Votre question

brave sentry

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
1 Juillet 2008 12:30:02

Bonjour!

Je sais il y a plusieurs sujets sur brave sentry mais je n'arrive à rien! j'ai beau faire ce qu'il y a marqué mon pc ne veut plus démarrer sauf en mode sans échec!

D'énervement j'ai supprimé tous les fichiers brave sentry et antivirus 2000 qui s'est également installer! Je ne suis pas très douée en informatique et j'ai vraiment besoin de votre aide!

Merci d'avance

Autres pages sur : brave sentry

1 Juillet 2008 12:35:26

Voici le rapport HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:03, on 01/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lyn\Local Settings\Temporary Internet Files\Content.IE5\3PALC3IR\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {154860E0-CD90-4118-B79A-E2B5EB7E4E1B} - C:\WINDOWS\system32\wvUkHYoN.dll
O2 - BHO: (no name) - {565e374a-23fd-4fa2-aed5-5209a37a544b} - C:\WINDOWS\system32\ddcDvtuT.dll
O2 - BHO: QuickTalk 2.1 - {a34fa88d-8437-4634-8a60-e913011ef2e5} - C:\DOCUME~1\Lyn\APPLIC~1\sp1\qaccess.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu27.exe 61A847B5BBF72810358B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKLM\..\Run: [System32] C:\WINDOWS\system32\winds32.exe
O4 - HKLM\..\Run: [lphcndpj0eecp] C:\WINDOWS\system32\lphcndpj0eecp.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Lyn\Local Settings\Application Data\cftmon.exe
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [DriveSystem] C:\WINDOWS\system32\maxpaynowti1.exe
O4 - HKLM\..\Run: [SystemDrive] C:\WINDOWS\system32\maxpaynow1.exe
O4 - HKLM\..\Run: [msdefender] C:\WINDOWS\system32\msdefender.exe
O4 - HKLM\..\Run: [advap32] "D:\Temp\7.tmp"/r
O4 - HKLM\..\Run: [f0c77075] rundll32.exe "C:\WINDOWS\system32\clgpiife.dll",b
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Lyn\Local Settings\Application Data\cftmon.exe
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [msvecurity] C:\WINDOWS\msvecurity.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
O4 - HKCU\..\Run: [run] regsvr32.exe /s "C:\Documents and Settings\Lyn\Application Data\sp1\qaccess.dll"
O4 - HKCU\..\Run: [Brave-Sentry] C:\Program Files\BraveSentry\BraveSentry.exe
O4 - HKCU\..\Run: [iexplorer] C:\WINDOWS\iexplorer.exe --system
O4 - HKCU\..\Run: [Service Pack 1] C:\WINDOWS\system32\vedxg6ame4.exe
O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [autoload] C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://camera1.mairie-brest.fr/activex/AMC.cab
O20 - Winlogon Notify: ddcDvtuT - C:\WINDOWS\SYSTEM32\ddcDvtuT.dll
O20 - Winlogon Notify: winzoa32 - C:\WINDOWS\SYSTEM32\winzoa32.dll
O21 - SSODL: XmFSv - {F0C770DB-5A6D-DA71-A5CE-49A6C1F9BB3F} - C:\WINDOWS\system32\yweptr.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: CcEvtSvc (ccevtsvc) - Unknown owner - C:\WINDOWS\System32\CcEvtSvc.exe
O23 - Service: FCI (fci) - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 6982 bytes
1 Juillet 2008 18:09:34

:hello:  Bonjour,

Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.
NB : Tu dois être connecté avec des droits d'Administrateur.
  • ferme toutes les applications et fenêtres
  • double-clique sur dss.exe pour le lancer et suis les instructions ci-dessous
    Attention, il est conseillé de stopper temporairement les logiciels résidents de protection (pare-feu, antivirus, etc.)
  • s'il s'agit d'une première utilisation ou d'une nouvelle version de DSS :
  • tu devras cliquer 2 fois sur le OK des boîtes de dialogue
    Attention, si tu tardes trop, la réponse Abandon sera automatiquement validée
  • quand le traitement est terminé (clique sur OK), deux fichiers texte s'affichent :
    main.txt <- ouvert en premier plan et en plein écran
    extra.txt <- ouvert en second plan et en fenêtré (regarde la barre des taches)
    S'il s'agit d'une utilisation supplémentaire de DSS :
  • tu n'auras pas de boîte de dialogue (pas de OK)
  • quand le traitement est terminé, un fichier texte s'affiche :
    main.txt <- ouvert en premier plan et en plein écran

  • copie (Ctrl+A puis Ctrl+C) et colle (Ctrl+V) le contenu de main.txt dans ton prochain post
  • copie de même le contenu de extra.txt dans ton prochain post, si tu as ce fichier (première utilisation)
  • n'oublie pas de réactiver les protections si elles ont été stoppées.



    Ce que fait DSS :
  • crée un point de restauration dans Windows XP et Vista
  • nettoie les fichiers temporaires, DPF-Downloaded Program Files et le Cache Internet, vide la Corbeille de tous les lecteurs
  • vérifie quelques zones importantes de ton système et établit un rapport pour examen par ton conseiller en sécurité. DSS lance automatiquement HijackThis pour toi; il va aussi créer un raccourci HijackThis sur ton Bureau si tu n'as pas déjà HijackThis d'installé.

    ;) 













    :hello:  Bonsoir,

    Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.
    NB : Tu dois être connecté avec des droits d'Administrateur.
  • ferme toutes les applications et fenêtres
  • double-clique sur dss.exe pour le lancer et suis les instructions ci-dessous
    Attention, il est conseillé de stopper temporairement les logiciels résidents de protection (pare-feu, antivirus, etc.)
  • s'il s'agit d'une première utilisation ou d'une nouvelle version de DSS :
  • tu devras cliquer 2 fois sur le OK des boîtes de dialogue
    Attention, si tu tardes trop, la réponse Abandon sera automatiquement validée
  • quand le traitement est terminé (clique sur OK), deux fichiers texte s'affichent :
    main.txt <- ouvert en premier plan et en plein écran
    extra.txt <- ouvert en second plan et en fenêtré (regarde la barre des taches)
    S'il s'agit d'une utilisation supplémentaire de DSS :
  • tu n'auras pas de boîte de dialogue (pas de OK)
  • quand le traitement est terminé, un fichier texte s'affiche :
    main.txt <- ouvert en premier plan et en plein écran

  • copie (Ctrl+A puis Ctrl+C) et colle (Ctrl+V) le contenu de main.txt dans ton prochain post
  • n'oublie pas de réactiver les protections si elles ont été stoppées.

    N.B : Je n'ai besoin que du contenu du fichier main.txt

    Ce que fait DSS :
  • crée un point de restauration dans Windows XP et Vista
  • nettoie les fichiers temporaires, DPF-Downloaded Program Files et le Cache Internet, vide la Corbeille de tous les lecteurs
  • vérifie quelques zones importantes de ton système et établit un rapport pour examen par ton conseiller en sécurité. DSS lance automatiquement HijackThis pour toi; il va aussi créer un raccourci HijackThis sur ton Bureau si tu n'as pas déjà HijackThis d'installé.

    ;) 
    Contenus similaires
    1 Juillet 2008 19:13:05

    ok je fais cela tout de suite! autre problème: j'ai un programme "antivirus xp 2008" qui s'est installé aussi...et je ne peux plus changer mon fond d'écran qui reste sur "warning spyware detecting on your computer"

    Merci beaucoup de votre aide!
    1 Juillet 2008 19:14:58

    voilà le fichier main.txt:

    Deckard's System Scanner v20071014.68
    Run by Lyn on 2008-07-01 19:09:26
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 2 Restore Point(s) --
    2: 2008-07-01 17:09:30 UTC - RP8 - Deckard's System Scanner Restore Point
    1: 2008-07-01 11:41:40 UTC - RP7 - Point de vérification système


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis Clone ------------------------------------------------------------


    Emulating logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2008-07-01 19:10:20
    Platform: Windows XP Service Pack 3 (5.01.2600)
    MSIE: Internet Explorer (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\system32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\WINDOWS\soundman.exe
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\WINDOWS\system32\lphcndpj0eecp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\rhcjdpj0eecp\rhcjdpj0eecp.exe
    C:\WINDOWS\system32\pphcndpj0eecp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Documents and Settings\Lyn\Bureau\dss.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
    O2 - BHO: (no name) - {ffc86435-2ddc-4323-b170-c5c99c6515ae} - C:\WINDOWS\system32\wvUkHYoN.dll (file missing)
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [lphcndpj0eecp] C:\WINDOWS\system32\lphcndpj0eecp.exe
    O4 - HKLM\..\Run: [f0c77075] rundll32.exe "C:\WINDOWS\system32\clgpiife.dll",b
    O4 - HKLM\..\Run: [SMrhcjdpj0eecp] C:\Program Files\rhcjdpj0eecp\rhcjdpj0eecp.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [msvecurity] C:\WINDOWS\msvecurity.exe
    O4 - HKCU\..\Run: [iexplorer] C:\WINDOWS\iexplorer.exe --system
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6561] command /c del "C:\Documents and Settings\Lyn\Menu Démarrer\Programmes\Brave-Sentry\Uninstall.lnk"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1144] cmd /c del "C:\Documents and Settings\Lyn\Menu Démarrer\Programmes\Brave-Sentry\Uninstall.lnk"
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://camera1.mairie-brest.fr/activex/AMC.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
    O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
    O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
    O20 - AppInit_DLLs: sockspy.dll
    O21 - SSODL: XmFSv - {F0C770DB-5A6D-DA71-A5CE-49A6C1F9BB3F} - C:\WINDOWS\system32\yweptr.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: SmartLinkService (SLService) - Unknown owner - C:\WINDOWS\system32\slserv.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe


    --
    End of file - 6729 bytes

    -- File Associations -----------------------------------------------------------

    .cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R0 sisidex - c:\windows\system32\drivers\sisidex.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
    R0 sisperf (Add Performance Filter Driver) - c:\windows\system32\drivers\sisperf.sys <Not Verified; Silicon Integrated Systems Corp.; SiS Filer Driver>
    R0 Vqi08 - c:\windows\system32\drivers\vqi08.sys

    S3 BDFsDrv - c:\program files\softwin\bitdefender10\bdfsdrv.sys (file missing)
    S3 BDRsDrv - c:\program files\softwin\bitdefender10\bdrsdrv.sys (file missing)
    S3 catchme - d:\temp\catchme.sys (file missing)


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 Irmon (Moniteur infrarouge) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


    -- Device Manager: Disabled ----------------------------------------------------

    No disabled devices found.


    -- Files created between 2008-06-01 and 2008-07-01 -----------------------------

    2008-07-01 13:51:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-07-01 13:47:35 0 d-------- C:\WINDOWS\pss
    2008-07-01 13:38:11 94208 --a------ C:\WINDOWS\system32\pphcndpj0eecp.exe
    2008-07-01 13:38:11 0 d-------- C:\Documents and Settings\Lyn\Application Data\rhcjdpj0eecp
    2008-07-01 13:37:54 0 d-------- C:\Program Files\rhcjdpj0eecp
    2008-07-01 13:29:01 0 d-------- C:\WINDOWS\ERUNT
    2008-07-01 13:20:51 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-07-01 11:57:53 0 dr-h----- C:\Documents and Settings\Lyn\Recent
    2008-07-01 11:53:57 86528 --a------ C:\WINDOWS\system32\clgpiife.dll
    2008-07-01 11:35:40 2883584 --a------ C:\Documents and Settings\Lyn\ntuser.dat
    2008-07-01 11:10:00 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
    2008-07-01 11:10:00 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-07-01 11:10:00 0 dr-h----- C:\Documents and Settings\Administrateur\SendTo
    2008-07-01 11:10:00 0 d--h----- C:\Documents and Settings\Administrateur\Recent
    2008-07-01 11:10:00 0 d--h----- C:\Documents and Settings\Administrateur\Modèles
    2008-07-01 11:10:00 0 d-------- C:\Documents and Settings\Administrateur\Mes documents
    2008-07-01 11:10:00 0 dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
    2008-07-01 11:10:00 0 d--h----- C:\Documents and Settings\Administrateur\Local Settings
    2008-07-01 11:10:00 0 d-------- C:\Documents and Settings\Administrateur\Favoris
    2008-07-01 11:10:00 0 d--hs---- C:\Documents and Settings\Administrateur\Cookies
    2008-07-01 11:10:00 0 d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-07-01 11:10:00 0 dr-h----- C:\Documents and Settings\Administrateur\Application Data
    2008-07-01 11:10:00 0 d---s---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
    2008-07-01 11:09:59 524288 --ah----- C:\Documents and Settings\Administrateur\ntuser.dat
    2008-07-01 11:03:08 40 --a------ C:\WINDOWS\file.bat
    2008-07-01 10:56:30 3730 --a------ C:\WINDOWS\system32\tmp.reg
    2008-07-01 10:56:02 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-07-01 10:56:02 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
    2008-07-01 10:56:02 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
    2008-07-01 10:56:02 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
    2008-07-01 10:56:02 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
    2008-07-01 10:56:02 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
    2008-07-01 10:56:02 51200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-07-01 10:56:02 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
    2008-07-01 10:46:31 2037 --ahs---- C:\WINDOWS\system32\NoYHkUvw.ini2
    2008-07-01 10:44:32 0 d-------- C:\WINDOWS\Torrents
    2008-07-01 10:42:19 30208 --a------ C:\WINDOWS\SysC.exe
    2008-07-01 10:34:05 94208 --a------ C:\WINDOWS\enpq.exe
    2008-07-01 10:33:27 60928 --a------ C:\WINDOWS\system32\blphcndpj0eecp.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
    2008-07-01 10:33:27 119296 --a------ C:\WINDOWS\msvecurity.exe
    2008-07-01 10:33:25 109056 --a------ C:\WINDOWS\system32\lphcndpj0eecp.exe
    2008-07-01 10:33:18 0 d-------- C:\Documents and Settings\Lyn\Application Data\sp1
    2008-07-01 10:33:15 90624 --a------ C:\WINDOWS\system32\ntpl.bin
    2008-07-01 10:32:55 65970 --a------ C:\WINDOWS\system32\drivers\55a36e68.sys
    2008-07-01 10:32:54 30208 --a------ C:\WINDOWS\system32\drivers\Vqi08.sys
    2008-07-01 10:32:54 30208 --a------ C:\WINDOWS\system32\drivers\Vqi08(3).sys
    2008-07-01 10:32:54 30208 --a------ C:\WINDOWS\system32\drivers\Vqi08(2).sys
    2008-06-30 09:16:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
    2008-06-30 09:16:37 0 d-------- C:\Documents and Settings\Lyn\Application Data\Azureus
    2008-06-29 19:54:55 0 dr-h----- C:\Documents and Settings\Lyn\Application Data\SecuROM
    2008-06-29 19:40:39 0 d-------- C:\Program Files\KONAMI
    2008-06-29 16:43:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
    2008-06-29 15:46:52 0 d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
    2008-06-29 15:41:10 25088 --a------ C:\WINDOWS\system32\urqPICur.dll
    2008-06-29 15:24:28 0 d-------- C:\Program Files\ahead
    2008-06-29 13:33:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems(2)
    2008-06-29 13:33:06 0 d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared(2)
    2008-06-23 18:51:16 0 d-------- C:\Program Files\Microsoft Works
    2008-06-23 18:51:10 0 d-------- C:\Program Files\MSBuild
    2008-06-23 18:46:56 0 d-------- C:\WINDOWS\SHELLNEW
    2008-06-23 18:46:13 0 dr-h----- C:\MSOCache
    2008-06-22 21:48:38 0 d-------- C:\Program Files\Axis Communications
    2008-06-22 17:15:22 0 d-------- C:\Program Files\Mojicon Installer
    2008-06-22 12:13:17 0 d-------- C:\Program Files\Microsoft Carioca
    2008-06-22 11:07:10 0 d-------- C:\Documents and Settings\Lyn\Application Data\Open Source Applications Foundation
    2008-06-20 23:06:03 0 d-------- C:\Documents and Settings\Lyn\Application Data\WinRAR
    2008-06-20 22:06:56 0 d-------- C:\Documents and Settings\Lyn\Application Data\vlc
    2008-06-20 22:05:49 0 d-------- C:\Program Files\VideoLAN
    2008-06-20 20:04:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-06-20 19:56:24 0 d-------- C:\Program Files\Messenger Plus! Live
    2008-06-20 19:18:34 0 d-------- C:\Documents and Settings\Lyn\Shared
    2008-06-20 19:18:33 0 d-------- C:\Documents and Settings\Lyn\Incomplete
    2008-06-20 19:18:16 0 d-------- C:\Documents and Settings\Lyn\Application Data\FrostWire
    2008-06-19 22:19:35 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-06-19 22:19:33 0 d-------- C:\Documents and Settings\Lyn\Application Data\DAEMON Tools
    2008-06-19 22:19:24 0 d-------- C:\Program Files\Windows Live Safety Center
    2008-06-19 20:54:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-06-19 20:51:05 0 d-------- C:\Program Files\Fichiers communs\PC SOFT
    2008-06-18 19:17:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
    2008-06-18 19:17:10 0 d-------- C:\Program Files\Fichiers communs\Adobe
    2008-06-18 19:08:03 0 d-------- C:\Program Files\Google
    2008-06-17 18:12:51 0 d-------- C:\Program Files\Azureus
    2008-06-17 18:12:19 0 d-------- C:\Program Files\FrostWire
    2008-06-17 17:53:47 0 d-------- C:\Documents and Settings\Lyn\Contacts
    2008-06-17 17:52:29 0 d------c- C:\WINDOWS\system32\DRVSTORE
    2008-06-17 17:50:06 0 d--hs--c- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-06-17 17:50:02 0 d-------- C:\Program Files\Windows Live
    2008-06-17 17:48:49 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-06-17 15:01:19 0 d-------- C:\Documents and Settings\Lyn\Application Data\Bitdefender
    2008-06-17 14:59:05 81984 --a------ C:\WINDOWS\system32\bdod.bin
    2008-06-17 14:53:46 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
    2008-06-17 14:51:57 0 d-------- C:\WINDOWS\Logs
    2008-06-17 14:33:19 0 d-------- C:\Documents and Settings\Lyn\Application Data\OpenOffice.org2
    2008-06-17 14:33:05 49152 --a------ C:\WINDOWS\system32\ChCfg.exe
    2008-06-17 14:32:47 0 d-------- C:\Program Files\Realtek AC97
    2008-06-17 14:31:50 0 d-------- C:\Program Files\OpenOffice.org 2.4
    2008-06-17 14:22:23 0 d-------- C:\Documents and Settings\Lyn\Application Data\Macromedia
    2008-06-17 14:22:23 0 d-------- C:\Documents and Settings\Lyn\Application Data\Adobe
    2008-06-17 14:04:13 0 d-------- C:\Program Files\QuickTime
    2008-06-17 14:04:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-06-17 14:04:02 0 d-------- C:\Program Files\Apple Software Update
    2008-06-17 14:04:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2008-06-17 13:53:39 0 d-------- C:\Program Files\Windows Media Connect 2
    2008-06-17 13:52:54 0 d-------- C:\Program Files\Java
    2008-06-17 13:52:34 0 d-------- C:\WINDOWS\system32\LogFiles
    2008-06-17 13:52:34 0 d-------- C:\WINDOWS\system32\drivers\UMDF
    2008-06-17 13:52:23 0 d-------- C:\Program Files\Fichiers communs\Java
    2008-06-17 13:46:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    2008-06-17 13:45:43 0 d-------- C:\WINDOWS\system32\PreInstall
    2008-06-17 13:43:52 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
    2008-06-17 13:43:07 0 d--hs---- C:\Documents and Settings\Lyn\UserData
    2008-06-17 13:41:50 0 d-------- C:\WINDOWS\Prefetch
    2008-06-17 13:11:13 0 d--hs---- C:\WINDOWS\Installer
    2008-06-17 13:11:12 0 d-------- C:\Program Files\Fichiers communs\ODBC
    2008-06-17 13:11:09 0 dr------- C:\Program Files
    2008-06-17 13:11:09 0 d-------- C:\Program Files\Fichiers communs
    2008-06-17 13:11:09 0 d-------- C:\Program Files\Fichiers communs\SpeechEngines
    2008-06-17 13:10:41 0 d--h----- C:\Documents and Settings\Default User\Voisinage réseau
    2008-06-17 13:10:41 0 d--h----- C:\Documents and Settings\Default User\Voisinage d'impression
    2008-06-17 13:10:41 0 dr-h----- C:\Documents and Settings\Default User\SendTo
    2008-06-17 13:10:41 0 d--h----- C:\Documents and Settings\Default User\Recent
    2008-06-17 13:10:41 0 d--h----- C:\Documents and Settings\Default User\Modèles
    2008-06-17 13:10:41 0 d-------- C:\Documents and Settings\Default User\Mes documents
    2008-06-17 13:10:41 0 dr------- C:\Documents and Settings\Default User\Menu Démarrer
    2008-06-17 13:10:41 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
    2008-06-17 13:10:41 0 d-------- C:\Documents and Settings\Default User\Favoris
    2008-06-17 13:10:41 0 d---s---- C:\Documents and Settings\Default User\Cookies
    2008-06-17 13:10:41 0 d-------- C:\Documents and Settings\Default User\Bureau
    2008-06-17 13:10:41 0 d--h----- C:\Documents and Settings\All Users\Modèles
    2008-06-17 13:10:41 0 dr------- C:\Documents and Settings\All Users\Menu Démarrer
    2008-06-17 13:10:41 0 d-------- C:\Documents and Settings\All Users\Favoris
    2008-06-17 13:10:41 0 dr------- C:\Documents and Settings\All Users\Documents
    2008-06-17 13:10:41 0 d-------- C:\Documents and Settings\All Users\Bureau
    2008-06-17 13:10:28 0 d-------- C:\WINDOWS\system32\CatRoot2
    2008-06-17 13:10:28 0 d-------- C:\WINDOWS\system32\CatRoot
    2008-06-17 13:10:23 0 dr-h----- C:\Documents and Settings\Default User\Application Data
    2008-06-17 13:10:23 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
    2008-06-17 13:10:23 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2008-06-17 13:10:22 0 dr-h----- C:\Documents and Settings\All Users\Application Data
    2008-06-17 13:09:59 0 d-------- C:\Documents and Settings
    2008-06-17 13:09:58 0 d--hs---- C:\System Volume Information
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\WinSxS
    2008-06-17 13:03:37 0 dr------- C:\WINDOWS\Web
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\twain_32
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\wins
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\wbem
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\usmt
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\spool
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\ShellExt
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\Setup
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\ras
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\oobe
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\npp
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\mui
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\inetsrv
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\IME
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\icsxml
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\ias
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\export
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\drivers
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\drivers\etc
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\drivers\disdn
    2008-06-17 13:03:37 0 dr-hs--c- C:\WINDOWS\system32\dllcache
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\dhcp
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\config
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\3com_dmi
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\3076
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\2052
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\1054
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\1042
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\1041
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\1037
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\1036
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\1033
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\1031
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\1028
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system32\1025
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\system
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\security
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\Resources
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\repair
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\Provisioning
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\PeerNet
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\pchealth
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\mui
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\msapps
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\msagent
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\Media
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\java
    2008-06-17 13:03:37 0 d--h----- C:\WINDOWS\inf
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\ime
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\Help
    2008-06-17 13:03:37 0 dr--s---- C:\WINDOWS\Fonts
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\Driver Cache
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\Debug
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\Cursors
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\Connection Wizard
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\Config
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\AppPatch
    2008-06-17 13:03:37 0 d-------- C:\WINDOWS\addins
    2008-06-17 12:33:47 0 d-------- C:\WINDOWS\system32\fr-fr
    2008-06-17 12:33:47 0 d-------- C:\WINDOWS\system32\fr
    2008-06-17 12:33:47 0 d-------- C:\WINDOWS\l2schemas
    2008-06-17 12:33:46 0 d-------- C:\WINDOWS\system32\bits
    2008-06-17 12:32:12 0 d-------- C:\WINDOWS\ServicePackFiles
    2008-06-17 12:31:14 0 d-------- C:\WINDOWS\network diagnostic
    2008-06-17 12:28:53 0 d-------- C:\WINDOWS\EHome
    2008-06-17 12:07:19 0 d-------- C:\Program Files\Realtek Sound Manager
    2008-06-17 12:07:19 0 d-------- C:\Program Files\AvRack
    2008-06-17 12:07:18 1032 -----n--- C:\WINDOWS\system32\drivers\alcxinit.dat
    2008-06-17 12:07:18 315392 --a------ C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
    2008-06-17 12:01:39 0 --a------ C:\WINDOWS\nsreg.dat
    2008-06-17 12:01:37 0 d-------- C:\Documents and Settings\Lyn\Application Data\Mozilla
    2008-06-17 11:55:24 376832 --a------ C:\WINDOWS\system32\slmh.exe <Not Verified; ; Modem Helper>
    2008-06-17 11:55:24 466944 --a------ C:\WINDOWS\system32\SLLights.dll <Not Verified; ; SLLights>
    2008-06-17 11:55:24 167936 --a------ C:\WINDOWS\system32\minirec.exe <Not Verified; ; MiniRec>
    2008-06-17 11:55:24 14976 --a------ C:\WINDOWS\system32\drivers\winddx.sys <Not Verified; ; Modem>
    2008-06-17 11:55:24 151552 --a------ C:\WINDOWS\system32\amr_cpl.dll <Not Verified; ; Modem>
    2008-06-17 11:55:24 61440 --a------ C:\WINDOWS\SmCfg.exe <Not Verified; ; Modem>
    2008-06-17 11:55:24 0 d-------- C:\WINDOWS\Modio
    2008-06-17 11:52:23 0 d-------- C:\Program Files\ATI Technologies
    2008-06-17 11:48:49 0 d-------- C:\ATI
    2008-06-17 11:45:03 139264 --a------ C:\WINDOWS\system32\IDEproperty.dll <Not Verified; ; IDEproperty Dynamic Link Library>
    2008-06-17 11:45:03 9472 --a------ C:\WINDOWS\system32\drivers\sisperf.sys <Not Verified; Silicon Integrated Systems Corp.; SiS Filer Driver>
    2008-06-17 11:45:03 49024 --a------ C:\WINDOWS\system32\drivers\sisidex.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
    2008-06-17 11:44:53 305664 --a------ C:\WINDOWS\IsUn040c.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
    2008-06-17 11:44:47 0 d-------- C:\Documents and Settings\Lyn\WINDOWS
    2008-06-17 11:44:28 0 d-------- C:\WINDOWS\system32\ReinstallBackups
    2008-06-17 11:44:26 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-06-17 11:44:21 0 d-------- C:\Program Files\Fichiers communs\InstallShield
    2008-06-17 11:28:31 0 d-------- C:\Documents and Settings\Lyn\Application Data\Identities
    2008-06-17 11:28:23 0 d--h----- C:\Documents and Settings\Lyn\Voisinage réseau
    2008-06-17 11:28:23 0 d--h----- C:\Documents and Settings\Lyn\Voisinage d'impression
    2008-06-17 11:28:23 0 dr-h----- C:\Documents and Settings\Lyn\SendTo
    2008-06-17 11:28:23 0 d--h----- C:\Documents and Settings\Lyn\Modèles
    2008-06-17 11:28:23 0 dr------- C:\Documents and Settings\Lyn\Menu Démarrer
    2008-06-17 11:28:23 0 d--h----- C:\Documents and Settings\Lyn\Local Settings
    2008-06-17 11:28:23 0 dr------- C:\Documents and Settings\Lyn\Favoris
    2008-06-17 11:28:23 0 d--hs---- C:\Documents and Settings\Lyn\Cookies
    2008-06-17 11:28:23 0 d-------- C:\Documents and Settings\Lyn\Bureau
    2008-06-17 11:28:23 0 dr-h----- C:\Documents and Settings\Lyn\Application Data
    2008-06-17 11:27:40 0 d-------- C:\WINDOWS\SoftwareDistribution
    2008-06-17 11:27:38 0 d---s---- C:\WINDOWS\system32\Microsoft
    2008-06-17 11:27:37 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
    2008-06-17 11:27:37 0 d-------- C:\Documents and Settings\LocalService\Application Data
    2008-06-17 11:27:37 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
    2008-06-17 11:27:36 229376 --a------ C:\Documents and Settings\LocalService\NTUSER.DAT
    2008-06-17 11:27:36 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
    2008-06-17 11:27:21 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
    2008-06-17 11:27:21 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
    2008-06-17 11:27:21 0 d-------- C:\Documents and Settings\NetworkService\Application Data
    2008-06-17 11:27:21 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
    2008-06-17 11:27:20 229376 --a------ C:\Documents and Settings\NetworkService\NTUSER.DAT
    2008-06-17 11:24:48 0 d-------- C:\WINDOWS\system32\xircom
    2008-06-17 11:24:48 0 d-------- C:\Program Files\microsoft frontpage
    2008-06-17 11:24:45 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
    2008-06-17 11:24:43 0 d--h----- C:\WINDOWS\$hf_mig$
    2008-06-17 11:24:23 0 -rahs---- C:\MSDOS.SYS
    2008-06-17 11:24:23 0 -rahs---- C:\IO.SYS
    2008-06-17 11:24:23 0 --a------ C:\CONFIG.SYS
    2008-06-17 11:24:23 0 --a------ C:\AUTOEXEC.BAT
    2008-06-17 11:23:30 0 d--hs---- C:\Documents and Settings\All Users\DRM
    2008-06-17 11:23:21 0 dr------- C:\WINDOWS\Offline Web Pages
    2008-06-17 11:23:21 0 d---s---- C:\WINDOWS\Downloaded Program Files
    2008-06-17 11:23:11 0 d--h----- C:\Program Files\WindowsUpdate
    2008-06-17 11:23:07 0 d-------- C:\Program Files\Services en ligne
    2008-06-17 11:22:52 0 d-------- C:\WINDOWS\system32\DirectX
    2008-06-17 11:22:20 0 d---s---- C:\WINDOWS\Tasks
    2008-06-17 11:22:19 0 d-------- C:\Program Files\Fichiers communs\MSSoap
    2008-06-17 11:22:15 0 d-------- C:\WINDOWS\srchasst
    2008-06-17 11:22:14 0 d-------- C:\WINDOWS\system32\Macromed
    2008-06-17 11:22:07 0 d-------- C:\Program Files\Movie Maker
    2008-06-17 11:22:00 0 d-------- C:\WINDOWS\system32\Restore
    2008-06-17 11:21:35 21892 --a------ C:\WINDOWS\system32\emptyregdb.dat
    2008-06-17 11:21:18 0 d-------- C:\WINDOWS\Registration
    2008-06-17 11:20:45 0 d-------- C:\Program Files\Online Services
    2008-06-17 11:20:40 0 d-------- C:\Program Files\Messenger
    2008-06-17 11:20:36 0 d-------- C:\Program Files\MSN Gaming Zone
    2008-06-17 11:20:02 0 d-------- C:\Program Files\Windows NT
    2008-06-17 11:19:59 0 d-------- C:\WINDOWS\system32\MsDtc
    2008-06-17 11:19:57 0 d-------- C:\WINDOWS\system32\Com


    -- Find3M Report ---------------------------------------------------------------

    2008-07-01 13:39:07 367896 --a------ C:\WINDOWS\system32\perfh00C.dat
    2008-07-01 13:39:07 48814 --a------ C:\WINDOWS\system32\perfc00C.dat
    2008-07-01 11:51:36 17408 --a------ C:\WINDOWS\system32\svchost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2008-07-01 10:33:17 579584 --a------ C:\WINDOWS\system32\user32.DLL <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®>
    2008-06-17 13:10:41 62 --ahs---- C:\Documents and Settings\Lyn\Application Data\desktop.ini
    2008-04-13 19:34:30 516096 --a------ C:\WINDOWS\system32\winlogon.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®>
    2008-04-13 19:34:24 58880 --a------ C:\WINDOWS\system32\spoolsv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2008-04-13 19:34:22 111104 --a------ C:\WINDOWS\system32\services.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®>
    2008-04-13 19:34:10 14848 --a------ C:\WINDOWS\system32\lsass.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2008-04-13 19:34:04 1040384 --a------ C:\WINDOWS\explorer.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®>
    2008-04-13 19:33:30 32768 --a------ C:\WINDOWS\system32\yweptr.dll


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffc86435-2ddc-4323-b170-c5c99c6515ae}]
    C:\WINDOWS\system32\wvUkHYoN.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIModeChange"="Ati2mdxx.exe" [04/09/2001 15:24 C:\WINDOWS\system32\Ati2mdxx.exe]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [27/05/2008 10:50]
    "SoundMan"="SOUNDMAN.EXE" [16/04/2007 15:28 C:\WINDOWS\soundman.exe]
    "BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [02/04/2007 16:48]
    "BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [26/03/2007 15:49]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [15/07/2005 23:48]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
    "lphcndpj0eecp"="C:\WINDOWS\system32\lphcndpj0eecp.exe" [01/07/2008 10:33]
    "f0c77075"="C:\WINDOWS\system32\clgpiife.dll" [01/07/2008 11:53]
    "SMrhcjdpj0eecp"="C:\Program Files\rhcjdpj0eecp\rhcjdpj0eecp.exe" [30/06/2008 17:27]
    "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [13/04/2008 19:34]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]
    "msvecurity"="C:\WINDOWS\msvecurity.exe" [01/07/2008 10:33]
    "iexplorer"="C:\WINDOWS\iexplorer.exe" []
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
    "SpybotDeletingB6561"=command /c del "C:\Documents and Settings\Lyn\Menu Démarrer\Programmes\Brave-Sentry\Uninstall.lnk"
    "SpybotDeletingD1144"=cmd /c del "C:\Documents and Settings\Lyn\Menu Démarrer\Programmes\Brave-Sentry\Uninstall.lnk"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
    "Spybot - Search & Destroy"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

    C:\Documents and Settings\Lyn\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 19:16:50]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoDispBackgroundPage"=1 (0x1)
    "NoDispScrSavPage"=1 (0x1)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "XmFSv"= {F0C770DB-5A6D-DA71-A5CE-49A6C1F9BB3F} - C:\WINDOWS\system32\yweptr.dll [13/04/2008 19:33 32768]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
    C:\WINDOWS\System32\dimsntfy.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=sockspy.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\wvUkHYoN

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vqi08.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @="Volume shadow copy"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rainlendar2]
    C:\Program Files\Rainlendar2\Rainlendar2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    eapsvcs eaphost
    dot3svc dot3svc

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    napagent
    hkmsvc


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    AutoRun\command- E:\autorun_PES2008.exe




    -- End of Deckard's System Scanner: finished at 2008-07-01 19:14:03 ------------
    2 Juillet 2008 01:00:29

    Bon ça marche toujours pas sauf que maintenant un coup sur deux il fonctionne en mode normal (quand le fichier services.exe ne plante pas) et nouveauté en mode sans échec il me demande un mot de passe de session alors que je n'ai jamais fait de session sur mon ordi!

    Merci d'avance pour votre aide car là je désespere!
    2 Juillet 2008 03:22:10

    Salut, il faut que tu vire l'antivirus XP 2008, si il ne veut pas ce désinstaller supprime le dossier dans program files directement ou en mode sans échec et ensuite tu installe Malwarebytes Anti-Malware 1.19 et tu fais une analyse et tu vire tout ce qu'il détecte.

    vérifie si tu n'a pas les fichiers suivants dans windows/system32:
    pphcgmcj0e17l.exe, rhclmcj0e17l.exe, sysrest.sys, swrp.dll, si c'est le cas supprime-les.

    le seul problème est au cas ou tu aurais des fichiers de windows/system32 qui seraient infectés comme service.exe, winlogon.exe, Lsass.exe, svchost.exe & explorer.exe, préviens-moi au cas ou ?
    A+
    2 Juillet 2008 08:53:48

    :hello:  Bonjour,

    Je suis bénévole et j'ai une vie privée, mais je n'abandonne pas les internautes que je prends en charge :) 

    Merci de ne suivre que mes directives et pas celles de thunderflash qui n'a pas dû prendre le temps d'analyser ton rapport en oubliant le rootkit. De plus, c'est un "helper" par désinfection.

    Merci à Thunderflash de ne pas interférer dans mes désinfections.

    ***

    Tu as une très vilaine infection, par rootkit kernel-mode.

    Télécharge Combofix à partir d'**ICI** ou bien **ICI** et enregistre-le sur ton bureau.

    **Note 1 : Dans le cas où tu aurais déjà une version de combofix, il faudra que tu en télécharges une autre, la toute dernière. De plus il est très important de le sauvegarder directement sur ton bureau.**

  • Merci de ne jamais renommer Combofix, sauf si cela t'es expressément demandé.
  • Ferme toutes les fenêtres en cours, sans exception.
  • Désactive toutes les protections résidentes de tous tes logiciels antivirus, antispyware etc. afin que ces derniers n'interfèrent pas avec le bonfonctionnement de Combofix.
    Très important : Désactive temporairement toutes tes protections résidentes de tous tes logiciels de sécurité avant de lancer un scan avec Combofix. Ils risqueraient d'altérer le bon déroulement du scan de Combofix, ce qui pourrait avoir des conséquences imprévues et désastreuses.
  • Clique sur ce lien pour voir une liste de programmes qui devraient systématiquement être désactivés avant l'utilisation de combofix. A noter que la liste n'est pas exhaustive. Si ton logiciel de sécurité n'est pas dans cette liste et que tu ne sais pas comment le désactiver, ou que tu ne comprends pas l'anglais :p  , merci de me poser la question.
  • ATTENTION : Combofix va automatiquement te déconnecter d'internet dès que le scan débute.
  • Merci ne pas essayer de reconnecter ta machine à internet tant que combofix n'a pas fini son travail.
  • Si jamais tu n'arrives plus à te connecter à internet après l'utilisation de combofix, redémarre ton PC pour restaurer la connexion à internet.
  • Double clique sur combofix.exe et suis les instructions qui s'affichent.
  • Quand le scan sera fini, un rapport devrait normalement s'afficher à l'écran.
  • Merci de poster le rapport suivant, "C:\ComboFix.txt" , dans votre prochaine réponse, accompagné d'un nouveau rapport HiJackThis.

    **Note 2 : Ne pas cliquer dans la fenêtre de combofix pendant qu'il travaille. Tu risquerais de planter le PC et de causer d'importants dommages.**

    ;) 
    2 Juillet 2008 10:06:44

    merci!!! ça à l'air de marcher à part un message d'erreur au démarrage mais ça vient d'antivirus XP 2008 je pense (car j'ai supprimé les fichiers)

    voici le comboFix:
    ComboFix 08-06-30.2 - Lyn 2008-07-02 9:55:35.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.639 [GMT 2:00]
    Endroit: C:\Documents and Settings\Lyn\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    et le hiJackThis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:05, on 2008-07-02
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Softwin\BitDefender10\bdmcon.exe
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Lyn\Bureau\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {ffc86435-2ddc-4323-b170-c5c99c6515ae} - C:\WINDOWS\system32\wvUkHYoN.dll (file missing)
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [lphcndpj0eecp] C:\WINDOWS\system32\lphcndpj0eecp.exe
    O4 - HKLM\..\Run: [f0c77075] rundll32.exe "C:\WINDOWS\system32\clgpiife.dll",b
    O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF15805.exe /c C:\ComboFix\Combobatch.bat
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [msvecurity] C:\WINDOWS\msvecurity.exe
    O4 - HKCU\..\Run: [iexplorer] C:\WINDOWS\iexplorer.exe --system
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://camera1.mairie-brest.fr/activex/AMC.cab
    O21 - SSODL: XmFSv - {F0C770DB-5A6D-DA71-A5CE-49A6C1F9BB3F} - C:\WINDOWS\system32\yweptr.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 5895 bytes

    Alors verdict??? ;-)


    2 Juillet 2008 10:14:50

    Re,

    Le rapport de Combofix est incomplet ;) 

    A ce soir :hello: 
    2 Juillet 2008 10:23:50

    @espeleta_29 : ton log combofix n'est pas entier, soit tu l'as mal copié, soit tu n'as pas attendu assez longtemps qu'il se fasse, et vu la tête de ton hijackthis, je suppose que c'est la seconde solution.

    Attend que combofix ai fini, et redonne ton nouveau log combofix et hijackthis suite à cette manipulation.

    Edit: ah bah j'aurais du rafraichir entre temps :) 
    2 Juillet 2008 10:26:33

    bizarre j'ai rien touché je vais refaire alors
    2 Juillet 2008 10:37:41

    effectivement il manquait une bonne partie!!

    Voici combofix:
    ComboFix 08-06-30.2 - Lyn 2008-07-02 10:27:29.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.790 [GMT 2:00]
    Endroit: C:\Documents and Settings\Lyn\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\Documents and Settings\Lyn\Application Data\rhcjdpj0eecp
    C:\Documents and Settings\Lyn\Application Data\sp1
    C:\Program Files\rhcjdpj0eecp
    C:\WINDOWS\Downloaded Program Files\setup.inf
    C:\WINDOWS\enpq.exe
    C:\WINDOWS\file.bat
    C:\WINDOWS\system32\blphcndpj0eecp.scr
    C:\WINDOWS\system32\clgpiife.dll
    C:\WINDOWS\system32\efiipglc.ini
    C:\WINDOWS\system32\lphcndpj0eecp.exe
    C:\WINDOWS\system32\NoYHkUvw.ini
    C:\WINDOWS\system32\NoYHkUvw.ini2
    C:\WINDOWS\system32\ntpl.bin
    C:\WINDOWS\system32\nvrsma.dll
    C:\WINDOWS\system32\phcndpj0eecp.bmp
    C:\WINDOWS\system32\pphcndpj0eecp.exe
    C:\WINDOWS\system32\urqPICur.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_tcpsr
    -------\Service_tcpsr
    -------\Legacy_tcpsr
    -------\Service_tcpsr


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-02 to 2008-07-02 ))))))))))))))))))))))))))))))))))))
    .

    2008-07-02 09:44 . 2008-07-02 10:00 192,512 --a------ C:\WINDOWS\system32\cbOCR.dll
    2008-07-02 01:19 . 2008-07-02 01:19 268 --ah----- C:\sqmdata00.sqm
    2008-07-02 01:19 . 2008-07-02 01:19 244 --ah----- C:\sqmnoopt00.sqm
    2008-07-01 19:09 . 2008-07-01 19:09 <REP> d-------- C:\Deckard
    2008-07-01 18:58 . 2008-07-01 18:58 <REP> d-------- C:\SDFix
    2008-07-01 14:21 . 2008-07-01 18:49 359 --a------ C:\WINDOWS\wininit.ini
    2008-07-01 13:51 . 2008-07-01 19:35 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-07-01 13:51 . 2008-07-01 19:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-07-01 13:29 . 2008-07-01 13:29 <REP> d-------- C:\WINDOWS\ERUNT
    2008-07-01 13:20 . 2008-07-01 13:40 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-07-01 11:10 . 2008-06-17 13:10 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
    2008-07-01 11:10 . 2008-06-17 13:10 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-07-01 11:10 . 2008-06-17 11:20 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
    2008-07-01 11:10 . 2008-06-17 13:10 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
    2008-07-01 11:10 . 2008-06-17 13:10 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
    2008-07-01 11:10 . 2008-06-17 13:10 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
    2008-07-01 11:10 . 2008-06-17 13:10 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-07-01 11:09 . 2008-07-01 11:37 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-07-01 10:56 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-07-01 10:56 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-07-01 10:56 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-07-01 10:56 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-07-01 10:56 . 2008-06-23 23:34 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
    2008-07-01 10:56 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
    2008-07-01 10:56 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-07-01 10:56 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-07-01 10:56 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-07-01 10:56 . 2008-07-01 12:15 3,730 --a------ C:\WINDOWS\system32\tmp.reg
    2008-07-01 10:44 . 2008-07-01 10:44 <REP> d-------- C:\WINDOWS\Torrents
    2008-07-01 10:42 . 2008-06-21 11:35 30,208 --a------ C:\WINDOWS\SysC.exe
    2008-07-01 10:34 . 2008-07-01 10:34 64,512 --a------ C:\WINDOWS\system32\wpx5.cpx
    2008-07-01 10:34 . 2008-07-02 09:53 39,549 --a------ C:\WINDOWS\msvecurity.config
    2008-07-01 10:34 . 2008-07-01 10:34 13,312 --a------ C:\WINDOWS\system32\wpx6.cpx
    2008-07-01 10:33 . 2008-07-01 10:33 579,584 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
    2008-07-01 10:33 . 2008-07-01 13:37 63,488 --a------ C:\WINDOWS\system32\gx.ak
    2008-07-01 10:33 . 2008-07-01 13:37 32,768 --a------ C:\WINDOWS\system32\pol.art
    2008-07-01 10:33 . 2008-07-01 13:37 28,672 --a------ C:\WINDOWS\system32\mn.hlpf
    2008-07-01 10:33 . 2008-07-01 13:37 28,672 --a------ C:\WINDOWS\system32\cty.sp
    2008-07-01 10:33 . 2008-07-01 13:37 28,672 --a------ C:\WINDOWS\system32\cnkl.sr
    2008-07-01 10:32 . 2008-07-02 10:32 65,970 --a------ C:\WINDOWS\system32\drivers\55a36e68.sys
    2008-07-01 10:32 . 2008-07-02 10:00 30,208 --a------ C:\WINDOWS\system32\drivers\Vqi08.sys
    2008-07-01 10:32 . 2008-07-01 11:26 30,208 --a------ C:\WINDOWS\system32\drivers\Vqi08(3).sys
    2008-07-01 10:32 . 2008-07-01 10:33 30,208 --a------ C:\WINDOWS\system32\drivers\Vqi08(2).sys
    2008-06-30 21:39 . 2008-04-13 11:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2008-06-30 21:39 . 2008-04-13 11:47 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2008-06-30 09:16 . 2008-07-01 10:22 <REP> d-------- C:\Documents and Settings\Lyn\Application Data\Azureus
    2008-06-30 09:16 . 2008-06-30 09:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
    2008-06-29 19:54 . 2008-06-29 19:54 <REP> dr-h----- C:\Documents and Settings\Lyn\Application Data\SecuROM
    2008-06-29 19:54 . 2008-06-29 19:54 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2008-06-29 19:40 . 2008-06-29 19:40 <REP> d-------- C:\Program Files\KONAMI
    2008-06-29 18:24 . 2008-06-29 18:24 32 --a------ C:\WINDOWS\tdlp32.ini
    2008-06-29 16:43 . 2008-06-29 16:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
    2008-06-29 15:46 . 2008-06-29 15:46 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
    2008-06-29 15:24 . 2008-06-29 15:24 <REP> d-------- C:\Program Files\ahead
    2008-06-29 13:33 . 2008-06-29 15:46 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared(2)
    2008-06-29 13:33 . 2008-06-29 15:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems(2)
    2008-06-23 18:51 . 2008-06-23 18:51 <REP> d-------- C:\Program Files\MSBuild
    2008-06-23 18:51 . 2008-06-23 18:51 <REP> d-------- C:\Program Files\Microsoft Works
    2008-06-23 18:46 . 2008-06-23 18:50 <REP> d-------- C:\WINDOWS\SHELLNEW
    2008-06-23 18:46 . 2008-06-23 18:46 <REP> dr-h----- C:\MSOCache
    2008-06-23 18:43 . 2008-06-23 18:43 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
    2008-06-22 21:48 . 2008-06-22 21:48 <REP> d-------- C:\Program Files\Axis Communications
    2008-06-22 17:15 . 2008-06-22 17:15 <REP> d-------- C:\Program Files\Mojicon Installer
    2008-06-22 12:13 . 2008-06-22 12:13 <REP> d-------- C:\Program Files\Microsoft Carioca
    2008-06-22 11:07 . 2008-06-22 11:07 <REP> d-------- C:\Documents and Settings\Lyn\Application Data\Open Source Applications Foundation
    2008-06-20 22:06 . 2008-06-20 22:06 <REP> d-------- C:\Documents and Settings\Lyn\Application Data\vlc
    2008-06-20 22:05 . 2008-06-20 22:05 <REP> d-------- C:\Program Files\VideoLAN
    2008-06-20 20:04 . 2008-06-20 20:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-06-20 19:56 . 2008-06-20 19:56 <REP> d-------- C:\Program Files\Messenger Plus! Live
    2008-06-20 19:18 . 2008-06-30 11:25 <REP> d-------- C:\Documents and Settings\Lyn\Shared
    2008-06-20 19:18 . 2008-06-30 11:25 <REP> d-------- C:\Documents and Settings\Lyn\Incomplete
    2008-06-20 19:18 . 2008-06-20 19:29 <REP> d-------- C:\Documents and Settings\Lyn\Application Data\FrostWire
    2008-06-19 22:19 . 2008-06-25 11:15 <REP> d-------- C:\Program Files\Windows Live Safety Center
    2008-06-19 22:19 . 2008-06-19 22:19 <REP> d-------- C:\Documents and Settings\Lyn\Application Data\DAEMON Tools
    2008-06-19 22:19 . 2008-06-19 22:19 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-06-19 20:54 . 2008-06-24 18:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-06-19 20:51 . 2008-06-19 20:51 <REP> d-------- C:\Program Files\Fichiers communs\PC SOFT
    2008-06-19 20:51 . 2008-06-19 20:51 67 --a------ C:\WINDOWS\contact.ini
    2008-06-18 19:17 . 2008-06-29 16:41 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-06-18 19:08 . 2008-06-18 19:08 <REP> d-------- C:\Program Files\Google
    2008-06-17 22:51 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-06-17 22:50 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-06-17 22:49 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2008-06-17 22:49 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
    2008-06-17 22:49 . 2008-04-13 11:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2008-06-17 22:49 . 2008-04-13 11:45 10,368 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
    2008-06-17 18:12 . 2008-06-20 19:18 <REP> d-------- C:\Program Files\FrostWire
    2008-06-17 18:12 . 2008-07-01 10:22 <REP> d-------- C:\Program Files\Azureus
    2008-06-17 17:53 . 2008-06-17 17:53 <REP> d-------- C:\Documents and Settings\Lyn\Contacts
    2008-06-17 17:52 . 2008-06-17 17:52 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
    2008-06-17 17:50 . 2008-06-17 17:52 <REP> d-------- C:\Program Files\Windows Live
    2008-06-17 17:50 . 2008-06-17 17:51 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-06-17 17:48 . 2008-06-17 17:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-06-17 15:01 . 2008-06-17 15:01 <REP> d-------- C:\Documents and Settings\Lyn\Application Data\Bitdefender
    2008-06-17 14:59 . 2008-07-02 10:29 81,984 --a------ C:\WINDOWS\system32\bdod.bin
    2008-06-17 14:53 . 2008-06-17 14:53 <REP> d-------- C:\Program Files\Softwin
    2008-06-17 14:53 . 2008-06-17 14:53 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
    2008-06-17 14:53 . 2008-06-17 14:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
    2008-06-17 14:51 . 2008-06-17 14:51 <REP> d-------- C:\WINDOWS\Logs
    2008-06-17 14:43 . 2003-06-05 00:41 186,095 --a------ C:\WINDOWS\system32\drivers\o2mmb.sys
    2008-06-17 14:43 . 2003-06-09 13:20 8,008 --a------ C:\WINDOWS\system32\drivers\o2mmb.cat
    2008-06-17 14:43 . 2003-04-29 10:26 5,689 --a------ C:\WINDOWS\system32\drivers\MbxStby.sys
    2008-06-17 14:43 . 2003-06-05 00:33 2,539 --a------ C:\WINDOWS\system32\drivers\o2mmb.inf
    2008-06-17 14:33 . 2008-06-30 09:48 <REP> d-------- C:\Documents and Settings\Lyn\Application Data\OpenOffice.org2
    2008-06-17 14:33 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
    2008-06-17 14:32 . 2008-06-17 14:32 <REP> d-------- C:\Program Files\Realtek AC97
    2008-06-17 14:32 . 2006-12-08 15:20 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
    2008-06-17 14:32 . 2006-10-18 02:53 147,456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
    2008-06-17 14:31 . 2008-06-30 09:49 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
    2008-06-17 14:04 . 2008-06-17 14:04 <REP> d-------- C:\Program Files\QuickTime
    2008-06-17 14:04 . 2008-06-17 14:04 <REP> d-------- C:\Program Files\Apple Software Update
    2008-06-17 14:04 . 2008-06-17 14:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-06-17 14:04 . 2008-06-17 14:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2008-06-17 12:34 . 2008-04-13 19:33 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
    2008-06-17 12:34 . 2008-04-13 19:33 1,306,624 -----c--- C:\WINDOWS\system32\dllcache\msxml6.dll
    2008-06-17 12:34 . 2008-04-13 19:04 93,184 --------- C:\WINDOWS\system32\msxml6r.dll
    2008-06-17 12:34 . 2008-04-13 19:04 93,184 -----c--- C:\WINDOWS\system32\dllcache\msxml6r.dll
    2008-06-17 12:32 . 2008-06-17 12:32 <REP> d-------- C:\WINDOWS\ServicePackFiles
    2008-06-17 12:32 . 2008-04-13 19:34 294,912 -----c--- C:\WINDOWS\system32\dllcache\dlimport.exe
    2008-06-17 12:30 . 2007-08-10 08:18 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2008-06-17 12:30 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\002603_.tmp
    2008-06-17 12:28 . 2008-06-17 12:28 <REP> d-------- C:\WINDOWS\EHome
    2008-06-17 12:25 . 2008-06-17 12:25 2,422 --a------ C:\WINDOWS\system32\wpa.bak
    2008-06-17 12:07 . 2008-06-17 12:07 <REP> d-------- C:\Program Files\Realtek Sound Manager
    2008-06-17 12:07 . 2008-06-17 12:07 <REP> d-------- C:\Program Files\AvRack

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-01 09:51 17,408 ----a-w C:\WINDOWS\system32\svchost.exe
    2008-07-01 08:33 579,584 ----a-w C:\WINDOWS\system32\user32.DLL
    2008-06-29 16:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-17 12:43 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-06-17 11:53 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-06-17 11:53 --------- d-----w C:\Program Files\Java
    2008-06-17 11:52 --------- d-----w C:\Program Files\Fichiers communs\Java
    2008-06-17 09:52 --------- d-----w C:\Program Files\ATI Technologies
    2008-06-17 09:24 --------- d-----w C:\Program Files\microsoft frontpage
    2008-06-17 09:23 --------- d-----w C:\Program Files\Services en ligne
    2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-05-30 12:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
    2008-05-30 12:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
    2008-05-30 12:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
    2008-05-30 12:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
    2008-05-30 12:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
    2008-05-30 12:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
    2008-05-30 12:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
    2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
    2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-04-13 17:50 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
    2008-04-13 17:37 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe
    2008-04-13 17:33 98,816 ----a-w C:\WINDOWS\system32\psbase.dll
    2008-04-13 17:32 764,416 ----a-w C:\WINDOWS\system32\winntbbu.dll
    2008-04-13 17:32 61,471 ----a-w C:\WINDOWS\system32\odbcji32.dll
    2008-04-13 17:32 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
    2008-04-13 17:07 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
    2008-04-13 17:07 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
    2008-04-13 17:06 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
    2008-04-13 17:03 81,920 ------w C:\WINDOWS\system32\msshavmsg.dll
    2008-04-13 17:02 50,688 ----a-w C:\WINDOWS\system32\inetres.dll
    2008-04-13 17:01 572,416 ----a-w C:\WINDOWS\system32\shdoclc.dll
    2008-04-13 16:59 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
    2008-04-13 16:58 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-04-13 16:58 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
    2008-04-13 16:57 70,144 ----a-w C:\WINDOWS\system32\browselc.dll
    2008-04-13 16:54 103,936 ----a-w C:\WINDOWS\system32\dpcdll.dll
    2008-04-13 09:45 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
    2008-04-13 09:40 445,440 ----a-w C:\WINDOWS\system32\xpob2res.dll
    2008-04-13 09:36 2,986,496 ----a-w C:\WINDOWS\system32\xpsp2res.dll
    2008-04-13 09:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
    2008-04-13 09:35 197,632 ----a-w C:\WINDOWS\system32\xpsp1res.dll
    2008-04-13 09:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
    2008-04-13 09:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
    2008-04-13 08:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
    2008-04-13 08:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
    2008-04-13 08:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
    2008-04-13 08:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
    2008-04-13 08:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
    2008-04-13 07:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
    2008-04-13 07:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
    2008-04-13 06:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
    .
    C:\WINDOWS\system32\user32.dll ... is infected !! (additional data below)
    578,048 2006-03-02 12:00:00 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
    579,584 2008-04-13 17:33:50 C:\WINDOWS\ServicePackFiles\i386\user32.dll
    579,584 2008-07-01 08:33:17 C:\WINDOWS\system32\user32.DLL
    579,584 2008-07-01 08:33:17 C:\WINDOWS\system32\dllcache\user32.dll


    ------- Sigcheck -------

    2006-03-02 14:00 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
    2008-04-13 19:34 14336 e4bdf223cd75478bf44567b4d5c2634d C:\WINDOWS\ServicePackFiles\i386\svchost.exe
    md5deep: C:\WINDOWS\system32\svchost.exe: error at offset 0: Permission denied

    2006-03-02 14:00 578048 61c8c283ad063bb697ae61a155c64a5a C:\WINDOWS\$NtServicePackUninstall$\user32.dll
    2008-04-13 19:33 579584 e853f84d3ce2faa2a802e33cf89ac023 C:\WINDOWS\ServicePackFiles\i386\user32.dll
    2008-07-01 10:33 579584 d14e7279cdc1a2dae01d872c0e03b189 C:\WINDOWS\system32\user32.DLL
    2008-07-01 10:33 579584 d14e7279cdc1a2dae01d872c0e03b189 C:\WINDOWS\system32\dllcache\user32.dll

    2006-03-02 14:00 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
    2008-04-13 19:34 512000 dd73d6b9f6b4cb630cf35b438b540174 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
    md5deep: C:\WINDOWS\system32\winlogon.exe: error at offset 0: Permission denied

    md5deep: C:\WINDOWS\explorer.exe: error at offset 0: Permission denied
    2006-03-02 14:00 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    2008-04-13 19:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\ServicePackFiles\i386\explorer.exe

    2006-03-02 14:00 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\$NtServicePackUninstall$\services.exe
    2008-04-13 19:34 109056 54cb50058851d95e56ec70d09f70857f C:\WINDOWS\ServicePackFiles\i386\services.exe
    md5deep: C:\WINDOWS\system32\services.exe: error at offset 0: Permission denied

    2006-03-02 14:00 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
    2008-04-13 19:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb C:\WINDOWS\ServicePackFiles\i386\lsass.exe
    md5deep: C:\WINDOWS\system32\lsass.exe: error at offset 0: Permission denied
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
    "BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 16:48 290816]
    "BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 15:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoSimpleStartMenu"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "NoActiveDesktopChanges"= 00000000
    "NoActiveDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "XmFSv"= {F0C770DB-5A6D-DA71-A5CE-49A6C1F9BB3F} - C:\WINDOWS\system32\yweptr.dll [2008-04-13 19:33 32768]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=sockspy.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vqi08.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=

    R0 Vqi08;Vqi08;C:\WINDOWS\system32\Drivers\Vqi08.sys [2008-07-02 10:00]
    R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2003-06-05 00:41]
    R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2003-04-29 10:26]
    S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2003-10-30 21:17]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 11:45]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    \Shell\AutoRun\command - E:\autorun_PES2008.exe

    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{ffc86435-2ddc-4323-b170-c5c99c6515ae} - C:\WINDOWS\system32\wvUkHYoN.dll
    HKCU-Run-msvecurity - C:\WINDOWS\msvecurity.exe
    HKCU-Run-iexplorer - C:\WINDOWS\iexplorer.exe
    HKLM-Run-lphcndpj0eecp - C:\WINDOWS\system32\lphcndpj0eecp.exe
    HKLM-Run-f0c77075 - C:\WINDOWS\system32\clgpiife.dll
    MSConfigStartUp-rainlendar2 - C:\Program Files\Rainlendar2\Rainlendar2.exe


    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-02 10:31:14
    Windows 5.1.2600 Service Pack 3 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    NoActiveDesktopChanges = 3F 00 00 00
    NoActiveDesktop = 63
    NoSaveSettings = 63
    ClassicShell = 63

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-07-02 10:33:19 - machine was rebooted [Lyn]
    ComboFix-quarantined-files.txt 2008-07-02 08:33:14

    Pre-Run: 8,937,172,992 octets libres
    Post-Run: 8,933,457,920 octets libres

    328 --- E O F --- 2008-06-24 16:02:53

    et HiJackThis:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:36:52, on 02/07/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Softwin\BitDefender10\bdmcon.exe
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Documents and Settings\Lyn\Bureau\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://camera1.mairie-brest.fr/activex/AMC.cab
    O21 - SSODL: XmFSv - {F0C770DB-5A6D-DA71-A5CE-49A6C1F9BB3F} - C:\WINDOWS\system32\yweptr.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 5471 bytes

    Merci encore de me consacrer un peu de votre temps!!
    2 Juillet 2008 22:34:36

    Re,

    Ton cas présente quelques particularité et je préfère prendre un peu plus de temps que d'habitude pour analyser le rapport de combofix.

    Je te réponds demain en journée.

    Fais un "up" du sujet à ta prochaine connexion.

    ;) 
    3 Juillet 2008 01:00:35

    ok ça marche merci c'est gentil!
    mais là ça à l'air de marcher... C'est grave docteur?? lol
    3 Juillet 2008 22:28:50

    :hello:  Bonsoir,

  • Nous allons installer la Console de Récupération sur ton pc. Cela permettra de réparer ton système au cas où le pc ne redémarrerait plus suite à la désinfection. De plus, cela confère plus de puissance à combofix, qui va pouvoir fixer automatiquement certains problèmes.

  • Lorsque tu as cliqué sur le lien correspondant à la version de ton Windows, tu seras dirigé sur une page: clique sur le bouton Télécharger afin de récupérer le package d'installation et enregistre ce fichier sur le bureau. Ne modifie pas le nom du fichier surtout!

    Windows XP sans Service Pack >

    Microsoft Windows XP Édition familiale
    Microsoft Windows XP Professionnel

    Windows XP Service Pack 1 (SP1) >

    Microsoft Windows XP Édition familiale SP1
    Microsoft Windows XP Professionnel SP1


    Windows XP Service Pack 2 (SP2) >

    Microsoft Windows XP Édition familiale SP2
    Microsoft Windows XP Professionnel SP2


  • Fait un glisser/déposer de ce fichier sur le fichier ComboFix.exe comme sur la capture >

  • Suis les indications à l'écran pour lancer ComboFix et lorsqu'on te le demande, accepte le Contrat de Licence d'Utilisateur Final pour installer la Console de Récupération Microsoft.
  • Lorsque ce sera terminé, un message te disant que la Console a bien été installée apparait, puis un rapport nommé CF_RC.txt va s'afficher: poste le contenu de ce rapport.
  • Note > à présent lorsque tu démarreras ton pc, tu auras un choix à faire: soit démarrer Windows normalement, ou utiliser la Console de Récupération.

    ;) 
    4 Juillet 2008 09:34:37

    mais ça sera toujours comme ça après?
    Il reste des trucs encore sur mon ordi??
    4 Juillet 2008 10:59:38

    :hello:  Bonjour,

    Je peux avoir le rapport demandé ?

    :) 
    4 Juillet 2008 11:27:58

    Juste pour signaler qu'après, tu peux modifier ce comportement, si tu ne veux plus avoir le choix entre démarrer Windows normalement ou utiliser la Console de Récupération, tu peux modifier un fichier afin de lancer directement Windows normalement.
    Mais dans un premier temps, vu que quelques manipulations vont être délicates, afin de ne pas perdre ton PC, il vaut mieux installer cette Console de Récupération.
    4 Juillet 2008 12:55:13

    ok merci
    Par contre j'ai le service pack 3 mais je ne l'ai pas trouvé sur le site du coup j'ai pris le service pack 2 j'espère que ce n'est pas dérangeant....

    Par contre le fichier qui s'est affiché c'est log.txt...

    Le voici:

    ComboFix 08-06-30.2 - Lyn 2008-07-04 12:43:57.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.764 [GMT 2:00]
    Endroit: C:\Documents and Settings\Lyn\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Lyn\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_tcpsr
    -------\Service_tcpsr


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-04 to 2008-07-04 ))))))))))))))))))))))))))))))))))))
    .

    2008-07-04 12:43 . 2008-07-04 12:43 <REP> d-------- C:\327882R2FWJFW
    2008-07-03 12:25 . 2008-07-03 12:25 <REP> d-------- C:\Program Files\Xara
    2008-07-03 12:25 . 2008-07-03 12:25 <REP> d-------- C:\Program Files\Common Files
    2008-07-02 18:52 . 2008-07-02 18:52 <REP> d-------- C:\WINDOWS\Icons
    2008-07-02 09:44 . 2008-07-04 12:28 192,512 --a------ C:\WINDOWS\system32\cbOCR.dll
    2008-07-02 01:19 . 2008-07-02 01:19 268 --ah----- C:\sqmdata00.sqm
    2008-07-02 01:19 . 2008-07-02 01:19 244 --ah----- C:\sqmnoopt00.sqm
    2008-07-01 19:09 . 2008-07-01 19:09 <REP> d-------- C:\Deckard
    2008-07-01 18:58 . 2008-07-01 18:58 <REP> d-------- C:\SDFix
    2008-07-01 14:21 . 2008-07-01 18:49 359 --a------ C:\WINDOWS\wininit.ini
    2008-07-01 13:51 . 2008-07-01 19:35 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-07-01 13:51 . 2008-07-01 19:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-07-01 13:29 . 2008-07-01 13:29 <REP> d-------- C:\WINDOWS\ERUNT
    2008-07-01 13:20 . 2008-07-01 13:40 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-07-01 11:10 . 2008-06-17 13:10 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
    2008-07-01 11:10 . 2008-06-17 13:10 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-07-01 11:10 . 2008-06-17 11:20 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
    2008-07-01 11:10 . 2008-06-17 13:10 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
    2008-07-01 11:10 . 2008-06-17 13:10 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
    2008-07-01 11:10 . 2008-06-17 13:10 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
    2008-07-01 11:10 . 2008-06-17 13:10 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-07-01 11:09 . 2008-07-01 11:37 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-07-01 10:56 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-07-01 10:56 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-07-01 10:56 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-07-01 10:56 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-07-01 10:56 . 2008-06-23 23:34 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
    2008-07-01 10:56 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
    2008-07-01 10:56 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-07-01 10:56 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-07-01 10:56 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-07-01 10:56 . 2008-07-01 12:15 3,730 --a------ C:\WINDOWS\system32\tmp.reg
    2008-07-01 10:44 . 2008-07-01 10:44 <REP> d-------- C:\WINDOWS\Torrents
    2008-07-01 10:42 . 2008-06-21 11:35 30,208 --a------ C:\WINDOWS\SysC.exe
    2008-07-01 10:34 . 2008-07-01 10:34 64,512 --a------ C:\WINDOWS\system32\wpx5.cpx
    2008-07-01 10:34 . 2008-07-02 09:53 39,549 --a------ C:\WINDOWS\msvecurity.config
    2008-07-01 10:34 . 2008-07-01 10:34 13,312 --a------ C:\WINDOWS\system32\wpx6.cpx
    2008-07-01 10:33 . 2008-07-01 10:33 579,584 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
    2008-07-01 10:33 . 2008-07-01 13:37 63,488 --a------ C:\WINDOWS\system32\gx.ak
    2008-07-01 10:33 . 2008-07-01 13:37 32,768 --a------ C:\WINDOWS\system32\pol.art
    2008-07-01 10:33 . 2008-07-01 13:37 28,672 --a------ C:\WINDOWS\system32\mn.hlpf
    2008-07-01 10:33 . 2008-07-01 13:37 28,672 --a------ C:\WINDOWS\system32\cty.sp
    2008-07-01 10:33 . 2008-07-01 13:37 28,672 --a------ C:\WINDOWS\system32\cnkl.sr
    2008-07-01 10:32 . 2008-07-04 12:48 65,970 --a------ C:\WINDOWS\system32\drivers\55a36e68.sys
    2008-07-01 10:32 . 2008-07-02 10:34 30,208 --a------ C:\WINDOWS\system32\drivers\Vqi08.sys
    2008-07-01 10:32 . 2008-07-01 11:26 30,208 --a------ C:\WINDOWS\system32\drivers\Vqi08(3).sys
    2008-07-01 10:32 . 2008-07-01 10:33 30,208 --a------ C:\WINDOWS\system32\drivers\Vqi08(2).sys
    2008-06-30 21:39 . 2008-04-13 11:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2008-06-30 21:39 . 2008-04-13 11:47 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2008-06-30 09:16 . 2008-07-03 14:37 <REP> d-------- C:\Documents and Settings\Lyn\Application Data\Azureus
    2008-06-30 09:16 . 2008-06-30 09:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
    2008-06-29 19:54 . 2008-06-29 19:54 <REP> dr-h----- C:\Documents and Settings\Lyn\Application Data\SecuROM
    2008-06-29 19:54 . 2008-06-29 19:54 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2008-06-29 19:40 . 2008-06-29 19:40 <REP> d-------- C:\Program Files\KONAMI
    2008-06-29 18:24 . 2008-06-29 18:24 32 --a------ C:\WINDOWS\tdlp32.ini
    2008-06-29 16:43 . 2008-06-29 16:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
    2008-06-29 15:46 . 2008-06-29 15:46 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
    2008-06-29 15:24 . 2008-06-29 15:24 <REP> d-------- C:\Program Files\ahead
    2008-06-29 13:33 . 2008-06-29 15:46 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared(2)
    2008-06-29 13:33 . 2008-06-29 15:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems(2)
    2008-06-23 18:51 . 2008-06-23 18:51 <REP> d-------- C:\Program Files\MSBuild
    2008-06-23 18:51 . 2008-06-23 18:51 <REP> d-------- C:\Program Files\Microsoft Works
    2008-06-23 18:46 . 2008-06-23 18:50 <REP> d-------- C:\WINDOWS\SHELLNEW
    2008-06-23 18:46 . 2008-06-23 18:46 <REP> dr-h----- C:\MSOCache
    2008-06-23 18:43 . 2008-06-23 18:43 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
    2008-06-22 21:48 . 2008-06-22 21:48 <REP> d-------- C:\Program Files\Axis Communications
    2008-06-22 17:15 . 2008-06-22 17:15 <REP> d-------- C:\Program Files\Mojicon Installer
    2008-06-22 12:13 . 2008-06-22 12:13 <REP> d-------- C:\Program Files\Microsoft Carioca
    2008-06-22 11:07 . 2008-06-22 11:07 <REP> d-------- C:\Documents and Settings\Lyn\Application Data\Open Source Applications Foundation
    2008-06-20 22:06 . 2008-06-20 22:06 <REP> d-------- C:\Documents and Settings\Lyn\Application Data\vlc
    2008-06-20 22:05 . 2008-06-20 22:05 <REP> d-------- C:\Program Files\VideoLAN
    2008-06-20 20:04 . 2008-06-20 20:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-06-20 19:56 . 2008-06-20 19:56 <REP> d-------- C:\Program Files\Messenger Plus! Live
    2008-06-20 19:18 . 2008-06-30 11:25 <REP> d-------- C:\Documents and Settings\Lyn\Shared
    2008-06-20 19:18 . 2008-06-30 11:25 <REP> d-------- C:\Documents and Settings\Lyn\Incomplete
    2008-06-20 19:18 . 2008-06-20 19:29 <REP> d-------- C:\Documents and Settings\Lyn\Application Data\FrostWire
    2008-06-19 22:19 . 2008-06-25 11:15 <REP> d-------- C:\Program Files\Windows Live Safety Center
    2008-06-19 22:19 . 2008-06-19 22:19 <REP> d-------- C:\Documents and Settings\Lyn\Application Data\DAEMON Tools
    2008-06-19 22:19 . 2008-06-19 22:19 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-06-19 20:54 . 2008-06-24 18:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-06-19 20:51 . 2008-06-19 20:51 <REP> d-------- C:\Program Files\Fichiers communs\PC SOFT
    2008-06-19 20:51 . 2008-06-19 20:51 67 --a------ C:\WINDOWS\contact.ini
    2008-06-18 19:17 . 2008-06-29 16:41 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-06-18 19:08 . 2008-06-18 19:08 <REP> d-------- C:\Program Files\Google
    2008-06-17 22:51 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-06-17 22:50 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-06-17 22:49 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2008-06-17 22:49 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
    2008-06-17 22:49 . 2008-04-13 11:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2008-06-17 22:49 . 2008-04-13 11:45 10,368 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
    2008-06-17 18:12 . 2008-06-20 19:18 <REP> d-------- C:\Program Files\FrostWire
    2008-06-17 18:12 . 2008-07-03 14:37 <REP> d-------- C:\Program Files\Azureus
    2008-06-17 17:53 . 2008-06-17 17:53 <REP> d-------- C:\Documents and Settings\Lyn\Contacts
    2008-06-17 17:52 . 2008-06-17 17:52 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
    2008-06-17 17:50 . 2008-06-17 17:52 <REP> d-------- C:\Program Files\Windows Live
    2008-06-17 17:50 . 2008-06-17 17:51 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-06-17 17:48 . 2008-06-17 17:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-06-17 15:01 . 2008-06-17 15:01 <REP> d-------- C:\Documents and Settings\Lyn\Application Data\Bitdefender
    2008-06-17 14:59 . 2008-07-04 12:46 81,984 --a------ C:\WINDOWS\system32\bdod.bin
    2008-06-17 14:53 . 2008-06-17 14:53 <REP> d-------- C:\Program Files\Softwin
    2008-06-17 14:53 . 2008-06-17 14:53 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
    2008-06-17 14:53 . 2008-06-17 14:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
    2008-06-17 14:51 . 2008-06-17 14:51 <REP> d-------- C:\WINDOWS\Logs
    2008-06-17 14:43 . 2003-06-05 00:41 186,095 --a------ C:\WINDOWS\system32\drivers\o2mmb.sys
    2008-06-17 14:43 . 2003-06-09 13:20 8,008 --a------ C:\WINDOWS\system32\drivers\o2mmb.cat
    2008-06-17 14:43 . 2003-04-29 10:26 5,689 --a------ C:\WINDOWS\system32\drivers\MbxStby.sys
    2008-06-17 14:43 . 2003-06-05 00:33 2,539 --a------ C:\WINDOWS\system32\drivers\o2mmb.inf
    2008-06-17 14:33 . 2008-06-30 09:48 <REP> d-------- C:\Documents and Settings\Lyn\Application Data\OpenOffice.org2
    2008-06-17 14:33 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
    2008-06-17 14:32 . 2008-06-17 14:32 <REP> d-------- C:\Program Files\Realtek AC97
    2008-06-17 14:32 . 2006-12-08 15:20 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
    2008-06-17 14:32 . 2006-10-18 02:53 147,456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
    2008-06-17 14:31 . 2008-06-30 09:49 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
    2008-06-17 14:04 . 2008-06-17 14:04 <REP> d-------- C:\Program Files\QuickTime
    2008-06-17 14:04 . 2008-06-17 14:04 <REP> d-------- C:\Program Files\Apple Software Update
    2008-06-17 14:04 . 2008-06-17 14:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-06-17 14:04 . 2008-06-17 14:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2008-06-17 12:34 . 2008-04-13 19:33 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
    2008-06-17 12:34 . 2008-04-13 19:33 1,306,624 -----c--- C:\WINDOWS\system32\dllcache\msxml6.dll
    2008-06-17 12:34 . 2008-04-13 19:04 93,184 --------- C:\WINDOWS\system32\msxml6r.dll
    2008-06-17 12:34 . 2008-04-13 19:04 93,184 -----c--- C:\WINDOWS\system32\dllcache\msxml6r.dll
    2008-06-17 12:32 . 2008-06-17 12:32 <REP> d-------- C:\WINDOWS\ServicePackFiles
    2008-06-17 12:32 . 2008-04-13 19:34 294,912 -----c--- C:\WINDOWS\system32\dllcache\dlimport.exe
    2008-06-17 12:30 . 2007-08-10 08:18 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2008-06-17 12:30 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\002603_.tmp

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-01 09:51 17,408 ----a-w C:\WINDOWS\system32\svchost.exe
    2008-07-01 08:33 579,584 ----a-w C:\WINDOWS\system32\user32.DLL
    2008-06-29 16:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-17 12:43 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-06-17 11:53 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-06-17 11:53 --------- d-----w C:\Program Files\Java
    2008-06-17 11:52 --------- d-----w C:\Program Files\Fichiers communs\Java
    2008-06-17 09:52 --------- d-----w C:\Program Files\ATI Technologies
    2008-06-17 09:24 --------- d-----w C:\Program Files\microsoft frontpage
    2008-06-17 09:23 --------- d-----w C:\Program Files\Services en ligne
    2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-05-30 12:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
    2008-05-30 12:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
    2008-05-30 12:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
    2008-05-30 12:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
    2008-05-30 12:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
    2008-05-30 12:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
    2008-05-30 12:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
    2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
    2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-04-13 17:50 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
    2008-04-13 17:37 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe
    2008-04-13 17:33 98,816 ----a-w C:\WINDOWS\system32\psbase.dll
    2008-04-13 17:32 764,416 ----a-w C:\WINDOWS\system32\winntbbu.dll
    2008-04-13 17:32 61,471 ----a-w C:\WINDOWS\system32\odbcji32.dll
    2008-04-13 17:32 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
    2008-04-13 17:07 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
    2008-04-13 17:07 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
    2008-04-13 17:06 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
    2008-04-13 17:03 81,920 ------w C:\WINDOWS\system32\msshavmsg.dll
    2008-04-13 17:02 50,688 ----a-w C:\WINDOWS\system32\inetres.dll
    2008-04-13 17:01 572,416 ----a-w C:\WINDOWS\system32\shdoclc.dll
    2008-04-13 16:59 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
    2008-04-13 16:58 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-04-13 16:58 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
    2008-04-13 16:57 70,144 ----a-w C:\WINDOWS\system32\browselc.dll
    2008-04-13 16:54 103,936 ----a-w C:\WINDOWS\system32\dpcdll.dll
    2008-04-13 09:45 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
    2008-04-13 09:40 445,440 ----a-w C:\WINDOWS\system32\xpob2res.dll
    2008-04-13 09:36 2,986,496 ----a-w C:\WINDOWS\system32\xpsp2res.dll
    2008-04-13 09:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
    2008-04-13 09:35 197,632 ----a-w C:\WINDOWS\system32\xpsp1res.dll
    2008-04-13 09:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
    2008-04-13 09:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
    2008-04-13 08:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
    2008-04-13 08:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
    2008-04-13 08:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
    2008-04-13 08:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
    2008-04-13 08:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
    2008-04-13 07:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
    2008-04-13 07:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
    2008-04-13 06:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
    .
    Infected C:\WINDOWS\system32\user32.dll hex repaired


    ------- Sigcheck -------

    2006-03-02 14:00 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
    2008-04-13 19:34 14336 e4bdf223cd75478bf44567b4d5c2634d C:\WINDOWS\ServicePackFiles\i386\svchost.exe
    md5deep: C:\WINDOWS\system32\svchost.exe: error at offset 0: Permission denied

    2006-03-02 14:00 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
    2008-04-13 19:34 512000 dd73d6b9f6b4cb630cf35b438b540174 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
    md5deep: C:\WINDOWS\system32\winlogon.exe: error at offset 0: Permission denied

    md5deep: C:\WINDOWS\explorer.exe: error at offset 0: Permission denied
    2006-03-02 14:00 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    2008-04-13 19:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\ServicePackFiles\i386\explorer.exe

    2006-03-02 14:00 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\$NtServicePackUninstall$\services.exe
    2008-04-13 19:34 109056 54cb50058851d95e56ec70d09f70857f C:\WINDOWS\ServicePackFiles\i386\services.exe
    md5deep: C:\WINDOWS\system32\services.exe: error at offset 0: Permission denied

    2006-03-02 14:00 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
    2008-04-13 19:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb C:\WINDOWS\ServicePackFiles\i386\lsass.exe
    md5deep: C:\WINDOWS\system32\lsass.exe: error at offset 0: Permission denied
    .
    ((((((((((((((((((((((((((((( snapshot@2008-07-02_10.32.55.53 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-07-02 08:30:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-07-04 10:47:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    - 2008-07-02 08:27:18 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2008-07-04 10:43:33 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    - 2008-07-02 08:27:18 65,536 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    + 2008-07-04 10:43:33 98,304 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    - 2008-07-02 08:27:18 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008070220080703\index.dat
    + 2008-07-02 17:27:56 49,152 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008070220080703\index.dat
    + 2008-07-03 19:25:38 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008070320080704\index.dat
    + 2008-07-04 10:28:27 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008070420080705\index.dat
    - 2008-07-02 08:27:18 245,760 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-07-04 10:43:33 409,600 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
    "BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 16:48 290816]
    "BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 15:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoSimpleStartMenu"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "NoActiveDesktopChanges"= 00000000
    "NoActiveDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "XmFSv"= {F0C770DB-5A6D-DA71-A5CE-49A6C1F9BB3F} - C:\WINDOWS\system32\yweptr.dll [2008-04-13 19:33 32768]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=sockspy.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vqi08.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=

    R0 Vqi08;Vqi08;C:\WINDOWS\system32\Drivers\Vqi08.sys [2008-07-02 10:34]
    R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2003-06-05 00:41]
    R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2003-04-29 10:26]
    R3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2003-10-30 21:17]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 11:45]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    \Shell\AutoRun\command - E:\autorun_PES2008.exe

    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-04 12:48:14
    Windows 5.1.2600 Service Pack 3 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    NoActiveDesktopChanges = 3F 00 00 00
    NoActiveDesktop = 63
    NoSaveSettings = 63
    ClassicShell = 63

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-07-04 12:50:38 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-07-04 10:50:33
    ComboFix2.txt 2008-07-02 08:33:20

    Pre-Run: 8,582,553,600 octets libres
    Post-Run: 8,799,674,368 octets libres

    WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
    C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

    315 --- E O F --- 2008-06-24 16:02:53

    J'ai suivi les instructions pourtant...
    4 Juillet 2008 14:47:57

    :hello:  Bonjour,

    Parfait :super:

    L'installation de la console de récupération a permis à combofix de corriger lui-même un fichier légitime infecté, comme je m'y attendais.

    Dans ton premier rapport, on pouvait y voir ceci :

    Citation :

    C:\WINDOWS\system32\user32.dll ... is infected !! (additional data below)


    Dans le deuxième, suite à l'installation de la console :

    Citation :
    Infected C:\WINDOWS\system32\user32.dll hex repaired


    Maintenant, laisse-moi le temps de te préparer un script pour enlever toutes les bébêtes de ton PC, et crois-moi il y en a... :/ 

    En attendant, je te conseille de cliquer sur le lien dans ma signature, tu en apprendras beaucoup. Je te réponds d'ici ce soir.

    ;) 
    4 Juillet 2008 16:18:43

    ok c'est cool! merci!

    J'ai chopé un sacré virus car j'ai changé mon disque dur il y a quelques semaines...

    Merci beaucoup en tout cas de t'occuper de mon cas!
    7 Juillet 2008 16:30:15

    Salut!

    J'ai pas mal appris sur les virus et autres avec ton fichier et 'est vrai que je fais trop confiance!

    Par contre, tout marche nickel mais aujourd'hui il y a à nouveau eu le message d'erreur: problème dans services.exe. J'ai redémarré plusieurs fois et maintenant c'est bon. Mais c'est bizarre quand même non?

    Merci d'avance pour ta réponse!
    29 Juillet 2008 14:16:29

    :hello:  Bonjour,

    Dsl, j'étais en vacs :) 

    Reprenons donc :

    Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.
    NB : Tu dois être connecté avec des droits d'Administrateur.
  • ferme toutes les applications et fenêtres
  • double-clique sur dss.exe pour le lancer et suis les instructions ci-dessous
    Attention, il est conseillé de stopper temporairement les logiciels résidents de protection (pare-feu, antivirus, etc.)
  • s'il s'agit d'une première utilisation ou d'une nouvelle version de DSS :
  • tu devras cliquer 2 fois sur le OK des boîtes de dialogue
    Attention, si tu tardes trop, la réponse Abandon sera automatiquement validée
  • quand le traitement est terminé (clique sur OK), deux fichiers texte s'affichent :
    main.txt <- ouvert en premier plan et en plein écran
    extra.txt <- ouvert en second plan et en fenêtré (regarde la barre des taches)
    S'il s'agit d'une utilisation supplémentaire de DSS :
  • tu n'auras pas de boîte de dialogue (pas de OK)
  • quand le traitement est terminé, un fichier texte s'affiche :
    main.txt <- ouvert en premier plan et en plein écran

  • copie (Ctrl+A puis Ctrl+C) et colle (Ctrl+V) le contenu de main.txt dans ton prochain post
  • copie de même le contenu de extra.txt dans ton prochain post, si tu as ce fichier (première utilisation)
  • n'oublie pas de réactiver les protections si elles ont été stoppées.



    Ce que fait DSS :
  • crée un point de restauration dans Windows XP et Vista
  • nettoie les fichiers temporaires, DPF-Downloaded Program Files et le Cache Internet, vide la Corbeille de tous les lecteurs
  • vérifie quelques zones importantes de ton système et établit un rapport pour examen par ton conseiller en sécurité. DSS lance automatiquement HijackThis pour toi; il va aussi créer un raccourci HijackThis sur ton Bureau si tu n'as pas déjà HijackThis d'installé.

    ;) 
    4 Août 2008 13:46:06

    Slt!!

    J'espère que tu as passé de bonnes vcs!
    Je me connecte sous un autre compte car quand je me connecte avec l'autre, impossible de se connecter au forum!

    Voici le rapport main.txt (pas extra.txt car j'ai déjà utilisé ce logiciel)

    Deckard's System Scanner v20071014.68
    Run by Lyn on 2008-08-04 13:42:24
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as Lyn.exe) -------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:42:27, on 04/08/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Softwin\BitDefender10\bdmcon.exe
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\Documents and Settings\Lyn\Bureau\dss.exe
    C:\DOCUME~1\Lyn\Bureau\Lyn.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com//
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0cca191d-13a6-4e29-b746-314dee697d83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUpload...
    O16 - DPF: {4f1e5b1a-2a80-42ca-8532-2d05cb959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://camera1.mairie-brest.fr/activex/AMC.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: Boonty Games (boonty games) - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: Nero BackItUp Scheduler 3 (nero backitup scheduler 3) - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService (nmindexingservice) - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 6467 bytes

    -- Files created between 2008-07-04 and 2008-08-04 -----------------------------

    2008-08-03 11:21:43 0 d-------- C:\Program Files\DOKA Media
    2008-08-03 11:21:40 50 --a------ C:\DragonTilesMahjonggpath.sys
    2008-08-02 21:11:15 0 d-------- C:\Program Files\Cyanide
    2008-07-31 15:17:58 0 dr------- C:\Documents and Settings\LocalService\Favoris
    2008-07-30 17:50:23 0 d-------- C:\327882R2FWJFW
    2008-07-30 11:30:03 51975 --a------ C:\qq.bin
    2008-07-18 20:35:33 4386816 --a------ C:\Documents and Settings\Lyn\ntuser.dat
    2008-07-16 17:23:50 0 d-------- C:\Documents and Settings\All Users\Application Data\BOONTY
    2008-07-16 17:23:47 0 d-------- C:\Program Files\Fichiers communs\BOONTY Shared
    2008-07-16 17:22:10 0 d-------- C:\Program Files\BoontyGames
    2008-07-16 17:22:09 0 d-------- C:\Program Files\Boonty
    2008-07-15 17:42:10 0 d-------- C:\Program Files\Lavalys
    2008-07-14 11:56:38 0 d-------- C:\Program Files\Big Kahuna Reef 2 - Chain Reaction
    2008-07-14 11:53:29 0 --a------ C:\Program Files\temp01
    2008-07-14 11:53:28 0 d-------- C:\Program Files\bfgclient
    2008-07-14 11:52:37 0 d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
    2008-07-14 10:37:48 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
    2008-07-14 10:37:48 80412 --a------ C:\WINDOWS\grep.exe
    2008-07-14 10:30:13 0 d-------- C:\Documents and Settings\Lyn\Start Menu
    2008-07-14 10:28:31 68096 --a------ C:\WINDOWS\zip.exe
    2008-07-14 10:28:31 98816 --a------ C:\WINDOWS\sed.exe
    2008-07-14 10:28:30 49152 --a------ C:\WINDOWS\VFind.exe
    2008-07-14 10:28:30 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
    2008-07-14 10:28:30 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
    2008-07-14 10:28:30 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
    2008-07-12 09:56:08 192512 --a------ C:\WINDOWS\system32\cbOCR.dll <Not Verified; TODO: <Company name>; TODO: <Product name>>
    2008-07-10 16:30:50 0 d-------- C:\Program Files\MSXML 4.0
    2008-07-10 10:09:22 0 d-------- C:\Program Files\Xara
    2008-07-10 10:09:22 0 d-------- C:\Program Files\Common Files
    2008-07-08 11:24:16 0 d-------- C:\Program Files\Real
    2008-07-08 11:24:15 0 d-------- C:\Program Files\Fichiers communs\Real
    2008-07-08 11:24:15 0 d-------- C:\Documents and Settings\Lyn\Application Data\Real
    2008-07-07 21:10:14 0 d-------- C:\Program Files\Eidos Interactive
    2008-07-07 13:40:05 0 d-------- C:\Documents and Settings\Lyn\Application Data\Nero
    2008-07-07 13:35:10 0 d-------- C:\Program Files\Nero
    2008-07-07 13:35:10 0 d-------- C:\Program Files\Fichiers communs\Nero
    2008-07-07 13:35:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
    2008-07-06 18:37:36 0 d-------- C:\WINDOWS\Sun
    2008-07-06 18:37:36 0 d-------- C:\Documents and Settings\Lyn\Application Data\Sun
    2008-07-06 15:39:26 0 d-------- C:\Documents and Settings\Lyn\Application Data\Apple Computer
    2008-07-04 19:44:28 0 d-------- C:\WINDOWS\system32\repository
    2008-07-04 12:43:39 0 d-------- C:\cmdcons


    -- Find3M Report ---------------------------------------------------------------

    2008-08-04 13:39:38 81984 --a------ C:\WINDOWS\system32\bdod.bin
    2008-07-18 13:48:27 0 d-------- C:\Program Files\Windows Live Safety Center
    2008-07-08 11:24:24 0 d-------- C:\Program Files\Fichiers communs
    2008-07-07 21:10:17 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-07-03 14:37:46 0 d-------- C:\Program Files\Azureus
    2008-07-03 14:37:43 0 d-------- C:\Documents and Settings\Lyn\Application Data\Azureus
    2008-07-01 13:39:07 367896 --a------ C:\WINDOWS\system32\perfh00C.dat
    2008-07-01 13:39:07 48814 --a------ C:\WINDOWS\system32\perfc00C.dat
    2008-07-01 12:15:52 3730 --a------ C:\WINDOWS\system32\tmp.reg
    2008-07-01 11:51:36 17408 --a------ C:\WINDOWS\system32\svchost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2008-06-30 09:49:30 0 d-------- C:\Program Files\OpenOffice.org 2.4
    2008-06-30 09:48:07 0 d-------- C:\Documents and Settings\Lyn\Application Data\OpenOffice.org2
    2008-06-29 19:54:55 0 dr-h----- C:\Documents and Settings\Lyn\Application Data\SecuROM
    2008-06-29 19:40:39 0 d-------- C:\Program Files\KONAMI
    2008-06-29 18:59:00 0 d-------- C:\Documents and Settings\Lyn\Application Data\Adobe
    2008-06-29 16:41:59 0 d-------- C:\Program Files\Fichiers communs\Adobe
    2008-06-29 15:46:52 0 d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
    2008-06-29 15:46:20 0 d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared(2)
    2008-06-29 15:24:32 0 d-------- C:\Program Files\ahead
    2008-06-23 18:51:17 0 d-------- C:\Program Files\Microsoft Works
    2008-06-23 18:51:10 0 d-------- C:\Program Files\MSBuild
    2008-06-22 21:48:38 0 d-------- C:\Program Files\Axis Communications
    2008-06-22 17:15:23 0 d-------- C:\Program Files\Mojicon Installer
    2008-06-22 12:13:17 0 d-------- C:\Program Files\Microsoft Carioca
    2008-06-22 11:07:11 0 d-------- C:\Documents and Settings\Lyn\Application Data\Open Source Applications Foundation
    2008-06-20 23:06:03 0 d-------- C:\Documents and Settings\Lyn\Application Data\WinRAR
    2008-06-20 22:06:56 0 d-------- C:\Documents and Settings\Lyn\Application Data\vlc
    2008-06-20 22:05:49 0 d-------- C:\Program Files\VideoLAN
    2008-06-20 19:56:24 0 d-------- C:\Program Files\Messenger Plus! Live
    2008-06-20 19:29:26 0 d-------- C:\Documents and Settings\Lyn\Application Data\FrostWire
    2008-06-20 19:18:16 0 d-------- C:\Program Files\FrostWire
    2008-06-19 22:19:33 0 d-------- C:\Documents and Settings\Lyn\Application Data\DAEMON Tools
    2008-06-19 20:51:05 0 d-------- C:\Program Files\Fichiers communs\PC SOFT
    2008-06-18 19:08:03 0 d-------- C:\Program Files\Google
    2008-06-17 17:52:21 0 d-------- C:\Program Files\Windows Live
    2008-06-17 17:51:18 0 d--hs--c- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-06-17 15:01:19 0 d-------- C:\Documents and Settings\Lyn\Application Data\Bitdefender
    2008-06-17 14:43:32 0 d-------- C:\Program Files\Fichiers communs\InstallShield
    2008-06-17 14:32:49 0 d-------- C:\Program Files\Realtek AC97
    2008-06-17 14:22:23 0 d-------- C:\Documents and Settings\Lyn\Application Data\Macromedia
    2008-06-17 14:04:31 0 d-------- C:\Program Files\QuickTime
    2008-06-17 14:04:02 0 d-------- C:\Program Files\Apple Software Update
    2008-06-17 13:53:40 0 d-------- C:\Program Files\Windows Media Connect 2
    2008-06-17 13:53:21 0 d-------- C:\Program Files\Java
    2008-06-17 13:52:23 0 d-------- C:\Program Files\Fichiers communs\Java
    2008-06-17 13:11:12 0 d-------- C:\Program Files\Fichiers communs\ODBC
    2008-06-17 13:11:09 0 d-------- C:\Program Files\Fichiers communs\SpeechEngines
    2008-06-17 13:10:41 62 --ahs---- C:\Documents and Settings\Lyn\Application Data\desktop.ini
    2008-06-17 12:34:01 0 d-------- C:\Program Files\Messenger
    2008-06-17 12:33:46 0 d-------- C:\Program Files\Movie Maker
    2008-06-17 12:32:07 0 d-------- C:\Program Files\Windows NT
    2008-06-17 12:07:19 0 d-------- C:\Program Files\Realtek Sound Manager
    2008-06-17 12:07:19 0 d-------- C:\Program Files\AvRack
    2008-06-17 12:01:39 0 --a------ C:\WINDOWS\nsreg.dat
    2008-06-17 12:01:37 0 d-------- C:\Documents and Settings\Lyn\Application Data\Mozilla
    2008-06-17 11:52:23 0 d-------- C:\Program Files\ATI Technologies
    2008-06-17 11:28:31 0 d-------- C:\Documents and Settings\Lyn\Application Data\Identities
    2008-06-17 11:24:48 0 d-------- C:\Program Files\microsoft frontpage
    2008-06-17 11:24:23 0 -rahs---- C:\MSDOS.SYS
    2008-06-17 11:24:23 0 -rahs---- C:\IO.SYS
    2008-06-17 11:24:23 0 --a------ C:\CONFIG.SYS
    2008-06-17 11:24:23 0 --a------ C:\AUTOEXEC.BAT
    2008-06-17 11:23:11 0 d--h----- C:\Program Files\WindowsUpdate
    2008-06-17 11:23:07 0 d-------- C:\Program Files\Services en ligne
    2008-06-17 11:22:19 0 d-------- C:\Program Files\Fichiers communs\MSSoap
    2008-06-17 11:21:35 21892 --a------ C:\WINDOWS\system32\emptyregdb.dat
    2008-06-17 11:20:45 0 d-------- C:\Program Files\Online Services
    2008-06-17 11:20:36 0 d-------- C:\Program Files\MSN Gaming Zone
    2008-05-29 09:35:36 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
    2008-05-23 18:21:42 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
    2008-05-18 21:40:36 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIModeChange"="Ati2mdxx.exe" [04/09/2001 15:24 C:\WINDOWS\system32\Ati2mdxx.exe]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [27/05/2008 10:50]
    "SoundMan"="SOUNDMAN.EXE" [16/04/2007 15:28 C:\WINDOWS\soundman.exe]
    "BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [02/04/2007 16:48]
    "BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [26/03/2007 15:49]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [15/07/2005 23:48]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [01/03/2007 15:57]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [08/08/2007 09:25]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [03/08/2007 12:51]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=0 (0x0)
    "HideLegacyLogonScripts"=0 (0x0)
    "HideLogoffScripts"=0 (0x0)
    "RunLogonScriptSync"=1 (0x1)
    "RunStartupScriptSync"=0 (0x0)
    "HideStartupScripts"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "HideLegacyLogonScripts"=0 (0x0)
    "HideLogoffScripts"=0 (0x0)
    "RunLogonScriptSync"=1 (0x1)
    "RunStartupScriptSync"=0 (0x0)
    "HideStartupScripts"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoSimpleStartMenu"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "NoActiveDesktopChanges"=00000000
    "NoActiveDesktop"=0 (0x0)
    "NoSaveSettings"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
    C:\WINDOWS\System32\dimsntfy.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=sockspy.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vqi08.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @="Volume shadow copy"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    eapsvcs eaphost
    dot3svc dot3svc

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    napagent
    hkmsvc


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    AutoRun\command- E:\autorun_PES2008.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2ccb0dc-51a5-11dd-ad6a-00030d0f917a}]
    autorun\command- F:\InstallTomTomHOME.exe




    -- End of Deckard's System Scanner: finished at 2008-08-04 13:43:01 ------------
    4 Août 2008 22:40:18

    :hello:  Bonsoir,

    Oui j'ai passé de bonnes vacances, merci !

    Supprime ta version de combofix et retélécharge-le ( même lien ).

    Et refais un scan avec combofix, puis poste moi le rapport.

    ;) 
    5 Août 2008 12:00:11

    voilà!!

    ComboFix 08-08-04.01 - Lyn 2008-08-05 11:50:32.7 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.654 [GMT 2:00]
    Endroit: C:\Documents and Settings\Lyn\Bureau\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\WINDOWS\system32\drivers\55a36e68.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_tcpsr
    -------\Service_55a36e68
    -------\Service_tcpsr
    -------\Legacy_TCPSR
    -------\Service_tcpsr


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-05 to 2008-08-05 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-05 11:54 . 8,704 C:\WINDOWS\system32\drivers\tcpsr.sys
    2008-08-03 11:21 . 2008-08-03 11:21 <REP> d-------- C:\Program Files\DOKA Media
    2008-08-03 11:21 . 2008-08-03 11:21 50 --a------ C:\DragonTilesMahjonggpath.sys
    2008-08-02 21:11 . 2008-08-02 21:15 <REP> d-------- C:\Program Files\Cyanide
    2008-07-31 15:17 . 2008-07-31 15:17 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
    2008-07-30 17:54 . 2008-07-30 17:54 268 --ah----- C:\sqmdata02.sqm
    2008-07-30 17:54 . 2008-07-30 17:54 244 --ah----- C:\sqmnoopt02.sqm
    2008-07-30 17:41 . 2008-07-30 17:41 268 --ah----- C:\sqmdata01.sqm
    2008-07-30 17:41 . 2008-07-30 17:41 244 --ah----- C:\sqmnoopt01.sqm
    2008-07-30 11:30 . 2008-07-30 12:08 51,975 --a------ C:\qq.bin
    2008-07-16 17:23 . 2008-07-16 17:23 <REP> d-------- C:\Program Files\Fichiers communs\BOONTY Shared
    2008-07-16 17:23 . 2008-07-16 17:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BOONTY
    2008-07-16 17:22 . 2008-07-16 17:23 <REP> d-------- C:\Program Files\BoontyGames
    2008-07-16 17:22 . 2008-07-16 17:22 <REP> d-------- C:\Program Files\Boonty
    2008-07-15 17:42 . 2008-07-15 17:42 <REP> d-------- C:\Program Files\Lavalys
    2008-07-14 11:56 . 2008-07-25 18:09 <REP> d-------- C:\Program Files\Big Kahuna Reef 2 - Chain Reaction
    2008-07-14 11:53 . 2008-07-14 11:53 <REP> d-------- C:\Program Files\bfgclient
    2008-07-14 11:52 . 2008-07-14 11:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
    2008-07-12 09:56 . 2008-07-16 10:21 192,512 --a------ C:\WINDOWS\system32\cbOCR.dll
    2008-07-11 11:44 . 2008-07-11 11:44 373 --a------ C:\WINDOWS\system32\MRT.INI
    2008-07-10 16:30 . 2008-07-10 16:30 <REP> d-------- C:\Program Files\MSXML 4.0
    2008-07-10 10:09 . 2008-07-10 10:09 <REP> d-------- C:\Program Files\Xara
    2008-07-10 10:09 . 2008-07-10 10:09 <REP> d-------- C:\Program Files\Common Files
    2008-07-08 11:24 . 2008-07-08 11:24 <REP> d-------- C:\Program Files\Real
    2008-07-08 11:24 . 2008-07-10 10:09 <REP> d-------- C:\Program Files\Fichiers communs\Real
    2008-07-07 21:10 . 2008-07-07 21:10 <REP> d-------- C:\Program Files\Eidos Interactive
    2008-07-07 20:11 . 2008-07-13 20:15 49 --a------ C:\WINDOWS\NeroDigital.ini
    2008-07-07 13:40 . 2008-07-07 13:40 <REP> d-------- C:\Documents and Settings\Lyn\Application Data\Nero
    2008-07-07 13:35 . 2008-07-07 13:35 <REP> d-------- C:\Program Files\Nero
    2008-07-07 13:35 . 2008-07-07 13:38 <REP> d-------- C:\Program Files\Fichiers communs\Nero
    2008-07-07 13:35 . 2008-07-07 13:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
    2008-07-06 18:37 . 2008-07-06 18:37 <REP> d-------- C:\WINDOWS\Sun
    2008-07-06 16:08 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
    2008-07-06 16:08 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
    2008-07-06 16:08 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
    2008-07-06 16:08 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
    2008-07-06 16:08 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
    2008-07-06 16:08 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
    2008-07-06 16:08 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
    2008-07-06 16:08 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
    2008-07-06 15:39 . 2008-07-06 15:39 <REP> d-------- C:\Documents and Settings\Lyn\Application Data\Apple Computer

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-05 09:54 30,720 ----a-w C:\WINDOWS\system32\drivers\Vqi08.sys
    2008-08-05 09:52 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
    2008-08-03 09:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-07-31 14:34 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(4).sys
    2008-07-30 15:47 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(5).sys
    2008-07-30 15:20 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(6).sys
    2008-07-30 09:26 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(7).sys
    2008-07-29 14:02 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(8).sys
    2008-07-29 13:28 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(9).sys
    2008-07-28 18:55 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(10).sys
    2008-07-28 17:19 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(11).sys
    2008-07-28 11:20 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(12).sys
    2008-07-27 18:53 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(13).sys
    2008-07-27 18:25 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(14).sys
    2008-07-27 17:32 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(15).sys
    2008-07-26 09:49 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(16).sys
    2008-07-25 16:17 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-07-25 15:49 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(17).sys
    2008-07-25 14:30 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(18).sys
    2008-07-25 12:43 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(19).sys
    2008-07-25 11:11 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(20).sys
    2008-07-24 12:53 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(21).sys
    2008-07-24 11:17 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(22).sys
    2008-07-23 18:50 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(23).sys
    2008-07-23 15:33 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(24).sys
    2008-07-23 13:35 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(25).sys
    2008-07-22 17:58 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(26).sys
    2008-07-21 20:27 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(27).sys
    2008-07-21 18:51 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(28).sys
    2008-07-21 17:03 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(29).sys
    2008-07-21 11:23 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(30).sys
    2008-07-21 10:15 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(31).sys
    2008-07-21 07:09 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(32).sys
    2008-07-20 20:10 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(33).sys
    2008-07-20 18:24 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(34).sys
    2008-07-20 11:38 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(35).sys
    2008-07-20 11:18 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(36).sys
    2008-07-20 11:05 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(37).sys
    2008-07-20 10:28 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(38).sys
    2008-07-20 10:24 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(39).sys
    2008-07-19 15:43 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(40).sys
    2008-07-19 11:23 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(41).sys
    2008-07-19 10:06 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(42).sys
    2008-07-18 19:24 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(43).sys
    2008-07-18 17:46 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(44).sys
    2008-07-18 11:48 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-07-14 09:53 0 ----a-w C:\Program Files\temp01
    2008-07-07 19:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-07-03 12:37 --------- d-----w C:\Program Files\Azureus
    2008-07-03 12:37 --------- d-----w C:\Documents and Settings\Lyn\Application Data\Azureus
    2008-07-01 17:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-07-01 17:35 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-07-01 10:15 3,730 ----a-w C:\WINDOWS\system32\tmp.reg
    2008-07-01 09:51 17,408 ----a-w C:\WINDOWS\system32\svchost.exe
    2008-07-01 09:26 30,208 ----a-w C:\WINDOWS\system32\drivers\Vqi08(3).sys
    2008-07-01 08:33 579,584 ----a-w C:\WINDOWS\system32\user32.DLL
    2008-07-01 08:33 30,208 ----a-w C:\WINDOWS\system32\drivers\Vqi08(2).sys
    2008-06-30 07:49 --------- d-----w C:\Program Files\OpenOffice.org 2.4
    2008-06-30 07:48 --------- d-----w C:\Documents and Settings\Lyn\Application Data\OpenOffice.org2
    2008-06-30 07:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
    2008-06-29 17:54 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2008-06-29 17:54 --------- d--h--r C:\Documents and Settings\Lyn\Application Data\SecuROM
    2008-06-29 17:40 --------- d-----w C:\Program Files\KONAMI
    2008-06-29 14:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
    2008-06-29 14:41 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-06-29 13:46 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared(2)
    2008-06-29 13:46 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
    2008-06-29 13:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems(2)
    2008-06-29 13:24 --------- d-----w C:\Program Files\ahead
    2008-06-23 21:34 82,432 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
    2008-06-23 16:51 --------- d-----w C:\Program Files\MSBuild
    2008-06-23 16:51 --------- d-----w C:\Program Files\Microsoft Works
    2008-06-23 16:43 223,128 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys
    2008-06-22 19:48 --------- d-----w C:\Program Files\Axis Communications
    2008-06-22 15:15 --------- d-----w C:\Program Files\Mojicon Installer
    2008-06-22 10:13 --------- d-----w C:\Program Files\Microsoft Carioca
    2008-06-22 09:07 --------- d-----w C:\Documents and Settings\Lyn\Application Data\Open Source Applications Foundation
    2008-06-20 20:06 --------- d-----w C:\Documents and Settings\Lyn\Application Data\vlc
    2008-06-20 20:05 --------- d-----w C:\Program Files\VideoLAN
    2008-06-20 18:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-06-20 17:56 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 17:29 --------- d-----w C:\Documents and Settings\Lyn\Application Data\FrostWire
    2008-06-20 17:18 --------- d-----w C:\Program Files\FrostWire
    2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-19 20:19 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-06-19 20:19 --------- d-----w C:\Documents and Settings\Lyn\Application Data\DAEMON Tools
    2008-06-19 18:51 --------- d-----w C:\Program Files\Fichiers communs\PC SOFT
    2008-06-18 17:08 --------- d-----w C:\Program Files\Google
    2008-06-17 15:52 --------- d-----w C:\Program Files\Windows Live
    2008-06-17 15:51 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-06-17 15:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-06-17 13:01 --------- d-----w C:\Documents and Settings\Lyn\Application Data\Bitdefender
    2008-06-17 12:53 --------- d-----w C:\Program Files\Softwin
    2008-06-17 12:53 --------- d-----w C:\Program Files\Fichiers communs\Softwin
    2008-06-17 12:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\BitDefender
    2008-06-17 12:43 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-06-17 12:32 --------- d-----w C:\Program Files\Realtek AC97
    .

    ------- Sigcheck -------

    2006-03-02 14:00 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
    2008-04-13 19:34 14336 e4bdf223cd75478bf44567b4d5c2634d C:\WINDOWS\ServicePackFiles\i386\svchost.exe
    2008-07-01 11:51 17408 d84196f4bc2a42c626b53e9ffd9041f5 C:\WINDOWS\system32\svchost.exe

    2006-03-02 14:00 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
    2008-04-13 19:34 512000 dd73d6b9f6b4cb630cf35b438b540174 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
    2008-04-13 19:34 516096 cb0ee548caf0c5a8e8c7660ec35a37b7 C:\WINDOWS\system32\winlogon.exe

    2008-04-13 19:34 1040384 1258395fe10e3aa3838d4268937f0637 C:\WINDOWS\explorer.exe
    2006-03-02 14:00 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    2008-04-13 19:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\ServicePackFiles\i386\explorer.exe

    2006-03-02 14:00 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\$NtServicePackUninstall$\services.exe
    2008-04-13 19:34 109056 54cb50058851d95e56ec70d09f70857f C:\WINDOWS\ServicePackFiles\i386\services.exe
    2008-04-13 19:34 111104 93dc1f26d67aead03619279949e45def C:\WINDOWS\system32\services.exe

    2006-03-02 14:00 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
    2008-04-13 19:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb C:\WINDOWS\ServicePackFiles\i386\lsass.exe
    2008-04-13 19:34 14848 204ed22034ada50188857c8a3f7cd4c0 C:\WINDOWS\system32\lsass.exe

    2006-03-02 14:00 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
    2008-04-13 19:34 57856 460e4ce148bd07218da0b6a3d31885a9 C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
    2008-04-13 19:34 58880 b7fabc09c6c048db3ec8cd84c7401eee C:\WINDOWS\system32\spoolsv.exe
    .
    ((((((((((((((((((((((((((((( snapshot_2008-07-14_10.41.15.76 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2006-10-26 18:55:38 138,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\IMPMAIL.DLL
    + 2006-10-27 13:16:36 46,864 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OUTLRPC.DLL
    - 2008-07-10 08:14:06 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
    + 2008-08-03 09:47:52 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
    - 2008-07-10 08:14:06 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
    + 2008-08-03 09:47:52 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
    - 2008-07-10 08:14:06 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
    + 2008-08-03 09:47:52 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
    - 2008-07-10 08:14:06 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
    + 2008-08-03 09:47:52 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
    - 2008-07-10 08:14:06 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
    + 2008-08-03 09:47:52 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
    - 2008-07-10 08:14:06 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
    + 2008-08-03 09:47:52 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
    - 2008-07-10 08:14:06 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
    + 2008-08-03 09:47:52 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
    - 2008-07-10 08:14:06 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
    + 2008-08-03 09:47:52 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
    - 2008-07-10 08:14:06 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
    + 2008-08-03 09:47:52 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
    - 2008-07-10 08:14:06 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
    + 2008-08-03 09:47:52 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
    - 2008-07-10 08:14:06 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
    + 2008-08-03 09:47:52 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
    - 2008-07-14 08:28:32 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2008-08-05 09:54:10 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    - 2008-07-14 08:28:32 851,968 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    + 2008-08-05 09:54:10 1,392,640 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    + 2008-07-20 20:13:40 114,688 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008071420080721\index.dat
    + 2008-07-20 20:13:40 49,152 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008072020080721\index.dat
    + 2008-07-28 11:20:13 98,304 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008072120080728\index.dat
    + 2008-07-28 18:55:19 49,152 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008072820080729\index.dat
    + 2008-08-03 23:15:09 49,152 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008072820080804\index.dat
    + 2008-07-29 14:02:55 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008072920080730\index.dat
    + 2008-07-30 15:49:09 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008073020080731\index.dat
    + 2008-07-31 14:43:31 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008073120080801\index.dat
    + 2008-08-04 17:42:00 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008080420080805\index.dat
    + 2008-08-05 09:47:00 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008080520080806\index.dat
    + 2008-08-05 09:54:10 1,556,480 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-04-13 17:34:28 26,624 -c--a-w C:\WINDOWS\system32\dllcache\userinit.exe
    + 2005-05-16 13:15:58 48,640 ----a-w C:\WINDOWS\system32\drivers\sfdrv01.sys
    + 2005-05-16 13:20:39 6,656 ----a-w C:\WINDOWS\system32\drivers\sfhlp02.sys
    + 2005-05-16 13:23:38 19,968 ----a-w C:\WINDOWS\system32\drivers\sfsync02.sys
    + 2005-05-16 13:26:49 66,560 ----a-w C:\WINDOWS\system32\drivers\sfvfs02.sys
    - 2008-07-10 08:09:47 721,572 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
    + 2008-08-01 10:28:12 1,121,848 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-08-03 12:51 202024]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
    "BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 16:48 290816]
    "BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 09:25 1828136]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 15:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoSimpleStartMenu"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=sockspy.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vqi08.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Program Files\\FrostWire\\FrostWire.exe"=
    "C:\\Program Files\\Cyanide\\Pro Cycling Manager\\Cym2005.exe"=

    R0 Vqi08;Vqi08;C:\WINDOWS\system32\Drivers\Vqi08.sys [2008-08-05 11:54]
    R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2003-06-05 00:41]
    R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2003-04-29 10:26]
    R3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2003-10-30 21:17]
    R3 tcpsr;tcpsr;C:\WINDOWS\System32\drivers\tcpsr.sys []
    S3 boonty games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2008-07-16 17:23]
    S3 restore;restore;C:\WINDOWS\system32\drivers\restore.sys []
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 11:45]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    \Shell\AutoRun\command - E:\autorun_PES2008.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2ccb0dc-51a5-11dd-ad6a-00030d0f917a}]
    \shell\autorun\command - F:\InstallTomTomHOME.exe

    *Newly Created Service* - TCPSR
    .
    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\Lyn\Application Data\Mozilla\Firefox\Profiles\e3uwj6lv.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://atrium.ensgsi.inpl-nancy.fr/gsiint/login.htm


    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-05 11:54:12
    Windows 5.1.2600 Service Pack 3 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    NoActiveDesktopChanges = 3F 00 00 00
    NoActiveDesktop = 63
    NoSaveSettings = 63
    ClassicShell = 63

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-05 11:57:49 - machine was rebooted [Lyn]
    ComboFix-quarantined-files.txt 2008-08-05 09:57:43
    ComboFix2.txt 2008-07-14 08:41:45
    ComboFix3.txt 2008-07-04 10:50:39
    ComboFix4.txt 2008-07-02 08:33:20

    Pre-Run: 3,537,960,960 octets libres
    Post-Run: 3,523,411,968 octets libres

    331 --- E O F --- 2008-08-03 09:47:54
    5 Août 2008 12:55:31

    :hello:  Bonjour,

    Supprime via "Ajout/suppression de programmes" du panneau de configuration Azureus et FrostWire.

    Ouvre Spybot , clique sur l'onglet Mode et choisis Mode Avancé
    Ne tiens pas compte de l'avertissement
    En bas à gauche , clique sur Outils
    Toujours dans la colonne de gauche , clique sur Résident ( pas dans la fenêtre centrale )
    Et décoche l'option Resident "TeaTimer"

    Désactive toute protection résidente ( antivirus…) ! <------- Pense-y !

    Copie le texte se situant dans le cadre ci-dessous : ( Ctrl + C )

    Citation :
    Driver::
    Vqi08
    tcpsr
    restore
    boonty games
    Vqi08(4)
    Vqi08(5)
    Vqi08(6)
    Vqi08(7)
    Vqi08(8)
    Vqi08(9)
    Vqi08(10)
    Vqi08(11)
    Vqi08(12)
    Vqi08(13)
    Vqi08(14)
    Vqi08(15)
    Vqi08(16)
    Vqi08(17)
    Vqi08(18)
    Vqi08(19)
    Vqi08(20)
    Vqi08(21)
    Vqi08(22)
    Vqi08(23)
    Vqi08(24)
    Vqi08(25)
    Vqi08(26)
    Vqi08(27)
    Vqi08(28)
    Vqi08(29)
    Vqi08(30)
    Vqi08(31)
    Vqi08(32)
    Vqi08(33)
    Vqi08(34)
    Vqi08(35)
    Vqi08(36)
    Vqi08(37)
    Vqi08(38)
    Vqi08(39)
    Vqi08(40)
    Vqi08(41)
    Vqi08(42)
    Vqi08(43)
    Vqi08(44)
    Vqi08(3)
    Vqi08(2)

    File::
    C:\WINDOWS\system32\drivers\tcpsr.sys
    C:\WINDOWS\system32\cbOCR.dll
    C:\WINDOWS\system32\drivers\Vqi08.sys
    C:\WINDOWS\system32\drivers\Vqi08(4).sys
    C:\WINDOWS\system32\drivers\Vqi08(5).sys
    C:\WINDOWS\system32\drivers\Vqi08(6).sys
    C:\WINDOWS\system32\drivers\Vqi08(7).sys
    C:\WINDOWS\system32\drivers\Vqi08(8).sys
    C:\WINDOWS\system32\drivers\Vqi08(9).sys
    C:\WINDOWS\system32\drivers\Vqi08(10).sys
    C:\WINDOWS\system32\drivers\Vqi08(11).sys
    C:\WINDOWS\system32\drivers\Vqi08(12).sys
    C:\WINDOWS\system32\drivers\Vqi08(13).sys
    C:\WINDOWS\system32\drivers\Vqi08(14).sys
    C:\WINDOWS\system32\drivers\Vqi08(15).sys
    C:\WINDOWS\system32\drivers\Vqi08(16).sys
    C:\WINDOWS\system32\drivers\Vqi08(17).sys
    C:\WINDOWS\system32\drivers\Vqi08(18).sys
    C:\WINDOWS\system32\drivers\Vqi08(19).sys
    C:\WINDOWS\system32\drivers\Vqi08(20).sys
    C:\WINDOWS\system32\drivers\Vqi08(21).sys
    C:\WINDOWS\system32\drivers\Vqi08(22).sys
    C:\WINDOWS\system32\drivers\Vqi08(23).sys
    C:\WINDOWS\system32\drivers\Vqi08(24).sys
    C:\WINDOWS\system32\drivers\Vqi08(25).sys
    C:\WINDOWS\system32\drivers\Vqi08(26).sys
    C:\WINDOWS\system32\drivers\Vqi08(27).sys
    C:\WINDOWS\system32\drivers\Vqi08(28).sys
    C:\WINDOWS\system32\drivers\Vqi08(29).sys
    C:\WINDOWS\system32\drivers\Vqi08(30).sys
    C:\WINDOWS\system32\drivers\Vqi08(31).sys
    C:\WINDOWS\system32\drivers\Vqi08(32).sys
    C:\WINDOWS\system32\drivers\Vqi08(33).sys
    C:\WINDOWS\system32\drivers\Vqi08(34).sys
    C:\WINDOWS\system32\drivers\Vqi08(35).sys
    C:\WINDOWS\system32\drivers\Vqi08(36).sys
    C:\WINDOWS\system32\drivers\Vqi08(37).sys
    C:\WINDOWS\system32\drivers\Vqi08(38).sys
    C:\WINDOWS\system32\drivers\Vqi08(39).sys
    C:\WINDOWS\system32\drivers\Vqi08(40).sys
    C:\WINDOWS\system32\drivers\Vqi08(41).sys
    C:\WINDOWS\system32\drivers\Vqi08(42).sys
    C:\WINDOWS\system32\drivers\Vqi08(43).sys
    C:\WINDOWS\system32\drivers\Vqi08(44).sys
    C:\WINDOWS\system32\drivers\Vqi08(3).sys
    C:\WINDOWS\system32\drivers\Vqi08(2).sys

    Folder::
    C:\Program Files\Fichiers communs\BOONTY Shared
    C:\Documents and Settings\All Users\Application Data\BOONTY
    C:\Program Files\BoontyGames
    C:\Program Files\Boonty
    C:\Program Files\Azureus
    C:\Documents and Settings\Lyn\Application Data\Azureus
    C:\Documents and Settings\All Users\Application Data\Azureus
    C:\Documents and Settings\Lyn\Application Data\FrostWire
    C:\Program Files\FrostWire

    Registry::
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vqi08.sys]
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000000
    "UpdatesDisableNotify"=dword:00000000
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\Azureus\\Azureus.exe"=-
    "C:\\Program Files\\FrostWire\\FrostWire.exe"=-
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2ccb0dc-51a5-11dd-ad6a-00030d0f917a}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    "NoActiveDesktopChanges"=dword:00000000
    "NoActiveDesktop"=dword:00000000
    "NoSaveSettings"=dword:00000000
    "ClassicShell"=dword:00000000


    => Ouvre le Bloc Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes

    - Colles y le texte (CTRL + V)
    - Enregistre ce fichier dans : Bureau
    - Nom du fichier : CFScript
    - Type du fichier : tous les fichiers !!
    - Clique sur Enregistrer
    - Quitte le Bloc Notes

    Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



    * Cela va relancer Combofix : au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
    * Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher : Copie/Colle son contenue sur le forum.
    Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt
    * Poste un nouveau rapport hijackthis.

    ;) 
    5 Août 2008 18:07:09

    voici comboFix.txt:

    ComboFix 08-08-04.01 - Lyn 2008-08-05 17:55:53.8 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.649 [GMT 2:00]
    Endroit: C:\Documents and Settings\Lyn\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Lyn\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_boonty_games
    -------\Legacy_TCPSR
    -------\Legacy_VQI08
    -------\Service_boonty games
    -------\Service_restore
    -------\Service_tcpsr
    -------\Service_Vqi08


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-05 to 2008-08-05 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-03 11:21 . 2008-08-03 11:21 <REP> d-------- C:\Program Files\DOKA Media
    2008-08-03 11:21 . 2008-08-03 11:21 50 --a------ C:\DragonTilesMahjonggpath.sys
    2008-08-02 21:11 . 2008-08-02 21:15 <REP> d-------- C:\Program Files\Cyanide
    2008-07-31 15:17 . 2008-07-31 15:17 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
    2008-07-30 17:54 . 2008-07-30 17:54 268 --ah----- C:\sqmdata02.sqm
    2008-07-30 17:54 . 2008-07-30 17:54 244 --ah----- C:\sqmnoopt02.sqm
    2008-07-30 17:41 . 2008-07-30 17:41 268 --ah----- C:\sqmdata01.sqm
    2008-07-30 17:41 . 2008-07-30 17:41 244 --ah----- C:\sqmnoopt01.sqm
    2008-07-30 11:30 . 2008-07-30 12:08 51,975 --a------ C:\qq.bin
    2008-07-16 17:23 . 2008-07-16 17:23 <REP> d-------- C:\Program Files\Fichiers communs\BOONTY Shared
    2008-07-16 17:23 . 2008-07-16 17:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BOONTY
    2008-07-16 17:22 . 2008-07-16 17:23 <REP> d-------- C:\Program Files\BoontyGames
    2008-07-16 17:22 . 2008-07-16 17:22 <REP> d-------- C:\Program Files\Boonty
    2008-07-15 17:42 . 2008-07-15 17:42 <REP> d-------- C:\Program Files\Lavalys
    2008-07-14 11:56 . 2008-07-25 18:09 <REP> d-------- C:\Program Files\Big Kahuna Reef 2 - Chain Reaction
    2008-07-14 11:53 . 2008-07-14 11:53 <REP> d-------- C:\Program Files\bfgclient
    2008-07-14 11:52 . 2008-07-14 11:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
    2008-07-12 09:56 . 2008-07-16 10:21 192,512 --a------ C:\WINDOWS\system32\cbOCR.dll
    2008-07-11 11:44 . 2008-07-11 11:44 373 --a------ C:\WINDOWS\system32\MRT.INI
    2008-07-10 16:30 . 2008-07-10 16:30 <REP> d-------- C:\Program Files\MSXML 4.0
    2008-07-10 10:09 . 2008-07-10 10:09 <REP> d-------- C:\Program Files\Xara
    2008-07-10 10:09 . 2008-07-10 10:09 <REP> d-------- C:\Program Files\Common Files
    2008-07-08 11:24 . 2008-07-08 11:24 <REP> d-------- C:\Program Files\Real
    2008-07-08 11:24 . 2008-07-10 10:09 <REP> d-------- C:\Program Files\Fichiers communs\Real
    2008-07-07 21:10 . 2008-07-07 21:10 <REP> d-------- C:\Program Files\Eidos Interactive
    2008-07-07 20:11 . 2008-07-13 20:15 49 --a------ C:\WINDOWS\NeroDigital.ini
    2008-07-07 13:40 . 2008-07-07 13:40 <REP> d-------- C:\Documents and Settings\Lyn\Application Data\Nero
    2008-07-07 13:35 . 2008-07-07 13:35 <REP> d-------- C:\Program Files\Nero
    2008-07-07 13:35 . 2008-07-07 13:38 <REP> d-------- C:\Program Files\Fichiers communs\Nero
    2008-07-07 13:35 . 2008-07-07 13:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
    2008-07-06 18:37 . 2008-07-06 18:37 <REP> d-------- C:\WINDOWS\Sun
    2008-07-06 16:08 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
    2008-07-06 16:08 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
    2008-07-06 16:08 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
    2008-07-06 16:08 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
    2008-07-06 16:08 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
    2008-07-06 16:08 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
    2008-07-06 16:08 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
    2008-07-06 16:08 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
    2008-07-06 15:39 . 2008-07-06 15:39 <REP> d-------- C:\Documents and Settings\Lyn\Application Data\Apple Computer

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-05 15:58 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
    2008-08-05 15:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-08-05 15:51 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-08-05 15:44 --------- d-----w C:\Program Files\FrostWire
    2008-08-05 15:44 --------- d-----w C:\Program Files\Azureus
    2008-08-05 15:30 30,720 ----a-w C:\WINDOWS\system32\drivers\Vqi08.sys
    2008-08-03 09:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-07-31 14:34 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(4).sys
    2008-07-30 15:47 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(5).sys
    2008-07-30 15:20 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(6).sys
    2008-07-30 09:26 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(7).sys
    2008-07-29 14:02 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(8).sys
    2008-07-29 13:28 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(9).sys
    2008-07-28 18:55 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(10).sys
    2008-07-28 17:19 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(11).sys
    2008-07-28 11:20 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(12).sys
    2008-07-27 18:53 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(13).sys
    2008-07-27 18:25 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(14).sys
    2008-07-27 17:32 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(15).sys
    2008-07-26 09:49 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(16).sys
    2008-07-25 16:17 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-07-25 15:49 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(17).sys
    2008-07-25 14:30 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(18).sys
    2008-07-25 12:43 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(19).sys
    2008-07-25 11:11 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(20).sys
    2008-07-24 12:53 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(21).sys
    2008-07-24 11:17 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(22).sys
    2008-07-23 18:50 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(23).sys
    2008-07-23 15:33 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(24).sys
    2008-07-23 13:35 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(25).sys
    2008-07-22 17:58 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(26).sys
    2008-07-21 20:27 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(27).sys
    2008-07-21 18:51 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(28).sys
    2008-07-21 17:03 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(29).sys
    2008-07-21 11:23 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(30).sys
    2008-07-21 10:15 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(31).sys
    2008-07-21 07:09 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(32).sys
    2008-07-20 20:10 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(33).sys
    2008-07-20 18:24 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(34).sys
    2008-07-20 11:38 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(35).sys
    2008-07-20 11:18 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(36).sys
    2008-07-20 11:05 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(37).sys
    2008-07-20 10:28 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(38).sys
    2008-07-20 10:24 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(39).sys
    2008-07-19 15:43 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(40).sys
    2008-07-19 11:23 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(41).sys
    2008-07-19 10:06 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(42).sys
    2008-07-18 19:24 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(43).sys
    2008-07-18 17:46 30,848 ----a-w C:\WINDOWS\system32\drivers\Vqi08(44).sys
    2008-07-18 11:48 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-07-14 09:53 0 ----a-w C:\Program Files\temp01
    2008-07-07 19:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-07-03 12:37 --------- d-----w C:\Documents and Settings\Lyn\Application Data\Azureus
    2008-07-01 10:15 3,730 ----a-w C:\WINDOWS\system32\tmp.reg
    2008-07-01 09:51 17,408 ----a-w C:\WINDOWS\system32\svchost.exe
    2008-07-01 09:26 30,208 ----a-w C:\WINDOWS\system32\drivers\Vqi08(3).sys
    2008-07-01 08:33 579,584 ----a-w C:\WINDOWS\system32\user32.DLL
    2008-07-01 08:33 30,208 ----a-w C:\WINDOWS\system32\drivers\Vqi08(2).sys
    2008-06-30 07:49 --------- d-----w C:\Program Files\OpenOffice.org 2.4
    2008-06-30 07:48 --------- d-----w C:\Documents and Settings\Lyn\Application Data\OpenOffice.org2
    2008-06-30 07:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
    2008-06-29 17:54 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2008-06-29 17:54 --------- d--h--r C:\Documents and Settings\Lyn\Application Data\SecuROM
    2008-06-29 17:40 --------- d-----w C:\Program Files\KONAMI
    2008-06-29 14:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
    2008-06-29 14:41 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-06-29 13:46 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared(2)
    2008-06-29 13:46 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
    2008-06-29 13:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems(2)
    2008-06-29 13:24 --------- d-----w C:\Program Files\ahead
    2008-06-23 21:34 82,432 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
    2008-06-23 16:51 --------- d-----w C:\Program Files\MSBuild
    2008-06-23 16:51 --------- d-----w C:\Program Files\Microsoft Works
    2008-06-23 16:43 223,128 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys
    2008-06-22 19:48 --------- d-----w C:\Program Files\Axis Communications
    2008-06-22 15:15 --------- d-----w C:\Program Files\Mojicon Installer
    2008-06-22 10:13 --------- d-----w C:\Program Files\Microsoft Carioca
    2008-06-22 09:07 --------- d-----w C:\Documents and Settings\Lyn\Application Data\Open Source Applications Foundation
    2008-06-20 20:06 --------- d-----w C:\Documents and Settings\Lyn\Application Data\vlc
    2008-06-20 20:05 --------- d-----w C:\Program Files\VideoLAN
    2008-06-20 18:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-06-20 17:56 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 17:29 --------- d-----w C:\Documents and Settings\Lyn\Application Data\FrostWire
    2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-19 20:19 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-06-19 20:19 --------- d-----w C:\Documents and Settings\Lyn\Application Data\DAEMON Tools
    2008-06-19 18:51 --------- d-----w C:\Program Files\Fichiers communs\PC SOFT
    2008-06-18 17:08 --------- d-----w C:\Program Files\Google
    2008-06-17 15:52 --------- d-----w C:\Program Files\Windows Live
    2008-06-17 15:51 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-06-17 15:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-06-17 13:01 --------- d-----w C:\Documents and Settings\Lyn\Application Data\Bitdefender
    2008-06-17 12:53 --------- d-----w C:\Program Files\Softwin
    2008-06-17 12:53 --------- d-----w C:\Program Files\Fichiers communs\Softwin
    2008-06-17 12:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\BitDefender
    2008-06-17 12:43 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-06-17 12:32 --------- d-----w C:\Program Files\Realtek AC97
    .

    ------- Sigcheck -------

    2006-03-02 14:00 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
    2008-04-13 19:34 14336 e4bdf223cd75478bf44567b4d5c2634d C:\WINDOWS\ServicePackFiles\i386\svchost.exe
    2008-07-01 11:51 17408 d84196f4bc2a42c626b53e9ffd9041f5 C:\WINDOWS\system32\svchost.exe

    2006-03-02 14:00 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
    2008-04-13 19:34 512000 dd73d6b9f6b4cb630cf35b438b540174 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
    2008-04-13 19:34 516096 cb0ee548caf0c5a8e8c7660ec35a37b7 C:\WINDOWS\system32\winlogon.exe

    2008-04-13 19:34 1040384 1258395fe10e3aa3838d4268937f0637 C:\WINDOWS\explorer.exe
    2006-03-02 14:00 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    2008-04-13 19:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\ServicePackFiles\i386\explorer.exe

    2006-03-02 14:00 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\$NtServicePackUninstall$\services.exe
    2008-04-13 19:34 109056 54cb50058851d95e56ec70d09f70857f C:\WINDOWS\ServicePackFiles\i386\services.exe
    2008-04-13 19:34 111104 93dc1f26d67aead03619279949e45def C:\WINDOWS\system32\services.exe

    2006-03-02 14:00 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
    2008-04-13 19:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb C:\WINDOWS\ServicePackFiles\i386\lsass.exe
    2008-04-13 19:34 14848 204ed22034ada50188857c8a3f7cd4c0 C:\WINDOWS\system32\lsass.exe

    2006-03-02 14:00 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
    2008-04-13 19:34 57856 460e4ce148bd07218da0b6a3d31885a9 C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
    2008-04-13 19:34 58880 b7fabc09c6c048db3ec8cd84c7401eee C:\WINDOWS\system32\spoolsv.exe
    .
    ((((((((((((((((((((((((((((( snapshot_2008-08-05_11.57.17.56 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-08-05 09:54:10 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2008-08-05 15:55:25 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    - 2008-08-05 09:54:10 1,392,640 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    + 2008-08-05 15:55:25 1,392,640 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    - 2008-08-05 09:47:00 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008080520080806\index.dat
    + 2008-08-05 15:55:26 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008080520080806\index.dat
    - 2008-08-05 09:54:10 1,556,480 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-08-05 15:55:25 1,556,480 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-08-03 12:51 202024]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
    "BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 16:48 290816]
    "BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 09:25 1828136]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 15:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoSimpleStartMenu"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=sockspy.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
    "C:\\Program Files\\Cyanide\\Pro Cycling Manager\\Cym2005.exe"=

    R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2003-06-05 00:41]
    R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2003-04-29 10:26]
    R3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2003-10-30 21:17]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 11:45]
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-05 17:59:54
    Windows 5.1.2600 Service Pack 3 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    NoActiveDesktopChanges = 3F 00 00 00
    NoActiveDesktop = 63
    NoSaveSettings = 63
    ClassicShell = 63

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-05 18:03:34 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-08-05 16:03:29
    ComboFix2.txt 2008-08-05 09:57:50
    ComboFix3.txt 2008-07-14 08:41:45
    ComboFix4.txt 2008-07-04 10:50:39
    ComboFix5.txt 2008-08-05 15:55:27

    Pre-Run: 3,650,023,424 octets libres
    Post-Run: 3,690,758,144 octets libres

    268 --- E O F --- 2008-08-03 09:47:54
    5 Août 2008 18:08:57

    et hijack.log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:07:42, on 05/08/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Softwin\BitDefender10\bdmcon.exe
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Lyn\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com//
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0cca191d-13a6-4e29-b746-314dee697d83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUpload...
    O16 - DPF: {4f1e5b1a-2a80-42ca-8532-2d05cb959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O16 - DPF: {a73baefa-ee65-494d-bedb-dd3e5a34fa98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://camera1.mairie-brest.fr/activex/AMC.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: Nero BackItUp Scheduler 3 (nero backitup scheduler 3) - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService (nmindexingservice) - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 6285 bytes
    5 Août 2008 19:59:37

    Re,

    L'infection s'est recrée :) 

    As-tu bien virer tous les cracks, logiciels téléchargés via p2p de ton PC ?

    Il y a quelque chose qui recrée sans cesse l'infection.

    Il faut maintenant trouver quoi. Je te demande donc de vérifier de ton côté si l'infection n'est pas relancée par un utilisateur en cliquant sur un programme douteux.

    ;) 
    5 Août 2008 21:23:55

    Re,

    En fait le problème vient de combofix. Supprime ta version de combofix et retélécharge-le.

    Et refais la manip' avec le CFscript ( le même ).

    Poste-moi le rapport généré.

    ;) 
    6 Août 2008 13:32:15

    salut!!

    voici le rapport combofix:

    ComboFix 08-08-04.09 - Lyn 2008-08-06 13:21:41.9 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.468 [GMT 2:00]
    Endroit: C:\Documents and Settings\Lyn\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Lyn\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    FILE ::
    C:\WINDOWS\system32\cbOCR.dll
    C:\WINDOWS\system32\drivers\tcpsr.sys
    C:\WINDOWS\system32\drivers\Vqi08(10).sys
    C:\WINDOWS\system32\drivers\Vqi08(11).sys
    C:\WINDOWS\system32\drivers\Vqi08(12).sys
    C:\WINDOWS\system32\drivers\Vqi08(13).sys
    C:\WINDOWS\system32\drivers\Vqi08(14).sys
    C:\WINDOWS\system32\drivers\Vqi08(15).sys
    C:\WINDOWS\system32\drivers\Vqi08(16).sys
    C:\WINDOWS\system32\drivers\Vqi08(17).sys
    C:\WINDOWS\system32\drivers\Vqi08(18).sys
    C:\WINDOWS\system32\drivers\Vqi08(19).sys
    C:\WINDOWS\system32\drivers\Vqi08(2).sys
    C:\WINDOWS\system32\drivers\Vqi08(20).sys
    C:\WINDOWS\system32\drivers\Vqi08(21).sys
    C:\WINDOWS\system32\drivers\Vqi08(22).sys
    C:\WINDOWS\system32\drivers\Vqi08(23).sys
    C:\WINDOWS\system32\drivers\Vqi08(24).sys
    C:\WINDOWS\system32\drivers\Vqi08(25).sys
    C:\WINDOWS\system32\drivers\Vqi08(26).sys
    C:\WINDOWS\system32\drivers\Vqi08(27).sys
    C:\WINDOWS\system32\drivers\Vqi08(28).sys
    C:\WINDOWS\system32\drivers\Vqi08(29).sys
    C:\WINDOWS\system32\drivers\Vqi08(3).sys
    C:\WINDOWS\system32\drivers\Vqi08(30).sys
    C:\WINDOWS\system32\drivers\Vqi08(31).sys
    C:\WINDOWS\system32\drivers\Vqi08(32).sys
    C:\WINDOWS\system32\drivers\Vqi08(33).sys
    C:\WINDOWS\system32\drivers\Vqi08(34).sys
    C:\WINDOWS\system32\drivers\Vqi08(35).sys
    C:\WINDOWS\system32\drivers\Vqi08(36).sys
    C:\WINDOWS\system32\drivers\Vqi08(37).sys
    C:\WINDOWS\system32\drivers\Vqi08(38).sys
    C:\WINDOWS\system32\drivers\Vqi08(39).sys
    C:\WINDOWS\system32\drivers\Vqi08(4).sys
    C:\WINDOWS\system32\drivers\Vqi08(40).sys
    C:\WINDOWS\system32\drivers\Vqi08(41).sys
    C:\WINDOWS\system32\drivers\Vqi08(42).sys
    C:\WINDOWS\system32\drivers\Vqi08(43).sys
    C:\WINDOWS\system32\drivers\Vqi08(44).sys
    C:\WINDOWS\system32\drivers\Vqi08(5).sys
    C:\WINDOWS\system32\drivers\Vqi08(6).sys
    C:\WINDOWS\system32\drivers\Vqi08(7).sys
    C:\WINDOWS\system32\drivers\Vqi08(8).sys
    C:\WINDOWS\system32\drivers\Vqi08(9).sys
    C:\WINDOWS\system32\drivers\Vqi08.sys
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\Azureus
    C:\Documents and Settings\All Users\Application Data\Azureus\azCID.txt
    C:\Documents and Settings\All Users\Application Data\BOONTY
    C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses\B41C7000.dat
    C:\Documents and Settings\Lyn\Application Data\Azureus
    C:\Documents and Settings\Lyn\Application Data\Azureus\.keystore
    C:\Documents and Settings\Lyn\Application Data\Azureus\active\0BB2A38E63B8EE1A5A94DFDF3DC0AC05AF1DC4E0.dat
    C:\Documents and Settings\Lyn\Application Data\Azureus\active\0BB2A38E63B8EE1A5A94DFDF3DC0AC05AF1DC4E0.dat.bak
    C:\Documents and Settings\Lyn\Application Data\Azureus\active\640069EF4DBB03686F989FEF5A73102F432A6044.dat
    C:\Documents and Settings\Lyn\Application Data\Azureus\active\640069EF4DBB03686F989FEF5A73102F432A6044.dat.bak
    C:\Documents and Settings\Lyn\Application Data\Azureus\active\6793D7726915B7165CBAA06E6B8F304D959F1C07.dat
    C:\Documents and Settings\Lyn\Application Data\Azureus\active\6793D7726915B7165CBAA06E6B8F304D959F1C07.dat.bak
    C:\Documents and Settings\Lyn\Application Data\Azureus\active\cache.dat
    C:\Documents and Settings\Lyn\Application Data\Azureus\active\EC53A663F1053C83B65B87A8131972728E1B72C6.dat
    C:\Documents and Settings\Lyn\Application Data\Azureus\active\EC53A663F1053C83B65B87A8131972728E1B72C6.dat.bak
    C:\Documents and Settings\Lyn\Application Data\Azureus\azureus.config
    C:\Documents and Settings\Lyn\Application Data\Azureus\azureus.config.bak
    C:\Documents and Settings\Lyn\Application Data\Azureus\azureus.statistics
    C:\Documents and Settings\Lyn\Application Data\Azureus\azureus.statistics.bak
    C:\Documents and Settings\Lyn\Application Data\Azureus\dht\addresses.dat
    C:\Documents and Settings\Lyn\Application Data\Azureus\dht\contacts.dat
    C:\Documents and Settings\Lyn\Application Data\Azureus\dht\diverse.dat
    C:\Documents and Settings\Lyn\Application Data\Azureus\dht\general.dat
    C:\Documents and Settings\Lyn\Application Data\Azureus\dht\version.dat
    C:\Documents and Settings\Lyn\Application Data\Azureus\downloads.config
    C:\Documents and Settings\Lyn\Application Data\Azureus\downloads.config.bak
    C:\Documents and Settings\Lyn\Application Data\Azureus\friends.config
    C:\Documents and Settings\Lyn\Application Data\Azureus\friends.config.bak
    C:\Documents and Settings\Lyn\Application Data\Azureus\ipfilter.cache
    C:\Documents and Settings\Lyn\Application Data\Azureus\logs\alerts_1.log
    C:\Documents and Settings\Lyn\Application Data\Azureus\logs\AutoSpeed_1.log
    C:\Documents and Settings\Lyn\Application Data\Azureus\logs\AutoSpeedSearchHistory_1.log
    C:\Documents and Settings\Lyn\Application Data\Azureus\logs\debug_1.log
    C:\Documents and Settings\Lyn\Application Data\Azureus\logs\Friends_1.log
    C:\Documents and Settings\Lyn\Application Data\Azureus\logs\MetaSearch_1.log
    C:\Documents and Settings\Lyn\Application Data\Azureus\logs\NetStatus_1.log
    C:\Documents and Settings\Lyn\Application Data\Azureus\logs\seltrace_1.log
    C:\Documents and Settings\Lyn\Application Data\Azureus\logs\SpeedMan_1.log
    C:\Documents and Settings\Lyn\Application Data\Azureus\logs\thread_1.log
    C:\Documents and Settings\Lyn\Application Data\Azureus\logs\v3.ads_1.log
    C:\Documents and Settings\Lyn\Application Data\Azureus\logs\v3.CMsgr_1.log
    C:\Documents and Settings\Lyn\Application Data\Azureus\logs\v3.Friends_1.log
    C:\Documents and Settings\Lyn\Application Data\Azureus\logs\v3.PMsgr_1.log
    C:\Documents and Settings\Lyn\Application Data\Azureus\logs\v3.Stream_1.log
    C:\Documents and Settings\Lyn\Application Data\Azureus\metasearch.config
    C:\Documents and Settings\Lyn\Application Data\Azureus\metasearch.config.bak
    C:\Documents and Settings\Lyn\Application Data\Azureus\net\pm_12322.dat
    C:\Documents and Settings\Lyn\Application Data\Azureus\net\pm_default.dat
    C:\Documents and Settings\Lyn\Application Data\Azureus\tables.config
    C:\Documents and Settings\Lyn\Application Data\Azureus\tables.config.bak
    C:\Documents and Settings\Lyn\Application Data\Azureus\timingstats.dat
    C:\Documents and Settings\Lyn\Application Data\Azureus\tmp\AZU31548.tmp
    C:\Documents and Settings\Lyn\Application Data\Azureus\tmp\AZU31549.tmp
    C:\Documents and Settings\Lyn\Application Data\Azureus\tmp\AZU31550.tmp
    C:\Documents and Settings\Lyn\Application Data\Azureus\tmp\AZU31551.tmp
    C:\Documents and Settings\Lyn\Application Data\Azureus\tmp\AZU31552.tmp
    C:\Documents and Settings\Lyn\Application Data\Azureus\tmp\AZU31553.tmp
    C:\Documents and Settings\Lyn\Application Data\Azureus\tmp\AZU31554.tmp
    C:\Documents and Settings\Lyn\Application Data\Azureus\tmp\AZU31555.tmp
    C:\Documents and Settings\Lyn\Application Data\Azureus\tmp\AZU31560.tmp
    C:\Documents and Settings\Lyn\Application Data\Azureus\tmp\AZU31561.tmp
    C:\Documents and Settings\Lyn\Application Data\Azureus\tmp\AZU31562.tmp
    C:\Documents and Settings\Lyn\Application Data\Azureus\torrents\AZU17152.tmp
    C:\Documents and Settings\Lyn\Application Data\Azureus\torrents\AZU17155.tmp
    C:\Documents and Settings\Lyn\Application Data\Azureus\torrents\AZU31556.tmp
    C:\Documents and Settings\Lyn\Application Data\Azureus\torrents\AZU46961.tmp
    C:\Documents and Settings\Lyn\Application Data\Azureus\torrents\AZU46963.tmp
    C:\Documents and Settings\Lyn\Application Data\Azureus\torrents\AZU49583.tmp
    C:\Documents and Settings\Lyn\Application Data\Azureus\torrents\AZU49585.tmp
    C:\Documents and Settings\Lyn\Application Data\Azureus\torrents\AZU58495.tmp
    C:\Documents and Settings\Lyn\Application Data\Azureus\torrents\AZU58502.tmp
    C:\Documents and Settings\Lyn\Application Data\Azureus\torrents\AZU7214.tmp
    C:\Documents and Settings\Lyn\Application Data\Azureus\torrents\Nero_8_Ultra_Edition_8.3.0_Multilanguage_FULL_Retail_[mininova][1].torrent
    C:\Documents and Settings\Lyn\Application Data\Azureus\torrents\Xara3D_v6.0+serial.rar[www.reload-paradise.net]_[mininova][1].torrent
    C:\Documents and Settings\Lyn\Application Data\Azureus\tracker.config
    C:\Documents and Settings\Lyn\Application Data\Azureus\tracker.config.bak
    C:\Documents and Settings\Lyn\Application Data\Azureus\unsentdata.config
    C:\Documents and Settings\Lyn\Application Data\Azureus\unsentdata.config.bak
    C:\Documents and Settings\Lyn\Application Data\Azureus\update.log
    C:\Documents and Settings\Lyn\Application Data\Azureus\update.properties
    C:\Documents and Settings\Lyn\Application Data\Azureus\v3.Friends.dat
    C:\Documents and Settings\Lyn\Application Data\Azureus\v3.Friends.dat.bak
    C:\Documents and Settings\Lyn\Application Data\Azureus\VuzeActivities.config
    C:\Documents and Settings\Lyn\Application Data\Azureus\VuzeActivities.config.bak
    C:\Documents and Settings\Lyn\Application Data\FrostWire
    C:\Documents and Settings\Lyn\Application Data\FrostWire\createtimes.cache
    C:\Documents and Settings\Lyn\Application Data\FrostWire\data.ser
    C:\Documents and Settings\Lyn\Application Data\FrostWire\fileurns.bak
    C:\Documents and Settings\Lyn\Application Data\FrostWire\fileurns.cache
    C:\Documents and Settings\Lyn\Application Data\FrostWire\filters.props
    C:\Documents and Settings\Lyn\Application Data\FrostWire\frostwire.props
    C:\Documents and Settings\Lyn\Application Data\FrostWire\gnutella.net
    C:\Documents and Settings\Lyn\Application Data\FrostWire\installation.props
    C:\Documents and Settings\Lyn\Application Data\FrostWire\library.dat
    C:\Documents and Settings\Lyn\Application Data\FrostWire\pub1.key
    C:\Documents and Settings\Lyn\Application Data\FrostWire\public.key
    C:\Documents and Settings\Lyn\Application Data\FrostWire\questions.props
    C:\Documents and Settings\Lyn\Application Data\FrostWire\responses.cache
    C:\Documents and Settings\Lyn\Application Data\FrostWire\secureMessage.key
    C:\Documents and Settings\Lyn\Application Data\FrostWire\spam.dat
    C:\Documents and Settings\Lyn\Application Data\FrostWire\tables.props
    C:\Documents and Settings\Lyn\Application Data\FrostWire\themes\frostwire_theme.skin
    C:\Documents and Settings\Lyn\Application Data\FrostWire\themes\frostwire_theme\kill.png
    C:\Documents and Settings\Lyn\Application Data\FrostWire\themes\frostwire_theme\kill_on.png
    C:\Documents and Settings\Lyn\Application Data\FrostWire\themes\frostwire_theme\theme.txt
    C:\Documents and Settings\Lyn\Application Data\FrostWire\ttree.cache
    C:\Documents and Settings\Lyn\Application Data\FrostWire\version.key
    C:\Documents and Settings\Lyn\Application Data\FrostWire\version.xml
    C:\Documents and Settings\Lyn\Application Data\FrostWire\xml\data\audio.sxml
    C:\Documents and Settings\Lyn\Application Data\FrostWire\xml\data\delete_me
    C:\Documents and Settings\Lyn\Application Data\FrostWire\xml\misc\application.gif
    C:\Documents and Settings\Lyn\Application Data\FrostWire\xml\misc\audio.gif
    C:\Documents and Settings\Lyn\Application Data\FrostWire\xml\misc\document.gif
    C:\Documents and Settings\Lyn\Application Data\FrostWire\xml\misc\image.gif
    C:\Documents and Settings\Lyn\Application Data\FrostWire\xml\misc\video.gif
    C:\Documents and Settings\Lyn\Application Data\FrostWire\xml\schemas\application.xsd
    C:\Documents and Settings\Lyn\Application Data\FrostWire\xml\schemas\audio.xsd
    C:\Documents and Settings\Lyn\Application Data\FrostWire\xml\schemas\document.xsd
    C:\Documents and Settings\Lyn\Application Data\FrostWire\xml\schemas\image.xsd
    C:\Documents and Settings\Lyn\Application Data\FrostWire\xml\schemas\video.xsd
    C:\Program Files\Azureus
    C:\Program Files\Azureus\plugins\azemp\azemp_2.0.16.jar
    C:\Program Files\Azureus\plugins\azemp\azemp_2.0.16.zip
    C:\Program Files\Azureus\plugins\azemp\azmplay.exe.bak
    C:\Program Files\Azureus\plugins\azemp\cp1250-a.raw.bak
    C:\Program Files\Azureus\plugins\azemp\cp1250-b.raw.bak
    C:\Program Files\Azureus\plugins\azemp\font.desc.bak
    C:\Program Files\Azureus\plugins\azemp\osd-mplayer-a.raw.bak
    C:\Program Files\Azureus\plugins\azemp\osd-mplayer-b.raw.bak
    C:\Program Files\Azureus\plugins\azemp\plugin.properties_2.0.16
    C:\Program Files\Azureus\plugins\azupdater\azupdater_1.8.8.zip
    C:\Program Files\Azureus\plugins\azupdater\azupdaterpatcher_1.8.8.jar
    C:\Program Files\Azureus\plugins\azupdater\plugin.properties_1.8.8
    C:\Program Files\Azureus\plugins\azupdater\Updater.jar.bak
    C:\Program Files\Azureus\plugins\azupnpav\azupnpav_0.2.2.jar
    C:\Program Files\Azureus\plugins\azupnpav\azupnpav_0.2.2.zip
    C:\Program Files\Azureus\plugins\azupnpav\plugin.properties_0.2.2
    C:\Program Files\Boonty
    C:\Program Files\BoontyGames
    C:\Program Files\BoontyGames\Components\bureau.url
    C:\Program Files\BoontyGames\Components\Joystick.ico
    C:\Program Files\BoontyGames\Components\start.url
    C:\Program Files\BoontyGames\mcfhuntsville{84766}.exe
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\01.cct
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\02.cct
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\03.cct
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\04.cct
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\05.cct
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\06.cct
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\07.cct
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\08.cct
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\09.cct
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\10.cct
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\11.cct
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\12.cct
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\13.cct
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\14.cct
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\15.cct
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\16.cct
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\17.cct
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\18.cct
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\19.cct
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\20.cct
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\21.cct
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\dat1.cct
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\dat10.cct
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\dat11.cct
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\dat12.cct
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\dat13.cct
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\dat14.cct
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\dat15.cct
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\dat16.cct
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\dat2.cct
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\dat3.cct
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\dat4.cct
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\dat5.cct
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\dat6.cct
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\dat7.cct
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\dat8.cct
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\dat9.cct
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\dist.jpg
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Data\empty.cct
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\errorLog.txt
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\Fenetre.bmp
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\fenetrepop.bmp
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\FLEXnet Activation Service Installer.dll
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\MysteryCaseFiles.exe
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\~pleasewait.html
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\buy_connectionrequired.html
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\connectionrequired.html
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\css\ShellStyle.css
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\css\ShellStyle_fr.css
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bg_nomjeu.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bg_table.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgDELOCK.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgDELOCK_Bottom.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgDELOCK_Coin.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgDELOCK_Left.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgDELOCK_Right.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgERROR.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgERROR_Bottom.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgERROR_Coin.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgERROR_Left.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgERROR_Right.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgOK.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgOK_Bottom.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgOK_Coin.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgOK_Left.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgOK_Right.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgREDUC.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgREDUC_Bottom.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgREDUC_Coin.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgREDUC_Left.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgREDUC_Right.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgSECURE.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgSECURE_Bottom.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgSECURE_Coin.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgSECURE_Left.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgSECURE_Right.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgSUPPORT.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgSUPPORT_Bottom.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgSUPPORT_Coin.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgSUPPORT_Left.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\bkgSUPPORT_Right.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\blocBkg.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\blocBottom.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\blocBottomLeft.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\blocBottomLeftC.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\blocBottomLeftCN.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\blocBottomLeftCR.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\blocBottomRight.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\blocCoinCadenas.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\blocError.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\blocExpiredTop.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\blocJouezMiddle.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\blocJouezTop.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\blocLeft.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\blocMiddle.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\blocRight.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\blocTop.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\blocTopLeft.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\blocTopRight.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\boontysecure.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\Bottom.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\BottomLeft.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\BottomLeftEast.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\BottomLeftNorth.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\BottomRight.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\BottomRightNorth.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\BottomRightWest.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\btAcheterLeft.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\btAcheterMiddle.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\btAcheterRight.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\BtBlueLeft.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\BtBlueMiddle.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\BtBlueRight.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\btJouerLeft.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\btJouerMiddle.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\btJouerRight.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\btn_acheter.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\btn_fermer.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\btn_infos.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\btn_jouer.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\btn_nomjeu2.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\btn_reactiver.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\btn_reduc.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\btn_suivant.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\btn_suivant2.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\BtnBuyExit.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\BtYellowLeft.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\BtYellowMiddle.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\BtYellowQuestion.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\BtYellowRight.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\ButtonBkgLeft_Off.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\ButtonBkgLeft_On.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\ButtonBkgMiddle_Off.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\ButtonBkgMiddle_On.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\ButtonBkgRight_Off.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\ButtonBkgRight_On.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\CacheImgJeu.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\caddie.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\cadenas.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\CloseOff.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\CloseOn.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\fleche.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\flechetrial.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\greypoint.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\jeu.jpg
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\jouer_gratuitement.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\Left.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\MaximizeOff.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\MaximizeOn.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\MinimizeOff.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\MinimizeOn.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\PopBottom.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\PopBottomLeft.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\PopBottomRight.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\PopLeft.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\PopRight.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\PopTop.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\PopTopLeft.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\PopTopRight.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\Right.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\scroll.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\scroll_bkg.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\separator2.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\separatorEnd.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\separatorMiddle.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\separatorStart.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\Shell_popup_03.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\Shell_popup_06.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\Shell_popup_08.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\Shell_popup_09.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\spacer.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\test.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\Top.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\TopLeft.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\TopLeftSouth.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\TopRight.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\TopRightWest.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\transp.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\Images\wait.gif
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\js\ShellScripts.js
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\manualtransaction.html
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\pageerror.html
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\pleasewait.html
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\repairstart.html
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\thankyou.html
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\transfailure.html
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\trialexit.html
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\trialexpired.html
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SHELL_DEFAULT_HTML\trialstart.html
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\SpMU.lnk
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\unins000.dat
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\unins000.exe
    C:\Program Files\BoontyGames\Mystery Case Files Huntsville\website.url
    C:\Program Files\Fichiers communs\BOONTY Shared
    C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    C:\Program Files\FrostWire
    C:\Program Files\FrostWire\log.txt
    C:\WINDOWS\system32\cbOCR.dll
    C:\WINDOWS\system32\drivers\Vqi08(10).sys
    C:\WINDOWS\system32\drivers\Vqi08(11).sys
    C:\WINDOWS\system32\drivers\Vqi08(12).sys
    C:\WINDOWS\system32\drivers\Vqi08(13).sys
    C:\WINDOWS\system32\drivers\Vqi08(14).sys
    C:\WINDOWS\system32\drivers\Vqi08(15).sys
    C:\WINDOWS\system32\drivers\Vqi08(16).sys
    C:\WINDOWS\system32\drivers\Vqi08(17).sys
    C:\WINDOWS\system32\drivers\Vqi08(18).sys
    C:\WINDOWS\system32\drivers\Vqi08(19).sys
    C:\WINDOWS\system32\drivers\Vqi08(2).sys
    C:\WINDOWS\system32\drivers\Vqi08(20).sys
    C:\WINDOWS\system32\drivers\Vqi08(21).sys
    C:\WINDOWS\system32\drivers\Vqi08(22).sys
    C:\WINDOWS\system32\drivers\Vqi08(23).sys
    C:\WINDOWS\system32\drivers\Vqi08(24).sys
    C:\WINDOWS\system32\drivers\Vqi08(25).sys
    C:\WINDOWS\system32\drivers\Vqi08(26).sys
    C:\WINDOWS\system32\drivers\Vqi08(27).sys
    C:\WINDOWS\system32\drivers\Vqi08(28).sys
    C:\WINDOWS\system32\drivers\Vqi08(29).sys
    C:\WINDOWS\system32\drivers\Vqi08(3).sys
    C:\WINDOWS\system32\drivers\Vqi08(30).sys
    C:\WINDOWS\system32\drivers\Vqi08(31).sys
    C:\WINDOWS\system32\drivers\Vqi08(32).sys
    C:\WINDOWS\system32\drivers\Vqi08(33).sys
    C:\WINDOWS\system32\drivers\Vqi08(34).sys
    C:\WINDOWS\system32\drivers\Vqi08(35).sys
    C:\WINDOWS\system32\drivers\Vqi08(36).sys
    C:\WINDOWS\system32\drivers\Vqi08(37).sys
    C:\WINDOWS\system32\drivers\Vqi08(38).sys
    C:\WINDOWS\system32\drivers\Vqi08(39).sys
    C:\WINDOWS\system32\drivers\Vqi08(4).sys
    C:\WINDOWS\system32\drivers\Vqi08(40).sys
    C:\WINDOWS\system32\drivers\Vqi08(41).sys
    C:\WINDOWS\system32\drivers\Vqi08(42).sys
    C:\WINDOWS\system32\drivers\Vqi08(43).sys
    C:\WINDOWS\system32\drivers\Vqi08(44).sys
    C:\WINDOWS\system32\drivers\Vqi08(5).sys
    C:\WINDOWS\system32\drivers\Vqi08(6).sys
    C:\WINDOWS\system32\drivers\Vqi08(7).sys
    C:\WINDOWS\system32\drivers\Vqi08(8).sys
    C:\WINDOWS\system32\drivers\Vqi08(9).sys
    C:\WINDOWS\system32\drivers\Vqi08.sys

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-06 to 2008-08-06 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-03 11:21 . 2008-08-03 11:21 <REP> d-------- C:\Program Files\DOKA Media
    2008-08-03 11:21 . 2008-08-03 11:21 50 --a------ C:\DragonTilesMahjonggpath.sys
    2008-08-02 21:11 . 2008-08-02 21:15 <REP> d-------- C:\Program Files\Cyanide
    2008-07-31 15:17 . 2008-07-31 15:17 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
    2008-07-30 17:54 . 2008-07-30 17:54 268 --ah----- C:\sqmdata02.sqm
    2008-07-30 17:54 . 2008-07-30 17:54 244 --ah----- C:\sqmnoopt02.sqm
    2008-07-30 17:41 . 2008-07-30 17:41 268 --ah----- C:\sqmdata01.sqm
    2008-07-30 17:41 . 2008-07-30 17:41 244 --ah----- C:\sqmnoopt01.sqm
    2008-07-30 11:30 . 2008-07-30 12:08 51,975 --a------ C:\qq.bin
    2008-07-15 17:42 . 2008-07-15 17:42 <REP> d-------- C:\Program Files\Lavalys
    2008-07-14 11:56 . 2008-07-25 18:09 <REP> d-------- C:\Program Files\Big Kahuna Reef 2 - Chain Reaction
    2008-07-14 11:53 . 2008-07-14 11:53 <REP> d-------- C:\Program Files\bfgclient
    2008-07-14 11:52 . 2008-07-14 11:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
    2008-07-11 11:44 . 2008-07-11 11:44 373 --a------ C:\WINDOWS\system32\MRT.INI
    2008-07-10 16:30 . 2008-07-10 16:30 <REP> d-------- C:\Program Files\MSXML 4.0
    2008-07-10 10:09 . 2008-07-10 10:09 <REP> d-------- C:\Program Files\Xara
    2008-07-10 10:09 . 2008-07-10 10:09 <REP> d-------- C:\Program Files\Common Files
    2008-07-08 11:24 . 2008-07-08 11:24 <REP> d-------- C:\Program Files\Real
    2008-07-08 11:24 . 2008-07-10 10:09 <REP> d-------- C:\Program Files\Fichiers communs\Real
    2008-07-07 21:10 . 2008-07-07 21:10 <REP> d-------- C:\Program Files\Eidos Interactive
    2008-07-07 20:11 . 2008-07-13 20:15 49 --a------ C:\WINDOWS\NeroDigital.ini
    2008-07-07 13:40 . 2008-07-07 13:40 <REP> d-------- C:\Documents and Settings\Lyn\Application Data\Nero
    2008-07-07 13:35 . 2008-07-07 13:35 <REP> d-------- C:\Program Files\Nero
    2008-07-07 13:35 . 2008-07-07 13:38 <REP> d-------- C:\Program Files\Fichiers communs\Nero
    2008-07-07 13:35 . 2008-07-07 13:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
    2008-07-06 18:37 . 2008-07-06 18:37 <REP> d-------- C:\WINDOWS\Sun
    2008-07-06 16:08 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
    2008-07-06 16:08 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
    2008-07-06 16:08 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
    2008-07-06 16:08 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
    2008-07-06 16:08 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
    2008-07-06 16:08 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
    2008-07-06 16:08 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
    2008-07-06 16:08 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
    2008-07-06 15:39 . 2008-07-06 15:39 <REP> d-------- C:\Documents and Settings\Lyn\Application Data\Apple Computer

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-06 11:24 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
    2008-08-05 15:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-08-05 15:51 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-08-03 09:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-07-25 16:17 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-07-18 11:48 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-07-14 09:53 0 ----a-w C:\Program Files\temp01
    2008-07-07 19:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-07-01 10:15 3,730 ----a-w C:\WINDOWS\system32\tmp.reg
    2008-07-01 09:51 17,408 ----a-w C:\WINDOWS\system32\svchost.exe
    2008-07-01 08:33 579,584 ----a-w C:\WINDOWS\system32\user32.DLL
    2008-06-30 07:49 --------- d-----w C:\Program Files\OpenOffice.org 2.4
    2008-06-30 07:48 --------- d-----w C:\Documents and Settings\Lyn\Application Data\OpenOffice.org2
    2008-06-29 17:54 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2008-06-29 17:54 --------- d--h--r C:\Documents and Settings\Lyn\Application Data\SecuROM
    2008-06-29 17:40 --------- d-----w C:\Program Files\KONAMI
    2008-06-29 14:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
    2008-06-29 14:41 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-06-29 13:46 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared(2)
    2008-06-29 13:46 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
    2008-06-29 13:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems(2)
    2008-06-29 13:24 --------- d-----w C:\Program Files\ahead
    2008-06-23 21:34 82,432 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
    2008-06-23 16:51 --------- d-----w C:\Program Files\MSBuild
    2008-06-23 16:51 --------- d-----w C:\Program Files\Microsoft Works
    2008-06-23 16:43 223,128 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys
    2008-06-22 19:48 --------- d-----w C:\Program Files\Axis Communications
    2008-06-22 15:15 --------- d-----w C:\Program Files\Mojicon Installer
    2008-06-22 10:13 --------- d-----w C:\Program Files\Microsoft Carioca
    2008-06-22 09:07 --------- d-----w C:\Documents and Settings\Lyn\Application Data\Open Source Applications Foundation
    2008-06-20 20:06 --------- d-----w C:\Documents and Settings\Lyn\Application Data\vlc
    2008-06-20 20:05 --------- d-----w C:\Program Files\VideoLAN
    2008-06-20 18:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-06-20 17:56 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-19 20:19 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-06-19 20:19 --------- d-----w C:\Documents and Settings\Lyn\Application Data\DAEMON Tools
    2008-06-19 18:51 --------- d-----w C:\Program Files\Fichiers communs\PC SOFT
    2008-06-18 17:08 --------- d-----w C:\Program Files\Google
    2008-06-17 15:52 --------- d-----w C:\Program Files\Windows Live
    2008-06-17 15:51 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-06-17 15:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-06-17 13:01 --------- d-----w C:\Documents and Settings\Lyn\Application Data\Bitdefender
    2008-06-17 12:53 --------- d-----w C:\Program Files\Softwin
    2008-06-17 12:53 --------- d-----w C:\Program Files\Fichiers communs\Softwin
    2008-06-17 12:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\BitDefender
    2008-06-17 12:43 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-06-17 12:32 --------- d-----w C:\Program Files\Realtek AC97
    2008-06-17 12:04 --------- d-----w C:\Program Files\QuickTime
    2008-06-17 12:04 --------- d-----w C:\Program Files\Apple Software Update
    2008-06-17 12:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-06-17 12:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2008-06-17 11:53 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-06-17 11:53 --------- d-----w C:\Program Files\Java
    2008-06-17 11:52 --------- d-----w C:\Program Files\Fichiers communs\Java
    2008-06-17 10:07 --------- d-----w C:\Program Files\Realtek Sound Manager
    2008-06-17 10:07 --------- d-----w C:\Program Files\AvRack
    2008-06-17 09:52 --------- d-----w C:\Program Files\ATI Technologies
    2008-06-17 09:24 --------- d-----w C:\Program Files\microsoft frontpage
    2008-06-17 09:23 --------- d-----w C:\Program Files\Services en ligne
    2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-05-30 12:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
    2008-05-30 12:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
    2008-05-30 12:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
    2008-05-30 12:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
    2008-05-30 12:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
    2008-05-30 12:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
    2008-05-30 12:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
    2008-05-29 07:35 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
    2008-05-23 16:21 81,920 ----a-w C:\WINDOWS\system32\404Fix.exe
    2008-05-18 19:40 82,944 ----a-w C:\WINDOWS\system32\IEDFix.exe
    2008-05-09 10:55 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
    2008-05-09 10:55 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
    2008-05-09 10:55 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
    2008-05-09 10:55 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
    2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
    2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
    2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
    .

    ------- Sigcheck -------

    2006-03-02 14:00 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
    2008-04-13 19:34 14336 e4bdf223cd75478bf44567b4d5c2634d C:\WINDOWS\ServicePackFiles\i386\svchost.exe
    2008-07-01 11:51 17408 d84196f4bc2a42c626b53e9ffd9041f5 C:\WINDOWS\system32\svchost.exe

    2006-03-02 14:00 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
    2008-04-13 19:34 512000 dd73d6b9f6b4cb630cf35b438b540174 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
    2008-04-13 19:34 516096 cb0ee548caf0c5a8e8c7660ec35a37b7 C:\WINDOWS\system32\winlogon.exe

    2008-04-13 19:34 1040384 1258395fe10e3aa3838d4268937f0637 C:\WINDOWS\explorer.exe
    2006-03-02 14:00 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    2008-04-13 19:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\ServicePackFiles\i386\explorer.exe

    2006-03-02 14:00 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\$NtServicePackUninstall$\services.exe
    2008-04-13 19:34 109056 54cb50058851d95e56ec70d09f70857f C:\WINDOWS\ServicePackFiles\i386\services.exe
    2008-04-13 19:34 111104 93dc1f26d67aead03619279949e45def C:\WINDOWS\system32\services.exe

    2006-03-02 14:00 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
    2008-04-13 19:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb C:\WINDOWS\ServicePackFiles\i386\lsass.exe
    2008-04-13 19:34 14848 204ed22034ada50188857c8a3f7cd4c0 C:\WINDOWS\system32\lsass.exe

    2006-03-02 14:00 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
    2008-04-13 19:34 57856 460e4ce148bd07218da0b6a3d31885a9 C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
    2008-04-13 19:34 58880 b7fabc09c6c048db3ec8cd84c7401eee C:\WINDOWS\system32\spoolsv.exe
    .
    ((((((((((((((((((((((((((((( snapshot_2008-08-05_11.57.17.56 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-08-05 09:54:10 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2008-08-05 15:55:25 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    - 2008-08-05 09:54:10 1,392,640 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    + 2008-08-05 15:55:25 1,392,640 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    - 2008-08-05 09:47:00 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008080520080806\index.dat
    + 2008-08-05 15:55:26 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008080520080806\index.dat
    - 2008-08-05 09:54:10 1,556,480 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-08-05 15:55:25 1,556,480 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-08-03 12:51 202024]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
    "BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 16:48 290816]
    "BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 09:25 1828136]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 15:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoSimpleStartMenu"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=sockspy.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
    "C:\\Program Files\\Cyanide\\Pro Cycling Manager\\Cym2005.exe"=

    R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2003-06-05 00:41]
    R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2003-04-29 10:26]
    R3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2003-10-30 21:17]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 11:45]
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-06 13:26:18
    Windows 5.1.2600 Service Pack 3 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    NoActiveDesktopChanges = 3F 00 00 00
    NoActiveDesktop = 63
    NoSaveSettings = 63
    ClassicShell = 63

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-06 13:30:12 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-08-06 11:30:06
    ComboFix2.txt 2008-08-05 16:03:35
    ComboFix3.txt 2008-08-05 09:57:50
    ComboFix4.txt 2008-07-14 08:41:45
    ComboFix5.txt 2008-08-06 11:21:08

    Pre-Run: 3,650,076,672 octets libres
    Post-Run: 3,622,920,192 octets libres

    667 --- E O F --- 2008-08-03 09:47:54
    6 Août 2008 13:33:07

    et le hijackthis!!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:32:31, on 06/08/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Softwin\BitDefender10\bdmcon.exe
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Lyn\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com//
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0cca191d-13a6-4e29-b746-314dee697d83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUpload...
    O16 - DPF: {4f1e5b1a-2a80-42ca-8532-2d05cb959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O16 - DPF: {a73baefa-ee65-494d-bedb-dd3e5a34fa98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://camera1.mairie-brest.fr/activex/AMC.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: Nero BackItUp Scheduler 3 (nero backitup scheduler 3) - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService (nmindexingservice) - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 6390 bytes
    6 Août 2008 14:54:33

    Re,

    Bien, là on les au eues :D  Cependant, il reste des choses à vérifier, alors je vais te demander de faire deux scans ( ils peuvent être longs ).

    1) Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM

    2)
  • Fais un scan en ligne Kaspersky avec Internet Explorer :
  • Clique sur
  • Clique maintenant sur J'accepte.
  • Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
  • Patiente pendant l'installation des Mises à jour.
  • Choisis par la suite l'analyse du Poste de travail
  • Sauvegarde puis colle le rapport généré en fin d'analyse.

    AIDE : Tuto sur le scan en ligne

    NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.

    ;) 
    7 Août 2008 18:27:13

    Bonjour!!

    Enfin il est parti ce virus!

    alors voici le rapport du premier point: (bcp de fichiers ont été supprimés!)

    Malwarebytes' Anti-Malware 1.24
    Database version: 1030
    Windows 5.1.2600 Service Pack 3

    17:45:31 07/08/2008
    mbam-log-8-7-2008 (17-45-26).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 100480
    Time elapsed: 2 hour(s), 4 minute(s), 53 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 240

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\rhcjdpj0eecp (Rogue.Multiple) -> No action taken.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\config\47491194.Evt (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\enpq.exe.vir (Trojan.FakeAlert) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\SysC.exe.vir (Trojan.FakeAlert) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\cbOCR.dll.vir (Trojan.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\clgpiife.dll.vir (Trojan.Vundo) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\lphcndpj0eecp.exe.vir (Trojan.Zlob) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\ntpl.bin.vir (Trojan.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\pphcndpj0eecp.exe.vir (Trojan.FakeAlert) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\urqPICur.dll.vir (Trojan.Vundo) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\55a36e68.sys.vir (Rootkit.KernelBot) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(10).sys.vir (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(11).sys.vir (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(12).sys.vir (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(13).sys.vir (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(14).sys.vir (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(15).sys.vir (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(16).sys.vir (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(17).sys.vir (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(18).sys.vir (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(19).sys.vir (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(20).sys.vir (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(21).sys.vir (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(22).sys.vir (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(23).sys.vir (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(24).sys.vir (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(25).sys.vir (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(26).sys.vir (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(27).sys.vir (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(28).sys.vir (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(29).sys.vir (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(30).sys.vir (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(31).sys.vir (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(32).sys.vir (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(33).sys.vir (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(34).sys.vir (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(35).sys.vir (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(36).sys.vir (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(37).sys.vir (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(38).sys.vir (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(39).sys.vir (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(4).sys.vir (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(40).sys.vir (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(41).sys.vir (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(42).sys.vir (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(43).sys.vir (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(44).sys.vir (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(5).sys.vir (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(6).sys.vir (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(7).sys.vir (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(8).sys.vir (Rootkit.Agent) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Vqi08(9).sys.vir (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP11\A0002604.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP11\A0002613.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP11\A0002627.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP12\A0002643.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP12\A0002652.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP12\A0002661.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP12\A0002668.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP12\A0002678.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP12\A0002686.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP12\A0002695.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP13\A0003188.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP13\A0003194.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP14\A0004317.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP14\A0004332.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP15\A0004371.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP15\A0004381.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP15\A0004389.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP16\A0004397.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP16\A0005404.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP16\A0005424.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP16\A0005425.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP16\A0005435.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP16\A0005436.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP16\A0005445.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP16\A0005446.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP16\A0005455.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP16\A0005456.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP16\A0005463.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP16\A0005464.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP16\A0006478.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP16\A0006479.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP17\A0006554.exe (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP17\A0006570.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP17\A0006654.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP17\A0006655.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP17\A0006663.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP17\A0006664.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP17\A0006671.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP17\A0006672.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP17\A0006681.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP17\A0006682.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP17\A0006689.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP17\A0006690.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP17\A0006698.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP17\A0006699.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP17\A0006706.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP17\A0006707.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP17\A0006715.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP17\A0006716.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP17\A0006723.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP17\A0006731.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP17\A0006738.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP17\A0006745.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP17\A0006752.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP17\A0006760.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP17\A0006768.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP17\A0006781.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP17\A0006793.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP18\A0006831.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP18\A0006841.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP18\A0006865.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP18\A0006873.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP18\A0006883.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP18\A0006890.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP18\A0006896.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP18\A0006903.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP18\A0006912.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP18\A0006920.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP18\A0006930.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP18\A0006947.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP18\A0006955.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP18\A0006962.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP18\A0006970.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP18\A0006978.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP18\A0006986.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP18\A0006993.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP18\A0007001.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP18\A0007009.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP18\A0007017.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP18\A0007025.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP18\A0007033.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP18\A0007043.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP18\A0007050.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP18\A0007062.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP18\A0007070.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP18\A0007079.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP18\A0007093.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP18\A0007100.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP18\A0007114.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP18\A0007121.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP18\A0007129.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP18\A0007144.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP18\A0007152.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP18\A0007161.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP18\A0007170.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP18\A0007180.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP18\A0007188.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP19\A0008262.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP19\A0009269.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP2\A0000025.dll (Rogue.AntivirusXP2008) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP20\A0012785.exe (Adware.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP20\A0014042.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP20\A0014055.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP21\A0014135.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP21\A0014143.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP21\A0014155.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP21\A0014163.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP21\A0014171.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP22\A0014207.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP22\A0014213.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP22\A0014222.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP22\A0014230.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP22\A0014237.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP22\A0014265.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP24\A0015296.sys (Rootkit.KernelBot) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015526.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015527.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015528.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015529.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015530.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015531.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015532.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015533.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015534.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015535.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015536.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015538.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015539.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015540.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015541.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015542.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015543.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015544.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015545.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015546.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015547.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015549.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015550.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015551.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015552.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015553.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015554.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015555.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015556.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015557.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015558.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015559.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015560.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015561.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015562.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015563.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015564.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015565.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015566.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015567.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015568.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP26\A0015569.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP3\A0000036.exe (Trojan.Zlob) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP3\A0000037.exe (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP3\A0000038.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP3\A0000039.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP3\A0000042.exe (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP3\A0000058.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP3\A0000146.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP3\A0000157.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP3\A0000163.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP3\A0000173.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP3\A0000183.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP3\A0000193.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP4\A0000217.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP4\A0000224.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP4\A0000231.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP5\A0000290.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP7\A0000379.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP7\A0000386.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP7\A0000394.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP7\A0000414.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP7\A0000421.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP7\A0000427.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP7\A0000435.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP7\A0000444.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP7\A0000462.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP7\A0000480.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP7\A0000500.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP7\A0000510.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP8\A0000523.dll (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{B10180DB-3250-45F1-8F6A-E1EBE8B258FC}\RP9\A0002547.dll (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\wpx5.cpx (Trojan.Downloader) -> No action taken.
    C:\WINDOWS\system32\wpx6.cpx (Trojan.Downloader) -> No action taken.

    Je fais tout de suite la deuxième étape!
    7 Août 2008 18:39:28

    petit souci! j'ai beaucoup supprimer lorsqu'on me dit que la version est périmée ça ne change rien! c'est toujours périmé! je fais comment??
    8 Août 2008 11:59:13

    :hello:  Bonjour,

    Poste un nouveau rapport DSS scan, main.txt.

    ;) 
    8 Août 2008 13:38:30

    Salut,

    Voila le main.txt:

    Deckard's System Scanner v20071014.68
    Run by Lyn on 2008-08-08 13:37:19
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as Lyn.exe) -------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:37:22, on 08/08/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Softwin\BitDefender10\bdmcon.exe
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Lyn\Bureau\dss.exe
    C:\DOCUME~1\Lyn\Bureau\Lyn.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com//
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0cca191d-13a6-4e29-b746-314dee697d83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUpload...
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {4f1e5b1a-2a80-42ca-8532-2d05cb959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O16 - DPF: {a73baefa-ee65-494d-bedb-dd3e5a34fa98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://camera1.mairie-brest.fr/activex/AMC.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: Nero BackItUp Scheduler 3 (nero backitup scheduler 3) - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService (nmindexingservice) - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 6587 bytes

    -- Files created between 2008-07-08 and 2008-08-08 -----------------------------

    2008-08-07 18:38:24 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-08-07 18:23:36 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Macromedia
    2008-08-07 18:22:57 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Adobe
    2008-08-07 15:39:49 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-08-07 15:36:14 0 d-------- C:\Documents and Settings\Lyn\Application Data\Malwarebytes
    2008-08-07 15:36:11 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-07 15:36:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-03 11:21:43 0 d-------- C:\Program Files\DOKA Media
    2008-08-03 11:21:40 50 --a------ C:\DragonTilesMahjonggpath.sys
    2008-08-02 21:11:15 0 d-------- C:\Program Files\Cyanide
    2008-07-31 15:17:58 0 dr------- C:\Documents and Settings\LocalService\Favoris
    2008-07-30 11:30:03 51975 --a------ C:\qq.bin
    2008-07-18 20:35:33 4386816 --a------ C:\Documents and Settings\Lyn\ntuser.dat
    2008-07-15 17:42:10 0 d-------- C:\Program Files\Lavalys
    2008-07-14 11:56:38 0 d-------- C:\Program Files\Big Kahuna Reef 2 - Chain Reaction
    2008-07-14 11:53:29 0 --a------ C:\Program Files\temp01
    2008-07-14 11:53:28 0 d-------- C:\Program Files\bfgclient
    2008-07-14 11:52:37 0 d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
    2008-07-14 10:37:48 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
    2008-07-14 10:37:48 80412 --a------ C:\WINDOWS\grep.exe
    2008-07-14 10:30:13 0 d-------- C:\Documents and Settings\Lyn\Start Menu
    2008-07-14 10:28:31 68096 --a------ C:\WINDOWS\zip.exe
    2008-07-14 10:28:31 98816 --a------ C:\WINDOWS\sed.exe
    2008-07-14 10:28:30 49152 --a------ C:\WINDOWS\VFind.exe
    2008-07-14 10:28:30 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
    2008-07-14 10:28:30 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
    2008-07-14 10:28:30 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
    2008-07-10 16:30:50 0 d-------- C:\Program Files\MSXML 4.0
    2008-07-10 10:09:22 0 d-------- C:\Program Files\Xara
    2008-07-10 10:09:22 0 d-------- C:\Program Files\Common Files
    2008-07-08 11:24:16 0 d-------- C:\Program Files\Real
    2008-07-08 11:24:15 0 d-------- C:\Program Files\Fichiers communs\Real
    2008-07-08 11:24:15 0 d-------- C:\Documents and Settings\Lyn\Application Data\Real


    -- Find3M Report ---------------------------------------------------------------

    2008-08-08 13:35:27 81984 --a------ C:\WINDOWS\system32\bdod.bin
    2008-08-06 13:23:48 0 d-------- C:\Program Files\Fichiers communs
    2008-07-18 13:48:27 0 d-------- C:\Program Files\Windows Live Safety Center
    2008-07-07 21:10:17 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-07-07 21:10:14 0 d-------- C:\Program Files\Eidos Interactive
    2008-07-07 13:40:05 0 d-------- C:\Documents and Settings\Lyn\Application Data\Nero
    2008-07-07 13:38:58 0 d-------- C:\Program Files\Fichiers communs\Nero
    2008-07-07 13:35:10 0 d-------- C:\Program Files\Nero
    2008-07-06 18:37:36 0 d-------- C:\Documents and Settings\Lyn\Application Data\Sun
    2008-07-06 15:39:26 0 d-------- C:\Documents and Settings\Lyn\Application Data\Apple Computer
    2008-07-01 13:39:07 367896 --a------ C:\WINDOWS\system32\perfh00C.dat
    2008-07-01 13:39:07 48814 --a------ C:\WINDOWS\system32\perfc00C.dat
    2008-07-01 12:15:52 3730 --a------ C:\WINDOWS\system32\tmp.reg
    2008-07-01 11:51:36 17408 --a------ C:\WINDOWS\system32\svchost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2008-06-30 09:49:30 0 d-------- C:\Program Files\OpenOffice.org 2.4
    2008-06-30 09:48:07 0 d-------- C:\Documents and Settings\Lyn\Application Data\OpenOffice.org2
    2008-06-29 19:54:55 0 dr-h----- C:\Documents and Settings\Lyn\Application Data\SecuROM
    2008-06-29 19:40:39 0 d-------- C:\Program Files\KONAMI
    2008-06-29 18:59:00 0 d-------- C:\Documents and Settings\Lyn\Application Data\Adobe
    2008-06-29 16:41:59 0 d-------- C:\Program Files\Fichiers communs\Adobe
    2008-06-29 15:46:52 0 d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
    2008-06-29 15:46:20 0 d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared(2)
    2008-06-29 15:24:32 0 d-------- C:\Program Files\ahead
    2008-06-23 18:51:17 0 d-------- C:\Program Files\Microsoft Works
    2008-06-23 18:51:10 0 d-------- C:\Program Files\MSBuild
    2008-06-22 21:48:38 0 d-------- C:\Program Files\Axis Communications
    2008-06-22 17:15:23 0 d-------- C:\Program Files\Mojicon Installer
    2008-06-22 12:13:17 0 d-------- C:\Program Files\Microsoft Carioca
    2008-06-22 11:07:11 0 d-------- C:\Documents and Settings\Lyn\Application Data\Open Source Applications Foundation
    2008-06-20 23:06:03 0 d-------- C:\Documents and Settings\Lyn\Application Data\WinRAR
    2008-06-20 22:06:56 0 d-------- C:\Documents and Settings\Lyn\Application Data\vlc
    2008-06-20 22:05:49 0 d-------- C:\Program Files\VideoLAN
    2008-06-20 19:56:24 0 d-------- C:\Program Files\Messenger Plus! Live
    2008-06-19 22:19:33 0 d-------- C:\Documents and Settings\Lyn\Application Data\DAEMON Tools
    2008-06-19 20:51:05 0 d-------- C:\Program Files\Fichiers communs\PC SOFT
    2008-06-18 19:08:03 0 d-------- C:\Program Files\Google
    2008-06-17 17:52:21 0 d-------- C:\Program Files\Windows Live
    2008-06-17 17:51:18 0 d--hs--c- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-06-17 15:01:19 0 d-------- C:\Documents and Settings\Lyn\Application Data\Bitdefender
    2008-06-17 14:43:32 0 d-------- C:\Program Files\Fichiers communs\InstallShield
    2008-06-17 14:32:49 0 d-------- C:\Program Files\Realtek AC97
    2008-06-17 14:22:23 0 d-------- C:\Documents and Settings\Lyn\Application Data\Macromedia
    2008-06-17 14:04:31 0 d-------- C:\Program Files\QuickTime
    2008-06-17 14:04:02 0 d-------- C:\Program Files\Apple Software Update
    2008-06-17 13:53:40 0 d-------- C:\Program Files\Windows Media Connect 2
    2008-06-17 13:53:21 0 d-------- C:\Program Files\Java
    2008-06-17 13:52:23 0 d-------- C:\Program Files\Fichiers communs\Java
    2008-06-17 13:11:12 0 d-------- C:\Program Files\Fichiers communs\ODBC
    2008-06-17 13:11:09 0 d-------- C:\Program Files\Fichiers communs\SpeechEngines
    2008-06-17 13:10:41 62 --ahs---- C:\Documents and Settings\Lyn\Application Data\desktop.ini
    2008-06-17 12:34:01 0 d-------- C:\Program Files\Messenger
    2008-06-17 12:33:46 0 d-------- C:\Program Files\Movie Maker
    2008-06-17 12:32:07 0 d-------- C:\Program Files\Windows NT
    2008-06-17 12:07:19 0 d-------- C:\Program Files\Realtek Sound Manager
    2008-06-17 12:07:19 0 d-------- C:\Program Files\AvRack
    2008-06-17 12:01:39 0 --a------ C:\WINDOWS\nsreg.dat
    2008-06-17 12:01:37 0 d-------- C:\Documents and Settings\Lyn\Application Data\Mozilla
    2008-06-17 11:52:23 0 d-------- C:\Program Files\ATI Technologies
    2008-06-17 11:28:31 0 d-------- C:\Documents and Settings\Lyn\Application Data\Identities
    2008-06-17 11:24:48 0 d-------- C:\Program Files\microsoft frontpage
    2008-06-17 11:24:23 0 -rahs---- C:\MSDOS.SYS
    2008-06-17 11:24:23 0 -rahs---- C:\IO.SYS
    2008-06-17 11:24:23 0 --a------ C:\CONFIG.SYS
    2008-06-17 11:24:23 0 --a------ C:\AUTOEXEC.BAT
    2008-06-17 11:23:11 0 d--h----- C:\Program Files\WindowsUpdate
    2008-06-17 11:23:07 0 d-------- C:\Program Files\Services en ligne
    2008-06-17 11:22:19 0 d-------- C:\Program Files\Fichiers communs\MSSoap
    2008-06-17 11:21:35 21892 --a------ C:\WINDOWS\system32\emptyregdb.dat
    2008-06-17 11:20:45 0 d-------- C:\Program Files\Online Services
    2008-06-17 11:20:36 0 d-------- C:\Program Files\MSN Gaming Zone
    2008-05-29 09:35:36 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
    2008-05-23 18:21:42 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
    2008-05-18 21:40:36 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIModeChange"="Ati2mdxx.exe" [04/09/2001 15:24 C:\WINDOWS\system32\Ati2mdxx.exe]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [27/05/2008 10:50]
    "SoundMan"="SOUNDMAN.EXE" [16/04/2007 15:28 C:\WINDOWS\soundman.exe]
    "BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [02/04/2007 16:48]
    "BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [26/03/2007 15:49]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [15/07/2005 23:48]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [01/03/2007 15:57]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [08/08/2007 09:25]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [03/08/2007 12:51]

    C:\Documents and Settings\Lyn\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 19:16:50]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=0 (0x0)
    "HideLegacyLogonScripts"=0 (0x0)
    "HideLogoffScripts"=0 (0x0)
    "RunLogonScriptSync"=1 (0x1)
    "RunStartupScriptSync"=0 (0x0)
    "HideStartupScripts"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "HideLegacyLogonScripts"=0 (0x0)
    "HideLogoffScripts"=0 (0x0)
    "RunLogonScriptSync"=1 (0x1)
    "RunStartupScriptSync"=0 (0x0)
    "HideStartupScripts"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoSimpleStartMenu"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "NoActiveDesktopChanges"=00000000
    "NoActiveDesktop"=0 (0x0)
    "NoSaveSettings"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
    C:\WINDOWS\System32\dimsntfy.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=sockspy.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @="Volume shadow copy"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    eapsvcs eaphost
    dot3svc dot3svc

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    napagent
    hkmsvc




    -- End of Deckard's System Scanner: finished at 2008-08-08 13:37:56 ------------
    8 Août 2008 16:50:16

    :hello:  Bonjour,

    J'aimerais vérifier quelque chose ;) 

    D'abord je veux être sûr que tu puisses voir les fichiers/dossiers cachés :

    [~]Aller dans poste de travail/outils/option des dossiers/affichage/afficher les fichiers et dossiers cachés/Appliquer - - > OK
    [~]Aller dans poste de travail/outils/option des dossiers/affichage/décocher masquer les fichiers protégés du système d'exploitation./Appliquer - - > OK
    Tu recocheras après.

    [~] Poste de travail/outils/option des dossiers/affichage/décocher masquer les extensions dont le type est connu./Appliquer - - > OK

    Rends toi sur ce lien : Virus Total
  • Clique sur Parcourir
  • Rends toi jusque sur ce fichier si tu le trouves :

    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\spoolsv.exe

  • Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
  • Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
  • Une nouvelle fenêtre de ton navigateur va apparaître
  • Clique alors sur cette image :
  • Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  • Enfin colle le résultat dans ta prochaine réponse.
    Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
    Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.

    ;) 
    8 Août 2008 17:07:10

    je dois faire celà pour tous les fichiers??

    Voici pour svchost:

    Fichier svchost.exe reçu le 2008.08.08 17:04:16 (CET)Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.8.8.0 2008.08.08 -
    AntiVir 7.8.1.19 2008.08.08 -
    Authentium 5.1.0.4 2008.08.07 -
    Avast 4.8.1195.0 2008.08.07 Win32:p atched-CK
    AVG 8.0.0.156 2008.08.08 Win32/PEPatch.AO
    BitDefender 7.2 2008.08.08 Trojan.Patched.U
    CAT-QuickHeal 9.50 2008.08.08 Trojan.Patched.AA
    ClamAV 0.93.1 2008.08.08 Trojan.Agent-5069
    DrWeb 4.44.0.09170 2008.08.08 Trojan.Starter.384
    eSafe 7.0.17.0 2008.08.07 -
    eTrust-Vet 31.6.6019 2008.08.08 -
    Ewido 4.0 2008.08.08 -
    F-Prot 4.4.4.56 2008.08.07 W32/Patched.D.gen!Eldorado
    F-Secure 7.60.13501.0 2008.08.08 Trojan.Win32.Patched.aa
    Fortinet 3.14.0.0 2008.08.08 -
    GData 2.0.7306.1023 2008.08.08 Trojan.Win32.Patched.aa
    Ikarus T3.1.1.34.0 2008.08.08 Trojan.Win32.Patched.aa
    K7AntiVirus 7.10.408 2008.08.08 -
    Kaspersky 7.0.0.125 2008.08.08 Trojan.Win32.Patched.aa
    McAfee 5356 2008.08.07 W32/PEPatcher.c
    Microsoft 1.3807 2008.08.08 Trojan:Win32/Patched.B
    NOD32v2 3340 2008.08.08 Win32/TrojanProxy.Agent.NCI
    Norman 5.80.02 2008.08.08 W32/Patched.A
    Panda 9.0.0.4 2008.08.07 W32/Patchlog.D
    PCTools 4.4.2.0 2008.08.08 Win32.Agent.IMP
    Rising 20.56.41.00 2008.08.08 Trojan.Win32.Patched.aa
    Sophos 4.32.0 2008.08.08 W32/Liger-A
    Sunbelt 3.1.1537.1 2008.08.07 -
    Symantec 10 2008.08.08 -
    TheHacker 6.2.96.394 2008.08.08 -
    TrendMicro 8.700.0.1004 2008.08.08 PE_PATCHEP.A
    VBA32 3.12.8.3 2008.08.08 -
    ViRobot 2008.8.8.1329 2008.08.08 Win32.Patched.C
    VirusBuster 4.5.11.0 2008.08.07 Win32.Agent.IMP
    Webwasher-Gateway 6.6.2 2008.08.08 Virus.Win32.FileInfector.gen (suspicious)

    Information additionnelle
    File size: 17408 bytes
    MD5...: d84196f4bc2a42c626b53e9ffd9041f5
    SHA1..: 94098e2546e7435e47fa4dfe97cd41cb03d71c31
    SHA256: 83daca67ef389d955a7fbcab3ab48227b080ab7c43e457daaac29f1428747044
    SHA512: 2c39214403820fd322f75a47a98f5f0b67a977cd09038eec9f81dc1ed33bf3fe<BR>991551611f4151b1d9eb397a21fa17e6000a4b7537fd6c4e105fa06c6c4c59e5
    PEiD..: -
    PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1006000<BR>timedatestamp.....: 0x48025bc0 (Sun Apr 13 19:15:12 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x2c00 0x2c00 6.29 48331595af9d9d52b478844a07357653<BR>.data 0x4000 0x210 0x200 1.62 cbd504e46c836e09e8faabdcfbabaec2<BR>.rsrc 0x5000 0x2000 0x1200 1.54 8224de3075fd71adfa1c15da43a4fd39<BR><BR>( 4 imports ) <BR>> ADVAPI32.dll: RegQueryValueExW, SetSecurityDescriptorDacl, SetEntriesInAclW, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, GetTokenInformation, OpenProcessToken, OpenThreadToken, SetServiceStatus, RegisterServiceCtrlHandlerW, RegCloseKey, RegOpenKeyExW, StartServiceCtrlDispatcherW<BR>> KERNEL32.dll: HeapFree, GetLastError, WideCharToMultiByte, lstrlenW, LocalFree, GetCurrentProcess, GetCurrentThread, GetProcAddress, LoadLibraryExW, LeaveCriticalSection, HeapAlloc, EnterCriticalSection, LCMapStringW, FreeLibrary, lstrcpyW, ExpandEnvironmentStringsW, lstrcmpiW, ExitProcess, GetCommandLineW, InitializeCriticalSection, GetProcessHeap, SetErrorMode, SetUnhandledExceptionFilter, RegisterWaitForSingleObject, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, LocalAlloc, lstrcmpW, DelayLoadFailureHook<BR>> ntdll.dll: NtQuerySecurityObject, RtlFreeHeap, NtOpenKey, wcscat, wcscpy, RtlAllocateHeap, RtlCompareUnicodeString, RtlInitUnicodeString, RtlInitializeSid, RtlLengthRequiredSid, RtlSubAuthoritySid, NtClose, RtlSubAuthorityCountSid, RtlGetDaclSecurityDescriptor, RtlQueryInformationAcl, RtlGetAce, RtlImageNtHeader, wcslen, RtlUnhandledExceptionFilter, RtlCopySid<BR>> RPCRT4.dll: RpcServerUnregisterIfEx, RpcMgmtWaitServerListen, RpcMgmtSetServerStackSize, RpcServerUnregisterIf, RpcServerListen, RpcServerUseProtseqEpW, RpcServerRegisterIf, I_RpcMapWin32Status, RpcMgmtStopServerListening<BR><BR>( 0 exports ) <BR>

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.8.8.0 2008.08.08 -
    AntiVir 7.8.1.19 2008.08.08 -
    Authentium 5.1.0.4 2008.08.07 -
    Avast 4.8.1195.0 2008.08.07 Win32:p atched-CK
    AVG 8.0.0.156 2008.08.08 Win32/PEPatch.AO
    BitDefender 7.2 2008.08.08 Trojan.Patched.U
    CAT-QuickHeal 9.50 2008.08.08 Trojan.Patched.AA
    ClamAV 0.93.1 2008.08.08 Trojan.Agent-5069
    DrWeb 4.44.0.09170 2008.08.08 Trojan.Starter.384
    eSafe 7.0.17.0 2008.08.07 -
    eTrust-Vet 31.6.6019 2008.08.08 -
    Ewido 4.0 2008.08.08 -
    F-Prot 4.4.4.56 2008.08.07 W32/Patched.D.gen!Eldorado
    F-Secure 7.60.13501.0 2008.08.08 Trojan.Win32.Patched.aa
    Fortinet 3.14.0.0 2008.08.08 -
    GData 2.0.7306.1023 2008.08.08 Trojan.Win32.Patched.aa
    Ikarus T3.1.1.34.0 2008.08.08 Trojan.Win32.Patched.aa
    K7AntiVirus 7.10.408 2008.08.08 -
    Kaspersky 7.0.0.125 2008.08.08 Trojan.Win32.Patched.aa
    McAfee 5356 2008.08.07 W32/PEPatcher.c
    Microsoft 1.3807 2008.08.08 Trojan:Win32/Patched.B
    NOD32v2 3340 2008.08.08 Win32/TrojanProxy.Agent.NCI
    Norman 5.80.02 2008.08.08 W32/Patched.A
    Panda 9.0.0.4 2008.08.07 W32/Patchlog.D
    PCTools 4.4.2.0 2008.08.08 Win32.Agent.IMP
    Rising 20.56.41.00 2008.08.08 Trojan.Win32.Patched.aa
    Sophos 4.32.0 2008.08.08 W32/Liger-A
    Sunbelt 3.1.1537.1 2008.08.07 -
    Symantec 10 2008.08.08 -
    TheHacker 6.2.96.394 2008.08.08 -
    TrendMicro 8.700.0.1004 2008.08.08 PE_PATCHEP.A
    VBA32 3.12.8.3 2008.08.08 -
    ViRobot 2008.8.8.1329 2008.08.08 Win32.Patched.C
    VirusBuster 4.5.11.0 2008.08.07 Win32.Agent.IMP
    Webwasher-Gateway 6.6.2 2008.08.08 Virus.Win32.FileInfector.gen (suspicious)

    Information additionnelle
    File size: 17408 bytes
    MD5...: d84196f4bc2a42c626b53e9ffd9041f5
    SHA1..: 94098e2546e7435e47fa4dfe97cd41cb03d71c31
    SHA256: 83daca67ef389d955a7fbcab3ab48227b080ab7c43e457daaac29f1428747044
    SHA512: 2c39214403820fd322f75a47a98f5f0b67a977cd09038eec9f81dc1ed33bf3fe<BR>991551611f4151b1d9eb397a21fa17e6000a4b7537fd6c4e105fa06c6c4c59e5
    PEiD..: -
    PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1006000<BR>timedatestamp.....: 0x48025bc0 (Sun Apr 13 19:15:12 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x2c00 0x2c00 6.29 48331595af9d9d52b478844a07357653<BR>.data 0x4000 0x210 0x200 1.62 cbd504e46c836e09e8faabdcfbabaec2<BR>.rsrc 0x5000 0x2000 0x1200 1.54 8224de3075fd71adfa1c15da43a4fd39<BR><BR>( 4 imports ) <BR>> ADVAPI32.dll: RegQueryValueExW, SetSecurityDescriptorDacl, SetEntriesInAclW, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, GetTokenInformation, OpenProcessToken, OpenThreadToken, SetServiceStatus, RegisterServiceCtrlHandlerW, RegCloseKey, RegOpenKeyExW, StartServiceCtrlDispatcherW<BR>> KERNEL32.dll: HeapFree, GetLastError, WideCharToMultiByte, lstrlenW, LocalFree, GetCurrentProcess, GetCurrentThread, GetProcAddress, LoadLibraryExW, LeaveCriticalSection, HeapAlloc, EnterCriticalSection, LCMapStringW, FreeLibrary, lstrcpyW, ExpandEnvironmentStringsW, lstrcmpiW, ExitProcess, GetCommandLineW, InitializeCriticalSection, GetProcessHeap, SetErrorMode, SetUnhandledExceptionFilter, RegisterWaitForSingleObject, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, LocalAlloc, lstrcmpW, DelayLoadFailureHook<BR>> ntdll.dll: NtQuerySecurityObject, RtlFreeHeap, NtOpenKey, wcscat, wcscpy, RtlAllocateHeap, RtlCompareUnicodeString, RtlInitUnicodeString, RtlInitializeSid, RtlLengthRequiredSid, RtlSubAuthoritySid, NtClose, RtlSubAuthorityCountSid, RtlGetDaclSecurityDescriptor, RtlQueryInformationAcl, RtlGetAce, RtlImageNtHeader, wcslen, RtlUnhandledExceptionFilter, RtlCopySid<BR>> RPCRT4.dll: RpcServerUnregisterIfEx, RpcMgmtWaitServerListen, RpcMgmtSetServerStackSize, RpcServerUnregisterIf, RpcServerListen, RpcServerUseProtseqEpW, RpcServerRegisterIf, I_RpcMapWin32Status, RpcMgmtStopServerListening<BR><BR>( 0 exports ) <BR>

    8 Août 2008 17:10:11

    pour winlogon:

    Fichier winlogon.exe reçu le 2008.08.08 17:08:09 (CET)Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.8.8.0 2008.08.08 -
    AntiVir 7.8.1.19 2008.08.08 HEUR/Malware
    Authentium 5.1.0.4 2008.08.07 -
    Avast 4.8.1195.0 2008.08.07 Win32:p atched-CK
    AVG 8.0.0.156 2008.08.08 Win32/PEPatch.AO
    BitDefender 7.2 2008.08.08 Trojan.Patched.U
    CAT-QuickHeal 9.50 2008.08.08 Trojan.Patched.AA
    ClamAV 0.93.1 2008.08.08 Trojan.Agent-5069
    DrWeb 4.44.0.09170 2008.08.08 Trojan.Starter.384
    eSafe 7.0.17.0 2008.08.07 -
    eTrust-Vet 31.6.6019 2008.08.08 -
    Ewido 4.0 2008.08.08 -
    F-Prot 4.4.4.56 2008.08.07 W32/Patched.D.gen!Eldorado
    F-Secure 7.60.13501.0 2008.08.08 Trojan.Win32.Patched.aa
    Fortinet 3.14.0.0 2008.08.08 -
    GData 2.0.7306.1023 2008.08.08 Trojan.Win32.Patched.aa
    Ikarus T3.1.1.34.0 2008.08.08 Trojan.Win32.Patched.i
    K7AntiVirus 7.10.408 2008.08.08 -
    Kaspersky 7.0.0.125 2008.08.08 Trojan.Win32.Patched.aa
    McAfee 5356 2008.08.07 W32/PEPatcher.c
    Microsoft 1.3807 2008.08.08 Trojan:Win32/Patched.B
    NOD32v2 3340 2008.08.08 Win32/TrojanProxy.Agent.NCI
    Norman 5.80.02 2008.08.08 W32/Patched.A
    Panda 9.0.0.4 2008.08.07 W32/PatchLog.gen
    PCTools 4.4.2.0 2008.08.08 Win32.Agent.IMP
    Prevx1 V2 2008.08.08 -
    Rising 20.56.41.00 2008.08.08 Trojan.Win32.Patched.aa
    Sophos 4.32.0 2008.08.08 W32/Liger-A
    Sunbelt 3.1.1537.1 2008.08.07 -
    Symantec 10 2008.08.08 -
    TheHacker 6.2.96.394 2008.08.08 -
    TrendMicro 8.700.0.1004 2008.08.08 PE_PATCHEP.A
    VBA32 3.12.8.3 2008.08.08 -
    ViRobot 2008.8.8.1329 2008.08.08 Win32.Patched.C
    VirusBuster 4.5.11.0 2008.08.07 Win32.Agent.IMP
    Webwasher-Gateway 6.6.2 2008.08.08 Heuristic.Malware

    Information additionnelle
    File size: 516096 bytes
    MD5...: cb0ee548caf0c5a8e8c7660ec35a37b7
    SHA1..: 490b8251fcec3b68612c5f5ad4fdc7067350964a
    SHA256: 5e54c04d44270ddb821bc53c6c46d16c09fca5d924a734c881687b4634db46fd
    SHA512: 1cb8ef53c94b3cb729d58ab8f635a414d36cfc67944019b2b20164806dce53ac<BR>faeb6d060c644802fd533380e6555a2b97692eb3afde4e04589fa5d239e10239
    PEiD..: -
    PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1082000<BR>timedatestamp.....: 0x48027549 (Sun Apr 13 21:04:09 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x70991 0x70a00 6.82 82b1e7e83279c56e34dc6c6e8c33f81d<BR>.data 0x72000 0x4e70 0x2000 6.28 44bd27282514b5e3a27b570106930d8d<BR>.rsrc 0x77000 0xc000 0xb200 3.49 a63f48724b565bed9353bb6dfd0c3c04<BR><BR>( 20 imports ) <BR>> ADVAPI32.dll: ConvertStringSecurityDescriptorToSecurityDescriptorA, A_SHAInit, A_SHAUpdate, A_SHAFinal, LsaStorePrivateData, LsaRetrievePrivateData, LsaNtStatusToWinError, CryptGetUserKey, CryptGetKeyParam, CryptEncrypt, CryptSetProvParam, CryptSignHashW, CryptDeriveKey, CryptGetProvParam, RegOpenCurrentUser, RegDeleteKeyW, AddAccessAllowedAceEx, RegSetKeySecurity, I_ScSendTSMessage, MD5Init, MD5Update, MD5Final, SetFileSecurityA, AllocateLocallyUniqueId, LsaOpenPolicy, LsaQueryInformationPolicy, LsaFreeMemory, LsaClose, RegNotifyChangeKeyValue, QueryServiceConfigW, SetKernelObjectSecurity, ConvertStringSecurityDescriptorToSecurityDescriptorW, RegEnumKeyExW, GetCurrentHwProfileW, RegCloseKey, RegQueryValueExW, RegOpenKeyW, FreeSid, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, AddAccessAllowedAce, InitializeAcl, GetLengthSid, AllocateAndInitializeSid, RegOpenKeyExW, CreateProcessAsUserW, DuplicateTokenEx, CloseServiceHandle, ControlService, StartServiceW, QueryServiceStatus, OpenServiceW, OpenSCManagerW, EqualSid, GetTokenInformation, RegSetValueExW, RegCreateKeyExW, CryptGenRandom, CryptDestroyHash, CryptVerifySignatureW, CryptSetHashParam, CryptGetHashParam, CryptHashData, CryptCreateHash, CryptDecrypt, ReportEventW, RegisterEventSourceW, CryptImportKey, CryptAcquireContextW, CryptReleaseContext, CryptDestroyKey, RegEnumValueW, RegQueryInfoKeyW, RegDeleteValueW, CredFree, CredDeleteW, CredEnumerateW, CopySid, GetSidLengthRequired, GetSidSubAuthority, GetSidSubAuthorityCount, GetUserNameW, OpenThreadToken, EnumServicesStatusW, ImpersonateLoggedOnUser, RegQueryValueExA, CheckTokenMembership, DeregisterEventSource, LsaGetUserName, RevertToSelf, LookupAccountSidW, IsValidSid, SetTokenInformation, LogonUserW, LookupAccountNameW, OpenProcessToken, SynchronizeWindows31FilesAndWindowsNTRegistry, QueryWindows31FilesMigration, AdjustTokenPrivileges, RegQueryInfoKeyA<BR>> AUTHZ.dll: AuthzInitializeResourceManager, AuthzAccessCheck, AuthziFreeAuditEventType, AuthziInitializeAuditEvent, AuthziInitializeAuditParams, AuthziInitializeAuditEventType, AuthziLogAuditEvent, AuthzFreeAuditEvent, AuthzFreeResourceManager, AuthzFreeHandle<BR>> CRYPT32.dll: CryptImportPublicKeyInfo, CryptVerifyMessageSignature, CertCreateCertificateContext, CertSetCertificateContextProperty, CertVerifyCertificateChainPolicy, CryptSignMessage, CertCloseStore, CertComparePublicKeyInfo, CryptExportPublicKeyInfo, CertFindExtension, CryptDecryptMessage, CertGetCertificateContextProperty, CertAddCertificateContextToStore, CertOpenStore, CertVerifySubjectCertificateContext, CertGetIssuerCertificateFromStore, CertDuplicateCertificateContext, CertFreeCertificateContext, CertEnumCertificatesInStore, CryptImportPublicKeyInfoEx<BR>> GDI32.dll: RemoveFontResourceW, AddFontResourceW<BR>> KERNEL32.dll: WTSGetActiveConsoleSessionId, GetTimeFormatW, GetUserDefaultLCID, FileTimeToSystemTime, FileTimeToLocalFileTime, GetProcAddress, LoadLibraryW, GetModuleHandleW, SystemTimeToFileTime, GetSystemTime, SetLastError, TerminateProcess, GetCurrentProcess, CreateTimerQueueTimer, CreateThread, lstrcpynW, GetShortPathNameW, GetProfileStringW, FreeLibrary, ReleaseSemaphore, CreateSemaphoreW, GetSystemInfo, GetComputerNameW, GetEnvironmentVariableW, WaitForSingleObjectEx, LoadResource, FindResourceW, SetThreadExecutionState, DeleteTimerQueueTimer, ResetEvent, GetSystemDirectoryW, TransactNamedPipe, SetNamedPipeHandleState, GetTickCount, CreateFileW, GlobalGetAtomNameW, VirtualLock, VirtualQuery, GetDriveTypeW, Beep, ExpandEnvironmentStringsW, OpenMutexW, QueueUserWorkItem, LeaveCriticalSection, EnterCriticalSection, DisconnectNamedPipe, SearchPathW, lstrcatW, LocalReAlloc, TerminateThread, ResumeThread, GetDiskFreeSpaceExW, GlobalMemoryStatusEx, DeleteFileW, WriteProfileStringW, ReadFile, FindVolumeClose, FindNextVolumeW, FindFirstVolumeW, FormatMessageW, SetPriorityClass, MoveFileExW, WaitForMultipleObjectsEx, GetExitCodeProcess, SleepEx, InterlockedExchange, FindClose, FindFirstFileW, GetWindowsDirectoryW, SetTimerQueueTimer, GetComputerNameA, GetVersionExW, VerSetConditionMask, WriteFile, WaitNamedPipeW, WaitForMultipleObjects, ConnectNamedPipe, GetVersionExA, DuplicateHandle, OpenProcess, GetOverlappedResult, lstrcmpW, SetEnvironmentVariableW, UnregisterWait, CreateNamedPipeW, CreateRemoteThread, CreateActCtxW, GetModuleFileNameW, ExitProcess, LoadLibraryExW, SetErrorMode, SetUnhandledExceptionFilter, GetPrivateProfileStringW, LocalSize, VirtualAlloc, VirtualQueryEx, DebugBreak, CreateFileA, InitializeCriticalSection, ProcessIdToSessionId, SetInformationJobObject, AssignProcessToJobObject, TerminateJobObject, PostQueuedCompletionStatus, PulseEvent, GetQueuedCompletionStatus, CreateIoCompletionPort, CreateJobObjectW, ActivateActCtx, DeactivateActCtx, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetSystemTimeAsFileTime, UnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, GetCurrentProcessId, SetThreadPriority, GetCurrentThreadId, lstrcmpiW, GetProfileIntW, LoadLibraryExA, lstrcpyW, lstrlenW, Sleep, LocalAlloc, CreateEventW, GetExitCodeThread, SetThreadAffinityMask, GetProcessAffinityMask, CreateWaitableTimerW, CreateMutexW, OpenEventW, RegisterWaitForSingleObject, WaitForSingleObject, CreateProcessW, SetWaitableTimer, ReleaseMutex, SetEvent, UnregisterWaitEx, CloseHandle, lstrlenA, lstrcpyA, MultiByteToWideChar, GetACP, WideCharToMultiByte, HeapAlloc, GetProcessHeap, HeapFree, lstrcpynA, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, lstrcmpiA, GetFileSize, SetFilePointer, GlobalAlloc, GlobalFree, GetLastError, LocalFree, lstrcatA, lstrcmpA, GetLogicalDriveStringsA, GetDriveTypeA, GetVolumeInformationW, GlobalMemoryStatus, CreateMutexA, FindResourceExW, LockResource, SizeofResource, VerifyVersionInfoW, GetSystemDirectoryA, GetCurrentThread, DelayLoadFailureHook, BaseInitAppcompatCacheSupport, OpenProfileUserMapping, CloseProfileUserMapping, BaseCleanupAppcompatCacheSupport, InitializeCriticalSectionAndSpinCount, VirtualProtect, CreateEventA, TlsSetValue, TlsGetValue, DeleteCriticalSection, TlsAlloc, VirtualFree, TlsFree<BR>> msvcrt.dll: wcslen, _vsnwprintf, wcsncpy, wcsstr, atoi, wcstok, memmove, wcschr, swprintf, swscanf, _local_unwind2, _wcslwr, wcscmp, _snwprintf, malloc, _c_exit, _exit, _XcptFilter, _cexit, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, __3@YAXPAX@Z, __2@YAPAXI@Z, __CxxFrameHandler, _itow, _snprintf, _wtol, _strnicmp, sscanf, wcstombs, sprintf, strchr, strncmp, atof, _ftol, isspace, wcscpy, _controlfp, wcsncmp, _wcsupr, ceil, wcscat, _except_handler3, free, _wcsicmp<BR>> NDdeApi.dll: -, -, -, -<BR>> ntdll.dll: RtlSubAuthoritySid, RtlAllocateHeap, NtPowerInformation, NtSetSystemPowerState, NtRaiseHardError, RtlDeleteCriticalSection, NtOpenSymbolicLinkObject, NtReplyPort, NtCompleteConnectPort, NtReplyWaitReceivePort, NtAcceptConnectPort, NtCreatePort, RtlConvertSidToUnicodeString, RtlFreeUnicodeString, NtLockProductActivationKeys, RtlTimeToTimeFields, NtUnmapViewOfSection, NtMapViewOfSection, NtOpenSection, NtQuerySymbolicLinkObject, NtQueryVolumeInformationFile, NtSetSecurityObject, RtlAdjustPrivilege, NtOpenFile, NtFsControlFile, RtlAllocateAndInitializeSid, RtlDestroyEnvironment, RtlFreeHeap, NtQueryInformationToken, NtShutdownSystem, RtlEnterCriticalSection, RtlLeaveCriticalSection, RtlInitializeCriticalSection, RtlCreateEnvironment, RtlQueryEnvironmentVariable_U, RtlSetEnvironmentVariable, RtlInitUnicodeString, NtOpenKey, NtQueryValueKey, RtlInitializeSid, RtlLengthRequiredSid, NtAllocateLocallyUniqueId, RtlGetDaclSecurityDescriptor, RtlCopySid, RtlLengthSid, NtSetInformationThread, NtDuplicateToken, NtDuplicateObject, RtlEqualSid, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, NtClose, RtlOpenCurrentUser, RtlAddAce, RtlCreateAcl, RtlNtStatusToDosError, NtSetInformationProcess, NtQuerySystemInformation, NtCreateEvent, NtCreatePagingFile, RtlDosPathNameToNtPathName_U, RtlRegisterWait, NtSetValueKey, NtCreateKey, RtlTimeToSecondsSince1980, NtQuerySystemTime, NtPrivilegeObjectAuditAlarm, NtPrivilegeCheck, NtOpenThreadToken, NtOpenProcessToken, RtlInitString, RtlUnhandledExceptionFilter, NtQueryInformationProcess, DbgBreakPoint, RtlCheckProcessParameters, RtlSetThreadIsCritical, RtlSetProcessIsCritical, RtlGetNtProductType, NtInitiatePowerAction, DbgPrint, NtFilterToken, NtQueryInformationJobObject, NtOpenEvent, RtlGetAce, RtlQueryInformationAcl, NtQuerySecurityObject, RtlCompareUnicodeString, NtOpenDirectoryObject<BR>> PROFMAP.dll: InitializeProfileMappingApi, RemapAndMoveUserW<BR>> PSAPI.DLL: EnumProcesses, EnumProcessModules, GetModuleBaseNameW<BR>> REGAPI.dll: RegDefaultUserConfigQueryW, RegUserConfigQuery<BR>> RPCRT4.dll: RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcImpersonateClient, I_RpcMapWin32Status, RpcServerRegisterIf, RpcGetAuthorizationContextForClient, RpcFreeAuthorizationContext, RpcServerListen, RpcRevertToSelf, NdrServerCall2, UuidCreate<BR>> Secur32.dll: LsaCallAuthenticationPackage, GetUserNameExW, LsaLookupAuthenticationPackage, LsaRegisterLogonProcess<BR>> SETUPAPI.dll: SetupDiDestroyDeviceInfoList, SetupDiEnumDeviceInfo, SetupDiGetClassDevsW, SetupDiGetDeviceRegistryPropertyW<BR>> USER32.dll: SetFocus, EnumWindows, CreateWindowStationW, RegisterLogonProcess, RecordShutdownReason, LoadLocalFonts, UnhookWindowsHook, SetWindowsHookW, GetWindowTextW, CallNextHookEx, DialogBoxParamW, GetWindowPlacement, GetSystemMenu, DeleteMenu, SetWindowPlacement, SetUserObjectInformationW, GetAsyncKeyState, PostThreadMessageW, SetUserObjectSecurity, CreateDesktopW, GetMessageTime, SetTimer, SetLogonNotifyWindow, UnlockWindowStation, ReplyMessage, UnregisterHotKey, RegisterHotKey, OpenInputDesktop, GetUserObjectInformationW, CloseDesktop, RegisterDeviceNotificationW, SetThreadDesktop, CreateWindowExW, GetMessageW, TranslateMessage, RegisterWindowMessageW, RegisterClassW, SetCursor, FindWindowW, MessageBoxW, SendNotifyMessageW, PostQuitMessage, MsgWaitForMultipleObjects, GetWindowRect, GetSystemMetrics, PeekMessageW, DispatchMessageW, KillTimer, SetProcessWindowStation, UpdateWindow, ShowWindow, SetWindowPos, PostMessageW, ExitWindowsEx, EnumDisplayMonitors, SystemParametersInfoW, GetDlgItem, SendMessageW, CreateDialogParamW, DestroyWindow, GetWindowLongW, GetDlgItemTextW, EndDialog, SetWindowLongW, LoadStringW, SetWindowTextW, SetDlgItemTextW, wsprintfW, wsprintfA, LockWindowStation, MBToWCSEx, SetWindowStationUser, UpdatePerUserSystemParameters, DialogBoxIndirectParamW, wvsprintfW, SetLastErrorEx, LoadCursorW, CheckDlgButton, IsDlgButtonChecked, DefWindowProcW, CloseWindowStation, LoadImageW, GetParent, GetKeyState, GetDesktopWindow, SetForegroundWindow, SwitchDesktop, OpenDesktopW<BR>> USERENV.dll: -, WaitForUserPolicyForegroundProcessing, GetAllUsersProfileDirectoryW, -, -, -, WaitForMachinePolicyForegroundProcessing, -, -, -, UnloadUserProfile, LoadUserProfileW, -, RegisterGPNotification, CreateEnvironmentBlock, DestroyEnvironmentBlock, UnregisterGPNotification, GetUserProfileDirectoryW<BR>> VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW<BR>> WINSTA.dll: WinStationRequestSessionsList, WinStationQueryLogonCredentialsW, WinStationIsHelpAssistantSession, WinStationAutoReconnect, _WinStationWaitForConnect, _WinStationNotifyLogoff, WinStationDisconnect, _WinStationCallback, WinStationNameFromLogonIdW, _WinStationFUSCanRemoteUserDisconnect, WinStationEnumerate_IndexedW, WinStationGetMachinePolicy, WinStationQueryInformationW, WinStationFreeMemory, WinStationReset, _WinStationNotifyDisconnectPipe, WinStationConnectW, WinStationSetInformationW, WinStationShutdownSystem, WinStationCheckLoopBack, _WinStationNotifyLogon<BR>> WINTRUST.dll: CryptCATAdminEnumCatalogFromHash, CryptCATCatalogInfoFromContext, CryptCATAdminCalcHashFromFileHandle, CryptCATAdminAcquireContext, CryptCATAdminReleaseCatalogContext, WTHelperProvDataFromStateData, WinVerifyTrust, WTHelperGetProvSignerFromChain, CryptCATAdminReleaseContext<BR>> WS2_32.dll: -, -, getaddrinfo<BR><BR>( 0 exports ) <BR>

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.8.8.0 2008.08.08 -
    AntiVir 7.8.1.19 2008.08.08 HEUR/Malware
    Authentium 5.1.0.4 2008.08.07 -
    Avast 4.8.1195.0 2008.08.07 Win32:p atched-CK
    AVG 8.0.0.156 2008.08.08 Win32/PEPatch.AO
    BitDefender 7.2 2008.08.08 Trojan.Patched.U
    CAT-QuickHeal 9.50 2008.08.08 Trojan.Patched.AA
    ClamAV 0.93.1 2008.08.08 Trojan.Agent-5069
    DrWeb 4.44.0.09170 2008.08.08 Trojan.Starter.384
    eSafe 7.0.17.0 2008.08.07 -
    eTrust-Vet 31.6.6019 2008.08.08 -
    Ewido 4.0 2008.08.08 -
    F-Prot 4.4.4.56 2008.08.07 W32/Patched.D.gen!Eldorado
    F-Secure 7.60.13501.0 2008.08.08 Trojan.Win32.Patched.aa
    Fortinet 3.14.0.0 2008.08.08 -
    GData 2.0.7306.1023 2008.08.08 Trojan.Win32.Patched.aa
    Ikarus T3.1.1.34.0 2008.08.08 Trojan.Win32.Patched.i
    K7AntiVirus 7.10.408 2008.08.08 -
    Kaspersky 7.0.0.125 2008.08.08 Trojan.Win32.Patched.aa
    McAfee 5356 2008.08.07 W32/PEPatcher.c
    Microsoft 1.3807 2008.08.08 Trojan:Win32/Patched.B
    NOD32v2 3340 2008.08.08 Win32/TrojanProxy.Agent.NCI
    Norman 5.80.02 2008.08.08 W32/Patched.A
    Panda 9.0.0.4 2008.08.07 W32/PatchLog.gen
    PCTools 4.4.2.0 2008.08.08 Win32.Agent.IMP
    Prevx1 V2 2008.08.08 -
    Rising 20.56.41.00 2008.08.08 Trojan.Win32.Patched.aa
    Sophos 4.32.0 2008.08.08 W32/Liger-A
    Sunbelt 3.1.1537.1 2008.08.07 -
    Symantec 10 2008.08.08 -
    TheHacker 6.2.96.394 2008.08.08 -
    TrendMicro 8.700.0.1004 2008.08.08 PE_PATCHEP.A
    VBA32 3.12.8.3 2008.08.08 -
    ViRobot 2008.8.8.1329 2008.08.08 Win32.Patched.C
    VirusBuster 4.5.11.0 2008.08.07 Win32.Agent.IMP
    Webwasher-Gateway 6.6.2 2008.08.08 Heuristic.Malware

    Information additionnelle
    File size: 516096 bytes
    MD5...: cb0ee548caf0c5a8e8c7660ec35a37b7
    SHA1..: 490b8251fcec3b68612c5f5ad4fdc7067350964a
    SHA256: 5e54c04d44270ddb821bc53c6c46d16c09fca5d924a734c881687b4634db46fd
    SHA512: 1cb8ef53c94b3cb729d58ab8f635a414d36cfc67944019b2b20164806dce53ac<BR>faeb6d060c644802fd533380e6555a2b97692eb3afde4e04589fa5d239e10239
    PEiD..: -
    PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1082000<BR>timedatestamp.....: 0x48027549 (Sun Apr 13 21:04:09 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x70991 0x70a00 6.82 82b1e7e83279c56e34dc6c6e8c33f81d<BR>.data 0x72000 0x4e70 0x2000 6.28 44bd27282514b5e3a27b570106930d8d<BR>.rsrc 0x77000 0xc000 0xb200 3.49 a63f48724b565bed9353bb6dfd0c3c04<BR><BR>( 20 imports ) <BR>> ADVAPI32.dll: ConvertStringSecurityDescriptorToSecurityDescriptorA, A_SHAInit, A_SHAUpdate, A_SHAFinal, LsaStorePrivateData, LsaRetrievePrivateData, LsaNtStatusToWinError, CryptGetUserKey, CryptGetKeyParam, CryptEncrypt, CryptSetProvParam, CryptSignHashW, CryptDeriveKey, CryptGetProvParam, RegOpenCurrentUser, RegDeleteKeyW, AddAccessAllowedAceEx, RegSetKeySecurity, I_ScSendTSMessage, MD5Init, MD5Update, MD5Final, SetFileSecurityA, AllocateLocallyUniqueId, LsaOpenPolicy, LsaQueryInformationPolicy, LsaFreeMemory, LsaClose, RegNotifyChangeKeyValue, QueryServiceConfigW, SetKernelObjectSecurity, ConvertStringSecurityDescriptorToSecurityDescriptorW, RegEnumKeyExW, GetCurrentHwProfileW, RegCloseKey, RegQueryValueExW, RegOpenKeyW, FreeSid, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, AddAccessAllowedAce, InitializeAcl, GetLengthSid, AllocateAndInitializeSid, RegOpenKeyExW, CreateProcessAsUserW, DuplicateTokenEx, CloseServiceHandle, ControlService, StartServiceW, QueryServiceStatus, OpenServiceW, OpenSCManagerW, EqualSid, GetTokenInformation, RegSetValueExW, RegCreateKeyExW, CryptGenRandom, CryptDestroyHash, CryptVerifySignatureW, CryptSetHashParam, CryptGetHashParam, CryptHashData, CryptCreateHash, CryptDecrypt, ReportEventW, RegisterEventSourceW, CryptImportKey, CryptAcquireContextW, CryptReleaseContext, CryptDestroyKey, RegEnumValueW, RegQueryInfoKeyW, RegDeleteValueW, CredFree, CredDeleteW, CredEnumerateW, CopySid, GetSidLengthRequired, GetSidSubAuthority, GetSidSubAuthorityCount, GetUserNameW, OpenThreadToken, EnumServicesStatusW, ImpersonateLoggedOnUser, RegQueryValueExA, CheckTokenMembership, DeregisterEventSource, LsaGetUserName, RevertToSelf, LookupAccountSidW, IsValidSid, SetTokenInformation, LogonUserW, LookupAccountNameW, OpenProcessToken, SynchronizeWindows31FilesAndWindowsNTRegistry, QueryWindows31FilesMigration, AdjustTokenPrivileges, RegQueryInfoKeyA<BR>> AUTHZ.dll: AuthzInitializeResourceManager, AuthzAccessCheck, AuthziFreeAuditEventType, AuthziInitializeAuditEvent, AuthziInitializeAuditParams, AuthziInitializeAuditEventType, AuthziLogAuditEvent, AuthzFreeAuditEvent, AuthzFreeResourceManager, AuthzFreeHandle<BR>> CRYPT32.dll: CryptImportPublicKeyInfo, CryptVerifyMessageSignature, CertCreateCertificateContext, CertSetCertificateContextProperty, CertVerifyCertificateChainPolicy, CryptSignMessage, CertCloseStore, CertComparePublicKeyInfo, CryptExportPublicKeyInfo, CertFindExtension, CryptDecryptMessage, CertGetCertificateContextProperty, CertAddCertificateContextToStore, CertOpenStore, CertVerifySubjectCertificateContext, CertGetIssuerCertificateFromStore, CertDuplicateCertificateContext, CertFreeCertificateContext, CertEnumCertificatesInStore, CryptImportPublicKeyInfoEx<BR>> GDI32.dll: RemoveFontResourceW, AddFontResourceW<BR>> KERNEL32.dll: WTSGetActiveConsoleSessionId, GetTimeFormatW, GetUserDefaultLCID, FileTimeToSystemTime, FileTimeToLocalFileTime, GetProcAddress, LoadLibraryW, GetModuleHandleW, SystemTimeToFileTime, GetSystemTime, SetLastError, TerminateProcess, GetCurrentProcess, CreateTimerQueueTimer, CreateThread, lstrcpynW, GetShortPathNameW, GetProfileStringW, FreeLibrary, ReleaseSemaphore, CreateSemaphoreW, GetSystemInfo, GetComputerNameW, GetEnvironmentVariableW, WaitForSingleObjectEx, LoadResource, FindResourceW, SetThreadExecutionState, DeleteTimerQueueTimer, ResetEvent, GetSystemDirectoryW, TransactNamedPipe, SetNamedPipeHandleState, GetTickCount, CreateFileW, GlobalGetAtomNameW, VirtualLock, VirtualQuery, GetDriveTypeW, Beep, ExpandEnvironmentStringsW, OpenMutexW, QueueUserWorkItem, LeaveCriticalSection, EnterCriticalSection, DisconnectNamedPipe, SearchPathW, lstrcatW, LocalReAlloc, TerminateThread, ResumeThread, GetDiskFreeSpaceExW, GlobalMemoryStatusEx, DeleteFileW, WriteProfileStringW, ReadFile, FindVolumeClose, FindNextVolumeW, FindFirstVolumeW, FormatMessageW, SetPriorityClass, MoveFileExW, WaitForMultipleObjectsEx, GetExitCodeProcess, SleepEx, InterlockedExchange, FindClose, FindFirstFileW, GetWindowsDirectoryW, SetTimerQueueTimer, GetComputerNameA, GetVersionExW, VerSetConditionMask, WriteFile, WaitNamedPipeW, WaitForMultipleObjects, ConnectNamedPipe, GetVersionExA, DuplicateHandle, OpenProcess, GetOverlappedResult, lstrcmpW, SetEnvironmentVariableW, UnregisterWait, CreateNamedPipeW, CreateRemoteThread, CreateActCtxW, GetModuleFileNameW, ExitProcess, LoadLibraryExW, SetErrorMode, SetUnhandledExceptionFilter, GetPrivateProfileStringW, LocalSize, VirtualAlloc, VirtualQueryEx, DebugBreak, CreateFileA, InitializeCriticalSection, ProcessIdToSessionId, SetInformationJobObject, AssignProcessToJobObject, TerminateJobObject, PostQueuedCompletionStatus, PulseEvent, GetQueuedCompletionStatus, CreateIoCompletionPort, CreateJobObjectW, ActivateActCtx, DeactivateActCtx, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetSystemTimeAsFileTime, UnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, GetCurrentProcessId, SetThreadPriority, GetCurrentThreadId, lstrcmpiW, GetProfileIntW, LoadLibraryExA, lstrcpyW, lstrlenW, Sleep, LocalAlloc, CreateEventW, GetExitCodeThread, SetThreadAffinityMask, GetProcessAffinityMask, CreateWaitableTimerW, CreateMutexW, OpenEventW, RegisterWaitForSingleObject, WaitForSingleObject, CreateProcessW, SetWaitableTimer, ReleaseMutex, SetEvent, UnregisterWaitEx, CloseHandle, lstrlenA, lstrcpyA, MultiByteToWideChar, GetACP, WideCharToMultiByte, HeapAlloc, GetProcessHeap, HeapFree, lstrcpynA, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, lstrcmpiA, GetFileSize, SetFilePointer, GlobalAlloc, GlobalFree, GetLastError, LocalFree, lstrcatA, lstrcmpA, GetLogicalDriveStringsA, GetDriveTypeA, GetVolumeInformationW, GlobalMemoryStatus, CreateMutexA, FindResourceExW, LockResource, SizeofResource, VerifyVersionInfoW, GetSystemDirectoryA, GetCurrentThread, DelayLoadFailureHook, BaseInitAppcompatCacheSupport, OpenProfileUserMapping, CloseProfileUserMapping, BaseCleanupAppcompatCacheSupport, InitializeCriticalSectionAndSpinCount, VirtualProtect, CreateEventA, TlsSetValue, TlsGetValue, DeleteCriticalSection, TlsAlloc, VirtualFree, TlsFree<BR>> msvcrt.dll: wcslen, _vsnwprintf, wcsncpy, wcsstr, atoi, wcstok, memmove, wcschr, swprintf, swscanf, _local_unwind2, _wcslwr, wcscmp, _snwprintf, malloc, _c_exit, _exit, _XcptFilter, _cexit, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, __3@YAXPAX@Z, __2@YAPAXI@Z, __CxxFrameHandler, _itow, _snprintf, _wtol, _strnicmp, sscanf, wcstombs, sprintf, strchr, strncmp, atof, _ftol, isspace, wcscpy, _controlfp, wcsncmp, _wcsupr, ceil, wcscat, _except_handler3, free, _wcsicmp<BR>> NDdeApi.dll: -, -, -, -<BR>> ntdll.dll: RtlSubAuthoritySid, RtlAllocateHeap, NtPowerInformation, NtSetSystemPowerState, NtRaiseHardError, RtlDeleteCriticalSection, NtOpenSymbolicLinkObject, NtReplyPort, NtCompleteConnectPort, NtReplyWaitReceivePort, NtAcceptConnectPort, NtCreatePort, RtlConvertSidToUnicodeString, RtlFreeUnicodeString, NtLockProductActivationKeys, RtlTimeToTimeFields, NtUnmapViewOfSection, NtMapViewOfSection, NtOpenSection, NtQuerySymbolicLinkObject, NtQueryVolumeInformationFile, NtSetSecurityObject, RtlAdjustPrivilege, NtOpenFile, NtFsControlFile, RtlAllocateAndInitializeSid, RtlDestroyEnvironment, RtlFreeHeap, NtQueryInformationToken, NtShutdownSystem, RtlEnterCriticalSection, RtlLeaveCriticalSection, RtlInitializeCriticalSection, RtlCreateEnvironment, RtlQueryEnvironmentVariable_U, RtlSetEnvironmentVariable, RtlInitUnicodeString, NtOpenKey, NtQueryValueKey, RtlInitializeSid, RtlLengthRequiredSid, NtAllocateLocallyUniqueId, RtlGetDaclSecurityDescriptor, RtlCopySid, RtlLengthSid, NtSetInformationThread, NtDuplicateToken, NtDuplicateObject, RtlEqualSid, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, NtClose, RtlOpenCurrentUser, RtlAddAce, RtlCreateAcl, RtlNtStatusToDosError, NtSetInformationProcess, NtQuerySystemInformation, NtCreateEvent, NtCreatePagingFile, RtlDosPathNameToNtPathName_U, RtlRegisterWait, NtSetValueKey, NtCreateKey, RtlTimeToSecondsSince1980, NtQuerySystemTime, NtPrivilegeObjectAuditAlarm, NtPrivilegeCheck, NtOpenThreadToken, NtOpenProcessToken, RtlInitString, RtlUnhandledExceptionFilter, NtQueryInformationProcess, DbgBreakPoint, RtlCheckProcessParameters, RtlSetThreadIsCritical, RtlSetProcessIsCritical, RtlGetNtProductType, NtInitiatePowerAction, DbgPrint, NtFilterToken, NtQueryInformationJobObject, NtOpenEvent, RtlGetAce, RtlQueryInformationAcl, NtQuerySecurityObject, RtlCompareUnicodeString, NtOpenDirectoryObject<BR>> PROFMAP.dll: InitializeProfileMappingApi, RemapAndMoveUserW<BR>> PSAPI.DLL: EnumProcesses, EnumProcessModules, GetModuleBaseNameW<BR>> REGAPI.dll: RegDefaultUserConfigQueryW, RegUserConfigQuery<BR>> RPCRT4.dll: RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcImpersonateClient, I_RpcMapWin32Status, RpcServerRegisterIf, RpcGetAuthorizationContextForClient, RpcFreeAuthorizationContext, RpcServerListen, RpcRevertToSelf, NdrServerCall2, UuidCreate<BR>> Secur32.dll: LsaCallAuthenticationPackage, GetUserNameExW, LsaLookupAuthenticationPackage, LsaRegisterLogonProcess<BR>> SETUPAPI.dll: SetupDiDestroyDeviceInfoList, SetupDiEnumDeviceInfo, SetupDiGetClassDevsW, SetupDiGetDeviceRegistryPropertyW<BR>> USER32.dll: SetFocus, EnumWindows, CreateWindowStationW, RegisterLogonProcess, RecordShutdownReason, LoadLocalFonts, UnhookWindowsHook, SetWindowsHookW, GetWindowTextW, CallNextHookEx, DialogBoxParamW, GetWindowPlacement, GetSystemMenu, DeleteMenu, SetWindowPlacement, SetUserObjectInformationW, GetAsyncKeyState, PostThreadMessageW, SetUserObjectSecurity, CreateDesktopW, GetMessageTime, SetTimer, SetLogonNotifyWindow, UnlockWindowStation, ReplyMessage, UnregisterHotKey, RegisterHotKey, OpenInputDesktop, GetUserObjectInformationW, CloseDesktop, RegisterDeviceNotificationW, SetThreadDesktop, CreateWindowExW, GetMessageW, TranslateMessage, RegisterWindowMessageW, RegisterClassW, SetCursor, FindWindowW, MessageBoxW, SendNotifyMessageW, PostQuitMessage, MsgWaitForMultipleObjects, GetWindowRect, GetSystemMetrics, PeekMessageW, DispatchMessageW, KillTimer, SetProcessWindowStation, UpdateWindow, ShowWindow, SetWindowPos, PostMessageW, ExitWindowsEx, EnumDisplayMonitors, SystemParametersInfoW, GetDlgItem, SendMessageW, CreateDialogParamW, DestroyWindow, GetWindowLongW, GetDlgItemTextW, EndDialog, SetWindowLongW, LoadStringW, SetWindowTextW, SetDlgItemTextW, wsprintfW, wsprintfA, LockWindowStation, MBToWCSEx, SetWindowStationUser, UpdatePerUserSystemParameters, DialogBoxIndirectParamW, wvsprintfW, SetLastErrorEx, LoadCursorW, CheckDlgButton, IsDlgButtonChecked, DefWindowProcW, CloseWindowStation, LoadImageW, GetParent, GetKeyState, GetDesktopWindow, SetForegroundWindow, SwitchDesktop, OpenDesktopW<BR>> USERENV.dll: -, WaitForUserPolicyForegroundProcessing, GetAllUsersProfileDirectoryW, -, -, -, WaitForMachinePolicyForegroundProcessing, -, -, -, UnloadUserProfile, LoadUserProfileW, -, RegisterGPNotification, CreateEnvironmentBlock, DestroyEnvironmentBlock, UnregisterGPNotification, GetUserProfileDirectoryW<BR>> VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW<BR>> WINSTA.dll: WinStationRequestSessionsList, WinStationQueryLogonCredentialsW, WinStationIsHelpAssistantSession, WinStationAutoReconnect, _WinStationWaitForConnect, _WinStationNotifyLogoff, WinStationDisconnect, _WinStationCallback, WinStationNameFromLogonIdW, _WinStationFUSCanRemoteUserDisconnect, WinStationEnumerate_IndexedW, WinStationGetMachinePolicy, WinStationQueryInformationW, WinStationFreeMemory, WinStationReset, _WinStationNotifyDisconnectPipe, WinStationConnectW, WinStationSetInformationW, WinStationShutdownSystem, WinStationCheckLoopBack, _WinStationNotifyLogon<BR>> WINTRUST.dll: CryptCATAdminEnumCatalogFromHash, CryptCATCatalogInfoFromContext, CryptCATAdminCalcHashFromFileHandle, CryptCATAdminAcquireContext, CryptCATAdminReleaseCatalogContext, WTHelperProvDataFromStateData, WinVerifyTrust, WTHelperGetProvSignerFromChain, CryptCATAdminReleaseContext<BR>> WS2_32.dll: -, -, getaddrinfo<BR><BR>( 0 exports ) <BR>

    8 Août 2008 17:11:56

    pour explorer:

    Fichier explorer.exe reçu le 2008.08.08 17:10:43 (CET)Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.8.8.0 2008.08.08 -
    AntiVir 7.8.1.19 2008.08.08 HEUR/Malware
    Authentium 5.1.0.4 2008.08.07 -
    Avast 4.8.1195.0 2008.08.07 Win32:p atched-CK
    AVG 8.0.0.156 2008.08.08 Win32/PEPatch.AO
    BitDefender 7.2 2008.08.08 Trojan.Patched.U
    CAT-QuickHeal 9.50 2008.08.08 Trojan.Patched.AA
    ClamAV 0.93.1 2008.08.08 Trojan.Agent-5069
    DrWeb 4.44.0.09170 2008.08.08 Trojan.Starter.384
    eSafe 7.0.17.0 2008.08.07 -
    eTrust-Vet 31.6.6019 2008.08.08 -
    Ewido 4.0 2008.08.08 -
    F-Prot 4.4.4.56 2008.08.07 W32/Patched.D.gen!Eldorado
    F-Secure 7.60.13501.0 2008.08.08 Trojan.Win32.Patched.aa
    Fortinet 3.14.0.0 2008.08.08 -
    GData 2.0.7306.1023 2008.08.08 Trojan.Win32.Patched.aa
    Ikarus T3.1.1.34.0 2008.08.08 Trojan.Win32.Patched.bl
    K7AntiVirus 7.10.408 2008.08.08 -
    Kaspersky 7.0.0.125 2008.08.08 Trojan.Win32.Patched.aa
    McAfee 5356 2008.08.07 W32/PEPatcher.c
    Microsoft 1.3807 2008.08.08 Trojan:Win32/Patched.B
    NOD32v2 3340 2008.08.08 Win32/TrojanProxy.Agent.NCI
    Norman 5.80.02 2008.08.08 W32/Patched.A
    Panda 9.0.0.4 2008.08.07 W32/PatchLog.gen
    PCTools 4.4.2.0 2008.08.08 Win32.Agent.IMP
    Prevx1 V2 2008.08.08 -
    Rising 20.56.41.00 2008.08.08 Trojan.Win32.Patched.aa
    Sophos 4.32.0 2008.08.08 W32/Liger-A
    Sunbelt 3.1.1537.1 2008.08.07 -
    Symantec 10 2008.08.08 -
    TheHacker 6.2.96.394 2008.08.08 -
    TrendMicro 8.700.0.1004 2008.08.08 PE_PATCHEP.A
    VBA32 3.12.8.3 2008.08.08 -
    ViRobot 2008.8.8.1329 2008.08.08 Win32.Patched.C
    VirusBuster 4.5.11.0 2008.08.08 Win32.Agent.IMP
    Webwasher-Gateway 6.6.2 2008.08.08 Heuristic.Malware

    Information additionnelle
    File size: 1040384 bytes
    MD5...: 1258395fe10e3aa3838d4268937f0637
    SHA1..: 9d9350e9037ff026b17c5772337e57a88ef9fbed
    SHA256: 56cb5ead474a1bd69b3df3ebbd625b2b5a183240f429e2f307dca28a883b4521
    SHA512: f7fe5b7a57dd88eaa7fa790a9f7263fadf884dc069218b2fa2d99cd1ff5d02d8<BR>9abe2701bd468ebb567b3589bf9b44223a399ed48abf01ecdd2f4e3942ad62a2
    PEiD..: -
    PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1100000<BR>timedatestamp.....: 0x48025c30 (Sun Apr 13 19:17:04 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x44c09 0x44e00 6.38 013207a9f70ec52b78392db51f333ff0<BR>.data 0x46000 0x1db4 0x1800 1.30 983f35021232560eaaa99fcbc1b7d359<BR>.rsrc 0x48000 0xb3280 0xb3400 6.63 e73694f42fb4ef5e9b8ea017fcf60103<BR>.reloc 0xfc000 0x5000 0x4200 6.32 7270006a88eb9a0871048ac10d253f58<BR><BR>( 13 imports ) <BR>> ADVAPI32.dll: RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW<BR>> BROWSEUI.dll: -, -, -, -<BR>> GDI32.dll: GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, CreateRectRgnIndirect, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, SetTextColor, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode<BR>> KERNEL32.dll: GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, OpenEventW, DelayLoadFailureHook, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, GetFileAttributesExW, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, MulDiv, InitializeCriticalSectionAndSpinCount, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, RegisterWaitForSingleObject<BR>> msvcrt.dll: _itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf<BR>> ntdll.dll: RtlNtStatusToDosError, NtQueryInformationProcess<BR>> ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop<BR>> OLEAUT32.dll: -, -<BR>> SHDOCVW.dll: -, -, -<BR>> SHELL32.dll: -, -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHGetSpecialFolderLocation, ShellExecuteExW, -, -, -, SHGetSpecialFolderPathW, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -<BR>> SHLWAPI.dll: StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, -, StrCmpNW, -, -<BR>> USER32.dll: TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, CopyRect, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, PtInRect, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, ModifyMenuW, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW<BR>> UxTheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed<BR><BR>( 0 exports ) <BR>

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.8.8.0 2008.08.08 -
    AntiVir 7.8.1.19 2008.08.08 HEUR/Malware
    Authentium 5.1.0.4 2008.08.07 -
    Avast 4.8.1195.0 2008.08.07 Win32:p atched-CK
    AVG 8.0.0.156 2008.08.08 Win32/PEPatch.AO
    BitDefender 7.2 2008.08.08 Trojan.Patched.U
    CAT-QuickHeal 9.50 2008.08.08 Trojan.Patched.AA
    ClamAV 0.93.1 2008.08.08 Trojan.Agent-5069
    DrWeb 4.44.0.09170 2008.08.08 Trojan.Starter.384
    eSafe 7.0.17.0 2008.08.07 -
    eTrust-Vet 31.6.6019 2008.08.08 -
    Ewido 4.0 2008.08.08 -
    F-Prot 4.4.4.56 2008.08.07 W32/Patched.D.gen!Eldorado
    F-Secure 7.60.13501.0 2008.08.08 Trojan.Win32.Patched.aa
    Fortinet 3.14.0.0 2008.08.08 -
    GData 2.0.7306.1023 2008.08.08 Trojan.Win32.Patched.aa
    Ikarus T3.1.1.34.0 2008.08.08 Trojan.Win32.Patched.bl
    K7AntiVirus 7.10.408 2008.08.08 -
    Kaspersky 7.0.0.125 2008.08.08 Trojan.Win32.Patched.aa
    McAfee 5356 2008.08.07 W32/PEPatcher.c
    Microsoft 1.3807 2008.08.08 Trojan:Win32/Patched.B
    NOD32v2 3340 2008.08.08 Win32/TrojanProxy.Agent.NCI
    Norman 5.80.02 2008.08.08 W32/Patched.A
    Panda 9.0.0.4 2008.08.07 W32/PatchLog.gen
    PCTools 4.4.2.0 2008.08.08 Win32.Agent.IMP
    Prevx1 V2 2008.08.08 -
    Rising 20.56.41.00 2008.08.08 Trojan.Win32.Patched.aa
    Sophos 4.32.0 2008.08.08 W32/Liger-A
    Sunbelt 3.1.1537.1 2008.08.07 -
    Symantec 10 2008.08.08 -
    TheHacker 6.2.96.394 2008.08.08 -
    TrendMicro 8.700.0.1004 2008.08.08 PE_PATCHEP.A
    VBA32 3.12.8.3 2008.08.08 -
    ViRobot 2008.8.8.1329 2008.08.08 Win32.Patched.C
    VirusBuster 4.5.11.0 2008.08.08 Win32.Agent.IMP
    Webwasher-Gateway 6.6.2 2008.08.08 Heuristic.Malware

    Information additionnelle
    File size: 1040384 bytes
    MD5...: 1258395fe10e3aa3838d4268937f0637
    SHA1..: 9d9350e9037ff026b17c5772337e57a88ef9fbed
    SHA256: 56cb5ead474a1bd69b3df3ebbd625b2b5a183240f429e2f307dca28a883b4521
    SHA512: f7fe5b7a57dd88eaa7fa790a9f7263fadf884dc069218b2fa2d99cd1ff5d02d8<BR>9abe2701bd468ebb567b3589bf9b44223a399ed48abf01ecdd2f4e3942ad62a2
    PEiD..: -
    PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1100000<BR>timedatestamp.....: 0x48025c30 (Sun Apr 13 19:17:04 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x44c09 0x44e00 6.38 013207a9f70ec52b78392db51f333ff0<BR>.data 0x46000 0x1db4 0x1800 1.30 983f35021232560eaaa99fcbc1b7d359<BR>.rsrc 0x48000 0xb3280 0xb3400 6.63 e73694f42fb4ef5e9b8ea017fcf60103<BR>.reloc 0xfc000 0x5000 0x4200 6.32 7270006a88eb9a0871048ac10d253f58<BR><BR>( 13 imports ) <BR>> ADVAPI32.dll: RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW<BR>> BROWSEUI.dll: -, -, -, -<BR>> GDI32.dll: GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, CreateRectRgnIndirect, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, SetTextColor, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode<BR>> KERNEL32.dll: GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, OpenEventW, DelayLoadFailureHook, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, GetFileAttributesExW, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, MulDiv, InitializeCriticalSectionAndSpinCount, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, RegisterWaitForSingleObject<BR>> msvcrt.dll: _itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf<BR>> ntdll.dll: RtlNtStatusToDosError, NtQueryInformationProcess<BR>> ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop<BR>> OLEAUT32.dll: -, -<BR>> SHDOCVW.dll: -, -, -<BR>> SHELL32.dll: -, -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHGetSpecialFolderLocation, ShellExecuteExW, -, -, -, SHGetSpecialFolderPathW, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -<BR>> SHLWAPI.dll: StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, -, StrCmpNW, -, -<BR>> USER32.dll: TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, CopyRect, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, PtInRect, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, ModifyMenuW, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW<BR>> UxTheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed<BR><BR>( 0 exports ) <BR>

    8 Août 2008 17:23:24

    POUR services.exe:

    Fichier services.exe reçu le 2008.08.08 17:12:51 (CET)Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.8.8.0 2008.08.08 -
    AntiVir 7.8.1.19 2008.08.08 -
    Authentium 5.1.0.4 2008.08.07 -
    Avast 4.8.1195.0 2008.08.07 Win32:p atched-CK
    AVG 8.0.0.156 2008.08.08 Win32/PEPatch.AO
    BitDefender 7.2 2008.08.08 Trojan.Patched.U
    CAT-QuickHeal 9.50 2008.08.08 Trojan.Patched.AA
    ClamAV 0.93.1 2008.08.08 Trojan.Agent-5069
    DrWeb 4.44.0.09170 2008.08.08 Trojan.Starter.384
    eSafe 7.0.17.0 2008.08.07 -
    eTrust-Vet 31.6.6019 2008.08.08 -
    Ewido 4.0 2008.08.08 -
    F-Prot 4.4.4.56 2008.08.07 W32/Patched.D.gen!Eldorado
    F-Secure 7.60.13501.0 2008.08.08 Trojan.Win32.Patched.aa
    Fortinet 3.14.0.0 2008.08.08 -
    GData 2.0.7306.1023 2008.08.08 Trojan.Win32.Patched.aa
    Ikarus T3.1.1.34.0 2008.08.08 Trojan.Win32.Patched.aa
    K7AntiVirus 7.10.408 2008.08.08 -
    Kaspersky 7.0.0.125 2008.08.08 Trojan.Win32.Patched.aa
    McAfee 5356 2008.08.07 W32/PEPatcher.c
    Microsoft 1.3807 2008.08.08 Trojan:Win32/Patched.B
    NOD32v2 3340 2008.08.08 Win32/TrojanProxy.Agent.NCI
    Norman 5.80.02 2008.08.08 W32/Patched.A
    Panda 9.0.0.4 2008.08.07 W32/PatchLog.gen
    PCTools 4.4.2.0 2008.08.08 Win32.Agent.IMP
    Prevx1 V2 2008.08.08 -
    Rising 20.56.41.00 2008.08.08 Trojan.Win32.Patched.aa
    Sophos 4.32.0 2008.08.08 W32/Liger-A
    Sunbelt 3.1.1537.1 2008.08.07 -
    Symantec 10 2008.08.08 -
    TheHacker 6.2.96.394 2008.08.08 -
    TrendMicro 8.700.0.1004 2008.08.08 PE_PATCHEP.A
    VBA32 3.12.8.3 2008.08.08 -
    ViRobot 2008.8.8.1329 2008.08.08 Win32.Patched.C
    VirusBuster 4.5.11.0 2008.08.08 Win32.Agent.IMP
    Webwasher-Gateway 6.6.2 2008.08.08 Virus.Win32.FileInfector.gen (suspicious)

    Information additionnelle
    File size: 111104 bytes
    MD5...: 93dc1f26d67aead03619279949e45def
    SHA1..: 7f2087dd9e4f1e0ce0cb4fc92c2f1238dd6d2b51
    SHA256: 009450723388059a8326aa56dac968c38338a309eefa283c190283bfb185b95f
    SHA512: cff2ff217106f4b101b13c28fac7571f81242b55f05cfc8e3d52eb16130ec934<BR>5484f5c3c10121a776b8b92b916bc16bf2e4b249689d704cfd145613749166c8
    PEiD..: -
    PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x101c000<BR>timedatestamp.....: 0x48025b9a (Sun Apr 13 19:14:34 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x18f35 0x19000 6.26 4571e262e3906fedeb3474de2eb99b33<BR>.data 0x1a000 0xa30 0xc00 1.78 486e711917101f0eb3dc0d8986335fee<BR>.rsrc 0x1b000 0x2000 0x1200 2.90 ebc3bf8cf126f8cb9b18326f12af127b<BR><BR>( 10 imports ) <BR>> ADVAPI32.dll: RegOpenKeyW, ConvertSidToStringSidW, LogonUserExW, LsaStorePrivateData, LsaLookupNames, LsaQueryInformationPolicy, OpenThreadToken, RegNotifyChangeKeyValue, InitializeSecurityDescriptor, StartServiceCtrlDispatcherW, RegisterServiceCtrlHandlerW, SetServiceStatus, SystemFunction029, SystemFunction005, CheckTokenMembership, FreeSid, AllocateAndInitializeSid, SetSecurityDescriptorOwner, GetSecurityDescriptorDacl, GetLengthSid, CopySid, InitializeAcl, AddAce, SetSecurityDescriptorDacl, LsaOpenPolicy, LsaLookupSids, LsaFreeMemory, LsaClose, ImpersonateLoggedOnUser, CreateProcessAsUserW, GetTokenInformation, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, InitiateSystemShutdownW, RevertToSelf<BR>> KERNEL32.dll: TerminateProcess, SetProcessShutdownParameters, lstrcmpiW, FormatMessageW, ExitThread, ReleaseMutex, DelayLoadFailureHook, RaiseException, GetExitCodeThread, SetErrorMode, SetUnhandledExceptionFilter, LoadLibraryA, QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcess, UnhandledExceptionFilter, GetModuleHandleA, CreateMutexW, LocalAlloc, LocalFree, Sleep, LeaveCriticalSection, EnterCriticalSection, SetLastError, CloseHandle, CreateThread, GetLastError, CreateProcessW, ExpandEnvironmentStringsW, InitializeCriticalSection, HeapAlloc, HeapFree, SetConsoleCtrlHandler, WaitForSingleObject, HeapCreate, FreeLibrary, GetProcAddress, GetModuleHandleExW, InterlockedCompareExchange, CreateNamedPipeW, ReadFile, CancelIo, GetOverlappedResult, WaitForMultipleObjects, ConnectNamedPipe, TransactNamedPipe, WriteFile, GetTickCount, GetSystemTimeAsFileTime, GetModuleHandleW, GetComputerNameW, CreateEventW, SetEvent, ResetEvent, DeviceIoControl, CreateFileW, ResumeThread, GetCurrentProcessId, LoadLibraryW, GetDriveTypeW, OpenEventW, GetCurrentThread<BR>> msvcrt.dll: wcsrchr, time, _except_handler3, memmove, wcschr, _c_exit, _exit, _XcptFilter, _cexit, _wcsicmp, exit, __initenv, __getmainargs, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _controlfp, wcslen, wcsncmp, _wtol, wcscpy, _itow, _wcsnicmp, wcscat, _initterm, wcsncpy, wcscspn, _ultow<BR>> NCObjAPI.DLL: WmiSetAndCommitObject, WmiEventSourceConnect, WmiCreateObjectWithFormat<BR>> ntdll.dll: RtlCreateAcl, NtCreateKey, NtQueryValueKey, NtSetValueKey, NtDeleteValueKey, NtEnumerateKey, NtQuerySecurityObject, RtlFreeHeap, NtOpenKey, NtDeleteKey, RtlSetControlSecurityDescriptor, RtlValidSecurityDescriptor, RtlLengthSecurityDescriptor, NtPrivilegeObjectAuditAlarm, NtPrivilegeCheck, NtOpenThreadToken, NtAccessCheckAndAuditAlarm, NtSetInformationThread, NtAdjustPrivilegesToken, NtDuplicateToken, NtOpenProcessToken, NtQueryInformationToken, RtlQuerySecurityObject, RtlAddAccessAllowedAce, RtlValidRelativeSecurityDescriptor, RtlMapGenericMask, RtlCopyUnicodeString, NtSetInformationFile, NtQueryInformationFile, RtlAppendUnicodeStringToString, RtlAppendUnicodeToString, NtWaitForSingleObject, NtQueryDirectoryFile, NtDeleteFile, NtSetInformationProcess, RtlUnhandledExceptionFilter, NtSetEvent, RtlGetAce, RtlQueryInformationAcl, RtlGetDaclSecurityDescriptor, RtlAllocateHeap, RtlCreateSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlConvertSharedToExclusive, RtlConvertExclusiveToShared, RtlRegisterWait, RtlGetNtProductType, RtlEqualUnicodeString, RtlLengthSid, RtlCopySid, RtlUnicodeStringToAnsiString, RtlInitAnsiString, RtlAnsiStringToUnicodeString, RtlNewSecurityObject, RtlAddAce, RtlSetOwnerSecurityDescriptor, RtlSetGroupSecurityDescriptor, RtlSetSaclSecurityDescriptor, RtlSubAuthorityCountSid, NtOpenDirectoryObject, NtQueryDirectoryObject, RtlCompareUnicodeString, NtLoadDriver, NtUnloadDriver, RtlExpandEnvironmentStrings_U, RtlAdjustPrivilege, NtFlushKey, NtOpenFile, RtlDosPathNameToNtPathName_U, NtOpenSymbolicLinkObject, NtQuerySymbolicLinkObject, RtlFreeUnicodeString, RtlAreAllAccessesGranted, NtDeleteObjectAuditAlarm, NtCloseObjectAuditAlarm, RtlQueueWorkItem, RtlCopyLuid, RtlDeregisterWait, RtlReleaseResource, RtlAcquireResourceExclusive, RtlAcquireResourceShared, RtlInitializeResource, RtlDeleteSecurityObject, RtlLockBootStatusData, RtlGetSetBootStatusData, RtlUnlockBootStatusData, NtInitializeRegistry, NtQueryKey, NtClose, RtlInitUnicodeString, NtSetSystemEnvironmentValue, RtlNtStatusToDosError, NtShutdownSystem, RtlSetSecurityObject, RtlMakeSelfRelativeSD, RtlInitializeSid, RtlLengthRequiredSid, RtlSubAuthoritySid, NtSetSecurityObject<BR>> RPCRT4.dll: RpcServerRegisterAuthInfoW, RpcBindingFree, RpcEpResolveBinding, RpcBindingFromStringBindingW, RpcStringBindingComposeW, NdrClientCall2, RpcAsyncCompleteCall, RpcAsyncInitializeHandle, NdrAsyncServerCall, NdrAsyncClientCall, RpcMgmtStopServerListening, RpcMgmtWaitServerListen, NdrServerCall2, I_RpcBindingIsClientLocal, RpcRevertToSelf, I_RpcMapWin32Status, RpcImpersonateClient, RpcStringBindingParseW, RpcStringFreeW, RpcBindingToStringBindingW, RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcServerRegisterIf, RpcServerListen, RpcServerUnregisterIf<BR>> SCESRV.dll: ScesrvInitializeServer, ScesrvTerminateServer<BR>> umpnpmgr.dll: RegisterScmCallback, PNP_SetActiveService, PNP_GetDeviceRegProp, PNP_GetDeviceListSize, PNP_GetDeviceList, PNP_HwProfFlags, RegisterServiceNotification, DeleteServicePlugPlayRegKeys<BR>> USER32.dll: wsprintfW, BroadcastSystemMessageW, MessageBoxW, LoadStringW, RegisterServicesProcess<BR>> USERENV.dll: UnloadUserProfile, CreateEnvironmentBlock, LoadUserProfileW, DestroyEnvironmentBlock<BR><BR>( 0 exports ) <BR>

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.8.8.0 2008.08.08 -
    AntiVir 7.8.1.19 2008.08.08 -
    Authentium 5.1.0.4 2008.08.07 -
    Avast 4.8.1195.0 2008.08.07 Win32:p atched-CK
    AVG 8.0.0.156 2008.08.08 Win32/PEPatch.AO
    BitDefender 7.2 2008.08.08 Trojan.Patched.U
    CAT-QuickHeal 9.50 2008.08.08 Trojan.Patched.AA
    ClamAV 0.93.1 2008.08.08 Trojan.Agent-5069
    DrWeb 4.44.0.09170 2008.08.08 Trojan.Starter.384
    eSafe 7.0.17.0 2008.08.07 -
    eTrust-Vet 31.6.6019 2008.08.08 -
    Ewido 4.0 2008.08.08 -
    F-Prot 4.4.4.56 2008.08.07 W32/Patched.D.gen!Eldorado
    F-Secure 7.60.13501.0 2008.08.08 Trojan.Win32.Patched.aa
    Fortinet 3.14.0.0 2008.08.08 -
    GData 2.0.7306.1023 2008.08.08 Trojan.Win32.Patched.aa
    Ikarus T3.1.1.34.0 2008.08.08 Trojan.Win32.Patched.aa
    K7AntiVirus 7.10.408 2008.08.08 -
    Kaspersky 7.0.0.125 2008.08.08 Trojan.Win32.Patched.aa
    McAfee 5356 2008.08.07 W32/PEPatcher.c
    Microsoft 1.3807 2008.08.08 Trojan:Win32/Patched.B
    NOD32v2 3340 2008.08.08 Win32/TrojanProxy.Agent.NCI
    Norman 5.80.02 2008.08.08 W32/Patched.A
    Panda 9.0.0.4 2008.08.07 W32/PatchLog.gen
    PCTools 4.4.2.0 2008.08.08 Win32.Agent.IMP
    Prevx1 V2 2008.08.08 -
    Rising 20.56.41.00 2008.08.08 Trojan.Win32.Patched.aa
    Sophos 4.32.0 2008.08.08 W32/Liger-A
    Sunbelt 3.1.1537.1 2008.08.07 -
    Symantec 10 2008.08.08 -
    TheHacker 6.2.96.394 2008.08.08 -
    TrendMicro 8.700.0.1004 2008.08.08 PE_PATCHEP.A
    VBA32 3.12.8.3 2008.08.08 -
    ViRobot 2008.8.8.1329 2008.08.08 Win32.Patched.C
    VirusBuster 4.5.11.0 2008.08.08 Win32.Agent.IMP
    Webwasher-Gateway 6.6.2 2008.08.08 Virus.Win32.FileInfector.gen (suspicious)

    Information additionnelle
    File size: 111104 bytes
    MD5...: 93dc1f26d67aead03619279949e45def
    SHA1..: 7f2087dd9e4f1e0ce0cb4fc92c2f1238dd6d2b51
    SHA256: 009450723388059a8326aa56dac968c38338a309eefa283c190283bfb185b95f
    SHA512: cff2ff217106f4b101b13c28fac7571f81242b55f05cfc8e3d52eb16130ec934<BR>5484f5c3c10121a776b8b92b916bc16bf2e4b249689d704cfd145613749166c8
    PEiD..: -
    PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x101c000<BR>timedatestamp.....: 0x48025b9a (Sun Apr 13 19:14:34 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x18f35 0x19000 6.26 4571e262e3906fedeb3474de2eb99b33<BR>.data 0x1a000 0xa30 0xc00 1.78 486e711917101f0eb3dc0d8986335fee<BR>.rsrc 0x1b000 0x2000 0x1200 2.90 ebc3bf8cf126f8cb9b18326f12af127b<BR><BR>( 10 imports ) <BR>> ADVAPI32.dll: RegOpenKeyW, ConvertSidToStringSidW, LogonUserExW, LsaStorePrivateData, LsaLookupNames, LsaQueryInformationPolicy, OpenThreadToken, RegNotifyChangeKeyValue, InitializeSecurityDescriptor, StartServiceCtrlDispatcherW, RegisterServiceCtrlHandlerW, SetServiceStatus, SystemFunction029, SystemFunction005, CheckTokenMembership, FreeSid, AllocateAndInitializeSid, SetSecurityDescriptorOwner, GetSecurityDescriptorDacl, GetLengthSid, CopySid, InitializeAcl, AddAce, SetSecurityDescriptorDacl, LsaOpenPolicy, LsaLookupSids, LsaFreeMemory, LsaClose, ImpersonateLoggedOnUser, CreateProcessAsUserW, GetTokenInformation, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, InitiateSystemShutdownW, RevertToSelf<BR>> KERNEL32.dll: TerminateProcess, SetProcessShutdownParameters, lstrcmpiW, FormatMessageW, ExitThread, ReleaseMutex, DelayLoadFailureHook, RaiseException, GetExitCodeThread, SetErrorMode, SetUnhandledExceptionFilter, LoadLibraryA, QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcess, UnhandledExceptionFilter, GetModuleHandleA, CreateMutexW, LocalAlloc, LocalFree, Sleep, LeaveCriticalSection, EnterCriticalSection, SetLastError, CloseHandle, CreateThread, GetLastError, CreateProcessW, ExpandEnvironmentStringsW, InitializeCriticalSection, HeapAlloc, HeapFree, SetConsoleCtrlHandler, WaitForSingleObject, HeapCreate, FreeLibrary, GetProcAddress, GetModuleHandleExW, InterlockedCompareExchange, CreateNamedPipeW, ReadFile, CancelIo, GetOverlappedResult, WaitForMultipleObjects, ConnectNamedPipe, TransactNamedPipe, WriteFile, GetTickCount, GetSystemTimeAsFileTime, GetModuleHandleW, GetComputerNameW, CreateEventW, SetEvent, ResetEvent, DeviceIoControl, CreateFileW, ResumeThread, GetCurrentProcessId, LoadLibraryW, GetDriveTypeW, OpenEventW, GetCurrentThread<BR>> msvcrt.dll: wcsrchr, time, _except_handler3, memmove, wcschr, _c_exit, _exit, _XcptFilter, _cexit, _wcsicmp, exit, __initenv, __getmainargs, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _controlfp, wcslen, wcsncmp, _wtol, wcscpy, _itow, _wcsnicmp, wcscat, _initterm, wcsncpy, wcscspn, _ultow<BR>> NCObjAPI.DLL: WmiSetAndCommitObject, WmiEventSourceConnect, WmiCreateObjectWithFormat<BR>> ntdll.dll: RtlCreateAcl, NtCreateKey, NtQueryValueKey, NtSetValueKey, NtDeleteValueKey, NtEnumerateKey, NtQuerySecurityObject, RtlFreeHeap, NtOpenKey, NtDeleteKey, RtlSetControlSecurityDescriptor, RtlValidSecurityDescriptor, RtlLengthSecurityDescriptor, NtPrivilegeObjectAuditAlarm, NtPrivilegeCheck, NtOpenThreadToken, NtAccessCheckAndAuditAlarm, NtSetInformationThread, NtAdjustPrivilegesToken, NtDuplicateToken, NtOpenProcessToken, NtQueryInformationToken, RtlQuerySecurityObject, RtlAddAccessAllowedAce, RtlValidRelativeSecurityDescriptor, RtlMapGenericMask, RtlCopyUnicodeString, NtSetInformationFile, NtQueryInformationFile, RtlAppendUnicodeStringToString, RtlAppendUnicodeToString, NtWaitForSingleObject, NtQueryDirectoryFile, NtDeleteFile, NtSetInformationProcess, RtlUnhandledExceptionFilter, NtSetEvent, RtlGetAce, RtlQueryInformationAcl, RtlGetDaclSecurityDescriptor, RtlAllocateHeap, RtlCreateSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlConvertSharedToExclusive, RtlConvertExclusiveToShared, RtlRegisterWait, RtlGetNtProductType, RtlEqualUnicodeString, RtlLengthSid, RtlCopySid, RtlUnicodeStringToAnsiString, RtlInitAnsiString, RtlAnsiStringToUnicodeString, RtlNewSecurityObject, RtlAddAce, RtlSetOwnerSecurityDescriptor, RtlSetGroupSecurityDescriptor, RtlSetSaclSecurityDescriptor, RtlSubAuthorityCountSid, NtOpenDirectoryObject, NtQueryDirectoryObject, RtlCompareUnicodeString, NtLoadDriver, NtUnloadDriver, RtlExpandEnvironmentStrings_U, RtlAdjustPrivilege, NtFlushKey, NtOpenFile, RtlDosPathNameToNtPathName_U, NtOpenSymbolicLinkObject, NtQuerySymbolicLinkObject, RtlFreeUnicodeString, RtlAreAllAccessesGranted, NtDeleteObjectAuditAlarm, NtCloseObjectAuditAlarm, RtlQueueWorkItem, RtlCopyLuid, RtlDeregisterWait, RtlReleaseResource, RtlAcquireResourceExclusive, RtlAcquireResourceShared, RtlInitializeResource, RtlDeleteSecurityObject, RtlLockBootStatusData, RtlGetSetBootStatusData, RtlUnlockBootStatusData, NtInitializeRegistry, NtQueryKey, NtClose, RtlInitUnicodeString, NtSetSystemEnvironmentValue, RtlNtStatusToDosError, NtShutdownSystem, RtlSetSecurityObject, RtlMakeSelfRelativeSD, RtlInitializeSid, RtlLengthRequiredSid, RtlSubAuthoritySid, NtSetSecurityObject<BR>> RPCRT4.dll: RpcServerRegisterAuthInfoW, RpcBindingFree, RpcEpResolveBinding, RpcBindingFromStringBindingW, RpcStringBindingComposeW, NdrClientCall2, RpcAsyncCompleteCall, RpcAsyncInitializeHandle, NdrAsyncServerCall, NdrAsyncClientCall, RpcMgmtStopServerListening, RpcMgmtWaitServerListen, NdrServerCall2, I_RpcBindingIsClientLocal, RpcRevertToSelf, I_RpcMapWin32Status, RpcImpersonateClient, RpcStringBindingParseW, RpcStringFreeW, RpcBindingToStringBindingW, RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcServerRegisterIf, RpcServerListen, RpcServerUnregisterIf<BR>> SCESRV.dll: ScesrvInitializeServer, ScesrvTerminateServer<BR>> umpnpmgr.dll: RegisterScmCallback, PNP_SetActiveService, PNP_GetDeviceRegProp, PNP_GetDeviceListSize, PNP_GetDeviceList, PNP_HwProfFlags, RegisterServiceNotification, DeleteServicePlugPlayRegKeys<BR>> USER32.dll: wsprintfW, BroadcastSystemMessageW, MessageBoxW, LoadStringW, RegisterServicesProcess<BR>> USERENV.dll: UnloadUserProfile, CreateEnvironmentBlock, LoadUserProfileW, DestroyEnvironmentBlock<BR><BR>( 0 exports ) <BR>

    8 Août 2008 17:35:55

    POUR lsass.exe:

    Fichier lsass.exe reçu le 2008.08.08 17:24:10 (CET)Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.8.8.0 2008.08.08 -
    AntiVir 7.8.1.19 2008.08.08 -
    Authentium 5.1.0.4 2008.08.07 -
    Avast 4.8.1195.0 2008.08.07 Win32:p atched-CK
    AVG 8.0.0.156 2008.08.08 Win32/PEPatch.AO
    BitDefender 7.2 2008.08.08 Trojan.Patched.U
    CAT-QuickHeal 9.50 2008.08.08 Trojan.Patched.AA
    ClamAV 0.93.1 2008.08.08 Trojan.Agent-5069
    DrWeb 4.44.0.09170 2008.08.08 Trojan.Starter.384
    eSafe 7.0.17.0 2008.08.07 -
    eTrust-Vet 31.6.6019 2008.08.08 -
    Ewido 4.0 2008.08.08 -
    F-Prot 4.4.4.56 2008.08.07 W32/Patched.D.gen!Eldorado
    Fortinet 3.14.0.0 2008.08.08 -
    GData 2.0.7306.1023 2008.08.08 Trojan.Win32.Patched.aa
    Ikarus T3.1.1.34.0 2008.08.08 Trojan.Win32.Patched.aa
    K7AntiVirus 7.10.408 2008.08.08 -
    Kaspersky 7.0.0.125 2008.08.08 Trojan.Win32.Patched.aa
    McAfee 5356 2008.08.07 W32/PEPatcher.c
    Microsoft 1.3807 2008.08.08 Trojan:Win32/Patched.B
    NOD32v2 3340 2008.08.08 Win32/TrojanProxy.Agent.NCI
    Norman 5.80.02 2008.08.08 W32/Patched.A
    Panda 9.0.0.4 2008.08.07 W32/PatchLog.gen
    PCTools 4.4.2.0 2008.08.08 Win32.Agent.IMP
    Prevx1 V2 2008.08.08 -
    Rising 20.56.41.00 2008.08.08 Trojan.Win32.Patched.aa
    Sophos 4.32.0 2008.08.08 W32/Liger-A
    Sunbelt 3.1.1537.1 2008.08.07 -
    Symantec 10 2008.08.08 -
    TheHacker 6.2.96.394 2008.08.08 -
    TrendMicro 8.700.0.1004 2008.08.08 PE_PATCHEP.A
    VBA32 3.12.8.3 2008.08.08 -
    ViRobot 2008.8.8.1329 2008.08.08 Win32.Patched.C
    VirusBuster 4.5.11.0 2008.08.08 Win32.Agent.IMP
    Webwasher-Gateway 6.6.2 2008.08.08 Virus.Win32.FileInfector.gen (suspicious)

    Information additionnelle
    File size: 14848 bytes
    MD5...: 204ed22034ada50188857c8a3f7cd4c0
    SHA1..: 3d1b891e94cd444118643f0c5cf5863c4b5dea0a
    SHA256: 67465b0ba0267b104d1bbd4c75719c8237dbade50e3ba7d0103090c3bf53838a
    SHA512: 1f525e6b01523436570263827fa1fffdaba6ecc5d8a17f33b3fab72d0e8a2a86<BR>340bc48e44ce3d71698994538eb5e6547e79c7108f96c8799ec6db8c6c6c9e00
    PEiD..: -
    PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1006000<BR>timedatestamp.....: 0x48025186 (Sun Apr 13 18:31:34 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x10d0 0x1200 6.01 5501ba358fe3bca3fd6ff8d9d0ddcb45<BR>.data 0x3000 0x6c 0x200 0.20 86a789a893c60d5e207d053188cdc250<BR>.rsrc 0x4000 0x3000 0x2200 6.46 6ea45e4d367896ec371f52098179433b<BR><BR>( 5 imports ) <BR>> ADVAPI32.dll: FreeSid, CheckTokenMembership, AllocateAndInitializeSid, OpenThreadToken, ImpersonateSelf, RevertToSelf<BR>> KERNEL32.dll: CloseHandle, GetCurrentThread, ExitThread, SetUnhandledExceptionFilter, SetErrorMode, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, RtlUnwind, InterlockedExchange, VirtualQuery<BR>> ntdll.dll: NtSetInformationProcess, RtlInitUnicodeString, NtCreateEvent, NtOpenEvent, NtSetEvent, NtClose, NtRaiseHardError, RtlAdjustPrivilege, NtShutdownSystem, RtlUnhandledExceptionFilter<BR>> LSASRV.dll: LsaISetupWasRun, LsapDsDebugInitialize, LsapAuOpenSam, LsapCheckBootMode, ServiceInit, LsapInitLsa, LsapDsInitializePromoteInterface, LsapDsInitializeDsStateInfo<BR>> SAMSRV.dll: SamIInitialize, SampUsingDsData<BR><BR>( 0 exports ) <BR>

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.8.8.0 2008.08.08 -
    AntiVir 7.8.1.19 2008.08.08 -
    Authentium 5.1.0.4 2008.08.07 -
    Avast 4.8.1195.0 2008.08.07 Win32:p atched-CK
    AVG 8.0.0.156 2008.08.08 Win32/PEPatch.AO
    BitDefender 7.2 2008.08.08 Trojan.Patched.U
    CAT-QuickHeal 9.50 2008.08.08 Trojan.Patched.AA
    ClamAV 0.93.1 2008.08.08 Trojan.Agent-5069
    DrWeb 4.44.0.09170 2008.08.08 Trojan.Starter.384
    eSafe 7.0.17.0 2008.08.07 -
    eTrust-Vet 31.6.6019 2008.08.08 -
    Ewido 4.0 2008.08.08 -
    F-Prot 4.4.4.56 2008.08.07 W32/Patched.D.gen!Eldorado
    Fortinet 3.14.0.0 2008.08.08 -
    GData 2.0.7306.1023 2008.08.08 Trojan.Win32.Patched.aa
    Ikarus T3.1.1.34.0 2008.08.08 Trojan.Win32.Patched.aa
    K7AntiVirus 7.10.408 2008.08.08 -
    Kaspersky 7.0.0.125 2008.08.08 Trojan.Win32.Patched.aa
    McAfee 5356 2008.08.07 W32/PEPatcher.c
    Microsoft 1.3807 2008.08.08 Trojan:Win32/Patched.B
    NOD32v2 3340 2008.08.08 Win32/TrojanProxy.Agent.NCI
    Norman 5.80.02 2008.08.08 W32/Patched.A
    Panda 9.0.0.4 2008.08.07 W32/PatchLog.gen
    PCTools 4.4.2.0 2008.08.08 Win32.Agent.IMP
    Prevx1 V2 2008.08.08 -
    Rising 20.56.41.00 2008.08.08 Trojan.Win32.Patched.aa
    Sophos 4.32.0 2008.08.08 W32/Liger-A
    Sunbelt 3.1.1537.1 2008.08.07 -
    Symantec 10 2008.08.08 -
    TheHacker 6.2.96.394 2008.08.08 -
    TrendMicro 8.700.0.1004 2008.08.08 PE_PATCHEP.A
    VBA32 3.12.8.3 2008.08.08 -
    ViRobot 2008.8.8.1329 2008.08.08 Win32.Patched.C
    VirusBuster 4.5.11.0 2008.08.08 Win32.Agent.IMP
    Webwasher-Gateway 6.6.2 2008.08.08 Virus.Win32.FileInfector.gen (suspicious)

    Information additionnelle
    File size: 14848 bytes
    MD5...: 204ed22034ada50188857c8a3f7cd4c0
    SHA1..: 3d1b891e94cd444118643f0c5cf5863c4b5dea0a
    SHA256: 67465b0ba0267b104d1bbd4c75719c8237dbade50e3ba7d0103090c3bf53838a
    SHA512: 1f525e6b01523436570263827fa1fffdaba6ecc5d8a17f33b3fab72d0e8a2a86<BR>340bc48e44ce3d71698994538eb5e6547e79c7108f96c8799ec6db8c6c6c9e00
    PEiD..: -
    PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1006000<BR>timedatestamp.....: 0x48025186 (Sun Apr 13 18:31:34 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x10d0 0x1200 6.01 5501ba358fe3bca3fd6ff8d9d0ddcb45<BR>.data 0x3000 0x6c 0x200 0.20 86a789a893c60d5e207d053188cdc250<BR>.rsrc 0x4000 0x3000 0x2200 6.46 6ea45e4d367896ec371f52098179433b<BR><BR>( 5 imports ) <BR>> ADVAPI32.dll: FreeSid, CheckTokenMembership, AllocateAndInitializeSid, OpenThreadToken, ImpersonateSelf, RevertToSelf<BR>> KERNEL32.dll: CloseHandle, GetCurrentThread, ExitThread, SetUnhandledExceptionFilter, SetErrorMode, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, RtlUnwind, InterlockedExchange, VirtualQuery<BR>> ntdll.dll: NtSetInformationProcess, RtlInitUnicodeString, NtCreateEvent, NtOpenEvent, NtSetEvent, NtClose, NtRaiseHardError, RtlAdjustPrivilege, NtShutdownSystem, RtlUnhandledExceptionFilter<BR>> LSASRV.dll: LsaISetupWasRun, LsapDsDebugInitialize, LsapAuOpenSam, LsapCheckBootMode, ServiceInit, LsapInitLsa, LsapDsInitializePromoteInterface, LsapDsInitializeDsStateInfo<BR>> SAMSRV.dll: SamIInitialize, SampUsingDsData<BR><BR>( 0 exports ) <BR>

    8 Août 2008 17:50:58

    et le dernier!!! spoolsv.exe:

    Fichier spoolsv.exe reçu le 2008.08.08 17:36:38 (CET)Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.8.8.0 2008.08.08 -
    AntiVir 7.8.1.19 2008.08.08 HEUR/Malware
    Authentium 5.1.0.4 2008.08.07 -
    Avast 4.8.1195.0 2008.08.07 Win32:p atched-CK
    AVG 8.0.0.156 2008.08.08 Win32/PEPatch.AO
    BitDefender 7.2 2008.08.08 Trojan.Patched.U
    CAT-QuickHeal 9.50 2008.08.08 Trojan.Patched.AA
    ClamAV 0.93.1 2008.08.08 Trojan.Agent-5069
    DrWeb 4.44.0.09170 2008.08.08 Trojan.Starter.384
    eSafe 7.0.17.0 2008.08.07 -
    eTrust-Vet 31.6.6019 2008.08.08 -
    Ewido 4.0 2008.08.08 -
    F-Prot 4.4.4.56 2008.08.07 W32/Patched.D.gen!Eldorado
    Fortinet 3.14.0.0 2008.08.08 -
    GData 2.0.7306.1023 2008.08.08 Trojan.Win32.Patched.aa
    Ikarus T3.1.1.34.0 2008.08.08 Trojan.Win32.Patched.aa
    K7AntiVirus 7.10.408 2008.08.08 -
    Kaspersky 7.0.0.125 2008.08.08 Trojan.Win32.Patched.aa
    McAfee 5356 2008.08.07 W32/PEPatcher.c
    Microsoft 1.3807 2008.08.08 Trojan:Win32/Patched.B
    NOD32v2 3340 2008.08.08 Win32/TrojanProxy.Agent.NCI
    Norman 5.80.02 2008.08.08 W32/Patched.A
    Panda 9.0.0.4 2008.08.07 W32/PatchLog.gen
    PCTools 4.4.2.0 2008.08.08 Win32.Agent.IMP
    Prevx1 V2 2008.08.08 -
    Rising 20.56.41.00 2008.08.08 Trojan.Win32.Patched.aa
    Sophos 4.32.0 2008.08.08 W32/Liger-A
    Sunbelt 3.1.1537.1 2008.08.07 -
    Symantec 10 2008.08.08 -
    TheHacker 6.2.96.394 2008.08.08 -
    TrendMicro 8.700.0.1004 2008.08.08 PE_PATCHEP.A
    VBA32 3.12.8.3 2008.08.08 -
    ViRobot 2008.8.8.1329 2008.08.08 Win32.Patched.C
    VirusBuster 4.5.11.0 2008.08.08 Win32.Agent.IMP
    Webwasher-Gateway 6.6.2 2008.08.08 Heuristic.Malware

    Information additionnelle
    File size: 58880 bytes
    MD5...: b7fabc09c6c048db3ec8cd84c7401eee
    SHA1..: 21db73f8d26250103bbd2cae24a1711c80bf26c2
    SHA256: 8fd1e1893b0fd36b12d201dd85d63ff5ef54445acab8876a8e432eeeb2470dbc
    SHA512: 4f33bc65c6c265567b08b24e08e22087941351f7f4322aa041bb256db4c49f06<BR>ae931160a43dd9db6cf2ad91726ac0e87bf01a0a235d9fe7e9e6ab2674ac0d1b
    PEiD..: -
    PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1010000<BR>timedatestamp.....: 0x48025ce1 (Sun Apr 13 19:20:01 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0xba70 0xbc00 5.96 34405ebb817d803ae00c8aa96fb58028<BR>.data 0xd000 0x13b4 0x1400 2.24 887444c39cada5bd753c428783e0009b<BR>.rsrc 0xf000 0x2000 0x1200 5.48 ba89c219c14873a8ed3b1245672a7d9c<BR><BR>( 6 imports ) <BR>> ADVAPI32.dll: SetServiceStatus, RegQueryValueExW, AllocateAndInitializeSid, FreeSid, InitializeSecurityDescriptor, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, GetLengthSid, InitializeAcl, AddAccessAllowedAce, AddAccessDeniedAce, GetAce, SetSecurityDescriptorDacl, GetSecurityDescriptorLength, MakeSelfRelativeSD, RegDisablePredefinedCache, RegOpenKeyExW, RegCloseKey, RegisterServiceCtrlHandlerExW, StartServiceCtrlDispatcherW<BR>> GDI32.dll: bMakePathNameW, GdiInitSpool, GdiGetSpoolMessage<BR>> KERNEL32.dll: GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, GetCurrentProcessId, SetUnhandledExceptionFilter, GetModuleHandleA, GetCurrentThreadId, GetTickCount, UnhandledExceptionFilter, QueryPerformanceCounter, FreeLibrary, InterlockedExchange, GetModuleHandleW, GetLastError, ExitThread, CloseHandle, WaitForSingleObject, CreateEventW, CreateThread, ExitProcess, Sleep, OpenEventW, LoadLibraryA, InitializeCriticalSection, LocalFree, LocalAlloc, SetEvent, LeaveCriticalSection, EnterCriticalSection, SetLastError, OpenProcess, InterlockedIncrement, RaiseException, InterlockedDecrement, GetProcAddress, GetSystemDirectoryW<BR>> msvcrt.dll: __initenv, _exit, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _controlfp, _XcptFilter, wcsrchr, wcslen, _c_exit, _stricmp, _wcsnicmp, _except_handler3<BR>> ntdll.dll: RtlValidRelativeSecurityDescriptor<BR>> RPCRT4.dll: RpcServerRegisterIf2, I_RpcBindingIsClientLocal, I_RpcSessionStrictContextHandle, RpcRaiseException, RpcImpersonateClient, RpcRevertToSelf, NdrServerCall2, RpcServerUseProtseqEpA, I_RpcSsDontSerializeContext, RpcMgmtSetServerStackSize, RpcServerListen<BR><BR>( 12 exports ) <BR>YDriverUnloadComplete, YEndDocPrinter, YFlushPrinter, YGetPrinter, YGetPrinterDriver2, YGetPrinterDriverDirectory, YReadPrinter, YSeekPrinter, YSetJob, YSetPort, YSplReadPrinter, YWritePrinter<BR>

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.8.8.0 2008.08.08 -
    AntiVir 7.8.1.19 2008.08.08 HEUR/Malware
    Authentium 5.1.0.4 2008.08.07 -
    Avast 4.8.1195.0 2008.08.07 Win32:p atched-CK
    AVG 8.0.0.156 2008.08.08 Win32/PEPatch.AO
    BitDefender 7.2 2008.08.08 Trojan.Patched.U
    CAT-QuickHeal 9.50 2008.08.08 Trojan.Patched.AA
    ClamAV 0.93.1 2008.08.08 Trojan.Agent-5069
    DrWeb 4.44.0.09170 2008.08.08 Trojan.Starter.384
    eSafe 7.0.17.0 2008.08.07 -
    eTrust-Vet 31.6.6019 2008.08.08 -
    Ewido 4.0 2008.08.08 -
    F-Prot 4.4.4.56 2008.08.07 W32/Patched.D.gen!Eldorado
    Fortinet 3.14.0.0 2008.08.08 -
    GData 2.0.7306.1023 2008.08.08 Trojan.Win32.Patched.aa
    Ikarus T3.1.1.34.0 2008.08.08 Trojan.Win32.Patched.aa
    K7AntiVirus 7.10.408 2008.08.08 -
    Kaspersky 7.0.0.125 2008.08.08 Trojan.Win32.Patched.aa
    McAfee 5356 2008.08.07 W32/PEPatcher.c
    Microsoft 1.3807 2008.08.08 Trojan:Win32/Patched.B
    NOD32v2 3340 2008.08.08 Win32/TrojanProxy.Agent.NCI
    Norman 5.80.02 2008.08.08 W32/Patched.A
    Panda 9.0.0.4 2008.08.07 W32/PatchLog.gen
    PCTools 4.4.2.0 2008.08.08 Win32.Agent.IMP
    Prevx1 V2 2008.08.08 -
    Rising 20.56.41.00 2008.08.08 Trojan.Win32.Patched.aa
    Sophos 4.32.0 2008.08.08 W32/Liger-A
    Sunbelt 3.1.1537.1 2008.08.07 -
    Symantec 10 2008.08.08 -
    TheHacker 6.2.96.394 2008.08.08 -
    TrendMicro 8.700.0.1004 2008.08.08 PE_PATCHEP.A
    VBA32 3.12.8.3 2008.08.08 -
    ViRobot 2008.8.8.1329 2008.08.08 Win32.Patched.C
    VirusBuster 4.5.11.0 2008.08.08 Win32.Agent.IMP
    Webwasher-Gateway 6.6.2 2008.08.08 Heuristic.Malware

    Information additionnelle
    File size: 58880 bytes
    MD5...: b7fabc09c6c048db3ec8cd84c7401eee
    SHA1..: 21db73f8d26250103bbd2cae24a1711c80bf26c2
    SHA256: 8fd1e1893b0fd36b12d201dd85d63ff5ef54445acab8876a8e432eeeb2470dbc
    SHA512: 4f33bc65c6c265567b08b24e08e22087941351f7f4322aa041bb256db4c49f06<BR>ae931160a43dd9db6cf2ad91726ac0e87bf01a0a235d9fe7e9e6ab2674ac0d1b
    PEiD..: -
    PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1010000<BR>timedatestamp.....: 0x48025ce1 (Sun Apr 13 19:20:01 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0xba70 0xbc00 5.96 34405ebb817d803ae00c8aa96fb58028<BR>.data 0xd000 0x13b4 0x1400 2.24 887444c39cada5bd753c428783e0009b<BR>.rsrc 0xf000 0x2000 0x1200 5.48 ba89c219c14873a8ed3b1245672a7d9c<BR><BR>( 6 imports ) <BR>> ADVAPI32.dll: SetServiceStatus, RegQueryValueExW, AllocateAndInitializeSid, FreeSid, InitializeSecurityDescriptor, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, GetLengthSid, InitializeAcl, AddAccessAllowedAce, AddAccessDeniedAce, GetAce, SetSecurityDescriptorDacl, GetSecurityDescriptorLength, MakeSelfRelativeSD, RegDisablePredefinedCache, RegOpenKeyExW, RegCloseKey, RegisterServiceCtrlHandlerExW, StartServiceCtrlDispatcherW<BR>> GDI32.dll: bMakePathNameW, GdiInitSpool, GdiGetSpoolMessage<BR>> KERNEL32.dll: GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, GetCurrentProcessId, SetUnhandledExceptionFilter, GetModuleHandleA, GetCurrentThreadId, GetTickCount, UnhandledExceptionFilter, QueryPerformanceCounter, FreeLibrary, InterlockedExchange, GetModuleHandleW, GetLastError, ExitThread, CloseHandle, WaitForSingleObject, CreateEventW, CreateThread, ExitProcess, Sleep, OpenEventW, LoadLibraryA, InitializeCriticalSection, LocalFree, LocalAlloc, SetEvent, LeaveCriticalSection, EnterCriticalSection, SetLastError, OpenProcess, InterlockedIncrement, RaiseException, InterlockedDecrement, GetProcAddress, GetSystemDirectoryW<BR>> msvcrt.dll: __initenv, _exit, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _controlfp, _XcptFilter, wcsrchr, wcslen, _c_exit, _stricmp, _wcsnicmp, _except_handler3<BR>> ntdll.dll: RtlValidRelativeSecurityDescriptor<BR>> RPCRT4.dll: RpcServerRegisterIf2, I_RpcBindingIsClientLocal, I_RpcSessionStrictContextHandle, RpcRaiseException, RpcImpersonateClient, RpcRevertToSelf, NdrServerCall2, RpcServerUseProtseqEpA, I_RpcSsDontSerializeContext, RpcMgmtSetServerStackSize, RpcServerListen<BR><BR>( 12 exports ) <BR>YDriverUnloadComplete, YEndDocPrinter, YFlushPrinter, YGetPrinter, YGetPrinterDriver2, YGetPrinterDriverDirectory, YReadPrinter, YSeekPrinter, YSetJob, YSetPort, YSplReadPrinter, YWritePrinter<BR>

    8 Août 2008 18:55:33

    Re,

    Bon je t'explique : tu as des processus légitimes qui ont été infecté(s). Si on supprime les fichiers, le PC plante et ne démarre plus. Par contre, on peut, avec un outil, remplacer les fichiers néfastes actuels par un copie propre de ces fichiers.

    Le plus simple reste cette méthode, à condition que tu aies ton CD de windows. Si tu ne l'as pas, dis-le moi, on fera autrement :super:

    On va effectuer une réparation du système. Pour cela procède comme suit :

  • Insère ton CD de windows dans ton lecteur ( il faut que le CD corresponde à ta version de windows ).
  • Ferme toutes les programmes, fenêtres et applications en cours.
  • Déconnecte-toi d'internet.
  • Menu démarrer > exécuter.
  • Dans la fenêtre qui apparaît, tape : sfc /scannow puis valide par entrée.
  • Le PC va travailler, laisse-le tourner, cela peut prendre un bon moment.
  • Reviens me dire quand cela est fait.

    ;) 
    8 Août 2008 21:16:37

    Ca y est!!! C'est fait!
    9 Août 2008 00:17:56

    Re,

    Bonne nouvelle :super:

    Pour vérifier que c'est ok, peux-tu refaire l'analyse des 6 fichiers ?

    Inutile de me poster de si longs rapports, dis-moi juste combien d'antivirus ont détecté le fichier comme néfaste pour chaque fichier.

    On y est presque :bounce: 
    9 Août 2008 11:40:44

    cool!!

    Alors voici les résultats de la dernière (normalement) analyse:
    0/36 pour tous les fichiers!

    Alors verdict???
        • 1 / 2
        • 2
        • Dernier
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS