Votre question

UC A 100 %

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
9 Juillet 2008 12:58:01

Bonjour,
après avoir lu certains trucs sur les UC qui tournent à 100%, ce qui est mon cas également, voilà ce que me donne hijackthis :
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:50:51, on 09/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Reader 8.0\Reader\Reader_sl.exe
C:\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\AntivirusFirewall\Common\FSMA32.EXE
C:\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\AntivirusFirewall\Common\FSMB32.EXE
C:\CDBurnerXP\NMSAccessU.exe
C:\AntivirusFirewall\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\AntivirusFirewall\Common\FAMEH32.EXE
C:\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\AntivirusFirewall\FSAUA\program\fsaua.exe
C:\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\AntivirusFirewall\FSAUA\program\fsus.exe
C:\WINDOWS\System32\svchost.exe
C:\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Pepito\Local Settings\Apps\2.0\1LCGNMLV.A0Q\VCOONPJ8.AET\rapi..tion_c14d24c3c9280019_0000.0001_c0d10af6569cd6fc\RapidShareManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\telechargement\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {c5eda342-34c5-102b-b244-fc90b3368f80} - {08f8633b-09cf-442b-b201-5c43243ade5c} - C:\WINDOWS\system32\viehnmjl.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\flv\FLV Downloader\MoyeaCth.dll
O2 - BHO: (no name) - {E2716268-67D9-49B8-8224-79503EA40E80} - C:\WINDOWS\system32\tuvVlLFX.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [F-Secure Manager] "C:\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: khfDstSK - khfDstSK.dll (file missing)
O20 - Winlogon Notify: pmnmkifE - pmnmkifE.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\AntivirusFirewall\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\CDBurnerXP\NMSAccessU.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 9355 bytes

Quelqu'un pourrait-il m'aider ??

Merci à touts(toutes)

Autres pages sur : 100

9 Juillet 2008 13:22:41

Bonjour,

Télécharge ComboFix (de sUBs) sur ton Bureau.

  • Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
  • Double clique sur ComboFix.exe.
  • Accepte la licence en cliquant sur Oui.
  • Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

    Aide : Comment utiliser ComboFix.
    9 Juillet 2008 14:09:08

    Bonjour XmichouX,
    et merci de ton aide.
    Voiçi le rapport de combofix:
    ComboFix 08-07-08.7 - Pepito 2008-07-09 13:52:27.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.213 [GMT 2:00]
    Endroit: C:\Documents and Settings\Pepito\Bureau\UTILITAIRES\uc100%\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Pepito\Menu Démarrer\Programmes\PlayMP3z
    C:\Program Files\PlayMP3z
    C:\Program Files\PlayMP3z\uninstall.exe
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\bedpkqix.ini
    C:\WINDOWS\system32\byghgdfy.ini
    C:\WINDOWS\system32\glromegj.ini
    C:\WINDOWS\system32\ivolxwqg.ini
    C:\WINDOWS\system32\knvgrlhi.ini
    C:\WINDOWS\system32\llinfmto.ini
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\mdwtyqfi.ini
    C:\WINDOWS\system32\mdxsvbaj.ini
    C:\WINDOWS\system32\qxmtrxdw.ini
    C:\WINDOWS\system32\upbslbpg.ini
    C:\WINDOWS\system32\XFLlVvut.ini
    C:\WINDOWS\system32\XFLlVvut.ini2
    C:\WINDOWS\system32\xqwicmlp.ini

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-09 to 2008-07-09 ))))))))))))))))))))))))))))))))))))
    .

    2008-07-09 13:34 . 2008-07-09 13:35 <REP> d-------- C:\Program Files\Lopxp
    2008-07-09 13:10 . 2008-07-09 13:10 <REP> d-------- C:\WINDOWS\system32\bfubackups
    2008-07-08 23:53 . 2008-07-08 23:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Arkadium
    2008-07-08 16:57 . 2008-07-08 17:00 <REP> d-------- C:\Documents and Settings\Pepito\Application Data\DivX
    2008-07-08 16:49 . 2008-07-08 16:52 <REP> d-------- C:\Program Files\DivX
    2008-07-08 16:04 . 2008-07-08 16:04 <REP> d-------- C:\Program Files\Apple Software Update
    2008-07-08 16:04 . 2008-07-08 16:05 <REP> d-------- C:\hjsplit
    2008-07-08 15:18 . 2008-07-08 15:18 <REP> d-------- C:\Documents and Settings\Pepito\Application Data\Ludia
    2008-07-08 15:18 . 2008-07-08 15:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ludia
    2008-07-07 23:16 . 2008-07-07 23:24 73 --a------ C:\WINDOWS\MediaManager.INI
    2008-07-07 23:02 . 2008-07-07 23:16 <REP> d-------- C:\MP3 Player Utilities 4.03
    2008-07-07 23:01 . 2008-07-07 23:01 <REP> d-------- C:\senso
    2008-07-01 20:38 . 2006-12-28 13:12 61,440 --a------ C:\WINDOWS\system32\Big Kahuna Reef 2.scr
    2008-06-28 12:50 . 2008-06-28 12:50 <REP> d-------- C:\Documents and Settings\Pepito\Application Data\Playrix Entertainment
    2008-06-27 20:09 . 2008-06-27 20:09 <REP> d-------- C:\Documents and Settings\Pepito\Application Data\Reflexive
    2008-06-26 01:39 . 2008-06-26 01:39 <REP> d-------- C:\Program Files\iPod
    2008-06-26 01:39 . 2008-06-26 01:39 <REP> d-------- C:\iTunes
    2008-06-26 01:37 . 2008-06-26 01:38 <REP> d-------- C:\QuickTime
    2008-06-25 19:41 . 2008-06-25 19:42 <REP> d-------- C:\Reader 8.0
    2008-06-25 19:41 . 2008-06-25 19:42 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-06-23 23:16 . 2008-06-23 23:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SecretsOfOlympus
    2008-06-23 22:53 . 2008-06-23 22:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SugarGames
    2008-06-19 00:28 . 2008-06-19 00:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-06-19 00:27 . 2008-07-03 00:06 <REP> d-------- C:\SUPERAntiSpyware
    2008-06-19 00:27 . 2008-07-03 00:08 <REP> d-------- C:\Documents and Settings\Pepito\Application Data\SUPERAntiSpyware.com
    2008-06-18 19:52 . 2008-06-18 19:52 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-06-17 00:22 . 2008-06-17 00:22 2,414 --a------ C:\WINDOWS\system32\tmp.reg
    2008-06-17 00:20 . 2008-06-17 00:20 <REP> d-------- C:\SmitfraudFix
    2008-06-15 14:23 . 2008-06-15 14:23 <REP> d-------- C:\Documents and Settings\Pepito\Application Data\VeniceMysteryData
    2008-06-14 01:09 . 2008-06-16 23:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-06-13 19:10 . 2008-06-13 19:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-06-13 19:10 . 2008-06-14 01:07 <REP> d-------- C:\Ad-Aware
    2008-06-13 19:08 . 2008-07-03 00:06 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-06-13 18:52 . 2008-06-13 18:52 413 --a------ C:\305.bat
    2008-06-13 18:52 . 2008-06-13 18:52 77 --a------ C:\Documents and Settings\Pepito\3982.bat
    2008-06-13 18:51 . 2008-06-13 18:51 14,848 --a------ C:\svchost.0xe
    2008-06-13 17:52 . 2008-06-13 17:52 413 --a------ C:\551.bat
    2008-06-13 17:52 . 2008-06-13 17:52 77 --a------ C:\Documents and Settings\Pepito\4856.bat
    2008-06-13 17:37 . 2008-06-13 17:37 57,344 ---hs---- C:\Documents and Settings\Pepito\lsass.exe
    2008-06-13 17:37 . 2008-06-13 17:37 413 --a------ C:\647.bat
    2008-06-13 17:36 . 2008-06-13 17:36 77 --a------ C:\Documents and Settings\Pepito\9934.bat
    2008-06-12 01:21 . 2008-07-01 20:30 <REP> d-------- C:\Documents and Settings\Pepito\Application Data\BitDownload
    2008-06-12 01:01 . 2008-06-17 00:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Shim Cdrom Cast Surf
    2008-06-12 01:00 . 2008-07-01 20:20 <REP> d-------- C:\BitDownload
    2008-06-12 00:58 . 2008-06-12 00:58 <REP> d-------- C:\Documents and Settings\Pepito\Application Data\.wyzo
    2008-06-12 00:56 . 2008-06-14 01:15 <REP> d-------- C:\Program Files\BrowsingEnhancer
    2008-06-12 00:55 . 2008-06-13 17:38 <REP> d-------- C:\Program Files\FBrowsingAdvisor
    2008-06-12 00:55 . 2008-06-12 00:55 <REP> d-------- C:\Program Files\FBrowserAdvisor
    2008-06-12 00:49 . 2008-06-12 00:49 <REP> d-------- C:\Documents and Settings\Pepito\Incomplete
    2008-06-12 00:49 . 2008-06-13 18:54 <REP> d-------- C:\Documents and Settings\Pepito\Application Data\FrostWire
    2008-06-12 00:48 . 2008-06-12 00:48 <REP> d-------- C:\Program Files\FrostWire Ultra Accelerator
    2008-06-12 00:48 . 2008-06-12 01:03 <REP> d-------- C:\FrostWire
    2008-06-12 00:27 . 2008-06-12 00:44 <REP> d-------- C:\eMule
    2008-06-11 02:07 . 2008-06-11 02:07 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2008-06-11 02:07 . 2008-06-11 02:07 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
    2008-06-11 02:07 . 2008-06-11 02:07 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
    2008-06-11 02:07 . 2008-06-11 02:07 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
    2008-06-11 02:04 . 2008-06-11 02:04 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
    2008-06-11 02:04 . 2008-06-11 02:04 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
    2008-06-10 20:58 . 2008-06-14 19:33 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-10 20:58 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-09 11:13 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-06-25 23:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-11 23:01 316,928 ----a-w C:\WINDOWS\Fonts\rar.exe
    2008-06-11 00:07 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
    2008-06-11 00:07 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2008-06-11 00:07 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
    2008-06-11 00:07 129,784 ------w C:\WINDOWS\system32\pxafs.dll
    2008-06-11 00:07 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
    2008-06-11 00:07 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
    2008-06-08 17:06 --------- d-----w C:\Documents and Settings\Pepito\Application Data\Moyea
    2008-06-07 17:14 --------- d-----w C:\Documents and Settings\Pepito\Application Data\AVS4YOU
    2008-06-05 19:27 --------- d-----w C:\Documents and Settings\Pepito\Application Data\Boomzap
    2008-06-02 17:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hot Lava Games
    2008-06-01 23:49 --------- d-----w C:\Program Files\Microsoft Works
    2008-06-01 20:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
    2008-06-01 13:54 --------- d-----w C:\Documents and Settings\Pepito\Application Data\Zylom
    2008-06-01 13:52 --------- d-----w C:\Program Files\RealArcade
    2008-05-31 18:14 --------- d-----w C:\Documents and Settings\Pepito\Application Data\F-Secure
    2008-05-31 16:47 --------- d-----w C:\Documents and Settings\Pepito\Application Data\ITTNord
    2008-05-28 23:18 --------- d-----w C:\Program Files\Microsoft.NET
    2008-05-28 16:26 --------- d-----w C:\Program Files\GamesBar
    2008-05-28 16:25 --------- d-----w C:\Program Files\orange
    2008-05-28 16:25 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media
    2008-05-27 22:16 --------- d-----w C:\Documents and Settings\Pepito\Application Data\CDBurnerXP_Soft
    2008-05-26 17:30 --------- d-----w C:\Program Files\Java
    2008-05-26 17:16 51,072 ----a-w C:\WINDOWS\system32\drivers\fsdfw.sys
    2008-05-26 17:16 30,016 ----a-w C:\WINDOWS\system32\drivers\fsndis5.sys
    2008-05-26 17:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\F-Secure
    2008-05-26 17:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\fssg
    2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-05-22 18:29 --------- d-----w C:\Documents and Settings\Pepito\Application Data\Apple Computer
    2008-05-22 18:27 --------- d-----w C:\Program Files\Bonjour
    2008-05-22 18:20 --------- d-----w C:\Program Files\Fichiers communs\Apple
    2008-05-21 22:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
    2008-05-17 16:52 --------- d-----w C:\Program Files\ReflexiveArcade
    2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2008-05-15 22:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2008-05-15 21:37 --------- d-----w C:\Documents and Settings\Pepito\Application Data\Talkback
    2008-05-15 21:09 --------- d-----w C:\Program Files\Fichiers communs\xing shared
    2008-05-15 21:09 --------- d-----w C:\Program Files\Fichiers communs\Real
    2008-05-15 21:08 --------- d-----w C:\Program Files\Real
    2008-05-15 20:47 --------- d-----w C:\Program Files\DAP
    2008-05-15 20:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVS4YOU
    2008-05-15 20:42 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
    2008-05-15 20:42 --------- d-----w C:\Program Files\AVS4YOU
    2008-05-15 20:27 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
    2008-05-15 20:27 --------- d-----w C:\Program Files\Google
    2008-05-15 20:26 966,973 ----a-w C:\WINDOWS\system32\DieuxDuStade.scr
    2008-05-15 20:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-15 20:08 --------- d-----w C:\Program Files\Windows Live
    2008-05-15 20:05 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-05-15 20:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-05-15 19:56 --------- d-----w C:\Documents and Settings\Pepito\Application Data\ArcSoft
    2008-05-15 19:55 --------- d-----w C:\Program Files\Fichiers communs\ArcSoft
    2008-05-14 23:56 --------- d-----w C:\Program Files\VIA
    2008-05-14 23:52 23,600 ----a-w C:\WINDOWS\system32\drivers\TVICHW32.SYS
    2008-05-14 23:42 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-05-14 18:30 --------- d-----w C:\Program Files\MSXML 6.0
    2008-05-14 18:05 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-05-14 17:52 --------- d-----w C:\Program Files\MSBuild
    2008-05-14 17:44 --------- d-----w C:\Program Files\Reference Assemblies
    2008-05-13 22:31 --------- d-----w C:\Program Files\Fichiers communs\Java
    2008-05-13 21:49 --------- d-----w C:\Program Files\microsoft frontpage
    2008-05-13 21:44 --------- d-----w C:\Program Files\Services en ligne
    2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-04-14 02:50 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
    2008-04-14 02:37 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe
    2008-04-14 02:33 98,816 ----a-w C:\WINDOWS\system32\psbase.dll
    2008-04-14 02:32 764,416 ----a-w C:\WINDOWS\system32\winntbbu.dll
    2008-04-14 02:32 61,471 ----a-w C:\WINDOWS\system32\odbcji32.dll
    2008-04-14 02:32 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
    2008-04-14 02:08 2,191,104 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
    2008-04-14 02:07 2,067,968 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
    2008-04-14 02:06 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
    2008-04-14 02:04 93,184 ----a-w C:\WINDOWS\system32\msxml6r.dll
    2008-04-14 02:03 81,920 ------w C:\WINDOWS\system32\msshavmsg.dll
    2008-04-14 02:02 50,688 ----a-w C:\WINDOWS\system32\inetres.dll
    2008-04-14 02:00 572,416 ----a-w C:\WINDOWS\system32\shdoclc.dll
    2008-04-14 01:59 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
    2008-04-14 01:58 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-04-14 01:58 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
    2008-04-14 01:57 70,144 ----a-w C:\WINDOWS\system32\browselc.dll
    2008-04-14 01:54 103,936 ----a-w C:\WINDOWS\system32\dpcdll.dll
    2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
    2008-04-13 18:40 445,440 ----a-w C:\WINDOWS\system32\xpob2res.dll
    2008-04-13 18:36 2,986,496 ----a-w C:\WINDOWS\system32\xpsp2res.dll
    2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
    2008-04-13 18:35 197,632 ----a-w C:\WINDOWS\system32\xpsp1res.dll
    2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
    2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
    2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
    2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
    2008-04-13 17:34 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
    2008-04-13 17:33 424,960 ----a-w C:\WINDOWS\system32\licdll.dll
    2008-04-13 17:33 1,005,056 ----a-w C:\WINDOWS\system32\setupapi.dll
    2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
    2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
    2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 04:34 1695232]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "AudioDeck"="C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 15:48 528384]
    "F-Secure Manager"="C:\AntivirusFirewall\Common\FSM32.EXE" [2007-06-13 15:58 176177]
    "F-Secure TNB"="C:\AntivirusFirewall\FSGUI\TNBUtil.exe" [2007-06-13 15:57 733184]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-15 23:08 185896]
    "Adobe Reader Speed Launcher"="C:\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "QuickTime Task"="C:\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
    "iTunesHelper"="C:\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
    --a------ 2008-05-15 22:27 4523520 C:\Program Files\DAP\DAP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-06-02 11:13 267048 C:\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2008-05-15 23:08 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\DAP\\DAP.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\iTunes\\iTunes.exe"=

    R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-05-26 19:16]
    R1 F-Secure HIPS;F-Secure HIPS;C:\AntivirusFirewall\HIPS\fshs.sys [2008-05-26 19:13]
    R2 NMSAccessU;NMSAccessU;C:\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys [2007-06-13 15:58]
    R3 ovt530;Webcam Deluxe;C:\WINDOWS\system32\Drivers\ov530vid.sys [2005-03-15 17:04]
    S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys []
    S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []
    S4 F-Secure Filter;F-Secure File System Filter;C:\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2007-06-13 15:58]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2007-06-13 15:58]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-07-08 14:04:58 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{08f8633b-09cf-442b-b201-5c43243ade5c} - C:\WINDOWS\system32\viehnmjl.dll
    BHO-{E2716268-67D9-49B8-8224-79503EA40E80} - C:\WINDOWS\system32\tuvVlLFX.dll
    HKCU-Run-WOOKIT - C:\PROGRA~1\Wanadoo\Shell.exe
    Notify-khfDstSK - khfDstSK.dll
    Notify-pmnmkifE - pmnmkifE.dll


    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-09 13:58:17
    Windows 5.1.2600 Service Pack 3 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\Hercules\WebCam Station\PhotoImpression\share\pihook.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Ad-Aware\aawservice.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\AntivirusFirewall\Anti-Virus\fsgk32st.exe
    C:\AntivirusFirewall\Common\FSMA32.EXE
    C:\AntivirusFirewall\Anti-Virus\fsgk32.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\AntivirusFirewall\Common\FSMB32.EXE
    C:\AntivirusFirewall\Common\FCH32.EXE
    C:\AntivirusFirewall\Common\FAMEH32.EXE
    C:\AntivirusFirewall\Anti-Virus\fsqh.exe
    C:\AntivirusFirewall\FSGUI\fsguidll.exe
    C:\AntivirusFirewall\Anti-Virus\fssm32.exe
    C:\AntivirusFirewall\FSAUA\program\fsaua.exe
    C:\AntivirusFirewall\FWES\program\fsdfwd.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\AntivirusFirewall\FSAUA\program\fsus.exe
    C:\AntivirusFirewall\Anti-Virus\fsav32.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-07-09 14:04:41 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-07-09 12:02:43

    Pre-Run: 278,925,385,728 octets libres
    Post-Run: 279,141,105,664 octets libres

    294 --- E O F --- 2008-06-28 01:11:57

    A te relire très vite
    Contenus similaires
    9 Juillet 2008 14:23:59

    Re,

    Place ComboFix directement sur le Bureau.
    Citation :
    C:\Documents and Settings\Pepito\Bureau\UTILITAIRES\uc100%\ComboFix.exe



    Télécharge SDFix (d’Andy Manchesta).

  • Enregistre le sur ton le bureau.
  • Lance le.
  • Fais install afin qu’il puisse s’extraire.
    Redémarre en mode sans échec
    /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
  • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\
  • Double clique sur RunThis.bat (L’extension bat peut ne pas apparaître)
  • Appuie sur Y pour le lancer.
  • Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
  • Il est probable que le redémarrage soit un peu plus long que d’habitude.
  • Une fois l’apparition de ton Bureau, il affichera Finished
  • Appuie sur une touche.
  • Un rapport est généré , poste le dans ta réponse.

    Il se trouve également. dans le dossier SDFix >Report.txt<

    **********

    Télécharge Lop S&D.exe (d’ Eric 71) sur ton bureau.

  • Double-clique dessus pour lancer l'installation
  • Puis double-clique sur le raccourci Lop S&D présent sur ton bureau (Si tu es sous Vista, clique droit -> exécuter en tant qu'admin)
  • Séléctionne la langue souhaitée , puis choisis l'Option 1 (Recherche)
  • Patiente jusqu'à la fin du scan
  • Poste le rapport généré (C:\lopR.txt)

    Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
    Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
    Tapes explorer et valide. Cela te fera apparaitre ton bureau

    9 Juillet 2008 18:32:36

    Re, Xmichoux,
    Combofix est déplacé.

    rapport combo :

    SDFix: Version 1.204
    Run by Administrateur on 09/07/2008 at 18:04

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\SDFix

    Checking Services :


    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting


    Checking Files :

    No Trojan Files Found






    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-09 18:11:47
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:D ownload Accelerator Plus (DAP)"
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\\iTunes\\iTunes.exe"="C:\\iTunes\\iTunes.exe:*:Enabled:iTunes"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    Remaining Files :



    Files with Hidden Attributes :

    Fri 13 Jun 2008 57,344 ..SH. --- "C:\Documents and Settings\Pepito\lsass.exe"
    Wed 14 May 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

    Finished!

    puis rapport de lop :

    -----------------------[ Lop S&D 4.2.2-0 XP/Vista ]---------------------

    [ Windows XP (NT 5.1) Build 2600, Service Pack 3 ]
    [ USER : Pepito ] [ "C:\Lop SD" ] [ Selection : 1 ]
    [ 09/07/2008 | 18:23:22,71 ] [ PC : MAISON ]
    [ MAJ : 06-07-2008 | 10:55 ]

    -------------[ Listing des dossiers dans Application Data ]------------

    [09/07/2008|17:57] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
    [14/05/2008|02:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
    [09/07/2008|17:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
    [09/07/2008|17:57] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

    [25/06/2008|19:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [16/05/2008|00:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    [26/06/2008|01:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [08/07/2008|23:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Arkadium
    [15/05/2008|22:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
    [14/05/2008|02:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
    [26/05/2008|19:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\F-Secure
    [26/05/2008|19:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\fssg
    [15/05/2008|22:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [02/06/2008|19:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hot Lava Games
    [13/06/2008|19:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    [08/07/2008|15:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ludia
    [07/07/2008|19:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [22/05/2008|00:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
    [23/06/2008|23:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecretsOfOlympus
    [17/06/2008|00:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Shim Cdrom Cast Surf
    [16/06/2008|23:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    [23/06/2008|22:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SugarGames
    [19/06/2008|00:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
    [09/07/2008|18:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [14/05/2008|01:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [15/05/2008|22:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
    [01/06/2008|22:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

    [14/05/2008|02:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
    [14/05/2008|00:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [16/05/2008|01:17] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [14/05/2008|00:35] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    [12/06/2008|00:58] C:\DOCUME~1\Pepito\APPLIC~1\.wyzo
    [25/06/2008|19:43] C:\DOCUME~1\Pepito\APPLIC~1\Adobe
    [22/05/2008|20:29] C:\DOCUME~1\Pepito\APPLIC~1\Apple Computer
    [15/05/2008|21:56] C:\DOCUME~1\Pepito\APPLIC~1\ArcSoft
    [07/06/2008|19:14] C:\DOCUME~1\Pepito\APPLIC~1\AVS4YOU
    [01/07/2008|20:30] C:\DOCUME~1\Pepito\APPLIC~1\BitDownload
    [05/06/2008|21:27] C:\DOCUME~1\Pepito\APPLIC~1\Boomzap
    [28/05/2008|00:16] C:\DOCUME~1\Pepito\APPLIC~1\CDBurnerXP_Soft
    [14/05/2008|02:20] C:\DOCUME~1\Pepito\APPLIC~1\desktop.ini
    [08/07/2008|17:00] C:\DOCUME~1\Pepito\APPLIC~1\DivX
    [13/06/2008|18:54] C:\DOCUME~1\Pepito\APPLIC~1\FrostWire
    [31/05/2008|20:14] C:\DOCUME~1\Pepito\APPLIC~1\F-Secure
    [15/05/2008|23:00] C:\DOCUME~1\Pepito\APPLIC~1\Google
    [01/06/2008|15:54] C:\DOCUME~1\Pepito\APPLIC~1\Identities
    [31/05/2008|18:47] C:\DOCUME~1\Pepito\APPLIC~1\ITTNord
    [08/07/2008|15:18] C:\DOCUME~1\Pepito\APPLIC~1\Ludia
    [28/05/2008|18:27] C:\DOCUME~1\Pepito\APPLIC~1\Macromedia
    [10/06/2008|23:02] C:\DOCUME~1\Pepito\APPLIC~1\Microsoft
    [08/06/2008|19:06] C:\DOCUME~1\Pepito\APPLIC~1\Moyea
    [15/05/2008|23:34] C:\DOCUME~1\Pepito\APPLIC~1\Mozilla
    [28/06/2008|12:50] C:\DOCUME~1\Pepito\APPLIC~1\Playrix Entertainment
    [15/05/2008|23:17] C:\DOCUME~1\Pepito\APPLIC~1\Real
    [27/06/2008|20:09] C:\DOCUME~1\Pepito\APPLIC~1\Reflexive
    [03/07/2008|00:08] C:\DOCUME~1\Pepito\APPLIC~1\SUPERAntiSpyware.com
    [15/05/2008|23:37] C:\DOCUME~1\Pepito\APPLIC~1\Talkback
    [23/06/2008|23:49] C:\DOCUME~1\Pepito\APPLIC~1\tcw_config.cfg
    [15/06/2008|14:23] C:\DOCUME~1\Pepito\APPLIC~1\VeniceMysteryData
    [31/05/2008|22:12] C:\DOCUME~1\Pepito\APPLIC~1\WinRAR
    [01/06/2008|15:54] C:\DOCUME~1\Pepito\APPLIC~1\Zylom

    ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

    [08/07/2008 16:04][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [09/07/2008 18:09][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [05/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    [25/06/2008|19:46] C:\Program Files\Adobe
    [08/07/2008|16:04] C:\Program Files\Apple Software Update
    [15/05/2008|22:42] C:\Program Files\AVS4YOU
    [22/05/2008|20:27] C:\Program Files\Bonjour
    [14/06/2008|01:15] C:\Program Files\BrowsingEnhancer
    [13/05/2008|23:42] C:\Program Files\ComPlus Applications
    [15/05/2008|22:47] C:\Program Files\DAP
    [08/07/2008|16:52] C:\Program Files\DivX
    [12/06/2008|00:55] C:\Program Files\FBrowserAdvisor
    [13/06/2008|17:38] C:\Program Files\FBrowsingAdvisor
    [25/06/2008|19:41] C:\Program Files\Fichiers communs
    [12/06/2008|00:48] C:\Program Files\FrostWire Ultra Accelerator
    [28/05/2008|18:26] C:\Program Files\GamesBar
    [15/05/2008|22:27] C:\Program Files\Google
    [15/05/2008|22:18] C:\Program Files\InstallShield Installation Information
    [28/06/2008|03:11] C:\Program Files\Internet Explorer
    [26/06/2008|01:39] C:\Program Files\iPod
    [26/05/2008|19:30] C:\Program Files\Java
    [09/07/2008|13:35] C:\Program Files\Lopxp
    [14/05/2008|21:57] C:\Program Files\Messenger
    [13/05/2008|23:49] C:\Program Files\microsoft frontpage
    [29/05/2008|01:23] C:\Program Files\Microsoft Visual Studio
    [02/06/2008|01:49] C:\Program Files\Microsoft Works
    [29/05/2008|01:18] C:\Program Files\Microsoft.NET
    [14/05/2008|21:57] C:\Program Files\Movie Maker
    [09/07/2008|13:40] C:\Program Files\Mozilla Firefox
    [14/05/2008|19:52] C:\Program Files\MSBuild
    [13/05/2008|23:41] C:\Program Files\MSN
    [13/05/2008|23:41] C:\Program Files\MSN Gaming Zone
    [14/05/2008|20:30] C:\Program Files\MSXML 6.0
    [14/05/2008|21:55] C:\Program Files\NetMeeting
    [13/05/2008|23:42] C:\Program Files\Online Services
    [28/05/2008|18:25] C:\Program Files\orange
    [14/05/2008|21:54] C:\Program Files\Outlook Express
    [15/05/2008|23:08] C:\Program Files\Real
    [01/06/2008|15:52] C:\Program Files\RealArcade
    [14/05/2008|19:44] C:\Program Files\Reference Assemblies
    [17/05/2008|18:52] C:\Program Files\ReflexiveArcade
    [13/05/2008|23:44] C:\Program Files\Services en ligne
    [14/05/2008|00:37] C:\Program Files\Uninstall Information
    [15/05/2008|01:56] C:\Program Files\VIA
    [15/05/2008|22:08] C:\Program Files\Windows Live
    [14/05/2008|20:05] C:\Program Files\Windows Media Connect 2
    [14/05/2008|21:55] C:\Program Files\Windows Media Player
    [14/05/2008|21:54] C:\Program Files\Windows NT
    [13/05/2008|23:44] C:\Program Files\WindowsUpdate
    [13/05/2008|23:49] C:\Program Files\xerox

    ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

    [25/06/2008|19:42] C:\Program Files\Fichiers communs\Adobe
    [22/05/2008|20:20] C:\Program Files\Fichiers communs\Apple
    [15/05/2008|21:55] C:\Program Files\Fichiers communs\ArcSoft
    [15/05/2008|22:42] C:\Program Files\Fichiers communs\AVSMedia
    [29/05/2008|01:24] C:\Program Files\Fichiers communs\DESIGNER
    [15/05/2008|01:42] C:\Program Files\Fichiers communs\InstallShield
    [14/05/2008|00:31] C:\Program Files\Fichiers communs\Java
    [02/06/2008|01:48] C:\Program Files\Fichiers communs\Microsoft Shared
    [13/05/2008|23:43] C:\Program Files\Fichiers communs\MSSoap
    [28/05/2008|18:25] C:\Program Files\Fichiers communs\Oberon Media
    [14/05/2008|01:35] C:\Program Files\Fichiers communs\ODBC
    [15/05/2008|23:09] C:\Program Files\Fichiers communs\Real
    [13/05/2008|23:43] C:\Program Files\Fichiers communs\Services
    [14/05/2008|01:35] C:\Program Files\Fichiers communs\SpeechEngines
    [29/05/2008|01:18] C:\Program Files\Fichiers communs\System
    [15/05/2008|22:05] C:\Program Files\Fichiers communs\WindowsLiveInstaller
    [03/07/2008|00:06] C:\Program Files\Fichiers communs\Wise Installation Wizard
    [15/05/2008|23:09] C:\Program Files\Fichiers communs\xing shared

    ---------------------------[ Process ]--------------------------

    ... 49

    iexplore.exe ~ [2740]

    ----------------------[ Recherche avec S_Lop ]---------------------

    Aucun fichier / dossier Lop trouvé !

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    C:\DOCUME~1\Pepito\APPLIC~1\Bitdownload
    C:\DOCUME~1\Pepito\APPLIC~1\Bitdownload\BitDownload.ini
    C:\DOCUME~1\Pepito\APPLIC~1\Bitdownload\btdht.dat
    C:\DOCUME~1\Pepito\APPLIC~1\Bitdownload\DHTLog.txt
    C:\DOCUME~1\Pepito\APPLIC~1\Bitdownload\Favorites.vcs
    C:\DOCUME~1\Pepito\APPLIC~1\Bitdownload\lib.vcs
    C:\DOCUME~1\Pepito\APPLIC~1\Bitdownload\PlayLists
    C:\DOCUME~1\Pepito\APPLIC~1\Bitdownload\Recently played.vcs
    C:\DOCUME~1\Pepito\APPLIC~1\Bitdownload\RoutingTree.bin
    C:\DOCUME~1\Pepito\APPLIC~1\Bitdownload\search.ini
    C:\DOCUME~1\Pepito\APPLIC~1\Bitdownload\Shared.dat
    C:\DOCUME~1\Pepito\APPLIC~1\Bitdownload\ShareHistory.dat
    C:\DOCUME~1\Pepito\APPLIC~1\Bitdownload\SPK.bin
    C:\DOCUME~1\Pepito\APPLIC~1\Bitdownload\Storage
    C:\DOCUME~1\Pepito\APPLIC~1\Bitdownload\Torrents
    C:\DOCUME~1\Pepito\APPLIC~1\Bitdownload\trdnld.vcs
    C:\DOCUME~1\Pepito\APPLIC~1\Bitdownload\trupld.vcs
    C:\DOCUME~1\Pepito\APPLIC~1\Bitdownload\URLs.ini
    C:\DOCUME~1\Pepito\MENUDM~1\PROGRA~1\Bitdownload
    C:\DOCUME~1\Pepito\MENUDM~1\PROGRA~1\Bitdownload\BitDownload Downloads.lnk
    C:\DOCUME~1\Pepito\MENUDM~1\PROGRA~1\Bitdownload\BitDownload Uninstall.lnk
    C:\DOCUME~1\Pepito\MENUDM~1\PROGRA~1\Bitdownload\BitDownload.lnk
    C:\DOCUME~1\Pepito\Bureau\BitDownload Downloads.lnk
    C:\DOCUME~1\Pepito\Bureau\BitDownload.lnk
    C:\WINDOWS\Prefetch\BITDOWNLOAD.EXE-0E3B253F.pf
    C:\DOCUME~1\Pepito\Cookies\pepito@banner.cotedazurpalace[2].txt
    C:\DOCUME~1\Pepito\Cookies\pepito@cotedazurpalace[1].txt
    C:\DOCUME~1\Pepito\Cookies\pepito@cotedazurpalace[2].txt
    C:\DOCUME~1\Pepito\Cookies\pepito@banner.32vegas[2].txt

    ----------------------[ Verification du Registre ]----------------------

    ..... OK !

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts PROPRE


    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-09 18:26:04
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------

    => C:\DOCUME~1\Pepito\MESDOC~1\BitDownload\Bigfish Games - Jurassic Realm - Crack
    => C:\DOCUME~1\Pepito\MESDOC~1\BitDownload\Bigfish Games - Jurassic Realm - Crack\CRACK.zip
    => C:\DOCUME~1\Pepito\MESDOC~1\BitDownload\Bigfish Games - Jurassic Realm - Crack\Jurassic Realm Installer.exe
    => C:\DOCUME~1\Pepito\MESDOC~1\BitDownload\Bigfish Games - Jurassic Realm - Crack\Torrent downloaded from Demonoid.com.txt
    => C:\DOCUME~1\Pepito\MESDOC~1\Incomplete\T-704646-32-REFLEXIVE-full-games-ENG-Crack.zip
    => C:\DOCUME~1\Pepito\MESDOC~1\Incomplete\T-704702-Reflexorator---Play-All-Reflexive-Games-in-Full-Version-Crack.zip
    => C:\DOCUME~1\Pepito\MESDOC~1\Mes fichiers re‡us\crack reflexive games bittorrent downloader.zip
    => C:\DOCUME~1\Pepito\MESDOC~1\Mes fichiers re‡us\Crack Reflexive Games [wyzo].zip
    => C:\Documents and Settings\Pepito\Mes documents\BitDownload\Bigfish Games - Jurassic Realm - Crack
    => C:\Documents and Settings\Pepito\Mes documents\BitDownload\Bigfish Games - Jurassic Realm - Crack\CRACK.zip
    => C:\Documents and Settings\Pepito\Mes documents\BitDownload\Bigfish Games - Jurassic Realm - Crack\Jurassic Realm Installer.exe
    => C:\Documents and Settings\Pepito\Mes documents\BitDownload\Bigfish Games - Jurassic Realm - Crack\Torrent downloaded from Demonoid.com.txt
    => C:\Documents and Settings\Pepito\Mes documents\Incomplete\T-704646-32-REFLEXIVE-full-games-ENG-Crack.zip
    => C:\Documents and Settings\Pepito\Mes documents\Incomplete\T-704702-Reflexorator---Play-All-Reflexive-Games-in-Full-Version-Crack.zip
    => C:\Documents and Settings\Pepito\Mes documents\Mes fichiers re‡us\crack reflexive games bittorrent downloader.zip
    => C:\Documents and Settings\Pepito\Mes documents\Mes fichiers re‡us\Crack Reflexive Games [wyzo].zip
    => C:\Documents and Settings\Pepito\Recent\Bigfish Games - Jurassic Realm - Crack.lnk
    => C:\Documents and Settings\Pepito\Recent\Jurassic Realm Setup + CRACK.lnk


    [F:3][D:2]-> C:\DOCUME~1\Pepito\LOCALS~1\Temp
    [F:239][D:0]-> C:\DOCUME~1\Pepito\Cookies
    [F:332][D:4]-> C:\DOCUME~1\Pepito\LOCALS~1\TEMPOR~1\content.IE5

    --------------------[ Fin du rapport a 18:26:27,53 ]----------------------

    bon courage dans ce "petit chinois"
    Pepito
    9 Juillet 2008 21:06:31

    Re,

    Supprime tes cracks (vecteurs d'infection).

    Sélectionne entièrement l'encadré ci-dessous , puis clique droit Copier

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Shim Cdrom Cast Surf


    Relance Lop S&D.

  • Choisis cette fois ci l'Option 4 (LopScript)
  • Une page blanche va s'ouvrir , clique droit dessus et choisis Coller
  • Ferme la page , il te sera demandé de l'enregistrer , clique sur [Enregistrer]
  • Ne ferme pas la fenêtre lors de la suppression !
  • Poste le rapport généré (C:\lopR.txt)
    9 Juillet 2008 23:43:51

    XmichouX a dit :
    Re,

    Supprime tes cracks (vecteurs d'infection).

    c'est fait

    Sélectionne entièrement l'encadré ci-dessous , puis clique droit Copier

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Shim Cdrom Cast Surf


    Relance Lop S&D.

  • Choisis cette fois ci l'Option 4 (LopScript)
  • Une page blanche va s'ouvrir , clique droit dessus et choisis Coller
  • Ferme la page , il te sera demandé de l'enregistrer , clique sur [Enregistrer]
  • Ne ferme pas la fenêtre lors de la suppression !
  • Poste le rapport généré (C:\lopR.txt)


  • voila le nx rapport:

    -----------------------[ Lop S&D 4.2.2-0 XP/Vista ]---------------------

    [ Windows XP (NT 5.1) Build 2600, Service Pack 3 ]
    [ USER : Pepito ] [ "C:\Lop SD" ] [ Selection : 4 ]
    [ 09/07/2008 | 23:37:07,81 ] [ PC : MAISON ]
    [ MAJ : 06-07-2008 | 10:55 ]

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ LopScript //////////////////////////////////

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Shim Cdrom Cast Surf

    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Shim Cdrom Cast Surf

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

    Supprime! - C:\DOCUME~1\Pepito\APPLIC~1\Bitdownload\BitDownload.ini
    Supprime! - C:\DOCUME~1\Pepito\APPLIC~1\Bitdownload\btdht.dat
    Supprime! - C:\DOCUME~1\Pepito\APPLIC~1\Bitdownload\DHTLog.txt
    Supprime! - C:\DOCUME~1\Pepito\APPLIC~1\Bitdownload\Favorites.vcs
    Supprime! - C:\DOCUME~1\Pepito\APPLIC~1\Bitdownload\lib.vcs
    Supprime! - C:\DOCUME~1\Pepito\APPLIC~1\Bitdownload\PlayLists
    Supprime! - C:\DOCUME~1\Pepito\APPLIC~1\Bitdownload\Recently played.vcs
    Supprime! - C:\DOCUME~1\Pepito\APPLIC~1\Bitdownload\RoutingTree.bin
    Supprime! - C:\DOCUME~1\Pepito\APPLIC~1\Bitdownload\search.ini
    Supprime! - C:\DOCUME~1\Pepito\APPLIC~1\Bitdownload\Shared.dat
    Supprime! - C:\DOCUME~1\Pepito\APPLIC~1\Bitdownload\ShareHistory.dat
    Supprime! - C:\DOCUME~1\Pepito\APPLIC~1\Bitdownload\SPK.bin
    Supprime! - C:\DOCUME~1\Pepito\APPLIC~1\Bitdownload\Storage
    Supprime! - C:\DOCUME~1\Pepito\APPLIC~1\Bitdownload\Torrents
    Supprime! - C:\DOCUME~1\Pepito\APPLIC~1\Bitdownload\trdnld.vcs
    Supprime! - C:\DOCUME~1\Pepito\APPLIC~1\Bitdownload\trupld.vcs
    Supprime! - C:\DOCUME~1\Pepito\APPLIC~1\Bitdownload\URLs.ini
    Supprime! - C:\DOCUME~1\Pepito\Bureau\BitDownload Downloads.lnk
    Supprime! - C:\DOCUME~1\Pepito\Bureau\BitDownload.lnk
    Supprime! - C:\DOCUME~1\Pepito\Cookies\pepito@banner.cotedazurpalace[2].txt
    Supprime! - C:\DOCUME~1\Pepito\Cookies\pepito@cotedazurpalace[1].txt
    Supprime! - C:\DOCUME~1\Pepito\Cookies\pepito@cotedazurpalace[2].txt
    Supprime! - C:\DOCUME~1\Pepito\Cookies\pepito@banner.32vegas[2].txt
    Supprime! - C:\DOCUME~1\Pepito\APPLIC~1\Bitdownload
    Supprime! - C:\DOCUME~1\Pepito\MENUDM~1\PROGRA~1\Bitdownload
    RestaurÚ! - Fichier Hosts

    //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


    -------------[ Listing des dossiers dans APPLIC~1 ]------------

    [09/07/2008|17:57] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
    [14/05/2008|02:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
    [09/07/2008|17:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
    [09/07/2008|17:57] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

    [25/06/2008|19:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [16/05/2008|00:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    [26/06/2008|01:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [08/07/2008|23:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Arkadium
    [15/05/2008|22:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
    [14/05/2008|02:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
    [26/05/2008|19:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\F-Secure
    [26/05/2008|19:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\fssg
    [15/05/2008|22:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [02/06/2008|19:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hot Lava Games
    [13/06/2008|19:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    [08/07/2008|15:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ludia
    [07/07/2008|19:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [22/05/2008|00:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
    [23/06/2008|23:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecretsOfOlympus
    [16/06/2008|23:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    [23/06/2008|22:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SugarGames
    [19/06/2008|00:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
    [09/07/2008|18:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [14/05/2008|01:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [15/05/2008|22:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
    [01/06/2008|22:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

    [14/05/2008|02:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
    [14/05/2008|00:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [16/05/2008|01:17] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [14/05/2008|00:35] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    [12/06/2008|00:58] C:\DOCUME~1\Pepito\APPLIC~1\.wyzo
    [25/06/2008|19:43] C:\DOCUME~1\Pepito\APPLIC~1\Adobe
    [22/05/2008|20:29] C:\DOCUME~1\Pepito\APPLIC~1\Apple Computer
    [15/05/2008|21:56] C:\DOCUME~1\Pepito\APPLIC~1\ArcSoft
    [07/06/2008|19:14] C:\DOCUME~1\Pepito\APPLIC~1\AVS4YOU
    [05/06/2008|21:27] C:\DOCUME~1\Pepito\APPLIC~1\Boomzap
    [28/05/2008|00:16] C:\DOCUME~1\Pepito\APPLIC~1\CDBurnerXP_Soft
    [14/05/2008|02:20] C:\DOCUME~1\Pepito\APPLIC~1\desktop.ini
    [08/07/2008|17:00] C:\DOCUME~1\Pepito\APPLIC~1\DivX
    [13/06/2008|18:54] C:\DOCUME~1\Pepito\APPLIC~1\FrostWire
    [31/05/2008|20:14] C:\DOCUME~1\Pepito\APPLIC~1\F-Secure
    [15/05/2008|23:00] C:\DOCUME~1\Pepito\APPLIC~1\Google
    [01/06/2008|15:54] C:\DOCUME~1\Pepito\APPLIC~1\Identities
    [31/05/2008|18:47] C:\DOCUME~1\Pepito\APPLIC~1\ITTNord
    [08/07/2008|15:18] C:\DOCUME~1\Pepito\APPLIC~1\Ludia
    [28/05/2008|18:27] C:\DOCUME~1\Pepito\APPLIC~1\Macromedia
    [10/06/2008|23:02] C:\DOCUME~1\Pepito\APPLIC~1\Microsoft
    [08/06/2008|19:06] C:\DOCUME~1\Pepito\APPLIC~1\Moyea
    [15/05/2008|23:34] C:\DOCUME~1\Pepito\APPLIC~1\Mozilla
    [28/06/2008|12:50] C:\DOCUME~1\Pepito\APPLIC~1\Playrix Entertainment
    [15/05/2008|23:17] C:\DOCUME~1\Pepito\APPLIC~1\Real
    [27/06/2008|20:09] C:\DOCUME~1\Pepito\APPLIC~1\Reflexive
    [03/07/2008|00:08] C:\DOCUME~1\Pepito\APPLIC~1\SUPERAntiSpyware.com
    [15/05/2008|23:37] C:\DOCUME~1\Pepito\APPLIC~1\Talkback
    [23/06/2008|23:49] C:\DOCUME~1\Pepito\APPLIC~1\tcw_config.cfg
    [15/06/2008|14:23] C:\DOCUME~1\Pepito\APPLIC~1\VeniceMysteryData
    [31/05/2008|22:12] C:\DOCUME~1\Pepito\APPLIC~1\WinRAR
    [01/06/2008|15:54] C:\DOCUME~1\Pepito\APPLIC~1\Zylom

    ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

    [08/07/2008 16:04][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [09/07/2008 18:09][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [05/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    [25/06/2008|19:46] C:\Program Files\Adobe
    [08/07/2008|16:04] C:\Program Files\Apple Software Update
    [15/05/2008|22:42] C:\Program Files\AVS4YOU
    [22/05/2008|20:27] C:\Program Files\Bonjour
    [14/06/2008|01:15] C:\Program Files\BrowsingEnhancer
    [13/05/2008|23:42] C:\Program Files\ComPlus Applications
    [15/05/2008|22:47] C:\Program Files\DAP
    [08/07/2008|16:52] C:\Program Files\DivX
    [12/06/2008|00:55] C:\Program Files\FBrowserAdvisor
    [13/06/2008|17:38] C:\Program Files\FBrowsingAdvisor
    [25/06/2008|19:41] C:\Program Files\Fichiers communs
    [12/06/2008|00:48] C:\Program Files\FrostWire Ultra Accelerator
    [28/05/2008|18:26] C:\Program Files\GamesBar
    [15/05/2008|22:27] C:\Program Files\Google
    [15/05/2008|22:18] C:\Program Files\InstallShield Installation Information
    [28/06/2008|03:11] C:\Program Files\Internet Explorer
    [26/06/2008|01:39] C:\Program Files\iPod
    [26/05/2008|19:30] C:\Program Files\Java
    [09/07/2008|13:35] C:\Program Files\Lopxp
    [14/05/2008|21:57] C:\Program Files\Messenger
    [13/05/2008|23:49] C:\Program Files\microsoft frontpage
    [29/05/2008|01:23] C:\Program Files\Microsoft Visual Studio
    [02/06/2008|01:49] C:\Program Files\Microsoft Works
    [29/05/2008|01:18] C:\Program Files\Microsoft.NET
    [14/05/2008|21:57] C:\Program Files\Movie Maker
    [09/07/2008|13:40] C:\Program Files\Mozilla Firefox
    [14/05/2008|19:52] C:\Program Files\MSBuild
    [13/05/2008|23:41] C:\Program Files\MSN
    [13/05/2008|23:41] C:\Program Files\MSN Gaming Zone
    [14/05/2008|20:30] C:\Program Files\MSXML 6.0
    [14/05/2008|21:55] C:\Program Files\NetMeeting
    [13/05/2008|23:42] C:\Program Files\Online Services
    [28/05/2008|18:25] C:\Program Files\orange
    [14/05/2008|21:54] C:\Program Files\Outlook Express
    [15/05/2008|23:08] C:\Program Files\Real
    [01/06/2008|15:52] C:\Program Files\RealArcade
    [14/05/2008|19:44] C:\Program Files\Reference Assemblies
    [17/05/2008|18:52] C:\Program Files\ReflexiveArcade
    [13/05/2008|23:44] C:\Program Files\Services en ligne
    [14/05/2008|00:37] C:\Program Files\Uninstall Information
    [15/05/2008|01:56] C:\Program Files\VIA
    [15/05/2008|22:08] C:\Program Files\Windows Live
    [14/05/2008|20:05] C:\Program Files\Windows Media Connect 2
    [14/05/2008|21:55] C:\Program Files\Windows Media Player
    [14/05/2008|21:54] C:\Program Files\Windows NT
    [13/05/2008|23:44] C:\Program Files\WindowsUpdate
    [13/05/2008|23:49] C:\Program Files\xerox

    ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

    [25/06/2008|19:42] C:\Program Files\Fichiers communs\Adobe
    [22/05/2008|20:20] C:\Program Files\Fichiers communs\Apple
    [15/05/2008|21:55] C:\Program Files\Fichiers communs\ArcSoft
    [15/05/2008|22:42] C:\Program Files\Fichiers communs\AVSMedia
    [29/05/2008|01:24] C:\Program Files\Fichiers communs\DESIGNER
    [15/05/2008|01:42] C:\Program Files\Fichiers communs\InstallShield
    [14/05/2008|00:31] C:\Program Files\Fichiers communs\Java
    [02/06/2008|01:48] C:\Program Files\Fichiers communs\Microsoft Shared
    [13/05/2008|23:43] C:\Program Files\Fichiers communs\MSSoap
    [28/05/2008|18:25] C:\Program Files\Fichiers communs\Oberon Media
    [14/05/2008|01:35] C:\Program Files\Fichiers communs\ODBC
    [15/05/2008|23:09] C:\Program Files\Fichiers communs\Real
    [13/05/2008|23:43] C:\Program Files\Fichiers communs\Services
    [14/05/2008|01:35] C:\Program Files\Fichiers communs\SpeechEngines
    [29/05/2008|01:18] C:\Program Files\Fichiers communs\System
    [15/05/2008|22:05] C:\Program Files\Fichiers communs\WindowsLiveInstaller
    [03/07/2008|00:06] C:\Program Files\Fichiers communs\Wise Installation Wizard
    [15/05/2008|23:09] C:\Program Files\Fichiers communs\xing shared

    ---------------------------[ Process ]--------------------------

    ... 50

    ... OK !

    ----------------------[ Recherche avec S_Lop ]---------------------

    Aucun fichier / dossier Lop trouvé !

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    Aucun fichier / dossier Lop trouvé !

    ----------------------[ Verification du Registre ]----------------------

    ..... OK !

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts PROPRE


    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-09 23:39:50
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------

    => C:\Documents and Settings\Pepito\Recent\Bigfish Games - Jurassic Realm - Crack.lnk
    => C:\Documents and Settings\Pepito\Recent\Jurassic Realm Setup + CRACK.lnk


    [F:3][D:2]-> C:\DOCUME~1\Pepito\LOCALS~1\Temp
    [F:236][D:0]-> C:\DOCUME~1\Pepito\Cookies
    [F:1090][D:4]-> C:\DOCUME~1\Pepito\LOCALS~1\TEMPOR~1\content.IE5

    --------------------[ Fin du rapport a 23:40:12,51 ]----------------------
    encore merci et bon courage
    Pepito
    9 Juillet 2008 23:46:52

    pour info, apres avoir lu le rapport j'ai egalement supprime ces 2 trucs :
    => C:\Documents and Settings\Pepito\Recent\Bigfish Games - Jurassic Realm - Crack.lnk
    => C:\Documents and Settings\Pepito\Recent\Jurassic Realm Setup + CRACK.lnk
    9 Juillet 2008 23:59:42

    Bien ;) 

    - Poste de travail/outils/option des dossiers/affichage/cocher afficher les fichiers et dossiers cachés/Appliquer - - > OK
    - Poste de travail/outils/option des dossiers/affichage/décocher masquer les fichiers protégés du système d’exploitation./Appliquer - - > OK
    - Poste de travail/outils/option des dossiers/affichage/décocher masquer les extensions dont le type est connu/Appliquer - - > OK

    N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

    Je vais te demander d'uploader un ou plusieurs fichiers aux développeurs, ceci dans le but d'améliorer les outils :) 

    Peux-tu chercher ce fichier : C:\Documents and Settings\Pepito\lsass.exe
    et l'envoyer à cette adresse : http://www.bleepingcomputer.com/submit-malware.php?chan...

    ********

    Repasse ComboFix, poste moi son rapport ;) 
    10 Juillet 2008 15:24:30

    re,
    n'ayant pas trouvé lsass.exe mais lass.0exe, c'est celui là que j'ai envoyé.
    voilà le rapport de combo (fait en mode normal)
    et je recache les fichiers de suite.
    Pepito

    ComboFix 08-07-08.7 - Pepito 2008-07-10 12:46:20.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.124 [GMT 2:00]
    Endroit: C:\Documents and Settings\Pepito\Bureau\UTILITAIRES\uc100%\ComboFix.exe
    * Resident AV is active


    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-06-10 to 2008-07-10 ))))))))))))))))))))))))))))))))))))
    .

    2008-07-09 19:41 . 2008-07-09 19:41 <REP> d-------- C:\Documents and Settings\LocalService\Bureau
    2008-07-09 18:22 . 2008-07-09 23:40 <REP> d-------- C:\Lop SD
    2008-07-09 18:00 . 2008-07-09 18:00 <REP> d-------- C:\WINDOWS\ERUNT
    2008-07-09 17:56 . 2008-07-09 17:56 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-07-09 17:52 . 2008-07-09 18:15 <REP> d-------- C:\SDFix
    2008-07-09 13:34 . 2008-07-09 13:35 <REP> d-------- C:\Program Files\Lopxp
    2008-07-09 13:10 . 2008-07-09 13:10 <REP> d-------- C:\WINDOWS\system32\bfubackups
    2008-07-08 23:53 . 2008-07-08 23:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Arkadium
    2008-07-08 16:57 . 2008-07-08 17:00 <REP> d-------- C:\Documents and Settings\Pepito\Application Data\DivX
    2008-07-08 16:49 . 2008-07-08 16:52 <REP> d-------- C:\Program Files\DivX
    2008-07-08 16:04 . 2008-07-08 16:04 <REP> d-------- C:\Program Files\Apple Software Update
    2008-07-08 16:04 . 2008-07-08 16:05 <REP> d-------- C:\hjsplit
    2008-07-08 15:18 . 2008-07-08 15:18 <REP> d-------- C:\Documents and Settings\Pepito\Application Data\Ludia
    2008-07-08 15:18 . 2008-07-08 15:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ludia
    2008-07-07 23:16 . 2008-07-07 23:24 73 --a------ C:\WINDOWS\MediaManager.INI
    2008-07-07 23:02 . 2008-07-07 23:16 <REP> d-------- C:\MP3 Player Utilities 4.03
    2008-07-07 23:01 . 2008-07-07 23:01 <REP> d-------- C:\senso
    2008-07-01 20:38 . 2006-12-28 13:12 61,440 --a------ C:\WINDOWS\system32\Big Kahuna Reef 2.scr
    2008-06-28 12:50 . 2008-06-28 12:50 <REP> d-------- C:\Documents and Settings\Pepito\Application Data\Playrix Entertainment
    2008-06-27 20:09 . 2008-06-27 20:09 <REP> d-------- C:\Documents and Settings\Pepito\Application Data\Reflexive
    2008-06-26 01:39 . 2008-06-26 01:39 <REP> d-------- C:\Program Files\iPod
    2008-06-26 01:39 . 2008-06-26 01:39 <REP> d-------- C:\iTunes
    2008-06-26 01:37 . 2008-06-26 01:38 <REP> d-------- C:\QuickTime
    2008-06-25 19:41 . 2008-06-25 19:42 <REP> d-------- C:\Reader 8.0
    2008-06-25 19:41 . 2008-06-25 19:42 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-06-23 23:16 . 2008-06-23 23:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SecretsOfOlympus
    2008-06-23 22:53 . 2008-06-23 22:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SugarGames
    2008-06-20 19:47 . 2008-06-20 19:47 247,808 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
    2008-06-20 19:47 . 2008-06-20 19:47 147,968 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-06-20 13:51 . 2008-06-20 13:51 361,600 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys
    2008-06-20 13:40 . 2008-06-20 13:40 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
    2008-06-20 13:08 . 2008-06-20 13:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys
    2008-06-19 00:28 . 2008-06-19 00:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-06-19 00:27 . 2008-07-03 00:06 <REP> d-------- C:\SUPERAntiSpyware
    2008-06-19 00:27 . 2008-07-03 00:08 <REP> d-------- C:\Documents and Settings\Pepito\Application Data\SUPERAntiSpyware.com
    2008-06-18 19:52 . 2008-06-18 19:52 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-06-17 00:22 . 2008-06-17 00:22 2,414 --a------ C:\WINDOWS\system32\tmp.reg
    2008-06-17 00:20 . 2008-06-17 00:20 <REP> d-------- C:\SmitfraudFix
    2008-06-15 14:23 . 2008-06-15 14:23 <REP> d-------- C:\Documents and Settings\Pepito\Application Data\VeniceMysteryData
    2008-06-14 01:09 . 2008-06-16 23:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-06-13 19:10 . 2008-06-13 19:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-06-13 19:10 . 2008-06-14 01:07 <REP> d-------- C:\Ad-Aware
    2008-06-13 19:08 . 2008-07-03 00:06 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-06-13 18:52 . 2008-06-13 18:52 413 --a------ C:\305.bat
    2008-06-13 18:52 . 2008-06-13 18:52 77 --a------ C:\Documents and Settings\Pepito\3982.bat
    2008-06-13 18:51 . 2008-06-13 18:51 14,848 --a------ C:\svchost.0xe
    2008-06-13 17:52 . 2008-06-13 17:52 413 --a------ C:\551.bat
    2008-06-13 17:52 . 2008-06-13 17:52 77 --a------ C:\Documents and Settings\Pepito\4856.bat
    2008-06-13 17:37 . 2008-06-13 17:37 413 --a------ C:\647.bat
    2008-06-13 17:36 . 2008-06-13 17:36 77 --a------ C:\Documents and Settings\Pepito\9934.bat
    2008-06-12 01:00 . 2008-07-01 20:20 <REP> d-------- C:\BitDownload
    2008-06-12 00:58 . 2008-06-12 00:58 <REP> d-------- C:\Documents and Settings\Pepito\Application Data\.wyzo
    2008-06-12 00:56 . 2008-06-14 01:15 <REP> d-------- C:\Program Files\BrowsingEnhancer
    2008-06-12 00:55 . 2008-06-13 17:38 <REP> d-------- C:\Program Files\FBrowsingAdvisor
    2008-06-12 00:55 . 2008-06-12 00:55 <REP> d-------- C:\Program Files\FBrowserAdvisor
    2008-06-12 00:49 . 2008-06-12 00:49 <REP> d-------- C:\Documents and Settings\Pepito\Incomplete
    2008-06-12 00:49 . 2008-06-13 18:54 <REP> d-------- C:\Documents and Settings\Pepito\Application Data\FrostWire
    2008-06-12 00:48 . 2008-06-12 00:48 <REP> d-------- C:\Program Files\FrostWire Ultra Accelerator
    2008-06-12 00:48 . 2008-06-12 01:03 <REP> d-------- C:\FrostWire
    2008-06-12 00:27 . 2008-06-12 00:44 <REP> d-------- C:\eMule
    2008-06-11 02:07 . 2008-06-11 02:07 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2008-06-11 02:07 . 2008-06-11 02:07 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
    2008-06-11 02:07 . 2008-06-11 02:07 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
    2008-06-11 02:07 . 2008-06-11 02:07 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
    2008-06-11 02:04 . 2008-06-11 02:04 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
    2008-06-11 02:04 . 2008-06-11 02:04 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
    2008-06-10 20:58 . 2008-06-14 19:33 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-10 20:58 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-09 16:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-06-25 23:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-11 23:01 316,928 ----a-w C:\WINDOWS\Fonts\rar.exe
    2008-06-11 00:07 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
    2008-06-11 00:07 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2008-06-11 00:07 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
    2008-06-11 00:07 129,784 ------w C:\WINDOWS\system32\pxafs.dll
    2008-06-11 00:07 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
    2008-06-11 00:07 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
    2008-06-08 17:06 --------- d-----w C:\Documents and Settings\Pepito\Application Data\Moyea
    2008-06-07 17:14 --------- d-----w C:\Documents and Settings\Pepito\Application Data\AVS4YOU
    2008-06-05 19:27 --------- d-----w C:\Documents and Settings\Pepito\Application Data\Boomzap
    2008-06-02 17:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hot Lava Games
    2008-06-01 23:49 --------- d-----w C:\Program Files\Microsoft Works
    2008-06-01 20:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
    2008-06-01 13:54 --------- d-----w C:\Documents and Settings\Pepito\Application Data\Zylom
    2008-06-01 13:52 --------- d-----w C:\Program Files\RealArcade
    2008-05-31 18:14 --------- d-----w C:\Documents and Settings\Pepito\Application Data\F-Secure
    2008-05-31 16:47 --------- d-----w C:\Documents and Settings\Pepito\Application Data\ITTNord
    2008-05-28 23:18 --------- d-----w C:\Program Files\Microsoft.NET
    2008-05-28 16:26 --------- d-----w C:\Program Files\GamesBar
    2008-05-28 16:25 --------- d-----w C:\Program Files\orange
    2008-05-28 16:25 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media
    2008-05-27 22:16 --------- d-----w C:\Documents and Settings\Pepito\Application Data\CDBurnerXP_Soft
    2008-05-26 17:30 --------- d-----w C:\Program Files\Java
    2008-05-26 17:16 51,072 ----a-w C:\WINDOWS\system32\drivers\fsdfw.sys
    2008-05-26 17:16 30,016 ----a-w C:\WINDOWS\system32\drivers\fsndis5.sys
    2008-05-26 17:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\F-Secure
    2008-05-26 17:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\fssg
    2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-05-22 18:29 --------- d-----w C:\Documents and Settings\Pepito\Application Data\Apple Computer
    2008-05-22 18:27 --------- d-----w C:\Program Files\Bonjour
    2008-05-22 18:20 --------- d-----w C:\Program Files\Fichiers communs\Apple
    2008-05-21 22:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
    2008-05-17 16:52 --------- d-----w C:\Program Files\ReflexiveArcade
    2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2008-05-15 22:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2008-05-15 21:37 --------- d-----w C:\Documents and Settings\Pepito\Application Data\Talkback
    2008-05-15 21:09 --------- d-----w C:\Program Files\Fichiers communs\xing shared
    2008-05-15 21:09 --------- d-----w C:\Program Files\Fichiers communs\Real
    2008-05-15 21:08 --------- d-----w C:\Program Files\Real
    2008-05-15 20:47 --------- d-----w C:\Program Files\DAP
    2008-05-15 20:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVS4YOU
    2008-05-15 20:42 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
    2008-05-15 20:42 --------- d-----w C:\Program Files\AVS4YOU
    2008-05-15 20:27 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
    2008-05-15 20:27 --------- d-----w C:\Program Files\Google
    2008-05-15 20:26 966,973 ----a-w C:\WINDOWS\system32\DieuxDuStade.scr
    2008-05-15 20:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-15 20:08 --------- d-----w C:\Program Files\Windows Live
    2008-05-15 20:05 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-05-15 20:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-05-15 19:56 --------- d-----w C:\Documents and Settings\Pepito\Application Data\ArcSoft
    2008-05-15 19:55 --------- d-----w C:\Program Files\Fichiers communs\ArcSoft
    2008-05-14 23:56 --------- d-----w C:\Program Files\VIA
    2008-05-14 23:52 23,600 ----a-w C:\WINDOWS\system32\drivers\TVICHW32.SYS
    2008-05-14 23:42 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-05-14 18:30 --------- d-----w C:\Program Files\MSXML 6.0
    2008-05-14 18:05 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-05-14 17:52 --------- d-----w C:\Program Files\MSBuild
    2008-05-14 17:44 --------- d-----w C:\Program Files\Reference Assemblies
    2008-05-13 22:31 --------- d-----w C:\Program Files\Fichiers communs\Java
    2008-05-13 21:49 --------- d-----w C:\Program Files\microsoft frontpage
    2008-05-13 21:44 --------- d-----w C:\Program Files\Services en ligne
    2008-05-09 10:55 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
    2008-05-09 10:55 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
    2008-05-09 10:55 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
    2008-05-09 10:55 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
    2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
    2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
    2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-04-14 02:50 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
    2008-04-14 02:37 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe
    2008-04-14 02:33 98,816 ----a-w C:\WINDOWS\system32\psbase.dll
    2008-04-14 02:32 764,416 ----a-w C:\WINDOWS\system32\winntbbu.dll
    2008-04-14 02:32 61,471 ----a-w C:\WINDOWS\system32\odbcji32.dll
    2008-04-14 02:32 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
    2008-04-14 02:08 2,191,104 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
    2008-04-14 02:07 2,067,968 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
    2008-04-14 02:06 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
    2008-04-14 02:04 93,184 ----a-w C:\WINDOWS\system32\msxml6r.dll
    2008-04-14 02:03 81,920 ------w C:\WINDOWS\system32\msshavmsg.dll
    2008-04-14 02:02 50,688 ----a-w C:\WINDOWS\system32\inetres.dll
    2008-04-14 02:00 572,416 ----a-w C:\WINDOWS\system32\shdoclc.dll
    2008-04-14 01:59 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
    2008-04-14 01:58 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-04-14 01:58 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
    2008-04-14 01:57 70,144 ----a-w C:\WINDOWS\system32\browselc.dll
    2008-04-14 01:54 103,936 ----a-w C:\WINDOWS\system32\dpcdll.dll
    2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
    2008-04-13 18:40 445,440 ----a-w C:\WINDOWS\system32\xpob2res.dll
    2008-04-13 18:36 2,986,496 ----a-w C:\WINDOWS\system32\xpsp2res.dll
    2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
    2008-04-13 18:35 197,632 ----a-w C:\WINDOWS\system32\xpsp1res.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-07-09_14.01.31.62 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-06-20 11:48:03 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
    + 2008-06-20 17:44:02 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
    + 2008-06-20 17:44:02 247,808 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
    + 2008-06-20 11:59:02 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    + 2008-06-20 11:16:44 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
    + 2007-11-30 12:39:29 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll
    + 2007-11-30 12:39:29 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe
    + 2007-11-30 12:39:29 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll
    + 2007-11-30 12:39:26 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
    + 2007-11-30 12:39:29 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll
    + 2008-05-07 09:07:23 135,168 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\cscript.exe
    + 2008-05-09 10:51:45 512,000 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\jscript.dll
    + 2008-05-09 10:51:45 180,224 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\scrobj.dll
    + 2008-05-09 10:51:45 172,032 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\scrrun.dll
    + 2008-05-09 10:51:45 430,080 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\vbscript.dll
    + 2008-05-08 11:24:44 155,648 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\wscript.exe
    + 2008-05-09 10:51:45 90,112 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\wshext.dll
    + 2007-11-30 12:39:29 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951978\spmsg.dll
    + 2007-11-30 12:39:29 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB951978\spuninst.exe
    + 2007-11-30 12:39:29 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951978\update\spcustom.dll
    + 2007-11-30 12:39:26 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951978\update\update.exe
    + 2007-11-30 12:39:29 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB951978\update\updspapi.dll
    - 2008-07-09 11:57:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-07-10 03:06:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-07-09 09:52:07 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
    + 2008-07-09 16:00:28 577,536 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
    + 2008-07-09 16:00:28 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
    + 2008-07-09 09:52:07 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
    + 2008-07-09 16:00:27 577,536 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
    + 2008-07-09 16:00:27 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
    - 2008-06-10 19:55:44 12,288 ----a-r C:\WINDOWS\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2008-07-10 02:57:38 12,288 ----a-r C:\WINDOWS\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    - 2008-06-10 19:55:43 135,168 ----a-r C:\WINDOWS\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\misc.exe
    + 2008-07-10 02:57:35 135,168 ----a-r C:\WINDOWS\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2008-06-10 19:55:44 11,264 ----a-r C:\WINDOWS\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    + 2008-07-10 02:57:40 11,264 ----a-r C:\WINDOWS\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    - 2008-06-10 19:55:45 27,136 ----a-r C:\WINDOWS\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    + 2008-07-10 02:57:40 27,136 ----a-r C:\WINDOWS\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    - 2008-06-10 19:55:46 4,096 ----a-r C:\WINDOWS\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    + 2008-07-10 02:57:42 4,096 ----a-r C:\WINDOWS\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    - 2008-06-10 19:55:47 794,624 ----a-r C:\WINDOWS\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
    + 2008-07-10 02:57:44 794,624 ----a-r C:\WINDOWS\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
    - 2008-06-10 19:55:44 249,856 ----a-r C:\WINDOWS\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
    + 2008-07-10 02:57:37 249,856 ----a-r C:\WINDOWS\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
    - 2008-06-10 19:55:48 23,040 ----a-r C:\WINDOWS\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    + 2008-07-10 02:57:45 23,040 ----a-r C:\WINDOWS\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    - 2008-06-10 19:55:43 286,720 ----a-r C:\WINDOWS\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    + 2008-07-10 02:57:33 286,720 ----a-r C:\WINDOWS\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    - 2008-06-10 19:55:43 409,600 ----a-r C:\WINDOWS\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2008-07-10 02:57:32 409,600 ----a-r C:\WINDOWS\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2008-05-07 09:07:23 135,168 -c----w C:\WINDOWS\system32\dllcache\cscript.exe
    - 2007-08-13 16:38:04 491,520 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
    + 2008-05-09 10:55:00 512,000 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
    + 2008-05-09 10:55:00 180,224 -c----w C:\WINDOWS\system32\dllcache\scrobj.dll
    + 2008-05-09 10:55:00 172,032 -c----w C:\WINDOWS\system32\dllcache\scrrun.dll
    - 2007-08-13 16:54:10 413,696 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
    + 2008-05-09 10:55:00 430,080 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
    + 2008-05-08 11:24:44 155,648 -c----w C:\WINDOWS\system32\dllcache\wscript.exe
    + 2008-05-09 10:55:00 90,112 -c----w C:\WINDOWS\system32\dllcache\wshext.dll
    - 2008-04-14 02:33:22 147,968 ----a-w C:\WINDOWS\system32\dnsapi.dll
    + 2008-06-20 17:47:22 147,968 ----a-w C:\WINDOWS\system32\dnsapi.dll
    - 2007-08-13 16:38:04 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
    + 2008-05-09 10:55:00 512,000 ----a-w C:\WINDOWS\system32\jscript.dll
    - 2007-11-30 11:19:06 18,296 ------w C:\WINDOWS\system32\spmsg.dll
    + 2007-11-30 12:39:29 18,296 ------w C:\WINDOWS\system32\spmsg.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 04:34 1695232]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "AudioDeck"="C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 15:48 528384]
    "F-Secure Manager"="C:\AntivirusFirewall\Common\FSM32.EXE" [2007-06-13 15:58 176177]
    "F-Secure TNB"="C:\AntivirusFirewall\FSGUI\TNBUtil.exe" [2007-06-13 15:57 733184]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-15 23:08 185896]
    "Adobe Reader Speed Launcher"="C:\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "QuickTime Task"="C:\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
    "iTunesHelper"="C:\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
    --a------ 2008-05-15 22:27 4523520 C:\Program Files\DAP\DAP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-06-02 11:13 267048 C:\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2008-05-15 23:08 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\DAP\\DAP.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\iTunes\\iTunes.exe"=

    R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-05-26 19:16]
    R1 F-Secure HIPS;F-Secure HIPS;C:\AntivirusFirewall\HIPS\fshs.sys [2008-05-26 19:13]
    R2 NMSAccessU;NMSAccessU;C:\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys [2007-06-13 15:58]
    S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys []
    S3 ovt530;Webcam Deluxe;C:\WINDOWS\system32\Drivers\ov530vid.sys [2005-03-15 17:04]
    S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []
    S4 F-Secure Filter;F-Secure File System Filter;C:\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2007-06-13 15:58]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2007-06-13 15:58]

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-07-08 14:04:58 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-10 12:52:46
    Windows 5.1.2600 Service Pack 3 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...


    **************************************************************************
    .
    Temps d'accomplissement: 2008-07-10 12:57:27
    ComboFix-quarantined-files.txt 2008-07-10 10:56:01
    ComboFix2.txt 2008-07-09 12:04:46

    Pre-Run: 278,870,040,576 octets libres
    Post-Run: 279,033,315,328 octets libres

    315 --- E O F --- 2008-07-10 02:59:31
    10 Juillet 2008 15:33:21

    Re,

    Bizarre..

    Sélectionne l'intégralité du cadre ci-dessous :

    Collect::
    C:\WINDOWS\Fonts\rar.exe
    C:\305.bat
    C:\Documents and Settings\Pepito\3982.bat
    C:\svchost.0xe
    C:\551.bat
    C:\Documents and Settings\Pepito\4856.bat
    C:\647.bat
    C:\Documents and Settings\Pepito\9934.bat
    C:\Documents and Settings\Pepito\lsass.exe

    Driver::
    ZDCndis5
    aswFsBlk

    Folder::
    C:\Program Files\GamesBar
    C:\Program Files\BrowsingEnhancer
    C:\Program Files\FBrowsingAdvisor
    C:\Program Files\FBrowserAdvisor
    C:\BitDownload

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"=-
    "Adobe Reader Speed Launcher"=-
    "QuickTime Task"=-
    "iTunesHelper"=-


  • Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
  • Enregistre le sous sur ton bureau sous le nom de CFScript.txt
  • Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

  • Cela va relancer Combofix.
  • ComboFix créera ces fichiers sur ton Bureau :
    - Un fichier zippé nommé Submit [Date Time].zip
    - Un second fichier nommé - CF-Submit.htm
  • ComboFix peut exiger un redémarrage pour compléter son travail. Accepte.
  • Lorsque l'outil aura terminé, un rapport ComboFix.log apparaîtra à l'écran.
  • Une nouvelle fenêtre avec invite "Submit Files for further analysis" s'ouvrira. Clique "OK"
  • Ton navigateur se lancera automatiquement avec le fichier CF-Submit.htm et une fenêtre s'ouvrira :
    - Clique sur le bouton "Browse"("Parcourir") et navigue vers le fichier
    Submit [Date Time].zip qui est sur ton Bureau.
    - Clique sur le fichier afin de le sélectionner.
  • Soumets le fichier en cliquant "OK"
  • Lorsque cette opération sera complétée, tu peux supprimer ces deux fichiers qui se trouvent sur ton Bureau.
    Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
    10 Juillet 2008 19:02:59

    XmichouX,
    Encore une question...
    J'ai Rapidshare qui ne fonctionne plus, il me met "exception has been throxn by the target of an invocation", et-ce normal ??
    Pepito
    10 Juillet 2008 19:08:00

    Re,

    RapidShare, c'est un site non ?

    Poste le rapport ComboFix stp.
    10 Juillet 2008 19:49:58

    Je me suis logué sur un autre pc car probleme de transmission sur le pc infecté;
    Au moment de soumettre le fichier, il m'aa planté en me disant que la page n'existait pas et que je devait avoir des prob de connection.
    je t'envoie le rapport affiché à la fin de combofix :
    ComboFix 08-07-08.7 - Pepito 2008-07-10 19:09:23.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.180 [GMT 2:00]
    Endroit: C:\Documents and Settings\Pepito\Bureau\UTILITAIRES\uc100%\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Pepito\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration
    * Resident AV is active


    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\305.bat
    C:\551.bat
    C:\647.bat
    C:\BitDownload
    C:\BitDownload\BitDownload.exe
    C:\BitDownload\BitDownload.ico
    C:\BitDownload\EndProg.exe
    C:\BitDownload\iphox_downloader_p.exe
    C:\BitDownload\Lang\English.lng
    C:\BitDownload\Lang\Russian.lng
    C:\BitDownload\log\BitDownload.log
    C:\BitDownload\log\BitDownload.log.old
    C:\BitDownload\Media\FileComplete.wav
    C:\BitDownload\player.dll
    C:\BitDownload\plug-ins\CDBurningPlugin.bpl
    C:\BitDownload\plug-ins\CDRipper.bpl
    C:\BitDownload\plug-ins\ClosestSearch.bpl
    C:\BitDownload\plug-ins\Notification.bpl
    C:\BitDownload\plug-ins\PeerInfoSearch.bpl
    C:\BitDownload\plug-ins\rip\akrip32.dll
    C:\BitDownload\plug-ins\rip\cdcache.dll
    C:\BitDownload\plug-ins\rip\lame_enc.dll
    C:\BitDownload\plug-ins\rip\Rip.dll
    C:\BitDownload\plug-ins\rip\vorb_enc.dll
    C:\BitDownload\plug-ins\rip\xtenc.dll
    C:\BitDownload\plug-ins\Search.bpl
    C:\BitDownload\plug-ins\VirtualTracker.bpl
    C:\BitDownload\RegExt.exe
    C:\BitDownload\rtl70.bpl
    C:\BitDownload\Skin\Aqua.skn
    C:\BitDownload\Skin\Default.skn
    C:\BitDownload\Skin\Desert.skn
    C:\BitDownload\Skin\Forest.skn
    C:\BitDownload\Skin\Sea.skn
    C:\BitDownload\tcpip_patcher.sys
    C:\BitDownload\Uninstall.exe
    C:\BitDownload\Units.bpl
    C:\BitDownload\vcl70.bpl
    C:\BitDownload\vclshlctrls70.bpl
    C:\BitDownload\vclx70.bpl
    C:\BitDownload\VersionChecker.exe
    C:\BitDownload\WinSkinD7R.bpl
    C:\Documents and Settings\Pepito\3982.bat
    C:\Documents and Settings\Pepito\4856.bat
    C:\Documents and Settings\Pepito\9934.bat
    C:\Program Files\BrowsingEnhancer
    C:\Program Files\BrowsingEnhancer\BrowsingEnhancer.dat
    C:\Program Files\BrowsingEnhancer\pcre3.dll
    C:\Program Files\BrowsingEnhancer\uninstall.exe
    C:\Program Files\FBrowserAdvisor
    C:\Program Files\FBrowsingAdvisor
    C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt
    C:\Program Files\FBrowsingAdvisor\Logo.png
    C:\Program Files\FBrowsingAdvisor\main.db
    C:\Program Files\FBrowsingAdvisor\unins000.dat
    C:\Program Files\FBrowsingAdvisor\unins000.exe
    C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll
    C:\Program Files\GamesBar
    C:\Program Files\GamesBar\Localization-French.ini
    C:\svchost.0xe
    C:\WINDOWS\Fonts\rar.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_ASWFSBLK
    -------\Service_aswFsBlk
    -------\Service_ZDCndis5


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-10 to 2008-07-10 ))))))))))))))))))))))))))))))))))))
    .

    2008-07-10 16:38 . 2008-07-10 16:38 126 --a------ C:\WINDOWS\system32\mmc.exe.config
    2008-07-09 19:41 . 2008-07-09 19:41 <REP> d-------- C:\Documents and Settings\LocalService\Bureau
    2008-07-09 18:22 . 2008-07-09 23:40 <REP> d-------- C:\Lop SD
    2008-07-09 18:00 . 2008-07-09 18:00 <REP> d-------- C:\WINDOWS\ERUNT
    2008-07-09 17:56 . 2008-07-09 17:56 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-07-09 17:52 . 2008-07-09 18:15 <REP> d-------- C:\SDFix
    2008-07-09 13:34 . 2008-07-09 13:35 <REP> d-------- C:\Program Files\Lopxp
    2008-07-09 13:10 . 2008-07-09 13:10 <REP> d-------- C:\WINDOWS\system32\bfubackups
    2008-07-08 23:53 . 2008-07-08 23:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Arkadium
    2008-07-08 16:57 . 2008-07-08 17:00 <REP> d-------- C:\Documents and Settings\Pepito\Application Data\DivX
    2008-07-08 16:49 . 2008-07-08 16:52 <REP> d-------- C:\Program Files\DivX
    2008-07-08 16:04 . 2008-07-08 16:04 <REP> d-------- C:\Program Files\Apple Software Update
    2008-07-08 16:04 . 2008-07-08 16:05 <REP> d-------- C:\hjsplit
    2008-07-08 15:18 . 2008-07-08 15:18 <REP> d-------- C:\Documents and Settings\Pepito\Application Data\Ludia
    2008-07-08 15:18 . 2008-07-08 15:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ludia
    2008-07-07 23:16 . 2008-07-07 23:24 73 --a------ C:\WINDOWS\MediaManager.INI
    2008-07-07 23:02 . 2008-07-07 23:16 <REP> d-------- C:\MP3 Player Utilities 4.03
    2008-07-07 23:01 . 2008-07-07 23:01 <REP> d-------- C:\senso
    2008-07-01 20:38 . 2006-12-28 13:12 61,440 --a------ C:\WINDOWS\system32\Big Kahuna Reef 2.scr
    2008-06-28 12:50 . 2008-06-28 12:50 <REP> d-------- C:\Documents and Settings\Pepito\Application Data\Playrix Entertainment
    2008-06-27 20:09 . 2008-06-27 20:09 <REP> d-------- C:\Documents and Settings\Pepito\Application Data\Reflexive
    2008-06-26 01:39 . 2008-06-26 01:39 <REP> d-------- C:\Program Files\iPod
    2008-06-26 01:39 . 2008-06-26 01:39 <REP> d-------- C:\iTunes
    2008-06-26 01:37 . 2008-06-26 01:38 <REP> d-------- C:\QuickTime
    2008-06-25 19:41 . 2008-06-25 19:42 <REP> d-------- C:\Reader 8.0
    2008-06-25 19:41 . 2008-06-25 19:42 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-06-23 23:16 . 2008-06-23 23:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SecretsOfOlympus
    2008-06-23 22:53 . 2008-06-23 22:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SugarGames
    2008-06-20 19:47 . 2008-06-20 19:47 247,808 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
    2008-06-20 19:47 . 2008-06-20 19:47 147,968 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-06-20 13:51 . 2008-06-20 13:51 361,600 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys
    2008-06-20 13:40 . 2008-06-20 13:40 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
    2008-06-20 13:08 . 2008-06-20 13:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys
    2008-06-19 00:28 . 2008-06-19 00:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-06-19 00:27 . 2008-07-03 00:06 <REP> d-------- C:\SUPERAntiSpyware
    2008-06-19 00:27 . 2008-07-03 00:08 <REP> d-------- C:\Documents and Settings\Pepito\Application Data\SUPERAntiSpyware.com
    2008-06-18 19:52 . 2008-06-18 19:52 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-06-17 00:22 . 2008-06-17 00:22 2,414 --a------ C:\WINDOWS\system32\tmp.reg
    2008-06-17 00:20 . 2008-06-17 00:20 <REP> d-------- C:\SmitfraudFix
    2008-06-15 14:23 . 2008-06-15 14:23 <REP> d-------- C:\Documents and Settings\Pepito\Application Data\VeniceMysteryData
    2008-06-14 01:09 . 2008-06-16 23:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-06-13 19:10 . 2008-06-13 19:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-06-13 19:10 . 2008-06-14 01:07 <REP> d-------- C:\Ad-Aware
    2008-06-13 19:08 . 2008-07-03 00:06 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-06-12 00:58 . 2008-06-12 00:58 <REP> d-------- C:\Documents and Settings\Pepito\Application Data\.wyzo
    2008-06-12 00:49 . 2008-06-12 00:49 <REP> d-------- C:\Documents and Settings\Pepito\Incomplete
    2008-06-12 00:49 . 2008-06-13 18:54 <REP> d-------- C:\Documents and Settings\Pepito\Application Data\FrostWire
    2008-06-12 00:48 . 2008-06-12 00:48 <REP> d-------- C:\Program Files\FrostWire Ultra Accelerator
    2008-06-12 00:48 . 2008-06-12 01:03 <REP> d-------- C:\FrostWire
    2008-06-12 00:27 . 2008-06-12 00:44 <REP> d-------- C:\eMule
    2008-06-11 02:07 . 2008-06-11 02:07 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2008-06-11 02:07 . 2008-06-11 02:07 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
    2008-06-11 02:07 . 2008-06-11 02:07 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
    2008-06-11 02:07 . 2008-06-11 02:07 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
    2008-06-11 02:04 . 2008-06-11 02:04 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
    2008-06-11 02:04 . 2008-06-11 02:04 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
    2008-06-10 20:58 . 2008-06-14 19:33 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-10 20:58 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-10 16:40 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-06-25 23:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-11 00:07 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
    2008-06-11 00:07 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2008-06-11 00:07 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
    2008-06-11 00:07 129,784 ------w C:\WINDOWS\system32\pxafs.dll
    2008-06-11 00:07 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
    2008-06-11 00:07 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
    2008-06-08 17:06 --------- d-----w C:\Documents and Settings\Pepito\Application Data\Moyea
    2008-06-07 17:14 --------- d-----w C:\Documents and Settings\Pepito\Application Data\AVS4YOU
    2008-06-05 19:27 --------- d-----w C:\Documents and Settings\Pepito\Application Data\Boomzap
    2008-06-02 17:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hot Lava Games
    2008-06-01 23:49 --------- d-----w C:\Program Files\Microsoft Works
    2008-06-01 20:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
    2008-06-01 13:54 --------- d-----w C:\Documents and Settings\Pepito\Application Data\Zylom
    2008-06-01 13:52 --------- d-----w C:\Program Files\RealArcade
    2008-05-31 18:14 --------- d-----w C:\Documents and Settings\Pepito\Application Data\F-Secure
    2008-05-31 16:47 --------- d-----w C:\Documents and Settings\Pepito\Application Data\ITTNord
    2008-05-28 23:18 --------- d-----w C:\Program Files\Microsoft.NET
    2008-05-28 16:25 --------- d-----w C:\Program Files\orange
    2008-05-28 16:25 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media
    2008-05-27 22:16 --------- d-----w C:\Documents and Settings\Pepito\Application Data\CDBurnerXP_Soft
    2008-05-26 17:30 --------- d-----w C:\Program Files\Java
    2008-05-26 17:16 51,072 ----a-w C:\WINDOWS\system32\drivers\fsdfw.sys
    2008-05-26 17:16 30,016 ----a-w C:\WINDOWS\system32\drivers\fsndis5.sys
    2008-05-26 17:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\F-Secure
    2008-05-26 17:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\fssg
    2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-05-22 18:29 --------- d-----w C:\Documents and Settings\Pepito\Application Data\Apple Computer
    2008-05-22 18:27 --------- d-----w C:\Program Files\Bonjour
    2008-05-22 18:20 --------- d-----w C:\Program Files\Fichiers communs\Apple
    2008-05-21 22:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
    2008-05-17 16:52 --------- d-----w C:\Program Files\ReflexiveArcade
    2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2008-05-15 22:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2008-05-15 21:37 --------- d-----w C:\Documents and Settings\Pepito\Application Data\Talkback
    2008-05-15 21:09 --------- d-----w C:\Program Files\Fichiers communs\xing shared
    2008-05-15 21:09 --------- d-----w C:\Program Files\Fichiers communs\Real
    2008-05-15 21:08 --------- d-----w C:\Program Files\Real
    2008-05-15 20:47 --------- d-----w C:\Program Files\DAP
    2008-05-15 20:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVS4YOU
    2008-05-15 20:42 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
    2008-05-15 20:42 --------- d-----w C:\Program Files\AVS4YOU
    2008-05-15 20:27 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
    2008-05-15 20:27 --------- d-----w C:\Program Files\Google
    2008-05-15 20:26 966,973 ----a-w C:\WINDOWS\system32\DieuxDuStade.scr
    2008-05-15 20:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-15 20:08 --------- d-----w C:\Program Files\Windows Live
    2008-05-15 20:05 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-05-15 20:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-05-15 19:56 --------- d-----w C:\Documents and Settings\Pepito\Application Data\ArcSoft
    2008-05-15 19:55 --------- d-----w C:\Program Files\Fichiers communs\ArcSoft
    2008-05-14 23:56 --------- d-----w C:\Program Files\VIA
    2008-05-14 23:52 23,600 ----a-w C:\WINDOWS\system32\drivers\TVICHW32.SYS
    2008-05-14 23:42 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-05-14 18:30 --------- d-----w C:\Program Files\MSXML 6.0
    2008-05-14 18:05 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-05-14 17:52 --------- d-----w C:\Program Files\MSBuild
    2008-05-14 17:44 --------- d-----w C:\Program Files\Reference Assemblies
    2008-05-13 22:31 --------- d-----w C:\Program Files\Fichiers communs\Java
    2008-05-13 21:49 --------- d-----w C:\Program Files\microsoft frontpage
    2008-05-13 21:44 --------- d-----w C:\Program Files\Services en ligne
    2008-05-09 10:55 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
    2008-05-09 10:55 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
    2008-05-09 10:55 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
    2008-05-09 10:55 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
    2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
    2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
    2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-04-14 02:50 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
    2008-04-14 02:37 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe
    2008-04-14 02:33 98,816 ----a-w C:\WINDOWS\system32\psbase.dll
    2008-04-14 02:32 764,416 ----a-w C:\WINDOWS\system32\winntbbu.dll
    2008-04-14 02:32 61,471 ----a-w C:\WINDOWS\system32\odbcji32.dll
    2008-04-14 02:32 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
    2008-04-14 02:08 2,191,104 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
    2008-04-14 02:07 2,067,968 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
    2008-04-14 02:06 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
    2008-04-14 02:04 93,184 ----a-w C:\WINDOWS\system32\msxml6r.dll
    2008-04-14 02:03 81,920 ------w C:\WINDOWS\system32\msshavmsg.dll
    2008-04-14 02:02 50,688 ----a-w C:\WINDOWS\system32\inetres.dll
    2008-04-14 02:00 572,416 ----a-w C:\WINDOWS\system32\shdoclc.dll
    2008-04-14 01:59 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
    2008-04-14 01:58 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-04-14 01:58 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
    2008-04-14 01:57 70,144 ----a-w C:\WINDOWS\system32\browselc.dll
    2008-04-14 01:54 103,936 ----a-w C:\WINDOWS\system32\dpcdll.dll
    2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
    2008-04-13 18:40 445,440 ----a-w C:\WINDOWS\system32\xpob2res.dll
    2008-04-13 18:36 2,986,496 ----a-w C:\WINDOWS\system32\xpsp2res.dll
    2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
    2008-04-13 18:35 197,632 ----a-w C:\WINDOWS\system32\xpsp1res.dll
    2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
    2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
    .

    ((((((((((((((((((((((((((((( snapshot_2008-07-10_12.55.06,17 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-07-10 14:52:53 12,288 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5.resources\3.5.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.resources.dll
    + 2008-07-10 14:51:47 106,496 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
    + 2008-07-10 14:52:53 69,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\3.5.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Engine.resources.dll
    + 2008-07-10 14:51:48 737,280 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    + 2008-07-10 14:51:49 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2008-07-10 14:52:53 155,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5.resources\3.5.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.resources.dll
    + 2008-07-10 14:51:49 794,624 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
    + 2008-07-10 14:52:53 11,776 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5.resources\3.5.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.resources.dll
    + 2008-07-10 14:51:50 94,208 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
    + 2008-07-10 14:51:47 41,984 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
    + 2008-07-10 14:51:53 40,960 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
    + 2008-07-10 14:51:53 159,744 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
    + 2008-07-10 14:52:54 61,440 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_fr_b77a5c561934e089\System.Core.Resources.dll
    + 2008-07-10 14:51:54 663,552 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
    + 2008-07-10 14:52:54 5,120 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.DataSetExtensions.resources\3.5.0.0_fr_b77a5c561934e089\System.Data.DataSetExtensions.Resources.dll
    + 2008-07-10 14:51:54 53,248 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
    + 2008-07-10 14:52:52 57,344 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.Linq.resources\3.5.0.0_fr_b77a5c561934e089\System.Data.Linq.Resources.dll
    + 2008-07-10 14:51:45 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
    + 2008-07-10 14:52:52 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement.resources\3.5.0.0_fr_b77a5c561934e089\System.DirectoryServices.AccountManagement.resources.dll
    + 2008-07-10 14:51:45 282,624 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
    + 2008-07-10 14:52:54 11,264 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management.Instrumentation.resources\3.5.0.0_fr_b77a5c561934e089\System.Management.Instrumentation.Resources.dll
    + 2008-07-10 14:51:55 139,264 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
    + 2008-07-10 14:52:55 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Net.resources\3.5.0.0_fr_b03f5f7f11d50a3a\System.Net.Resources.dll
    + 2008-07-10 14:51:58 233,472 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
    + 2008-07-10 14:52:51 70,712 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Web.resources\3.5.0.0_fr_31bf3856ad364e35\System.ServiceModel.Web.resources.dll
    + 2008-07-10 14:51:44 496,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
    + 2008-07-10 14:52:54 49,152 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Extensions.Design.resources\3.5.0.0_fr_31bf3856ad364e35\System.Web.Extensions.Design.Resources.dll
    + 2008-07-10 14:51:58 327,680 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
    + 2008-07-10 14:52:54 651,264 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Extensions.resources\3.5.0.0_fr_31bf3856ad364e35\System.Web.Extensions.Resources.dll
    + 2008-07-10 14:51:59 1,253,376 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
    + 2008-07-10 14:51:55 10,240 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
    + 2008-07-10 14:52:51 111,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.WorkflowServices.resources\3.5.0.0_fr_31bf3856ad364e35\System.WorkflowServices.resources.dll
    + 2008-07-10 14:51:44 517,152 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
    + 2008-07-10 14:52:55 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml.Linq.resources\3.5.0.0_fr_b77a5c561934e089\System.Xml.Linq.Resources.dll
    + 2008-07-10 14:51:56 139,264 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
    + 2008-07-10 15:17:27 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\d097b5a3c886d0c3b053f46b7a310501\Microsoft.Build.Conversion.v3.5.ni.dll
    + 2008-07-10 15:17:36 1,892,352 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\1cfe3ed0c5b5f63d49185967fa4bfe17\Microsoft.Build.Engine.ni.dll
    + 2008-07-10 15:17:37 94,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\b853ec09162fa93757d7bbb0d5435f4e\Microsoft.Build.Framework.ni.dll
    + 2008-07-10 15:17:46 1,966,080 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\19fcf0383bc2340da2d15e1370ef0990\Microsoft.Build.Tasks.v3.5.ni.dll
    + 2008-07-10 15:17:48 196,608 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\da5206e4c016dbdb944957d0046d7869\Microsoft.Build.Utilities.v3.5.ni.dll
    + 2008-07-10 15:18:26 2,441,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b3b62fe820b416515420a6ec17b247c3\Microsoft.JScript.ni.dll
    + 2008-07-10 15:18:27 77,824 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\e674ba75a514e00b26329e212da938e0\Microsoft.Vsa.ni.dll
    + 2008-07-10 15:17:24 155,648 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MSBuild\aa99ebdd26e5d493fec18b1714458782\MSBuild.ni.exe
    + 2008-07-10 15:18:01 102,400 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\eeb4d1669350e6eb17e48b867655aeba\System.AddIn.Contract.ni.dll
    + 2008-07-10 15:18:00 696,320 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.AddIn\514e98c9aa203a2983cbf329753cb9c3\System.AddIn.ni.dll
    + 2008-07-10 14:56:20 2,347,008 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\11a9cf08e5bb06e0770b2b6bbe06df39\System.Core.ni.dll
    + 2008-07-10 15:18:04 184,320 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\c014bb2f4ee4bf27c65ce1d1d78d750c\System.Data.DataSetExtensions.ni.dll
    + 2008-07-10 14:56:43 2,588,672 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\b764aeb88006085c9cc4202662de94f6\System.Data.Linq.ni.dll
    + 2008-07-10 15:18:09 937,984 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\11892d4e65aaa4f475af5608b9497007\System.DirectoryServices.AccountManagement.ni.dll
    + 2008-07-10 15:18:14 356,352 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management.I#\0c0688825a79e72951210318eef63c82\System.Management.Instrumentation.ni.dll
    + 2008-07-10 15:18:18 1,064,960 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\29c7192327cf3999961560bf3a3995c6\System.Management.ni.dll
    + 2008-07-10 15:18:31 729,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Net\3cefb375df4f668badf6dc74f3288960\System.Net.ni.dll
    + 2008-07-10 15:18:44 1,556,480 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\b500bb89ae2cc514f4b1c34e5fa26d75\System.ServiceModel.Web.ni.dll
    + 2008-07-10 15:19:01 880,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\1e0ce08988c4cd1659caa7981b4c60fc\System.Web.Extensions.Design.ni.dll
    + 2008-07-10 15:18:56 2,416,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\e53994294a9806e82eec3da5a92df440\System.Web.Extensions.ni.dll
    + 2008-07-10 15:19:04 77,824 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\fbcb343f14b7a8940d8cd2cb41d6d23a\System.Windows.Presentation.ni.dll
    + 2008-07-10 15:19:19 1,531,904 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\4b5a5ae7e0127bc7198e25e642a93657\System.WorkflowServices.ni.dll
    + 2008-07-10 15:19:21 458,752 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\0e1c79174260c4e2bf159a2cc1d77338\System.Xml.Linq.ni.dll
    - 2008-07-10 03:06:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-07-10 17:20:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2007-11-07 17:02:38 168,448 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\1033\cscompui.dll
    + 2007-11-07 17:02:38 233,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll
    + 2008-01-16 23:34:10 198,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\1036\cscompui.dll
    + 2008-01-16 23:34:10 275,448 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\1036\vbc7ui.dll
    + 2007-11-07 17:02:38 41,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess.exe
    + 2007-11-07 17:02:38 41,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
    + 2007-11-07 17:02:38 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInUtil.exe
    + 2007-11-07 17:02:38 1,545,720 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\csc.exe
    + 2008-01-16 23:34:10 155,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\fr\Microsoft.Build.Tasks.v3.5.resources.dll
    + 2008-01-16 23:34:10 46,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\fr\MSBuild.resources.exe
    + 2008-01-16 23:28:20 28,306 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\baseline.dat
    + 2008-01-16 21:43:50 97,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\DeleteTemp.exe
    + 2008-01-16 21:43:50 276,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\dlmgr.dll
    + 2008-01-16 21:43:50 1,059,328 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\gencomp.dll
    + 2008-01-16 21:43:50 177,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\HtmlLite.dll
    + 2008-01-16 23:34:08 183,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\RebootStub.exe
    + 2008-01-16 21:43:50 269,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\setup.exe
    + 2008-01-16 21:47:24 131,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\setupres.dll
    + 2008-01-16 21:43:50 1,361,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\SITSetup.dll
    + 2008-01-16 21:43:50 1,045,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\vs_setup.dll
    + 2008-01-16 21:43:50 627,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\vs70uimgr.dll
    + 2008-01-16 21:43:50 411,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\vsbasereqs.dll
    + 2008-01-16 21:43:50 687,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\vsscenario.dll
    + 2008-01-16 21:47:26 112,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\WapRes.dll
    + 2008-01-16 21:43:50 982,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\WapUI.dll
    + 2007-11-07 17:00:02 210,834 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\baseline.dat
    + 2007-11-07 14:26:34 97,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\DeleteTemp.exe
    + 2007-11-07 14:26:34 276,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\dlmgr.dll
    + 2007-11-07 14:26:34 1,059,328 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\gencomp.dll
    + 2007-11-07 14:26:34 177,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\HtmlLite.dll
    + 2007-11-07 14:26:34 269,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
    + 2007-11-07 14:26:34 112,128 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1025.dll
    + 2007-11-07 14:26:34 84,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1028.dll
    + 2007-11-07 14:26:34 124,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1029.dll
    + 2007-11-07 14:26:34 125,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1030.dll
    + 2007-11-07 14:26:34 129,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1031.dll
    + 2007-11-07 14:26:34 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1032.dll
    + 2007-11-07 14:26:34 120,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1035.dll
    + 2007-11-07 14:26:34 132,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1036.dll
    + 2007-11-07 14:26:34 110,080 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1037.dll
    + 2007-11-07 14:26:34 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1038.dll
    + 2007-11-07 14:26:34 127,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1040.dll
    + 2007-11-07 14:26:34 96,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1041.dll
    + 2007-11-07 14:26:34 93,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1042.dll
    + 2007-11-07 14:26:34 127,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1043.dll
    + 2007-11-07 14:26:34 120,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1044.dll
    + 2007-11-07 14:26:34 126,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1045.dll
    + 2007-11-07 14:26:34 121,856 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1046.dll
    + 2007-11-07 14:26:34 122,368 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1049.dll
    + 2007-11-07 14:26:34 120,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1053.dll
    + 2007-11-07 14:26:34 119,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.1055.dll
    + 2007-11-07 14:26:34 83,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.2052.dll
    + 2007-11-07 14:26:34 130,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.2070.dll
    + 2007-11-07 14:26:34 130,560 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.3082.dll
    + 2007-11-07 14:26:34 109,568 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setupres.dll
    + 2007-11-07 14:26:34 1,361,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\SITSetup.dll
    + 2007-11-07 14:26:34 1,045,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\vs_setup.dll
    + 2007-11-07 14:26:34 627,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\vs70uimgr.dll
    + 2007-11-07 14:26:34 411,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\vsbasereqs.dll
    + 2007-11-07 14:26:34 687,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\vsscenario.dll
    + 2007-11-07 14:26:34 102,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1025.dll
    + 2007-11-07 14:26:34 90,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1028.dll
    + 2007-11-07 14:26:34 108,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1029.dll
    + 2007-11-07 14:26:34 108,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1030.dll
    + 2007-11-07 14:26:34 111,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1031.dll
    + 2007-11-07 14:26:34 113,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1032.dll
    + 2007-11-07 14:26:34 106,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1035.dll
    + 2007-11-07 14:26:34 112,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1036.dll
    + 2007-11-07 14:26:34 101,368 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1037.dll
    + 2007-11-07 14:26:34 111,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1038.dll
    + 2007-11-07 14:26:34 110,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1040.dll
    + 2007-11-07 14:26:34 95,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1041.dll
    + 2007-11-07 14:26:34 92,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1042.dll
    + 2007-11-07 14:26:34 108,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1043.dll
    + 2007-11-07 14:26:34 106,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1044.dll
    + 2007-11-07 14:26:34 109,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1045.dll
    + 2007-11-07 14:26:34 107,512 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1046.dll
    + 2007-11-07 14:26:34 107,000 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1049.dll
    + 2007-11-07 14:26:34 105,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1053.dll
    + 2007-11-07 14:26:34 106,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.1055.dll
    + 2007-11-07 14:26:34 89,080 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.2052.dll
    + 2007-11-07 14:26:34 110,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.2070.dll
    + 2007-11-07 14:26:34 111,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.3082.dll
    + 2007-11-07 14:26:34 107,512 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapRes.dll
    + 2007-11-07 14:26:34 982,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\WapUI.dll
    + 2007-11-07 17:02:38 794,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll
    + 2007-11-07 17:02:38 41,984 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll
    + 2007-11-07 17:02:38 91,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\MSBuild.exe
    + 2007-11-07 17:02:38 1,710,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\vbc.exe
    + 2007-10-19 00:58:38 182,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
    + 2007-11-07 17:02:38 71,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    - 2008-06-13 16:41:19 131,688 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
    + 2008-07-10 16:37:28 131,688 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
    + 2007-11-06 18:23:58 224,768 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
    + 2007-11-06 23:19:34 568,832 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
    + 2007-11-06 23:19:34 655,872 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 04:34 1695232]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "AudioDeck"="C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 15:48 528384]
    "F-Secure Manager"="C:\AntivirusFirewall\Common\FSM32.EXE" [2007-06-13 15:58 176177]
    "F-Secure TNB"="C:\AntivirusFirewall\FSGUI\TNBUtil.exe" [2007-06-13 15:57 733184]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
    --a------ 2008-05-15 22:27 4523520 C:\Program Files\DAP\DAP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-06-02 11:13 267048 C:\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2008-05-15 23:08 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\DAP\\DAP.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\iTunes\\iTunes.exe"=

    R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-05-26 19:16]
    R1 F-Secure HIPS;F-Secure HIPS;C:\AntivirusFirewall\HIPS\fshs.sys [2008-05-26 19:13]
    R2 NMSAccessU;NMSAccessU;C:\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys [2007-06-13 15:58]
    S3 ovt530;Webcam Deluxe;C:\WINDOWS\system32\Drivers\ov530vid.sys [2005-03-15 17:04]
    S4 F-Secure Filter;F-Secure File System Filter;C:\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2007-06-13 15:58]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2007-06-13 15:58]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-07-08 14:04:58 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-10 19:21:21
    Windows 5.1.2600 Service Pack 3 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\Hercules\WebCam Station\PhotoImpression\share\pihook.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Ad-Aware\aawservice.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\AntivirusFirewall\Anti-Virus\fsgk32st.exe
    C:\AntivirusFirewall\Common\FSMA32.EXE
    C:\AntivirusFirewall\Anti-Virus\fsgk32.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\AntivirusFirewall\Common\FSMB32.EXE
    C:\AntivirusFirewall\Common\FCH32.EXE
    C:\AntivirusFirewall\Common\FAMEH32.EXE
    C:\AntivirusFirewall\Anti-Virus\fsqh.exe
    C:\AntivirusFirewall\FSGUI\fsguidll.exe
    C:\AntivirusFirewall\Anti-Virus\fssm32.exe
    C:\AntivirusFirewall\FSAUA\program\fsaua.exe
    C:\AntivirusFirewall\FWES\program\fsdfwd.exe
    C:\AntivirusFirewall\FSAUA\program\fsus.exe
    C:\AntivirusFirewall\Anti-Virus\fsav32.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-07-10 19:28:56 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-07-10 17:27:07
    ComboFix2.txt 2008-07-10 10:57:30
    ComboFix3.txt 2008-07-09 12:04:46

    Pre-Run: 278,881,579,008 octets libres
    Post-Run: 278,902,439,936 octets libres

    490 --- E O F --- 2008-07-10 02:59:31

    Ensuite, il a bien créer un fichier .zip
    [4]-Submit_2008-07-10@19.08
    et dedans il y a :
    "un rep QooBox
    305.bat
    3982.bat
    4856.bat
    551.bat
    647.bat
    9934.bat
    catchme.txt
    rar.exe
    svschot.0exe"
    je ne sais pas si sa sert a quelque chose ...

    Quant au fichier CF-submit, il est inexistant sur mon bureau ni sur le dd
    Pepito
    11 Juillet 2008 01:02:44

    Coucou,
    je suis allé voir le lien que tu m'a donné et je t'avoue ne rien y comprendre, c'est la 1ere fois que je vois ça !!!
    11 Juillet 2008 01:07:07

    et pour info, j'ai .net framework 3.5
    11 Juillet 2008 01:17:49

    Moi non plus :lol: 
    11 Juillet 2008 01:19:58

    je pense que je vais finir par formater, ce serait plus simple, qu'en penses tu ?
    11 Juillet 2008 01:23:08

    Essaie ça :

    Télécharge WinsockXPFix.

  • Double clique sur WinsockXPFix.exe.
  • Tout d'abord, cliquez sur le boutton ReG-Backup. Cela sauvegardera ton registre par précaution.
  • Clique sur OK, et encore une fois. Tu verras une fenêtre de sauvegarde de ton registre, tu cliqueras une nouvelle fois sur OK.

  • Retourne à la fenêtre principale.
  • Cliquez sur Fix.
  • Cliquez sur Yes.
  • Il se lancera pendant une minute ou deux et un bip se fera entendre et vous verrez cette fenêtre.
  • Finalement, cliquez sur OK et laissez votre PC redémarrer. Lorsqu'il se sera redémarré, tu devrais pouvoir accéder au réseau.
    11 Juillet 2008 13:38:41

    Re-moi,

    comme ton lien ne marchais pas je l'ai téléchargé ailleurs...

    Lors de la sauvegarde du registre j'ai eu toute une série d'erreurs, auxquelles j'ai j'ai dit oui après sa question "continue with the next file";

    voilà les erreurs obtenues :
    Error saving file :
    C:\ERDNT\SECURITY
    C:\ERDNT\software
    C:\ERDNT\system
    C:\ERDNT\default
    C:\ERDNT\SAM
    C:\ERDNT\S-1-5-21-436374069-764733703-1177238915-1003\NTUSER.DAT
    C:\ERDNT\S-1-5-21-436374069-764733703-1177238915-1003\UsrClass.dat

    J'ai ensuite fixé, le PC a redémarré

    Qu'entends-tu par "accéder au réseau" ? car j'ai toujours eu internet... il n'y a eu que quand tu m'avais demandé de soumettre le fichier "[4]-Submit_2008-07-10@19.08] qu'il n'a pas voulu...
    11 Juillet 2008 13:41:08

    Ben, tu m'avais dit ça :
    -> car probleme de transmission sur le pc infecté;

    Poste un nouveau rapport HijackThis.
    11 Juillet 2008 14:07:53

    dsl, je me suis mal exprimé, ce que je voulai dire c'et que j'avis eu un msg d'erreur lors de l'envoi avec "prob. de connection, donc je ne pouvais envoyer le fichier...

    Avant de t'envoyer le rapport ci après, j'ai maintenant un prob de bogage sur internet avec le message suivant : "erreur survenue souhaitez vous effectuer un débogage ligne 57 erreur objet resuis" et ce depuis hier soir...
    voici mon raport
    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 14:04:33, on 11/07/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Ad-Aware\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
    C:\AntivirusFirewall\Common\FSM32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\AntivirusFirewall\Anti-Virus\fsgk32st.exe
    C:\AntivirusFirewall\Common\FSMA32.EXE
    C:\AntivirusFirewall\Anti-Virus\FSGK32.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\AntivirusFirewall\Common\FSMB32.EXE
    C:\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\svchost.exe
    C:\AntivirusFirewall\Common\FCH32.EXE
    C:\AntivirusFirewall\Common\FAMEH32.EXE
    C:\AntivirusFirewall\Anti-Virus\fsqh.exe
    C:\AntivirusFirewall\FSGUI\fsguidll.exe
    C:\AntivirusFirewall\FSAUA\program\fsaua.exe
    C:\AntivirusFirewall\Anti-Virus\fssm32.exe
    C:\AntivirusFirewall\FWES\Program\fsdfwd.exe
    C:\AntivirusFirewall\FSAUA\program\fsus.exe
    C:\WINDOWS\System32\svchost.exe
    C:\AntivirusFirewall\Anti-Virus\fsav32.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\DAP\DAP.EXE
    c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
    C:\Documents and Settings\Pepito\Local Settings\Apps\2.0\1LCGNMLV.A0Q\VCOONPJ8.AET\rapi..tion_c14d24c3c9280019_0000.0001_32cd51f005b63800\RapidShareManager.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\telechargement\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\flv\FLV Downloader\MoyeaCth.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\AntivirusFirewall\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Ad-Aware\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\AntivirusFirewall\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\AntivirusFirewall\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\AntivirusFirewall\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\AntivirusFirewall\Common\FSMA32.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\CDBurnerXP\NMSAccessU.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

    --
    End of file - 8625 bytes
    11 Juillet 2008 14:45:57

    Je ne sais pas à quoi fait référence ce message.

    Relance Hijackthis (clique droit -> lancer en tant qu'adminstrateur sous Vista), do a system scan only, coche ces lignes (si toujours présentes) :
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
    Puis Fix Checked !

    Plus de soucis ??
    11 Juillet 2008 15:04:34

    ben depuis hier soir, j'ai l'UC qui tourne plus qu'à 63 voir 59 % donc plus vraiment de soucis, sauf ce fameux prob sur ie7 de bug à la ligne 57... mais bon sur mozilla j'ai pas de soucis, donc je pense que je vais réinstaller ie7.

    Pour le sujet inicial (uc à 100%) je pense que tu peux clore le sujet
    et encore 1 million de fois merci... Tu mériterais une bonne récompense ...
    Pepito
    11 Juillet 2008 15:06:56

    Si tu insistes :D 

    Télécharge ToolsCleaner2 (de A.Rothstein)

  • Installe le sur ton Bureau.
  • Clique sur Recherche pour lancer le scan.
  • Clique sur Supprimer pour nettoyer les outils utilisés.
  • Clique sur Quitter.
  • Poste ce rapport ~>C:\TCleaner.txt<~

  • Garde Ccleaner, MBAM et AntiVir si nous les avons installés..
  • Désactive-réactive la restauration système.
  • Rapporte ton infection sur Malware Complaints >Tuto<
  • Ton(tes) infection(s) : Vundo, LOP.
  • Si tu ne la trouves pas dans la liste, poste dans Autres infections,

  • Mets ton ordi correctement à jour >ici<
  • Si ce n'est pas fait, assure-toi que les Mises à jour Automatiques Windows soient activées !

    Puis regarde ces dossiers :

    - Sécurité/Prévention
    - Conséquences de la multi-protection
    - Toolbars : Inutilité et ralentissements

    Bonne journée/soirée :) 
    11 Juillet 2008 15:30:12

    rapport tcleaner :
    -->- Recherche:

    C:\SDFIX: trouvé !
    C:\Lop SD: trouvé !
    C:\SmitFraudfix: trouvé !
    C:\Qoobox: trouvé !
    C:\AntivirusFirewall\FSAUA\content\SCDB31\278\lib\Mail\SPF: trouvé !
    C:\AntivirusFirewall\Spam Control\lib\Mail\SPF: trouvé !
    C:\Documents and Settings\Pepito\Bureau\SdFix.exe: trouvé !
    C:\Documents and Settings\Pepito\Bureau\Lop S&D.lnk: trouvé !
    C:\Documents and Settings\Pepito\Bureau\LopSD.exe: trouvé !
    C:\Documents and Settings\Pepito\Bureau\UTILITAIRES\uc100%\EGDACCESS.bfu: trouvé !
    C:\Documents and Settings\Pepito\Bureau\UTILITAIRES\uc100%\Bfu.exe: trouvé !
    C:\Documents and Settings\Pepito\Bureau\UTILITAIRES\uc100%\ComboFix.exe: trouvé !
    C:\Documents and Settings\Pepito\Menu Démarrer\Programmes\Lop S&D: trouvé !
    C:\Lop SD\Lop S&D.lnk: trouvé !
    C:\SmitfraudFix\SmitFraudfix: trouvé !
    C:\telechargement\SmitFraudFix.zip: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\Pepito\Bureau\SdFix.exe: supprimé !
    C:\Documents and Settings\Pepito\Bureau\Lop S&D.lnk: supprimé !
    C:\Documents and Settings\Pepito\Bureau\LopSD.exe: supprimé !
    C:\Documents and Settings\Pepito\Bureau\UTILITAIRES\uc100%\EGDACCESS.bfu: supprimé !
    C:\Documents and Settings\Pepito\Bureau\UTILITAIRES\uc100%\Bfu.exe: supprimé !
    C:\Documents and Settings\Pepito\Bureau\UTILITAIRES\uc100%\ComboFix.exe: supprimé !
    C:\Lop SD\Lop S&D.lnk: supprimé !
    C:\telechargement\SmitFraudFix.zip: supprimé !
    C:\SDFIX: supprimé !
    C:\Lop SD: supprimé !
    C:\SmitFraudfix: supprimé !
    C:\Qoobox: supprimé !
    C:\AntivirusFirewall\FSAUA\content\SCDB31\278\lib\Mail\SPF: supprimé !
    C:\AntivirusFirewall\Spam Control\lib\Mail\SPF: supprimé !
    C:\Documents and Settings\Pepito\Menu Démarrer\Programmes\Lop S&D: supprimé !

    PLUS DE BUG sur IE7 non plus

    Je suis en train de mettre mon pc à jour, les maj auto sont activées et je regarderai les 3 liens après la fin du scan. Je te tiens au courant...
    11 Juillet 2008 17:17:20

    Me revoilà,
    voiçi le rappport de Secunia :

    Applications / Result Version Detected Status
    Microsoft Windows XP Home Edition Service Pack 3 ok

    Microsoft Internet Explorer 7.x 7.0.6000.16674 ok

    Microsoft Outlook Express 6 6.00.2900.5512 ok

    Microsoft Windows Media Player 11.x 11.0.57215145 ok

    Mozilla Firefox 2.0.x 2.0.0.15 ok

    Adobe Flash Player 9.x 9.0.124.0 ok

    Sun Java JRE 1.5.x / 5.x 1.5.0.0 je l'ai mis à jour

    Sun Java JRE 1.6.x / 6.x 6.0.50.13 je l'ai mis à jour

    ...
    12 Juillet 2008 00:06:34

    C'est bon alors ;) 

    Tu peux désinstaller les versions antérieures de Java, garde seulement la plus récente ;) 
    16 Juillet 2008 11:09:50

    C FAIT merci bcp et à très bientot...
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS