Se connecter / S'enregistrer
Votre question

[RESOLU] wintems.exe je vais en finir !

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
15 Avril 2008 22:17:20

Bien le bonsoir. Voilà je me suis aperçu récemment que le trojan wintems.exe s'est introduit dans mes processus. Il m'est impossible de lancer les utilitaires tels que Hijackthis Avenger et tout essaie de setup ( comme Kaspersky ou encore CCleaner) me renvoit le message d'erreur : "... n'est pas une application Win32 valide." normal, à cause de fichu virus il m'est impossible d'installer un utilitaire pour l'éradiquer. Il m'est également impossible de démarrer en Mode sans échec, avec et sans prise de charge réseau.


SEULEMENT j'ai, grâce au fameux F-BlackLight Rootkit eliminator (le seul utilitaire qui a pu s'installer), pu découvrir les fichiers et dossiers cachés de mon system32, je vous fais part du log :






04/15/08 21:01:21 [Info]: BlackLight Engine 1.0.70 initialized
04/15/08 21:01:21 [Info]: OS: 5.1 build 2600 (Service Pack 2)
04/15/08 21:01:21 [Note]: 7019 4
04/15/08 21:01:21 [Note]: 7005 0
04/15/08 21:01:30 [Note]: 7006 0
04/15/08 21:01:30 [Note]: 7011 1656
04/15/08 21:01:30 [Note]: 7035 0
04/15/08 21:01:35 [Note]: 7026 0
04/15/08 21:01:39 [Note]: 7026 0
04/15/08 21:01:39 [Note]: 7024 3
04/15/08 21:01:39 [Info]: Hidden process: C:\WINDOWS\system32\drivers\hldrrr.exe
04/15/08 21:01:44 [Note]: FSRAW library version 1.7.1024
04/15/08 21:03:37 [Info]: Hidden file: c:\Program Files\Image-Line\Shared\Data\DirectWave\Orchestral\Strings\Mellotron_02\SYM
04/15/08 21:03:37 [Note]: 10002 3
04/15/08 21:03:37 [Info]: Hidden file: c:\Program Files\Image-Line\Shared\Data\DirectWave\Orchestral\Strings\Mellotron_02\SYM
04/15/08 21:03:37 [Note]: 10002 3
04/15/08 21:03:37 [Info]: Hidden file: c:\Program Files\Image-Line\Shared\Data\DirectWave\Orchestral\Strings\Mellotron_02\SYM
04/15/08 21:03:37 [Note]: 10002 3
04/15/08 21:03:37 [Info]: Hidden file: c:\Program Files\Image-Line\Shared\Data\DirectWave\Orchestral\Strings\Mellotron_02\SYM
04/15/08 21:03:37 [Note]: 10002 3
04/15/08 21:03:37 [Info]: Hidden file: c:\Program Files\Image-Line\Shared\Data\DirectWave\Orchestral\Strings\Mellotron_02\SYM
04/15/08 21:03:37 [Note]: 10002 3
04/15/08 21:03:37 [Info]: Hidden file: c:\Program Files\Image-Line\Shared\Data\DirectWave\Orchestral\Strings\Mellotron_02\SYM
04/15/08 21:03:37 [Note]: 10002 3
04/15/08 21:03:37 [Info]: Hidden file: c:\Program Files\Image-Line\Shared\Data\DirectWave\Orchestral\Strings\Mellotron_02\SYM
04/15/08 21:03:37 [Note]: 10002 3
04/15/08 21:03:37 [Info]: Hidden file: c:\Program Files\Image-Line\Shared\Data\DirectWave\Orchestral\Strings\Mellotron_02\SYM
04/15/08 21:03:37 [Note]: 10002 3
04/15/08 21:03:37 [Info]: Hidden file: c:\Program Files\Image-Line\Shared\Data\DirectWave\Orchestral\Strings\Mellotron_02\SYM
04/15/08 21:03:37 [Note]: 10002 3
04/15/08 21:03:37 [Info]: Hidden file: c:\Program Files\Image-Line\Shared\Data\DirectWave\Orchestral\Strings\Mellotron_02\SYM
04/15/08 21:03:37 [Note]: 10002 3
04/15/08 21:03:37 [Info]: Hidden file: c:\Program Files\Image-Line\Shared\Data\DirectWave\Orchestral\Strings\Mellotron_02\SYM
04/15/08 21:03:37 [Note]: 10002 3
04/15/08 21:03:37 [Info]: Hidden file: c:\Program Files\Image-Line\Shared\Data\DirectWave\Orchestral\Strings\Mellotron_02.dwp
04/15/08 21:03:37 [Note]: 10002 3
04/15/08 21:03:37 [Info]: Hidden file: c:\Program Files\Image-Line\Shared\Data\SynthMaker\Effects\SMG Filter Delay.osm
04/15/08 21:03:37 [Note]: 10002 3
04/15/08 21:03:37 [Info]: Hidden file: c:\Program Files\Image-Line\Shared\Data\SynthMaker\Generators\SMG 30X.osm
04/15/08 21:03:37 [Note]: 10002 3
04/15/08 21:03:37 [Note]: 10002 2
04/15/08 21:03:37 [Note]: 10002 2
04/15/08 21:04:06 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\empty.txt
04/15/08 21:04:06 [Note]: 10002 3
04/15/08 21:04:06 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\filters.xml
04/15/08 21:04:06 [Note]: 10002 3
04/15/08 21:04:06 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\news.png
04/15/08 21:04:06 [Note]: 10002 3
04/15/08 21:04:06 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\paint.png
04/15/08 21:04:06 [Note]: 10002 3
04/15/08 21:04:06 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\profiles\blank.txt
04/15/08 21:04:06 [Note]: 10002 3
04/15/08 21:04:06 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\sample1.jpg
04/15/08 21:04:06 [Note]: 10002 3
04/15/08 21:04:06 [Info]: Hidden file: c:\Program Files\Movie Maker\shared\sample2.jpg
04/15/08 21:04:06 [Note]: 10002 3
04/15/08 21:04:06 [Note]: 10002 2
04/15/08 21:04:06 [Note]: 10002 2
04/15/08 21:04:16 [Info]: Hidden file: c:\Program Files\Skype\Toolbars\Shared\SPhoneParser.dll
04/15/08 21:04:17 [Note]: 10002 3
04/15/08 21:04:17 [Note]: 10002 2
04/15/08 21:04:17 [Note]: 10002 2
04/15/08 21:04:31 [Info]: Hidden file: c:\Program Files\Windows Live\Photo Gallery\Shared\Filters.xml
04/15/08 21:04:31 [Note]: 10002 3
04/15/08 21:04:31 [Note]: 10002 2
04/15/08 21:04:31 [Note]: 10002 2
04/15/08 21:14:55 [Info]: Hidden file: c:\WINDOWS\ime\shared\imepaden.hlp
04/15/08 21:14:55 [Note]: 10002 3
04/15/08 21:14:55 [Info]: Hidden file: c:\WINDOWS\ime\shared\imepadsm.dll
04/15/08 21:14:55 [Note]: 10002 3
04/15/08 21:14:55 [Info]: Hidden file: c:\WINDOWS\ime\shared\imepadsv.exe
04/15/08 21:14:55 [Note]: 10002 3
04/15/08 21:14:55 [Info]: Hidden file: c:\WINDOWS\ime\shared\imlang.dll
04/15/08 21:14:55 [Note]: 10002 3
04/15/08 21:14:55 [Info]: Hidden file: c:\WINDOWS\ime\shared\res\padrs404.dll
04/15/08 21:14:55 [Note]: 10002 3
04/15/08 21:14:55 [Info]: Hidden file: c:\WINDOWS\ime\shared\res\padrs411.dll
04/15/08 21:14:55 [Note]: 10002 3
04/15/08 21:14:56 [Info]: Hidden file: c:\WINDOWS\ime\shared\res\padrs412.dll
04/15/08 21:14:56 [Note]: 10002 3
04/15/08 21:14:56 [Info]: Hidden file: c:\WINDOWS\ime\shared\res\padrs804.dll
04/15/08 21:14:56 [Note]: 10002 3
04/15/08 21:14:56 [Note]: 10002 2
04/15/08 21:14:56 [Note]: 10002 2
04/15/08 21:15:29 [Note]: 10002 3
04/15/08 21:15:29 [Note]: 10002 3
04/15/08 21:15:29 [Note]: 10002 3
04/15/08 21:15:29 [Note]: 10002 3
04/15/08 21:15:29 [Note]: 10002 3
04/15/08 21:15:29 [Note]: 10002 3
04/15/08 21:15:29 [Note]: 10002 3
04/15/08 21:15:29 [Note]: 10002 3
04/15/08 21:15:29 [Note]: 10002 2
04/15/08 21:15:29 [Note]: 10002 2
04/15/08 21:21:03 [Info]: Hidden file: c:\WINDOWS\system32\wintems.exe
04/15/08 21:21:03 [Note]: 10002 2
04/15/08 21:21:03 [Info]: Hidden file: c:\WINDOWS\system32\mdelk.exe
04/15/08 21:21:03 [Note]: 10002 2
04/15/08 21:22:16 [Info]: Hidden file: C:\WINDOWS\system32\drivers\hldrrr.exe
04/15/08 21:22:16 [Note]: 10002 2
04/15/08 21:22:16 [Info]: Hidden file: c:\WINDOWS\system32\drivers\srosa.sys
04/15/08 21:22:16 [Note]: 10002 2
04/15/08 21:22:16 [Info]: Hidden file: c:\WINDOWS\system32\drivers\mdelk.exe
04/15/08 21:22:16 [Note]: 10002 2
04/15/08 21:22:51 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\38750.exe
04/15/08 21:22:51 [Note]: 10002 3
04/15/08 21:22:51 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\113984.exe
04/15/08 21:22:51 [Note]: 10002 3
04/15/08 21:22:51 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\123359.exe
04/15/08 21:22:52 [Note]: 10002 3
04/15/08 21:22:52 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\133906.exe
04/15/08 21:22:52 [Note]: 10002 3
04/15/08 21:22:52 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\139265.exe
04/15/08 21:22:52 [Note]: 10002 3
04/15/08 21:22:52 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\145593.exe
04/15/08 21:22:52 [Note]: 10002 3
04/15/08 21:22:52 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\147468.exe
04/15/08 21:22:52 [Note]: 10002 3
04/15/08 21:22:52 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\153921.exe
04/15/08 21:22:52 [Note]: 10002 3
04/15/08 21:22:52 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\155593.exe
04/15/08 21:22:52 [Note]: 10002 3
04/15/08 21:22:52 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\161546.exe
04/15/08 21:22:52 [Note]: 10002 3
04/15/08 21:22:52 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\161953.exe
04/15/08 21:22:52 [Note]: 10002 3
04/15/08 21:22:52 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\195000.exe
04/15/08 21:22:52 [Note]: 10002 3
04/15/08 21:22:52 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\201593.exe
04/15/08 21:22:52 [Note]: 10002 3
04/15/08 21:22:52 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\207437.exe
04/15/08 21:22:52 [Note]: 10002 3
04/15/08 21:22:52 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\256312.exe
04/15/08 21:22:52 [Note]: 10002 3
04/15/08 21:22:52 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\263203.exe
04/15/08 21:22:52 [Note]: 10002 3
04/15/08 21:22:52 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\274500.exe
04/15/08 21:22:52 [Note]: 10002 3
04/15/08 21:22:52 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\279609.exe
04/15/08 21:22:52 [Note]: 10002 3
04/15/08 21:22:52 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\286203.exe
04/15/08 21:22:52 [Note]: 10002 3
04/15/08 21:22:52 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\288234.exe
04/15/08 21:22:52 [Note]: 10002 3
04/15/08 21:22:52 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\292031.exe
04/15/08 21:22:53 [Note]: 10002 3
04/15/08 21:22:53 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\297656.exe
04/15/08 21:22:53 [Note]: 10002 3
04/15/08 21:22:53 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\299375.exe
04/15/08 21:22:53 [Note]: 10002 3
04/15/08 21:22:53 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\318312.exe
04/15/08 21:22:53 [Note]: 10002 3
04/15/08 21:22:53 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\341062.exe
04/15/08 21:22:53 [Note]: 10002 3
04/15/08 21:22:53 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\348562.exe
04/15/08 21:22:53 [Note]: 10002 3
04/15/08 21:22:53 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\390671.exe
04/15/08 21:22:53 [Note]: 10002 3
04/15/08 21:22:53 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\392921.exe
04/15/08 21:22:53 [Note]: 10002 3
04/15/08 21:22:53 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\416937.exe
04/15/08 21:22:53 [Note]: 10002 3
04/15/08 21:22:53 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\41796.exe
04/15/08 21:22:53 [Note]: 10002 3
04/15/08 21:22:53 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\43343.exe
04/15/08 21:22:53 [Note]: 10002 3
04/15/08 21:22:53 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\44500.exe
04/15/08 21:22:53 [Note]: 10002 3
04/15/08 21:22:53 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\46156.exe
04/15/08 21:22:53 [Note]: 10002 3
04/15/08 21:22:53 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\49109.exe
04/15/08 21:22:53 [Note]: 10002 3
04/15/08 21:22:53 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\49234.exe
04/15/08 21:22:53 [Note]: 10002 3
04/15/08 21:22:53 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\507890.exe
04/15/08 21:22:54 [Note]: 10002 3
04/15/08 21:22:54 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\51531.exe
04/15/08 21:22:54 [Note]: 10002 3
04/15/08 21:22:54 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\524734.exe
04/15/08 21:22:54 [Note]: 10002 3
04/15/08 21:22:54 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\535265.exe
04/15/08 21:22:54 [Note]: 10002 3
04/15/08 21:22:54 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\541296.exe
04/15/08 21:22:54 [Note]: 10002 3
04/15/08 21:22:54 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\57718.exe
04/15/08 21:22:54 [Note]: 10002 3
04/15/08 21:22:54 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\65828.exe
04/15/08 21:22:54 [Note]: 10002 3
04/15/08 21:22:54 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\72093.exe
04/15/08 21:22:54 [Note]: 10002 3
04/15/08 21:22:54 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\80031.exe
04/15/08 21:22:54 [Note]: 10002 3
04/15/08 21:22:54 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\84906.exe
04/15/08 21:22:54 [Note]: 10002 3
04/15/08 21:22:54 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\91703.exe
04/15/08 21:22:54 [Note]: 10002 3
04/15/08 21:22:54 [Note]: 10002 2
04/15/08 21:22:54 [Note]: 10002 2
04/15/08 21:33:01 [Note]: 2000 1012
04/15/08 21:33:52 [Note]: 7007 0



Et Maintenant, comment les supprimer les foutu wintems.exe, hldrrr.exe, les numéros.exe et compagnie ??? :( 

(De plus, les fichiers et dossiers cachés ne s'affichent pas même si dans l'option des dossiers j'ai coché pour les afficher.)


Merci d'avance..

Autres pages sur : resolu wintems exe vais finir

15 Avril 2008 22:26:18

Bonjour, :hello: 

On commence dans l'ordre :)  Merci de ne pas prendre d'initiatives personnelles.

Télécharge ELIBAGLA en bas de cette page:
==> http://www.zonavirus.com/datos/descargas/95/elibagla.as...
Lance Elibagla en double cliquant dessus.
assure toi que le bouton "Eliminar Ficheros Automaticamente" soit coché.
Vérifie que C:\ soit sélectionné dans Unidad (ou la partition contenant ton OS).
Clique sur le bouton Explorar.
à la fin poste le rapport C:\infoSat.txt

N.B : Si ELIBAGLA ne marche pas, reviens me le dire, sinon poste le rapport demandé :) 
15 Avril 2008 22:42:40

Au lancement de ELIBAGLA, j'ai le message suivant dans une fenêtre avec le panneau jaune d'attention "!" :

Por favor, envienos una muestra del fichero C:\Muestra\HLDRRR.EXE.Muestra EliBagle v11.26 a "virus@satinfo.es". Gracias.

Je m'efforce de comprendre, ils veulent que je leur envoit un screenshot du dossier, mais bon, j'ouvre le dossier demandé C:\Muestra et je relance ELIBAGLA du bureau.

Une autre fenêtre arrive :

"Detectado Gusano BAGLE. Reinicie para Completar la Limpieza."

Juste après la fenêtre de scan apparaît, je vérifie que le bouton soit coché, dans unidad C:\ (le systeme contenant mon OS), je clique sur Explorar, il scan et au bout de 5 secondes le logiciel se coupe.

Même chose si je répète l'opération.

:( 
Contenus similaires
15 Avril 2008 23:08:12

Hum ca a marcher après un redémarrage, voila le log :




Tue Apr 15 22:34:18 2008
EliBagle v11.26 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

Tue Apr 15 22:34:26 2008
EliBagle v11.26 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.26
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.

Tue Apr 15 22:35:03 2008
EliBagle v11.26 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

Tue Apr 15 22:35:12 2008
EliBagle v11.26 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.26
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.

Tue Apr 15 22:35:35 2008
EliBagle v11.26 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

Tue Apr 15 22:36:52 2008
EliBagle v11.26 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.26
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Tue Apr 15 22:37:08 2008
EliBagle v11.26 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

Tue Apr 15 22:37:10 2008
EliBagle v11.26 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.26
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Tue Apr 15 22:37:23 2008
EliBagle v11.26 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.26
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Tue Apr 15 22:37:25 2008
EliBagle v11.26 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Tue Apr 15 22:37:37 2008
EliBagle v11.26 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.26
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Tue Apr 15 22:37:44 2008
EliBagle v11.26 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.26
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Tue Apr 15 22:39:54 2008
EliBagle v11.26 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.26
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Tue Apr 15 22:40:49 2008
EliBagle v11.26 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.26
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Tue Apr 15 22:40:52 2008
EliBagle v11.26 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Tue Apr 15 22:41:43 2008
EliBagle v11.26 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.26
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Tue Apr 15 22:41:46 2008
EliBagle v11.26 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Tue Apr 15 22:55:16 2008
EliBagle v11.26 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.26
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Tue Apr 15 22:55:20 2008
EliBagle v11.26 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Tue Apr 15 23:01:31 2008
EliBagle v11.26 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.26
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Tue Apr 15 23:02:06 2008
EliBagle v11.26 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\WINDOWS\system32\MDELK.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)

Nº Total de Directorios: 12669
Nº Total de Ficheros: 118818
Nº de Ficheros Analizados: 10829
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1


Le fichier MDELK.EXE était le virus qui me faisait utiliser mon UC a 100% et qui me provoquait une lenteur incroyable dans l'execution de n'importe quel processus..
15 Avril 2008 23:15:51

Erf maintenant mon pc reboot toute les 5-10 minutes..
15 Avril 2008 23:54:00

Re,

Bagle c'est du méchant ! Commence par supprimer TOUS les cracks et logiciels p2p de ton PC sans exception !

Citation :
Infection BAGLE


Si tu es sous Vista, désactive l'uac : http://bibou0007.com/tutos-f45/tutorial-desactiver-l-ua...

Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : http://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

;) 
16 Avril 2008 08:23:17

C'est bon, résolu.


(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\113984.exe
C:\WINDOWS\system32\drivers\downld\123359.exe
C:\WINDOWS\system32\drivers\downld\133906.exe
C:\WINDOWS\system32\drivers\downld\139265.exe
C:\WINDOWS\system32\drivers\downld\145593.exe
C:\WINDOWS\system32\drivers\downld\147468.exe
C:\WINDOWS\system32\drivers\downld\153921.exe
C:\WINDOWS\system32\drivers\downld\155593.exe
C:\WINDOWS\system32\drivers\downld\161546.exe
C:\WINDOWS\system32\drivers\downld\161953.exe
C:\WINDOWS\system32\drivers\downld\195000.exe
C:\WINDOWS\system32\drivers\downld\201593.exe
C:\WINDOWS\system32\drivers\downld\207437.exe
C:\WINDOWS\system32\drivers\downld\256312.exe
C:\WINDOWS\system32\drivers\downld\263203.exe
C:\WINDOWS\system32\drivers\downld\274500.exe
C:\WINDOWS\system32\drivers\downld\279609.exe
C:\WINDOWS\system32\drivers\downld\286203.exe
C:\WINDOWS\system32\drivers\downld\288234.exe
C:\WINDOWS\system32\drivers\downld\292031.exe
C:\WINDOWS\system32\drivers\downld\297656.exe
C:\WINDOWS\system32\drivers\downld\299375.exe
C:\WINDOWS\system32\drivers\downld\318312.exe
C:\WINDOWS\system32\drivers\downld\341062.exe
C:\WINDOWS\system32\drivers\downld\348562.exe
C:\WINDOWS\system32\drivers\downld\38750.exe
C:\WINDOWS\system32\drivers\downld\390671.exe
C:\WINDOWS\system32\drivers\downld\392921.exe
C:\WINDOWS\system32\drivers\downld\416937.exe
C:\WINDOWS\system32\drivers\downld\41796.exe
C:\WINDOWS\system32\drivers\downld\43343.exe
C:\WINDOWS\system32\drivers\downld\44500.exe
C:\WINDOWS\system32\drivers\downld\46156.exe
C:\WINDOWS\system32\drivers\downld\49109.exe
C:\WINDOWS\system32\drivers\downld\49234.exe
C:\WINDOWS\system32\drivers\downld\507890.exe
C:\WINDOWS\system32\drivers\downld\51531.exe
C:\WINDOWS\system32\drivers\downld\524734.exe
C:\WINDOWS\system32\drivers\downld\535265.exe
C:\WINDOWS\system32\drivers\downld\541296.exe
C:\WINDOWS\system32\drivers\downld\57718.exe
C:\WINDOWS\system32\drivers\downld\65828.exe
C:\WINDOWS\system32\drivers\downld\72093.exe
C:\WINDOWS\system32\drivers\downld\80031.exe
C:\WINDOWS\system32\drivers\downld\84906.exe
C:\WINDOWS\system32\drivers\downld\91703.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe

Merci infiniment.
16 Avril 2008 10:52:42

Re,

Non ce n'est pas fini... à toi de voir :o 
16 Avril 2008 11:46:46

Bon d'accord, Voilà le log au complet :


ComboFix 08-04-15.1 - Sense 2008-04-16 8:12:37.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.635 [GMT 2:00]
Endroit: C:\Documents and Settings\Sense\Bureau\KillBagle.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\113984.exe
C:\WINDOWS\system32\drivers\downld\123359.exe
C:\WINDOWS\system32\drivers\downld\133906.exe
C:\WINDOWS\system32\drivers\downld\139265.exe
C:\WINDOWS\system32\drivers\downld\145593.exe
C:\WINDOWS\system32\drivers\downld\147468.exe
C:\WINDOWS\system32\drivers\downld\153921.exe
C:\WINDOWS\system32\drivers\downld\155593.exe
C:\WINDOWS\system32\drivers\downld\161546.exe
C:\WINDOWS\system32\drivers\downld\161953.exe
C:\WINDOWS\system32\drivers\downld\195000.exe
C:\WINDOWS\system32\drivers\downld\201593.exe
C:\WINDOWS\system32\drivers\downld\207437.exe
C:\WINDOWS\system32\drivers\downld\256312.exe
C:\WINDOWS\system32\drivers\downld\263203.exe
C:\WINDOWS\system32\drivers\downld\274500.exe
C:\WINDOWS\system32\drivers\downld\279609.exe
C:\WINDOWS\system32\drivers\downld\286203.exe
C:\WINDOWS\system32\drivers\downld\288234.exe
C:\WINDOWS\system32\drivers\downld\292031.exe
C:\WINDOWS\system32\drivers\downld\297656.exe
C:\WINDOWS\system32\drivers\downld\299375.exe
C:\WINDOWS\system32\drivers\downld\318312.exe
C:\WINDOWS\system32\drivers\downld\341062.exe
C:\WINDOWS\system32\drivers\downld\348562.exe
C:\WINDOWS\system32\drivers\downld\38750.exe
C:\WINDOWS\system32\drivers\downld\390671.exe
C:\WINDOWS\system32\drivers\downld\392921.exe
C:\WINDOWS\system32\drivers\downld\416937.exe
C:\WINDOWS\system32\drivers\downld\41796.exe
C:\WINDOWS\system32\drivers\downld\43343.exe
C:\WINDOWS\system32\drivers\downld\44500.exe
C:\WINDOWS\system32\drivers\downld\46156.exe
C:\WINDOWS\system32\drivers\downld\49109.exe
C:\WINDOWS\system32\drivers\downld\49234.exe
C:\WINDOWS\system32\drivers\downld\507890.exe
C:\WINDOWS\system32\drivers\downld\51531.exe
C:\WINDOWS\system32\drivers\downld\524734.exe
C:\WINDOWS\system32\drivers\downld\535265.exe
C:\WINDOWS\system32\drivers\downld\541296.exe
C:\WINDOWS\system32\drivers\downld\57718.exe
C:\WINDOWS\system32\drivers\downld\65828.exe
C:\WINDOWS\system32\drivers\downld\72093.exe
C:\WINDOWS\system32\drivers\downld\80031.exe
C:\WINDOWS\system32\drivers\downld\84906.exe
C:\WINDOWS\system32\drivers\downld\91703.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-16 to 2008-04-16 ))))))))))))))))))))))))))))))))))))
.

2008-04-15 23:13 . 2004-08-19 16:09 400,896 --a------ C:\WINDOWS\system32\CF21104.exe
2008-04-15 23:07 . 2006-10-25 01:10 684,032 --a------ C:\Documents and Settings\Sense\WService.EXE
2008-04-15 22:34 . 2008-04-15 22:34 <REP> d-------- C:\Muestras
2008-04-15 21:48 . 2008-04-15 21:48 <REP> d-------- C:\Program Files\Yahoo!
2008-04-15 21:48 . 2008-04-15 21:48 <REP> d-------- C:\Program Files\CCleaner
2008-04-15 20:47 . 2008-04-15 20:47 <REP> d-------- C:\Program Files\uTorrent
2008-04-15 20:47 . 2008-04-15 20:47 <REP> d-------- C:\Program Files\Trend Micro
2008-04-15 20:47 . 2008-04-15 20:47 <REP> d-------- C:\Program Files\eToro
2008-04-15 20:47 . 2008-04-15 20:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-04-15 19:56 . 2008-04-15 19:56 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-15 19:48 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-15 19:12 . 2006-11-23 17:04 9,728 --a------ C:\WINDOWS\system32\drivers\pxscinst.dll
2008-04-15 19:12 . 2006-11-23 17:04 7,680 --a------ C:\WINDOWS\system32\drivers\pxinst.dll
2008-04-15 19:11 . 2008-04-15 20:47 <REP> d-------- C:\Program Files\Prevx1
2008-04-15 19:11 . 2008-04-15 20:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-04-15 19:00 . 2008-04-15 19:48 <REP> d-------- C:\Program Files\Java
2008-04-15 18:58 . 2008-04-15 18:58 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-04-15 18:57 . 2008-04-15 18:57 <REP> d-------- C:\Program Files\Cellosoft
2008-04-15 18:51 . 2008-04-15 20:47 <REP> d-------- C:\Documents and Settings\Sense\Application Data\uTorrent
2008-04-15 17:55 . 2008-04-15 20:47 <REP> d-------- C:\Program Files\PrevxCSI
2008-04-15 17:55 . 2008-04-15 20:52 10,880 --a------ C:\WINDOWS\system32\drivers\pxark.sys
2008-04-15 17:17 . 2008-04-15 17:17 <REP> d-------- C:\Program Files\Lavasoft
2008-04-15 17:17 . 2008-04-15 17:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-15 17:03 . 2008-04-15 17:03 <REP> d-------- C:\Documents and Settings\Sense\Application Data\Uniblue
2008-04-15 17:02 . 2008-04-15 17:02 <REP> d-------- C:\Program Files\Uniblue
2008-04-15 16:53 . 2008-04-15 18:44 78,415 --a------ C:\WINDOWS\system32\drivers\klif.cab
2008-04-15 16:38 . 2008-04-15 16:38 <REP> d--hs---- C:\found.000
2008-04-15 16:08 . 2008-04-15 16:08 <REP> d-------- C:\Program Files\Subliminal Flash
2008-04-15 16:07 . 2008-04-15 16:07 <REP> d-------- C:\Program Files\Subliminal Messages Organizer
2008-04-15 13:20 . 2008-04-15 13:20 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-04-15 13:16 . 2008-04-15 13:16 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2008-04-15 13:15 . 2008-04-15 13:16 <REP> d-------- C:\Program Files\Logitech
2008-04-15 13:12 . 2001-08-17 22:05 351,616 --a------ C:\WINDOWS\system32\drivers\OVCodek2.sys
2008-04-15 11:01 . 2008-04-15 11:01 <REP> d-------- C:\Program Files\Guitar Pro 5
2008-04-15 10:49 . 2008-04-15 10:49 <REP> d-------- C:\Program Files\Intel Desktop Board
2008-04-15 09:27 . 2008-04-15 09:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-15 09:27 . 2008-04-15 09:27 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-15 08:06 . 2008-04-15 08:13 <REP> d-------- C:\Program Files\Asgard Of Ardamir
2008-04-14 09:47 . 2008-04-14 09:47 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-04-14 08:08 . 2008-04-14 09:40 <REP> d-------- C:\Documents and Settings\Sense\Application Data\AdobeUM
2008-04-13 15:59 . 2008-04-13 19:04 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-04-13 15:59 . 2008-04-13 16:16 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-04-13 15:59 . 2008-04-13 19:04 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-13 15:59 . 2008-04-13 15:59 22,328 --a------ C:\Documents and Settings\Sense\Application Data\PnkBstrK.sys
2008-04-13 15:54 . 2008-04-13 16:13 <REP> d-------- C:\PunkBuster
2008-04-13 15:29 . 2008-04-13 15:29 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-13 11:21 . 2008-04-13 11:21 <REP> d-------- C:\Program Files\VstPlugins
2008-04-13 11:21 . 2008-04-13 11:21 <REP> d-------- C:\Program Files\Outsim
2008-04-13 11:21 . 2008-04-13 11:21 <REP> d-------- C:\Program Files\ASIO4ALL v2
2008-04-13 11:21 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-04-13 11:21 . 2006-06-20 10:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2008-04-13 11:19 . 2008-04-13 11:21 <REP> d-------- C:\Program Files\Image-Line
2008-04-13 10:37 . 2008-04-13 10:37 <REP> d-------- C:\Program Files\Native Instruments
2008-04-13 08:00 . 2008-04-13 08:00 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-04-12 22:44 . 2008-04-12 22:44 <REP> d-------- C:\Program Files\GENIUS TABLET
2008-04-12 22:44 . 2003-11-25 07:58 315,392 --a------ C:\WINDOWS\SETUPX32.EXE
2008-04-12 22:44 . 2003-12-23 06:35 583 --a------ C:\WINDOWS\SETUPEXT.INF
2008-04-12 21:48 . 2008-04-12 21:48 <REP> d-------- C:\Program Files\iTunes
2008-04-12 21:48 . 2008-04-12 21:48 <REP> d-------- C:\Program Files\iPod
2008-04-12 21:48 . 2008-04-12 21:48 <REP> d-------- C:\Documents and Settings\Sense\Application Data\Apple Computer
2008-04-12 21:47 . 2008-04-12 21:48 <REP> d-------- C:\Program Files\QuickTime
2008-04-12 21:47 . 2008-04-12 21:47 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-04-12 21:47 . 2008-04-12 21:47 <REP> d-------- C:\Program Files\Apple Software Update
2008-04-12 21:47 . 2008-04-12 21:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-12 21:47 . 2008-04-12 21:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-12 21:44 . 2008-04-12 21:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-12 21:24 . 2008-04-12 21:48 <REP> d-------- C:\Program Files\Bonjour
2008-04-12 21:12 . 2008-04-13 20:41 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-04-12 20:51 . 2008-04-12 20:51 319 --a------ C:\WINDOWS\game.ini
2008-04-12 20:44 . 2008-04-12 20:44 <REP> d-------- C:\Program Files\Activision
2008-04-12 20:43 . 2008-04-12 20:43 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-04-12 20:42 . 2008-04-12 20:42 <REP> d-------- C:\Program Files\DAEMON Tools
2008-04-12 20:40 . 2008-04-12 20:40 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-12 12:55 . 2008-04-12 12:55 <REP> d-------- C:\Program Files\NinjaSurfing
2008-04-12 12:55 . 2008-04-12 12:55 125 --a------ C:\ioSpecial.ini
2008-04-12 12:49 . 2008-04-12 22:29 <REP> d-------- C:\Program Files\eMule
2008-04-12 12:02 . 2008-04-12 12:20 <REP> d-------- C:\Documents and Settings\Sense\Application Data\VoipBuster
2008-04-12 12:01 . 2008-04-12 12:01 <REP> d-------- C:\Program Files\VoipBuster.com
2008-04-12 07:50 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-12 07:50 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-12 07:50 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-11 16:11 . 2006-10-04 16:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-04-11 16:11 . 2006-10-04 16:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-04-11 16:11 . 2006-10-04 16:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-04-11 16:09 . 2008-04-11 16:09 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-04-11 16:00 . 2008-04-13 15:59 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-04-11 16:00 . 2008-04-11 16:03 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-11 12:11 . 2008-04-11 12:11 <REP> d-------- C:\Program Files\Common Files
2008-04-11 10:34 . 2008-04-11 10:34 <REP> d---s---- C:\WINDOWS\system32\Microsoft
2008-04-11 10:34 . 2008-04-11 10:34 <REP> d-------- C:\Documents and Settings\Sense\Application Data\TuneUp Software
2008-04-11 10:33 . 2008-04-11 10:33 <REP> d-------- C:\Program Files\TuneUp Utilities 2008
2008-04-11 10:33 . 2008-04-15 17:15 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-11 10:33 . 2008-04-11 10:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-04-11 10:33 . 2008-04-11 10:33 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-04-11 10:33 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-04-11 10:30 . 2008-04-11 10:30 1,169 --a------ C:\WINDOWS\mozver.dat
2008-04-11 10:29 . 2008-04-15 11:26 <REP> d-------- C:\Documents and Settings\Sense\Application Data\skypePM
2008-04-11 10:29 . 2008-04-11 10:29 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-04-11 10:28 . 2008-04-15 11:26 <REP> d-------- C:\Documents and Settings\Sense\Application Data\Skype
2008-04-11 10:27 . 2008-04-11 10:27 <REP> d-------- C:\Program Files\Skype

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 11:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-15 01:00 --------- d-----w C:\Program Files\Windows Live
2008-04-14 17:30 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-04-14 07:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-13 17:15 --------- d-----w C:\Program Files\Lineage II
2008-04-11 09:53 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-04-11 09:53 --------- d-----w C:\Documents and Settings\Sense\Application Data\teamspeak2
2008-04-11 09:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-04-11 09:44 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-11 09:40 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-04-11 09:36 --------- d-----w C:\Documents and Settings\Sense\Application Data\InstallShield
2008-04-11 09:32 --------- d-----w C:\Program Files\Mirage-Team Decoder Pack
2008-04-11 09:32 --------- d-----w C:\Documents and Settings\Sense\Application Data\Media Player Classic
2008-04-11 08:06 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-04-11 07:44 --------- d-----w C:\Program Files\Lavalys
2008-04-11 07:32 --------- d-----w C:\Program Files\FaxTools
2008-04-11 07:32 --------- d-----w C:\Program Files\ABBYY FineReader 6.0
2008-04-11 07:32 --------- d-----w C:\Program Files\ABBYY FineReader 5.0 Sprint
2008-04-11 07:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-04-11 07:22 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-11 07:20 --------- d-----w C:\Program Files\Services en ligne
2008-02-01 09:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-04-11 11:45 5724184]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"RegistryBooster 2 d’Uniblue "="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-11-21 17:07 1902592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32 455168]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32 455168]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"WService"="WService.EXE" [2002-09-07 12:23 28672 C:\WINDOWS\system32\WService.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"PrevxOne"="C:\Program Files\Prevx1\PXConsole.exe" [2008-04-16 08:14 1507328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 12:48 157592 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-03 22:32 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
--a------ 2003-08-19 16:48 57344 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-03 22:31 59392 C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ninja Surfing]
--a------ 2007-06-19 16:02 958535 C:\Program Files\NinjaSurfing\nsurfing.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 01:41 8523776 C:\WINDOWS\System32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 01:41 81920 C:\WINDOWS\System32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-29 14:42 21898024 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
--a------ 2008-04-12 13:08 8811824 C:\program files\voipbuster.com\voipbuster\voipbuster.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-04-15 20:52]
R2 CSIScanner;CSIScanner;"C:\Program Files\PrevxCSI\\PrevxCSI.exe" /service []
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-19 16:10]
S1 lusbaudio;Microphone USB Logitech;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 22:05]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 00:00]
S3 QCEmerald;QuickCam Web Logitech;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 22:05]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-11 10:33]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-12 19:47:36 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-11 15:55:59 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 08:17:08
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\drivers\WTSrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-16 8:20:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-16 06:20:25

Pre-Run: 76,504,670,208 octets libres
Post-Run: 76,454,174,720 octets libres
.
2008-04-15 11:20:42 --- E O F ---
16 Avril 2008 11:56:47

Re,

Je te le ferai savoir quand ce sera fini :) 

  • Fais un scan en ligne Kaspersky avec Internet Explorer :
  • Clique sur
  • Clique maintenant sur J'accepte.
  • Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
  • Patiente pendant l'installation des Mises à jour.
  • Choisis par la suite l'analyse du Poste de travail
  • Sauvegarde puis colle le rapport généré en fin d'analyse.

    AIDE : Tuto sur le scan en ligne

    NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.

    ;) 
    16 Avril 2008 18:49:17

    Voila le log après le scan :


    Statistiques de l'analyse
    Total d'objets analysés 193752
    Nombre de virus trouvés 6
    Nombre d'objets infectés 67 / 0
    Nombre d'objets suspects 0
    Durée de l'analyse 01:57:29

    Nom de l'objet infecté Nom du virus Dernière action
    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\0038_AdBlocker_eventcritlog.rpt L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\0038_AdBlocker_eventlog.rpt L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\003b_popupchk_eventcritlog.rpt L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\003b_popupchk_eventlog.rpt L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\003e_File_Monitoring_eventlog.rpt L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\0044_Web_Monitoring_eventlog.rpt L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\detected.idx L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\detected.rpt L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\eventlog.rpt L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\report.rpt L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\Sense\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Sense\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Sense\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb L'objet est verrouillé ignoré
    C:\Documents and Settings\Sense\Local Settings\Application Data\Microsoft\Messenger\sense.fx@hotmail.fr\SharingMetadata\Logs\Dfsr00005.log L'objet est verrouillé ignoré
    C:\Documents and Settings\Sense\Local Settings\Application Data\Microsoft\Messenger\sense.fx@hotmail.fr\SharingMetadata\pending.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Sense\Local Settings\Application Data\Microsoft\Messenger\sense.fx@hotmail.fr\SharingMetadata\Working\database_485C_85C9_5C85_B1EC\dfsr.db L'objet est verrouillé ignoré
    C:\Documents and Settings\Sense\Local Settings\Application Data\Microsoft\Messenger\sense.fx@hotmail.fr\SharingMetadata\Working\database_485C_85C9_5C85_B1EC\fsr.log L'objet est verrouillé ignoré
    C:\Documents and Settings\Sense\Local Settings\Application Data\Microsoft\Messenger\sense.fx@hotmail.fr\SharingMetadata\Working\database_485C_85C9_5C85_B1EC\fsrtmp.log L'objet est verrouillé ignoré
    C:\Documents and Settings\Sense\Local Settings\Application Data\Microsoft\Messenger\sense.fx@hotmail.fr\SharingMetadata\Working\database_485C_85C9_5C85_B1EC\tmp.edb L'objet est verrouillé ignoré
    C:\Documents and Settings\Sense\Local Settings\Application Data\Microsoft\Messenger\silent_angel@hotmail.fr\SharingMetadata\Logs\Dfsr00005.log L'objet est verrouillé ignoré
    C:\Documents and Settings\Sense\Local Settings\Application Data\Microsoft\Messenger\silent_angel@hotmail.fr\SharingMetadata\pending.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Sense\Local Settings\Application Data\Microsoft\Messenger\silent_angel@hotmail.fr\SharingMetadata\Working\database_485C_85C9_5C85_B1EC\dfsr.db L'objet est verrouillé ignoré
    C:\Documents and Settings\Sense\Local Settings\Application Data\Microsoft\Messenger\silent_angel@hotmail.fr\SharingMetadata\Working\database_485C_85C9_5C85_B1EC\fsr.log L'objet est verrouillé ignoré
    C:\Documents and Settings\Sense\Local Settings\Application Data\Microsoft\Messenger\silent_angel@hotmail.fr\SharingMetadata\Working\database_485C_85C9_5C85_B1EC\fsrtmp.log L'objet est verrouillé ignoré
    C:\Documents and Settings\Sense\Local Settings\Application Data\Microsoft\Messenger\silent_angel@hotmail.fr\SharingMetadata\Working\database_485C_85C9_5C85_B1EC\tmp.edb L'objet est verrouillé ignoré
    C:\Documents and Settings\Sense\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Sense\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\Sense\Local Settings\Application Data\Microsoft\Windows Live Contacts\sense.fx@hotmail.fr\real\members.stg L'objet est verrouillé ignoré
    C:\Documents and Settings\Sense\Local Settings\Application Data\Microsoft\Windows Live Contacts\sense.fx@hotmail.fr\shadow\members.stg L'objet est verrouillé ignoré
    C:\Documents and Settings\Sense\Local Settings\Application Data\Microsoft\Windows Live Contacts\silent_angel@hotmail.fr\real\members.stg L'objet est verrouillé ignoré
    C:\Documents and Settings\Sense\Local Settings\Application Data\Microsoft\Windows Live Contacts\silent_angel@hotmail.fr\shadow\members.stg L'objet est verrouillé ignoré
    C:\Documents and Settings\Sense\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Sense\Local Settings\Historique\History.IE5\MSHist012008041620080417\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Sense\Local Settings\Temp\~DF1ED5.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\Sense\Local Settings\Temp\~DF21E2.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\Sense\Local Settings\Temp\~DF9EF1.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\Sense\Local Settings\Temp\~DF9F2E.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\Sense\Local Settings\Temp\~DFA87C.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\Sense\Local Settings\Temp\~DFA8B8.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\Sense\Local Settings\Temp\~DFC465.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\Sense\Local Settings\Temp\~DFC4BD.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\Sense\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Sense\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Sense\Mes documents\Mes Historiques de Conversation\avril 2008\anto2a4@hotmail.fr.html L'objet est verrouillé ignoré
    C:\Documents and Settings\Sense\Mes documents\Mes Historiques de Conversation\avril 2008\coto0505@msn.com.html L'objet est verrouillé ignoré
    C:\Documents and Settings\Sense\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\Sense\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\Sense\WService.EXE Infecté : Trojan-Downloader.Win32.Bagle.nk ignoré
    C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.26 Infecté : Trojan-Downloader.Win32.Bagle.nk ignoré
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\38750.exe.vir Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\390671.exe.vir Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\392921.exe.vir Infecté : Email-Worm.Win32.Bagle.vr ignoré
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\41796.exe.vir Infecté : Trojan-Downloader.Win32.Bagle.ij ignoré
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\43343.exe.vir Infecté : Email-Worm.Win32.Bagle.vr ignoré
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\44500.exe.vir Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\46156.exe.vir Infecté : Email-Worm.Win32.Bagle.vr ignoré
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\49109.exe.vir Infecté : Trojan-Downloader.Win32.Bagle.ij ignoré
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\49234.exe.vir Infecté : Email-Worm.Win32.Bagle.vr ignoré
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\51531.exe.vir Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\57718.exe.vir Infecté : Trojan-Downloader.Win32.Bagle.ij ignoré
    C:\QooBox\Quarantine\catchme2008-04-16_ 81537,57.zip/srosa.sys Infecté : Trojan-Downloader.Win32.Bagle.mm ignoré
    C:\QooBox\Quarantine\catchme2008-04-16_ 81537,57.zip/wintems.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\QooBox\Quarantine\catchme2008-04-16_ 81537,57.zip/mdelk.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\QooBox\Quarantine\catchme2008-04-16_ 81537,57.zip/hldrrr.exe Infecté : Trojan-Downloader.Win32.Bagle.nk ignoré
    C:\QooBox\Quarantine\catchme2008-04-16_ 81537,57.zip/mdelk.exe.1 Infecté : Trojan-Downloader.Win32.Bagle.nk ignoré
    C:\QooBox\Quarantine\catchme2008-04-16_ 81537,57.zip ZIP: infecté - 5 ignoré
    C:\QooBox\Quarantine\Registry_backups\Legacy_SROSA.reg.dat Infecté : Trojan-Downloader.Win32.Bagle.hp ignoré
    C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP35\A0014295.sys Infecté : Trojan-Downloader.Win32.Bagle.mm ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP37\A0014316.sys Infecté : Trojan-Downloader.Win32.Bagle.mm ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP40\A0014372.sys Infecté : Trojan-Downloader.Win32.Bagle.mm ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP41\A0014384.sys Infecté : Trojan-Downloader.Win32.Bagle.mm ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP41\A0014385.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP41\A0014386.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP44\A0014577.sys Infecté : Trojan-Downloader.Win32.Bagle.mm ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP44\A0014584.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP45\A0014598.exe Infecté : Email-Worm.Win32.Bagle.vr ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP45\A0014599.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP45\A0014600.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP45\A0014601.sys Infecté : Trojan-Downloader.Win32.Bagle.mm ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP45\A0014961.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP45\A0014962.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP45\A0014963.exe Infecté : Email-Worm.Win32.Bagle.vr ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP45\A0014964.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP45\A0014972.exe Infecté : Trojan-Downloader.Win32.Bagle.ij ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP45\A0015043.exe Infecté : Trojan-Downloader.Win32.Bagle.ij ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP45\A0015044.exe Infecté : Email-Worm.Win32.Bagle.vr ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP46\A0015077.exe Infecté : Email-Worm.Win32.Bagle.vr ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP46\A0015078.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP46\A0015079.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP46\A0015080.sys Infecté : Trojan-Downloader.Win32.Bagle.mm ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP46\A0015434.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP46\A0015435.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP46\A0015436.exe Infecté : Email-Worm.Win32.Bagle.vr ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP46\A0015437.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP46\A0015445.exe Infecté : Trojan-Downloader.Win32.Bagle.ij ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP46\A0015516.exe Infecté : Trojan-Downloader.Win32.Bagle.ij ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP46\A0015517.exe Infecté : Email-Worm.Win32.Bagle.vr ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP46\A0016534.sys Infecté : Trojan-Downloader.Win32.Bagle.mm ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP46\A0016570.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP46\A0017582.EXE Infecté : Trojan-Downloader.Win32.Bagle.nk ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP46\A0018582.EXE Infecté : Trojan-Downloader.Win32.Bagle.nk ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP46\A0018591.EXE Infecté : Trojan-Downloader.Win32.Bagle.nk ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP46\A0019591.EXE Infecté : Trojan-Downloader.Win32.Bagle.nk ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP47\A0019652.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP47\A0019653.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP47\A0019654.exe Infecté : Email-Worm.Win32.Bagle.vr ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP47\A0019656.exe Infecté : Trojan-Downloader.Win32.Bagle.ij ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP47\A0019657.exe Infecté : Email-Worm.Win32.Bagle.vr ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP47\A0019658.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP47\A0019659.exe Infecté : Email-Worm.Win32.Bagle.vr ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP47\A0019660.exe Infecté : Trojan-Downloader.Win32.Bagle.ij ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP47\A0019661.exe Infecté : Email-Worm.Win32.Bagle.vr ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP47\A0019663.exe Infecté : Email-Worm.Win32.Bagle.of ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP47\A0019667.exe Infecté : Trojan-Downloader.Win32.Bagle.ij ignoré
    C:\System Volume Information\_restore{3FAF5BA9-774A-4BD6-B02E-B503175356B2}\RP49\change.log L'objet est verrouillé ignoré
    C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
    C:\WINDOWS\SoftwareDistribution\EventCache\{64FD35E3-A91A-4C6A-9AB7-89E2AA268C7C}.bin L'objet est verrouillé ignoré
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
    C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\drivers\fidbox.dat L'objet est verrouillé ignoré
    C:\WINDOWS\system32\drivers\fidbox.idx L'objet est verrouillé ignoré
    C:\WINDOWS\system32\drivers\fidbox2.dat L'objet est verrouillé ignoré
    C:\WINDOWS\system32\drivers\fidbox2.idx L'objet est verrouillé ignoré
    C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré
    C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\TEMP\cch~52f5f0495.htp L'objet est verrouillé ignoré
    C:\WINDOWS\TEMP\cch~52f5f09d5.htp L'objet est verrouillé ignoré
    C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
    C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
    C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
    H:\2094c32c4d9823fa85\docs\install.chm L'objet est verrouillé ignoré
    H:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
    Analyse terminée.
    16 Avril 2008 22:19:38

    :hello: 

    Désactive toute protection résidente ( antivirus…) !

    Copie le texte se situant dans le cadre ci-dessous, sans le mot citation :

    Citation :
    File::
    C:\Documents and Settings\Sense\WService.EXE



    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :



    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un nouveau rapport Hijackthis.
    S'il n'y a pas de redémarrage, poste quand même les rapports.

    ;) 
    17 Avril 2008 07:58:43

    Je met les deux logs en double-post pour les différenciés.


    Log de ComboFix


    ComboFix 08-04-16.5 - Sense 2008-04-17 7:47:06.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.580 [GMT 2:00]
    Endroit: C:\Documents and Settings\Sense\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Sense\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration
    * Resident AV is active


    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_SROSA


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-17 to 2008-04-17 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-16 21:19 . 2008-04-16 21:28 <REP> d-------- C:\Program Files\FlashFXP
    2008-04-16 20:36 . 2008-04-16 20:36 <REP> d-------- C:\Program Files\Gadwin Systems
    2008-04-16 20:25 . 2008-04-16 22:24 <REP> d-------- C:\Documents and Settings\Sense\Application Data\FileZilla
    2008-04-16 20:24 . 2008-04-16 20:25 <REP> d-------- C:\Program Files\FileZilla FTP Client
    2008-04-16 19:11 . 2008-04-16 19:12 <REP> d-------- C:\Program Files\RegCleaner
    2008-04-16 13:58 . 2008-04-16 19:42 <REP> d-------- C:\Program Files\Eurobarre
    2008-04-16 13:58 . 2008-04-16 13:58 108,336 --------- C:\WINDOWS\system32\mswinsck.ocx
    2008-04-16 13:58 . 2008-04-16 13:58 15,872 --------- C:\WINDOWS\system32\winskfr.dll
    2008-04-16 11:08 . 2008-04-16 11:08 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-04-16 11:01 . 2008-04-16 11:01 <REP> d-------- C:\Program Files\comptes
    2008-04-16 11:01 . 2008-04-16 11:01 290,816 --------- C:\WINDOWS\Setup1.exe
    2008-04-16 11:01 . 2008-04-16 11:01 74,752 --a------ C:\WINDOWS\ST6UNST.EXE
    2008-04-16 09:48 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-04-16 09:48 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2008-04-16 09:48 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2008-04-16 09:48 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2008-04-16 09:48 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2008-04-16 09:48 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
    2008-04-16 09:48 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
    2008-04-16 09:48 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2008-04-16 09:48 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-04-16 08:31 . 2008-04-16 08:31 <REP> d-------- C:\WINDOWS\Sun
    2008-04-16 08:25 . 2008-04-16 08:25 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat
    2008-04-16 08:25 . 2008-04-16 08:25 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat
    2008-04-16 08:24 . 2008-04-16 08:24 <REP> d-------- C:\Program Files\Kaspersky Lab
    2008-04-16 08:24 . 2008-04-17 07:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-04-16 08:24 . 2008-04-17 07:52 1,270,560 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-04-16 08:24 . 2008-04-17 07:52 96,544 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
    2008-04-16 08:24 . 2008-04-17 07:51 20,156 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2008-04-16 08:24 . 2008-04-17 07:51 11,120 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
    2008-04-16 08:21 . 2008-04-16 08:21 20,480 --a------ C:\WINDOWS\REGCARDS.OLD
    2008-04-16 08:20 . 2008-04-16 08:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-04-15 23:13 . 2004-08-19 16:09 400,896 --a------ C:\WINDOWS\system32\CF21104.exe
    2008-04-15 23:07 . 2006-10-25 01:10 684,032 --a------ C:\Documents and Settings\Sense\WService.EXE
    2008-04-15 22:34 . 2008-04-15 22:34 <REP> d-------- C:\Muestras
    2008-04-15 21:48 . 2008-04-15 21:48 <REP> d-------- C:\Program Files\Yahoo!
    2008-04-15 21:48 . 2008-04-15 21:48 <REP> d-------- C:\Program Files\CCleaner
    2008-04-15 20:47 . 2008-04-15 20:47 <REP> d-------- C:\Program Files\uTorrent
    2008-04-15 20:47 . 2008-04-15 20:47 <REP> d-------- C:\Program Files\Trend Micro
    2008-04-15 20:47 . 2008-04-15 20:47 <REP> d-------- C:\Program Files\eToro
    2008-04-15 19:56 . 2008-04-15 19:56 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-04-15 19:48 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-04-15 19:00 . 2008-04-15 19:48 <REP> d-------- C:\Program Files\Java
    2008-04-15 18:58 . 2008-04-15 18:58 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2008-04-15 18:57 . 2008-04-15 18:57 <REP> d-------- C:\Program Files\Cellosoft
    2008-04-15 18:51 . 2008-04-15 20:47 <REP> d-------- C:\Documents and Settings\Sense\Application Data\uTorrent
    2008-04-15 17:17 . 2008-04-15 17:17 <REP> d-------- C:\Program Files\Lavasoft
    2008-04-15 17:17 . 2008-04-15 17:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-04-15 17:03 . 2008-04-15 17:03 <REP> d-------- C:\Documents and Settings\Sense\Application Data\Uniblue
    2008-04-15 17:02 . 2008-04-15 17:02 <REP> d-------- C:\Program Files\Uniblue
    2008-04-15 16:38 . 2008-04-15 16:38 <REP> d--hs---- C:\found.000
    2008-04-15 16:08 . 2008-04-16 08:30 <REP> d-------- C:\Program Files\Subliminal Flash
    2008-04-15 16:07 . 2008-04-15 16:07 <REP> d-------- C:\Program Files\Subliminal Messages Organizer
    2008-04-15 13:20 . 2008-04-16 11:09 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2008-04-15 13:16 . 2008-04-15 13:16 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
    2008-04-15 13:15 . 2008-04-15 13:16 <REP> d-------- C:\Program Files\Logitech
    2008-04-15 13:12 . 2001-08-17 22:05 351,616 --a------ C:\WINDOWS\system32\drivers\OVCodek2.sys
    2008-04-15 11:01 . 2008-04-15 11:01 <REP> d-------- C:\Program Files\Guitar Pro 5
    2008-04-15 10:49 . 2008-04-15 10:49 <REP> d-------- C:\Program Files\Intel Desktop Board
    2008-04-15 09:27 . 2008-04-15 09:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-04-15 09:27 . 2008-04-15 09:27 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-04-15 08:06 . 2008-04-15 08:13 <REP> d-------- C:\Program Files\Asgard Of Ardamir
    2008-04-14 09:47 . 2008-04-14 09:47 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
    2008-04-14 08:08 . 2008-04-14 09:40 <REP> d-------- C:\Documents and Settings\Sense\Application Data\AdobeUM
    2008-04-13 15:59 . 2008-04-13 19:04 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
    2008-04-13 15:59 . 2008-04-13 16:16 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
    2008-04-13 15:59 . 2008-04-13 19:04 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-04-13 15:59 . 2008-04-13 15:59 22,328 --a------ C:\Documents and Settings\Sense\Application Data\PnkBstrK.sys
    2008-04-13 15:54 . 2008-04-13 16:13 <REP> d-------- C:\PunkBuster
    2008-04-13 15:29 . 2008-04-13 15:29 <REP> d-------- C:\Program Files\K-Lite Codec Pack
    2008-04-13 11:21 . 2008-04-13 11:21 <REP> d-------- C:\Program Files\VstPlugins
    2008-04-13 11:21 . 2008-04-13 11:21 <REP> d-------- C:\Program Files\Outsim
    2008-04-13 11:21 . 2008-04-13 11:21 <REP> d-------- C:\Program Files\ASIO4ALL v2
    2008-04-13 11:21 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
    2008-04-13 11:21 . 2006-06-20 10:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll
    2008-04-13 11:19 . 2008-04-13 11:21 <REP> d-------- C:\Program Files\Image-Line
    2008-04-13 10:37 . 2008-04-13 10:37 <REP> d-------- C:\Program Files\Native Instruments
    2008-04-13 08:00 . 2008-04-13 08:00 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
    2008-04-12 22:44 . 2008-04-12 22:44 <REP> d-------- C:\Program Files\GENIUS TABLET
    2008-04-12 22:44 . 2003-11-25 07:58 315,392 --a------ C:\WINDOWS\SETUPX32.EXE
    2008-04-12 22:44 . 2003-12-23 06:35 583 --a------ C:\WINDOWS\SETUPEXT.INF
    2008-04-12 21:48 . 2008-04-12 21:48 <REP> d-------- C:\Program Files\iTunes
    2008-04-12 21:48 . 2008-04-12 21:48 <REP> d-------- C:\Program Files\iPod
    2008-04-12 21:48 . 2008-04-12 21:48 <REP> d-------- C:\Documents and Settings\Sense\Application Data\Apple Computer
    2008-04-12 21:47 . 2008-04-12 21:48 <REP> d-------- C:\Program Files\QuickTime
    2008-04-12 21:47 . 2008-04-12 21:47 <REP> d-------- C:\Program Files\Fichiers communs\Apple
    2008-04-12 21:47 . 2008-04-12 21:47 <REP> d-------- C:\Program Files\Apple Software Update
    2008-04-12 21:47 . 2008-04-12 21:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-04-12 21:47 . 2008-04-12 21:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2008-04-12 21:44 . 2008-04-12 21:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-04-12 21:24 . 2008-04-12 21:48 <REP> d-------- C:\Program Files\Bonjour
    2008-04-12 21:12 . 2008-04-16 19:57 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-04-12 20:51 . 2008-04-12 20:51 319 --a------ C:\WINDOWS\game.ini
    2008-04-12 20:44 . 2008-04-12 20:44 <REP> d-------- C:\Program Files\Activision
    2008-04-12 20:43 . 2008-04-12 20:43 <REP> d--hs---- C:\WINDOWS\ftpcache
    2008-04-12 20:42 . 2008-04-12 20:42 <REP> d-------- C:\Program Files\DAEMON Tools
    2008-04-12 20:40 . 2008-04-12 20:40 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-04-12 12:55 . 2008-04-12 12:55 <REP> d-------- C:\Program Files\NinjaSurfing
    2008-04-12 12:55 . 2008-04-12 12:55 125 --a------ C:\ioSpecial.ini

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-15 11:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-15 01:00 --------- d-----w C:\Program Files\Windows Live
    2008-04-14 17:30 --------- d-----w C:\Program Files\Lexmark X1100 Series
    2008-04-14 07:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-04-13 17:15 --------- d-----w C:\Program Files\Lineage II
    2008-04-11 09:53 --------- d-----w C:\Program Files\Teamspeak2_RC2
    2008-04-11 09:53 --------- d-----w C:\Documents and Settings\Sense\Application Data\teamspeak2
    2008-04-11 09:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-04-11 09:44 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-04-11 09:40 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-04-11 09:36 --------- d-----w C:\Documents and Settings\Sense\Application Data\InstallShield
    2008-04-11 09:32 --------- d-----w C:\Program Files\Mirage-Team Decoder Pack
    2008-04-11 09:32 --------- d-----w C:\Documents and Settings\Sense\Application Data\Media Player Classic
    2008-04-11 08:06 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-04-11 07:44 --------- d-----w C:\Program Files\Lavalys
    2008-04-11 07:32 --------- d-----w C:\Program Files\FaxTools
    2008-04-11 07:32 --------- d-----w C:\Program Files\ABBYY FineReader 6.0
    2008-04-11 07:32 --------- d-----w C:\Program Files\ABBYY FineReader 5.0 Sprint
    2008-04-11 07:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
    2008-04-11 07:22 --------- d-----w C:\Program Files\microsoft frontpage
    2008-04-11 07:20 --------- d-----w C:\Program Files\Services en ligne
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-04 10:33 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
    2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-01 09:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-04-16_ 8.20.15.81 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-04-16 06:16:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-04-17 05:52:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
    + 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
    + 2007-08-13 16:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
    + 2007-08-13 16:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
    + 2007-08-13 16:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
    + 2007-08-13 16:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
    + 2007-08-13 16:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
    + 2007-08-13 16:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
    + 2007-08-13 16:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
    + 2007-08-13 16:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
    + 2007-08-13 16:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
    + 2007-08-13 15:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
    + 2007-02-12 14:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dat
    + 2007-07-11 10:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
    + 2007-08-13 16:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
    + 2007-08-13 16:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
    + 2007-08-13 16:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
    + 2007-08-13 16:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
    + 2007-08-13 16:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
    + 2007-08-13 16:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
    + 2007-08-13 16:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
    + 2007-08-13 16:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
    + 2007-08-13 16:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
    + 2007-08-13 16:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
    + 2007-08-13 16:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
    + 2007-08-13 16:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
    + 2007-08-13 16:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
    + 2007-08-13 16:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
    + 2007-08-13 16:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
    + 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
    + 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
    + 2007-08-13 16:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
    + 2007-08-13 16:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
    + 2007-08-13 16:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
    + 2007-08-13 16:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
    - 2007-08-13 16:39:00 123,904 ----a-w C:\WINDOWS\system32\advpack.dll
    + 2008-03-01 12:58:06 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
    + 1998-07-12 22:00:00 32,768 ----a-w C:\WINDOWS\system32\CMDLGFR.DLL
    - 2008-04-12 16:40:02 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2008-04-16 06:25:53 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    - 2008-04-12 16:40:02 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    + 2008-04-16 06:25:53 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
    - 2007-08-13 16:39:00 123,904 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
    + 2008-03-01 12:58:06 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
    - 2007-08-13 16:35:46 346,624 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    + 2008-03-01 12:58:06 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    - 2007-08-13 16:35:38 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    + 2008-03-01 12:58:06 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    - 2007-08-13 16:54:10 131,584 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    + 2008-03-01 12:58:06 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    - 2007-08-13 16:39:06 54,784 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    + 2008-02-29 08:56:41 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    - 2007-08-13 16:39:26 152,064 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
    + 2008-03-01 12:58:06 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
    - 2007-08-13 16:39:54 229,376 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
    + 2008-03-01 12:58:06 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
    - 2007-08-13 15:56:54 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    + 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    - 2007-08-13 16:39:50 382,976 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
    + 2008-03-01 12:58:07 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
    - 2007-08-13 16:39:10 43,008 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
    + 2008-03-01 12:58:08 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
    - 2007-08-13 16:43:56 622,080 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
    + 2008-02-29 08:57:05 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
    - 2007-08-13 16:54:10 27,136 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    + 2008-03-01 12:58:08 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    - 2007-08-13 16:54:12 3,578,368 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    + 2008-03-01 16:28:10 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    - 2007-08-13 16:54:10 475,648 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    + 2008-03-01 12:58:09 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    - 2007-08-13 16:44:26 192,000 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
    + 2008-03-01 12:58:10 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
    - 2007-08-13 16:54:10 670,720 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
    + 2008-03-01 12:58:10 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
    - 2007-08-13 16:44:06 101,376 -c----w C:\WINDOWS\system32\dllcache\occache.dll
    + 2008-03-01 12:58:10 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
    - 2007-08-13 16:36:12 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    + 2008-03-01 12:58:10 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    - 2007-08-13 16:44:30 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
    + 2008-03-01 12:58:10 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
    - 2007-08-13 16:54:10 1,162,240 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    + 2008-03-01 12:58:10 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    - 2007-08-13 16:54:10 765,952 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll
    + 2007-07-12 23:30:52 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
    - 2007-08-13 16:54:10 231,424 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
    + 2008-03-01 12:58:11 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
    - 2007-08-13 16:54:10 818,688 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
    + 2008-03-01 12:58:11 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
    + 2007-04-28 14:51:02 110,360 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
    + 2007-06-27 15:31:58 186,640 ----a-w C:\WINDOWS\system32\drivers\klif.sys
    + 2007-04-04 12:58:26 24,344 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
    + 2007-06-28 10:50:52 22,457 ----a-w C:\WINDOWS\system32\drivers\klop.dat
    - 2007-08-13 16:35:46 346,624 ----a-w C:\WINDOWS\system32\dxtmsft.dll
    + 2008-03-01 12:58:06 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
    - 2007-08-13 16:35:38 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
    + 2008-03-01 12:58:06 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
    - 2007-08-13 16:54:10 131,584 ----a-w C:\WINDOWS\system32\extmgr.dll
    + 2008-03-01 12:58:06 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
    - 2007-08-13 16:36:26 61,952 ------w C:\WINDOWS\system32\icardie.dll
    + 2008-03-01 12:58:06 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
    - 2007-08-13 16:39:06 54,784 ----a-w C:\WINDOWS\system32\ie4uinit.exe
    + 2008-02-29 08:56:41 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
    - 2007-08-13 16:39:26 152,064 ----a-w C:\WINDOWS\system32\ieakeng.dll
    + 2008-03-01 12:58:06 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
    - 2007-08-13 16:39:54 229,376 ----a-w C:\WINDOWS\system32\ieaksie.dll
    + 2008-03-01 12:58:06 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
    - 2007-08-13 15:56:54 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
    + 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
    - 2007-02-12 14:10:12 2,451,312 ------w C:\WINDOWS\system32\ieapfltr.dat
    + 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
    - 2007-07-11 10:27:48 383,488 ------w C:\WINDOWS\system32\ieapfltr.dll
    + 2008-03-01 12:58:07 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
    - 2007-08-13 16:39:50 382,976 ----a-w C:\WINDOWS\system32\iedkcs32.dll
    + 2008-03-01 12:58:07 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
    - 2007-08-13 16:54:10 6,049,280 ------w C:\WINDOWS\system32\ieframe.dll
    + 2008-03-01 12:58:08 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
    - 2007-08-13 16:39:10 43,008 ----a-w C:\WINDOWS\system32\iernonce.dll
    + 2008-03-01 12:58:08 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
    - 2007-08-13 16:34:04 266,752 ------w C:\WINDOWS\system32\iertutil.dll
    + 2008-03-01 12:58:08 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
    - 2007-08-13 16:39:10 13,312 ----a-w C:\WINDOWS\system32\ieudinit.exe
    + 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
    - 2007-08-13 16:54:10 27,136 ----a-w C:\WINDOWS\system32\jsproxy.dll
    + 2008-03-01 12:58:08 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
    + 2007-06-28 10:51:48 206,088 ----a-w C:\WINDOWS\system32\klogon.dll
    + 1998-07-12 22:00:00 107,520 ----a-w C:\WINDOWS\system32\MSCH2FR.DLL
    + 1998-07-12 22:00:00 141,312 ----a-w C:\WINDOWS\system32\MSCMCFR.DLL
    - 2007-08-13 16:54:10 458,752 ------w C:\WINDOWS\system32\msfeeds.dll
    + 2008-03-01 12:58:08 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
    - 2007-08-13 16:54:10 50,688 ------w C:\WINDOWS\system32\msfeedsbs.dll
    + 2008-03-01 12:58:08 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
    - 2007-08-13 16:54:12 3,578,368 ----a-w C:\WINDOWS\system32\mshtml.dll
    + 2008-03-01 16:28:10 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
    - 2007-08-13 16:54:10 475,648 ----a-w C:\WINDOWS\system32\mshtmled.dll
    + 2008-03-01 12:58:09 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
    + 2007-03-12 12:02:26 947,472 ----a-w C:\WINDOWS\system32\msjava.dll
    - 2007-08-13 16:44:26 192,000 ----a-w C:\WINDOWS\system32\msrating.dll
    + 2008-03-01 12:58:10 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
    - 2007-08-13 16:54:10 670,720 ----a-w C:\WINDOWS\system32\mstime.dll
    + 2008-03-01 12:58:10 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
    - 2007-08-13 16:44:06 101,376 ----a-w C:\WINDOWS\system32\occache.dll
    + 2008-03-01 12:58:10 102,912 ----a-w C:\WINDOWS\system32\occache.dll
    - 2007-08-13 16:36:12 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
    + 2008-03-01 12:58:10 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
    - 2007-08-13 16:44:30 105,984 ----a-w C:\WINDOWS\system32\url.dll
    + 2008-03-01 12:58:10 105,984 ----a-w C:\WINDOWS\system32\url.dll
    - 2007-08-13 16:54:10 1,162,240 ----a-w C:\WINDOWS\system32\urlmon.dll
    + 2008-03-01 12:58:10 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
    + 2002-10-06 14:00:10 119,568 ----a-w C:\WINDOWS\system32\VB6FR.DLL
    + 1999-03-25 23:00:00 101,888 ----a-w C:\WINDOWS\system32\VB6STKIT.DLL
    - 2007-08-13 16:54:10 231,424 ----a-w C:\WINDOWS\system32\webcheck.dll
    + 2008-03-01 12:58:11 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
    - 2008-04-16 06:17:30 40,960 ----a-w C:\WINDOWS\TEMP\rtdrvmon.exe
    + 2008-04-17 05:52:39 40,960 ----a-w C:\WINDOWS\TEMP\rtdrvmon.exe
    + 2006-06-05 13:47:40 1,093,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfc80.dll
    + 2006-06-05 13:47:48 1,080,320 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfc80u.dll
    + 2006-06-05 13:47:50 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfcm80.dll
    + 2006-06-05 13:47:50 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfcm80u.dll
    + 2006-06-05 13:28:32 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80CHS.dll
    + 2006-06-05 13:28:32 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80CHT.dll
    + 2006-06-05 13:28:32 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80DEU.dll
    + 2006-06-05 13:28:34 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80ENU.dll
    + 2006-06-05 13:28:32 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80ESP.dll
    + 2006-06-05 13:28:32 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80FRA.dll
    + 2006-06-05 13:28:32 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80ITA.dll
    + 2006-06-05 13:28:32 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80JPN.dll
    + 2006-06-05 13:28:34 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80KOR.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-04-11 11:45 5724184]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
    "RegistryBooster 2 d’Uniblue "="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-11-21 17:07 1902592]
    "Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 10:42 495616]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32 455168]
    "PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32 455168]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
    "WService"="WService.EXE" [2002-09-07 12:23 28672 C:\WINDOWS\system32\WService.exe]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    --a------ 2006-11-12 12:48 157592 C:\Program Files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    --a------ 2004-08-03 22:32 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
    --a------ 2003-08-19 16:48 57344 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
    --a------ 2004-08-03 22:31 59392 C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ninja Surfing]
    --a------ 2007-06-19 16:02 958535 C:\Program Files\NinjaSurfing\nsurfing.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2007-12-05 01:41 8523776 C:\WINDOWS\System32\NvCpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2007-12-05 01:41 81920 C:\WINDOWS\System32\NvMcTray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    -ra------ 2008-02-29 14:42 21898024 C:\Program Files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
    --a------ 2008-04-12 13:08 8811824 C:\program files\voipbuster.com\voipbuster\voipbuster.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\FlashFXP\\flashfxp.exe"=

    R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-19 16:10]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
    S1 lusbaudio;Microphone USB Logitech;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 22:05]
    S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 00:00]
    S3 QCEmerald;QuickCam Web Logitech;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 22:05]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-11 10:33]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-04-12 19:47:36 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-04-11 15:55:59 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2008\OneClick.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-17 07:52:38
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
    "ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt"
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\drivers\WTSrv.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-17 7:57:18 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-04-17 05:56:59
    ComboFix2.txt 2008-04-16 06:20:36

    Pre-Run: 75,170,828,288 octets libres
    Post-Run: 75,195,293,696 octets libres
    .
    2008-04-16 09:09:18 --- E O F ---
    17 Avril 2008 07:59:57

    Log de Hijackthis :


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 07:59:20, on 17/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\WService.EXE
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\DRIVERS\WtSrv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Anonymizer Proxy - {0DB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\NinjaSurfing\ProxyNew.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [WService] WService.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [RegistryBooster 2 d’Uniblue ] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

    --
    End of file - 7736 bytes
    17 Avril 2008 12:00:49

    Re,

    Recommence la même manip' en veillant bien à désactiver toutes les protections de tes antivirus.

    ;) 
    17 Avril 2008 18:47:57

    Ok combofix log :


    ComboFix 08-04-16.5 - Sense 2008-04-17 18:38:45.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.446 [GMT 2:00]
    Endroit: C:\Documents and Settings\Sense\Bureau\Combo-Fix.exe
    Command switches used :: C:\Documents and Settings\Sense\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-17 to 2008-04-17 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-17 18:31 . 2008-04-17 18:32 <REP> d-------- C:\WINDOWS\LastGood
    2008-04-17 18:28 . 2008-04-17 18:31 <REP> d-------- C:\Program Files\TmNationsForever
    2008-04-17 12:06 . 2008-04-17 12:06 17,188 --ah----- C:\WINDOWS\system32\mlfcache.dat
    2008-04-17 11:57 . 2008-04-17 11:58 <REP> d-------- C:\Program Files\mIRC
    2008-04-17 11:57 . 2008-04-17 14:43 <REP> d-------- C:\Documents and Settings\Sense\Application Data\NoNameScript
    2008-04-17 11:57 . 2008-04-17 11:57 <REP> d-------- C:\Documents and Settings\Sense\Application Data\mIRC
    2008-04-17 11:50 . 2008-04-17 11:50 <REP> d-------- C:\Program Files\KeyHoleTV
    2008-04-16 21:19 . 2008-04-17 12:09 <REP> d-------- C:\Program Files\FlashFXP
    2008-04-16 21:16 . 2008-04-16 21:16 <REP> d-------- C:\Program Files\TaGG Ip
    2008-04-16 20:36 . 2008-04-16 20:36 <REP> d-------- C:\Program Files\Gadwin Systems
    2008-04-16 20:25 . 2008-04-17 09:31 <REP> d-------- C:\Documents and Settings\Sense\Application Data\FileZilla
    2008-04-16 20:24 . 2008-04-16 20:25 <REP> d-------- C:\Program Files\FileZilla FTP Client
    2008-04-16 19:11 . 2008-04-16 19:12 <REP> d-------- C:\Program Files\RegCleaner
    2008-04-16 13:58 . 2008-04-16 19:42 <REP> d-------- C:\Program Files\Eurobarre
    2008-04-16 13:58 . 2008-04-16 13:58 108,336 --------- C:\WINDOWS\system32\mswinsck.ocx
    2008-04-16 13:58 . 2008-04-16 13:58 15,872 --------- C:\WINDOWS\system32\winskfr.dll
    2008-04-16 11:08 . 2008-04-16 11:08 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-04-16 11:01 . 2008-04-16 11:01 <REP> d-------- C:\Program Files\comptes
    2008-04-16 11:01 . 2008-04-16 11:01 290,816 --------- C:\WINDOWS\Setup1.exe
    2008-04-16 11:01 . 2008-04-16 11:01 74,752 --a------ C:\WINDOWS\ST6UNST.EXE
    2008-04-16 09:48 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-04-16 09:48 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2008-04-16 09:48 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2008-04-16 09:48 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2008-04-16 09:48 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2008-04-16 09:48 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
    2008-04-16 09:48 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
    2008-04-16 09:48 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2008-04-16 09:48 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-04-16 08:31 . 2008-04-16 08:31 <REP> d-------- C:\WINDOWS\Sun
    2008-04-16 08:25 . 2008-04-16 08:25 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat
    2008-04-16 08:25 . 2008-04-16 08:25 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat
    2008-04-16 08:24 . 2008-04-16 08:24 <REP> d-------- C:\Program Files\Kaspersky Lab
    2008-04-16 08:24 . 2008-04-17 07:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-04-16 08:24 . 2008-04-17 18:43 1,634,336 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-04-16 08:24 . 2008-04-17 18:42 125,984 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
    2008-04-16 08:24 . 2008-04-17 07:51 20,156 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2008-04-16 08:24 . 2008-04-17 07:51 11,120 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
    2008-04-16 08:21 . 2008-04-16 08:21 20,480 --a------ C:\WINDOWS\REGCARDS.OLD
    2008-04-16 08:20 . 2008-04-16 08:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-04-15 23:13 . 2004-08-19 16:09 400,896 --a------ C:\WINDOWS\system32\CF21104.exe
    2008-04-15 23:07 . 2006-10-25 01:10 684,032 --a------ C:\Documents and Settings\Sense\WService.EXE
    2008-04-15 22:34 . 2008-04-15 22:34 <REP> d-------- C:\Muestras
    2008-04-15 21:48 . 2008-04-15 21:48 <REP> d-------- C:\Program Files\Yahoo!
    2008-04-15 21:48 . 2008-04-15 21:48 <REP> d-------- C:\Program Files\CCleaner
    2008-04-15 20:47 . 2008-04-15 20:47 <REP> d-------- C:\Program Files\uTorrent
    2008-04-15 20:47 . 2008-04-15 20:47 <REP> d-------- C:\Program Files\Trend Micro
    2008-04-15 20:47 . 2008-04-15 20:47 <REP> d-------- C:\Program Files\eToro
    2008-04-15 19:56 . 2008-04-15 19:56 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-04-15 19:48 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-04-15 19:00 . 2008-04-15 19:48 <REP> d-------- C:\Program Files\Java
    2008-04-15 18:58 . 2008-04-15 18:58 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2008-04-15 18:57 . 2008-04-15 18:57 <REP> d-------- C:\Program Files\Cellosoft
    2008-04-15 18:51 . 2008-04-17 18:36 <REP> d-------- C:\Documents and Settings\Sense\Application Data\uTorrent
    2008-04-15 17:17 . 2008-04-15 17:17 <REP> d-------- C:\Program Files\Lavasoft
    2008-04-15 17:17 . 2008-04-15 17:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-04-15 17:03 . 2008-04-15 17:03 <REP> d-------- C:\Documents and Settings\Sense\Application Data\Uniblue
    2008-04-15 17:02 . 2008-04-15 17:02 <REP> d-------- C:\Program Files\Uniblue
    2008-04-15 16:38 . 2008-04-15 16:38 <REP> d--hs---- C:\found.000
    2008-04-15 16:08 . 2008-04-16 08:30 <REP> d-------- C:\Program Files\Subliminal Flash
    2008-04-15 16:07 . 2008-04-15 16:07 <REP> d-------- C:\Program Files\Subliminal Messages Organizer
    2008-04-15 13:20 . 2008-04-16 11:09 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2008-04-15 13:16 . 2008-04-15 13:16 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
    2008-04-15 13:15 . 2008-04-15 13:16 <REP> d-------- C:\Program Files\Logitech
    2008-04-15 13:12 . 2001-08-17 22:05 351,616 --a------ C:\WINDOWS\system32\drivers\OVCodek2.sys
    2008-04-15 11:01 . 2008-04-15 11:01 <REP> d-------- C:\Program Files\Guitar Pro 5
    2008-04-15 10:49 . 2008-04-15 10:49 <REP> d-------- C:\Program Files\Intel Desktop Board
    2008-04-15 09:27 . 2008-04-17 10:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-04-15 09:27 . 2008-04-15 09:27 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-04-15 08:06 . 2008-04-15 08:13 <REP> d-------- C:\Program Files\Asgard Of Ardamir
    2008-04-14 09:47 . 2008-04-14 09:47 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
    2008-04-14 08:08 . 2008-04-14 09:40 <REP> d-------- C:\Documents and Settings\Sense\Application Data\AdobeUM
    2008-04-13 15:59 . 2008-04-13 19:04 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
    2008-04-13 15:59 . 2008-04-13 16:16 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
    2008-04-13 15:59 . 2008-04-13 19:04 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-04-13 15:59 . 2008-04-13 15:59 22,328 --a------ C:\Documents and Settings\Sense\Application Data\PnkBstrK.sys
    2008-04-13 15:54 . 2008-04-13 16:13 <REP> d-------- C:\PunkBuster
    2008-04-13 15:29 . 2008-04-13 15:29 <REP> d-------- C:\Program Files\K-Lite Codec Pack
    2008-04-13 11:21 . 2008-04-13 11:21 <REP> d-------- C:\Program Files\VstPlugins
    2008-04-13 11:21 . 2008-04-13 11:21 <REP> d-------- C:\Program Files\Outsim
    2008-04-13 11:21 . 2008-04-13 11:21 <REP> d-------- C:\Program Files\ASIO4ALL v2
    2008-04-13 11:21 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
    2008-04-13 11:21 . 2006-06-20 10:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll
    2008-04-13 11:19 . 2008-04-13 11:21 <REP> d-------- C:\Program Files\Image-Line
    2008-04-13 10:37 . 2008-04-13 10:37 <REP> d-------- C:\Program Files\Native Instruments
    2008-04-13 08:00 . 2008-04-13 08:00 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
    2008-04-12 22:44 . 2008-04-12 22:44 <REP> d-------- C:\Program Files\GENIUS TABLET
    2008-04-12 22:44 . 2003-11-25 07:58 315,392 --a------ C:\WINDOWS\SETUPX32.EXE
    2008-04-12 22:44 . 2003-12-23 06:35 583 --a------ C:\WINDOWS\SETUPEXT.INF
    2008-04-12 21:48 . 2008-04-12 21:48 <REP> d-------- C:\Program Files\iTunes
    2008-04-12 21:48 . 2008-04-12 21:48 <REP> d-------- C:\Program Files\iPod
    2008-04-12 21:48 . 2008-04-12 21:48 <REP> d-------- C:\Documents and Settings\Sense\Application Data\Apple Computer
    2008-04-12 21:47 . 2008-04-12 21:48 <REP> d-------- C:\Program Files\QuickTime
    2008-04-12 21:47 . 2008-04-12 21:47 <REP> d-------- C:\Program Files\Fichiers communs\Apple
    2008-04-12 21:47 . 2008-04-12 21:47 <REP> d-------- C:\Program Files\Apple Software Update
    2008-04-12 21:47 . 2008-04-12 21:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-04-12 21:47 . 2008-04-12 21:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2008-04-12 21:44 . 2008-04-12 21:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-04-12 21:24 . 2008-04-12 21:48 <REP> d-------- C:\Program Files\Bonjour
    2008-04-12 21:12 . 2008-04-16 19:57 <REP> d-------- C:\Program Files\Fichiers communs\Adobe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-15 11:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-15 01:00 --------- d-----w C:\Program Files\Windows Live
    2008-04-14 17:30 --------- d-----w C:\Program Files\Lexmark X1100 Series
    2008-04-14 07:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-04-13 17:15 --------- d-----w C:\Program Files\Lineage II
    2008-04-11 09:53 --------- d-----w C:\Program Files\Teamspeak2_RC2
    2008-04-11 09:53 --------- d-----w C:\Documents and Settings\Sense\Application Data\teamspeak2
    2008-04-11 09:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-04-11 09:44 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-04-11 09:40 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-04-11 09:36 --------- d-----w C:\Documents and Settings\Sense\Application Data\InstallShield
    2008-04-11 09:32 --------- d-----w C:\Program Files\Mirage-Team Decoder Pack
    2008-04-11 09:32 --------- d-----w C:\Documents and Settings\Sense\Application Data\Media Player Classic
    2008-04-11 08:06 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-04-11 07:44 --------- d-----w C:\Program Files\Lavalys
    2008-04-11 07:32 --------- d-----w C:\Program Files\FaxTools
    2008-04-11 07:32 --------- d-----w C:\Program Files\ABBYY FineReader 6.0
    2008-04-11 07:32 --------- d-----w C:\Program Files\ABBYY FineReader 5.0 Sprint
    2008-04-11 07:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
    2008-04-11 07:22 --------- d-----w C:\Program Files\microsoft frontpage
    2008-04-11 07:20 --------- d-----w C:\Program Files\Services en ligne
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-04 10:33 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
    2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-01 09:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
    .

    ((((((((((((((((((((((((((((( snapshot_2008-04-17_ 7.56.42.35 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-04-17 16:32:05 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
    + 2008-04-17 16:32:05 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
    + 2008-04-17 16:32:05 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
    + 2008-04-17 16:32:02 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-04-17 16:32:03 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-04-17 16:32:03 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-04-17 16:32:04 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-04-17 16:32:04 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-04-17 16:32:04 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-04-17 16:32:04 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-04-17 16:32:04 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-04-17 16:32:05 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-04-17 16:32:06 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2008-04-17 16:32:06 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
    + 2008-04-17 16:32:06 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
    + 2008-04-17 16:32:06 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
    + 2008-04-17 16:32:06 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
    + 2008-04-17 16:32:05 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
    + 2005-02-05 17:45:26 2,222,800 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_24.dll
    + 2005-03-18 15:19:58 2,337,488 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_25.dll
    + 2005-05-26 13:34:52 2,297,552 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_26.dll
    + 2005-07-22 17:59:04 2,319,568 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_27.dll
    + 2005-12-05 16:09:18 2,323,664 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_28.dll
    + 2006-02-03 06:43:16 2,332,368 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_29.dll
    + 2006-03-31 10:40:58 2,388,176 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_30.dll
    + 2006-02-03 06:41:26 14,032 ----a-w C:\WINDOWS\LastGood\system32\x3daudio1_0.dll
    + 2006-02-03 06:42:06 230,096 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_0.dll
    + 2006-03-31 10:39:48 229,584 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_1.dll
    + 2006-05-31 05:24:16 230,168 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_2.dll
    + 2006-03-31 10:39:24 62,672 ----a-w C:\WINDOWS\LastGood\system32\xinput1_1.dll
    + 2005-12-05 16:07:30 61,136 ----a-w C:\WINDOWS\LastGood\system32\xinput9_1_0.dll
    + 2005-03-18 14:23:10 53,248 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
    + 2005-03-18 14:23:10 12,800 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
    + 2005-03-18 14:23:14 473,600 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
    + 2004-09-29 10:38:58 2,676,224 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
    + 2005-03-18 14:23:10 145,920 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
    + 2005-03-18 14:23:10 159,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
    + 2005-03-18 14:23:14 364,544 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
    + 2005-03-18 14:23:12 178,176 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
    + 2005-03-18 14:23:14 223,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
    + 2004-12-01 13:53:06 2,846,720 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
    + 2005-02-05 17:32:54 563,712 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
    + 2005-03-18 15:23:14 567,296 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
    + 2005-05-26 13:15:56 576,000 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
    + 2005-07-22 15:21:34 577,024 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
    + 2005-09-28 12:11:52 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
    + 2005-12-05 15:20:50 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
    + 2006-02-03 05:40:48 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
    + 2006-03-31 09:27:50 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-04-11 11:45 5724184]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
    "RegistryBooster 2 d’Uniblue "="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-11-21 17:07 1902592]
    "Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 10:42 495616]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32 455168]
    "PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32 455168]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
    "WService"="WService.EXE" [2002-09-07 12:23 28672 C:\WINDOWS\system32\WService.exe]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    --a------ 2006-11-12 12:48 157592 C:\Program Files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    --a------ 2004-08-03 22:32 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
    --a------ 2003-08-19 16:48 57344 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
    --a------ 2004-08-03 22:31 59392 C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ninja Surfing]
    --a------ 2007-06-19 16:02 958535 C:\Program Files\NinjaSurfing\nsurfing.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2007-12-05 01:41 8523776 C:\WINDOWS\System32\NvCpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2007-12-05 01:41 81920 C:\WINDOWS\System32\NvMcTray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    -ra------ 2008-02-29 14:42 21898024 C:\Program Files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
    --a------ 2008-04-12 13:08 8811824 C:\program files\voipbuster.com\voipbuster\voipbuster.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\FlashFXP\\flashfxp.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=

    R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-19 16:10]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
    S1 lusbaudio;Microphone USB Logitech;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 22:05]
    S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 00:00]
    S3 QCEmerald;QuickCam Web Logitech;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 22:05]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-11 10:33]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-04-12 19:47:36 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-04-11 15:55:59 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2008\OneClick.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-17 18:42:44
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
    "ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt"
    .
    Temps d'accomplissement: 2008-04-17 18:44:29
    ComboFix-quarantined-files.txt 2008-04-17 16:44:01
    ComboFix2.txt 2008-04-17 05:57:19
    ComboFix3.txt 2008-04-16 06:20:36

    Pre-Run: 72,332,238,848 octets libres
    Post-Run: 72,330,166,272 octets libres
    .
    2008-04-16 09:09:18 --- E O F ---
    17 Avril 2008 18:59:21

    Log de Hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:58:28, on 17/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\WService.EXE
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\DRIVERS\WtSrv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    H:\Program Files\Steam\steam.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Anonymizer Proxy - {0DB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\NinjaSurfing\ProxyNew.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WService] WService.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [RegistryBooster 2 d’Uniblue ] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

    --
    End of file - 7911 bytes
    17 Avril 2008 19:22:32

    Re,

    Télécharge Pocket KillBox

  • Ensuite, tu le dézippes sur ton bureau.
    Démo animée
    http://pageperso.aol.fr/balltrap34/killbox.htm
  • Ouvre Pocket Killbox
  • Copie le texte en bleu/gras ci-bas (sélectionne-le en entier avec ta souris, puis fais un clic-droit dessus et choisis "Copier") :
    Citation :


    C:\WINDOWS\system32\CF21104.exe
    C:\Documents and Settings\Sense\WService.EXE


  • Clique sur le menu 'File' de KillBox (en haut à gauche) et choisis Paste from clipboard.
  • Sélectionne "Delete on reboot".
  • Clique sur le bouton : All Files (!important!)
  • Clique maintenant sur le bouton Kill (cercle rouge avec un X blanc)
    Killbox va te demander "...Would like to Reboot now ?", clique YES et attends le redémarrage.
    Si tu ne reçois pas ce message, redémarre le PC normalement.

    NOTE: Si tu reçois le message "PendingFileRenameOperations Registry Data has been removed by external process!" et que l'ordinateur ne redémarre pas,
    redémarre le manuellement ---> Menu Démarrer / arreter / redémarrer l'ordinateur .


    ;) 
    18 Avril 2008 17:29:10

    Tout s'est fait correctement. Est-ce terminé ?
    18 Avril 2008 18:46:37

    Re,

    As-tu un message à me poster, un log.txt KillBox! ? Regarde à la racine de ton disque dur, ou dans le répertoire de killbox! Cherche un fichier .txt ;) 

    Tu peux maintenant désinstaller/réinstaller TOUS tes logiciels de protection, sauf ceux qui marchent correctement.

    Ensuite, poste un nouveau rapport hijackthis.

    N.B : Presque fini :D 

    ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS