brave sentry

Bonjour!

Je sais il y a plusieurs sujets sur brave sentry mais je n'arrive à rien! j'ai beau faire ce qu'il y a marqué mon pc ne veut plus démarrer sauf en mode sans échec!

D'énervement j'ai supprimé tous les fichiers brave sentry et antivirus 2000 qui s'est également installer! Je ne suis pas très douée en informatique et j'ai vraiment besoin de votre aide!

Merci d'avance

Bonjour,

Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.
NB : Tu dois être connecté avec des droits d'Administrateur.

• ferme toutes les applications et fenêtres
• double-clique sur dss.exe pour le lancer et suis les instructions ci-dessous

Attention, il est conseillé de stopper temporairement les logiciels résidents de protection (pare-feu, antivirus, etc.)

• s'il s'agit d'une première utilisation ou d'une nouvelle version de DSS :
• tu devras cliquer 2 fois sur le OK des boîtes de dialogue

Attention, si tu tardes trop, la réponse Abandon sera automatiquement validée

• quand le traitement est terminé (clique sur OK), deux fichiers texte s'affichent :

main.txt <- ouvert en premier plan et en plein écran
extra.txt <- ouvert en second plan et en fenêtré (regarde la barre des taches)
S'il s'agit d'une utilisation supplémentaire de DSS :

• tu n'auras pas de boîte de dialogue (pas de OK)
• quand le traitement est terminé, un fichier texte s'affiche :

main.txt <- ouvert en premier plan et en plein écran

• copie (Ctrl+A puis Ctrl+C) et colle (Ctrl+V) le contenu de main.txt dans ton prochain post
• copie de même le contenu de extra.txt dans ton prochain post, si tu as ce fichier (première utilisation)
• n'oublie pas de réactiver les protections si elles ont été stoppées.

Ce que fait DSS :

• crée un point de restauration dans Windows XP et Vista
• nettoie les fichiers temporaires, DPF-Downloaded Program Files et le Cache Internet, vide la Corbeille de tous les lecteurs
• vérifie quelques zones importantes de ton système et établit un rapport pour examen par ton conseiller en sécurité. DSS lance automatiquement HijackThis pour toi; il va aussi créer un raccourci HijackThis sur ton Bureau si tu n'as pas déjà HijackThis d'installé.

Bonsoir,

Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.
NB : Tu dois être connecté avec des droits d'Administrateur.

• ferme toutes les applications et fenêtres
• double-clique sur dss.exe pour le lancer et suis les instructions ci-dessous

Attention, il est conseillé de stopper temporairement les logiciels résidents de protection (pare-feu, antivirus, etc.)

• s'il s'agit d'une première utilisation ou d'une nouvelle version de DSS :
• tu devras cliquer 2 fois sur le OK des boîtes de dialogue

Attention, si tu tardes trop, la réponse Abandon sera automatiquement validée

• quand le traitement est terminé (clique sur OK), deux fichiers texte s'affichent :

main.txt <- ouvert en premier plan et en plein écran
extra.txt <- ouvert en second plan et en fenêtré (regarde la barre des taches)
S'il s'agit d'une utilisation supplémentaire de DSS :

• tu n'auras pas de boîte de dialogue (pas de OK)
• quand le traitement est terminé, un fichier texte s'affiche :

main.txt <- ouvert en premier plan et en plein écran

• copie (Ctrl+A puis Ctrl+C) et colle (Ctrl+V) le contenu de main.txt dans ton prochain post
• n'oublie pas de réactiver les protections si elles ont été stoppées.

N.B : Je n'ai besoin que du contenu du fichier main.txt

Ce que fait DSS :

• crée un point de restauration dans Windows XP et Vista
• nettoie les fichiers temporaires, DPF-Downloaded Program Files et le Cache Internet, vide la Corbeille de tous les lecteurs
• vérifie quelques zones importantes de ton système et établit un rapport pour examen par ton conseiller en sécurité. DSS lance automatiquement HijackThis pour toi; il va aussi créer un raccourci HijackThis sur ton Bureau si tu n'as pas déjà HijackThis d'installé.

voilà le fichier main.txt:

Deckard's System Scanner v20071014.68
Run by Lyn on 2008-07-01 19:09:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-07-01 17:09:30 UTC - RP8 - Deckard's System Scanner Restore Point
1: 2008-07-01 11:41:40 UTC - RP7 - Point de vérification système


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-01 19:10:20
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\soundman.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\lphcndpj0eecp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\rhcjdpj0eecp\rhcjdpj0eecp.exe
C:\WINDOWS\system32\pphcndpj0eecp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Lyn\Bureau\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/red [...] r=iesearch
O2 - BHO: (no name) - {ffc86435-2ddc-4323-b170-c5c99c6515ae} - C:\WINDOWS\system32\wvUkHYoN.dll (file missing)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lphcndpj0eecp] C:\WINDOWS\system32\lphcndpj0eecp.exe
O4 - HKLM\..\Run: [f0c77075] rundll32.exe "C:\WINDOWS\system32\clgpiife.dll",b
O4 - HKLM\..\Run: [SMrhcjdpj0eecp] C:\Program Files\rhcjdpj0eecp\rhcjdpj0eecp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [msvecurity] C:\WINDOWS\msvecurity.exe
O4 - HKCU\..\Run: [iexplorer] C:\WINDOWS\iexplorer.exe --system
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB6561] command /c del "C:\Documents and Settings\Lyn\Menu Démarrer\Programmes\Brave-Sentry\Uninstall.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1144] cmd /c del "C:\Documents and Settings\Lyn\Menu Démarrer\Programmes\Brave-Sentry\Uninstall.lnk"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 3702993000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mi [...] 3717870781
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://camera1.mairie-brest.fr/activex/AMC.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: sockspy.dll
O21 - SSODL: XmFSv - {F0C770DB-5A6D-DA71-A5CE-49A6C1F9BB3F} - C:\WINDOWS\system32\yweptr.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: SmartLinkService (SLService) - Unknown owner - C:\WINDOWS\system32\slserv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe


--
End of file - 6729 bytes

-- File Associations -----------------------------------------------------------

[COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/COLOR]
[COLOR=red].cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*[/COLOR]


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sisidex - c:\windows\system32\drivers\sisidex.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R0 sisperf (Add Performance Filter Driver) - c:\windows\system32\drivers\sisperf.sys <Not Verified; Silicon Integrated Systems Corp.; SiS Filer Driver>
R0 Vqi08 - c:\windows\system32\drivers\vqi08.sys

S3 BDFsDrv - c:\program files\softwin\bitdefender10\bdfsdrv.sys (file missing)
S3 BDRsDrv - c:\program files\softwin\bitdefender10\bdrsdrv.sys (file missing)
S3 catchme - d:\temp\catchme.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Irmon (Moniteur infrarouge) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-06-01 and 2008-07-01 -----------------------------

2008-07-01 13:51:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-01 13:47:35 0 d-------- C:\WINDOWS\pss
2008-07-01 13:38:11 94208 --a------ C:\WINDOWS\system32\pphcndpj0eecp.exe
2008-07-01 13:38:11 0 d-------- C:\Documents and Settings\Lyn\Application Data\rhcjdpj0eecp
2008-07-01 13:37:54 0 d-------- C:\Program Files\rhcjdpj0eecp
2008-07-01 13:29:01 0 d-------- C:\WINDOWS\ERUNT
2008-07-01 13:20:51 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-01 11:57:53 0 dr-h----- C:\Documents and Settings\Lyn\Recent
2008-07-01 11:53:57 86528 --a------ C:\WINDOWS\system32\clgpiife.dll
2008-07-01 11:35:40 2883584 --a------ C:\Documents and Settings\Lyn\ntuser.dat
2008-07-01 11:10:00 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-07-01 11:10:00 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-07-01 11:10:00 0 dr-h----- C:\Documents and Settings\Administrateur\SendTo
2008-07-01 11:10:00 0 d--h----- C:\Documents and Settings\Administrateur\Recent
2008-07-01 11:10:00 0 d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-07-01 11:10:00 0 d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-07-01 11:10:00 0 dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-07-01 11:10:00 0 d--h----- C:\Documents and Settings\Administrateur\Local Settings
2008-07-01 11:10:00 0 d-------- C:\Documents and Settings\Administrateur\Favoris
2008-07-01 11:10:00 0 d--hs---- C:\Documents and Settings\Administrateur\Cookies
2008-07-01 11:10:00 0 d-------- C:\Documents and Settings\Administrateur\Bureau
2008-07-01 11:10:00 0 dr-h----- C:\Documents and Settings\Administrateur\Application Data
2008-07-01 11:10:00 0 d---s---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2008-07-01 11:09:59 524288 --ah----- C:\Documents and Settings\Administrateur\ntuser.dat
2008-07-01 11:03:08 40 --a------ C:\WINDOWS\file.bat
2008-07-01 10:56:30 3730 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-01 10:56:02 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-01 10:56:02 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-01 10:56:02 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-01 10:56:02 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-01 10:56:02 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-07-01 10:56:02 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-07-01 10:56:02 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-01 10:56:02 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-01 10:46:31 2037 --ahs---- C:\WINDOWS\system32\NoYHkUvw.ini2
2008-07-01 10:44:32 0 d-------- C:\WINDOWS\Torrents
2008-07-01 10:42:19 30208 --a------ C:\WINDOWS\SysC.exe
2008-07-01 10:34:05 94208 --a------ C:\WINDOWS\enpq.exe
2008-07-01 10:33:27 60928 --a------ C:\WINDOWS\system32\blphcndpj0eecp.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-07-01 10:33:27 119296 --a------ C:\WINDOWS\msvecurity.exe
2008-07-01 10:33:25 109056 --a------ C:\WINDOWS\system32\lphcndpj0eecp.exe
2008-07-01 10:33:18 0 d-------- C:\Documents and Settings\Lyn\Application Data\sp1
2008-07-01 10:33:15 90624 --a------ C:\WINDOWS\system32\ntpl.bin
2008-07-01 10:32:55 65970 --a------ C:\WINDOWS\system32\drivers\55a36e68.sys
2008-07-01 10:32:54 30208 --a------ C:\WINDOWS\system32\drivers\Vqi08.sys
2008-07-01 10:32:54 30208 --a------ C:\WINDOWS\system32\drivers\Vqi08(3).sys
2008-07-01 10:32:54 30208 --a------ C:\WINDOWS\system32\drivers\Vqi08(2).sys
2008-06-30 09:16:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-06-30 09:16:37 0 d-------- C:\Documents and Settings\Lyn\Application Data\Azureus
2008-06-29 19:54:55 0 dr-h----- C:\Documents and Settings\Lyn\Application Data\SecuROM
2008-06-29 19:40:39 0 d-------- C:\Program Files\KONAMI
2008-06-29 16:43:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-06-29 15:46:52 0 d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2008-06-29 15:41:10 25088 --a------ C:\WINDOWS\system32\urqPICur.dll
2008-06-29 15:24:28 0 d-------- C:\Program Files\ahead
2008-06-29 13:33:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems(2)
2008-06-29 13:33:06 0 d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared(2)
2008-06-23 18:51:16 0 d-------- C:\Program Files\Microsoft Works
2008-06-23 18:51:10 0 d-------- C:\Program Files\MSBuild
2008-06-23 18:46:56 0 d-------- C:\WINDOWS\SHELLNEW
2008-06-23 18:46:13 0 dr-h----- C:\MSOCache
2008-06-22 21:48:38 0 d-------- C:\Program Files\Axis Communications
2008-06-22 17:15:22 0 d-------- C:\Program Files\Mojicon Installer
2008-06-22 12:13:17 0 d-------- C:\Program Files\Microsoft Carioca
2008-06-22 11:07:10 0 d-------- C:\Documents and Settings\Lyn\Application Data\Open Source Applications Foundation
2008-06-20 23:06:03 0 d-------- C:\Documents and Settings\Lyn\Application Data\WinRAR
2008-06-20 22:06:56 0 d-------- C:\Documents and Settings\Lyn\Application Data\vlc
2008-06-20 22:05:49 0 d-------- C:\Program Files\VideoLAN
2008-06-20 20:04:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-06-20 19:56:24 0 d-------- C:\Program Files\Messenger Plus! Live
2008-06-20 19:18:34 0 d-------- C:\Documents and Settings\Lyn\Shared
2008-06-20 19:18:33 0 d-------- C:\Documents and Settings\Lyn\Incomplete
2008-06-20 19:18:16 0 d-------- C:\Documents and Settings\Lyn\Application Data\FrostWire
2008-06-19 22:19:35 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-19 22:19:33 0 d-------- C:\Documents and Settings\Lyn\Application Data\DAEMON Tools
2008-06-19 22:19:24 0 d-------- C:\Program Files\Windows Live Safety Center
2008-06-19 20:54:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-19 20:51:05 0 d-------- C:\Program Files\Fichiers communs\PC SOFT
2008-06-18 19:17:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-06-18 19:17:10 0 d-------- C:\Program Files\Fichiers communs\Adobe
2008-06-18 19:08:03 0 d-------- C:\Program Files\Google
2008-06-17 18:12:51 0 d-------- C:\Program Files\Azureus
2008-06-17 18:12:19 0 d-------- C:\Program Files\FrostWire
2008-06-17 17:53:47 0 d-------- C:\Documents and Settings\Lyn\Contacts
2008-06-17 17:52:29 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-06-17 17:50:06 0 d--hs--c- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-06-17 17:50:02 0 d-------- C:\Program Files\Windows Live
2008-06-17 17:48:49 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-17 15:01:19 0 d-------- C:\Documents and Settings\Lyn\Application Data\Bitdefender
2008-06-17 14:59:05 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-06-17 14:53:46 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-06-17 14:51:57 0 d-------- C:\WINDOWS\Logs
2008-06-17 14:33:19 0 d-------- C:\Documents and Settings\Lyn\Application Data\OpenOffice.org2
2008-06-17 14:33:05 49152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-06-17 14:32:47 0 d-------- C:\Program Files\Realtek AC97
2008-06-17 14:31:50 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-06-17 14:22:23 0 d-------- C:\Documents and Settings\Lyn\Application Data\Macromedia
2008-06-17 14:22:23 0 d-------- C:\Documents and Settings\Lyn\Application Data\Adobe
2008-06-17 14:04:13 0 d-------- C:\Program Files\QuickTime
2008-06-17 14:04:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-17 14:04:02 0 d-------- C:\Program Files\Apple Software Update
2008-06-17 14:04:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-17 13:53:39 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-17 13:52:54 0 d-------- C:\Program Files\Java
2008-06-17 13:52:34 0 d-------- C:\WINDOWS\system32\LogFiles
2008-06-17 13:52:34 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-17 13:52:23 0 d-------- C:\Program Files\Fichiers communs\Java
2008-06-17 13:46:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-06-17 13:45:43 0 d-------- C:\WINDOWS\system32\PreInstall
2008-06-17 13:43:52 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-06-17 13:43:07 0 d--hs---- C:\Documents and Settings\Lyn\UserData
2008-06-17 13:41:50 0 d-------- C:\WINDOWS\Prefetch
2008-06-17 13:11:13 0 d--hs---- C:\WINDOWS\Installer
2008-06-17 13:11:12 0 d-------- C:\Program Files\Fichiers communs\ODBC
2008-06-17 13:11:09 0 dr------- C:\Program Files
2008-06-17 13:11:09 0 d-------- C:\Program Files\Fichiers communs
2008-06-17 13:11:09 0 d-------- C:\Program Files\Fichiers communs\SpeechEngines
2008-06-17 13:10:41 0 d--h----- C:\Documents and Settings\Default User\Voisinage réseau
2008-06-17 13:10:41 0 d--h----- C:\Documents and Settings\Default User\Voisinage d'impression
2008-06-17 13:10:41 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-06-17 13:10:41 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-06-17 13:10:41 0 d--h----- C:\Documents and Settings\Default User\Modèles
2008-06-17 13:10:41 0 d-------- C:\Documents and Settings\Default User\Mes documents
2008-06-17 13:10:41 0 dr------- C:\Documents and Settings\Default User\Menu Démarrer
2008-06-17 13:10:41 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-06-17 13:10:41 0 d-------- C:\Documents and Settings\Default User\Favoris
2008-06-17 13:10:41 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-06-17 13:10:41 0 d-------- C:\Documents and Settings\Default User\Bureau
2008-06-17 13:10:41 0 d--h----- C:\Documents and Settings\All Users\Modèles
2008-06-17 13:10:41 0 dr------- C:\Documents and Settings\All Users\Menu Démarrer
2008-06-17 13:10:41 0 d-------- C:\Documents and Settings\All Users\Favoris
2008-06-17 13:10:41 0 dr------- C:\Documents and Settings\All Users\Documents
2008-06-17 13:10:41 0 d-------- C:\Documents and Settings\All Users\Bureau
2008-06-17 13:10:28 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-06-17 13:10:28 0 d-------- C:\WINDOWS\system32\CatRoot
2008-06-17 13:10:23 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-06-17 13:10:23 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-06-17 13:10:23 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-06-17 13:10:22 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-06-17 13:09:59 0 d-------- C:\Documents and Settings
2008-06-17 13:09:58 0 d--hs---- C:\System Volume Information
2008-06-17 13:03:37 0 d-------- C:\WINDOWS
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\WinSxS
2008-06-17 13:03:37 0 dr------- C:\WINDOWS\Web
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\twain_32
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\wins
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\wbem
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\usmt
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\spool
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\ShellExt
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\Setup
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\ras
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\oobe
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\npp
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\mui
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\inetsrv
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\IME
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\icsxml
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\ias
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\export
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\drivers
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-06-17 13:03:37 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\dhcp
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\config
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\3076
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\2052
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\1054
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\1042
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\1041
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\1037
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\1036
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\1033
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\1031
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\1028
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\1025
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\security
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\Resources
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\repair
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\Provisioning
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\PeerNet
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\pchealth
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\mui
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\msapps
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\msagent
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\Media
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\java
2008-06-17 13:03:37 0 d--h----- C:\WINDOWS\inf
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\ime
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\Help
2008-06-17 13:03:37 0 dr--s---- C:\WINDOWS\Fonts
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\Driver Cache
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\Debug
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\Cursors
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\Connection Wizard
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\Config
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\AppPatch
2008-06-17 13:03:37 0 d-------- C:\WINDOWS\addins
2008-06-17 12:33:47 0 d-------- C:\WINDOWS\system32\fr-fr
2008-06-17 12:33:47 0 d-------- C:\WINDOWS\system32\fr
2008-06-17 12:33:47 0 d-------- C:\WINDOWS\l2schemas
2008-06-17 12:33:46 0 d-------- C:\WINDOWS\system32\bits
2008-06-17 12:32:12 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-17 12:31:14 0 d-------- C:\WINDOWS\network diagnostic
2008-06-17 12:28:53 0 d-------- C:\WINDOWS\EHome
2008-06-17 12:07:19 0 d-------- C:\Program Files\Realtek Sound Manager
2008-06-17 12:07:19 0 d-------- C:\Program Files\AvRack
2008-06-17 12:07:18 1032 -----n--- C:\WINDOWS\system32\drivers\alcxinit.dat
2008-06-17 12:07:18 315392 --a------ C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2008-06-17 12:01:39 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-17 12:01:37 0 d-------- C:\Documents and Settings\Lyn\Application Data\Mozilla
2008-06-17 11:55:24 376832 --a------ C:\WINDOWS\system32\slmh.exe <Not Verified; ; Modem Helper>
2008-06-17 11:55:24 466944 --a------ C:\WINDOWS\system32\SLLights.dll <Not Verified; ; SLLights>
2008-06-17 11:55:24 167936 --a------ C:\WINDOWS\system32\minirec.exe <Not Verified; ; MiniRec>
2008-06-17 11:55:24 14976 --a------ C:\WINDOWS\system32\drivers\winddx.sys <Not Verified; ; Modem>
2008-06-17 11:55:24 151552 --a------ C:\WINDOWS\system32\amr_cpl.dll <Not Verified; ; Modem>
2008-06-17 11:55:24 61440 --a------ C:\WINDOWS\SmCfg.exe <Not Verified; ; Modem>
2008-06-17 11:55:24 0 d-------- C:\WINDOWS\Modio
2008-06-17 11:52:23 0 d-------- C:\Program Files\ATI Technologies
2008-06-17 11:48:49 0 d-------- C:\ATI
2008-06-17 11:45:03 139264 --a------ C:\WINDOWS\system32\IDEproperty.dll <Not Verified; ; IDEproperty Dynamic Link Library>
2008-06-17 11:45:03 9472 --a------ C:\WINDOWS\system32\drivers\sisperf.sys <Not Verified; Silicon Integrated Systems Corp.; SiS Filer Driver>
2008-06-17 11:45:03 49024 --a------ C:\WINDOWS\system32\drivers\sisidex.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
2008-06-17 11:44:53 305664 --a------ C:\WINDOWS\IsUn040c.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-06-17 11:44:47 0 d-------- C:\Documents and Settings\Lyn\WINDOWS
2008-06-17 11:44:28 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-06-17 11:44:26 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-17 11:44:21 0 d-------- C:\Program Files\Fichiers communs\InstallShield
2008-06-17 11:28:31 0 d-------- C:\Documents and Settings\Lyn\Application Data\Identities
2008-06-17 11:28:23 0 d--h----- C:\Documents and Settings\Lyn\Voisinage réseau
2008-06-17 11:28:23 0 d--h----- C:\Documents and Settings\Lyn\Voisinage d'impression
2008-06-17 11:28:23 0 dr-h----- C:\Documents and Settings\Lyn\SendTo
2008-06-17 11:28:23 0 d--h----- C:\Documents and Settings\Lyn\Modèles
2008-06-17 11:28:23 0 dr------- C:\Documents and Settings\Lyn\Menu Démarrer
2008-06-17 11:28:23 0 d--h----- C:\Documents and Settings\Lyn\Local Settings
2008-06-17 11:28:23 0 dr------- C:\Documents and Settings\Lyn\Favoris
2008-06-17 11:28:23 0 d--hs---- C:\Documents and Settings\Lyn\Cookies
2008-06-17 11:28:23 0 d-------- C:\Documents and Settings\Lyn\Bureau
2008-06-17 11:28:23 0 dr-h----- C:\Documents and Settings\Lyn\Application Data
2008-06-17 11:27:40 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-06-17 11:27:38 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-06-17 11:27:37 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-06-17 11:27:37 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-06-17 11:27:37 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-06-17 11:27:36 229376 --a------ C:\Documents and Settings\LocalService\NTUSER.DAT
2008-06-17 11:27:36 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-06-17 11:27:21 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-06-17 11:27:21 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-06-17 11:27:21 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-06-17 11:27:21 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-06-17 11:27:20 229376 --a------ C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-06-17 11:24:48 0 d-------- C:\WINDOWS\system32\xircom
2008-06-17 11:24:48 0 d-------- C:\Program Files\microsoft frontpage
2008-06-17 11:24:45 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-06-17 11:24:43 0 d--h----- C:\WINDOWS\$hf_mig$
2008-06-17 11:24:23 0 -rahs---- C:\MSDOS.SYS
2008-06-17 11:24:23 0 -rahs---- C:\IO.SYS
2008-06-17 11:24:23 0 --a------ C:\CONFIG.SYS
2008-06-17 11:24:23 0 --a------ C:\AUTOEXEC.BAT
2008-06-17 11:23:30 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-06-17 11:23:21 0 dr------- C:\WINDOWS\Offline Web Pages
2008-06-17 11:23:21 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-06-17 11:23:11 0 d--h----- C:\Program Files\WindowsUpdate
2008-06-17 11:23:07 0 d-------- C:\Program Files\Services en ligne
2008-06-17 11:22:52 0 d-------- C:\WINDOWS\system32\DirectX
2008-06-17 11:22:20 0 d---s---- C:\WINDOWS\Tasks
2008-06-17 11:22:19 0 d-------- C:\Program Files\Fichiers communs\MSSoap
2008-06-17 11:22:15 0 d-------- C:\WINDOWS\srchasst
2008-06-17 11:22:14 0 d-------- C:\WINDOWS\system32\Macromed
2008-06-17 11:22:07 0 d-------- C:\Program Files\Movie Maker
2008-06-17 11:22:00 0 d-------- C:\WINDOWS\system32\Restore
2008-06-17 11:21:35 21892 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-17 11:21:18 0 d-------- C:\WINDOWS\Registration
2008-06-17 11:20:45 0 d-------- C:\Program Files\Online Services
2008-06-17 11:20:40 0 d-------- C:\Program Files\Messenger
2008-06-17 11:20:36 0 d-------- C:\Program Files\MSN Gaming Zone
2008-06-17 11:20:02 0 d-------- C:\Program Files\Windows NT
2008-06-17 11:19:59 0 d-------- C:\WINDOWS\system32\MsDtc
2008-06-17 11:19:57 0 d-------- C:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2008-07-01 13:39:07 367896 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-07-01 13:39:07 48814 --a------ C:\WINDOWS\system32\perfc00C.dat
2008-07-01 11:51:36 17408 --a------ C:\WINDOWS\system32\svchost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-01 10:33:17 579584 --a------ C:\WINDOWS\system32\user32.DLL <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®>
2008-06-17 13:10:41 62 --ahs---- C:\Documents and Settings\Lyn\Application Data\desktop.ini
2008-04-13 19:34:30 516096 --a------ C:\WINDOWS\system32\winlogon.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®>
2008-04-13 19:34:24 58880 --a------ C:\WINDOWS\system32\spoolsv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 19:34:22 111104 --a------ C:\WINDOWS\system32\services.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®>
2008-04-13 19:34:10 14848 --a------ C:\WINDOWS\system32\lsass.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-13 19:34:04 1040384 --a------ C:\WINDOWS\explorer.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®>
2008-04-13 19:33:30 32768 --a------ C:\WINDOWS\system32\yweptr.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffc86435-2ddc-4323-b170-c5c99c6515ae}]
C:\WINDOWS\system32\wvUkHYoN.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [04/09/2001 15:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [27/05/2008 10:50]
"SoundMan"="SOUNDMAN.EXE" [16/04/2007 15:28 C:\WINDOWS\soundman.exe]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [02/04/2007 16:48]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [26/03/2007 15:49]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [15/07/2005 23:48]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"lphcndpj0eecp"="C:\WINDOWS\system32\lphcndpj0eecp.exe" [01/07/2008 10:33]
"f0c77075"="C:\WINDOWS\system32\clgpiife.dll" [01/07/2008 11:53]
"SMrhcjdpj0eecp"="C:\Program Files\rhcjdpj0eecp\rhcjdpj0eecp.exe" [30/06/2008 17:27]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [13/04/2008 19:34]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]
"msvecurity"="C:\WINDOWS\msvecurity.exe" [01/07/2008 10:33]
"iexplorer"="C:\WINDOWS\iexplorer.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingB6561"=command /c del "C:\Documents and Settings\Lyn\Menu Démarrer\Programmes\Brave-Sentry\Uninstall.lnk"
"SpybotDeletingD1144"=cmd /c del "C:\Documents and Settings\Lyn\Menu Démarrer\Programmes\Brave-Sentry\Uninstall.lnk"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Spybot - Search & Destroy"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

C:\Documents and Settings\Lyn\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 19:16:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"XmFSv"= {F0C770DB-5A6D-DA71-A5CE-49A6C1F9BB3F} - C:\WINDOWS\system32\yweptr.dll [13/04/2008 19:33 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\wvUkHYoN

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vqi08.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rainlendar2]
C:\Program Files\Rainlendar2\Rainlendar2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\autorun_PES2008.exe




-- End of Deckard's System Scanner: finished at 2008-07-01 19:14:03 ------------

Salut, il faut que tu vire l'antivirus XP 2008, si il ne veut pas ce désinstaller supprime le dossier dans program files directement ou en mode sans échec et ensuite tu installe Malwarebytes Anti-Malware 1.19 et tu fais une analyse et tu vire tout ce qu'il détecte.

vérifie si tu n'a pas les fichiers suivants dans windows/system32:
pphcgmcj0e17l.exe, rhclmcj0e17l.exe, sysrest.sys, swrp.dll, si c'est le cas supprime-les.

le seul problème est au cas ou tu aurais des fichiers de windows/system32 qui seraient infectés comme service.exe, winlogon.exe, Lsass.exe, svchost.exe & explorer.exe, préviens-moi au cas ou ?
A+

merci!!! ça à l'air de marcher à part un message d'erreur au démarrage mais ça vient d'antivirus XP 2008 je pense (car j'ai supprimé les fichiers)

voici le comboFix:
ComboFix 08-06-30.2 - Lyn 2008-07-02 9:55:35.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.639 [GMT 2:00]
Endroit: C:\Documents and Settings\Lyn\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]

et le hiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05, on 2008-07-02
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lyn\Bureau\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {ffc86435-2ddc-4323-b170-c5c99c6515ae} - C:\WINDOWS\system32\wvUkHYoN.dll (file missing)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lphcndpj0eecp] C:\WINDOWS\system32\lphcndpj0eecp.exe
O4 - HKLM\..\Run: [f0c77075] rundll32.exe "C:\WINDOWS\system32\clgpiife.dll",b
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF15805.exe /c C:\ComboFix\Combobatch.bat
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [msvecurity] C:\WINDOWS\msvecurity.exe
O4 - HKCU\..\Run: [iexplorer] C:\WINDOWS\iexplorer.exe --system
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 3702993000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mi [...] 3717870781
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://camera1.mairie-brest.fr/activex/AMC.cab
O21 - SSODL: XmFSv - {F0C770DB-5A6D-DA71-A5CE-49A6C1F9BB3F} - C:\WINDOWS\system32\yweptr.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 5895 bytes

Alors verdict??? ;-)

@espeleta_29 : ton log combofix n'est pas entier, soit tu l'as mal copié, soit tu n'as pas attendu assez longtemps qu'il se fasse, et vu la tête de ton hijackthis, je suppose que c'est la seconde solution.

Attend que combofix ai fini, et redonne ton nouveau log combofix et hijackthis suite à cette manipulation.

Edit: ah bah j'aurais du rafraichir entre temps

effectivement il manquait une bonne partie!!

Voici combofix:
ComboFix 08-06-30.2 - Lyn 2008-07-02 10:27:29.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.790 [GMT 2:00]
Endroit: C:\Documents and Settings\Lyn\Bureau\ComboFix.exe

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Lyn\Application Data\rhcjdpj0eecp
C:\Documents and Settings\Lyn\Application Data\sp1
C:\Program Files\rhcjdpj0eecp
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\enpq.exe
C:\WINDOWS\file.bat
C:\WINDOWS\system32\blphcndpj0eecp.scr
C:\WINDOWS\system32\clgpiife.dll
C:\WINDOWS\system32\efiipglc.ini
C:\WINDOWS\system32\lphcndpj0eecp.exe
C:\WINDOWS\system32\NoYHkUvw.ini
C:\WINDOWS\system32\NoYHkUvw.ini2
C:\WINDOWS\system32\ntpl.bin
C:\WINDOWS\system32\nvrsma.dll
C:\WINDOWS\system32\phcndpj0eecp.bmp
C:\WINDOWS\system32\pphcndpj0eecp.exe
C:\WINDOWS\system32\urqPICur.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_tcpsr
-------\Service_tcpsr
-------\Legacy_tcpsr
-------\Service_tcpsr


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-02 to 2008-07-02 ))))))))))))))))))))))))))))))))))))
.

2008-07-02 09:44 . 2008-07-02 10:00 192,512 --a------ C:\WINDOWS\system32\cbOCR.dll
2008-07-02 01:19 . 2008-07-02 01:19 268 --ah----- C:\sqmdata00.sqm
2008-07-02 01:19 . 2008-07-02 01:19 244 --ah----- C:\sqmnoopt00.sqm
2008-07-01 19:09 . 2008-07-01 19:09 <REP> d-------- C:\Deckard
2008-07-01 18:58 . 2008-07-01 18:58 <REP> d-------- C:\SDFix
2008-07-01 14:21 . 2008-07-01 18:49 359 --a------ C:\WINDOWS\wininit.ini
2008-07-01 13:51 . 2008-07-01 19:35 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-01 13:51 . 2008-07-01 19:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-01 13:29 . 2008-07-01 13:29 <REP> d-------- C:\WINDOWS\ERUNT
2008-07-01 13:20 . 2008-07-01 13:40 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-01 11:10 . 2008-06-17 13:10 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-07-01 11:10 . 2008-06-17 13:10 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-07-01 11:10 . 2008-06-17 11:20 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-07-01 11:10 . 2008-06-17 13:10 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-07-01 11:10 . 2008-06-17 13:10 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-07-01 11:10 . 2008-06-17 13:10 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-07-01 11:10 . 2008-06-17 13:10 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-07-01 11:09 . 2008-07-01 11:37 <REP> d-------- C:\Documents and Settings\Administrateur
2008-07-01 10:56 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-01 10:56 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-01 10:56 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-01 10:56 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-01 10:56 . 2008-06-23 23:34 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-01 10:56 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-01 10:56 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-01 10:56 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-01 10:56 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-01 10:56 . 2008-07-01 12:15 3,730 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-01 10:44 . 2008-07-01 10:44 <REP> d-------- C:\WINDOWS\Torrents
2008-07-01 10:42 . 2008-06-21 11:35 30,208 --a------ C:\WINDOWS\SysC.exe
2008-07-01 10:34 . 2008-07-01 10:34 64,512 --a------ C:\WINDOWS\system32\wpx5.cpx
2008-07-01 10:34 . 2008-07-02 09:53 39,549 --a------ C:\WINDOWS\msvecurity.config
2008-07-01 10:34 . 2008-07-01 10:34 13,312 --a------ C:\WINDOWS\system32\wpx6.cpx
2008-07-01 10:33 . 2008-07-01 10:33 579,584 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-07-01 10:33 . 2008-07-01 13:37 63,488 --a------ C:\WINDOWS\system32\gx.ak
2008-07-01 10:33 . 2008-07-01 13:37 32,768 --a------ C:\WINDOWS\system32\pol.art
2008-07-01 10:33 . 2008-07-01 13:37 28,672 --a------ C:\WINDOWS\system32\mn.hlpf
2008-07-01 10:33 . 2008-07-01 13:37 28,672 --a------ C:\WINDOWS\system32\cty.sp
2008-07-01 10:33 . 2008-07-01 13:37 28,672 --a------ C:\WINDOWS\system32\cnkl.sr
2008-07-01 10:32 . 2008-07-02 10:32 65,970 --a------ C:\WINDOWS\system32\drivers\55a36e68.sys
2008-07-01 10:32 . 2008-07-02 10:00 30,208 --a------ C:\WINDOWS\system32\drivers\Vqi08.sys
2008-07-01 10:32 . 2008-07-01 11:26 30,208 --a------ C:\WINDOWS\system32\drivers\Vqi08(3).sys
2008-07-01 10:32 . 2008-07-01 10:33 30,208 --a------ C:\WINDOWS\system32\drivers\Vqi08(2).sys
2008-06-30 21:39 . 2008-04-13 11:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-06-30 21:39 . 2008-04-13 11:47 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-06-30 09:16 . 2008-07-01 10:22 <REP> d-------- C:\Documents and Settings\Lyn\Application Data\Azureus
2008-06-30 09:16 . 2008-06-30 09:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-06-29 19:54 . 2008-06-29 19:54 <REP> dr-h----- C:\Documents and Settings\Lyn\Application Data\SecuROM
2008-06-29 19:54 . 2008-06-29 19:54 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-06-29 19:40 . 2008-06-29 19:40 <REP> d-------- C:\Program Files\KONAMI
2008-06-29 18:24 . 2008-06-29 18:24 32 --a------ C:\WINDOWS\tdlp32.ini
2008-06-29 16:43 . 2008-06-29 16:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-06-29 15:46 . 2008-06-29 15:46 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2008-06-29 15:24 . 2008-06-29 15:24 <REP> d-------- C:\Program Files\ahead
2008-06-29 13:33 . 2008-06-29 15:46 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared(2)
2008-06-29 13:33 . 2008-06-29 15:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems(2)
2008-06-23 18:51 . 2008-06-23 18:51 <REP> d-------- C:\Program Files\MSBuild
2008-06-23 18:51 . 2008-06-23 18:51 <REP> d-------- C:\Program Files\Microsoft Works
2008-06-23 18:46 . 2008-06-23 18:50 <REP> d-------- C:\WINDOWS\SHELLNEW
2008-06-23 18:46 . 2008-06-23 18:46 <REP> dr-h----- C:\MSOCache
2008-06-23 18:43 . 2008-06-23 18:43 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2008-06-22 21:48 . 2008-06-22 21:48 <REP> d-------- C:\Program Files\Axis Communications
2008-06-22 17:15 . 2008-06-22 17:15 <REP> d-------- C:\Program Files\Mojicon Installer
2008-06-22 12:13 . 2008-06-22 12:13 <REP> d-------- C:\Program Files\Microsoft Carioca
2008-06-22 11:07 . 2008-06-22 11:07 <REP> d-------- C:\Documents and Settings\Lyn\Application Data\Open Source Applications Foundation
2008-06-20 22:06 . 2008-06-20 22:06 <REP> d-------- C:\Documents and Settings\Lyn\Application Data\vlc
2008-06-20 22:05 . 2008-06-20 22:05 <REP> d-------- C:\Program Files\VideoLAN
2008-06-20 20:04 . 2008-06-20 20:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-06-20 19:56 . 2008-06-20 19:56 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-06-20 19:18 . 2008-06-30 11:25 <REP> d-------- C:\Documents and Settings\Lyn\Shared
2008-06-20 19:18 . 2008-06-30 11:25 <REP> d-------- C:\Documents and Settings\Lyn\Incomplete
2008-06-20 19:18 . 2008-06-20 19:29 <REP> d-------- C:\Documents and Settings\Lyn\Application Data\FrostWire
2008-06-19 22:19 . 2008-06-25 11:15 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-06-19 22:19 . 2008-06-19 22:19 <REP> d-------- C:\Documents and Settings\Lyn\Application Data\DAEMON Tools
2008-06-19 22:19 . 2008-06-19 22:19 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-19 20:54 . 2008-06-24 18:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-19 20:51 . 2008-06-19 20:51 <REP> d-------- C:\Program Files\Fichiers communs\PC SOFT
2008-06-19 20:51 . 2008-06-19 20:51 67 --a------ C:\WINDOWS\contact.ini
2008-06-18 19:17 . 2008-06-29 16:41 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-06-18 19:08 . 2008-06-18 19:08 <REP> d-------- C:\Program Files\Google
2008-06-17 22:51 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-17 22:50 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-17 22:49 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-06-17 22:49 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-06-17 22:49 . 2008-04-13 11:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-06-17 22:49 . 2008-04-13 11:45 10,368 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-06-17 18:12 . 2008-06-20 19:18 <REP> d-------- C:\Program Files\FrostWire
2008-06-17 18:12 . 2008-07-01 10:22 <REP> d-------- C:\Program Files\Azureus
2008-06-17 17:53 . 2008-06-17 17:53 <REP> d-------- C:\Documents and Settings\Lyn\Contacts
2008-06-17 17:52 . 2008-06-17 17:52 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-06-17 17:50 . 2008-06-17 17:52 <REP> d-------- C:\Program Files\Windows Live
2008-06-17 17:50 . 2008-06-17 17:51 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-06-17 17:48 . 2008-06-17 17:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-17 15:01 . 2008-06-17 15:01 <REP> d-------- C:\Documents and Settings\Lyn\Application Data\Bitdefender
2008-06-17 14:59 . 2008-07-02 10:29 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-06-17 14:53 . 2008-06-17 14:53 <REP> d-------- C:\Program Files\Softwin
2008-06-17 14:53 . 2008-06-17 14:53 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
2008-06-17 14:53 . 2008-06-17 14:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-06-17 14:51 . 2008-06-17 14:51 <REP> d-------- C:\WINDOWS\Logs
2008-06-17 14:43 . 2003-06-05 00:41 186,095 --a------ C:\WINDOWS\system32\drivers\o2mmb.sys
2008-06-17 14:43 . 2003-06-09 13:20 8,008 --a------ C:\WINDOWS\system32\drivers\o2mmb.cat
2008-06-17 14:43 . 2003-04-29 10:26 5,689 --a------ C:\WINDOWS\system32\drivers\MbxStby.sys
2008-06-17 14:43 . 2003-06-05 00:33 2,539 --a------ C:\WINDOWS\system32\drivers\o2mmb.inf
2008-06-17 14:33 . 2008-06-30 09:48 <REP> d-------- C:\Documents and Settings\Lyn\Application Data\OpenOffice.org2
2008-06-17 14:33 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-06-17 14:32 . 2008-06-17 14:32 <REP> d-------- C:\Program Files\Realtek AC97
2008-06-17 14:32 . 2006-12-08 15:20 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2008-06-17 14:32 . 2006-10-18 02:53 147,456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2008-06-17 14:31 . 2008-06-30 09:49 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
2008-06-17 14:04 . 2008-06-17 14:04 <REP> d-------- C:\Program Files\QuickTime
2008-06-17 14:04 . 2008-06-17 14:04 <REP> d-------- C:\Program Files\Apple Software Update
2008-06-17 14:04 . 2008-06-17 14:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-17 14:04 . 2008-06-17 14:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-17 12:34 . 2008-04-13 19:33 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-06-17 12:34 . 2008-04-13 19:33 1,306,624 -----c--- C:\WINDOWS\system32\dllcache\msxml6.dll
2008-06-17 12:34 . 2008-04-13 19:04 93,184 --------- C:\WINDOWS\system32\msxml6r.dll
2008-06-17 12:34 . 2008-04-13 19:04 93,184 -----c--- C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-06-17 12:32 . 2008-06-17 12:32 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-06-17 12:32 . 2008-04-13 19:34 294,912 -----c--- C:\WINDOWS\system32\dllcache\dlimport.exe
2008-06-17 12:30 . 2007-08-10 08:18 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-17 12:30 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\002603_.tmp
2008-06-17 12:28 . 2008-06-17 12:28 <REP> d-------- C:\WINDOWS\EHome
2008-06-17 12:25 . 2008-06-17 12:25 2,422 --a------ C:\WINDOWS\system32\wpa.bak
2008-06-17 12:07 . 2008-06-17 12:07 <REP> d-------- C:\Program Files\Realtek Sound Manager
2008-06-17 12:07 . 2008-06-17 12:07 <REP> d-------- C:\Program Files\AvRack

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 09:51 17,408 ----a-w C:\WINDOWS\system32\svchost.exe
2008-07-01 08:33 579,584 ----a-w C:\WINDOWS\system32\user32.DLL
2008-06-29 16:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-17 12:43 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-06-17 11:53 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-17 11:53 --------- d-----w C:\Program Files\Java
2008-06-17 11:52 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-06-17 09:52 --------- d-----w C:\Program Files\ATI Technologies
2008-06-17 09:24 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-17 09:23 --------- d-----w C:\Program Files\Services en ligne
2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-30 12:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 12:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 12:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 12:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 12:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 12:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
2008-05-30 12:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-13 17:50 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-13 17:37 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-13 17:33 98,816 ----a-w C:\WINDOWS\system32\psbase.dll
2008-04-13 17:32 764,416 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-13 17:32 61,471 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-13 17:32 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
2008-04-13 17:07 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 17:07 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 17:06 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03 81,920 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:02 50,688 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 17:01 572,416 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:59 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-13 16:58 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 16:58 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:57 70,144 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 16:54 103,936 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 09:45 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 09:40 445,440 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 09:36 2,986,496 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 09:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-13 09:35 197,632 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 09:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 09:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 08:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 08:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 08:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 08:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 08:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 07:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 07:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 06:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
.
[color=red] C:\WINDOWS\system32\user32.dll ... is infected !! (additional data below) [/color]
578,048 2006-03-02 12:00:00 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
579,584 2008-04-13 17:33:50 C:\WINDOWS\ServicePackFiles\i386\user32.dll
579,584 2008-07-01 08:33:17 C:\WINDOWS\system32\user32.DLL
579,584 2008-07-01 08:33:17 C:\WINDOWS\system32\dllcache\user32.dll


------- Sigcheck -------

2006-03-02 14:00 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2008-04-13 19:34 14336 e4bdf223cd75478bf44567b4d5c2634d C:\WINDOWS\ServicePackFiles\i386\svchost.exe
md5deep: C:\WINDOWS\system32\svchost.exe: error at offset 0: Permission denied

2006-03-02 14:00 578048 61c8c283ad063bb697ae61a155c64a5a C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2008-04-13 19:33 579584 e853f84d3ce2faa2a802e33cf89ac023 C:\WINDOWS\ServicePackFiles\i386\user32.dll
2008-07-01 10:33 579584 d14e7279cdc1a2dae01d872c0e03b189 C:\WINDOWS\system32\user32.DLL
2008-07-01 10:33 579584 d14e7279cdc1a2dae01d872c0e03b189 C:\WINDOWS\system32\dllcache\user32.dll

2006-03-02 14:00 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2008-04-13 19:34 512000 dd73d6b9f6b4cb630cf35b438b540174 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
md5deep: C:\WINDOWS\system32\winlogon.exe: error at offset 0: Permission denied

md5deep: C:\WINDOWS\explorer.exe: error at offset 0: Permission denied
2006-03-02 14:00 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2008-04-13 19:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\ServicePackFiles\i386\explorer.exe

2006-03-02 14:00 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\$NtServicePackUninstall$\services.exe
2008-04-13 19:34 109056 54cb50058851d95e56ec70d09f70857f C:\WINDOWS\ServicePackFiles\i386\services.exe
md5deep: C:\WINDOWS\system32\services.exe: error at offset 0: Permission denied

2006-03-02 14:00 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2008-04-13 19:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb C:\WINDOWS\ServicePackFiles\i386\lsass.exe
md5deep: C:\WINDOWS\system32\lsass.exe: error at offset 0: Permission denied
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 16:48 290816]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 15:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"NoActiveDesktopChanges"= 00000000
"NoActiveDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"XmFSv"= {F0C770DB-5A6D-DA71-A5CE-49A6C1F9BB3F} - C:\WINDOWS\system32\yweptr.dll [2008-04-13 19:33 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vqi08.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=

R0 Vqi08;Vqi08;C:\WINDOWS\system32\Drivers\Vqi08.sys [2008-07-02 10:00]
R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2003-06-05 00:41]
R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2003-04-29 10:26]
S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2003-10-30 21:17]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 11:45]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\autorun_PES2008.exe

.
- - - - ORPHANS REMOVED - - - -

BHO-{ffc86435-2ddc-4323-b170-c5c99c6515ae} - C:\WINDOWS\system32\wvUkHYoN.dll
HKCU-Run-msvecurity - C:\WINDOWS\msvecurity.exe
HKCU-Run-iexplorer - C:\WINDOWS\iexplorer.exe
HKLM-Run-lphcndpj0eecp - C:\WINDOWS\system32\lphcndpj0eecp.exe
HKLM-Run-f0c77075 - C:\WINDOWS\system32\clgpiife.dll
MSConfigStartUp-rainlendar2 - C:\Program Files\Rainlendar2\Rainlendar2.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-02 10:31:14
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
NoActiveDesktopChanges = 3F 00 00 00
NoActiveDesktop = 63
NoSaveSettings = 63
ClassicShell = 63

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-02 10:33:19 - machine was rebooted [Lyn]
ComboFix-quarantined-files.txt 2008-07-02 08:33:14

Pre-Run: 8,937,172,992 octets libres
Post-Run: 8,933,457,920 octets libres

328 --- E O F --- 2008-06-24 16:02:53

et HiJackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:52, on 02/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Lyn\Bureau\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 3702993000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mi [...] 3717870781
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://camera1.mairie-brest.fr/activex/AMC.cab
O21 - SSODL: XmFSv - {F0C770DB-5A6D-DA71-A5CE-49A6C1F9BB3F} - C:\WINDOWS\system32\yweptr.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 5471 bytes

Merci encore de me consacrer un peu de votre temps!!

ok ça marche merci c'est gentil!
mais là ça à l'air de marcher... C'est grave docteur?? lol

mais ça sera toujours comme ça après?
Il reste des trucs encore sur mon ordi??

Juste pour signaler qu'après, tu peux modifier ce comportement, si tu ne veux plus avoir le choix entre démarrer Windows normalement ou utiliser la Console de Récupération, tu peux modifier un fichier afin de lancer directement Windows normalement.
Mais dans un premier temps, vu que quelques manipulations vont être délicates, afin de ne pas perdre ton PC, il vaut mieux installer cette Console de Récupération.

Bonjour,

Parfait

L'installation de la console de récupération a permis à combofix de corriger lui-même un fichier légitime infecté, comme je m'y attendais.

Dans ton premier rapport, on pouvait y voir ceci :

Dans le deuxième, suite à l'installation de la console :

Maintenant, laisse-moi le temps de te préparer un script pour enlever toutes les bébêtes de ton PC, et crois-moi il y en a...

En attendant, je te conseille de cliquer sur le lien dans ma signature, tu en apprendras beaucoup. Je te réponds d'ici ce soir.

Salut!

J'ai pas mal appris sur les virus et autres avec ton fichier et 'est vrai que je fais trop confiance!

Par contre, tout marche nickel mais aujourd'hui il y a à nouveau eu le message d'erreur: problème dans services.exe. J'ai redémarré plusieurs fois et maintenant c'est bon. Mais c'est bizarre quand même non?

Merci d'avance pour ta réponse!

Slt!!

J'espère que tu as passé de bonnes vcs!
Je me connecte sous un autre compte car quand je me connecte avec l'autre, impossible de se connecter au forum!

Voici le rapport main.txt (pas extra.txt car j'ai déjà utilisé ce logiciel)

Deckard's System Scanner v20071014.68
Run by Lyn on 2008-08-04 13:42:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Lyn.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:42:27, on 04/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Documents and Settings\Lyn\Bureau\dss.exe
C:\DOCUME~1\Lyn\Bureau\Lyn.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com//
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0cca191d-13a6-4e29-b746-314dee697d83} (Facebook Photo Uploader 5) - http://upload.facebook.com/control [...] oader5.cab
O16 - DPF: {4f1e5b1a-2a80-42ca-8532-2d05cb959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr [...] NPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 3702993000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mi [...] 3717870781
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://camera1.mairie-brest.fr/activex/AMC.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Boonty Games (boonty games) - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Nero BackItUp Scheduler 3 (nero backitup scheduler 3) - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService (nmindexingservice) - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 6467 bytes

-- Files created between 2008-07-04 and 2008-08-04 -----------------------------

2008-08-03 11:21:43 0 d-------- C:\Program Files\DOKA Media
2008-08-03 11:21:40 50 --a------ C:\DragonTilesMahjonggpath.sys
2008-08-02 21:11:15 0 d-------- C:\Program Files\Cyanide
2008-07-31 15:17:58 0 dr------- C:\Documents and Settings\LocalService\Favoris
2008-07-30 17:50:23 0 d-------- C:\327882R2FWJFW
2008-07-30 11:30:03 51975 --a------ C:\qq.bin
2008-07-18 20:35:33 4386816 --a------ C:\Documents and Settings\Lyn\ntuser.dat
2008-07-16 17:23:50 0 d-------- C:\Documents and Settings\All Users\Application Data\BOONTY
2008-07-16 17:23:47 0 d-------- C:\Program Files\Fichiers communs\BOONTY Shared
2008-07-16 17:22:10 0 d-------- C:\Program Files\BoontyGames
2008-07-16 17:22:09 0 d-------- C:\Program Files\Boonty
2008-07-15 17:42:10 0 d-------- C:\Program Files\Lavalys
2008-07-14 11:56:38 0 d-------- C:\Program Files\Big Kahuna Reef 2 - Chain Reaction
2008-07-14 11:53:29 0 --a------ C:\Program Files\temp01
2008-07-14 11:53:28 0 d-------- C:\Program Files\bfgclient
2008-07-14 11:52:37 0 d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-07-14 10:37:48 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-14 10:37:48 80412 --a------ C:\WINDOWS\grep.exe
2008-07-14 10:30:13 0 d-------- C:\Documents and Settings\Lyn\Start Menu
2008-07-14 10:28:31 68096 --a------ C:\WINDOWS\zip.exe
2008-07-14 10:28:31 98816 --a------ C:\WINDOWS\sed.exe
2008-07-14 10:28:30 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-14 10:28:30 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-14 10:28:30 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-14 10:28:30 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-12 09:56:08 192512 --a------ C:\WINDOWS\system32\cbOCR.dll <Not Verified; TODO: <Company name>; TODO: <Product name>>
2008-07-10 16:30:50 0 d-------- C:\Program Files\MSXML 4.0
2008-07-10 10:09:22 0 d-------- C:\Program Files\Xara
2008-07-10 10:09:22 0 d-------- C:\Program Files\Common Files
2008-07-08 11:24:16 0 d-------- C:\Program Files\Real
2008-07-08 11:24:15 0 d-------- C:\Program Files\Fichiers communs\Real
2008-07-08 11:24:15 0 d-------- C:\Documents and Settings\Lyn\Application Data\Real
2008-07-07 21:10:14 0 d-------- C:\Program Files\Eidos Interactive
2008-07-07 13:40:05 0 d-------- C:\Documents and Settings\Lyn\Application Data\Nero
2008-07-07 13:35:10 0 d-------- C:\Program Files\Nero
2008-07-07 13:35:10 0 d-------- C:\Program Files\Fichiers communs\Nero
2008-07-07 13:35:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-07-06 18:37:36 0 d-------- C:\WINDOWS\Sun
2008-07-06 18:37:36 0 d-------- C:\Documents and Settings\Lyn\Application Data\Sun
2008-07-06 15:39:26 0 d-------- C:\Documents and Settings\Lyn\Application Data\Apple Computer
2008-07-04 19:44:28 0 d-------- C:\WINDOWS\system32\repository
2008-07-04 12:43:39 0 d-------- C:\cmdcons


-- Find3M Report ---------------------------------------------------------------

2008-08-04 13:39:38 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-07-18 13:48:27 0 d-------- C:\Program Files\Windows Live Safety Center
2008-07-08 11:24:24 0 d-------- C:\Program Files\Fichiers communs
2008-07-07 21:10:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-03 14:37:46 0 d-------- C:\Program Files\Azureus
2008-07-03 14:37:43 0 d-------- C:\Documents and Settings\Lyn\Application Data\Azureus
2008-07-01 13:39:07 367896 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-07-01 13:39:07 48814 --a------ C:\WINDOWS\system32\perfc00C.dat
2008-07-01 12:15:52 3730 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-01 11:51:36 17408 --a------ C:\WINDOWS\system32\svchost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-30 09:49:30 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-06-30 09:48:07 0 d-------- C:\Documents and Settings\Lyn\Application Data\OpenOffice.org2
2008-06-29 19:54:55 0 dr-h----- C:\Documents and Settings\Lyn\Application Data\SecuROM
2008-06-29 19:40:39 0 d-------- C:\Program Files\KONAMI
2008-06-29 18:59:00 0 d-------- C:\Documents and Settings\Lyn\Application Data\Adobe
2008-06-29 16:41:59 0 d-------- C:\Program Files\Fichiers communs\Adobe
2008-06-29 15:46:52 0 d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2008-06-29 15:46:20 0 d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared(2)
2008-06-29 15:24:32 0 d-------- C:\Program Files\ahead
2008-06-23 18:51:17 0 d-------- C:\Program Files\Microsoft Works
2008-06-23 18:51:10 0 d-------- C:\Program Files\MSBuild
2008-06-22 21:48:38 0 d-------- C:\Program Files\Axis Communications
2008-06-22 17:15:23 0 d-------- C:\Program Files\Mojicon Installer
2008-06-22 12:13:17 0 d-------- C:\Program Files\Microsoft Carioca
2008-06-22 11:07:11 0 d-------- C:\Documents and Settings\Lyn\Application Data\Open Source Applications Foundation
2008-06-20 23:06:03 0 d-------- C:\Documents and Settings\Lyn\Application Data\WinRAR
2008-06-20 22:06:56 0 d-------- C:\Documents and Settings\Lyn\Application Data\vlc
2008-06-20 22:05:49 0 d-------- C:\Program Files\VideoLAN
2008-06-20 19:56:24 0 d-------- C:\Program Files\Messenger Plus! Live
2008-06-20 19:29:26 0 d-------- C:\Documents and Settings\Lyn\Application Data\FrostWire
2008-06-20 19:18:16 0 d-------- C:\Program Files\FrostWire
2008-06-19 22:19:33 0 d-------- C:\Documents and Settings\Lyn\Application Data\DAEMON Tools
2008-06-19 20:51:05 0 d-------- C:\Program Files\Fichiers communs\PC SOFT
2008-06-18 19:08:03 0 d-------- C:\Program Files\Google
2008-06-17 17:52:21 0 d-------- C:\Program Files\Windows Live
2008-06-17 17:51:18 0 d--hs--c- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-06-17 15:01:19 0 d-------- C:\Documents and Settings\Lyn\Application Data\Bitdefender
2008-06-17 14:43:32 0 d-------- C:\Program Files\Fichiers communs\InstallShield
2008-06-17 14:32:49 0 d-------- C:\Program Files\Realtek AC97
2008-06-17 14:22:23 0 d-------- C:\Documents and Settings\Lyn\Application Data\Macromedia
2008-06-17 14:04:31 0 d-------- C:\Program Files\QuickTime
2008-06-17 14:04:02 0 d-------- C:\Program Files\Apple Software Update
2008-06-17 13:53:40 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-17 13:53:21 0 d-------- C:\Program Files\Java
2008-06-17 13:52:23 0 d-------- C:\Program Files\Fichiers communs\Java
2008-06-17 13:11:12 0 d-------- C:\Program Files\Fichiers communs\ODBC
2008-06-17 13:11:09 0 d-------- C:\Program Files\Fichiers communs\SpeechEngines
2008-06-17 13:10:41 62 --ahs---- C:\Documents and Settings\Lyn\Application Data\desktop.ini
2008-06-17 12:34:01 0 d-------- C:\Program Files\Messenger
2008-06-17 12:33:46 0 d-------- C:\Program Files\Movie Maker
2008-06-17 12:32:07 0 d-------- C:\Program Files\Windows NT
2008-06-17 12:07:19 0 d-------- C:\Program Files\Realtek Sound Manager
2008-06-17 12:07:19 0 d-------- C:\Program Files\AvRack
2008-06-17 12:01:39 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-17 12:01:37 0 d-------- C:\Documents and Settings\Lyn\Application Data\Mozilla
2008-06-17 11:52:23 0 d-------- C:\Program Files\ATI Technologies
2008-06-17 11:28:31 0 d-------- C:\Documents and Settings\Lyn\Application Data\Identities
2008-06-17 11:24:48 0 d-------- C:\Program Files\microsoft frontpage
2008-06-17 11:24:23 0 -rahs---- C:\MSDOS.SYS
2008-06-17 11:24:23 0 -rahs---- C:\IO.SYS
2008-06-17 11:24:23 0 --a------ C:\CONFIG.SYS
2008-06-17 11:24:23 0 --a------ C:\AUTOEXEC.BAT
2008-06-17 11:23:11 0 d--h----- C:\Program Files\WindowsUpdate
2008-06-17 11:23:07 0 d-------- C:\Program Files\Services en ligne
2008-06-17 11:22:19 0 d-------- C:\Program Files\Fichiers communs\MSSoap
2008-06-17 11:21:35 21892 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-17 11:20:45 0 d-------- C:\Program Files\Online Services
2008-06-17 11:20:36 0 d-------- C:\Program Files\MSN Gaming Zone
2008-05-29 09:35:36 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-23 18:21:42 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-05-18 21:40:36 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [04/09/2001 15:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [27/05/2008 10:50]
"SoundMan"="SOUNDMAN.EXE" [16/04/2007 15:28 C:\WINDOWS\soundman.exe]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [02/04/2007 16:48]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [26/03/2007 15:49]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [15/07/2005 23:48]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [01/03/2007 15:57]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [08/08/2007 09:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [03/08/2007 12:51]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"NoActiveDesktopChanges"=00000000
"NoActiveDesktop"=0 (0x0)
"NoSaveSettings"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vqi08.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\autorun_PES2008.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2ccb0dc-51a5-11dd-ad6a-00030d0f917a}]
autorun\command- F:\InstallTomTomHOME.exe




-- End of Deckard's System Scanner: finished at 2008-08-04 13:43:01 ------------

voilà!!

ComboFix 08-08-04.01 - Lyn 2008-08-05 11:50:32.7 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.654 [GMT 2:00]
Endroit: C:\Documents and Settings\Lyn\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\drivers\55a36e68.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_tcpsr
-------\Service_55a36e68
-------\Service_tcpsr
-------\Legacy_TCPSR
-------\Service_tcpsr


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-05 to 2008-08-05 ))))))))))))))))))))))))))))))))))))
.

2008-08-05 11:54 . 8,704 C:\WINDOWS\system32\drivers\tcpsr.sys
2008-08-03 11:21 . 2008-08-03 11:21 <REP> d-------- C:\Program Files\DOKA Media
2008-08-03 11:21 . 2008-08-03 11:21 50 --a------ C:\DragonTilesMahjonggpath.sys
2008-08-02 21:11 . 2008-08-02 21:15 <REP> d-------- C:\Program Files\Cyanide
2008-07-31 15:17 . 2008-07-31 15:17 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-07-30 17:54 . 2008-07-30 17:54 268 --ah----- C:\sqmdata02.sqm
2008-07-30 17:54 . 2008-07-30 17:54 244 --ah----- C:\sqmnoopt02.sqm
2008-07-30 17:41 . 2008-07-30 17:41 268 --ah----- C:\sqmdata01.sqm
2008-07-30 17:41 . 2008-07-30 17:41 244 --ah----- C:\sqmnoopt01.sqm
2008-07-30 11:30 . 2008-07-30 12:08 51,975 --a------ C:\qq.bin
2008-07-16 17:23 . 2008-07-16 17:23 <REP> d-------- C:\Program Files\Fichiers communs\BOONTY Shared
2008-07-16 17:23 . 2008-07-16 17:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BOONTY
2008-07-16 17:22 . 2008-07-16 17:23 <REP> d-------- C:\Program Files\BoontyGames
2008-07-16 17:22 . 2008-07-16 17:22 <REP> d-------- C:\Program Files\Boonty
2008-07-15 17:42 . 2008-07-15 17:42 <REP> d-------- C:\Program Files\Lavalys
2008-07-14 11:56 . 2008-07-25 18:09 <REP> d-------- C:\Program Files\Big Kahuna Reef 2 - Chain Reaction
2008-07-14 11:53 . 2008-07-14 11:53 <REP> d-------- C:\Program Files\bfgclient
2008-07-14 11:52 . 2008-07-14 11:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-07-12 09:56 . 2008-07-16 10:21 192,512 --a------ C:\WINDOWS\system32\cbOCR.dll
2008-07-11 11:44 . 2008-07-11 11:44 373 --a------ C:\WINDOWS\system32\MRT.INI
2008-07-10 16:30 . 2008-07-10 16:30 <REP> d-------- C:\Program Files\MSXML 4.0
2008-07-10 10:09 . 2008-07-10 10:09 <REP> d-------- C:\Program Files\Xara
2008-07-10 10:09 . 2008-07-10 10:09 <REP> d-------- C:\Program Files\Common Files
2008-07-08 11:24 . 2008-07-08 11:24 <REP> d-------- C:\Program Files\Real
2008-07-08 11:24 . 2008-07-10 10:09 <REP> d-------- C:\Program Files\Fichiers communs\Real
2008-07-07 21:10 . 2008-07-07 21:10 <REP> d-------- C:\Program Files\Eidos Interactive
2008-07-07 20:11 . 2008-07-13 20:15 49 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-07 13:40 . 2008-07-07 13:40 <REP> d-------- C:\Documents and Settings\Lyn\Application Data\Nero
2008-07-07 13:35 . 2008-07-07 13:35 <REP> d-------- C:\Program Files\Nero
2008-07-07 13:35 . 2008-07-07 13:38 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-07-07 13:35 . 2008-07-07 13:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-07-06 18:37 . 2008-07-06 18:37 <REP> d-------- C:\WINDOWS\Sun
2008-07-06 16:08 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-07-06 16:08 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-07-06 16:08 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-07-06 16:08 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-07-06 16:08 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-07-06 16:08 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-07-06 16:08 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-07-06 16:08 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-07-06 15:39 . 2008-07-06 15:39 <REP> d-------- C:\Documents and Settings\Lyn\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-05 09:54 30,720 ----a-w C:\WINDOWS\system32\drivers\Vqi08.sys
2008-08-05 09:52 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-08-03 09:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-31 14:34 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(4).sys
2008-07-30 15:47 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(5).sys
2008-07-30 15:20 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(6).sys
2008-07-30 09:26 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(7).sys
2008-07-29 14:02 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(8).sys
2008-07-29 13:28 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(9).sys
2008-07-28 18:55 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(10).sys
2008-07-28 17:19 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(11).sys
2008-07-28 11:20 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(12).sys
2008-07-27 18:53 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(13).sys
2008-07-27 18:25 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(14).sys
2008-07-27 17:32 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(15).sys
2008-07-26 09:49 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(16).sys
2008-07-25 16:17 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-25 15:49 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(17).sys
2008-07-25 14:30 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(18).sys
2008-07-25 12:43 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(19).sys
2008-07-25 11:11 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(20).sys
2008-07-24 12:53 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(21).sys
2008-07-24 11:17 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(22).sys
2008-07-23 18:50 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(23).sys
2008-07-23 15:33 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(24).sys
2008-07-23 13:35 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(25).sys
2008-07-22 17:58 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(26).sys
2008-07-21 20:27 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(27).sys
2008-07-21 18:51 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(28).sys
2008-07-21 17:03 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(29).sys
2008-07-21 11:23 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(30).sys
2008-07-21 10:15 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(31).sys
2008-07-21 07:09 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(32).sys
2008-07-20 20:10 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(33).sys
2008-07-20 18:24 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(34).sys
2008-07-20 11:38 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(35).sys
2008-07-20 11:18 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(36).sys
2008-07-20 11:05 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(37).sys
2008-07-20 10:28 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(38).sys
2008-07-20 10:24 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(39).sys
2008-07-19 15:43 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(40).sys
2008-07-19 11:23 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(41).sys
2008-07-19 10:06 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(42).sys
2008-07-18 19:24 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(43).sys
2008-07-18 17:46 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(44).sys
2008-07-18 11:48 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-07-14 09:53 0 ----a-w C:\Program Files\temp01
2008-07-07 19:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-03 12:37 --------- d-----w C:\Program Files\Azureus
2008-07-03 12:37 --------- d-----w C:\Documents and Settings\Lyn\Application Data\Azureus
2008-07-01 17:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-01 17:35 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-01 10:15 3,730 ----a-w C:\WINDOWS\system32\tmp.reg
2008-07-01 09:51 17,408 ----a-w C:\WINDOWS\system32\svchost.exe
2008-07-01 09:26 30,208 ----a-w C:\WINDOWS\system32\drivers\Vqi08(3).sys
2008-07-01 08:33 579,584 ----a-w C:\WINDOWS\system32\user32.DLL
2008-07-01 08:33 30,208 ----a-w C:\WINDOWS\system32\drivers\Vqi08(2).sys
2008-06-30 07:49 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-06-30 07:48 --------- d-----w C:\Documents and Settings\Lyn\Application Data\OpenOffice.org2
2008-06-30 07:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-06-29 17:54 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-29 17:54 --------- d--h--r C:\Documents and Settings\Lyn\Application Data\SecuROM
2008-06-29 17:40 --------- d-----w C:\Program Files\KONAMI
2008-06-29 14:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-06-29 14:41 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-06-29 13:46 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared(2)
2008-06-29 13:46 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
2008-06-29 13:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems(2)
2008-06-29 13:24 --------- d-----w C:\Program Files\ahead
2008-06-23 21:34 82,432 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
2008-06-23 16:51 --------- d-----w C:\Program Files\MSBuild
2008-06-23 16:51 --------- d-----w C:\Program Files\Microsoft Works
2008-06-23 16:43 223,128 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys
2008-06-22 19:48 --------- d-----w C:\Program Files\Axis Communications
2008-06-22 15:15 --------- d-----w C:\Program Files\Mojicon Installer
2008-06-22 10:13 --------- d-----w C:\Program Files\Microsoft Carioca
2008-06-22 09:07 --------- d-----w C:\Documents and Settings\Lyn\Application Data\Open Source Applications Foundation
2008-06-20 20:06 --------- d-----w C:\Documents and Settings\Lyn\Application Data\vlc
2008-06-20 20:05 --------- d-----w C:\Program Files\VideoLAN
2008-06-20 18:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-06-20 17:56 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:29 --------- d-----w C:\Documents and Settings\Lyn\Application Data\FrostWire
2008-06-20 17:18 --------- d-----w C:\Program Files\FrostWire
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 20:19 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-06-19 20:19 --------- d-----w C:\Documents and Settings\Lyn\Application Data\DAEMON Tools
2008-06-19 18:51 --------- d-----w C:\Program Files\Fichiers communs\PC SOFT
2008-06-18 17:08 --------- d-----w C:\Program Files\Google
2008-06-17 15:52 --------- d-----w C:\Program Files\Windows Live
2008-06-17 15:51 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-06-17 15:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-17 13:01 --------- d-----w C:\Documents and Settings\Lyn\Application Data\Bitdefender
2008-06-17 12:53 --------- d-----w C:\Program Files\Softwin
2008-06-17 12:53 --------- d-----w C:\Program Files\Fichiers communs\Softwin
2008-06-17 12:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\BitDefender
2008-06-17 12:43 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-06-17 12:32 --------- d-----w C:\Program Files\Realtek AC97
.

------- Sigcheck -------

2006-03-02 14:00 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2008-04-13 19:34 14336 e4bdf223cd75478bf44567b4d5c2634d C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2008-07-01 11:51 17408 d84196f4bc2a42c626b53e9ffd9041f5 C:\WINDOWS\system32\svchost.exe

2006-03-02 14:00 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2008-04-13 19:34 512000 dd73d6b9f6b4cb630cf35b438b540174 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2008-04-13 19:34 516096 cb0ee548caf0c5a8e8c7660ec35a37b7 C:\WINDOWS\system32\winlogon.exe

2008-04-13 19:34 1040384 1258395fe10e3aa3838d4268937f0637 C:\WINDOWS\explorer.exe
2006-03-02 14:00 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2008-04-13 19:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\ServicePackFiles\i386\explorer.exe

2006-03-02 14:00 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\$NtServicePackUninstall$\services.exe
2008-04-13 19:34 109056 54cb50058851d95e56ec70d09f70857f C:\WINDOWS\ServicePackFiles\i386\services.exe
2008-04-13 19:34 111104 93dc1f26d67aead03619279949e45def C:\WINDOWS\system32\services.exe

2006-03-02 14:00 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2008-04-13 19:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2008-04-13 19:34 14848 204ed22034ada50188857c8a3f7cd4c0 C:\WINDOWS\system32\lsass.exe

2006-03-02 14:00 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2008-04-13 19:34 57856 460e4ce148bd07218da0b6a3d31885a9 C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2008-04-13 19:34 58880 b7fabc09c6c048db3ec8cd84c7401eee C:\WINDOWS\system32\spoolsv.exe
.
((((((((((((((((((((((((((((( snapshot_2008-07-14_10.41.15.76 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-26 18:55:38 138,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\IMPMAIL.DLL
+ 2006-10-27 13:16:36 46,864 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OUTLRPC.DLL
- 2008-07-10 08:14:06 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-08-03 09:47:52 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2008-07-10 08:14:06 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-08-03 09:47:52 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-07-10 08:14:06 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-08-03 09:47:52 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2008-07-10 08:14:06 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2008-08-03 09:47:52 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2008-07-10 08:14:06 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-08-03 09:47:52 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-07-10 08:14:06 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-08-03 09:47:52 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-07-10 08:14:06 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-08-03 09:47:52 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2008-07-10 08:14:06 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-08-03 09:47:52 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2008-07-10 08:14:06 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-08-03 09:47:52 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2008-07-10 08:14:06 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-08-03 09:47:52 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-07-10 08:14:06 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-08-03 09:47:52 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-07-14 08:28:32 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-08-05 09:54:10 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-07-14 08:28:32 851,968 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-08-05 09:54:10 1,392,640 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-07-20 20:13:40 114,688 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008071420080721\index.dat
+ 2008-07-20 20:13:40 49,152 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008072020080721\index.dat
+ 2008-07-28 11:20:13 98,304 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008072120080728\index.dat
+ 2008-07-28 18:55:19 49,152 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008072820080729\index.dat
+ 2008-08-03 23:15:09 49,152 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008072820080804\index.dat
+ 2008-07-29 14:02:55 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008072920080730\index.dat
+ 2008-07-30 15:49:09 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008073020080731\index.dat
+ 2008-07-31 14:43:31 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008073120080801\index.dat
+ 2008-08-04 17:42:00 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008080420080805\index.dat
+ 2008-08-05 09:47:00 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008080520080806\index.dat
+ 2008-08-05 09:54:10 1,556,480 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-13 17:34:28 26,624 -c--a-w C:\WINDOWS\system32\dllcache\userinit.exe
+ 2005-05-16 13:15:58 48,640 ----a-w C:\WINDOWS\system32\drivers\sfdrv01.sys
+ 2005-05-16 13:20:39 6,656 ----a-w C:\WINDOWS\system32\drivers\sfhlp02.sys
+ 2005-05-16 13:23:38 19,968 ----a-w C:\WINDOWS\system32\drivers\sfsync02.sys
+ 2005-05-16 13:26:49 66,560 ----a-w C:\WINDOWS\system32\drivers\sfvfs02.sys
- 2008-07-10 08:09:47 721,572 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2008-08-01 10:28:12 1,121,848 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-08-03 12:51 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 16:48 290816]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 09:25 1828136]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 15:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vqi08.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\Cyanide\\Pro Cycling Manager\\Cym2005.exe"=

R0 Vqi08;Vqi08;C:\WINDOWS\system32\Drivers\Vqi08.sys [2008-08-05 11:54]
R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2003-06-05 00:41]
R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2003-04-29 10:26]
R3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2003-10-30 21:17]
R3 tcpsr;tcpsr;C:\WINDOWS\System32\drivers\tcpsr.sys []
S3 boonty games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2008-07-16 17:23]
S3 restore;restore;C:\WINDOWS\system32\drivers\restore.sys []
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 11:45]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\autorun_PES2008.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2ccb0dc-51a5-11dd-ad6a-00030d0f917a}]
\shell\autorun\command - F:\InstallTomTomHOME.exe

*Newly Created Service* - TCPSR
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Lyn\Application Data\Mozilla\Firefox\Profiles\e3uwj6lv.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://atrium.ensgsi.inpl-nancy.fr/gsiint/login.htm


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-05 11:54:12
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
NoActiveDesktopChanges = 3F 00 00 00
NoActiveDesktop = 63
NoSaveSettings = 63
ClassicShell = 63

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-05 11:57:49 - machine was rebooted [Lyn]
ComboFix-quarantined-files.txt 2008-08-05 09:57:43
ComboFix2.txt 2008-07-14 08:41:45
ComboFix3.txt 2008-07-04 10:50:39
ComboFix4.txt 2008-07-02 08:33:20

Pre-Run: 3,537,960,960 octets libres
Post-Run: 3,523,411,968 octets libres

331 --- E O F --- 2008-08-03 09:47:54

voici comboFix.txt:

ComboFix 08-08-04.01 - Lyn 2008-08-05 17:55:53.8 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.649 [GMT 2:00]
Endroit: C:\Documents and Settings\Lyn\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Lyn\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_boonty_games
-------\Legacy_TCPSR
-------\Legacy_VQI08
-------\Service_boonty games
-------\Service_restore
-------\Service_tcpsr
-------\Service_Vqi08


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-05 to 2008-08-05 ))))))))))))))))))))))))))))))))))))
.

2008-08-03 11:21 . 2008-08-03 11:21 <REP> d-------- C:\Program Files\DOKA Media
2008-08-03 11:21 . 2008-08-03 11:21 50 --a------ C:\DragonTilesMahjonggpath.sys
2008-08-02 21:11 . 2008-08-02 21:15 <REP> d-------- C:\Program Files\Cyanide
2008-07-31 15:17 . 2008-07-31 15:17 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-07-30 17:54 . 2008-07-30 17:54 268 --ah----- C:\sqmdata02.sqm
2008-07-30 17:54 . 2008-07-30 17:54 244 --ah----- C:\sqmnoopt02.sqm
2008-07-30 17:41 . 2008-07-30 17:41 268 --ah----- C:\sqmdata01.sqm
2008-07-30 17:41 . 2008-07-30 17:41 244 --ah----- C:\sqmnoopt01.sqm
2008-07-30 11:30 . 2008-07-30 12:08 51,975 --a------ C:\qq.bin
2008-07-16 17:23 . 2008-07-16 17:23 <REP> d-------- C:\Program Files\Fichiers communs\BOONTY Shared
2008-07-16 17:23 . 2008-07-16 17:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BOONTY
2008-07-16 17:22 . 2008-07-16 17:23 <REP> d-------- C:\Program Files\BoontyGames
2008-07-16 17:22 . 2008-07-16 17:22 <REP> d-------- C:\Program Files\Boonty
2008-07-15 17:42 . 2008-07-15 17:42 <REP> d-------- C:\Program Files\Lavalys
2008-07-14 11:56 . 2008-07-25 18:09 <REP> d-------- C:\Program Files\Big Kahuna Reef 2 - Chain Reaction
2008-07-14 11:53 . 2008-07-14 11:53 <REP> d-------- C:\Program Files\bfgclient
2008-07-14 11:52 . 2008-07-14 11:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-07-12 09:56 . 2008-07-16 10:21 192,512 --a------ C:\WINDOWS\system32\cbOCR.dll
2008-07-11 11:44 . 2008-07-11 11:44 373 --a------ C:\WINDOWS\system32\MRT.INI
2008-07-10 16:30 . 2008-07-10 16:30 <REP> d-------- C:\Program Files\MSXML 4.0
2008-07-10 10:09 . 2008-07-10 10:09 <REP> d-------- C:\Program Files\Xara
2008-07-10 10:09 . 2008-07-10 10:09 <REP> d-------- C:\Program Files\Common Files
2008-07-08 11:24 . 2008-07-08 11:24 <REP> d-------- C:\Program Files\Real
2008-07-08 11:24 . 2008-07-10 10:09 <REP> d-------- C:\Program Files\Fichiers communs\Real
2008-07-07 21:10 . 2008-07-07 21:10 <REP> d-------- C:\Program Files\Eidos Interactive
2008-07-07 20:11 . 2008-07-13 20:15 49 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-07 13:40 . 2008-07-07 13:40 <REP> d-------- C:\Documents and Settings\Lyn\Application Data\Nero
2008-07-07 13:35 . 2008-07-07 13:35 <REP> d-------- C:\Program Files\Nero
2008-07-07 13:35 . 2008-07-07 13:38 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-07-07 13:35 . 2008-07-07 13:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-07-06 18:37 . 2008-07-06 18:37 <REP> d-------- C:\WINDOWS\Sun
2008-07-06 16:08 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-07-06 16:08 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-07-06 16:08 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-07-06 16:08 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-07-06 16:08 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-07-06 16:08 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-07-06 16:08 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-07-06 16:08 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-07-06 15:39 . 2008-07-06 15:39 <REP> d-------- C:\Documents and Settings\Lyn\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-05 15:58 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-08-05 15:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-05 15:51 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-05 15:44 --------- d-----w C:\Program Files\FrostWire
2008-08-05 15:44 --------- d-----w C:\Program Files\Azureus
2008-08-05 15:30 30,720 ----a-w C:\WINDOWS\system32\drivers\Vqi08.sys
2008-08-03 09:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-31 14:34 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(4).sys
2008-07-30 15:47 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(5).sys
2008-07-30 15:20 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(6).sys
2008-07-30 09:26 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(7).sys
2008-07-29 14:02 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(8).sys
2008-07-29 13:28 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(9).sys
2008-07-28 18:55 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(10).sys
2008-07-28 17:19 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(11).sys
2008-07-28 11:20 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(12).sys
2008-07-27 18:53 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(13).sys
2008-07-27 18:25 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(14).sys
2008-07-27 17:32 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(15).sys
2008-07-26 09:49 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(16).sys
2008-07-25 16:17 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-25 15:49 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(17).sys
2008-07-25 14:30 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(18).sys
2008-07-25 12:43 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(19).sys
2008-07-25 11:11 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(20).sys
2008-07-24 12:53 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(21).sys
2008-07-24 11:17 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(22).sys
2008-07-23 18:50 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(23).sys
2008-07-23 15:33 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(24).sys
2008-07-23 13:35 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(25).sys
2008-07-22 17:58 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(26).sys
2008-07-21 20:27 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(27).sys
2008-07-21 18:51 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(28).sys
2008-07-21 17:03 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(29).sys
2008-07-21 11:23 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(30).sys
2008-07-21 10:15 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(31).sys
2008-07-21 07:09 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(32).sys
2008-07-20 20:10 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(33).sys
2008-07-20 18:24 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(34).sys
2008-07-20 11:38 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(35).sys
2008-07-20 11:18 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(36).sys
2008-07-20 11:05 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(37).sys
2008-07-20 10:28 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(38).sys
2008-07-20 10:24 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(39).sys
2008-07-19 15:43 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(40).sys
2008-07-19 11:23 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(41).sys
2008-07-19 10:06 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(42).sys
2008-07-18 19:24 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(43).sys
2008-07-18 17:46 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(44).sys
2008-07-18 11:48 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-07-14 09:53 0 ----a-w C:\Program Files\temp01
2008-07-07 19:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-03 12:37 --------- d-----w C:\Documents and Settings\Lyn\Application Data\Azureus
2008-07-01 10:15 3,730 ----a-w C:\WINDOWS\system32\tmp.reg
2008-07-01 09:51 17,408 ----a-w C:\WINDOWS\system32\svchost.exe
2008-07-01 09:26 30,208 ----a-w C:\WINDOWS\system32\drivers\Vqi08(3).sys
2008-07-01 08:33 579,584 ----a-w C:\WINDOWS\system32\user32.DLL
2008-07-01 08:33 30,208 ----a-w C:\WINDOWS\system32\drivers\Vqi08(2).sys
2008-06-30 07:49 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-06-30 07:48 --------- d-----w C:\Documents and Settings\Lyn\Application Data\OpenOffice.org2
2008-06-30 07:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-06-29 17:54 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-29 17:54 --------- d--h--r C:\Documents and Settings\Lyn\Application Data\SecuROM
2008-06-29 17:40 --------- d-----w C:\Program Files\KONAMI
2008-06-29 14:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-06-29 14:41 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-06-29 13:46 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared(2)
2008-06-29 13:46 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
2008-06-29 13:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems(2)
2008-06-29 13:24 --------- d-----w C:\Program Files\ahead
2008-06-23 21:34 82,432 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
2008-06-23 16:51 --------- d-----w C:\Program Files\MSBuild
2008-06-23 16:51 --------- d-----w C:\Program Files\Microsoft Works
2008-06-23 16:43 223,128 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys
2008-06-22 19:48 --------- d-----w C:\Program Files\Axis Communications
2008-06-22 15:15 --------- d-----w C:\Program Files\Mojicon Installer
2008-06-22 10:13 --------- d-----w C:\Program Files\Microsoft Carioca
2008-06-22 09:07 --------- d-----w C:\Documents and Settings\Lyn\Application Data\Open Source Applications Foundation
2008-06-20 20:06 --------- d-----w C:\Documents and Settings\Lyn\Application Data\vlc
2008-06-20 20:05 --------- d-----w C:\Program Files\VideoLAN
2008-06-20 18:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-06-20 17:56 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:29 --------- d-----w C:\Documents and Settings\Lyn\Application Data\FrostWire
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 20:19 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-06-19 20:19 --------- d-----w C:\Documents and Settings\Lyn\Application Data\DAEMON Tools
2008-06-19 18:51 --------- d-----w C:\Program Files\Fichiers communs\PC SOFT
2008-06-18 17:08 --------- d-----w C:\Program Files\Google
2008-06-17 15:52 --------- d-----w C:\Program Files\Windows Live
2008-06-17 15:51 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-06-17 15:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-17 13:01 --------- d-----w C:\Documents and Settings\Lyn\Application Data\Bitdefender
2008-06-17 12:53 --------- d-----w C:\Program Files\Softwin
2008-06-17 12:53 --------- d-----w C:\Program Files\Fichiers communs\Softwin
2008-06-17 12:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\BitDefender
2008-06-17 12:43 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-06-17 12:32 --------- d-----w C:\Program Files\Realtek AC97
.

------- Sigcheck -------

2006-03-02 14:00 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2008-04-13 19:34 14336 e4bdf223cd75478bf44567b4d5c2634d C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2008-07-01 11:51 17408 d84196f4bc2a42c626b53e9ffd9041f5 C:\WINDOWS\system32\svchost.exe

2006-03-02 14:00 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2008-04-13 19:34 512000 dd73d6b9f6b4cb630cf35b438b540174 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2008-04-13 19:34 516096 cb0ee548caf0c5a8e8c7660ec35a37b7 C:\WINDOWS\system32\winlogon.exe

2008-04-13 19:34 1040384 1258395fe10e3aa3838d4268937f0637 C:\WINDOWS\explorer.exe
2006-03-02 14:00 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2008-04-13 19:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\ServicePackFiles\i386\explorer.exe

2006-03-02 14:00 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\$NtServicePackUninstall$\services.exe
2008-04-13 19:34 109056 54cb50058851d95e56ec70d09f70857f C:\WINDOWS\ServicePackFiles\i386\services.exe
2008-04-13 19:34 111104 93dc1f26d67aead03619279949e45def C:\WINDOWS\system32\services.exe

2006-03-02 14:00 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2008-04-13 19:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2008-04-13 19:34 14848 204ed22034ada50188857c8a3f7cd4c0 C:\WINDOWS\system32\lsass.exe

2006-03-02 14:00 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2008-04-13 19:34 57856 460e4ce148bd07218da0b6a3d31885a9 C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2008-04-13 19:34 58880 b7fabc09c6c048db3ec8cd84c7401eee C:\WINDOWS\system32\spoolsv.exe
.
((((((((((((((((((((((((((((( snapshot_2008-08-05_11.57.17.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-05 09:54:10 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-08-05 15:55:25 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-08-05 09:54:10 1,392,640 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-08-05 15:55:25 1,392,640 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-08-05 09:47:00 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008080520080806\index.dat
+ 2008-08-05 15:55:26 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008080520080806\index.dat
- 2008-08-05 09:54:10 1,556,480 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-05 15:55:25 1,556,480 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-08-03 12:51 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 16:48 290816]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 09:25 1828136]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 15:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\Cyanide\\Pro Cycling Manager\\Cym2005.exe"=

R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2003-06-05 00:41]
R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2003-04-29 10:26]
R3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2003-10-30 21:17]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 11:45]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-05 17:59:54
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
NoActiveDesktopChanges = 3F 00 00 00
NoActiveDesktop = 63
NoSaveSettings = 63
ClassicShell = 63

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-05 18:03:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-05 16:03:29
ComboFix2.txt 2008-08-05 09:57:50
ComboFix3.txt 2008-07-14 08:41:45
ComboFix4.txt 2008-07-04 10:50:39
ComboFix5.txt 2008-08-05 15:55:27

Pre-Run: 3,650,023,424 octets libres
Post-Run: 3,690,758,144 octets libres

268 --- E O F --- 2008-08-03 09:47:54

Re,

L'infection s'est recrée

As-tu bien virer tous les cracks, logiciels téléchargés via p2p de ton PC ?

Il y a quelque chose qui recrée sans cesse l'infection.

Il faut maintenant trouver quoi. Je te demande donc de vérifier de ton côté si l'infection n'est pas relancée par un utilisateur en cliquant sur un programme douteux.

salut!!

voici le rapport combofix:

ComboFix 08-08-04.09 - Lyn 2008-08-06 13:21:41.9 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.468 [GMT 2:00]
Endroit: C:\Documents and Settings\Lyn\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Lyn\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\WINDOWS\system32\cbOCR.dll
C:\WINDOWS\system32\drivers\tcpsr.sys
C:\WINDOWS\system32\drivers\Vqi08(10).sys
C:\WINDOWS\system32\drivers\Vqi08(11).sys
C:\WINDOWS\system32\drivers\Vqi08(12).sys
C:\WINDOWS\system32\drivers\Vqi08(13).sys
C:\WINDOWS\system32\drivers\Vqi08(14).sys
C:\WINDOWS\system32\drivers\Vqi08(15).sys
C:\WINDOWS\system32\drivers\Vqi08(16).sys
C:\WINDOWS\system32\drivers\Vqi08(17).sys
C:\WINDOWS\system32\drivers\Vqi08(18).sys
C:\WINDOWS\system32\drivers\Vqi08(19).sys
C:\WINDOWS\system32\drivers\Vqi08(2).sys
C:\WINDOWS\system32\drivers\Vqi08(20).sys
C:\WINDOWS\system32\drivers\Vqi08(21).sys
C:\WINDOWS\system32\drivers\Vqi08(22).sys
C:\WINDOWS\system32\drivers\Vqi08(23).sys
C:\WINDOWS\system32\drivers\Vqi08(24).sys
C:\WINDOWS\system32\drivers\Vqi08(25).sys
C:\WINDOWS\system32\drivers\Vqi08(26).sys
C:\WINDOWS\system32\drivers\Vqi08(27).sys
C:\WINDOWS\system32\drivers\Vqi08(28).sys
C:\WINDOWS\system32\drivers\Vqi08(29).sys
C:\WINDOWS\system32\drivers\Vqi08(3).sys
C:\WINDOWS\system32\drivers\Vqi08(30).sys
C:\WINDOWS\system32\drivers\Vqi08(31).sys
C:\WINDOWS\system32\drivers\Vqi08(32).sys
C:\WINDOWS\system32\drivers\Vqi08(33).sys
C:\WINDOWS\system32\drivers\Vqi08(34).sys
C:\WINDOWS\system32\drivers\Vqi08(35).sys
C:\WINDOWS\system32\drivers\Vqi08(36).sys
C:\WINDOWS\system32\drivers\Vqi08(37).sys
C:\WINDOWS\system32\drivers\Vqi08(38).sys
C:\WINDOWS\system32\drivers\Vqi08(39).sys
C:\WINDOWS\system32\drivers\Vqi08(4).sys
C:\WINDOWS\system32\drivers\Vqi08(40).sys
C:\WINDOWS\system32\drivers\Vqi08(41).sys
C:\WINDOWS\system32\drivers\Vqi08(42).sys
C:\WINDOWS\system32\drivers\Vqi08(43).sys
C:\WINDOWS\system32\drivers\Vqi08(44).sys
C:\WINDOWS\system32\drivers\Vqi08(5).sys
C:\WINDOWS\system32\drivers\Vqi08(6).sys
C:\WINDOWS\system32\drivers\Vqi08(7).sys
C:\WINDOWS\system32\drivers\Vqi08(8).sys
C:\WINDOWS\system32\drivers\Vqi08(9).sys
C:\WINDOWS\system32\drivers\Vqi08.sys
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Azureus
C:\Documents and Settings\All Users\Application Data\Azureus\azCID.txt
C:\Documents and Settings\All Users\Application Data\BOONTY
C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses\B41C7000.dat
C:\Documents and Settings\Lyn\Application Data\Azureus
C:\Documents and Settings\Lyn\Application Data\Azureus\.keystore
C:\Documents and Settings\Lyn\Application Data\Azureus\active\0BB2A38E63B8EE1A5A94DFDF3DC0AC05AF1DC4E0.dat
C:\Documents and Settings\Lyn\Application Data\Azureus\active\0BB2A38E63B8EE1A5A94DFDF3DC0AC05AF1DC4E0.dat.bak
C:\Documents and Settings\Lyn\Application Data\Azureus\active\640069EF4DBB03686F989FEF5A73102F432A6044.dat
C:\Documents and Settings\Lyn\Application Data\Azureus\active\640069EF4DBB03686F989FEF5A73102F432A6044.dat.bak
C:\Documents and Settings\Lyn\Application Data\Azureus\active\6793D7726915B7165CBAA06E6B8F304D959F1C07.dat
C:\Documents and Settings\Lyn\Application Data\Azureus\active\6793D7726915B7165CBAA06E6B8F304D959F1C07.dat.bak
C:\Documents and Settings\Lyn\Application Data\Azureus\active\cache.dat
C:\Documents and Settings\Lyn\Application Data\Azureus\active\EC53A663F1053C83B65B87A8131972728E1B72C6.dat
C:\Documents and Settings\Lyn\Application Data\Azureus\active\EC53A663F1053C83B65B87A8131972728E1B72C6.dat.bak
C:\Documents and Settings\Lyn\Application Data\Azureus\azureus.config
C:\Documents and Settings\Lyn\Application Data\Azureus\azureus.config.bak
C:\Documents and Settings\Lyn\Application Data\Azureus\azureus.statistics
C:\Documents and Settings\Lyn\Application Data\Azureus\azureus.statistics.bak
C:\Documents and Settings\Lyn\Application Data\Azureus\dht\addresses.dat
C:\Documents and Settings\Lyn\Application Data\Azureus\dht\contacts.dat
C:\Documents and Settings\Lyn\Application Data\Azureus\dht\diverse.dat
C:\Documents and Settings\Lyn\Application Data\Azureus\dht\general.dat
C:\Documents and Settings\Lyn\Application Data\Azureus\dht\version.dat
C:\Documents and Settings\Lyn\Application Data\Azureus\downloads.config
C:\Documents and Settings\Lyn\Application Data\Azureus\downloads.config.bak
C:\Documents and Settings\Lyn\Application Data\Azureus\friends.config
C:\Documents and Settings\Lyn\Application Data\Azureus\friends.config.bak
C:\Documents and Settings\Lyn\Application Data\Azureus\ipfilter.cache
C:\Documents and Settings\Lyn\Application Data\Azureus\logs\alerts_1.log
C:\Documents and Settings\Lyn\Application Data\Azureus\logs\AutoSpeed_1.log
C:\Documents and Settings\Lyn\Application Data\Azureus\logs\AutoSpeedSearchHistory_1.log
C:\Documents and Settings\Lyn\Application Data\Azureus\logs\debug_1.log
C:\Documents and Settings\Lyn\Application Data\Azureus\logs\Friends_1.log
C:\Documents and Settings\Lyn\Application Data\Azureus\logs\MetaSearch_1.log
C:\Documents and Settings\Lyn\Application Data\Azureus\logs\NetStatus_1.log
C:\Documents and Settings\Lyn\Application Data\Azureus\logs\seltrace_1.log
C:\Documents and Settings\Lyn\Application Data\Azureus\logs\SpeedMan_1.log
C:\Documents and Settings\Lyn\Application Data\Azureus\logs\thread_1.log
C:\Documents and Settings\Lyn\Application Data\Azureus\logs\v3.ads_1.log
C:\Documents and Settings\Lyn\Application Data\Azureus\logs\v3.CMsgr_1.log
C:\Documents and Settings\Lyn\Application Data\Azureus\logs\v3.Friends_1.log
C:\Documents and Settings\Lyn\Application Data\Azureus\logs\v3.PMsgr_1.log
C:\Documents and Settings\Lyn\Application Data\Azureus\logs\v3.Stream_1.log
C:\Documents and Settings\Lyn\Application Data\Azureus\metasearch.config
C:\Documents and Settings\Lyn\Application Data\Azureus\metasearch.config.bak
C:\Documents and Settings\Lyn\Application Data\Azureus\net\pm_12322.dat
C:\Documents and Settings\Lyn\Application Data\Azureus\net\pm_default.dat
C:\Documents and Settings\Lyn\Application Data\Azureus\tables.config
C:\Documents and Settings\Lyn\Application Data\Azureus\tables.config.bak
C:\Documents and Settings\Lyn\Application Data\Azureus\timingstats.dat
C:\Documents and Settings\Lyn\Application Data\Azureus\tmp\AZU31548.tmp
C:\Documents and Settings\Lyn\Application Data\Azureus\tmp\AZU31549.tmp
C:\Documents and Settings\Lyn\Application Data\Azureus\tmp\AZU31550.tmp
C:\Documents and Settings\Lyn\Application Data\Azureus\tmp\AZU31551.tmp
C:\Documents and Settings\Lyn\Application Data\Azureus\tmp\AZU31552.tmp
C:\Documents and Settings\Lyn\Application Data\Azureus\tmp\AZU31553.tmp
C:\Documents and Settings\Lyn\Application Data\Azureus\tmp\AZU31554.tmp
C:\Documents and Settings\Lyn\Application Data\Azureus\tmp\AZU31555.tmp
C:\Documents and Settings\Lyn\Application Data\Azureus\tmp\AZU31560.tmp
C:\Documents and Settings\Lyn\Application Data\Azureus\tmp\AZU31561.tmp
C:\Documents and Settings\Lyn\Application Data\Azureus\tmp\AZU31562.tmp
C:\Documents and Settings\Lyn\Application Data\Azureus\torrents\AZU17152.tmp
C:\Documents and Settings\Lyn\Application Data\Azureus\torrents\AZU17155.tmp
C:\Documents and Settings\Lyn\Application Data\Azureus\torrents\AZU31556.tmp
C:\Documents and Settings\Lyn\Application Data\Azureus\torrents\AZU46961.tmp
C:\Documents and Settings\Lyn\Application Data\Azureus\torrents\AZU46963.tmp
C:\Documents and Settings\Lyn\Application Data\Azureus\torrents\AZU49583.tmp
C:\Documents and Settings\Lyn\Application Data\Azureus\torrents\AZU49585.tmp
C:\Documents and Settings\Lyn\Application Data\Azureus\torrents\AZU58495.tmp
C:\Documents and Settings\Lyn\Application Data\Azureus\torrents\AZU58502.tmp
C:\Documents and Settings\Lyn\Application Data\Azureus\torrents\AZU7214.tmp
C:\Documents and Settings\Lyn\Application Data\Azureus\torrents\Nero_8_Ultra_Edition_8.3.0_Multilanguage_FULL_Retail_[mininova][1].torrent
C:\Documents and Settings\Lyn\Application Data\Azureus\torrents\Xara3D_v6.0+serial.rar[www.reload-paradise.net]_[mininova][1].torrent
C:\Documents and Settings\Lyn\Application Data\Azureus\tracker.config
C:\Documents and Settings\Lyn\Application Data\Azureus\tracker.config.bak
C:\Documents and Settings\Lyn\Application Data\Azureus\unsentdata.config
C:\Documents and Settings\Lyn\Application Data\Azureus\unsentdata.config.bak
C:\Documents and Settings\Lyn\Application Data\Azureus\update.log
C:\Documents and Settings\Lyn\Application Data\Azureus\update.properties
C:\Documents and Settings\Lyn\Application Data\Azureus\v3.Friends.dat
C:\Documents and Settings\Lyn\Application Data\Azureus\v3.Friends.dat.bak
C:\Documents and Settings\Lyn\Application Data\Azureus\VuzeActivities.config
C:\Documents and Settings\Lyn\Application Data\Azureus\VuzeActivities.config.bak
C:\Documents and Settings\Lyn\Application Data\FrostWire
C:\Documents and Settings\Lyn\Application Data\FrostWire\createtimes.cache
C:\Documents and Settings\Lyn\Application Data\FrostWire\data.ser
C:\Documents and Settings\Lyn\Application Data\FrostWire\fileurns.bak
C:\Documents and Settings\Lyn\Application Data\FrostWire\fileurns.cache
C:\Documents and Settings\Lyn\Application Data\FrostWire\filters.props
C:\Documents and Settings\Lyn\Application Data\FrostWire\frostwire.props
C:\Documents and Settings\Lyn\Application Data\FrostWire\gnutella.net
C:\Documents and Settings\Lyn\Application Data\FrostWire\installation.props
C:\Documents and Settings\Lyn\Application Data\FrostWire\library.dat
C:\Documents and Settings\Lyn\Application Data\FrostWire\pub1.key
C:\Documents and Settings\Lyn\Application Data\FrostWire\public.key
C:\Documents and Settings\Lyn\Application Data\FrostWire\questions.props
C:\Documents and Settings\Lyn\Application Data\FrostWire\responses.cache
C:\Documents and Settings\Lyn\Application Data\FrostWire\secureMessage.key
C:\Documents and Settings\Lyn\Application Data\FrostWire\spam.dat
C:\Documents and Settings\Lyn\Application Data\FrostWire\tables.props
C:\Documents and Settings\Lyn\Application Data\FrostWire\themes\frostwire_theme.skin
C:\Documents and Settings\Lyn\Application Data\FrostWire\themes\frostwire_theme\kill.png
C:\Documents and Settings\Lyn\Application Data\FrostWire\themes\frostwire_theme\kill_on.png
C:\Documents and Settings\Lyn\Application Data\FrostWire\themes\frostwire_theme\theme.txt
C:\Documents and Settings\Lyn\Application Data\FrostWire\ttree.cache
C:\Documents and Settings\Lyn\Application Data\FrostWire\version.key
C:\Documents and Settings\Lyn\Application Data\FrostWire\version.xml
C:\Documents and Settings\Lyn\Application Data\FrostWire\xml\data\audio.sxml
C:\Documents and Settings\Lyn\Application Data\FrostWire\xml\data\delete_me
C:\Documents and Settings\Lyn\Application Data\FrostWire\xml\misc\application.gif
C:\Documents and Settings\Lyn\Application Data\FrostWire\xml\misc\audio.gif
C:\Documents and Settings\Lyn\Application Data\FrostWire\xml\misc\document.gif
C:\Documents and Settings\Lyn\Application Data\FrostWire\xml\misc\image.gif
C:\Documents and Settings\Lyn\Application Data\FrostWire\xml\misc\video.gif
C:\Documents and Settings\Lyn\Application Data\FrostWire\xml\schemas\application.xsd
C:\Documents and Settings\Lyn\Application Data\FrostWire\xml\schemas\audio.xsd
C:\Documents and Settings\Lyn\Application Data\FrostWire\xml\schemas\document.xsd
C:\Documents and Settings\Lyn\Application Data\FrostWire\xml\schemas\image.xsd
C:\Documents and Settings\Lyn\Application Data\FrostWire\xml\schemas\video.xsd
C:\Program Files\Azureus
C:\Program Files\Azureus\plugins\azemp\azemp_2.0.16.jar
C:\Program Files\Azureus\plugins\azemp\azemp_2.0.16.zip
C:\Program Files\Azureus\plugins\azemp\azmplay.exe.bak
C:\Program Files\Azureus\plugins\azemp\cp1250-a.raw.bak
C:\Program Files\Azureus\plugins\azemp\cp1250-b.raw.bak
C:\Program Files\Azureus\plugins\azemp\font.desc.bak
C:\Program Files\Azureus\plugins\azemp\osd-mplayer-a.raw.bak
C:\Program Files\Azureus\plugins\azemp\osd-mplayer-b.raw.bak
C:\Program Files\Azureus\plugins\azemp\plugin.properties_2.0.16
C:\Program Files\Azureus\plugins\azupdater\azupdater_1.8.8.zip
C:\Program Files\Azureus\plugins\azupdater\azupdaterpatcher_1.8.8.jar
C:\Program Files\Azureus\plugins\azupdater\plugin.properties_1.8.8
C:\Program Files\Azureus\plugins\azupdater\Updater.jar.bak
C:\Program Files\Azureus\plugins\azupnpav\azupnpav_0.2.2.jar
C:\Program Files\Azureus\plugins\azupnpav\azupnpav_0.2.2.zip
C:\Program Files\Azureus\plugins\azupnpav\plugin.properties_0.2.2
C:\Program Files\Boonty
C:\Program Files\BoontyGames
C:\Program Files\BoontyGames\Components\bureau.url
C:\Program Files\BoontyGames\Components\Joystick.ico
C:\Program Files\BoontyGames\Components\start.url
C:\Program Files\BoontyGames\mcfhuntsville{84766}.exe
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\01.cct
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\02.cct
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\03.cct
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\04.cct
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\05.cct
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\06.cct
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\07.cct
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\08.cct
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\09.cct
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\10.cct
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\11.cct
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\12.cct
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\13.cct
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\14.cct
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\15.cct
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\16.cct
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\17.cct
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\18.cct
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\19.cct
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\20.cct
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\21.cct
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\dat1.cct
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\dat10.cct
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\dat11.cct
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\dat12.cct
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\dat13.cct
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\dat14.cct
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\dat15.cct
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\dat16.cct
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\dat2.cct
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\dat3.cct
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\dat4.cct
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\dat5.cct
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\dat6.cct
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\dat7.cct
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\dat8.cct
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\dat9.cct
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\dist.jpg
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\empty.cct
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\errorLog.txt
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Fenetre.bmp
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\fenetrepop.bmp
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\FLEXnet Activation Service Installer.dll
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\MysteryCaseFiles.exe
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\~pleasewait.html
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\buy_connectionrequired.html
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\connectionrequired.html
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\css\ShellStyle.css
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\css\ShellStyle_fr.css
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bg_nomjeu.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bg_table.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgDELOCK.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgDELOCK_Bottom.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgDELOCK_Coin.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgDELOCK_Left.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgDELOCK_Right.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgERROR.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgERROR_Bottom.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgERROR_Coin.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgERROR_Left.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgERROR_Right.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgOK.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgOK_Bottom.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgOK_Coin.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgOK_Left.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgOK_Right.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgREDUC.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgREDUC_Bottom.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgREDUC_Coin.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgREDUC_Left.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgREDUC_Right.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgSECURE.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgSECURE_Bottom.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgSECURE_Coin.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgSECURE_Left.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgSECURE_Right.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgSUPPORT.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgSUPPORT_Bottom.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgSUPPORT_Coin.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgSUPPORT_Left.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgSUPPORT_Right.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\blocBkg.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\blocBottom.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\blocBottomLeft.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\blocBottomLeftC.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\blocBottomLeftCN.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\blocBottomLeftCR.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\blocBottomRight.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\blocCoinCadenas.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\blocError.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\blocExpiredTop.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\blocJouezMiddle.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\blocJouezTop.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\blocLeft.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\blocMiddle.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\blocRight.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\blocTop.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\blocTopLeft.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\blocTopRight.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\boontysecure.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\Bottom.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\BottomLeft.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\BottomLeftEast.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\BottomLeftNorth.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\BottomRight.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\BottomRightNorth.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\BottomRightWest.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\btAcheterLeft.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\btAcheterMiddle.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\btAcheterRight.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\BtBlueLeft.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\BtBlueMiddle.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\BtBlueRight.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\btJouerLeft.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\btJouerMiddle.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\btJouerRight.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\btn_acheter.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\btn_fermer.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\btn_infos.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\btn_jouer.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\btn_nomjeu2.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\btn_reactiver.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\btn_reduc.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\btn_suivant.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\btn_suivant2.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\BtnBuyExit.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\BtYellowLeft.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\BtYellowMiddle.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\BtYellowQuestion.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\BtYellowRight.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\ButtonBkgLeft_Off.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\ButtonBkgLeft_On.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\ButtonBkgMiddle_Off.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\ButtonBkgMiddle_On.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\ButtonBkgRight_Off.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\ButtonBkgRight_On.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\CacheImgJeu.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\caddie.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\cadenas.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\CloseOff.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\CloseOn.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\fleche.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\flechetrial.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\greypoint.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\jeu.jpg
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\jouer_gratuitement.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\Left.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\MaximizeOff.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\MaximizeOn.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\MinimizeOff.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\MinimizeOn.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\PopBottom.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\PopBottomLeft.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\PopBottomRight.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\PopLeft.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\PopRight.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\PopTop.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\PopTopLeft.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\PopTopRight.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\Right.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\scroll.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\scroll_bkg.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\separator2.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\separatorEnd.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\separatorMiddle.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\separatorStart.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\Shell_popup_03.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\Shell_popup_06.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\Shell_popup_08.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\Shell_popup_09.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\spacer.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\test.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\Top.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\TopLeft.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\TopLeftSouth.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\TopRight.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\TopRightWest.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\transp.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\wait.gif
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\js\ShellScripts.js
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\manualtransaction.html
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\pageerror.html
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\pleasewait.html
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\repairstart.html
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\thankyou.html
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\transfailure.html
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\trialexit.html
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\trialexpired.html
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\trialstart.html
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SpMU.lnk
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\unins000.dat
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\unins000.exe
C:\Program Files\BoontyGames\Mystery Case Files Huntsville\website.url
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
C:\Program Files\FrostWire
C:\Program Files\FrostWire\log.txt
C:\WINDOWS\system32\cbOCR.dll
C:\WINDOWS\system32\drivers\Vqi08(10).sys
C:\WINDOWS\system32\drivers\Vqi08(11).sys
C:\WINDOWS\system32\drivers\Vqi08(12).sys
C:\WINDOWS\system32\drivers\Vqi08(13).sys
C:\WINDOWS\system32\drivers\Vqi08(14).sys
C:\WINDOWS\system32\drivers\Vqi08(15).sys
C:\WINDOWS\system32\drivers\Vqi08(16).sys
C:\WINDOWS\system32\drivers\Vqi08(17).sys
C:\WINDOWS\system32\drivers\Vqi08(18).sys
C:\WINDOWS\system32\drivers\Vqi08(19).sys
C:\WINDOWS\system32\drivers\Vqi08(2).sys
C:\WINDOWS\system32\drivers\Vqi08(20).sys
C:\WINDOWS\system32\drivers\Vqi08(21).sys
C:\WINDOWS\system32\drivers\Vqi08(22).sys
C:\WINDOWS\system32\drivers\Vqi08(23).sys
C:\WINDOWS\system32\drivers\Vqi08(24).sys
C:\WINDOWS\system32\drivers\Vqi08(25).sys
C:\WINDOWS\system32\drivers\Vqi08(26).sys
C:\WINDOWS\system32\drivers\Vqi08(27).sys
C:\WINDOWS\system32\drivers\Vqi08(28).sys
C:\WINDOWS\system32\drivers\Vqi08(29).sys
C:\WINDOWS\system32\drivers\Vqi08(3).sys
C:\WINDOWS\system32\drivers\Vqi08(30).sys
C:\WINDOWS\system32\drivers\Vqi08(31).sys
C:\WINDOWS\system32\drivers\Vqi08(32).sys
C:\WINDOWS\system32\drivers\Vqi08(33).sys
C:\WINDOWS\system32\drivers\Vqi08(34).sys
C:\WINDOWS\system32\drivers\Vqi08(35).sys
C:\WINDOWS\system32\drivers\Vqi08(36).sys
C:\WINDOWS\system32\drivers\Vqi08(37).sys
C:\WINDOWS\system32\drivers\Vqi08(38).sys
C:\WINDOWS\system32\drivers\Vqi08(39).sys
C:\WINDOWS\system32\drivers\Vqi08(4).sys
C:\WINDOWS\system32\drivers\Vqi08(40).sys
C:\WINDOWS\system32\drivers\Vqi08(41).sys
C:\WINDOWS\system32\drivers\Vqi08(42).sys
C:\WINDOWS\system32\drivers\Vqi08(43).sys
C:\WINDOWS\system32\drivers\Vqi08(44).sys
C:\WINDOWS\system32\drivers\Vqi08(5).sys
C:\WINDOWS\system32\drivers\Vqi08(6).sys
C:\WINDOWS\system32\drivers\Vqi08(7).sys
C:\WINDOWS\system32\drivers\Vqi08(8).sys
C:\WINDOWS\system32\drivers\Vqi08(9).sys
C:\WINDOWS\system32\drivers\Vqi08.sys

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-06 to 2008-08-06 ))))))))))))))))))))))))))))))))))))
.

2008-08-03 11:21 . 2008-08-03 11:21 <REP> d-------- C:\Program Files\DOKA Media
2008-08-03 11:21 . 2008-08-03 11:21 50 --a------ C:\DragonTilesMahjonggpath.sys
2008-08-02 21:11 . 2008-08-02 21:15 <REP> d-------- C:\Program Files\Cyanide
2008-07-31 15:17 . 2008-07-31 15:17 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-07-30 17:54 . 2008-07-30 17:54 268 --ah----- C:\sqmdata02.sqm
2008-07-30 17:54 . 2008-07-30 17:54 244 --ah----- C:\sqmnoopt02.sqm
2008-07-30 17:41 . 2008-07-30 17:41 268 --ah----- C:\sqmdata01.sqm
2008-07-30 17:41 . 2008-07-30 17:41 244 --ah----- C:\sqmnoopt01.sqm
2008-07-30 11:30 . 2008-07-30 12:08 51,975 --a------ C:\qq.bin
2008-07-15 17:42 . 2008-07-15 17:42 <REP> d-------- C:\Program Files\Lavalys
2008-07-14 11:56 . 2008-07-25 18:09 <REP> d-------- C:\Program Files\Big Kahuna Reef 2 - Chain Reaction
2008-07-14 11:53 . 2008-07-14 11:53 <REP> d-------- C:\Program Files\bfgclient
2008-07-14 11:52 . 2008-07-14 11:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-07-11 11:44 . 2008-07-11 11:44 373 --a------ C:\WINDOWS\system32\MRT.INI
2008-07-10 16:30 . 2008-07-10 16:30 <REP> d-------- C:\Program Files\MSXML 4.0
2008-07-10 10:09 . 2008-07-10 10:09 <REP> d-------- C:\Program Files\Xara
2008-07-10 10:09 . 2008-07-10 10:09 <REP> d-------- C:\Program Files\Common Files
2008-07-08 11:24 . 2008-07-08 11:24 <REP> d-------- C:\Program Files\Real
2008-07-08 11:24 . 2008-07-10 10:09 <REP> d-------- C:\Program Files\Fichiers communs\Real
2008-07-07 21:10 . 2008-07-07 21:10 <REP> d-------- C:\Program Files\Eidos Interactive
2008-07-07 20:11 . 2008-07-13 20:15 49 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-07 13:40 . 2008-07-07 13:40 <REP> d-------- C:\Documents and Settings\Lyn\Application Data\Nero
2008-07-07 13:35 . 2008-07-07 13:35 <REP> d-------- C:\Program Files\Nero
2008-07-07 13:35 . 2008-07-07 13:38 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-07-07 13:35 . 2008-07-07 13:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-07-06 18:37 . 2008-07-06 18:37 <REP> d-------- C:\WINDOWS\Sun
2008-07-06 16:08 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-07-06 16:08 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-07-06 16:08 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-07-06 16:08 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-07-06 16:08 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-07-06 16:08 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-07-06 16:08 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-07-06 16:08 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-07-06 15:39 . 2008-07-06 15:39 <REP> d-------- C:\Documents and Settings\Lyn\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-06 11:24 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-08-05 15:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-05 15:51 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-03 09:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-25 16:17 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-18 11:48 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-07-14 09:53 0 ----a-w C:\Program Files\temp01
2008-07-07 19:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-01 10:15 3,730 ----a-w C:\WINDOWS\system32\tmp.reg
2008-07-01 09:51 17,408 ----a-w C:\WINDOWS\system32\svchost.exe
2008-07-01 08:33 579,584 ----a-w C:\WINDOWS\system32\user32.DLL
2008-06-30 07:49 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-06-30 07:48 --------- d-----w C:\Documents and Settings\Lyn\Application Data\OpenOffice.org2
2008-06-29 17:54 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-29 17:54 --------- d--h--r C:\Documents and Settings\Lyn\Application Data\SecuROM
2008-06-29 17:40 --------- d-----w C:\Program Files\KONAMI
2008-06-29 14:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-06-29 14:41 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-06-29 13:46 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared(2)
2008-06-29 13:46 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
2008-06-29 13:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems(2)
2008-06-29 13:24 --------- d-----w C:\Program Files\ahead
2008-06-23 21:34 82,432 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
2008-06-23 16:51 --------- d-----w C:\Program Files\MSBuild
2008-06-23 16:51 --------- d-----w C:\Program Files\Microsoft Works
2008-06-23 16:43 223,128 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys
2008-06-22 19:48 --------- d-----w C:\Program Files\Axis Communications
2008-06-22 15:15 --------- d-----w C:\Program Files\Mojicon Installer
2008-06-22 10:13 --------- d-----w C:\Program Files\Microsoft Carioca
2008-06-22 09:07 --------- d-----w C:\Documents and Settings\Lyn\Application Data\Open Source Applications Foundation
2008-06-20 20:06 --------- d-----w C:\Documents and Settings\Lyn\Application Data\vlc
2008-06-20 20:05 --------- d-----w C:\Program Files\VideoLAN
2008-06-20 18:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-06-20 17:56 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 20:19 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-06-19 20:19 --------- d-----w C:\Documents and Settings\Lyn\Application Data\DAEMON Tools
2008-06-19 18:51 --------- d-----w C:\Program Files\Fichiers communs\PC SOFT
2008-06-18 17:08 --------- d-----w C:\Program Files\Google
2008-06-17 15:52 --------- d-----w C:\Program Files\Windows Live
2008-06-17 15:51 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-06-17 15:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-17 13:01 --------- d-----w C:\Documents and Settings\Lyn\Application Data\Bitdefender
2008-06-17 12:53 --------- d-----w C:\Program Files\Softwin
2008-06-17 12:53 --------- d-----w C:\Program Files\Fichiers communs\Softwin
2008-06-17 12:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\BitDefender
2008-06-17 12:43 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-06-17 12:32 --------- d-----w C:\Program Files\Realtek AC97
2008-06-17 12:04 --------- d-----w C:\Program Files\QuickTime
2008-06-17 12:04 --------- d-----w C:\Program Files\Apple Software Update
2008-06-17 12:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-17 12:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-06-17 11:53 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-17 11:53 --------- d-----w C:\Program Files\Java
2008-06-17 11:52 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-06-17 10:07 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-06-17 10:07 --------- d-----w C:\Program Files\AvRack
2008-06-17 09:52 --------- d-----w C:\Program Files\ATI Technologies
2008-06-17 09:24 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-17 09:23 --------- d-----w C:\Program Files\Services en ligne
2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-30 12:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 12:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 12:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 12:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 12:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 12:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
2008-05-30 12:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
2008-05-29 07:35 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-05-23 16:21 81,920 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-05-18 19:40 82,944 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-05-09 10:55 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:55 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:55 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:55 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
.

------- Sigcheck -------

2006-03-02 14:00 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2008-04-13 19:34 14336 e4bdf223cd75478bf44567b4d5c2634d C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2008-07-01 11:51 17408 d84196f4bc2a42c626b53e9ffd9041f5 C:\WINDOWS\system32\svchost.exe

2006-03-02 14:00 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2008-04-13 19:34 512000 dd73d6b9f6b4cb630cf35b438b540174 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2008-04-13 19:34 516096 cb0ee548caf0c5a8e8c7660ec35a37b7 C:\WINDOWS\system32\winlogon.exe

2008-04-13 19:34 1040384 1258395fe10e3aa3838d4268937f0637 C:\WINDOWS\explorer.exe
2006-03-02 14:00 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2008-04-13 19:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\ServicePackFiles\i386\explorer.exe

2006-03-02 14:00 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\$NtServicePackUninstall$\services.exe
2008-04-13 19:34 109056 54cb50058851d95e56ec70d09f70857f C:\WINDOWS\ServicePackFiles\i386\services.exe
2008-04-13 19:34 111104 93dc1f26d67aead03619279949e45def C:\WINDOWS\system32\services.exe

2006-03-02 14:00 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2008-04-13 19:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2008-04-13 19:34 14848 204ed22034ada50188857c8a3f7cd4c0 C:\WINDOWS\system32\lsass.exe

2006-03-02 14:00 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2008-04-13 19:34 57856 460e4ce148bd07218da0b6a3d31885a9 C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2008-04-13 19:34 58880 b7fabc09c6c048db3ec8cd84c7401eee C:\WINDOWS\system32\spoolsv.exe
.
((((((((((((((((((((((((((((( snapshot_2008-08-05_11.57.17.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-05 09:54:10 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-08-05 15:55:25 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-08-05 09:54:10 1,392,640 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-08-05 15:55:25 1,392,640 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-08-05 09:47:00 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008080520080806\index.dat
+ 2008-08-05 15:55:26 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008080520080806\index.dat
- 2008-08-05 09:54:10 1,556,480 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-05 15:55:25 1,556,480 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-08-03 12:51 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 16:48 290816]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 09:25 1828136]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 15:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\Cyanide\\Pro Cycling Manager\\Cym2005.exe"=

R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2003-06-05 00:41]
R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2003-04-29 10:26]
R3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2003-10-30 21:17]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 11:45]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-06 13:26:18
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
NoActiveDesktopChanges = 3F 00 00 00
NoActiveDesktop = 63
NoSaveSettings = 63
ClassicShell = 63

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-06 13:30:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-06 11:30:06
ComboFix2.txt 2008-08-05 16:03:35
ComboFix3.txt 2008-08-05 09:57:50
ComboFix4.txt 2008-07-14 08:41:45
ComboFix5.txt 2008-08-06 11:21:08

Pre-Run: 3,650,076,672 octets libres
Post-Run: 3,622,920,192 octets libres

667 --- E O F --- 2008-08-03 09:47:54

Re,

Bien, là on les au eues Cependant, il reste des choses à vérifier, alors je vais te demander de faire deux scans ( ils peuvent être longs ).

1) Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

• Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
• Afin de lancer la recherche, clic sur"Rechercher".
• Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.

AIDE : Tuto en images sur MBAM

2)

• Fais un scan en ligne Kaspersky avec Internet Explorer :
• Clique sur
• Clique maintenant sur J'accepte.
• Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
• Patiente pendant l'installation des Mises à jour.
• Choisis par la suite l'analyse du Poste de travail
• Sauvegarde puis colle le rapport généré en fin d'analyse.

AIDE : Tuto sur le scan en ligne

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.

petit souci! j'ai beaucoup supprimer lorsqu'on me dit que la version est périmée ça ne change rien! c'est toujours périmé! je fais comment??

Salut,

Voila le main.txt:

Deckard's System Scanner v20071014.68
Run by Lyn on 2008-08-08 13:37:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Lyn.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:37:22, on 08/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Lyn\Bureau\dss.exe
C:\DOCUME~1\Lyn\Bureau\Lyn.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com//
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0cca191d-13a6-4e29-b746-314dee697d83} (Facebook Photo Uploader 5) - http://upload.facebook.com/control [...] oader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {4f1e5b1a-2a80-42ca-8532-2d05cb959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr [...] NPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 3702993000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mi [...] 3717870781
O16 - DPF: {a73baefa-ee65-494d-bedb-dd3e5a34fa98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://camera1.mairie-brest.fr/activex/AMC.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Nero BackItUp Scheduler 3 (nero backitup scheduler 3) - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService (nmindexingservice) - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 6587 bytes

-- Files created between 2008-07-08 and 2008-08-08 -----------------------------

2008-08-07 18:38:24 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-08-07 18:23:36 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Macromedia
2008-08-07 18:22:57 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Adobe
2008-08-07 15:39:49 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-08-07 15:36:14 0 d-------- C:\Documents and Settings\Lyn\Application Data\Malwarebytes
2008-08-07 15:36:11 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-07 15:36:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-03 11:21:43 0 d-------- C:\Program Files\DOKA Media
2008-08-03 11:21:40 50 --a------ C:\DragonTilesMahjonggpath.sys
2008-08-02 21:11:15 0 d-------- C:\Program Files\Cyanide
2008-07-31 15:17:58 0 dr------- C:\Documents and Settings\LocalService\Favoris
2008-07-30 11:30:03 51975 --a------ C:\qq.bin
2008-07-18 20:35:33 4386816 --a------ C:\Documents and Settings\Lyn\ntuser.dat
2008-07-15 17:42:10 0 d-------- C:\Program Files\Lavalys
2008-07-14 11:56:38 0 d-------- C:\Program Files\Big Kahuna Reef 2 - Chain Reaction
2008-07-14 11:53:29 0 --a------ C:\Program Files\temp01
2008-07-14 11:53:28 0 d-------- C:\Program Files\bfgclient
2008-07-14 11:52:37 0 d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-07-14 10:37:48 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-14 10:37:48 80412 --a------ C:\WINDOWS\grep.exe
2008-07-14 10:30:13 0 d-------- C:\Documents and Settings\Lyn\Start Menu
2008-07-14 10:28:31 68096 --a------ C:\WINDOWS\zip.exe
2008-07-14 10:28:31 98816 --a------ C:\WINDOWS\sed.exe
2008-07-14 10:28:30 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-14 10:28:30 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-14 10:28:30 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-14 10:28:30 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-10 16:30:50 0 d-------- C:\Program Files\MSXML 4.0
2008-07-10 10:09:22 0 d-------- C:\Program Files\Xara
2008-07-10 10:09:22 0 d-------- C:\Program Files\Common Files
2008-07-08 11:24:16 0 d-------- C:\Program Files\Real
2008-07-08 11:24:15 0 d-------- C:\Program Files\Fichiers communs\Real
2008-07-08 11:24:15 0 d-------- C:\Documents and Settings\Lyn\Application Data\Real


-- Find3M Report ---------------------------------------------------------------

2008-08-08 13:35:27 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-08-06 13:23:48 0 d-------- C:\Program Files\Fichiers communs
2008-07-18 13:48:27 0 d-------- C:\Program Files\Windows Live Safety Center
2008-07-07 21:10:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-07 21:10:14 0 d-------- C:\Program Files\Eidos Interactive
2008-07-07 13:40:05 0 d-------- C:\Documents and Settings\Lyn\Application Data\Nero
2008-07-07 13:38:58 0 d-------- C:\Program Files\Fichiers communs\Nero
2008-07-07 13:35:10 0 d-------- C:\Program Files\Nero
2008-07-06 18:37:36 0 d-------- C:\Documents and Settings\Lyn\Application Data\Sun
2008-07-06 15:39:26 0 d-------- C:\Documents and Settings\Lyn\Application Data\Apple Computer
2008-07-01 13:39:07 367896 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-07-01 13:39:07 48814 --a------ C:\WINDOWS\system32\perfc00C.dat
2008-07-01 12:15:52 3730 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-01 11:51:36 17408 --a------ C:\WINDOWS\system32\svchost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-30 09:49:30 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-06-30 09:48:07 0 d-------- C:\Documents and Settings\Lyn\Application Data\OpenOffice.org2
2008-06-29 19:54:55 0 dr-h----- C:\Documents and Settings\Lyn\Application Data\SecuROM
2008-06-29 19:40:39 0 d-------- C:\Program Files\KONAMI
2008-06-29 18:59:00 0 d-------- C:\Documents and Settings\Lyn\Application Data\Adobe
2008-06-29 16:41:59 0 d-------- C:\Program Files\Fichiers communs\Adobe
2008-06-29 15:46:52 0 d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2008-06-29 15:46:20 0 d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared(2)
2008-06-29 15:24:32 0 d-------- C:\Program Files\ahead
2008-06-23 18:51:17 0 d-------- C:\Program Files\Microsoft Works
2008-06-23 18:51:10 0 d-------- C:\Program Files\MSBuild
2008-06-22 21:48:38 0 d-------- C:\Program Files\Axis Communications
2008-06-22 17:15:23 0 d-------- C:\Program Files\Mojicon Installer
2008-06-22 12:13:17 0 d-------- C:\Program Files\Microsoft Carioca
2008-06-22 11:07:11 0 d-------- C:\Documents and Settings\Lyn\Application Data\Open Source Applications Foundation
2008-06-20 23:06:03 0 d-------- C:\Documents and Settings\Lyn\Application Data\WinRAR
2008-06-20 22:06:56 0 d-------- C:\Documents and Settings\Lyn\Application Data\vlc
2008-06-20 22:05:49 0 d-------- C:\Program Files\VideoLAN
2008-06-20 19:56:24 0 d-------- C:\Program Files\Messenger Plus! Live
2008-06-19 22:19:33 0 d-------- C:\Documents and Settings\Lyn\Application Data\DAEMON Tools
2008-06-19 20:51:05 0 d-------- C:\Program Files\Fichiers communs\PC SOFT
2008-06-18 19:08:03 0 d-------- C:\Program Files\Google
2008-06-17 17:52:21 0 d-------- C:\Program Files\Windows Live
2008-06-17 17:51:18 0 d--hs--c- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-06-17 15:01:19 0 d-------- C:\Documents and Settings\Lyn\Application Data\Bitdefender
2008-06-17 14:43:32 0 d-------- C:\Program Files\Fichiers communs\InstallShield
2008-06-17 14:32:49 0 d-------- C:\Program Files\Realtek AC97
2008-06-17 14:22:23 0 d-------- C:\Documents and Settings\Lyn\Application Data\Macromedia
2008-06-17 14:04:31 0 d-------- C:\Program Files\QuickTime
2008-06-17 14:04:02 0 d-------- C:\Program Files\Apple Software Update
2008-06-17 13:53:40 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-17 13:53:21 0 d-------- C:\Program Files\Java
2008-06-17 13:52:23 0 d-------- C:\Program Files\Fichiers communs\Java
2008-06-17 13:11:12 0 d-------- C:\Program Files\Fichiers communs\ODBC
2008-06-17 13:11:09 0 d-------- C:\Program Files\Fichiers communs\SpeechEngines
2008-06-17 13:10:41 62 --ahs---- C:\Documents and Settings\Lyn\Application Data\desktop.ini
2008-06-17 12:34:01 0 d-------- C:\Program Files\Messenger
2008-06-17 12:33:46 0 d-------- C:\Program Files\Movie Maker
2008-06-17 12:32:07 0 d-------- C:\Program Files\Windows NT
2008-06-17 12:07:19 0 d-------- C:\Program Files\Realtek Sound Manager
2008-06-17 12:07:19 0 d-------- C:\Program Files\AvRack
2008-06-17 12:01:39 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-17 12:01:37 0 d-------- C:\Documents and Settings\Lyn\Application Data\Mozilla
2008-06-17 11:52:23 0 d-------- C:\Program Files\ATI Technologies
2008-06-17 11:28:31 0 d-------- C:\Documents and Settings\Lyn\Application Data\Identities
2008-06-17 11:24:48 0 d-------- C:\Program Files\microsoft frontpage
2008-06-17 11:24:23 0 -rahs---- C:\MSDOS.SYS
2008-06-17 11:24:23 0 -rahs---- C:\IO.SYS
2008-06-17 11:24:23 0 --a------ C:\CONFIG.SYS
2008-06-17 11:24:23 0 --a------ C:\AUTOEXEC.BAT
2008-06-17 11:23:11 0 d--h----- C:\Program Files\WindowsUpdate
2008-06-17 11:23:07 0 d-------- C:\Program Files\Services en ligne
2008-06-17 11:22:19 0 d-------- C:\Program Files\Fichiers communs\MSSoap
2008-06-17 11:21:35 21892 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-17 11:20:45 0 d-------- C:\Program Files\Online Services
2008-06-17 11:20:36 0 d-------- C:\Program Files\MSN Gaming Zone
2008-05-29 09:35:36 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-23 18:21:42 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-05-18 21:40:36 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [04/09/2001 15:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [27/05/2008 10:50]
"SoundMan"="SOUNDMAN.EXE" [16/04/2007 15:28 C:\WINDOWS\soundman.exe]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [02/04/2007 16:48]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [26/03/2007 15:49]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [15/07/2005 23:48]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [01/03/2007 15:57]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [08/08/2007 09:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [03/08/2007 12:51]

C:\Documents and Settings\Lyn\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 19:16:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"NoActiveDesktopChanges"=00000000
"NoActiveDesktop"=0 (0x0)
"NoSaveSettings"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-08-08 13:37:56 ------------

je dois faire celà pour tous les fichiers??

Voici pour svchost:

Fichier svchost.exe reçu le 2008.08.08 17:04:16 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.8.8.0 2008.08.08 -
AntiVir 7.8.1.19 2008.08.08 -
Authentium 5.1.0.4 2008.08.07 -
Avast 4.8.1195.0 2008.08.07 Win32atched-CK
AVG 8.0.0.156 2008.08.08 Win32/PEPatch.AO
BitDefender 7.2 2008.08.08 Trojan.Patched.U
CAT-QuickHeal 9.50 2008.08.08 Trojan.Patched.AA
ClamAV 0.93.1 2008.08.08 Trojan.Agent-5069
DrWeb 4.44.0.09170 2008.08.08 Trojan.Starter.384
eSafe 7.0.17.0 2008.08.07 -
eTrust-Vet 31.6.6019 2008.08.08 -
Ewido 4.0 2008.08.08 -
F-Prot 4.4.4.56 2008.08.07 W32/Patched.D.gen!Eldorado
F-Secure 7.60.13501.0 2008.08.08 Trojan.Win32.Patched.aa
Fortinet 3.14.0.0 2008.08.08 -
GData 2.0.7306.1023 2008.08.08 Trojan.Win32.Patched.aa
Ikarus T3.1.1.34.0 2008.08.08 Trojan.Win32.Patched.aa
K7AntiVirus 7.10.408 2008.08.08 -
Kaspersky 7.0.0.125 2008.08.08 Trojan.Win32.Patched.aa
McAfee 5356 2008.08.07 W32/PEPatcher.c
Microsoft 1.3807 2008.08.08 Trojan:Win32/Patched.B
NOD32v2 3340 2008.08.08 Win32/TrojanProxy.Agent.NCI
Norman 5.80.02 2008.08.08 W32/Patched.A
Panda 9.0.0.4 2008.08.07 W32/Patchlog.D
PCTools 4.4.2.0 2008.08.08 Win32.Agent.IMP
Rising 20.56.41.00 2008.08.08 Trojan.Win32.Patched.aa
Sophos 4.32.0 2008.08.08 W32/Liger-A
Sunbelt 3.1.1537.1 2008.08.07 -
Symantec 10 2008.08.08 -
TheHacker 6.2.96.394 2008.08.08 -
TrendMicro 8.700.0.1004 2008.08.08 PE_PATCHEP.A
VBA32 3.12.8.3 2008.08.08 -
ViRobot 2008.8.8.1329 2008.08.08 Win32.Patched.C
VirusBuster 4.5.11.0 2008.08.07 Win32.Agent.IMP
Webwasher-Gateway 6.6.2 2008.08.08 Virus.Win32.FileInfector.gen (suspicious)

Information additionnelle
File size: 17408 bytes
MD5...: d84196f4bc2a42c626b53e9ffd9041f5
SHA1..: 94098e2546e7435e47fa4dfe97cd41cb03d71c31
SHA256: 83daca67ef389d955a7fbcab3ab48227b080ab7c43e457daaac29f1428747044
SHA512: 2c39214403820fd322f75a47a98f5f0b67a977cd09038eec9f81dc1ed33bf3fe<BR>991551611f4151b1d9eb397a21fa17e6000a4b7537fd6c4e105fa06c6c4c59e5
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1006000<BR>timedatestamp.....: 0x48025bc0 (Sun Apr 13 19:15:12 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x2c00 0x2c00 6.29 48331595af9d9d52b478844a07357653<BR>.data 0x4000 0x210 0x200 1.62 cbd504e46c836e09e8faabdcfbabaec2<BR>.rsrc 0x5000 0x2000 0x1200 1.54 8224de3075fd71adfa1c15da43a4fd39<BR><BR>( 4 imports ) <BR>&gt; ADVAPI32.dll: RegQueryValueExW, SetSecurityDescriptorDacl, SetEntriesInAclW, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, GetTokenInformation, OpenProcessToken, OpenThreadToken, SetServiceStatus, RegisterServiceCtrlHandlerW, RegCloseKey, RegOpenKeyExW, StartServiceCtrlDispatcherW<BR>&gt; KERNEL32.dll: HeapFree, GetLastError, WideCharToMultiByte, lstrlenW, LocalFree, GetCurrentProcess, GetCurrentThread, GetProcAddress, LoadLibraryExW, LeaveCriticalSection, HeapAlloc, EnterCriticalSection, LCMapStringW, FreeLibrary, lstrcpyW, ExpandEnvironmentStringsW, lstrcmpiW, ExitProcess, GetCommandLineW, InitializeCriticalSection, GetProcessHeap, SetErrorMode, SetUnhandledExceptionFilter, RegisterWaitForSingleObject, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, LocalAlloc, lstrcmpW, DelayLoadFailureHook<BR>&gt; ntdll.dll: NtQuerySecurityObject, RtlFreeHeap, NtOpenKey, wcscat, wcscpy, RtlAllocateHeap, RtlCompareUnicodeString, RtlInitUnicodeString, RtlInitializeSid, RtlLengthRequiredSid, RtlSubAuthoritySid, NtClose, RtlSubAuthorityCountSid, RtlGetDaclSecurityDescriptor, RtlQueryInformationAcl, RtlGetAce, RtlImageNtHeader, wcslen, RtlUnhandledExceptionFilter, RtlCopySid<BR>&gt; RPCRT4.dll: RpcServerUnregisterIfEx, RpcMgmtWaitServerListen, RpcMgmtSetServerStackSize, RpcServerUnregisterIf, RpcServerListen, RpcServerUseProtseqEpW, RpcServerRegisterIf, I_RpcMapWin32Status, RpcMgmtStopServerListening<BR><BR>( 0 exports ) <BR>

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.8.8.0 2008.08.08 -
AntiVir 7.8.1.19 2008.08.08 -
Authentium 5.1.0.4 2008.08.07 -
Avast 4.8.1195.0 2008.08.07 Win32atched-CK
AVG 8.0.0.156 2008.08.08 Win32/PEPatch.AO
BitDefender 7.2 2008.08.08 Trojan.Patched.U
CAT-QuickHeal 9.50 2008.08.08 Trojan.Patched.AA
ClamAV 0.93.1 2008.08.08 Trojan.Agent-5069
DrWeb 4.44.0.09170 2008.08.08 Trojan.Starter.384
eSafe 7.0.17.0 2008.08.07 -
eTrust-Vet 31.6.6019 2008.08.08 -
Ewido 4.0 2008.08.08 -
F-Prot 4.4.4.56 2008.08.07 W32/Patched.D.gen!Eldorado
F-Secure 7.60.13501.0 2008.08.08 Trojan.Win32.Patched.aa
Fortinet 3.14.0.0 2008.08.08 -
GData 2.0.7306.1023 2008.08.08 Trojan.Win32.Patched.aa
Ikarus T3.1.1.34.0 2008.08.08 Trojan.Win32.Patched.aa
K7AntiVirus 7.10.408 2008.08.08 -
Kaspersky 7.0.0.125 2008.08.08 Trojan.Win32.Patched.aa
McAfee 5356 2008.08.07 W32/PEPatcher.c
Microsoft 1.3807 2008.08.08 Trojan:Win32/Patched.B
NOD32v2 3340 2008.08.08 Win32/TrojanProxy.Agent.NCI
Norman 5.80.02 2008.08.08 W32/Patched.A
Panda 9.0.0.4 2008.08.07 W32/Patchlog.D
PCTools 4.4.2.0 2008.08.08 Win32.Agent.IMP
Rising 20.56.41.00 2008.08.08 Trojan.Win32.Patched.aa
Sophos 4.32.0 2008.08.08 W32/Liger-A
Sunbelt 3.1.1537.1 2008.08.07 -
Symantec 10 2008.08.08 -
TheHacker 6.2.96.394 2008.08.08 -
TrendMicro 8.700.0.1004 2008.08.08 PE_PATCHEP.A
VBA32 3.12.8.3 2008.08.08 -
ViRobot 2008.8.8.1329 2008.08.08 Win32.Patched.C
VirusBuster 4.5.11.0 2008.08.07 Win32.Agent.IMP
Webwasher-Gateway 6.6.2 2008.08.08 Virus.Win32.FileInfector.gen (suspicious)

Information additionnelle
File size: 17408 bytes
MD5...: d84196f4bc2a42c626b53e9ffd9041f5
SHA1..: 94098e2546e7435e47fa4dfe97cd41cb03d71c31
SHA256: 83daca67ef389d955a7fbcab3ab48227b080ab7c43e457daaac29f1428747044
SHA512: 2c39214403820fd322f75a47a98f5f0b67a977cd09038eec9f81dc1ed33bf3fe<BR>991551611f4151b1d9eb397a21fa17e6000a4b7537fd6c4e105fa06c6c4c59e5
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1006000<BR>timedatestamp.....: 0x48025bc0 (Sun Apr 13 19:15:12 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x2c00 0x2c00 6.29 48331595af9d9d52b478844a07357653<BR>.data 0x4000 0x210 0x200 1.62 cbd504e46c836e09e8faabdcfbabaec2<BR>.rsrc 0x5000 0x2000 0x1200 1.54 8224de3075fd71adfa1c15da43a4fd39<BR><BR>( 4 imports ) <BR>&gt; ADVAPI32.dll: RegQueryValueExW, SetSecurityDescriptorDacl, SetEntriesInAclW, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, GetTokenInformation, OpenProcessToken, OpenThreadToken, SetServiceStatus, RegisterServiceCtrlHandlerW, RegCloseKey, RegOpenKeyExW, StartServiceCtrlDispatcherW<BR>&gt; KERNEL32.dll: HeapFree, GetLastError, WideCharToMultiByte, lstrlenW, LocalFree, GetCurrentProcess, GetCurrentThread, GetProcAddress, LoadLibraryExW, LeaveCriticalSection, HeapAlloc, EnterCriticalSection, LCMapStringW, FreeLibrary, lstrcpyW, ExpandEnvironmentStringsW, lstrcmpiW, ExitProcess, GetCommandLineW, InitializeCriticalSection, GetProcessHeap, SetErrorMode, SetUnhandledExceptionFilter, RegisterWaitForSingleObject, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, LocalAlloc, lstrcmpW, DelayLoadFailureHook<BR>&gt; ntdll.dll: NtQuerySecurityObject, RtlFreeHeap, NtOpenKey, wcscat, wcscpy, RtlAllocateHeap, RtlCompareUnicodeString, RtlInitUnicodeString, RtlInitializeSid, RtlLengthRequiredSid, RtlSubAuthoritySid, NtClose, RtlSubAuthorityCountSid, RtlGetDaclSecurityDescriptor, RtlQueryInformationAcl, RtlGetAce, RtlImageNtHeader, wcslen, RtlUnhandledExceptionFilter, RtlCopySid<BR>&gt; RPCRT4.dll: RpcServerUnregisterIfEx, RpcMgmtWaitServerListen, RpcMgmtSetServerStackSize, RpcServerUnregisterIf, RpcServerListen, RpcServerUseProtseqEpW, RpcServerRegisterIf, I_RpcMapWin32Status, RpcMgmtStopServerListening<BR><BR>( 0 exports ) <BR>

pour explorer:

Fichier explorer.exe reçu le 2008.08.08 17:10:43 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.8.8.0 2008.08.08 -
AntiVir 7.8.1.19 2008.08.08 HEUR/Malware
Authentium 5.1.0.4 2008.08.07 -
Avast 4.8.1195.0 2008.08.07 Win32atched-CK
AVG 8.0.0.156 2008.08.08 Win32/PEPatch.AO
BitDefender 7.2 2008.08.08 Trojan.Patched.U
CAT-QuickHeal 9.50 2008.08.08 Trojan.Patched.AA
ClamAV 0.93.1 2008.08.08 Trojan.Agent-5069
DrWeb 4.44.0.09170 2008.08.08 Trojan.Starter.384
eSafe 7.0.17.0 2008.08.07 -
eTrust-Vet 31.6.6019 2008.08.08 -
Ewido 4.0 2008.08.08 -
F-Prot 4.4.4.56 2008.08.07 W32/Patched.D.gen!Eldorado
F-Secure 7.60.13501.0 2008.08.08 Trojan.Win32.Patched.aa
Fortinet 3.14.0.0 2008.08.08 -
GData 2.0.7306.1023 2008.08.08 Trojan.Win32.Patched.aa
Ikarus T3.1.1.34.0 2008.08.08 Trojan.Win32.Patched.bl
K7AntiVirus 7.10.408 2008.08.08 -
Kaspersky 7.0.0.125 2008.08.08 Trojan.Win32.Patched.aa
McAfee 5356 2008.08.07 W32/PEPatcher.c
Microsoft 1.3807 2008.08.08 Trojan:Win32/Patched.B
NOD32v2 3340 2008.08.08 Win32/TrojanProxy.Agent.NCI
Norman 5.80.02 2008.08.08 W32/Patched.A
Panda 9.0.0.4 2008.08.07 W32/PatchLog.gen
PCTools 4.4.2.0 2008.08.08 Win32.Agent.IMP
Prevx1 V2 2008.08.08 -
Rising 20.56.41.00 2008.08.08 Trojan.Win32.Patched.aa
Sophos 4.32.0 2008.08.08 W32/Liger-A
Sunbelt 3.1.1537.1 2008.08.07 -
Symantec 10 2008.08.08 -
TheHacker 6.2.96.394 2008.08.08 -
TrendMicro 8.700.0.1004 2008.08.08 PE_PATCHEP.A
VBA32 3.12.8.3 2008.08.08 -
ViRobot 2008.8.8.1329 2008.08.08 Win32.Patched.C
VirusBuster 4.5.11.0 2008.08.08 Win32.Agent.IMP
Webwasher-Gateway 6.6.2 2008.08.08 Heuristic.Malware

Information additionnelle
File size: 1040384 bytes
MD5...: 1258395fe10e3aa3838d4268937f0637
SHA1..: 9d9350e9037ff026b17c5772337e57a88ef9fbed
SHA256: 56cb5ead474a1bd69b3df3ebbd625b2b5a183240f429e2f307dca28a883b4521
SHA512: f7fe5b7a57dd88eaa7fa790a9f7263fadf884dc069218b2fa2d99cd1ff5d02d8<BR>9abe2701bd468ebb567b3589bf9b44223a399ed48abf01ecdd2f4e3942ad62a2
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1100000<BR>timedatestamp.....: 0x48025c30 (Sun Apr 13 19:17:04 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x44c09 0x44e00 6.38 013207a9f70ec52b78392db51f333ff0<BR>.data 0x46000 0x1db4 0x1800 1.30 983f35021232560eaaa99fcbc1b7d359<BR>.rsrc 0x48000 0xb3280 0xb3400 6.63 e73694f42fb4ef5e9b8ea017fcf60103<BR>.reloc 0xfc000 0x5000 0x4200 6.32 7270006a88eb9a0871048ac10d253f58<BR><BR>( 13 imports ) <BR>&gt; ADVAPI32.dll: RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW<BR>&gt; BROWSEUI.dll: -, -, -, -<BR>&gt; GDI32.dll: GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, CreateRectRgnIndirect, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, SetTextColor, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode<BR>&gt; KERNEL32.dll: GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, OpenEventW, DelayLoadFailureHook, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, GetFileAttributesExW, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, MulDiv, InitializeCriticalSectionAndSpinCount, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, RegisterWaitForSingleObject<BR>&gt; msvcrt.dll: _itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf<BR>&gt; ntdll.dll: RtlNtStatusToDosError, NtQueryInformationProcess<BR>&gt; ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop<BR>&gt; OLEAUT32.dll: -, -<BR>&gt; SHDOCVW.dll: -, -, -<BR>&gt; SHELL32.dll: -, -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHGetSpecialFolderLocation, ShellExecuteExW, -, -, -, SHGetSpecialFolderPathW, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -<BR>&gt; SHLWAPI.dll: StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, -, StrCmpNW, -, -<BR>&gt; USER32.dll: TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, CopyRect, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, PtInRect, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, ModifyMenuW, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW<BR>&gt; UxTheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed<BR><BR>( 0 exports ) <BR>

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.8.8.0 2008.08.08 -
AntiVir 7.8.1.19 2008.08.08 HEUR/Malware
Authentium 5.1.0.4 2008.08.07 -
Avast 4.8.1195.0 2008.08.07 Win32atched-CK
AVG 8.0.0.156 2008.08.08 Win32/PEPatch.AO
BitDefender 7.2 2008.08.08 Trojan.Patched.U
CAT-QuickHeal 9.50 2008.08.08 Trojan.Patched.AA
ClamAV 0.93.1 2008.08.08 Trojan.Agent-5069
DrWeb 4.44.0.09170 2008.08.08 Trojan.Starter.384
eSafe 7.0.17.0 2008.08.07 -
eTrust-Vet 31.6.6019 2008.08.08 -
Ewido 4.0 2008.08.08 -
F-Prot 4.4.4.56 2008.08.07 W32/Patched.D.gen!Eldorado
F-Secure 7.60.13501.0 2008.08.08 Trojan.Win32.Patched.aa
Fortinet 3.14.0.0 2008.08.08 -
GData 2.0.7306.1023 2008.08.08 Trojan.Win32.Patched.aa
Ikarus T3.1.1.34.0 2008.08.08 Trojan.Win32.Patched.bl
K7AntiVirus 7.10.408 2008.08.08 -
Kaspersky 7.0.0.125 2008.08.08 Trojan.Win32.Patched.aa
McAfee 5356 2008.08.07 W32/PEPatcher.c
Microsoft 1.3807 2008.08.08 Trojan:Win32/Patched.B
NOD32v2 3340 2008.08.08 Win32/TrojanProxy.Agent.NCI
Norman 5.80.02 2008.08.08 W32/Patched.A
Panda 9.0.0.4 2008.08.07 W32/PatchLog.gen
PCTools 4.4.2.0 2008.08.08 Win32.Agent.IMP
Prevx1 V2 2008.08.08 -
Rising 20.56.41.00 2008.08.08 Trojan.Win32.Patched.aa
Sophos 4.32.0 2008.08.08 W32/Liger-A
Sunbelt 3.1.1537.1 2008.08.07 -
Symantec 10 2008.08.08 -
TheHacker 6.2.96.394 2008.08.08 -
TrendMicro 8.700.0.1004 2008.08.08 PE_PATCHEP.A
VBA32 3.12.8.3 2008.08.08 -
ViRobot 2008.8.8.1329 2008.08.08 Win32.Patched.C
VirusBuster 4.5.11.0 2008.08.08 Win32.Agent.IMP
Webwasher-Gateway 6.6.2 2008.08.08 Heuristic.Malware

Information additionnelle
File size: 1040384 bytes
MD5...: 1258395fe10e3aa3838d4268937f0637
SHA1..: 9d9350e9037ff026b17c5772337e57a88ef9fbed
SHA256: 56cb5ead474a1bd69b3df3ebbd625b2b5a183240f429e2f307dca28a883b4521
SHA512: f7fe5b7a57dd88eaa7fa790a9f7263fadf884dc069218b2fa2d99cd1ff5d02d8<BR>9abe2701bd468ebb567b3589bf9b44223a399ed48abf01ecdd2f4e3942ad62a2
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1100000<BR>timedatestamp.....: 0x48025c30 (Sun Apr 13 19:17:04 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x44c09 0x44e00 6.38 013207a9f70ec52b78392db51f333ff0<BR>.data 0x46000 0x1db4 0x1800 1.30 983f35021232560eaaa99fcbc1b7d359<BR>.rsrc 0x48000 0xb3280 0xb3400 6.63 e73694f42fb4ef5e9b8ea017fcf60103<BR>.reloc 0xfc000 0x5000 0x4200 6.32 7270006a88eb9a0871048ac10d253f58<BR><BR>( 13 imports ) <BR>&gt; ADVAPI32.dll: RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW<BR>&gt; BROWSEUI.dll: -, -, -, -<BR>&gt; GDI32.dll: GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, CreateRectRgnIndirect, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, SetTextColor, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode<BR>&gt; KERNEL32.dll: GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, OpenEventW, DelayLoadFailureHook, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, GetFileAttributesExW, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, MulDiv, InitializeCriticalSectionAndSpinCount, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, RegisterWaitForSingleObject<BR>&gt; msvcrt.dll: _itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf<BR>&gt; ntdll.dll: RtlNtStatusToDosError, NtQueryInformationProcess<BR>&gt; ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop<BR>&gt; OLEAUT32.dll: -, -<BR>&gt; SHDOCVW.dll: -, -, -<BR>&gt; SHELL32.dll: -, -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHGetSpecialFolderLocation, ShellExecuteExW, -, -, -, SHGetSpecialFolderPathW, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -<BR>&gt; SHLWAPI.dll: StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, -, StrCmpNW, -, -<BR>&gt; USER32.dll: TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, CopyRect, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, PtInRect, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, ModifyMenuW, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW<BR>&gt; UxTheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed<BR><BR>( 0 exports ) <BR>

POUR lsass.exe:

Fichier lsass.exe reçu le 2008.08.08 17:24:10 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.8.8.0 2008.08.08 -
AntiVir 7.8.1.19 2008.08.08 -
Authentium 5.1.0.4 2008.08.07 -
Avast 4.8.1195.0 2008.08.07 Win32atched-CK
AVG 8.0.0.156 2008.08.08 Win32/PEPatch.AO
BitDefender 7.2 2008.08.08 Trojan.Patched.U
CAT-QuickHeal 9.50 2008.08.08 Trojan.Patched.AA
ClamAV 0.93.1 2008.08.08 Trojan.Agent-5069
DrWeb 4.44.0.09170 2008.08.08 Trojan.Starter.384
eSafe 7.0.17.0 2008.08.07 -
eTrust-Vet 31.6.6019 2008.08.08 -
Ewido 4.0 2008.08.08 -
F-Prot 4.4.4.56 2008.08.07 W32/Patched.D.gen!Eldorado
Fortinet 3.14.0.0 2008.08.08 -
GData 2.0.7306.1023 2008.08.08 Trojan.Win32.Patched.aa
Ikarus T3.1.1.34.0 2008.08.08 Trojan.Win32.Patched.aa
K7AntiVirus 7.10.408 2008.08.08 -
Kaspersky 7.0.0.125 2008.08.08 Trojan.Win32.Patched.aa
McAfee 5356 2008.08.07 W32/PEPatcher.c
Microsoft 1.3807 2008.08.08 Trojan:Win32/Patched.B
NOD32v2 3340 2008.08.08 Win32/TrojanProxy.Agent.NCI
Norman 5.80.02 2008.08.08 W32/Patched.A
Panda 9.0.0.4 2008.08.07 W32/PatchLog.gen
PCTools 4.4.2.0 2008.08.08 Win32.Agent.IMP
Prevx1 V2 2008.08.08 -
Rising 20.56.41.00 2008.08.08 Trojan.Win32.Patched.aa
Sophos 4.32.0 2008.08.08 W32/Liger-A
Sunbelt 3.1.1537.1 2008.08.07 -
Symantec 10 2008.08.08 -
TheHacker 6.2.96.394 2008.08.08 -
TrendMicro 8.700.0.1004 2008.08.08 PE_PATCHEP.A
VBA32 3.12.8.3 2008.08.08 -
ViRobot 2008.8.8.1329 2008.08.08 Win32.Patched.C
VirusBuster 4.5.11.0 2008.08.08 Win32.Agent.IMP
Webwasher-Gateway 6.6.2 2008.08.08 Virus.Win32.FileInfector.gen (suspicious)

Information additionnelle
File size: 14848 bytes
MD5...: 204ed22034ada50188857c8a3f7cd4c0
SHA1..: 3d1b891e94cd444118643f0c5cf5863c4b5dea0a
SHA256: 67465b0ba0267b104d1bbd4c75719c8237dbade50e3ba7d0103090c3bf53838a
SHA512: 1f525e6b01523436570263827fa1fffdaba6ecc5d8a17f33b3fab72d0e8a2a86<BR>340bc48e44ce3d71698994538eb5e6547e79c7108f96c8799ec6db8c6c6c9e00
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1006000<BR>timedatestamp.....: 0x48025186 (Sun Apr 13 18:31:34 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x10d0 0x1200 6.01 5501ba358fe3bca3fd6ff8d9d0ddcb45<BR>.data 0x3000 0x6c 0x200 0.20 86a789a893c60d5e207d053188cdc250<BR>.rsrc 0x4000 0x3000 0x2200 6.46 6ea45e4d367896ec371f52098179433b<BR><BR>( 5 imports ) <BR>&gt; ADVAPI32.dll: FreeSid, CheckTokenMembership, AllocateAndInitializeSid, OpenThreadToken, ImpersonateSelf, RevertToSelf<BR>&gt; KERNEL32.dll: CloseHandle, GetCurrentThread, ExitThread, SetUnhandledExceptionFilter, SetErrorMode, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, RtlUnwind, InterlockedExchange, VirtualQuery<BR>&gt; ntdll.dll: NtSetInformationProcess, RtlInitUnicodeString, NtCreateEvent, NtOpenEvent, NtSetEvent, NtClose, NtRaiseHardError, RtlAdjustPrivilege, NtShutdownSystem, RtlUnhandledExceptionFilter<BR>&gt; LSASRV.dll: LsaISetupWasRun, LsapDsDebugInitialize, LsapAuOpenSam, LsapCheckBootMode, ServiceInit, LsapInitLsa, LsapDsInitializePromoteInterface, LsapDsInitializeDsStateInfo<BR>&gt; SAMSRV.dll: SamIInitialize, SampUsingDsData<BR><BR>( 0 exports ) <BR>

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.8.8.0 2008.08.08 -
AntiVir 7.8.1.19 2008.08.08 -
Authentium 5.1.0.4 2008.08.07 -
Avast 4.8.1195.0 2008.08.07 Win32atched-CK
AVG 8.0.0.156 2008.08.08 Win32/PEPatch.AO
BitDefender 7.2 2008.08.08 Trojan.Patched.U
CAT-QuickHeal 9.50 2008.08.08 Trojan.Patched.AA
ClamAV 0.93.1 2008.08.08 Trojan.Agent-5069
DrWeb 4.44.0.09170 2008.08.08 Trojan.Starter.384
eSafe 7.0.17.0 2008.08.07 -
eTrust-Vet 31.6.6019 2008.08.08 -
Ewido 4.0 2008.08.08 -
F-Prot 4.4.4.56 2008.08.07 W32/Patched.D.gen!Eldorado
Fortinet 3.14.0.0 2008.08.08 -
GData 2.0.7306.1023 2008.08.08 Trojan.Win32.Patched.aa
Ikarus T3.1.1.34.0 2008.08.08 Trojan.Win32.Patched.aa
K7AntiVirus 7.10.408 2008.08.08 -
Kaspersky 7.0.0.125 2008.08.08 Trojan.Win32.Patched.aa
McAfee 5356 2008.08.07 W32/PEPatcher.c
Microsoft 1.3807 2008.08.08 Trojan:Win32/Patched.B
NOD32v2 3340 2008.08.08 Win32/TrojanProxy.Agent.NCI
Norman 5.80.02 2008.08.08 W32/Patched.A
Panda 9.0.0.4 2008.08.07 W32/PatchLog.gen
PCTools 4.4.2.0 2008.08.08 Win32.Agent.IMP
Prevx1 V2 2008.08.08 -
Rising 20.56.41.00 2008.08.08 Trojan.Win32.Patched.aa
Sophos 4.32.0 2008.08.08 W32/Liger-A
Sunbelt 3.1.1537.1 2008.08.07 -
Symantec 10 2008.08.08 -
TheHacker 6.2.96.394 2008.08.08 -
TrendMicro 8.700.0.1004 2008.08.08 PE_PATCHEP.A
VBA32 3.12.8.3 2008.08.08 -
ViRobot 2008.8.8.1329 2008.08.08 Win32.Patched.C
VirusBuster 4.5.11.0 2008.08.08 Win32.Agent.IMP
Webwasher-Gateway 6.6.2 2008.08.08 Virus.Win32.FileInfector.gen (suspicious)

Information additionnelle
File size: 14848 bytes
MD5...: 204ed22034ada50188857c8a3f7cd4c0
SHA1..: 3d1b891e94cd444118643f0c5cf5863c4b5dea0a
SHA256: 67465b0ba0267b104d1bbd4c75719c8237dbade50e3ba7d0103090c3bf53838a
SHA512: 1f525e6b01523436570263827fa1fffdaba6ecc5d8a17f33b3fab72d0e8a2a86<BR>340bc48e44ce3d71698994538eb5e6547e79c7108f96c8799ec6db8c6c6c9e00
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1006000<BR>timedatestamp.....: 0x48025186 (Sun Apr 13 18:31:34 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x10d0 0x1200 6.01 5501ba358fe3bca3fd6ff8d9d0ddcb45<BR>.data 0x3000 0x6c 0x200 0.20 86a789a893c60d5e207d053188cdc250<BR>.rsrc 0x4000 0x3000 0x2200 6.46 6ea45e4d367896ec371f52098179433b<BR><BR>( 5 imports ) <BR>&gt; ADVAPI32.dll: FreeSid, CheckTokenMembership, AllocateAndInitializeSid, OpenThreadToken, ImpersonateSelf, RevertToSelf<BR>&gt; KERNEL32.dll: CloseHandle, GetCurrentThread, ExitThread, SetUnhandledExceptionFilter, SetErrorMode, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, RtlUnwind, InterlockedExchange, VirtualQuery<BR>&gt; ntdll.dll: NtSetInformationProcess, RtlInitUnicodeString, NtCreateEvent, NtOpenEvent, NtSetEvent, NtClose, NtRaiseHardError, RtlAdjustPrivilege, NtShutdownSystem, RtlUnhandledExceptionFilter<BR>&gt; LSASRV.dll: LsaISetupWasRun, LsapDsDebugInitialize, LsapAuOpenSam, LsapCheckBootMode, ServiceInit, LsapInitLsa, LsapDsInitializePromoteInterface, LsapDsInitializeDsStateInfo<BR>&gt; SAMSRV.dll: SamIInitialize, SampUsingDsData<BR><BR>( 0 exports ) <BR>

Re,

Bon je t'explique : tu as des processus légitimes qui ont été infecté(s). Si on supprime les fichiers, le PC plante et ne démarre plus. Par contre, on peut, avec un outil, remplacer les fichiers néfastes actuels par un copie propre de ces fichiers.

Le plus simple reste cette méthode, à condition que tu aies ton CD de windows. Si tu ne l'as pas, dis-le moi, on fera autrement

On va effectuer une réparation du système. Pour cela procède comme suit :

• Insère ton CD de windows dans ton lecteur ( il faut que le CD corresponde à ta version de windows ).
• Ferme toutes les programmes, fenêtres et applications en cours.
• Déconnecte-toi d'internet.
• Menu démarrer > exécuter.
• Dans la fenêtre qui apparaît, tape : sfc /scannow puis valide par entrée.
• Le PC va travailler, laisse-le tourner, cela peut prendre un bon moment.
• Reviens me dire quand cela est fait.

Re,

Bonne nouvelle

Pour vérifier que c'est ok, peux-tu refaire l'analyse des 6 fichiers ?

Inutile de me poster de si longs rapports, dis-moi juste combien d'antivirus ont détecté le fichier comme néfaste pour chaque fichier.

On y est presque