Sujet auquel vous répondez
Sujet : Log HJT aide svp
Simouel	Combofix se bloque j,ai tenté plusieurs fois....

Votre réponse
Nom d'utilisateur	Pour poster, vous devez être inscrit sur ce forum .... si ce n'est pas le cas, cliquez ici !
Mot de passe	Vous avez perdu votre mot de passe ? Cliquez ici !
Le ton de votre message
Votre réponse Smilies     Liste des smilies perso	[quotemsg=265274,3,718719]Combofix se bloque j,ai tenté plusieurs fois....[/quotemsg]
Options	Activer votre signature Désactiver les smilies Activer la notification par email du sujet

Aperçu

Vous avez perdu votre mot de passe ?

Vue Rapide de la discussion

chercheur_

Euh ...   Effectivement, plutôt Logiciels. Ou peut être Internet et Réseaux.

Simouel

Msn ça va dans le hardware ???

chercheur_

Bonjour     Expose ce problème sur la section Hardware ;)

Simouel

Toujours messenger inutilisable...   Malgré toutes les démarches et tentatives de désinstallations et réinstallations...   Plus de popup ni de "lag" mais ce foutu messenger rien à y faire...   J'ai fait des démarches de ce côté aussi   http://www.commentcamarche.net/for [...] p?page=4#0   Mais malgré tout ça...rien à faire pour messenger...

chercheur_

Bonjour   Supprime ces trois fichiers   F:\Emule\Download\Anyplace Control 4.1.1.0.zip F:\Emule\Download\DynamSoft.SourceAnyWhere.Professional.Edition.v5.0.WinALL.Incl.Keygen-ViRiLiTY.zip   F:\Emule\Download\DynamSoft.SourceAnyWhere.v5.0.1.Professional.Edition.Server.Incl.Keymaker-ZWT.zip     As tu encore des dysfonctionnements ?

Simouel

-------------------------------------------------------------------------------  KASPERSKY ONLINE SCANNER REPORT  Friday, December 21, 2007 6:24:31 AM  Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)  Kaspersky Online Scanner version: 5.0.98.0  Kaspersky Anti-Virus database last update: 20/12/2007  Kaspersky Anti-Virus database records: 458627 -------------------------------------------------------------------------------   Scan Settings:  Scan using the following antivirus database: standard  Scan Archives: true  Scan Mail Bases: true   Scan Target - My Computer:  A:\  C:\  D:\  E:\  F:\  G:\  H:\  I:\  J:\  K:\  L:\   Scan Statistics:  Total number of scanned objects: 63218  Number of viruses found: 3  Number of infected objects: 8  Number of suspicious objects: 2  Duration of the scan process: 02:40:02   Infected Object Name / Virus Name / Last Action C:\Documents and Settings\Administrateur\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\MSHist012007122020071221\index.dat Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Temp\Perflib_Perfdata_5a4.dat Object is locked skipped C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Administrateur\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Administrateur\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt4.zip/retadpu1000137.exe Suspicious: Password-protected-EXE skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt4.zip ZIP: suspicious - 1 skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\No-IP\DUC - Administrateur.log Object is locked skipped C:\Program Files\No-IP\Service.log Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{51F1CC82-04A9-4F26-94F9-F8F132D1783A}\RP66\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{0D052141-3F21-4B15-8E8A-2D3211A1A812}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\NetLimit.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Tasks\SCHEDLGU.TXT Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped F:\Emule\Download\Anyplace Control 4.1.1.0.zip/Anyplace Control 4.1.1.0.exe Infected: Trojan-Downloader.Win32.Bagle.go skipped F:\Emule\Download\Anyplace Control 4.1.1.0.zip ZIP: infected - 1 skipped F:\Emule\Download\DynamSoft.SourceAnyWhere.Professional.Edition.v5.0.WinALL.Incl.Keygen-ViRiLiTY.zip/DynamSoft.SourceAnyWhere.Professional.Edition.v5.0.WinALL.Incl.Keygen-ViRiLiTY/keygen.exe Infected: Trojan-Dropper.Win32.Delf.xo skipped F:\Emule\Download\DynamSoft.SourceAnyWhere.Professional.Edition.v5.0.WinALL.Incl.Keygen-ViRiLiTY.zip/DynamSoft.SourceAnyWhere.Professional.Edition.v5.0.WinALL.Incl.Keygen-ViRiLiTY/SAW5.0ProServer.exe Infected: Trojan-Dropper.Win32.Delf.xo skipped F:\Emule\Download\DynamSoft.SourceAnyWhere.Professional.Edition.v5.0.WinALL.Incl.Keygen-ViRiLiTY.zip ZIP: infected - 2 skipped F:\Emule\Download\DynamSoft.SourceAnyWhere.v5.0.1.Professional.Edition.Server.Incl.Keymaker-ZWT.zip/DynamSoft.SourceAnyWhere.v5.0.1.Professional.Edition.Server.Incl.Keymaker-ZWT/Keygen.exe Infected: Trojan-Dropper.Win32.Delf.xo skipped F:\Emule\Download\DynamSoft.SourceAnyWhere.v5.0.1.Professional.Edition.Server.Incl.Keymaker-ZWT.zip/DynamSoft.SourceAnyWhere.v5.0.1.Professional.Edition.Server.Incl.Keymaker-ZWT/setup.exe Infected: Trojan-Dropper.Win32.Delf.xo skipped F:\Emule\Download\DynamSoft.SourceAnyWhere.v5.0.1.Professional.Edition.Server.Incl.Keymaker-ZWT.zip ZIP: infected - 2 skipped F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped   Scan process completed.

yakuza onizuka

voici un site qui pourra t'aider deja avec tes log hijacthis   http://www.hijackthis.de/fr#anl

Simouel

ça reste bloqué à 47 fichier vérifiés...j,ai laissé allé 22 min la première fois et réesseyé...il trouve ces 8 fichier dès le début et bloque là avec usage cpu à 100%   -------------------------------------------------------------------------------  KASPERSKY ON-LINE SCANNER REPORT  Thursday, December 20, 2007 8:28:27 PM  Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)  Kaspersky On-line Scanner version : 5.0.83.0  Dernière mise à jour de la base antivirus Kaspersky : 20/12/2007  Enregistrements dans la base antivirus Kaspersky : 458540 -------------------------------------------------------------------------------   Paramètres d'analyse:  Analyser avec la base antivirus suivante: standard  Analyser les archives: vrai  Analyser les bases de messagerie: vrai   Cible de l'analyse - Poste de travail:  A:\  C:\  D:\  E:\  F:\  G:\  H:\  I:\  J:\  K:\  L:\   Statistiques de l'analyse:  Total d'objets analysés: 47  Nombre de virus trouvés: 1  Nombre d'objets infectés: 0 / 0  Nombre d'objets suspects: 8  Durée de l'analyse: 00:02:12   Nom de l'objet infecté / Nom du virus / Dernière action C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\acw.exe.bac_a02952 Suspect : Packed.Win32.PePatch.dk ignoré C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\All to All ( MP3, OGG, WMA 8, WAV) converter+crack.zip.bac_a02952/Audio_Conversion_Wizard_Crack.zip/acw.exe Suspect : Packed.Win32.PePatch.dk ignoré C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\All to All ( MP3, OGG, WMA 8, WAV) converter+crack.zip.bac_a02952/Audio_Conversion_Wizard_Crack.zip Suspect : Packed.Win32.PePatch.dk ignoré C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\All to All ( MP3, OGG, WMA 8, WAV) converter+crack.zip.bac_a02952 ZIP: suspect - 2 ignoré C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\All to All ( MP3, OGG, WMA 8, WAV) converter+crack.zip.bac_a02952 CryptFF.b: suspect - 2 ignoré C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\Audio_Conversion_Wizard_Crack.zip.bac_a02952/acw.exe Suspect : Packed.Win32.PePatch.dk ignoré C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\Audio_Conversion_Wizard_Crack.zip.bac_a02952 ZIP: suspect - 1 ignoré C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\Audio_Conversion_Wizard_Crack.zip.bac_a02952 CryptFF.b: suspect - 1 ignoré   Analyse interrompue par l'utilisateur !

chercheur_

Re     Fais une analyse antivirus en ligne sur Kaspersky http://webscanner.kaspersky.fr/ Clique sur Démarrer Online Scanner. Sélectionne le poste de travail comme analyse. Colle son rapport ici.   Aide toi de ce lien. http://www.infos-du-net.com/forum/ [...] -kaspersky

Simouel

ComboFix 07-12-19.2 - Administrateur 2007-12-20 18:48:56.17 - NTFSx86 Microsoft Windows XP Professionnel  5.1.2600.2.1252.1.1036.18.452 [GMT -5:00] Running from: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt  * Created a new restore point   FILE C:\WINDOWS\system32\bayay.bak1 C:\WINDOWS\system32\bayay.bak2 C:\WINDOWS\system32\bayay.ini2 .   ((((((((((((((((((((((((((((((((((((   Autres suppressions   )))))))))))))))))))))))))))))))))))))))))))))))) .   C:\Program Files\MPEGFLAWBAIT C:\Program Files\NetMeter C:\Program Files\NetMeter\NetMeter.exe C:\Program Files\NetMeter\NetMeter.ini C:\Program Files\NetMeter\NetMeter.tlg C:\Program Files\NetMeter\ReadMe.txt C:\Program Files\NetMeter\unins000.dat C:\Program Files\NetMeter\unins000.exe   . (((((((((((((((((((((((((((((   Fichiers cr‚‚s 2007-11-20 to 2007-12-20  )))))))))))))))))))))))))))))))))))) .   2007-12-20 11:11 . 2007-12-20 11:15 <REP> d-------- C:\Program Files\jv16 PowerTools 2006 2007-12-18 18:46 . 2004-08-19 16:09 116,736 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll 2007-12-18 18:46 . 2001-08-23 17:47 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe 2007-12-18 18:46 . 2001-08-23 17:47 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll 2007-12-18 18:46 . 2001-08-23 17:47 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll 2007-12-18 18:46 . 2001-08-17 20:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys 2007-12-18 18:46 . 2001-08-23 17:47 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe 2007-12-18 18:44 . 2004-08-19 16:09 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll 2007-12-18 18:43 . 2004-08-19 16:09 154,112 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe 2007-12-18 18:43 . 2004-08-03 23:00 87,424 --a--c--- C:\WINDOWS\system32\dllcache\irda.sys 2007-12-18 18:43 . 2004-08-03 23:08 40,832 --a--c--- C:\WINDOWS\system32\dllcache\irbus.sys 2007-12-18 18:43 . 2004-08-19 16:09 28,160 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll 2007-12-18 18:43 . 2001-08-17 21:49 26,624 --a--c--- C:\WINDOWS\system32\dllcache\irstusb.sys 2007-12-18 18:43 . 2001-08-17 21:49 23,552 --a--c--- C:\WINDOWS\system32\dllcache\irmk7.sys 2007-12-18 18:43 . 2001-08-17 21:51 18,688 --a--c--- C:\WINDOWS\system32\dllcache\irsir.sys 2007-12-18 18:43 . 2004-08-19 16:10 16,384 --a--c--- C:\WINDOWS\system32\dllcache\ipsink.ax 2007-12-18 18:42 . 2001-08-23 17:46 462,848 --a--c--- C:\WINDOWS\system32\dllcache\a3dapi.dll 2007-12-18 18:42 . 2004-08-03 22:32 231,552 --a--c--- C:\WINDOWS\system32\dllcache\ac97ali.sys 2007-12-18 18:42 . 2001-08-17 20:20 96,256 --a--c--- C:\WINDOWS\system32\dllcache\ac97intc.sys 2007-12-18 18:42 . 2001-08-23 17:46 38,400 --a--c--- C:\WINDOWS\system32\dllcache\8514a.dll 2007-12-18 18:42 . 2001-08-17 21:52 23,552 --a--c--- C:\WINDOWS\system32\dllcache\abp480n5.sys 2007-12-18 18:24 . 2007-12-18 18:24 20 --a------ C:\WINDOWS\twain.dat 2007-12-18 18:21 . 2007-12-18 18:40 <REP> d-------- C:\I386 2007-12-18 17:43 . 2001-08-23 17:46 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll 2007-12-18 09:43 . 2007-12-18 09:44 <REP> d-------- C:\Documents and Settings\All Users\Anyplace Control 4 2007-12-18 02:09 . 2007-12-18 07:20 <REP> d-------- C:\__eetemp 2007-12-17 21:36 . 2007-12-20 18:03 <REP> d-------- C:\Program Files\MSN Messenger 2007-12-17 18:26 . 2007-12-17 18:27 <REP> d-------- C:\Qoofix 2007-12-17 18:13 . 2007-12-17 18:13 85,635 --a------ C:\Qoofix.zip 2007-12-17 16:26 . 2007-12-20 18:30 24 --a------ C:\WINDOWS\ShellIcon32.dll 2007-12-17 16:25 . 2007-12-20 18:30 <REP> d-------- C:\Program Files\Anyplace Control 4 2007-12-17 16:25 . 2007-12-17 16:25 47 --a------ C:\WINDOWS\anyplace-control.ini 2007-12-16 23:31 . 2007-12-17 09:14 <REP> d-------- C:\Documents and Settings\Administrateur\.housecall6.6 2007-12-16 19:53 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-12-16 19:51 . 2007-12-16 19:51 <REP> d-------- C:\Program Files\Fichiers communs\Java 2007-12-16 12:06 . 2007-12-16 12:06 <REP> d-------- C:\Program Files\HREFTools 2007-12-15 21:05 . 2007-12-15 21:05 <REP> d-------- C:\fsaua.data 2007-12-15 18:51 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-12-15 18:51 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-12-15 18:51 . 2007-12-13 19:40 77,824 --a------ C:\WINDOWS\system32\IEDFix.exe 2007-12-15 18:51 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-12-15 18:51 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-12-15 18:51 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-12-15 16:09 . 2007-12-15 16:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2007-12-15 16:05 . 2007-12-15 16:05 <REP> d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2 2007-12-15 16:04 . 2007-12-15 23:21 <REP> d-------- C:\Documents and Settings\Administrateur\SecurityScans 2007-12-15 15:43 . 2007-12-17 15:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic 2007-12-15 15:12 . 2007-12-15 15:12 <REP> d-------- C:\Program Files\Shavlik Technologies 2007-12-15 14:54 . 2007-12-15 14:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{DD33F2FB-A420-45C0-9477-4F59487EFF1F} 2007-12-15 13:29 . 1996-05-03 23:05 28,672 --a------ C:\WINDOWS\system32\MSGHOO32.OCX 2007-12-15 13:28 . 1998-04-24 01:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll 2007-12-15 13:25 . 2007-12-20 12:54 <REP> d-------- C:\WINDOWS\system32\CatRoot2 2007-12-15 12:59 . 2007-12-15 12:59 <REP> d-------- C:\Program Files\Impact Software LLC 2007-12-14 11:52 . 2007-12-14 11:52 <REP> d-------- C:\VundoFix Backups 2007-12-14 10:37 . 2007-12-14 10:37 <REP> d-------- C:\Program Files\Kill Process 2007-12-12 21:19 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-12-12 21:19 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2007-12-12 21:19 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2007-12-12 19:25 . 2007-12-12 19:25 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-12-12 19:20 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2007-12-12 19:18 . 2007-12-12 19:18 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2007-12-12 18:51 . 2007-12-12 19:20 <REP> d-------- C:\Program Files\Windows Live 2007-12-12 18:51 . 2007-12-12 18:55 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2007-12-12 18:51 . 2007-12-17 22:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-12-11 17:41 . 2007-12-15 13:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan 2007-12-11 14:32 . 2007-12-11 14:32 <REP> d-------- C:\Documents and Settings\LocalService\Menu D‚marrer 2007-12-11 12:18 . 2007-12-11 12:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-12-10 21:44 . 2007-12-10 21:44 <REP> d-------- C:\Program Files\Smart Projects 2007-12-08 09:06 . 2007-12-08 09:08 <REP> d-------- C:\Program Files\Bandwidth Monitor Pro 2007-12-08 09:06 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe 2007-12-04 08:17 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-12-01 14:52 . 2007-12-01 16:03 <REP> d-------- C:\Program Files\mp3Tag 5 2007-11-25 23:43 . 2007-11-25 23:43 245,408 --a------ C:\WINDOWS\system32\unicows.dll 2007-11-25 11:17 . 2007-12-15 13:39 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\BitTorrent 2007-11-25 11:16 . 2007-11-25 11:17 <REP> d-------- C:\Program Files\BitTorrent 2007-11-23 13:28 . 2007-11-23 13:28 <REP> d-------- C:\Program Files\PalickSoft   . ((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-20 14:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-18 16:40 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-17 00:53 --------- d-----w C:\Program Files\Java 2007-12-15 17:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2007-12-15 17:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7 2007-12-13 23:51 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Skype 2007-12-13 23:04 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\AVG7 2007-12-11 17:18 --------- d-----w C:\Program Files\Lavasoft 2007-12-08 17:55 --------- d-----w C:\Program Files\NetLimiter 2 Pro 2007-12-03 21:43 --------- d-----w C:\Program Files\Shareaza 2007-12-01 20:18 --------- d-----w C:\Program Files\Winamp 2007-11-17 15:38 --------- d-----w C:\Program Files\iTunes 2007-11-17 15:38 --------- d-----w C:\Program Files\iPod 2007-11-17 15:36 --------- d-----w C:\Program Files\QuickTime 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-09 23:52 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\BearShare 2007-11-07 13:05 --------- d-----w C:\Program Files\BearFlix 2007-11-07 12:18 --------- d-----w C:\Program Files\BearShare Applications 2007-11-04 17:26 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-11-04 13:33 --------- d-----w C:\Program Files\Mortal Kombat 4 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-28 17:42 --------- d-----w C:\Program Files\WinLemm 2007-10-28 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-10-25 14:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-24 06:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll 2007-10-24 06:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll 2007-10-24 06:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll 2007-10-24 06:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll 2007-10-23 22:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR 2007-10-23 01:57 94,208 ----a-w C:\WINDOWS\DIIUnin.exe 2007-10-21 19:41 --------- d-----w C:\Program Files\The GodFather 2007-10-21 19:04 --------- d-----w C:\Program Files\My Video Downloader 2007-10-21 19:03 --------- d-----w C:\Program Files\Ripp-it_AM 2007-10-21 19:03 --------- d-----w C:\Program Files\ProFF-Morse-3 2007-10-21 19:01 --------- d-----w C:\Program Files\VideoLAN 2007-10-21 19:01 --------- d-----w C:\Program Files\RSHUT Pro 2007-10-21 18:57 --------- d-----w C:\Program Files\ABF software 2007-10-21 18:21 --------- d-----w C:\Program Files\windirstat 2007-10-21 12:05 --------- d-----w C:\Program Files\Fichiers communs\DVDVIDEOSOFT 2007-05-08 19:53 19,560 -c--a-w C:\Documents and Settings\Administrateur\Application Data\GDIPFONTCACHEV1.DAT 2007-03-25 13:55 434,688 -c--a-w C:\WINDOWS\system32\config\systemprofile\dpy.exe 2007-03-25 13:52 737,280 -c--a-w C:\WINDOWS\system32\config\systemprofile\irsetup.exe 2004-10-12 16:14 57,344 -c--a-w C:\WINDOWS\system32\config\systemprofile\InstHelp.dll 2004-10-12 16:14 57,344 -c--a-w C:\Documents and Settings\Default User\InstHelp.dll 2004-10-12 16:14 57,344 -c--a-w C:\Documents and Settings\Administrateur\InstHelp.dll .   (((((((((((((((((((((((((((((((((   Point de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s   [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:09] "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2005-03-13 18:37]   [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ    scecli scecli   [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^MagicDisc.lnk] backup=C:\WINDOWS\pss\MagicDisc.lnkStartup   [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk] backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray] 2007-12-11 19:28 87392 --a------ C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bandwidth Monitor Pro]    C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe /minimized     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2005-10-28 21:25 94208 --a--c--- C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ButtonMonitor]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\combofix]    C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch] 2002-03-19 17:30 45632 --a--c--- C:\WINDOWS\system32\taskswitch.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2004-08-19 15:09 15360 --a------ C:\WINDOWS\system32\ctfmon.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FolderSizeMonitor]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq.com]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2007-11-15 13:11 267048 --a------ C:\Program Files\iTunes\iTunesHelper.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection] 2001-11-29 00:00 28672 --a--c--- C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keep download]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]    Logi_MwX.Exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]    MMTray.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray2K]    MMTray2k.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTrayLSI]    MMTrayLSI.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 10:50 155648 --a--c--- C:\WINDOWS\system32\NeroCheck.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Save and Restore] 2006-03-03 20:36 1582744 --a--c--- C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPitstop Optimize Registration Reminder]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]    C:\Program Files\QuickTime\qttask.exe -atboottime     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ServUTrayIcon]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza Turbo Accelerator]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]    C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundService]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe] 2005-03-13 18:37 1057280 --a--c--- C:\Program Files\SuperCopier2\SuperCopier2.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Memory Card Detector]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] 2000-05-11 00:00 90112 -----c--- C:\WINDOWS\UpdReg.EXE     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] 2005-02-16 10:06 218112 --a------ f:\progs\hijackthis\hijackthis.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VFSCache]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Videora]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]    CTHELPER.EXE     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winehq.org]   [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "bcserver"=2 (0x2) "Serv-U"=2 (0x2) "SandraTheSrv"=3 (0x3) "SandraDataSrv"=3 (0x3) "FTService"=2 (0x2) "cmdService"=2 (0x2) "Network Monitor"=2 (0x2) "VundoFixSvc"=3 (0x3) "AVG Anti-Spyware Guard"=3 (0x3) "NSCService"=3 (0x3) "Norton Save and Restore"=2 (0x2) "NetChkPatch"=2 (0x2) "usnjsvc"=3 (0x3) "MDM"=2 (0x2) "LiveUpdate"=2 (0x2) "CCALib8"=2 (0x2) "Avg7UpdSvc"=3 (0x3) "Avg7Alrt"=2 (0x2) "AgentInstallationService"=2 (0x2) "aawservice"=2 (0x2) "HDDTService"=2 (0x2) "avast! Web Scanner"=3 (0x3) "avast! Mail Scanner"=3 (0x3) "avast! Antivirus"=3 (0x3) "aswUpdSv"=3 (0x3) "PRTG4Service"=2 (0x2) "WLSetupSvc"=3 (0x3) "nlsvc"=2 (0x2) "srvRSU"=2 (0x2) "HFNetChkProSvc"=2 (0x2) "AntiVirService"=2 (0x2) "AntiVirScheduler"=2 (0x2)   R1 cpuidlep;CpuIdle Pro System Driver;C:\WINDOWS\system32\drivers\cpuidlep.sys [1999-11-16 07:48] R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2006-09-13 17:01] R1 V2IMount;V2IMount;C:\WINDOWS\system32\drivers\V2IMount.sys [2006-03-03 20:36] R2 APC-Host;APC-Host;C:\Program Files\Anyplace Control 4\apc_host.exe /service [] R3 SMC1211;SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver;C:\WINDOWS\system32\DRIVERS\SMC1211.SYS [2001-07-11 10:06] S3 EverestDriver;Lavalys EVEREST Kernel Driver;F:\Progs\Everest\kerneld.wnt [2006-12-14 22:42] S4 Norton Save and Restore;Norton Save and Restore;C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe [2006-03-03 20:36]   . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2007-12-17 13:00:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . **************************************************************************   catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-20 18:54:53 Windows 5.1.2600 Service Pack 2 NTFS   scanning hidden processes ...   scanning hidden autostart entries ...   scanning hidden files ...   scan completed successfully   hidden files: 0     ************************************************************************** . Completion time: 2007-12-20 18:55:50 - machine was rebooted C:\ComboFix2.txt ... 2007-12-19 19:42 C:\ComboFix3.txt ... 2007-12-19 19:18 . 2007-12-20 00:20:13 --- E O F ---       Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:57:48, on 2007-12-20 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal   Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Anyplace Control 4\apc_host.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\No-IP\DUC20.exe C:\Program Files\No-IP\DUC20.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\Administrateur\Bureau\HiJackThis\Sim.exe   R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =   R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =   R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =   O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Powermarks - {E166B4A2-83E7-11D3-B4FD-004005A47AAA} - C:\PROGRA~1\POWERM~1.5\iec.dll O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O14 - IERESET.INF: START_PAGE_URL=http://www.cyberpresse.ca/ O15 - Trusted Zone: http://www.secuser.com O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/control [...] oader3.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/re [...] oscan8.cab O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{71D3F6CB-C4F7-4F09-8A20-8B7612E2DE42}: NameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{71D3F6CB-C4F7-4F09-8A20-8B7612E2DE42}: NameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{71D3F6CB-C4F7-4F09-8A20-8B7612E2DE42}: NameServer = 192.168.1.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: APC-Host - Anyplace Control Software - C:\Program Files\Anyplace Control 4\apc_host.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe   -- End of file - 5584 bytes

chercheur_

Bonjour   On continue     Copie (Ctrl+C) le texte ci-dessous :   File:: C:\WINDOWS\system32\bayay.bak1   C:\WINDOWS\system32\bayay.bak2   C:\WINDOWS\system32\bayay.ini2     Folder:: C:\Documents and Settings\Administrateur\Application Data\WinButler   C:\Documents and Settings\All Users\Application Data\Fast Warn Ooze Info C:\Program Files\Evidence Eliminator C:\Program Files\NetMeter C:\Documents and Settings\Administrateur\Application Data\a?sembly   C:\Documents and Settings\Administrateur\Application Data\A?pPatch   C:\Documents and Settings\Administrateur\Application Data\F?nts   C:\Documents and Settings\Administrateur\Application Data\F?nts   C:\Documents and Settings\Administrateur\Application Data\MPEGFLAWBAIT   C:\Documents and Settings\Administrateur\Application Data\M?crosoft   C:\Documents and Settings\Administrateur\Application Data\M?crosoft.NET   C:\Documents and Settings\Administrateur\Application Data\s?curity   C:\Documents and Settings\Administrateur\Application Data\S?mantec   C:\Documents and Settings\Administrateur\Application Data\s?mbols   C:\Documents and Settings\Administrateur\Application Data\s?stem   C:\Documents and Settings\Administrateur\Application Data\s?stem32   C:\Documents and Settings\Administrateur\Application Data\T?sks   C:\Documents and Settings\Administrateur\Application Data\W?nSxS   C:\Documents and Settings\Administrateur\Application Data\?dobe   C:\Documents and Settings\Administrateur\Application Data\?ppPatch   C:\Documents and Settings\Administrateur\Application Data\??pPatch   C:\Documents and Settings\Administrateur\Application Data\?icrosoft   C:\Documents and Settings\Administrateur\Application Data\?icrosoft.NET   C:\Documents and Settings\Administrateur\Application Data\??crosoft   C:\Documents and Settings\Administrateur\Application Data\??crosoft.NET   C:\Documents and Settings\Administrateur\Application Data\?racle   C:\Documents and Settings\Administrateur\Application Data\?asks   C:\Documents and Settings\Administrateur\Application Data\??sks   C:\Documents and Settings\Administrateur\Application Data\?dobe   C:\Documents and Settings\Administrateur\Application Data\?ppPatch   C:\Documents and Settings\Administrateur\Application Data\?ssembly   C:\Documents and Settings\Administrateur\Application Data\??sembly   C:\Documents and Settings\Administrateur\Application Data\??pPatch   C:\Documents and Settings\Administrateur\Application Data\?ecurity   C:\Documents and Settings\Administrateur\Application Data\?ymantec   C:\Documents and Settings\Administrateur\Application Data\?ymbols   C:\Documents and Settings\Administrateur\Application Data\?ystem   C:\Documents and Settings\Administrateur\Application Data\?ystem32   C:\Documents and Settings\Administrateur\Application Data\??curity   C:\Documents and Settings\Administrateur\Application Data\??mantec   C:\Documents and Settings\Administrateur\Application Data\??mbols   C:\Documents and Settings\Administrateur\Application Data\??stem   C:\Documents and Settings\Administrateur\Application Data\??stem32   C:\Documents and Settings\Administrateur\Application Data\?icrosoft   C:\Documents and Settings\Administrateur\Application Data\?icrosoft.NET   C:\Documents and Settings\Administrateur\Application Data\??crosoft   C:\Documents and Settings\Administrateur\Application Data\?racle   C:\Documents and Settings\Administrateur\Application Data\?asks   C:\Documents and Settings\Administrateur\Application Data\??sks   C:\Documents and Settings\All Users\Application Data\Fast Warn Ooze Info   C:\Program Files\a?sembly   C:\Program Files\A?pPatch   C:\Program Files\F?nts   C:\Program Files\MPEGFLAWBAIT   C:\Program Files\M?crosoft   C:\Program Files\M?crosoft.NET   C:\Program Files\s?curity   C:\Program Files\S?mantec   C:\Program Files\s?mbols   C:\Program Files\s?stem   C:\Program Files\s?stem32   C:\Program Files\T?sks   C:\Program Files\W?nSxS   C:\Program Files\?dobe   C:\Program Files\?ppPatch   C:\Program Files\??pPatch   C:\Program Files\?icrosoft   C:\Program Files\?icrosoft.NET   C:\Program Files\??crosoft   C:\Program Files\??crosoft.NET   C:\Program Files\?racle   C:\Program Files\?asks   C:\Program Files\??sks   C:\Program Files\?dobe   C:\Program Files\?ppPatch   C:\Program Files\?ssembly   C:\Program Files\??sembly   C:\Program Files\??pPatch   C:\Program Files\?ecurity   C:\Program Files\?ymantec   C:\Program Files\?ymbols   C:\Program Files\?ystem   C:\Program Files\?ystem32   C:\Program Files\??curity   C:\Program Files\??mantec   C:\Program Files\??mbols   C:\Program Files\??stem   C:\Program Files\??stem32   C:\Program Files\?icrosoft   C:\Program Files\?icrosoft.NET   C:\Program Files\??crosoft   C:\Program Files\??crosoft.NET   C:\Program Files\?racle   C:\Program Files\?asks   C:\Program Files\??sks     Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\NetMeter]   [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drvsyskit]     [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evidence Eliminator]     [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hldrrr]   [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Lsass Service]   [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooze info 4 shim]   [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\p2p networking]   [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6w]   [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinButler]       [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFlyer32.dll]   [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop]   [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch]   Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié. Sauvegarde ce fichier sous le nom de CFScript.txt   http://img.photobucket.com/albums/ [...] Script.gif     Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide. Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal! Ne touche à rien tant que le scan n'est pas terminé. Une fois le scan achevé, un rapport va s'afficher: poste son contenu avec un nouveau Hijackthis. Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Simouel

Youpiiiiiiiiii ça a marché...   voici le log   ComboFix 07-12-19.2 - Administrateur 2007-12-18 18:54:32.15 - NTFSx86 MINIMAL Microsoft Windows XP Professionnel  5.1.2600.2.1252.1.1036.18.608 [GMT -5:00] Running from: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe .   ((((((((((((((((((((((((((((((((((((   Autres suppressions   )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\WINDOWS\system32\Cache C:\WINDOWS\system32\dn20212563.dat C:\WINDOWS\system32\NTSVC.ocx C:\WINDOWS\system32\pskill.exe C:\WINDOWS\wr.txt   . (((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))   . -------\LEGACY_CMDSERVICE -------\LEGACY_CORE -------\LEGACY_DOMAINSERVICE -------\LEGACY_M_HOOK -------\LEGACY_NETWORK_MONITOR                                 -------\poof     (((((((((((((((((((((((((((((   Fichiers cr‚‚s 2007-11-20 to 2007-12-20  )))))))))))))))))))))))))))))))))))) .   2007-12-19 19:14 . 2007-12-19 19:14 <REP> d-------- C:\WINDOWS\LastGood 2007-12-18 18:46 . 2004-08-19 16:09 116,736 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll 2007-12-18 18:46 . 2001-08-23 17:47 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe 2007-12-18 18:46 . 2001-08-23 17:47 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll 2007-12-18 18:46 . 2001-08-23 17:47 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll 2007-12-18 18:46 . 2001-08-17 20:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys 2007-12-18 18:46 . 2001-08-23 17:47 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe 2007-12-18 18:44 . 2004-08-19 16:09 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll 2007-12-18 18:43 . 2004-08-19 16:09 154,112 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe 2007-12-18 18:43 . 2004-08-03 23:00 87,424 --a--c--- C:\WINDOWS\system32\dllcache\irda.sys 2007-12-18 18:43 . 2004-08-03 23:08 40,832 --a--c--- C:\WINDOWS\system32\dllcache\irbus.sys 2007-12-18 18:43 . 2004-08-19 16:09 28,160 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll 2007-12-18 18:43 . 2001-08-17 21:49 26,624 --a--c--- C:\WINDOWS\system32\dllcache\irstusb.sys 2007-12-18 18:43 . 2001-08-17 21:49 23,552 --a--c--- C:\WINDOWS\system32\dllcache\irmk7.sys 2007-12-18 18:43 . 2001-08-17 21:51 18,688 --a--c--- C:\WINDOWS\system32\dllcache\irsir.sys 2007-12-18 18:43 . 2004-08-19 16:10 16,384 --a--c--- C:\WINDOWS\system32\dllcache\ipsink.ax 2007-12-18 18:42 . 2001-08-23 17:46 462,848 --a--c--- C:\WINDOWS\system32\dllcache\a3dapi.dll 2007-12-18 18:42 . 2004-08-03 22:32 231,552 --a--c--- C:\WINDOWS\system32\dllcache\ac97ali.sys 2007-12-18 18:42 . 2001-08-17 20:20 96,256 --a--c--- C:\WINDOWS\system32\dllcache\ac97intc.sys 2007-12-18 18:42 . 2001-08-23 17:46 38,400 --a--c--- C:\WINDOWS\system32\dllcache\8514a.dll 2007-12-18 18:42 . 2001-08-17 21:52 23,552 --a--c--- C:\WINDOWS\system32\dllcache\abp480n5.sys 2007-12-18 18:24 . 2007-12-18 18:24 20 --a------ C:\WINDOWS\twain.dat 2007-12-18 18:21 . 2007-12-18 18:40 <REP> d-------- C:\I386 2007-12-18 17:43 . 2001-08-23 17:46 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll 2007-12-18 09:43 . 2007-12-18 09:44 <REP> d-------- C:\Documents and Settings\All Users\Anyplace Control 4 2007-12-18 02:09 . 2007-12-18 07:20 <REP> d-------- C:\__eetemp 2007-12-17 21:36 . 2007-12-18 17:26 <REP> d-------- C:\Program Files\MSN Messenger 2007-12-17 18:26 . 2007-12-17 18:27 <REP> d-------- C:\Qoofix 2007-12-17 18:13 . 2007-12-17 18:13 85,635 --a------ C:\Qoofix.zip 2007-12-17 16:26 . 2007-12-18 18:24 24 --a------ C:\WINDOWS\ShellIcon32.dll 2007-12-17 16:25 . 2007-12-18 18:24 <REP> d-------- C:\Program Files\Anyplace Control 4 2007-12-17 16:25 . 2007-12-17 16:25 47 --a------ C:\WINDOWS\anyplace-control.ini 2007-12-16 23:31 . 2007-12-17 09:14 <REP> d-------- C:\Documents and Settings\Administrateur\.housecall6.6 2007-12-16 19:53 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-12-16 19:51 . 2007-12-16 19:51 <REP> d-------- C:\Program Files\Fichiers communs\Java 2007-12-16 12:06 . 2007-12-16 12:06 <REP> d-------- C:\Program Files\HREFTools 2007-12-15 21:05 . 2007-12-15 21:05 <REP> d-------- C:\fsaua.data 2007-12-15 18:51 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-12-15 18:51 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-12-15 18:51 . 2007-12-13 19:40 77,824 --a------ C:\WINDOWS\system32\IEDFix.exe 2007-12-15 18:51 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-12-15 18:51 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-12-15 18:51 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-12-15 16:23 . 2007-12-15 16:23 <REP> d-------- C:\Program Files\HfNetChk 2007-12-15 16:09 . 2007-12-15 16:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2007-12-15 16:05 . 2007-12-15 16:05 <REP> d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2 2007-12-15 16:04 . 2007-12-15 23:21 <REP> d-------- C:\Documents and Settings\Administrateur\SecurityScans 2007-12-15 15:43 . 2007-12-17 15:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic 2007-12-15 15:12 . 2007-12-15 15:12 <REP> d-------- C:\Program Files\Shavlik Technologies 2007-12-15 14:54 . 2007-12-15 14:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{DD33F2FB-A420-45C0-9477-4F59487EFF1F} 2007-12-15 13:29 . 1996-05-03 23:05 28,672 --a------ C:\WINDOWS\system32\MSGHOO32.OCX 2007-12-15 13:28 . 1998-04-24 01:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll 2007-12-15 13:25 . 2007-12-19 19:15 <REP> d-------- C:\WINDOWS\system32\CatRoot2 2007-12-15 12:59 . 2007-12-15 12:59 <REP> d-------- C:\Program Files\Impact Software LLC 2007-12-14 11:52 . 2007-12-14 11:52 <REP> d-------- C:\VundoFix Backups 2007-12-14 10:37 . 2007-12-14 10:37 <REP> d-------- C:\Program Files\Kill Process 2007-12-12 21:19 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-12-12 21:19 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2007-12-12 21:19 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2007-12-12 19:25 . 2007-12-12 19:25 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-12-12 19:20 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2007-12-12 19:18 . 2007-12-12 19:18 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2007-12-12 18:51 . 2007-12-12 19:20 <REP> d-------- C:\Program Files\Windows Live 2007-12-12 18:51 . 2007-12-12 18:55 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2007-12-12 18:51 . 2007-12-17 22:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-12-11 17:41 . 2007-12-15 13:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan 2007-12-11 14:32 . 2007-12-11 14:32 <REP> d-------- C:\Documents and Settings\LocalService\Menu D‚marrer 2007-12-11 12:18 . 2007-12-11 12:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-12-11 09:41 . 2007-12-11 09:42 <REP> d-------- C:\Program Files\PRTG Traffic Grapher 4 2007-12-11 09:37 . 2007-12-11 09:37 <REP> d-------- C:\Program Files\MPEGFLAWBAIT 2007-12-11 09:37 . 2007-12-11 09:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Fast Warn Ooze Info 2007-12-11 09:37 . 2007-12-11 17:46 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\MPEGFLAWBAIT 2007-12-10 21:44 . 2007-12-10 21:44 <REP> d-------- C:\Program Files\Smart Projects 2007-12-08 09:06 . 2007-12-08 09:08 <REP> d-------- C:\Program Files\Bandwidth Monitor Pro 2007-12-08 09:06 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe 2007-12-04 08:17 . 2007-12-04 08:17 <REP> d-------- C:\Program Files\Alwil Software 2007-12-04 08:17 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-12-04 08:13 . 2007-12-11 12:26 <REP> d-------- C:\Program Files\RegCure 2007-12-01 16:07 . 2007-12-01 16:11 <REP> d-------- C:\Program Files\CD to MP3 Ripper 2007-12-01 14:52 . 2007-12-01 16:03 <REP> d-------- C:\Program Files\mp3Tag 5 2007-11-25 23:43 . 2007-11-25 23:43 245,408 --a------ C:\WINDOWS\system32\unicows.dll 2007-11-25 11:17 . 2007-12-15 13:39 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\BitTorrent 2007-11-25 11:16 . 2007-11-25 11:17 <REP> d-------- C:\Program Files\BitTorrent 2007-11-23 13:28 . 2007-11-23 13:28 <REP> d-------- C:\Program Files\PalickSoft   . ((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-18 16:40 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-17 00:53 --------- d-----w C:\Program Files\Java 2007-12-15 18:29 --------- d-----w C:\Program Files\Evidence Eliminator 2007-12-15 17:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2007-12-15 17:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7 2007-12-13 23:51 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Skype 2007-12-13 23:04 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\AVG7 2007-12-11 17:18 --------- d-----w C:\Program Files\Lavasoft 2007-12-11 17:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-08 17:55 --------- d-----w C:\Program Files\NetLimiter 2 Pro 2007-12-06 21:16 --------- d-----w C:\Program Files\NetMeter 2007-12-03 21:43 --------- d-----w C:\Program Files\Shareaza 2007-12-01 20:18 --------- d-----w C:\Program Files\Winamp 2007-11-17 15:38 --------- d-----w C:\Program Files\iTunes 2007-11-17 15:38 --------- d-----w C:\Program Files\iPod 2007-11-17 15:36 --------- d-----w C:\Program Files\QuickTime 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-09 23:52 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\BearShare 2007-11-07 13:05 --------- d-----w C:\Program Files\BearFlix 2007-11-07 12:18 --------- d-----w C:\Program Files\BearShare Applications 2007-11-04 17:26 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-11-04 13:33 --------- d-----w C:\Program Files\Mortal Kombat 4 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-28 17:42 --------- d-----w C:\Program Files\WinLemm 2007-10-28 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-10-25 14:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-24 06:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll 2007-10-24 06:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll 2007-10-24 06:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll 2007-10-24 06:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll 2007-10-23 22:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR 2007-10-23 01:57 94,208 ----a-w C:\WINDOWS\DIIUnin.exe 2007-10-21 19:41 --------- d-----w C:\Program Files\The GodFather 2007-10-21 19:04 --------- d-----w C:\Program Files\My Video Downloader 2007-10-21 19:04 --------- d-----w C:\Program Files\jv16 PowerTools 2005 2007-10-21 19:03 --------- d-----w C:\Program Files\Ripp-it_AM 2007-10-21 19:03 --------- d-----w C:\Program Files\ProFF-Morse-3 2007-10-21 19:01 --------- d-----w C:\Program Files\VideoLAN 2007-10-21 19:01 --------- d-----w C:\Program Files\RSHUT Pro 2007-10-21 18:57 --------- d-----w C:\Program Files\ABF software 2007-10-21 18:21 --------- d-----w C:\Program Files\windirstat 2007-10-21 14:44 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\WinButler 2007-10-21 12:05 --------- d-----w C:\Program Files\Fichiers communs\DVDVIDEOSOFT 2007-05-08 19:53 19,560 -c--a-w C:\Documents and Settings\Administrateur\Application Data\GDIPFONTCACHEV1.DAT 2007-03-25 13:55 434,688 -c--a-w C:\WINDOWS\system32\config\systemprofile\dpy.exe 2007-03-25 13:52 737,280 -c--a-w C:\WINDOWS\system32\config\systemprofile\irsetup.exe 2004-10-12 16:14 57,344 -c--a-w C:\WINDOWS\system32\config\systemprofile\InstHelp.dll 2004-10-12 16:14 57,344 -c--a-w C:\Documents and Settings\Default User\InstHelp.dll 2004-10-12 16:14 57,344 -c--a-w C:\Documents and Settings\Administrateur\InstHelp.dll 2007-07-17 23:56 1,199,874 -csh--w C:\WINDOWS\system32\bayay.bak1 2007-07-19 22:44 1,184,702 -csh--w C:\WINDOWS\system32\bayay.bak2 2007-07-19 23:02 1,188,553 -csh--w C:\WINDOWS\system32\bayay.ini2 .   (((((((((((((((((((((((((((((((((   Point de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s   [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09]   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]   [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:09] "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2005-03-13 18:37]   [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ    scecli scecli   [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^MagicDisc.lnk] backup=C:\WINDOWS\pss\MagicDisc.lnkStartup   [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk] backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray] 2007-12-11 19:28 87392 --a------ C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe /min     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bandwidth Monitor Pro]    C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe /minimized     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2005-10-28 21:25 94208 --a--c--- C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ButtonMonitor]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\NetMeter]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\NetMeter\NetMeter.exe] 2007-06-02 19:49 330240 --a------ C:\Program Files\NetMeter\NetMeter.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\combofix]    C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch] 2002-03-19 17:30 45632 --a--c--- C:\WINDOWS\system32\taskswitch.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2004-08-19 15:09 15360 --a------ C:\WINDOWS\system32\ctfmon.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drvsyskit]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evidence Eliminator]    C:\Program Files\Evidence Eliminator\ee.exe /m     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FolderSizeMonitor]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hldrrr]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq.com]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2007-11-15 13:11 267048 --a------ C:\Program Files\iTunes\iTunesHelper.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection] 2001-11-29 00:00 28672 --a--c--- C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keep download]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]    Logi_MwX.Exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Lsass Service]    lsass2.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]    MMTray.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray2K]    MMTray2k.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTrayLSI]    MMTrayLSI.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mule_st_key]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 10:50 155648 --a--c--- C:\WINDOWS\system32\NeroCheck.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Save and Restore] 2006-03-03 20:36 1582744 --a--c--- C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooze info 4 shim] 2007-12-11 16:31 1165824 --a------ C:\Documents and Settings\All Users\Application Data\Fast Warn Ooze Info\Spam Phone.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\p2p networking]    p2pnetworking.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPitstop Optimize Registration Reminder]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]    C:\Program Files\QuickTime\qttask.exe -atboottime     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ServUTrayIcon] 2006-06-12 08:09 65536 --a--c--- C:\Program Files\RhinoSoft.com\Serv-U\ServUTray.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6w]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza Turbo Accelerator]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]    C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundService]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2007-08-31 16:46 1460560 --a------ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe] 2005-03-13 18:37 1057280 --a--c--- C:\Program Files\SuperCopier2\SuperCopier2.exe     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Memory Card Detector]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] 2000-05-11 00:00 90112 -----c--- C:\WINDOWS\UpdReg.EXE     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]    C:\WINDOWS\system32\dumprep 0 -u     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VFSCache]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Videora]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinButler]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]    CTHELPER.EXE     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winehq.org]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFlyer32.dll]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop]     [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch]   [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "bcserver"=2 (0x2) "Serv-U"=2 (0x2) "SandraTheSrv"=3 (0x3) "SandraDataSrv"=3 (0x3) "FTService"=2 (0x2) "DomainService"=2 (0x2)