdk31;PsSdk31;\??\c:\windows\system32\Drivers\pssdk31.drv [2008-08-21 30272]

S3 PsSdkLBF;PsSdkLBF;\??\c:\windows\system32\Drivers\pssdklbf.drv [2008-08-21 37440]

S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;c:\windows\system32\DRIVERS\usb8023.sys [2004-08-05 12800]

S3 viafilter;VIA USB Filter;c:\windows\system32\Drivers\viausb1.sys [2007-07-01 9728]

S3 vvftav;vvftav;c:\windows\system32\drivers\vvftav.sys []

S3 ZSMC0305;USB PC Camera VC305;c:\windows\system32\Drivers\usbVM305.sys []

.

Contenu du dossier 'Tâches planifiées'

 

2008-10-15 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

 

2008-12-05 c:\windows\Tasks\Maintenance en 1 clic.job

- c:\program files\tune up utilities\SystemOptimizer.exe []

 

2005-11-19 c:\windows\Tasks\Recherche de virus de McAfee.com - Mon ordinateur (SY4PPNP19-GACHOD Sylvain).job

- c:\progra~1\mcafee.com\vso\mcmnhdlr.exe []

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/

uInternet Settings,ProxyOverride = 127.0.0.1

IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm

TCP: {71BF9D82-2AA1-4FDA-B5E0-38CFCED69208} = 194.117.200.10,194.117.200.15

TCP: {D757C7C0-5818-4037-9050-25956FACD407} = 194.117.200.10,194.117.200.15

 

O16 -: Microsoft XML Parser for Java

 

O16 -: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} - hxxp://minitelweb.minitel.com/imin_data/ocx/MDM.cab

 

O16 -: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe

 

O16 -: {27FA5271-12D2-43E3-9424-365A43236EE7} - hxxp://fr.pixaco.com/static/download/iedropupload.cab

 

c:\windows\bdoscandellang.ini - c:\windows\bdoscandel.exe

c:\windows\Downloaded Program Files\live.ini

c:\windows\Downloaded Program Files\scanoptions.tsi

c:\windows\Downloaded Program Files\lang.ini

c:\windows\Downloaded Program Files\ipsupd.dll

c:\windows\Downloaded Program Files\bdupd.dll

c:\windows\Downloaded Program Files\libfn.dll

c:\windows\Downloaded Program Files\bdcore.dll

c:\windows\Downloaded Program Files\oscan8.ocx

O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}

hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

c:\windows\Downloaded Program Files\oscan8.inf

 

O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_2_0_4_13.cab

c:\windows\Downloaded Program Files\hardwaredetection.inf

 

c:\windows\Downloaded Program Files\fireev.ocx - c:\windows\Downloaded Program Files\fireev.inf

O16 -: {D3D0E7BC-170E-11D0-B2D1-00AA00B92B50}

hxxp://singles.sfr.fr/dlm/ax/fireev.2.7.0.0.cab

c:\windows\Downloaded Program Files\fireev.inf

 

O16 -: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - hxxp://bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe

 

O16 -: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} - hxxp://motive.club-internet.fr:2112/lwp/static/installers/WebflowActiveXInstaller_4-0-0.cab

c:\windows\Downloaded Program Files\WebflowActiveXInstaller.inf

FireFox -: Profile - c:\documents and settings\GACHOD Sylvain\Application Data\Mozilla\Firefox\Profiles\yzkz7tna.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-09 09:49:32

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\PsSdk31]

"ImagePath"="\??\c:\windows\system32\Drivers\pssdk31.drv"

 

[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\PsSdkLBF]

"ImagePath"="\??\c:\windows\system32\Drivers\pssdklbf.drv"

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Heure de fin: 2008-12-09 9:53:55 - La machine a redémarré

ComboFix-quarantined-files.txt 2008-12-09 08:53:43

ComboFix2.txt 2008-12-09 06:27:33

 

Avant-CF: 48 295 358 464 octets libres

AprÞs-CF: 48,290,643,968 octets libres

 

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP sans echec" /noexecute=optin /fastdetect /safeboot

 

545 --- E O F --- 2008-11-12 08:17:38

 

 

Rapport Hijackthis :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:57:04, on 09/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\WINDOWS\explorer.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Documents and Settings\GACHOD Sylvain\Bureau\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\bitcomet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart

O4 - HKLM\..\Run: [fenaffiche] "C:\Program Files\FenAffiche\Fenpowernet.exe"

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quick time\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\bitcomet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\bitcomet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\bitcomet\BitComet.exe/AddAllLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\bitcomet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe

O16 - DPF: {27FA5271-12D2-43E3-9424-365A43236EE7} (PIXACO upload plugin) - http://fr.pixaco.com/static/download/iedropupload.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205858377087

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...on_2_0_4_13.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {D3D0E7BC-170E-11D0-B2D1-00AA00B92B50} (FireEvent Control) - http://singles.sfr.fr/dlm/ax/fireev.2.7.0.0.cab

O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - http://bobtv.fr/download/cfweb_www.bobtv.f..._instmodule.exe

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab

O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester Class) - http://motive.club-internet.fr:2112/lwp/st...aller_4-0-0.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{71BF9D82-2AA1-4FDA-B5E0-38CFCED69208}: NameServer = 194.117.200.10,194.117.200.15

O17 - HKLM\System\CCS\Services\Tcpip\..\{D757C7C0-5818-4037-9050-25956FACD407}: NameServer = 194.117.200.10,194.117.200.15

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a square\a-squared free\a2service.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\DEFENSE PC\AVG antispyware\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

 

--

End of file - 8961 bytes

[Falkra]

Refais un CFscript avec ceci, stp :

 

folder::

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld

 

file::

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\srosa.sys

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\srosa2.sys

[yoda93]

Voici le rapport Combofix à la suite de la manip demandée.

 

ComboFix 08-12-07.04 - GACHOD Sylvain 2008-12-09 10:12:27.6 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.426 [GMT 1:00]

Lancé depuis: c:\documents and settings\GACHOD Sylvain\Bureau\TRALALA.exe

Commutateurs utilisés :: c:\documents and settings\GACHOD Sylvain\Bureau\CFScript.txt

* Un nouveau point de restauration a été créé

 

FILE ::

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\srosa.sys

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\srosa2.sys

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\100750.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\101046.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\101515.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\102187.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\102500.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\104234.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\107203.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\107531.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\108296.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\109625.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\110968.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\111578.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\112140.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\113171.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\121140.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\121859.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\121968.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\122562.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\123062.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\123359.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\123421.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\123640.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\124078.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\124390.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\124703.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\125125.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\125703.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\126265.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\126343.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\126640.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\127000.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\128000.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\137968.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\138328.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\139187.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\139843.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\139953.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\140093.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\140140.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\140656.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\141640.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\142046.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\14968125.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\14970765.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\14971656.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\14972453.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\14973125.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\14973359.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\14973890.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\14975125.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\14975531.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15002703.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15004671.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15004921.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15416796.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15440765.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15443109.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15443968.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15524406.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15525562.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15526046.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15562593.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15616015.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15616562.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15616578.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15694046.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15695531.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15696250.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15697156.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15698437.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15699187.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15700937.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15701656.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15701843.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15716187.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15716718.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15716921.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15717109.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15718625.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15719609.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15720703.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15721453.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15722140.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15737750.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15738250.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15738687.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15765359.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15766515.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\15766781.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\159500.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\161093.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\161500.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\161812.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\162171.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\163109.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\163250.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\163718.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\164328.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\164625.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\169234.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\169859.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\169937.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\183734.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\185250.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\186125.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\187203.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\188062.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\188640.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\191140.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\191921.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\192031.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\198031.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\198687.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\198718.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\205734.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\206234.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\206703.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\207109.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\208546.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\209187.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\210187.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\211062.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\211515.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\212015.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\213656.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\214171.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\215203.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\216140.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\216703.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\225671.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\226218.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\226421.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\227078.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\227781.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\228296.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\231093.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\231578.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\231875.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\238562.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\239515.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\240000.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\240656.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\241656.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\242359.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\242796.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\257546.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\257906.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\258203.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\266593.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\267953.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\268296.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\268859.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\270875.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\271406.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\272140.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\273000.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\273312.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\289421.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\290671.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\291015.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30174781.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30182687.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30184859.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30185640.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30186484.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30247671.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30291500.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30291968.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30292250.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30310468.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30354062.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30354265.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30354328.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30368484.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30369609.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30370406.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30371546.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30372703.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30373515.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30389843.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30390437.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30390875.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30398375.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30456921.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30457921.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\30458437.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\31006125.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\31008500.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\31009718.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\31010515.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\31027421.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\31027875.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\31028281.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\31028718.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\31029000.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\336843.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\337484.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\337562.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\35158265.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\35158406.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\35158500.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\35172156.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\35174187.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\35175093.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\35176562.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\35177640.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\35178281.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\35193312.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\35193718.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\35194093.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\353234.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\355250.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\356078.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\357187.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\358515.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\359125.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\373703.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\374062.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\374468.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\44866250.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\44878031.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\44879796.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\44880343.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\44880968.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\44881328.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\44881484.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\44881906.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\44882656.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\44883156.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\44963328.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\45009453.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\45009484.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\45009500.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\45084671.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\45085562.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\45086015.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\45086843.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\45087781.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\45088578.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\45104156.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\45105265.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\45105578.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\45112421.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\45153812.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\45154171.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\45154437.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\48000843.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\48002343.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\48003234.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\48004281.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\48005328.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\48005781.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\48006500.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\48008750.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\48009218.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\645906.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\646828.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\647078.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\660984.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\662468.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\663312.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\664531.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\665671.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\666234.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\682375.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\682968.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\683515.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\97000.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\99000.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\99343.exe

c:\documents and settings\GACHOD Sylvain\Application Data\drivers\downld\99984.exe

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-09 au 2008-12-09 ))))))))))))))))))))))))))))))))))))

.

 

2008-12-08 10:27 . 2008-12-08 10:27 <REP> d-------- c:\program files\Panda Security

2008-12-07 23:38 . 2008-12-07 23:37 21,272,617 --a------ c:\windows\LPT$VPN.693

2008-12-07 23:37 . 2008-12-07 23:37 21,272,617 --a------ c:\windows\VPTNFILE.693

2008-12-07 23:36 . 2008-12-07 23:37 <REP> d-------- c:\windows\AU_Temp

2008-12-07 22:50 . 2008-12-07 22:52 <REP> d-------- c:\program files\Yahoo!

2008-12-07 22:33 . 2008-12-09 10:13 <REP> d--h----- c:\documents and settings\GACHOD Sylvain\Application Data\drivers

2008-12-05 17:01 . 2008-12-05 17:01 <REP> d-------- C:\Navigation

2008-12-05 16:54 . 2008-12-05 16:59 <REP> d-------- c:\program files\DestinatorApps

2008-11-15 20:28 . 2001-08-28 13:00 499,200 --a------ c:\windows\system32\gpedit.dll

2008-11-15 20:28 . 2002-08-29 10:44 284,160 --a------ c:\windows\system32\appmgr.dll

2008-11-15 20:28 . 2002-08-29 10:44 185,856 --a------ c:\windows\system32\gptext.dll

2008-11-15 20:28 . 2002-08-29 10:44 165,376 --a------ c:\windows\system32\appmgmts.dll

2008-11-15 20:28 . 2001-08-28 13:00 119,296 --a------ c:\windows\system32\fde.dll

2008-11-15 20:28 . 2002-08-29 10:44 70,144 --a------ c:\windows\system32\fdeploy.dll

2008-11-15 20:28 . 2001-08-28 13:00 34,352 --a------ c:\windows\system32\gpedit.msc

2008-11-12 09:10 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2008-11-12 09:08 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-09 06:11 --------- d-----w c:\program files\Microsoft ActiveSync

2008-12-07 22:37 91,744 ----a-w c:\windows\BPMNT.dll

2008-12-07 22:37 71,749 ----a-w c:\windows\hcextoutput.dll

2008-12-07 22:37 345,157 ----a-w c:\windows\tsc.exe

2008-12-07 22:37 1,213,784 ----a-w c:\windows\vsapi32.dll

2008-12-07 22:11 --------- d-----w c:\program files\DEFENSE PC

2008-12-05 15:49 --------- d-----w c:\program files\Ahead

2008-11-30 19:04 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-11-28 20:33 73,216 ----a-w c:\windows\ST6UNST.EXE

2008-11-28 20:33 249,856 ------w c:\windows\Setup1.exe

2008-11-22 02:05 3,532 ----a-w C:\drmHeader.bin

2008-11-20 18:01 --------- d-----w c:\documents and settings\GACHOD Sylvain\Application Data\dvdcss

2008-11-10 21:17 --------- d-----w c:\program files\Fichiers communs\Adobe

2008-11-06 06:12 --------- d-----w c:\program files\DivX

2008-11-04 20:04 --------- d-----w c:\program files\Neuf

2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll

2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll

2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll

2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll

2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll

2008-10-28 17:01 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-10-28 17:01 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-21 16:27 --------- d-----w c:\program files\Microsoft Silverlight

2008-10-19 09:26 --------- d-----w c:\program files\Fichiers communs\PC SOFT

2008-10-19 09:26 --------- d-----w c:\documents and settings\GACHOD Sylvain\Application Data\DDaussy

2008-10-19 09:26 --------- d-----w c:\documents and settings\All Users\Application Data\catalogue recettes cuisine

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll

2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll

2008-10-14 15:29 --------- d-----w c:\program files\crypteur documents

2008-10-14 15:28 --------- d-----w c:\program files\Axon Data

2008-10-11 17:11 --------- d-----w c:\documents and settings\GACHOD Sylvain\Application Data\Seven Zip

2008-10-11 17:11 --------- d-----w c:\documents and settings\All Users\Application Data\{02C45027-B817-41FE-A000-2799C43CEF41}

2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll

2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll

2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll

2008-09-25 08:03 57,344 ----a-w c:\windows\system32\dpv11.dll

2008-09-25 08:03 53,248 ----a-w c:\windows\system32\dpuGUI10.dll

2008-09-25 08:03 524,288 ----a-w c:\windows\system32\DivXsm.exe

2008-09-25 08:03 344,064 ----a-w c:\windows\system32\dpus11.dll

2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu11.dll

2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu10.dll

2008-09-25 08:03 196,608 ----a-w c:\windows\system32\dtu100.dll

2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe

2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll

2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll

2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll

2008-09-19 21:54 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll

2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys

2008-09-10 08:59 1,419,232 ----a-w c:\windows\system32\wdfcoinstaller01005.dll

2008-09-10 01:15 1,307,648 ----a-w c:\windows\system32\msxml6.dll

2008-02-01 19:45 47,360 ----a-w c:\documents and settings\GACHOD Sylvain\Application Data\pcouffin.sys

2007-06-07 18:49 8,192 --sha-w c:\program files\Thumbs.db

2007-03-09 16:48 3,202 -c--a-w c:\program files\RRIRJ.DAT

2007-02-01 16:02 1 ----a-w c:\documents and settings\GACHOD Sylvain\SI.bin

2006-12-13 20:32 40,856 ----a-w c:\program files\ffdssetts.reg

2006-12-13 20:32 119 ----a-w c:\program files\satsukidecodersettings.ini

2006-12-13 20:32 1,500 ----a-w c:\program files\ffdsasetts.reg

2005-07-09 06:46 89 -c--a-w c:\program files\rrirj.ini

2003-10-23 16:52 40,960 ----a-w c:\program files\Uninstall_CDS.exe

2001-12-07 11:00 1,585 -c--a-w c:\program files\Lisez-moi.txt

2001-07-31 09:46 766 ----a-w c:\program files\Uninst.ico

1997-07-18 13:53 229,888 ----a-w c:\program files\rrirjw32.exe

1996-01-17 16:14 766 ----a-w c:\program files\rrirj.ico

2005-10-24 09:13 66,560 --sha-r c:\windows\MOTA113.exe

2005-10-13 19:27 422,400 --sha-r c:\windows\x2.64.exe

2007-12-30 12:09 8 --sha-r c:\windows\system32\567574EF83.sys

2005-10-28 16:44 308,224 --sha-w c:\windows\system32\avisynth.dll

2005-07-14 10:31 27,648 --sha-r c:\windows\system32\AVSredirect.dll

2005-06-26 13:32 616,448 --sha-r c:\windows\system32\cygwin1.dll

2005-06-21 20:37 45,568 --sha-r c:\windows\system32\cygz.dll

2004-01-24 22:00 70,656 --sha-r c:\windows\system32\i420vfw.dll

2007-12-30 12:09 2,828 --sha-w c:\windows\system32\KGyGaAvL.sys

2005-02-28 11:16 240,128 --sha-r c:\windows\system32\x.264.exe

2004-01-25 17:18 70,656 --sha-w c:\windows\system32\yv12vfw.dll

2008-06-06 13:32 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008060620080607\index.dat

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RestoreIT!"="c:\program files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" [2004-09-21 114688]

"fenaffiche"="c:\program files\FenAffiche\Fenpowernet.exe" [2004-07-23 49152]

"QuickTime Task"="c:\program files\quick time\qttask.exe" [2008-05-27 413696]

"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-08-25 185632]

"VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe]

"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 c:\windows\AGRSMMSG.exe]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3acm"= l3codecp.acm

"VIDC.MJPG"= pvmjpg21.dll

"VIDC.PVW2"= pvwv220.dll

"VIDC.PIMJ"= pvljpg20.dll

"vidc.i263"= c:\windows\system32\i263_32.drv

"vidc.VP40"= vp4vfw.dll

"VIDC.X264"= x264vfw.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

--a------ 2006-11-03 09:59 204288 c:\program files\Windows Media Player\wmpnscfg.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\program files\quick time\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Temp\\CI_HITACHI\\MAJ_Hitachi.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"c:\\Program Files\\bitcomet\\BitComet.exe"=

"c:\\WINDOWS\\system32\\svchost.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"e:\\JEU\\SteamApps\\xxx8575\\counter-strike source\\hl2.exe"=

"e:\\JEU\\SteamApps\\xxx8575\\day of defeat\\hl.exe"=

"e:\\JEU\\SteamApps\\xxx8575\\counter-strike\\hl.exe"=

"e:\\JEU\\SteamApps\\xxx8575\\condition zero\\hl.exe"=

"e:\\JEU\\SteamApps\\xxx8575\\condition zero deleted scenes\\hl.exe"=

"c:\\Program Files\\HLSW\\hlsw.exe"=

"c:\\Program Files\\e-mule\\eMule\\emule.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"e:\\Jeu Trackmania\\trackmania nation\\TrackMania Nations ESWC\\TmNationsESWC.exe"=

"e:\\trackmania forever\\TmNationsForever\\TmForever.exe"=

"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"4672:UDP"= 4672:UDP:kad_reseau

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"5900:TCP"= 5900:TCP:assistance msn

"3389:UDP"= 3389:UDP:assistance à distance

"21:UDP"= 21:UDP:club

"4672:TCP"= 4672:TCP:mulot

"23430:TCP"= 23430:TCP:BitComet 23430 TCP

"23430:UDP"= 23430:UDP:BitComet 23430 UDP

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"24192:TCP"= 24192:TCP:BitComet 24192 TCP

"24192:UDP"= 24192:UDP:BitComet 24192 UDP

"13941:TCP"= 13941:TCP:BitComet 13941 TCP

"13941:UDP"= 13941:UDP:BitComet 13941 UDP

"26228:TCP"= 26228:TCP:@xpsp2res.dll,-22009

"25204:TCP"= 25204:TCP:@xpsp2res.dll,-22009

 

R0 RITCPT;RITCPT;c:\windows\system32\drivers\RITCPT.sys [2004-11-24 43512]

R0 VVBackd5;VVBackd5;c:\windows\system32\drivers\VVBackd5.sys [2005-01-23 179482]

R3 ZSMC302;VIMICRO USB PC Camera;c:\windows\system32\Drivers\usbVM31b.sys [2008-03-20 91263]

S3 actvcomm;actvcomm;c:\windows\system32\drivers\actvcomm.sys [2004-04-28 78848]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-09-10 13352]

S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\DRIVERS\k510bus.sys [2006-12-29 58288]

S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\DRIVERS\k510mdfl.sys [2006-12-29 8336]

S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\DRIVERS\k510mdm.sys [2006-12-29 94064]

S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\k510mgmt.sys [2006-12-29 85408]

S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\k510obex.sys [2006-12-29 83344]

S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\DRIVERS\k600bus.sys [2007-09-22 52384]

S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;c:\windows\system32\DRIVERS\k600mdfl.sys [2007-09-22 6096]

S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;c:\windows\system32\DRIVERS\k600mdm.sys [2007-09-22 87456]

S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;c:\windows\system32\DRIVERS\k600mgmt.sys [2007-09-22 79248]

S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;c:\windows\system32\DRIVERS\k600obex.sys [2007-09-22 77072]

S3 PsSdk31;PsSdk31;\??\c:\windows\system32\Drivers\pssdk31.drv [2008-08-21 30272]

S3 PsSdkLBF;PsSdkLBF;\??\c:\windows\system32\Drivers\pssdklbf.drv [2008-08-21 37440]

S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;c:\windows\system32\DRIVERS\usb8023.sys [2004-08-05 12800]

S3 viafilter;VIA USB Filter;c:\windows\system32\Drivers\viausb1.sys [2007-07-01 9728]

S3 vvftav;vvftav;c:\windows\system32\drivers\vvftav.sys []

S3 ZSMC0305;USB PC Camera VC305;c:\windows\system32\Drivers\usbVM305.sys []

.

Contenu du dossier 'Tâches planifiées'

 

2008-10-15 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

 

2008-12-05 c:\windows\Tasks\Maintenance en 1 clic.job

- c:\program files\tune up utilities\SystemOptimizer.exe []

 

2005-11-19 c:\windows\Tasks\Recherche de virus de McAfee.com - Mon ordinateur (SY4PPNP19-GACHOD Sylvain).job

- c:\progra~1\mcafee.com\vso\mcmnhdlr.exe []

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/

uInternet Settings,ProxyOverride = 127.0.0.1

IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm

TCP: {71BF9D82-2AA1-4FDA-B5E0-38CFCED69208} = 194.117.200.10,194.117.200.15

TCP: {D757C7C0-5818-4037-9050-25956FACD407} = 194.117.200.10,194.117.200.15

 

O16 -: Microsoft XML Parser for Java

 

O16 -: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} - hxxp://minitelweb.minitel.com/imin_data/ocx/MDM.cab

 

O16 -: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe

 

O16 -: {27FA5271-12D2-43E3-9424-365A43236EE7} - hxxp://fr.pixaco.com/static/download/iedropupload.cab

 

c:\windows\bdoscandellang.ini - c:\windows\bdoscandel.exe

c:\windows\Downloaded Program Files\live.ini

c:\windows\Downloaded Program Files\scanoptions.tsi

c:\windows\Downloaded Program Files\lang.ini

c:\windows\Downloaded Program Files\ipsupd.dll

c:\windows\Downloaded Program Files\bdupd.dll

c:\windows\Downloaded Program Files\libfn.dll

c:\windows\Downloaded Program Files\bdcore.dll

c:\windows\Downloaded Program Files\oscan8.ocx

O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}

hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

c:\windows\Downloaded Program Files\oscan8.inf

 

O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_2_0_4_13.cab

c:\windows\Downloaded Program Files\hardwaredetection.inf

 

c:\windows\Downloaded Program Files\fireev.ocx - c:\windows\Downloaded Program Files\fireev.inf

O16 -: {D3D0E7BC-170E-11D0-B2D1-00AA00B92B50}

hxxp://singles.sfr.fr/dlm/ax/fireev.2.7.0.0.cab

c:\windows\Downloaded Program Files\fireev.inf

 

O16 -: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - hxxp://bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe

 

O16 -: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} - hxxp://motive.club-internet.fr:2112/lwp/static/installers/WebflowActiveXInstaller_4-0-0.cab

c:\windows\Downloaded Program Files\WebflowActiveXInstaller.inf

FireFox -: Profile - c:\documents and settings\GACHOD Sylvain\Application Data\Mozilla\Firefox\Profiles\yzkz7tna.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-09 10:15:04

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet006\Services\PsSdk31]

"ImagePath"="\??\c:\windows\system32\Drivers\pssdk31.drv"

 

[HKEY_LOCAL_MACHINE\system\ControlSet006\Services\PsSdkLBF]

"ImagePath"="\??\c:\windows\system32\Drivers\pssdklbf.drv"

.

Heure de fin: 2008-12-09 10:16:49

ComboFix-quarantined-files.txt 2008-12-09 09:15:53

ComboFix2.txt 2008-12-09 08:53:57

ComboFix3.txt 2008-12-09 06:27:33

 

Avant-CF: 48 270 114 816 octets libres

Après-CF: 48,246,214,656 octets libres

 

547 --- E O F --- 2008-11-12 08:17:38

 

 

 

Je te refais un scan Hijackthis et antivir maintenant ?

Modifié le 9 décembre 2008 par yoda93

[Falkra]

Peux-tu zipper le dossier c:\qoobox d'abord ?

Dis moi combien le zip pèse stp.