Tintin RS74

cf mon post précédent, j'ai édité

Pour les fichiers endommagés => au début de l'infection j'ai eu droit à un BSOD et au redemarrage, une multitude de fichier "enodmagé ou illisible" partout sur le disuqe dans divers dossier ayant aucun rapport. Bref, des fichiers inutilisable et même pas supprimable. Le Chkdsk ne voulait pas se lancer au démarrage donc impossible de réparer/supprimer et message d'erreur et fonction pas accessible (pour donner un exemple, un fichier de pref Itunes endommagé = bibliotheque qui disparaissais à chaque fois !) en pagaille. Bref tout ca c'est résolu car miracle, lors du dernier redemarrage (freeze de la CG dans un jeux :P ) Chkdsk s'est exécuté et donc plus de problème. Voila mon petit post pour eclairicir mes dires. Log de catch me : Processing "Files to kill:" read file error: d:\windows\system32\geyekrqrysvsgl.dll, Le fichier spécifié est introuvable. donc j'ai pas encore fait le script car apparemment le fichier suspect est supprimer (il était endommagé (j'avais eu un message d'erreur comme décris au dessus) et chkdsk à du le supprimer) J'ai bon ? je fait le script quand même ?

Hop nouveau scan, désinstalation de limewire effectué avant. Toujours autant de fichier endommagé, c'est "normal" ou gros problème, as tu une solution ? Voici le log : ComboFix 09-07-23.04 - tintin 24/07/2009 18:43.2.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1361 [GMT 2:00] Running from: d:\documents and settings\tintin\Bureau\Colaf.exe Command switches used :: d:\documents and settings\tintin\Bureau\CFscript.txt AV: avast! antivirus 4.8.1335 [VPS 090724-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: "d:\windows\system32\geyekrqrysvsgl.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . d:\documents and settings\tintin\Application Data\LimeWire d:\documents and settings\tintin\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\auth.dll d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\caps.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\composer.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\directory.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\dom.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\editor.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\find.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\intl.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\jar.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\locale.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\necko.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\oji.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\pippki.dll d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\places.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\pref.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\profile.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\storage.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\update.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\widget.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\crashreporter.exe d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\crashreporter.ini d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\dependentlibs.list d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\freebl3.chk d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\freebl3.dll d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\greprefs\all.js d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\js3250.dll d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\LICENSE d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\modules\debug.js d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\modules\utils.js d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\mozctl.dll d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\mozctlx.dll d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\msvcr71.dll d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\nspr4.dll d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\nss3.dll d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\nssckbi.dll d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\nssutil3.dll d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\platform.ini d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\plc4.dll d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\plds4.dll d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\README.txt d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\arrow.gif d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\designmode.css d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\forms.css d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\grabber.gif d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\html.css d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\html\folder.png d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\language.properties d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\mathml.css d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\quirk.css d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\svg.css d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\ua.css d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\viewsource.css d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\smime3.dll d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\softokn3.chk d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\softokn3.dll d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\sqlite3.dll d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\ssl3.dll d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\updater.exe d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\version.properties d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\xpcom.dll d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\xpcshell.exe d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\xpidl.exe d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\xpt_link.exe d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\xul.dll d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe d:\documents and settings\tintin\Application Data\LimeWire\browser\xulrunner\xulrunner.exe d:\documents and settings\tintin\Application Data\LimeWire\certificate\limewire.keystore d:\documents and settings\tintin\Application Data\LimeWire\createtimes.cache d:\documents and settings\tintin\Application Data\LimeWire\downloads.dat d:\documents and settings\tintin\Application Data\LimeWire\fileurns.bak d:\documents and settings\tintin\Application Data\LimeWire\fileurns.cache d:\documents and settings\tintin\Application Data\LimeWire\filters.props d:\documents and settings\tintin\Application Data\LimeWire\gnutella.net d:\documents and settings\tintin\Application Data\LimeWire\installation.props d:\documents and settings\tintin\Application Data\LimeWire\library.dat d:\documents and settings\tintin\Application Data\LimeWire\library5.dat d:\documents and settings\tintin\Application Data\LimeWire\limewire.props d:\documents and settings\tintin\Application Data\LimeWire\mojito.props d:\documents and settings\tintin\Application Data\LimeWire\mozilla-profile\.autoreg d:\documents and settings\tintin\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_ d:\documents and settings\tintin\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_ d:\documents and settings\tintin\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_ d:\documents and settings\tintin\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_ d:\documents and settings\tintin\Application Data\LimeWire\mozilla-profile\Cache\27F0EFC1d01 d:\documents and settings\tintin\Application Data\LimeWire\mozilla-profile\Cache\51CFDFBBd01 d:\documents and settings\tintin\Application Data\LimeWire\mozilla-profile\Cache\7973F814d01 d:\documents and settings\tintin\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01 d:\documents and settings\tintin\Application Data\LimeWire\mozilla-profile\Cache\98CB9480d01 d:\documents and settings\tintin\Application Data\LimeWire\mozilla-profile\Cache\AE98BDFAd01 d:\documents and settings\tintin\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A8Fd01 d:\documents and settings\tintin\Application Data\LimeWire\mozilla-profile\cert8.db d:\documents and settings\tintin\Application Data\LimeWire\mozilla-profile\compreg.dat d:\documents and settings\tintin\Application Data\LimeWire\mozilla-profile\cookies.sqlite d:\documents and settings\tintin\Application Data\LimeWire\mozilla-profile\downloads.sqlite d:\documents and settings\tintin\Application Data\LimeWire\mozilla-profile\extensions.cache d:\documents and settings\tintin\Application Data\LimeWire\mozilla-profile\extensions.ini d:\documents and settings\tintin\Application Data\LimeWire\mozilla-profile\history.dat d:\documents and settings\tintin\Application Data\LimeWire\mozilla-profile\key3.db d:\documents and settings\tintin\Application Data\LimeWire\mozilla-profile\permissions.sqlite d:\documents and settings\tintin\Application Data\LimeWire\mozilla-profile\places.sqlite-journal d:\documents and settings\tintin\Application Data\LimeWire\mozilla-profile\places.sqlite d:\documents and settings\tintin\Application Data\LimeWire\mozilla-profile\pluginreg.dat d:\documents and settings\tintin\Application Data\LimeWire\mozilla-profile\prefs.js d:\documents and settings\tintin\Application Data\LimeWire\mozilla-profile\secmod.db d:\documents and settings\tintin\Application Data\LimeWire\mozilla-profile\XPC.mfl d:\documents and settings\tintin\Application Data\LimeWire\mozilla-profile\xpti.dat d:\documents and settings\tintin\Application Data\LimeWire\promotion\promodb.backup d:\documents and settings\tintin\Application Data\LimeWire\promotion\promodb.data d:\documents and settings\tintin\Application Data\LimeWire\promotion\promodb.properties d:\documents and settings\tintin\Application Data\LimeWire\promotion\promodb.script d:\documents and settings\tintin\Application Data\LimeWire\questions.props d:\documents and settings\tintin\Application Data\LimeWire\responses.cache d:\documents and settings\tintin\Application Data\LimeWire\simpp.xml d:\documents and settings\tintin\Application Data\LimeWire\spam.dat d:\documents and settings\tintin\Application Data\LimeWire\tables.props d:\documents and settings\tintin\Application Data\LimeWire\themes\limewirePro_theme.lwtp d:\documents and settings\tintin\Application Data\LimeWire\themes\limewirePro_theme\01_star.gif d:\documents and settings\tintin\Application Data\LimeWire\themes\limewirePro_theme\02_star.gif d:\documents and settings\tintin\Application Data\LimeWire\themes\limewirePro_theme\03_star.gif d:\documents and settings\tintin\Application Data\LimeWire\themes\limewirePro_theme\04_star.gif d:\documents and settings\tintin\Application Data\LimeWire\themes\limewirePro_theme\05_star.gif d:\documents and settings\tintin\Application Data\LimeWire\themes\limewirePro_theme\chat.gif d:\documents and settings\tintin\Application Data\LimeWire\themes\limewirePro_theme\dir_closed.gif d:\documents and settings\tintin\Application Data\LimeWire\themes\limewirePro_theme\dir_open.gif d:\documents and settings\tintin\Application Data\LimeWire\themes\limewirePro_theme\forward_dn.gif d:\documents and settings\tintin\Application Data\LimeWire\themes\limewirePro_theme\forward_up.gif d:\documents and settings\tintin\Application Data\LimeWire\themes\limewirePro_theme\kill.gif d:\documents and settings\tintin\Application Data\LimeWire\themes\limewirePro_theme\kill_on.gif d:\documents and settings\tintin\Application Data\LimeWire\themes\limewirePro_theme\lime.gif d:\documents and settings\tintin\Application Data\LimeWire\themes\limewirePro_theme\lw_logo.png d:\documents and settings\tintin\Application Data\LimeWire\themes\limewirePro_theme\pause_dn.gif d:\documents and settings\tintin\Application Data\LimeWire\themes\limewirePro_theme\pause_up.gif d:\documents and settings\tintin\Application Data\LimeWire\themes\limewirePro_theme\play_dn.gif d:\documents and settings\tintin\Application Data\LimeWire\themes\limewirePro_theme\play_up.gif d:\documents and settings\tintin\Application Data\LimeWire\themes\limewirePro_theme\question.gif d:\documents and settings\tintin\Application Data\LimeWire\themes\limewirePro_theme\rewind_dn.gif d:\documents and settings\tintin\Application Data\LimeWire\themes\limewirePro_theme\rewind_up.gif d:\documents and settings\tintin\Application Data\LimeWire\themes\limewirePro_theme\stop_dn.gif d:\documents and settings\tintin\Application Data\LimeWire\themes\limewirePro_theme\stop_up.gif d:\documents and settings\tintin\Application Data\LimeWire\themes\limewirePro_theme\theme.txt d:\documents and settings\tintin\Application Data\LimeWire\themes\limewirePro_theme\warning.gif d:\documents and settings\tintin\Application Data\LimeWire\ttdata.cache d:\documents and settings\tintin\Application Data\LimeWire\ttrees.cache d:\documents and settings\tintin\Application Data\LimeWire\ttroot.cache d:\documents and settings\tintin\Application Data\LimeWire\version.xml d:\documents and settings\tintin\Application Data\LimeWire\versions.props d:\documents and settings\tintin\Application Data\LimeWire\xml\data\audio.sxml3 d:\documents and settings\tintin\Application Data\LimeWire\xml\data\video.sxml3 d:\windows\system32\geyekrqrysvsgl.dll . . . . failed to delete . ((((((((((((((((((((((((( Files Created from 2009-06-24 to 2009-07-24 ))))))))))))))))))))))))))))))) . 2009-07-24 14:53 . 2009-07-24 14:53 -------- d-sh--w- d:\documents and settings\tintin\PrivacIE 2009-07-24 14:46 . 2009-07-13 11:36 38160 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys 2009-07-24 14:46 . 2009-07-13 11:36 19096 ----a-w- d:\windows\system32\drivers\mbam.sys 2009-07-24 14:12 . 2009-07-24 14:12 -------- d-----w- d:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes 2009-07-23 18:43 . 2009-07-24 16:49 -------- d---a-w- d:\docume~1\ALLUSE~1\APPLIC~1\TEMP 2009-07-23 18:41 . 2008-04-17 10:12 107368 ----a-w- d:\windows\system32\GEARAspi.dll 2009-07-23 18:41 . 2009-07-23 18:41 -------- d-----w- d:\program files\iPod 2009-07-23 09:36 . 2009-07-23 09:36 -------- d-sh--w- d:\windows\system32\config\systemprofile\IETldCache 2009-07-23 09:36 . 2009-07-23 09:36 -------- d-sh--w- d:\documents and settings\tintin\IETldCache 2009-07-23 08:17 . 2009-07-23 08:18 -------- dc-h--w- d:\windows\ie8 2009-07-22 16:09 . 2009-07-22 16:09 -------- d-----w- d:\documents and settings\tintin\Local Settings\Application Data\BC 2009-07-22 16:09 . 2009-07-22 16:09 -------- d-----w- d:\docume~1\ALLUSE~1\APPLIC~1\BC 2009-07-22 15:24 . 2009-07-22 15:24 -------- d-----w- d:\docume~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-07-22 15:23 . 2009-07-22 15:23 -------- d-----w- d:\program files\QuickTime 2009-07-22 15:11 . 2009-07-22 15:11 -------- d-----w- d:\program files\Capcom 2009-07-22 15:00 . 2009-07-22 15:00 -------- d-----w- d:\windows\system32\config\systemprofile\Local Settings\Application Data\Apple Computer 2009-07-22 15:00 . 2009-07-22 15:00 -------- d-----w- d:\windows\system32\config\systemprofile\Application Data\Apple Computer 2009-07-21 18:10 . 2009-07-21 18:10 -------- d-----w- d:\documents and settings\tintin\Application Data\Desktopicon 2009-07-20 16:00 . 2009-07-24 16:49 -------- d-----w- d:\windows\system32\config\systemprofile\Application Data\VMware 2009-07-20 15:53 . 2009-07-20 15:53 39424 ----a-w- d:\windows\system32\geyekrqrysvsgl.dll 2009-07-18 10:47 . 2009-07-18 10:47 -------- d-----w- d:\documents and settings\tintin\Local Settings\Application Data\Temp 2009-07-06 15:32 . 2009-07-06 15:32 -------- d-----w- d:\docume~1\ALLUSE~1\APPLIC~1\DAEMON Tools Lite 2009-07-06 15:32 . 2009-07-06 15:32 -------- d-----w- d:\program files\DAEMON Tools Toolbar 2009-07-06 15:04 . 2009-07-06 15:32 -------- d-----w- d:\documents and settings\tintin\Application Data\DAEMON Tools Lite 2009-07-03 20:55 . 2009-07-03 20:55 -------- d-----w- d:\documents and settings\tintin\Application Data\FUEL 2009-07-01 15:58 . 2009-07-01 15:59 -------- d-----w- D:\332296a004bdbbbf1e401b71 2009-07-01 15:58 . 2009-07-01 15:59 -------- d-----w- d:\windows\system32\drivers\UMDF 2009-07-01 15:58 . 2009-07-01 15:58 -------- d-----w- D:\9da585424ce1ddf11a2538d1a61c 2009-06-26 15:09 . 2009-06-26 15:09 -------- d-----w- d:\documents and settings\tintin\Local Settings\Application Data\ArmA 2 Demo 2009-06-26 15:09 . 2009-03-09 13:27 453456 ----a-w- d:\windows\system32\d3dx10_41.dll 2009-06-26 15:09 . 2009-03-09 13:27 4178264 ----a-w- d:\windows\system32\D3DX9_41.dll 2009-06-26 15:09 . 2009-03-09 13:27 1846632 ----a-w- d:\windows\system32\D3DCompiler_41.dll 2009-06-26 15:09 . 2009-03-16 12:18 69448 ----a-w- d:\windows\system32\XAPOFX1_3.dll 2009-06-26 15:09 . 2009-03-16 12:18 517448 ----a-w- d:\windows\system32\XAudio2_4.dll 2009-06-26 15:09 . 2009-03-16 12:18 235352 ----a-w- d:\windows\system32\xactengine3_4.dll 2009-06-26 15:09 . 2009-03-16 12:18 22360 ----a-w- d:\windows\system32\X3DAudio1_6.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-24 16:49 . 2008-12-14 15:28 -------- d-----w- d:\docume~1\ALLUSE~1\APPLIC~1\VMware 2009-07-24 16:48 . 2008-09-19 17:12 -------- d-----w- d:\program files\DNA 2009-07-24 16:48 . 2008-09-19 17:12 -------- d-----w- d:\documents and settings\tintin\Application Data\DNA 2009-07-24 16:42 . 2008-12-03 19:05 -------- d-----w- d:\program files\PLP 2009-07-24 14:55 . 2008-08-29 20:09 -------- d-----w- d:\program files\Outils 2009-07-24 14:37 . 2008-12-15 16:45 -------- d-----w- d:\documents and settings\tintin\Application Data\VMware 2009-07-23 18:44 . 2008-09-19 17:12 -------- d-----w- d:\documents and settings\tintin\Application Data\BitTorrent 2009-07-23 18:42 . 2008-09-01 13:23 -------- d-----w- d:\documents and settings\tintin\Application Data\Apple Computer 2009-07-23 18:41 . 2008-09-19 18:01 -------- d-----w- d:\program files\iTunes 2009-07-23 18:41 . 2008-09-01 13:22 -------- d-----w- d:\program files\Fichiers communs\Apple 2009-07-22 15:31 . 2008-10-09 12:26 -------- d-----w- d:\program files\Fichiers communs\Wise Installation Wizard 2009-07-22 15:31 . 2008-10-09 12:26 -------- d-----w- d:\program files\AGEIA Technologies 2009-07-22 15:30 . 2009-04-11 10:16 -------- d-----w- d:\program files\OpenAL 2009-07-22 15:23 . 2008-09-01 13:23 -------- d-----w- d:\docume~1\ALLUSE~1\APPLIC~1\Apple Computer 2009-07-22 15:11 . 2008-08-29 18:39 -------- d--h--w- d:\program files\InstallShield Installation Information 2009-07-19 12:03 . 2008-12-15 05:05 -------- d-----w- d:\documents and settings\NetworkService\Application Data\VMware 2009-07-18 17:18 . 2009-06-19 15:03 -------- d-----w- d:\docume~1\ALLUSE~1\APPLIC~1\TrackMania 2009-07-16 17:33 . 2008-08-29 18:58 -------- d-----w- d:\program files\Jeux 2009-07-12 19:46 . 2009-03-21 20:19 -------- d-----w- d:\documents and settings\tintin\Application Data\gtk-2.0 2009-07-12 09:59 . 2008-09-21 08:47 -------- d-----w- d:\program files\InternetMessenger Plus! Live 2009-07-06 15:32 . 2008-08-29 18:58 -------- d-----w- d:\documents and settings\tintin\Application Data\DAEMON Tools 2009-07-06 15:04 . 2008-08-29 18:58 721904 ----a-w- d:\windows\system32\drivers\sptd.sys 2009-06-16 14:40 . 2006-03-09 08:25 119808 ----a-w- d:\windows\system32\t2embed.dll 2009-06-16 14:40 . 2006-03-09 08:24 81920 ----a-w- d:\windows\system32\fontsub.dll 2009-06-09 16:03 . 2008-08-29 19:09 -------- d-----w- d:\program files\Video 2009-06-07 11:19 . 2009-06-07 10:55 -------- d-----w- d:\documents and settings\tintin\Application Data\Poser 7 2009-06-06 19:35 . 2008-10-09 12:04 1 ----a-w- d:\documents and settings\tintin\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys 2009-06-06 19:34 . 2008-10-09 12:03 -------- d-----w- d:\documents and settings\tintin\Application Data\OpenOffice.org2 2009-06-05 17:28 . 2008-08-29 19:06 1324 ----a-w- d:\windows\system32\d3d9caps.dat 2009-06-03 19:10 . 2006-03-09 08:25 1297408 ----a-w- d:\windows\system32\quartz.dll 2009-06-01 13:21 . 2009-06-01 13:21 131072 ----a-r- d:\documents and settings\tintin\Application Data\Microsoft\Installer\{3254FD51-9910-48C4-AC9B-AF3691C1544C}\NewShortcut3_3254FD51991048C4AC9BAF3691C1544C.exe 2009-06-01 13:21 . 2009-06-01 13:21 131072 ----a-r- d:\documents and settings\tintin\Application Data\Microsoft\Installer\{3254FD51-9910-48C4-AC9B-AF3691C1544C}\NewShortcut1_3254FD51991048C4AC9BAF3691C1544C.exe 2009-06-01 13:21 . 2009-06-01 13:21 10134 ----a-r- d:\documents and settings\tintin\Application Data\Microsoft\Installer\{3254FD51-9910-48C4-AC9B-AF3691C1544C}\ARPPRODUCTICON.exe 2009-06-01 13:21 . 2009-06-01 13:21 -------- d-----w- d:\program files\WinPcap 2009-06-01 04:14 . 2009-06-01 04:12 -------- d-----w- d:\program files\Easy Video Downloader 2009-05-29 14:50 . 2009-05-29 14:50 10134 ----a-r- d:\documents and settings\tintin\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe 2009-05-29 14:50 . 2009-05-29 14:50 -------- d-----w- d:\program files\Microsoft WSE 2009-05-27 16:21 . 2009-05-27 16:21 -------- d-----w- d:\documents and settings\tintin\Application Data\Atari 2009-05-27 16:20 . 2009-05-27 16:19 -------- d-----w- d:\docume~1\ALLUSE~1\APPLIC~1\Tages 2009-05-27 16:06 . 2008-09-21 08:58 279712 ----a-w- d:\windows\system32\drivers\atksgt.sys 2009-05-26 14:56 . 2009-05-26 14:56 -------- d-----w- d:\program files\Fichiers communs\DVDVideoSoft 2009-05-07 15:33 . 2004-08-19 15:09 348672 ----a-w- d:\windows\system32\localspl.dll 2009-04-29 03:30 . 2008-08-01 06:38 3643904 ----a-w- d:\windows\system32\drivers\ati2mtag.sys 2009-04-29 02:18 . 2008-08-01 04:33 442368 ----a-w- d:\windows\system32\ATIDEMGX.dll 2009-04-29 02:17 . 2008-08-01 04:32 335872 ----a-w- d:\windows\system32\ati2dvag.dll 2009-04-29 02:07 . 2008-08-01 04:23 204800 ----a-w- d:\windows\system32\atipdlxx.dll 2009-04-29 02:06 . 2008-08-01 04:23 155648 ----a-w- d:\windows\system32\Oemdspif.dll 2009-04-29 02:06 . 2008-08-01 04:22 26112 ----a-w- d:\windows\system32\Ati2mdxx.exe 2009-04-29 02:06 . 2008-08-01 04:22 43520 ----a-w- d:\windows\system32\ati2edxx.dll 2009-04-29 02:06 . 2008-08-01 04:22 155648 ----a-w- d:\windows\system32\ati2evxx.dll 2009-04-29 02:04 . 2008-08-01 04:21 602112 ----a-w- d:\windows\system32\ati2evxx.exe 2009-04-29 02:03 . 2008-08-01 04:19 53248 ----a-w- d:\windows\system32\ATIDDC.DLL 2009-04-29 02:00 . 2008-08-01 03:39 311296 ----a-w- d:\windows\system32\atiiiexx.dll 2009-04-29 01:56 . 2008-08-01 04:10 2997536 ----a-w- d:\windows\system32\ati3duag.dll 2009-04-29 01:45 . 2008-08-01 05:40 11603968 ----a-w- d:\windows\system32\atioglxx.dll 2009-04-29 01:42 . 2008-08-01 03:59 2687872 ----a-w- d:\windows\system32\ativvaxx.dll 2009-04-29 01:26 . 2009-04-29 01:26 49664 ----a-w- d:\windows\system32\atimpc32.dll 2009-04-29 01:26 . 2008-08-01 03:46 49664 ----a-w- d:\windows\system32\amdpcom32.dll 2009-04-29 01:22 . 2008-08-01 03:42 479232 ----a-w- d:\windows\system32\atikvmag.dll 2009-04-29 01:20 . 2009-04-29 01:20 45056 ----a-w- d:\windows\system32\aticalrt.dll 2009-04-29 01:20 . 2009-04-29 01:20 45056 ----a-w- d:\windows\system32\aticalcl.dll 2009-04-29 01:20 . 2008-08-01 03:40 135168 ----a-w- d:\windows\system32\atiadlxx.dll 2009-04-29 01:19 . 2008-08-01 03:40 17408 ----a-w- d:\windows\system32\atitvo32.dll 2009-04-29 01:19 . 2008-08-01 03:39 53248 ----a-w- d:\windows\system32\drivers\ati2erec.dll 2009-04-29 01:18 . 2009-04-29 01:18 3280896 ----a-w- d:\windows\system32\aticaldd.dll 2009-04-29 01:17 . 2008-08-01 04:58 303104 ----a-w- d:\windows\system32\atiok3x2.dll 2009-04-29 01:13 . 2008-08-01 03:34 630784 ----a-w- d:\windows\system32\ati2cqag.dll 2009-04-28 19:05 . 2008-08-29 18:55 593920 ------w- d:\windows\system32\ati2sgag.exe . ((((((((((((((((((((((((((((( SnapShot@2009-07-24_16.08.59 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-24 16:49 . 2009-07-24 16:49 16384 d:\windows\Temp\Perflib_Perfdata_c20.dat + 2009-07-24 16:49 . 2009-07-24 16:49 16384 d:\windows\Temp\Perflib_Perfdata_928.dat + 2009-07-24 16:48 . 2009-07-24 16:48 16384 d:\windows\Temp\Perflib_Perfdata_2e0.dat + 2008-08-29 17:36 . 2009-07-24 16:50 32768 d:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2008-08-29 17:36 . 2009-07-24 16:09 32768 d:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2008-08-29 17:36 . 2009-07-24 16:09 32768 d:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2008-08-29 17:36 . 2009-07-24 16:50 32768 d:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat - 2008-08-29 17:36 . 2009-07-24 16:09 32768 d:\windows\system32\config\systemprofile\Cookies\index.dat + 2008-08-29 17:36 . 2009-07-24 16:50 32768 d:\windows\system32\config\systemprofile\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] 2009-01-10 12:04 204248 ----a-w- d:\program files\Hotspot Shield\HssIE\HssIE.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="d:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408] "BitTorrent DNA"="d:\program files\DNA\btdna.exe" [2008-12-19 342848] "Google Update"="d:\documents and settings\tintin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-08 133104] "RocketDock"="d:\program files\Outils\RocketDock\RocketDock.exe" [2007-09-02 495616] "MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "DAEMON Tools Lite"="d:\program files\Outils\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360] "RegistryMechanic"="d:\program files\outils\Registry Mechanic\RegMech.exe" [2008-07-08 2828184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SystrayORAHSS"="d:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208] "ORAHSSSessionManager"="d:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400] "AppleSyncNotifier"="d:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472] "zBrowser Launcher"="d:\program files\Outils\Logitech\iTouch\iTouch.exe" [2004-03-18 892928] "RivaTunerStartupDaemon"="d:\program files\Outils\RivaTuner v2.11\RivaTuner.exe" [2008-09-16 2715648] "avast!"="d:\progra~1\Outils\Avast4\ashDisp.exe" [2009-02-05 81000] "Adobe Reader Speed Launcher"="d:\program files\Outils\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "AdobeCS4ServiceManager"="d:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "UnlockerAssistant"="d:\program files\Outils\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872] "QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - d:\windows\KHALMNPR.Exe [2008-02-29 76304] "RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.EXE [2008-07-31 16806912] "SoundMan"="SOUNDMAN.EXE" - d:\windows\SoundMan.exe [2008-06-18 77824] "AlcWzrd"="ALCWZRD.EXE" - d:\windows\ALCWZRD.EXE [2008-06-19 2808832] d:\documents and settings\tintin\Menu D‚marrer\Programmes\D‚marrage\ Y'z Shadow.lnk - d:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648] d:\docume~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\ Logitech Desktop Messenger.lnk - d:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-8-29 67128] Logitech SetPoint.lnk - d:\program files\Logitech\SetPoint\SetPoint.exe [2008-8-29 805392] RocketDock.lnk - d:\program files\Outils\RocketDock\RocketDock.exe [2008-12-2 495616] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "NoStrCmpLogical"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 01:42 72208 ----a-w- d:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /p \??\D:\0autocheck autochk * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "DisablePagingExecutive"=dword:00000001 "SecondLevelDataCache"=dword:00000200 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"= "d:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\Jeux\\Mass Effect\\Binaries\\MassEffect.exe"= "c:\\Program Files\\Jeux\\Mass Effect\\MassEffectLauncher.exe"= "c:\\APPLICATION\\eMule Applejuice\\emule.exe"= "d:\\Program Files\\Jeux\\Steam\\steamapps\\moi743\\team fortress 2\\hl2.exe"= "d:\\Program Files\\Internet\\Opera\\opera.exe"= "d:\\Program Files\\Internet\\GigaTribe\\gigatribe.exe"= "d:\\Program Files\\DNA\\btdna.exe"= "d:\\Program Files\\Internet\\BitTorrent\\bittorrent.exe"= "d:\\Program Files\\Jeux\\Brothers in Arms - Hell's Highway\\Binaries\\biahh.exe"= "d:\\Program Files\\Jeux\\Far Cry 2\\bin\\FarCry2.exe"= "d:\\Program Files\\Jeux\\Far Cry 2\\bin\\FC2Launcher.exe"= "d:\\Program Files\\Jeux\\Far Cry 2\\bin\\FC2Editor.exe"= "d:\\Program Files\\Jeux\\Call of Duty - World at War\\CoDWaWmp.exe"= "d:\\Program Files\\Jeux\\Call of Duty - World at War\\CoDWaW.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\Program Files\\Outils\\VMware Workstation\\vmware-authd.exe"= "d:\\Program Files\\Audio\\Spotify\\spotify.exe"= "d:\\Program Files\\Jeux\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"= "d:\\Program Files\\Bonjour\\mDNSResponder.exe"= "d:\\Program Files\\Jeux\\Burnout Paradise The Ultimate Box\\BurnoutLauncher.exe"= "d:\\Program Files\\Jeux\\Burnout Paradise The Ultimate Box\\BurnoutConfigTool.exe"= "d:\\Program Files\\Jeux\\Burnout Paradise The Ultimate Box\\BurnoutParadise.exe"= "d:\\Program Files\\Jeux\\Tom Clancy's H.A.W.X\\HAWX.exe"= "d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "d:\\Program Files\\Video\\VLC\\vlc.exe"= "d:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "d:\\Program Files\\Jeux\\GRID\\GRID.exe"= "d:\\Program Files\\Jeux\\Poser 7\\Poser.exe"= "d:\\Program Files\\Jeux\\Prototype\\prototypef.exe"= "d:\\Program Files\\Jeux\\TmNationsForever\\TmForever.exe"= "d:\\Program Files\\Jeux\\ArmA 2 Demo\\ArmA2Demo.exe"= "d:\\Program Files\\Jeux\\Call of Juarez - Bound in Blood\\CoJBiBGame_x86.exe"= "d:\\Program Files\\Jeux\\FUEL\\FUEL.exe"= "d:\\Program Files\\Capcom\\Bionic Commando\\bionic_commando.exe"= "d:\\Program Files\\Capcom\\Bionic Commando\\Support\\CAP1-0101.exe"= "d:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R1 aswSP;avast! Self Protection;d:\windows\system32\drivers\aswSP.sys [03/12/2008 21:55 114768] R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [03/12/2008 21:55 20560] R2 npf;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [01/06/2008 09:13 34064] R2 vmci;VMware vmci;d:\windows\system32\drivers\vmci.sys [29/10/2008 00:08 54960] S3 maconfservice;Ma-Config Service;d:\program files\Outils\ma-config.com\maconfservice.exe [13/05/2009 14:37 234864] S3 WsAudioDevice_383;WsAudioDevice_383;d:\windows\system32\drivers\WsAudioDevice_383.sys [15/06/2009 22:02 16640] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "d:\windows\system32\rundll32.exe" "d:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.fr/ uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s LSP: d:\program files\Outils\VMware Workstation\vsocklib.dll Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - d:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-24 18:49 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-448539723-1547161642-839522115-1003\SOFTWARE\SecuROM\License information*] "datasecu"=hex:e8,b8,75,0b,fd,a8,84,8b,18,cb,a4,1a,55,4c,5f,8e,42,81,de,05,61, 8a,cd,db,66,27,ab,9a,77,2c,e3,c4,b1,38,a9,bd,1d,75,c1,3e,82,4a,06,be,38,ab,\ "rkeysecu"=hex:e7,9e,e7,2e,a3,5c,18,9c,97,03,da,6f,11,f6,15,c0 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1044) d:\windows\system32\Ati2evxx.dll d:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll d:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dll d:\program files\Fichiers communs\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll - - - - - - - > 'explorer.exe'(1672) d:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll d:\program files\Outils\RocketDock\RocketDock.dll d:\program files\Logitech\SetPoint\lgscroll.dll d:\program files\Outils\Logitech\iTouch\iTchHk.dll d:\program files\Fichiers communs\Logitech\Scrolling\LgMsgHk.dll d:\windows\system32\ieframe.dll d:\windows\system32\ntshrui.dll d:\windows\system32\msls31.dll d:\windows\system32\netshell.dll d:\windows\system32\credui.dll d:\windows\system32\eappprxy.dll d:\windows\system32\msi.dll d:\windows\system32\webcheck.dll d:\windows\system32\WPDShServiceObj.dll d:\windows\system32\PortableDeviceTypes.dll d:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . d:\windows\system32\ati2evxx.exe d:\windows\system32\ati2evxx.exe d:\program files\Outils\Avast4\aswUpdSv.exe d:\program files\Outils\Avast4\ashServ.exe d:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe d:\program files\Bonjour\mDNSResponder.exe d:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe d:\program files\Hotspot Shield\bin\openvpnas.exe d:\program files\Java\jre6\bin\jqs.exe d:\program files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.exe d:\program files\Outils\CDBurnerXP\NMSAccessU.exe d:\windows\system32\PnkBstrA.exe d:\windows\system32\vmnat.exe d:\windows\system32\vmnetdhcp.exe d:\program files\Outils\VMware Workstation\vmware-authd.exe d:\program files\Outils\Avast4\ashMaiSv.exe d:\program files\Outils\Avast4\ashWebSv.exe d:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-07-24 18:55 - machine was rebooted ComboFix-quarantined-files.txt 2009-07-24 16:55 ComboFix2.txt 2009-07-24 16:15 Pre-Run: 492 466 356 224 octets libres Post-Run: 492 433 248 256 octets libres 710 --- E O F --- 2009-07-23 08:18

Merci angelique pour ce début d'aide, execution de combox fix ok (efectivement, j'ai eu à le renommer) Voici le log (à noté que j'ai eu beaucoup d'erreur de fichier endommagé et illisible, problème que j'ai eu à de nombreuse reprise avant le scan, tout en ne réussissant pas à le résoudre avec chkdsk qui ne voulait pas s'executer au démarrage) : ComboFix 09-07-23.04 - tintin 24/07/2009 17:57.1.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1587 [GMT 2:00] Running from: d:\documents and settings\tintin\Bureau\Colaf.exe AV: avast! antivirus 4.8.1335 [VPS 090724-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Installer\54f65.msi d:\docume~1\ALLUSE~1\APPLIC~1\Microsoft\Network\Downloader\qmgr0.dat d:\docume~1\ALLUSE~1\APPLIC~1\Microsoft\Network\Downloader\qmgr1.dat d:\windows\system32\404Fix.exe d:\windows\system32\Agent.OMZ.Fix.exe d:\windows\system32\drivers\ESQULqaecevuntkodlpfpykxelmsliqxgxxya.sys d:\windows\system32\drivers\geyekrilpqcurx.sys d:\windows\system32\dumphive.exe d:\windows\system32\ESQULlyhoiyayuetpkjeonoetqmoeqrixpnjw.dll d:\windows\system32\ESQULquocdqymytjpsdhphrspdonjrjcksvmi.dll d:\windows\system32\ESQULzcounter d:\windows\system32\IEDFix.C.exe d:\windows\system32\IEDFix.exe d:\windows\system32\o4Patch.exe d:\windows\system32\Process.exe d:\windows\system32\SrchSTS.exe d:\windows\system32\tmp.reg d:\windows\system32\VACFix.exe d:\windows\system32\VCCLSID.exe d:\windows\system32\WS2Fix.exe d:\windows\system32\geyekrqrysvsgl.dll . . . . failed to delete ----- BITS: Possible infected sites ----- hxxp://91.121.83.131 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_ESQULserv.sys ((((((((((((((((((((((((( Files Created from 2009-06-24 to 2009-07-24 ))))))))))))))))))))))))))))))) . 2009-07-24 14:53 . 2009-07-24 14:53 -------- d-sh--w- d:\documents and settings\tintin\PrivacIE 2009-07-24 14:46 . 2009-07-13 11:36 38160 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys 2009-07-24 14:46 . 2009-07-13 11:36 19096 ----a-w- d:\windows\system32\drivers\mbam.sys 2009-07-24 14:12 . 2009-07-24 14:12 -------- d-----w- d:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes 2009-07-23 18:43 . 2009-07-24 16:08 -------- d---a-w- d:\docume~1\ALLUSE~1\APPLIC~1\TEMP 2009-07-23 18:41 . 2008-04-17 10:12 107368 ----a-w- d:\windows\system32\GEARAspi.dll 2009-07-23 18:41 . 2009-07-23 18:41 -------- d-----w- d:\program files\iPod 2009-07-23 09:36 . 2009-07-23 09:36 -------- d-sh--w- d:\windows\system32\config\systemprofile\IETldCache 2009-07-23 09:36 . 2009-07-23 09:36 -------- d-sh--w- d:\documents and settings\tintin\IETldCache 2009-07-23 08:17 . 2009-07-23 08:18 -------- dc-h--w- d:\windows\ie8 2009-07-22 16:09 . 2009-07-22 16:09 -------- d-----w- d:\documents and settings\tintin\Local Settings\Application Data\BC 2009-07-22 16:09 . 2009-07-22 16:09 -------- d-----w- d:\docume~1\ALLUSE~1\APPLIC~1\BC 2009-07-22 15:24 . 2009-07-22 15:24 -------- d-----w- d:\docume~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-07-22 15:23 . 2009-07-22 15:23 -------- d-----w- d:\program files\QuickTime 2009-07-22 15:11 . 2009-07-22 15:11 -------- d-----w- d:\program files\Capcom 2009-07-22 15:00 . 2009-07-22 15:00 -------- d-----w- d:\windows\system32\config\systemprofile\Local Settings\Application Data\Apple Computer 2009-07-22 15:00 . 2009-07-22 15:00 -------- d-----w- d:\windows\system32\config\systemprofile\Application Data\Apple Computer 2009-07-21 18:10 . 2009-07-21 18:10 -------- d-----w- d:\documents and settings\tintin\Application Data\Desktopicon 2009-07-20 16:00 . 2009-07-24 16:08 -------- d-----w- d:\windows\system32\config\systemprofile\Application Data\VMware 2009-07-20 15:53 . 2009-07-20 15:53 39424 ----a-w- d:\windows\system32\geyekrqrysvsgl.dll 2009-07-18 10:47 . 2009-07-18 10:47 -------- d-----w- d:\documents and settings\tintin\Local Settings\Application Data\Temp 2009-07-06 15:32 . 2009-07-06 15:32 -------- d-----w- d:\docume~1\ALLUSE~1\APPLIC~1\DAEMON Tools Lite 2009-07-06 15:32 . 2009-07-06 15:32 -------- d-----w- d:\program files\DAEMON Tools Toolbar 2009-07-06 15:04 . 2009-07-06 15:32 -------- d-----w- d:\documents and settings\tintin\Application Data\DAEMON Tools Lite 2009-07-03 20:55 . 2009-07-03 20:55 -------- d-----w- d:\documents and settings\tintin\Application Data\FUEL 2009-07-01 15:58 . 2009-07-01 15:59 -------- d-----w- D:\332296a004bdbbbf1e401b71 2009-07-01 15:58 . 2009-07-01 15:59 -------- d-----w- d:\windows\system32\drivers\UMDF 2009-07-01 15:58 . 2009-07-01 15:58 -------- d-----w- D:\9da585424ce1ddf11a2538d1a61c 2009-06-26 15:09 . 2009-06-26 15:09 -------- d-----w- d:\documents and settings\tintin\Local Settings\Application Data\ArmA 2 Demo 2009-06-26 15:09 . 2009-03-09 13:27 453456 ----a-w- d:\windows\system32\d3dx10_41.dll 2009-06-26 15:09 . 2009-03-09 13:27 4178264 ----a-w- d:\windows\system32\D3DX9_41.dll 2009-06-26 15:09 . 2009-03-09 13:27 1846632 ----a-w- d:\windows\system32\D3DCompiler_41.dll 2009-06-26 15:09 . 2009-03-16 12:18 69448 ----a-w- d:\windows\system32\XAPOFX1_3.dll 2009-06-26 15:09 . 2009-03-16 12:18 517448 ----a-w- d:\windows\system32\XAudio2_4.dll 2009-06-26 15:09 . 2009-03-16 12:18 235352 ----a-w- d:\windows\system32\xactengine3_4.dll 2009-06-26 15:09 . 2009-03-16 12:18 22360 ----a-w- d:\windows\system32\X3DAudio1_6.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-24 16:08 . 2008-12-14 15:28 -------- d-----w- d:\docume~1\ALLUSE~1\APPLIC~1\VMware 2009-07-24 16:07 . 2008-09-19 17:12 -------- d-----w- d:\program files\DNA 2009-07-24 16:07 . 2008-09-19 17:12 -------- d-----w- d:\documents and settings\tintin\Application Data\DNA 2009-07-24 14:55 . 2008-08-29 20:09 -------- d-----w- d:\program files\Outils 2009-07-24 14:37 . 2008-12-15 16:45 -------- d-----w- d:\documents and settings\tintin\Application Data\VMware 2009-07-23 18:44 . 2008-09-19 17:12 -------- d-----w- d:\documents and settings\tintin\Application Data\BitTorrent 2009-07-23 18:42 . 2008-09-01 13:23 -------- d-----w- d:\documents and settings\tintin\Application Data\Apple Computer 2009-07-23 18:41 . 2008-09-19 18:01 -------- d-----w- d:\program files\iTunes 2009-07-23 18:41 . 2008-09-01 13:22 -------- d-----w- d:\program files\Fichiers communs\Apple 2009-07-22 15:31 . 2008-10-09 12:26 -------- d-----w- d:\program files\Fichiers communs\Wise Installation Wizard 2009-07-22 15:31 . 2008-10-09 12:26 -------- d-----w- d:\program files\AGEIA Technologies 2009-07-22 15:30 . 2009-04-11 10:16 -------- d-----w- d:\program files\OpenAL 2009-07-22 15:23 . 2008-09-01 13:23 -------- d-----w- d:\docume~1\ALLUSE~1\APPLIC~1\Apple Computer 2009-07-22 15:11 . 2008-08-29 18:39 -------- d--h--w- d:\program files\InstallShield Installation Information 2009-07-19 12:03 . 2008-12-15 05:05 -------- d-----w- d:\documents and settings\NetworkService\Application Data\VMware 2009-07-18 17:18 . 2009-06-19 15:03 -------- d-----w- d:\docume~1\ALLUSE~1\APPLIC~1\TrackMania 2009-07-16 17:33 . 2008-08-29 18:58 -------- d-----w- d:\program files\Jeux 2009-07-12 19:46 . 2009-03-21 20:19 -------- d-----w- d:\documents and settings\tintin\Application Data\gtk-2.0 2009-07-12 09:59 . 2008-09-21 08:47 -------- d-----w- d:\program files\InternetMessenger Plus! Live 2009-07-11 13:25 . 2008-12-03 19:05 -------- d-----w- d:\documents and settings\tintin\Application Data\LimeWire 2009-07-06 15:32 . 2008-08-29 18:58 -------- d-----w- d:\documents and settings\tintin\Application Data\DAEMON Tools 2009-07-06 15:04 . 2008-08-29 18:58 721904 ----a-w- d:\windows\system32\drivers\sptd.sys 2009-06-16 14:40 . 2006-03-09 08:25 119808 ----a-w- d:\windows\system32\t2embed.dll 2009-06-16 14:40 . 2006-03-09 08:24 81920 ----a-w- d:\windows\system32\fontsub.dll 2009-06-09 16:03 . 2008-08-29 19:09 -------- d-----w- d:\program files\Video 2009-06-07 11:19 . 2009-06-07 10:55 -------- d-----w- d:\documents and settings\tintin\Application Data\Poser 7 2009-06-06 19:35 . 2008-10-09 12:04 1 ----a-w- d:\documents and settings\tintin\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys 2009-06-06 19:34 . 2008-10-09 12:03 -------- d-----w- d:\documents and settings\tintin\Application Data\OpenOffice.org2 2009-06-05 17:28 . 2008-08-29 19:06 1324 ----a-w- d:\windows\system32\d3d9caps.dat 2009-06-03 19:10 . 2006-03-09 08:25 1297408 ----a-w- d:\windows\system32\quartz.dll 2009-06-01 13:21 . 2009-06-01 13:21 131072 ----a-r- d:\documents and settings\tintin\Application Data\Microsoft\Installer\{3254FD51-9910-48C4-AC9B-AF3691C1544C}\NewShortcut3_3254FD51991048C4AC9BAF3691C1544C.exe 2009-06-01 13:21 . 2009-06-01 13:21 131072 ----a-r- d:\documents and settings\tintin\Application Data\Microsoft\Installer\{3254FD51-9910-48C4-AC9B-AF3691C1544C}\NewShortcut1_3254FD51991048C4AC9BAF3691C1544C.exe 2009-06-01 13:21 . 2009-06-01 13:21 10134 ----a-r- d:\documents and settings\tintin\Application Data\Microsoft\Installer\{3254FD51-9910-48C4-AC9B-AF3691C1544C}\ARPPRODUCTICON.exe 2009-06-01 13:21 . 2009-06-01 13:21 -------- d-----w- d:\program files\WinPcap 2009-06-01 04:14 . 2009-06-01 04:12 -------- d-----w- d:\program files\Easy Video Downloader 2009-05-29 14:50 . 2009-05-29 14:50 10134 ----a-r- d:\documents and settings\tintin\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe 2009-05-29 14:50 . 2009-05-29 14:50 -------- d-----w- d:\program files\Microsoft WSE 2009-05-27 16:21 . 2009-05-27 16:21 -------- d-----w- d:\documents and settings\tintin\Application Data\Atari 2009-05-27 16:20 . 2009-05-27 16:19 -------- d-----w- d:\docume~1\ALLUSE~1\APPLIC~1\Tages 2009-05-27 16:06 . 2008-09-21 08:58 279712 ----a-w- d:\windows\system32\drivers\atksgt.sys 2009-05-26 14:56 . 2009-05-26 14:56 -------- d-----w- d:\program files\Fichiers communs\DVDVideoSoft 2009-05-07 15:33 . 2004-08-19 15:09 348672 ----a-w- d:\windows\system32\localspl.dll 2009-04-29 03:30 . 2008-08-01 06:38 3643904 ----a-w- d:\windows\system32\drivers\ati2mtag.sys 2009-04-29 02:18 . 2008-08-01 04:33 442368 ----a-w- d:\windows\system32\ATIDEMGX.dll 2009-04-29 02:17 . 2008-08-01 04:32 335872 ----a-w- d:\windows\system32\ati2dvag.dll 2009-04-29 02:07 . 2008-08-01 04:23 204800 ----a-w- d:\windows\system32\atipdlxx.dll 2009-04-29 02:06 . 2008-08-01 04:23 155648 ----a-w- d:\windows\system32\Oemdspif.dll 2009-04-29 02:06 . 2008-08-01 04:22 26112 ----a-w- d:\windows\system32\Ati2mdxx.exe 2009-04-29 02:06 . 2008-08-01 04:22 43520 ----a-w- d:\windows\system32\ati2edxx.dll 2009-04-29 02:06 . 2008-08-01 04:22 155648 ----a-w- d:\windows\system32\ati2evxx.dll 2009-04-29 02:04 . 2008-08-01 04:21 602112 ----a-w- d:\windows\system32\ati2evxx.exe 2009-04-29 02:03 . 2008-08-01 04:19 53248 ----a-w- d:\windows\system32\ATIDDC.DLL 2009-04-29 02:00 . 2008-08-01 03:39 311296 ----a-w- d:\windows\system32\atiiiexx.dll 2009-04-29 01:56 . 2008-08-01 04:10 2997536 ----a-w- d:\windows\system32\ati3duag.dll 2009-04-29 01:45 . 2008-08-01 05:40 11603968 ----a-w- d:\windows\system32\atioglxx.dll 2009-04-29 01:42 . 2008-08-01 03:59 2687872 ----a-w- d:\windows\system32\ativvaxx.dll 2009-04-29 01:26 . 2009-04-29 01:26 49664 ----a-w- d:\windows\system32\atimpc32.dll 2009-04-29 01:26 . 2008-08-01 03:46 49664 ----a-w- d:\windows\system32\amdpcom32.dll 2009-04-29 01:22 . 2008-08-01 03:42 479232 ----a-w- d:\windows\system32\atikvmag.dll 2009-04-29 01:20 . 2009-04-29 01:20 45056 ----a-w- d:\windows\system32\aticalrt.dll 2009-04-29 01:20 . 2009-04-29 01:20 45056 ----a-w- d:\windows\system32\aticalcl.dll 2009-04-29 01:20 . 2008-08-01 03:40 135168 ----a-w- d:\windows\system32\atiadlxx.dll 2009-04-29 01:19 . 2008-08-01 03:40 17408 ----a-w- d:\windows\system32\atitvo32.dll 2009-04-29 01:19 . 2008-08-01 03:39 53248 ----a-w- d:\windows\system32\drivers\ati2erec.dll 2009-04-29 01:18 . 2009-04-29 01:18 3280896 ----a-w- d:\windows\system32\aticaldd.dll 2009-04-29 01:17 . 2008-08-01 04:58 303104 ----a-w- d:\windows\system32\atiok3x2.dll 2009-04-29 01:13 . 2008-08-01 03:34 630784 ----a-w- d:\windows\system32\ati2cqag.dll 2009-04-28 19:05 . 2008-08-29 18:55 593920 ------w- d:\windows\system32\ati2sgag.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] 2009-01-10 12:04 204248 ----a-w- d:\program files\Hotspot Shield\HssIE\HssIE.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="d:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408] "BitTorrent DNA"="d:\program files\DNA\btdna.exe" [2008-12-19 342848] "Google Update"="d:\documents and settings\tintin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-08 133104] "RocketDock"="d:\program files\Outils\RocketDock\RocketDock.exe" [2007-09-02 495616] "MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "DAEMON Tools Lite"="d:\program files\Outils\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360] "RegistryMechanic"="d:\program files\outils\Registry Mechanic\RegMech.exe" [2008-07-08 2828184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SystrayORAHSS"="d:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208] "ORAHSSSessionManager"="d:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400] "AppleSyncNotifier"="d:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472] "zBrowser Launcher"="d:\program files\Outils\Logitech\iTouch\iTouch.exe" [2004-03-18 892928] "RivaTunerStartupDaemon"="d:\program files\Outils\RivaTuner v2.11\RivaTuner.exe" [2008-09-16 2715648] "avast!"="d:\progra~1\Outils\Avast4\ashDisp.exe" [2009-02-05 81000] "Adobe Reader Speed Launcher"="d:\program files\Outils\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "AdobeCS4ServiceManager"="d:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "UnlockerAssistant"="d:\program files\Outils\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872] "QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - d:\windows\KHALMNPR.Exe [2008-02-29 76304] "RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.EXE [2008-07-31 16806912] "SoundMan"="SOUNDMAN.EXE" - d:\windows\SoundMan.exe [2008-06-18 77824] "AlcWzrd"="ALCWZRD.EXE" - d:\windows\ALCWZRD.EXE [2008-06-19 2808832] d:\documents and settings\tintin\Menu D‚marrer\Programmes\D‚marrage\ Y'z Shadow.lnk - d:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648] d:\docume~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\ Logitech Desktop Messenger.lnk - d:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-8-29 67128] Logitech SetPoint.lnk - d:\program files\Logitech\SetPoint\SetPoint.exe [2008-8-29 805392] RocketDock.lnk - d:\program files\Outils\RocketDock\RocketDock.exe [2008-12-2 495616] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "NoStrCmpLogical"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 01:42 72208 ----a-w- d:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /p \??\D:\0autocheck autochk * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "DisablePagingExecutive"=dword:00000001 "SecondLevelDataCache"=dword:00000200 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"= "d:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\Jeux\\Mass Effect\\Binaries\\MassEffect.exe"= "c:\\Program Files\\Jeux\\Mass Effect\\MassEffectLauncher.exe"= "c:\\APPLICATION\\eMule Applejuice\\emule.exe"= "d:\\Program Files\\Jeux\\Steam\\steamapps\\moi743\\team fortress 2\\hl2.exe"= "d:\\Program Files\\Internet\\Opera\\opera.exe"= "d:\\Program Files\\Internet\\GigaTribe\\gigatribe.exe"= "d:\\Program Files\\DNA\\btdna.exe"= "d:\\Program Files\\Internet\\BitTorrent\\bittorrent.exe"= "d:\\Program Files\\Jeux\\Brothers in Arms - Hell's Highway\\Binaries\\biahh.exe"= "d:\\Program Files\\Jeux\\Far Cry 2\\bin\\FarCry2.exe"= "d:\\Program Files\\Jeux\\Far Cry 2\\bin\\FC2Launcher.exe"= "d:\\Program Files\\Jeux\\Far Cry 2\\bin\\FC2Editor.exe"= "d:\\Program Files\\Jeux\\Call of Duty - World at War\\CoDWaWmp.exe"= "d:\\Program Files\\Jeux\\Call of Duty - World at War\\CoDWaW.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\Program Files\\Outils\\VMware Workstation\\vmware-authd.exe"= "d:\\Program Files\\Audio\\Spotify\\spotify.exe"= "d:\\Program Files\\Jeux\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"= "d:\\Program Files\\Bonjour\\mDNSResponder.exe"= "d:\\Program Files\\Jeux\\Burnout Paradise The Ultimate Box\\BurnoutLauncher.exe"= "d:\\Program Files\\Jeux\\Burnout Paradise The Ultimate Box\\BurnoutConfigTool.exe"= "d:\\Program Files\\Jeux\\Burnout Paradise The Ultimate Box\\BurnoutParadise.exe"= "d:\\Program Files\\Jeux\\Tom Clancy's H.A.W.X\\HAWX.exe"= "d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "d:\\Program Files\\Video\\VLC\\vlc.exe"= "d:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "d:\\Program Files\\Jeux\\GRID\\GRID.exe"= "d:\\Program Files\\Jeux\\Poser 7\\Poser.exe"= "d:\\Program Files\\Jeux\\Prototype\\prototypef.exe"= "d:\\Program Files\\Jeux\\TmNationsForever\\TmForever.exe"= "d:\\Program Files\\Jeux\\ArmA 2 Demo\\ArmA2Demo.exe"= "d:\\Program Files\\Jeux\\Call of Juarez - Bound in Blood\\CoJBiBGame_x86.exe"= "d:\\Program Files\\Jeux\\FUEL\\FUEL.exe"= "d:\\Program Files\\Capcom\\Bionic Commando\\bionic_commando.exe"= "d:\\Program Files\\Capcom\\Bionic Commando\\Support\\CAP1-0101.exe"= "d:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R1 aswSP;avast! Self Protection;d:\windows\system32\drivers\aswSP.sys [03/12/2008 21:55 114768] R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [03/12/2008 21:55 20560] R2 npf;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [01/06/2008 09:13 34064] R2 vmci;VMware vmci;d:\windows\system32\drivers\vmci.sys [29/10/2008 00:08 54960] S3 maconfservice;Ma-Config Service;d:\program files\Outils\ma-config.com\maconfservice.exe [13/05/2009 14:37 234864] S3 WsAudioDevice_383;WsAudioDevice_383;d:\windows\system32\drivers\WsAudioDevice_383.sys [15/06/2009 22:02 16640] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "d:\windows\system32\rundll32.exe" "d:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.fr/ uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s LSP: d:\program files\Outils\VMware Workstation\vsocklib.dll Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - d:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-24 18:08 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-448539723-1547161642-839522115-1003\SOFTWARE\SecuROM\License information*] "datasecu"=hex:e8,b8,75,0b,fd,a8,84,8b,18,cb,a4,1a,55,4c,5f,8e,42,81,de,05,61, 8a,cd,db,66,27,ab,9a,77,2c,e3,c4,b1,38,a9,bd,1d,75,c1,3e,82,4a,06,be,38,ab,\ "rkeysecu"=hex:e7,9e,e7,2e,a3,5c,18,9c,97,03,da,6f,11,f6,15,c0 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1036) d:\windows\system32\Ati2evxx.dll d:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll d:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dll d:\program files\Fichiers communs\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll - - - - - - - > 'explorer.exe'(2204) d:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll d:\program files\Outils\RocketDock\RocketDock.dll d:\program files\Logitech\SetPoint\lgscroll.dll d:\program files\Outils\Logitech\iTouch\iTchHk.dll d:\program files\Fichiers communs\Logitech\Scrolling\LgMsgHk.dll d:\windows\system32\ieframe.dll d:\windows\system32\msls31.dll d:\windows\system32\netshell.dll d:\windows\system32\credui.dll d:\windows\system32\eappprxy.dll d:\windows\system32\msi.dll d:\windows\system32\ntshrui.dll d:\windows\system32\webcheck.dll d:\windows\system32\WPDShServiceObj.dll d:\windows\system32\PortableDeviceTypes.dll d:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . d:\windows\system32\ati2evxx.exe d:\windows\system32\ati2evxx.exe d:\program files\Outils\Avast4\aswUpdSv.exe d:\program files\Outils\Avast4\ashServ.exe d:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe d:\program files\Bonjour\mDNSResponder.exe d:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe d:\program files\Hotspot Shield\bin\openvpnas.exe d:\program files\Java\jre6\bin\jqs.exe d:\program files\Outils\CDBurnerXP\NMSAccessU.exe d:\windows\system32\PnkBstrA.exe d:\windows\system32\vmnat.exe d:\windows\system32\vmnetdhcp.exe d:\program files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.exe d:\program files\Outils\VMware Workstation\vmware-authd.exe d:\program files\Outils\Avast4\ashMaiSv.exe d:\program files\Outils\Avast4\ashWebSv.exe d:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-07-24 18:15 - machine was rebooted ComboFix-quarantined-files.txt 2009-07-24 16:15 Pre-Run: 491 013 193 728 octets libres Post-Run: 492 405 792 768 octets libres 332 --- E O F --- 2009-07-23 08:18

Bonjour à tous, Je vient de m'inscrire sur le site car je suis victime d'une infection assez coriace. Les symptomes : connexion au site main.exoclick... aléatoirement en cas de recherche sur google + ralentissements général, etc... J'ai déja fait quelque recherche bien entendu, problème connu mais je n'arrive à rien car : J'ai téléchargé MBAM mais il refuse de se lancer, idem pour highjackthis ce qui est plutot embetant car c'est apparement le rapport de base que vous avez besoin pour résoudre tout ca. A noté que j'ai essayé de lancé MBAM en mode sans échec sans plus de résultat... Pas encore essayer pour hishjackthis, je tente ca toute suite. Pour MBAM, lorsque je tente de le lancé => process qui apparait dans le taskmgr mais rien d'autre. A noté également que je me sent très con car évidemment cette infection n'est pas apparu toute seul mais après que j'ai essayé d'installé un jeu trouvé sur un réseau bien connu. ca m'apprendra tiens! Merci d'avance pour votre futur aide EDIT : Si ca peu aider j'ai réussi à faire marcher un "analyseur" : Smitfraudfix dont voici le rapport SmitFraudFix v2.423 Rapport fait à 17:24:58,53, 24/07/2009 Executé à partir de C:\dl\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Outils\Avast4\aswUpdSv.exe D:\Program Files\Outils\Avast4\ashServ.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Orange\Systray\SystrayApp.exe D:\WINDOWS\RTHDCPL.EXE D:\WINDOWS\SOUNDMAN.EXE D:\Program Files\Outils\Logitech\iTouch\iTouch.exe D:\PROGRA~1\Outils\Avast4\ashDisp.exe D:\Program Files\Outils\Reader 9.0\Reader\Reader_sl.exe D:\Program Files\Java\jre6\bin\jusched.exe D:\Program Files\Outils\Unlocker\UnlockerAssistant.exe D:\Program Files\iTunes\iTunesHelper.exe D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe D:\Program Files\DNA\btdna.exe D:\Program Files\Outils\RocketDock\RocketDock.exe D:\Program Files\Messenger\msmsgs.exe D:\Program Files\Outils\DAEMON Tools Lite\daemon.exe D:\WINDOWS\system32\ctfmon.exe D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe D:\Program Files\outils\Registry Mechanic\RegMech.exe D:\Program Files\Orange\Launcher\Launcher.exe D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe D:\Program Files\Logitech\SetPoint\SetPoint.exe D:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe D:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE D:\Program Files\Orange\connectivity\connectivitymanager.exe D:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe D:\Program Files\Bonjour\mDNSResponder.exe D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe D:\Program Files\Hotspot Shield\bin\openvpnas.exe D:\Program Files\Java\jre6\bin\jqs.exe D:\Program Files\Outils\CDBurnerXP\NMSAccessU.exe D:\WINDOWS\system32\PnkBstrA.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\vmnat.exe D:\WINDOWS\system32\vmnetdhcp.exe D:\Program Files\Outils\VMware Workstation\vmware-authd.exe D:\Program Files\Outils\Avast4\ashMaiSv.exe D:\Program Files\Outils\Avast4\ashWebSv.exe D:\Program Files\iPod\bin\iPodService.exe D:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe D:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Internet\Opera\opera.exe D:\WINDOWS\system32\wuauclt.exe C:\dl\SmitfraudFix\Policies.exe D:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» D:\ »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\tintin »»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\tintin\LOCALS~1\Temp »»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\tintin\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\tintin\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» D:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» o4Patch !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! o4Patch Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] »»»»»»»»»»»»»»»»»»»»»»»» RK [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] »»»»»»»»»»»»»»»»»»»»»»»» DNS Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté ! Description: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - Miniport d'ordonnancement de paquets DNS Server Search Order: 85.255.112.69 DNS Server Search Order: 85.255.112.209 Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté ! Description: VMware Virtual Ethernet Adapter for VMnet1 DNS Server Search Order: 85.255.112.69 DNS Server Search Order: 85.255.112.209 Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté ! Description: VMware Virtual Ethernet Adapter for VMnet8 DNS Server Search Order: 85.255.112.69 DNS Server Search Order: 85.255.112.209 Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté ! Description: TAP VPN Adapter - Miniport d'ordonnancement de paquets DNS Server Search Order: 85.255.112.69 DNS Server Search Order: 85.255.112.209 HKLM\SYSTEM\CCS\Services\Tcpip\..\{0CE69FB4-97FE-4EE1-8CCB-61B09D8DF8C1}: NameServer=85.255.112.69,85.255.112.209 HKLM\SYSTEM\CCS\Services\Tcpip\..\{60EA1B5A-1C1B-4119-99CD-F3639ACB60B6}: DhcpNameServer=85.255.112.69,85.255.112.209 HKLM\SYSTEM\CCS\Services\Tcpip\..\{60EA1B5A-1C1B-4119-99CD-F3639ACB60B6}: NameServer=85.255.112.69,85.255.112.209 HKLM\SYSTEM\CCS\Services\Tcpip\..\{8EC342E6-E58B-4687-AFB4-B5FBFD68E0A3}: NameServer=85.255.112.69,85.255.112.209 HKLM\SYSTEM\CCS\Services\Tcpip\..\{D04D4DDC-1670-496C-BEFA-243647D0468D}: NameServer=85.255.112.69,85.255.112.209 HKLM\SYSTEM\CS1\Services\Tcpip\..\{0CE69FB4-97FE-4EE1-8CCB-61B09D8DF8C1}: NameServer=85.255.112.69,85.255.112.209 HKLM\SYSTEM\CS1\Services\Tcpip\..\{60EA1B5A-1C1B-4119-99CD-F3639ACB60B6}: DhcpNameServer=85.255.112.69,85.255.112.209 HKLM\SYSTEM\CS1\Services\Tcpip\..\{60EA1B5A-1C1B-4119-99CD-F3639ACB60B6}: NameServer=85.255.112.69,85.255.112.209 HKLM\SYSTEM\CS1\Services\Tcpip\..\{8EC342E6-E58B-4687-AFB4-B5FBFD68E0A3}: NameServer=85.255.112.69,85.255.112.209 HKLM\SYSTEM\CS1\Services\Tcpip\..\{D04D4DDC-1670-496C-BEFA-243647D0468D}: NameServer=85.255.112.69,85.255.112.209 HKLM\SYSTEM\CS2\Services\Tcpip\..\{D04D4DDC-1670-496C-BEFA-243647D0468D}: NameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{0CE69FB4-97FE-4EE1-8CCB-61B09D8DF8C1}: NameServer=85.255.112.69,85.255.112.209 HKLM\SYSTEM\CS3\Services\Tcpip\..\{60EA1B5A-1C1B-4119-99CD-F3639ACB60B6}: DhcpNameServer=85.255.112.69,85.255.112.209 HKLM\SYSTEM\CS3\Services\Tcpip\..\{60EA1B5A-1C1B-4119-99CD-F3639ACB60B6}: NameServer=85.255.112.69,85.255.112.209 HKLM\SYSTEM\CS3\Services\Tcpip\..\{8EC342E6-E58B-4687-AFB4-B5FBFD68E0A3}: NameServer=85.255.112.69,85.255.112.209 HKLM\SYSTEM\CS3\Services\Tcpip\..\{D04D4DDC-1670-496C-BEFA-243647D0468D}: NameServer=85.255.112.69,85.255.112.209 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.112.69,85.255.112.209 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.112.69,85.255.112.209 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.112.69,85.255.112.209 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin