TROJ_Generic.DIT / FAUX VIRUS ???

Logfile of random's system information tool 1.06 (written by random/random)
Run by Bastien at 2009-05-04 13:14:28
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 63 GB (87%) free of 72 GB
Total RAM: 767 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:14:41, on 04/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Bastien\Bureau\RSIT.exe
C:\Program Files\trend micro\Bastien.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:\APPS\IE\offline\fr.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Composant de commande centrale Trend Micro (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

Voici le scan,


ComboFix 09-05-03.6 - Bastien 04/05/2009 23:36.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.767.505 [GMT 2:00]
Lancé depuis: c:\documents and settings\Bastien\Bureau\ComboFix.exe
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated)
FW: Pare-feu personnel de Trend Micro *disabled*
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\MabryObj.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-04 au 2009-05-04 ))))))))))))))))))))))))))))))))))))
.

2009-05-04 17:00 . 2009-05-04 17:00 -------- d-sh--w c:\documents and settings\Jessy\IECompatCache
2009-05-04 17:00 . 2009-05-04 17:00 -------- d-sh--w c:\documents and settings\Jessy\PrivacIE
2009-05-04 16:55 . 2009-05-04 16:55 -------- d-----w c:\documents and settings\Propriétaire
2009-05-04 16:51 . 2006-11-29 11:06 3426072 ----a-w c:\windows\system32\d3dx9_32.dll
2009-05-04 16:50 . 2009-05-04 16:50 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-05-04 16:50 . 2009-05-04 19:28 -------- d-----w c:\documents and settings\Jessy\Contacts
2009-05-04 16:50 . 2009-05-04 16:50 -------- dc----w c:\windows\system32\DRVSTORE
2009-05-04 16:47 . 2009-05-04 16:48 -------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller
2009-05-04 16:47 . 2009-05-04 16:51 -------- d-----w c:\program files\Windows Live
2009-05-04 16:47 . 2009-05-04 16:47 -------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2009-05-04 16:37 . 2009-05-04 16:37 -------- d-----w c:\documents and settings\Jessy\Local Settings\Application Data\Mozilla
2009-05-04 16:36 . 2009-05-04 16:36 25432 ----a-w c:\documents and settings\Jessy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-04 16:36 . 2009-05-04 16:36 -------- d-sh--w c:\documents and settings\Jessy\IETldCache
2009-05-04 16:31 . 2009-05-04 16:31 -------- d-----w c:\windows\system32\LogFiles
2009-05-04 11:14 . 2009-05-04 11:14 -------- d-----w C:\rsit

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 11:14 . 2009-05-03 17:12 -------- d-----w c:\program files\Trend Micro
2009-05-04 06:43 . 2009-05-03 17:36 -------- d-----w c:\program files\ATI
2009-05-03 21:56 . 2009-05-03 21:56 -------- d-----w c:\program files\Virtual CD v4 SDK
2009-05-03 21:56 . 2009-05-03 21:56 -------- d-----w c:\program files\Viewpoint
2009-05-03 21:56 . 2009-05-03 21:56 -------- d-----w c:\program files\Sonic
2009-05-03 21:56 . 2009-05-03 21:56 -------- d-----w c:\program files\Services en ligne
2009-05-03 21:56 . 2009-05-03 21:56 -------- d-----w c:\program files\S3Inc
2009-05-03 21:56 . 2009-05-03 21:56 -------- d-----w c:\program files\Real
2009-05-03 21:56 . 2009-05-03 21:56 -------- d-----w c:\program files\QuickTime
2009-05-03 21:56 . 2009-05-03 21:56 -------- d-----w c:\program files\Nullsoft
2009-05-03 21:56 . 2009-05-03 21:55 -------- d-----w c:\program files\Microsoft Works
2009-05-03 21:55 . 2009-05-03 21:55 -------- d-----w c:\program files\microsoft frontpage
2009-05-03 21:55 . 2009-05-03 21:55 -------- d-----w c:\program files\Fichiers communs\xing shared
2009-05-03 17:12 . 2002-09-30 10:49 48616 ----a-w c:\windows\system32\perfc00C.dat
2009-05-03 17:12 . 2002-09-30 10:49 367658 ----a-w c:\windows\system32\perfh00C.dat
2009-05-03 16:36 . 2002-09-30 11:03 76487 ----a-w c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-05-03 16:11 . 2009-05-03 16:11 25432 ----a-w c:\documents and settings\Bastien\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-03 15:12 . 2009-05-03 15:12 -------- d-----w c:\program files\Alwil Software
2009-03-08 02:34 . 2002-09-30 10:49 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 02:34 . 2002-09-30 10:49 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 02:33 . 2002-09-30 10:48 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 02:33 . 2002-09-30 10:49 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 02:32 . 2002-09-30 10:48 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 02:32 . 2002-09-30 10:49 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 02:31 . 2002-09-30 10:49 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 02:31 . 2002-09-30 10:49 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 02:31 . 2002-09-30 10:49 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 02:22 . 2002-09-30 10:49 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:20 . 2002-09-30 10:49 286720 ----a-w c:\windows\system32\pdh.dll
2009-02-25 22:58 . 2004-08-19 22:53 3565568 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2009-02-25 21:42 . 2009-02-25 21:42 442368 ----a-w c:\windows\system32\ATIDEMGX.dll
2009-02-25 21:41 . 2004-08-19 23:09 325120 ----a-w c:\windows\system32\ati2dvag.dll
2009-02-25 21:30 . 2009-02-25 21:30 11841536 ----a-w c:\windows\system32\atioglxx.dll
2009-02-25 21:30 . 2009-02-25 21:30 204800 ----a-w c:\windows\system32\atipdlxx.dll
2009-02-25 21:29 . 2009-02-25 21:29 155648 ----a-w c:\windows\system32\Oemdspif.dll
2009-02-25 21:29 . 2009-02-25 21:29 26112 ----a-w c:\windows\system32\Ati2mdxx.exe
2009-02-25 21:29 . 2009-02-25 21:29 43520 ----a-w c:\windows\system32\ati2edxx.dll
2009-02-25 21:29 . 2009-02-25 21:29 155648 ----a-w c:\windows\system32\ati2evxx.dll
2009-02-25 21:27 . 2009-02-25 21:27 602112 ----a-w c:\windows\system32\ati2evxx.exe
2009-02-25 21:26 . 2009-02-25 21:26 53248 ----a-w c:\windows\system32\ATIDDC.DLL
2009-02-25 21:16 . 2004-08-19 23:09 3817984 ----a-w c:\windows\system32\ati3duag.dll
2009-02-25 21:09 . 2009-02-25 21:09 307200 ----a-w c:\windows\system32\atiiiexx.dll
2009-02-25 20:59 . 2004-08-19 23:09 2670080 ----a-w c:\windows\system32\ativvaxx.dll
2009-02-25 20:58 . 2009-02-25 20:58 887724 ----a-w c:\windows\system32\ativva6x.dat
2009-02-25 20:58 . 2009-02-25 20:58 3107788 ----a-w c:\windows\system32\ativva5x.dat
2009-02-25 20:44 . 2009-02-25 20:44 49664 ----a-w c:\windows\system32\amdpcom32.dll
2009-02-25 20:40 . 2009-02-25 20:40 475136 ----a-w c:\windows\system32\atikvmag.dll
2009-02-25 20:38 . 2009-02-25 20:38 126976 ----a-w c:\windows\system32\atiadlxx.dll
2009-02-25 20:38 . 2009-02-25 20:38 17408 ----a-w c:\windows\system32\atitvo32.dll
2009-02-25 20:37 . 2009-02-25 20:37 53248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-02-25 20:35 . 2009-02-25 20:35 290816 ----a-w c:\windows\system32\atiok3x2.dll
2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\system32\aticalrt.dll
2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\system32\aticalcl.dll
2009-02-25 20:32 . 2004-08-19 23:09 626688 ----a-w c:\windows\system32\ati2cqag.dll
2009-02-25 20:30 . 2009-02-25 20:30 3227648 ----a-w c:\windows\system32\aticaldd.dll
2009-02-25 13:15 . 2009-05-03 17:35 593920 ------w c:\windows\system32\ati2sgag.exe
2009-02-10 17:06 . 2002-08-29 09:42 2068096 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 14:05 . 2002-09-30 10:49 1846912 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:24 . 2002-09-30 10:49 2191104 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:23 . 2002-09-30 10:49 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:53 . 2002-09-30 10:49 735744 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:53 . 2004-04-05 11:17 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:53 . 2002-09-30 10:49 739840 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:53 . 2002-09-30 10:48 685568 ----a-w c:\windows\system32\advapi32.dll
2009-02-06 10:39 . 2002-09-30 10:49 35328 ----a-w c:\windows\system32\sc.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
"VCSPlayer"="c:\program files\Virtual CD v4 SDK\system\vcsplay.exe" [2003-08-13 299008]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-29 1398024]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2003-05-07 36864]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-08-14 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2008-03-07 52240]
R3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2008-03-14 488768]
R3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2008-03-14 648456]
S1 Asapi;Asapi; [x]
S1 vcsmpdrv;vcsmpdrv;c:\windows\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 49024]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2008-08-16 36368]
S2 VCSSecS;Virtual CD v4 Security service (SDK - Version);c:\program files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 139264]
S3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\DRIVERS\TM_CFW.sys [2008-03-07 333328]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'

2009-05-03 c:\windows\Tasks\Rappel d'enregistrement 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2002-09-30 02:34]

2009-05-03 c:\windows\Tasks\Rappel d'enregistrement 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2002-09-30 02:34]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-Sonic RecordNow! - (no file)
HKLM-Run-CleanEasyImg - c:\apps\easydvd\cleanall.exe


.
------- Examen supplémentaire -------
.
uStart Page = file://c:\apps\IE\offline\fr.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Bastien\Application Data\Mozilla\Firefox\Profiles\3d9e2ndw.default\
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-04 23:37
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(924)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-05-04 23:38
ComboFix-quarantined-files.txt 2009-05-04 21:38

Avant-CF: 65 505 763 328 octets libres
Après-CF: 65 599 328 256 octets libres

173 --- E O F --- 2009-05-03 19:59

oui bien sur :)

Logfile of random's system information tool 1.06 (written by random/random)
Run by Bastien at 2009-05-05 12:14:05
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 62 GB (87%) free of 72 GB
Total RAM: 767 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:14, on 05/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Documents and Settings\Bastien\Bureau\RSIT.exe
C:\Program Files\trend micro\Bastien.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:\APPS\IE\offline\fr.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Composant de commande centrale Trend Micro (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

[b]SDFix: Version 1.240 [/b]
Run by Bastien on 05/05/2009 at 23:01

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-05 23:08:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Mon 5 Apr 2004 193 A.SHR --- "C:\BOOT.BAK"
Mon 4 Aug 2003 49,221 A..H. --- "C:\Program Files\AOL 8.0\aolphx.exe"
Mon 4 Aug 2003 36,937 A..H. --- "C:\Program Files\AOL 8.0\aoltray.exe"
Mon 4 Aug 2003 40,960 A..H. --- "C:\Program Files\AOL 8.0\RBM.exe"
Mon 4 Aug 2003 237,633 A..H. --- "C:\Program Files\AOL 8.0\waol.exe"
Mon 4 Aug 2003 49,223 A..H. --- "C:\Program Files\AOL 8.0\COMIT\cswitch.exe"
Mon 9 Feb 2009 36,218,232 ...H. --- "C:\Documents and Settings\Jessy\Local Settings\temp\BIT8.tmp"
Mon 4 Aug 2003 106,496 A..H. --- "C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll"

[b]Finished![/b]

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2083
Windows 5.1.2600 Service Pack 3

06/05/2009 19:58:22
mbam-log-2009-05-06 (19-58-22).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 138118
Temps écoulé: 46 minute(s), 19 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

voici en mode sans echec


Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2083
Windows 5.1.2600 Service Pack 3

06/05/2009 20:50:11
mbam-log-2009-05-06 (20-50-11).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 138458
Temps écoulé: 47 minute(s), 20 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:72214 Mo/Free:3194 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

07/05/2009|12:43

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
---------- C:\WINDOWS\system32\slserv.exe
---------- C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
---------- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
---------- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\SOUNDMAN.EXE
---------- C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
---------- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
---------- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Messenger\msmsgs.exe
---------- C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - 07/05/2009|12:44

----------------------\\ Scan completed at 12:44

Malheureusement il le trouve tjs :(

Dsl pour l'absence,

voici le rapport :

ComboFix 09-05-11.01 - Bastien 11/05/2009 20:47.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.767.427 [GMT 2:00]
Lancé depuis: c:\documents and settings\Bastien\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Bastien\Bureau\CFScript.txt..txt
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated)
FW: Pare-feu personnel de Trend Micro *disabled*

FILE ::
c:\windows\[u]0/u05004_.tmp
c:\windows\System32\DRIVERS\slntamr.sys
c:\windows\System32\DRIVERS\SlWdmSup.sys
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\icon.ico
c:\windows\System32\DRIVERS\slntamr.sys
c:\windows\System32\DRIVERS\SlWdmSup.sys
.
---- Exécution préalable -------
.
c:\windows\[u]0/u05004_.tmp
c:\windows\System32\DRIVERS\slntamr.sys
c:\windows\System32\DRIVERS\SlWdmSup.sys

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SLWDMSUP
-------\Service_Slntamr
-------\Service_SlWdmSup
-------\Legacy_SLWDMSUP


((((((((((((((((((((((((((((( Fichiers créés du 2009-04-11 au 2009-05-11 ))))))))))))))))))))))))))))))))))))
.

2009-05-11 17:47 . 2009-05-11 17:47 -------- d-----w c:\documents and settings\Bastien\Local Settings\Application Data\Stardock
2009-05-11 17:45 . 2009-05-11 17:46 -------- d-----w c:\program files\Stardock
2009-05-11 17:45 . 2009-05-11 17:45 -------- d-----w c:\program files\Fichiers communs\Stardock
2009-05-11 17:45 . 2009-05-11 17:45 -------- dc-h--w c:\documents and settings\All Users\Application Data\{B159C29F-4EA9-4DB1-AB62-6E36285A00B0}
2009-05-10 16:21 . 2009-05-10 16:21 -------- d-----w c:\documents and settings\Jessy\Local Settings\Application Data\Microsoft Help
2009-05-10 15:10 . 2009-05-10 15:10 -------- d-----w c:\documents and settings\Jessy\Application Data\AdobeUM
2009-05-10 15:10 . 2009-05-10 15:10 -------- d-----w c:\documents and settings\Jessy\Local Settings\Application Data\Adobe
2009-05-08 19:12 . 2009-05-08 19:12 -------- d-----w c:\windows\system32\Auralog
2009-05-08 18:20 . 2004-08-04 05:41 13240 ----a-w c:\windows\system32\dllcache\slwdmsup.sys
2009-05-08 18:20 . 2004-08-04 05:41 404990 ----a-w c:\windows\system32\dllcache\slntamr.sys
2009-05-08 12:33 . 2008-04-14 02:33 221184 ----a-w c:\windows\system32\wmpns.dll
2009-05-08 09:52 . 2009-05-08 12:46 -------- d-----w c:\documents and settings\Bastien\Application Data\LimeWire
2009-05-08 09:51 . 2009-03-09 03:19 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-08 09:51 . 2009-05-08 18:30 -------- d-----w c:\program files\Java
2009-05-08 09:49 . 2009-05-08 09:52 -------- d-----w c:\program files\LimeWire
2009-05-07 10:42 . 2009-05-07 10:44 -------- d-----w C:\Rooter$
2009-05-06 16:50 . 2009-05-06 16:50 -------- d-----w c:\documents and settings\Bastien\Application Data\Malwarebytes
2009-05-06 16:50 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-06 16:50 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-06 16:50 . 2009-05-06 16:50 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-06 16:50 . 2009-05-06 16:50 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-06 10:50 . 2009-05-06 10:50 -------- d-----w c:\documents and settings\Bastien\Application Data\AdobeUM
2009-05-06 10:50 . 2009-05-06 10:50 -------- d-----w c:\documents and settings\Bastien\Local Settings\Application Data\Adobe
2009-05-06 10:50 . 2009-05-06 10:50 -------- d-----w c:\program files\Fichiers communs\Adobe
2009-05-05 21:00 . 2009-05-05 21:00 579584 ----a-w c:\windows\system32\dllcache\user32.dll
2009-05-05 20:59 . 2009-05-05 20:59 -------- d-----w c:\windows\ERUNT
2009-05-05 20:55 . 2009-05-05 21:09 -------- d-----w C:\SDFix
2009-05-05 11:18 . 2006-10-26 17:56 32592 ----a-w c:\windows\system32\msonpmon.dll
2009-05-05 11:16 . 2009-05-05 11:16 -------- d-----w c:\program files\MSBuild
2009-05-05 11:09 . 2009-05-05 11:15 -------- d-----w c:\windows\SHELLNEW
2009-05-05 11:08 . 2009-05-05 11:08 -------- d-----w c:\documents and settings\Bastien\Local Settings\Application Data\Microsoft Help
2009-05-05 11:08 . 2009-05-10 16:21 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-05 11:07 . 2009-05-05 11:07 -------- d--h--r C:\MSOCache
2009-05-05 06:46 . 2008-10-16 12:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-05-05 06:46 . 2008-10-16 12:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-05-04 17:00 . 2009-05-04 17:00 -------- d-sh--w c:\documents and settings\Jessy\IECompatCache
2009-05-04 17:00 . 2009-05-04 17:00 -------- d-sh--w c:\documents and settings\Jessy\PrivacIE
2009-05-04 16:55 . 2009-05-04 16:55 -------- d-----w c:\documents and settings\Propriétaire
2009-05-04 16:51 . 2006-11-29 11:06 3426072 ----a-w c:\windows\system32\d3dx9_32.dll
2009-05-04 16:50 . 2009-05-04 16:50 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-05-04 16:50 . 2009-05-04 19:28 -------- d-----w c:\documents and settings\Jessy\Contacts
2009-05-04 16:50 . 2009-05-04 16:50 -------- dc----w c:\windows\system32\DRVSTORE
2009-05-04 16:47 . 2009-05-04 16:48 -------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller
2009-05-04 16:47 . 2009-05-06 12:08 -------- d-----w c:\program files\Windows Live
2009-05-04 16:47 . 2009-05-04 16:47 -------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2009-05-04 16:37 . 2009-05-04 16:37 -------- d-----w c:\documents and settings\Jessy\Local Settings\Application Data\Mozilla
2009-05-04 16:36 . 2009-05-09 12:01 69688 ----a-w c:\documents and settings\Jessy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-04 16:36 . 2009-05-04 16:36 -------- d-sh--w c:\documents and settings\Jessy\IETldCache
2009-05-04 16:31 . 2009-05-04 16:31 -------- d-----w c:\windows\system32\LogFiles
2009-05-04 11:14 . 2009-05-04 11:14 -------- d-----w C:\rsit

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-05 20:24 . 2002-09-30 10:49 49494 ----a-w c:\windows\system32\perfc00C.dat
2009-05-05 20:24 . 2002-09-30 10:49 370414 ----a-w c:\windows\system32\perfh00C.dat
2009-05-05 11:16 . 2009-05-03 21:55 -------- d-----w c:\program files\Microsoft Works
2009-05-05 10:14 . 2009-05-03 17:12 -------- d-----w c:\program files\Trend Micro
2009-05-04 06:43 . 2009-05-03 17:36 -------- d-----w c:\program files\ATI
2009-05-03 21:56 . 2009-05-03 21:56 -------- d-----w c:\program files\Virtual CD v4 SDK
2009-05-03 21:56 . 2009-05-03 21:56 -------- d-----w c:\program files\Viewpoint
2009-05-03 21:56 . 2009-05-03 21:56 -------- d-----w c:\program files\Sonic
2009-05-03 21:56 . 2009-05-03 21:56 -------- d-----w c:\program files\Services en ligne
2009-05-03 21:56 . 2009-05-03 21:56 -------- d-----w c:\program files\S3Inc
2009-05-03 21:56 . 2009-05-03 21:56 -------- d-----w c:\program files\Real
2009-05-03 21:56 . 2009-05-03 21:56 -------- d-----w c:\program files\QuickTime
2009-05-03 21:56 . 2009-05-03 21:56 -------- d-----w c:\program files\Nullsoft
2009-05-03 21:55 . 2009-05-03 21:55 -------- d-----w c:\program files\microsoft frontpage
2009-05-03 21:55 . 2009-05-03 21:55 -------- d-----w c:\program files\Fichiers communs\xing shared
2009-05-03 16:36 . 2002-09-30 11:03 76487 ----a-w c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-05-03 16:11 . 2009-05-03 16:11 25432 ----a-w c:\documents and settings\Bastien\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-03 15:12 . 2009-05-03 15:12 -------- d-----w c:\program files\Alwil Software
2009-03-06 14:20 . 2002-09-30 10:49 286720 ----a-w c:\windows\system32\pdh.dll
2009-02-25 22:58 . 2004-08-19 22:53 3565568 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2009-02-25 21:42 . 2009-02-25 21:42 442368 ----a-w c:\windows\system32\ATIDEMGX.dll
2009-02-25 21:41 . 2004-08-19 23:09 325120 ----a-w c:\windows\system32\ati2dvag.dll
2009-02-25 21:30 . 2009-02-25 21:30 11841536 ----a-w c:\windows\system32\atioglxx.dll
2009-02-25 21:30 . 2009-02-25 21:30 204800 ----a-w c:\windows\system32\atipdlxx.dll
2009-02-25 21:29 . 2009-02-25 21:29 155648 ----a-w c:\windows\system32\Oemdspif.dll
2009-02-25 21:29 . 2009-02-25 21:29 26112 ----a-w c:\windows\system32\Ati2mdxx.exe
2009-02-25 21:29 . 2009-02-25 21:29 43520 ----a-w c:\windows\system32\ati2edxx.dll
2009-02-25 21:29 . 2009-02-25 21:29 155648 ----a-w c:\windows\system32\ati2evxx.dll
2009-02-25 21:27 . 2009-02-25 21:27 602112 ----a-w c:\windows\system32\ati2evxx.exe
2009-02-25 21:26 . 2009-02-25 21:26 53248 ----a-w c:\windows\system32\ATIDDC.DLL
2009-02-25 21:16 . 2004-08-19 23:09 3817984 ----a-w c:\windows\system32\ati3duag.dll
2009-02-25 21:09 . 2009-02-25 21:09 307200 ----a-w c:\windows\system32\atiiiexx.dll
2009-02-25 20:59 . 2004-08-19 23:09 2670080 ----a-w c:\windows\system32\ativvaxx.dll
2009-02-25 20:58 . 2009-02-25 20:58 887724 ----a-w c:\windows\system32\ativva6x.dat
2009-02-25 20:58 . 2009-02-25 20:58 3107788 ----a-w c:\windows\system32\ativva5x.dat
2009-02-25 20:44 . 2009-02-25 20:44 49664 ----a-w c:\windows\system32\amdpcom32.dll
2009-02-25 20:40 . 2009-02-25 20:40 475136 ----a-w c:\windows\system32\atikvmag.dll
2009-02-25 20:38 . 2009-02-25 20:38 126976 ----a-w c:\windows\system32\atiadlxx.dll
2009-02-25 20:38 . 2009-02-25 20:38 17408 ----a-w c:\windows\system32\atitvo32.dll
2009-02-25 20:37 . 2009-02-25 20:37 53248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-02-25 20:35 . 2009-02-25 20:35 290816 ----a-w c:\windows\system32\atiok3x2.dll
2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\system32\aticalrt.dll
2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\system32\aticalcl.dll
2009-02-25 20:32 . 2004-08-19 23:09 626688 ----a-w c:\windows\system32\ati2cqag.dll
2009-02-25 20:30 . 2009-02-25 20:30 3227648 ----a-w c:\windows\system32\aticaldd.dll
2009-02-25 13:15 . 2009-05-03 17:35 593920 ------w c:\windows\system32\ati2sgag.exe
2009-02-20 08:10 . 2002-09-30 10:49 670208 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:10 . 2009-05-03 17:05 81920 ----a-w c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-04_21.37.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-26 11:40 . 2006-10-26 11:40 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll
+ 2006-10-26 11:40 . 2006-10-26 11:40 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll
+ 2006-10-26 11:40 . 2006-10-26 11:40 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll
+ 2006-10-26 11:40 . 2006-10-26 11:40 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll
+ 2006-10-26 11:40 . 2006-10-26 11:40 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll
+ 2006-10-26 11:40 . 2006-10-26 11:40 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll
+ 2006-10-26 11:40 . 2006-10-26 11:40 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll
+ 2006-10-26 11:40 . 2006-10-26 11:40 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll
+ 2006-10-26 11:40 . 2006-10-26 11:40 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll
+ 2006-10-26 11:40 . 2006-10-26 11:40 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll
+ 2006-10-26 11:40 . 2006-10-26 11:40 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll
+ 2006-10-26 11:40 . 2006-10-26 11:40 95744 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
+ 2009-05-11 18:50 . 2009-05-11 18:50 16384 c:\windows\temp\Perflib_Perfdata_24c.dat
+ 2008-05-02 07:52 . 2008-05-02 07:52 42672 c:\windows\system32\wbsys.dll
+ 2008-03-12 14:11 . 2008-03-12 14:11 59056 c:\windows\system32\wbload.dll
+ 2006-07-24 08:50 . 2006-07-24 08:50 47920 c:\windows\system32\VBAME.DLL
+ 2002-09-30 10:49 . 2008-04-14 02:33 37888 c:\windows\system32\url.dll
+ 2009-05-05 11:18 . 2006-10-26 17:56 33104 c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
+ 2009-05-05 11:18 . 2006-10-26 17:56 67408 c:\windows\system32\spool\drivers\w32x86\msonpui.dll
+ 2009-05-05 11:18 . 2006-10-26 17:56 67408 c:\windows\system32\spool\drivers\w32x86\3\msonpui.dll
+ 2006-07-24 08:50 . 2006-07-24 08:50 39728 c:\windows\system32\SCP32.DLL
+ 2002-09-30 10:49 . 2008-04-14 02:33 39424 c:\windows\system32\pngfilt.dll
+ 2002-09-30 10:49 . 2009-05-05 20:24 40836 c:\windows\system32\perfc009.dat
+ 2002-09-30 10:49 . 2008-04-14 02:33 97280 c:\windows\system32\occache.dll
+ 2002-09-30 10:49 . 2008-04-14 01:56 57344 c:\windows\system32\mshtmler.dll
+ 2002-09-30 10:49 . 2008-04-14 02:34 29184 c:\windows\system32\mshta.exe
- 2009-05-03 13:22 . 2009-05-03 13:22 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-05-03 13:22 . 2009-05-08 18:54 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-05-08 19:11 . 2009-05-08 19:11 89102 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2002-09-30 10:49 . 2008-04-14 02:33 22528 c:\windows\system32\licmgr10.dll
+ 2002-09-30 10:49 . 2008-04-14 02:33 15872 c:\windows\system32\jsproxy.dll
+ 2002-09-30 10:49 . 2008-04-14 02:33 96768 c:\windows\system32\inseng.dll
+ 2002-09-30 10:49 . 2008-04-14 02:33 35840 c:\windows\system32\imgutil.dll
+ 2002-09-30 10:49 . 2008-04-14 02:33 63488 c:\windows\system32\iesetup.dll
+ 2002-09-30 10:49 . 2008-04-14 02:33 49152 c:\windows\system32\iernonce.dll
+ 2002-09-30 10:49 . 2008-04-14 02:34 34304 c:\windows\system32\ie4uinit.exe
+ 2006-10-26 12:42 . 2006-10-26 12:42 36160 c:\windows\system32\FM20FRA.DLL
+ 2006-10-26 12:10 . 2006-10-26 12:10 33088 c:\windows\system32\FM20ENU.DLL
+ 2009-05-03 17:05 . 2009-02-20 08:10 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2002-09-30 10:48 . 2008-04-14 02:33 35328 c:\windows\system32\corpol.dll
+ 2008-09-17 13:29 . 2008-09-17 13:29 20040 c:\windows\system32\config\systemprofile\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
+ 2009-05-08 19:12 . 2009-05-08 19:12 97160 c:\windows\system32\Auralog\Tmm\RecoConfig.exe
+ 2009-05-08 19:12 . 2009-05-08 19:12 32256 c:\windows\system32\Auralog\Tmm\Aura4.dll
+ 2009-05-08 19:12 . 2009-05-08 19:12 32256 c:\windows\system32\Auralog\Tmm\Aura3.dll
+ 2009-05-08 19:12 . 2009-05-08 19:12 32256 c:\windows\system32\Auralog\Tmm\Aura2.dll
+ 2009-05-08 19:12 . 2009-05-08 19:12 59904 c:\windows\system32\Auralog\Tmm\Asr1602\UTFTOOLS.DLL
+ 2009-05-08 19:12 . 2009-05-08 19:12 28672 c:\windows\system32\Auralog\Tmm\Asr1602\LhAsrBin\tosexe.exe
+ 2009-05-08 19:12 . 2009-05-08 19:12 28672 c:\windows\system32\Auralog\Tmm\Asr1602\LhAsrBin\tos.dll
+ 2009-05-08 19:12 . 2009-05-08 19:12 32768 c:\windows\system32\Auralog\Tmm\Asr1602\LhAsrBin\spe1602.dll
+ 2009-05-08 19:12 . 2009-05-08 19:12 27648 c:\windows\system32\Auralog\Tmm\Asr1602\LhAsrBin\SH22W32.DLL
+ 2009-05-08 19:12 . 2009-05-08 19:12 49152 c:\windows\system32\Auralog\Tmm\Asr1602\LhAsrBin\p2su.dll
+ 2009-05-08 19:12 . 2009-05-08 19:12 69632 c:\windows\system32\Auralog\Tmm\Asr1602\LhAsrBin\p2sp.dll
+ 2009-05-08 19:12 . 2009-05-08 19:12 12288 c:\windows\system32\Auralog\Tmm\Asr1602\LhAsrBin\nameseao.dll
+ 2009-05-08 19:12 . 2009-05-08 19:12 77878 c:\windows\system32\Auralog\Tmm\Asr1602\LhAsrBin\MSVCIRT.DLL
+ 2009-05-08 19:12 . 2009-05-08 19:12 94208 c:\windows\system32\Auralog\Tmm\Asr1602\LhAsrBin\msgramco.dll
+ 2009-05-08 19:12 . 2009-05-08 19:12 24576 c:\windows\system32\Auralog\Tmm\Asr1602\LhAsrBin\exphdecw.dll
+ 2009-05-08 19:12 . 2009-05-08 19:12 20480 c:\windows\system32\Auralog\Tmm\Asr1602\LhAsrBin\exphdeca.dll
+ 2009-05-08 19:12 . 2009-05-08 19:12 36864 c:\windows\system32\Auralog\Tmm\Asr1602\LhAsrBin\encio.dll
+ 2009-05-08 19:12 . 2009-05-08 19:12 12288 c:\windows\system32\Auralog\Tmm\Asr1602\LhAsrBin\debugout.dll
+ 2009-05-08 19:12 . 2009-05-08 19:12 40960 c:\windows\system32\Auralog\Tmm\Asr1602\LhAsrBin\casrapi.dll
+ 2009-05-08 19:12 . 2009-05-08 19:12 36864 c:\windows\system32\Auralog\Tmm\Asr1602\LhAsrBin\binimp.dll
+ 2009-05-08 19:12 . 2009-05-08 19:12 86016 c:\windows\system32\Auralog\Tmm\Asr1602\LhAsrBin\asr1602.dll
+ 2009-05-08 19:12 . 2009-05-08 19:12 12288 c:\windows\system32\Auralog\Tmm\Asr1602\LhAsrBin\1602_exp.dll
+ 2009-05-08 19:12 . 2009-05-08 19:12 81920 c:\windows\system32\Auralog\Tmm\Asr1602\asr3234.dll
+ 2002-09-30 10:48 . 2008-04-14 02:33 61440 c:\windows\system32\admparse.dll
+ 2009-05-05 11:18 . 2009-05-06 07:03 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-05-05 11:18 . 2009-05-06 07:03 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-05-05 11:18 . 2009-05-06 07:03 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-05-05 20:59 . 2009-05-05 20:59 20480 c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0/u0000002\UsrClass.dat
+ 2009-05-05 20:59 . 2009-05-05 20:59 20480 c:\windows\ERUNT\SDFIX\Users\[u]0/u0000002\UsrClass.dat
+ 2009-05-08 19:12 . 2009-05-08 19:12 5927 c:\windows\system32\Auralog\Tmm\Asr1602\Mic1602\asr1602.dat
+ 2009-05-08 19:12 . 2009-05-08 19:12 8192 c:\windows\system32\Auralog\Tmm\Asr1602\LhAsrBin\sharemem.dll
+ 2008-02-01 09:17 . 2008-02-01 09:17 587264 c:\windows\WLXPGSS.SCR
+ 2006-10-26 11:40 . 2006-10-26 11:40 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
+ 2006-10-26 11:40 . 2006-10-26 11:40 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2006-10-26 11:40 . 2006-10-26 11:40 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2008-06-19 16:17 . 2008-06-19 16:17 118960 c:\windows\ThemeMgrInstall.exe
+ 2006-10-26 11:45 . 2006-10-26 11:45 293376 c:\windows\system32\WISPTIS.EXE
+ 2002-09-30 10:49 . 2008-04-14 02:33 281600 c:\windows\system32\webcheck.dll
+ 2002-09-30 10:49 . 2008-05-09 10:55 430080 c:\windows\system32\vbscript.dll
+ 2003-10-17 17:19 . 2009-02-20 08:10 620544 c:\windows\system32\urlmon.dll
+ 2009-05-05 11:18 . 2006-10-26 17:56 864080 c:\windows\system32\spool\drivers\w32x86\msonpdrv.dll
+ 2009-05-05 11:18 . 2006-10-26 17:56 864080 c:\windows\system32\spool\drivers\w32x86\3\msonpdrv.dll
+ 2002-09-30 10:49 . 2009-05-05 20:24 314508 c:\windows\system32\perfh009.dat
+ 2002-09-30 10:49 . 2008-04-14 02:33 532480 c:\windows\system32\mstime.dll
+ 2006-07-24 08:50 . 2006-07-24 08:50 125744 c:\windows\system32\MSSTDFMT.DLL
+ 2002-09-30 10:49 . 2008-04-14 02:33 146432 c:\windows\system32\msrating.dll
+ 2002-09-30 10:49 . 2002-08-30 11:00 146432 c:\windows\system32\msls31.dll
+ 2002-09-30 10:49 . 2008-04-14 02:33 449024 c:\windows\system32\mshtmled.dll
+ 2009-02-03 02:07 . 2009-02-03 02:07 240544 c:\windows\system32\Macromed\Flash\FlashUtil10b.exe
+ 2003-01-13 12:57 . 2008-05-09 10:55 512000 c:\windows\system32\jscript.dll
+ 2009-05-08 18:31 . 2009-03-09 03:19 148888 c:\windows\system32\javaws.exe
+ 2009-05-08 18:31 . 2009-03-09 03:19 144792 c:\windows\system32\javaw.exe
+ 2009-05-08 18:31 . 2009-03-09 03:19 144792 c:\windows\system32\java.exe
+ 2006-10-26 11:45 . 2006-10-26 11:45 207360 c:\windows\system32\INKED.DLL
+ 2002-09-30 10:49 . 2008-04-14 02:33 251904 c:\windows\system32\iepeers.dll
+ 2002-09-30 10:49 . 2008-04-14 02:33 323584 c:\windows\system32\iedkcs32.dll
+ 2002-09-30 10:49 . 2002-08-30 11:00 245760 c:\windows\system32\ieakui.dll
+ 2002-09-30 10:49 . 2008-04-14 02:33 221184 c:\windows\system32\ieaksie.dll
+ 2002-09-30 10:49 . 2008-04-14 02:33 143360 c:\windows\system32\ieakeng.dll
+ 2002-09-30 10:54 . 2009-05-05 11:51 270984 c:\windows\system32\FNTCACHE.DAT
+ 2002-09-30 10:49 . 2008-04-14 02:33 205312 c:\windows\system32\dxtrans.dll
+ 2002-09-30 10:49 . 2008-04-14 02:33 357888 c:\windows\system32\dxtmsft.dll
+ 2009-02-20 08:10 . 2009-02-20 08:10 670208 c:\windows\system32\dllcache\wininet.dll
+ 2008-05-09 10:55 . 2008-05-09 10:55 430080 c:\windows\system32\dllcache\vbscript.dll
+ 2009-02-20 08:10 . 2009-02-20 08:10 620544 c:\windows\system32\dllcache\urlmon.dll
+ 2008-05-09 10:55 . 2008-05-09 10:55 512000 c:\windows\system32\dllcache\jscript.dll
+ 2007-04-04 15:57 . 2007-04-04 15:57 136584 c:\windows\system32\Auralog\Tmm\Tol9Inst.dll
+ 2009-05-08 19:12 . 2009-05-08 19:12 228480 c:\windows\system32\Auralog\Tmm\RecoLh34.dll
+ 2009-05-08 19:12 . 2009-05-08 19:12 336000 c:\windows\system32\Auralog\Tmm\NpTmm9.dll
+ 2009-05-08 19:12 . 2009-05-08 19:12 117760 c:\windows\system32\Auralog\Tmm\Aura1.dll
+ 2009-05-08 19:13 . 2009-05-08 19:13 761856 c:\windows\system32\Auralog\Tmm\Asr1602\Mic1602\lang\Eng_usa\ENUG2P60.DLL
+ 2009-05-08 19:12 . 2009-05-08 19:12 151606 c:\windows\system32\Auralog\Tmm\Asr1602\Lhsasr34.dll
+ 2009-05-08 19:12 . 2009-05-08 19:12 192512 c:\windows\system32\Auralog\Tmm\Asr1602\LhAsrBin\spi1602.dll
+ 2009-05-08 19:12 . 2009-05-08 19:12 184320 c:\windows\system32\Auralog\Tmm\Asr1602\LhAsrBin\grammar.dll
+ 2009-05-08 19:12 . 2009-05-08 19:12 172032 c:\windows\system32\Auralog\Tmm\Asr1602\LhAsrBin\cw3215mt.DLL
+ 2009-05-08 19:12 . 2009-05-08 19:12 143360 c:\windows\system32\Auralog\Tmm\Asr1602\LhAsrBin\clgramco.dll
+ 2009-05-08 19:12 . 2009-05-08 19:12 409600 c:\windows\system32\Auralog\Tmm\Asr1602\LhAsrBin\asrapicl.dll
+ 2002-09-30 10:48 . 2008-04-14 02:33 101888 c:\windows\system32\advpack.dll
+ 2008-03-12 20:11 . 2008-03-12 20:11 102400 c:\windows\sdczip.dll
+ 2009-05-06 12:08 . 2009-05-06 12:08 123008 c:\windows\Installer\{A70FA218-6598-4AC9-813D-63597C5DD068}\WLXPhotoGalleryIcon.exe
+ 2009-05-05 11:08 . 2009-05-05 11:08 217864 c:\windows\Installer\{90120000-006E-040C-0000-0000000FF1CE}\misc.exe
+ 2009-05-05 11:18 . 2009-05-06 07:03 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-05-05 11:18 . 2009-05-06 07:03 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-05-05 11:18 . 2009-05-06 07:03 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-05-05 11:18 . 2009-05-06 07:03 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-05-05 11:18 . 2009-05-06 07:03 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-05-05 11:18 . 2009-05-06 07:03 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-05-05 11:18 . 2009-05-06 07:03 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-05-05 20:59 . 2008-08-07 13:27 163328 c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2009-05-05 20:59 . 2008-08-07 13:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2006-10-26 11:40 . 2006-10-26 11:40 1079808 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll
+ 2006-10-26 11:40 . 2006-10-26 11:40 1093632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll
+ 2003-10-16 11:42 . 2009-02-20 08:11 3089408 c:\windows\system32\mshtml.dll
+ 2006-10-26 12:10 . 2006-10-26 12:10 1190688 c:\windows\system32\FM20.DLL
+ 2009-02-20 08:11 . 2009-02-20 08:11 3089408 c:\windows\system32\dllcache\mshtml.dll
+ 2009-05-05 11:18 . 2009-05-06 07:03 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-05-05 11:18 . 2009-05-06 07:03 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2006-09-15 14:25 . 2006-09-15 14:25 3611416 c:\windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT
+ 2009-05-05 20:59 . 2009-05-05 20:59 1208320 c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0/u0000001\NTUSER.DAT
+ 2009-05-05 20:59 . 2009-05-05 20:59 1208320 c:\windows\ERUNT\SDFIX\Users\[u]0/u0000001\NTUSER.DAT
+ 2009-02-02 16:07 . 2009-02-02 16:07 1914440 c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-03-07 492808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
"VCSPlayer"="c:\program files\Virtual CD v4 SDK\system\vcsplay.exe" [2003-08-13 299008]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-29 1398024]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2003-05-07 36864]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-08-14 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Bastien\Menu D‚marrer\Programmes\D‚marrage\
Think Green Weather.lnk - c:\program files\Stardock\DesktopGadgets\Think Green Weather\Think Green Weather.exe [2009-5-11 728576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2008-03-12 14:11 24576 ----a-w c:\program files\Stardock\MyColors\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [05/04/2004 13:27 11264]
R1 vcsmpdrv;vcsmpdrv;c:\windows\system32\drivers\vcsmpdrv.sys [05/04/2004 13:31 49024]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [03/05/2009 19:13 52240]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [07/03/2008 09:17 36368]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);c:\program files\Virtual CD v4 SDK\System\vcssecs.exe [05/04/2004 13:31 139264]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [07/03/2008 09:17 333328]
S?3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [03/05/2009 19:13 488768]
S3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [03/05/2009 19:13 648456]
.
Contenu du dossier 'Tâches planifiées'

2009-05-03 c:\windows\Tasks\Rappel d'enregistrement 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2002-09-30 02:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = file://c:\apps\IE\offline\fr.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Bastien\Application Data\Mozilla\Firefox\Profiles\3d9e2ndw.default\
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-11 20:50
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-2372825723-2642861153-1514019941-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(920)
c:\windows\system32\Ati2evxx.dll
c:\program files\Stardock\MyColors\fastload.dll

- - - - - - - > 'explorer.exe'(3008)
c:\windows\system32\eappprxy.dll
c:\program files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Heure de fin: 2009-05-11 20:54 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-05-11 18:54
ComboFix2.txt 2009-05-04 21:38

Avant-CF: 62 527 180 800 octets libres
Après-CF: 62 572 302 336 octets libres

383 --- E O F --- 2009-05-06 12:08

############################## [ UsbFix V3.018 # Cleaning ]

# User : Bastien (Administrateurs) # SN201747830008
# Update on 11/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 18:45:37 | 12/05/2009

# AMD Athlon(tm) XP 2600+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 6.0.2900.5512
# Windows Firewall Status : Disabled
# AV : Trend Micro Internet Security 16.10.1210 [ Enabled | Updated ]
# FW : Pare-feu personnel de Trend Micro[ Enabled ]5.2

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 70,52 Go (58,02 Go free) [HDD] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
# F:\ # Disque fixe local # 465,76 Go (246,73 Go free) [disque dur Nono] # NTFS

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\MyColors\wbload.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Fichiers # Dossiers infectieux ]

Deleted ! C:\FLIPART.EXE
Deleted ! C:\GETBOOTD.BAT

################## [ Registre # Clés Run infectieuses ]


################## [ Registre # Mountpoints2 ]

# -> Not Found !

################## [ Listing des fichiers présent ]

[05/04/2004 13:19|-rahs----|193] - C:\BOOT.BAK
[03/05/2009 18:06|-rahs----|291] - C:\BOOT.INI
[30/08/2002 13:00|-rahs----|4952] - C:\Bootfont.bin
[30/08/2002 13:00|-rahs----|249136] - C:\cmldr
[11/05/2009 20:54|--a------|32590] - C:\ComboFix.txt
[05/04/2004 13:09|--a------|6195] - C:\DWNLOG.TXT
[29/08/2002 15:03|--a------|6384] - C:\GETDRIVE.EXE
[05/04/2004 13:22|-rahs----|0] - C:\IO.SYS
[05/04/2004 13:25|--ah-----|454] - C:\IPH.PH
[05/04/2004 13:22|-rahs----|0] - C:\MSDOS.SYS
[03/05/2009 18:01|-rahs----|47564] - C:\NTDETECT.COM
[03/05/2009 18:31|-rahs----|252240] - C:\ntldr
[?|?|?] - C:\pagefile.sys
[07/05/2009 12:44|--a------|2068] - C:\Rooter.txt
[12/05/2009 18:47|--a------|2809] - C:\UsbFix.txt
[21/09/2008 16:57|--a------|23969] - F:\CV.rtf
[06/11/2008 19:32|--a------|201924] - F:\CVESLI.pdf
[20/09/2007 18:34|--a------|936960] - F:\WinRAR.exe

################## [ Vaccination ]

# C:\autorun.inf -> Folder created by UsbFix.
# F:\autorun.inf -> Folder created by UsbFix.

################## [ Cracks / Keygens / Serials ]

# -> Nothing found !

################## [ ! Fin du rapport # UsbFix V3.018 ! ]

############################## [ UsbFix V3.018 # Vaccination ]

# User : Bastien (Administrateurs) # SN201747830008
# Update on 11/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 18:50:35 | 12/05/2009

# AMD Athlon(tm) XP 2600+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 6.0.2900.5512
# Windows Firewall Status : Disabled
# AV : Trend Micro Internet Security 16.10.1210 [ Enabled | Updated ]
# FW : Pare-feu personnel de Trend Micro[ Enabled ]5.2

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 70,52 Go (58,02 Go free) [HDD] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
# F:\ # Disque fixe local # 465,76 Go (246,73 Go free) [disque dur Nono] # NTFS

################## [ Vaccination ]

# C:\autorun.inf -> Folder created by UsbFix.
# F:\autorun.inf -> Folder created by UsbFix.

################## [ ! Fin du rapport # UsbFix V3.018 ! ]

############################## [ UsbFix V3.018 # Listing ]

# User : Bastien (Administrateurs) # SN201747830008
# Update on 11/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 18:51:13 | 12/05/2009

# AMD Athlon(tm) XP 2600+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 6.0.2900.5512
# Windows Firewall Status : Disabled
# AV : Trend Micro Internet Security 16.10.1210 [ Enabled | Updated ]
# FW : Pare-feu personnel de Trend Micro[ Enabled ]5.2

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 70,52 Go (58,01 Go free) [HDD] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
# F:\ # Disque fixe local # 465,76 Go (246,73 Go free) [disque dur Nono] # NTFS

###################### [ Listing des fichiers présents C:\ ]

[05/04/2004 13:19|-rahs----|193] - C:\BOOT.BAK
[03/05/2009 18:06|-rahs----|291] - C:\BOOT.INI
[30/08/2002 13:00|-rahs----|4952] - C:\Bootfont.bin
[30/08/2002 13:00|-rahs----|249136] - C:\cmldr
[11/05/2009 20:54|--a------|32590] - C:\ComboFix.txt
[05/04/2004 13:09|--a------|6195] - C:\DWNLOG.TXT
[29/08/2002 15:03|--a------|6384] - C:\GETDRIVE.EXE
[05/04/2004 13:22|-rahs----|0] - C:\IO.SYS
[05/04/2004 13:25|--ah-----|454] - C:\IPH.PH
[05/04/2004 13:22|-rahs----|0] - C:\MSDOS.SYS
[03/05/2009 18:01|-rahs----|47564] - C:\NTDETECT.COM
[03/05/2009 18:31|-rahs----|252240] - C:\ntldr
[?|?|?] - C:\pagefile.sys
[07/05/2009 12:44|--a------|2068] - C:\Rooter.txt
[12/05/2009 18:51|--a------|1547] - C:\UsbFix.txt

###################### [ Listing des dossiers présents C:\ ]

[03/05/2009 23:53|d--------|0] - C:\ACTIVDOC
[03/05/2009 23:55|d--------|0] - C:\APPS
[03/05/2009 19:22|d--------|0] - C:\ATI
[12/05/2009 18:47|drahs----|0] - C:\autorun.inf
[03/05/2009 23:55|dr-hs----|0] - C:\cmdcons
[03/05/2009 23:55|d--h-----|0] - C:\DIVTOOLS
[04/05/2009 18:55|d--------|0] - C:\Documents and Settings
[03/05/2009 15:11|d--h-----|0] - C:\DRIVERS
[05/05/2009 13:07|dr-h-----|0] - C:\MSOCache
[03/05/2009 23:55|d--------|0] - C:\My Music
[03/05/2009 23:55|d--h-----|0] - C:\PNP
[12/05/2009 13:26|dr-------|0] - C:\Program Files
[11/05/2009 20:54|d--------|0] - C:\Qoobox
[12/05/2009 13:19|d--hs----|0] - C:\RECYCLER
[07/05/2009 12:44|d--------|0] - C:\Rooter$
[04/05/2009 13:14|d--------|0] - C:\rsit
[05/05/2009 23:09|d--------|0] - C:\SDFix
[03/05/2009 18:09|d--hs----|0] - C:\System Volume Information
[03/05/2009 19:16|d--------|0] - C:\tout
[12/05/2009 18:51|d--------|0] - C:\UsbFix
[12/05/2009 13:44|d--------|0] - C:\WINDOWS
[03/05/2009 15:11|d--------|0] - C:\WUTemp

###################### [ Listing des fichiers présents F:\ ]

[21/09/2008 16:57|--a------|23969] - F:\CV.rtf
[06/11/2008 19:32|--a------|201924] - F:\CVESLI.pdf
[20/09/2007 18:34|--a------|936960] - F:\WinRAR.exe

###################### [ Listing des dossiers présents F:\ ]

[04/10/2008 21:21|d--hs----|0] - F:\$RECYCLE.BIN
[12/05/2009 18:47|drahs----|0] - F:\autorun.inf
[03/05/2009 14:33|d--------|0] - F:\bastien-svg
[01/10/2008 12:53|d--hs----|0] - F:\found.000
[01/10/2008 20:40|d--hs----|0] - F:\found.001
[03/05/2009 14:30|dr-------|0] - F:\Important
[03/05/2009 17:45|d--hs----|0] - F:\RECYCLER
[03/05/2009 14:44|d--------|0] - F:\Samsung PC Studio 3
[03/05/2009 14:38|d--------|0] - F:\Sauvegarde 1er mai
[02/09/2008 17:54|d--hs----|0] - F:\System Volume Information
[03/05/2009 17:06|d--------|0] - F:\WUTemp

################## [ ! Fin du rapport # UsbFix V3.018 ! ]

Le logiciel plante à chaque essai...

Salut, voici le rapport :


-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 2600+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Bastien ( Administrator )
BOOT : Normal boot
Antivirus : Trend Micro Internet Security 16.10.1210 (Activated)
Firewall : Pare-feu personnel de Trend Micro 5.2 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:70 Go (Free:58 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 17/05/2009|14:18 )

-----------\\ SUPPRESSION

Supprime! - C:\WINDOWS\iun6002.exe

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 17/05/2009|12:24 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 17/05/2009|14:20 - Option : [2]

-----------\\ Fin du rapport a 14:20:34,26



Merci;

Salut,


Rapport GenProc 2.565 [1]
@ 18/05/2009 à 12:52:23
@ Windows XP Service Pack 3
@ Mozilla Firefox (3.0.10) [Navigateur par défaut]

"C:\WINDOWS\sed.exe" a été renommé sed.exe_RenameGenProc
"C:\WINDOWS\grep.exe" a été renommé grep.exe_RenameGenProc

# Etape 1/ Télécharge :

- CCleaner https://www.ccleaner.com/ccleaner/download (FileHippo). Ce logiciel va permettre de supprimer tous les fichiers temporaires. Lance-le et clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. Ferme le programme.

- MSNFix http://sosvirus.changelog.fr/MSNFix.zip (!aur3n7) et décompresse-le sur le Bureau.


Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; Choisis ta session courante *** Bastien *** (pour retrouver le rapport, clique sur le raccourci "Rapport GenProc[1]" sur ton bureau).


# Etape 2/

Lance le fichier MSNFix.bat qui se trouve dans le dossier MSNfix, sur le bureau.
- Exécute l'option R.
- Si l'infection est détectée, exécute l'option N.
- Sauvegarde ce rapport sur ton bureau.

# Etape 3/

Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

# Etape 4/

Redémarre normalement et poste, dans la même réponse :

- Le contenu du rapport msnfix.txt situé dans C:\WINDOWS ;
- Un nouveau rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ;
- Un nouveau rapport GenProc ;

Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

----------------------------------------------------------------------
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
----------------------------------------------------------------------

~~ Arguments de la procédure ~~


# Détections [1] GenProc 2.565 18/05/2009 à 12:50:25
MSNFix:le 18/05/2009 à 12:51:09 "C:\GETDRIVE.EXE"



Je fais ca ?