LE NEWSMAGAZINE Nº1 DES NOUVELLES TECHNOLOGIES
79 utilisateurs connectés
Forum de Micro Hebdo / Questions techniques diverses / Sécurité/ disp)arition de mes securites
page précédente  1 - 2 - 3
ou aller à la page
 page suivante

disp)arition de mes securites

jr83h le 01 novembre 2009 à 23h18
bonjour a toutes et à toutes
je ne sais que faire ,car a la suite d'une ouverture de fichier(world coins 1800 1900 tout a foiré!
1 la disparition de mon anti virus avas tayant suivi je l'ai desinstallé pour le réinstaller:impossible l'information avast.exe n'est pas une application win valide.
meme chose pour mon "superantispyware et impossible d'ouvrir malware anti malware.
j'ai donc effectue une restauration: celle ci s'avere impossibble!
pensant donc a une attaque virale j'ai effectue active scan qui m'indique que je suis infecté par "rootkit/bagle avec comme explication
ce qui suit
1 c systeme volume information rerstore ......serie de chiffre et de lettre.sys et cela sur 5 lignes
6c windows systeme 32/sroa2.sys
78 2 lignes semblables à la une.
en esperant qu'une ame charitable me depanne je vous dis par avance merci à tous.
jr83h
répondre
jeanmimigab le 02 novembre 2009 à 01h34
:hello:

respecte à la lettre la procédure suivante stp...

Télécharge Combofix sur ton Bureau (et pas ailleurs)en le renommant avant qu'il n'atterrisse sur ton bureau.
pour cela fait un clic droit sur Combofix.exe ,choisie "enregistrer la cible du lien sous..." et renomme le en jr83h.exe pour l'emplacement choisie ton bureau et clic sur "enregistrer"


Double clique jr83h.exe(le fichier télécharger).
Tape sur la touche1 pour démarrer le scan.
Lorsque le scan sera complet, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt

[:fml:8] Note : Ne pas cliquer dans la fenêtre de Combofix durant l'analyse ; ceci provoquerait le gel du programme.

:salut:
-------
Click974

Notre ami

C'est cette Corse que j'aime...

>> Surfons couverts << en tuto

>>> et encore des tutos <<<
répondre
jr83h le 02 novembre 2009 à 14h19
Bonjour, voici le rapport demandé.
ComboFix 09-11-01.04 - jean roland huber 02/11/2009 8:12.3.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.234 [GMT 1:00]
Lancé depuis: c:\documents and settings\jean roland huber\Bureau\jr83h.exe
AV: avast! antivirus 4.8.1356 [VPS 091031-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\jean roland huber\Application Data\AD ON Multimedia
c:\documents and settings\jean roland huber\Application Data\drivers\downld
c:\documents and settings\jean roland huber\Application Data\drivers\downld\1210671.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\1213593.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\1214406.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\125609.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\129562.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\132296.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\132453.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\133765.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\134328.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\138453.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\139406.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\141625.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\145265.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\148562.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\152171.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\157062.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\164218.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\1646781.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\1650406.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\1651828.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\167437.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\171062.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\176734.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\22693687.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\22695750.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\22695859.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\22696359.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\22696750.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\22696812.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\22715453.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\22716062.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\22716250.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\22758875.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\22760328.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\22760609.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\22761234.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\22761812.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\22829734.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\22831203.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\22832078.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\22866187.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\22869671.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\22870750.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\22879328.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\22880890.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\22881468.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\22882265.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\22884640.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\22885375.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\297531.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\297890.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\297937.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\303062.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\303171.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\303390.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\303515.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\304062.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\304437.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\308656.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\309484.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\309765.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\323671.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\323843.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\324328.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\324750.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\324890.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\324921.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\325500.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\326203.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\326343.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\326437.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\326812.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\326984.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\329687.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\330562.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\331046.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\335718.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\336718.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\337093.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\3519734.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\3533703.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\361906.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\362562.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\362593.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\538593.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\539281.exe
c:\documents and settings\jean roland huber\Application Data\drivers\downld\539359.exe
c:\documents and settings\jean roland huber\Application Data\drivers\winupgro.exe
c:\documents and settings\jean roland huber\Application Data\m\data.oct
c:\documents and settings\jean roland huber\Application Data\m\list.oct
c:\documents and settings\jean roland huber\Application Data\m\shared
c:\documents and settings\jean roland huber\Application Data\m\shared\.NET Framework Setup Verification Utility 25-11-2008.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\10-Strike_MP3-Scanner_2.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\3D-FTP 7.0.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\3D_Animated_under_Sea_3.5.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\642-443 Free Test Exam Questions 10.0.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\A QuickEStore 8.2.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\AccuPlan Personal Edition 2.3.0.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Ace_CD_Burner_1.31_[Key+Serial].zip
c:\documents and settings\jean roland huber\Application Data\m\shared\AdesDesign eBook 2.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Advanced Personal Firewall 1.0.0.2.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Afree MP3 AMR OGG Converter 5.0.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Anti-Peeper Key 2.0.0.0.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Antivirus.Avast.V.4.6.Fr.Professionnel.&.Clé.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Any#Rename 1.1.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\ApecSoft_RMVB_WMV_to_AVI_Converter_1.01_build_39.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\APT_Scheduler_2.14_[Cracked].zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Ascendis Caller ID 2.0.2.0.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\authorPOINT Lite 3.5.13.1.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\AutoMouseClicker_2.10.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Battlefield Vietnam Battle for Pho Nung map.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Big Bear DCC Railway controller 1.1.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Black Swan Lake Animated ScreenSaver 5.07 (Key+Serial).zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Blocklist Manager 2.7.7.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Calculator & Calculator Help 1.0.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Chinese Checkers Game 1.0.0.0.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Code-Genie 4.02.03.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\CPUlight 1.0.44.9.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Daytona_1.0.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Dekart_Secrets_Keeper_3.11.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Desktop_Chinese_New_Year_Critter_1.0.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Dobackup_1.3.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\DownloadControl Library 1.0.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Dreadlock Privacy 5.03.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Enhilex Medical Transcription Software 3.26.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Eyes_Care_1.0.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\FileSplit_2.34.424_[Serial].zip
c:\documents and settings\jean roland huber\Application Data\m\shared\FlexSize Express 1.7.10.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\FLIP Flash Photo Album Free 1.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Focus_on_VBS_1.6_Build_12.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Freedom_Force_-_Shadow_model.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Full Convert MySQL Edition 3.2.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\GMSI.NET_Unit_Conversion_Edit_Box_1.1.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Goo DVD To WMV Converter 1.00.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Hidden Menu 2.2.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\HOLOCAPTOR_1.0.0.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\IceXX_2.0.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\IconsExtract 1.45.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Identity Finder Home Edition 3.4.4.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Instant_Team_1.4_(Cracked).zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Instrument Tuner.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Internet_Protocol_Helper_Component_1.9.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\iWriter_1.2.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\jStock POS 3.0.0.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\kapersky.antivirus.2006.crak.serial.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\KingSmart Hotel Systems 2005.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Laser Encryptor 1.0.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\LingoLite Chinese (Simplified).zip
c:\documents and settings\jean roland huber\Application Data\m\shared\LingvoSoft Dictionary 2007 English - Hungarian 4.0.22.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\LingvoSoft Picture Dictionary 2007 Italian - Portuguese 1.1.18 KeyGen.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\LinkSync_2.0_Beta_2.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Living American USA Flag 1.01.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Magic_Math_Kingdom_for_ages_5_to_8_2.1_(KeyGen).zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Mars_Notebook_1.41_Patch.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Maze Creator STD 3.63.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\McAfee_QuickClean_v6.00.7.0-CYGNUS.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\MicroAdobe_MP3_Converter_5.0_(With_Crack).zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Mirramail_2.1.1_(With_Crack).zip
c:\documents and settings\jean roland huber\Application Data\m\shared\MRUFolders 1.2.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\MyAcrobatServer 2.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\MyDoom_Scanner_1.0.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Nature Rain Demo Screensaver 1.0.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Network_Mac_icons_1.0.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\newyork.radioaddon_toolbar_for_Firefox_1.5.0.6.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\NVIDIA Localization Cleaner 1.0.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Oracle_to_MSSQL_1.5_Cracked.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Outlook Thumbnail Viewer 1.0.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Owl Commander 2.1.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Paranormal Research Filer 3.4.4.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\PhotoPackager_1.5.1027.1_(Cracked).zip
c:\documents and settings\jean roland huber\Application Data\m\shared\PiPop_X_2.1.5.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Porsche 908 Screensaver 1.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Prio_1.9.7.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\R.E.V.E_1.5.0.0.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\RamCleaner 6.82.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Real-time_Foreign_Exchanger_2.11.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Registry_Vaccine_2.1_(Key+Serial).zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Report a Webpage Problem Internet Explorer 8.0 Add-On 1.0 Beta.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\ROM With a View - Director's Cut 3.4 Build 3004.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Room_Impulse_Response_2.5_[Key+Serial].zip
c:\documents and settings\jean roland huber\Application Data\m\shared\RunClik_1.0.1_[Cracked].zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Rune Mobias map.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Saturation Fix 2.0.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\SE_Drawing_Extractor_3.6.27.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Search_Engine_Primer_1.0.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Send Personally 1.16.1.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Serial_Key_Manager_1.5.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Server2Go_1.3.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Show Me The Colors! 4.7.0.33520.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Sight_Words_Buddy_1.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\SilentNight_IE_Watcher_Professional_2.0.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Simple Icons.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\SimpleMonitor_0.5.3.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\SMS_Mac_1.5.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\SPACEWatch Enterprise Edition 5.7 build 62.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\SpamNullifier_3.1.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Sport_Icons_2006_2.0_[KeyGen].zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Super Fast File Splitter 1.0.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Swift.ROM 7.7.7.0.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Terraswarm_1.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\TGPWare_3.0.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\The_Panic_Button_2.0.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\TimeTraveler_1.1.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Tom_Clancy's_Splinter_Cell_Pandora_Tomorrow_v1.1_multiplayer_patch.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Underwear_(Female)_Screensaver_1.0.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\uniKode_for_Kannada_0.9.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Veeam_Reporter_2.1_(Key+Serial).zip
c:\documents and settings\jean roland huber\Application Data\m\shared\VHD_Utility_1.0.1_Key.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\VMCI_Plus_2.03_[Key].zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Web Control for Parents 4.0.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Webgenz_CMS_6.2.2_[Key].zip
c:\documents and settings\jean roland huber\Application Data\m\shared\WebGrid - The plug and play datagrid 1.9 (Patch).zip
c:\documents and settings\jean roland huber\Application Data\m\shared\WebVocab 1.1.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Whistler_Webcams_3.0.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\WinTiles_1.2_(KeyGen).zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Woodland_Morning_1.0.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Wordline_1.4.1.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\XPlitter 5.0.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Zipghost_3.70.zip
c:\documents and settings\jean roland huber\Application Data\m\srvlist.oct
c:\program files\QUAD Utilities
c:\windows\system32\ban_list.txt
c:\windows\system32\mdelk.exe
c:\windows\system32\wintems.exe
c:\documents and settings\jean roland huber\Application Data\m . . . . impossible à supprimer

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SK9OU0S
-------\Legacy_SROSA
-------\Service_sK9Ou0s


((((((((((((((((((((((((((((( Fichiers créés du 2009-10-02 au 2009-11-02 ))))))))))))))))))))))))))))))))))))
.

2009-11-02 06:17 . 2009-11-02 06:17 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\SPAMfighter
2009-11-02 06:08 . 2009-11-02 06:08 7168 ----a-w- c:\windows\system32\srosa2.sys
2009-11-02 06:08 . 2009-11-02 06:08 119188 ----a-w- c:\windows\system32\wfsintwq.sys
2009-11-01 15:49 . 2009-11-01 15:57 -------- d-----w- c:\program files\Windows Live Safety Center
2009-11-01 13:10 . 2009-11-01 13:10 -------- d-----w- c:\program files\Panda Security
2009-11-01 11:11 . 2009-11-02 07:53 -------- d--h--w- c:\documents and settings\jean roland huber\Application Data\m
2009-11-01 11:09 . 2009-11-02 07:50 -------- d--h--w- c:\documents and settings\jean roland huber\Application Data\drivers
2009-10-22 08:47 . 2009-10-22 08:47 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-22 08:45 . 2009-10-22 08:45 -------- d-----w- C:\d34a1c13d4ec38d6d8cf24d2
2009-10-22 08:45 . 2009-10-22 08:45 -------- d-----w- C:\b86178c1d2d7243004
2009-10-22 08:45 . 2009-10-22 08:45 -------- d-----w- C:\7860f263867a6b0013
2009-10-22 08:45 . 2009-10-22 08:45 -------- d-----w- C:\9e39f671923f2e4dac2f04e086c128
2009-10-22 08:45 . 2009-10-22 08:45 -------- d-----w- C:\0efeb77c0fbc78066f8eb32fba91ba
2009-10-22 08:20 . 2009-10-22 08:20 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\Caere
2009-10-22 07:46 . 2009-10-22 08:45 -------- d-----w- c:\windows\pixtran
2009-10-22 07:45 . 2009-10-22 08:45 -------- d-----w- c:\program files\Fichiers communs\Caere
2009-10-22 07:45 . 2009-10-22 07:45 -------- d-----w- c:\program files\Caere
2009-10-18 07:14 . 2009-10-18 07:14 -------- d-----r- C:\AHCache
2009-10-17 20:57 . 2009-10-17 21:15 -------- d-----w- C:\a1b8a453d9a9f489a264
2009-10-17 20:55 . 2009-10-17 20:55 237616 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-17 20:38 . 2009-10-17 21:16 -------- d-----w- C:\5bc7a5ed849a1b56c202ef07
2009-10-17 19:04 . 2009-10-17 21:16 -------- d-----w- C:\d023e15ba6ad0e2717
2009-10-16 15:50 . 2009-10-17 21:19 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-16 15:50 . 2009-10-16 15:50 -------- d-----w- c:\program files\MSBuild
2009-10-16 15:49 . 2009-10-16 15:49 -------- d-----w- c:\program files\Reference Assemblies
2009-10-16 15:38 . 2009-10-17 21:19 -------- d-----w- C:\f2a031d10d8b2cf1ad404b
2009-10-16 15:15 . 2009-10-16 15:15 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\System Tweaker
2009-10-16 11:34 . 2009-10-16 11:47 -------- d-----w- c:\windows\LastGood(2)
2009-10-16 07:34 . 2009-10-16 07:34 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\Uniblue
2009-10-07 13:28 . 2009-10-17 21:09 -------- d-----w- c:\documents and settings\jean roland huber\Local Settings\Application Data\Yahoo!
2009-10-07 11:52 . 2001-08-23 15:04 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-10-07 11:52 . 2001-08-23 15:04 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-10-07 11:52 . 2008-04-13 18:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-10-07 11:52 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-02 06:27 . 2008-02-06 19:44 -------- d-----w- c:\program files\languages
2009-11-01 12:25 . 2008-04-17 13:42 -------- d-----w- c:\program files\eMule
2009-10-28 10:42 . 2008-10-12 19:11 -------- d-----w- c:\program files\McAfee
2009-10-28 06:55 . 2002-09-27 15:16 83140 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-28 06:55 . 2002-09-27 15:16 507924 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-21 17:06 . 2008-05-30 07:31 -------- d-----w- c:\program files\inKline Global
2009-10-21 17:06 . 2002-09-29 11:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-17 21:38 . 2008-02-13 20:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-17 21:26 . 2009-01-28 11:55 -------- d-----w- c:\program files\NODouble
2009-10-17 21:21 . 2008-07-01 16:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-16 07:02 . 2008-02-06 19:55 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\XnView
2009-09-19 09:07 . 2008-02-05 19:39 126672 ----a-w- c:\documents and settings\jean roland huber\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-17 06:54 . 2009-09-17 06:54 -------- d-----w- c:\program files\MAGIX
2009-09-15 16:18 . 2009-03-01 16:30 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\Audacity
2009-09-15 10:59 . 2008-07-05 13:12 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 10:56 . 2008-07-05 13:12 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-15 10:53 . 2008-07-05 13:12 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-14 09:49 . 2009-09-14 09:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2009-09-14 09:11 . 2009-09-14 09:11 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\recfree.com
2009-09-14 09:11 . 2009-09-14 09:11 -------- d-----w- c:\program files\RecFree.com
2009-09-14 08:33 . 2008-07-25 07:51 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-11 14:18 . 2002-09-27 15:15 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18 . 2002-09-27 15:15 136192 ----a-w- c:\windows\system32\msv1_0(2)(2).dll
2009-09-09 13:49 . 2002-09-29 11:52 -------- d-----w- c:\program files\Ahead
2009-09-04 21:04 . 2002-09-27 15:15 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:04 . 2002-09-27 15:15 58880 ----a-w- c:\windows\system32\msasn1(2)(2).dll
2009-08-29 10:17 . 2009-08-29 10:17 82464 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-08-29 10:17 . 2009-08-29 10:17 37888 ----a-w- c:\windows\system32\setupnt.dll
2009-08-29 10:17 . 2009-08-29 10:17 28928 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-08-29 10:17 . 2009-08-29 10:17 212288 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-08-29 10:17 . 2009-08-29 10:17 126976 ----a-w- c:\windows\system32\snapapi.dll
2009-08-29 07:28 . 2002-09-27 15:16 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:28 . 2002-09-27 15:16 832512 ----a-w- c:\windows\system32\wininet(4)(2).dll
2009-08-29 07:28 . 2002-09-27 15:16 1168384 ----a-w- c:\windows\system32\urlmon(4)(2).dll
2009-08-29 07:28 . 2002-09-27 15:16 105984 ----a-w- c:\windows\system32\url(4)(2).dll
2009-08-29 07:28 . 2007-08-13 17:34 268288 ----a-w- c:\windows\system32\iertutil(3)(2).dll
2009-08-29 07:28 . 2008-02-05 19:31 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:28 . 2002-09-27 15:15 17408 ------w- c:\windows\system32\corpol.dll
2009-08-28 14:14 . 2009-08-28 14:14 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-28 06:51 . 2009-08-28 06:49 24 --sh--w- c:\windows\SF6CB562F.tmp
2009-08-26 08:01 . 2002-09-27 15:15 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 18:24 . 2008-02-05 19:31 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 18:24 . 2008-02-05 19:31 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 18:24 . 2008-02-05 19:31 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 18:24 . 2007-07-30 18:19 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 18:24 . 2002-09-27 15:30 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 18:24 . 2002-09-27 15:15 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 18:23 . 2008-02-05 19:31 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 18:23 . 2002-09-27 15:30 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:00 . 2002-09-27 15:15 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 20:58 . 2002-09-27 15:15 2191232 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:28 . 2002-08-29 11:42 2068096 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "c:\program files\Secured_eMule\tbSecu.dll" [2007-05-27 1326104]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]
2007-05-27 11:17 1326104 ----a-w- c:\program files\Secured_eMule\tbSecu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D286E828-E6B9-484d-A058-D7323666DE33}]
2009-08-19 12:02 221184 ----a-w- c:\program files\RecFree.com\RecFreeToolbar\1.3.11.0\escort.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "c:\program files\Secured_eMule\tbSecu.dll" [2007-05-27 1326104]
"{0508F8F1-08E3-43EE-AAA8-09AD09803084}"= "c:\program files\RecFree.com\RecFreeToolbar\1.3.11.0\escorTlbr.dll" [2009-08-19 172032]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_CLASSES_ROOT\clsid\{0508f8f1-08e3-43ee-aaa8-09ad09803084}]
[HKEY_CLASSES_ROOT\escorTlbr.DskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\escorTlbr.DskBnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7}"= "c:\program files\Secured_eMule\tbSecu.dll" [2007-05-27 1326104]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2005-09-19 851968]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-02 2000112]
"ISUSPM"="c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-02 81000]
"AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-19 20480]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"Cloneur Expert Monitor"="c:\program files\Micro Application\TrueImageMonitor.exe" [2009-08-29 443116]
"Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2009-08-29 90112]
"PC Booster"="c:\program files\inKline Global\PC Booster\pcbooster.exe" [2008-04-08 14491648]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2002-10-28 47104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.exe.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-2-27 113664]
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-2-27 113664]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
MioSync.lnk - c:\program files\Mio Technology\MioSync\mioSync.exe [2009-6-10 638976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-08 18:05 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Documents and Settings\\jean roland huber\\Application Data\\m\\flec006.exe"=
"c:\\Documents and Settings\\jean roland huber\\Application Data\\hidires\\flec003.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4242:TCP"= 4242:TCP:DonkeyServer No1
"86:TCP"= 86:TCP:BroadCam Web Server

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 13:53 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [27/02/2007 12:39 74480]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/10/2008 20:13 92296]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys --> c:\windows\system32\drivers\pavboot.sys [?]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe --> c:\magix\Common\Database\bin\fbserver.exe [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16/02/2006 17:51 4096]
S3 TV_551805_Sp50;TV_551805_Sp50 NDIS Protocol Driver;c:\windows\system32\drivers\TV_551805_Sp50.sys [01/09/2008 15:03 27072]
S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;c:\windows\system32\drivers\usb8023.sys [27/09/2002 16:16 12800]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - MBR
*NewlyCreated* - SROSA
*Deregistered* - mbr
*Deregistered* - srosa
.
Contenu du dossier 'Tâches planifiées'

2009-07-03 c:\windows\Tasks\Rescue Reminder for 2HAS323A.job
- c:\program files\Maxtor\ManagerApp\MaxUtilities.exe [2008-07-21 14:52]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://m.fr.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.tropal.net/
uInternet Connection Wizard,ShellNext = hxxp://www.medion.com/
uSearchURL,(Default) = hxxp://fr.search.yahoo.com/search?fr=mcafee&p=%s
IE: &Search the web - http://toolbar.recfree.com/rcfr/ctxmnu.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {EF553838-970A-41C2-ABB7-6A75D68D3BFA} = 80.118.192.100,80.118.196.38
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab
.
- - - - ORPHELINS SUPPRIMES - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
SafeBoot-aawservice



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-02 08:51
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

c:\documents and settings\jean roland huber\Application Data\m\flec006.exe [2600] 0x81D83908
c:\documents and settings\jean roland huber\Application Data\hidires\flec003.exe [2616] 0x81DA42D8
Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\documents and settings\jean roland huber\Application Data\drivers\downld
c:\documents and settings\jean roland huber\Application Data\hidires
c:\documents and settings\jean roland huber\Application Data\hidires\config
c:\documents and settings\jean roland huber\Application Data\hidires\config\load_index.dat 2192 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\config\AC_BootstrapIPs.dat 2 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\config\AC_SearchStrings.dat 2 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\config\AC_ServerMetURLs.dat 2 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\config\cancelled.met 10 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\config\clients.met 5 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\config\clients.met.bak 5 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\config\cryptkey.dat 365 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\config\emfriends.met 5 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\config\key_index.dat 28 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\config\known.met 30742 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\config\known2_64.met 83169 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\config\nodes.dat 6370 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\config\preferences.dat 61 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\config\preferences.ini 7075 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\config\preferencesKad.dat 23 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\config\server.met 9639 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\config\server_met.old 9639 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\config\shareddir.dat 2 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\config\src_index.dat 12 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\config\statistics.ini 1777 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\config\StoredSearches.met 4 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\downloads.bak 448 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\downloads.txt 448 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\file.exe 839680 bytes executable
c:\documents and settings\jean roland huber\Application Data\hidires\flec003.exe 2557956 bytes executable
c:\documents and settings\jean roland huber\Application Data\hidires\Incoming
c:\documents and settings\jean roland huber\Application Data\hidires\lang
c:\documents and settings\jean roland huber\Application Data\hidires\names.txt 3973 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\server.txt 1219 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\skins
c:\documents and settings\jean roland huber\Application Data\hidires\Temp
c:\documents and settings\jean roland huber\Application Data\hidires\WDIR
c:\documents and settings\jean roland huber\Application Data\hidires\WDIR\FathZIP 4.7 [Crack].zip 3327896 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\WDIR\Quick Performance Monitor.zip 2466384 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\WDIR\AirStrike 3D Operation WAT 1.65.zip 3734019 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\WDIR\AVG.antispyware.v7.5.0.50.+.crack.zip 2243458 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\WDIR\Aware IM 1.2 build 669.zip 1695516 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\WDIR\Billy 1.03.zip 1588840 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\WDIR\BreakQuest 1.0.1.zip 3106748 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\WDIR\CammyPlus 1.9 KeyGen.zip 3973883 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\WDIR\Context Power 1.0.zip 3496369 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\WDIR\Data Export - DB22Access 1.0.zip 1635064 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\WDIR\DigicartPC 1.0.0.1.zip 1314287 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\WDIR\Displaying 2001 - 4000 of 118543.czip 839680 bytes executable
c:\documents and settings\jean roland huber\Application Data\hidires\WDIR\Displaying 2001 - 4000 of 118543.zip 814374 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\WDIR\Eastsea MP3 CD Burner 2.10.zip 1358843 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\WDIR\Fast AVI to GIF Converter 2.8 (Serial).zip 3813411 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\WDIR\Red Eye Pilot 3.2.zip 3905564 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\WDIR\RM RMVB to iPod PSP 3GP FLV SWF Converter 1.7.8.zip 2288673 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\WDIR\RolloverFX 2.1 Cracked.zip 4434009 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\WDIR\Rome Total War official movie 1.zip 823950 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\WDIR\ScriptFTP 3.1.zip 5242496 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\WDIR\SharpPlus ActionList For WinForm (For .Net 1.1) 1.17.zip 3098284 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\WDIR\StarQuiz X 2.6.zip 3948954 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\WDIR\Stellar Phoenix Mailbox - Exchange Desktop 2.0.zip 3288153 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\WDIR\Video To MP4 Converter 1.00.zip 2285924 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\WDIR\VintaSoftBarcode.NET Library 1.2.2.zip 2055351 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\WDIR\XTrader 1.0.zip 2734661 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\WDIR\Field Of Dreams-Auburn 2008.zip 3904798 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\WDIR\FlexCell Grid Control 5.6.8.zip 3653891 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\WDIR\Fly Album 2.3 Build 1118 (Key).zip 2696921 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\WDIR\HexConvertor 1.0.0.zip 3451277 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\WDIR\IDAutomation TrueType Barcode Font 6.11 [KeyGen].zip 1536561 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\WDIR\JOC Print Commander 2.40.zip 3200487 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\WDIR\KazStamp 9.0.27.zip 2474207 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\WDIR\M2U Enterprise Edition 6.3.10.zip 3115650 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\WDIR\NOD32.Antivirus.2.51.20+FiX-V2.1.zip 2749394 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\WDIR\NOD32.v2.70.23.Fix.zip 2151438 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\WDIR\Panda.Titanium.2006.Antivirus.Antispyware.(Español-Spanish).Crackeado.By.Menmac.Software.zip 4167763 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\WDIR\Poodwaddle Small Calendar 2.0.zip 1970744 bytes
c:\documents and settings\jean roland huber\Application Data\hidires\webserver
c:\documents and settings\jean roland huber\Application Data\m\flec006.exe 99332 bytes executable
c:\documents and settings\jean roland huber\Application Data\m\shared
c:\documents and settings\jean roland huber\Application Data\m\shared\123 Flash Compressor 1.52.zip 970617 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\A+CADCopy_2.0.zip 949987 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\ActiveTreeNotes 1.0.zip 920520 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Advanced URL Builder 1.3.101.zip 1066055 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\AdWare_SpyWare_SE_2.1.5.zip 895821 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Air_Invasion_2.zip 1061353 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\AltoMP3 Gold 5.12 (Cracked).zip 932099 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Amazing_NetGrapher_1.10.zip 864853 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Application As Service 3.0.0.53.zip 969251 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Areca_Backup_5.0.1a.zip 1083137 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Okoker All Video Converter&Burner Pro 7.3.zip 887709 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Omega Basic 1.1 [Cracked].zip 897676 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Pacific Wonder Screensaver.zip 1079030 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\PanIntegers 2.0.1.zip 943109 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Passion 4 Nails toolbar for Firefox 1.5.0.1.zip 903519 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\PC_Icon_Extractor_2.85.zip 913268 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Phantom Taskbar toolbar for IE 4.5.132.0.zip 959083 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Phoa_1.1.9.zip 916092 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Pixbook 2.9C.zip 895069 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\SiteUnseen 3.4.5.zip 984188 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\SkinEngine 2.02.zip 943386 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Sonic_Zone_1.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Stars_and_Planets_1.1_[Serial].zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Startup Firewall 4.0.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\STFU.zip 937676 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Surfer_8.06.39.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\szyfrator 0.42 Alpha.zip 1108274 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\TheDowser Professional 5.3.0.zip 982631 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\The_Magic_Blackboard_1.0.zip 965141 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Thumba Wumba 1.22.zip 941707 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\TimeBell_1.2.zip 918344 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Times_2.3.zip 952682 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\True_HTML_Editor_1.1.zip 932452 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Disc Broom 0.71.25.zip
c:\documents and settings\jean roland huber\Application Data\m\shared\Download.Stubby Remover 0.9.zip 995878 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\DVD Cloner 6.30 Build 981.zip 1095401 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\EasyQuery.VCL trial for Delphi 4.34.zip 1015792 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\eMail_Broadcast_CRM_1.0.zip 862381 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Evolutionary_War_1.1.zip 897348 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\ExEntryC's Junior 3.6.zip 1031379 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Article_Distributor_1.1.2_With_Crack.zip 978187 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Atomic Mail Sender 4.25.zip 855694 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Audio Editor 0.1.0 Cracked.zip 896903 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\AutoGraphicsHTML_5.8.zip 938164 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Axara_Video_To_iPod_2.1.0.377_Key.zip 916042 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\BizTalk Sftp Adapter 1.3.1 Beta.zip 895949 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Blackjack_1.2.zip 1049517 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\BLUBOX 4.3.0.zip 974349 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Blue IP Scanner 1.1.zip 1000749 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\CD_Bank_cataloguer_2.7.6.zip 947984 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Digital_DJ_Music_System_PE_4.94.2_Key.zip 957259 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Flight Monitor 1.0.zip 930673 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Image_Fix_and_Enhance_1.52.zip 953870 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\LingvoSoft Picture Dictionary 2008 Spanish - Italian 1.2.26.zip 949007 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\OggCarton_for_Windows_1.0_Beta.zip 854052 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Pop-Up Stopper 3.10.1014.zip 919518 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\RecoverEXE_1.0_(Serial).zip 988437 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\SingAlong_Player_1.zip 867589 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Tunnelier 4.26.zip 978482 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\PopulateMSI_2.4_Cracked.zip 870061 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\PopupMaster_1.2.1.zip 983700 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\PopUp_Control.zip 928900 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\PowerBB 2.2.1.zip 950467 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Power_CDG_to_MPG_Converter_1.0.23.zip 1035164 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\RAM Saver Pro 9.0.zip 845461 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\RAM_Optimizer_Pro_2005_1.0.zip 881959 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\InstallStation_1.0.5.zip 960348 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\InTranslate_0.1b.zip 841313 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Inventory_and_Production_2.4.zip 938455 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\JD-GUI 0.2.0.zip 898014 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\KaPlaRe 1.1.1.01.zip 866386 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\KingConvert For Archos605 4.0.zip 1023807 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Leprechaun Dance Screensaver.zip 914880 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\LingvoSoft Learning PhraseBook 2008 English - Polish 2.3.90.zip 875142 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Ulove Audio Converter 1.0 (KeyGen).zip 914952 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\USAsoft_DVD_Video_DivX_Converter_5.00_(Key).zip 1049211 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Video Edit Magic Express 4.11.zip 1044414 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Visualizer Image Browser 2.3.zip 888882 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\vTute Recorder 1.00.001.zip 954243 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\WapWebCam_1.03_(Serial).zip 1004363 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Webserver_Monitor_1.2.1.3_[Crack].zip 900551 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\WebWatch 1.0.zip 846405 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\What_Changed_3.0.zip 983945 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\WinChanger 2000 4.01.zip 971413 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\WinRamTurbo_Pro_v4.92_[Patch].zip 1001275 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\WordPerfectRecovery 1.0.0733.zip 901353 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Writer Password Recovery 1.0.1.zip 1102941 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\LingvoSoft_Suite_2007_English_-_Indonesian_2.0.23_[Crack].zip 869708 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\LingvoSoft_Talking_Dictionary_2006_German_Russian_3.1.41_(Cracked).zip 1071272 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Lotus Esprit Screensaver 1.0.zip 961523 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\M & M - Systeme Metronome 1.000.zip 937896 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Millennia_Calendar_2.3.0_Crack.zip 877848 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\MonthOnMyFace_1.0.zip 844492 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\MuvAudio 2.9.6.7.zip 861112 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\My Wallet 1.4.zip 981017 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Mz Registry Backup 1.3.zip 952164 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Naviscope_8.70.zip 1014596 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\North American Railroad Map 2.2.zip 991077 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\No_More_Spam_3.0_build_5.822.zip 932345 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Officium Business Server 1.1.zip 997866 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\CD_Cover_Kit_1.0.0.1_Serial.zip 1020894 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\ChangeSite_2.5_(Cracked).zip 998160 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Chopin_Express_2.0.zip 999641 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\ColorMatrix 2.3.zip 906953 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Comandiux_1.7.25.199.zip 909409 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Core_FTP_Server_1.0.206.zip 927440 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\CountdownClock 2.0.4.zip 948754 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\CubeVision_Clock_1.0.1.zicatchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
c:\documents and settings\jean roland huber\Application Data\m\shared\Data_Agent_1.3_(Cracked).zip 986669 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Data_Base_Scripting_Pages_1.1.zip 864311 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\DateTime2 2.0.1.zip 1004100 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Reliable E-Mail Alerter 1.3.zip 932654 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\ReplaceMagic_Bundle_Professional_1.8.1_Key.czip
c:\documents and settings\jean roland huber\Application Data\m\shared\Replay_Radio_7.31.zip 905734 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\RSExplorer 1.10.zip 969122 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\SC Countdown Timer 2.4 [Key].zip 863588 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\Screen-Scraper_Professional_Edition_2.7.zip 1036302 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\SetSpeed 1.3.zip 982395 bytes
c:\documents and settings\jean roland huber\Application Data\m\shared\SHXConvert 4.0 [Serial].zip 1140294 bytes

Scan terminé avec succès
Fichiers cachés: 196

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x8238B8AC]<<
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

atapi.sys @ 0x0 0x0 bytes

\Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xF83A4B40 atapi.sys
\Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xF83A4B40 atapi.sys
\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xF83A4B40 atapi.sys
\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xF83A4B40 atapi.sys
\Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xF83A4B40 atapi.sys
\Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xF83A4B40 atapi.sys
\Driver\atapi IRP hooks detected !

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"drvsyskit"="c:\\Documents and Settings\\jean roland huber\\Application Data\\drivers\\winupgro.exe"
"german.exe"="c:\\WINDOWS\\system32\\wintems.exe"
"mule_st_key"="c:\\Documents and Settings\\jean roland huber\\Application Data\\m\\flec006.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srosa]
"ImagePath"="\??\c:\windows\system32\wfsintwq.sys"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\CurrentControlSet]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\USER\LocalSystem]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(1380)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Acronis\Schedule2\schedul2.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Heure de fin: 2009-11-02 9:05 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-11-02 08:05

Avant-CF: 12 817 068 032 octets libres
Après-CF: 12 722 421 760 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn

- - End Of File - - 1D3FD9DFA8F289DC07961A49C44914EA
répondre
jeanmimigab le 02 novembre 2009 à 15h17
:hello:

oula, tu est sacrément infecter, et c'est du corriace :/


Clique sur "démarrer" >> "exécuter" et fait un copier/coller du texte en gras de la citation ci-dessous dans la fenêtre "exécuter" et valide en cliquent sur "OK"

"%Userprofile%\Bureau\jr83h.exe " /KillAll


laisse combofix travaillé et poste le rapport final...

:salut:
-------
Click974

Notre ami

C'est cette Corse que j'aime...

>> Surfons couverts << en tuto

>>> et encore des tutos <<<
répondre
jr83h le 02 novembre 2009 à 17h49
bonsoir
car toute la journée je me suis employé a suivre ta procédure
a la premiere intervention j'ai pu telecharge avast mais sans pouvoir l"executer "win 32 non valide)


cependant malware malabites a fonctionné et m'a 'éradiqué un indesirable
alors que les mises a jour de windows update restaient vaines et que super anti spayware en faisait de meme
le second scan demandé a été bien plus rapide10 mn au lieu de 2 h et donc te permettra ,je l'espere de detronner l'intrus
merci de ton aide
jrComboFix 09-11-01.04 - jean roland huber 02/11/2009 16:26.4.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.228 [GMT 1:00]
Lancé depuis: c:\documents and settings\jean roland huber\Bureau\jr83h.exe
Commutateurs utilisés :: /KillAll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\jean roland huber\Application Data\drivers\downld

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((((((((( Fichiers créés du 2009-10-02 au 2009-11-02 ))))))))))))))))))))))))))))))))))))
.

2009-11-02 14:38 . 2009-11-02 14:51 -------- d-----w- c:\program files\Registry Winner
2009-11-02 13:10 . 2009-09-15 11:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-02 13:10 . 2009-09-15 11:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-02 13:09 . 2009-09-15 11:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-02 06:17 . 2009-11-02 06:17 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\SPAMfighter
2009-11-01 15:49 . 2009-11-01 15:57 -------- d-----w- c:\program files\Windows Live Safety Center
2009-11-01 13:10 . 2009-11-01 13:10 -------- d-----w- c:\program files\Panda Security
2009-11-01 11:09 . 2009-11-02 15:34 -------- d--h--w- c:\documents and settings\jean roland huber\Application Data\drivers
2009-10-22 08:47 . 2009-10-22 08:47 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-22 08:45 . 2009-10-22 08:45 -------- d-----w- C:\d34a1c13d4ec38d6d8cf24d2
2009-10-22 08:45 . 2009-10-22 08:45 -------- d-----w- C:\b86178c1d2d7243004
2009-10-22 08:45 . 2009-10-22 08:45 -------- d-----w- C:\7860f263867a6b0013
2009-10-22 08:45 . 2009-10-22 08:45 -------- d-----w- C:\9e39f671923f2e4dac2f04e086c128
2009-10-22 08:45 . 2009-10-22 08:45 -------- d-----w- C:\0efeb77c0fbc78066f8eb32fba91ba
2009-10-22 08:20 . 2009-10-22 08:20 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\Caere
2009-10-22 07:46 . 2009-10-22 08:45 -------- d-----w- c:\windows\pixtran
2009-10-22 07:45 . 2009-10-22 08:45 -------- d-----w- c:\program files\Fichiers communs\Caere
2009-10-22 07:45 . 2009-10-22 07:45 -------- d-----w- c:\program files\Caere
2009-10-18 07:14 . 2009-10-18 07:14 -------- d-----r- C:\AHCache
2009-10-17 20:57 . 2009-10-17 21:15 -------- d-----w- C:\a1b8a453d9a9f489a264
2009-10-17 20:55 . 2009-10-17 20:55 237616 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-17 20:38 . 2009-10-17 21:16 -------- d-----w- C:\5bc7a5ed849a1b56c202ef07
2009-10-17 19:04 . 2009-10-17 21:16 -------- d-----w- C:\d023e15ba6ad0e2717
2009-10-16 15:50 . 2009-10-17 21:19 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-16 15:50 . 2009-10-16 15:50 -------- d-----w- c:\program files\MSBuild
2009-10-16 15:49 . 2009-10-16 15:49 -------- d-----w- c:\program files\Reference Assemblies
2009-10-16 15:38 . 2009-10-17 21:19 -------- d-----w- C:\f2a031d10d8b2cf1ad404b
2009-10-16 15:15 . 2009-10-16 15:15 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\System Tweaker
2009-10-16 11:34 . 2009-10-16 11:47 -------- d-----w- c:\windows\LastGood(2)
2009-10-16 07:34 . 2009-10-16 07:34 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\Uniblue
2009-10-07 13:28 . 2009-10-17 21:09 -------- d-----w- c:\documents and settings\jean roland huber\Local Settings\Application Data\Yahoo!
2009-10-07 11:52 . 2001-08-23 15:04 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-10-07 11:52 . 2001-08-23 15:04 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-10-07 11:52 . 2008-04-13 18:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-10-07 11:52 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-02 15:01 . 2002-09-27 15:16 555552 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-02 15:01 . 2002-09-27 15:16 105144 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-02 06:27 . 2008-02-06 19:44 -------- d-----w- c:\program files\languages
2009-11-01 12:25 . 2008-04-17 13:42 -------- d-----w- c:\program files\eMule
2009-10-28 10:42 . 2008-10-12 19:11 -------- d-----w- c:\program files\McAfee
2009-10-21 17:06 . 2008-05-30 07:31 -------- d-----w- c:\program files\inKline Global
2009-10-21 17:06 . 2002-09-29 11:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-17 21:38 . 2008-02-13 20:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-17 21:26 . 2009-01-28 11:55 -------- d-----w- c:\program files\NODouble
2009-10-17 21:21 . 2008-07-01 16:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-16 07:02 . 2008-02-06 19:55 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\XnView
2009-09-19 09:07 . 2008-02-05 19:39 126672 ----a-w- c:\documents and settings\jean roland huber\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-17 06:54 . 2009-09-17 06:54 -------- d-----w- c:\program files\MAGIX
2009-09-15 16:18 . 2009-03-01 16:30 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\Audacity
2009-09-14 09:49 . 2009-09-14 09:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2009-09-14 09:11 . 2009-09-14 09:11 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\recfree.com
2009-09-14 09:11 . 2009-09-14 09:11 -------- d-----w- c:\program files\RecFree.com
2009-09-14 08:33 . 2008-07-25 07:51 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-11 14:18 . 2002-09-27 15:15 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18 . 2002-09-27 15:15 136192 ----a-w- c:\windows\system32\msv1_0(2)(2).dll
2009-09-09 13:49 . 2002-09-29 11:52 -------- d-----w- c:\program files\Ahead
2009-09-04 21:04 . 2002-09-27 15:15 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:04 . 2002-09-27 15:15 58880 ----a-w- c:\windows\system32\msasn1(2)(2).dll
2009-08-29 10:17 . 2009-08-29 10:17 82464 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-08-29 10:17 . 2009-08-29 10:17 37888 ----a-w- c:\windows\system32\setupnt.dll
2009-08-29 10:17 . 2009-08-29 10:17 28928 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-08-29 10:17 . 2009-08-29 10:17 212288 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-08-29 10:17 . 2009-08-29 10:17 126976 ----a-w- c:\windows\system32\snapapi.dll
2009-08-29 07:28 . 2002-09-27 15:16 832512 ----a-w- c:\windows\system32\wininet(4)(2).dll
2009-08-29 07:28 . 2002-09-27 15:16 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:28 . 2002-09-27 15:16 1168384 ----a-w- c:\windows\system32\urlmon(4)(2).dll
2009-08-29 07:28 . 2002-09-27 15:16 105984 ----a-w- c:\windows\system32\url(4)(2).dll
2009-08-29 07:28 . 2007-08-13 17:34 268288 ----a-w- c:\windows\system32\iertutil(3)(2).dll
2009-08-29 07:28 . 2008-02-05 19:31 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:28 . 2002-09-27 15:15 17408 ------w- c:\windows\system32\corpol.dll
2009-08-28 14:14 . 2009-08-28 14:14 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-28 06:51 . 2009-08-28 06:49 24 --sh--w- c:\windows\SF6CB562F.tmp
2009-08-26 08:01 . 2002-09-27 15:15 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 18:24 . 2008-02-05 19:31 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 18:24 . 2008-02-05 19:31 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 18:24 . 2008-02-05 19:31 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 18:24 . 2007-07-30 18:19 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 18:24 . 2002-09-27 15:30 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 18:24 . 2002-09-27 15:15 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 18:23 . 2008-02-05 19:31 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 18:23 . 2002-09-27 15:30 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:00 . 2002-09-27 15:15 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 20:58 . 2002-09-27 15:15 2191232 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:28 . 2002-08-29 11:42 2068096 ------w- c:\windows\system32\ntkrnlpa.exe
2002-08-30 12:00 . 2009-11-02 07:59 22528 --shatw- c:\windows\erdnt\cache\pathping.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-11-02_07.52.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-02-21 04:16 . 2003-02-21 04:16 49152 c:\windows\system32\URTTemp\regtlib.exe
+ 2002-09-27 15:15 . 2009-11-02 15:01 87778 c:\windows\system32\perfc009.dat
+ 2002-09-27 15:36 . 2009-11-02 09:14 15360 c:\windows\system32\dllcache\register.exe
- 2002-09-27 15:36 . 2009-11-01 21:12 15360 c:\windows\system32\dllcache\register.exe
+ 2008-11-25 03:59 . 2008-11-25 03:59 31560 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2003-02-20 19:10 . 2003-02-20 19:10 31744 c:\windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2003-02-21 06:24 . 2003-02-21 06:24 57344 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
+ 2003-02-21 06:26 . 2003-02-21 06:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2003-02-20 18:09 . 2003-02-20 18:09 64000 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
+ 2003-02-21 06:26 . 2003-02-21 06:26 65536 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.Design.dll
+ 2003-02-21 06:26 . 2003-02-21 06:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
+ 2003-02-21 06:26 . 2003-02-21 06:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Configuration.Install.dll
+ 2003-02-21 06:25 . 2003-02-21 06:25 12288 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe
+ 2003-02-21 06:26 . 2003-02-21 06:26 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2003-02-21 06:25 . 2003-02-21 06:25 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe
+ 2003-02-20 18:09 . 2003-02-20 18:09 90112 c:\windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2003-02-20 18:09 . 2003-02-20 18:09 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\ngen.exe
+ 2003-03-11 17:09 . 2003-03-11 17:09 23552 c:\windows\Microsoft.NET\Framework\v1.1.4322\MUI\040C\mscorsecr.dll
+ 2003-02-20 17:43 . 2003-02-20 17:43 22528 c:\windows\Microsoft.NET\Framework\v1.1.4322\MUI\0409\mscorsecr.dll
+ 2003-02-20 18:18 . 2003-02-20 18:18 20480 c:\windows\Microsoft.NET\Framework\v1.1.4322\mtxoci8.dll
+ 2003-02-20 18:09 . 2003-02-20 18:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2003-02-20 18:09 . 2003-02-20 18:09 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2003-02-20 18:06 . 2003-02-20 18:06 65536 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorpe.dll
+ 2003-02-20 18:09 . 2003-02-20 18:09 98304 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2003-02-20 18:09 . 2003-02-20 18:09 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2003-02-20 18:09 . 2003-02-20 18:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2003-02-21 06:25 . 2003-02-21 06:25 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2003-02-21 06:25 . 2003-02-21 06:25 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2003-02-21 06:25 . 2003-02-21 06:25 11264 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2003-02-21 06:24 . 2003-02-21 06:24 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.dll
+ 2003-02-21 06:24 . 2003-02-21 06:24 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.Vsa.dll
+ 2003-02-21 06:24 . 2003-02-21 06:24 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\jsc.exe
+ 2003-02-21 06:24 . 2003-02-21 06:24 26112 c:\windows\Microsoft.NET\Framework\v1.1.4322\ISymWrapper.dll
+ 2003-02-20 18:22 . 2003-02-20 18:22 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtilLib.dll
+ 2003-02-21 06:24 . 2003-02-21 06:24 15872 c:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe
+ 2003-02-21 06:24 . 2003-02-21 06:24 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2003-03-11 17:16 . 2003-03-11 17:16 61440 c:\windows\Microsoft.NET\Framework\v1.1.4322\fr\System.Web.Services.Resources.dll
+ 2003-03-11 17:22 . 2003-03-11 17:22 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\fr\System.Web.Mobile.resources.dll
+ 2003-03-11 17:17 . 2003-03-11 17:17 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\fr\System.ServiceProcess.Resources.dll
+ 2003-03-11 17:17 . 2003-03-11 17:17 11776 c:\windows\Microsoft.NET\Framework\v1.1.4322\fr\System.Runtime.Serialization.Formatters.Soap.Resources.dll
+ 2003-03-11 17:17 . 2003-03-11 17:17 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\fr\System.Runtime.Remoting.Resources.dll
+ 2003-03-11 17:17 . 2003-03-11 17:17 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\fr\system.Resources.dll
+ 2003-03-11 17:17 . 2003-03-11 17:17 61440 c:\windows\Microsoft.NET\Framework\v1.1.4322\fr\System.Messaging.Resources.dll
+ 2003-03-11 17:15 . 2003-03-11 17:15 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\fr\System.Management.Resources.dll
+ 2003-03-11 17:17 . 2003-03-11 17:17 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\fr\System.EnterpriseServices.Resources.dll
+ 2003-03-11 17:17 . 2003-03-11 17:17 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\fr\System.Drawing.Resources.dll
+ 2003-03-11 17:17 . 2003-03-11 17:17 11264 c:\windows\Microsoft.NET\Framework\v1.1.4322\fr\System.DirectoryServices.Resources.dll
+ 2003-03-11 17:17 . 2003-03-11 17:17 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\fr\System.Configuration.Install.Resources.dll
+ 2003-03-11 17:17 . 2003-03-11 17:17 10240 c:\windows\Microsoft.NET\Framework\v1.1.4322\fr\RegCode.Resources.dll
+ 2003-03-11 17:15 . 2003-03-11 17:15 10240 c:\windows\Microsoft.NET\Framework\v1.1.4322\fr\Regasm.resources.dll
+ 2003-03-11 17:16 . 2003-03-11 17:16 36864 c:\windows\Microsoft.NET\Framework\v1.1.4322\fr\Microsoft.VisualBasic.resources.dll
+ 2003-03-11 17:16 . 2003-03-11 17:16 45056 c:\windows\Microsoft.NET\Framework\v1.1.4322\fr\Microsoft.JScript.Resources.dll
+ 2003-03-11 17:16 . 2003-03-11 17:16 10752 c:\windows\Microsoft.NET\Framework\v1.1.4322\fr\ConfigWizards.Resources.dll
+ 2003-03-11 17:16 . 2003-03-11 17:16 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\fr\caspol.resources.dll
+ 2003-03-11 17:08 . 2003-03-11 17:08 45056 c:\windows\Microsoft.NET\Framework\v1.1.4322\fr\aspnet_rc.dll
+ 2003-02-21 03:12 . 2003-02-21 03:12 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
+ 2003-02-21 06:24 . 2003-02-21 06:24 33792 c:\windows\Microsoft.NET\Framework\v1.1.4322\CustomMarshalers.dll
+ 2003-02-21 06:24 . 2003-02-21 06:24 12288 c:\windows\Microsoft.NET\Framework\v1.1.4322\cscompmgd.dll
+ 2003-02-21 09:20 . 2003-02-21 09:20 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2003-02-20 18:09 . 2003-02-20 18:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2003-02-21 06:24 . 2003-02-21 06:24 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe
+ 2003-02-21 06:24 . 2003-02-21 06:24 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\CasPol.exe
+ 2003-02-20 18:19 . 2003-02-20 18:19 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2003-02-20 18:19 . 2003-02-20 18:19 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2003-02-20 18:19 . 2003-02-20 18:19 20480 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2003-02-20 18:19 . 2003-02-20 18:19 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_rc.dll
+ 2003-02-20 18:19 . 2003-02-20 18:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2003-02-21 04:00 . 2003-02-21 04:00 98304 c:\windows\Microsoft.NET\Framework\v1.1.4322\alink.dll
+ 2003-03-11 17:10 . 2003-03-11 17:10 19968 c:\windows\Microsoft.NET\Framework\v1.1.4322\1036\alinkui.dll
+ 2003-02-21 02:55 . 2003-02-21 02:55 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\cscompui.dll
+ 2003-02-21 01:59 . 2003-02-21 01:59 16896 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\alinkui.dll
+ 2009-11-02 14:51 . 2009-11-02 14:51 88576 c:\windows\Installer\58e16a.msi
+ 2009-11-02 14:45 . 2009-11-02 14:45 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_f4a1a8a5\System.Drawing.Design.dll
+ 2009-11-02 14:45 . 2009-11-02 14:45 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_7c3fadda\CustomMarshalers.dll
+ 2009-11-02 15:42 . 2009-11-02 15:42 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e9aba2eab90d647356f65e66053da02b\Microsoft.Build.Framework.ni.dll
+ 2009-11-02 15:42 . 2009-11-02 15:42 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\f4e38208e88cb4cc314a1d6543b9fcc6\dfsvc.ni.exe
+ 2009-11-02 15:30 . 2009-11-02 15:30 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\11eb4f6606ba01e5128805759121ea6c\Accessibility.ni.dll
+ 2009-11-02 15:00 . 2009-11-02 15:00 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-11-02 15:00 . 2009-11-02 15:00 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-11-02 15:01 . 2009-11-02 15:01 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-11-02 15:00 . 2009-11-02 15:00 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-11-02 15:01 . 2009-11-02 15:01 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-11-02 15:01 . 2009-11-02 15:01 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-11-02 15:01 . 2009-11-02 15:01 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-11-02 15:01 . 2009-11-02 15:01 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-11-02 15:00 . 2009-11-02 15:00 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-11-02 15:00 . 2009-11-02 15:00 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-11-02 15:00 . 2009-11-02 15:00 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-11-02 15:01 . 2009-11-02 15:01 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-11-02 15:00 . 2009-11-02 15:00 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-11-02 14:46 . 2009-11-02 14:46 61440 c:\windows\assembly\GAC\System.Web.Services.resources\1.0.5000.0_fr_b03f5f7f11d50a3a\System.Web.Services.Resources.dll
+ 2009-11-02 14:44 . 2009-11-02 14:44 57344 c:\windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-11-02 14:46 . 2009-11-02 14:46 81920 c:\windows\assembly\GAC\System.Web.Mobile.resources\1.0.5000.0_fr_b03f5f7f11d50a3a\System.Web.Mobile.resources.dll
+ 2009-11-02 14:46 . 2009-11-02 14:46 40960 c:\windows\assembly\GAC\System.ServiceProcess.resources\1.0.5000.0_fr_b03f5f7f11d50a3a\System.ServiceProcess.Resources.dll
+ 2009-11-02 14:44 . 2009-11-02 14:44 77824 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-11-02 14:46 . 2009-11-02 14:46 11776 c:\windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.5000.0_fr_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.Resources.dll
+ 2009-11-02 14:46 . 2009-11-02 14:46 28672 c:\windows\assembly\GAC\System.Runtime.Remoting.resources\1.0.5000.0_fr_b77a5c561934e089\System.runtime.remoting.Resources.dll
+ 2009-11-02 14:46 . 2009-11-02 14:46 86016 c:\windows\assembly\GAC\System.resources\1.0.5000.0_fr_b77a5c561934e089\System.Resources.dll
+ 2009-11-02 14:46 . 2009-11-02 14:46 61440 c:\windows\assembly\GAC\System.Messaging.resources\1.0.5000.0_fr_b03f5f7f11d50a3a\System.Messaging.Resources.dll
+ 2009-11-02 14:46 . 2009-11-02 14:46 24576 c:\windows\assembly\GAC\system.management.resources\1.0.5000.0_fr_b03f5f7f11d50a3a\System.Management.Resources.dll
+ 2009-11-02 14:44 . 2009-11-02 14:44 64000 c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2009-11-02 14:46 . 2009-11-02 14:46 32768 c:\windows\assembly\GAC\System.EnterpriseServices.resources\1.0.5000.0_fr_b03f5f7f11d50a3a\System.EnterpriseServices.Resources.dll
+ 2009-11-02 14:46 . 2009-11-02 14:46 24576 c:\windows\assembly\GAC\System.Drawing.resources\1.0.5000.0_fr_b03f5f7f11d50a3a\System.Drawing.Resources.dll
+ 2009-11-02 14:44 . 2009-11-02 14:44 65536 c:\windows\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-11-02 14:44 . 2009-11-02 14:44 86016 c:\windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-11-02 14:46 . 2009-11-02 14:46 11264 c:\windows\assembly\GAC\System.DirectoryServices.resources\1.0.5000.0_fr_b03f5f7f11d50a3a\System.DirectoryServices.Resources.dll
+ 2009-11-02 14:44 . 2009-11-02 14:44 77824 c:\windows\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-11-02 14:46 . 2009-11-02 14:46 28672 c:\windows\assembly\GAC\System.Configuration.Install.resources\1.0.5000.0_fr_b03f5f7f11d50a3a\System.Configuration.Install.Resources.dll
+ 2009-11-02 14:44 . 2009-11-02 14:44 32768 c:\windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2009-11-02 14:46 . 2009-11-02 14:46 10240 c:\windows\assembly\GAC\Regcode.resources\1.0.5000.0_fr_b03f5f7f11d50a3a\RegCode.Resources.dll
+ 2009-11-02 14:44 . 2009-11-02 14:44 32768 c:\windows\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-11-02 14:44 . 2009-11-02 14:44 11264 c:\windows\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-11-02 14:44 . 2009-11-02 14:44 28672 c:\windows\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-11-02 14:46 . 2009-11-02 14:46 36864 c:\windows\assembly\GAC\Microsoft.VisualBasic.resources\7.0.5000.0_fr_b03f5f7f11d50a3a\Microsoft.VisualBasic.Resources.dll
+ 2009-11-02 14:46 . 2009-11-02 14:46 45056 c:\windows\assembly\GAC\Microsoft.JScript.resources\7.0.5000.0_fr_b03f5f7f11d50a3a\Microsoft.Jscript.Resources.dll
+ 2009-11-02 14:44 . 2009-11-02 14:44 26112 c:\windows\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-11-02 14:44 . 2009-11-02 14:44 32768 c:\windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-11-02 14:44 . 2009-11-02 14:44 33792 c:\windows\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-11-02 14:44 . 2009-11-02 14:44 12288 c:\windows\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-11-02 15:00 . 2009-11-02 15:00 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2003-03-11 17:09 . 2003-03-11 17:09 4096 c:\windows\system32\mui\040C\mscoreer.dll
+ 2003-02-20 17:43 . 2003-02-20 17:43 4096 c:\windows\system32\mui\0409\mscoreer.dll
+ 2003-02-20 18:09 . 2003-02-20 18:09 9216 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscortim.dll
+ 2003-02-21 06:25 . 2003-02-21 06:25 6656 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft_VsaVb.dll
+ 2003-02-21 06:25 . 2003-02-21 06:25 6144 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualC.Dll
+ 2003-02-21 06:24 . 2003-02-21 06:24 4608 c:\windows\Microsoft.NET\Framework\v1.1.4322\IIEHost.dll
+ 2003-02-21 06:24 . 2003-02-21 06:24 7168 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2003-02-21 06:24 . 2003-02-21 06:24 7680 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
+ 2003-03-11 17:17 . 2003-03-11 17:17 7680 c:\windows\Microsoft.NET\Framework\v1.1.4322\fr\System.Security.Resources.dll
+ 2003-03-11 17:17 . 2003-03-11 17:17 6144 c:\windows\Microsoft.NET\Framework\v1.1.4322\fr\System.Drawing.Design.Resources.dll
+ 2003-03-11 17:16 . 2003-03-11 17:16 8192 c:\windows\Microsoft.NET\Framework\v1.1.4322\fr\JSC.Resources.dll
+ 2003-03-11 17:16 . 2003-03-11 17:16 4608 c:\windows\Microsoft.NET\Framework\v1.1.4322\fr\InstallUtil.resources.dll
+ 2003-02-21 06:24 . 2003-02-21 06:24 7680 c:\windows\Microsoft.NET\Framework\v1.1.4322\Accessibility.dll
+ 2009-11-02 15:00 . 2009-11-02 15:00 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-11-02 15:01 . 2009-11-02 15:01 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-11-02 15:00 . 2009-11-02 15:00 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-11-02 15:00 . 2009-11-02 15:00 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-11-02 14:46 . 2009-11-02 14:46 7680 c:\windows\assembly\GAC\System.Security.resources\1.0.5000.0_fr_b03f5f7f11d50a3a\System.Security.Resources.dll
+ 2009-11-02 14:46 . 2009-11-02 14:46 6144 c:\windows\assembly\GAC\System.Drawing.Design.resources\1.0.5000.0_fr_b03f5f7f11d50a3a\System.Drawing.design.Resources.dll
+ 2009-11-02 14:44 . 2009-11-02 14:44 6656 c:\windows\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-11-02 14:44 . 2009-11-02 14:44 6144 c:\windows\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
+ 2009-11-02 14:44 . 2009-11-02 14:44 4608 c:\windows\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-11-02 14:44 . 2009-11-02 14:44 7168 c:\windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-11-02 14:44 . 2009-11-02 14:44 7680 c:\windows\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-11-02 15:01 . 2009-11-02 15:01 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2009-11-02 15:01 . 2009-11-02 15:01 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2002-09-27 15:15 . 2009-11-02 15:01 481402 c:\windows\system32\perfh009.dat
- 2008-07-31 12:41 . 2009-11-01 21:06 767352 c:\windows\SoftwareDistribution\Download\f36593f13584dc8b311cfbaab602e80f\update\update.exe
- 2008-07-31 12:41 . 2009-11-01 21:06 767352 c:\windows\SoftwareDistribution\Download\7b6e084e897a416dad6204fec54d1e00\update\update.exe
- 2007-07-27 07:29 . 2009-11-01 21:06 767352 c:\windows\SoftwareDistribution\Download\71f03b7f4784c42683bd24e8149d6671\update\update.exe
- 2008-10-29 16:23 . 2009-11-01 21:06 767352 c:\windows\SoftwareDistribution\Download\53f8d846fa795af69ae89f6d7d6a7e65\update\update.exe
+ 2008-11-25 03:59 . 2008-11-25 03:59 436040 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2008-07-25 09:17 . 2008-07-25 09:17 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2008-11-25 03:59 . 2008-11-25 03:59 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2008-11-25 03:59 . 2008-11-25 03:59 364872 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2008-11-25 03:59 . 2008-11-25 03:59 990032 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2003-02-21 09:20 . 2003-02-21 09:20 737280 c:\windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2003-02-21 06:27 . 2003-02-21 06:27 569344 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
+ 2003-02-21 06:27 . 2003-02-21 06:27 819200 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2003-02-21 06:27 . 2003-02-21 06:27 126976 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2003-02-21 06:26 . 2003-02-21 06:26 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
+ 2003-02-21 06:26 . 2003-02-21 06:26 323584 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2003-02-21 06:26 . 2003-02-21 06:26 241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2003-02-21 06:26 . 2003-02-21 06:26 368640 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
+ 2003-02-21 06:26 . 2003-02-21 06:26 241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2003-02-21 06:26 . 2003-02-21 06:26 466944 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2003-02-21 06:25 . 2003-02-21 06:25 299008 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2003-02-20 18:09 . 2003-02-20 18:09 319488 c:\windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2003-02-20 18:09 . 2003-02-20 18:09 122880 c:\windows\Microsoft.NET\Framework\v1.1.4322\shfusres.dll
+ 2003-02-20 18:09 . 2003-02-20 18:09 253952 c:\windows\Microsoft.NET\Framework\v1.1.4322\shfusion.dll
+ 2003-02-21 03:42 . 2003-02-21 03:42 348160 c:\windows\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll
+ 2003-02-20 18:09 . 2003-02-20 18:09 143360 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2003-02-20 17:43 . 2003-02-20 17:43 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscormmc.dll
+ 2003-02-20 18:06 . 2003-02-20 18:06 311296 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2003-02-20 18:09 . 2003-02-20 18:09 233472 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2003-02-21 06:26 . 2003-02-21 06:26 299008 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2003-02-21 06:26 . 2003-02-21 06:26 716800 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2003-02-20 18:09 . 2003-02-20 18:09 196608 c:\windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2003-02-20 18:06 . 2003-02-20 18:06 282624 c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-03-11 17:18 . 2003-03-11 17:18 114688 c:\windows\Microsoft.NET\Framework\v1.1.4322\fr\System.xml.Resources.dll
+ 2003-03-11 17:17 . 2003-03-11 17:17 180224 c:\windows\Microsoft.NET\Framework\v1.1.4322\fr\System.Windows.Forms.Resources.dll
+ 2003-03-11 17:17 . 2003-03-11 17:17 126976 c:\windows\Microsoft.NET\Framework\v1.1.4322\fr\System.Web.Resources.dll
+ 2003-03-11 17:17 . 2003-03-11 17:17 151552 c:\windows\Microsoft.NET\Framework\v1.1.4322\fr\System.Design.Resources.dll
+ 2003-03-11 17:17 . 2003-03-11 17:17 122880 c:\windows\Microsoft.NET\Framework\v1.1.4322\fr\System.Data.Resources.dll
+ 2003-03-11 17:09 . 2003-03-11 17:09 122880 c:\windows\Microsoft.NET\Framework\v1.1.4322\fr\ShFusRes.dll
+ 2003-03-11 17:08 . 2003-03-11 17:08 172032 c:\windows\Microsoft.NET\Framework\v1.1.4322\fr\mscorrc.dll
+ 2003-03-11 17:16 . 2003-03-11 17:16 233472 c:\windows\Microsoft.NET\Framework\v1.1.4322\fr\mscorlib.Resources.dll
+ 2003-03-11 17:16 . 2003-03-11 17:16 757760 c:\windows\Microsoft.NET\Framework\v1.1.4322\fr\mscorcfg.Resources.dll
+ 2003-02-20 18:16 . 2003-02-20 18:16 798720 c:\windows\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll
+ 2003-02-21 09:21 . 2003-02-21 09:21 524288 c:\windows\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll
+ 2003-02-21 09:21 . 2003-02-21 09:21 626688 c:\windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2002-07-29 10:11 . 2002-07-29 10:11 219136 c:\windows\Microsoft.NET\Framework\v1.1.4322\c_g18030.dll
+ 2003-02-20 18:19 . 2003-02-20 18:19 253952 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2003-03-11 17:08 . 2003-03-11 17:08 180224 c:\windows\Microsoft.NET\Framework\v1.1.4322\1036\Vsavb7rtUI.dll
+ 2003-03-11 17:09 . 2003-03-11 17:09 155648 c:\windows\Microsoft.NET\Framework\v1.1.4322\1036\vbc7ui.dll
+ 2003-03-11 17:10 . 2003-03-11 17:10 110592 c:\windows\Microsoft.NET\Framework\v1.1.4322\1036\cscompui.dll
+ 2003-02-21 04:04 . 2003-02-21 04:04 155648 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\Vsavb7rtUI.dll
+ 2003-02-21 02:02 . 2003-02-21 02:02 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\vbc7ui.dll
+ 2008-07-29 16:35 . 2008-07-29 16:35 553472 c:\windows\Installer\58e16f.msp
+ 2008-07-29 16:33 . 2008-07-29 16:33 506368 c:\windows\Installer\58e16d.msp
+ 2008-07-29 16:37 . 2008-07-29 16:37 911360 c:\windows\Installer\58e16c.msp
+ 2008-07-29 16:37 . 2008-07-29 16:37 911360 c:\windows\Installer\58e163.msp
+ 2008-07-29 16:33 . 2008-07-29 16:33 506368 c:\windows\Installer\58e162.msp
+ 2008-07-29 16:35 . 2008-07-29 16:35 553472 c:\windows\Installer\58e160.msp
+ 2009-11-02 14:46 . 2009-11-02 14:46 261632 c:\windows\Installer\56a6d2.msi
+ 2009-11-02 14:45 . 2009-11-02 14:45 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_b9c7cf38\System.Drawing.dll
+ 2009-11-02 15:42 . 2009-11-02 15:42 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6ee255220d90dcbe80c990e443051cc5\System.Web.RegularExpressions.ni.dll
+ 2009-11-02 15:42 . 2009-11-02 15:42 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\5a555c9ae6984c40157cf940bb519f7c\System.Transactions.ni.dll
+ 2009-11-02 15:42 . 2009-11-02 15:42 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ea3366939280c1715f1c620e33ee3c8a\System.ServiceProcess.ni.dll
+ 2009-11-02 15:42 . 2009-11-02 15:42 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\1c8df2da33222c048d683017f2095f04\System.Security.ni.dll
+ 2009-11-02 15:42 . 2009-11-02 15:42 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.Wrapper.dll
+ 2009-11-02 15:42 . 2009-11-02 15:42 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.ni.dll
+ 2009-11-02 15:04 . 2009-11-02 15:04 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\18bbe2b6717e7f1d1dd672526e9889ee\System.Drawing.Design.ni.dll
+ 2009-11-02 15:42 . 2009-11-02 15:42 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c434a07332ce490711c27fd0edb7562f\System.DirectoryServices.Protocols.ni.dll
+ 2009-11-02 15:42 . 2009-11-02 15:42 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll
+ 2009-11-02 15:42 . 2009-11-02 15:42 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\55b9eff9e23359faed4351386c062238\Microsoft.Build.Utilities.ni.dll
+ 2009-11-02 15:42 . 2009-11-02 15:42 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\96825c34d7e1f7df1923ff2123bed8da\Microsoft.Build.Engine.ni.dll
+ 2009-11-02 15:42 . 2009-11-02 15:42 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\9bea05938bee3555c5aa8763d89a68f9\CustomMarshalers.ni.dll
+ 2009-11-02 15:42 . 2009-11-02 15:42 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\b5b2feadc3943e3976daebc0bcd2b5e2\AspNetMMCExt.ni.dll
+ 2009-11-02 15:00 . 2009-11-02 15:00 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-11-02 15:00 . 2009-11-02 15:00 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-11-02 15:00 . 2009-11-02 15:00 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-11-02 15:01 . 2009-11-02 15:01 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-11-02 15:01 . 2009-11-02 15:01 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-11-02 15:01 . 2009-11-02 15:01 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-11-02 15:01 . 2009-11-02 15:01 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-11-02 15:01 . 2009-11-02 15:01 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-11-02 15:01 . 2009-11-02 15:01 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-11-02 15:01 . 2009-11-02 15:01 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-11-02 15:00 . 2009-11-02 15:00 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-11-02 15:01 . 2009-11-02 15:01 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-11-02 15:01 . 2009-11-02 15:01 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-11-02 15:01 . 2009-11-02 15:01 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-11-02 15:01 . 2009-11-02 15:01 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-11-02 15:00 . 2009-11-02 15:00 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-11-02 15:00 . 2009-11-02 15:00 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-11-02 15:00 . 2009-11-02 15:00 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-11-02 15:01 . 2009-11-02 15:01 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-11-02 15:01 . 2009-11-02 15:01 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-11-02 15:01 . 2009-11-02 15:01 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-11-02 15:00 . 2009-11-02 15:00 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-10-18 07:18 . 2009-10-18 07:18 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-11-02 15:01 . 2009-11-02 15:01 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-11-02 15:01 . 2009-11-02 15:01 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-11-02 15:01 . 2009-11-02 15:01 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-11-02 15:01 . 2009-11-02 15:01 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-11-02 14:46 . 2009-11-02 14:46 114688 c:\windows\assembly\GAC\System.XML.resources\1.0.5000.0_fr_b77a5c561934e089\System.xml.Resources.dll
+ 2009-11-02 14:46 . 2009-11-02 14:46 180224 c:\windows\assembly\GAC\SYSTEM.WINDOWS.FORMS.resources\1.0.5000.0_fr_b77a5c561934e089\System.Windows.Forms.Resources.dll
+ 2009-11-02 14:44 . 2009-11-02 14:44 569344 c:\windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-11-02 14:46 . 2009-11-02 14:46 126976 c:\windows\assembly\GAC\System.Web.resources\1.0.5000.0_fr_b03f5f7f11d50a3a\System.Web.Resources.dll
+ 2009-11-02 14:44 . 2009-11-02 14:44 819200 c:\windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-11-02 14:44 . 2009-11-02 14:44 126976 c:\windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-11-02 14:44 . 2009-11-02 14:44 131072 c:\windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-11-02 14:44 . 2009-11-02 14:44 323584 c:\windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-11-02 14:44 . 2009-11-02 14:44 241664 c:\windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-11-02 14:44 . 2009-11-02 14:44 368640 c:\windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-11-02 14:44 . 2009-11-02 14:44 241664 c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-11-02 14:44 . 2009-11-02 14:44 466944 c:\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-11-02 14:46 . 2009-11-02 14:46 151552 c:\windows\assembly\GAC\System.Design.resources\1.0.5000.0_fr_b03f5f7f11d50a3a\System.Design.Resources.dll
+ 2009-11-02 14:46 . 2009-11-02 14:46 122880 c:\windows\assembly\GAC\System.Data.resources\1.0.5000.0_fr_b77a5c561934e089\System.Data.Resources.dll
+ 2009-11-02 14:44 . 2009-11-02 14:44 299008 c:\windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-11-02 14:46 . 2009-11-02 14:46 233472 c:\windows\assembly\GAC\mscorlib.resources\1.0.5000.0_fr_b77a5c561934e089\Mscorlib.Resources.dll
+ 2009-11-02 14:46 . 2009-11-02 14:46 757760 c:\windows\assembly\GAC\mscorcfg.resources\1.0.5000.0_fr_b03f5f7f11d50a3a\mscorcfg.Resources.dll
+ 2009-11-02 14:44 . 2009-11-02 14:44 299008 c:\windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-11-02 14:44 . 2009-11-02 14:44 716800 c:\windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-10-17 21:45 . 2009-11-01 19:43 767352 c:\windows\$hf_mig$\KB975467\update\update.exe
- 2009-10-17 21:46 . 2009-11-01 19:43 767352 c:\windows\$hf_mig$\KB974571\update\update.exe
- 2009-10-17 21:43 . 2009-11-01 19:43 767352 c:\windows\$hf_mig$\KB974455-IE7\update\update.exe
- 2009-10-17 21:46 . 2009-11-01 19:43 767352 c:\windows\$hf_mig$\KB974112\update\update.exe
- 2009-08-12 13:05 . 2009-11-01 19:43 767352 c:\windows\$hf_mig$\KB973869\update\update.exe
+ 2009-08-12 13:05 . 2009-11-02 12:13 767352 c:\windows\$hf_mig$\KB973869\update\update.exe
+ 2009-08-12 13:03 . 2009-11-02 12:13 767352 c:\windows\$hf_mig$\KB973815\update\update.exe
- 2009-08-12 13:03 . 2009-11-01 19:43 767352 c:\windows\$hf_mig$\KB973815\update\update.exe
- 2009-10-17 21:45 . 2009-11-01 19:43 767352 c:\windows\$hf_mig$\KB973525\update\update.exe
- 2009-08-12 13:04 . 2009-11-01 19:43 767352 c:\windows\$hf_mig$\KB973507\update\update.exe
+ 2009-08-12 13:04 . 2009-11-02 12:13 767352 c:\windows\$hf_mig$\KB973507\update\update.exe
- 2009-08-12 13:04 . 2009-11-01 19:43 767352 c:\windows\$hf_mig$\KB973354\update\update.exe
+ 2009-08-12 13:04 . 2009-11-02 12:13 767352 c:\windows\$hf_mig$\KB973354\update\update.exe
- 2009-07-16 08:49 . 2009-11-01 19:43 767352 c:\windows\$hf_mig$\KB973346\update\update.exe
+ 2009-07-16 08:49 . 2009-11-02 12:13 767352 c:\windows\$hf_mig$\KB973346\update\update.exe
- 2009-07-29 09:44 . 2009-11-01 19:43 767352 c:\windows\$hf_mig$\KB972260-IE7\update\update.exe
+ 2009-07-29 09:44 . 2009-11-02 12:13 767352 c:\windows\$hf_mig$\KB972260-IE7\update\update.exe
+ 2009-09-10 08:20 . 2009-11-02 12:13 767352 c:\windows\$hf_mig$\KB971961\update\update.exe
- 2009-09-10 08:20 . 2009-11-01 19:43 767352 c:\windows\$hf_mig$\KB971961\update\update.exe
+ 2009-08-12 13:05 . 2009-11-02 12:13 767352 c:\windows\$hf_mig$\KB971657\update\update.exe
- 2009-08-12 13:05 . 2009-11-01 19:43 767352 c:\windows\$hf_mig$\KB971657\update\update.exe
- 2009-07-16 08:49 . 2009-11-01 19:43 767352 c:\windows\$hf_mig$\KB971633\update\update.exe
+ 2009-07-16 08:49 . 2009-11-02 12:13 767352 c:\windows\$hf_mig$\KB971633\update\update.exe
- 2009-08-12 13:05 . 2009-11-01 19:43 767352 c:\windows\$hf_mig$\KB971557\update\update.exe
+ 2009-08-12 13:05 . 2009-11-02 12:13 767352 c:\windows\$hf_mig$\KB971557\update\update.exe
- 2009-10-17 21:46 . 2009-11-01 19:43 767352 c:\windows\$hf_mig$\KB971486\update\update.exe
- 2009-06-11 06:54 . 2009-11-01 19:43 767352 c:\windows\$hf_mig$\KB970238\update\update.exe
+ 2009-06-11 06:54 . 2009-11-02 12:13 767352 c:\windows\$hf_mig$\KB970238\update\update.exe
+ 2009-06-10 19:54 . 2009-11-02 12:13 767352 c:\windows\$hf_mig$\KB969898\update\update.exe
- 2009-06-10 19:54 . 2009-11-01 19:43 767352 c:\windows\$hf_mig$\KB969898\update\update.exe
- 2009-06-11 06:53 . 2009-11-01 19:43 767352 c:\windows\$hf_mig$\KB969897-IE7\update\update.exe
+ 2009-06-11 06:53 . 2009-11-02 12:13 767352 c:\windows\$hf_mig$\KB969897-IE7\update\update.exe
- 2009-10-17 21:46 . 2009-11-01 19:43 767352 c:\windows\$hf_mig$\KB969059\update\update.exe
+ 2009-06-10 19:51 . 2009-11-02 12:13 767352 c:\windows\$hf_mig$\KB968537\update\update.exe
- 2009-06-10 19:51 . 2009-11-01 19:43 767352 c:\windows\$hf_mig$\KB968537\update\update.exe
+ 2009-08-23 11:06 . 2009-11-02 12:13 767352 c:\windows\$hf_mig$\KB968389\update\update.exe
- 2009-08-23 11:06 . 2009-11-01 19:43 767352 c:\windows\$hf_mig$\KB968389\update\update.exe
- 2009-02-28 19:48 . 2009-11-01 19:42 767352 c:\windows\$hf_mig$\KB967715\update\update.exe
+ 2009-02-28 19:48 . 2009-11-02 12:13 767352 c:\windows\$hf_mig$\KB967715\update\update.exe
- 2009-04-15 10:07 . 2009-11-01 19:42 767352 c:\windows\$hf_mig$\KB963027-IE7\update\update.exe
+ 2009-04-15 10:07 . 2009-11-02 12:12 767352 c:\windows\$hf_mig$\KB963027-IE7\update\update.exe
+ 2009-06-11 06:55 . 2009-11-02 12:12 767352 c:\windows\$hf_mig$\KB961501\update\update.exe
- 2009-06-11 06:55 . 2009-11-01 19:42 767352 c:\windows\$hf_mig$\KB961501\update\update.exe
- 2009-04-15 10:07 . 2009-11-01 19:42 767352 c:\windows\$hf_mig$\KB961373\update\update.exe
+ 2009-04-15 10:07 . 2009-11-02 12:12 767352 c:\windows\$hf_mig$\KB961373\update\update.exe
- 2009-07-16 08:47 . 2009-11-01 19:42 767352 c:\windows\$hf_mig$\KB961371\update\update.exe
+ 2009-07-16 08:47 . 2009-11-02 12:12 767352 c:\windows\$hf_mig$\KB961371\update\update.exe
- 2009-02-28 19:47 . 2009-11-01 19:42 727776 c:\windows\$hf_mig$\KB961260-IE7\update\update.exe
+ 2009-02-28 19:47 . 2009-11-02 12:12 727776 c:\windows\$hf_mig$\KB961260-IE7\update\update.exe
- 2009-08-12 13:05 . 2009-11-01 19:41 767352 c:\windows\$hf_mig$\KB960859\update\update.exe
+ 2009-08-12 13:05 . 2009-11-02 12:12 767352 c:\windows\$hf_mig$\KB960859\update\update.exe
+ 2009-04-15 10:05 . 2009-11-02 12:12 767352 c:\windows\$hf_mig$\KB960803\update\update.exe
- 2009-04-15 10:05 . 2009-11-01 19:41 767352 c:\windows\$hf_mig$\KB960803\update\update.exe
+ 2009-02-28 19:49 . 2009-11-02 12:11 767352 c:\windows\$hf_mig$\KB960715\update\update.exe
- 2009-02-28 19:49 . 2009-11-01 19:41 767352 c:\windows\$hf_mig$\KB960715\update\update.exe
+ 2008-12-18 13:02 . 2009-11-02 12:11 727776 c:\windows\$hf_mig$\KB960714-IE7\update\update.exe
- 2008-12-18 13:02 . 2009-11-01 19:41 727776 c:\windows\$hf_mig$\KB960714-IE7\update\update.exe
- 2009-03-12 02:01 . 2009-11-01 19:41 767352 c:\windows\$hf_mig$\KB960225\update\update.exe
+ 2009-03-12 02:01 . 2009-11-02 12:11 767352 c:\windows\$hf_mig$\KB960225\update\update.exe
+ 2009-04-15 10:07 . 2009-11-02 12:11 767352 c:\windows\$hf_mig$\KB959426\update\update.exe
- 2009-04-15 10:07 . 2009-11-01 19:41 767352 c:\windows\$hf_mig$\KB959426\update\update.exe
- 2009-03-12 02:01 . 2009-11-01 19:41 767352 c:\windows\$hf_mig$\KB958690\update\update.exe
+ 2009-03-12 02:01 . 2009-11-02 12:11 767352 c:\windows\$hf_mig$\KB958690\update\update.exe
- 2009-01-17 16:02 . 2009-11-01 19:41 767352 c:\windows\$hf_mig$\KB958687\update\update.exe
+ 2009-01-17 16:02 . 2009-11-02 12:11 767352 c:\windows\$hf_mig$\KB958687\update\update.exe
+ 2008-10-29 16:35 . 2009-11-02 12:11 767352 c:\windows\$hf_mig$\KB958644\update\update.exe
- 2008-10-29 16:35 . 2009-11-01 19:41 767352 c:\windows\$hf_mig$\KB958644\update\update.exe
- 2008-12-15 16:00 . 2009-11-01 19:41 727776 c:\windows\$hf_mig$\KB958215-IE7\update\update.exe
+ 2008-12-15 16:00 . 2009-11-02 12:11 727776 c:\windows\$hf_mig$\KB958215-IE7\update\update.exe
- 2008-11-12 06:53 . 2009-11-01 19:40 767352 c:\windows\$hf_mig$\KB957097\update\update.exe
+ 2008-11-12 06:53 . 2009-11-02 12:11 767352 c:\windows\$hf_mig$\KB957097\update\update.exe
- 2008-10-29 16:38 . 2009-11-01 19:40 767352 c:\windows\$hf_mig$\KB957095\update\update.exe
+ 2008-10-29 16:38 . 2009-11-02 12:11 767352 c:\windows\$hf_mig$\KB957095\update\update.exe
+ 2009-09-10 08:18 . 2009-11-02 12:11 767352 c:\windows\$hf_mig$\KB956844\update\update.exe
- 2009-09-10 08:18 . 2009-11-01 19:40 767352 c:\windows\$hf_mig$\KB956844\update\update.exe
+ 2008-10-29 16:37 . 2009-11-02 12:11 767352 c:\windows\$hf_mig$\KB956841\update\update.exe
- 2008-10-29 16:37 . 2009-11-01 19:40 767352 c:\windows\$hf_mig$\KB956841\update\update.exe
+ 2008-10-29 16:38 . 2009-11-02 12:10 767352 c:\windows\$hf_mig$\KB956803\update\update.exe
- 2008-10-29 16:38 . 2009-11-01 19:40 767352 c:\windows\$hf_mig$\KB956803\update\update.exe
- 2008-12-15 15:58 . 2009-11-01 19:40 767352 c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-12-15 15:58 . 2009-11-02 12:10 767352 c:\windows\$hf_mig$\KB956802\update\update.exe
- 2009-08-12 13:05 . 2009-11-01 19:40 767352 c:\windows\$hf_mig$\KB956744\update\update.exe
+ 2009-08-12 13:05 . 2009-11-02 12:10 767352 c:\windows\$hf_mig$\KB956744\update\update.exe
+ 2009-04-15 10:05 . 2009-11-02 12:10 767352 c:\windows\$hf_mig$\KB956572\update\update.exe
- 2009-04-15 10:05 . 2009-11-01 19:40 767352 c:\windows\$hf_mig$\KB956572\update\update.exe
+ 2008-10-29 16:38 . 2009-11-02 12:10 767352 c:\windows\$hf_mig$\KB956391\update\update.exe
- 2008-10-29 16:38 . 2009-11-01 19:39 767352 c:\windows\$hf_mig$\KB956391\update\update.exe
+ 2008-10-29 16:38 . 2009-11-02 12:10 727776 c:\windows\$hf_mig$\KB956390-IE7\update\update.exe
- 2008-10-29 16:38 . 2009-11-01 19:39 727776 c:\windows\$hf_mig$\KB956390-IE7\update\update.exe
+ 2008-12-15 16:00 . 2009-11-02 12:10 767352 c:\windows\$hf_mig$\KB955839\update\update.exe
- 2008-12-15 16:00 . 2009-11-01 19:39 767352 c:\windows\$hf_mig$\KB955839\update\update.exe
+ 2008-11-12 06:53 . 2009-11-02 12:10 767352 c:\windows\$hf_mig$\KB955069\update\update.exe
- 2008-11-12 06:53 . 2009-11-01 19:39 767352 c:\windows\$hf_mig$\KB955069\update\update.exe
+ 2008-12-15 15:58 . 2009-11-02 12:10 767352 c:\windows\$hf_mig$\KB954600\update\update.exe
- 2008-12-15 15:58 . 2009-11-01 19:39 767352 c:\windows\$hf_mig$\KB954600\update\update.exe
+ 2008-11-12 06:53 . 2009-11-02 12:10 767352 c:\windows\$hf_mig$\KB954459\update\update.exe
- 2008-11-12 06:53 . 2009-11-01 19:39 767352 c:\windows\$hf_mig$\KB954459\update\update.exe
+ 2008-10-29 16:37 . 2009-11-02 12:09 767352 c:\windows\$hf_mig$\KB954211\update\update.exe
- 2008-10-29 16:37 . 2009-11-01 19:39 767352 c:\windows\$hf_mig$\KB954211\update\update.exe
- 2008-08-14 05:45 . 2009-11-01 19:39 767352 c:\windows\$hf_mig$\KB953839\update\update.exe
+ 2008-08-14 05:45 . 2009-11-02 12:09 767352 c:\windows\$hf_mig$\KB953839\update\update.exe
- 2008-08-14 05:43 . 2009-11-01 19:39 727776 c:\windows\$hf_mig$\KB953838-IE7\update\update.exe
+ 2008-08-14 05:43 . 2009-11-02 12:09 727776 c:\windows\$hf_mig$\KB953838-IE7\update\update.exe
+ 2008-08-14 05:45 . 2009-11-02 12:09 767352 c:\windows\$hf_mig$\KB952954\update\update.exe
- 2008-08-14 05:45 . 2009-11-01 19:38 767352 c:\windows\$hf_mig$\KB952954\update\update.exe
- 2008-08-14 05:43 . 2009-11-01 19:38 767352 c:\windows\$hf_mig$\KB952287\update\update.exe
+ 2008-08-14 05:43 . 2009-11-02 12:09 767352 c:\windows\$hf_mig$\KB952287\update\update.exe
- 2009-04-15 10:05 . 2009-11-01 19:38 767352 c:\windows\$hf_mig$\KB952004\update\update.exe
+ 2009-04-15 10:05 . 2009-11-02 12:09 767352 c:\windows\$hf_mig$\KB952004\update\update.exe
- 2008-07-21 10:44 . 2009-11-01 19:38 767352 c:\windows\$hf_mig$\KB951978\update\update.exe
+ 2008-07-21 10:44 . 2009-11-02 12:09 767352 c:\windows\$hf_mig$\KB951978\update\update.exe
- 2008-07-21 10:43 . 2009-11-01 19:38 767352 c:\windows\$hf_mig$\KB951748\update\update.exe
+ 2008-07-21 10:43 . 2009-11-02 12:09 767352 c:\windows\$hf_mig$\KB951748\update\update.exe
- 2008-06-15 01:01 . 2009-11-01 19:38 767352 c:\windows\$hf_mig$\KB951698\update\update.exe
+ 2008-06-15 01:01 . 2009-11-02 12:09 767352 c:\windows\$hf_mig$\KB951698\update\update.exe
- 2008-06-15 01:00 . 2009-11-01 19:38 767352 c:\windows\$hf_mig$\KB951376\update\update.exe
+ 2008-06-15 01:00 . 2009-11-02 12:09 767352 c:\windows\$hf_mig$\KB951376\update\update.exe
+ 2008-06-20 15:28 . 2009-11-02 12:09 767352 c:\windows\$hf_mig$\KB951376-v2\update\update.exe
- 2008-06-20 15:28 . 2009-11-01 19:38 767352 c:\windows\$hf_mig$\KB951376-v2\update\update.exe
- 2008-08-14 05:43 . 2009-11-01 19:38 767352 c:\windows\$hf_mig$\KB951072-v2\update\update.exe
+ 2008-08-14 05:43 . 2009-11-02 12:09 767352 c:\windows\$hf_mig$\KB951072-v2\update\update.exe
+ 2008-08-14 05:43 . 2009-11-02 12:09 767352 c:\windows\$hf_mig$\KB951066\update\update.exe
- 2008-08-14 05:43 . 2009-11-01 19:38 767352 c:\windows\$hf_mig$\KB951066\update\update.exe
- 2008-08-14 05:45 . 2009-11-01 19:38 767352 c:\windows\$hf_mig$\KB950974\update\update.exe
+ 2008-08-14 05:45 . 2009-11-02 12:08 767352 c:\windows\$hf_mig$\KB950974\update\update.exe
+ 2008-06-15 01:01 . 2009-11-02 12:08 767352 c:\windows\$hf_mig$\KB950762\update\update.exe
- 2008-06-15 01:01 . 2009-11-01 19:38 767352 c:\windows\$hf_mig$\KB950762\update\update.exe
- 2008-06-15 01:00 . 2009-11-01 19:38 767352 c:\windows\$hf_mig$\KB950760\update\update.exe
+ 2008-06-15 01:00 . 2009-11-02 12:08 767352 c:\windows\$hf_mig$\KB950760\update\update.exe
- 2008-06-15 01:02 . 2009-11-01 19:37 727776 c:\windows\$hf_mig$\KB950759-IE7\update\update.exe
+ 2008-06-15 01:02 . 2009-11-02 12:08 727776 c:\windows\$hf_mig$\KB950759-IE7\update\update.exe
+ 2008-04-14 18:26 . 2009-11-02 12:08 727776 c:\windows\$hf_mig$\KB948881\update\update.exe
- 2008-04-14 18:26 . 2009-11-01 19:37 727776 c:\windows\$hf_mig$\KB948881\update\update.exe
+ 2008-04-14 18:25 . 2009-11-02 12:08 727776 c:\windows\$hf_mig$\KB948590\update\update.exe
- 2008-04-14 18:25 . 2009-11-01 19:37 727776 c:\windows\$hf_mig$\KB948590\update\update.exe
- 2008-04-14 18:25 . 2009-11-01 19:37 727776 c:\windows\$hf_mig$\KB947864-IE7\update\update.exe
+ 2008-04-14 18:25 . 2009-11-02 12:08 727776 c:\windows\$hf_mig$\KB947864-IE7\update\update.exe
- 2008-08-14 05:45 . 2009-11-01 19:36 767352 c:\windows\$hf_mig$\KB946648\update\update.exe
+ 2008-08-14 05:45 . 2009-11-02 12:08 767352 c:\windows\$hf_mig$\KB946648\update\update.exe
+ 2008-02-13 06:48 . 2009-11-02 12:07 727776 c:\windows\$hf_mig$\KB946026\update\update.exe
- 2008-02-13 06:48 . 2009-11-01 19:36 727776 c:\windows\$hf_mig$\KB946026\update\update.exe
+ 2008-04-14 18:24 . 2009-11-02 12:07 727776 c:\windows\$hf_mig$\KB945553\update\update.exe
- 2008-04-14 18:24 . 2009-11-01 19:36 727776 c:\windows\$hf_mig$\KB945553\update\update.exe
- 2008-02-05 20:54 . 2009-11-01 19:36 727776 c:\windows\$hf_mig$\KB944653\update\update.exe
+ 2008-02-05 20:54 . 2009-11-02 12:07 727776 c:\windows\$hf_mig$\KB944653\update\update.exe
- 2008-02-13 06:48 . 2009-11-01 19:36 727776 c:\windows\$hf_mig$\KB944533-IE7\update\update.exe
+ 2008-02-13 06:48 . 2009-11-02 12:07 727776 c:\windows\$hf_mig$\KB944533-IE7\update\update.exe
- 2008-02-05 20:55 . 2009-11-01 19:36 727776 c:\windows\$hf_mig$\KB943485\update\update.exe
+ 2008-02-05 20:55 . 2009-11-02 12:07 727776 c:\windows\$hf_mig$\KB943485\update\update.exe
+ 2008-02-13 06:48 . 2009-11-02 12:07 727776 c:\windows\$hf_mig$\KB943055\update\update.exe
- 2008-02-13 06:48 . 2009-11-01 19:36 727776 c:\windows\$hf_mig$\KB943055\update\update.exe
+ 2008-02-05 20:57 . 2009-11-02 12:07 727776 c:\windows\$hf_mig$\KB942763\update\update.exe
- 2008-02-05 20:57 . 2009-11-01 19:36 727776 c:\windows\$hf_mig$\KB942763\update\update.exe
- 2008-02-05 20:07 . 2009-11-01 19:36 727776 c:\windows\$hf_mig$\KB942615-IE7\update\update.exe
+ 2008-02-05 20:07 . 2009-11-02 12:07 727776 c:\windows\$hf_mig$\KB942615-IE7\update\update.exe
- 2008-04-14 18:26 . 2009-11-01 19:35 727776 c:\windows\$hf_mig$\KB941693\update\update.exe
+ 2008-04-14 18:26 . 2009-11-02 12:06 727776 c:\windows\$hf_mig$\KB941693\update\update.exe
- 2008-02-05 21:00 . 2009-11-01 19:35 727776 c:\windows\$hf_mig$\KB941644\update\update.exe
+ 2008-02-05 21:00 . 2009-11-02 12:06 727776 c:\windows\$hf_mig$\KB941644\update\update.exe
- 2008-02-05 20:56 . 2009-11-01 19:35 727776 c:\windows\$hf_mig$\KB941568\update\update.exe
+ 2008-02-05 20:56 . 2009-11-02 12:06 727776 c:\windows\$hf_mig$\KB941568\update\update.exe
- 2008-02-05 20:56 . 2009-11-01 19:35 727776 c:\windows\$hf_mig$\KB941202\update\update.exe
+ 2008-02-05 20:56 . 2009-11-02 12:06 727776 c:\windows\$hf_mig$\KB941202\update\update.exe
+ 2008-02-05 20:59 . 2009-11-02 12:06 727776 c:\windows\$hf_mig$\KB938829\update\update.exe
- 2008-02-05 20:59 . 2009-11-01 19:35 727776 c:\windows\$hf_mig$\KB938829\update\update.exe
+ 2008-02-05 21:01 . 2009-11-02 12:06 727776 c:\windows\$hf_mig$\KB938828\update\update.exe
- 2008-02-05 21:01 . 2009-11-01 19:35 727776 c:\windows\$hf_mig$\KB938828\update\update.exe
+ 2008-02-06 14:18 . 2009-11-02 12:06 727776 c:\windows\$hf_mig$\KB938127-IE7\update\update.exe
- 2008-02-06 14:18 . 2009-11-01 19:35 727776 c:\windows\$hf_mig$\KB938127-IE7\update\update.exe
- 2008-02-05 20:59
répondre
jeanmimigab le 02 novembre 2009 à 19h08
:hello: le rapport n'est pas complet...si il ne tient pas sur une réponse poste le en deux fois :bien:
-------
Click974

Notre ami

C'est cette Corse que j'aime...

>> Surfons couverts << en tuto

>>> et encore des tutos <<<
répondre
jr83h le 02 novembre 2009 à 19h29
bien et merci ; je n'y comprends plus rien car j(ignore les effets du copier coller
sans doute vais je me contraindre au formatage mais quelles seraient les precautions à prendre pour sauvegarder "mes documents ou autres sans y incorporer tout virus
merci (te rappelant que j'ai enregistré le dernier rapport mais ignore s'il t'est arrivé en entier: pour cela par e mail ( si tu peux me le fournir) j'en fais une copie que je t'enverrai
mille excuses quant au désagrément produit(un nul de l'informatique!)
jer83h
répondre
jeanmimigab le 02 novembre 2009 à 20h58
:hello:
sans doute vais je me contraindre au formatage


n'y pense même pas,l'infection que tu as résistera au formatage... :D

je n'y comprends plus rien car j(ignore les effets du copier coller


ce n'est pas de ta faute, le forum à du mal à accepter les rapports trop long :cry:

mille excuses quant au désagrément produit(un nul de l'informatique!)


ici personne n'est nul,on a juste une expérience différente, alors inutile de culpabilisé... :non:

on prendra le temps qu'il faut mais on règlera ton problème :bien:

envoyer le fichier texte ici et poste moi le lien de téléchargement dans ta prochaine réponse stp...

cliques sur ce lien http://www.cijoint.fr/index.php

une fois la page ouverte, cliques sur "parcourir" ,séléctionne le fichier c:\combofix.txt et cliques en bas sur "cliquer ici pour déposer le fichier".

quelque secondes après,tu auras un lien en bas de page, tu as juste besoin de copier ce lien et de me le poster dans ta prochaine réponse.

prend ton temps et si tu as des questions n'hésite pas :bien:
-------
Click974

Notre ami

C'est cette Corse que j'aime...

>> Surfons couverts << en tuto

>>> et encore des tutos <<<
répondre
jeanmimigab le 02 novembre 2009 à 23h10
:hello:

dès que tu as envoyer combofix texte,fait cela stp...

[:azerty39:1] Télécharge mbr.exe (De Gmer) Sur ton Bureau

[:onimura:4] Désactive tes protections Antivirus et antispywares et deconnecte toi.

[:onimura:4] Double clique sur mbr.exe Un rapport sera généré :mbr.log

[:fml:8] En cas d'infection, ce message MBR rootkit code detected va apparaitre.

Si ce n'est pas le cas dit le moi et stop ici cette procédure, si c'est le cas >>> passe à la suite

[:onimura:4] Dans le menu Démarrer- Exécuter tape : %userprofile%\Bureau\mbr -f
(N'oubliez pas l'espace entre mbr et -f)

Tu obtiendras alors ce genre de rapport :
Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
MBR rootkit infection detected !
MBR INT 0x13 hook detected !
malicious code @ sector 0x3fdc80 size 0x1ca !
copy of MBR has been found in sector 62 !
original MBR restored successfully !



[:onimura:4] Dans le mbr.log cette ligne apparaitra original MBR restored successfully !

[:onimura:4] Poste ce rapport et supprimes-le ensuite.

[:onimura:4] Relance mbr.exe et le nouveau mbr.log devrait être celui-ci :

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net


device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user & kernel MBR OK


Note : Si le fichier mbr.exe se trouve dans Téléchargement, cela fonctionne aussi et mbr.log s'y inscrira.

:salut:

-------
Click974

Notre ami

C'est cette Corse que j'aime...

>> Surfons couverts << en tuto

>>> et encore des tutos <<<
répondre
jr83h le 03 novembre 2009 à 09h21
bonjour et merci encore pour tes efforts
1 j'ai posté le rapport trop long comme indiqué(bootfix).
2 j'ai passe la nuit avec active scan qui m'a deinfeCté les maveillants suivants
w32/bagle ....kv
w32/bagle....kv
w32/bagle...rc
w32/bagle...rc
rootkitbootoo
generic trojan
mais n'a pu désinfecté Tc/CI.A
3 J'ai telecharger gmer.exe et si je sais désactiver le pare feu je n'ai plus d'antivirus en fonctionnement puisque avast win 32 n'est plus une application valide et je ne sais pas comment désactiver "malaware et superantispyware.
4 cependant j'ai tente ta procedure en me deconnectant
voici ce qui s'est passéj'ai lance gmer .exe
a)"LOADDRIVER(C;\Docum(tilde)1\jeanro(tilde)\local(tilde)\Temp\
fxrdypog.sys error 0XC000009A: impossible de creer une sous clé
stable d(une clé prente volatile
b j'ai fermé cette fenetre et avant de lancer un scan(que je n'ai pas fait est apparue la mention suivante
warning gmer has found modification which might have been caused by
rootkit et en rouge C:windows\syst32wfsintwq.sys hidden
c comme la methode ne conduit pas ce que je devrais obtenir et qu'active scan m'a desinfecté de rootkit(est sûr?° je n'ai pas
engagé la suite sans te demander conseils car le peu d'anglais à ma dis position m'a fait comprendre que des modifications se sont produites qu'il faudra reparer pour retrouver le fonctionnement de mon antivirus avast.
merci et bonne journée
jr83h.





répondre
jr83h le 03 novembre 2009 à 09h47
rebonjour
une erreur s'est glissée dans le nom du virus non supprimé par activescan
il s'agit de Tr/CI. A et non Tc....
a+ jr83h
répondre
jr83h le 03 novembre 2009 à 12h55
bonjour
pendant cette attente je me suis permis la chose suivante
repiquer anti avast par mon portable et l'installer sur mon pc ('usb) qui me refusait l'application win 32 dite desuete
cela a fonctionne et le scan m'a elimine 6 vers! apres ceux de active scan( dont je doute).:6 aussi!
je pense que cela ne fera pas de mal à mon pc , quant à rootkit j'ignore son érication dans la mesure ou la fin de procedure que tu m'as proposée n'a pas encore ete appliqué (voir pourquoi dans mes derniers messages.
jr83h et encore merci
répondre
jr83h le 03 novembre 2009 à 17h53
salut
comme je n'ai pas reçu de reponse a ma derniere requête j'ai tenté divers moyens en partant du principe qu'éradiquer tout virus ne permettait pas de reparer les degats commis
donc ayant perdu mon anti virus (avast) mon superantisspyware et malabite (win 32 obsolete ou autre) j'ai telecharge sur mon port
able avast reconduit sur mon pc infecté
surprise cela a fonctionne et le scan qui a suivi m'a éliminé 6 virus
comme activescan l'avait fait ( et à mon avis negativement car une partie etait payante!)
une fois protége par avast j'ai telechargé superantispyware (refusé d'abord à partir de mon portable! win32 application encore désuéte) et eliminé 15 malveillants(cookies)par telechargement normal sur le site. A
non sans mal j'ai mis a jour par windows update mon pc puis j'ai vérifié par AVG ANTI ROOKIT l'etat du pc: rien à signaler et donc j'ai crée a partir de ce moment un pt de restauration.
pour le moment mon pc fonctionne correctement mais j'ignore toujours si l(infection subsiste)
toujours est il que cela peut rester une methode de secours pour d'autres contamines
que la corse est belle malgre les ennuis d'un pc
jr83h
répondre
jeanmimigab le 03 novembre 2009 à 20h23
:hello:

est ce que tu arrives à faire les deux procédure demande hier à 20h58 (pour le rapport combofix) et celle de 23H10 (pour MBR.exe) :chepa:

:salut:
-------
Click974

Notre ami

C'est cette Corse que j'aime...

>> Surfons couverts << en tuto

>>> et encore des tutos <<<
répondre
jr83h le 04 novembre 2009 à 08h36
bonjour
je pense t'avoir dit que la premiere operation a savoir posté le rapport complet de combo fix avait ete fait mais que j'attendais tes conseils pour la suite car la procedure appliquée donnait des resultats contraires aux esperances (voir donc ce que j'ai fait en attendant et dis moi ce que je dois reprendre car pour le moment j'ai recupere ce qui avait disparu et désinfecté mon pc(peut etre pas totalement)
encore merci pour ton aide et excuse moi de ce que j'ai tenté pour remettre mon pc à neuf(il semble fonctionner correctement pour le moment)
la seule chose que je ne sais pas: ai je eliminé rootkit meme si avg anti rootkit n'a rien rencontré au cours du scan)
jr83h
répondre
jeanmimigab le 04 novembre 2009 à 17h23
:hello:

la seule chose que je ne sais pas: ai je eliminé rootkit


Sans le rapport combofix complet je ne peux pas le savoir, mais ton infection est très sérieuse et tu as un fort risque de régénération si on attend trop pour agir.

tu as essayer d'envoyer le rapport combofix.txt sur 'cijoint" :chepa:

:salut:
-------
Click974

Notre ami

C'est cette Corse que j'aime...

>> Surfons couverts << en tuto

>>> et encore des tutos <<<
répondre
jr83h le 05 novembre 2009 à 09h56
bonjour
je pense donc que tu n'as pas reçu le rapport complet de combo fix , suite sans doute à une manoeuvre incomplete de ma part
ce que je fais aujourd'hui c'est t'envoyer le nouveau rapport que j'ai effectué ce matin noté 03 car j'ai eradiqué depuis certains vers .mais comme au redemarrage du pc mon antivirus a repris du service le rapport a mis du temps a se réaliser (un fichier d.e type writte etant introuvable et donc je ne sais pas s'il est complet(meme si j'ai obtenu ce rapport.
aussi dans un autre message je t'enverrai le 02 combo fix precedent dans le cas ou
merci encore pour ton aide
jr83h
répondre
jr83h le 05 novembre 2009 à 10h23
bonjour
je pense avoir oublié de fournir l'adresse http://www.cijoint.fr/cjlink.php?file=cj200911/cijV42Ncsy.txt
voila pour le dernier rapport 03
je vais faire de meme avec le precedent rapport 02 qui s'est fait sans mes securites disparues
répondre
jr83h le 05 novembre 2009 à 10h40
je t'envoie le rapport o2 mais je crois ne pas avoir deposé le 03
jr83h
http://www.cijoint.fr/cjlink.php?file=cj200911/cijrjNXmuX.txt
je recommence donc avec le 03 dernier rapport combofix car je pense ne pas l'avoir correctement déposé
encore mille excuses pour le désagrement causé
répondre
jr83h le 05 novembre 2009 à 10h50
rebonjour
je pense maintenant que j'ai bien utilise la procedure
en attendant tes instructions merci et bonnejournée tp://www.cijoint.fr/cjlink.php?file=cj200911/cijmpDoccL.txt
jr83h
répondre
jeanmimigab le 06 novembre 2009 à 00h26
:hello:

c'est bien ce qu'il me fallait :bien:

[:puces:4] crée un nouveau document texte sur ton bureau
[:puces:4] pour cela clic droit sur le bureau [:puces:3] Nouveau [:puces:3] document texte [:puces:3] copie et colle le contenu de la citation ci-dessous à l'intérieur


KillAll::

NetSvc::
wfsintwq

Driver::
c:\windows\system32\wfsintwq.sys

File::
c:\windows\system32\perfh00C.dat
c:\windows\system32\perfc00C.dat
c:\windows\system32\perfh009.dat
c:\Documents and Settings\jean roland huber\Application Data\drivers\winupgro.exe
c:\Documents and Settings\jean roland huber\Application Data\m\flec006.exe
c:\WINDOWS\system32\wintems.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D286E828-E6B9-484d-A058-D7323666DE33}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0508F8F1-08E3-43EE-AAA8-09AD09803084}"=-
[-HKEY_CLASSES_ROOT\clsid\{0508f8f1-08e3-43ee-aaa8-09ad09803084}]
[-HKEY_CLASSES_ROOT\escorTlbr.DskBnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[-HKEY_CLASSES_ROOT\escorTlbr.DskBnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"drvsyskit"=-
"german.exe"=-
"mule_st_key"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srosa]


Folder::
c:\program files\Registry Winner
C:\d34a1c13d4ec38d6d8cf24d2
C:\b86178c1d2d7243004
C:\7860f263867a6b0013
C:\9e39f671923f2e4dac2f04e086c128
C:\0efeb77c0fbc78066f8eb32fba91ba
C:\a1b8a453d9a9f489a264
C:\5bc7a5ed849a1b56c202ef07
C:\d023e15ba6ad0e2717
C:\f2a031d10d8b2cf1ad404b
c:\program files\RecFree.com
c:\documents and settings\jean roland huber\Application Data\recfree.com
c:\documents and settings\jean roland huber\Application Data\drivers\downld
c:\documents and settings\jean roland huber\Application Data\hidires

FileLook::
c:\windows\SF6CB562F.tmp



[:puces:3] ensuite clic sur fichier [:puces:3] enregister sous...
[:puces:4] dans la fenêtre d'enregistrement choisie le bureau comme destination [:puces:3] dans type choisie tous les fichiers [:puces:3] et dans nom du fichier tape CFScript.txt [:puces:3] ensuite clic sur enregistrer et ferme le document texte.

[:puces:4] fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe (pour toi c'est jr83h.exe ) comme sur cette capture.

< inclued picture >

[:puces:4] une fenêtre bleue va apparaître [:puces:3] au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
patiente le temps du scan. Le bureau va disparaître à plusieurs reprises,c'est normal!
[:titi295:2] ne touche à rien tant que le scan n'est pas terminé [:titi295:2]
[:puces:4] une fois le scan achevé, un rapport va s'afficher,poste son contenu dans ta prochaine réponse.
[:puces:4] si le rapport ne s'ouvre pas, il se trouve à cet emplacement C:\ComboFix.txt

:salut:


-->Message édité par jeanmimigab le 06/11/2009 00:28:49<--
-------
Click974

Notre ami

C'est cette Corse que j'aime...

>> Surfons couverts << en tuto

>>> et encore des tutos <<<
répondre
jr83h le 06 novembre 2009 à 08h46
bonjour
merci pour la manip que je vais entreprendre
mais
1selectionner pour copier ta selection me pose pb car je selectionne meme manuellement toute une partie supplementaire ,laquelle ne doit pas figurer dans le dossier à copier( j'attends mon fils pour resoudre cela donc patience pour la reponse
2 faut il supprimer avast et super antissyware car au moment du redemarrage du pc ceux ci se mettent en route meme si j'ai arreté avast e qu'il m'est impossible de suspendre super anti spyware
3 faut il desactiver le pare feu
merci pour ces précisions(avant de commettre une betise)
jr83h
répondre
jr83h le 06 novembre 2009 à 10h39
bonjour
je pense que tout s'est déroulé normalement
a part que le copier glisser ne fonctionne pas sur mon pc et donc mon fils a fait un copier coller du fichier cfscrippt.txt sur jr83h.exe
le scan est parti tout seul et j'ai pu arreter avast, cependant pendant l'etablissemzent du rapport l'en tete de antispyware est apparu et le pc ne s'est eteint qu"une seule fois pour redemarrer tout seul.
bref voici les infos de la manip: je t'envoie le rapport par la methode "ci joint"....
en esperant en finir une fois pour toute avec cette galère mais je suis certain que tu y arriveras
merci le second message suit
jr83h
répondre
jr83h le 06 novembre 2009 à 10h55
j'ai recommencé avec ce rapport car j'ai eu l'impression d une erreur de manip.http://www.cijoint.fr/cjlink.php?file=cj200911/cijXT7nfX3.txt
que de désagrements causes et que j'espère pardonnés
jr83h
répondre
jeanmimigab le 06 novembre 2009 à 20h07
:hello:

ne t'inquiète pas, tu te débrouille très bien... :bien:

est ce que tu peux lancer une autre fois MBR.exe, le scan dure quelques seconde...et me poste le contenu du rapport mbr.txt qui sera créer sur ton bureau :jap:

-->Message édité par jeanmimigab le 06/11/2009 20:08:49<--
-------
Click974

Notre ami

C'est cette Corse que j'aime...

>> Surfons couverts << en tuto

>>> et encore des tutos <<<
répondre
jr83h le 07 novembre 2009 à 09h08
bonjour
je viens d'executer mbr.exe apres avoir au prealable arreter avast, désinstallér super antispyware et anti rootkit car je n'ai pas les moyens de les suspendre.
voici le rapport
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

encore merci
ps j'ai oublié le pare feu en esperant pas d'incidence
jr83h
répondre
jeanmimigab le 07 novembre 2009 à 11h48
:hello:

Bon, la MBR n'est plus infecté, mais le rootkit se charge toujours au démarrage, c'est du coriace!

Désactive impérativement ton anti virus avant de faire ces manipulations.

Télécharge >>> Gmer <<< sur ton bureau.

Dézipe le fichier sur ton bureau et double-clic sur gmer.exe

Déconnecte toi d'internet et ferme tous les programmes.

Si au moment ou tu lance GMER il dit qu'il a détecter une activité de rootkit ,et te propose un scan complet du pc, accèpte en cliquant sur "YES"

ensuite...

Cliques sur l'onglet "rootkit"
A droite, coche toutes les cases
Cliques sur Scan
Lorsque le scan est terminé, clique sur "copy"

créer un nouveau document texte sur ton bureau > ouvre le et fait un clic-droit dans la fenêtre pour choisir "coller".

poste le rapport dans ta réponse stp...

:salut:
-->Message édité par jeanmimigab le 07/11/2009 11:57:36<--
-------
Click974

Notre ami

C'est cette Corse que j'aime...

>> Surfons couverts << en tuto

>>> et encore des tutos <<<
répondre
jr83h le 07 novembre 2009 à 18h33
GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-07 18:03:38
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\JEANRO~1\LOCALS~1\Temp\fxrdypog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF649E6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF649E574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF649EA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF649E14C]
SSDT sptd.sys ZwEnumerateKey [0xF8430FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF8431340]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF649E64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF649E08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF649E0F0]
SSDT sptd.sys ZwQueryKey [0xF8431418]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF649E76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF649E72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF649E8AE]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF655B0B0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 150 804E27AC 4 Bytes JMP CB30F649
.text ntoskrnl.exe!_abnormal_termination + 428 804E2A84 4 Bytes CALL F85A20D2
.text ntoskrnl.exe!_abnormal_termination + 451 804E2AAD 3 Bytes [B0, 55, F6]
? C:\WINDOWS\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
.text USBPORT.SYS!DllUnload F7E828AC 5 Bytes JMP 821C7770

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F844206C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8442018] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F84649AE] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F844206C] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F842BAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F842BC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F842BB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F842C748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F842C61E] sptd.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F844129A] sptd.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[692] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[692] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 823691E8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \FatCdrom 820AE790

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbohci \Device\USBPDO-0 821CD790
Device \Driver\usbohci \Device\USBPDO-1 821CD790
Device \Driver\usbohci \Device\USBPDO-2 821CD790
Device \Driver\usbehci \Device\USBPDO-3 821B11E8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 823D71E8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)

Device \Driver\Ftdisk \Device\HarddiskVolume2 823D71E8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)

Device \Driver\Cdrom \Device\CdRom0 821C8790
Device \Driver\Ftdisk \Device\HarddiskVolume3 823D71E8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)

Device \Driver\Cdrom \Device\CdRom1 821C8790
Device \Driver\atapi \Device\Ide\IdePort0 [F83A4B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F83A4B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F83A4B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F83A4B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 [F83A4B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 820D4790
Device \Driver\NetBT \Device\NetbiosSmb 820D4790

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbohci \Device\USBFDO-0 821CD790
Device \Driver\usbohci \Device\USBFDO-1 821CD790
Device \Driver\NetBT \Device\NetBT_Tcpip_{EF553838-970A-41C2-ABB7-6A75D68D3BFA} 820D4790
Device \Driver\usbohci \Device\USBFDO-2 821CD790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 820B51E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 820B51E8
Device \Driver\usbehci \Device\USBFDO-3 821B11E8
Device \Driver\Ftdisk \Device\FtControl 823D71E8
Device \FileSystem\Fastfat \Fat 820AE790

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Cdfs \Cdfs 82093790

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x4C 0x82 0x9F 0x42 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x4C 0x82 0x9F 0x42 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- EOF - GMER 1.0.15 ----
J IGNORE si la procedure employe a ete la bonne excuse moi pourles erreurs eventuelles car entre ce que tu demandes et ce que je peux faire il y a un monde merci encore
répondre
jeanmimigab le 07 novembre 2009 à 21h52
:hello:

on progresse :bien:

[:puces:4] Télécharge SDFix (d'AndyManchesta) sur ton Bureau.
Double clique sur SDFix.exe [:puces:3] clic sur "Browse" et choisis ton bureau comme destination [:puces:3] choisis "Install" pour l'extraire dans un dossier sur le Bureau.

[:no.ppp:6] créer un nouveau document texte sur ton bureau et copie dedans la suite des instruction,car tu n'auras pas d'accès au web en mode sans échec

[:puces:4] Redémarre ton ordinateur en mode sans échec
[:puces:4] choisis ta session habituelle, pas le compte "Administrateur" ou autre.


[:puces:4] Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script (l'extention .bat ne sera pas forcément présente).
[:puces:4] Appuie sur "Y" et valide par la touche "entrer" pour commencer le processus de nettoyage.
[:puces:4] le scan va s'effectuer, puis SDFix te demandera d'appuyer sur une touche pour redémarrer.
[:puces:4] Appuie sur une touche pour redémarrer le PC,ton système sera plus long pour redémarrer qu'à l'accoutumée car SDFix va continuer à s'exécuter et supprimer des fichiers.
[:puces:4] Après le chargement du Bureau, SDFix terminera son travail et affichera "Finished".
[:puces:4] Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
[:puces:4] Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.


ensuite poste le rapport stp...
-------
Click974

Notre ami

C'est cette Corse que j'aime...

>> Surfons couverts << en tuto

>>> et encore des tutos <<<
répondre
jr83h le 08 novembre 2009 à 07h39
bonjour
je suis ennuyé car la procedurene donne pas ce que je devrais obtenir
1 j'ai reussi'non sans mal a telechargé sdfix .exe qui est sur mon bureau
mais en double cliquant dessus j'obtiens ceciix has been extracted to %systemdrive%\SDFix\
(Drive that contains the Windows directory - typically C:\SDFix)

Open the SDFix folder in Safe Mode and double click the RunThis.bat file to start the fixtool
If RunThis.bat is started in Normal Mode, options to download and run Anti-Virus command line scanners are displayed

Catchme.exe Stealth Malware Detector by GMER is also included in the SDFix folder

Additional SDFix Instructions & screen shots can be found here.
ce qui en anglais ne correspond pas du tout av la demarche.
2 tu me demandes de creer un nouveau document texte sur le bureau et copier dedans la suite d'instructions mais lesquelles: et que faire de ce dossier
comme je ne sais pas je te demande conseils pour continuer
pour l(instant donc je n'ai que sdfix.exe sur mon bureau.
merci encore
jr83h
répondre
jeanmimigab le 08 novembre 2009 à 09h10
:hello:

tu doit Impérativement lancer SDFix en mode sans échec...

Si tu ne sais pas démarrer en mode sans échec,regarde ce petit tuto...

http://forum.telecharger.01net.com/microhebdo/questions-techniques-diverses/t(...)

Une fois que tu est en mode sans échec puis...

[:puces:4] Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script (l'extention .bat ne sera pas forcément présente).
[:puces:4] Appuie sur "Y" et valide par la touche "entrer" pour commencer le processus de nettoyage.
[:puces:4] le scan va s'effectuer, puis SDFix te demandera d'appuyer sur une touche pour redémarrer.
[:puces:4] Appuie sur une touche pour redémarrer le PC,ton système sera plus long pour redémarrer qu'à l'accoutumée car SDFix va continuer à s'exécuter et supprimer des fichiers.
[:puces:4] Après le chargement du Bureau, SDFix terminera son travail et affichera "Finished".
[:puces:4] Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
[:puces:4] Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

si tu n'as pas de dossier SDFix sur ton bureau, regarde ici >>> c:\SDFix

:salut:
-------
Click974

Notre ami

C'est cette Corse que j'aime...

>> Surfons couverts << en tuto

>>> et encore des tutos <<<
répondre
jr83h le 08 novembre 2009 à 11h14
coucou , c'est toujours jr83h
non sans mal la ^procedure a suivi son cours mais j'ai eu une information concernant le rapport (modifié alors que je n'avais rien fait il m'a ete demandé de confirmetr ces modifications ( il se peut alors une erreur(une de +) ci joint le rapport et merci d'avance

SDFix: Version 1.240
Run by jean roland huber on 08/11/2009 at 10:37

Microsoft Windows XP [version 5.1.2600]
Running From: C:\Documents and Settings\jean roland huber\Bureau\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-08 10:48:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:4c,82,9f,42,18,d8,25,5a,55,ec,79,26,7e,5b,2c,a4,5c,82,3d,9a,db,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:4c,82,9f,42,18,d8,25,5a,55,ec,79,26,7e,5b,2c,a4,5c,82,3d,9a,db,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe"="C:\\Program Files\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe:*:Disabled:Miro_Downloader"
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"="C:\\Program Files\\SightSpeed\\SightSpeed.exe:*:Enabled:SightSpeed"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :

Fri 28 Aug 2009 24 ..SH. --- "C:\WINDOWS\SF6CB562F.tmp"
Mon 13 Jul 2009 10,053,112 A..H. --- "C:\Program Files\Google\Picasa3\setup.exe"
Sun 16 Apr 2006 71,168 ..SHR --- "C:\Program Files\Mio Technology\MioSync\Setup.exe"
Sat 9 Jul 2005 16,384 A.SHR --- "C:\Program Files\Mio Technology\MioSync\_Setup.dll"
Wed 10 Jun 2009 71,168 ..SHR --- "C:\Program Files\Mio Technology\SpeedCAM Tool\Setup.exe"
Sat 9 Jul 2005 16,384 A.SHR --- "C:\Program Files\Mio Technology\SpeedCAM Tool\_Setup.dll"
Fri 30 Aug 2002 22,528 A.SH. --- "C:\System Volume Information\_restore{31FF372D-EF6F-4047-9259-55E0C1CB2FBF}\RP719\A0116006.exe"
Fri 30 Aug 2002 22,528 A.SH. --- "C:\System Volume Information\_restore{31FF372D-EF6F-4047-9259-55E0C1CB2FBF}\RP720\A0116673.exe"
Thu 22 Oct 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Sun 29 Jun 2008 36,369,783 A..H. --- "C:\Documents and Settings\jean roland huber\Local Settings\Application Data\Microsoft\Media Player\MusicType1VirginMegaFr\Downloads\000B03B3\BIT2.tmp"

Finished!
SDFix: Version 1.240
Run by jean roland huber on 08/11/2009 at 10:37

Microsoft Windows XP [version 5.1.2600]
Running From: C:\Documents and Settings\jean roland huber\Bureau\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-08 10:48:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:4c,82,9f,42,18,d8,25,5a,55,ec,79,26,7e,5b,2c,a4,5c,82,3d,9a,db,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:4c,82,9f,42,18,d8,25,5a,55,ec,79,26,7e,5b,2c,a4,5c,82,3d,9a,db,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe"="C:\\Program Files\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe:*:Disabled:Miro_Downloader"
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"="C:\\Program Files\\SightSpeed\\SightSpeed.exe:*:Enabled:SightSpeed"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :

Fri 28 Aug 2009 24 ..SH. --- "C:\WINDOWS\SF6CB562F.tmp"
Mon 13 Jul 2009 10,053,112 A..H. --- "C:\Program Files\Google\Picasa3\setup.exe"
Sun 16 Apr 2006 71,168 ..SHR --- "C:\Program Files\Mio Technology\MioSync\Setup.exe"
Sat 9 Jul 2005 16,384 A.SHR --- "C:\Program Files\Mio Technology\MioSync\_Setup.dll"
Wed 10 Jun 2009 71,168 ..SHR --- "C:\Program Files\Mio Technology\SpeedCAM Tool\Setup.exe"
Sat 9 Jul 2005 16,384 A.SHR --- "C:\Program Files\Mio Technology\SpeedCAM Tool\_Setup.dll"
Fri 30 Aug 2002 22,528 A.SH. --- "C:\System Volume Information\_restore{31FF372D-EF6F-4047-9259-55E0C1CB2FBF}\RP719\A0116006.exe"
Fri 30 Aug 2002 22,528 A.SH. --- "C:\System Volume Information\_restore{31FF372D-EF6F-4047-9259-55E0C1CB2FBF}\RP720\A0116673.exe"
Thu 22 Oct 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Sun 29 Jun 2008 36,369,783 A..H. --- "C:\Documents and Settings\jean roland huber\Local Settings\Application Data\Microsoft\Media Player\MusicType1VirginMegaFr\Downloads\000B03B3\BIT2.tmp"

Finished!
SDFix: Version 1.240
Run by jean roland huber on 08/11/2009 at 10:37

Microsoft Windows XP [version 5.1.2600]
Running From: C:\Documents and Settings\jean roland huber\Bureau\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-08 10:48:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:4c,82,9f,42,18,d8,25,5a,55,ec,79,26,7e,5b,2c,a4,5c,82,3d,9a,db,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:4c,82,9f,42,18,d8,25,5a,55,ec,79,26,7e,5b,2c,a4,5c,82,3d,9a,db,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe"="C:\\Program Files\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe:*:Disabled:Miro_Downloader"
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\\Program Files\\SightSpeed\%
répondre
jr83h le 08 novembre 2009 à 11h14
coucou , c'est toujours jr83h
non sans mal la ^procedure a suivi son cours mais j'ai eu une information concernant le rapport (modifié alors que je n'avais rien fait il m'a ete demandé de confirmetr ces modifications ( il se peut alors une erreur(une de +) ci joint le rapport et merci d'avance

SDFix: Version 1.240
Run by jean roland huber on 08/11/2009 at 10:37

Microsoft Windows XP [version 5.1.2600]
Running From: C:\Documents and Settings\jean roland huber\Bureau\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-08 10:48:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:4c,82,9f,42,18,d8,25,5a,55,ec,79,26,7e,5b,2c,a4,5c,82,3d,9a,db,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:4c,82,9f,42,18,d8,25,5a,55,ec,79,26,7e,5b,2c,a4,5c,82,3d,9a,db,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe"="C:\\Program Files\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe:*:Disabled:Miro_Downloader"
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"="C:\\Program Files\\SightSpeed\\SightSpeed.exe:*:Enabled:SightSpeed"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :

Fri 28 Aug 2009 24 ..SH. --- "C:\WINDOWS\SF6CB562F.tmp"
Mon 13 Jul 2009 10,053,112 A..H. --- "C:\Program Files\Google\Picasa3\setup.exe"
Sun 16 Apr 2006 71,168 ..SHR --- "C:\Program Files\Mio Technology\MioSync\Setup.exe"
Sat 9 Jul 2005 16,384 A.SHR --- "C:\Program Files\Mio Technology\MioSync\_Setup.dll"
Wed 10 Jun 2009 71,168 ..SHR --- "C:\Program Files\Mio Technology\SpeedCAM Tool\Setup.exe"
Sat 9 Jul 2005 16,384 A.SHR --- "C:\Program Files\Mio Technology\SpeedCAM Tool\_Setup.dll"
Fri 30 Aug 2002 22,528 A.SH. --- "C:\System Volume Information\_restore{31FF372D-EF6F-4047-9259-55E0C1CB2FBF}\RP719\A0116006.exe"
Fri 30 Aug 2002 22,528 A.SH. --- "C:\System Volume Information\_restore{31FF372D-EF6F-4047-9259-55E0C1CB2FBF}\RP720\A0116673.exe"
Thu 22 Oct 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Sun 29 Jun 2008 36,369,783 A..H. --- "C:\Documents and Settings\jean roland huber\Local Settings\Application Data\Microsoft\Media Player\MusicType1VirginMegaFr\Downloads\000B03B3\BIT2.tmp"

Finished!
SDFix: Version 1.240
Run by jean roland huber on 08/11/2009 at 10:37

Microsoft Windows XP [version 5.1.2600]
Running From: C:\Documents and Settings\jean roland huber\Bureau\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-08 10:48:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:4c,82,9f,42,18,d8,25,5a,55,ec,79,26,7e,5b,2c,a4,5c,82,3d,9a,db,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:4c,82,9f,42,18,d8,25,5a,55,ec,79,26,7e,5b,2c,a4,5c,82,3d,9a,db,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe"="C:\\Program Files\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe:*:Disabled:Miro_Downloader"
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"="C:\\Program Files\\SightSpeed\\SightSpeed.exe:*:Enabled:SightSpeed"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :

Fri 28 Aug 2009 24 ..SH. --- "C:\WINDOWS\SF6CB562F.tmp"
Mon 13 Jul 2009 10,053,112 A..H. --- "C:\Program Files\Google\Picasa3\setup.exe"
Sun 16 Apr 2006 71,168 ..SHR --- "C:\Program Files\Mio Technology\MioSync\Setup.exe"
Sat 9 Jul 2005 16,384 A.SHR --- "C:\Program Files\Mio Technology\MioSync\_Setup.dll"
Wed 10 Jun 2009 71,168 ..SHR --- "C:\Program Files\Mio Technology\SpeedCAM Tool\Setup.exe"
Sat 9 Jul 2005 16,384 A.SHR --- "C:\Program Files\Mio Technology\SpeedCAM Tool\_Setup.dll"
Fri 30 Aug 2002 22,528 A.SH. --- "C:\System Volume Information\_restore{31FF372D-EF6F-4047-9259-55E0C1CB2FBF}\RP719\A0116006.exe"
Fri 30 Aug 2002 22,528 A.SH. --- "C:\System Volume Information\_restore{31FF372D-EF6F-4047-9259-55E0C1CB2FBF}\RP720\A0116673.exe"
Thu 22 Oct 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Sun 29 Jun 2008 36,369,783 A..H. --- "C:\Documents and Settings\jean roland huber\Local Settings\Application Data\Microsoft\Media Player\MusicType1VirginMegaFr\Downloads\000B03B3\BIT2.tmp"

Finished!
SDFix: Version 1.240
Run by jean roland huber on 08/11/2009 at 10:37

Microsoft Windows XP [version 5.1.2600]
Running From: C:\Documents and Settings\jean roland huber\Bureau\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-08 10:48:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:4c,82,9f,42,18,d8,25,5a,55,ec,79,26,7e,5b,2c,a4,5c,82,3d,9a,db,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:4c,82,9f,42,18,d8,25,5a,55,ec,79,26,7e,5b,2c,a4,5c,82,3d,9a,db,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe"="C:\\Program Files\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe:*:Disabled:Miro_Downloader"
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"="C:\\Program Files\\SightSpeed\\SightSpeed.exe:*:Enabled:SightSpeed"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :

Fri 28 Aug 2009 24 ..SH. --- "C:\WINDOWS\SF6CB562F.tmp"
Mon 13 Jul 2009 10,053,112 A..H. --- "C:\Program Files\Google\Picasa3\setup.exe"
Sun 16 Apr 2006 71,168 ..SHR --- "C:\Program Files\Mio Technology\MioSync\Setup.exe"
Sat 9 Jul 2005 16,384 A.SHR --- "C:\Program Files\Mio Technology\MioSync\_Setup.dll"
Wed 10 Jun 2009 71,168 ..SHR --- "C:\Program Files\Mio Technology\SpeedCAM Tool\Setup.exe"
Sat 9 Jul 2005 16,384 A.SHR --- "C:\Program Files\Mio Technology\SpeedCAM Tool\_Setup.dll"
Fri 30 Aug 2002 22,528 A.SH. --- "C:\System Volume Information\_restore{31FF372D-EF6F-4047-9259-55E0C1CB2FBF}\RP719\A0116006.exe"
Fri 30 Aug 2002 22,528 A.SH. --- "C:\System Volume Information\_restore{31FF372D-EF6F-4047-9259-55E0C1CB2FBF}\RP720\A0116673.exe"
Thu 22 Oct 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Sun 29 Jun 2008 36,369,783 A..H. --- "C:\Documents and Settings\jean roland huber\Local Settings\Application Data\Microsoft\Media Player\MusicType1VirginMegaFr\Downloads\000B03B3\BIT2.tmp"

Finished!
répondre
jeanmimigab le 08 novembre 2009 à 13h50
:hello: JR :)

[:puces:4] crée un nouveau document texte sur ton bureau
[:puces:4] pour cela clic droit sur le bureau [:puces:3] Nouveau [:puces:3] document texte [:puces:3] copie et colle le contenu de la citation ci-dessous à l'intérieur


KILLALL::
File::
C:\WINDOWS\SF6CB562F.tmp


Folder::
C:\d1f7b861680bec64404c

FileLook::
c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe



[:puces:3] ensuite clic sur fichier [:puces:3] enregister sous...
[:puces:4] dans la fenêtre d'enregistrement choisie le bureau comme destination [:puces:3] dans type choisie tous les fichiers [:puces:3] et dans nom du fichier tape CFScript.txt [:puces:3] ensuite clic sur enregistrer et ferme le document texte.

[:puces:4] fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe(jr83h.exe) comme sur cette capture.

< inclued picture >

[:puces:4] une fenêtre bleue va apparaître [:puces:3] au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
patiente le temps du scan. Le bureau va disparaître à plusieurs reprises,c'est normal!
[:titi295:2] ne touche à rien tant que le scan n'est pas terminé [:titi295:2]
[:puces:4] une fois le scan achevé, un rapport va s'afficher,poste son contenu dans ta prochaine réponse.
[:puces:4] si le rapport ne s'ouvre pas, il se trouve à cet emplacement C:\ComboFix.txt


ensuite...

Télécharge OAD.exe

2 Lancez OAD.exe en faisant un double clique sur le fichier < inclued picture >


3 saisissez la valeur recherchée pour toi c'est atapi.sys

4 Choisissez le type de recherche à effectuer : choisir 3 complète

5 Laissez le travailler
6 Affichage du rapport : faire un copier-coller et le poster.
7 fermer la fenêtre par exit

:salut:


-------
Click974

Notre ami

C'est cette Corse que j'aime...

>> Surfons couverts << en tuto

>>> et encore des tutos <<<
répondre
jr83h le 08 novembre 2009 à 20h02
rebonjour
en executant ta procedure j(ai obtenu un ra^pport de combofix en te rappelant que le copiier glisser fonctionne mal et j"ai prefere un copier coller me demandant si je voulais la nouvelle version du fichier , qui , je l'espere a ete retenue puisque qu'un scan a ete realise sans mon antivirus
cependant a la fin de l'execution mon antivirus reactivé suite au redemarrage m ' a indiqué la presence d'un virus
j'ai effectue le scan qui n'a rien trouvé( je sens que je vais trouvé un marteau pour regler cette abomination!)
en essayant oad exe avec atapi.sys et la reference 3 rien ne s'est passé depuis 3 h alors que le pointillé de recherche! clignotait
voila ou j'en suis , en esperant que le rapport combo te parvienne et t'aide .
merci jr83h
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((((((((( Fichiers créés du 2009-10-08 au 2009-11-08 ))))))))))))))))))))))))))))))))))))
.

2009-11-08 09:35 . 2009-11-08 09:35 579584 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-11-08 09:33 . 2009-11-08 09:33 -------- d-----w- c:\windows\ERUNT
2009-11-08 09:31 . 2008-11-06 01:03 -------- d-----w- C:\SDFix
2009-11-07 08:18 . 2009-11-07 08:18 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-11-06 08:49 . 2009-11-06 09:14 -------- d-----w- C:\jr83h3483j
2009-11-05 08:11 . 2009-11-05 08:34 -------- d-----w- C:\jr83h
2009-11-04 16:32 . 2009-03-24 15:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-03 17:10 . 2009-11-03 17:10 -------- d-----w- c:\documents and settings\jean roland huber\Local Settings\Application Data\Yahoo
2009-11-03 17:10 . 2009-11-03 17:10 262144 ----a-w- C:\ntuser.dat
2009-11-03 14:54 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-03 14:54 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-03 14:54 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-11-03 14:54 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-11-03 14:54 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-03 14:54 . 2009-11-03 14:55 -------- d-----w- C:\d1f7b861680bec64404c
2009-11-03 14:54 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-11-03 14:54 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-11-03 09:31 . 2009-09-15 11:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-03 09:31 . 2009-09-15 11:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-03 09:31 . 2009-09-15 11:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-03 09:31 . 2009-09-15 11:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-03 09:31 . 2009-09-15 11:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-03 09:31 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-03 09:31 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-03 09:31 . 2009-09-15 11:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-03 09:31 . 2009-09-15 11:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-02 18:05 . 2008-03-30 18:55 1213784 ----a-w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6\vsapi32.dll
2009-11-02 18:05 . 2006-11-22 16:48 91744 ----a-w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6\BPMNT.dll
2009-11-02 18:05 . 2006-07-07 15:29 1197584 ----a-w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6\ssapi32.dll
2009-11-02 18:05 . 2009-03-27 16:38 366344 ----a-w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6\tsc.exe
2009-11-02 18:04 . 2009-11-02 18:05 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6
2009-11-02 18:04 . 2009-11-02 18:04 -------- d-----w- c:\windows\system32\HouseCall 6.6
2009-11-02 15:55 . 2009-11-02 15:55 -------- d-----w- c:\documents and settings\jean roland huber\Local Settings\Application Data\PCHealth
2009-11-02 06:17 . 2009-11-02 06:17 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\SPAMfighter
2009-11-01 15:49 . 2009-11-01 15:57 -------- d-----w- c:\program files\Windows Live Safety Center
2009-11-01 13:10 . 2009-11-01 13:10 -------- d-----w- c:\program files\Panda Security
2009-11-01 11:09 . 2009-11-05 07:54 -------- d--h--w- c:\documents and settings\jean roland huber\Application Data\drivers
2009-10-22 08:47 . 2009-10-22 08:47 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-22 08:20 . 2009-10-22 08:20 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\Caere
2009-10-22 07:46 . 2009-10-22 08:45 -------- d-----w- c:\windows\pixtran
2009-10-22 07:45 . 2009-10-22 08:45 -------- d-----w- c:\program files\Fichiers communs\Caere
2009-10-22 07:45 . 2009-10-22 07:45 -------- d-----w- c:\program files\Caere
2009-10-18 07:14 . 2009-10-18 07:14 -------- d-----r- C:\AHCache
2009-10-16 15:50 . 2009-11-03 14:56 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-16 15:50 . 2009-10-16 15:50 -------- d-----w- c:\program files\MSBuild
2009-10-16 15:49 . 2009-10-16 15:49 -------- d-----w- c:\program files\Reference Assemblies
2009-10-16 15:15 . 2009-10-16 15:15 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\System Tweaker
2009-10-16 11:34 . 2009-10-16 11:47 -------- d-----w- c:\windows\LastGood(2)
2009-10-16 07:34 . 2009-10-16 07:34 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\Uniblue

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 09:46 . 2008-11-24 16:36 -------- d-----w- c:\program files\Samsung
2009-11-07 08:21 . 2009-03-19 11:01 117760 ----a-w- c:\documents and settings\jean roland huber\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-07 08:18 . 2008-02-13 20:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-05 14:49 . 2008-02-05 19:39 126672 ----a-w- c:\documents and settings\jean roland huber\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-03 17:30 . 2008-02-05 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-11-03 17:10 . 2008-09-07 14:13 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\Yahoo!
2009-11-03 17:10 . 2008-02-05 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-11-03 17:10 . 2008-02-05 21:54 -------- d-----w- c:\program files\Yahoo!
2009-11-03 15:25 . 2008-04-17 13:42 -------- d-----w- c:\program files\eMule
2009-11-03 09:25 . 2008-10-12 19:11 -------- d-----w- c:\program files\McAfee
2009-11-03 06:40 . 2007-06-05 15:54 183356 ----a-w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6\Uninstaller.exe
2009-11-03 06:23 . 2009-11-02 06:37 156083 ----a-w- c:\windows\java\Packages\ZJXJ3X79.ZIP
2009-11-03 06:23 . 2009-11-02 06:37 137572 ----a-w- c:\windows\java\Packages\Y93137VJ.ZIP
2009-11-03 06:23 . 2009-11-02 06:37 323786 ----a-w- c:\windows\java\Packages\C7JBZR9V.ZIP
2009-11-03 06:23 . 2009-11-02 06:37 191930 ----a-w- c:\windows\java\Packages\B9RZDBZN.ZIP
2009-11-03 06:23 . 2009-11-02 06:37 11045 ----a-w- c:\windows\java\Packages\A33Z7XFT.ZIP
2009-11-03 06:23 . 2009-11-02 06:37 558232 ----a-w- c:\windows\java\Packages\8FXBDVBB.ZIP
2009-11-02 06:27 . 2008-02-06 19:44 -------- d-----w- c:\program files\languages
2009-10-21 17:06 . 2008-05-30 07:31 -------- d-----w- c:\program files\inKline Global
2009-10-21 17:06 . 2002-09-29 11:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-17 21:26 . 2009-01-28 11:55 -------- d-----w- c:\program files\NODouble
2009-10-17 21:21 . 2008-07-01 16:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-16 07:23 . 2002-09-27 15:32 76487 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-10-16 07:02 . 2008-02-06 19:55 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\XnView
2009-09-17 06:54 . 2009-09-17 06:54 -------- d-----w- c:\program files\MAGIX
2009-09-15 16:18 . 2009-03-01 16:30 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\Audacity
2009-09-14 09:49 . 2009-09-14 09:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2009-09-14 08:33 . 2008-07-25 07:51 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-11 14:18 . 2002-09-27 15:15 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18 . 2002-09-27 15:15 136192 ----a-w- c:\windows\system32\msv1_0(2)(2).dll
2009-09-04 21:04 . 2002-09-27 15:15 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:04 . 2002-09-27 15:15 58880 ----a-w- c:\windows\system32\msasn1(2)(2).dll
2009-08-29 10:17 . 2009-08-29 10:17 82464 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-08-29 10:17 . 2009-08-29 10:17 37888 ----a-w- c:\windows\system32\setupnt.dll
2009-08-29 10:17 . 2009-08-29 10:17 28928 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-08-29 10:17 . 2009-08-29 10:17 212288 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-08-29 10:17 . 2009-08-29 10:17 126976 ----a-w- c:\windows\system32\snapapi.dll
2009-08-29 07:28 . 2002-09-27 15:16 832512 ----a-w- c:\windows\system32\wininet(4)(2).dll
2009-08-29 07:28 . 2002-09-27 15:16 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:28 . 2002-09-27 15:16 1168384 ----a-w- c:\windows\system32\urlmon(4)(2).dll
2009-08-29 07:28 . 2002-09-27 15:16 105984 ----a-w- c:\windows\system32\url(4)(2).dll
2009-08-29 07:28 . 2007-08-13 17:34 268288 ----a-w- c:\windows\system32\iertutil(3)(2).dll
2009-08-29 07:28 . 2008-02-05 19:31 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:28 . 2002-09-27 15:15 17408 ------w- c:\windows\system32\corpol.dll
2009-08-28 14:14 . 2009-08-28 14:14 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-28 06:51 . 2009-08-28 06:49 24 --sh--w- c:\windows\SF6CB562F.tmp
2009-08-26 08:01 . 2002-09-27 15:15 247326 ----a-w- c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-11-05_08.25.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-08 14:37 . 2009-11-08 14:37 16384 c:\windows\temp\Perflib_Perfdata_52c.dat
+ 2009-11-07 08:18 . 2009-11-07 08:18 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-11-07 08:18 . 2009-11-07 08:18 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-11-08 09:33 . 2009-11-08 09:33 24576 c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2009-11-08 09:33 . 2009-11-08 09:33 24576 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2009-11-05 10:00 . 2009-11-05 10:00 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll
+ 2009-11-05 10:00 . 2009-11-05 10:00 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll
+ 2009-11-05 09:37 . 2009-11-05 09:37 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-11-05 09:37 . 2009-11-05 09:37 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll
+ 2009-11-05 09:37 . 2009-11-05 09:37 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll
+ 2009-11-07 08:18 . 2009-11-07 08:18 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
+ 2009-11-08 09:33 . 2008-08-07 14:27 163328 c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2009-11-08 09:33 . 2008-08-07 14:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2009-11-05 10:01 . 2009-11-05 10:01 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll
+ 2009-11-05 10:00 . 2009-11-05 10:00 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll
+ 2009-11-05 10:00 . 2009-11-05 10:00 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll
+ 2009-11-05 10:00 . 2009-11-05 10:00 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll
+ 2009-11-05 09:40 . 2009-11-05 09:40 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll
+ 2009-11-05 09:37 . 2009-11-05 09:37 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll
+ 2009-11-05 09:37 . 2009-11-05 09:37 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll
+ 2009-11-05 09:37 . 2009-11-05 09:37 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe
+ 2009-11-05 09:37 . 2009-11-05 09:37 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-11-05 09:37 . 2009-11-05 09:37 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-11-07 08:18 . 2009-11-07 08:18 1583616 c:\windows\Installer\1fe5d8.msi
+ 2009-11-08 09:33 . 2009-11-08 09:33 5402624 c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2009-11-08 09:33 . 2009-11-08 09:33 5402624 c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2009-11-05 10:01 . 2009-11-05 10:01 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll
+ 2009-11-05 10:01 . 2009-11-05 10:01 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll
+ 2009-11-05 10:00 . 2009-11-05 10:00 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll
+ 2009-11-05 10:00 . 2009-11-05 10:00 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll
+ 2009-11-05 09:40 . 2009-11-05 09:40 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll
+ 2009-11-05 09:37 . 2009-11-05 09:37 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\5b1af7b5be24c7ace065fe1c81c2b650\Microsoft.JScript.ni.dll
+ 2009-11-05 09:37 . 2009-11-05 09:37 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-11-05 09:37 . 2009-11-05 09:37 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "c:\program files\Secured_eMule\tbSecu.dll" [2007-05-27 1326104]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]
2007-05-27 11:17 1326104 ----a-w- c:\program files\Secured_eMule\tbSecu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "c:\program files\Secured_eMule\tbSecu.dll" [2007-05-27 1326104]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7}"= "c:\program files\Secured_eMule\tbSecu.dll" [2007-05-27 1326104]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-12 2000112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-19 20480]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"Cloneur Expert Monitor"="c:\program files\Micro Application\TrueImageMonitor.exe" [2009-08-29 443116]
"Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2009-08-29 90112]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2002-10-28 47104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.exe.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-2-27 113664]
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-2-27 113664]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
MioSync.lnk - c:\program files\Mio Technology\MioSync\mioSync.exe [2009-6-10 638976]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4242:TCP"= 4242:TCP:DonkeyServer No1
"86:TCP"= 86:TCP:BroadCam Web Server

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [03/11/2009 10:31 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/10/2009 21:24 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/10/2009 21:24 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/11/2009 10:31 20560]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/10/2008 20:13 92296]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/10/2009 21:24 7408]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys --> c:\windows\system32\drivers\pavboot.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe --> c:\magix\Common\Database\bin\fbserver.exe [?]
S3 TV_551805_Sp50;TV_551805_Sp50 NDIS Protocol Driver;c:\windows\system32\drivers\TV_551805_Sp50.sys [01/09/2008 15:03 27072]
S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;c:\windows\system32\drivers\usb8023.sys [27/09/2002 16:16 12800]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mbr
.
Contenu du dossier 'Tâches planifiées'

2009-07-03 c:\windows\Tasks\Rescue Reminder for 2HAS323A.job
- c:\program files\Maxtor\ManagerApp\MaxUtilities.exe [2008-07-21 14:52]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://m.fr.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.tropal.net/
uInternet Connection Wizard,ShellNext = hxxp://www.medion.com/
uSearchURL,(Default) = hxxp://fr.search.yahoo.com/search?fr=mcafee&p=%s
IE: &Search the web - http://toolbar.recfree.com/rcfr/ctxmnu.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {EF553838-970A-41C2-ABB7-6A75D68D3BFA} = 80.118.192.100,80.118.196.38
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-08 16:07
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x8238B8AC]<<
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

atapi.sys @ 0x0 0x0 bytes

\Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xF83A4B40 atapi.sys
\Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xF83A4B40 atapi.sys
\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xF83A4B40 atapi.sys
\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xF83A4B40 atapi.sys
\Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xF83A4B40 atapi.sys
\Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xF83A4B40 atapi.sys
\Driver\atapi IRP hooks detected !

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\CurrentControlSet]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\USER\LocalSystem]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(3620)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\Acronis\Schedule2\schedul2.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-11-08 16:15 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-11-08 15:15
ComboFix2.txt 2009-11-06 09:13
ComboFix3.txt 2009-11-02 16:00
ComboFix4.txt 2009-11-02 08:05

Avant-CF: 11 538 055 168 octets libres
Après-CF: 11 506 122 752 octets libres
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((((((((( Fichiers créés du 2009-10-08 au 2009-11-08 ))))))))))))))))))))))))))))))))))))
.

2009-11-08 09:35 . 2009-11-08 09:35 579584 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-11-08 09:33 . 2009-11-08 09:33 -------- d-----w- c:\windows\ERUNT
2009-11-08 09:31 . 2008-11-06 01:03 -------- d-----w- C:\SDFix
2009-11-07 08:18 . 2009-11-07 08:18 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-11-06 08:49 . 2009-11-06 09:14 -------- d-----w- C:\jr83h3483j
2009-11-05 08:11 . 2009-11-05 08:34 -------- d-----w- C:\jr83h
2009-11-04 16:32 . 2009-03-24 15:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-03 17:10 . 2009-11-03 17:10 -------- d-----w- c:\documents and settings\jean roland huber\Local Settings\Application Data\Yahoo
2009-11-03 17:10 . 2009-11-03 17:10 262144 ----a-w- C:\ntuser.dat
2009-11-03 14:54 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-03 14:54 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-03 14:54 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-11-03 14:54 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-11-03 14:54 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-03 14:54 . 2009-11-03 14:55 -------- d-----w- C:\d1f7b861680bec64404c
2009-11-03 14:54 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-11-03 14:54 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-11-03 09:31 . 2009-09-15 11:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-03 09:31 . 2009-09-15 11:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-03 09:31 . 2009-09-15 11:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-03 09:31 . 2009-09-15 11:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-03 09:31 . 2009-09-15 11:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-03 09:31 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-03 09:31 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-03 09:31 . 2009-09-15 11:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-03 09:31 . 2009-09-15 11:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-02 18:05 . 2008-03-30 18:55 1213784 ----a-w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6\vsapi32.dll
2009-11-02 18:05 . 2006-11-22 16:48 91744 ----a-w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6\BPMNT.dll
2009-11-02 18:05 . 2006-07-07 15:29 1197584 ----a-w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6\ssapi32.dll
2009-11-02 18:05 . 2009-03-27 16:38 366344 ----a-w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6\tsc.exe
2009-11-02 18:04 . 2009-11-02 18:05 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6
2009-11-02 18:04 . 2009-11-02 18:04 -------- d-----w- c:\windows\system32\HouseCall 6.6
2009-11-02 15:55 . 2009-11-02 15:55 -------- d-----w- c:\documents and settings\jean roland huber\Local Settings\Application Data\PCHealth
2009-11-02 06:17 . 2009-11-02 06:17 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\SPAMfighter
2009-11-01 15:49 . 2009-11-01 15:57 -------- d-----w- c:\program files\Windows Live Safety Center
2009-11-01 13:10 . 2009-11-01 13:10 -------- d-----w- c:\program files\Panda Security
2009-11-01 11:09 . 2009-11-05 07:54 -------- d--h--w- c:\documents and settings\jean roland huber\Application Data\drivers
2009-10-22 08:47 . 2009-10-22 08:47 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-22 08:20 . 2009-10-22 08:20 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\Caere
2009-10-22 07:46 . 2009-10-22 08:45 -------- d-----w- c:\windows\pixtran
2009-10-22 07:45 . 2009-10-22 08:45 -------- d-----w- c:\program files\Fichiers communs\Caere
2009-10-22 07:45 . 2009-10-22 07:45 -------- d-----w- c:\program files\Caere
2009-10-18 07:14 . 2009-10-18 07:14 -------- d-----r- C:\AHCache
2009-10-16 15:50 . 2009-11-03 14:56 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-16 15:50 . 2009-10-16 15:50 -------- d-----w- c:\program files\MSBuild
2009-10-16 15:49 . 2009-10-16 15:49 -------- d-----w- c:\program files\Reference Assemblies
2009-10-16 15:15 . 2009-10-16 15:15 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\System Tweaker
2009-10-16 11:34 . 2009-10-16 11:47 -------- d-----w- c:\windows\LastGood(2)
2009-10-16 07:34 . 2009-10-16 07:34 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\Uniblue

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 09:46 . 2008-11-24 16:36 -------- d-----w- c:\program files\Samsung
2009-11-07 08:21 . 2009-03-19 11:01 117760 ----a-w- c:\documents and settings\jean roland huber\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-07 08:18 . 2008-02-13 20:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-05 14:49 . 2008-02-05 19:39 126672 ----a-w- c:\documents and settings\jean roland huber\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-03 17:30 . 2008-02-05 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-11-03 17:10 . 2008-09-07 14:13 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\Yahoo!
2009-11-03 17:10 . 2008-02-05 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-11-03 17:10 . 2008-02-05 21:54 -------- d-----w- c:\program files\Yahoo!
2009-11-03 15:25 . 2008-04-17 13:42 -------- d-----w- c:\program files\eMule
2009-11-03 09:25 . 2008-10-12 19:11 -------- d-----w- c:\program files\McAfee
2009-11-03 06:40 . 2007-06-05 15:54 183356 ----a-w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6\Uninstaller.exe
2009-11-03 06:23 . 2009-11-02 06:37 156083 ----a-w- c:\windows\java\Packages\ZJXJ3X79.ZIP
2009-11-03 06:23 . 2009-11-02 06:37 137572 ----a-w- c:\windows\java\Packages\Y93137VJ.ZIP
2009-11-03 06:23 . 2009-11-02 06:37 323786 ----a-w- c:\windows\java\Packages\C7JBZR9V.ZIP
2009-11-03 06:23 . 2009-11-02 06:37 191930 ----a-w- c:\windows\java\Packages\B9RZDBZN.ZIP
2009-11-03 06:23 . 2009-11-02 06:37 11045 ----a-w- c:\windows\java\Packages\A33Z7XFT.ZIP
2009-11-03 06:23 . 2009-11-02 06:37 558232 ----a-w- c:\windows\java\Packages\8FXBDVBB.ZIP
2009-11-02 06:27 . 2008-02-06 19:44 -------- d-----w- c:\program files\languages
2009-10-21 17:06 . 2008-05-30 07:31 -------- d-----w- c:\program files\inKline Global
2009-10-21 17:06 . 2002-09-29 11:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-17 21:26 . 2009-01-28 11:55 -------- d-----w- c:\program files\NODouble
2009-10-17 21:21 . 2008-07-01 16:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-16 07:23 . 2002-09-27 15:32 76487 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-10-16 07:02 . 2008-02-06 19:55 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\XnView
2009-09-17 06:54 . 2009-09-17 06:54 -------- d-----w- c:\program files\MAGIX
2009-09-15 16:18 . 2009-03-01 16:30 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\Audacity
2009-09-14 09:49 . 2009-09-14 09:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2009-09-14 08:33 . 2008-07-25 07:51 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-11 14:18 . 2002-09-27 15:15 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18 . 2002-09-27 15:15 136192 ----a-w- c:\windows\system32\msv1_0(2)(2).dll
2009-09-04 21:04 . 2002-09-27 15:15 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:04 . 2002-09-27 15:15 58880 ----a-w- c:\windows\system32\msasn1(2)(2).dll
2009-08-29 10:17 . 2009-08-29 10:17 82464 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-08-29 10:17 . 2009-08-29 10:17 37888 ----a-w- c:\windows\system32\setupnt.dll
2009-08-29 10:17 . 2009-08-29 10:17 28928 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-08-29 10:17 . 2009-08-29 10:17 212288 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-08-29 10:17 . 2009-08-29 10:17 126976 ----a-w- c:\windows\system32\snapapi.dll
2009-08-29 07:28 . 2002-09-27 15:16 832512 ----a-w- c:\windows\system32\wininet(4)(2).dll
2009-08-29 07:28 . 2002-09-27 15:16 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:28 . 2002-09-27 15:16 1168384 ----a-w- c:\windows\system32\urlmon(4)(2).dll
2009-08-29 07:28 . 2002-09-27 15:16 105984 ----a-w- c:\windows\system32\url(4)(2).dll
2009-08-29 07:28 . 2007-08-13 17:34 268288 ----a-w- c:\windows\system32\iertutil(3)(2).dll
2009-08-29 07:28 . 2008-02-05 19:31 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:28 . 2002-09-27 15:15 17408 ------w- c:\windows\system32\corpol.dll
2009-08-28 14:14 . 2009-08-28 14:14 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-28 06:51 . 2009-08-28 06:49 24 --sh--w- c:\windows\SF6CB562F.tmp
2009-08-26 08:01 . 2002-09-27 15:15 247326 ----a-w- c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-11-05_08.25.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-08 14:37 . 2009-11-08 14:37 16384 c:\windows\temp\Perflib_Perfdata_52c.dat
+ 2009-11-07 08:18 . 2009-11-07 08:18 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-11-07 08:18 . 2009-11-07 08:18 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-11-08 09:33 . 2009-11-08 09:33 24576 c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2009-11-08 09:33 . 2009-11-08 09:33 24576 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2009-11-05 10:00 . 2009-11-05 10:00 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll
+ 2009-11-05 10:00 . 2009-11-05 10:00 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll
+ 2009-11-05 09:37 . 2009-11-05 09:37 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-11-05 09:37 . 2009-11-05 09:37 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll
+ 2009-11-05 09:37 . 2009-11-05 09:37 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll
+ 2009-11-07 08:18 . 2009-11-07 08:18 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
+ 2009-11-08 09:33 . 2008-08-07 14:27 163328 c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2009-11-08 09:33 . 2008-08-07 14:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2009-11-05 10:01 . 2009-11-05 10:01 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll
+ 2009-11-05 10:00 . 2009-11-05 10:00 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll
+ 2009-11-05 10:00 . 2009-11-05 10:00 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll
+ 2009-11-05 10:00 . 2009-11-05 10:00 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll
+ 2009-11-05 09:40 . 2009-11-05 09:40 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll
+ 2009-11-05 09:37 . 2009-11-05 09:37 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll
+ 2009-11-05 09:37 . 2009-11-05 09:37 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll
+ 2009-11-05 09:37 . 2009-11-05 09:37 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe
+ 2009-11-05 09:37 . 2009-11-05 09:37 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-11-05 09:37 . 2009-11-05 09:37 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-11-07 08:18 . 2009-11-07 08:18 1583616 c:\windows\Installer\1fe5d8.msi
+ 2009-11-08 09:33 . 2009-11-08 09:33 5402624 c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2009-11-08 09:33 . 2009-11-08 09:33 5402624 c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2009-11-05 10:01 . 2009-11-05 10:01 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll
+ 2009-11-05 10:01 . 2009-11-05 10:01 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll
+ 2009-11-05 10:00 . 2009-11-05 10:00 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll
+ 2009-11-05 10:00 . 2009-11-05 10:00 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll
+ 2009-11-05 09:40 . 2009-11-05 09:40 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll
+ 2009-11-05 09:37 . 2009-11-05 09:37 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\5b1af7b5be24c7ace065fe1c81c2b650\Microsoft.JScript.ni.dll
+ 2009-11-05 09:37 . 2009-11-05 09:37 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-11-05 09:37 . 2009-11-05 09:37 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "c:\program files\Secured_eMule\tbSecu.dll" [2007-05-27 1326104]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]
2007-05-27 11:17 1326104 ----a-w- c:\program files\Secured_eMule\tbSecu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "c:\program files\Secured_eMule\tbSecu.dll" [2007-05-27 1326104]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7}"= "c:\program files\Secured_eMule\tbSecu.dll" [2007-05-27 1326104]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-12 2000112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-19 20480]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"Cloneur Expert Monitor"="c:\program files\Micro Application\TrueImageMonitor.exe" [2009-08-29 443116]
"Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2009-08-29 90112]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2002-10-28 47104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.exe.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-2-27 113664]
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-2-27 113664]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
MioSync.lnk - c:\program files\Mio Technology\MioSync\mioSync.exe [2009-6-10 638976]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4242:TCP"= 4242:TCP:DonkeyServer No1
"86:TCP"= 86:TCP:BroadCam Web Server

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [03/11/2009 10:31 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/10/2009 21:24 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/10/2009 21:24 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/11/2009 10:31 20560]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/10/2008 20:13 92296]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/10/2009 21:24 7408]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys --> c:\windows\system32\drivers\pavboot.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe --> c:\magix\Common\Database\bin\fbserver.exe [?]
S3 TV_551805_Sp50;TV_551805_Sp50 NDIS Protocol Driver;c:\windows\system32\drivers\TV_551805_Sp50.sys [01/09/2008 15:03 27072]
S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;c:\windows\system32\drivers\usb8023.sys [27/09/2002 16:16 12800]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mbr
.
Contenu du dossier 'Tâches planifiées'

2009-07-03 c:\windows\Tasks\Rescue Reminder for 2HAS323A.job
- c:\program files\Maxtor\ManagerApp\MaxUtilities.exe [2008-07-21 14:52]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://m.fr.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.tropal.net/
uInternet Connection Wizard,ShellNext = hxxp://www.medion.com/
uSearchURL,(Default) = hxxp://fr.search.yahoo.com/search?fr=mcafee&p=%s
IE: &Search the web - http://toolbar.recfree.com/rcfr/ctxmnu.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {EF553838-970A-41C2-ABB7-6A75D68D3BFA} = 80.118.192.100,80.118.196.38
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-08 16:07
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x8238B8AC]<<
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

atapi.sys @ 0x0 0x0 bytes

\Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xF83A4B40 atapi.sys
\Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xF83A4B40 atapi.sys
\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xF83A4B40 atapi.sys
\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xF83A4B40 atapi.sys
\Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xF83A4B40 atapi.sys
\Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xF83A4B40 atapi.sys
\Driver\atapi IRP hooks detected !

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\CurrentControlSet]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\USER\LocalSystem]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(3620)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\Acronis\Schedule2\schedul2.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-11-08 16:15 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-11-08 15:15
ComboFix2.txt 2009-11-06 09:13
ComboFix3.txt 2009-11-02 16:00
ComboFix4.txt 2009-11-02 08:05

Avant-CF: 11 538 055 168 octets libres
Après-CF: 11 506 122 752 octets libres
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((((((((( Fichiers créés du 2009-10-08 au 2009-11-08 ))))))))))))))))))))))))))))))))))))
.

2009-11-08 09:35 . 2009-11-08 09:35 579584 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-11-08 09:33 . 2009-11-08 09:33 -------- d-----w- c:\windows\ERUNT
2009-11-08 09:31 . 2008-11-06 01:03 -------- d-----w- C:\SDFix
2009-11-07 08:18 . 2009-11-07 08:18 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-11-06 08:49 . 2009-11-06 09:14 -------- d-----w- C:\jr83h3483j
2009-11-05 08:11 . 2009-11-05 08:34 -------- d-----w- C:\jr83h
2009-11-04 16:32 . 2009-03-24 15:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-03 17:10 . 2009-11-03 17:10 -------- d-----w- c:\documents and settings\jean roland huber\Local Settings\Application Data\Yahoo
2009-11-03 17:10 . 2009-11-03 17:10 262144 ----a-w- C:\ntuser.dat
2009-11-03 14:54 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-03 14:54 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-03 14:54 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-11-03 14:54 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-11-03 14:54 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-03 14:54 . 2009-11-03 14:55 -------- d-----w- C:\d1f7b861680bec64404c
2009-11-03 14:54 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-11-03 14:54 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-11-03 09:31 . 2009-09-15 11:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-03 09:31 . 2009-09-15 11:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-03 09:31 . 2009-09-15 11:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-03 09:31 . 2009-09-15 11:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-03 09:31 . 2009-09-15 11:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-03 09:31 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-03 09:31 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-03 09:31 . 2009-09-15 11:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-03 09:31 . 2009-09-15 11:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-02 18:05 . 2008-03-30 18:55 1213784 ----a-w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6\vsapi32.dll
2009-11-02 18:05 . 2006-11-22 16:48 91744 ----a-w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6\BPMNT.dll
2009-11-02 18:05 . 2006-07-07 15:29 1197584 ----a-w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6\ssapi32.dll
2009-11-02 18:05 . 2009-03-27 16:38 366344 ----a-w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6\tsc.exe
2009-11-02 18:04 . 2009-11-02 18:05 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6
2009-11-02 18:04 . 2009-11-02 18:04 -------- d-----w- c:\windows\system32\HouseCall 6.6
2009-11-02 15:55 . 2009-11-02 15:55 -------- d-----w- c:\documents and settings\jean roland huber\Local Settings\Application Data\PCHealth
2009-11-02 06:17 . 2009-11-02 06:17 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\SPAMfighter
2009-11-01 15:49 . 2009-11-01 15:57 -------- d-----w- c:\program files\Windows Live Safety Center
2009-11-01 13:10 . 2009-11-01 13:10 -------- d-----w- c:\program files\Panda Security
2009-11-01 11:09 . 2009-11-05 07:54 -------- d--h--w- c:\documents and settings\jean roland huber\Application Data\drivers
2009-10-22 08:47 . 2009-10-22 08:47 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-22 08:20 . 2009-10-22 08:20 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\Caere
2009-10-22 07:46 . 2009-10-22 08:45 -------- d-----w- c:\windows\pixtran
2009-10-22 07:45 . 2009-10-22 08:45 -------- d-----w- c:\program files\Fichiers communs\Caere
2009-10-22 07:45 . 2009-10-22 07:45 -------- d-----w- c:\program files\Caere
2009-10-18 07:14 . 2009-10-18 07:14 -------- d-----r- C:\AHCache
2009-10-16 15:50 . 2009-11-03 14:56 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-16 15:50 . 2009-10-16 15:50 -------- d-----w- c:\program files\MSBuild
2009-10-16 15:49 . 2009-10-16 15:49 -------- d-----w- c:\program files\Reference Assemblies
2009-10-16 15:15 . 2009-10-16 15:15 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\System Tweaker
2009-10-16 11:34 . 2009-10-16 11:47 -------- d-----w- c:\windows\LastGood(2)
2009-10-16 07:34 . 2009-10-16 07:34 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\Uniblue

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 09:46 . 2008-11-24 16:36 -------- d-----w- c:\program files\Samsung
2009-11-07 08:21 . 2009-03-19 11:01 117760 ----a-w- c:\documents and settings\jean roland huber\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-07 08:18 . 2008-02-13 20:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-05 14:49 . 2008-02-05 19:39 126672 ----a-w- c:\documents and settings\jean roland huber\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-03 17:30 . 2008-02-05 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-11-03 17:10 . 2008-09-07 14:13 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\Yahoo!
2009-11-03 17:10 . 2008-02-05 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-11-03 17:10 . 2008-02-05 21:54 -------- d-----w- c:\program files\Yahoo!
2009-11-03 15:25 . 2008-04-17 13:42 -------- d-----w- c:\program files\eMule
2009-11-03 09:25 . 2008-10-12 19:11 -------- d-----w- c:\program files\McAfee
2009-11-03 06:40 . 2007-06-05 15:54 183356 ----a-w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6\Uninstaller.exe
2009-11-03 06:23 . 2009-11-02 06:37 156083 ----a-w- c:\windows\java\Packages\ZJXJ3X79.ZIP
2009-11-03 06:23 . 2009-11-02 06:37 137572 ----a-w- c:\windows\java\Packages\Y93137VJ.ZIP
2009-11-03 06:23 . 2009-11-02 06:37 323786 ----a-w- c:\windows\java\Packages\C7JBZR9V.ZIP
2009-11-03 06:23 . 2009-11-02 06:37 191930 ----a-w- c:\windows\java\Packages\B9RZDBZN.ZIP
2009-11-03 06:23 . 2009-11-02 06:37 11045 ----a-w- c:\windows\java\Packages\A33Z7XFT.ZIP
2009-11-03 06:23 . 2009-11-02 06:37 558232 ----a-w- c:\windows\java\Packages\8FXBDVBB.ZIP
2009-11-02 06:27 . 2008-02-06 19:44 -------- d-----w- c:\program files\languages
2009-10-21 17:06 . 2008-05-30 07:31 -------- d-----w- c:\program files\inKline Global
2009-10-21 17:06 . 2002-09-29 11:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-17 21:26 . 2009-01-28 11:55 ------
répondre
jr83h le 08 novembre 2009 à 20h03
rebonjour
en executant ta procedure j(ai obtenu un ra^pport de combofix en te rappelant que le copiier glisser fonctionne mal et j"ai prefere un copier coller me demandant si je voulais la nouvelle version du fichier , qui , je l'espere a ete retenue puisque qu'un scan a ete realise sans mon antivirus
cependant a la fin de l'execution mon antivirus reactivé suite au redemarrage m ' a indiqué la presence d'un virus
j'ai effectue le scan qui n'a rien trouvé( je sens que je vais trouvé un marteau pour regler cette abomination!)
en essayant oad exe avec atapi.sys et la reference 3 rien ne s'est passé depuis 3 h alors que le pointillé de recherche! clignotait
voila ou j'en suis , en esperant que le rapport combo te parvienne et t'aide .
merci jr83h
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((((((((( Fichiers créés du 2009-10-08 au 2009-11-08 ))))))))))))))))))))))))))))))))))))
.

2009-11-08 09:35 . 2009-11-08 09:35 579584 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-11-08 09:33 . 2009-11-08 09:33 -------- d-----w- c:\windows\ERUNT
2009-11-08 09:31 . 2008-11-06 01:03 -------- d-----w- C:\SDFix
2009-11-07 08:18 . 2009-11-07 08:18 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-11-06 08:49 . 2009-11-06 09:14 -------- d-----w- C:\jr83h3483j
2009-11-05 08:11 . 2009-11-05 08:34 -------- d-----w- C:\jr83h
2009-11-04 16:32 . 2009-03-24 15:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-03 17:10 . 2009-11-03 17:10 -------- d-----w- c:\documents and settings\jean roland huber\Local Settings\Application Data\Yahoo
2009-11-03 17:10 . 2009-11-03 17:10 262144 ----a-w- C:\ntuser.dat
2009-11-03 14:54 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-03 14:54 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-03 14:54 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-11-03 14:54 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-11-03 14:54 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-03 14:54 . 2009-11-03 14:55 -------- d-----w- C:\d1f7b861680bec64404c
2009-11-03 14:54 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-11-03 14:54 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-11-03 09:31 . 2009-09-15 11:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-03 09:31 . 2009-09-15 11:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-03 09:31 . 2009-09-15 11:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-03 09:31 . 2009-09-15 11:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-03 09:31 . 2009-09-15 11:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-03 09:31 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-03 09:31 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-03 09:31 . 2009-09-15 11:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-03 09:31 . 2009-09-15 11:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-02 18:05 . 2008-03-30 18:55 1213784 ----a-w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6\vsapi32.dll
2009-11-02 18:05 . 2006-11-22 16:48 91744 ----a-w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6\BPMNT.dll
2009-11-02 18:05 . 2006-07-07 15:29 1197584 ----a-w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6\ssapi32.dll
2009-11-02 18:05 . 2009-03-27 16:38 366344 ----a-w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6\tsc.exe
2009-11-02 18:04 . 2009-11-02 18:05 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6
2009-11-02 18:04 . 2009-11-02 18:04 -------- d-----w- c:\windows\system32\HouseCall 6.6
2009-11-02 15:55 . 2009-11-02 15:55 -------- d-----w- c:\documents and settings\jean roland huber\Local Settings\Application Data\PCHealth
2009-11-02 06:17 . 2009-11-02 06:17 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\SPAMfighter
2009-11-01 15:49 . 2009-11-01 15:57 -------- d-----w- c:\program files\Windows Live Safety Center
2009-11-01 13:10 . 2009-11-01 13:10 -------- d-----w- c:\program files\Panda Security
2009-11-01 11:09 . 2009-11-05 07:54 -------- d--h--w- c:\documents and settings\jean roland huber\Application Data\drivers
2009-10-22 08:47 . 2009-10-22 08:47 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-22 08:20 . 2009-10-22 08:20 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\Caere
2009-10-22 07:46 . 2009-10-22 08:45 -------- d-----w- c:\windows\pixtran
2009-10-22 07:45 . 2009-10-22 08:45 -------- d-----w- c:\program files\Fichiers communs\Caere
2009-10-22 07:45 . 2009-10-22 07:45 -------- d-----w- c:\program files\Caere
2009-10-18 07:14 . 2009-10-18 07:14 -------- d-----r- C:\AHCache
2009-10-16 15:50 . 2009-11-03 14:56 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-16 15:50 . 2009-10-16 15:50 -------- d-----w- c:\program files\MSBuild
2009-10-16 15:49 . 2009-10-16 15:49 -------- d-----w- c:\program files\Reference Assemblies
2009-10-16 15:15 . 2009-10-16 15:15 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\System Tweaker
2009-10-16 11:34 . 2009-10-16 11:47 -------- d-----w- c:\windows\LastGood(2)
2009-10-16 07:34 . 2009-10-16 07:34 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\Uniblue

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 09:46 . 2008-11-24 16:36 -------- d-----w- c:\program files\Samsung
2009-11-07 08:21 . 2009-03-19 11:01 117760 ----a-w- c:\documents and settings\jean roland huber\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-07 08:18 . 2008-02-13 20:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-05 14:49 . 2008-02-05 19:39 126672 ----a-w- c:\documents and settings\jean roland huber\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-03 17:30 . 2008-02-05 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-11-03 17:10 . 2008-09-07 14:13 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\Yahoo!
2009-11-03 17:10 . 2008-02-05 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-11-03 17:10 . 2008-02-05 21:54 -------- d-----w- c:\program files\Yahoo!
2009-11-03 15:25 . 2008-04-17 13:42 -------- d-----w- c:\program files\eMule
2009-11-03 09:25 . 2008-10-12 19:11 -------- d-----w- c:\program files\McAfee
2009-11-03 06:40 . 2007-06-05 15:54 183356 ----a-w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6\Uninstaller.exe
2009-11-03 06:23 . 2009-11-02 06:37 156083 ----a-w- c:\windows\java\Packages\ZJXJ3X79.ZIP
2009-11-03 06:23 . 2009-11-02 06:37 137572 ----a-w- c:\windows\java\Packages\Y93137VJ.ZIP
2009-11-03 06:23 . 2009-11-02 06:37 323786 ----a-w- c:\windows\java\Packages\C7JBZR9V.ZIP
2009-11-03 06:23 . 2009-11-02 06:37 191930 ----a-w- c:\windows\java\Packages\B9RZDBZN.ZIP
2009-11-03 06:23 . 2009-11-02 06:37 11045 ----a-w- c:\windows\java\Packages\A33Z7XFT.ZIP
2009-11-03 06:23 . 2009-11-02 06:37 558232 ----a-w- c:\windows\java\Packages\8FXBDVBB.ZIP
2009-11-02 06:27 . 2008-02-06 19:44 -------- d-----w- c:\program files\languages
2009-10-21 17:06 . 2008-05-30 07:31 -------- d-----w- c:\program files\inKline Global
2009-10-21 17:06 . 2002-09-29 11:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-17 21:26 . 2009-01-28 11:55 -------- d-----w- c:\program files\NODouble
2009-10-17 21:21 . 2008-07-01 16:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-16 07:23 . 2002-09-27 15:32 76487 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-10-16 07:02 . 2008-02-06 19:55 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\XnView
2009-09-17 06:54 . 2009-09-17 06:54 -------- d-----w- c:\program files\MAGIX
2009-09-15 16:18 . 2009-03-01 16:30 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\Audacity
2009-09-14 09:49 . 2009-09-14 09:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2009-09-14 08:33 . 2008-07-25 07:51 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-11 14:18 . 2002-09-27 15:15 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18 . 2002-09-27 15:15 136192 ----a-w- c:\windows\system32\msv1_0(2)(2).dll
2009-09-04 21:04 . 2002-09-27 15:15 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:04 . 2002-09-27 15:15 58880 ----a-w- c:\windows\system32\msasn1(2)(2).dll
2009-08-29 10:17 . 2009-08-29 10:17 82464 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-08-29 10:17 . 2009-08-29 10:17 37888 ----a-w- c:\windows\system32\setupnt.dll
2009-08-29 10:17 . 2009-08-29 10:17 28928 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-08-29 10:17 . 2009-08-29 10:17 212288 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-08-29 10:17 . 2009-08-29 10:17 126976 ----a-w- c:\windows\system32\snapapi.dll
2009-08-29 07:28 . 2002-09-27 15:16 832512 ----a-w- c:\windows\system32\wininet(4)(2).dll
2009-08-29 07:28 . 2002-09-27 15:16 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:28 . 2002-09-27 15:16 1168384 ----a-w- c:\windows\system32\urlmon(4)(2).dll
2009-08-29 07:28 . 2002-09-27 15:16 105984 ----a-w- c:\windows\system32\url(4)(2).dll
2009-08-29 07:28 . 2007-08-13 17:34 268288 ----a-w- c:\windows\system32\iertutil(3)(2).dll
2009-08-29 07:28 . 2008-02-05 19:31 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:28 . 2002-09-27 15:15 17408 ------w- c:\windows\system32
répondre
jr83h le 08 novembre 2009 à 20h03
rebonjour
en executant ta procedure j(ai obtenu un ra^pport de combofix en te rappelant que le copiier glisser fonctionne mal et j"ai prefere un copier coller me demandant si je voulais la nouvelle version du fichier , qui , je l'espere a ete retenue puisque qu'un scan a ete realise sans mon antivirus
cependant a la fin de l'execution mon antivirus reactivé suite au redemarrage m ' a indiqué la presence d'un virus
j'ai effectue le scan qui n'a rien trouvé( je sens que je vais trouvé un marteau pour regler cette abomination!)
en essayant oad exe avec atapi.sys et la reference 3 rien ne s'est passé depuis 3 h alors que le pointillé de recherche! clignotait
voila ou j'en suis , en esperant que le rapport combo te parvienne et t'aide .
merci jr83h
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((((((((( Fichiers créés du 2009-10-08 au 2009-11-08 ))))))))))))))))))))))))))))))))))))
.

2009-11-08 09:35 . 2009-11-08 09:35 579584 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-11-08 09:33 . 2009-11-08 09:33 -------- d-----w- c:\windows\ERUNT
2009-11-08 09:31 . 2008-11-06 01:03 -------- d-----w- C:\SDFix
2009-11-07 08:18 . 2009-11-07 08:18 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-11-06 08:49 . 2009-11-06 09:14 -------- d-----w- C:\jr83h3483j
2009-11-05 08:11 . 2009-11-05 08:34 -------- d-----w- C:\jr83h
2009-11-04 16:32 . 2009-03-24 15:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-03 17:10 . 2009-11-03 17:10 -------- d-----w- c:\documents and settings\jean roland huber\Local Settings\Application Data\Yahoo
2009-11-03 17:10 . 2009-11-03 17:10 262144 ----a-w- C:\ntuser.dat
2009-11-03 14:54 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-03 14:54 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-03 14:54 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-11-03 14:54 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-11-03 14:54 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-03 14:54 . 2009-11-03 14:55 -------- d-----w- C:\d1f7b861680bec64404c
2009-11-03 14:54 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-11-03 14:54 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-11-03 09:31 . 2009-09-15 11:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-03 09:31 . 2009-09-15 11:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-03 09:31 . 2009-09-15 11:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-03 09:31 . 2009-09-15 11:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-03 09:31 . 2009-09-15 11:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-03 09:31 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-03 09:31 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-03 09:31 . 2009-09-15 11:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-03 09:31 . 2009-09-15 11:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-02 18:05 . 2008-03-30 18:55 1213784 ----a-w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6\vsapi32.dll
2009-11-02 18:05 . 2006-11-22 16:48 91744 ----a-w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6\BPMNT.dll
2009-11-02 18:05 . 2006-07-07 15:29 1197584 ----a-w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6\ssapi32.dll
2009-11-02 18:05 . 2009-03-27 16:38 366344 ----a-w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6\tsc.exe
2009-11-02 18:04 . 2009-11-02 18:05 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6
2009-11-02 18:04 . 2009-11-02 18:04 -------- d-----w- c:\windows\system32\HouseCall 6.6
2009-11-02 15:55 . 2009-11-02 15:55 -------- d-----w- c:\documents and settings\jean roland huber\Local Settings\Application Data\PCHealth
2009-11-02 06:17 . 2009-11-02 06:17 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\SPAMfighter
2009-11-01 15:49 . 2009-11-01 15:57 -------- d-----w- c:\program files\Windows Live Safety Center
2009-11-01 13:10 . 2009-11-01 13:10 -------- d-----w- c:\program files\Panda Security
2009-11-01 11:09 . 2009-11-05 07:54 -------- d--h--w- c:\documents and settings\jean roland huber\Application Data\drivers
2009-10-22 08:47 . 2009-10-22 08:47 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-22 08:20 . 2009-10-22 08:20 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\Caere
2009-10-22 07:46 . 2009-10-22 08:45 -------- d-----w- c:\windows\pixtran
2009-10-22 07:45 . 2009-10-22 08:45 -------- d-----w- c:\program files\Fichiers communs\Caere
2009-10-22 07:45 . 2009-10-22 07:45 -------- d-----w- c:\program files\Caere
2009-10-18 07:14 . 2009-10-18 07:14 -------- d-----r- C:\AHCache
2009-10-16 15:50 . 2009-11-03 14:56 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-16 15:50 . 2009-10-16 15:50 -------- d-----w- c:\program files\MSBuild
2009-10-16 15:49 . 2009-10-16 15:49 -------- d-----w- c:\program files\Reference Assemblies
2009-10-16 15:15 . 2009-10-16 15:15 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\System Tweaker
2009-10-16 11:34 . 2009-10-16 11:47 -------- d-----w- c:\windows\LastGood(2)
2009-10-16 07:34 . 2009-10-16 07:34 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\Uniblue

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 09:46 . 2008-11-24 16:36 -------- d-----w- c:\program files\Samsung
2009-11-07 08:21 . 2009-03-19 11:01 117760 ----a-w- c:\documents and settings\jean roland huber\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-07 08:18 . 2008-02-13 20:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-05 14:49 . 2008-02-05 19:39 126672 ----a-w- c:\documents and settings\jean roland huber\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-03 17:30 . 2008-02-05 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-11-03 17:10 . 2008-09-07 14:13 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\Yahoo!
2009-11-03 17:10 . 2008-02-05 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-11-03 17:10 . 2008-02-05 21:54 -------- d-----w- c:\program files\Yahoo!
2009-11-03 15:25 . 2008-04-17 13:42 -------- d-----w- c:\program files\eMule
2009-11-03 09:25 . 2008-10-12 19:11 -------- d-----w- c:\program files\McAfee
2009-11-03 06:40 . 2007-06-05 15:54 183356 ----a-w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6\Uninstaller.exe
2009-11-03 06:23 . 2009-11-02 06:37 156083 ----a-w- c:\windows\java\Packages\ZJXJ3X79.ZIP
2009-11-03 06:23 . 2009-11-02 06:37 137572 ----a-w- c:\windows\java\Packages\Y93137VJ.ZIP
2009-11-03 06:23 . 2009-11-02 06:37 323786 ----a-w- c:\windows\java\Packages\C7JBZR9V.ZIP
2009-11-03 06:23 . 2009-11-02 06:37 191930 ----a-w- c:\windows\java\Packages\B9RZDBZN.ZIP
2009-11-03 06:23 . 2009-11-02 06:37 11045 ----a-w- c:\windows\java\Packages\A33Z7XFT.ZIP
2009-11-03 06:23 . 2009-11-02 06:37 558232 ----a-w- c:\windows\java\Packages\8FXBDVBB.ZIP
2009-11-02 06:27 . 2008-02-06 19:44 -------- d-----w- c:\program files\languages
2009-10-21 17:06 . 2008-05-30 07:31 -------- d-----w- c:\program files\inKline Global
2009-10-21 17:06 . 2002-09-29 11:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-17 21:26 . 2009-01-28 11:55 -------- d-----w- c:\program files\NODouble
2009-10-17 21:21 . 2008-07-01 16:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-16 07:23 . 2002-09-27 15:32 76487 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-10-16 07:02 . 2008-02-06 19:55 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\XnView
2009-09-17 06:54 . 2009-09-17 06:54 -------- d-----w- c:\program files\MAGIX
2009-09-15 16:18 . 2009-03-01 16:30 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\Audacity
2009-09-14 09:49 . 2009-09-14 09:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2009-09-14 08:33 . 2008-07-25 07:51 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-11 14:18 . 2002-09-27 15:15 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18 . 2002-09-27 15:15 136192 ----a-w- c:\windows\system32\msv1_0(2)(2).dll
2009-09-04 21:04 . 2002-09-27 15:15 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:04 . 2002-09-27 15:15 58880 ----a-w- c:\windows\system32\msasn1(2)(2).dll
2009-08-29 10:17 . 2009-08-29 10:17 82464 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-08-29 10:17 . 2009-08-29 10:17 37888 ----a-w- c:\windows\system32\setupnt.dll
2009-08-29 10:17 . 2009-08-29 10:17 28928 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-08-29 10:17 . 2009-08-29 10:17 212288 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-08-29 10:17 . 2009-08-29 10:17 126976 ----a-w- c:\windows\system32\snapapi.dll
2009-08-29 07:28 . 2002-09-27 15:16 832512 ----a-w- c:\windows\system32\wininet(4)(2).dll
2009-08-29 07:28 . 2002-09-27 15:16 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:28 . 2002-09-27 15:16 1168384 ----a-w- c:\windows\system32\urlmon(4)(2).dll
2009-08-29 07:28 . 2002-09-27 15:16 105984 ----a-w- c:\windows\system32\url(4)(2).dll
2009-08-29 07:28 . 2007-08-13 17:34 268288 ----a-w- c:\windows\system32\iertutil(3)(2).dll
2009-08-29 07:28 . 2008-02-05 19:31 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:28 . 2002-09-27 15:15 17408 ------w- c:\windows\system32\corpol.dll
2009-08-28 14:14 . 2009-08-28 14:14 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-28 06:51 . 2009-08-28 06:49 24 --sh--w- c:\windows\SF6CB562F.tmp
2009-08-26 08:01 . 2002-09-27 15:15 247326 ----a-w- c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-11-05_08.25.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-08 14:37 . 2009-11-08 14:37 16384 c:\windows\temp\Perflib_Perfdata_52c.dat
+ 2009-11-07 08:18 . 2009-11-07 08:18 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-11-07 08:18 . 2009-11-07 08:18 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-11-08 09:33 . 2009-11-08 09:33 24576 c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2009-11-08 09:33 . 2009-11-08 09:33 24576 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2009-11-05 10:00 . 2009-11-05 10:00 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll
+ 2009-11-05 10:00 . 2009-11-05 10:00 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll
+ 2009-11-05 09:37 . 2009-11-05 09:37 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-11-05 09:37 . 2009-11-05 09:37 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll
+ 2009-11-05 09:37 . 2009-11-05 09:37 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll
+ 2009-11-07 08:18 . 2009-11-07 08:18 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
+ 2009-11-08 09:33 . 2008-08-07 14:27 163328 c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2009-11-08 09:33 . 2008-08-07 14:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2009-11-05 10:01 . 2009-11-05 10:01 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll
+ 2009-11-05 10:00 . 2009-11-05 10:00 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll
+ 2009-11-05 10:00 . 2009-11-05 10:00 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll
+ 2009-11-05 10:00 . 2009-11-05 10:00 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll
+ 2009-11-05 09:40 . 2009-11-05 09:40 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll
+ 2009-11-05 09:37 . 2009-11-05 09:37 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll
+ 2009-11-05 09:37 . 2009-11-05 09:37 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll
+ 2009-11-05 09:37 . 2009-11-05 09:37 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe
+ 2009-11-05 09:37 . 2009-11-05 09:37 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-11-05 09:37 . 2009-11-05 09:37 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-11-07 08:18 . 2009-11-07 08:18 1583616 c:\windows\Installer\1fe5d8.msi
+ 2009-11-08 09:33 . 2009-11-08 09:33 5402624 c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2009-11-08 09:33 . 2009-11-08 09:33 5402624 c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2009-11-05 10:01 . 2009-11-05 10:01 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll
+ 2009-11-05 10:01 . 2009-11-05 10:01 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll
+ 2009-11-05 10:00 . 2009-11-05 10:00 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll
+ 2009-11-05 10:00 . 2009-11-05 10:00 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll
+ 2009-11-05 09:40 . 2009-11-05 09:40 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll
+ 2009-11-05 09:37 . 2009-11-05 09:37 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\5b1af7b5be24c7ace065fe1c81c2b650\Microsoft.JScript.ni.dll
+ 2009-11-05 09:37 . 2009-11-05 09:37 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-11-05 09:37 . 2009-11-05 09:37 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "c:\program files\Secured_eMule\tbSecu.dll" [2007-05-27 1326104]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]
2007-05-27 11:17 1326104 ----a-w- c:\program files\Secured_eMule\tbSecu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "c:\program files\Secured_eMule\tbSecu.dll" [2007-05-27 1326104]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7}"= "c:\program files\Secured_eMule\tbSecu.dll" [2007-05-27 1326104]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-12 2000112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-19 20480]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"Cloneur Expert Monitor"="c:\program files\Micro Application\TrueImageMonitor.exe" [2009-08-29 443116]
"Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2009-08-29 90112]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2002-10-28 47104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.exe.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-2-27 113664]
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-2-27 113664]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
MioSync.lnk - c:\program files\Mio Technology\MioSync\mioSync.exe [2009-6-10 638976]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4242:TCP"= 4242:TCP:DonkeyServer No1
"86:TCP"= 86:TCP:BroadCam Web Server

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [03/11/2009 10:31 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/10/2009 21:24 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/10/2009 21:24 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/11/2009 10:31 20560]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/10/2008 20:13 92296]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/10/2009 21:24 7408]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys --> c:\windows\system32\drivers\pavboot.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe --> c:\magix\Common\Database\bin\fbserver.exe [?]
S3 TV_551805_Sp50;TV_551805_Sp50 NDIS Protocol Driver;c:\windows\system32\drivers\TV_551805_Sp50.sys [01/09/2008 15:03 27072]
S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;c:\windows\system32\drivers\usb8023.sys [27/09/2002 16:16 12800]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mbr
.
Contenu du dossier 'Tâches planifiées'

2009-07-03 c:\windows\Tasks\Rescue Reminder for 2HAS323A.job
- c:\program files\Maxtor\ManagerApp\MaxUtilities.exe [2008-07-21 14:52]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://m.fr.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.tropal.net/
uInternet Connection Wizard,ShellNext = hxxp://www.medion.com/
uSearchURL,(Default) = hxxp://fr.search.yahoo.com/search?fr=mcafee&p=%s
IE: &Search the web - http://toolbar.recfree.com/rcfr/ctxmnu.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {EF553838-970A-41C2-ABB7-6A75D68D3BFA} = 80.118.192.100,80.118.196.38
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-08 16:07
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x8238B8AC]<<
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

atapi.sys @ 0x0 0x0 bytes

\Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xF83A4B40 atapi.sys
\Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xF83A4B40 atapi.sys
\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xF83A4B40 atapi.sys
\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xF83A4B40 atapi.sys
\Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xF83A4B40 atapi.sys
\Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xF83A4B40 atapi.sys
\Driver\atapi IRP hooks detected !

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\CurrentControlSet]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\USER\LocalSystem]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(3620)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\Acronis\Schedule2\schedul2.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-11-08 16:15 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-11-08 15:15
ComboFix2.txt 2009-11-06 09:13
ComboFix3.txt 2009-11-02 16:00
ComboFix4.txt 2009-11-02 08:05

Avant-CF: 11 538 055 168 octets libres
Après-CF: 11 506 122 752 octets libres
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((((((((( Fichiers créés du 2009-10-08 au 2009-11-08 ))))))))))))))))))))))))))))))))))))
.

2009-11-08 09:35 . 2009-11-08 09:35 579584 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-11-08 09:33 . 2009-11-08 09:33 -------- d-----w- c:\windows\ERUNT
2009-11-08 09:31 . 2008-11-06 01:03 -------- d-----w- C:\SDFix
2009-11-07 08:18 . 2009-11-07 08:18 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-11-06 08:49 . 2009-11-06 09:14 -------- d-----w- C:\jr83h3483j
2009-11-05 08:11 . 2009-11-05 08:34 -------- d-----w- C:\jr83h
2009-11-04 16:32 . 2009-03-24 15:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-03 17:10 . 2009-11-03 17:10 -------- d-----w- c:\documents and settings\jean roland huber\Local Settings\Application Data\Yahoo
2009-11-03 17:10 . 2009-11-03 17:10 262144 ----a-w- C:\ntuser.dat
2009-11-03 14:54 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-03 14:54 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-03 14:54 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-11-03 14:54 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-11-03 14:54 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-03 14:54 . 2009-11-03 14:55 -------- d-----w- C:\d1f7b861680bec64404c
2009-11-03 14:54 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-11-03 14:54 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-11-03 09:31 . 2009-09-15 11:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-03 09:31 . 2009-09-15 11:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-03 09:31 . 2009-09-15 11:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-03 09:31 . 2009-09-15 11:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-03 09:31 . 2009-09-15 11:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-03 09:31 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-03 09:31 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-03 09:31 . 2009-09-15 11:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-03 09:31 . 2009-09-15 11:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-02 18:05 . 2008-03-30 18:55 1213784 ----a-w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6\vsapi32.dll
2009-11-02 18:05 . 2006-11-22 16:48 91744 ----a-w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6\BPMNT.dll
2009-11-02 18:05 . 2006-07-07 15:29 1197584 ----a-w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6\ssapi32.dll
2009-11-02 18:05 . 2009-03-27 16:38 366344 ----a-w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6\tsc.exe
2009-11-02 18:04 . 2009-11-02 18:05 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6
2009-11-02 18:04 . 2009-11-02 18:04 -------- d-----w- c:\windows\system32\HouseCall 6.6
2009-11-02 15:55 . 2009-11-02 15:55 -------- d-----w- c:\documents and settings\jean roland huber\Local Settings\Application Data\PCHealth
2009-11-02 06:17 . 2009-11-02 06:17 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\SPAMfighter
2009-11-01 15:49 . 2009-11-01 15:57 -------- d-----w- c:\program files\Windows Live Safety Center
2009-11-01 13:10 . 2009-11-01 13:10 -------- d-----w- c:\program files\Panda Security
2009-11-01 11:09 . 2009-11-05 07:54 -------- d--h--w- c:\documents and settings\jean roland huber\Application Data\drivers
2009-10-22 08:47 . 2009-10-22 08:47 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-22 08:20 . 2009-10-22 08:20 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\Caere
2009-10-22 07:46 . 2009-10-22 08:45 -------- d-----w- c:\windows\pixtran
2009-10-22 07:45 . 2009-10-22 08:45 -------- d-----w- c:\program files\Fichiers communs\Caere
2009-10-22 07:45 . 2009-10-22 07:45 -------- d-----w- c:\program files\Caere
2009-10-18 07:14 . 2009-10-18 07:14 -------- d-----r- C:\AHCache
2009-10-16 15:50 . 2009-11-03 14:56 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-16 15:50 . 2009-10-16 15:50 -------- d-----w- c:\program files\MSBuild
2009-10-16 15:49 . 2009-10-16 15:49 -------- d-----w- c:\program files\Reference Assemblies
2009-10-16 15:15 . 2009-10-16 15:15 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\System Tweaker
2009-10-16 11:34 . 2009-10-16 11:47 -------- d-----w- c:\windows\LastGood(2)
2009-10-16 07:34 . 2009-10-16 07:34 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\Uniblue

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 09:46 . 2008-11-24 16:36 -------- d-----w- c:\program files\Samsung
2009-11-07 08:21 . 2009-03-19 11:01 117760 ----a-w- c:\documents and settings\jean roland huber\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-07 08:18 . 2008-02-13 20:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-05 14:49 . 2008-02-05 19:39 126672 ----a-w- c:\documents and settings\jean roland huber\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-03 17:30 . 2008-02-05 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-11-03 17:10 . 2008-09-07 14:13 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\Yahoo!
2009-11-03 17:10 . 2008-02-05 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-11-03 17:10 . 2008-02-05 21:54 -------- d-----w- c:\program files\Yahoo!
2009-11-03 15:25 . 2008-04-17 13:42 -------- d-----w- c:\program files\eMule
2009-11-03 09:25 . 2008-10-12 19:11 -------- d-----w- c:\program files\McAfee
2009-11-03 06:40 . 2007-06-05 15:54 183356 ----a-w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6\Uninstaller.exe
2009-11-03 06:23 . 2009-11-02 06:37 156083 ----a-w- c:\windows\java\Packages\ZJXJ3X79.ZIP
2009-11-03 06:23 . 2009-11-02 06:37 137572 ----a-w- c:\windows\java\Packages\Y93137VJ.ZIP
2009-11-03 06:23 . 2009-11-02 06:37 323786 ----a-w- c:\windows\java\Packages\C7JBZR9V.ZIP
2009-11-03 06:23 . 2009-11-02 06:37 191930 ----a-w- c:\windows\java\Packages\B9RZDBZN.ZIP
2009-11-03 06:23 . 2009-11-02 06:37 11045 ----a-w- c:\windows\java\Packages\A33Z7XFT.ZIP
2009-11-03 06:23 . 2009-11-02 06:37 558232 ----a-w- c:\windows\java\Packages\8FXBDVBB.ZIP
2009-11-02 06:27 . 2008-02-06 19:44 -------- d-----w- c:\program files\languages
2009-10-21 17:06 . 2008-05-30 07:31 -------- d-----w- c:\program files\inKline Global
2009-10-21 17:06 . 2002-09-29 11:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-17 21:26 . 2009-01-28 11:55 -------- d-----w- c:\program files\NODouble
2009-10-17 21:21 . 2008-07-01 16:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-16 07:23 . 2002-09-27 15:32 76487 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-10-16 07:02 . 2008-02-06 19:55 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\XnView
2009-09-17 06:54 . 2009-09-17 06:54 -------- d-----w- c:\program files\MAGIX
2009-09-15 16:18 . 2009-03-01 16:30 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\Audacity
2009-09-14 09:49 . 2009-09-14 09:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2009-09-14 08:33 . 2008-07-25 07:51 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-11 14:18 . 2002-09-27 15:15 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18 . 2002-09-27 15:15 136192 ----a-w- c:\windows\system32\msv1_0(2)(2).dll
2009-09-04 21:04 . 2002-09-27 15:15 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:04 . 2002-09-27 15:15 58880 ----a-w- c:\windows\system32\msasn1(2)(2).dll
2009-08-29 10:17 . 2009-08-29 10:17 82464 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-08-29 10:17 . 2009-08-29 10:17 37888 ----a-w- c:\windows\system32\setupnt.dll
2009-08-29 10:17 . 2009-08-29 10:17 28928 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-08-29 10:17 . 2009-08-29 10:17 212288 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-08-29 10:17 . 2009-08-29 10:17 126976 ----a-w- c:\windows\system32\snapapi.dll
2009-08-29 07:28 . 2002-09-27 15:16 832512 ----a-w- c:\windows\system32\wininet(4)(2).dll
2009-08-29 07:28 . 2002-09-27 15:16 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:28 . 2002-09-27 15:16 1168384 ----a-w- c:\windows\system32\urlmon(4)(2).dll
2009-08-29 07:28 . 2002-09-27 15:16 105984 ----a-w- c:\windows\system32\url(4)(2).dll
2009-08-29 07:28 . 2007-08-13 17:34 268288 ----a-w- c:\windows\system32\iertutil(3)(2).dll
2009-08-29 07:28 . 2008-02-05 19:31 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:28 . 2002-09-27 15:15 17408 ------w- c:\windows\system32\corpol.dll
2009-08-28 14:14 . 2009-08-28 14:14 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-28 06:51 . 2009-08-28 06:49 24 --sh--w- c:\windows\SF6CB562F.tmp
2009-08-26 08:01 . 2002-09-27 15:15 247326 ----a-w- c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-11-05_08.25.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-08 14:37 . 2009-11-08 14:37 16384 c:\windows\temp\Perflib_Perfdata_52c.dat
+ 2009-11-07 08:18 . 2009-11-07 08:18 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-11-07 08:18 . 2009-11-07 08:18 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-11-08 09:33 . 2009-11-08 09:33 24576 c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2009-11-08 09:33 . 2009-11-08 09:33 24576 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2009-11-05 10:00 . 2009-11-05 10:00 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll
+ 2009-11-05 10:00 . 2009-11-05 10:00 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll
+ 2009-11-05 09:37 . 2009-11-05 09:37 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll
+ 2009-11-05 09:37 . 2009-11-05 09:37 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll
+ 2009-11-05 09:37 . 2009-11-05 09:37 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll
+ 2009-11-07 08:18 . 2009-11-07 08:18 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
+ 2009-11-08 09:33 . 2008-08-07 14:27 163328 c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2009-11-08 09:33 . 2008-08-07 14:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2009-11-05 10:01 . 2009-11-05 10:01 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll
+ 2009-11-05 10:00 . 2009-11-05 10:00 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll
+ 2009-11-05 10:00 . 2009-11-05 10:00 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll
+ 2009-11-05 10:00 . 2009-11-05 10:00 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll
+ 2009-11-05 09:40 . 2009-11-05 09:40 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll
+ 2009-11-05 09:37 . 2009-11-05 09:37 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll
+ 2009-11-05 09:37 . 2009-11-05 09:37 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll
+ 2009-11-05 09:37 . 2009-11-05 09:37 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe
+ 2009-11-05 09:37 . 2009-11-05 09:37 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2009-11-05 09:37 . 2009-11-05 09:37 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2009-11-07 08:18 . 2009-11-07 08:18 1583616 c:\windows\Installer\1fe5d8.msi
+ 2009-11-08 09:33 . 2009-11-08 09:33 5402624 c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2009-11-08 09:33 . 2009-11-08 09:33 5402624 c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2009-11-05 10:01 . 2009-11-05 10:01 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll
+ 2009-11-05 10:01 . 2009-11-05 10:01 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll
+ 2009-11-05 10:00 . 2009-11-05 10:00 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll
+ 2009-11-05 10:00 . 2009-11-05 10:00 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll
+ 2009-11-05 09:40 . 2009-11-05 09:40 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll
+ 2009-11-05 09:37 . 2009-11-05 09:37 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll
+ 2009-11-05 09:39 . 2009-11-05 09:39 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\5b1af7b5be24c7ace065fe1c81c2b650\Microsoft.JScript.ni.dll
+ 2009-11-05 09:37 . 2009-11-05 09:37 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2009-11-05 09:37 . 2009-11-05 09:37 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "c:\program files\Secured_eMule\tbSecu.dll" [2007-05-27 1326104]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]
2007-05-27 11:17 1326104 ----a-w- c:\program files\Secured_eMule\tbSecu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "c:\program files\Secured_eMule\tbSecu.dll" [2007-05-27 1326104]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7}"= "c:\program files\Secured_eMule\tbSecu.dll" [2007-05-27 1326104]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-12 2000112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-19 20480]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"Cloneur Expert Monitor"="c:\program files\Micro Application\TrueImageMonitor.exe" [2009-08-29 443116]
"Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2009-08-29 90112]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2002-10-28 47104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.exe.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-2-27 113664]
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-2-27 113664]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
MioSync.lnk - c:\program files\Mio Technology\MioSync\mioSync.exe [2009-6-10 638976]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4242:TCP"= 4242:TCP:DonkeyServer No1
"86:TCP"= 86:TCP:BroadCam Web Server

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [03/11/2009 10:31 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/10/2009 21:24 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/10/2009 21:24 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/11/2009 10:31 20560]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/10/2008 20:13 92296]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/10/2009 21:24 7408]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys --> c:\windows\system32\drivers\pavboot.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe --> c:\magix\Common\Database\bin\fbserver.exe [?]
S3 TV_551805_Sp50;TV_551805_Sp50 NDIS Protocol Driver;c:\windows\system32\drivers\TV_551805_Sp50.sys [01/09/2008 15:03 27072]
S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;c:\windows\system32\drivers\usb8023.sys [27/09/2002 16:16 12800]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mbr
.
Contenu du dossier 'Tâches planifiées'

2009-07-03 c:\windows\Tasks\Rescue Reminder for 2HAS323A.job
- c:\program files\Maxtor\ManagerApp\MaxUtilities.exe [2008-07-21 14:52]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://m.fr.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.tropal.net/
uInternet Connection Wizard,ShellNext = hxxp://www.medion.com/
uSearchURL,(Default) = hxxp://fr.search.yahoo.com/search?fr=mcafee&p=%s
IE: &Search the web - http://toolbar.recfree.com/rcfr/ctxmnu.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {EF553838-970A-41C2-ABB7-6A75D68D3BFA} = 80.118.192.100,80.118.196.38
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-08 16:07
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x8238B8AC]<<
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

atapi.sys @ 0x0 0x0 bytes

\Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xF83A4B40 atapi.sys
\Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xF83A4B40 atapi.sys
\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xF83A4B40 atapi.sys
\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xF83A4B40 atapi.sys
\Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xF83A4B40 atapi.sys
\Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xF83A4B40 atapi.sys
\Driver\atapi IRP hooks detected !

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\CurrentControlSet]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\USER\LocalSystem]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(3620)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\Acronis\Schedule2\schedul2.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-11-08 16:15 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-11-08 15:15
ComboFix2.txt 2009-11-06 09:13
ComboFix3.txt 2009-11-02 16:00
ComboFix4.txt 2009-11-02 08:05

Avant-CF: 11 538 055 168 octets libres
Après-CF: 11 506 122 752 octets libres
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((((((((( Fichiers créés du 2009-10-08 au 2009-11-08 ))))))))))))))))))))))))))))))))))))
.

2009-11-08 09:35 . 2009-11-08 09:35 579584 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-11-08 09:33 . 2009-11-08 09:33 -------- d-----w- c:\windows\ERUNT
2009-11-08 09:31 . 2008-11-06 01:03 -------- d-----w- C:\SDFix
2009-11-07 08:18 . 2009-11-07 08:18 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-11-06 08:49 . 2009-11-06 09:14 -------- d-----w- C:\jr83h3483j
2009-11-05 08:11 . 2009-11-05 08:34 -------- d-----w- C:\jr83h
2009-11-04 16:32 . 2009-03-24 15:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-03 17:10 . 2009-11-03 17:10 -------- d-----w- c:\documents and settings\jean roland huber\Local Settings\Application Data\Yahoo
2009-11-03 17:10 . 2009-11-03 17:10 262144 ----a-w- C:\ntuser.dat
2009-11-03 14:54 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-03 14:54 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-03 14:54 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-11-03 14:54 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-11-03 14:54 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-03 14:54 . 2009-11-03 14:55 -------- d-----w- C:\d1f7b861680bec64404c
2009-11-03 14:54 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-11-03 14:54 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-11-03 09:31 . 2009-09-15 11:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-03 09:31 . 2009-09-15 11:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-03 09:31 . 2009-09-15 11:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-03 09:31 . 2009-09-15 11:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-03 09:31 . 2009-09-15 11:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-03 09:31 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-03 09:31 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-03 09:31 . 2009-09-15 11:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-03 09:31 . 2009-09-15 11:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-02 18:05 . 2008-03-30 18:55 1213784 ----a-w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6\vsapi32.dll
2009-11-02 18:05 . 2006-11-22 16:48 91744 ----a-w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6\BPMNT.dll
2009-11-02 18:05 . 2006-07-07 15:29 1197584 ----a-w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6\ssapi32.dll
2009-11-02 18:05 . 2009-03-27 16:38 366344 ----a-w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6\tsc.exe
2009-11-02 18:04 . 2009-11-02 18:05 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6
2009-11-02 18:04 . 2009-11-02 18:04 -------- d-----w- c:\windows\system32\HouseCall 6.6
2009-11-02 15:55 . 2009-11-02 15:55 -------- d-----w- c:\documents and settings\jean roland huber\Local Settings\Application Data\PCHealth
2009-11-02 06:17 . 2009-11-02 06:17 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\SPAMfighter
2009-11-01 15:49 . 2009-11-01 15:57 -------- d-----w- c:\program files\Windows Live Safety Center
2009-11-01 13:10 . 2009-11-01 13:10 -------- d-----w- c:\program files\Panda Security
2009-11-01 11:09 . 2009-11-05 07:54 -------- d--h--w- c:\documents and settings\jean roland huber\Application Data\drivers
2009-10-22 08:47 . 2009-10-22 08:47 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-22 08:20 . 2009-10-22 08:20 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\Caere
2009-10-22 07:46 . 2009-10-22 08:45 -------- d-----w- c:\windows\pixtran
2009-10-22 07:45 . 2009-10-22 08:45 -------- d-----w- c:\program files\Fichiers communs\Caere
2009-10-22 07:45 . 2009-10-22 07:45 -------- d-----w- c:\program files\Caere
2009-10-18 07:14 . 2009-10-18 07:14 -------- d-----r- C:\AHCache
2009-10-16 15:50 . 2009-11-03 14:56 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-16 15:50 . 2009-10-16 15:50 -------- d-----w- c:\program files\MSBuild
2009-10-16 15:49 . 2009-10-16 15:49 -------- d-----w- c:\program files\Reference Assemblies
2009-10-16 15:15 . 2009-10-16 15:15 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\System Tweaker
2009-10-16 11:34 . 2009-10-16 11:47 -------- d-----w- c:\windows\LastGood(2)
2009-10-16 07:34 . 2009-10-16 07:34 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\Uniblue

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 09:46 . 2008-11-24 16:36 -------- d-----w- c:\program files\Samsung
2009-11-07 08:21 . 2009-03-19 11:01 117760 ----a-w- c:\documents and settings\jean roland huber\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-07 08:18 . 2008-02-13 20:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-05 14:49 . 2008-02-05 19:39 126672 ----a-w- c:\documents and settings\jean roland huber\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-03 17:30 . 2008-02-05 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-11-03 17:10 . 2008-09-07 14:13 -------- d-----w- c:\documents and settings\jean roland huber\Application Data\Yahoo!
2009-11-03 17:10 . 2008-02-05 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-11-03 17:10 . 2008-02-05 21:54 -------- d-----w- c:\program files\Yahoo!
2009-11-03 15:25 . 2008-04-17 13:42 -------- d-----w- c:\program files\eMule
2009-11-03 09:25 . 2008-10-12 19:11 -------- d-----w- c:\program files\McAfee
2009-11-03 06:40 . 2007-06-05 15:54 183356 ----a-w- c:\documents and settings\jean roland huber\Application Data\HouseCall 6.6\Uninstaller.exe
2009-11-03 06:23 . 2009-11-02 06:37 156083 ----a-w- c:\windows\java\Packages\ZJXJ3X79.ZIP
2009-11-03 06:23 . 2009-11-02 06:37 137572 ----a-w- c:\windows\java\Packages\Y93137VJ.ZIP
2009-11-03 06:23 . 2009-11-02 06:37 323786 ----a-w- c:\windows\java\Packages\C7JBZR9V.ZIP
2009-11-03 06:23 . 2009-11-02 06:37 191930 ----a-w- c:\windows\java\Packages\B9RZDBZN.ZIP
2009-11-03 06:23 . 2009-11-02 06:37 11045 ----a-w- c:\windows\java\Packages\A33Z7XFT.ZIP
2009-11-03 06:23 . 2009-11-02 06:37 558232 ----a-w- c:\windows\java\Packages\8FXBDVBB.ZIP
2009-11-02 06:27 . 2008-02-06 19:44 -------- d-----w- c:\program files\languages
2009-10-21 17:06 . 2008-05-30 07:31 -------- d-----w- c:\program files\inKline Global
2009-10-21 17:06 . 2002-09-29 11:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-17 21:26 . 2009-01-28 11:55 ------
répondre
jr83h le 08 novembre 2009 à 20h13
excuse moi
j'ai oublie de mentionner qu'à la suite du dernier scan (combo) est apparu le message suivant un virus est present dans votre machine:
C\document(tilde)\jean roland\locals(tilde) 1\temps\catchme.sys
action recommandée : ignorer ce que j'ai fait et conduit au scan par avast qui n'a rien trouvé!
en esperant que cela puisse te servir
bonne soirée
jr83h
répondre
jeanmimigab le 08 novembre 2009 à 20h53
:hello:

catchme.sys, fait partie de combofix...


il me faut aussi le rapport OAD demandé dans mon dernier message... :)

:salut:

-------
Click974

Notre ami

C'est cette Corse que j'aime...

>> Surfons couverts << en tuto

>>> et encore des tutos <<<
répondre
page précédente  1 - 2 - 3
ou aller à la page
 page suivante


À PROPOS DU FORUM MICRO HEBDO

LES FORUMS THÉMATIQUES ET TECHNIQUES

LES FORUMS GÉNÉRAUX

ARCHIVES DU FORUM

Forum de Micro Hebdo / Questions techniques diverses / Sécurité/ disp)arition de mes securites
publicité
01Informatique
01 INFORMATIQUE
L'hebdo de référence des décideurs informatiques.
Micro Hebdo
MICRO HEBDO
L'hebdo qui vous simplifie la micro
et Internet.
L'Ordinateur Individuel
L'ORDINATEUR INDIVIDUEL
Le mensuel informatique qui vous informe et vous conseille.
Nous contacter  |  Charte de confiance  |  Voir notice légale

01net.  -  01men  -  RMC  -  BFM Radio  -  BFM TV  -  TousLesPodcasts  -  01informatique.fr  -  Association RMC-BFM
Tous droits réservés © 1999 - 2009 Internext - 01net.