Bien le bonsoir. Voilà je me suis aperçu récemment que le trojan wintems.exe s'est introduit dans mes processus. Il m'est impossible de lancer les utilitaires tels que Hijackthis Avenger et tout essaie de setup ( comme Kaspersky ou encore CCleaner) me renvoit le message d'erreur : "... n'est pas une application Win32 valide." normal, à cause de fichu virus il m'est impossible d'installer un utilitaire pour l'éradiquer. Il m'est également impossible de démarrer en Mode sans échec, avec et sans prise de charge réseau.


SEULEMENT j'ai, grâce au fameux F-BlackLight Rootkit eliminator (le seul utilitaire qui a pu s'installer), pu découvrir les fichiers et dossiers cachés de mon system32, je vous fais part du log :






04/15/08 21:01:21 [Info]: BlackLight Engine 1.0.70 initialized
04/15/08 21:01:21 [Info]: OS: 5.1 build 2600 (Service Pack 2)
04/15/08 21:01:21 [Note]: 7019 4
04/15/08 21:01:21 [Note]: 7005 0
04/15/08 21:01:30 [Note]: 7006 0
04/15/08 21:01:30 [Note]: 7011 1656
04/15/08 21:01:30 [Note]: 7035 0
04/15/08 21:01:35 [Note]: 7026 0
04/15/08 21:01:39 [Note]: 7026 0
04/15/08 21:01:39 [Note]: 7024 3
04/15/08 21:01:39 [Info]: Hidden process: C:\WINDOWS\system32\drivers\hldrrr.exe
04/15/08 21:01:44 [Note]: FSRAW library version 1.7.1024
04/15/08 21:03:37 [Info]: Hidden file: c:\Program Files\Image-Line\Shared\Data\DirectWave\Orchestral\Strings\Mellotron_02\SYM
04/15/08 21:03:37 [Note]: 10002 3
04/15/08 21:03:37 [Info]: Hidden file: c:\Program Files\Image-Line\Shared\Data\DirectWave\Orchestral\Strings\Mellotron_02\SYM
04/15/08 21:03:37 [Note]: 10002 3
04/15/08 21:03:37 [Info]: Hidden file: c:\Program Files\Image-Line\Shared\Data\DirectWave\Orchestral\Strings\Mellotron_02\SYM
04/15/08 21:03:37 [Note]: 10002 3
04/15/08 21:03:37 [Info]: Hidden file: c:\Program Files\Image-Line\Shared\Data\DirectWave\Orchestral\Strings\Mellotron_02\SYM
04/15/08 21:03:37 [Note]: 10002 3
04/15/08 21:03:37 [Info]: Hidden file: c:\Program Files\Image-Line\Shared\Data\DirectWave\Orchestral\Strings\Mellotron_02\SYM
04/15/08 21:03:37 [Note]: 10002 3
04/15/08 21:03:37 [Info]: Hidden file: c:\Program Files\Image-Line\Shared\Data\DirectWave\Orchestral\Strings\Mellotron_02\SYM
04/15/08 21:03:37 [Note]: 10002 3
04/15/08 21:03:37 [Info]: Hidden file: c:\Program Files\Image-Line\Shared\Data\DirectWave\Orchestral\Strings\Mellotron_02\SYM
04/15/08 21:03:37 [Note]: 10002 3
04/15/08 21:03:37 [Info]: Hidden file: c:\Program Files\Image-Line\Shared\Data\DirectWave\Orchestral\Strings\Mellotron_02\SYM
04/15/08 21:03:37 [Note]: 10002 3
04/15/08 21:03:37 [Info]: Hidden file: c:\Program Files\Image-Line\Shared\Data\DirectWave\Orchestral\Strings\Mellotron_02\SYM
04/15/08 21:03:37 [Note]: 10002 3
04/15/08 21:03:37 [Info]: Hidden file: c:\Program Files\Image-Line\Shared\Data\DirectWave\Orchestral\Strings\Mellotron_02\SYM
04/15/08 21:03:37 [Note]: 10002 3
04/15/08 21:03:37 [Info]: Hidden file: c:\Program Files\Image-Line\Shared\Data\DirectWave\Orchestral\Strings\Mellotron_02\SYM
04/15/08 21:03:37 [Note]: 10002 3
04/15/08 21:03:37 [Info]: Hidden file: c:\Program Files\Image-Line\Shared\Data\DirectWave\Orchestral\Strings\Mellotron_02.dwp
04/15/08 21:03:37 [Note]: 10002 3
04/15/08 21:03:37 [Info]: Hidden file: c:\Program Files\Image-Line\Shared\Data\SynthMaker\Effects\SMG Filter Delay.osm
04/15/08 21:03:37 [Note]: 10002 3
04/15/08 21:03:37 [Info]: Hidden file: c:\Program Files\Image-Line\Shared\Data\SynthMaker\Generators\SMG 30X.osm
04/15/08 21:03:37 [Note]: 10002 3
04/15/08 21:03:37 [Note]: 10002 2
04/15/08 21:03:37 [Note]: 10002 2
04/15/08 21:04:06 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\empty.txt
04/15/08 21:04:06 [Note]: 10002 3
04/15/08 21:04:06 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\filters.xml
04/15/08 21:04:06 [Note]: 10002 3
04/15/08 21:04:06 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\news.png
04/15/08 21:04:06 [Note]: 10002 3
04/15/08 21:04:06 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\paint.png
04/15/08 21:04:06 [Note]: 10002 3
04/15/08 21:04:06 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\profiles\blank.txt
04/15/08 21:04:06 [Note]: 10002 3
04/15/08 21:04:06 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\sample1.jpg
04/15/08 21:04:06 [Note]: 10002 3
04/15/08 21:04:06 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\sample2.jpg
04/15/08 21:04:06 [Note]: 10002 3
04/15/08 21:04:06 [Note]: 10002 2
04/15/08 21:04:06 [Note]: 10002 2
04/15/08 21:04:16 [Info]: Hidden file: c:\Program Files\Skype\Toolbars\Shared\SPhoneParser.dll
04/15/08 21:04:17 [Note]: 10002 3
04/15/08 21:04:17 [Note]: 10002 2
04/15/08 21:04:17 [Note]: 10002 2
04/15/08 21:04:31 [Info]: Hidden file: c:\Program Files\Windows Live\Photo Gallery\Shared\Filters.xml
04/15/08 21:04:31 [Note]: 10002 3
04/15/08 21:04:31 [Note]: 10002 2
04/15/08 21:04:31 [Note]: 10002 2
04/15/08 21:14:55 [Info]: Hidden file: c:\WINDOWS\ime\shared\imepaden.hlp
04/15/08 21:14:55 [Note]: 10002 3
04/15/08 21:14:55 [Info]: Hidden file: c:\WINDOWS\ime\shared\imepadsm.dll
04/15/08 21:14:55 [Note]: 10002 3
04/15/08 21:14:55 [Info]: Hidden file: c:\WINDOWS\ime\shared\imepadsv.exe
04/15/08 21:14:55 [Note]: 10002 3
04/15/08 21:14:55 [Info]: Hidden file: c:\WINDOWS\ime\shared\imlang.dll
04/15/08 21:14:55 [Note]: 10002 3
04/15/08 21:14:55 [Info]: Hidden file: c:\WINDOWS\ime\shared\res\padrs404.dll
04/15/08 21:14:55 [Note]: 10002 3
04/15/08 21:14:55 [Info]: Hidden file: c:\WINDOWS\ime\shared\res\padrs411.dll
04/15/08 21:14:55 [Note]: 10002 3
04/15/08 21:14:56 [Info]: Hidden file: c:\WINDOWS\ime\shared\res\padrs412.dll
04/15/08 21:14:56 [Note]: 10002 3
04/15/08 21:14:56 [Info]: Hidden file: c:\WINDOWS\ime\shared\res\padrs804.dll
04/15/08 21:14:56 [Note]: 10002 3
04/15/08 21:14:56 [Note]: 10002 2
04/15/08 21:14:56 [Note]: 10002 2
04/15/08 21:15:29 [Note]: 10002 3
04/15/08 21:15:29 [Note]: 10002 3
04/15/08 21:15:29 [Note]: 10002 3
04/15/08 21:15:29 [Note]: 10002 3
04/15/08 21:15:29 [Note]: 10002 3
04/15/08 21:15:29 [Note]: 10002 3
04/15/08 21:15:29 [Note]: 10002 3
04/15/08 21:15:29 [Note]: 10002 3
04/15/08 21:15:29 [Note]: 10002 2
04/15/08 21:15:29 [Note]: 10002 2
04/15/08 21:21:03 [Info]: Hidden file: c:\WINDOWS\system32\wintems.exe
04/15/08 21:21:03 [Note]: 10002 2
04/15/08 21:21:03 [Info]: Hidden file: c:\WINDOWS\system32\mdelk.exe
04/15/08 21:21:03 [Note]: 10002 2
04/15/08 21:22:16 [Info]: Hidden file: C:\WINDOWS\system32\drivers\hldrrr.exe
04/15/08 21:22:16 [Note]: 10002 2
04/15/08 21:22:16 [Info]: Hidden file: c:\WINDOWS\system32\drivers\srosa.sys
04/15/08 21:22:16 [Note]: 10002 2
04/15/08 21:22:16 [Info]: Hidden file: c:\WINDOWS\system32\drivers\mdelk.exe
04/15/08 21:22:16 [Note]: 10002 2
04/15/08 21:22:51 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\38750.exe
04/15/08 21:22:51 [Note]: 10002 3
04/15/08 21:22:51 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\113984.exe
04/15/08 21:22:51 [Note]: 10002 3
04/15/08 21:22:51 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\123359.exe
04/15/08 21:22:52 [Note]: 10002 3
04/15/08 21:22:52 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\133906.exe
04/15/08 21:22:52 [Note]: 10002 3
04/15/08 21:22:52 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\139265.exe
04/15/08 21:22:52 [Note]: 10002 3
04/15/08 21:22:52 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\145593.exe
04/15/08 21:22:52 [Note]: 10002 3
04/15/08 21:22:52 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\147468.exe
04/15/08 21:22:52 [Note]: 10002 3
04/15/08 21:22:52 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\153921.exe
04/15/08 21:22:52 [Note]: 10002 3
04/15/08 21:22:52 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\155593.exe
04/15/08 21:22:52 [Note]: 10002 3
04/15/08 21:22:52 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\161546.exe
04/15/08 21:22:52 [Note]: 10002 3
04/15/08 21:22:52 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\161953.exe
04/15/08 21:22:52 [Note]: 10002 3
04/15/08 21:22:52 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\195000.exe
04/15/08 21:22:52 [Note]: 10002 3
04/15/08 21:22:52 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\201593.exe
04/15/08 21:22:52 [Note]: 10002 3
04/15/08 21:22:52 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\207437.exe
04/15/08 21:22:52 [Note]: 10002 3
04/15/08 21:22:52 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\256312.exe
04/15/08 21:22:52 [Note]: 10002 3
04/15/08 21:22:52 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\263203.exe
04/15/08 21:22:52 [Note]: 10002 3
04/15/08 21:22:52 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\274500.exe
04/15/08 21:22:52 [Note]: 10002 3
04/15/08 21:22:52 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\279609.exe
04/15/08 21:22:52 [Note]: 10002 3
04/15/08 21:22:52 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\286203.exe
04/15/08 21:22:52 [Note]: 10002 3
04/15/08 21:22:52 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\288234.exe
04/15/08 21:22:52 [Note]: 10002 3
04/15/08 21:22:52 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\292031.exe
04/15/08 21:22:53 [Note]: 10002 3
04/15/08 21:22:53 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\297656.exe
04/15/08 21:22:53 [Note]: 10002 3
04/15/08 21:22:53 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\299375.exe
04/15/08 21:22:53 [Note]: 10002 3
04/15/08 21:22:53 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\318312.exe
04/15/08 21:22:53 [Note]: 10002 3
04/15/08 21:22:53 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\341062.exe
04/15/08 21:22:53 [Note]: 10002 3
04/15/08 21:22:53 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\348562.exe
04/15/08 21:22:53 [Note]: 10002 3
04/15/08 21:22:53 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\390671.exe
04/15/08 21:22:53 [Note]: 10002 3
04/15/08 21:22:53 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\392921.exe
04/15/08 21:22:53 [Note]: 10002 3
04/15/08 21:22:53 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\416937.exe
04/15/08 21:22:53 [Note]: 10002 3
04/15/08 21:22:53 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\41796.exe
04/15/08 21:22:53 [Note]: 10002 3
04/15/08 21:22:53 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\43343.exe
04/15/08 21:22:53 [Note]: 10002 3
04/15/08 21:22:53 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\44500.exe
04/15/08 21:22:53 [Note]: 10002 3
04/15/08 21:22:53 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\46156.exe
04/15/08 21:22:53 [Note]: 10002 3
04/15/08 21:22:53 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\49109.exe
04/15/08 21:22:53 [Note]: 10002 3
04/15/08 21:22:53 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\49234.exe
04/15/08 21:22:53 [Note]: 10002 3
04/15/08 21:22:53 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\507890.exe
04/15/08 21:22:54 [Note]: 10002 3
04/15/08 21:22:54 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\51531.exe
04/15/08 21:22:54 [Note]: 10002 3
04/15/08 21:22:54 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\524734.exe
04/15/08 21:22:54 [Note]: 10002 3
04/15/08 21:22:54 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\535265.exe
04/15/08 21:22:54 [Note]: 10002 3
04/15/08 21:22:54 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\541296.exe
04/15/08 21:22:54 [Note]: 10002 3
04/15/08 21:22:54 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\57718.exe
04/15/08 21:22:54 [Note]: 10002 3
04/15/08 21:22:54 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\65828.exe
04/15/08 21:22:54 [Note]: 10002 3
04/15/08 21:22:54 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\72093.exe
04/15/08 21:22:54 [Note]: 10002 3
04/15/08 21:22:54 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\80031.exe
04/15/08 21:22:54 [Note]: 10002 3
04/15/08 21:22:54 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\84906.exe
04/15/08 21:22:54 [Note]: 10002 3
04/15/08 21:22:54 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\91703.exe
04/15/08 21:22:54 [Note]: 10002 3
04/15/08 21:22:54 [Note]: 10002 2
04/15/08 21:22:54 [Note]: 10002 2
04/15/08 21:33:01 [Note]: 2000 1012
04/15/08 21:33:52 [Note]: 7007 0



Et Maintenant, comment les supprimer les foutu wintems.exe, hldrrr.exe, les numéros.exe et compagnie ???

(De plus, les fichiers et dossiers cachés ne s'affichent pas même si dans l'option des dossiers j'ai coché pour les afficher.)


Merci d'avance..

Au lancement de ELIBAGLA, j'ai le message suivant dans une fenêtre avec le panneau jaune d'attention "!" :

Por favor, envienos una muestra del fichero C:\Muestra\HLDRRR.EXE.Muestra EliBagle v11.26 a "virus@satinfo.es". Gracias.

Je m'efforce de comprendre, ils veulent que je leur envoit un screenshot du dossier, mais bon, j'ouvre le dossier demandé C:\Muestra et je relance ELIBAGLA du bureau.

Une autre fenêtre arrive :

"Detectado Gusano BAGLE. Reinicie para Completar la Limpieza."

Juste après la fenêtre de scan apparaît, je vérifie que le bouton soit coché, dans unidad C:\ (le systeme contenant mon OS), je clique sur Explorar, il scan et au bout de 5 secondes le logiciel se coupe.

Même chose si je répète l'opération.

Erf maintenant mon pc reboot toute les 5-10 minutes..

C'est bon, résolu.


(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\113984.exe
C:\WINDOWS\system32\drivers\downld\123359.exe
C:\WINDOWS\system32\drivers\downld\133906.exe
C:\WINDOWS\system32\drivers\downld\139265.exe
C:\WINDOWS\system32\drivers\downld\145593.exe
C:\WINDOWS\system32\drivers\downld\147468.exe
C:\WINDOWS\system32\drivers\downld\153921.exe
C:\WINDOWS\system32\drivers\downld\155593.exe
C:\WINDOWS\system32\drivers\downld\161546.exe
C:\WINDOWS\system32\drivers\downld\161953.exe
C:\WINDOWS\system32\drivers\downld\195000.exe
C:\WINDOWS\system32\drivers\downld\201593.exe
C:\WINDOWS\system32\drivers\downld\207437.exe
C:\WINDOWS\system32\drivers\downld\256312.exe
C:\WINDOWS\system32\drivers\downld\263203.exe
C:\WINDOWS\system32\drivers\downld\274500.exe
C:\WINDOWS\system32\drivers\downld\279609.exe
C:\WINDOWS\system32\drivers\downld\286203.exe
C:\WINDOWS\system32\drivers\downld\288234.exe
C:\WINDOWS\system32\drivers\downld\292031.exe
C:\WINDOWS\system32\drivers\downld\297656.exe
C:\WINDOWS\system32\drivers\downld\299375.exe
C:\WINDOWS\system32\drivers\downld\318312.exe
C:\WINDOWS\system32\drivers\downld\341062.exe
C:\WINDOWS\system32\drivers\downld\348562.exe
C:\WINDOWS\system32\drivers\downld\38750.exe
C:\WINDOWS\system32\drivers\downld\390671.exe
C:\WINDOWS\system32\drivers\downld\392921.exe
C:\WINDOWS\system32\drivers\downld\416937.exe
C:\WINDOWS\system32\drivers\downld\41796.exe
C:\WINDOWS\system32\drivers\downld\43343.exe
C:\WINDOWS\system32\drivers\downld\44500.exe
C:\WINDOWS\system32\drivers\downld\46156.exe
C:\WINDOWS\system32\drivers\downld\49109.exe
C:\WINDOWS\system32\drivers\downld\49234.exe
C:\WINDOWS\system32\drivers\downld\507890.exe
C:\WINDOWS\system32\drivers\downld\51531.exe
C:\WINDOWS\system32\drivers\downld\524734.exe
C:\WINDOWS\system32\drivers\downld\535265.exe
C:\WINDOWS\system32\drivers\downld\541296.exe
C:\WINDOWS\system32\drivers\downld\57718.exe
C:\WINDOWS\system32\drivers\downld\65828.exe
C:\WINDOWS\system32\drivers\downld\72093.exe
C:\WINDOWS\system32\drivers\downld\80031.exe
C:\WINDOWS\system32\drivers\downld\84906.exe
C:\WINDOWS\system32\drivers\downld\91703.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe

Merci infiniment.

Bon d'accord, Voilà le log au complet :


ComboFix 08-04-15.1 - Sense 2008-04-16 8:12:37.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.635 [GMT 2:00]
Endroit: C:\Documents and Settings\Sense\Bureau\KillBagle.exe
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\113984.exe
C:\WINDOWS\system32\drivers\downld\123359.exe
C:\WINDOWS\system32\drivers\downld\133906.exe
C:\WINDOWS\system32\drivers\downld\139265.exe
C:\WINDOWS\system32\drivers\downld\145593.exe
C:\WINDOWS\system32\drivers\downld\147468.exe
C:\WINDOWS\system32\drivers\downld\153921.exe
C:\WINDOWS\system32\drivers\downld\155593.exe
C:\WINDOWS\system32\drivers\downld\161546.exe
C:\WINDOWS\system32\drivers\downld\161953.exe
C:\WINDOWS\system32\drivers\downld\195000.exe
C:\WINDOWS\system32\drivers\downld\201593.exe
C:\WINDOWS\system32\drivers\downld\207437.exe
C:\WINDOWS\system32\drivers\downld\256312.exe
C:\WINDOWS\system32\drivers\downld\263203.exe
C:\WINDOWS\system32\drivers\downld\274500.exe
C:\WINDOWS\system32\drivers\downld\279609.exe
C:\WINDOWS\system32\drivers\downld\286203.exe
C:\WINDOWS\system32\drivers\downld\288234.exe
C:\WINDOWS\system32\drivers\downld\292031.exe
C:\WINDOWS\system32\drivers\downld\297656.exe
C:\WINDOWS\system32\drivers\downld\299375.exe
C:\WINDOWS\system32\drivers\downld\318312.exe
C:\WINDOWS\system32\drivers\downld\341062.exe
C:\WINDOWS\system32\drivers\downld\348562.exe
C:\WINDOWS\system32\drivers\downld\38750.exe
C:\WINDOWS\system32\drivers\downld\390671.exe
C:\WINDOWS\system32\drivers\downld\392921.exe
C:\WINDOWS\system32\drivers\downld\416937.exe
C:\WINDOWS\system32\drivers\downld\41796.exe
C:\WINDOWS\system32\drivers\downld\43343.exe
C:\WINDOWS\system32\drivers\downld\44500.exe
C:\WINDOWS\system32\drivers\downld\46156.exe
C:\WINDOWS\system32\drivers\downld\49109.exe
C:\WINDOWS\system32\drivers\downld\49234.exe
C:\WINDOWS\system32\drivers\downld\507890.exe
C:\WINDOWS\system32\drivers\downld\51531.exe
C:\WINDOWS\system32\drivers\downld\524734.exe
C:\WINDOWS\system32\drivers\downld\535265.exe
C:\WINDOWS\system32\drivers\downld\541296.exe
C:\WINDOWS\system32\drivers\downld\57718.exe
C:\WINDOWS\system32\drivers\downld\65828.exe
C:\WINDOWS\system32\drivers\downld\72093.exe
C:\WINDOWS\system32\drivers\downld\80031.exe
C:\WINDOWS\system32\drivers\downld\84906.exe
C:\WINDOWS\system32\drivers\downld\91703.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-16 to 2008-04-16 ))))))))))))))))))))))))))))))))))))
.

2008-04-15 23:13 . 2004-08-19 16:09 400,896 --a------ C:\WINDOWS\system32\CF21104.exe
2008-04-15 23:07 . 2006-10-25 01:10 684,032 --a------ C:\Documents and Settings\Sense\WService.EXE
2008-04-15 22:34 . 2008-04-15 22:34 <REP> d-------- C:\Muestras
2008-04-15 21:48 . 2008-04-15 21:48 <REP> d-------- C:\Program Files\Yahoo!
2008-04-15 21:48 . 2008-04-15 21:48 <REP> d-------- C:\Program Files\CCleaner
2008-04-15 20:47 . 2008-04-15 20:47 <REP> d-------- C:\Program Files\uTorrent
2008-04-15 20:47 . 2008-04-15 20:47 <REP> d-------- C:\Program Files\Trend Micro
2008-04-15 20:47 . 2008-04-15 20:47 <REP> d-------- C:\Program Files\eToro
2008-04-15 20:47 . 2008-04-15 20:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-04-15 19:56 . 2008-04-15 19:56 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-15 19:48 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-15 19:12 . 2006-11-23 17:04 9,728 --a------ C:\WINDOWS\system32\drivers\pxscinst.dll
2008-04-15 19:12 . 2006-11-23 17:04 7,680 --a------ C:\WINDOWS\system32\drivers\pxinst.dll
2008-04-15 19:11 . 2008-04-15 20:47 <REP> d-------- C:\Program Files\Prevx1
2008-04-15 19:11 . 2008-04-15 20:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-04-15 19:00 . 2008-04-15 19:48 <REP> d-------- C:\Program Files\Java
2008-04-15 18:58 . 2008-04-15 18:58 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-04-15 18:57 . 2008-04-15 18:57 <REP> d-------- C:\Program Files\Cellosoft
2008-04-15 18:51 . 2008-04-15 20:47 <REP> d-------- C:\Documents and Settings\Sense\Application Data\uTorrent
2008-04-15 17:55 . 2008-04-15 20:47 <REP> d-------- C:\Program Files\PrevxCSI
2008-04-15 17:55 . 2008-04-15 20:52 10,880 --a------ C:\WINDOWS\system32\drivers\pxark.sys
2008-04-15 17:17 . 2008-04-15 17:17 <REP> d-------- C:\Program Files\Lavasoft
2008-04-15 17:17 . 2008-04-15 17:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-15 17:03 . 2008-04-15 17:03 <REP> d-------- C:\Documents and Settings\Sense\Application Data\Uniblue
2008-04-15 17:02 . 2008-04-15 17:02 <REP> d-------- C:\Program Files\Uniblue
2008-04-15 16:53 . 2008-04-15 18:44 78,415 --a------ C:\WINDOWS\system32\drivers\klif.cab
2008-04-15 16:38 . 2008-04-15 16:38 <REP> d--hs---- C:\found.000
2008-04-15 16:08 . 2008-04-15 16:08 <REP> d-------- C:\Program Files\Subliminal Flash
2008-04-15 16:07 . 2008-04-15 16:07 <REP> d-------- C:\Program Files\Subliminal Messages Organizer
2008-04-15 13:20 . 2008-04-15 13:20 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-04-15 13:16 . 2008-04-15 13:16 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2008-04-15 13:15 . 2008-04-15 13:16 <REP> d-------- C:\Program Files\Logitech
2008-04-15 13:12 . 2001-08-17 22:05 351,616 --a------ C:\WINDOWS\system32\drivers\OVCodek2.sys
2008-04-15 11:01 . 2008-04-15 11:01 <REP> d-------- C:\Program Files\Guitar Pro 5
2008-04-15 10:49 . 2008-04-15 10:49 <REP> d-------- C:\Program Files\Intel Desktop Board
2008-04-15 09:27 . 2008-04-15 09:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-15 09:27 . 2008-04-15 09:27 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-15 08:06 . 2008-04-15 08:13 <REP> d-------- C:\Program Files\Asgard Of Ardamir
2008-04-14 09:47 . 2008-04-14 09:47 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-04-14 08:08 . 2008-04-14 09:40 <REP> d-------- C:\Documents and Settings\Sense\Application Data\AdobeUM
2008-04-13 15:59 . 2008-04-13 19:04 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-04-13 15:59 . 2008-04-13 16:16 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-04-13 15:59 . 2008-04-13 19:04 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-13 15:59 . 2008-04-13 15:59 22,328 --a------ C:\Documents and Settings\Sense\Application Data\PnkBstrK.sys
2008-04-13 15:54 . 2008-04-13 16:13 <REP> d-------- C:\PunkBuster
2008-04-13 15:29 . 2008-04-13 15:29 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-13 11:21 . 2008-04-13 11:21 <REP> d-------- C:\Program Files\VstPlugins
2008-04-13 11:21 . 2008-04-13 11:21 <REP> d-------- C:\Program Files\Outsim
2008-04-13 11:21 . 2008-04-13 11:21 <REP> d-------- C:\Program Files\ASIO4ALL v2
2008-04-13 11:21 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-04-13 11:21 . 2006-06-20 10:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2008-04-13 11:19 . 2008-04-13 11:21 <REP> d-------- C:\Program Files\Image-Line
2008-04-13 10:37 . 2008-04-13 10:37 <REP> d-------- C:\Program Files\Native Instruments
2008-04-13 08:00 . 2008-04-13 08:00 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-04-12 22:44 . 2008-04-12 22:44 <REP> d-------- C:\Program Files\GENIUS TABLET
2008-04-12 22:44 . 2003-11-25 07:58 315,392 --a------ C:\WINDOWS\SETUPX32.EXE
2008-04-12 22:44 . 2003-12-23 06:35 583 --a------ C:\WINDOWS\SETUPEXT.INF
2008-04-12 21:48 . 2008-04-12 21:48 <REP> d-------- C:\Program Files\iTunes
2008-04-12 21:48 . 2008-04-12 21:48 <REP> d-------- C:\Program Files\iPod
2008-04-12 21:48 . 2008-04-12 21:48 <REP> d-------- C:\Documents and Settings\Sense\Application Data\Apple Computer
2008-04-12 21:47 . 2008-04-12 21:48 <REP> d-------- C:\Program Files\QuickTime
2008-04-12 21:47 . 2008-04-12 21:47 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-04-12 21:47 . 2008-04-12 21:47 <REP> d-------- C:\Program Files\Apple Software Update
2008-04-12 21:47 . 2008-04-12 21:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-12 21:47 . 2008-04-12 21:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-12 21:44 . 2008-04-12 21:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-12 21:24 . 2008-04-12 21:48 <REP> d-------- C:\Program Files\Bonjour
2008-04-12 21:12 . 2008-04-13 20:41 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-04-12 20:51 . 2008-04-12 20:51 319 --a------ C:\WINDOWS\game.ini
2008-04-12 20:44 . 2008-04-12 20:44 <REP> d-------- C:\Program Files\Activision
2008-04-12 20:43 . 2008-04-12 20:43 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-04-12 20:42 . 2008-04-12 20:42 <REP> d-------- C:\Program Files\DAEMON Tools
2008-04-12 20:40 . 2008-04-12 20:40 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-12 12:55 . 2008-04-12 12:55 <REP> d-------- C:\Program Files\NinjaSurfing
2008-04-12 12:55 . 2008-04-12 12:55 125 --a------ C:\ioSpecial.ini
2008-04-12 12:49 . 2008-04-12 22:29 <REP> d-------- C:\Program Files\eMule
2008-04-12 12:02 . 2008-04-12 12:20 <REP> d-------- C:\Documents and Settings\Sense\Application Data\VoipBuster
2008-04-12 12:01 . 2008-04-12 12:01 <REP> d-------- C:\Program Files\VoipBuster.com
2008-04-12 07:50 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-12 07:50 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-12 07:50 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-11 16:11 . 2006-10-04 16:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-04-11 16:11 . 2006-10-04 16:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-04-11 16:11 . 2006-10-04 16:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-04-11 16:09 . 2008-04-11 16:09 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-04-11 16:00 . 2008-04-13 15:59 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-04-11 16:00 . 2008-04-11 16:03 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-11 12:11 . 2008-04-11 12:11 <REP> d-------- C:\Program Files\Common Files
2008-04-11 10:34 . 2008-04-11 10:34 <REP> d---s---- C:\WINDOWS\system32\Microsoft
2008-04-11 10:34 . 2008-04-11 10:34 <REP> d-------- C:\Documents and Settings\Sense\Application Data\TuneUp Software
2008-04-11 10:33 . 2008-04-11 10:33 <REP> d-------- C:\Program Files\TuneUp Utilities 2008
2008-04-11 10:33 . 2008-04-15 17:15 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-11 10:33 . 2008-04-11 10:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-04-11 10:33 . 2008-04-11 10:33 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-04-11 10:33 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-04-11 10:30 . 2008-04-11 10:30 1,169 --a------ C:\WINDOWS\mozver.dat
2008-04-11 10:29 . 2008-04-15 11:26 <REP> d-------- C:\Documents and Settings\Sense\Application Data\skypePM
2008-04-11 10:29 . 2008-04-11 10:29 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-04-11 10:28 . 2008-04-15 11:26 <REP> d-------- C:\Documents and Settings\Sense\Application Data\Skype
2008-04-11 10:27 . 2008-04-11 10:27 <REP> d-------- C:\Program Files\Skype

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 11:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-15 01:00 --------- d-----w C:\Program Files\Windows Live
2008-04-14 17:30 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-04-14 07:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-13 17:15 --------- d-----w C:\Program Files\Lineage II
2008-04-11 09:53 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-04-11 09:53 --------- d-----w C:\Documents and Settings\Sense\Application Data\teamspeak2
2008-04-11 09:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-04-11 09:44 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-11 09:40 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-04-11 09:36 --------- d-----w C:\Documents and Settings\Sense\Application Data\InstallShield
2008-04-11 09:32 --------- d-----w C:\Program Files\Mirage-Team Decoder Pack
2008-04-11 09:32 --------- d-----w C:\Documents and Settings\Sense\Application Data\Media Player Classic
2008-04-11 08:06 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-04-11 07:44 --------- d-----w C:\Program Files\Lavalys
2008-04-11 07:32 --------- d-----w C:\Program Files\FaxTools
2008-04-11 07:32 --------- d-----w C:\Program Files\ABBYY FineReader 6.0
2008-04-11 07:32 --------- d-----w C:\Program Files\ABBYY FineReader 5.0 Sprint
2008-04-11 07:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-04-11 07:22 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-11 07:20 --------- d-----w C:\Program Files\Services en ligne
2008-02-01 09:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-04-11 11:45 5724184]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"RegistryBooster 2 d’Uniblue "="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-11-21 17:07 1902592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32 455168]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32 455168]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"WService"="WService.EXE" [2002-09-07 12:23 28672 C:\WINDOWS\system32\WService.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"PrevxOne"="C:\Program Files\Prevx1\PXConsole.exe" [2008-04-16 08:14 1507328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 12:48 157592 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-03 22:32 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
--a------ 2003-08-19 16:48 57344 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-03 22:31 59392 C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ninja Surfing]
--a------ 2007-06-19 16:02 958535 C:\Program Files\NinjaSurfing\nsurfing.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 01:41 8523776 C:\WINDOWS\System32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 01:41 81920 C:\WINDOWS\System32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-29 14:42 21898024 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
--a------ 2008-04-12 13:08 8811824 C:\program files\voipbuster.com\voipbuster\voipbuster.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-04-15 20:52]
R2 CSIScanner;CSIScanner;"C:\Program Files\PrevxCSI\\PrevxCSI.exe" /service []
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-19 16:10]
S1 lusbaudio;Microphone USB Logitech;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 22:05]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 00:00]
S3 QCEmerald;QuickCam Web Logitech;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 22:05]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-11 10:33]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-12 19:47:36 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-11 15:55:59 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 08:17:08
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\drivers\WTSrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-16 8:20:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-16 06:20:25

Pre-Run: 76,504,670,208 octets libres
Post-Run: 76,454,174,720 octets libres
.
2008-04-15 11:20:42 --- E O F ---

Voila le log après le scan :


Statistiques de l'analyse
Total d'objets analysés 193752
Nombre de virus trouvés 6
Nombre d'objets infectés 67 / 0
Nombre d'objets suspects 0
Durée de l'analyse 01:57:29

Nom de l'objet infecté Nom du virus Dernière action
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\0038_AdBlocker_eventcritlog.rpt L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\0038_AdBlocker_eventlog.rpt L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\003b_popupchk_eventcritlog.rpt L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\003b_popupchk_eventlog.rpt L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\003e_File_Monitoring_eventlog.rpt L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\0044_Web_Monitoring_eventlog.rpt L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\detected.idx L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\detected.rpt L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\eventlog.rpt L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\report.rpt L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Sense\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Sense\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Sense\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb L'objet est verrouillé ignoré
C:\Documents and Settings\Sense\Local Settings\Application Data\Microsoft\Messenger\sense.fx@hotmail.fr\SharingMetadata\Logs\Dfsr00005.log L'objet est verrouillé ignoré
C:\Documents and Settings\Sense\Local Settings\Application Data\Microsoft\Messenger\sense.fx@hotmail.fr\SharingMetadata\pending.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Sense\Local Settings\Application Data\Microsoft\Messenger\sense.fx@hotmail.fr\SharingMetadata\Working\database_485C_85C9_5C85_B1EC\dfsr.db L'objet est verrouillé ignoré
C:\Documents and Settings\Sense\Local Settings\Application Data\Microsoft\Messenger\sense.fx@hotmail.fr\SharingMetadata\Working\database_485C_85C9_5C85_B1EC\fsr.log L'objet est verrouillé ignoré
C:\Documents and Settings\Sense\Local Settings\Application Data\Microsoft\Messenger\sense.fx@hotmail.fr\SharingMetadata\Working\database_485C_85C9_5C85_B1EC\fsrtmp.log L'objet est verrouillé ignoré
C:\Documents and Settings\Sense\Local Settings\Application Data\Microsoft\Messenger\sense.fx@hotmail.fr\SharingMetadata\Working\database_485C_85C9_5C85_B1EC\tmp.edb L'objet est verrouillé ignoré
C:\Documents and Settings\Sense\Local Settings\Application Data\Microsoft\Messenger\silent_angel@hotmail.fr\SharingMetadata\Logs\Dfsr00005.log L'objet est verrouillé ignoré
C:\Documents and Settings\Sense\Local Settings\Application Data\Microsoft\Messenger\silent_angel@hotmail.fr\SharingMetadata\pending.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Sense\Local Settings\Application Data\Microsoft\Messenger\silent_angel@hotmail.fr\SharingMetadata\Working\database_485C_85C9_5C85_B1EC\dfsr.db L'objet est verrouillé ignoré
C:\Documents and Settings\Sense\Local Settings\Application Data\Microsoft\Messenger\silent_angel@hotmail.fr\SharingMetadata\Working\database_485C_85C9_5C85_B1EC\fsr.log L'objet est verrouillé ignoré
C:\Documents and Settings\Sense\Local Settings\Application Data\Microsoft\Messenger\silent_angel@hotmail.fr\SharingMetadata\Working\database_485C_85C9_5C85_B1EC\fsrtmp.log L'objet est verrouillé ignoré
C:\Documents and Settings\Sense\Local Settings\Application Data\Microsoft\Messenger\silent_angel@hotmail.fr\SharingMetadata\Working\database_485C_85C9_5C85_B1EC\tmp.edb L'objet est verrouillé ignoré
C:\Documents and Settings\Sense\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Sense\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Sense\Local Settings\Application Data\Microsoft\Windows Live Contacts\sense.fx@hotmail.fr\real\members.stg L'objet est verrouillé ignoré
C:\Documents and Settings\Sense\Local Settings\Application Data\Microsoft\Windows Live Contacts\sense.fx@hotmail.fr\shadow\members.stg L'objet est verrouillé ignoré
C:\Documents and Settings\Sense\Local Settings\Application Data\Microsoft\Windows Live Contacts\silent_angel@hotmail.fr\real\members.stg L'objet est verrouillé ignoré
C:\Documents and Settings\Sense\Local Settings\Application Data\Microsoft\Windows Live Contacts\silent_angel@hotmail.fr\shadow\members.stg L'objet est verrouillé ignoré
C:\Documents and Settings\Sense\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Sense\Local Settings\Historique\History.IE5\MSHist012008041620080417\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Sense\Local Settings\Temp\~DF1ED5.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Sense\Local Settings\Temp\~DF21E2.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Sense\Local Settings\Temp\~DF9EF1.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Sense\Local Settings\Temp\~DF9F2E.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Sense\Local Settings\Temp\~DFA87C.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Sense\Local Settings\Temp\~DFA8B8.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Sense\Local Settings\Temp\~DFC465.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Sense\Local Settings\Temp\~DFC4BD.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Sense\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Sense\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Sense\Mes documents\Mes Historiques de Conversation\avril 2008\anto2a4@hotmail.fr.html L'objet est verrouillé ignoré
C:\Documents and Settings\Sense\Mes documents\Mes Historiques de Conversation\avril 2008\coto0505@msn.com.html L'objet est verrouillé ignoré
C:\Documents and Settings\Sense\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\Sense\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Sense\WService.EXE Infecté : Trojan-Downloader.Win32.Bagle.nk ignoré
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.26 Infecté : Trojan-Downloader.Win32.Bagle.nk ignoré
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\38750.exe.vir Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\390671.exe.vir Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\392921.exe.vir Infecté : Email-Worm.Win32.Bagle.vr ignoré
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\41796.exe.vir Infecté : Trojan-Downloader.Win32.Bagle.ij ignoré
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\43343.exe.vir Infecté : Email-Worm.Win32.Bagle.vr ignoré
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\44500.exe.vir Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\46156.exe.vir Infecté : Email-Worm.Win32.Bagle.vr ignoré
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\49109.exe.vir Infecté : Trojan-Downloader.Win32.Bagle.ij ignoré
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\49234.exe.vir Infecté : Email-Worm.Win32.Bagle.vr ignoré
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\51531.exe.vir Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\57718.exe.vir Infecté : Trojan-Downloader.Win32.Bagle.ij ignoré
C:\QooBox\Quarantine\catchme2008-04-16_ 81537,57.zip/srosa.sys Infecté : Trojan-Downloader.Win32.Bagle.mm ignoré
C:\QooBox\Quarantine\catchme2008-04-16_ 81537,57.zip/wintems.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\QooBox\Quarantine\catchme2008-04-16_ 81537,57.zip/mdelk.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\QooBox\Quarantine\catchme2008-04-16_ 81537,57.zip/hldrrr.exe Infecté : Trojan-Downloader.Win32.Bagle.nk ignoré
C:\QooBox\Quarantine\catchme2008-04-16_ 81537,57.zip/mdelk.exe.1 Infecté : Trojan-Downloader.Win32.Bagle.nk ignoré
C:\QooBox\Quarantine\catchme2008-04-16_ 81537,57.zip ZIP: infecté - 5 ignoré
C:\QooBox\Quarantine\Registry_backups\Legacy_SROSA.reg.dat Infecté : Trojan-Downloader.Win32.Bagle.hp ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP35\A0014295.sys Infecté : Trojan-Downloader.Win32.Bagle.mm ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP37\A0014316.sys Infecté : Trojan-Downloader.Win32.Bagle.mm ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP40\A0014372.sys Infecté : Trojan-Downloader.Win32.Bagle.mm ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP41\A0014384.sys Infecté : Trojan-Downloader.Win32.Bagle.mm ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP41\A0014385.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP41\A0014386.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP44\A0014577.sys Infecté : Trojan-Downloader.Win32.Bagle.mm ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP44\A0014584.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP45\A0014598.exe Infecté : Email-Worm.Win32.Bagle.vr ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP45\A0014599.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP45\A0014600.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP45\A0014601.sys Infecté : Trojan-Downloader.Win32.Bagle.mm ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP45\A0014961.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP45\A0014962.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP45\A0014963.exe Infecté : Email-Worm.Win32.Bagle.vr ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP45\A0014964.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP45\A0014972.exe Infecté : Trojan-Downloader.Win32.Bagle.ij ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP45\A0015043.exe Infecté : Trojan-Downloader.Win32.Bagle.ij ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP45\A0015044.exe Infecté : Email-Worm.Win32.Bagle.vr ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP46\A0015077.exe Infecté : Email-Worm.Win32.Bagle.vr ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP46\A0015078.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP46\A0015079.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP46\A0015080.sys Infecté : Trojan-Downloader.Win32.Bagle.mm ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP46\A0015434.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP46\A0015435.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP46\A0015436.exe Infecté : Email-Worm.Win32.Bagle.vr ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP46\A0015437.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP46\A0015445.exe Infecté : Trojan-Downloader.Win32.Bagle.ij ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP46\A0015516.exe Infecté : Trojan-Downloader.Win32.Bagle.ij ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP46\A0015517.exe Infecté : Email-Worm.Win32.Bagle.vr ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP46\A0016534.sys Infecté : Trojan-Downloader.Win32.Bagle.mm ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP46\A0016570.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP46\A0017582.EXE Infecté : Trojan-Downloader.Win32.Bagle.nk ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP46\A0018582.EXE Infecté : Trojan-Downloader.Win32.Bagle.nk ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP46\A0018591.EXE Infecté : Trojan-Downloader.Win32.Bagle.nk ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP46\A0019591.EXE Infecté : Trojan-Downloader.Win32.Bagle.nk ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP47\A0019652.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP47\A0019653.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP47\A0019654.exe Infecté : Email-Worm.Win32.Bagle.vr ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP47\A0019656.exe Infecté : Trojan-Downloader.Win32.Bagle.ij ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP47\A0019657.exe Infecté : Email-Worm.Win32.Bagle.vr ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP47\A0019658.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP47\A0019659.exe Infecté : Email-Worm.Win32.Bagle.vr ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP47\A0019660.exe Infecté : Trojan-Downloader.Win32.Bagle.ij ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP47\A0019661.exe Infecté : Email-Worm.Win32.Bagle.vr ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP47\A0019663.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP47\A0019667.exe Infecté : Trojan-Downloader.Win32.Bagle.ij ignoré
C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP49\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\EventCache\{64FD35E3-A91A-4C6A-9AB7-89E2AA268C7C}.bin L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\fidbox.dat L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\fidbox.idx L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\fidbox2.dat L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\fidbox2.idx L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\TEMP\cch~52f5f0495.htp L'objet est verrouillé ignoré
C:\WINDOWS\TEMP\cch~52f5f09d5.htp L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
H:\2094c32c4d9823fa85\docs\install.chm L'objet est verrouillé ignoré
H:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
Analyse terminée.

Je met les deux logs en double-post pour les différenciés.


Log de ComboFix


ComboFix 08-04-16.5 - Sense 2008-04-17 7:47:06.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.580 [GMT 2:00]
Endroit: C:\Documents and Settings\Sense\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sense\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
* Resident AV is active


[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-17 to 2008-04-17 ))))))))))))))))))))))))))))))))))))
.

2008-04-16 21:19 . 2008-04-16 21:28 <REP> d-------- C:\Program Files\FlashFXP
2008-04-16 20:36 . 2008-04-16 20:36 <REP> d-------- C:\Program Files\Gadwin Systems
2008-04-16 20:25 . 2008-04-16 22:24 <REP> d-------- C:\Documents and Settings\Sense\Application Data\FileZilla
2008-04-16 20:24 . 2008-04-16 20:25 <REP> d-------- C:\Program Files\FileZilla FTP Client
2008-04-16 19:11 . 2008-04-16 19:12 <REP> d-------- C:\Program Files\RegCleaner
2008-04-16 13:58 . 2008-04-16 19:42 <REP> d-------- C:\Program Files\Eurobarre
2008-04-16 13:58 . 2008-04-16 13:58 108,336 --------- C:\WINDOWS\system32\mswinsck.ocx
2008-04-16 13:58 . 2008-04-16 13:58 15,872 --------- C:\WINDOWS\system32\winskfr.dll
2008-04-16 11:08 . 2008-04-16 11:08 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-16 11:01 . 2008-04-16 11:01 <REP> d-------- C:\Program Files\comptes
2008-04-16 11:01 . 2008-04-16 11:01 290,816 --------- C:\WINDOWS\Setup1.exe
2008-04-16 11:01 . 2008-04-16 11:01 74,752 --a------ C:\WINDOWS\ST6UNST.EXE
2008-04-16 09:48 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-16 09:48 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-16 09:48 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-16 09:48 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-16 09:48 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-16 09:48 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-16 09:48 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-16 09:48 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-16 09:48 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-16 08:31 . 2008-04-16 08:31 <REP> d-------- C:\WINDOWS\Sun
2008-04-16 08:25 . 2008-04-16 08:25 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-04-16 08:25 . 2008-04-16 08:25 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-04-16 08:24 . 2008-04-16 08:24 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-04-16 08:24 . 2008-04-17 07:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-16 08:24 . 2008-04-17 07:52 1,270,560 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-16 08:24 . 2008-04-17 07:52 96,544 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-16 08:24 . 2008-04-17 07:51 20,156 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-16 08:24 . 2008-04-17 07:51 11,120 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-16 08:21 . 2008-04-16 08:21 20,480 --a------ C:\WINDOWS\REGCARDS.OLD
2008-04-16 08:20 . 2008-04-16 08:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-15 23:13 . 2004-08-19 16:09 400,896 --a------ C:\WINDOWS\system32\CF21104.exe
2008-04-15 23:07 . 2006-10-25 01:10 684,032 --a------ C:\Documents and Settings\Sense\WService.EXE
2008-04-15 22:34 . 2008-04-15 22:34 <REP> d-------- C:\Muestras
2008-04-15 21:48 . 2008-04-15 21:48 <REP> d-------- C:\Program Files\Yahoo!
2008-04-15 21:48 . 2008-04-15 21:48 <REP> d-------- C:\Program Files\CCleaner
2008-04-15 20:47 . 2008-04-15 20:47 <REP> d-------- C:\Program Files\uTorrent
2008-04-15 20:47 . 2008-04-15 20:47 <REP> d-------- C:\Program Files\Trend Micro
2008-04-15 20:47 . 2008-04-15 20:47 <REP> d-------- C:\Program Files\eToro
2008-04-15 19:56 . 2008-04-15 19:56 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-15 19:48 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-15 19:00 . 2008-04-15 19:48 <REP> d-------- C:\Program Files\Java
2008-04-15 18:58 . 2008-04-15 18:58 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-04-15 18:57 . 2008-04-15 18:57 <REP> d-------- C:\Program Files\Cellosoft
2008-04-15 18:51 . 2008-04-15 20:47 <REP> d-------- C:\Documents and Settings\Sense\Application Data\uTorrent
2008-04-15 17:17 . 2008-04-15 17:17 <REP> d-------- C:\Program Files\Lavasoft
2008-04-15 17:17 . 2008-04-15 17:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-15 17:03 . 2008-04-15 17:03 <REP> d-------- C:\Documents and Settings\Sense\Application Data\Uniblue
2008-04-15 17:02 . 2008-04-15 17:02 <REP> d-------- C:\Program Files\Uniblue
2008-04-15 16:38 . 2008-04-15 16:38 <REP> d--hs---- C:\found.000
2008-04-15 16:08 . 2008-04-16 08:30 <REP> d-------- C:\Program Files\Subliminal Flash
2008-04-15 16:07 . 2008-04-15 16:07 <REP> d-------- C:\Program Files\Subliminal Messages Organizer
2008-04-15 13:20 . 2008-04-16 11:09 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-04-15 13:16 . 2008-04-15 13:16 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2008-04-15 13:15 . 2008-04-15 13:16 <REP> d-------- C:\Program Files\Logitech
2008-04-15 13:12 . 2001-08-17 22:05 351,616 --a------ C:\WINDOWS\system32\drivers\OVCodek2.sys
2008-04-15 11:01 . 2008-04-15 11:01 <REP> d-------- C:\Program Files\Guitar Pro 5
2008-04-15 10:49 . 2008-04-15 10:49 <REP> d-------- C:\Program Files\Intel Desktop Board
2008-04-15 09:27 . 2008-04-15 09:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-15 09:27 . 2008-04-15 09:27 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-15 08:06 . 2008-04-15 08:13 <REP> d-------- C:\Program Files\Asgard Of Ardamir
2008-04-14 09:47 . 2008-04-14 09:47 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-04-14 08:08 . 2008-04-14 09:40 <REP> d-------- C:\Documents and Settings\Sense\Application Data\AdobeUM
2008-04-13 15:59 . 2008-04-13 19:04 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-04-13 15:59 . 2008-04-13 16:16 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-04-13 15:59 . 2008-04-13 19:04 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-13 15:59 . 2008-04-13 15:59 22,328 --a------ C:\Documents and Settings\Sense\Application Data\PnkBstrK.sys
2008-04-13 15:54 . 2008-04-13 16:13 <REP> d-------- C:\PunkBuster
2008-04-13 15:29 . 2008-04-13 15:29 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-13 11:21 . 2008-04-13 11:21 <REP> d-------- C:\Program Files\VstPlugins
2008-04-13 11:21 . 2008-04-13 11:21 <REP> d-------- C:\Program Files\Outsim
2008-04-13 11:21 . 2008-04-13 11:21 <REP> d-------- C:\Program Files\ASIO4ALL v2
2008-04-13 11:21 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-04-13 11:21 . 2006-06-20 10:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2008-04-13 11:19 . 2008-04-13 11:21 <REP> d-------- C:\Program Files\Image-Line
2008-04-13 10:37 . 2008-04-13 10:37 <REP> d-------- C:\Program Files\Native Instruments
2008-04-13 08:00 . 2008-04-13 08:00 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-04-12 22:44 . 2008-04-12 22:44 <REP> d-------- C:\Program Files\GENIUS TABLET
2008-04-12 22:44 . 2003-11-25 07:58 315,392 --a------ C:\WINDOWS\SETUPX32.EXE
2008-04-12 22:44 . 2003-12-23 06:35 583 --a------ C:\WINDOWS\SETUPEXT.INF
2008-04-12 21:48 . 2008-04-12 21:48 <REP> d-------- C:\Program Files\iTunes
2008-04-12 21:48 . 2008-04-12 21:48 <REP> d-------- C:\Program Files\iPod
2008-04-12 21:48 . 2008-04-12 21:48 <REP> d-------- C:\Documents and Settings\Sense\Application Data\Apple Computer
2008-04-12 21:47 . 2008-04-12 21:48 <REP> d-------- C:\Program Files\QuickTime
2008-04-12 21:47 . 2008-04-12 21:47 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-04-12 21:47 . 2008-04-12 21:47 <REP> d-------- C:\Program Files\Apple Software Update
2008-04-12 21:47 . 2008-04-12 21:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-12 21:47 . 2008-04-12 21:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-12 21:44 . 2008-04-12 21:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-12 21:24 . 2008-04-12 21:48 <REP> d-------- C:\Program Files\Bonjour
2008-04-12 21:12 . 2008-04-16 19:57 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-04-12 20:51 . 2008-04-12 20:51 319 --a------ C:\WINDOWS\game.ini
2008-04-12 20:44 . 2008-04-12 20:44 <REP> d-------- C:\Program Files\Activision
2008-04-12 20:43 . 2008-04-12 20:43 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-04-12 20:42 . 2008-04-12 20:42 <REP> d-------- C:\Program Files\DAEMON Tools
2008-04-12 20:40 . 2008-04-12 20:40 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-12 12:55 . 2008-04-12 12:55 <REP> d-------- C:\Program Files\NinjaSurfing
2008-04-12 12:55 . 2008-04-12 12:55 125 --a------ C:\ioSpecial.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 11:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-15 01:00 --------- d-----w C:\Program Files\Windows Live
2008-04-14 17:30 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-04-14 07:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-13 17:15 --------- d-----w C:\Program Files\Lineage II
2008-04-11 09:53 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-04-11 09:53 --------- d-----w C:\Documents and Settings\Sense\Application Data\teamspeak2
2008-04-11 09:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-04-11 09:44 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-11 09:40 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-04-11 09:36 --------- d-----w C:\Documents and Settings\Sense\Application Data\InstallShield
2008-04-11 09:32 --------- d-----w C:\Program Files\Mirage-Team Decoder Pack
2008-04-11 09:32 --------- d-----w C:\Documents and Settings\Sense\Application Data\Media Player Classic
2008-04-11 08:06 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-04-11 07:44 --------- d-----w C:\Program Files\Lavalys
2008-04-11 07:32 --------- d-----w C:\Program Files\FaxTools
2008-04-11 07:32 --------- d-----w C:\Program Files\ABBYY FineReader 6.0
2008-04-11 07:32 --------- d-----w C:\Program Files\ABBYY FineReader 5.0 Sprint
2008-04-11 07:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-04-11 07:22 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-11 07:20 --------- d-----w C:\Program Files\Services en ligne
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-04 10:33 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-01 09:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-16_ 8.20.15.81 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-16 06:16:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-17 05:52:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-08-13 16:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
+ 2007-08-13 16:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-08-13 16:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-08-13 16:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-08-13 16:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-08-13 16:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-08-13 16:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-08-13 16:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-08-13 16:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-08-13 15:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-02-12 14:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dat
+ 2007-07-11 10:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-08-13 16:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-08-13 16:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-08-13 16:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-08-13 16:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-08-13 16:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-08-13 16:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-08-13 16:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-08-13 16:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-08-13 16:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-08-13 16:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-08-13 16:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-08-13 16:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-08-13 16:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-08-13 16:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2007-08-13 16:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-08-13 16:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-08-13 16:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-08-13 16:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-08-13 16:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
- 2007-08-13 16:39:00 123,904 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-03-01 12:58:06 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 1998-07-12 22:00:00 32,768 ----a-w C:\WINDOWS\system32\CMDLGFR.DLL
- 2008-04-12 16:40:02 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-16 06:25:53 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-04-12 16:40:02 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-04-16 06:25:53 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2007-08-13 16:39:00 123,904 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-03-01 12:58:06 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
- 2007-08-13 16:35:46 346,624 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-03-01 12:58:06 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-08-13 16:35:38 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-03-01 12:58:06 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-08-13 16:54:10 131,584 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-03-01 12:58:06 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-08-13 16:39:06 54,784 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-02-29 08:56:41 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2007-08-13 16:39:26 152,064 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-03-01 12:58:06 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-08-13 16:39:54 229,376 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-03-01 12:58:06 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-08-13 15:56:54 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2007-08-13 16:39:50 382,976 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-03-01 12:58:07 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-08-13 16:39:10 43,008 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-03-01 12:58:08 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-08-13 16:43:56 622,080 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-02-29 08:57:05 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-08-13 16:54:10 27,136 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-03-01 12:58:08 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2007-08-13 16:54:12 3,578,368 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-03-01 16:28:10 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-08-13 16:54:10 475,648 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-01 12:58:09 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-08-13 16:44:26 192,000 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-01 12:58:10 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-08-13 16:54:10 670,720 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-01 12:58:10 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-08-13 16:44:06 101,376 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-03-01 12:58:10 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2007-08-13 16:36:12 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-03-01 12:58:10 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-08-13 16:44:30 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-03-01 12:58:10 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2007-08-13 16:54:10 1,162,240 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-03-01 12:58:10 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-08-13 16:54:10 765,952 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll
+ 2007-07-12 23:30:52 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
- 2007-08-13 16:54:10 231,424 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-03-01 12:58:11 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-08-13 16:54:10 818,688 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-03-01 12:58:11 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-04-28 14:51:02 110,360 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
+ 2007-06-27 15:31:58 186,640 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2007-04-04 12:58:26 24,344 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
+ 2007-06-28 10:50:52 22,457 ----a-w C:\WINDOWS\system32\drivers\klop.dat
- 2007-08-13 16:35:46 346,624 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-03-01 12:58:06 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-08-13 16:35:38 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-03-01 12:58:06 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-08-13 16:54:10 131,584 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-03-01 12:58:06 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2007-08-13 16:36:26 61,952 ------w C:\WINDOWS\system32\icardie.dll
+ 2008-03-01 12:58:06 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-08-13 16:39:06 54,784 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-02-29 08:56:41 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2007-08-13 16:39:26 152,064 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-03-01 12:58:06 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2007-08-13 16:39:54 229,376 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-03-01 12:58:06 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2007-08-13 15:56:54 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-02-12 14:10:12 2,451,312 ------w C:\WINDOWS\system32\ieapfltr.dat
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
- 2007-07-11 10:27:48 383,488 ------w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-03-01 12:58:07 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-08-13 16:39:50 382,976 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-03-01 12:58:07 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-08-13 16:54:10 6,049,280 ------w C:\WINDOWS\system32\ieframe.dll
+ 2008-03-01 12:58:08 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-08-13 16:39:10 43,008 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-03-01 12:58:08 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-08-13 16:34:04 266,752 ------w C:\WINDOWS\system32\iertutil.dll
+ 2008-03-01 12:58:08 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-08-13 16:39:10 13,312 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-08-13 16:54:10 27,136 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-03-01 12:58:08 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-06-28 10:51:48 206,088 ----a-w C:\WINDOWS\system32\klogon.dll
+ 1998-07-12 22:00:00 107,520 ----a-w C:\WINDOWS\system32\MSCH2FR.DLL
+ 1998-07-12 22:00:00 141,312 ----a-w C:\WINDOWS\system32\MSCMCFR.DLL
- 2007-08-13 16:54:10 458,752 ------w C:\WINDOWS\system32\msfeeds.dll
+ 2008-03-01 12:58:08 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-08-13 16:54:10 50,688 ------w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-03-01 12:58:08 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-08-13 16:54:12 3,578,368 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-03-01 16:28:10 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-08-13 16:54:10 475,648 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-03-01 12:58:09 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-03-12 12:02:26 947,472 ----a-w C:\WINDOWS\system32\msjava.dll
- 2007-08-13 16:44:26 192,000 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-03-01 12:58:10 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-08-13 16:54:10 670,720 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-03-01 12:58:10 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-08-13 16:44:06 101,376 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-03-01 12:58:10 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2007-08-13 16:36:12 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-03-01 12:58:10 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-08-13 16:44:30 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-03-01 12:58:10 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-08-13 16:54:10 1,162,240 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-03-01 12:58:10 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2002-10-06 14:00:10 119,568 ----a-w C:\WINDOWS\system32\VB6FR.DLL
+ 1999-03-25 23:00:00 101,888 ----a-w C:\WINDOWS\system32\VB6STKIT.DLL
- 2007-08-13 16:54:10 231,424 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-03-01 12:58:11 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2008-04-16 06:17:30 40,960 ----a-w C:\WINDOWS\TEMP\rtdrvmon.exe
+ 2008-04-17 05:52:39 40,960 ----a-w C:\WINDOWS\TEMP\rtdrvmon.exe
+ 2006-06-05 13:47:40 1,093,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfc80.dll
+ 2006-06-05 13:47:48 1,080,320 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfc80u.dll
+ 2006-06-05 13:47:50 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfcm80.dll
+ 2006-06-05 13:47:50 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfcm80u.dll
+ 2006-06-05 13:28:32 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80CHS.dll
+ 2006-06-05 13:28:32 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80CHT.dll
+ 2006-06-05 13:28:32 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80DEU.dll
+ 2006-06-05 13:28:34 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80ENU.dll
+ 2006-06-05 13:28:32 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80ESP.dll
+ 2006-06-05 13:28:32 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80FRA.dll
+ 2006-06-05 13:28:32 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80ITA.dll
+ 2006-06-05 13:28:32 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80JPN.dll
+ 2006-06-05 13:28:34 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80KOR.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-04-11 11:45 5724184]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"RegistryBooster 2 d’Uniblue "="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-11-21 17:07 1902592]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 10:42 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32 455168]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32 455168]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"WService"="WService.EXE" [2002-09-07 12:23 28672 C:\WINDOWS\system32\WService.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 12:48 157592 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-03 22:32 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
--a------ 2003-08-19 16:48 57344 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-03 22:31 59392 C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ninja Surfing]
--a------ 2007-06-19 16:02 958535 C:\Program Files\NinjaSurfing\nsurfing.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 01:41 8523776 C:\WINDOWS\System32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 01:41 81920 C:\WINDOWS\System32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-29 14:42 21898024 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
--a------ 2008-04-12 13:08 8811824 C:\program files\voipbuster.com\voipbuster\voipbuster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\FlashFXP\\flashfxp.exe"=

R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-19 16:10]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S1 lusbaudio;Microphone USB Logitech;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 22:05]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 00:00]
S3 QCEmerald;QuickCam Web Logitech;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 22:05]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-11 10:33]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-12 19:47:36 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-11 15:55:59 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-17 07:52:38
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\drivers\WTSrv.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-17 7:57:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-17 05:56:59
ComboFix2.txt 2008-04-16 06:20:36

Pre-Run: 75,170,828,288 octets libres
Post-Run: 75,195,293,696 octets libres
.
2008-04-16 09:09:18 --- E O F ---

Re,

Recommence la même manip' en veillant bien à désactiver toutes les protections de tes antivirus.

Log de Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:58:28, on 17/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\WService.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
H:\Program Files\Steam\steam.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Anonymizer Proxy - {0DB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\NinjaSurfing\ProxyNew.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [RegistryBooster 2 d’Uniblue ] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

--
End of file - 7911 bytes

Tout s'est fait correctement. Est-ce terminé ?