Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Analyse de rapport Combofix

Absaigon

Par Absaigon
dans Analyses et éradication malwares

 Partager

Messages recommandés

Absaigon Junior Member

Absaigon

Posté(e)
Posté(e)

Bonjour,

 

Suite à de gros problèmes de virus sur mon ordinateur portable (impossible de lire la plupart des programmes dont les antivirus >>> message du type "n'est pas une application win32" et redémarrages incontrôlés) et après la consultation de nombreux forums, j'ai lancé Combofix en suivant la procédure attentivement.

 

Je dispose aujourd'hui du rapport que j'aimerais vous soumettre pour avis. Le voici (merci d'avance pour votre aide sur les suites à donner) :

 

 

 

 

ComboFix 08-12-09.03 - Jérémy 2008-12-11 18:05:03.1 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.402 [GMT 7:00]

Lancé depuis: c:\documents and settings\Jérémy\Bureau\LastChance.exe

Commutateurs utilisés :: c:\documents and settings\Jérémy\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\08dgu.com

C:\0u.cmd

C:\0w.com

C:\1rfw8hjr.com

C:\1t6yxlxx.cmd

C:\1u0o8bnq.cmd

C:\2.cmd

C:\2h60k.cmd

C:\3rl3lqbq.bat

C:\6.bat

C:\68.exe

C:\9.cmd

C:\9yqusig.bat

C:\a1.bat

C:\abk.bat

C:\autorun.inf

C:\b.cmd

C:\b.exe

C:\b0j6j16.bat

C:\b3b9u.com

C:\bo1dhu.bat

C:\ceqfqp.bat

C:\d.bat

c:\documents and settings\Jérémy\Application Data\m\data.oct

c:\documents and settings\Jérémy\Application Data\m\list.oct

c:\documents and settings\Jérémy\Application Data\m\shared

c:\documents and settings\Jérémy\Application Data\m\shared\-.[KEYGEN].-.McAfee.Virus.Scan.Crack.-.Serial.Number.zip

c:\documents and settings\Jérémy\Application Data\m\shared\].zip

c:\documents and settings\Jérémy\Application Data\m\shared\3D Rotate Light 3.0.3.zip

c:\documents and settings\Jérémy\Application Data\m\shared\ABCDrawHTML 2.0.zip

c:\documents and settings\Jérémy\Application Data\m\shared\ActionRecorder 2.0.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Add-in Express for .NET 2007.3.5.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Adobe CS4 Icon Pack.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Adobe CS5 ICONS.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Advanced Image To PDF Converter 1.5.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Alnaseeha 1.01.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Alphabet Flash Cards 1.0.zip

c:\documents and settings\Jérémy\Application Data\m\shared\AlphaMask Brush 1.7.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Antivirus.Kaspersky.Personal.Pro.v4.5.0.58.Spanish.key.hasta.2007.Anti-hackers.by.Paula.zip

c:\documents and settings\Jérémy\Application Data\m\shared\AUAU MPEG MOV AVI to iPod Converter 4.3.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Avast.4.7.Professional.Keygen.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Avast.Antivirus.PRO.4.5.+.key.gen.zip

c:\documents and settings\Jérémy\Application Data\m\shared\AVS Video to BlackBerry 2.1.1.102.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Battery Monitor Widget 1.3.zip

c:\documents and settings\Jérémy\Application Data\m\shared\BG.-.Biljana.(2006).-.Omagiosan.svjat.(by.Panda_1960).zip

c:\documents and settings\Jérémy\Application Data\m\shared\BG.-.Silvia.(2006).-.Da.me.zhelaesh.(by.Panda_1960).zip

c:\documents and settings\Jérémy\Application Data\m\shared\Bird Drawings Screensaver 1.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Blobber 3.1.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Bookie 0.9.zip

c:\documents and settings\Jérémy\Application Data\m\shared\ByteBreak 1.0.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Code Practice 2.22c.zip

c:\documents and settings\Jérémy\Application Data\m\shared\CompactBuilder 2.05.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Cracklock 3.9.44.zip

c:\documents and settings\Jérémy\Application Data\m\shared\CursorUS 1.9.zip

c:\documents and settings\Jérémy\Application Data\m\shared\CX Nav Bar 2.1.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Desktop Puddle Screensaver 1.0.zip

c:\documents and settings\Jérémy\Application Data\m\shared\dfg AtomicTimeSync XP 3.10.1.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Distance Formula 1.0.zip

c:\documents and settings\Jérémy\Application Data\m\shared\DLLfunctions 1.01.zip

c:\documents and settings\Jérémy\Application Data\m\shared\e-Wall 3.4.2005.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Ejector.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Evolution 1.5.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Extra Photo to Video Converter Free 6.04.zip

c:\documents and settings\Jérémy\Application Data\m\shared\EZNamespaceExtensions.Net 2008 Build 581904.zip

c:\documents and settings\Jérémy\Application Data\m\shared\FALCON_MOBiLE_RALLY_EVOLUTiON_128x160_J2me_3D.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Fantastic Feline 3D 1.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Find Target 1.0.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Folder Guard 7.6.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Folder Password Expert 2.1.0.3.zip

c:\documents and settings\Jérémy\Application Data\m\shared\FracThunder 1.0.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Free 3D Aquarium Screensaver.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Freebking BMW Screensaver 1.0.zip

c:\documents and settings\Jérémy\Application Data\m\shared\FreeCD 1.91.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Funny face 2.zip

c:\documents and settings\Jérémy\Application Data\m\shared\FXBear Free MOV Converter 1.0.2897.31567.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Grisoft.AVG.Antivrus.Professional.Single.Edition.v7.1.375.Trial.+.Crack.(tr

ial.to.full).zip

c:\documents and settings\Jérémy\Application Data\m\shared\Helix_Mobile_Producer_11.0.1_With_Crack.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Honeysuckle Creek Tracking Station 1.0.0.0.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Image Smith 1.0.3.zip

c:\documents and settings\Jérémy\Application Data\m\shared\iPodPhotoCopy 1.7.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Javasign 1.2.zip

c:\documents and settings\Jérémy\Application Data\m\shared\jDictionary.Mobile.Advanced.English.Dictionary.v4.0.S60.Java.Cracked-BiNPDA.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Jing 1.6.8128.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Kaspersky.Anti.Virus.Personal.5.0.388.WinAll-TWK.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Kaspersky.Internet.Security.v6.0.0.300.WinAll-TWK.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Kate Moss Screensaver2.zip

c:\documents and settings\Jérémy\Application Data\m\shared\KDX Client 1.600.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Keynesis Portable Sweeper 1.5.zip

c:\documents and settings\Jérémy\Application Data\m\shared\LingvoSoft Talking Dictionary 2008 English Chinese Simplified 4.1.29.zip

c:\documents and settings\Jérémy\Application Data\m\shared\m9P News Feeder 1.0.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Markin 3.1.2.9.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Markov Chainer 1.0.zip

c:\documents and settings\Jérémy\Application Data\m\shared\MB Free Destiny Number 1.25.zip

c:\documents and settings\Jérémy\Application Data\m\shared\McAfee.ePolicy.Orchestrator.v3.6.1.166.(Multilingual).zip

c:\documents and settings\Jérémy\Application Data\m\shared\McAfee.MemoKit.v3.1.[with.VIETATO].zip

c:\documents and settings\Jérémy\Application Data\m\shared\MHX Homework Helper 1.1.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Microsoft Office Suite 2007 1.0.zip

c:\documents and settings\Jérémy\Application Data\m\shared\mini SportsTicker 1.2.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Motorcycle Superstore 1.zip

c:\documents and settings\Jérémy\Application Data\m\shared\MouSing 2.6.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Mp3 Music Explorer 1.1.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Multi frontend 0.98 beta.zip

c:\documents and settings\Jérémy\Application Data\m\shared\MyBrute 0.2.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Nod32_2.000.6_Win98_exe_cracked_GryfX.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Nuva Language 2008.7.21.851.zip

c:\documents and settings\Jérémy\Application Data\m\shared\OdbcPlus 4.0.0.1.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Online Grammar Checker 2.0.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Outlook Express Hider 1.0.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Panda.TruPrevent.Personal.2006.v3.00.00.MULTILANGUAGE.PACK.1.AND.2.WinALL.R

ETAIL-ARN.zip

c:\documents and settings\Jérémy\Application Data\m\shared\PeekaMe Player 1.0.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Phone dialer 1.5.zip

c:\documents and settings\Jérémy\Application Data\m\shared\PictureMoreZ 1.2.zip

c:\documents and settings\Jérémy\Application Data\m\shared\PopWatcher 1.0.0.40.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Portable ivTools 1.52.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Power Video Converter 2.0.1.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Programma Nokia S60 con piu di 1000 barzellette.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Queue To SMS for Microsoft CRM 3.0.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Quexal 1.8.2.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Resume Manager Enterprise Edition 2.02.zip

c:\documents and settings\Jérémy\Application Data\m\shared\RS MMedia 1.00.0.0001.zip

c:\documents and settings\Jérémy\Application Data\m\shared\RuleForge 1.0.5 Beta.zip

c:\documents and settings\Jérémy\Application Data\m\shared\RW Flashcards 3.0.zip

c:\documents and settings\Jérémy\Application Data\m\shared\ScreenCaster 1.00.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Search URL 4.1.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Secret's Assistant 1.18.zip

c:\documents and settings\Jérémy\Application Data\m\shared\SemantiFind 0.1.284.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Sentry Pro 2.0.zip

c:\documents and settings\Jérémy\Application Data\m\shared\SmartVBA 2.0.1.zip

c:\documents and settings\Jérémy\Application Data\m\shared\SQL Source Control 2003.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Sum Quick Launcher 2.2.1.1.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Sun clock Opera Widget 1.0.zip

c:\documents and settings\Jérémy\Application Data\m\shared\SunRav TestOfficePro 5.1.zip

c:\documents and settings\Jérémy\Application Data\m\shared\SuperHeat 6.1.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Symantec.Enterprise.Security.Manager.Suite.v6.5.KeyMaker.crack.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Symantec.Norton.Ghost.2006.v10.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Tamper Data 10.1.0.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Tax Lien Investment Calculator 2.1.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Tia Carrere 1.0.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Trigger Happy Screensaver 1.0.zip

c:\documents and settings\Jérémy\Application Data\m\shared\UNO Challenge 240x320 Symbian J2me.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Vintage Strings MkII 1.01.zip

c:\documents and settings\Jérémy\Application Data\m\shared\VP6 6.1.0.2.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Web Form Builder 9.0.21022.8.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Web TimeSheet 7.1.zip

c:\documents and settings\Jérémy\Application Data\m\shared\WelMos 1.0b.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Wind 12.zip

c:\documents and settings\Jérémy\Application Data\m\shared\WinDVD Creator Gold 3.0B001.214C00.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Worms 2003 Nokia 6280 - 320x240 Adapted.zip

c:\documents and settings\Jérémy\Application Data\m\shared\WUUP 4.1.8.4.zip

c:\documents and settings\Jérémy\Application Data\m\shared\YUV File Player 1.1.zip

c:\documents and settings\Jérémy\Application Data\m\shared\Zend Extension 0.4.0 Beta.zip

c:\documents and settings\Jérémy\Application Data\m\shared\ZIPCodeWorld Desktop 1.11.zip

c:\documents and settings\Jérémy\Application Data\m\srvlist.oct

c:\documents and settings\Jérémy\Application Data\MBSMacOSXPlugin1635.dll

C:\dynrn6e.cmd

C:\e.cmd

C:\e.exe

C:\ev60a2.cmd

C:\ewatr.cmd

C:\f.bat

C:\f.exe

C:\fphj6j31.bat

C:\hupxj.bat

C:\i.bat

C:\ij.bat

C:\itsduel.exe

C:\iw.bat

C:\kk3.bat

C:\kn6jhgc.cmd

C:\l1.cmd

C:\lky.exe

C:\m2nl.bat

C:\m9as2c.cmd

C:\n.com

C:\n6t1h.cmd

C:\ncyrf.bat

C:\nfdmg.com

C:\nq0cq.cmd

C:\otyh.cmd

C:\ov.cmd

C:\p.cmd

C:\pnt.com

c:\program files\180search assistant

c:\program files\180search assistant\180SA\saap.log

c:\program files\Bkav2006

c:\program files\Bkav2006\Backup\BootC.dat

c:\program files\Bkav2006\Backup\BootD.dat

c:\program files\Bkav2006\Backup\BootE.dat

c:\program files\Bkav2006\Backup\BootG.dat

c:\program files\Bkav2006\Backup\BootK.dat

c:\program files\Bkav2006\Bkav2006.exe

c:\program files\Bkav2006\ContextMenu.dll

c:\program files\Bkav2006\Help\bkav.css

c:\program files\Bkav2006\Help\chitiet.htm

c:\program files\Bkav2006\Help\chitiete.htm

c:\program files\Bkav2006\Help\HelpBanquyen.htm

c:\program files\Bkav2006\Help\Helpbtg.htm

c:\program files\Bkav2006\Help\Helpdiet.htm

c:\program files\Bkav2006\Help\HelpGth.htm

c:\program files\Bkav2006\Help\HelpLiqu.htm

c:\program files\Bkav2006\Help\HelpLiveUpdate.htm

c:\program files\Bkav2006\Help\Helpnhki.htm

c:\program files\Bkav2006\Help\Helpnhl.htm

c:\program files\Bkav2006\Help\HelpOpt.htm

c:\program files\Bkav2006\Help\HelpVrls.htm

c:\program files\Bkav2006\Help\images\arrow.gif

c:\program files\Bkav2006\Help\images\DangKy.gif

C:\r1y1.bat

C:\rcukd.cmd

c:\recycled\Recycled

C:\svdioajm.cmd

C:\t1ypkh.exe

C:\tyktjfww.exe

C:\u.exe

C:\u6k.cmd

C:\u9dyi.exe

C:\uxkktr.cmd

C:\vva0hc0p.cmd

C:\vxl.exe

c:\windows\Fonts\Vn.Fon

c:\windows\kdcoms.dll

c:\windows\system32\_000006_.tmp.dll

c:\windows\system32\_003056_.tmp.dll

c:\windows\system32\_003057_.tmp.dll

c:\windows\system32\_003058_.tmp.dll

c:\windows\system32\_003059_.tmp.dll

c:\windows\system32\_003066_.tmp.dll

c:\windows\system32\_003067_.tmp.dll

c:\windows\system32\_003068_.tmp.dll

c:\windows\system32\_003069_.tmp.dll

c:\windows\system32\_003071_.tmp.dll

c:\windows\system32\_003072_.tmp.dll

c:\windows\system32\_003075_.tmp.dll

c:\windows\system32\_003076_.tmp.dll

c:\windows\system32\_003078_.tmp.dll

c:\windows\system32\_003079_.tmp.dll

c:\windows\system32\_003080_.tmp.dll

c:\windows\system32\_003082_.tmp.dll

c:\windows\system32\_003085_.tmp.dll

c:\windows\system32\_003086_.tmp.dll

c:\windows\system32\_003090_.tmp.dll

c:\windows\system32\_003091_.tmp.dll

c:\windows\system32\_003093_.tmp.dll

c:\windows\system32\_003096_.tmp.dll

c:\windows\system32\_003098_.tmp.dll

c:\windows\system32\_003099_.tmp.dll

c:\windows\system32\_003100_.tmp.dll

c:\windows\system32\_003101_.tmp.dll

c:\windows\system32\_003102_.tmp.dll

c:\windows\system32\_003105_.tmp.dll

c:\windows\system32\_003106_.tmp.dll

c:\windows\system32\_003107_.tmp.dll

c:\windows\system32\_003108_.tmp.dll

c:\windows\system32\_003109_.tmp.dll

c:\windows\system32\_003114_.tmp.dll

c:\windows\system32\ban_list.txt

c:\windows\system32\Bitkv0.dll

c:\windows\system32\Bitkv1.dll

c:\windows\system32\BkavAuto.vxd

c:\windows\system32\ckvo.exe

c:\windows\system32\ckvo0.dll

c:\windows\system32\ckvo1.dll

c:\windows\system32\ckvo2.dll

c:\windows\system32\drivers\BkavAuto.sys

c:\windows\system32\drivers\SysLib.sys

c:\windows\system32\gasretyw0.dll

c:\windows\system32\gasretyw1.dll

c:\windows\system32\gasretyw2.dll

c:\windows\system32\kamsoft.exe

c:\windows\system32\kavo.exe

c:\windows\system32\kavo0.dll

c:\windows\system32\kavo1.dll

c:\windows\system32\kavo2.dll

c:\windows\system32\mdelk.exe

c:\windows\system32\tavo.exe

c:\windows\system32\tavo0.dll

c:\windows\system32\tavo1.dll

c:\windows\system32\wintems.exe

C:\xih9.cmd

C:\xk2n.bat

C:\yannh.cmd

C:\yew.bat

C:\ypjq1.cmd

D:\08dgu.com

D:\0u.cmd

D:\0w.com

D:\1rfw8hjr.com

D:\1t6yxlxx.cmd

D:\1u0o8bnq.cmd

D:\2.cmd

D:\2h60k.cmd

D:\3rl3lqbq.bat

D:\6.bat

D:\68.exe

D:\9.cmd

D:\9yqusig.bat

D:\a1.bat

D:\abk.bat

D:\Autorun.inf

D:\b.cmd

D:\b.exe

D:\b0j6j16.bat

D:\b3b9u.com

D:\bo1dhu.bat

D:\ceqfqp.bat

D:\d.bat

D:\dynrn6e.cmd

D:\e.cmd

D:\ev60a2.cmd

D:\ewatr.cmd

D:\f.bat

D:\f.exe

D:\fphj6j31.bat

D:\hupxj.bat

D:\i.bat

D:\ij.bat

D:\itsduel.exe

D:\iw.bat

D:\kk3.bat

D:\kn6jhgc.cmd

D:\l1.cmd

D:\lky.exe

D:\m2nl.bat

D:\m9as2c.cmd

D:\n.com

D:\n6t1h.cmd

D:\ncyrf.bat

D:\nfdmg.com

D:\nq0cq.cmd

D:\otyh.cmd

D:\ov.cmd

D:\p.cmd

D:\pnt.com

D:\r1y1.bat

D:\rcukd.cmd

D:\svdioajm.cmd

D:\t1ypkh.exe

D:\tyktjfww.exe

D:\u.exe

D:\u6k.cmd

D:\u9dyi.exe

D:\uxkktr.cmd

D:\vva0hc0p.cmd

D:\vxl.exe

D:\xih9.cmd

D:\xk2n.bat

D:\yannh.cmd

D:\yew.bat

D:\ypjq1.cmd

c:\documents and settings\Jérémy\Application Data\m . . . . impossible à supprimer

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_BKAVAUTO

-------\Legacy_SROSA

-------\Legacy_SYSLIB

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-11 au 2008-12-11 ))))))))))))))))))))))))))))))))))))

.

 

2008-12-11 16:48 . 2008-12-11 16:48 <REP> d-------- c:\program files\CCleaner

2008-12-11 12:48 . 2008-12-11 12:48 54,156 --ah----- c:\windows\QTFont.qfn

2008-12-11 12:48 . 2008-12-11 12:48 1,409 --a------ c:\windows\QTFont.for

2008-12-11 10:15 . 2008-12-11 16:47 <REP> d-------- c:\documents and settings\Jérémy\.housecall6.6

2008-12-11 10:15 . 2008-12-11 16:47 <REP> d-------- c:\documents and settings\Jérémy\.housecall6.6

2008-12-10 19:24 . 2008-12-11 18:14 <REP> d--h----- c:\documents and settings\Jérémy\Application Data\m

2008-12-10 19:07 . 2008-12-10 19:20 <REP> d--h----- c:\documents and settings\Jérémy\Application Data\drivers

2008-12-10 17:09 . 2008-12-10 21:44 111,787 -r-hs---- C:\wjlc.exe

2008-12-10 17:08 . 2008-12-08 13:11 104,421 -r-hs---- C:\6fnlpetp.exe

2008-12-09 13:31 . 2008-12-11 18:14 108,137 -r-hs---- c:\windows\system32\vamsoft.exe

2008-12-09 13:31 . 2008-12-11 18:14 85,504 -r-hs---- c:\windows\system32\vbsdfe1.dll

2008-12-09 13:31 . 2008-12-11 18:12 85,504 --------- c:\windows\system32\vbsdfe0.dll

2008-12-05 15:03 . 2008-12-08 13:11 109,916 -r-hs---- C:\fvbk.exe

2008-12-05 15:03 . 2008-12-08 13:11 104,421 -r-hs---- C:\2u.com

2008-12-01 12:36 . 2008-12-04 12:07 109,585 -r-hs---- C:\g8rruyw.exe

2008-11-28 14:03 . 2008-11-29 14:00 111,636 -r-hs---- C:\o1.com

2008-11-14 13:39 . 2008-11-14 13:38 108,834 -r-hs---- C:\snaoc9i.exe

2008-11-14 08:43 . 2008-10-24 18:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2008-11-14 08:42 . 2008-09-05 00:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

2008-11-12 16:19 . 2008-11-12 16:18 109,245 -r-hs---- C:\bt8vuaw.com

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-11 09:48 --------- d-----w c:\program files\VirtualDJ

2008-12-11 02:43 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-10 12:10 --------- d-----w c:\program files\eMule

2008-11-17 05:58 160,736 ----a-w c:\documents and settings\Jérémy\Application Data\GDIPFONTCACHEV1.DAT

2008-11-16 07:27 --------- d-----w c:\program files\Emperor

2008-11-11 05:00 108,271 --sh--r C:\whi.com

2008-11-09 04:46 110,013 --sh--r C:\sq.com

2008-10-24 14:19 --------- d--h--r c:\documents and settings\Jérémy\Application Data\yahoo!

2008-10-24 14:17 --------- d-----w c:\program files\ALZip

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-23 00:16 104,123 --sh--r C:\xlk9.com

2008-10-22 05:39 103,973 --sh--r C:\2fiji.com

2008-10-17 05:09 111,590 --sh--r C:\gx.com

2008-10-16 23:04 81,408 --sh--r c:\windows\system32\tavo2.dll

2008-10-16 07:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 07:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 07:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 07:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 07:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 07:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 07:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 07:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 07:06 268,648 ----a-w c:\windows\system32\mucltui.dll

2008-10-16 07:06 208,744 ----a-w c:\windows\system32\muweb.dll

2008-10-05 11:14 119,960 --sh--r C:\o6pq1n8.com

2008-09-25 02:52 119,211 --sh--r C:\qkarc.exe

2008-09-21 04:06 118,322 --sh--r C:\sasyg1y8.com

2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys

2008-09-11 03:30 96,047 --sh--r C:\39lpji.com

.

 

------- Sigcheck -------

 

2005-03-03 01:20 578048 c34920eb988ce98910bd6b0417f334eb c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

2007-03-08 22:50 579072 4d88aaf39adabfe45958ea1384e2c4ff c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll

2007-03-08 22:37 578560 753354f594809a9b96f73999b435a533 c:\windows\$NtServicePackUninstall$\user32.dll

2004-08-05 19:00 578048 e46fb493e3b33704f0715020cf52106b c:\windows\$NtUninstallKB890859$\user32.dll

2005-03-03 01:10 578048 0df75fb73f705b011630159a43d7c354 c:\windows\$NtUninstallKB925902$\user32.dll

2008-04-14 09:33 579584 e853f84d3ce2faa2a802e33cf89ac023 c:\windows\ServicePackFiles\i386\user32.dll

2007-03-08 22:37 578560 753354f594809a9b96f73999b435a533 c:\windows\system32\user32.dll

 

2004-08-14 06:07 506880 1d5b0b4d441f8543b0e899adadb83356 c:\windows\$NtServicePackUninstall$\winlogon.exe

2004-08-05 19:00 506368 d2de785aeab0bb8ca4c14a8a199dbe4e c:\windows\$NtUninstallKB307154$\winlogon.exe

2008-04-14 09:34 512000 dd73d6b9f6b4cb630cf35b438b540174 c:\windows\ServicePackFiles\i386\winlogon.exe

2004-08-14 06:07 506880 1d5b0b4d441f8543b0e899adadb83356 c:\windows\system32\winlogon.exe

 

2007-06-13 20:22 1037312 d0288319660edcfed07c7e74c4ea38a5 c:\windows\explorer.exe

2007-06-13 20:10 1037312 b795475444d6d57a572c14b9e1a29839 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

2007-06-13 20:22 1037312 d0288319660edcfed07c7e74c4ea38a5 c:\windows\$NtServicePackUninstall$\explorer.exe

2004-08-05 19:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa c:\windows\$NtUninstallKB938828$\explorer.exe

2008-04-14 09:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd c:\windows\ServicePackFiles\i386\explorer.exe

 

2005-06-11 07:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

2005-06-11 06:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f c:\windows\$NtServicePackUninstall$\spoolsv.exe

2004-08-05 19:00 57856 b4ef928e4fad79364a80acba6d999934 c:\windows\$NtUninstallKB896423$\spoolsv.exe

2008-04-14 09:34 57856 460e4ce148bd07218da0b6a3d31885a9 c:\windows\ServicePackFiles\i386\spoolsv.exe

2005-06-11 06:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f c:\windows\system32\spoolsv.exe

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]

"SweetIM"="c:\program files\Macrogaming\SweetIM\SweetIM.exe" [2006-01-12 798728]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

"UXVoizPhone"="c:\program files\UXVoiz Softphone\UXVoizPhone.exe" [2008-01-18 3273216]

"UniKey"="c:\documents and settings\Jérémy\Mes documents\UniKey\UniKey.exe" [2006-04-19 208896]

"vamsoft"="c:\windows\system32\vamsoft.exe" [2008-12-11 108137]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-07 114688]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-09 6746112]

"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-04-29 45056]

"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-29 114688]

"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-05-15 184320]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]

"PDService.exe"="c:\program files\Utimaco\SafeGuard PrivateDisk\pdservice.exe" [2004-07-06 40960]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-29 94208]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-29 77824]

"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-03-04 483328]

"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-02-12 180269]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-06-03 81920]

"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]

"BigDogPath"="c:\windows\VM_STI.EXE" [2003-01-21 40960]

"VAIO Update 3"="c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-01-25 546936]

"SweetIM"="c:\program files\Macrogaming\SweetIM\SweetIM.exe" [2006-01-12 798728]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-12-11 78008]

"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 c:\windows\RTHDCPL.EXE]

"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 c:\windows\system32\ico.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

 

c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\

VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-08-24 778240]

 

c:\documents and settings\Lan\Menu D‚marrer\Programmes\D‚marrage\

VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-08-24 778240]

 

c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\

VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2005-08-24 778240]

 

c:\documents and settings\J‚r‚my\Menu D‚marrer\Programmes\D‚marrage\

PowerReg Scheduler.exe [2006-01-07 256000]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-12 113664]

Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2005-05-20 22:42 73728 c:\windows\system32\VESWinlogon.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.dvsd"= c:\progra~1\FICHIE~1\SONYSH~1\VideoLib\sonydv.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Netnam\\Softphone\\NetVoiz\\NetVoiz.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\USvoiz\\usvfone.exe"=

"c:\\Program Files\\RingVoiz Dialer\\ring-Voiz.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\UXVoiz Softphone\\UXVoizPhone.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=

"c:\\Documents and Settings\\Jérémy\\Application Data\\m\\flec006.exe"=

 

R1 PrivateDisk;PrivateDisk;c:\windows\system32\Drivers\PrivateDiskM.sys [2004-07-06 45627]

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-12 98304]

R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB []

R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-12 118784]

S1 aswSP;avast! Self Protection; []

S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys []

S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{189e6b30-69d5-11dd-bae7-0013ceaef5b9}]

\Shell\AutoRun\command - G:\l1.cmd

\Shell\explore\Command - G:\l1.cmd

\Shell\open\Command - G:\l1.cmd

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b8f6b1e-7554-11da-b542-0013ceaef5b9}]

\Shell\AutoRun\command - K:\Secret.exe

\Shell\explore\Command - K:\Secret.exe

\Shell\open\Command - K:\Secret.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48fd98a3-c683-11db-b78c-0013ceaef5b9}]

\Shell\AutoRun\command - G:\g2pfnid.com

\Shell\explore\Command - G:\g2pfnid.com

\Shell\open\Command - G:\g2pfnid.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60b0f348-98e5-11dd-bb3e-0013ceaef5b9}]

\Shell\AutoRun\command - H:\fvbk.exe

\Shell\explore\Command - H:\fvbk.exe

\Shell\open\Command - H:\fvbk.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66f44d48-3db8-11db-b66c-0013ceaef5b9}]

\Shell\AutoRun\command - G:\xih9.cmd

\Shell\explore\Command - G:\xih9.cmd

\Shell\open\Command - G:\xih9.cmd

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fe4db9a-0755-11dc-b7f2-0013ceaef5b9}]

\Shell\AutoRun\command - Installer.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9154f8e1-1ce0-11dd-ba5b-0013ceaef5b9}]

\Shell\AutoRun\command - G:\j.cmd

\Shell\explore\Command - G:\j.cmd

\Shell\open\Command - G:\j.cmd

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95452048-70ba-11db-b6d8-0013ceaef5b9}]

\Shell\Auto\command - G:\sxs.exe

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c62c3774-a5f8-11dc-b94b-0013ceaef5b9}]

\shell\open\Command - shell.exe -s

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ccadeb64-c263-11db-b782-0013ceaef5b9}]

\Shell\AutoRun\command - setupSNK.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d04b45a4-3d49-11db-b66a-0013ceaef5b9}]

\Shell\AutoRun\command - G:\fphj6j31.bat

\Shell\explore\Command - G:\fphj6j31.bat

\Shell\open\Command - G:\fphj6j31.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7c5ec35-34d5-11db-b65a-0013ceaef5b9}]

\Shell\AutoRun\command - G:\Secret.exe

\Shell\explore\Command - G:\Secret.exe

\Shell\open\Command - G:\Secret.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4727110-43f7-11db-b673-0013ceaef5b9}]

\Shell\AutoRun\command - G:\hupxj.bat

\Shell\explore\Command - G:\hupxj.bat

\Shell\open\Command - G:\hupxj.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f12f5cc4-7f1a-11dc-b8ee-0013ceaef5b9}]

\Shell\AutoRun\command - G:\d.bat

\Shell\explore\Command - G:\d.bat

\Shell\open\Command - G:\d.bat

 

*Newly Created Service* - SROSA

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKCU-Run-MsnMsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe

HKCU-Run-Yahoo! Pager - ~c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

Notify-WgaLogon - (no file)

 

 

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.com.vn/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://fr.yahoo.com

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000

IE: Transfert par Image Converter 2 - c:\program files\Sony\Image Converter 2\menu.htm

Trusted Zone: *.sony-europe.com

Trusted Zone: *.sonystyle-europe.com

Trusted Zone: *.vaio-link.com

 

c:\windows\Downloaded Program Files\Win32SystemCheck.dll - O16 -: {D84C4D49-A63A-4432-B319-718ECA705773}

hxxps://extranet.gefco.net/policy/download_binary.php/win32/f5syschk.cab#Version=5500,0,50830,1

c:\windows\Downloaded Program Files\f5syschk.inf

FireFox -: Profile - c:\documents and settings\Jérémy\Application Data\Mozilla\Firefox\Profiles\jr6vv0yx.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-11 18:12:31

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

c:\documents and settings\Jérémy\Application Data\m\flec006.exe [3624] 0x86165590

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

 

c:\documents and settings\Jérémy\Application Data\drivers\downld

c:\documents and settings\Jérémy\Application Data\drivers\downld\1046281.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\1047968.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\1048937.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\1062046.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\1062218.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\1064031.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\1064125.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\1065156.exe 863748 bytes executable

c:\documents and settings\Jérémy\Application Data\drivers\downld\1065281.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\1065375.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\1083015.exe 863748 bytes executable

c:\documents and settings\Jérémy\Application Data\drivers\downld\1083125.exe 863748 bytes executable

c:\documents and settings\Jérémy\Application Data\drivers\downld\1146593.exe 73266 bytes executable

c:\documents and settings\Jérémy\Application Data\drivers\downld\1180203.exe 3601 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\1183687.exe 73266 bytes executable

c:\documents and settings\Jérémy\Application Data\drivers\downld\1184796.exe 3601 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\1185625.exe 3601 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\1186484.exe 73266 bytes executable

c:\documents and settings\Jérémy\Application Data\drivers\downld\1227125.exe 3601 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\786437.exe 3601 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\786703.exe 685 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\787156.exe 3601 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\789921.exe 685 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\790093.exe 685 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\794375.exe 685 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\796125.exe 685 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\796312.exe 685 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\809625.exe 685 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\809875.exe 685 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\810140.exe 685 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\885328.exe 3252 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\886890.exe 3252 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\887000.exe 3252 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\888828.exe 3252 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\888906.exe 3252 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\891296.exe 3252 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\891484.exe 3252 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\891562.exe 3252 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\524281.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\524312.exe 160675 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\525046.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\530109.exe 160675 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\532468.exe 160675 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\534265.exe 1508 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\535484.exe 30998 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\537937.exe 30998 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\538125.exe 1508 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\539062.exe 31225 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\539328.exe 1508 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\540125.exe 159935 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\540468.exe 3252 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\541640.exe 3252 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\541812.exe 3252 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\544515.exe 159935 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\546343.exe 1508 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\546406.exe 159935 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\550281.exe 1508 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\552203.exe 1508 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\552406.exe 1508 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\555046.exe 1508 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\556187.exe 1508 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\558437.exe 13242 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\565484.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\567468.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\568328.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\569687.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\571125.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\572015.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\584093.exe 160011 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\588015.exe 160011 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\589859.exe 160011 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\921031.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\923734.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\925031.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\925281.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\925406.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\926390.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\927765.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\928312.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\928437.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\928921.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\929671.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\929937.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\931890.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\931921.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\933343.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\933750.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\934781.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\935203.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\950156.exe 160548 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\956468.exe 160548 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\958875.exe 160548 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\959140.exe 160758 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\965078.exe 160758 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\965468.exe 160758 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\968156.exe 160758 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\968484.exe 160758 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\971015.exe 160758 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\1232640.exe 3601 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\1233671.exe 3601 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\1234359.exe 3601 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\15225703.exe 67678 bytes executable

c:\documents and settings\Jérémy\Application Data\drivers\downld\15252250.exe 1508 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\15255000.exe 1508 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\15256359.exe 1508 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\15258156.exe 13242 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\15261968.exe 13242 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\15263593.exe 13242 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\15265421.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\15267015.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\15268046.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\15318921.exe 95027 bytes executable

c:\documents and settings\Jérémy\Application Data\drivers\downld\15349750.exe 685 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\15350265.exe 685 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\15350453.exe 685 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\15422218.exe 31028 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\15424984.exe 30846 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\15426421.exe 30881 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\1227687.exe 3601 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\1235171.exe 3601 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\15427875.exe 3252 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\15727703.exe 3601 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\343453.exe 95027 bytes executable

c:\documents and settings\Jérémy\Application Data\drivers\downld\523171.exe 67678 bytes executable

c:\documents and settings\Jérémy\Application Data\drivers\downld\601812.exe 13242 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\783406.exe 94996 bytes executable

c:\documents and settings\Jérémy\Application Data\drivers\downld\891750.exe 3252 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\601843.exe 13242 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\642515.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\643718.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\644562.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\651843.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\653156.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\653953.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\662015.exe 13242 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\664765.exe 13242 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\665203.exe 863748 bytes executable

c:\documents and settings\Jérémy\Application Data\drivers\downld\671062.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\672296.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\673046.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\673328.exe 863748 bytes executable

c:\documents and settings\Jérémy\Application Data\drivers\downld\676359.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\679890.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\681265.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\682890.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\684218.exe 863748 bytes executable

c:\documents and settings\Jérémy\Application Data\drivers\downld\687156.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\688468.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\719171.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\721140.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\722609.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\739031.exe 73266 bytes executable

c:\documents and settings\Jérémy\Application Data\drivers\downld\741718.exe 94996 bytes executable

c:\documents and settings\Jérémy\Application Data\drivers\downld\745718.exe 73266 bytes executable

c:\documents and settings\Jérémy\Application Data\drivers\downld\754578.exe 73266 bytes executable

c:\documents and settings\Jérémy\Application Data\drivers\downld\759187.exe 95027 bytes executable

c:\documents and settings\Jérémy\Application Data\drivers\downld\770531.exe 3601 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\774687.exe 3601 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\775656.exe 3601 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\776171.exe 3601 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\778640.exe 3601 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\779203.exe 3601 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\782796.exe 3601 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\355171.exe 94996 bytes executable

c:\documents and settings\Jérémy\Application Data\drivers\downld\373984.exe 685 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\376062.exe 94996 bytes executable

c:\documents and settings\Jérémy\Application Data\drivers\downld\377171.exe 685 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\377562.exe 685 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\453390.exe 31478 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\456703.exe 31011 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\457546.exe 685 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\458468.exe 685 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\458515.exe 31478 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\458671.exe 685 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\460187.exe 3252 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\461937.exe 3252 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\462171.exe 3252 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\465515.exe 30798 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\467718.exe 31025 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\468578.exe 31350 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\470140.exe 3252 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\471937.exe 3252 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\472031.exe 3252 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\487359.exe 67678 bytes executable

c:\documents and settings\Jérémy\Application Data\drivers\downld\498171.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\500484.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\501781.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\503687.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\505312.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\506421.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\517359.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\520156.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\521000.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\522546.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\523031.exe 67678 bytes executable

c:\documents and settings\Jérémy\Application Data\drivers\downld\15428140.exe 3252 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\15428265.exe 3252 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\15457906.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\15460093.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\15461156.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\15462875.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\15464375.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\15465515.exe 766 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\15482171.exe 160011 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\15485546.exe 160011 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\15487531.exe 160011 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\15575578.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\15576890.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\15577812.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\15593046.exe 863748 bytes executable

c:\documents and settings\Jérémy\Application Data\drivers\downld\15689531.exe 73266 bytes executable

c:\documents and settings\Jérémy\Application Data\drivers\downld\15725484.exe 3601 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\15728609.exe 3601 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\197468.exe 1508 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\197750.exe 67678 bytes executable

c:\documents and settings\Jérémy\Application Data\drivers\downld\200640.exe 1508 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\201796.exe 1508 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\203656.exe 13242 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\224984.exe 1508 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\228812.exe 1508 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\229687.exe 1508 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\231343.exe 13242 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\242093.exe 13242 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\246140.exe 67678 bytes executable

c:\documents and settings\Jérémy\Application Data\drivers\downld\256765.exe 13242 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\258390.exe 13242 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\260375.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\263062.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\263765.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\272859.exe 1508 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\275406.exe 1508 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\276437.exe 1508 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\278109.exe 13242 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\286875.exe 13242 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\287406.exe 13242 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\288687.exe 13242 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\290968.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\294171.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\294921.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\328312.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\331046.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\downld\332031.exe 5849 bytes

c:\documents and settings\Jérémy\Application Data\drivers\srosa.sys 117836 bytes executable

c:\documents and settings\Jérémy\Application Data\m\flec006.exe 94996 bytes executable

c:\documents and settings\Jérémy\Application Data\m\shared

c:\documents and settings\Jérémy\Application Data\m\shared\123 CD Ripper 2.20.zip 1580669 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\2.Nod32.Key.Generator.All.Version.zip 1764455 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\3D Architecture Animation Creator 1.2.zip 2841653 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\7art Glorious Trees ScreenSaver 1.5.zip 3632761 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\AahaaFM-Tamil FM 1.0.0.0.zip 3448722 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\AbsoluteTools-PassGen 1.0.zip 2356095 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Acala DivX to iPod 3.1.0.zip 3040598 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Adore64 1.0.zip 3251209 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Advanced Disk Catalog 1.51.zip 5404959 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Alive Internet Eraser 1.0.2.8.zip 2461836 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Amigos Spanish Puzzles 2.8.1.zip 3498437 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Attachment Builder 1.0.zip 2087235 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Audio Converter & Mixer 3.1.1.zip 2642508 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\LingvoSoft Talking Dictionary 2008 Spanish Russian 4.1.29.zip 2485460 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Look up a word 0.2.zip 1951707 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Magnesium 0 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\MailStore Home 3.0.0.2349.zip 3020043 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Mega Lottery Picker 0.52.zip 2139032 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Microsoft Save as PDF or XPS 1.0.zip 3399611 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\MightyFax 3.63.zip 4524850 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Mobile Barcoder 0.2.0.zip 4291434 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Dan's Hand 1.zip 4481311 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\DataMatrix Recognizer 1.000.zip 3198744 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Easy Hard Drive Space Monitor 1.2.1.zip 1206278 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Emoticon Patch 3.0.zip 2727996 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\English-Russian Verb Reference System 1.0.zip 992934 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Ewido.Anti-Spyware.4.0.0.172.Serial.+.Patch.updated-fixed.07-2006.zip 2667343 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\FIFA_Football_2005_-_Mobile_International_Edition_0.5_-_Nokia_S60_By_Black_Scorpion.zip 2773413 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\The_Simpsons_Nokia_240-320_s60v3_N95.zip 4774129 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\TimeCEO 2.0.zip 1638549 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\To Do Database 1.0.zip 2419803 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\TrueMirror 2.7.1.zip 5248892 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Vibra2000 1.0 r2.zip 3753664 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\VIPcam 1.0.zip 1338174 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Virtual Stopwatch Pro 3.18.zip 3031149 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\VS EZLaunch 1.1.zip 2484737 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Widget Maker 2.3.zip 3250270 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Winamp Bookmarks to Window Media Player Playlist 1.0.zip 2436607 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Northern Bullfinches Wallpaper 3.11.zip 3186333 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\NZ Bliss Desktop Backgrounds 1.8.zip 3743287 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\OpcDbGateway 3.11.00.zip 2857191 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Payroll Plus Standard 2008 3.08.4.24.zip 3852261 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\PC Musicbox 2.1.zip 3166167 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\PDF-Tools 3.6 build 119.zip 1543155 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\PeonySoft Audio to M4A Converter 2.0.1.zip 2638683 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\PhotoLift 2.0.zip 1069004 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\PHP Excel 1.6.3.zip 2165365 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Poker Term of the Day 1.0.zip 1575256 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Home Budget 3.0.zip 5727052 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Htm2Pic 1.4.3.zip 3315377 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\i-Covers 2008.a.zip 1698632 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Image22 ActiveX 1.1.1.zip 4102832 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\IMAP Notify 1.0.4.zip 2264217 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Internet Content Logger 1.2.zip 3178081 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\kaspersky personal security suite key.zip 4230515 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Kaspersky Rescue Disk 8.8.0.90.zip 1251586 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Latest Games 1.0.0.0.zip 1902298 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Leonardo Da Vinci Screensaver.zip 1830134 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Audubon Quadrupeds 1.0.zip 1999933 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\D-Softs DB Compare 2.03.zip 4288921 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\FileBack PC 4.1.080917.zip 2955267 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Portable NetSetMan 2.5.1.zip 3718640 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\SCMPX 1.5.1.zip 3211189 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\The Lotto King 4.0.zip 2335819 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Wondershare Walkman Video Suite 4.0.3.5.zip 3209059 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Autoroute SMTP 1.1.zip 3958730 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\avast-keygen.4.6.691.zip 1369055 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Avast.Antivirus.Pro.v4.6.739.FR.Incl-Keygen.par.eMule-Paradise.com.zip 2138214 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Avira AntiVir Command Line Scanner 7.06.00.59.zip 4218637 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Babya bSecure 1.0.zip 1390020 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Be Mine 104s.zip 1648889 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\BlueTunes 1.6.zip 1343099 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\BuzzOff 1.1.0.0.zip 3025840 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\CalendarMirror for Outlook 2.1.zip 4396490 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Customer Marketing and Relationship Management Software 1.0.czip

c:\documents and settings\Jérémy\Application Data\m\shared\Customer Marketing and Relationship Management Software 1.0.zip 778382 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\RCKRtty 3.17.zip 970047 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\rebuilt.Ewido.4.0.Keygen.zip 3378599 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\rebuilt.McAfee.Internet.Security.Suite.2007.7.00.zip 2832106 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Recovery for PostgreSQL 1.1 Build 096290.zip 2241655 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Recovery for Word 3.2.0835.zip 3023198 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Resistor Basic Circuit Calc 1.0.zip 3774785 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Rhyme 1.23.zip 4876847 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Scan and Repair Utilities Anti Spyware 2007 4.02.zip 3465613 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\World Politics 1.0.0.0.zip 4839614 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Xilisoft MPEG to DVD Converter 3.0.39.1128.zip 2983952 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\XLplus 2.0.18.zip 2186300 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\XPS Split and Merge 1.0.0.0.zip 3289539 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\XUpload 2.6.zip 4730787 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Yes AntiVirus-Tool Netsky-P 3.0.zip 2957390 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\YourBestCatalog 0.92.26.zip 2190672 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\ZoneAlarm Extreme Security 8.0.212.000 Beta.zip 5612825 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\[app.ita.&.multilinguage]AVG.AntiVirus.Pro.7.5.441.build.919.keygen.freddy.zip 2647045 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\[HGame_XP][AVG][jpn_jpn][放課後激å†å€¶æ¥½éƒ¨ï½žæ·«æ¬²ã®ãƒ¢ãƒãƒ¼ãƒ•ï½

ž].zip 1444219 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Mouse Machine 1.1.zip 1570231 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\MozFBRH 0.8.7.zip 1478485 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\MP3 CD Ripper 4.01.zip 3244505 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\MXP Lister 1.2.0.zip 787003 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\My Blue Folders vol.7.zip 1907299 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\NetEasyCRM Financial Broker 1.0.zip 834931 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Nod32 v2[1].50.39 Spanish - Nod fix 1.9(licencia para toda la vida).zip 1451804 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\NOD32.Antivirus.System.2.51.20.(NT2000XP2003x64).en.español.zip 3605607 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\FN Text Converter 1.0.zip 1655279 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\FPAPal 1.0.zip 2830851 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Fun SoundPlayer Maker 2.3.0.0.zip 1982051 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\GainSet 1.2.zip 3654736 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\GermanTV Listing Downloader 3.06.zip 2692635 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\GIFfyBatch 2.10.zip 1260906 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\GuessNumber Game 1.0.0.0 Beta.zip 3112112 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\HABEdit 2.41.zip 1612986 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Hide My MAC Address 1.0.2705.21817.zip 3919520 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Secret! Desktop 4.2.zip 2266075 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\ServiceBuilder 4.60322.zip 2230322 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\ShowDep 4.0 beta 1.zip 2457214 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Smart Board Example Adding Multiple Vectors 1.0.zip 1328938 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\SMSCaster E-Marketer CDMA 3.6 Build 999.zip 2004844 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Software Safe 2.zip 1885210 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Spring Stream - Animated Screensaver 5.07.zip 2913287 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\Spyware Adware Alert SE 2008 4.0.3225.516.zip 2872784 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\SystemInfo 1.0.zip 4347335 bytes

c:\documents and settings\Jérémy\Application Data\m\shared\TEU.SYMANTEC.2006.zip 2642140 bytes

c:\documents and settings\Jérémy\Application Data\Symantec\Shared

c:\documents and settings\Jérémy\Application Data\Symantec\Shared\MyProfile.UserProfile 1035 bytes

c:\documents and settings\Jérémy\Application Data\Symantec\Shared\Sessions

c:\documents and settings\Jérémy\Application Data\Symantec\Shared\Sessions\20051221102758687.liveReg 13578 bytes

 

Scan terminé avec succès

Fichiers cachés: 371

 

**************************************************************************

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"drvsyskit"="c:\\Documents and Settings\\Jérémy\\Application Data\\drivers\\winupgro.exe"

"german.exe"="c:\\WINDOWS\\system32\\wintems.exe"

"mule_st_key"="c:\\Documents and Settings\\Jérémy\\Application Data\\m\\flec006.exe"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srosa]

"ImagePath"="\??\c:\documents and settings\Jérémy\Application Data\drivers\srosa.sys"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(852)

c:\windows\system32\VESWinlogon.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\spool\drivers\w32x86\3\HP1006MC.EXE

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\windows\system32\wdfmgr.exe

c:\program files\Sony\VAIO Event Service\VESMgr.exe

c:\program files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

c:\program files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

c:\program files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

c:\program files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

c:\documents and settings\Jérémy\Application Data\drivers\winupgro.exe

c:\program files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

c:\program files\Apoint\ApntEx.exe

c:\program files\Java\jre1.6.0_07\bin\jucheck.exe

c:\windows\system32\rundll32.exe

.

**************************************************************************

.

Heure de fin: 2008-12-11 18:22:40 - La machine a redémarré

ComboFix-quarantined-files.txt 2008-12-11 11:22:36

 

Avant-CF: 22 325 538 816 octets libres

Après-CF: 21,690,855,424 octets libres

 

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

 

1021 --- E O F --- 2008-12-11 11:16:58

pear Devil Member !

pear

Posté(e)
Posté(e)

Bonjour,

 

Si vous avez voulu battre un record, vous n'êtes pas loin du podium!

 

Combo, Nettoyage

# Déconnectez-vous du net et désactivez l'antivirus (juste le temps de la procédure !)

Connecter tous les disques amovibles (disque dur externe, clé USB).

Dans certaines circonstances , le Mode sans échec peut être nécessaire

Ouvrez Combofix

# Dans le bloc-note ,copiez-collez ces lignes :

 

Killall::

 

Driver::

srosa

 

File::

c:\Documents and Settings\Jérémy\Application Data\m\flec006.exe

c:\WINDOWS\system32\wintems.exe

c:\documents and settings\Jérémy\Application Data\drivers\srosa.sys

c:\documents and settings\Jérémy\Application Data\drivers\srosa2.sys

c:\Documents and Settings\Jérémy\\Application Data\drivers\winupgro.exe

C:\wjlc.exe

C:\6fnlpetp.exe

c:\windows\system32\vamsoft.exe

c:\windows\system32\vbsdfe1.dll

c:\windows\system32\vbsdfe0.dll

C:\fvbk.exe

C:\2u.com

C:\g8rruyw.exe

C:\o1.com

C:\snaoc9i.exe

C:\whi.com

C:\sq.com

C:\xlk9.com

C:\2fiji.com

C:\gx.com

c:\windows\system32\tavo2.dll

C:\o6pq1n8.com

C:\qkarc.exe

C:\sasyg1y8.com

C:\39lpji.com

G:\l1.cmd

K:\Secret.exe

G:\g2pfnid.com

H:\fvbk.exe

G:\xih9.cmd

G:\j.cmd

G:\sxs.exe

G:\fphj6j31.bat

G:\Secret.exe

G:\hupxj.bat

G:\d.bat

 

Folder::

c:\documents and settings\Jérémy\Application Data\drivers\downld

C:\documents and settings\Jérémy\Application Data\m

 

DirLook::

c:\documents and settings\Jérémy\Application Data\drivers

 

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"vamsoft"=-

"drvsyskit"=-

"german.exe"=-

"mule_st_key"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{189e6b30-69d5-11dd-bae7-0013ceaef5b9}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b8f6b1e-7554-11da-b542-0013ceaef5b9}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48fd98a3-c683-11db-b78c-0013ceaef5b9}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60b0f348-98e5-11dd-bb3e-0013ceaef5b9}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66f44d48-3db8-11db-b66c-0013ceaef5b9}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fe4db9a-0755-11dc-b7f2-0013ceaef5b9}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9154f8e1-1ce0-11dd-ba5b-0013ceaef5b9}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95452048-70ba-11db-b6d8-0013ceaef5b9}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c62c3774-a5f8-11dc-b94b-0013ceaef5b9}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ccadeb64-c263-11db-b782-0013ceaef5b9}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d04b45a4-3d49-11db-b66a-0013ceaef5b9}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7c5ec35-34d5-11db-b65a-0013ceaef5b9}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4727110-43f7-11db-b673-0013ceaef5b9}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f12f5cc4-7f1a-11dc-b8ee-0013ceaef5b9}]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Documents and Settings\\Jérémy\\Application Data\\m\\flec006.exe"=-

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srosa]

 

 

* Attention, ce code a été rédigé spécialement pour cet utilisateur, il serait dangereux de le réutiliser dans d'autres cas !

Enregistrez-le en lui donnant le nom CFScript.txt

* Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

img-191202xzrpd.gif

* Au message qui apparait dans une fenêtre bleue ( Type 1 to continue, or 2 to abort) , taper 1 puis valider.

* Patienter le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne toucher à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poster son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...