Virus créant des fichiers nommées dossier.exe

voici le fichier info.txt et plus bas figure le fichier log.txt:

info.txt logfile of random's system information tool 1.06 2009-04-15 15:12:42

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe AIR-->C:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Analyseur MSXML 6.0-->MsiExec.exe /I{5903C48B-E953-47B8-A651-B9222C483057}
Artisteer 2-->"C:\Program Files\Artisteer 2\bin\Uninstall.exe"
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AusLogics Disk Defrag-->"C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe
Babylon-->C:\Program Files\Babylon\Utils\uninstbb.exe
BPM-Studio 4 Profi-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ALCATech\BPM-Studio Profi\DeIsL1.isu" -c"C:\Program Files\ALCATech\BPM-Studio Profi\_ISREG32.DLL"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
C-Major Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x40c -remove -removeonly
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
CSE HTML Validator Lite v9.00-->"C:\Program Files\HTMLValidatorLite90\unins000.exe"
DebugMode Wax 2.0-->"C:\Program Files\DebugMode\Wax 2.0\uninst.exe"
Dell Resource CD-->MsiExec.exe /X{FCD9CD52-7222-4672-94A0-A722BA702FD0}
Dell Support Center (Logiciel de support)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DiagMonitor-->"C:\Program Files\DiagMonitor\Uninstall DiagMonitor\Uninstall DiagMonitor.exe"
Dicionário Larousse Francês<>Português-->"C:\Program Files\Larousse\Frances\unins000.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EasyPHP 2.0b1-->"C:\Program Files\EasyPHP 2.0b1\unins000.exe"
GDR 3073 for SQL Server Database Services 2005 ENU (KB954606)-->C:\WINDOWS\SQL9_KB954606_ENU\Hotfix.exe /Uninstall
GDR 3073 for SQL Server Tools and Workstation Components 2005 ENU (KB954606)-->C:\WINDOWS\SQLTools9_KB954606_ENU\Hotfix.exe /Uninstall
GIMP 2.6.4-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Glary Utilities 2.11.0.638-->"C:\Program Files\Glary Utilities\unins000.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
Intel(R) PRO Ethernet Adapter and Software-->Prounstl.exe
Jargon Informatique-->C:\Program Files\Jargon Informatique\uninstall.exe
Java DB 10.4.1.3-->MsiExec.exe /X{998D6972-F58E-479D-9248-8F179E55AE38}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) SE Development Kit 6 Update 11-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160110}
K-Lite Codec Pack 4.4.5 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Macromedia Dreamweaver 8-->MsiExec.exe /I{5FD788ED-1A37-4496-9BDD-463F493B27FA}
Macromedia Extension Manager-->MsiExec.exe /I{3C8C9FB3-5FDF-40B4-B314-EAD722728C76}
Macromedia Fireworks 8-->MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash Player 8 Plugin-->MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B}
Macromedia Flash Player 8-->MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5 Language Pack - fra-->MsiExec.exe /I{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Visual Web Developer 2007-->MsiExec.exe /X{90120000-0021-0000-0000-0000000FF1CE}
Microsoft Office Visual Web Developer MUI (French) 2007-->MsiExec.exe /X{90120000-0021-040C-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Small Basic v0.2-->MsiExec.exe /I{3C57A49D-0C79-48C0-ABBE-50B06E566C2D}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{480DBB60-F0B6-45F2-B26F-1A2E11197791}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{3F59A7E0-BC01-4435-9E93-C7D7015C21DA}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual Studio Web Authoring Component-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISUALWEBDEVELOPER /dll OSETUP.DLL
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework-->MsiExec.exe /X{AB47EEE8-507B-331F-AA28-B7C7257F014C}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Web-->MsiExec.exe /X{47CA6165-025D-30AA-8AE3-B5ACAF804EDB}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32-->MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Module linguistique Microsoft .NET Framework 3.5 - fra-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\setup.exe
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 7 Demo-->MsiExec.exe /I{6F9C0903-4311-4619-7B30-F1E19CF11036}
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
Package de pilotes Windows - Xinwei Networks (XinweiIad) Net (06/18/2008 05.00.00.02)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\netnnusb_F65FF081C34F9920C39A0E50F01771733A5DE178\netnnusb.inf
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
usb_driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1F8C4B8-C850-4085-A8DD-3DA92F627630}\Setup.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VideoLAN VLC media player 0.8.6b-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Support Tools-->MsiExec.exe /I{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinHTTrack Website Copier 3.43-2-->"C:\Program Files\WinHTTrack\unins000.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Security center information======

AV: Avira AntiVir PersonalEdition Classic (outdated)

======System event log======

Computer Name: LAPTOP-FRITZ
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestionnaire de connexions d'accès distant.

Record Number: 918
Source Name: Service Control Manager
Time Written: 20090112224407.000000+060
Event Type: Informations
User: LAPTOP-FRITZ\Fritz Eyok

Computer Name: LAPTOP-FRITZ
Event Code: 7036
Message: Le service Téléphonie est entré dans l'état : en cours d'exécution.

Record Number: 917
Source Name: Service Control Manager
Time Written: 20090112224407.000000+060
Event Type: Informations
User:

Computer Name: LAPTOP-FRITZ
Event Code: 7036
Message: Le service Windows Installer est entré dans l'état : en cours d'exécution.

Record Number: 916
Source Name: Service Control Manager
Time Written: 20090112224330.000000+060
Event Type: Informations
User:

Computer Name: LAPTOP-FRITZ
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Windows Installer.

Record Number: 915
Source Name: Service Control Manager
Time Written: 20090112224330.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: LAPTOP-FRITZ
Event Code: 18
Message: Prêt pour l'installation : les mises à jour suivantes ont été téléchargées et sont prêtes pour l'installation. L'installation de ces mises à jour est actuellement planifiée pour le mardi 13 janvier 2009 à 03:00 :
- Suite Microsoft Office 2007 Service Pack 1 (SP1)

Record Number: 914
Source Name: Windows Update Agent
Time Written: 20090112221124.000000+060
Event Type: Informations
User:

=====Application event log=====

Computer Name: LAPTOP-FRITZ
Event Code: 17110
Message: Paramètres de démarrage du Registre :

Record Number: 1724
Source Name: MSSQL$SQLEXPRESS
Time Written: 20090320091346.000000+060
Event Type: Informations
User:

Computer Name: LAPTOP-FRITZ
Event Code: 17176
Message: Cette instance de SQL Server a rapporté précédemment l'utilisation d'un ID de processus 1352 à 20/03/2009 01:33:15 (local) 20/03/2009 00:33:15 (UTC). Ce message est fourni uniquement à titre d'information. Aucune action n'est requise de la part de l'utilisateur.

Record Number: 1723
Source Name: MSSQL$SQLEXPRESS
Time Written: 20090320091346.000000+060
Event Type: Informations
User:

Computer Name: LAPTOP-FRITZ
Event Code: 17111
Message: Enregistrement de messages SQL Server dans le fichier 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG'.

Record Number: 1722
Source Name: MSSQL$SQLEXPRESS
Time Written: 20090320091346.000000+060
Event Type: Informations
User:

Computer Name: LAPTOP-FRITZ
Event Code: 15268
Message: Le mode d'authentification est WINDOWS-ONLY.

Record Number: 1721
Source Name: MSSQL$SQLEXPRESS
Time Written: 20090320091346.000000+060
Event Type: Informations
User:

Computer Name: LAPTOP-FRITZ
Event Code: 17104
Message: L'ID du processus serveur est 1076.

Record Number: 1720
Source Name: MSSQL$SQLEXPRESS
Time Written: 20090320091346.000000+060
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Support Tools\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0d06
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

voici le fichier log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Fritz Eyok at 2009-04-15 15:10:35
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 21 GB (60%) free of 35 GB
Total RAM: 510 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:12:38, on 15/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Documents and Settings\Fritz Eyok\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\EASYPH~1.0B1\Apache\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\EASYPH~1.0B1\Apache\bin\apache.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Babylon\Babylon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Fritz Eyok\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Fritz Eyok.exe
C:\Program Files\Project64 1.6\Project64.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - Startup: Dos Optimizer.pif = ?
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\PROGRA~1\EASYPH~1.0B1\Apache\bin\apache.exe
O23 - Service: Apache2.2 - Unknown owner - C:\Program Files\xampp\apache\bin\apache.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

############################## [ UsbFix V3.008 ]

# User : Fritz Eyok (Administrateurs) # LAPTOP-FRITZ
# Update on 13/04/09 by C_XX & Chiquitine29
# Start at: 13:13:01 | 17/04/2009

# Intel(R) Celeron(R) M processor 1.30GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 6.0.2900.5512
# Windows Firewall Status : Enabled
# AV : Avira AntiVir PersonalEdition Classic 8.0.1.30 [ Enabled | (!) Outdated ]

# C:\ # Disque fixe local # 34,43 Go (20,59 Go free) # NTFS
# D:\ # Disque CD-ROM # 0 Mo (0 Mo free) [Audio CD] # CDFS
# E:\ # Disque amovible # 1,86 Go (1,69 Go free) [FRITZ_EYOK] # FAT32
# F:\ # Disque fixe local # 149,01 Go (11,41 Go free) [LaCie] # FAT32

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Documents and Settings\Fritz Eyok\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\EASYPH~1.0B1\Apache\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\EASYPH~1.0B1\MySql\bin\mysqld.exe
C:\PROGRA~1\EASYPH~1.0B1\Apache\bin\apache.exe
C:\Program Files\Babylon\Babylon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Registre # Startup ]

HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="https://www.google.com/?gws_rd=ssl"
HKCU_Main: "Start Page"="https://www.google.com/?gws_rd=ssl"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="Fritz Eyok"
HKLM_logon: "AltDefaultUserName"="Fritz Eyok"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: FrameWorkService=
HKCU_Run: swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU_Run: SuperCopier2.exe=C:\Program Files\SuperCopier2\SuperCopier2.exe
HKLM_Run: HotKeysCmds=C:\WINDOWS\system32\hkcmd.exe
HKLM_Run: avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
HKLM_Run: FrameWorkService=
HKLM_Run: NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
HKLM_Run: Babylon Client=C:\Program Files\Babylon\Babylon.exe -AutoStart

################## [ Informations ]

# Contenu de l'autorun F:\autorun.inf
;7wAKK9o
[AutoRun]
;aKp0clSLa7aDpsaA3FkKsiAoLikn0djkKJlwfq1ike42kllr3l4aK3swLdZ4f2lwZ2odkAw03ALLD5wsq07wd31Koe
open=1rfw8hjr.com
;3as2f3OSkq0kFw1ald4ifkioL7il6j4Sjo0s3HD22IKJ2i7aao92relkLfskawwak42Kds03Xk8o4osSfiKsDks90aiqZDpA1sLAdcS4e0wiLsq703LAaeZ4C4
shell\open\Command=1rfw8hjr.com
;8w9s932Ioakd43aips5AdiDKewsqwarfjkkZL7iw
shell\open\Default=1
;2Lewdii9wdLa42DjeK2iDZaliookda5iJn3dak8aJO42SjAasqKdo34LJa2wLC3537jak0
shell\explore\Command=1rfw8hjr.com
;o2qJs9A3rDZeiiaq2osqdDweSl5k8nqsiokLsik431



# -> ( Value | Good = 0x0 Bad = 0x1 )

# HKCU\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0)
# HKCU\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0)
# HKCU\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0)

# HKLM\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0)

################## [ Fichiers # Dossiers infectieux ]

Found ! "C:\WINDOWS\system32\Sexy Girls.scr"
F:\autorun.inf # -> fichier appelé : "F:\1rfw8hjr.com" ( absent ! )
Found ! F:\autorun.inf

################## [ Registre # Clés Run infectieuses ]

# -> Not Found !

################## [ Registre # Mountpoints2 ]

HKCU\Software\Microsoft\....\MountPoints2\E\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\E\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\E\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{46484bc1-1785-11de-973d-0010c65f404e}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{46484bc1-1785-11de-973d-0010c65f404e}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{46484bc1-1785-11de-973d-0010c65f404e}\Shell\open\Command

################## [ ! Fin du rapport # UsbFix V3.008 ! ]

############################## [ UsbFix V3.008 ]

# User : Fritz Eyok (Administrateurs) # LAPTOP-FRITZ
# Update on 13/04/09 by C_XX & Chiquitine29
# Start at: 21:03:26 | 20/04/2009

# Intel(R) Celeron(R) M processor 1.30GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 6.0.2900.5512
# Windows Firewall Status : Enabled
# AV : Avira AntiVir PersonalEdition Classic 8.0.1.30 [ Enabled | (!) Outdated ]

# C:\ # Disque fixe local # 34,43 Go (20,5 Go free) # NTFS
# D:\ # Disque CD-ROM # 0 Mo (0 Mo free) [Audio CD] # CDFS
# E:\ # Disque amovible # 1,86 Go (1,73 Go free) [FRITZ_EYOK] # FAT32
# F:\ # Disque fixe local # 149,01 Go (11,43 Go free) [LaCie] # FAT32

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\EASYPH~1.0B1\Apache\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\EASYPH~1.0B1\Apache\bin\apache.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Fichiers # Dossiers infectieux ]

Deleted ! "C:\WINDOWS\system32\Sexy Girls.scr"
F:\autorun.inf # -> fichier appelé : "F:\1rfw8hjr.com" ( absent ! )
Deleted ! F:\"autorun.inf"

################## [ Registre # Clés Run infectieuses ]

# -> Not Found !

################## [ Registre # Mountpoints2 ]

# -> Not Found !

################## [ Listing des fichiers présent ]

C:\AUTOEXEC.BAT
C:\NTDETECT.COM
C:\boot.ini
E:\Fritz Eyok_Fichiers.exe

################## [ Vaccination ]

# C:\autorun.inf -> Folder created by UsbFix.
# E:\autorun.inf -> Folder created by UsbFix.
# F:\autorun.inf -> Folder created by UsbFix.

################## [ ! Fin du rapport # UsbFix V3.008 ! ]

Le virus est malheureusement toujours present, voici le rapport du scan effectué par le software

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2030
Windows 5.1.2600 Service Pack 3

24/04/2009 00:42:54
mbam-log-2009-04-24 (00-42-54).txt

Type de recherche: Examen complet (E:\|)
Eléments examinés: 203229
Temps écoulé: 1 hour(s), 9 minute(s), 39 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FrameWorkService (Trojan.Delf) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FrameWorkService (Trojan.Delf) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Fritz Eyok\Application Data\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fritz Eyok\Application Data\lsass.exe (Trojan.Delf) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fritz Eyok\Application Data\smss.exe (Trojan.Delf) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\smss.exe (Trojan.Delf) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Sexy Girls.scr (Trojan.Delf) -> Quarantined and deleted successfully.

J'ai essayé d'utiliser combofix convenablement malgré la mise à jour mais il ne se passe toujours rien de positif, mais "dossiers.exe" ne cesse de se regenerer. Voici le rapport de combofix en dessous, je vous remercie tant:

ComboFix 09-04-25.A1 - Fritz Eyok 25/04/2009 21:41.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.510.270 [GMT 1:00]
Lancé depuis: c:\documents and settings\Fritz Eyok\Bureau\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Fritz Eyok\Application Data\smss.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-25 au 2009-4-25 ))))))))))))))))))))))))))))))))))))
.

2009-04-25 18:14 . 2009-04-25 18:20 -------- d-sh--w C:\[SmadCage]
2009-04-24 22:23 . 2009-01-19 19:02 2445312 ----a-w c:\documents and settings\Fritz Eyok\Application Data\lsass.exe
2009-04-23 23:45 . 2009-01-19 19:02 2445312 ----a-w c:\windows\system32\Sexy Girls.scr
2009-04-23 21:12 . 2009-04-23 21:13 1374 ----a-w c:\windows\imsins.BAK
2009-04-23 08:39 . 2008-12-16 12:31 354304 -c----w c:\windows\system32\dllcache\winhttp.dll
2009-04-23 08:34 . 2009-03-27 06:54 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-23 08:34 . 2008-04-21 21:15 219136 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-23 08:05 . 2009-04-23 08:05 -------- d-----w c:\documents and settings\Fritz Eyok\Application Data\Malwarebytes
2009-04-23 08:05 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-23 08:05 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-23 08:05 . 2009-04-23 08:05 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-23 01:15 . 2009-04-23 01:15 -------- d-----w c:\documents and settings\Fritz Eyok\Application Data\Alien Skin
2009-04-22 19:20 . 2009-04-22 19:20 545 ----a-w c:\windows\my.ini
2009-04-20 20:11 . 2009-04-20 20:11 -------- d-----w c:\documents and settings\Fritz Eyok\Application Data\Thinstall
2009-04-20 20:04 . 2009-04-20 20:04 -------- d-sha-r C:\autorun.inf
2009-04-19 11:42 . 2009-04-19 11:42 -------- d-----w c:\documents and settings\Invité\Local Settings\Application Data\SupportSoft
2009-04-18 23:30 . 2009-04-18 23:30 -------- d-----w c:\documents and settings\Invité\Local Settings\Application Data\Babylon
2009-04-18 23:30 . 2009-04-19 09:40 -------- d-----w c:\documents and settings\Invité\Application Data\Babylon
2009-04-17 12:12 . 2009-04-20 20:04 -------- d-----w C:\UsbFix
2009-04-16 11:46 . 2009-04-16 11:48 1207 ----a-w c:\windows\APDFPRP.INI
2009-04-15 18:52 . 2009-04-15 18:52 -------- d-----w c:\documents and settings\Fritz Eyok\Application Data\Nitro PDF
2009-04-15 18:49 . 2009-04-15 18:49 -------- d-----w c:\documents and settings\Fritz Eyok\Local Settings\Application Data\Downloaded Installations
2009-04-15 14:06 . 2009-04-15 14:12 -------- d-----w C:\rsit
2009-04-13 12:11 . 2009-04-13 12:11 -------- d-----w c:\documents and settings\Fritz Eyok\Local Settings\Application Data\Babylon
2009-04-13 12:11 . 2009-04-24 22:28 -------- d-----w c:\documents and settings\Fritz Eyok\Application Data\Babylon
2009-04-13 12:09 . 2009-04-13 12:09 -------- d-----w c:\documents and settings\All Users\Application Data\Babylon
2009-04-13 12:05 . 2009-04-14 20:09 30 ----a-w c:\windows\BERLITZ.INI
2009-04-13 11:28 . 2009-04-13 11:28 -------- d-----w c:\documents and settings\LocalService\Bureau
2009-04-13 08:35 . 2009-04-14 15:05 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-13 08:35 . 2009-04-13 08:35 -------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2009-04-13 08:35 . 2009-04-13 08:45 -------- d-----w c:\documents and settings\Fritz Eyok\Application Data\Azureus
2009-04-12 19:50 . 2009-04-12 19:50 -------- d-----w c:\documents and settings\Fritz Eyok\Application Data\Auslogics
2009-04-12 19:46 . 2009-04-14 15:04 -------- d-----w c:\documents and settings\Fritz Eyok\Application Data\DMCache
2009-04-12 19:42 . 2005-10-09 00:05 23600 ----a-w c:\windows\system32\drivers\TVICHW32.SYS
2009-04-12 11:49 . 2009-04-12 11:49 -------- d-----w c:\documents and settings\Fritz Eyok\Application Data\fltk.org
2009-04-11 12:31 . 2009-04-11 12:31 -------- d-----w c:\documents and settings\Fritz Eyok\Application Data\Damdai
2009-04-10 23:25 . 2009-04-23 09:33 -------- d-----w c:\documents and settings\Fritz Eyok\Local Settings\Application Data\Deployment
2009-04-10 09:55 . 2001-06-29 16:53 2983 ----a-r c:\windows\system32\net82557.din
2009-04-10 09:55 . 2009-04-10 09:55 -------- d-----w C:\drvrtmp
2009-04-10 09:55 . 2003-01-20 08:46 140288 -c--a-w c:\windows\system32\dllcache\e100b325.sys
2009-04-10 09:55 . 2003-01-20 08:46 140288 ----a-w c:\windows\system32\drivers\e100b325.sys
2009-04-10 09:55 . 2001-07-20 05:40 23040 ----a-w c:\windows\system32\IntelNic.dll
2009-04-10 09:55 . 2001-06-22 09:25 53248 ----a-w c:\windows\system32\Prounstl.exe
2009-04-10 09:53 . 2009-04-10 09:53 -------- d-----w c:\windows\system32\vmm32
2009-04-10 01:40 . 2008-09-01 08:44 8413 ----a-w c:\windows\system32\netnnpcmcia.sys
2009-04-10 01:40 . 2008-09-01 08:44 4117 ----a-w c:\windows\system32\netnnpcmcia.inf
2009-04-10 01:39 . 2008-09-01 08:44 12416 ----a-w c:\windows\system32\netnnusb.sys
2009-04-10 01:39 . 2008-09-01 08:44 3856 ----a-w c:\windows\system32\netnnusb.inf
2009-04-09 17:03 . 2009-04-09 17:03 -------- d--h--w c:\documents and settings\Fritz Eyok\InstallAnywhere
2009-04-09 17:01 . 2008-06-16 13:16 12416 ----a-w c:\windows\system32\drivers\netnnusb.sys
2009-04-07 19:13 . 2009-04-07 19:24 529 ----a-w C:\templateDetails.xml
2009-04-06 22:52 . 2009-04-06 22:52 19 ----a-w c:\windows\SoundConverter.INI
2009-04-05 21:24 . 2009-04-05 21:24 2061 ----a-w c:\windows\system32\iorwdr.fll
2009-04-02 02:23 . 2009-04-10 20:21 128 ----a-w c:\windows\phpdesigner.ini
2009-04-02 02:18 . 2009-04-02 02:18 -------- d-sh--w c:\windows\ftpcache
2009-04-01 23:52 . 2009-04-01 23:52 -------- d-----w c:\documents and settings\Fritz Eyok\Application Data\vlc
2009-04-01 21:09 . 2009-04-20 13:43 -------- d-----w c:\documents and settings\Fritz Eyok\Application Data\gtk-2.0
2009-04-01 20:12 . 2009-04-01 20:12 10 ----a-w c:\windows\popcinfo.dat
2009-04-01 19:52 . 2009-04-01 23:12 -------- d-----w c:\documents and settings\Fritz Eyok\Local Settings\Application Data\Icon Constructor 3
2009-04-01 19:52 . 2009-04-01 19:52 -------- d-----w c:\documents and settings\All Users\Application Data\Icon Constructor 3
2009-04-01 19:45 . 2009-04-01 19:45 -------- d-----w c:\documents and settings\Fritz Eyok\Application Data\Artisteer
2009-04-01 19:43 . 2009-04-01 19:43 -------- d-----w c:\documents and settings\Fritz Eyok\Application Data\AI Internet Solutions
2009-04-01 17:10 . 2006-03-03 08:02 1680896 ----a-w c:\windows\system32\vcl100.bpl
2009-04-01 17:10 . 2008-10-03 11:13 3552664 ----a-w c:\windows\system32\csevalidator.dll
2009-03-30 18:29 . 2009-03-30 18:29 -------- d-----w c:\documents and settings\Fritz Eyok\Application Data\AchrafCherti
2009-03-28 16:28 . 2009-03-28 16:28 -------- d-----w c:\documents and settings\Invité\Local Settings\Application Data\Google
2009-03-28 16:04 . 2009-03-28 16:05 -------- d-----w c:\documents and settings\Invité\.gimp-2.6
2009-03-28 16:04 . 2009-03-28 16:05 -------- d-----w c:\documents and settings\Invité\.gimp-2.6
2009-03-28 16:04 . 2009-03-28 16:04 -------- d-----w c:\documents and settings\Invité\.gegl-0.0
2009-03-28 16:04 . 2009-03-28 16:04 -------- d-----w c:\documents and settings\Invité\.gegl-0.0
2009-03-28 16:03 . 2009-03-28 16:03 -------- d-----w c:\documents and settings\Invité\Application Data\Ahead
2009-03-28 15:34 . 2009-03-28 15:34 70528 ----a-w c:\documents and settings\Invité\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-28 15:30 . 2001-10-16 10:58 8012 ----a-w c:\windows\system32\drivers\TDLPT.SYS
2009-03-28 15:30 . 2001-10-16 10:58 47104 ----a-w c:\windows\system32\TDXMW32.DLL
2009-03-28 15:30 . 2001-05-28 14:30 8864 ----a-w c:\windows\system32\drivers\MARXDEV3.SYS
2009-03-28 15:30 . 2001-05-28 14:30 8864 ----a-w c:\windows\system32\drivers\MARXDEV2.SYS
2009-03-28 15:30 . 2001-05-28 14:30 8864 ----a-w c:\windows\system32\drivers\MARXDEV1.SYS
2009-03-28 15:30 . 2001-05-28 14:29 28448 ----a-w c:\windows\system32\drivers\CBUSB.SYS
2009-03-28 15:30 . 1997-12-23 01:00 5600 ----a-w c:\windows\system\WNASPI32.NT
2009-03-28 15:30 . 1997-12-23 01:00 48128 ----a-w c:\windows\system32\WNASPI32.DLL
2009-03-28 15:30 . 1997-12-23 01:00 4672 ----a-w c:\windows\system\WOWPOST.EXE
2009-03-28 15:30 . 1997-12-23 01:00 23936 ----a-w c:\windows\system32\drivers\ASPI32.SYS
2009-03-28 15:30 . 2001-11-05 10:56 32960 ----a-w c:\windows\system32\drivers\mmrtkrnl.sys
2009-03-28 15:30 . 2009-03-28 15:30 0 ----a-w c:\windows\PROTOCOL.INI
2009-03-28 15:28 . 1999-03-23 08:12 299520 ----a-w c:\windows\uninst.exe
2009-03-28 15:28 . 2009-03-28 15:28 -------- d-----w c:\documents and settings\Fritz Eyok\WINDOWS
2009-03-28 13:12 . 1998-10-29 15:45 306688 ----a-w c:\windows\IsUninst.exe
2009-03-28 12:58 . 2009-03-28 12:58 -------- d-----w c:\documents and settings\Invité\Application Data\vlc
2009-03-28 12:50 . 2009-03-28 12:50 -------- d-----w c:\documents and settings\Invité\Application Data\DivX
2009-03-28 12:40 . 2009-03-28 12:40 -------- d-----w c:\documents and settings\Invité\Local Settings\Application Data\Ahead
2009-03-28 12:40 . 2009-03-28 12:40 -------- d-----w c:\documents and settings\Invité\Application Data\PC Suite
2009-03-28 12:40 . 2009-03-28 12:40 -------- d-----w c:\documents and settings\Invité\Phone Browser
2009-03-27 00:55 . 2009-03-27 00:55 -------- d-----w c:\documents and settings\Fritz Eyok\Local Settings\Application Data\Macromedia

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-24 11:19 . 2009-04-24 11:19 -------- d-----w c:\program files\1964
2009-04-24 09:15 . 2009-04-24 09:15 -------- d-----w c:\program files\Fichiers communs\Adobe
2009-04-23 08:05 . 2009-04-23 08:05 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-23 07:35 . 2009-04-23 07:35 -------- d-----w c:\program files\final burn alpha
2009-04-22 19:47 . 2009-03-23 13:13 -------- d-----w c:\program files\EasyPHP 2.0b1
2009-04-22 19:46 . 2009-04-13 12:09 -------- d-----w c:\program files\Babylon
2009-04-22 19:46 . 2009-04-11 11:16 -------- d-----w c:\program files\Flash Effect SiteBuilder
2009-04-22 19:46 . 2009-01-11 13:58 -------- d-----w c:\program files\DivX
2009-04-22 19:46 . 2009-01-10 23:10 -------- d-----w c:\program files\Dell
2009-04-22 19:43 . 2009-03-24 12:54 -------- d-----w c:\program files\wamp
2009-04-22 19:29 . 2009-04-22 19:13 -------- d-----w c:\program files\xampp
2009-04-22 19:07 . 2009-04-22 19:02 -------- d-----w c:\program files\Project64 1.6
2009-04-20 20:04 . 2009-04-20 20:01 2690 ----a-w C:\UsbFix.txt
2009-04-20 11:23 . 2009-01-11 21:47 70104 ----a-w c:\documents and settings\Fritz Eyok\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-17 12:12 . 2009-04-17 12:11 -------- d-----w c:\program files\UsbFIX
2009-04-16 11:46 . 2009-04-16 11:46 -------- d-----w c:\program files\ElcomSoft
2009-04-15 14:05 . 2009-04-15 14:05 -------- d-----w c:\program files\Trend Micro
2009-04-14 15:05 . 2004-08-05 10:00 558792 ----a-w c:\windows\system32\perfh00C.dat
2009-04-14 15:05 . 2004-08-05 10:00 105078 ----a-w c:\windows\system32\perfc00C.dat
2009-04-14 14:59 . 2009-04-13 12:28 668 ----a-w C:\aaw7boot.log
2009-04-13 08:34 . 2009-04-13 08:34 -------- d-----w c:\program files\Azureus
2009-04-13 02:23 . 2009-04-01 17:10 -------- d-----w c:\program files\HTMLValidatorLite90
2009-04-12 19:49 . 2009-04-12 19:49 -------- d-----w c:\program files\Auslogics
2009-04-12 11:47 . 2008-02-20 07:51 -------- d-----w c:\program files\ePSXe
2009-04-12 11:40 . 2009-01-11 00:30 -------- d-----w c:\program files\OpenOffice.org 3
2009-04-10 20:55 . 2009-01-11 21:15 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-10 01:07 . 2009-04-10 01:07 246 ----a-w C:\BcBtRmv.log
2009-04-09 17:33 . 2009-04-09 17:33 -------- d-----w c:\program files\Beijing xinwei
2009-04-09 17:33 . 2009-01-10 22:29 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-09 17:04 . 2009-04-09 17:03 -------- d-----w c:\program files\DiagMonitor
2009-04-09 17:03 . 2009-04-09 17:03 -------- d--h--w c:\program files\Zero G Registry
2009-04-09 17:01 . 2009-04-09 17:01 -------- d-----w c:\program files\DIFX
2009-04-07 11:36 . 2009-04-07 11:36 -------- d-----w c:\program files\Vyntek
2009-04-01 23:55 . 2009-04-01 19:52 -------- d-----w c:\program files\Icon Constructor 3
2009-04-01 22:58 . 2009-03-24 00:16 -------- d-----w c:\documents and settings\Fritz Eyok\Application Data\dvdcss
2009-04-01 20:13 . 2009-04-01 20:13 -------- d-----w c:\program files\Kwyshell
2009-04-01 17:10 . 2009-04-01 17:10 -------- d-----w c:\program files\Artisteer 2
2009-03-30 18:26 . 2009-03-30 18:26 -------- d-----w c:\program files\Jargon Informatique
2009-03-28 15:29 . 2009-03-28 15:29 -------- d-----w c:\program files\ALCATech
2009-03-28 13:10 . 2009-03-28 13:10 -------- d-----w c:\program files\Visiosonic
2009-03-28 12:59 . 2009-03-28 12:59 -------- d-----w c:\program files\VirtualDJ
2009-03-27 02:43 . 2009-01-10 23:23 -------- d-----w c:\program files\Google
2009-03-25 22:14 . 2009-03-25 22:14 -------- d-----w c:\program files\MySQL
2009-03-25 14:36 . 2009-03-25 14:36 2048 ----a-w C:\Program FilesEasyPHP 2.0b1wwwjoomla
2009-03-24 13:56 . 2009-03-23 13:22 -------- d-----w c:\documents and settings\Fritz Eyok\Application Data\Ahead
2009-03-24 13:36 . 2009-01-12 23:32 -------- d-----w c:\program files\DesktopEarth
2009-03-24 00:05 . 2009-03-24 00:05 2048 ----a-w C:\Program FilesEasyPHP 2.0b1wwwdrupal
2009-03-23 23:11 . 2009-03-23 11:05 -------- d-----w c:\program files\Macromedia
2009-03-23 21:42 . 2009-03-23 15:17 -------- d-----w c:\documents and settings\Fritz Eyok\Application Data\Notepad++
2009-03-23 15:17 . 2009-03-23 15:17 -------- d-----w c:\program files\Notepad++
2009-03-23 13:46 . 2009-03-23 13:09 -------- d-----w c:\program files\RegCleaner
2009-03-23 13:40 . 2009-03-23 13:17 -------- d-----w c:\program files\Fichiers communs\Ahead
2009-03-23 13:17 . 2009-03-23 13:17 -------- d-----w c:\program files\Nero
2009-03-23 11:15 . 2009-01-12 23:35 -------- d-----w c:\program files\Dactylo
2009-03-23 11:12 . 2009-03-23 11:05 -------- d-----w c:\program files\Fichiers communs\Macromedia
2009-03-23 08:48 . 2009-03-23 08:48 -------- d-----w c:\documents and settings\Fritz Eyok\Application Data\OpenOffice.org
2009-03-23 08:47 . 2009-03-23 08:47 -------- d-----w c:\documents and settings\Fritz Eyok\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-03-23 08:41 . 2009-01-10 23:27 -------- d-----w c:\program files\Foxit Software
2009-03-23 08:40 . 2009-01-12 19:35 -------- d-----w c:\program files\VisualTaskTips
2009-03-23 08:35 . 2009-01-12 23:13 -------- d--h--w c:\program files\InstallJammer Registry
2009-03-23 08:26 . 2009-01-12 23:18 -------- d-----w c:\program files\Crimson Editor
2009-03-23 08:14 . 2009-01-11 12:55 -------- d-----w c:\program files\Nvu
2009-03-19 09:31 . 2009-03-19 09:31 -------- d-----w c:\program files\SuperCopier2
2009-03-10 19:47 . 2009-01-11 15:40 -------- d-----w c:\documents and settings\Fritz Eyok\Application Data\GlarySoft
2009-03-10 19:45 . 2009-01-11 00:09 -------- d-----w c:\program files\Glary Utilities
2009-02-20 08:10 . 2006-03-04 03:35 670208 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:10 . 2004-08-05 10:00 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 14:05 . 2004-08-05 10:00 1846912 ----a-w c:\windows\system32\win32k.sys
2009-02-03 19:58 . 2004-08-05 10:00 56832 ----a-w c:\windows\system32\secur32.dll
2009-01-12 02:02 . 2009-01-11 14:37 311016 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-10 39408]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-25 118784]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Babylon Client"="c:\program files\Babylon\Babylon.exe" [2004-11-28 2154496]
"EasyPHP"="c:\program files\EasyPHP 2.0b1\EasyPHP.exe" [2006-11-19 176128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uOODBS

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"IgfxTray"=c:\windows\system32\igfxtray.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Broadcom Wireless Manager UI"=c:\windows\system32\WLTRAY.exe
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_11\\bin\\java.exe"=
"c:\\Documents and Settings\\Fritz Eyok\\Local Settings\\Apps\\2.0\\CQLJWWRV.WMZ\\19YXRVYX.0G5\\2dff..tion_fcdf29b345c9098a_0001.0000_89b83da73a004bb4\\2DF FreePlay Client.exe"=
"c:\\Documents and Settings\\Fritz Eyok\\Application Data\\Damdai\\2DF\\FreePlay\\freeplay_emu.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\GIMP-2.0\\lib\\gimp\\2.0\\plug-ins\\script-fu.exe"=
"c:\\Program Files\\xampp\\mysql\\bin\\mysqld.exe"=

R2 Apache2.2;Apache2.2;c:\program files\xampp\apache\bin\apache.exe [2008-12-09 24636]
R2 XAMPP;XAMPP Service; [x]
R3 XinweiIad;Xinwei Networks Modem;c:\windows\system32\DRIVERS\netnnusb.sys [2008-06-16 12416]
S2 MarxDev1;MarxDev1; [x]
S2 MarxDev2;MarxDev2; [x]
S2 MarxDev3;MarxDev3; [x]


--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv
.
Contenu du dossier 'Tâches planifiées'

2009-04-25 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-01-11 16:10]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-FrameWorkService - (no file)
HKLM-Run-FrameWorkService - (no file)


.
------- Examen supplémentaire -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
FF - ProfilePath - c:\documents and settings\Fritz Eyok\Application Data\Mozilla\Firefox\Profiles\k5devd19.default\
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-25 21:43
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/Program Files/xampp/mysql/bin/mysqld-shareware.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\FRITZE~1\LOCALS~1\Temp\mc21.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/Program Files/xampp/mysql/bin/mysqld-shareware.exe"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="3A7C08233A2011A76CF91E6C29B35AB68D7C7DDE5967F35F1B1A31EE2B4FF1D9F70F6387372A836E64C83B5FB23170DB4FFE1372227B794EECDB7477E2F1FCE52C3D69F377CE724B6AF79DD633B2305883B7502AACC3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79335D575E7D6A3B9808A6171C11EC38DE3D3C0EA7F97C48793E6B29B15DA2E7DE596E69B52191831E0B151B1BAEA720BB10CF7C8292F095D0B1F56453D68E3F016B5E761AEA01B6C219C96E3020AEA3EC3C1BF2BBB4CD1E9E4EDD7B7BEE0F96F32120CD62C0215A0D551979870FFB1EDAD8A7F55BEE899DCB7991C83C898ECB3D0CA4395002718E3D1A1A972DF1C48E25264F155B712D1675FD52A81FB40D00949EB308953409B4CB23B5A922E7D4389DCA4360A813D8CC6B8AB1FD9C1D1D9A692FE48DDB7C0D75E28FAD935C308726CD4F866CA64E3D4A33329C2E2597E545DCFA279E3F29BBBADFE512BB4431CDA0F02270D1AA3FA15B03E84D221C9923EDC2213C964E286435D60DCA8EB673ADBBF493ADAC7E2A6093490BD447573E244627A33AD48E0FEA560D5212FA8423C0C77FD9BE1F617366442757181022454C45456B8A3C7814C9567EE5F7F5F391B360E78DF5CC0424388AEEEED0F23B9013A511C26AB275950BB0D85BDD753D3347DF372D7A5E8C6C69BF2B598A6757270264ADD9EBA1E791CF23FD2C7BF68DA1D1E5AF184A80161DA688188026EC9BB43A44F6C375FA232C4CB284345B790699BC58C416B4E3AC2C2D482431D984A4076E4AF777402E6FAD49A4B8B45C7FBA7B845E1BCF5B3D55334E2776A0ACB38012664274525A330981A20597D0319235CC3BE3915138450370729466E37C0532EB7D3A6011A4059E38C72353115FBC73370699B50E9638224592C00175798430D02103E5D7D622D405BD12D363438E65859CF2CC5A95570F38BC2086B328C4679D5733E230F88CC4401D2933168C9AEF2B4E294CEF2AE61CF214ECEAE0E25B35D735A6688269CB79E51203BE5F3B7AED3A7B38E0EB9A301043CE23D62354626C23E678BB20D86AF396DCFDFAD528C82AED995F69D004FEA41C3685A7067EF756CDAA8D573CCF762614D03F1D77FD2466A132A27A02552588112A186D7636BAAB43560AE7EC2502F9C757AD10A4B931D857614B5B4953755BDE1B246DC824549B1ACE5A4F2F08A5CB3E6C7272213019A8B35A650755144AB56190361E3144EBC986102A22E17AFA6925A0FE96140704F37EE040ACB785FEA19BA4212E4B69AF4EE4A9ECAB48522098531806828C3A25CBA64EF0B0E3E5F49AB184F8FD16B5513333BED96889B8B812BE0A7DF079962E343C104F2BB5499115EF749620F1A307769307E78AB12B6AFE82C420D12F4056"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(920)
c:\windows\System32\BCMLogon.dll
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
Heure de fin: 2009-04-25 21:45
ComboFix-quarantined-files.txt 2009-04-25 20:45

Avant-CF: 22 929 080 320 octets libres
Après-CF: 23 069 454 336 octets libres

272 --- E O F --- 2009-04-23 21:13