Se connecter / S'enregistrer
Votre question

Log HJT aide svp

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
14 Décembre 2007 16:57:52

Voici mon log...

Problème de mise à jour qui veut éteindre le pc, msn processus présent mais invisible impossible à décoller...et processus manquand dans le gestionnaire des tâches...

nettoyage fait antivirus ccleaner spybot ad aware etc etc....rien n'y fait


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:39, on 2007-12-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\No-IP\DUC20.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\logon.scr
C:\Program Files\Security Task Manager\TaskMan.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par L30M
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Powermarks - {E166B4A2-83E7-11D3-B4FD-004005A47AAA} - C:\PROGRA~1\POWERM~1.5\iec.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.cyberpresse.ca/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{71D3F6CB-C4F7-4F09-8A20-8B7612E2DE42}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{71D3F6CB-C4F7-4F09-8A20-8B7612E2DE42}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{71D3F6CB-C4F7-4F09-8A20-8B7612E2DE42}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: cmdndl - cmdndl.dll (file missing)
O20 - Winlogon Notify: iifgdbx - iifgdbx.dll (file missing)
O20 - Winlogon Notify: khfcccc - khfcccc.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

--
End of file - 6183 bytes

Autres pages sur : log hjt aide svp

15 Décembre 2007 14:22:35

Bonjour


Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.

Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis.
15 Décembre 2007 16:50:10

Combofix se bloque j,ai tenté plusieurs fois....
Contenus similaires
15 Décembre 2007 16:50:48

Reste bloqué à deleting files et folders aucun rapport produit...
15 Décembre 2007 19:43:30

Re

Je ne vois pas d'antivirus. Lequel est-il ?
15 Décembre 2007 20:10:17

J'utilise avg et avast que j'ai présentement désinstallé...
15 Décembre 2007 23:59:15



AntiVir PersonalEdition Classic
Report file date: 2007-12-15 16:32

Scanning for 972845 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: SIM

Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 19:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 18:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 21:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 18:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 21:27:03
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 21:27:03
ANTIVIR2.VDF : 7.0.1.96 2048 Bytes 2007-12-14 21:27:03
ANTIVIR3.VDF : 7.0.1.98 4096 Bytes 2007-12-14 21:27:03
AVEWIN32.DLL : 7.6.0.45 3084800 Bytes 2007-12-15 21:27:04
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 16:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 13:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 19:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 2007-08-03 14:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 13:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 18:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 13:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 17:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 18:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 18:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 15:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2007-12-15 16:32

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'update.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'mscorsvw.exe' - '1' Module(s) have been scanned
Scan process 'inetinfo.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'oodag.exe' - '1' Module(s) have been scanned
Scan process 'DUC20.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'DUC20.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
32 processes with 32 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!
Boot sector 'F:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '20' files ).


Starting the file scan:

Begin scan in 'C:\' <Disque local>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Netpumper.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '47d84eb9.qua'!
Begin scan in 'D:\' <BEBELLES>
Begin scan in 'E:\' <MUSIQUE>
Begin scan in 'F:\' <FILMS>
F:\Emule\Download\Ethereal + Winpcap Sniffer updated-fixed 09-2007.rar
[0] Archive type: RAR
--> setup.exe
[DETECTION] Contains detection pattern of the worm WORM/P2P.Kapucen.Gen
[INFO] The file was moved to '47cc5985.qua'!
F:\Emule\Download\Pc App Enfocus Pitstop Pro 7.0 En.rar
[0] Archive type: RAR
--> PitStop Pro crack.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[INFO] The file was moved to '478459a5.qua'!
F:\Emule\Temp\049.part
[DETECTION] Contains detection pattern of the worm WORM/Bagle.HE
[INFO] The file was moved to '479d59be.qua'!
F:\Progs\NetLimiter.2.PRO.SERIAL.INCLUDED.zip
[0] Archive type: ZIP
--> NetLimiter.2.PRO.SERIAL.INCLUDED.rar
[1] Archive type: RAR
--> keygen.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47d85a16.qua'!
F:\Progs\NetLimiter.2.PRO.SERIAL.INCLUDED\NetLimiter.2.PRO.SERIAL.INCLUDED.rar
[0] Archive type: RAR
--> keygen.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47d85ac0.qua'!


End of the scan: 2007-12-15 17:54
Used time: 1:22:31 min

The scan has been done completely.

6206 Scanning directories
400567 Files were scanned
5 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
0 files were deleted
0 files were repaired
6 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
400562 Files not concerned
1980 Archives were scanned
1 Warnings
31 Notes

16 Décembre 2007 00:26:50

Il a supprimé deux cracks ...

Recommence le scan avec Combofix.
Si cela coince encore, fais le en mode sans échec.
16 Décembre 2007 00:49:08

Je sais et je doute qu'ils soient en cause...ils sont là depuis longtemps sans que j'aie eu de problèmes...

combofix réussi
mais ne produit pas de rapport...ou plutôt celui ci se limite à cela:

ComboFix 07-12-15.5 - Administrateur 2007-12-15 18:23:34.10 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.407 [GMT -5:00]
Running from: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
.



16 Décembre 2007 22:42:18

Bonjour

On change d'outil.

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4

* Double-clique VundoFix.exe afin de le lancer.
* Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo.
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
* Démarre ton PC à nouveau.
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
16 Décembre 2007 22:50:29

J'avais déjà fait vundofix plusieurs fois sans succès...

Il n'y a donc pas de rapport créé...j'ai aussi fait smitfraud fix, look2me, msnfix....

Combofix a un problème je crois quand il s'exécute sur ma machine, il semble fonctionner mais il ne me sort pas de log comme il le faut. Sur une autre machine il fait son log pourtant...
16 Décembre 2007 23:45:38

Re

On change.

Télécharge DiagHelp.zip (de Malekal_Morte) sur ton bureau
http://www.malekal.com/download/DiagHelp.zip
- Fais un clic droit sur le fichier et extraire tout
- Un nouveau dossier chercher va être créé DiagHelp
- Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
- Une fenêtre va s'ouvrir, choisis l'option 1
- L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande

ATTENTION : pendant l'analyse, après le rapport catchme, il te sera demandé d'appuyer sur une touche afin de poursuivre le scan, suis bien les instructions à l'écran !

- A la fin de l'analyse, il te sera peut-être demandé de redémarrer l'ordinateur... Une fois l'ordinateur redémarré le rapport va apparaître sur le bloc-note.. Ce dernier se trouve sur C:\resultat.txt
- Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
-- Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
-- A nouveau menu Edition / copier
-- Dans un nouveau message ici, faire un clic droit / coller
17 Décembre 2007 01:46:32

DiagHelp version v1.4 - http://www.malekal.com
excute le 2007-12-16 à 19:44:37.20


Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->2007-12-16 19:44:34
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->2007-12-16 19:44:32
C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->2007-12-16 19:44:04
C:\WINDOWS\prefetch\NMBGMONITOR.EXE-241A04E8.pf -->2007-12-16 19:43:25
C:\WINDOWS\prefetch\NMINDEXSTORESVR.EXE-22A7DEEF.pf -->2007-12-16 19:43:24
C:\WINDOWS\prefetch\AVSCAN.EXE-1E0AD9ED.pf -->2007-12-16 19:42:05
C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf -->2007-12-16 19:41:55
C:\WINDOWS\prefetch\MSNMSGR.EXE-030AB647.pf -->2007-12-16 19:41:50
C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf -->2007-12-16 19:41:26
C:\WINDOWS\prefetch\WSCNTFY.EXE-1B24F5EB.pf -->2007-12-16 19:41:23

C:\WINDOWS\System32\drivers\avipbb.sys -->2007-12-15 16:27:11
C:\WINDOWS\System32\drivers\secdrv.sys -->2007-11-13 05:25:54
C:\WINDOWS\System32\drivers\tmcomm.sys -->2007-10-20 19:47:35
C:\WINDOWS\System32\drivers\avgntdd.sys -->2007-08-09 13:04:11
C:\WINDOWS\System32\drivers\AWRTRD.sys -->2007-08-07 13:58:08
C:\WINDOWS\System32\drivers\NSDriver.sys -->2007-08-07 13:56:58
C:\WINDOWS\System32\drivers\pxhelp20.sys -->2007-07-26 18:06:18

C:\WINDOWS\System32\wpa.dbl -->2007-12-16 19:40:29
C:\WINDOWS\System32\OODBS.lor -->2007-12-16 19:39:46
C:\WINDOWS\System32\settingsbkup.sfm -->2007-12-16 17:37:47
C:\WINDOWS\System32\settings.sfm -->2007-12-16 17:37:47
C:\WINDOWS\System32\DVCStateBkp-{00000000-00000000-0000000C-00001102-00000002-80611102}.dat -->2007-12-16 17:37:47
C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000C-00001102-00000002-80611102}.dat -->2007-12-16 17:37:47
C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-0000000C-00001102-00000002-80611102}.rfx -->2007-12-16 17:37:47
C:\WINDOWS\System32\BMXState-{00000000-00000000-0000000C-00001102-00000002-80611102}.rfx -->2007-12-16 17:37:47
C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000C-00001102-00000002-80611102}.rfx -->2007-12-16 17:37:47
C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000C-00001102-00000002-80611102}.rfx -->2007-12-16 17:37:47
C:\WINDOWS\System32\tmp.txt -->2007-12-15 18:51:20
C:\WINDOWS\System32\tmp.reg -->2007-12-15 18:51:20
C:\WINDOWS\System32\perfh00C.dat -->2007-12-15 16:16:43
C:\WINDOWS\System32\perfh009.dat -->2007-12-15 16:16:43
C:\WINDOWS\System32\perfc00C.dat -->2007-12-15 16:16:43
C:\WINDOWS\System32\perfc009.dat -->2007-12-15 16:16:43
C:\WINDOWS\System32\PerfStringBackup.INI -->2007-12-15 16:16:42
C:\WINDOWS\System32\BASSMOD.dll -->2007-12-15 13:29:12
C:\WINDOWS\System32\nscompat.tlb -->2007-12-15 13:26:19
C:\WINDOWS\System32\amcompat.tlb -->2007-12-15 13:26:19
C:\WINDOWS\System32\CONFIG.NT -->2007-12-15 12:46:19
C:\WINDOWS\System32\swreg.exe -->2007-12-13 21:26:50
C:\WINDOWS\System32\IEDFix.exe -->2007-12-13 19:40:20
C:\WINDOWS\System32\d3d9caps.dat -->2007-12-13 14:15:37
C:\WINDOWS\System32\TZLog.log -->2007-12-12 18:59:45

C:\WINDOWS\WindowsUpdate.log -->2007-12-16 19:41:03
C:\WINDOWS\0.log -->2007-12-16 19:40:14
C:\WINDOWS\wiadebug.log -->2007-12-16 19:40:13
C:\WINDOWS\wiaservc.log -->2007-12-16 19:40:11
C:\WINDOWS\QTFont.qfn -->2007-12-16 19:40:06
C:\WINDOWS\bootstat.dat -->2007-12-16 19:39:51
C:\WINDOWS\ntbtlog.txt -->2007-12-16 17:55:15
C:\WINDOWS\win.ini -->2007-12-16 17:11:35
C:\WINDOWS\system.ini -->2007-12-16 17:11:35
C:\WINDOWS\WgaNotify.log -->2007-12-16 17:08:29
C:\WINDOWS\setupapi.log -->2007-12-16 17:08:26
C:\WINDOWS\msnfix.txt -->2007-12-16 00:08:29
C:\WINDOWS\olsdbg.log -->2007-12-15 23:16:56
C:\WINDOWS\ODBC.INI -->2007-12-15 15:07:38
C:\WINDOWS\NeroDigital.ini -->2007-12-15 14:03:44

winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Unsigned
ndis.sys
Verified: Signed
null.sys
Verified: Signed


ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 1460
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x44080000 0xcf000 7.00.6000.16574 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16574 C:\WINDOWS\system32\iertutil.dll
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x44160000 0x127000 7.00.6000.16574 C:\WINDOWS\system32\urlmon.dll
0x44360000 0x5cd000 7.00.6000.16574 C:\WINDOWS\system32\ieframe.dll
0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
0x442b0000 0x3c000 7.00.6000.16574 C:\WINDOWS\system32\webcheck.dll
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x02340000 0x56000 7.10.3052.0004 C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCR71.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCP71.dll
0x78130000 0x9b000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
0x037d0000 0x11a000 1.05.0000.0008 C:\PROGRA~1\SPYBOT~1\SDHelper.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x042e0000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x02c80000 0xc000 1.00.0000.0002 c:\windows\dirsize.dll
0x03ce0000 0x1b9000 2.00.0000.0007 C:\Program Files\Fichiers communs\Ahead\lib\NeroDigitalExt.dll
0x7c140000 0x103000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\lib\MFC71.DLL
0x02cb0000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
0x02d20000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
0x02980000 0xbe000 1.00.0001.0005 C:\Program Files\Fichiers communs\Ahead\lib\NMDataServices.dll
0x014a0000 0x19000 1.00.0001.0005 C:\Program Files\Fichiers communs\Ahead\lib\NMPluginBase.dll
0x02a80000 0x76000 1.00.0001.0005 C:\Program Files\Fichiers communs\Ahead\lib\NMCoFoundation.dll
0x02b00000 0x33000 1.00.0001.0005 C:\Program Files\Fichiers communs\Ahead\lib\NMVDS.dll
0x014c0000 0x8000 1.00.0001.0005 C:\Program Files\Fichiers communs\Ahead\lib\NMIndexStoreSvrPS.dll
0x10000000 0x13000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
0x16200000 0x6000 4.01.0000.0000 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
0x030a0000 0x2a000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
0x02f80000 0x14000 2.00.0000.0005 C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL
0x034e0000 0x129000 11.00.0000.11492 C:\Program Files\Norton Save and Restore\Browser\VProShellExt.dll
0x03710000 0x2b000 C:\Program Files\WinRAR\rarext.dll
0x03740000 0x11000 7.00.0000.0010 C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll
0x11000000 0xf000 1.00.0000.0000 C:\WINDOWS\system32\Eeshellx.dll
0x66000000 0x152000 6.00.0097.0082 C:\WINDOWS\system32\MSVBVM60.DLL
0x66630000 0x20000 6.00.0089.0088 C:\WINDOWS\system32\VB6FR.DLL

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 668
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x011e0000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll


Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est 2021-2563

Répertoire de C:\WINDOWS\system32

2004-08-19 15:09 6,144 csrss.exe
1 fichier(s) 6,144 octets
0 Rép(s) 1,787,535,360 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est 2021-2563

Répertoire de C:\WINDOWS\Downloaded Program Files

2007-12-15 23:35 <REP> .
2007-12-15 23:35 <REP> ..
0 fichier(s) 0 octets

Total des fichiers listés :
0 fichier(s) 0 octets
2 Rép(s) 1,787,535,360 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..


Liste des fichiers en exception sur le pare-feu XP SP2



Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"



exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001



Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-16 19:45:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG08.00.00.01WORKSTATION"="70E800066BA02E1E5651978393771967DABE878EE04E50B22D1C2AC4F82C45A011253CA3B29F9F3F530AE977C89149614B6A5F172C6311BBEB9E70EED8E0D660EDFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3DA9C6AECB7A5D14079DB7CE019D40AA5C6A0CF24B0FB98378C81F797D7686854F6531AB55506DBF7AE3164F1CD8D98153DB117DF94F04C7F926702E45641BB4F375CD93787C0ACDE43C4D49A6BEBD97C965FACA06F48D75CFDDA8C70CBEA0DFB66FEA3C960FF2E842E220DBA87E608FBE7F8252B06943640FCD50CB6A6425FE54B48354BE7AF9C59CDF1905C83CF1F7267664FBDA24579F352676AE98C2F83BF1FC1701A3C030485D8CC835D4326696D368E0A789343DE89EEBAC5D765CB47096CFA6591E7B6C0DD7984351BEAE76DF02CB3DA7663CAFB48D7608B588C930322D0C3A6929D64B623E869EB299901E824D65C2C040F2AAABA975A20B73360A4506E25B31E591ABC92A2DF62620CE1DDBB7533C2D88A070297DE6192583602722D35B99A59803AF7A18B6ECEC2D71F68027847B9A56A6053F75A00FBDA79BAA77ADCD87ADA611BFDEE6A2A33CC318753763BCD4AC6174B2B2E4CA28057150FEA710E8BA261F380616DC43423C08F0A4FB9A9321F78991067A82640F9C19F7D3C5592E4FDE2F0AF2F1A140758A424353FEDFF4BC864F9750C3E93BF19D79239A9DCDF3E29B2DA9B778C1936BB7606896A2252088575A36A66E17F5011111F3882B946397140ECE4DE5AD0D59C9F0CC477E472AE9DBF22EE1116E0D72F782A31821387996F5F0C76E26394D75392C71005F01F94879865720F1344D8144157C0A632909885E1473995E1DCCFC73E96CA0C3F5CB100B299AC08E95D7E85CB3DC5C8EBA389BE4DBC59264F5D5AED8A5E7CEDEA92E34DE8FF6EA171F9F6D9BEC39586CA300048E4F47DFC2C3874EBE811FF21907862636937D87F042EED2D1F318078180AEF7D81B954DB66CD4A36DC1E3B78DDA8BE1C7B2D6423558E262419F94B5814F6531B38E5F6933368379A3CF1D0E8BD5C9E13D8FBA8D2D1AEBEA22EBDF7856F31B6E831E6A88604F2F211139C12A968EA026B4EFF89DDCA5CE3E1DF5BA249EB618749EE18DC09746466C5AAC600467FD43B53FBE736CF6FD23B0D3027D53AAC17B07D394346DE6910CB49A029A57E7013B18E4872136E409D61D587514E300A53573DF97E12D120717D4DC2F2525395962591EFC8A7DC191AA6030DCFCF7D8D48D8679EEA7648EE5512C22D3C9B1ADAC690BD9F65006E0C6B35CD8654BF5A2261C1347C0B0B9074D7A1E61AF64044D04D2C0F86CA25A43395AF6C064A787FD57CF7065DA3798DAC0269481266869524EF89452FCC8472460DA1AC8CECB1C41"
source file error: C:\Documents and Settings\Administrateur\ntuser.dat

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0


KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
604 - svchost.exe
644 - csrss.exe
668 - winlogon.exe
712 - services.exe
724 - lsass.exe
880 - svchost.exe
936 - svchost.exe
996 - svchost.exe
1040 - svchost.exe
1080 - svchost.exe
1244 - avguard.exe
1460 - explorer.exe
1684 - iTunesHelper.ex
1720 - msnmsgr.exe
1744 - ctfmon.exe
1796 - DUC20.exe
1808 - sched.exe
1820 - AppleMobileDevi
1876 - inetinfo.exe
1952 - DUC20.exe
1968 - cmd.exe
2012 - oodag.exe
2184 - alg.exe
2360 - iPodService.exe
2600 - svchost.exe
2756 - taskmgr.exe
2840 - wuauclt.exe
3196 - wscntfy.exe
3332 - wuauclt.exe
5208 - iexplore.exe
5288 - WLLoginProxy.ex

Total number of processes = 32
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntoskrnl.exe
806EC000 - \WINDOWS\system32\hal.dll
F7A2F000 - \WINDOWS\system32\KDCOM.DLL
F793F000 - \WINDOWS\system32\BOOTVID.dll
F74DF000 - ACPI.sys
F7A31000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS
F74CE000 - pci.sys
F752F000 - isapnp.sys
F7A33000 - viaide.sys
F77AF000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
F753F000 - MountMgr.sys
F74AF000 - ftdisk.sys
F7A35000 - dmload.sys
F7489000 - dmio.sys
F77B7000 - PartMgr.sys
F754F000 - VolSnap.sys
F7471000 - atapi.sys
F755F000 - disk.sys
F756F000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
F7451000 - fltMgr.sys
F743F000 - sr.sys
F757F000 - PxHelp20.sys
F7429000 - SymSnap.sys
F7412000 - KSecDD.sys
F7385000 - Ntfs.sys
F7358000 - NDIS.sys
F758F000 - viaagp.sys
F733D000 - Mup.sys
F75EF000 - \SystemRoot\system32\DRIVERS\processr.sys
F686E000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys
F685A000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
F75FF000 - \SystemRoot\system32\DRIVERS\imapi.sys
F760F000 - \SystemRoot\system32\DRIVERS\cdrom.sys
F761F000 - \SystemRoot\system32\DRIVERS\redbook.sys
F6837000 - \SystemRoot\system32\DRIVERS\ks.sys
F78D7000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys
F78DF000 - \SystemRoot\system32\DRIVERS\usbuhci.sys
F6814000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
F67FF000 - \SystemRoot\system32\drivers\ac97via.sys
F67DB000 - \SystemRoot\system32\drivers\portcls.sys
F762F000 - \SystemRoot\system32\drivers\drmk.sys
F66FD000 - \SystemRoot\system32\DRIVERS\HCF_MSFT.sys
F78E7000 - \SystemRoot\System32\Drivers\Modem.SYS
F78EF000 - \SystemRoot\system32\DRIVERS\SMC1211.SYS
F78F7000 - \SystemRoot\system32\DRIVERS\usbohci.sys
F78FF000 - \SystemRoot\system32\DRIVERS\usbehci.sys
F6685000 - \SystemRoot\system32\drivers\ctaud2k.sys
F666C000 - \SystemRoot\system32\drivers\ctoss2k.sys
F7A59000 - \SystemRoot\System32\drivers\ctprxy2k.sys
F7A27000 - \SystemRoot\system32\DRIVERS\gameenum.sys
F7907000 - \SystemRoot\system32\DRIVERS\fdc.sys
F6643000 - \SystemRoot\system32\DRIVERS\serial.sys
F7A2B000 - \SystemRoot\system32\DRIVERS\serenum.sys
F662F000 - \SystemRoot\system32\DRIVERS\parport.sys
F764F000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
F790F000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
F7C23000 - \SystemRoot\system32\DRIVERS\audstub.sys
F765F000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
F7319000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
F6618000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
F766F000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
F767F000 - \SystemRoot\system32\DRIVERS\raspptp.sys
F791F000 - \SystemRoot\system32\DRIVERS\TDI.SYS
F6607000 - \SystemRoot\system32\DRIVERS\psched.sys
F768F000 - \SystemRoot\system32\DRIVERS\msgpc.sys
F7927000 - \SystemRoot\system32\DRIVERS\ptilink.sys
F792F000 - \SystemRoot\system32\DRIVERS\raspti.sys
F65D6000 - \SystemRoot\system32\DRIVERS\rdpdr.sys
F6DF5000 - \SystemRoot\system32\DRIVERS\termdd.sys
F7937000 - \SystemRoot\system32\DRIVERS\mouclass.sys
F7A5B000 - \SystemRoot\system32\DRIVERS\swenum.sys
F65A2000 - \SystemRoot\system32\DRIVERS\update.sys
F7301000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
F6DC5000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F6D85000 - \SystemRoot\system32\DRIVERS\usbhub.sys
F7A81000 - \SystemRoot\system32\DRIVERS\USBD.SYS
F4EE2000 - \SystemRoot\system32\drivers\ha10kx2k.sys
F4ECD000 - \SystemRoot\System32\drivers\ctac32k.sys
F4EB4000 - \SystemRoot\System32\drivers\emupia2k.sys
F4E95000 - \SystemRoot\System32\drivers\ctsfm2k.sys
F77EF000 - \SystemRoot\system32\DRIVERS\flpydisk.sys
F7AA3000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F7BA7000 - \SystemRoot\System32\Drivers\Null.SYS
F7AA5000 - \SystemRoot\System32\Drivers\Beep.SYS
F7BA8000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys
F77FF000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
F7807000 - \SystemRoot\System32\drivers\vga.sys
F7AA7000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F7AA9000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F780F000 - \SystemRoot\System32\Drivers\Msfs.SYS
F7817000 - \SystemRoot\System32\Drivers\Npfs.SYS
F6A4A000 - \SystemRoot\system32\DRIVERS\rasacd.sys
F4E3A000 - \SystemRoot\system32\DRIVERS\ipsec.sys
F4DE1000 - \SystemRoot\system32\DRIVERS\tcpip.sys
F4DCE000 - \??\C:\WINDOWS\system32\drivers\nltdi.sys
F4D7E000 - \SystemRoot\system32\DRIVERS\netbt.sys
F4D5C000 - \SystemRoot\System32\drivers\afd.sys
F770F000 - \SystemRoot\system32\DRIVERS\netbios.sys
F771F000 - \SystemRoot\System32\Drivers\V2IMount.SYS
F781F000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys
F4CE1000 - \SystemRoot\system32\DRIVERS\rdbss.sys
F4C72000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
F772F000 - \SystemRoot\System32\Drivers\Fips.SYS
F4C51000 - \SystemRoot\system32\DRIVERS\ipnat.sys
F773F000 - \SystemRoot\system32\DRIVERS\wanarp.sys
F7BC1000 - \SystemRoot\System32\Drivers\cpuidlep.SYS
F774F000 - \SystemRoot\system32\DRIVERS\avipbb.sys
F7AAB000 - \??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys
F7BC2000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
F776F000 - \SystemRoot\System32\Drivers\LHidUsb.Sys
F777F000 - \SystemRoot\System32\Drivers\HIDCLASS.SYS
F7857000 - \SystemRoot\system32\DRIVERS\usbprint.sys
F785F000 - \SystemRoot\system32\DRIVERS\LHidFlt2.Sys
F4DC6000 - \SystemRoot\system32\DRIVERS\mouhid.sys
F75BF000 - \SystemRoot\system32\DRIVERS\LMouFlt2.Sys
F4DBA000 - \SystemRoot\system32\DRIVERS\hidusb.sys
F78A7000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS
F76EF000 - \SystemRoot\System32\Drivers\Cdfs.SYS
F2395000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F7A3F000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
F2DBB000 - \SystemRoot\System32\drivers\Dxapi.sys
F3736000 - \SystemRoot\System32\watchdog.sys
BF000000 - \SystemRoot\System32\drivers\dxg.sys
F7B17000 - \SystemRoot\System32\drivers\dxgthk.sys
BF012000 - \SystemRoot\System32\nv4_disp.dll
F1528000 - \SystemRoot\system32\drivers\wdmaud.sys
F763F000 - \SystemRoot\system32\drivers\sysaudio.sys
F13CF000 - \??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys
F137A000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
F7AB5000 - \SystemRoot\System32\Drivers\ParVdm.SYS
F1221000 - \SystemRoot\System32\Drivers\HTTP.sys
F0B4F000 - \SystemRoot\system32\DRIVERS\srv.sys
BFFA0000 - \SystemRoot\System32\ATMFD.DLL
F7C52000 - \??\C:\WINDOWS\system32\SVKP.sys
F78CF000 - \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
F05CD000 - \??\C:\WINDOWS\system32\drivers\tmcomm.sys
F4A75000 - \SystemRoot\System32\Drivers\TDTCP.SYS
F02B2000 - \SystemRoot\System32\Drivers\RDPWD.SYS
F7AFE000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 140

Liste des programmes installes

ABF Value Converter
AC3Filter (remove only)
ACDSee 8
Ad-Aware 2007
Adobe Flash Player ActiveX
Adobe Reader 8.1.1 - Français
Alt-Tab Task Switcher Powertoy for Windows XP
Apple Mobile Device Support
Apple Software Update
Assistant de connexion Windows Live
AutoUpdate
AVG Anti-Spyware 7.5
Avira AntiVir PersonalEdition Classic
AviSynth 2.5
Bandwidth Monitor Pro
BearFlix
BearShare
BitComet 0.59
BootXPv2 Uninstall
BS.Player PRO
BSPlayer
Business Card Designer Plus 7.1.1.0
Calculator Powertoy for Windows XP
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
CD to MP3 Ripper
CmdHere Powertoy For Windows XP
CoreAAC Audio Decoder (remove only)
Correctif pour Lecteur Windows Media 11 (KB939683)
Correctif pour Windows XP (KB893357)
Correctif Windows XP - KB834707
Correctif Windows XP - KB867282
Correctif Windows XP - KB873333
Correctif Windows XP - KB873339
Correctif Windows XP - KB884020
Correctif Windows XP - KB884883
Correctif Windows XP - KB885222
Correctif Windows XP - KB885250
Correctif Windows XP - KB885523
Correctif Windows XP - KB885626
Correctif Windows XP - KB885835
Correctif Windows XP - KB885836
Correctif Windows XP - KB885894
Correctif Windows XP - KB886185
Correctif Windows XP - KB886677
Correctif Windows XP - KB886716
Correctif Windows XP - KB887472
Correctif Windows XP - KB887742
Correctif Windows XP - KB888113
Correctif Windows XP - KB888302
Correctif Windows XP - KB890047
Correctif Windows XP - KB890175
Correctif Windows XP - KB890831
Correctif Windows XP - KB890859
Correctif Windows XP - KB890923
Correctif Windows XP - KB891781
Correctif Windows XP - KB893086
Correctif Windows XP - KB896626
Diablo II
Direct Show Ogg Vorbis Filter (remove only)
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
eMule
Evidence Eliminator
Free YouTube to iPod Converter version 2.7
Galerie de photos Windows Live
HDD Temperature
HFNetChkPro4
HFNetChkPro4
HTML Slideshow Powertoy for Windows XP
Image Resizer Powertoy for Windows XP
IsoBuster 2.0
iTSync
iTunes
iTunes iSync 2.1
iTunes Library Updater
JGsoft EditPad Pro 5 DEMO 5.4.1
Kaspersky Online Scanner
Kill Process 5.0.0.5 (désinstaller seulement)
Lame ACM MP3 Codec
Lavasoft Reghance 2.1 -licensed-
Lecteur Windows Media 11
Lemmings for Windows 95
LiveUpdate 3.0 (Symantec Corporation)
Logitech MouseWare 9.79.1
Magnifier Powertoy for Windows XP
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886904)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Baseline Security Analyzer 2.1
Microsoft Office XP Professional avec FrontPage
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
Mise à jour de sécurité pour Windows XP (KB883939)
Mise à jour de sécurité pour Windows XP (KB890046)
Mise à jour de sécurité pour Windows XP (KB893066)
Mise à jour de sécurité pour Windows XP (KB893756)
Mise à jour de sécurité pour Windows XP (KB896358)
Mise à jour de sécurité pour Windows XP (KB896422)
Mise à jour de sécurité pour Windows XP (KB896423)
Mise à jour de sécurité pour Windows XP (KB896424)
Mise à jour de sécurité pour Windows XP (KB896428)
Mise à jour de sécurité pour Windows XP (KB896688)
Mise à jour de sécurité pour Windows XP (KB899587)
Mise à jour de sécurité pour Windows XP (KB899588)
Mise à jour de sécurité pour Windows XP (KB899589)
Mise à jour de sécurité pour Windows XP (KB899591)
Mise à jour de sécurité pour Windows XP (KB900725)
Mise à jour de sécurité pour Windows XP (KB901017)
Mise à jour de sécurité pour Windows XP (KB901214)
Mise à jour de sécurité pour Windows XP (KB902400)
Mise à jour de sécurité pour Windows XP (KB903235)
Mise à jour de sécurité pour Windows XP (KB904706)
Mise à jour de sécurité pour Windows XP (KB905414)
Mise à jour de sécurité pour Windows XP (KB905749)
Mise à jour de sécurité pour Windows XP (KB908519)
Mise à jour de sécurité pour Windows XP (KB911567)
Mise à jour de sécurité pour Windows XP (KB911927)
Mise à jour de sécurité pour Windows XP (KB912919)
Mise à jour de sécurité pour Windows XP (KB913446)
Mise à jour de sécurité pour Windows XP (KB913580)
Mise à jour de sécurité pour Windows XP (KB914388)
Mise à jour de sécurité pour Windows XP (KB914389)
Mise à jour de sécurité pour Windows XP (KB917344)
Mise à jour de sécurité pour Windows XP (KB917422)
Mise à jour de sécurité pour Windows XP (KB917537)
Mise à jour de sécurité pour Windows XP (KB918118)
Mise à jour de sécurité pour Windows XP (KB918439)
Mise à jour de sécurité pour Windows XP (KB919007)
Mise à jour de sécurité pour Windows XP (KB920213)
Mise à jour de sécurité pour Windows XP (KB920214)
Mise à jour de sécurité pour Windows XP (KB920670)
Mise à jour de sécurité pour Windows XP (KB920683)
Mise à jour de sécurité pour Windows XP (KB920685)
Mise à jour de sécurité pour Windows XP (KB921503)
Mise à jour de sécurité pour Windows XP (KB922819)
Mise à jour de sécurité pour Windows XP (KB923191)
Mise à jour de sécurité pour Windows XP (KB923414)
Mise à jour de sécurité pour Windows XP (KB923689)
Mise à jour de sécurité pour Windows XP (KB923694)
Mise à jour de sécurité pour Windows XP (KB923980)
Mise à jour de sécurité pour Windows XP (KB924191)
Mise à jour de sécurité pour Windows XP (KB924270)
Mise à jour de sécurité pour Windows XP (KB924496)
Mise à jour de sécurité pour Windows XP (KB924667)
Mise à jour de sécurité pour Windows XP (KB925486)
Mise à jour de sécurité pour Windows XP (KB926255)
Mise à jour de sécurité pour Windows XP (KB926436)
Mise à jour de sécurité pour Windows XP (KB927802)
Mise à jour de sécurité pour Windows XP (KB928255)
Mise à jour de sécurité pour Windows XP (KB928843)
Mise à jour de sécurité pour Windows XP (KB933729)
Mise à jour de sécurité pour Windows XP (KB936021)
Mise à jour de sécurité pour Windows XP (KB937894)
Mise à jour de sécurité pour Windows XP (KB938829)
Mise à jour de sécurité pour Windows XP (KB939373)
Mise à jour de sécurité pour Windows XP (KB941202)
Mise à jour de sécurité pour Windows XP (KB941568)
Mise à jour de sécurité pour Windows XP (KB941569)
Mise à jour de sécurité pour Windows XP (KB943460)
Mise à jour de sécurité pour Windows XP (KB944653)
Mise à jour pour Windows XP (KB894391)
Mise à jour pour Windows XP (KB896727)
Mise à jour pour Windows XP (KB897663)
Mise à jour pour Windows XP (KB898461)
Mise à jour pour Windows XP (KB900930)
Mise à jour pour Windows XP (KB908531)
Mise à jour pour Windows XP (KB911280)
Mise à jour pour Windows XP (KB933360)
Mise à jour pour Windows XP (KB938828)
Mise à jour pour Windows XP (KB942763)
Mortal Kombat 4
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MusicBrainz Tagger 0.10.5
Nero 7 Ultra Edition
NetLimiter 2 Pro (remove only)
NetMeter 1.1.0 (beta)
No-IP.com DUC (remove only)
Norton Save and Restore
O&O Defrag Professional Edition
On2 VP7 Personal Edition
Powermarks 3.5
PRTG Traffic Grapher V4
QuickTime
RegCure 1.5.0.0
Registry Mechanic 6.0
Remote Reboot Utility (remove only)
SDFormatter
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Serv-U 6.3
Shareaza version 2.3.0.0
Shockwave
Skype 3.1
Skype add-on for IE
Skype Plugin Manager
Slideshow Generator Powertoy for Windows XP
Sony Sound Forge 8.0
Sound Blaster Live! Web 2K/XP
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
SuperCopier2
TweakNow PowerPack 2006 Professional
Tweakui Powertoy for Windows XP
Ulead Photo Explorer 8.0 Trial
Virtual Desktop Manager Powertoy for Windows XP
WebFldrs XP
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB888656
Windows Resource Kit Tools
WinRAR archiver
WinTasks Trial
WinZip
x264 Revision 573 x264.nl (remove only)
Xvid 1.1.2 final uninstall



Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est 2021-2563

Répertoire de C:\Program Files

2007-12-16 12:06 <REP> .
2007-12-16 12:06 <REP> ..
2007-10-21 13:57 <REP> ABF software
2007-08-19 14:53 <REP> AC3Filter
2007-03-25 08:57 <REP> ACD Systems
2007-06-12 21:20 <REP> Adobe
2007-12-04 08:17 <REP> Alwil Software
2007-12-16 15:43 <REP> AntiVir PersonalEdition Classic
2007-09-13 07:52 <REP> Apple Software Update
2007-08-19 09:40 <REP> AviSynth 2.5
2007-07-13 06:40 <REP> a?sembly
2007-07-13 06:43 <REP> A?pPatch
2007-12-08 09:08 <REP> Bandwidth Monitor Pro
2007-11-07 08:05 <REP> BearFlix
2007-11-07 07:18 <REP> BearShare Applications
2007-10-14 08:21 <REP> BitComet
2007-11-25 11:17 <REP> BitTorrent
2007-03-25 08:55 <REP> BootXP2
2007-03-25 08:59 <REP> CAM Development
2007-06-15 23:45 <REP> Canon
2007-03-25 09:07 <REP> CCleaner
2007-12-01 16:11 <REP> CD to MP3 Ripper
2007-03-25 08:31 <REP> ComPlus Applications
2007-03-25 15:49 <REP> Creative
2007-10-14 07:28 <REP> dBASE
2007-08-20 17:43 <REP> DivX
2007-08-03 15:39 <REP> DVDVIDEOSOFT
2007-06-13 13:29 <REP> eMule
2007-12-15 13:29 <REP> Evidence Eliminator
2007-07-02 13:09 <REP> Exact Audio Copy
2007-12-16 16:54 <REP> Fichiers communs
2007-07-13 06:44 <REP> F?nts
2007-07-13 06:42 <REP> F?nts
2007-07-16 08:11 <REP> Grisoft
2007-12-15 16:23 <REP> HfNetChk
2007-12-16 12:06 <REP> HREFTools
2007-12-15 12:59 <REP> Impact Software LLC
2007-12-15 16:15 <REP> Internet Explorer
2007-11-17 10:38 <REP> iPod
2007-07-02 21:47 <REP> iTSync Software
2007-11-17 10:38 <REP> iTunes
2007-07-02 21:03 <REP> iTunes Library Updater
2007-12-16 16:54 <REP> Java
2007-03-25 08:55 <REP> JGsoft
2007-10-21 14:04 <REP> jv16 PowerTools 2005
2007-12-14 10:37 <REP> Kill Process
2007-12-11 12:18 <REP> Lavasoft
2007-03-25 08:55 <REP> Lavasoft RegHance
2007-03-25 09:07 <REP> LIUtilities
2007-05-26 15:09 <REP> Logitech
2007-07-09 19:38 <REP> MagicISO
2007-12-15 16:05 <REP> Microsoft Baseline Security Analyzer 2
2007-12-12 19:25 <REP> Microsoft CAPICOM 2.1.0.2
2007-03-25 09:10 <REP> microsoft frontpage
2007-03-25 09:02 <REP> Microsoft Office
2007-12-12 19:18 <REP> Microsoft SQL Server Compact Edition
2007-03-25 09:03 <REP> Microsoft Visual Studio
2007-11-04 08:33 <REP> Mortal Kombat 4
2007-03-25 08:32 <REP> Movie Maker
2007-12-01 16:03 <REP> mp3Tag 5
2007-12-11 09:37 <REP> MPEGFLAWBAIT
2007-03-25 08:30 <REP> MSN Gaming Zone
2007-03-25 09:06 <REP> MSXML 4.0
2007-06-29 21:27 <REP> MusicBrainz Tagger
2007-10-21 14:04 <REP> My Video Downloader
2007-07-13 06:38 <REP> M?crosoft
2007-07-13 06:38 <REP> M?crosoft.NET
2007-03-25 14:15 <REP> Nero
2007-12-08 12:55 <REP> NetLimiter 2 Pro
2007-03-25 08:32 <REP> NetMeeting
2007-12-06 16:16 <REP> NetMeter
2007-07-18 13:13 <REP> No-IP
2007-03-25 09:09 <REP> Norton Save and Restore
2007-08-19 14:54 <REP> On2 Technologies
2007-03-25 08:57 <REP> OO Software
2007-06-13 06:30 <REP> Outlook Express
2007-11-23 13:28 <REP> PalickSoft
2007-06-17 13:33 <REP> Panasonic
2007-10-12 08:23 <REP> PCPitstop
2007-03-25 13:56 <REP> Powermarks 3.5
2007-10-21 14:03 <REP> ProFF-Morse-3
2007-12-11 09:42 <REP> PRTG Traffic Grapher 4
2007-11-17 10:36 <REP> QuickTime
2007-07-13 06:54 <REP> Red Kawa
2007-03-25 09:14 <REP> Regcleaner
2007-12-11 12:26 <REP> RegCure
2007-12-15 15:10 <REP> Registry Mechanic
2007-03-25 21:27 <REP> RhinoSoft.com
2007-10-21 14:03 <REP> Ripp-it_AM
2007-10-21 14:01 <REP> RSHUT Pro
2007-03-25 08:33 <REP> Services en ligne
2007-12-03 16:43 <REP> Shareaza
2007-05-26 13:34 <REP> Shareaza Turbo Accelerator
2007-12-15 15:12 <REP> Shavlik Technologies
2007-04-03 19:54 <REP> Skype
2007-12-10 21:44 <REP> Smart Projects
2007-04-04 17:50 <REP> Sony
2007-11-04 12:30 <REP> Spybot - Search & Destroy
2007-03-25 08:55 <REP> SuperCopier2
2007-03-25 09:07 <REP> Symantec
2007-07-13 06:39 <REP> s?curity
2007-07-13 06:41 <REP> S?mantec
2007-07-13 06:40 <REP> s?mbols
2007-07-13 06:38 <REP> s?stem
2007-07-13 06:38 <REP> s?stem32
2007-10-21 14:41 <REP> The GodFather
2007-05-17 19:24 <REP> TweakNow PowerPack 2006
2007-07-13 06:39 <REP> T?sks
2007-05-17 19:09 <REP> Ulead Systems
2007-10-22 20:38 <REP> Unlocker
2007-07-09 21:10 <REP> Verbatim
2007-10-21 14:01 <REP> VideoLAN
2007-04-04 17:51 <REP> VSTplugins
2007-03-25 08:59 <REP> Webteh
2007-12-01 15:18 <REP> Winamp
2007-10-21 13:21 <REP> windirstat
2007-12-12 19:20 <REP> Windows Live
2007-03-25 15:19 <REP> Windows Media Connect 2
2007-04-30 14:13 <REP> Windows Media Player
2007-03-25 08:30 <REP> Windows NT
2007-03-25 08:52 <REP> Windows Resource Kits
2007-10-28 12:42 <REP> WinLemm
2007-07-18 13:21 <REP> WinRAR
2007-07-18 13:22 <REP> WinZip
2007-07-13 06:38 <REP> W?nSxS
2007-08-19 14:52 <REP> x264
2007-03-25 09:10 <REP> xerox
2007-08-19 14:52 <REP> Xvid
2007-07-13 06:38 <REP> ?dobe
2007-07-13 06:39 <REP> ?ppPatch
2007-07-13 06:39 <REP> ??pPatch
2007-07-13 06:40 <REP> ?icrosoft
2007-07-13 06:38 <REP> ?icrosoft.NET
2007-07-13 06:40 <REP> ??crosoft
2007-07-13 06:44 <REP> ??crosoft.NET
2007-07-13 06:38 <REP> ?racle
2007-07-13 06:40 <REP> ?asks
2007-07-13 06:38 <REP> ??sks
2007-07-13 06:39 <REP> ?dobe
2007-07-13 06:42 <REP> ?ppPatch
2007-07-13 06:42 <REP> ?ssembly
2007-07-13 06:38 <REP> ??sembly
2007-07-13 06:40 <REP> ??pPatch
2007-07-13 06:39 <REP> ?ecurity
2007-07-13 06:41 <REP> ?ymantec
2007-07-13 06:42 <REP> ?ymbols
2007-07-13 06:38 <REP> ?ystem
2007-07-13 06:39 <REP> ?ystem32
2007-07-13 06:39 <REP> ??curity
2007-07-13 06:38 <REP> ??mantec
2007-07-13 06:38 <REP> ??mbols
2007-07-13 06:38 <REP> ??stem
2007-07-13 06:39 <REP> ??stem32
2007-07-13 06:38 <REP> ?icrosoft
2007-07-13 06:44 <REP> ?icrosoft.NET
2007-07-13 06:40 <REP> ??crosoft
2007-07-13 06:47 <REP> ??crosoft.NET
2007-07-13 06:38 <REP> ?racle
2007-07-13 06:38 <REP> ?asks
2007-07-13 06:38 <REP> ??sks
0 fichier(s) 0 octets
160 Rép(s) 1,786,732,544 octets libres
Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est 2021-2563

Répertoire de C:\Program Files\fichiers communs

2007-12-16 16:54 <REP> .
2007-12-16 16:54 <REP> ..
2007-03-25 08:58 <REP> ACD Systems
2007-06-12 21:21 <REP> Adobe
2007-03-25 14:16 <REP> Ahead
2007-06-29 18:29 <REP> Apple
2007-10-14 07:28 <REP> Borland
2007-06-15 23:44 <REP> Canon
2007-10-14 07:28 <REP> dBASE
2007-03-25 09:03 <REP> Designer
2007-10-21 07:05 <REP> DVDVIDEOSOFT
2007-05-17 19:09 <REP> InstallShield
2007-05-26 15:09 <REP> Logitech
2007-12-16 16:36 <REP> Microsoft Shared
2007-03-25 08:32 <REP> MSSoap
2007-03-24 17:26 <REP> ODBC
2007-03-25 08:32 <REP> Services
2007-04-03 19:54 <REP> Skype
2007-06-16 14:05 <REP> SoftMap Shared
2007-03-24 17:26 <REP> SpeechEngines
2007-07-08 21:15 <REP> Symantec Shared
2007-06-13 06:30 <REP> System
2007-05-17 19:09 <REP> Ulead Systems
2007-11-04 12:26 <REP> Wise Installation Wizard
0 fichier(s) 0 octets
24 Rép(s) 1,786,740,736 octets libres
Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est 2021-2563

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

2007-03-25 09:25 <REP> .
2007-03-25 09:25 <REP> ..
2007-03-25 09:03 <REP> 1033
2007-03-25 09:03 <REP> 1036
2004-01-29 06:08 1,277,952 MSONSEXT.DLL
2001-02-13 07:23 58,784 MSOSV.DLL
1999-06-03 12:09 122,937 MSOWS409.DLL
2001-03-07 07:00 127,033 MSOWS40c.DLL
2000-08-06 08:04 401,462 MSVCP60.DLL
2004-01-29 06:08 69,632 PKMAXCTL.DLL
2004-01-29 06:08 868,352 PKMCDO.DLL
2004-01-29 06:08 53,248 PKMCORE.DLL
2004-01-29 06:08 102,400 PKMFORMS.DLL
2004-01-29 06:38 634,880 PKMRES.DLL
2004-01-29 06:08 28,672 PKMSSTLB.DLL
2001-01-22 02:25 40,960 PKMTEMPL.DLL
2004-01-29 06:08 24,576 PKMTRACE.DLL
2004-01-29 06:08 86,016 PKMWS.DLL
2004-01-29 06:08 237,568 PROMDEMO.DLL
2004-01-29 06:08 184,320 SECMGR.DLL
2004-01-29 06:08 315,392 VAIDDMGR.DLL
2004-01-29 06:08 32,768 VAIMEM.DLL
18 fichier(s) 4,666,952 octets
4 Rép(s) 1,786,736,640 octets libres




c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{1CB92574-96F2-467B-B793-5CEB35C40C29}\ARPPRODUCTICON.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{2FBF04DC-404C-4FA4-BA28-99903080D2B9}\ARPPRODUCTICON.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{4781569D-5404-1F26-4B2B-6DF444445167}\ARPPRODUCTICON.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{4E475FD4-4513-4B1D-8DDA-43912B068C99}\ARPPRODUCTICON.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{4E475FD4-4513-4B1D-8DDA-43912B068C99}\htmlgen.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{5D0C0158-6A79-4B26-A25D-5654ADEE3EC8}\ARPPRODUCTICON.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{5D0C0158-6A79-4B26-A25D-5654ADEE3EC8}\iSync.exe1_5D0C01586A794B26A25D5654ADEE3EC8.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{5D0C0158-6A79-4B26-A25D-5654ADEE3EC8}\iSync.exe11_5D0C01586A794B26A25D5654ADEE3EC8.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{5D0C0158-6A79-4B26-A25D-5654ADEE3EC8}\Uninstall_iSync_2.1_5D0C01586A794B26A25D5654ADEE3EC8.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}\ARPPRODUCTICON.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{A7050037-F0EA-4BAB-BCD5-FC05507D6147}\ARPPRODUCTICON.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{B37C842A-B624-46B8-A727-654E72F1C91A}\ARPPRODUCTICON.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{B37C842A-B624-46B8-A727-654E72F1C91A}\PowerCalc.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{C39DE425-6CCF-4B12-A101-3CB5CF3AF3AD}\ARPPRODUCTICON.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{C7793EE8-F666-4E6B-9827-76468679480E}\ARPPRODUCTICON.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{C7793EE8-F666-4E6B-9827-76468679480E}\Tweakui.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{D5C281BE-A8E8-4E28-B40B-B5524C219900}\_00F613C36C132E85C40EC8.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{D5C281BE-A8E8-4E28-B40B-B5524C219900}\_21F3885A18D238E15AAE81.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{D5C281BE-A8E8-4E28-B40B-B5524C219900}\_2F7B201C57E49E68851867.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{D5C281BE-A8E8-4E28-B40B-B5524C219900}\_641DB4CDA89D23FF039573.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{D5C281BE-A8E8-4E28-B40B-B5524C219900}\_6FEFF9B68218417F98F549.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{D5C281BE-A8E8-4E28-B40B-B5524C219900}\_A41A4C6F66AF8ED5472798.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{F251B999-08A9-4704-999C-9962F0DFD88E}\ARPPRODUCTICON.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{FD00A041-53F8-46F4-9584-1A9919806188}\_39b32d12.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{FD00A041-53F8-46F4-9584-1A9919806188}\_428b26a6.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{FD00A041-53F8-46F4-9584-1A9919806188}\_644366bb.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{FD00A041-53F8-46F4-9584-1A9919806188}\_74d4dc8.exe
c:\Documents and Settings\Administrateur\Application Data\MPEGFLAWBAIT\wipe blah exit.exe
c:\Documents and Settings\Administrateur\Application Data\MPEGFLAWBAIT\zglssxnc.exe
c:\Documents and Settings\Administrateur\Bureau\antivir_workstation_win7u_en_h.exe
c:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
c:\Documents and Settings\Administrateur\Bureau\fsbl.exe
c:\Documents and Settings\Administrateur\Bureau\HR-32.EXE
c:\Documents and Settings\Administrateur\Bureau\KillProcess50fr.exe
c:\Documents and Settings\Administrateur\Bureau\ManageEngine_NetFlowAnalyzer_6100.exe
c:\Documents and Settings\Administrateur\Bureau\ndp1.1sp1-kb867460-x86_74a5b25d65a70b8ecd6a9c301a0aea10d8483a23.exe
c:\Documents and Settings\Administrateur\Bureau\netfx20sp1_x86_eef5a36924cdf0c02598ccf96aa4f60887a49840.exe
c:\Documents and Settings\Administrateur\Bureau\OTMoveIt.exe
c:\Documents and Settings\Administrateur\Bureau\remshutdn.exe
c:\Documents and Settings\Administrateur\Bureau\VundoFix.exe
c:\Documents and Settings\Administrateur\Bureau\clean\gzip.exe
c:\Documents and Settings\Administrateur\Bureau\clean\LFiles.exe
c:\Documents and Settings\Administrateur\Bureau\clean\pskill.exe
c:\Documents and Settings\Administrateur\Bureau\clean\tar.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\catchme.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\diff.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\dumphive.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\find2.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\Fport.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\grep.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\gzip.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\LFiles.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\md5sums.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\pslist.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\sigcheck.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\streams.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\swreg.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\tar.exe
c:\Documents and Settings\Administrateur\Bureau\Dial-a-fix-v0.60.0.24\Dial-a-fix-v0.60.0.24\Dial-a-fix.exe
c:\Documents and Settings\Administrateur\Bureau\Dial-a-fix-v0.60.0.24\Dial-a-fix-v0.60.0.24\secedit.exe
c:\Documents and Settings\Administrateur\Bureau\HiJackThis\Sim.exe
c:\Documents and Settings\Administrateur\Bureau\iTunesiSync2.1.7\Install iSync 2.1.exe
c:\Documents and Settings\Administrateur\Bureau\Look2Me_Remover_62020\L2MRemover.exe
c:\Documents and Settings\Administrateur\Bureau\MSNFix\MSNFix\msnchk.exe
c:\Documents and Settings\Administrateur\Bureau\MSNFix\MSNFix\incl\MD5File.exe
c:\Documents and Settings\Administrateur\Bureau\MSNFix\MSNFix\incl\msnchk.exe
c:\Documents and Settings\Administrateur\Bureau\MSNFix\MSNFix\incl\Process.exe
c:\Documents and Settings\Administrateur\Bureau\MSNFix\MSNFix\incl\swreg.exe
c:\Documents and Settings\Administrateur\Bureau\MSNFix\MSNFix\incl\zip.exe
c:\Documents and Settings\Administrateur\Bureau\Nouveau dossier\RemBootSetup.exe
c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\dumphive.exe
c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\exit.exe
c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\GenericRenosFix.exe
c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\HostsChk.exe
c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\IEDFix.exe
c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\Process.exe
c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\Reboot.exe
c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\restart.exe
c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\SmiUpdate.exe
c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\SrchSTS.exe
c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\swreg.exe
c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\swsc.exe
c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\swxcacls.exe
c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\unzip.exe
c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\VCCLSID.exe
c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix\WS2Fix.exe
c:\Documents and Settings\Administrateur\Bureau\TEW-432BRP_EASY_GO\TEW-432BRP CD-RoHS\autorun.exe
c:\Documents and Settings\Administrateur\Bureau\TEW-432BRP_EASY_GO\TEW-432BRP CD-RoHS\Utility\nmrsetup.exe
c:\Documents and Settings\Administrateur\Bureau\TEW-432BRP_EASY_GO\TEW-432BRP CD-RoHS\Utility\nmsetup.exe
c:\Documents and Settings\Administrateur\Bureau\TEW-432BRP_EASY_GO\TEW-432BRP CD-RoHS\Utility\nmtutorl.exe
c:\Documents and Settings\Administrateur\Bureau\wstd\wstd.exe
c:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\22AK648Y\remshutdn[1].exe
c:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\2C96QHPF\fsbl[1].exe
c:\Documents and Settings\Administrateur\Mes documents\Mes fichiers reçus\shareaza_2.3.0.0.exe
c:\Documents and Settings\Administrateur\RarSFX0\_ISDel.exe
c:\Documents and Settings\Administrateur\RarSFX0\Mplayer\mpfuldeu.exe
c:\Documents and Settings\Administrateur\RarSFX0\Piix4\_ISDEL.EXE
c:\Documents and Settings\Administrateur\RarSFX0\Piix4\SETUP.EXE
c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.5.0.20\iTunesSetupAdmin.exe
c:\Documents and Settings\All Users\Application Data\Fast Warn Ooze Info\Spam Phone.exe
c:\Documents and Settings\Default User\Application Data\Microsoft\Installer\{1CB92574-96F2-467B-B793-5CEB35C40C29}\ARPPRODUCTICON.exe
c:\Documents and Settings\Default User\Application Data\Microsoft\Installer\{2FBF04DC-404C-4FA4-BA28-99903080D2B9}\ARPPRODUCTICON.exe
c:\Documents and Settings\Default User\Application Data\Microsoft\Installer\{4E475FD4-4513-4B1D-8DDA-43912B068C99}\ARPPRODUCTICON.exe
c:\Documents and Settings\Default User\Application Data\Microsoft\Installer\{4E475FD4-4513-4B1D-8DDA-43912B068C99}\htmlgen.exe
c:\Documents and Settings\Default User\Application Data\Microsoft\Installer\{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}\ARPPRODUCTICON.exe
c:\Documents and Settings\Default User\Application Data\Microsoft\Installer\{8C92D38B-C1DE-490A-B6D1-AAAA8E17DCE2}\Icon8C92D38B.exe
c:\Documents and Settings\Default User\Application Data\Microsoft\Installer\{A7050037-F0EA-4BAB-BCD5-FC05507D6147}\ARPPRODUCTICON.exe
c:\Documents and Settings\Default User\Application Data\Microsoft\Installer\{B37C842A-B624-46B8-A727-654E72F1C91A}\ARPPRODUCTICON.exe
c:\Documents and Settings\Default User\Application Data\Microsoft\Installer\{B37C842A-B624-46B8-A727-654E72F1C91A}\PowerCalc.exe
c:\Documents and Settings\Default User\Application Data\Microsoft\Installer\{C39DE425-6CCF-4B12-A101-3CB5CF3AF3AD}\ARPPRODUCTICON.exe
c:\Documents and Settings\Default User\Application Data\Microsoft\Installer\{C7793EE8-F666-4E6B-9827-76468679480E}\ARPPRODUCTICON.exe
c:\Documents and Settings\Default User\Application Data\Microsoft\Installer\{C7793EE8-F666-4E6B-9827-76468679480E}\Tweakui.exe
c:\Documents and Settings\Default User\Application Data\Microsoft\Installer\{F251B999-08A9-4704-999C-9962F0DFD88E}\ARPPRODUCTICON.exe
c:\Documents and Settings\Default User\RarSFX0\_ISDel.exe
c:\Documents and Settings\Default User\RarSFX0\Mplayer\mpfuldeu.exe
c:\Documents and Settings\Default User\RarSFX0\Piix4\_ISDEL.EXE
c:\Documents and Settings\Default User\RarSFX0\Piix4\SETUP.EXE
c:\Documents and Settings\Administrateur\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\_entreelist.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\_enviewlist.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_06B6236FD1B1FBA4FBDCB747404F4411.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_073084352AC6CE74CB50204B9B72C113.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_140A00DF8F354F645948A19991081688.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_1B902C5BBDD824645A3773B5595141BC.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_1D034B0FAA6BD374B960AAD30DF10D8B.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_3475520BB5615DB4D88A73FD9B391B10.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_382244D9DA8894F4588681ECE6AA51FA.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_445E44DF0D7EABD4F90AA81E1A033009.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_4476FDAB78736F848B9CC4945904D156.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_4724FFD30BBE65346929799256109845.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_47529BC12F69B7647B39C5BE534CC092.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_495C415CAA3231F40A07BDB8BD7295F4.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_4DF574E43154D1B4D8AD3419B260C899.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_4F4A3A53297B6D117AA8000B0D410209.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_521732AFFF15C804B88B032C3BFDFFC9.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_524ED93CFCC621B41A10C35BFCA33FDA.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_568774731F3A2774DA34AACFB6FC9FF9.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_68AB67CA7DA76301B7448A0100000030.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_7300507AAE0FBAB4CB5DCF5005D71674.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610001.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610003.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_8EE3977C666FB6E489726764689784E0.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_999B152F9A80407499C999260FFD8DE8.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_9F2FDFE0D6387BE43AD230B83D1FBFA2.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_A0C5E5D363B589F4997A82F7D7DBEC30.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_A248C73B426B8B647A7256E4271F9CA1.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_A63E36799E808224BBEC2189A9E41B8A.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_B0B35DEDC76B4424EAA66DDFC3821DFE.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_B83D29C8ED1CA0946B1DAAAAE871CD2E.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_BAE4F8C675CC5C24B9DA5B0665576DD9.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_C040820900063D11C8EF00054038389C.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_c049C053C7D38EE4AB9A00CB3B5D2472.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_C81EC5F4D79DFF845A010A9DC0192849.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_CD40FBF2C4044AF4AB82990903082D9B.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_D6461317C3DC4F04799BDCE9E42626FE.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_D9651874404562F1B4B2D64F44441576.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_DDCC55869FDB4E848BA008FD9BF63EC6.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_DDE7F2BCF1D91C3409CFF425AE1E271A.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_DF27576710D43AF40B6AB490BFC2CF73.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_DF5E4AFA07DE29D4990D61F25DD69C68.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_E240F47B9B1EB5A4D86483B71B270F4A.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_EB182C5D8E8A82E44BB05B25C4129900.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_ED6C45DD787BD6045A7A4AE940174EB5.dll
c:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_F942F94A19C0F79468FD2B85E5E8677B.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

****** Fin du rapport DiagHelp
17 Décembre 2007 15:52:05

Alors où est ce qu'on en est...personne a une idée de comment régler mon problème ? J'avoue que c'est un bon cas...sinon je ne serais pas venu ici; d'habitude je me débrouille mais là seul j'y arrive pas...
17 Décembre 2007 23:07:07

Bonjour

Plusieurs infections visibles.


Télécharge R-Hosts
http://siri.urz.free.fr/RHosts.php
Installe le sur le Bureau.
Lance le. Clique sur Restaurer.
Confirme.
Ferme le programme.


Télécharge Qoofix (par RubbeR DuckY) sur ton Bureau, de ce lien :
http://www.malwarebytes.org/Qoofix.zip

* Crée un nouveau dossier directement sur le lecteur C: et nomme-le Qoofix
* Dézippe/extrais les deux fichiers contenus dans l'archive (Qoofix.exe et Qoofix.dll) dans ce nouveau dossier (C:\Qoofix)
* Ouvre le dossier Qoofix et double clique Qoofix.exe
* Clique sur le bouton Begin Removal et laisse l'outil scanner ton ordi.
* Si l'infection est détectée, clique sur le bouton Yes afin de permettre à l'outil de redémarrer l'ordi.
* Si l'outil affiche ce message: "No malicious modules found!" et "No Qoologic infected files found!", alors clique sur le bouton "Exit".
* Un rapport est automatiquement généré et sauvegardé dans le dossier qui contient l'outil (donc C:\Qoofix\Qoofix Logfile.txt)

Poste un nouveau rapport HijackThis!, ainsi que le contenu du fichier Qoofix logfile.txt dans ta prochaine réponse.


Fais aussi ceci. Télécharge LopxpMH sur ton Bureau.
http://www.alt-shift-return.org/Info/Fichiers/lopxpMH2....
Dézippe-le (clic droit >> Extraire ici) et double clique sur le fichier lopxpMH.bat.
Poste le contenu du rapport qui va s'ouvrir.
18 Décembre 2007 00:45:45

Ok voici donc:

Qoofix v1.04 by http://www.malwarebytes.org
Scan started on [2007-12-17] at [18:26:24]
-------------------------------------------------------------
No malicious modules found!
-------------------------------------------------------------
No Qoologic infected files found!
-------------------------------------------------------------
Scan COMPLETED SUCCESSFULLY on [2007-12-17] at [18:27:54]

Note: Some registry keys may have been removed.


Rapport lopxpMH2 version 2.0 fait à 18:42:57.69 le 2007-12-17
C:\Documents and Settings\Administrateur\Bureau\lopxpMH2\lopxpMH2

******************************************
## Répertoires Application Data

Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est 2021-2563

Répertoire de C:\Documents and Settings\Administrateur\Application Data

2007-03-25 09:24 <REP> .
2007-03-25 09:24 <REP> ..
2007-07-02 13:06 <REP> AccurateRip
2007-05-17 19:26 <REP> ACD Systems
2007-03-25 09:25 <REP> Adobe
2007-03-25 14:18 <REP> Ahead
2007-06-28 20:00 <REP> Apple Computer
2007-07-16 08:21 <REP> AVG7
2007-07-13 06:40 <REP> a?sembly
2007-07-13 06:43 <REP> A?pPatch
2007-11-07 07:18 <REP> BearShare
2007-11-25 11:17 <REP> BitTorrent
2007-08-20 17:36 <REP> BSplayer PRO
2007-08-20 17:45 <REP> DivX
2007-06-13 07:21 <REP> eMule
2007-07-13 06:39 <REP> F?nts
2007-07-13 06:39 <REP> F?nts
2007-05-28 19:00 <REP> GetRightToGo
2007-07-16 09:58 <REP> Grisoft
2007-07-12 15:49 <REP> Help
2007-03-25 09:24 <REP> Identities
2007-07-02 21:47 <REP> iTSync
2007-03-28 17:08 <REP> Lavasoft
2007-04-17 10:58 <REP> Locktime
2007-10-03 20:32 <REP> m
2007-03-25 08:38 <REP> Macromedia
2007-04-12 17:52 <REP> Media Player Classic
2007-03-25 09:24 <REP> Microsoft
2007-07-02 20:57 <REP> Moveax
2007-12-11 09:37 <REP> MPEGFLAWBAIT
2007-07-13 06:40 <REP> M?crosoft
2007-07-13 06:38 <REP> M?crosoft.NET
2007-03-25 13:56 <REP> Powermarks
2007-04-04 17:51 <REP> Publish Providers
2007-04-03 19:55 <REP> Skype
2007-04-04 17:50 <REP> Sony
2007-05-02 07:23 <REP> Sun
2007-07-13 06:40 <REP> s?curity
2007-07-13 06:38 <REP> S?mantec
2007-07-13 06:38 <REP> s?mbols
2007-07-13 06:39 <REP> s?stem
2007-07-13 06:39 <REP> s?stem32
2007-07-13 06:39 <REP> T?sks
2007-05-17 19:10 <REP> Ulead Systems
2007-10-08 10:00 <REP> WinButler
2007-07-13 06:39 <REP> W?nSxS
2007-06-15 23:57 <REP> ZoomBrowser EX
2007-07-13 06:38 <REP> ?dobe
2007-07-13 06:40 <REP> ?ppPatch
2007-07-13 06:42 <REP> ??pPatch
2007-07-13 06:42 <REP> ?icrosoft
2007-07-13 06:39 <REP> ?icrosoft.NET
2007-07-13 06:41 <REP> ??crosoft
2007-07-13 06:44 <REP> ??crosoft.NET
2007-07-13 06:38 <REP> ?racle
2007-07-13 06:45 <REP> ?asks
2007-07-13 06:44 <REP> ??sks
2007-07-13 06:41 <REP> ?dobe
2007-07-13 06:44 <REP> ?ppPatch
2007-07-13 06:38 <REP> ?ssembly
2007-07-13 06:38 <REP> ??sembly
2007-07-13 06:39 <REP> ??pPatch
2007-07-13 06:41 <REP> ?ecurity
2007-07-13 06:38 <REP> ?ymantec
2007-07-13 06:42 <REP> ?ymbols
2007-07-13 06:39 <REP> ?ystem
2007-07-13 06:38 <REP> ?ystem32
2007-07-13 06:38 <REP> ??curity
2007-07-13 06:40 <REP> ??mantec
2007-07-13 06:39 <REP> ??mbols
2007-07-13 06:38 <REP> ??stem
2007-07-13 06:39 <REP> ??stem32
2007-07-13 06:39 <REP> ?icrosoft
2007-07-13 06:38 <REP> ?icrosoft.NET
2007-07-13 06:38 <REP> ??crosoft
2007-07-13 06:39 <REP> ?racle
2007-07-13 06:38 <REP> ?asks
2007-07-13 06:41 <REP> ??sks
2007-03-25 09:24 62 desktop.ini
2007-05-08 14:53 19,560 GDIPFONTCACHEV1.DAT
2 fichier(s) 19,622 octets
78 Rép(s) 1,272,901,632 octets libres
Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est 2021-2563

Répertoire de C:\Documents and Settings\Administrateur\Local Settings\Application Data

2007-03-25 09:24 <REP> .
2007-03-25 09:24 <REP> ..
2007-03-25 09:24 <REP> {35A3A4F2-B792-11D6-A78A-00B0D0142090}
2007-05-17 19:26 <REP> ACDSee
2007-03-25 15:47 <REP> Adobe
2007-03-25 14:19 <REP> Ahead
2007-09-13 07:52 <REP> Apple
2007-06-28 20:00 <REP> Apple Computer
2007-03-25 08:52 <REP> ApplicationHistory
2007-12-01 09:20 <REP> Downloaded Installations
2007-05-17 18:52 <REP> Google
2007-07-12 15:49 <REP> Help
2007-03-25 17:58 <REP> Identities
2007-03-25 09:24 <REP> Microsoft
2007-12-12 19:01 <REP> PCHealth
2007-03-25 09:24 <REP> Shareaza
2007-07-27 19:28 <REP> WMTools Downloaded Files
2007-03-25 20:53 151,040 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2007-03-25 08:52 137 fusioncache.dat
2007-03-25 13:32 19,560 GDIPFONTCACHEV1.DAT
2007-03-25 08:44 3,886,488 IconCache.db
4 fichier(s) 4,057,225 octets
17 Rép(s) 1,272,901,632 octets libres
Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est 2021-2563

Répertoire de C:\Documents and Settings\All Users\Application Data

2007-03-24 17:25 <REP> .
2007-03-24 17:25 <REP> ..
2007-12-15 14:54 <REP> {DD33F2FB-A420-45C0-9477-4F59487EFF1F}
2007-03-25 08:58 <REP> ACD Systems
2007-03-25 08:57 <REP> Adobe
2007-12-15 15:43 <REP> AntiVir PersonalEdition Classic
2007-06-29 18:29 <REP> Apple
2007-06-28 19:58 <REP> Apple Computer
2007-07-10 18:08 <REP> Avg7
2007-12-11 09:37 <REP> Fast Warn Ooze Info
2007-07-08 18:55 <REP> Grisoft
2007-12-11 12:18 <REP> Lavasoft
2007-04-17 10:53 <REP> Locktime
2007-03-24 17:25 <REP> Microsoft
2007-12-15 16:09 <REP> Office Genuine Advantage
2007-12-11 17:41 <REP> SecTaskMan
2007-04-03 19:53 <REP> Skype
2007-03-25 08:55 <REP> Spybot - Search & Destroy
2007-03-25 09:07 <REP> Symantec
2007-05-17 19:09 <REP> Ulead Systems
2007-10-22 20:43 <REP> Windows Genuine Advantage
2007-12-12 18:51 <REP> WLInstaller
2007-06-15 23:45 <REP> ZoomBrowser
2007-06-16 13:03 126 .zreglib
2007-07-19 17:56 305 addr_file.html
2007-03-24 17:25 62 desktop.ini
2007-08-03 07:31 1,755 QTSBandwidthCache
4 fichier(s) 2,248 octets
23 Rép(s) 1,272,901,632 octets libres
Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est 2021-2563

Répertoire de C:\Documents and Settings\Default User\Application Data

2007-03-24 17:25 <REP> .
2007-03-24 17:25 <REP> ..
2007-03-25 08:50 <REP> Identities
2007-03-24 17:25 <REP> Microsoft
2007-03-24 17:25 62 desktop.ini
1 fichier(s) 62 octets
4 Rép(s) 1,272,901,632 octets libres
Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est 2021-2563

Répertoire de C:\Documents and Settings\Default User\Local Settings\Application Data

2007-03-24 17:25 <REP> .
2007-03-24 17:25 <REP> ..
2007-03-25 09:00 <REP> {35A3A4F2-B792-11D6-A78A-00B0D0142090}
2007-03-25 08:35 <REP> Microsoft
0 fichier(s) 0 octets
4 Rép(s) 1,272,901,632 octets libres
Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est 2021-2563

Répertoire de C:\Documents and Settings\LocalService\Application Data

2007-03-25 09:18 <REP> .
2007-03-25 09:18 <REP> ..
2007-07-16 08:19 <REP> AVG7
2007-03-25 09:18 <REP> Microsoft
0 fichier(s) 0 octets
4 Rép(s) 1,272,897,536 octets libres
Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est 2021-2563

Répertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data

2007-03-25 09:18 <REP> .
2007-03-25 09:18 <REP> ..
2007-12-17 08:00 <REP> Apple
2007-03-25 09:18 <REP> Microsoft
0 fichier(s) 0 octets
4 Rép(s) 1,272,897,536 octets libres
Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est 2021-2563

Répertoire de C:\Documents and Settings\NetworkService\Application Data

2007-03-25 09:18 <REP> .
2007-03-25 09:18 <REP> ..
2007-10-04 05:45 <REP> AVG7
2007-03-25 09:18 <REP> Microsoft
0 fichier(s) 0 octets
4 Rép(s) 1,272,897,536 octets libres
Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est 2021-2563

Répertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data

2007-03-25 09:18 <REP> .
2007-03-25 09:18 <REP> ..
2007-09-17 07:00 <REP> Apple
2007-03-25 09:18 <REP> Microsoft
0 fichier(s) 0 octets
4 Rép(s) 1,272,897,536 octets libres
Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est 2021-2563

Répertoire de C:\WINDOWS\system32\config\systemprofile\Application Data

2007-03-25 09:15 <REP> .
2007-03-25 09:15 <REP> ..
2007-03-25 09:15 <REP> Identities
2007-03-25 09:15 <REP> Microsoft
2007-03-25 09:15 <REP> Shareaza
2007-03-25 09:15 62 desktop.ini
1 fichier(s) 62 octets
5 Rép(s) 1,272,897,536 octets libres
Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est 2021-2563

Répertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

2007-03-25 09:15 <REP> .
2007-03-25 09:15 <REP> ..
2007-03-25 09:15 <REP> {35A3A4F2-B792-11D6-A78A-00B0D0142090}
2007-03-25 09:15 <REP> Microsoft
2007-03-25 09:15 <REP> Shareaza
0 fichier(s) 0 octets
5 Rép(s) 1,272,897,536 octets libres

******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks


C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
sáÉÏÔD˜|øLk¶®íF ê <
s €!× : C : \ P r o g r a m F i l e s \ A p p l e S o f t w a r e U p d a t e \ S o f t w a r e U p d a t e . e x e - t a s k S Y S T E M 0 ×


C:\WINDOWS\Tasks\RegCure
RegCure inexploitable


C:\WINDOWS\Tasks\RegCure.job
Þ¶<î¶îL°¾üô~|}ÞF T <
s €!×
% C : \ P r o g r a m F i l e s \ R e g C u r e \ R e g C u r e . e x e - t % C : \ P r o g r a m F i l e s \ R e g C u r e \ R e g C u r e . e x e A d m i n i s t r a t e u r R u n s R e g C u r e a t S c h e d u l e d T i m e . 0 Ö
******************************************
## Répertoires de C:\Program Files

Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est 2021-2563

Répertoire de C:\Program Files

2007-12-17 16:25 <REP> .
2007-12-17 16:25 <REP> ..
2007-10-21 13:57 <REP> ABF software
2007-08-19 14:53 <REP> AC3Filter
2007-03-25 08:57 <REP> ACD Systems
2007-06-12 21:20 <REP> Adobe
2007-12-04 08:17 <REP> Alwil Software
2007-12-17 15:43 <REP> AntiVir PersonalEdition Classic
2007-12-17 16:52 <REP> Anyplace Control 4
2007-09-13 07:52 <REP> Apple Software Update
2007-08-19 09:40 <REP> AviSynth 2.5
2007-07-13 06:40 <REP> a?sembly
2007-07-13 06:43 <REP> A?pPatch
2007-12-08 09:08 <REP> Bandwidth Monitor Pro
2007-11-07 08:05 <REP> BearFlix
2007-11-07 07:18 <REP> BearShare Applications
2007-10-14 08:21 <REP> BitComet
2007-11-25 11:17 <REP> BitTorrent
2007-03-25 08:55 <REP> BootXP2
2007-03-25 08:59 <REP> CAM Development
2007-06-15 23:45 <REP> Canon
2007-03-25 09:07 <REP> CCleaner
2007-12-01 16:11 <REP> CD to MP3 Ripper
2007-03-25 08:31 <REP> ComPlus Applications
2007-03-25 15:49 <REP> Creative
2007-10-14 07:28 <REP> dBASE
2007-08-20 17:43 <REP> DivX
2007-08-03 15:39 <REP> DVDVIDEOSOFT
2007-06-13 13:29 <REP> eMule
2007-12-15 13:29 <REP> Evidence Eliminator
2007-07-02 13:09 <REP> Exact Audio Copy
2007-12-16 19:51 <REP> Fichiers communs
2007-07-13 06:44 <REP> F?nts
2007-07-13 06:42 <REP> F?nts
2007-07-16 08:11 <REP> Grisoft
2007-12-15 16:23 <REP> HfNetChk
2007-12-16 12:06 <REP> HREFTools
2007-12-15 12:59 <REP> Impact Software LLC
2007-12-15 16:15 <REP> Internet Explorer
2007-11-17 10:38 <REP> iPod
2007-07-02 21:47 <REP> iTSync Software
2007-11-17 10:38 <REP> iTunes
2007-07-02 21:03 <REP> iTunes Library Updater
2007-12-16 19:53 <REP> Java
2007-03-25 08:55 <REP> JGsoft
2007-10-21 14:04 <REP> jv16 PowerTools 2005
2007-12-14 10:37 <REP> Kill Process
2007-12-11 12:18 <REP> Lavasoft
2007-03-25 08:55 <REP> Lavasoft RegHance
2007-03-25 09:07 <REP> LIUtilities
2007-05-26 15:09 <REP> Logitech
2007-07-09 19:38 <REP> MagicISO
2007-12-15 16:05 <REP> Microsoft Baseline Security Analyzer 2
2007-12-12 19:25 <REP> Microsoft CAPICOM 2.1.0.2
2007-03-25 09:10 <REP> microsoft frontpage
2007-03-25 09:02 <REP> Microsoft Office
2007-12-12 19:18 <REP> Microsoft SQL Server Compact Edition
2007-03-25 09:03 <REP> Microsoft Visual Studio
2007-11-04 08:33 <REP> Mortal Kombat 4
2007-03-25 08:32 <REP> Movie Maker
2007-12-01 16:03 <REP> mp3Tag 5
2007-12-11 09:37 <REP> MPEGFLAWBAIT
2007-03-25 08:30 <REP> MSN Gaming Zone
2007-03-25 09:06 <REP> MSXML 4.0
2007-06-29 21:27 <REP> MusicBrainz Tagger
2007-10-21 14:04 <REP> My Video Downloader
2007-07-13 06:38 <REP> M?crosoft
2007-07-13 06:38 <REP> M?crosoft.NET
2007-03-25 14:15 <REP> Nero
2007-12-08 12:55 <REP> NetLimiter 2 Pro
2007-03-25 08:32 <REP> NetMeeting
2007-12-06 16:16 <REP> NetMeter
2007-07-18 13:13 <REP> No-IP
2007-03-25 09:09 <REP> Norton Save and Restore
2007-08-19 14:54 <REP> On2 Technologies
2007-03-25 08:57 <REP> OO Software
2007-06-13 06:30 <REP> Outlook Express
2007-11-23 13:28 <REP> PalickSoft
2007-06-17 13:33 <REP> Panasonic
2007-10-12 08:23 <REP> PCPitstop
2007-03-25 13:56 <REP> Powermarks 3.5
2007-10-21 14:03 <REP> ProFF-Morse-3
2007-12-11 09:42 <REP> PRTG Traffic Grapher 4
2007-11-17 10:36 <REP> QuickTime
2007-07-13 06:54 <REP> Red Kawa
2007-03-25 09:14 <REP> Regcleaner
2007-12-11 12:26 <REP> RegCure
2007-12-15 15:10 <REP> Registry Mechanic
2007-03-25 21:27 <REP> RhinoSoft.com
2007-10-21 14:03 <REP> Ripp-it_AM
2007-10-21 14:01 <REP> RSHUT Pro
2007-03-25 08:33 <REP> Services en ligne
2007-12-03 16:43 <REP> Shareaza
2007-05-26 13:34 <REP> Shareaza Turbo Accelerator
2007-12-15 15:12 <REP> Shavlik Technologies
2007-04-03 19:54 <REP> Skype
2007-12-10 21:44 <REP> Smart Projects
2007-04-04 17:50 <REP> Sony
2007-11-04 12:30 <REP> Spybot - Search & Destroy
2007-03-25 08:55 <REP> SuperCopier2
2007-03-25 09:07 <REP> Symantec
2007-07-13 06:39 <REP> s?curity
2007-07-13 06:41 <REP> S?mantec
2007-07-13 06:40 <REP> s?mbols
2007-07-13 06:38 <REP> s?stem
2007-07-13 06:38 <REP> s?stem32
2007-10-21 14:41 <REP> The GodFather
2007-05-17 19:24 <REP> TweakNow PowerPack 2006
2007-07-13 06:39 <REP> T?sks
2007-05-17 19:09 <REP> Ulead Systems
2007-10-22 20:38 <REP> Unlocker
2007-07-09 21:10 <REP> Verbatim
2007-10-21 14:01 <REP> VideoLAN
2007-04-04 17:51 <REP> VSTplugins
2007-03-25 08:59 <REP> Webteh
2007-12-01 15:18 <REP> Winamp
2007-10-21 13:21 <REP> windirstat
2007-12-12 19:20 <REP> Windows Live
2007-03-25 15:19 <REP> Windows Media Connect 2
2007-04-30 14:13 <REP> Windows Media Player
2007-03-25 08:30 <REP> Windows NT
2007-03-25 08:52 <REP> Windows Resource Kits
2007-10-28 12:42 <REP> WinLemm
2007-07-18 13:21 <REP> WinRAR
2007-07-18 13:22 <REP> WinZip
2007-07-13 06:38 <REP> W?nSxS
2007-08-19 14:52 <REP> x264
2007-03-25 09:10 <REP> xerox
2007-08-19 14:52 <REP> Xvid
2007-07-13 06:38 <REP> ?dobe
2007-07-13 06:39 <REP> ?ppPatch
2007-07-13 06:39 <REP> ??pPatch
2007-07-13 06:40 <REP> ?icrosoft
2007-07-13 06:38 <REP> ?icrosoft.NET
2007-07-13 06:40 <REP> ??crosoft
2007-07-13 06:44 <REP> ??crosoft.NET
2007-07-13 06:38 <REP> ?racle
2007-07-13 06:40 <REP> ?asks
2007-07-13 06:38 <REP> ??sks
2007-07-13 06:39 <REP> ?dobe
2007-07-13 06:42 <REP> ?ppPatch
2007-07-13 06:42 <REP> ?ssembly
2007-07-13 06:38 <REP> ??sembly
2007-07-13 06:40 <REP> ??pPatch
2007-07-13 06:39 <REP> ?ecurity
2007-07-13 06:41 <REP> ?ymantec
2007-07-13 06:42 <REP> ?ymbols
2007-07-13 06:38 <REP> ?ystem
2007-07-13 06:39 <REP> ?ystem32
2007-07-13 06:39 <REP> ??curity
2007-07-13 06:38 <REP> ??mantec
2007-07-13 06:38 <REP> ??mbols
2007-07-13 06:38 <REP> ??stem
2007-07-13 06:39 <REP> ??stem32
2007-07-13 06:38 <REP> ?icrosoft
2007-07-13 06:44 <REP> ?icrosoft.NET
2007-07-13 06:40 <REP> ??crosoft
2007-07-13 06:47 <REP> ??crosoft.NET
2007-07-13 06:38 <REP> ?racle
2007-07-13 06:38 <REP> ?asks
2007-07-13 06:38 <REP> ??sks
0 fichier(s) 0 octets
161 Rép(s) 1,272,872,960 octets libres

******************************************
## Popups autorisées

* Internet Explorer

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow

* Mozilla Firefox (1 autorisé 2 interdit)

******************************************
## Registre

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ooze info 4 shim]
command REG_SZ C:\Documents and Settings\All Users\Application Data\Fast Warn Ooze Info\Spam Phone.exe

******************************************
## Zones de sécurité

* HKCU Domains (4)

* P3P History (5)

******************************************
## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif"


*************** Fin du rapport ****************



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:47, on 2007-12-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\No-IP\DUC20.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Anyplace Control 4\apc_host.exe
C:\Program Files\Anyplace Control 4\APC_Admin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrateur\Bureau\HiJackThis\Sim.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Powermarks - {E166B4A2-83E7-11D3-B4FD-004005A47AAA} - C:\PROGRA~1\POWERM~1.5\iec.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.cyberpresse.ca/
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{71D3F6CB-C4F7-4F09-8A20-8B7612E2DE42}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{71D3F6CB-C4F7-4F09-8A20-8B7612E2DE42}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{71D3F6CB-C4F7-4F09-8A20-8B7612E2DE42}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: APC-Host - Anyplace Control Software - C:\Program Files\Anyplace Control 4\apc_host.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

--
End of file - 7135 bytes



18 Décembre 2007 23:39:36

Bonjout


Tu vas essayer la manip avec Combofix en mode sans échec.

Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.
19 Décembre 2007 01:20:11

Youpiiiiiiiiii ça a marché...

voici le log

ComboFix 07-12-19.2 - Administrateur 2007-12-18 18:54:32.15 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.608 [GMT -5:00]
Running from: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\dn20212563.dat
C:\WINDOWS\system32\NTSVC.ocx
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\wr.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_M_HOOK
-------\LEGACY_NETWORK_MONITOR
















-------\poof


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-20 to 2007-12-20 ))))))))))))))))))))))))))))))))))))
.

2007-12-19 19:14 . 2007-12-19 19:14 <REP> d-------- C:\WINDOWS\LastGood
2007-12-18 18:46 . 2004-08-19 16:09 116,736 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2007-12-18 18:46 . 2001-08-23 17:47 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2007-12-18 18:46 . 2001-08-23 17:47 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2007-12-18 18:46 . 2001-08-23 17:47 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2007-12-18 18:46 . 2001-08-17 20:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2007-12-18 18:46 . 2001-08-23 17:47 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2007-12-18 18:44 . 2004-08-19 16:09 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll
2007-12-18 18:43 . 2004-08-19 16:09 154,112 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2007-12-18 18:43 . 2004-08-03 23:00 87,424 --a--c--- C:\WINDOWS\system32\dllcache\irda.sys
2007-12-18 18:43 . 2004-08-03 23:08 40,832 --a--c--- C:\WINDOWS\system32\dllcache\irbus.sys
2007-12-18 18:43 . 2004-08-19 16:09 28,160 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2007-12-18 18:43 . 2001-08-17 21:49 26,624 --a--c--- C:\WINDOWS\system32\dllcache\irstusb.sys
2007-12-18 18:43 . 2001-08-17 21:49 23,552 --a--c--- C:\WINDOWS\system32\dllcache\irmk7.sys
2007-12-18 18:43 . 2001-08-17 21:51 18,688 --a--c--- C:\WINDOWS\system32\dllcache\irsir.sys
2007-12-18 18:43 . 2004-08-19 16:10 16,384 --a--c--- C:\WINDOWS\system32\dllcache\ipsink.ax
2007-12-18 18:42 . 2001-08-23 17:46 462,848 --a--c--- C:\WINDOWS\system32\dllcache\a3dapi.dll
2007-12-18 18:42 . 2004-08-03 22:32 231,552 --a--c--- C:\WINDOWS\system32\dllcache\ac97ali.sys
2007-12-18 18:42 . 2001-08-17 20:20 96,256 --a--c--- C:\WINDOWS\system32\dllcache\ac97intc.sys
2007-12-18 18:42 . 2001-08-23 17:46 38,400 --a--c--- C:\WINDOWS\system32\dllcache\8514a.dll
2007-12-18 18:42 . 2001-08-17 21:52 23,552 --a--c--- C:\WINDOWS\system32\dllcache\abp480n5.sys
2007-12-18 18:24 . 2007-12-18 18:24 20 --a------ C:\WINDOWS\twain.dat
2007-12-18 18:21 . 2007-12-18 18:40 <REP> d-------- C:\I386
2007-12-18 17:43 . 2001-08-23 17:46 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2007-12-18 09:43 . 2007-12-18 09:44 <REP> d-------- C:\Documents and Settings\All Users\Anyplace Control 4
2007-12-18 02:09 . 2007-12-18 07:20 <REP> d-------- C:\__eetemp
2007-12-17 21:36 . 2007-12-18 17:26 <REP> d-------- C:\Program Files\MSN Messenger
2007-12-17 18:26 . 2007-12-17 18:27 <REP> d-------- C:\Qoofix
2007-12-17 18:13 . 2007-12-17 18:13 85,635 --a------ C:\Qoofix.zip
2007-12-17 16:26 . 2007-12-18 18:24 24 --a------ C:\WINDOWS\ShellIcon32.dll
2007-12-17 16:25 . 2007-12-18 18:24 <REP> d-------- C:\Program Files\Anyplace Control 4
2007-12-17 16:25 . 2007-12-17 16:25 47 --a------ C:\WINDOWS\anyplace-control.ini
2007-12-16 23:31 . 2007-12-17 09:14 <REP> d-------- C:\Documents and Settings\Administrateur\.housecall6.6
2007-12-16 19:53 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-16 19:51 . 2007-12-16 19:51 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-12-16 12:06 . 2007-12-16 12:06 <REP> d-------- C:\Program Files\HREFTools
2007-12-15 21:05 . 2007-12-15 21:05 <REP> d-------- C:\fsaua.data
2007-12-15 18:51 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-15 18:51 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-15 18:51 . 2007-12-13 19:40 77,824 --a------ C:\WINDOWS\system32\IEDFix.exe
2007-12-15 18:51 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-15 18:51 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-15 18:51 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-15 16:23 . 2007-12-15 16:23 <REP> d-------- C:\Program Files\HfNetChk
2007-12-15 16:09 . 2007-12-15 16:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-12-15 16:05 . 2007-12-15 16:05 <REP> d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2
2007-12-15 16:04 . 2007-12-15 23:21 <REP> d-------- C:\Documents and Settings\Administrateur\SecurityScans
2007-12-15 15:43 . 2007-12-17 15:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2007-12-15 15:12 . 2007-12-15 15:12 <REP> d-------- C:\Program Files\Shavlik Technologies
2007-12-15 14:54 . 2007-12-15 14:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{DD33F2FB-A420-45C0-9477-4F59487EFF1F}
2007-12-15 13:29 . 1996-05-03 23:05 28,672 --a------ C:\WINDOWS\system32\MSGHOO32.OCX
2007-12-15 13:28 . 1998-04-24 01:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2007-12-15 13:25 . 2007-12-19 19:15 <REP> d-------- C:\WINDOWS\system32\CatRoot2
2007-12-15 12:59 . 2007-12-15 12:59 <REP> d-------- C:\Program Files\Impact Software LLC
2007-12-14 11:52 . 2007-12-14 11:52 <REP> d-------- C:\VundoFix Backups
2007-12-14 10:37 . 2007-12-14 10:37 <REP> d-------- C:\Program Files\Kill Process
2007-12-12 21:19 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-12 21:19 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-12 21:19 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-12 19:25 . 2007-12-12 19:25 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-12 19:20 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-12-12 19:18 . 2007-12-12 19:18 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-12 18:51 . 2007-12-12 19:20 <REP> d-------- C:\Program Files\Windows Live
2007-12-12 18:51 . 2007-12-12 18:55 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-12 18:51 . 2007-12-17 22:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-11 17:41 . 2007-12-15 13:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-12-11 14:32 . 2007-12-11 14:32 <REP> d-------- C:\Documents and Settings\LocalService\Menu D‚marrer
2007-12-11 12:18 . 2007-12-11 12:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-11 09:41 . 2007-12-11 09:42 <REP> d-------- C:\Program Files\PRTG Traffic Grapher 4
2007-12-11 09:37 . 2007-12-11 09:37 <REP> d-------- C:\Program Files\MPEGFLAWBAIT
2007-12-11 09:37 . 2007-12-11 09:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Fast Warn Ooze Info
2007-12-11 09:37 . 2007-12-11 17:46 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\MPEGFLAWBAIT
2007-12-10 21:44 . 2007-12-10 21:44 <REP> d-------- C:\Program Files\Smart Projects
2007-12-08 09:06 . 2007-12-08 09:08 <REP> d-------- C:\Program Files\Bandwidth Monitor Pro
2007-12-08 09:06 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-12-04 08:17 . 2007-12-04 08:17 <REP> d-------- C:\Program Files\Alwil Software
2007-12-04 08:17 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-12-04 08:13 . 2007-12-11 12:26 <REP> d-------- C:\Program Files\RegCure
2007-12-01 16:07 . 2007-12-01 16:11 <REP> d-------- C:\Program Files\CD to MP3 Ripper
2007-12-01 14:52 . 2007-12-01 16:03 <REP> d-------- C:\Program Files\mp3Tag 5
2007-11-25 23:43 . 2007-11-25 23:43 245,408 --a------ C:\WINDOWS\system32\unicows.dll
2007-11-25 11:17 . 2007-12-15 13:39 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\BitTorrent
2007-11-25 11:16 . 2007-11-25 11:17 <REP> d-------- C:\Program Files\BitTorrent
2007-11-23 13:28 . 2007-11-23 13:28 <REP> d-------- C:\Program Files\PalickSoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-18 16:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-17 00:53 --------- d-----w C:\Program Files\Java
2007-12-15 18:29 --------- d-----w C:\Program Files\Evidence Eliminator
2007-12-15 17:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-15 17:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-13 23:51 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Skype
2007-12-13 23:04 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\AVG7
2007-12-11 17:18 --------- d-----w C:\Program Files\Lavasoft
2007-12-11 17:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-08 17:55 --------- d-----w C:\Program Files\NetLimiter 2 Pro
2007-12-06 21:16 --------- d-----w C:\Program Files\NetMeter
2007-12-03 21:43 --------- d-----w C:\Program Files\Shareaza
2007-12-01 20:18 --------- d-----w C:\Program Files\Winamp
2007-11-17 15:38 --------- d-----w C:\Program Files\iTunes
2007-11-17 15:38 --------- d-----w C:\Program Files\iPod
2007-11-17 15:36 --------- d-----w C:\Program Files\QuickTime
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-09 23:52 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\BearShare
2007-11-07 13:05 --------- d-----w C:\Program Files\BearFlix
2007-11-07 12:18 --------- d-----w C:\Program Files\BearShare Applications
2007-11-04 17:26 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-11-04 13:33 --------- d-----w C:\Program Files\Mortal Kombat 4
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-28 17:42 --------- d-----w C:\Program Files\WinLemm
2007-10-28 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-25 14:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-24 06:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2007-10-24 06:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
2007-10-24 06:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-10-24 06:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2007-10-23 22:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-23 01:57 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2007-10-21 19:41 --------- d-----w C:\Program Files\The GodFather
2007-10-21 19:04 --------- d-----w C:\Program Files\My Video Downloader
2007-10-21 19:04 --------- d-----w C:\Program Files\jv16 PowerTools 2005
2007-10-21 19:03 --------- d-----w C:\Program Files\Ripp-it_AM
2007-10-21 19:03 --------- d-----w C:\Program Files\ProFF-Morse-3
2007-10-21 19:01 --------- d-----w C:\Program Files\VideoLAN
2007-10-21 19:01 --------- d-----w C:\Program Files\RSHUT Pro
2007-10-21 18:57 --------- d-----w C:\Program Files\ABF software
2007-10-21 18:21 --------- d-----w C:\Program Files\windirstat
2007-10-21 14:44 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\WinButler
2007-10-21 12:05 --------- d-----w C:\Program Files\Fichiers communs\DVDVIDEOSOFT
2007-05-08 19:53 19,560 -c--a-w C:\Documents and Settings\Administrateur\Application Data\GDIPFONTCACHEV1.DAT
2007-03-25 13:55 434,688 -c--a-w C:\WINDOWS\system32\config\systemprofile\dpy.exe
2007-03-25 13:52 737,280 -c--a-w C:\WINDOWS\system32\config\systemprofile\irsetup.exe
2004-10-12 16:14 57,344 -c--a-w C:\WINDOWS\system32\config\systemprofile\InstHelp.dll
2004-10-12 16:14 57,344 -c--a-w C:\Documents and Settings\Default User\InstHelp.dll
2004-10-12 16:14 57,344 -c--a-w C:\Documents and Settings\Administrateur\InstHelp.dll
2007-07-17 23:56 1,199,874 -csh--w C:\WINDOWS\system32\bayay.bak1
2007-07-19 22:44 1,184,702 -csh--w C:\WINDOWS\system32\bayay.bak2
2007-07-19 23:02 1,188,553 -csh--w C:\WINDOWS\system32\bayay.ini2
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:09]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2005-03-13 18:37]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^MagicDisc.lnk]
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray]
2007-12-11 19:28 87392 --a------ C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bandwidth Monitor Pro]
C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-10-28 21:25 94208 --a--c--- C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ButtonMonitor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\NetMeter]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\NetMeter\NetMeter.exe]
2007-06-02 19:49 330240 --a------ C:\Program Files\NetMeter\NetMeter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\combofix]
C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch]
2002-03-19 17:30 45632 --a--c--- C:\WINDOWS\system32\taskswitch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-19 15:09 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drvsyskit]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evidence Eliminator]
C:\Program Files\Evidence Eliminator\ee.exe /m

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FolderSizeMonitor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hldrrr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq.com]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-11-15 13:11 267048 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
2001-11-29 00:00 28672 --a--c--- C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keep download]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
Logi_MwX.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Lsass Service]
lsass2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
MMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray2K]
MMTray2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTrayLSI]
MMTrayLSI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mule_st_key]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 --a--c--- C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Save and Restore]
2006-03-03 20:36 1582744 --a--c--- C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooze info 4 shim]
2007-12-11 16:31 1165824 --a------ C:\Documents and Settings\All Users\Application Data\Fast Warn Ooze Info\Spam Phone.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\p2p networking]
p2pnetworking.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPitstop Optimize Registration Reminder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ServUTrayIcon]
2006-06-12 08:09 65536 --a--c--- C:\Program Files\RhinoSoft.com\Serv-U\ServUTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6w]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza Turbo Accelerator]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundService]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2007-08-31 16:46 1460560 --a------ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
2005-03-13 18:37 1057280 --a--c--- C:\Program Files\SuperCopier2\SuperCopier2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Memory Card Detector]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 00:00 90112 -----c--- C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VFSCache]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Videora]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinButler]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winehq.org]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFlyer32.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"bcserver"=2 (0x2)
"Serv-U"=2 (0x2)
"SandraTheSrv"=3 (0x3)
"SandraDataSrv"=3 (0x3)
"FTService"=2 (0x2)
"DomainService"=2 (0x2)
"cmdService"=2 (0x2)
"Network Monitor"=2 (0x2)
"VundoFixSvc"=3 (0x3)
"AVG Anti-Spyware Guard"=3 (0x3)
"NSCService"=3 (0x3)
"Norton Save and Restore"=2 (0x2)
"NetChkPatch"=2 (0x2)
"usnjsvc"=3 (0x3)
"MDM"=2 (0x2)
"LiveUpdate"=2 (0x2)
"CCALib8"=2 (0x2)
"Avg7UpdSvc"=3 (0x3)
"Avg7Alrt"=2 (0x2)
"AgentInstallationService"=2 (0x2)
"aawservice"=2 (0x2)
"HDDTService"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=3 (0x3)
"aswUpdSv"=3 (0x3)
"PRTG4Service"=2 (0x2)
"WLSetupSvc"=3 (0x3)
"nlsvc"=2 (0x2)
"srvRSU"=2 (0x2)
"HFNetChkProSvc"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)

R1 cpuidlep;CpuIdle Pro System Driver;C:\WINDOWS\system32\drivers\cpuidlep.sys [1999-11-16 07:48]
R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2006-09-13 17:01]
R1 V2IMount;V2IMount;C:\WINDOWS\system32\drivers\V2IMount.sys [2006-03-03 20:36]
R2 APC-Host;APC-Host;C:\Program Files\Anyplace Control 4\apc_host.exe /service []
R3 SMC1211;SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver;C:\WINDOWS\system32\DRIVERS\SMC1211.SYS [2001-07-11 10:06]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;F:\Progs\Everest\kerneld.wnt [2006-12-14 22:42]
S4 HDDTService;HDD Temperature;C:\Program Files\PalickSoft\HDD Temperature\HDDTSvc.exe /startedbyscm:916B11C7-40E287F3-HDDTService []
S4 Norton Save and Restore;Norton Save and Restore;C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe [2006-03-03 20:36]
S4 srvRSU;Remote Reboot Utility;C:\Program Files\HREFTools\RemoteRebootUtility\RemBoot.exe [2007-03-25 23:01]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-17 13:00:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-20 00:16:54 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-12-13 11:27:00 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-19 19:17:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HDDTService]
"ImagePath"="C:\Program Files\PalickSoft\HDD Temperature\HDDTSvc.exe /startedbyscm:916B11C7-40E287F3-HDDTService"
.
Completion time: 2007-12-19 19:18:35 - machine was rebooted [Administrateur]
.
2007-12-18 01:44:03 --- E O F ---
20 Décembre 2007 00:09:28

Bonjour

On continue


Copie (Ctrl+C) le texte ci-dessous :

File::
C:\WINDOWS\system32\bayay.bak1
C:\WINDOWS\system32\bayay.bak2
C:\WINDOWS\system32\bayay.ini2

Folder::
C:\Documents and Settings\Administrateur\Application Data\WinButler
C:\Documents and Settings\All Users\Application Data\Fast Warn Ooze Info
C:\Program Files\Evidence Eliminator
C:\Program Files\NetMeter
C:\Documents and Settings\Administrateur\Application Data\a?sembly
C:\Documents and Settings\Administrateur\Application Data\A?pPatch
C:\Documents and Settings\Administrateur\Application Data\F?nts
C:\Documents and Settings\Administrateur\Application Data\F?nts
C:\Documents and Settings\Administrateur\Application Data\MPEGFLAWBAIT
C:\Documents and Settings\Administrateur\Application Data\M?crosoft
C:\Documents and Settings\Administrateur\Application Data\M?crosoft.NET
C:\Documents and Settings\Administrateur\Application Data\s?curity
C:\Documents and Settings\Administrateur\Application Data\S?mantec
C:\Documents and Settings\Administrateur\Application Data\s?mbols
C:\Documents and Settings\Administrateur\Application Data\s?stem
C:\Documents and Settings\Administrateur\Application Data\s?stem32
C:\Documents and Settings\Administrateur\Application Data\T?sks
C:\Documents and Settings\Administrateur\Application Data\W?nSxS
C:\Documents and Settings\Administrateur\Application Data\?dobe
C:\Documents and Settings\Administrateur\Application Data\?ppPatch
C:\Documents and Settings\Administrateur\Application Data\??pPatch
C:\Documents and Settings\Administrateur\Application Data\?icrosoft
C:\Documents and Settings\Administrateur\Application Data\?icrosoft.NET
C:\Documents and Settings\Administrateur\Application Data\??crosoft
C:\Documents and Settings\Administrateur\Application Data\??crosoft.NET
C:\Documents and Settings\Administrateur\Application Data\?racle
C:\Documents and Settings\Administrateur\Application Data\?asks
C:\Documents and Settings\Administrateur\Application Data\??sks
C:\Documents and Settings\Administrateur\Application Data\?dobe
C:\Documents and Settings\Administrateur\Application Data\?ppPatch
C:\Documents and Settings\Administrateur\Application Data\?ssembly
C:\Documents and Settings\Administrateur\Application Data\??sembly
C:\Documents and Settings\Administrateur\Application Data\??pPatch
C:\Documents and Settings\Administrateur\Application Data\?ecurity
C:\Documents and Settings\Administrateur\Application Data\?ymantec
C:\Documents and Settings\Administrateur\Application Data\?ymbols
C:\Documents and Settings\Administrateur\Application Data\?ystem
C:\Documents and Settings\Administrateur\Application Data\?ystem32
C:\Documents and Settings\Administrateur\Application Data\??curity
C:\Documents and Settings\Administrateur\Application Data\??mantec
C:\Documents and Settings\Administrateur\Application Data\??mbols
C:\Documents and Settings\Administrateur\Application Data\??stem
C:\Documents and Settings\Administrateur\Application Data\??stem32
C:\Documents and Settings\Administrateur\Application Data\?icrosoft
C:\Documents and Settings\Administrateur\Application Data\?icrosoft.NET
C:\Documents and Settings\Administrateur\Application Data\??crosoft
C:\Documents and Settings\Administrateur\Application Data\?racle
C:\Documents and Settings\Administrateur\Application Data\?asks
C:\Documents and Settings\Administrateur\Application Data\??sks
C:\Documents and Settings\All Users\Application Data\Fast Warn Ooze Info
C:\Program Files\a?sembly
C:\Program Files\A?pPatch
C:\Program Files\F?nts
C:\Program Files\MPEGFLAWBAIT
C:\Program Files\M?crosoft
C:\Program Files\M?crosoft.NET
C:\Program Files\s?curity
C:\Program Files\S?mantec
C:\Program Files\s?mbols
C:\Program Files\s?stem
C:\Program Files\s?stem32
C:\Program Files\T?sks
C:\Program Files\W?nSxS
C:\Program Files\?dobe
C:\Program Files\?ppPatch
C:\Program Files\??pPatch
C:\Program Files\?icrosoft
C:\Program Files\?icrosoft.NET
C:\Program Files\??crosoft
C:\Program Files\??crosoft.NET
C:\Program Files\?racle
C:\Program Files\?asks
C:\Program Files\??sks
C:\Program Files\?dobe
C:\Program Files\?ppPatch
C:\Program Files\?ssembly
C:\Program Files\??sembly
C:\Program Files\??pPatch
C:\Program Files\?ecurity
C:\Program Files\?ymantec
C:\Program Files\?ymbols
C:\Program Files\?ystem
C:\Program Files\?ystem32
C:\Program Files\??curity
C:\Program Files\??mantec
C:\Program Files\??mbols
C:\Program Files\??stem
C:\Program Files\??stem32
C:\Program Files\?icrosoft
C:\Program Files\?icrosoft.NET
C:\Program Files\??crosoft
C:\Program Files\??crosoft.NET
C:\Program Files\?racle
C:\Program Files\?asks
C:\Program Files\??sks

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\NetMeter]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drvsyskit]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evidence Eliminator]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hldrrr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Lsass Service]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooze info 4 shim]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\p2p networking]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6w]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinButler]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFlyer32.dll]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch]


Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt



Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu avec un nouveau Hijackthis.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
20 Décembre 2007 00:56:16

ComboFix 07-12-19.2 - Administrateur 2007-12-20 18:48:56.17 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.452 [GMT -5:00]
Running from: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\bayay.bak1
C:\WINDOWS\system32\bayay.bak2
C:\WINDOWS\system32\bayay.ini2
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\MPEGFLAWBAIT
C:\Program Files\NetMeter
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\NetMeter\NetMeter.ini
C:\Program Files\NetMeter\NetMeter.tlg
C:\Program Files\NetMeter\ReadMe.txt
C:\Program Files\NetMeter\unins000.dat
C:\Program Files\NetMeter\unins000.exe

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-20 to 2007-12-20 ))))))))))))))))))))))))))))))))))))
.

2007-12-20 11:11 . 2007-12-20 11:15 <REP> d-------- C:\Program Files\jv16 PowerTools 2006
2007-12-18 18:46 . 2004-08-19 16:09 116,736 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2007-12-18 18:46 . 2001-08-23 17:47 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2007-12-18 18:46 . 2001-08-23 17:47 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2007-12-18 18:46 . 2001-08-23 17:47 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2007-12-18 18:46 . 2001-08-17 20:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2007-12-18 18:46 . 2001-08-23 17:47 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2007-12-18 18:44 . 2004-08-19 16:09 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll
2007-12-18 18:43 . 2004-08-19 16:09 154,112 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2007-12-18 18:43 . 2004-08-03 23:00 87,424 --a--c--- C:\WINDOWS\system32\dllcache\irda.sys
2007-12-18 18:43 . 2004-08-03 23:08 40,832 --a--c--- C:\WINDOWS\system32\dllcache\irbus.sys
2007-12-18 18:43 . 2004-08-19 16:09 28,160 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2007-12-18 18:43 . 2001-08-17 21:49 26,624 --a--c--- C:\WINDOWS\system32\dllcache\irstusb.sys
2007-12-18 18:43 . 2001-08-17 21:49 23,552 --a--c--- C:\WINDOWS\system32\dllcache\irmk7.sys
2007-12-18 18:43 . 2001-08-17 21:51 18,688 --a--c--- C:\WINDOWS\system32\dllcache\irsir.sys
2007-12-18 18:43 . 2004-08-19 16:10 16,384 --a--c--- C:\WINDOWS\system32\dllcache\ipsink.ax
2007-12-18 18:42 . 2001-08-23 17:46 462,848 --a--c--- C:\WINDOWS\system32\dllcache\a3dapi.dll
2007-12-18 18:42 . 2004-08-03 22:32 231,552 --a--c--- C:\WINDOWS\system32\dllcache\ac97ali.sys
2007-12-18 18:42 . 2001-08-17 20:20 96,256 --a--c--- C:\WINDOWS\system32\dllcache\ac97intc.sys
2007-12-18 18:42 . 2001-08-23 17:46 38,400 --a--c--- C:\WINDOWS\system32\dllcache\8514a.dll
2007-12-18 18:42 . 2001-08-17 21:52 23,552 --a--c--- C:\WINDOWS\system32\dllcache\abp480n5.sys
2007-12-18 18:24 . 2007-12-18 18:24 20 --a------ C:\WINDOWS\twain.dat
2007-12-18 18:21 . 2007-12-18 18:40 <REP> d-------- C:\I386
2007-12-18 17:43 . 2001-08-23 17:46 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2007-12-18 09:43 . 2007-12-18 09:44 <REP> d-------- C:\Documents and Settings\All Users\Anyplace Control 4
2007-12-18 02:09 . 2007-12-18 07:20 <REP> d-------- C:\__eetemp
2007-12-17 21:36 . 2007-12-20 18:03 <REP> d-------- C:\Program Files\MSN Messenger
2007-12-17 18:26 . 2007-12-17 18:27 <REP> d-------- C:\Qoofix
2007-12-17 18:13 . 2007-12-17 18:13 85,635 --a------ C:\Qoofix.zip
2007-12-17 16:26 . 2007-12-20 18:30 24 --a------ C:\WINDOWS\ShellIcon32.dll
2007-12-17 16:25 . 2007-12-20 18:30 <REP> d-------- C:\Program Files\Anyplace Control 4
2007-12-17 16:25 . 2007-12-17 16:25 47 --a------ C:\WINDOWS\anyplace-control.ini
2007-12-16 23:31 . 2007-12-17 09:14 <REP> d-------- C:\Documents and Settings\Administrateur\.housecall6.6
2007-12-16 19:53 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-16 19:51 . 2007-12-16 19:51 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-12-16 12:06 . 2007-12-16 12:06 <REP> d-------- C:\Program Files\HREFTools
2007-12-15 21:05 . 2007-12-15 21:05 <REP> d-------- C:\fsaua.data
2007-12-15 18:51 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-15 18:51 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-15 18:51 . 2007-12-13 19:40 77,824 --a------ C:\WINDOWS\system32\IEDFix.exe
2007-12-15 18:51 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-15 18:51 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-15 18:51 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-15 16:09 . 2007-12-15 16:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-12-15 16:05 . 2007-12-15 16:05 <REP> d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2
2007-12-15 16:04 . 2007-12-15 23:21 <REP> d-------- C:\Documents and Settings\Administrateur\SecurityScans
2007-12-15 15:43 . 2007-12-17 15:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2007-12-15 15:12 . 2007-12-15 15:12 <REP> d-------- C:\Program Files\Shavlik Technologies
2007-12-15 14:54 . 2007-12-15 14:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{DD33F2FB-A420-45C0-9477-4F59487EFF1F}
2007-12-15 13:29 . 1996-05-03 23:05 28,672 --a------ C:\WINDOWS\system32\MSGHOO32.OCX
2007-12-15 13:28 . 1998-04-24 01:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2007-12-15 13:25 . 2007-12-20 12:54 <REP> d-------- C:\WINDOWS\system32\CatRoot2
2007-12-15 12:59 . 2007-12-15 12:59 <REP> d-------- C:\Program Files\Impact Software LLC
2007-12-14 11:52 . 2007-12-14 11:52 <REP> d-------- C:\VundoFix Backups
2007-12-14 10:37 . 2007-12-14 10:37 <REP> d-------- C:\Program Files\Kill Process
2007-12-12 21:19 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-12 21:19 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-12 21:19 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-12 19:25 . 2007-12-12 19:25 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-12 19:20 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-12-12 19:18 . 2007-12-12 19:18 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-12 18:51 . 2007-12-12 19:20 <REP> d-------- C:\Program Files\Windows Live
2007-12-12 18:51 . 2007-12-12 18:55 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-12 18:51 . 2007-12-17 22:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-11 17:41 . 2007-12-15 13:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-12-11 14:32 . 2007-12-11 14:32 <REP> d-------- C:\Documents and Settings\LocalService\Menu D‚marrer
2007-12-11 12:18 . 2007-12-11 12:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-10 21:44 . 2007-12-10 21:44 <REP> d-------- C:\Program Files\Smart Projects
2007-12-08 09:06 . 2007-12-08 09:08 <REP> d-------- C:\Program Files\Bandwidth Monitor Pro
2007-12-08 09:06 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-12-04 08:17 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-12-01 14:52 . 2007-12-01 16:03 <REP> d-------- C:\Program Files\mp3Tag 5
2007-11-25 23:43 . 2007-11-25 23:43 245,408 --a------ C:\WINDOWS\system32\unicows.dll
2007-11-25 11:17 . 2007-12-15 13:39 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\BitTorrent
2007-11-25 11:16 . 2007-11-25 11:17 <REP> d-------- C:\Program Files\BitTorrent
2007-11-23 13:28 . 2007-11-23 13:28 <REP> d-------- C:\Program Files\PalickSoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-20 14:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-18 16:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-17 00:53 --------- d-----w C:\Program Files\Java
2007-12-15 17:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-15 17:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-13 23:51 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Skype
2007-12-13 23:04 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\AVG7
2007-12-11 17:18 --------- d-----w C:\Program Files\Lavasoft
2007-12-08 17:55 --------- d-----w C:\Program Files\NetLimiter 2 Pro
2007-12-03 21:43 --------- d-----w C:\Program Files\Shareaza
2007-12-01 20:18 --------- d-----w C:\Program Files\Winamp
2007-11-17 15:38 --------- d-----w C:\Program Files\iTunes
2007-11-17 15:38 --------- d-----w C:\Program Files\iPod
2007-11-17 15:36 --------- d-----w C:\Program Files\QuickTime
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-09 23:52 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\BearShare
2007-11-07 13:05 --------- d-----w C:\Program Files\BearFlix
2007-11-07 12:18 --------- d-----w C:\Program Files\BearShare Applications
2007-11-04 17:26 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-11-04 13:33 --------- d-----w C:\Program Files\Mortal Kombat 4
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-28 17:42 --------- d-----w C:\Program Files\WinLemm
2007-10-28 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-25 14:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-24 06:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2007-10-24 06:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
2007-10-24 06:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-10-24 06:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2007-10-23 22:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-23 01:57 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2007-10-21 19:41 --------- d-----w C:\Program Files\The GodFather
2007-10-21 19:04 --------- d-----w C:\Program Files\My Video Downloader
2007-10-21 19:03 --------- d-----w C:\Program Files\Ripp-it_AM
2007-10-21 19:03 --------- d-----w C:\Program Files\ProFF-Morse-3
2007-10-21 19:01 --------- d-----w C:\Program Files\VideoLAN
2007-10-21 19:01 --------- d-----w C:\Program Files\RSHUT Pro
2007-10-21 18:57 --------- d-----w C:\Program Files\ABF software
2007-10-21 18:21 --------- d-----w C:\Program Files\windirstat
2007-10-21 12:05 --------- d-----w C:\Program Files\Fichiers communs\DVDVIDEOSOFT
2007-05-08 19:53 19,560 -c--a-w C:\Documents and Settings\Administrateur\Application Data\GDIPFONTCACHEV1.DAT
2007-03-25 13:55 434,688 -c--a-w C:\WINDOWS\system32\config\systemprofile\dpy.exe
2007-03-25 13:52 737,280 -c--a-w C:\WINDOWS\system32\config\systemprofile\irsetup.exe
2004-10-12 16:14 57,344 -c--a-w C:\WINDOWS\system32\config\systemprofile\InstHelp.dll
2004-10-12 16:14 57,344 -c--a-w C:\Documents and Settings\Default User\InstHelp.dll
2004-10-12 16:14 57,344 -c--a-w C:\Documents and Settings\Administrateur\InstHelp.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:09]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2005-03-13 18:37]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^MagicDisc.lnk]
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray]
2007-12-11 19:28 87392 --a------ C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bandwidth Monitor Pro]
C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-10-28 21:25 94208 --a--c--- C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ButtonMonitor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\combofix]
C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch]
2002-03-19 17:30 45632 --a--c--- C:\WINDOWS\system32\taskswitch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-19 15:09 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FolderSizeMonitor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq.com]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-11-15 13:11 267048 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
2001-11-29 00:00 28672 --a--c--- C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keep download]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
Logi_MwX.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
MMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray2K]
MMTray2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTrayLSI]
MMTrayLSI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 --a--c--- C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Save and Restore]
2006-03-03 20:36 1582744 --a--c--- C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPitstop Optimize Registration Reminder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ServUTrayIcon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza Turbo Accelerator]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundService]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
2005-03-13 18:37 1057280 --a--c--- C:\Program Files\SuperCopier2\SuperCopier2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Memory Card Detector]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 00:00 90112 -----c--- C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
2005-02-16 10:06 218112 --a------ f:\progs\hijackthis\hijackthis.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VFSCache]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Videora]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winehq.org]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"bcserver"=2 (0x2)
"Serv-U"=2 (0x2)
"SandraTheSrv"=3 (0x3)
"SandraDataSrv"=3 (0x3)
"FTService"=2 (0x2)
"cmdService"=2 (0x2)
"Network Monitor"=2 (0x2)
"VundoFixSvc"=3 (0x3)
"AVG Anti-Spyware Guard"=3 (0x3)
"NSCService"=3 (0x3)
"Norton Save and Restore"=2 (0x2)
"NetChkPatch"=2 (0x2)
"usnjsvc"=3 (0x3)
"MDM"=2 (0x2)
"LiveUpdate"=2 (0x2)
"CCALib8"=2 (0x2)
"Avg7UpdSvc"=3 (0x3)
"Avg7Alrt"=2 (0x2)
"AgentInstallationService"=2 (0x2)
"aawservice"=2 (0x2)
"HDDTService"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=3 (0x3)
"aswUpdSv"=3 (0x3)
"PRTG4Service"=2 (0x2)
"WLSetupSvc"=3 (0x3)
"nlsvc"=2 (0x2)
"srvRSU"=2 (0x2)
"HFNetChkProSvc"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)

R1 cpuidlep;CpuIdle Pro System Driver;C:\WINDOWS\system32\drivers\cpuidlep.sys [1999-11-16 07:48]
R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2006-09-13 17:01]
R1 V2IMount;V2IMount;C:\WINDOWS\system32\drivers\V2IMount.sys [2006-03-03 20:36]
R2 APC-Host;APC-Host;C:\Program Files\Anyplace Control 4\apc_host.exe /service []
R3 SMC1211;SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver;C:\WINDOWS\system32\DRIVERS\SMC1211.SYS [2001-07-11 10:06]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;F:\Progs\Everest\kerneld.wnt [2006-12-14 22:42]
S4 Norton Save and Restore;Norton Save and Restore;C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe [2006-03-03 20:36]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-17 13:00:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-20 18:54:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-20 18:55:50 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-19 19:42
C:\ComboFix3.txt ... 2007-12-19 19:18
.
2007-12-20 00:20:13 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:57:48, on 2007-12-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Anyplace Control 4\apc_host.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\No-IP\DUC20.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis\Sim.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Powermarks - {E166B4A2-83E7-11D3-B4FD-004005A47AAA} - C:\PROGRA~1\POWERM~1.5\iec.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.cyberpresse.ca/
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{71D3F6CB-C4F7-4F09-8A20-8B7612E2DE42}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{71D3F6CB-C4F7-4F09-8A20-8B7612E2DE42}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{71D3F6CB-C4F7-4F09-8A20-8B7612E2DE42}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: APC-Host - Anyplace Control Software - C:\Program Files\Anyplace Control 4\apc_host.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

--
End of file - 5584 bytes
20 Décembre 2007 02:28:34

ça reste bloqué à 47 fichier vérifiés...j,ai laissé allé 22 min la première fois et réesseyé...il trouve ces 8 fichier dès le début et bloque là avec usage cpu à 100%

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, December 20, 2007 8:28:27 PM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 20/12/2007
Enregistrements dans la base antivirus Kaspersky : 458540
-------------------------------------------------------------------------------

Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie: vrai

Cible de l'analyse - Poste de travail:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\

Statistiques de l'analyse:
Total d'objets analysés: 47
Nombre de virus trouvés: 1
Nombre d'objets infectés: 0 / 0
Nombre d'objets suspects: 8
Durée de l'analyse: 00:02:12

Nom de l'objet infecté / Nom du virus / Dernière action
C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\acw.exe.bac_a02952 Suspect : Packed.Win32.PePatch.dk ignoré
C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\All to All ( MP3, OGG, WMA 8, WAV) converter+crack.zip.bac_a02952/Audio_Conversion_Wizard_Crack.zip/acw.exe Suspect : Packed.Win32.PePatch.dk ignoré
C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\All to All ( MP3, OGG, WMA 8, WAV) converter+crack.zip.bac_a02952/Audio_Conversion_Wizard_Crack.zip Suspect : Packed.Win32.PePatch.dk ignoré
C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\All to All ( MP3, OGG, WMA 8, WAV) converter+crack.zip.bac_a02952 ZIP: suspect - 2 ignoré
C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\All to All ( MP3, OGG, WMA 8, WAV) converter+crack.zip.bac_a02952 CryptFF.b: suspect - 2 ignoré
C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\Audio_Conversion_Wizard_Crack.zip.bac_a02952/acw.exe Suspect : Packed.Win32.PePatch.dk ignoré
C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\Audio_Conversion_Wizard_Crack.zip.bac_a02952 ZIP: suspect - 1 ignoré
C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\Audio_Conversion_Wizard_Crack.zip.bac_a02952 CryptFF.b: suspect - 1 ignoré

Analyse interrompue par l'utilisateur !
20 Décembre 2007 12:24:14

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, December 21, 2007 6:24:31 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/12/2007
Kaspersky Anti-Virus database records: 458627
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\

Scan Statistics:
Total number of scanned objects: 63218
Number of viruses found: 3
Number of infected objects: 8
Number of suspicious objects: 2
Duration of the scan process: 02:40:02

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrateur\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\MSHist012007122020071221\index.dat Object is locked skipped
C:\Documents and Settings\Administrateur\Local Settings\Temp\Perflib_Perfdata_5a4.dat Object is locked skipped
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrateur\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrateur\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt4.zip/retadpu1000137.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt4.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\No-IP\DUC - Administrateur.log Object is locked skipped
C:\Program Files\No-IP\Service.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{51F1CC82-04A9-4F26-94F9-F8F132D1783A}\RP66\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{0D052141-3F21-4B15-8E8A-2D3211A1A812}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\NetLimit.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\Emule\Download\Anyplace Control 4.1.1.0.zip/Anyplace Control 4.1.1.0.exe Infected: Trojan-Downloader.Win32.Bagle.go skipped
F:\Emule\Download\Anyplace Control 4.1.1.0.zip ZIP: infected - 1 skipped
F:\Emule\Download\DynamSoft.SourceAnyWhere.Professional.Edition.v5.0.WinALL.Incl.Keygen-ViRiLiTY.zip/DynamSoft.SourceAnyWhere.Professional.Edition.v5.0.WinALL.Incl.Keygen-ViRiLiTY/keygen.exe Infected: Trojan-Dropper.Win32.Delf.xo skipped
F:\Emule\Download\DynamSoft.SourceAnyWhere.Professional.Edition.v5.0.WinALL.Incl.Keygen-ViRiLiTY.zip/DynamSoft.SourceAnyWhere.Professional.Edition.v5.0.WinALL.Incl.Keygen-ViRiLiTY/SAW5.0ProServer.exe Infected: Trojan-Dropper.Win32.Delf.xo skipped
F:\Emule\Download\DynamSoft.SourceAnyWhere.Professional.Edition.v5.0.WinALL.Incl.Keygen-ViRiLiTY.zip ZIP: infected - 2 skipped
F:\Emule\Download\DynamSoft.SourceAnyWhere.v5.0.1.Professional.Edition.Server.Incl.Keymaker-ZWT.zip/DynamSoft.SourceAnyWhere.v5.0.1.Professional.Edition.Server.Incl.Keymaker-ZWT/Keygen.exe Infected: Trojan-Dropper.Win32.Delf.xo skipped
F:\Emule\Download\DynamSoft.SourceAnyWhere.v5.0.1.Professional.Edition.Server.Incl.Keymaker-ZWT.zip/DynamSoft.SourceAnyWhere.v5.0.1.Professional.Edition.Server.Incl.Keymaker-ZWT/setup.exe Infected: Trojan-Dropper.Win32.Delf.xo skipped
F:\Emule\Download\DynamSoft.SourceAnyWhere.v5.0.1.Professional.Edition.Server.Incl.Keymaker-ZWT.zip ZIP: infected - 2 skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
20 Décembre 2007 21:45:18

Bonjour

Supprime ces trois fichiers

F:\Emule\Download\Anyplace Control 4.1.1.0.zip
F:\Emule\Download\DynamSoft.SourceAnyWhere.Professional.Edition.v5.0.WinALL.Incl.Keygen-ViRiLiTY.zip
F:\Emule\Download\DynamSoft.SourceAnyWhere.v5.0.1.Professional.Edition.Server.Incl.Keymaker-ZWT.zip


As tu encore des dysfonctionnements ?
20 Décembre 2007 22:19:56

Toujours messenger inutilisable...

Malgré toutes les démarches et tentatives de désinstallations et réinstallations...

Plus de popup ni de "lag" mais ce foutu messenger rien à y faire...

J'ai fait des démarches de ce côté aussi

http://www.commentcamarche.net/forum/affich-4315369-log...

Mais malgré tout ça...rien à faire pour messenger...
20 Décembre 2007 22:58:15

Bonjour


Expose ce problème sur la section Hardware ;) 
23 Décembre 2007 13:40:53

Msn ça va dans le hardware ???
24 Décembre 2007 00:48:58

Euh ...

Effectivement, plutôt Logiciels.
Ou peut être Internet et Réseaux.
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS