Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[resolu]virus backdoor.bifrose

nimas83

Par nimas83
dans Analyses et éradication malwares

 Partager

Messages recommandés

nimas83 Junior Member

nimas83

Posté(e)
Posté(e)

Bonjour a tous,

 

voici mon probleme : Hier j'ai reçu un mail d'ebay m'indiquant que le password de mon compte avait eté bloqué en gro s a cause d'une tentative de piratage

Ce n'est pas du phishing, aucun lien sur lequel il fallait cliquer et le mail venait bien d'ebay

 

j'ai trouvé et supprimer quelque trojan/virus avec le logiciel malwarebytes, mais j'en ai un qui persite detecté par spyware doctor, il s'appele backdoor.bifrose et se caractérise par la prsense d'un fichier addons.datdans le dossier C:\Documents and Settings\Steph\Application Data quand spyware doctor le supprime il réaparait après un redemarage

 

j'ai fait un scan avec hijackthis et combofix, voici les logs merci pour votre aide :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:16:05, on 20/06/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\alg.exe

C:\Documents and Settings\Steph\Bureau\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [bCWipeTM Startup] "C:\Program Files\Jetico\BCWipe\BCWipeTM.exe" startup

O4 - HKLM\..\Run: [WMP Update] C:\WINDOWS\system32\Wmpupdate.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

 

--

End of file - 11556 bytes

 

 

---------------------------------------------------

 

 

ComboFix 09-06-19.01 - Steph 20/06/2009 18:37.1 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3070.2475 [GMT 2:00]

Lancé depuis: c:\documents and settings\Steph\Bureau\ComboFix.exe

AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: Pare-feu personnel d'ESET *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

D:\resycled

c:\documents and settings\Steph\Application Data\addons.dat

c:\program files\hp\digital imaging\bin\hpqddcmn.dll

c:\windows\system32\AutoRun.inf

d:\resycled\boot.com

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-05-20 au 2009-06-20 ))))))))))))))))))))))))))))))))))))

.

 

2009-06-20 14:33 . 2009-06-20 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion

2009-06-20 14:33 . 2009-06-20 14:33 -------- d-----w- c:\documents and settings\Steph\Application Data\Yahoo!

2009-06-20 14:33 . 2009-06-20 14:33 -------- d-----w- c:\program files\Yahoo!

2009-06-20 06:04 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2009-06-20 06:04 . 2009-06-20 06:24 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2009-06-20 06:04 . 2008-12-18 10:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2009-06-20 06:04 . 2009-06-20 06:05 -------- d-----w- c:\program files\Fichiers communs\PC Tools

2009-06-20 06:04 . 2008-12-10 10:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2009-06-20 06:04 . 2009-06-20 06:28 -------- d-----w- c:\program files\Spyware Doctor

2009-06-20 06:04 . 2009-06-20 06:04 -------- d-----w- c:\documents and settings\Steph\Application Data\PC Tools

2009-06-20 06:04 . 2009-06-20 06:04 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2009-06-19 19:09 . 2009-06-19 19:09 -------- d-----w- c:\documents and settings\Steph\Local Settings\Application Data\ESET

2009-06-19 16:44 . 2009-06-19 16:44 -------- d-----w- c:\windows\system32\xircom

2009-06-19 16:44 . 2009-06-19 16:44 -------- d-----w- c:\windows\system32\wbem\snmp

2009-06-19 16:44 . 2009-06-19 16:44 -------- d-----w- c:\program files\microsoft frontpage

2009-06-19 16:33 . 2009-06-19 16:33 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-06-19 16:31 . 2009-06-19 16:31 -------- d-----w- c:\documents and settings\Steph\Application Data\Malwarebytes

2009-06-19 16:31 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-06-19 16:31 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-06-19 16:31 . 2009-06-19 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-06-19 16:31 . 2009-06-19 16:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-06-19 15:56 . 2009-06-19 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software

2009-06-18 18:48 . 2009-06-18 18:48 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2009-06-17 10:55 . 2009-06-17 10:55 -------- d-----w- c:\windows\Sun

2009-06-10 17:24 . 2009-04-30 21:16 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2009-06-10 17:24 . 2009-04-30 21:16 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll

2009-06-04 09:08 . 2008-04-13 14:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys

2009-06-04 09:08 . 2008-04-13 14:46 15232 ----a-w- c:\windows\system32\drivers\MPE.sys

2009-06-04 09:08 . 2008-04-13 14:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys

2009-06-04 09:08 . 2008-04-13 14:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys

2009-06-04 09:08 . 2008-04-13 14:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys

2009-06-04 09:08 . 2008-04-13 14:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS

2009-06-04 09:08 . 2008-04-13 14:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys

2009-06-04 09:08 . 2008-04-13 14:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys

2009-06-04 09:07 . 2008-11-11 11:49 247968 ----a-r- c:\windows\system32\drivers\AF9035BDA.sys

2009-06-04 09:07 . 2008-09-01 08:36 356 ----a-r- c:\windows\system32\AF15IrTbl.bin

2009-06-04 09:07 . 2008-04-13 22:33 54784 ----a-w- c:\windows\system32\vfwwdm32.dll

2009-06-04 09:07 . 2008-04-13 22:33 363520 ----a-w- c:\windows\system32\PsisDecd.dll

2009-06-04 09:07 . 2008-04-13 14:46 11776 ----a-w- c:\windows\system32\drivers\BdaSup.sys

2009-06-04 08:40 . 2009-06-04 08:40 -------- d-----w- c:\documents and settings\All Users\Application Data\TerraTec

2009-06-04 08:40 . 2009-06-04 09:02 -------- d-----w- c:\program files\Fichiers communs\TerraTec

2009-06-04 08:40 . 2009-06-04 08:40 -------- d-----w- c:\program files\TerraTec

2009-06-04 08:39 . 2009-06-04 08:39 -------- d-----w- c:\documents and settings\Steph\Application Data\TerraTec

2009-06-04 05:48 . 2009-06-04 05:48 -------- d-----w- c:\documents and settings\Steph\Application Data\HP

2009-05-31 10:18 . 2008-04-07 03:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll

2009-05-31 10:18 . 2008-04-07 03:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll

2009-05-27 16:35 . 2009-05-27 16:49 -------- d-----w- c:\documents and settings\Steph\Application Data\FrostWire

2009-05-27 16:22 . 2009-05-27 16:32 -------- d-----w- c:\documents and settings\Steph\Application Data\LimeWire

2009-05-27 16:22 . 2009-05-27 16:22 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-05-27 16:22 . 2009-05-27 16:22 -------- d-----w- c:\program files\Java

2009-05-27 16:22 . 2009-05-27 16:22 152576 ----a-w- c:\documents and settings\Steph\Application Data\Sun\Java\jre1.6.0_11\lzma.dll

2009-05-27 16:21 . 2009-06-18 16:14 200704 ----a-w- c:\windows\system32\Wmpupdate.exe

2009-05-27 16:21 . 2009-05-07 09:56 19672576 ----a-w- c:\windows\LimeWireWin.exe

2009-05-27 16:20 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2009-05-27 16:03 . 2009-05-27 16:20 -------- d-----w- c:\program files\eMule

2009-05-26 13:46 . 2009-05-26 13:46 -------- d-----w- c:\program files\Jetico

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-20 16:43 . 2009-05-18 19:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-06-20 07:13 . 2009-04-13 17:30 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-06-20 06:46 . 2009-04-13 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\EmailNotifier

2009-06-12 12:10 . 2008-04-14 12:00 81626 ----a-w- c:\windows\system32\perfc00C.dat

2009-06-12 12:10 . 2008-04-14 12:00 503628 ----a-w- c:\windows\system32\perfh00C.dat

2009-06-11 11:33 . 2009-04-13 18:19 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys

2009-06-11 11:33 . 2009-04-13 18:19 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys

2009-06-10 17:43 . 2009-04-13 18:24 153920 ----a-w- c:\documents and settings\Steph\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-06-10 17:40 . 2009-04-13 18:28 1625008 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2009-06-10 17:39 . 2009-04-14 06:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-06-10 17:36 . 2009-04-14 06:14 -------- d-----w- c:\program files\Microsoft Works

2009-06-09 10:52 . 2009-04-13 18:14 -------- d-----w- c:\documents and settings\Steph\Application Data\GrabIt

2009-06-08 10:10 . 2009-05-19 08:11 -------- d-----w- c:\program files\Electronic Arts

2009-05-31 10:18 . 2009-04-13 18:18 -------- d-----w- c:\program files\Fichiers communs\Adobe

2009-05-19 17:31 . 2009-05-19 08:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts

2009-05-19 08:14 . 2009-05-19 08:14 10134 ----a-r- c:\documents and settings\Steph\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe

2009-05-19 08:14 . 2009-05-19 08:14 -------- d-----w- c:\program files\Microsoft WSE

2009-05-15 09:40 . 2009-05-15 09:40 -------- d-----w- c:\program files\CCleaner

2009-05-14 21:03 . 2009-05-14 21:03 -------- d-----w- c:\documents and settings\Steph\Application Data\ImgBurn

2009-05-14 19:04 . 2009-05-14 19:04 -------- d-----w- c:\program files\ImgBurn

2009-05-13 13:28 . 2009-04-13 18:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel

2009-05-13 05:04 . 2008-12-20 22:47 915456 ----a-w- c:\windows\system32\wininet.dll

2009-05-11 08:52 . 2009-04-13 18:05 -------- d-----w- c:\program files\GrabIt

2009-05-07 15:33 . 2008-04-14 12:00 348672 ----a-w- c:\windows\system32\localspl.dll

2009-05-04 15:34 . 2009-04-23 16:18 -------- d-----w- c:\documents and settings\Steph\Application Data\Nero

2009-04-27 08:18 . 2009-04-27 08:18 -------- d-----w- c:\program files\Pochette Express 2

2009-04-27 07:03 . 2009-04-25 17:28 -------- d-----w- c:\program files\Microsoft Silverlight

2009-04-25 18:08 . 2009-04-13 18:09 -------- d-----w- c:\program files\Google

2009-04-23 15:33 . 2009-04-23 15:15 -------- d-----w- c:\program files\Fichiers communs\Nero

2009-04-23 15:25 . 2009-04-23 15:15 -------- d-----w- c:\program files\Nero

2009-04-23 15:24 . 2009-04-23 15:24 -------- d-----w- c:\program files\Windows Sidebar

2009-04-23 15:21 . 2009-04-23 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero

2009-04-23 13:51 . 2009-04-14 17:40 -------- d-----w- c:\documents and settings\Steph\Application Data\dvdcss

2009-04-23 11:43 . 2009-04-23 11:43 -------- d-----w- c:\documents and settings\LocalService\Application Data\agi

2009-04-23 11:42 . 2009-04-23 11:42 339968 ----a-w- c:\windows\system32\pythoncom25.dll

2009-04-23 11:42 . 2009-04-23 11:42 2117632 ----a-w- c:\windows\system32\python25.dll

2009-04-23 11:42 . 2009-04-23 11:42 114688 ----a-w- c:\windows\system32\pywintypes25.dll

2009-04-19 19:42 . 2009-04-10 00:16 1847936 ----a-w- c:\windows\system32\win32k.sys

2009-04-16 12:30 . 2009-04-16 12:30 97248 ----a-w- c:\windows\system32\drivers\snapman.sys

2009-04-15 14:53 . 2008-04-14 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll

2009-04-14 06:28 . 2009-04-14 06:19 158818 ----a-w- c:\windows\hpoins15.dat

2009-04-13 18:28 . 2009-04-13 18:28 721904 ----a-w- c:\windows\system32\drivers\sptd.sys

2009-04-13 18:20 . 2009-04-13 17:09 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-04-13 18:19 . 2009-04-13 18:19 8 --sh--r- c:\documents and settings\All Users\Application Data\C3BED7BE0E.sys

2009-04-13 18:19 . 2009-04-13 18:19 8 --sh--r- c:\documents and settings\All Users\Application Data\C3BED7BE0E.sys

2009-04-13 17:43 . 2009-04-13 17:43 0 ----a-w- c:\windows\ativpsrm.bin

2009-04-13 17:07 . 2009-04-13 17:07 21892 ----a-w- c:\windows\system32\emptyregdb.dat

2009-04-10 00:19 . 2001-08-23 22:47 77891 ----a-w- c:\windows\system32\usrmlnka.exe

2009-04-10 00:16 . 2009-04-10 00:16 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys

2009-04-10 00:16 . 2009-04-10 00:16 219648 ----a-w- c:\windows\system32\uxtheme.dll

2009-04-10 00:16 . 2009-04-10 00:16 142336 ----a-w- c:\windows\system32\sfc_os.dll

2009-04-10 00:16 . 2009-04-10 00:16 1013248 ----a-w- c:\windows\system32\syssetup.dll

2009-04-10 00:16 . 2009-04-10 00:16 938496 ----a-w- c:\windows\system32\wmnetmgr.dll

2009-04-10 00:16 . 2009-04-10 00:16 100864 ----a-w- c:\windows\system32\logagent.exe

2009-04-10 00:16 . 2009-04-10 00:16 144896 ----a-w- c:\windows\system32\schannel.dll

2009-04-10 00:16 . 2009-04-10 00:16 333952 ----a-w- c:\windows\system32\drivers\srv.sys

2009-04-10 00:16 . 2009-04-10 00:16 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2009-04-10 00:14 . 2009-04-13 17:07 691712 ----a-w- c:\windows\system32\inetcomm.dll

2009-04-10 00:14 . 2009-04-10 00:14 253952 ----a-w- c:\windows\system32\es.dll

2009-04-10 00:14 . 2009-04-10 00:14 203136 ----a-w- c:\windows\system32\drivers\RMCast.sys

2009-04-10 00:14 . 2009-04-10 00:14 414720 ----a-w- c:\windows\system32\msscp.dll

2009-04-10 00:13 . 2009-04-10 00:13 4096 ----a-w- c:\windows\system32\wmvdmoe2.dll

2009-04-10 00:13 . 2009-04-10 00:13 4096 ----a-w- c:\windows\system32\wmvdmod.dll

2009-04-10 00:13 . 2009-04-10 00:13 603648 ----a-w- c:\windows\system32\wmspdmod.dll

2009-04-10 00:13 . 2009-04-10 00:13 1329152 ----a-w- c:\windows\system32\wmspdmoe.dll

2009-04-10 00:13 . 2009-04-10 00:13 99840 ----a-w- c:\windows\system32\wmpshell.dll

2009-04-10 00:13 . 2009-04-10 00:13 8292352 ----a-w- c:\windows\system32\wmploc.dll

2009-04-10 00:13 . 2009-04-10 00:13 4096 ----a-w- c:\windows\system32\wmsdmoe2.dll

2009-04-10 00:13 . 2009-04-10 00:13 4096 ----a-w- c:\windows\system32\wmsdmod.dll

2009-04-10 00:13 . 2009-04-10 00:13 314880 ----a-w- c:\windows\system32\wmpdxm.dll

2009-04-10 00:13 . 2009-04-10 00:13 242688 ----a-w- c:\windows\system32\wmpasf.dll

2009-03-30 15:13 . 2009-04-13 17:30 5063168 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys

2009-03-27 09:22 . 2009-04-13 17:30 17567744 ----a-w- c:\windows\RTHDCPL.EXE

2009-03-25 14:33 . 2009-03-25 14:33 21083176 ----a-w- c:\documents and settings\All Users\Application Data\Corel\Downloads\540225279_410012\1235587639613\PSPPX2ULRAW200904DEFIGS.exe

.

 

------- Sigcheck -------

 

[-] 2009-04-10 00:16 361600 DF70435F3D17C40D5CB15E6DC918342E c:\windows\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-16 39408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]

"BCWipeTM Startup"="c:\program files\Jetico\BCWipe\BCWipeTM.exe" [2008-09-04 545520]

"WMP Update"="c:\windows\system32\Wmpupdate.exe" [2009-06-18 200704]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-18 68592]

"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-27 17567744]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"_nltide_2"="shell32" [X]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=

"c:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

 

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [20/06/2009 08:04 130936]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06/02/2009 14:23 106208]

R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [06/02/2009 14:23 727720]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [20/06/2009 08:04 348752]

R3 DFE528TX;D-Link DFE-528TX PCI Adapter;c:\windows\system32\drivers\DLKRTL.SYS [20/04/2009 22:21 45568]

S3 AF9035BDA;Cinergy T-Stick service;c:\windows\system32\drivers\AF9035BDA.sys [04/06/2009 11:07 247968]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [14/04/2009 11:21 1684736]

S3 ovt530;Webcam Classic;c:\windows\system32\Drivers\ov530vid.sys --> c:\windows\system32\Drivers\ov530vid.sys [?]

S4 BCSWAP;BCSWAP;c:\windows\system32\drivers\bcswap.sys [14/05/2009 12:23 91496]

 

--- Autres Services/Pilotes en mémoire ---

 

*Deregistered* - mchInjDrv

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F3F255F4-1AEB-1DF7-1AE8-64986D17E0AF}]

c:\program files\PrintSpooler\printspool.exe s

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/

IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Ajouter à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convertir au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-20 18:43

Windows 5.1.2600 Service Pack 3 NTFS

 

detected NTDLL code modification:

ZwClose

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

WMP Update = c:\windows\system32\Wmpupdate.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]

"C040710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(772)

c:\windows\system32\Ati2evxx.dll

c:\program files\Fichiers communs\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

 

- - - - - - - > 'explorer.exe'(504)

c:\program files\Spyware Doctor\pctgmhk.dll

c:\program files\Google\Quick Search Box\bin\1.1.1038.9122\qsb.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

c:\windows\system32\eappprxy.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\windows\system32\ati2evxx.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe

c:\program files\Fichiers communs\Protexis\License Service\PsiService_2.exe

c:\program files\Spyware Doctor\pctsSvc.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\Internet Explorer\iexplore.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

.

**************************************************************************

.

Heure de fin: 2009-06-20 18:47 - La machine a redémarré

ComboFix-quarantined-files.txt 2009-06-20 16:47

 

Avant-CF: 291 835 105 280 octets libres

Après-CF: 294 138 740 736 octets libres

 

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect /noexecute=alwaysoff

 

282 --- E O F --- 2009-06-12 05:15

angelique Devil Member !

angelique

Posté(e)
Posté(e)

• Vas sur le site http://virusscan.jotti.org/

  • Clique en haut à droite sur "Parcourir", navigue dans les dossiers et sélectionne ce fichier : c:\program files\PrintSpooler\printspool.exe
  • Clique sur submit toujours en haut à droite
  • Le scan va se lancer, ça va prendre un petit instant
  • A la fin du scan, un rapport va apparaître : Copie/Colle le résultat complet du scan dans un fichier texte
  • Poste ce fichier dans ta prochaine réponse

ATTENTION de bien prendre le résultat du scan de ton fichier (le nom du fichier apparaît en haut) et non le scan fait avant le tiens!

Aide : http://www.malekal.com/scan_Av_en_ligne.html#mozTocId662799

 

• SpyHunter et Spyware Doctor sont proposés via de faux blogs de sécurité... Ces faux blogs sont créés par des sociétés affiliées qui multiplient les sites WEB et tentent d'être dans les premiers résultats de Google concernant une des infections présentes sur ton PC.

Ces faux blogs proposent des versions payantes pour soit disant désinfecter son PC, ces sociétés affiliés touchent un % sur la ventes

 

Ce sont des pratiques douteuses et très limites, et non des méthodes dignes d'antispywares sérieux.

Je te conseille donc de désinstaller SpyHunter et/ou Spyware Doctor s'il est présent sur ton PC.

 

Pour plus d'informations, voir : http://forum.malekal.com/viewtopic.php?f=56&t=12847

nimas83 Junior Member

nimas83

Posté(e)
  • Auteur
Posté(e) (modifié)

Merci pour ton aide

 

J'ai fait scanner le fichier qui semble très suspect en effet (je l'avais pas vu celui la!) mais a la fin je n'ai pas trouvé de rapport que je puisse mettre sous forme de txt car il n'affiche pas un tableau comme sur le lien de ton tuto mais affiche un logo de chaque antivirus suivi du résultat

 

voici

 

 

2009-06-20 Rien trouvé 2009-06-19 Rien trouvé

2009-06-20 Backdoor.Win32.Poison!IK 2009-06-20 Backdoor.Win32.Poison

2009-06-19 Rien trouvé 2009-06-20 Rien trouvé

2009-06-20 Rien trouvé 2009-06-20 Rien trouvé

2009-06-20 TR/Dropper.Gen 2009-06-19 Rien trouvé

2009-06-20 Rien trouvé 2009-06-20 Bck/Poison.F

2009-06-20 Rien trouvé 2009-06-19 Rien trouvé

2009-06-20 Rien trouvé 2009-06-20 Mal/Generic-A

2009-06-20 Rien trouvé 2009-06-19 Rien trouvé

2009-06-19 Rien trouvé 2009-06-19 Rien trouvé

 

j'ai un lien permanent concernant mon scan

 

http://virusscan.jotti.org/fr/scanresult/8...65958b45bd34523

 

merci pour ton aide

 

je me rappelle aussi de ce site dans le meme genre, je ne sais pas ce que tu en pense http://www.virustotal.com/fr/

 

résultat

 

Fichier printspool.exe reçu le 2009.06.20 18:19:16 (UTC)

Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE

 

 

Résultat: 10/41 (24.4%)

en train de charger les informations du serveur...

Votre fichier est dans la file d'attente, en position: 4.

L'heure estimée de démarrage est entre 81 et 116 secondes.

Ne fermez pas la fenêtre avant la fin de l'analyse.

L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.

Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.

Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,

les résultats seront affichés au fur et à mesure de leur génération.

Formaté Impression des résultats Votre fichier a expiré ou n'existe pas.

Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée. Email:

 

 

Antivirus Version Dernière mise à jour Résultat

a-squared 4.5.0.18 2009.06.20 Backdoor.Win32.Poison!IK

AhnLab-V3 5.0.0.2 2009.06.20 Win-Trojan/Poison.49252.B

AntiVir 7.9.0.193 2009.06.20 TR/Dropper.Gen

Antiy-AVL 2.0.3.1 2009.06.19 -

Authentium 5.1.2.4 2009.06.20 -

Avast 4.8.1335.0 2009.06.19 -

AVG 8.5.0.339 2009.06.20 -

BitDefender 7.2 2009.06.20 -

CAT-QuickHeal 10.00 2009.06.19 -

ClamAV 0.94.1 2009.06.20 -

Comodo 1381 2009.06.20 -

DrWeb 5.0.0.12182 2009.06.20 -

eSafe 7.0.17.0 2009.06.18 -

eTrust-Vet 31.6.6570 2009.06.19 -

F-Prot 4.4.4.56 2009.06.19 -

F-Secure 8.0.14470.0 2009.06.19 -

Fortinet 3.117.0.0 2009.06.19 -

GData 19 2009.06.20 -

Ikarus T3.1.1.59.0 2009.06.20 Backdoor.Win32.Poison

Jiangmin 11.0.706 2009.06.20 -

K7AntiVirus 7.10.768 2009.06.19 -

Kaspersky 7.0.0.125 2009.06.20 -

McAfee 5652 2009.06.20 -

McAfee+Artemis 5652 2009.06.20 Artemis!ACC2F6258D20

McAfee-GW-Edition 6.7.6 2009.06.20 Trojan.Dropper.Gen

Microsoft 1.4803 2009.06.20 VirTool:Win32/VBInject.gen!AN

NOD32 4173 2009.06.20 -

Norman 6.01.09 2009.06.19 -

nProtect 2009.1.8.0 2009.06.20 -

Panda 10.0.0.16 2009.06.20 Bck/Poison.F

PCTools 4.4.2.0 2009.06.20 -

Prevx 3.0 2009.06.20 Medium Risk Malware

Rising 21.34.52.00 2009.06.20 -

Sophos 4.42.0 2009.06.20 Mal/Generic-A

Sunbelt 3.2.1858.2 2009.06.20 -

Symantec 1.4.4.12 2009.06.20 -

TheHacker 6.3.4.3.350 2009.06.20 -

TrendMicro 8.950.0.1094 2009.06.20 -

VBA32 3.12.10.7 2009.06.20 -

ViRobot 2009.6.19.1796 2009.06.19 -

VirusBuster 4.6.5.0 2009.06.19 -

Information additionnelle

File size: 200704 bytes

MD5...: acc2f6258d20da5451b591169af9ade1

SHA1..: 866980ac0a7f34aa00c39b46ddc089b3be4074b2

SHA256: 4a2e9eba77c738bb789b5b8db90a97f2fa16a5d7a58b660a000a7c7ccbf77b30

ssdeep: 3072:qr096Y+xS79OJWH4PfJablz6vSMMLct2l1SW:U04YNiog4blzMyct2eW

 

PEiD..: -

TrID..: File type identification

Win32 Executable Microsoft Visual Basic 6 (90.9%)

Win32 Executable Generic (6.1%)

Generic Win/DOS Executable (1.4%)

DOS Executable Generic (1.4%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

PEInfo: PE Structure information

 

( base data )

entrypointaddress.: 0x14a0

timedatestamp.....: 0x494d1ffd (Sat Dec 20 16:40:29 2008)

machinetype.......: 0x14c (I386)

 

( 3 sections )

name viradd virsiz rawdsiz ntrpy md5

.TEXT 0x1000 0x3504 0x4000 5.16 e1e01c09a55f6e57e9de68234cf6c421

.DATA 0x5000 0x3c8 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110

.RSRC 0x6000 0x7ae8 0x2b000 5.63 4508cbdad6cd6f6bd7b8ee1e0d6ead51

 

( 1 imports )

> MSVBVM60.DLL: _CIcos, _adj_fptan, __vbaVarMove, __vbaVarVargNofree, __vbaAryMove, __vbaFreeVar, __vbaLenBstr, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, -, _adj_fprem1, __vbaRecAnsiToUni, __vbaStrCat, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryVar, __vbaAryDestruct, __vbaOnError, _adj_fdiv_m16i, _adj_fdivr_m16i, __vbaVarIndexLoad, _CIsin, __vbaErase, -, __vbaVarZero, -, __vbaChkstk, -, __vbaFileClose, __vbaGenerateBoundsError, __vbaGet3, __vbaAryConstruct2, DllFunctionCall, _adj_fpatan, __vbaRedim, __vbaRecUniToAnsi, __vbaUI1I2, _CIsqrt, __vbaExceptHandler, -, __vbaStrToUnicode, _adj_fprem, _adj_fdivr_m64, -, __vbaFPException, __vbaUbound, __vbaStrVarVal, -, _CIlog, __vbaErrorOverflow, __vbaFileOpen, __vbaNew2, -, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, __vbaDerefAry1, _adj_fdivr_m32, _adj_fdiv_r, -, __vbaAryLock, __vbaVarAdd, __vbaStrToAnsi, __vbaVarDup, __vbaFpI2, __vbaFpI4, _CIatan, __vbaAryCopy, __vbaStrMove, _allmul, _CItan, __vbaAryUnlock, _CIexp, __vbaI4ErrVar, __vbaFreeStr, -

 

( 0 exports )

 

PDFiD.: -

RDS...: NSRL Reference Data Set

-

Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=531CCCF20061CAD210BF0317868B1A006A53EAB3' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=531CCCF20061CAD210BF0317868B1A006A53EAB3</a>

 

 

 

• Vas sur le site http://virusscan.jotti.org/
  • Clique en haut à droite sur "Parcourir", navigue dans les dossiers et sélectionne ce fichier : c:\program files\PrintSpooler\printspool.exe
  • Clique sur submit toujours en haut à droite
  • Le scan va se lancer, ça va prendre un petit instant
  • A la fin du scan, un rapport va apparaître : Copie/Colle le résultat complet du scan dans un fichier texte
  • Poste ce fichier dans ta prochaine réponse

ATTENTION de bien prendre le résultat du scan de ton fichier (le nom du fichier apparaît en haut) et non le scan fait avant le tiens!

Aide : http://www.malekal.com/scan_Av_en_ligne.html#mozTocId662799• SpyHunter et Spyware Doctor sont proposés via de faux blogs de sécurité... Ces faux blogs sont créés par des sociétés affiliées qui multiplient les sites WEB et tentent d'être dans les premiers résultats de Google concernant une des infections présentes sur ton PC.

Ces faux blogs proposent des versions payantes pour soit disant désinfecter son PC, ces sociétés affiliés touchent un % sur la ventes

 

Ce sont des pratiques douteuses et très limites, et non des méthodes dignes d'antispywares sérieux.

Je te conseille donc de désinstaller SpyHunter et/ou Spyware Doctor s'il est présent sur ton PC.

 

Pour plus d'informations, voir :http://forum.malekal.com/viewtopic.php?f=56&t=12847

Modifié par nimas83
angelique Devil Member !

angelique

Posté(e)
Posté(e)

• desinstalle Limewire via ajout\supp de programmes si ce n'est pas deja fait ; c'est une poubelle à MP3 vérolés (w32.codec.changer...)

 

• tu as bien desinstallé spyware doctor truc ??ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

Folder::
c:\program files\Spyware Doctor
c:\documents and settings\Steph\Application Data\LimeWire
c:\program files\PrintSpooler
File::
c:\windows\system32\Wmpupdate.exe
c:\windows\LimeWireWin.exe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMP Update"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F3F255F4-1AEB-1DF7-1AE8-64986D17E0AF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

 

 

CFScriptB-4.gif

 

 

* suis les instructions

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

nimas83 Junior Member

nimas83

Posté(e)
  • Auteur
Posté(e)

encore merci....

 

alors j'ai fait ce que tu m'a demandé et apparament les fichiers addons.dat et le dossier PrintSpooler et son contenu ont bien disparut et ne sont pas revenu, c'est déja une première victoire, a toi de me dire au vu du log si tout est bon

 

encore mille merci !!

 

 

 

voici le log

 

ComboFix 09-06-19.01 - Steph 20/06/2009 21:15.2 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3070.2542 [GMT 2:00]

Lancé depuis: c:\documents and settings\Steph\Bureau\ComboFix.exe

Commutateurs utilisés :: c:\documents and settings\Steph\Bureau\CFScript.txt

AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: Pare-feu personnel d'ESET *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

 

FILE ::

"c:\windows\LimeWireWin.exe"

"c:\windows\system32\Wmpupdate.exe"

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Steph\Application Data\LimeWire

c:\program files\PrintSpooler

c:\program files\Spyware Doctor

c:\documents and settings\Steph\Application Data\addons.dat

c:\documents and settings\Steph\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\auth.dll

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\caps.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\composer.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\directory.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\dom.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\editor.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\find.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\intl.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\jar.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\locale.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\necko.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\oji.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\pippki.dll

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\places.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\pref.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\profile.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\storage.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\update.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\widget.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\crashreporter.exe

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\crashreporter.ini

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\dependentlibs.list

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\freebl3.chk

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\freebl3.dll

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\greprefs\all.js

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\js3250.dll

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\LICENSE

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\modules\debug.js

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\modules\utils.js

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\mozctl.dll

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\mozctlx.dll

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\msvcr71.dll

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\nspr4.dll

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\nss3.dll

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\nssckbi.dll

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\nssutil3.dll

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\platform.ini

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\plc4.dll

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\plds4.dll

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\README.txt

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\arrow.gif

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\designmode.css

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\forms.css

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\grabber.gif

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\html.css

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\html\folder.png

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\language.properties

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\mathml.css

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\quirk.css

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\svg.css

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\ua.css

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\viewsource.css

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\smime3.dll

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\softokn3.chk

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\softokn3.dll

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\sqlite3.dll

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\ssl3.dll

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\updater.exe

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\version.properties

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\xpcom.dll

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\xpcshell.exe

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\xpidl.exe

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\xpt_link.exe

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\xul.dll

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe

c:\documents and settings\Steph\Application Data\LimeWire\browser\xulrunner\xulrunner.exe

c:\documents and settings\Steph\Application Data\LimeWire\createtimes.cache

c:\documents and settings\Steph\Application Data\LimeWire\downloads.dat

c:\documents and settings\Steph\Application Data\LimeWire\fileurns.cache

c:\documents and settings\Steph\Application Data\LimeWire\gnutella.net

c:\documents and settings\Steph\Application Data\LimeWire\installation.props

c:\documents and settings\Steph\Application Data\LimeWire\library.dat

c:\documents and settings\Steph\Application Data\LimeWire\library5.dat

c:\documents and settings\Steph\Application Data\LimeWire\limewire.props

c:\documents and settings\Steph\Application Data\LimeWire\mojito.props

c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\.autoreg

c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_

c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_

c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_

c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_

c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\Cache\3816C1E5d01

c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\Cache\4BC70045d01

c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\Cache\51CFDFBBd01

c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01

c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\Cache\AE98BDF8d01

c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A9Bd01

c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\Cache\DFCB219Ed01

c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\cert8.db

c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\compreg.dat

c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\cookies.sqlite

c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\downloads.sqlite

c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\extensions.cache

c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\extensions.ini

c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\history.dat

c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\key3.db

c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\permissions.sqlite

c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\places.sqlite

c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\places.sqlite-journal

c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\pluginreg.dat

c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\prefs.js

c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\secmod.db

c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\XPC.mfl

c:\documents and settings\Steph\Application Data\LimeWire\mozilla-profile\xpti.dat

c:\documents and settings\Steph\Application Data\LimeWire\promotion\promodb.properties

c:\documents and settings\Steph\Application Data\LimeWire\promotion\promodb.script

c:\documents and settings\Steph\Application Data\LimeWire\responses.cache

c:\documents and settings\Steph\Application Data\LimeWire\simpp.xml

c:\documents and settings\Steph\Application Data\LimeWire\spam.dat

c:\documents and settings\Steph\Application Data\LimeWire\tables.props

c:\documents and settings\Steph\Application Data\LimeWire\ttdata.cache

c:\documents and settings\Steph\Application Data\LimeWire\ttroot.cache

c:\documents and settings\Steph\Application Data\LimeWire\version.xml

c:\documents and settings\Steph\Application Data\LimeWire\versions.props

c:\documents and settings\Steph\Application Data\LimeWire\xml\data\video.sxml3

c:\program files\PrintSpooler\logg.dat

c:\program files\PrintSpooler\printspool.exe

c:\program files\Spyware Doctor\Alert.exe

c:\program files\Spyware Doctor\alert.wav

c:\program files\Spyware Doctor\avdb\av10-000.vdb

c:\program files\Spyware Doctor\avdb\BLST.bin

c:\program files\Spyware Doctor\avdb\info.dbsdk

c:\program files\Spyware Doctor\avdb\SFS2.bin

c:\program files\Spyware Doctor\avdb\vdb.xml

c:\program files\Spyware Doctor\avengine\PCTAVEng.dll

c:\program files\Spyware Doctor\avengine\SDAVgate.dll

c:\program files\Spyware Doctor\BH.dll

c:\program files\Spyware Doctor\bpo-sdhelp.chm

c:\program files\Spyware Doctor\cdialogs.dll

c:\program files\Spyware Doctor\ChineseSimp.lng

c:\program files\Spyware Doctor\ChineseTrad.lng

c:\program files\Spyware Doctor\commhlpr.dll

c:\program files\Spyware Doctor\commlib.dll

c:\program files\Spyware Doctor\CommLibLite.dll

c:\program files\Spyware Doctor\commom.dll

c:\program files\Spyware Doctor\csi-sdhelp.chm

c:\program files\Spyware Doctor\csi-sdhelp_pr.chm

c:\program files\Spyware Doctor\ctr-sdhelp.chm

c:\program files\Spyware Doctor\cze-sdhelp.chm

c:\program files\Spyware Doctor\Czech.lng

c:\program files\Spyware Doctor\dan-sdhelp.chm

c:\program files\Spyware Doctor\Danish.lng

c:\program files\Spyware Doctor\deu-sdhelp.chm

c:\program files\Spyware Doctor\Deutsch.lng

c:\program files\Spyware Doctor\drvctl.exe

c:\program files\Spyware Doctor\Dutch.lng

c:\program files\Spyware Doctor\eng-sdhelp.chm

c:\program files\Spyware Doctor\English.lng

c:\program files\Spyware Doctor\EnglishBritish.lng

c:\program files\Spyware Doctor\esp-sdhelp.chm

c:\program files\Spyware Doctor\euk-sdhelp.chm

c:\program files\Spyware Doctor\filehlpr.dll

c:\program files\Spyware Doctor\FileStorage.sdp

c:\program files\Spyware Doctor\fin-sdhelp.chm

c:\program files\Spyware Doctor\Finnish.lng

c:\program files\Spyware Doctor\fre-sdhelp.chm

c:\program files\Spyware Doctor\French.lng

c:\program files\Spyware Doctor\gre-sdhelp.chm

c:\program files\Spyware Doctor\Greek.lng

c:\program files\Spyware Doctor\history\syslog.dad

c:\program files\Spyware Doctor\history\syslog.das

c:\program files\Spyware Doctor\history\userlog.dad

c:\program files\Spyware Doctor\history\userlog.das

c:\program files\Spyware Doctor\homepage.url

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_ChineseSimp.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_ChineseTrad.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Czech.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Danish.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Deutsch.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Dutch.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_English.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_EnglishBritish.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Finnish.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_French.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Greek.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Italian.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Japanese.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Korean.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Norwegian.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Polski.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Portuguese.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_PortugueseBrazilian.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Russian.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Spanish.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Swedish.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Thai.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Turkish.html

c:\program files\Spyware Doctor\html\SiteBlockResp_SDR_ChineseSimp.html

c:\program files\Spyware Doctor\IDBLib.sdp

c:\program files\Spyware Doctor\Immunizer.sdp

c:\program files\Spyware Doctor\inethlpr.dll

c:\program files\Spyware Doctor\InnoHelpers.dll

c:\program files\Spyware Doctor\ita-sdhelp.chm

c:\program files\Spyware Doctor\Italian.lng

c:\program files\Spyware Doctor\jap-sdhelp.chm

c:\program files\Spyware Doctor\Japanese.lng

c:\program files\Spyware Doctor\KDSInterface.txt

c:\program files\Spyware Doctor\klg.dat

c:\program files\Spyware Doctor\kor-sdhelp.chm

c:\program files\Spyware Doctor\Korean.lng

c:\program files\Spyware Doctor\Languages.xml

c:\program files\Spyware Doctor\Localizer.sdp

c:\program files\Spyware Doctor\LuLng\ChineseSimp.lng

c:\program files\Spyware Doctor\LuLng\ChineseTrad.lng

c:\program files\Spyware Doctor\LuLng\Czech.lng

c:\program files\Spyware Doctor\LuLng\Danish.lng

c:\program files\Spyware Doctor\LuLng\Deutsch.lng

c:\program files\Spyware Doctor\LuLng\Dutch.lng

c:\program files\Spyware Doctor\LuLng\English.lng

c:\program files\Spyware Doctor\LuLng\EnglishBritish.lng

c:\program files\Spyware Doctor\LuLng\Finnish.lng

c:\program files\Spyware Doctor\LuLng\French.lng

c:\program files\Spyware Doctor\LuLng\Greek.lng

c:\program files\Spyware Doctor\LuLng\Italian.lng

c:\program files\Spyware Doctor\LuLng\Japanese.lng

c:\program files\Spyware Doctor\LuLng\Korean.lng

c:\program files\Spyware Doctor\LuLng\Norwegian.lng

c:\program files\Spyware Doctor\LuLng\Polski.lng

c:\program files\Spyware Doctor\LuLng\Portuguese.lng

c:\program files\Spyware Doctor\LuLng\PortugueseBrazilian.lng

c:\program files\Spyware Doctor\LuLng\Russian.lng

c:\program files\Spyware Doctor\LuLng\Spanish.lng

c:\program files\Spyware Doctor\LuLng\Swedish.lng

c:\program files\Spyware Doctor\LuLng\Thai.lng

c:\program files\Spyware Doctor\LuLng\Turkish.lng

c:\program files\Spyware Doctor\ned-sdhelp.chm

c:\program files\Spyware Doctor\NetworkLayer\blacklistlsp.txt

c:\program files\Spyware Doctor\NetworkLayer\blacklistlsp.txt.sig

c:\program files\Spyware Doctor\NetworkLayer\InstSGTool.dll

c:\program files\Spyware Doctor\NetworkLayer\Microsoft.VC80.CRT.manifest

c:\program files\Spyware Doctor\NetworkLayer\msvcm80.dll

c:\program files\Spyware Doctor\NetworkLayer\msvcp80.dll

c:\program files\Spyware Doctor\NetworkLayer\msvcr80.dll

c:\program files\Spyware Doctor\NetworkLayer\PCTCFFix.exe

c:\program files\Spyware Doctor\NetworkLayer\PCTCFHook.dll

c:\program files\Spyware Doctor\NetworkLayer\PCTLsp.dll

c:\program files\Spyware Doctor\NetworkLayer\PCTSecUtility.dll

c:\program files\Spyware Doctor\NetworkLayer\PluginDllSG.dll

c:\program files\Spyware Doctor\NfyMan.sdp

c:\program files\Spyware Doctor\nor-sdhelp.chm

c:\program files\Spyware Doctor\Norwegian.lng

c:\program files\Spyware Doctor\PCTGMhk.dll

c:\program files\Spyware Doctor\PCTMime.dll

c:\program files\Spyware Doctor\PCToolsComponents.bpl

c:\program files\Spyware Doctor\PCTResetSD.exe

c:\program files\Spyware Doctor\pctsAuxs.exe

c:\program files\Spyware Doctor\PCTSDInj32.sys

c:\program files\Spyware Doctor\pctsGui.exe

c:\program files\Spyware Doctor\pctsSvc.exe

c:\program files\Spyware Doctor\pctsTray.exe

c:\program files\Spyware Doctor\PCTWSC.dll

c:\program files\Spyware Doctor\PDialogs.dll

c:\program files\Spyware Doctor\plugins\Behavior.sdp

c:\program files\Spyware Doctor\plugins\Browsers.SDP

c:\program files\Spyware Doctor\plugins\cookie.sdp

c:\program files\Spyware Doctor\plugins\email.sdp

c:\program files\Spyware Doctor\plugins\grAV.sdp

c:\program files\Spyware Doctor\plugins\grfiles.SDP

c:\program files\Spyware Doctor\plugins\grImmunizer.SDP

c:\program files\Spyware Doctor\plugins\grregistry.SDP

c:\program files\Spyware Doctor\plugins\KLGuard.SDP

c:\program files\Spyware Doctor\plugins\Network.SDP

c:\program files\Spyware Doctor\plugins\Process.SDP

c:\program files\Spyware Doctor\plugins\ScriptEngine.SDP

c:\program files\Spyware Doctor\plugins\SDNET.SDP

c:\program files\Spyware Doctor\plugins\Site.sdp

c:\program files\Spyware Doctor\plugins\StartUp.SDP

c:\program files\Spyware Doctor\pol-sdhelp.chm

c:\program files\Spyware Doctor\Polski.lng

c:\program files\Spyware Doctor\por-sdhelp.chm

c:\program files\Spyware Doctor\Portuguese.lng

c:\program files\Spyware Doctor\PortugueseBrazilian.lng

c:\program files\Spyware Doctor\PWindow.dll

c:\program files\Spyware Doctor\quarantine.sdp

c:\program files\Spyware Doctor\RebootManager.sdp

c:\program files\Spyware Doctor\RefDB.bin6

c:\program files\Spyware Doctor\RegHelper.dll

c:\program files\Spyware Doctor\rtl100.bpl

c:\program files\Spyware Doctor\rus-sdhelp.chm

c:\program files\Spyware Doctor\Russian.lng

c:\program files\Spyware Doctor\scaneng.sdp

c:\program files\Spyware Doctor\SDContextExt.dll

c:\program files\Spyware Doctor\sdcore.dll

c:\program files\Spyware Doctor\sdextra.sdp

c:\program files\Spyware Doctor\SDInfo.sdp

c:\program files\Spyware Doctor\sdinvoker.exe

c:\program files\Spyware Doctor\sdloader.exe

c:\program files\Spyware Doctor\sdnet\MANIFEST.1

c:\program files\Spyware Doctor\SDNetPlugin.dll

c:\program files\Spyware Doctor\SDNetPlugin.ini

c:\program files\Spyware Doctor\SDNetPlugin.txt

c:\program files\Spyware Doctor\sdSTasks.def

c:\program files\Spyware Doctor\sdwvhlp.dll

c:\program files\Spyware Doctor\Settings.cfg

c:\program files\Spyware Doctor\Settings.sdp

c:\program files\Spyware Doctor\SH.dll

c:\program files\Spyware Doctor\smum32.dll

c:\program files\Spyware Doctor\SOFactory.sdp

c:\program files\Spyware Doctor\Spanish.lng

c:\program files\Spyware Doctor\Sqlite3DB.dll

c:\program files\Spyware Doctor\stasks.sdp

c:\program files\Spyware Doctor\SUErrorLog.txt

c:\program files\Spyware Doctor\swe-sdhelp.chm

c:\program files\Spyware Doctor\Swedish.lng

c:\program files\Spyware Doctor\SysAccess.dll

c:\program files\Spyware Doctor\SystemMonitor.sdp

c:\program files\Spyware Doctor\TFEngine\MsvcRedist.msi

c:\program files\Spyware Doctor\TFEngine\TFAPI.dll

c:\program files\Spyware Doctor\TFEngine\TFCfg.dll

c:\program files\Spyware Doctor\TFEngine\TFDBM.dll

c:\program files\Spyware Doctor\TFEngine\TFE.dll

c:\program files\Spyware Doctor\TFEngine\TFExt.dll

c:\program files\Spyware Doctor\TFEngine\TFExtCli.dll

c:\program files\Spyware Doctor\TFEngine\TfFsMon.sys

c:\program files\Spyware Doctor\TFEngine\TfKbMon.sys

c:\program files\Spyware Doctor\TFEngine\TFLog.dll

c:\program files\Spyware Doctor\TFEngine\TFMisc.dll

c:\program files\Spyware Doctor\TFEngine\TFMon.dll

c:\program files\Spyware Doctor\TFEngine\TfNetMon.sys

c:\program files\Spyware Doctor\TFEngine\TFNI.dll

c:\program files\Spyware Doctor\TFEngine\TFO.dll

c:\program files\Spyware Doctor\TFEngine\TFQT.dll

c:\program files\Spyware Doctor\TFEngine\TFRK.dll

c:\program files\Spyware Doctor\TFEngine\TFScan.dll

c:\program files\Spyware Doctor\TFEngine\TFServer.dll

c:\program files\Spyware Doctor\TFEngine\TFService.exe

c:\program files\Spyware Doctor\TFEngine\TFSF.dll

c:\program files\Spyware Doctor\TFEngine\TfSysMon.sys

c:\program files\Spyware Doctor\TFEngine\TFTM.dll

c:\program files\Spyware Doctor\TFEngine\TFUndo.dll

c:\program files\Spyware Doctor\TFEngine\TFWAH.dll

c:\program files\Spyware Doctor\TFEngine\TFWS.dll

c:\program files\Spyware Doctor\tha-sdhelp.chm

c:\program files\Spyware Doctor\Thai.lng

c:\program files\Spyware Doctor\TransactionResults\Transaction36.xml

c:\program files\Spyware Doctor\TransactionResults\Transaction37.xml

c:\program files\Spyware Doctor\tur-sdhelp.chm

c:\program files\Spyware Doctor\Turkish.lng

c:\program files\Spyware Doctor\ugLng\ChineseSimp.lng

c:\program files\Spyware Doctor\ugLng\ChineseTrad.lng

c:\program files\Spyware Doctor\ugLng\Czech.lng

c:\program files\Spyware Doctor\ugLng\Danish.lng

c:\program files\Spyware Doctor\ugLng\Deutsch.lng

c:\program files\Spyware Doctor\ugLng\Dutch.lng

c:\program files\Spyware Doctor\ugLng\English.lng

c:\program files\Spyware Doctor\ugLng\EnglishBritish.lng

c:\program files\Spyware Doctor\ugLng\Finnish.lng

c:\program files\Spyware Doctor\ugLng\French.lng

c:\program files\Spyware Doctor\ugLng\Greek.lng

c:\program files\Spyware Doctor\ugLng\Italian.lng

c:\program files\Spyware Doctor\ugLng\Japanese.lng

c:\program files\Spyware Doctor\ugLng\Korean.lng

c:\program files\Spyware Doctor\ugLng\Norwegian.lng

c:\program files\Spyware Doctor\ugLng\Polski.lng

c:\program files\Spyware Doctor\ugLng\Portuguese.lng

c:\program files\Spyware Doctor\ugLng\PortugueseBrazilian.lng

c:\program files\Spyware Doctor\ugLng\Russian.lng

c:\program files\Spyware Doctor\ugLng\Spanish.lng

c:\program files\Spyware Doctor\ugLng\Swedish.lng

c:\program files\Spyware Doctor\ugLng\Thai.lng

c:\program files\Spyware Doctor\ugLng\Turkish.lng

c:\program files\Spyware Doctor\ugLng\Ukrainian.lng

c:\program files\Spyware Doctor\UmInject32.exe

c:\program files\Spyware Doctor\unins000.dat

c:\program files\Spyware Doctor\unins000.exe

c:\program files\Spyware Doctor\unins000.msg

c:\program files\Spyware Doctor\Update.exe

c:\program files\Spyware Doctor\UpdateHlpr.dll

c:\program files\Spyware Doctor\Upgrade.exe

c:\program files\Spyware Doctor\upgrade.ini

c:\program files\Spyware Doctor\vcl100.bpl

c:\program files\Spyware Doctor\whitelist.sdp

c:\program files\Spyware Doctor\wlDefines.cfg

c:\windows\LimeWireWin.exe

c:\windows\system32\Wmpupdate.exe

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_sdAuxService

-------\Service_sdAuxService

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-05-20 au 2009-06-20 ))))))))))))))))))))))))))))))))))))

.

 

2009-06-20 18:46 . 2009-06-20 18:46 -------- d-----w- c:\documents and settings\Steph\Application Data\Desktopicon

2009-06-20 18:46 . 2009-06-20 18:46 -------- d-----w- c:\program files\Unlocker

2009-06-20 14:33 . 2009-06-20 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion

2009-06-20 14:33 . 2009-06-20 14:33 -------- d-----w- c:\documents and settings\Steph\Application Data\Yahoo!

2009-06-20 14:33 . 2009-06-20 14:33 -------- d-----w- c:\program files\Yahoo!

2009-06-20 06:04 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2009-06-20 06:04 . 2009-06-20 06:24 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2009-06-20 06:04 . 2008-12-18 10:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2009-06-20 06:04 . 2009-06-20 06:05 -------- d-----w- c:\program files\Fichiers communs\PC Tools

2009-06-20 06:04 . 2008-12-10 10:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2009-06-20 06:04 . 2009-06-20 06:04 -------- d-----w- c:\documents and settings\Steph\Application Data\PC Tools

2009-06-20 06:04 . 2009-06-20 06:04 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2009-06-19 19:09 . 2009-06-19 19:09 -------- d-----w- c:\documents and settings\Steph\Local Settings\Application Data\ESET

2009-06-19 16:44 . 2009-06-19 16:44 -------- d-----w- c:\windows\system32\xircom

2009-06-19 16:44 . 2009-06-19 16:44 -------- d-----w- c:\windows\system32\wbem\snmp

2009-06-19 16:44 . 2009-06-19 16:44 -------- d-----w- c:\program files\microsoft frontpage

2009-06-19 16:33 . 2009-06-19 16:33 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-06-19 16:31 . 2009-06-19 16:31 -------- d-----w- c:\documents and settings\Steph\Application Data\Malwarebytes

2009-06-19 16:31 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-06-19 16:31 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-06-19 16:31 . 2009-06-19 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-06-19 16:31 . 2009-06-19 16:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-06-19 15:56 . 2009-06-19 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software

2009-06-18 18:48 . 2009-06-18 18:48 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2009-06-17 10:55 . 2009-06-17 10:55 -------- d-----w- c:\windows\Sun

2009-06-10 17:24 . 2009-04-30 21:16 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2009-06-10 17:24 . 2009-04-30 21:16 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll

2009-06-04 09:08 . 2008-04-13 14:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys

2009-06-04 09:08 . 2008-04-13 14:46 15232 ----a-w- c:\windows\system32\drivers\MPE.sys

2009-06-04 09:08 . 2008-04-13 14:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys

2009-06-04 09:08 . 2008-04-13 14:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys

2009-06-04 09:08 . 2008-04-13 14:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys

2009-06-04 09:08 . 2008-04-13 14:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS

2009-06-04 09:08 . 2008-04-13 14:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys

2009-06-04 09:08 . 2008-04-13 14:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys

2009-06-04 09:07 . 2008-11-11 11:49 247968 ----a-r- c:\windows\system32\drivers\AF9035BDA.sys

2009-06-04 09:07 . 2008-09-01 08:36 356 ----a-r- c:\windows\system32\AF15IrTbl.bin

2009-06-04 09:07 . 2008-04-13 22:33 54784 ----a-w- c:\windows\system32\vfwwdm32.dll

2009-06-04 09:07 . 2008-04-13 22:33 363520 ----a-w- c:\windows\system32\PsisDecd.dll

2009-06-04 09:07 . 2008-04-13 14:46 11776 ----a-w- c:\windows\system32\drivers\BdaSup.sys

2009-06-04 08:40 . 2009-06-04 08:40 -------- d-----w- c:\documents and settings\All Users\Application Data\TerraTec

2009-06-04 08:40 . 2009-06-04 09:02 -------- d-----w- c:\program files\Fichiers communs\TerraTec

2009-06-04 08:40 . 2009-06-04 08:40 -------- d-----w- c:\program files\TerraTec

2009-06-04 08:39 . 2009-06-04 08:39 -------- d-----w- c:\documents and settings\Steph\Application Data\TerraTec

2009-06-04 05:48 . 2009-06-04 05:48 -------- d-----w- c:\documents and settings\Steph\Application Data\HP

2009-05-31 10:18 . 2008-04-07 03:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll

2009-05-31 10:18 . 2008-04-07 03:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll

2009-05-27 16:35 . 2009-05-27 16:49 -------- d-----w- c:\documents and settings\Steph\Application Data\FrostWire

2009-05-27 16:22 . 2009-05-27 16:22 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-05-27 16:22 . 2009-05-27 16:22 -------- d-----w- c:\program files\Java

2009-05-27 16:22 . 2009-05-27 16:22 152576 ----a-w- c:\documents and settings\Steph\Application Data\Sun\Java\jre1.6.0_11\lzma.dll

2009-05-27 16:20 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2009-05-27 16:03 . 2009-05-27 16:20 -------- d-----w- c:\program files\eMule

2009-05-26 13:46 . 2009-05-26 13:46 -------- d-----w- c:\program files\Jetico

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-20 19:11 . 2009-05-18 19:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-06-20 07:13 . 2009-04-13 17:30 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-06-20 06:46 . 2009-04-13 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\EmailNotifier

2009-06-12 12:10 . 2008-04-14 12:00 81626 ----a-w- c:\windows\system32\perfc00C.dat

2009-06-12 12:10 . 2008-04-14 12:00 503628 ----a-w- c:\windows\system32\perfh00C.dat

2009-06-11 11:33 . 2009-04-13 18:19 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys

2009-06-11 11:33 . 2009-04-13 18:19 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys

2009-06-10 17:43 . 2009-04-13 18:24 153920 ----a-w- c:\documents and settings\Steph\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-06-10 17:40 . 2009-04-13 18:28 1625008 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2009-06-10 17:39 . 2009-04-14 06:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-06-10 17:36 . 2009-04-14 06:14 -------- d-----w- c:\program files\Microsoft Works

2009-06-09 10:52 . 2009-04-13 18:14 -------- d-----w- c:\documents and settings\Steph\Application Data\GrabIt

2009-06-08 10:10 . 2009-05-19 08:11 -------- d-----w- c:\program files\Electronic Arts

2009-05-31 10:18 . 2009-04-13 18:18 -------- d-----w- c:\program files\Fichiers communs\Adobe

2009-05-19 17:31 . 2009-05-19 08:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts

2009-05-19 08:14 . 2009-05-19 08:14 10134 ----a-r- c:\documents and settings\Steph\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe

2009-05-19 08:14 . 2009-05-19 08:14 -------- d-----w- c:\program files\Microsoft WSE

2009-05-15 09:40 . 2009-05-15 09:40 -------- d-----w- c:\program files\CCleaner

2009-05-14 21:03 . 2009-05-14 21:03 -------- d-----w- c:\documents and settings\Steph\Application Data\ImgBurn

2009-05-14 19:04 . 2009-05-14 19:04 -------- d-----w- c:\program files\ImgBurn

2009-05-13 13:28 . 2009-04-13 18:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel

2009-05-13 05:04 . 2008-12-20 22:47 915456 ----a-w- c:\windows\system32\wininet.dll

2009-05-11 08:52 . 2009-04-13 18:05 -------- d-----w- c:\program files\GrabIt

2009-05-07 15:33 . 2008-04-14 12:00 348672 ----a-w- c:\windows\system32\localspl.dll

2009-05-04 15:34 . 2009-04-23 16:18 -------- d-----w- c:\documents and settings\Steph\Application Data\Nero

2009-04-27 08:18 . 2009-04-27 08:18 -------- d-----w- c:\program files\Pochette Express 2

2009-04-27 07:03 . 2009-04-25 17:28 -------- d-----w- c:\program files\Microsoft Silverlight

2009-04-25 18:08 . 2009-04-13 18:09 -------- d-----w- c:\program files\Google

2009-04-23 15:33 . 2009-04-23 15:15 -------- d-----w- c:\program files\Fichiers communs\Nero

2009-04-23 15:25 . 2009-04-23 15:15 -------- d-----w- c:\program files\Nero

2009-04-23 15:24 . 2009-04-23 15:24 -------- d-----w- c:\program files\Windows Sidebar

2009-04-23 15:21 . 2009-04-23 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero

2009-04-23 13:51 . 2009-04-14 17:40 -------- d-----w- c:\documents and settings\Steph\Application Data\dvdcss

2009-04-23 11:43 . 2009-04-23 11:43 -------- d-----w- c:\documents and settings\LocalService\Application Data\agi

2009-04-23 11:42 . 2009-04-23 11:42 339968 ----a-w- c:\windows\system32\pythoncom25.dll

2009-04-23 11:42 . 2009-04-23 11:42 2117632 ----a-w- c:\windows\system32\python25.dll

2009-04-23 11:42 . 2009-04-23 11:42 114688 ----a-w- c:\windows\system32\pywintypes25.dll

2009-04-19 19:42 . 2009-04-10 00:16 1847936 ----a-w- c:\windows\system32\win32k.sys

2009-04-16 12:30 . 2009-04-16 12:30 97248 ----a-w- c:\windows\system32\drivers\snapman.sys

2009-04-15 14:53 . 2008-04-14 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll

2009-04-14 06:28 . 2009-04-14 06:19 158818 ----a-w- c:\windows\hpoins15.dat

2009-04-13 18:28 . 2009-04-13 18:28 721904 ----a-w- c:\windows\system32\drivers\sptd.sys

2009-04-13 18:20 . 2009-04-13 17:09 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-04-13 18:19 . 2009-04-13 18:19 8 --sh--r- c:\documents and settings\All Users\Application Data\C3BED7BE0E.sys

2009-04-13 18:19 . 2009-04-13 18:19 8 --sh--r- c:\documents and settings\All Users\Application Data\C3BED7BE0E.sys

2009-04-13 17:43 . 2009-04-13 17:43 0 ----a-w- c:\windows\ativpsrm.bin

2009-04-13 17:07 . 2009-04-13 17:07 21892 ----a-w- c:\windows\system32\emptyregdb.dat

2009-04-10 00:19 . 2001-08-23 22:47 77891 ----a-w- c:\windows\system32\usrmlnka.exe

2009-04-10 00:16 . 2009-04-10 00:16 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys

2009-04-10 00:16 . 2009-04-10 00:16 219648 ----a-w- c:\windows\system32\uxtheme.dll

2009-04-10 00:16 . 2009-04-10 00:16 142336 ----a-w- c:\windows\system32\sfc_os.dll

2009-04-10 00:16 . 2009-04-10 00:16 1013248 ----a-w- c:\windows\system32\syssetup.dll

2009-04-10 00:16 . 2009-04-10 00:16 938496 ----a-w- c:\windows\system32\wmnetmgr.dll

2009-04-10 00:16 . 2009-04-10 00:16 100864 ----a-w- c:\windows\system32\logagent.exe

2009-04-10 00:16 . 2009-04-10 00:16 144896 ----a-w- c:\windows\system32\schannel.dll

2009-04-10 00:16 . 2009-04-10 00:16 333952 ----a-w- c:\windows\system32\drivers\srv.sys

2009-04-10 00:16 . 2009-04-10 00:16 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2009-04-10 00:14 . 2009-04-13 17:07 691712 ----a-w- c:\windows\system32\inetcomm.dll

2009-04-10 00:14 . 2009-04-10 00:14 253952 ----a-w- c:\windows\system32\es.dll

2009-04-10 00:14 . 2009-04-10 00:14 203136 ----a-w- c:\windows\system32\drivers\RMCast.sys

2009-04-10 00:14 . 2009-04-10 00:14 414720 ----a-w- c:\windows\system32\msscp.dll

2009-04-10 00:13 . 2009-04-10 00:13 4096 ----a-w- c:\windows\system32\wmvdmoe2.dll

2009-04-10 00:13 . 2009-04-10 00:13 4096 ----a-w- c:\windows\system32\wmvdmod.dll

2009-04-10 00:13 . 2009-04-10 00:13 603648 ----a-w- c:\windows\system32\wmspdmod.dll

2009-04-10 00:13 . 2009-04-10 00:13 1329152 ----a-w- c:\windows\system32\wmspdmoe.dll

2009-04-10 00:13 . 2009-04-10 00:13 99840 ----a-w- c:\windows\system32\wmpshell.dll

2009-04-10 00:13 . 2009-04-10 00:13 8292352 ----a-w- c:\windows\system32\wmploc.dll

2009-04-10 00:13 . 2009-04-10 00:13 4096 ----a-w- c:\windows\system32\wmsdmoe2.dll

2009-04-10 00:13 . 2009-04-10 00:13 4096 ----a-w- c:\windows\system32\wmsdmod.dll

2009-04-10 00:13 . 2009-04-10 00:13 314880 ----a-w- c:\windows\system32\wmpdxm.dll

2009-04-10 00:13 . 2009-04-10 00:13 242688 ----a-w- c:\windows\system32\wmpasf.dll

2009-04-09 11:32 . 2009-04-09 11:32 89088 ----a-w- c:\documents and settings\Steph\Application Data\Desktopicon\eBayShortcuts.exe

2009-03-30 15:13 . 2009-04-13 17:30 5063168 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys

2009-03-27 09:22 . 2009-04-13 17:30 17567744 ----a-w- c:\windows\RTHDCPL.EXE

2009-03-25 14:33 . 2009-03-25 14:33 21083176 ----a-w- c:\documents and settings\All Users\Application Data\Corel\Downloads\540225279_410012\1235587639613\PSPPX2ULRAW200904DEFIGS.exe

.

 

------- Sigcheck -------

 

[-] 2009-04-10 00:16 361600 DF70435F3D17C40D5CB15E6DC918342E c:\windows\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((((((( SnapShot@2009-06-20_16.43.46 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-06-20 19:23 . 2009-06-20 19:23 16384 c:\windows\Temp\Perflib_Perfdata_6fc.dat

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-16 39408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]

"BCWipeTM Startup"="c:\program files\Jetico\BCWipe\BCWipeTM.exe" [2008-09-04 545520]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-18 68592]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-27 17567744]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"_nltide_2"="shell32" [X]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=

"c:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

 

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [20/06/2009 08:04 130936]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06/02/2009 14:23 106208]

R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [06/02/2009 14:23 727720]

S3 AF9035BDA;Cinergy T-Stick service;c:\windows\system32\drivers\AF9035BDA.sys [04/06/2009 11:07 247968]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [14/04/2009 11:21 1684736]

S3 DFE528TX;D-Link DFE-528TX PCI Adapter;c:\windows\system32\drivers\DLKRTL.SYS [20/04/2009 22:21 45568]

S3 ovt530;Webcam Classic;c:\windows\system32\Drivers\ov530vid.sys --> c:\windows\system32\Drivers\ov530vid.sys [?]

S4 BCSWAP;BCSWAP;c:\windows\system32\drivers\bcswap.sys [14/05/2009 12:23 91496]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/

IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Ajouter à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convertir au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-20 21:23

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]

"C040710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(712)

c:\windows\system32\Ati2evxx.dll

c:\program files\Fichiers communs\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

 

- - - - - - - > 'explorer.exe'(3908)

c:\program files\Google\Quick Search Box\bin\1.1.1038.9122\qsb.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

c:\windows\system32\eappprxy.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\windows\system32\ati2evxx.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe

c:\program files\Fichiers communs\Protexis\License Service\PsiService_2.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

.

**************************************************************************

.

Heure de fin: 2009-06-20 21:26 - La machine a redémarré

ComboFix-quarantined-files.txt 2009-06-20 19:26

ComboFix2.txt 2009-06-20 16:47

 

Avant-CF: 294 490 390 528 octets libres

Après-CF: 294 345 134 080 octets libres

 

884 --- E O F --- 2009-06-12 05:15

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

• desinstalle Limewire via ajout\supp de programmes si ce n'est pas deja fait ; c'est une poubelle à MP3 vérolés (w32.codec.changer...)

 

• tu as bien desinstallé spyware doctor truc ??ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

Folder::
c:\program files\Spyware Doctor
c:\documents and settings\Steph\Application Data\LimeWire
c:\program files\PrintSpooler
File::
c:\windows\system32\Wmpupdate.exe
c:\windows\LimeWireWin.exe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMP Update"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F3F255F4-1AEB-1DF7-1AE8-64986D17E0AF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

 

 

CFScriptB-4.gif

 

 

* suis les instructions

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

angelique Devil Member !

angelique

Posté(e)
Posté(e)

ça me parait ok :P , plus d'infections actives.

 

.*´¨ )

,.•´¸.•*¨) ¸.•*¨)

(¸.•´ : (¸.•´ : (´¸.•*´¯`*•

Finir le nettoyage :

- Nettoye ton ordinateur avec ATFCeaner(à utiliser régulièrement!):

 

telecharge sur ton bureau:

 

- AtfCleaner --> http://www.atribune.org/ccount/click.php?id=1

 

ATF Cleaner

Double-clique ATF-Cleaner.exe afin de lancer le programme.

Sous l'onglet Main, choisis : Select All

Clique sur le bouton Empty Selected, patiente le temp du nettoyage, ok

Si tu utilises le navigateur Firefox :

Clique Firefox au haut et choisis : Select All

Clique le bouton Empty Selected

Patiente le temp du nettoyage

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

Clique Opera au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Clique Exit, du menu prinicipal, afin de fermer le programme.

Le prochain démarrage du PC sera un peu plus long , le prefetch ayant été vidé.

 

• naviguer avec FireFox http://www.mozilla-europe.org/fr/firefox/ , JavaScript désactivé quand on sait pas ou on surf, ça peut éviter les IFrames pourries javaScript sur une page web pourries http://www.certa.ssi.gouv.fr/site/CERTA-20...-001/index.html

 

1237009714-jsff.jpg

http://imagesup.org/images/1237009714-jsff.jpg

 

• Configurer FireFox pour vider cache, cookies ...... à sa fermeture:

 

1237009855-clrff.jpg

http://imagesup.org/images/1237009855-clrff.jpg

 

• Lire sécuriser FireFox:: http://www.malekal.com/securiser_Firefox.php

 

- Désactive puis réactive la restauration du système :

- Mode d'emploi Windows XP: http://service1.symantec.com/SUPPORT/INTER...020830101856924

 

• desinstalle ComboFix en copiant|collant la ligne cidessous du cadre dans executer et valide:

 

ComboFix /u

 

supprime son dossier restant apres disparition de l'icone de combofix de ton bureau en c:\combofix

 

 

Sauvegarde de la ruche systeme

 

Pratique en cas de ce type d'erreur au demarrage (http://www.vista-xp.fr/forum/topic183.html ) et rapide à restaurer en console de recuperation: http://www.malekal.com/console_recuperatio...#mozTocId862261

http://www.malekal.com/tutorial_ERUNT.php#mozTocId955164

 

• telecharge ERUNT (ERDNT):

http://www.derfisch.de/lars/erunt.zip

http://www.aumha.org/downloads/erunt.zip

http://dundats.mvps.org/Files/erunt.zip

 

et dezippe le ,renomme le dossier par ERDNT, coupe_colle le dossier dezippé à cet endroit et pas ailleurs: c:\windows\ , un ancien dossier de ComboFix vide apres désinstallation est toujours présent à cet endroit,tu le remplaces par le nouveau que tu viens de dezipper, puis double clic sur ERUNT comme sur la capture:

 

1240900435-erdnt1.jpg

http://imagesup.org/images/1240900435-erdnt1.jpg

 

* clic ok et dans la fenetre qui apparait comme sur la capture , spécifie le chemin c:\windows\ERDNT en "backup to", pas ailleurs!, un nouveau dossier doit alors être crée, clic ok.

 

1240900561-erdnt2.jpg

http://imagesup.org/images/1240900561-erdnt2.jpg

 

*la sauvegarde de la ruche systeme s'opère alors , un dossier de sauvegarde en date de création apparrait en c:\windows\ERDNT

 

1240900791-erdnt3.jpg

http://imagesup.org/images/1240900791-erdnt3.jpg

 

*ferme une fois terminé la fenêtre.

.*´¨ )

,.•´¸.•*¨) ¸.•*¨)

(¸.•´ : (¸.•´ : (´¸.•*´¯`*•

nimas83 Junior Member

nimas83

Posté(e)
  • Auteur
Posté(e)

merci pour tout ces bon conseils, je vais les appliquer sur le champs :P

 

a tout hasard je poste le log de mon 2eme pc si tu voit quelque chose qui cloche n'hésites pas , merci :

 

 

ComboFix 09-06-20.02 - n 20/06/2009 21:42.1 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3071.2502 [GMT 2:00]

Lancé depuis: c:\documents and settings\n\Bureau\ComboFix.exe

AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: Pare-feu personnel d'ESET *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\n\Application Data\.#

c:\documents and settings\n\Application Data\.#\MBX@804@3837C8.###

c:\documents and settings\n\Application Data\.#\MBX@804@3837D8.###

c:\documents and settings\n\Application Data\.#\MBX@804@3837E8.###

c:\windows\system32\ATIODCLI.exe

c:\windows\system32\ATIODE.exe

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-05-20 au 2009-06-20 ))))))))))))))))))))))))))))))))))))

.

 

2009-06-20 16:45 . 2009-06-20 16:45 -------- d-----w- c:\windows\system32\xircom

2009-06-20 16:45 . 2009-06-20 16:45 -------- d-----w- c:\windows\system32\wbem\snmp

2009-06-20 16:45 . 2009-06-20 16:45 -------- d-----w- c:\program files\microsoft frontpage

2009-06-20 16:39 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2009-06-20 16:39 . 2009-02-23 08:11 130424 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2009-06-20 16:39 . 2008-12-18 10:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2009-06-20 16:39 . 2009-06-20 16:40 -------- d-----w- c:\program files\Fichiers communs\PC Tools

2009-06-20 16:39 . 2008-12-10 10:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2009-06-20 16:39 . 2009-06-20 17:11 -------- d-----w- c:\program files\Spyware Doctor

2009-06-20 16:39 . 2009-06-20 16:39 -------- d-----w- c:\documents and settings\n\Application Data\PC Tools

2009-06-20 16:39 . 2009-06-20 16:39 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2009-06-19 18:41 . 2009-06-19 18:41 -------- d-----w- c:\documents and settings\n\Application Data\Malwarebytes

2009-06-19 18:41 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-06-19 18:41 . 2009-06-19 18:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-06-19 18:41 . 2009-06-19 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-06-19 18:41 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-06-19 07:55 . 2009-06-19 07:55 -------- d-----w- c:\documents and settings\n\Application Data\Notepad++

2009-06-19 07:55 . 2009-06-19 07:55 -------- d-----w- c:\program files\Notepad++

2009-06-19 07:51 . 2009-06-19 07:51 -------- d-----w- c:\documents and settings\n\Local Settings\Application Data\ESET

2009-06-19 07:46 . 2009-06-19 07:46 -------- d-----w- c:\program files\EasyPHP 3.0

2009-06-19 07:32 . 2009-06-19 18:51 -------- d-----w- c:\program files\FlashFXP

2009-06-19 07:32 . 2009-06-19 07:32 -------- d-----w- c:\documents and settings\All Users\Application Data\FlashFXP

2009-06-19 07:31 . 2009-06-19 07:31 -------- d-----w- c:\windows\IniCom Networks FlashFXP v3 7 6

2009-06-19 07:31 . 2009-06-19 07:31 -------- d-----w- c:\program files\IniCom Networks FlashFXP v3 7 6

2009-06-19 06:57 . 2008-04-13 14:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2009-06-19 06:57 . 2001-08-23 20:47 5632 ----a-w- c:\windows\system32\ptpusb.dll

2009-06-19 06:57 . 2008-04-13 22:33 159232 ----a-w- c:\windows\system32\ptpusd.dll

2009-06-19 06:29 . 2009-06-19 06:30 -------- d-----w- C:\h

2009-06-19 06:04 . 2009-06-19 06:04 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET

2009-06-18 09:36 . 2001-05-07 10:56 19805 ----a-r- c:\windows\system32\drivers\usbio.sys

2009-06-18 07:15 . 2009-06-18 07:19 -------- d-----w- C:\JEUX2

2009-06-18 07:13 . 2009-06-19 05:50 -------- d-----w- c:\documents and settings\n\Application Data\Desktopicon

2009-06-18 07:13 . 2009-06-18 07:13 -------- d-----w- c:\program files\Unlocker

2009-06-18 06:56 . 2009-06-18 07:14 -------- d-----w- C:\JEUX

2009-06-18 06:33 . 2009-06-18 06:33 -------- d-----w- c:\program files\MSXML 4.0

2009-06-18 06:33 . 2009-06-18 06:33 -------- d-----w- c:\program files\Datel

2009-06-17 22:55 . 2009-06-17 22:57 -------- d-----w- C:\VIDEOS

2009-06-17 22:09 . 2009-06-17 22:09 180224 ----a-w- c:\windows\system32\WinVd32.sys

2009-06-17 22:09 . 2009-06-17 22:09 7680 ----a-w- c:\windows\system32\WinFLsrv.exe

2009-06-17 22:09 . 2009-06-17 22:09 10752 ----a-w- c:\windows\system32\WinFLdrv.sys

2009-06-17 21:11 . 2009-06-17 21:11 -------- d-----w- c:\program files\Recuva

2009-06-16 17:27 . 2009-06-20 16:44 -------- d-----w- c:\documents and settings\n\Local Settings\Application Data\Eraser

2009-06-16 17:27 . 2009-06-16 17:27 -------- d--h--w- c:\documents and settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}

2009-06-16 17:27 . 2007-12-31 09:46 2375336 ----a-w- c:\documents and settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe

2009-06-16 17:27 . 2009-06-16 17:27 -------- d-----w- c:\program files\Eraser

2009-06-15 22:02 . 2009-06-15 23:14 -------- d-----w- C:\perl

2009-06-15 20:55 . 2009-06-15 20:55 -------- d-----w- c:\program files\CCleaner

2009-06-15 20:54 . 2009-06-15 20:54 -------- d-----w- c:\program files\Trackbuster

2009-06-15 19:56 . 2009-06-18 21:42 -------- d-----w- c:\documents and settings\n\Application Data\dvdcss

2009-06-15 13:58 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll

2009-06-15 13:58 . 2008-10-16 12:06 208744 ----a-w- c:\windows\system32\muweb.dll

2009-06-15 12:05 . 2009-06-15 12:05 -------- d-----w- c:\documents and settings\n\Application Data\Megaupload

2009-06-15 12:05 . 2009-06-15 12:05 -------- d-----w- c:\program files\vSoft

2009-06-15 12:05 . 2009-06-15 12:05 -------- d-----w- c:\program files\Megaupload

2009-06-15 12:04 . 2009-06-15 12:04 -------- d-----w- c:\documents and settings\n\Application Data\InstallShield

2009-06-15 09:42 . 2009-06-15 09:42 -------- d-----w- c:\program files\vtplus

2009-06-15 09:42 . 2007-07-10 20:28 65603 ----a-w- c:\windows\system32\hcwIRblast.dll

2009-06-15 09:42 . 2007-06-04 10:40 294912 ----a-w- c:\windows\system32\hcwzblast.dll

2009-06-15 09:42 . 2007-07-19 13:44 765952 ----a-w- c:\windows\system32\msvcp71d.dll

2009-06-15 09:42 . 2007-07-19 13:44 544768 ----a-w- c:\windows\system32\msvcr71d.dll

2009-06-15 09:42 . 2007-07-19 13:44 2179072 ----a-w- c:\windows\system32\mfc71d.dll

2009-06-15 09:42 . 1999-06-25 09:55 149504 ----a-w- c:\windows\system32\UNWISE.EXE

2009-06-15 09:42 . 2009-06-15 09:42 -------- d-----w- c:\program files\Fichiers communs\IviSDK

2009-06-15 09:41 . 2006-05-08 07:55 28672 ----a-w- c:\windows\system32\hcwsched.dll

2009-06-15 09:41 . 2006-05-08 07:54 65536 ----a-w- c:\windows\system32\dmcrypto.dll

2009-06-15 09:41 . 2006-01-25 15:38 69632 ----a-w- c:\windows\system32\3DES.dll

2009-06-15 09:41 . 2009-06-15 09:41 -------- d-----w- c:\windows\system32\hauppauge

2009-06-15 09:15 . 2008-04-13 14:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys

2009-06-15 09:15 . 2008-04-13 14:46 15232 ----a-w- c:\windows\system32\drivers\MPE.sys

2009-06-15 09:15 . 2008-04-13 14:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys

2009-06-15 09:15 . 2008-04-13 14:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys

2009-06-15 09:15 . 2008-04-13 14:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys

2009-06-15 09:15 . 2008-04-13 14:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS

2009-06-15 09:15 . 2008-04-13 14:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys

2009-06-15 09:15 . 2008-04-13 14:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys

2009-06-15 09:14 . 2008-04-13 22:33 54784 ----a-w- c:\windows\system32\vfwwdm32.dll

2009-06-15 09:14 . 2008-04-13 22:33 363520 ----a-w- c:\windows\system32\PsisDecd.dll

2009-06-15 09:14 . 2008-04-13 14:46 11776 ----a-w- c:\windows\system32\drivers\BdaSup.sys

2009-06-15 09:14 . 2007-03-26 16:46 827776 ----a-w- c:\windows\system32\drivers\HCW713x.sys

2009-06-15 09:14 . 2005-11-25 23:51 65536 ----a-w- c:\windows\system32\HCW713xMV.dll

2009-06-15 09:14 . 2009-06-15 09:14 -------- d-----w- C:\Hauppauge

2009-06-15 09:12 . 2009-06-15 09:13 -------- d-----w- c:\documents and settings\n\Application Data\vlc

2009-06-15 09:12 . 2009-06-15 09:12 -------- d-----w- c:\program files\VideoLAN

2009-06-15 09:11 . 2009-06-15 09:11 -------- d-----w- c:\documents and settings\n\Application Data\ImgBurn

2009-06-15 09:09 . 2009-06-18 21:40 -------- d-----w- c:\documents and settings\n\Application Data\GrabIt

2009-06-15 09:08 . 2009-06-15 09:08 -------- d-----w- c:\program files\Giganews Accelerator

2009-06-15 09:07 . 2009-06-15 09:07 -------- d-----w- c:\program files\GrabIt

2009-06-15 09:04 . 2009-06-15 09:04 -------- d-----w- c:\program files\AviSynth 2.5

2009-06-15 09:03 . 2009-06-15 09:03 -------- d-----w- c:\program files\Gabest

2009-06-15 09:03 . 2009-06-15 09:07 -------- d-----w- c:\program files\GordianKnot

2009-06-15 09:03 . 2009-06-15 09:03 -------- d-----w- c:\program files\YencPowerPostA&A11b_FR

2009-06-15 09:02 . 2009-06-15 09:02 -------- d-----w- c:\program files\VirtualDub-1.8.8

2009-06-15 09:01 . 2009-06-15 09:01 -------- d-----w- c:\documents and settings\n\Local Settings\Application Data\ACD Systems

2009-06-15 09:01 . 2009-06-15 09:01 -------- d-----w- c:\documents and settings\n\Application Data\ACD Systems

2009-06-15 09:01 . 2009-06-15 09:01 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems

2009-06-15 09:01 . 2009-06-15 09:01 -------- d-----w- c:\program files\Fichiers communs\ACD Systems

2009-06-15 09:01 . 2009-06-15 09:01 -------- d-----w- c:\program files\ACD Systems

2009-06-15 09:00 . 2009-06-15 09:00 -------- d-----w- c:\documents and settings\n\Local Settings\Application Data\Downloaded Installations

2009-06-15 08:55 . 2009-06-15 08:55 -------- d-----w- c:\documents and settings\n\Local Settings\Application Data\Adobe

2009-06-15 08:54 . 2009-06-15 08:54 -------- d-----w- c:\program files\Fichiers communs\Adobe

2009-06-15 08:53 . 2009-06-15 08:53 -------- d-----w- c:\program files\Microsoft Works

2009-06-15 08:52 . 2009-06-15 08:52 -------- d-----w- c:\program files\Microsoft.NET

2009-06-15 08:50 . 2009-06-15 08:50 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2009-06-15 08:50 . 2009-06-15 08:50 -------- d-----w- c:\windows\SHELLNEW

2009-06-15 08:50 . 2009-06-15 08:50 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2009-06-15 08:50 . 2009-06-15 08:50 -------- d-----w- c:\documents and settings\n\Local Settings\Application Data\Microsoft Help

2009-06-15 08:50 . 2009-06-15 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-06-15 08:49 . 2009-06-15 08:49 -------- d--h--r- C:\MSOCache

2009-06-15 08:44 . 2009-06-15 08:44 -------- d-----w- c:\program files\PowerISO

2009-06-15 08:16 . 2009-06-15 08:16 -------- d-sh--w- c:\documents and settings\n\IECompatCache

2009-06-15 08:16 . 2009-06-15 08:16 -------- d-sh--w- c:\documents and settings\n\PrivacIE

2009-06-15 06:03 . 2009-06-15 06:03 -------- d-sh--w- c:\documents and settings\n\IETldCache

2009-06-15 05:58 . 2009-04-30 21:16 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2009-06-15 05:58 . 2009-04-30 21:16 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll

2009-06-15 05:58 . 2009-06-15 05:58 -------- d-----w- c:\windows\ie8updates

2009-06-15 05:58 . 2009-05-12 05:11 102912 ------w- c:\windows\system32\dllcache\iecompat.dll

2009-06-15 05:56 . 2009-06-15 05:58 -------- dc-h--w- c:\windows\ie8

2009-06-15 05:47 . 2009-06-15 09:09 68464 ----a-w- c:\documents and settings\n\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-06-15 05:47 . 2009-06-15 05:47 -------- d-----w- c:\documents and settings\n\Local Settings\Application Data\ATI

2009-06-15 05:47 . 2009-06-15 05:47 -------- d-----w- c:\documents and settings\n\Application Data\ATI

2009-06-15 05:47 . 2009-06-15 05:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI

2009-06-15 05:47 . 2009-06-15 05:47 -------- d-----w- c:\windows\system32\Lang

2009-06-15 05:46 . 2009-06-15 05:46 0 ----a-w- c:\windows\ativpsrm.bin

2009-06-15 05:44 . 2009-06-15 05:44 -------- d-----w- c:\documents and settings\n\Application Data\ESET

2009-06-15 05:44 . 2009-06-15 05:44 -------- d-----w- c:\program files\ESET

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-20 19:41 . 2009-06-14 23:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-06-20 16:45 . 2009-06-15 09:40 -------- d-----w- c:\program files\WinTV

2009-06-15 12:04 . 2009-06-15 05:26 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-05-14 11:19 . 2009-05-14 11:19 55768 ----a-w- c:\windows\system32\drivers\epfwtdi.sys

2009-05-14 11:19 . 2009-05-14 11:19 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys

2009-05-14 11:19 . 2009-05-14 11:19 133000 ----a-w- c:\windows\system32\drivers\epfw.sys

2009-05-14 11:17 . 2009-05-14 11:17 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys

2009-05-14 11:11 . 2009-05-14 11:11 114472 ----a-w- c:\windows\system32\drivers\eamon.sys

2009-05-13 05:04 . 2008-12-20 22:47 915456 ----a-w- c:\windows\system32\wininet.dll

2009-05-07 15:33 . 2008-04-14 12:00 348672 ----a-w- c:\windows\system32\localspl.dll

2009-04-29 03:30 . 2009-04-29 03:30 3643904 ----a-w- c:\windows\system32\drivers\ati2mtag.sys

2009-04-29 02:18 . 2009-04-29 02:18 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2009-04-29 02:17 . 2009-04-29 02:17 335872 ----a-w- c:\windows\system32\ati2dvag.dll

2009-04-29 02:07 . 2009-04-29 02:07 204800 ----a-w- c:\windows\system32\atipdlxx.dll

2009-04-29 02:06 . 2009-04-29 02:06 155648 ----a-w- c:\windows\system32\Oemdspif.dll

2009-04-29 02:06 . 2009-04-29 02:06 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe

2009-04-29 02:06 . 2009-04-29 02:06 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2009-04-29 02:06 . 2009-04-29 02:06 155648 ----a-w- c:\windows\system32\ati2evxx.dll

2009-04-29 02:04 . 2009-04-29 02:04 602112 ----a-w- c:\windows\system32\ati2evxx.exe

2009-04-29 02:03 . 2009-04-29 02:03 53248 ----a-w- c:\windows\system32\ATIDDC.DLL

2009-04-29 02:00 . 2009-04-29 02:00 311296 ----a-w- c:\windows\system32\atiiiexx.dll

2009-04-29 01:56 . 2009-04-29 01:56 2997536 ----a-w- c:\windows\system32\ati3duag.dll

2009-04-29 01:45 . 2009-04-29 01:45 11603968 ----a-w- c:\windows\system32\atioglxx.dll

2009-04-29 01:42 . 2009-04-29 01:42 2687872 ----a-w- c:\windows\system32\ativvaxx.dll

2009-04-29 01:42 . 2009-04-29 01:42 887724 ----a-w- c:\windows\system32\ativva6x.dat

2009-04-29 01:42 . 2009-04-29 01:42 3107788 ----a-w- c:\windows\system32\ativva5x.dat

2009-04-29 01:26 . 2009-04-29 01:26 49664 ----a-w- c:\windows\system32\atimpc32.dll

2009-04-29 01:26 . 2009-04-29 01:26 49664 ----a-w- c:\windows\system32\amdpcom32.dll

2009-04-29 01:22 . 2009-04-29 01:22 479232 ----a-w- c:\windows\system32\atikvmag.dll

2009-04-29 01:20 . 2009-04-29 01:20 45056 ----a-w- c:\windows\system32\aticalrt.dll

2009-04-29 01:20 . 2009-04-29 01:20 45056 ----a-w- c:\windows\system32\aticalcl.dll

2009-04-29 01:20 . 2009-04-29 01:20 135168 ----a-w- c:\windows\system32\atiadlxx.dll

2009-04-29 01:19 . 2009-04-29 01:19 17408 ----a-w- c:\windows\system32\atitvo32.dll

2009-04-29 01:19 . 2009-04-29 01:19 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2009-04-29 01:18 . 2009-04-29 01:18 3280896 ----a-w- c:\windows\system32\aticaldd.dll

2009-04-29 01:17 . 2009-04-29 01:17 303104 ----a-w- c:\windows\system32\atiok3x2.dll

2009-04-29 01:13 . 2009-04-29 01:13 630784 ----a-w- c:\windows\system32\ati2cqag.dll

2009-04-23 17:22 . 2009-06-15 05:27 141568 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys

2009-04-19 19:42 . 2009-04-10 00:16 1847936 ----a-w- c:\windows\system32\win32k.sys

2009-04-15 14:53 . 2008-04-14 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll

2009-04-10 00:19 . 2001-08-23 22:47 77891 ----a-w- c:\windows\system32\usrmlnka.exe

2009-04-10 00:16 . 2009-04-10 00:16 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys

2009-04-10 00:16 . 2009-04-10 00:16 219648 ----a-w- c:\windows\system32\uxtheme.dll

2009-04-10 00:16 . 2009-04-10 00:16 142336 ----a-w- c:\windows\system32\sfc_os.dll

2009-04-10 00:16 . 2009-04-10 00:16 1013248 ----a-w- c:\windows\system32\syssetup.dll

2009-04-10 00:16 . 2009-04-10 00:16 938496 ----a-w- c:\windows\system32\wmnetmgr.dll

2009-04-10 00:16 . 2009-04-10 00:16 100864 ----a-w- c:\windows\system32\logagent.exe

2009-04-10 00:16 . 2009-04-10 00:16 144896 ----a-w- c:\windows\system32\schannel.dll

2009-04-10 00:16 . 2009-04-10 00:16 333952 ----a-w- c:\windows\system32\drivers\srv.sys

2009-04-10 00:16 . 2009-04-10 00:16 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2009-04-10 00:14 . 2009-06-14 23:20 691712 ----a-w- c:\windows\system32\inetcomm.dll

2009-04-10 00:14 . 2009-04-10 00:14 253952 ----a-w- c:\windows\system32\es.dll

2009-04-10 00:14 . 2009-04-10 00:14 203136 ----a-w- c:\windows\system32\drivers\RMCast.sys

2009-04-10 00:14 . 2009-04-10 00:14 414720 ----a-w- c:\windows\system32\msscp.dll

2009-04-10 00:13 . 2009-04-10 00:13 4096 ----a-w- c:\windows\system32\wmvdmoe2.dll

2009-04-10 00:13 . 2009-04-10 00:13 4096 ----a-w- c:\windows\system32\wmvdmod.dll

2009-04-10 00:13 . 2009-04-10 00:13 603648 ----a-w- c:\windows\system32\wmspdmod.dll

2009-04-10 00:13 . 2009-04-10 00:13 1329152 ----a-w- c:\windows\system32\wmspdmoe.dll

2009-04-10 00:13 . 2009-04-10 00:13 99840 ----a-w- c:\windows\system32\wmpshell.dll

2009-04-10 00:13 . 2009-04-10 00:13 8292352 ----a-w- c:\windows\system32\wmploc.dll

2009-04-10 00:13 . 2009-04-10 00:13 4096 ----a-w- c:\windows\system32\wmsdmoe2.dll

2009-04-10 00:13 . 2009-04-10 00:13 4096 ----a-w- c:\windows\system32\wmsdmod.dll

2009-04-10 00:13 . 2009-04-10 00:13 314880 ----a-w- c:\windows\system32\wmpdxm.dll

2009-04-10 00:13 . 2009-04-10 00:13 242688 ----a-w- c:\windows\system32\wmpasf.dll

2009-04-09 11:32 . 2009-04-09 11:32 89088 ----a-w- c:\documents and settings\n\Application Data\Desktopicon\eBayShortcuts.exe

2009-04-01 19:59 . 2009-04-01 19:59 188348 ----a-w- c:\windows\system32\atiicdxx.dat

.

 

------- Sigcheck -------

 

[-] 2009-04-10 00:16 361600 DF70435F3D17C40D5CB15E6DC918342E c:\windows\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"Eraser RiskMonitor"="c:\program files\East-Tec Eraser 2009\Launch.exe" [2008-11-03 44192]

"Eraser"="c:\program files\Eraser\eraser.exe" [2007-12-22 916240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-28 61440]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"EPGServiceTool"="c:\progra~1\WinTV\EPG Services\System\EPGClient.exe" [2008-05-15 688128]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-12 17531392]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"_nltide_2"="shell32" [X]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2009-6-15 110647]

Giganews Accelerator.lnk - c:\program files\Giganews Accelerator\GiganewsAccelerator.exe [2007-12-18 1085440]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

 

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [20/06/2009 18:39 130424]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14/05/2009 13:17 107256]

R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14/05/2009 13:17 731840]

R2 EPGService;EPGService;c:\progra~1\WinTV\EPG Services\System\EPGService.exe [15/06/2009 11:42 437248]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [20/06/2009 18:39 348752]

R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [18/06/2009 00:09 10752]

R3 HCW713x;Hauppauge 713x VU PCI TV Card;c:\windows\system32\drivers\HCW713x.sys [15/06/2009 11:14 827776]

R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [26/04/2007 01:53 25088]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [15/06/2009 07:26 1684736]

 

--- Autres Services/Pilotes en mémoire ---

 

*Deregistered* - mchInjDrv

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

TCP: {EBD60971-610C-4C4A-8A4A-561E9629E5F7} = 212.27.53.252,212.27.54.252

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-20 21:44

Windows 5.1.2600 Service Pack 3 NTFS

 

detected NTDLL code modification:

ZwClose

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

 

c:\windows\system32\sys_drv.dat 7028 bytes

c:\windows\system32\sys_drv_2.dat 6024 bytes

 

Scan terminé avec succès

Fichiers cachés: 2

 

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(1308)

c:\windows\system32\Ati2evxx.dll

.

Heure de fin: 2009-06-20 21:45

ComboFix-quarantined-files.txt 2009-06-20 19:45

 

Avant-CF: 41 125 629 952 octets libres

Après-CF: 41 159 073 792 octets libres

 

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect /noexecute=alwaysoff

 

302 --- E O F --- 2009-06-19 01:00

 

 

 

 

 

 

ça me parait ok :P , plus d'infections actives.

 

.*´¨ )

,.•´¸.•*¨) ¸.•*¨)

(¸.•´ : (¸.•´ : (´¸.•*´¯`*•

Finir le nettoyage :

- Nettoye ton ordinateur avec ATFCeaner(à utiliser régulièrement!):

 

telecharge sur ton bureau:

 

- AtfCleaner --> http://www.atribune.org/ccount/click.php?id=1

 

ATF Cleaner

Double-clique ATF-Cleaner.exe afin de lancer le programme.

Sous l'onglet Main, choisis : Select All

Clique sur le bouton Empty Selected, patiente le temp du nettoyage, ok

Si tu utilises le navigateur Firefox :

Clique Firefox au haut et choisis : Select All

Clique le bouton Empty Selected

Patiente le temp du nettoyage

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

Clique Opera au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Clique Exit, du menu prinicipal, afin de fermer le programme.

Le prochain démarrage du PC sera un peu plus long , le prefetch ayant été vidé.

 

• naviguer avec FireFox http://www.mozilla-europe.org/fr/firefox/ , JavaScript désactivé quand on sait pas ou on surf, ça peut éviter les IFrames pourries javaScript sur une page web pourries http://www.certa.ssi.gouv.fr/site/CERTA-20...-001/index.html

 

1237009714-jsff.jpg

http://imagesup.org/images/1237009714-jsff.jpg

 

• Configurer FireFox pour vider cache, cookies ...... à sa fermeture:

 

1237009855-clrff.jpg

http://imagesup.org/images/1237009855-clrff.jpg

 

• Lire sécuriser FireFox:: http://www.malekal.com/securiser_Firefox.php

 

- Désactive puis réactive la restauration du système :

- Mode d'emploi Windows XP: http://service1.symantec.com/SUPPORT/INTER...020830101856924

 

• desinstalle ComboFix en copiant|collant la ligne cidessous du cadre dans executer et valide:

 

ComboFix /u

 

supprime son dossier restant apres disparition de l'icone de combofix de ton bureau en c:\combofix

 

 

Sauvegarde de la ruche systeme

 

Pratique en cas de ce type d'erreur au demarrage (http://www.vista-xp.fr/forum/topic183.html ) et rapide à restaurer en console de recuperation: http://www.malekal.com/console_recuperatio...#mozTocId862261

http://www.malekal.com/tutorial_ERUNT.php#mozTocId955164

 

• telecharge ERUNT (ERDNT):

http://www.derfisch.de/lars/erunt.zip

http://www.aumha.org/downloads/erunt.zip

http://dundats.mvps.org/Files/erunt.zip

 

et dezippe le ,renomme le dossier par ERDNT, coupe_colle le dossier dezippé à cet endroit et pas ailleurs: c:\windows\ , un ancien dossier de ComboFix vide apres désinstallation est toujours présent à cet endroit,tu le remplaces par le nouveau que tu viens de dezipper, puis double clic sur ERUNT comme sur la capture:

 

1240900435-erdnt1.jpg

http://imagesup.org/images/1240900435-erdnt1.jpg

 

* clic ok et dans la fenetre qui apparait comme sur la capture , spécifie le chemin c:\windows\ERDNT en "backup to", pas ailleurs!, un nouveau dossier doit alors être crée, clic ok.

 

1240900561-erdnt2.jpg

http://imagesup.org/images/1240900561-erdnt2.jpg

 

*la sauvegarde de la ruche systeme s'opère alors , un dossier de sauvegarde en date de création apparrait en c:\windows\ERDNT

 

1240900791-erdnt3.jpg

http://imagesup.org/images/1240900791-erdnt3.jpg

 

*ferme une fois terminé la fenêtre.

.*´¨ )

,.•´¸.•*¨) ¸.•*¨)

(¸.•´ : (¸.•´ : (´¸.•*´¯`*•

angelique Devil Member !

angelique

Posté(e)
Posté(e)

• idem spyware doctor à virer

 

• ça à faire analyser chez virusscan:

 

c:\windows\system32\WinVd32.sys

c:\windows\system32\WinFLsrv.exe

c:\windows\system32\WinFLdrv.sys

c:\windows\system32\sys_drv.dat

c:\windows\system32\sys_drv_2.dat

 

pour tous les voir :

 

Ouvre le poste de travail

Clic sur le menu outils en haut à droite puis options des dossiers

Dans la nouvelle fenêtre, clic sur l'onglet Affichage en haut

Coche dans la liste "Afficher les fichiers cachés"

Décoche "masquer les fichier proteger du systeme d exploitation (recommandée)"\appliquer

Tu vas recevoir un message qui te dit que cela peut endommager le système, n'en tiens pas compte.

 

je pars au taf , je te lirais que bien plus tard

nimas83 Junior Member

nimas83

Posté(e)
  • Auteur
Posté(e)

Merci beaucoup, rien a signaler concernant ces fichiers

 

firefox installé et configuré, spyware doc supprimé.

 

tout est parfait, mon probleme est résolu.

 

encore merci pour ta patience, tes conseils et le temps que tu consacré a mon problème

 

 

merci ! :P

 

 

 

• idem spyware doctor à virer

 

• ça à faire analyser chez virusscan:

 

c:\windows\system32\WinVd32.sys

c:\windows\system32\WinFLsrv.exe

c:\windows\system32\WinFLdrv.sys

c:\windows\system32\sys_drv.dat

c:\windows\system32\sys_drv_2.dat

 

pour tous les voir :

 

Ouvre le poste de travail

Clic sur le menu outils en haut à droite puis options des dossiers

Dans la nouvelle fenêtre, clic sur l'onglet Affichage en haut

Coche dans la liste "Afficher les fichiers cachés"

Décoche "masquer les fichier proteger du systeme d exploitation (recommandée)"\appliquer

Tu vas recevoir un message qui te dit que cela peut endommager le système, n'en tiens pas compte.

 

je pars au taf , je te lirais que bien plus tard

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...