Votre question

Je n'accede plus a ma session

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
19 Août 2009 21:58:39

bonjour,voila mon gros probleme c'est que je ne peux plus acceder a ma session,c'est a dire quand je rentre mon mot de passe,j'accede a ma session mais tous les element du bureau et la barre demarrer n'est plus visible,seul mon fond d'ecran est visible

je ne sais pas d'ou ca vient,mais je sais qu'avant ca j'avais un rond tout rouge avec une croix blanche sur la barre des tache ki me disait ke mon pc etait infecter,j'ai fait une analyse antiviruse et antispyware avec spybot et avast en mode sans echec mais rien a changer,ca ma certe permi de suprimer des virus mais je n'accede plus a mes sessions,je suis obliger de me conneceter en mode sans echec pour acceder a mes documents

j'ai essayer de reparer windows avec le cd mais rien ne change

merci de maider

Autres pages sur : accede session

a c 296 8 Sécurité
a b 9 Windows
19 Août 2009 22:36:05

Bonjour,

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
    (Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit.
    19 Août 2009 22:54:55

    merci pour ta reponse,j'espere que le contenu n'es pas trop long kar je l'ai mi entierement et ca me parrait un peu trop long

    voici le contenu de log :

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by moi at 2005-01-11 15:04:34
    Microsoft Windows XP Édition familiale Service Pack 2
    System drive C: has 36 GB (49%) free of 73 GB
    Total RAM: 2558 MB (85% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:04:50, on 11/01/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\moi\Bureau\RSIT.exe
    C:\Program Files\trend micro\moi.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
    O3 - Toolbar: (no name) - {00000000-5736-4205-0008-781cd0e19f00} - (no file)
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [msword98] C:\WINDOWS\system32\msword98.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [sysldtray] C:\windows\ld12.exe
    O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [braviax] braviax.exe
    O4 - HKLM\..\Run: [SRFirstRun] rundll32 srclient.dll,CreateFirstRunRp
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [msword98] C:\Documents and Settings\moi\msword98.exe
    O4 - HKCU\..\Run: [braviax] ù
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
    O4 - Startup: ikowin32.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download with Rapget - C:\Documents and Settings\moi\Bureau\RapGet [Wawa-Mania][By i_love_sexe]\RapGet [Wawa-Mania][By i_love_sexe]\rapget.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O20 - AppInit_DLLs: C:\WINDOWS\System32\cru629.dat
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 6566 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {BA52B914-B692-46c4-B683-905236F6F655}
    {EF99BD32-C1FB-11D2-892F-0090271D4F88}
    {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}
    {00000000-5736-4205-0008-781cd0e19f00}
    {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-12-26 13680640]
    "msword98"=C:\WINDOWS\system32\msword98.exe [2009-08-16 26686]
    "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
    "nwiz"=nwiz.exe /install []
    "sysldtray"=C:\windows\ld12.exe [2005-01-10 36864]
    "Regedit32"=C:\WINDOWS\system32\regedit.exe []
    "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
    "braviax"=C:\WINDOWS\system32\braviax.exe [2005-01-10 11264]
    "SRFirstRun"=rundll32 srclient.dll,CreateFirstRunRp []
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-12-26 86016]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "msword98"=C:\Documents and Settings\moi\msword98.exe [2009-08-16 26686]
    "braviax"=ù []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
    C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe [2008-11-18 2356088]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Athan]
    C:\Program Files\Athan\Athan.exe [2007-09-06 1003520]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    C:\Program Files\DAEMON Tools\daemon.exe -lang 1036 []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
    C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2004-09-15 86016]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -k []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
    c:\PROGRA~1\mcafee.com\agent\McAgent.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
    C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
    C:\PROGRA~1\mcafee.com\agent\McUpdate.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetCruiser Proxy]
    C:\Program Files\NetCruiser\NCProxy.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    C:\WINDOWS\system32\NvCpl.dll [2008-12-26 13680640]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    C:\WINDOWS\system32\NvMcTray.dll [2008-12-26 86016]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Philips Intelligent Agent]
    C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe /SILENT []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
    C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]
    C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\QTTask.exe -atboottime []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
    C:\Program Files\Shareaza\Shareaza.exe -tray []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPC_Monitor]
    C:\WINDOWS\Philips\SPC230NC\Monitor.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
    C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vcs4diamond]
    C:\Program Files\AV Vcs 4.0\Vcs4Core.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
    C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
    c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
    c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe /checktask []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wippien]
    C:\Program Files\Wippien\Wippien.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WireLessKeyboard]
    C:\Program Files\Multimedia Keyboard Driver\StartAutorun.exe PS2USBKbdDrv.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WireLessMouse]
    C:\Program Files\Office Mouse Driver\StartAutorun.exe MouseDrv.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]
    C:\PROGRA~1\AOL9~1.0\aoltray.exe -check []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL Compagnon.lnk]
    C:\PROGRA~1\AOLCOM~1\COMPAN~1.EXE /s []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sipru.lnk]
    C:\PROGRA~1\Sipru\sipru.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SkyMessager.lnk]
    C:\Program Files\SkyMessager\skymess.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^moi^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
    C:\PROGRA~1\OPENOF~1.0\program\QUICKS~1.EXE [2005-12-14 61440]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Apple Mobile Device"=2

    C:\Documents and Settings\moi\Menu Démarrer\Programmes\Démarrage
    ikowin32.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="C:\WINDOWS\System32\cru629.dat"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "notification packages"=
    scecli
    scecli
    scecli
    scecli
    scecli
    scecli
    scecli
    scecli
    scecli
    scecli
    scecli
    scecli

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=176

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\AMSN\bin\wish.exe"="C:\Program Files\AMSN\bin\wish.exe:*:D isabled:Wish Application"
    "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:D isabled:RealPlayer"
    "C:\Program Files\SkyMessager\skymess.exe"="C:\Program Files\SkyMessager\skymess.exe:*:D isabled:SkyMessager"
    "C:\WINDOWS\SYSTEM32\RTCSHARE.EXE"="C:\WINDOWS\SYSTEM32\RTCSHARE.EXE:*:D isabled:p artage de l'application RTC"
    "C:\Valve\Steam\SteamApps\kash_e2\counter-strike\hl.exe"="C:\Valve\Steam\SteamApps\kash_e2\counter-strike\hl.exe:*:D isabled:Half-Life Launcher"
    "C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:D isabled:Xfire"
    "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:D isabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Radio Fr Solo\Radio_Fr_Solo.exe"="C:\Program Files\Radio Fr Solo\Radio_Fr_Solo.exe:*:D isabled:Radio Fr Solo"
    "C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe"="C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe:*:D isabled:Teamspeak RC2"
    "C:\Documents and Settings\moi\Bureau\viviplay.exe"="C:\Documents and Settings\moi\Bureau\viviplay.exe:*:D isabled:ViViMediaPlay Microsoft ???????"
    "C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:D isabled:Nero Home"
    "C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:D isabled:mIRC"
    "C:\Program Files\Sports Interactive\Football Manager 2006\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2006\fm.exe:*:D isabled:Football Manager 2006"
    "C:\Program Files\NetCruiser\NCProxy.exe"="C:\Program Files\NetCruiser\NCProxy.exe:*:D isabled:NCProxy"
    "C:\Program Files\AnalogX\Proxy\proxy.exe"="C:\Program Files\AnalogX\Proxy\proxy.exe:*:D isabled:p roxy"
    "C:\Program Files\Pinnacle\MediaCenter\PMC.exe"="C:\Program Files\Pinnacle\MediaCenter\PMC.exe:LocalSubNet:D isabled:p mc.exe"
    "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe:LocalSubNet:D isabled:p MC.Service.Main.exe"
    "C:\Program Files\Pinnacle\MediaCenter\PMC.Tvtv.Wizard.exe"="C:\Program Files\Pinnacle\MediaCenter\PMC.Tvtv.Wizard.exe:LocalSubNet:D isabled:p MC.Tvtv.Wizard.exe"
    "C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe"="C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe:LocalSubNet:D isabled:p MSInstallInit.exe"
    "C:\Program Files\MaxTV Online\maxtv.exe"="C:\Program Files\MaxTV Online\maxtv.exe:*:D isabled:maxtv"
    "C:\Documents and Settings\moi\Bureau\maxtv\maxtv.exe"="C:\Documents and Settings\moi\Bureau\maxtv\maxtv.exe:*:D isabled:maxtv"
    "C:\Documents and Settings\moi\Mes documents\divers\pokebipscript\mirc.exe"="C:\Documents and Settings\moi\Mes documents\divers\pokebipscript\mirc.exe:*:D isabled:mIRC"
    "C:\Documents and Settings\moi\Bureau\pokebipscript\mirc.exe"="C:\Documents and Settings\moi\Bureau\pokebipscript\mirc.exe:*:D isabled:mIRC"
    "C:\Program Files\Pinnacle\MediaCenter\PSST.exe"="C:\Program Files\Pinnacle\MediaCenter\PSST.exe:LocalSubNet:D isabled:p SST.exe"
    "C:\Program Files\MaxTV Online\plugins\Streamer.exe"="C:\Program Files\MaxTV Online\plugins\Streamer.exe:*:D isabled:Streamer"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:D isabled:Windows Messenger"
    "C:\Valve\Condition Zero\steaminstall.exe"="C:\Valve\Condition Zero\steaminstall.exe:*:Enabled:Jouer online avec Steam"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Documents and Settings\moi\Application Data\SopCast\adv\SopAdver.exe"="C:\Documents and Settings\moi\Application Data\SopCast\adv\SopAdver.exe:*:D isabled:SopAdver"
    "C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:D isabled:TVU Player Component"
    "C:\Program Files\TVU Player\TVUPlayer.exe"="C:\Program Files\TVU Player\TVUPlayer.exe:*:D isabled:TVUPlayer"
    "C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
    "C:\Documents and Settings\moi\Bureau\hali2.part01\Half-Life 2\hl2.exe"="C:\Documents and Settings\moi\Bureau\hali2.part01\Half-Life 2\hl2.exe:*:D isabled:hl2"
    "C:\Program Files\DMV\MaxTV\plugins\dll\vlc.exe"="C:\Program Files\DMV\MaxTV\plugins\dll\vlc.exe:*:Enabled:VLC media player"
    "C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:D isabled:Windows Media Player"
    "C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\HelpCtr.exe"="C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\HelpCtr.exe:*:D isabled:Assistance à distance - Windows Messenger et voix"
    "C:\Valve\Condition Zero\czero.exe"="C:\Valve\Condition Zero\czero.exe:*:D isabled:Condition Zero Launcher"
    "C:\Program Files\DMV\MaxTV\MaxTV.exe"="C:\Program Files\DMV\MaxTV\MaxTV.exe:*:D isabled:MaxTV"
    "C:\Program Files\neuf telecom\MP9 Premium\MP9Premium.exe"="C:\Program Files\neuf telecom\MP9 Premium\MP9Premium.exe:*:D isabled:SesamTV Media Center"
    "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Browser"
    "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
    "C:\Program Files\PeerTV\VLC\vlc.exe"="C:\Program Files\PeerTV\VLC\vlc.exe:*:Enabled:VLC media player"
    "C:\Program Files\PeerTV\PeerCast.exe"="C:\Program Files\PeerTV\PeerCast.exe:*:D isabled:p eerCast"
    "C:\Program Files\MaxTV Online\plugins\PeerCast.exe"="C:\Program Files\MaxTV Online\plugins\PeerCast.exe:*:D isabled:p eerCast"
    "C:\Program Files\PPMate\ppmnet.exe"="C:\Program Files\PPMate\ppmnet.exe:*:D isabled:p PMate"
    "C:\Program Files\PPMate\ppmate.exe"="C:\Program Files\PPMate\ppmate.exe:*:D isabled:p PMate"
    "C:\Program Files\uusee\UUSeePlayer.exe"="C:\Program Files\uusee\UUSeePlayer.exe:*:D isabled:UUSEE"
    "C:\Valve\Steam\Steam.exe"="C:\Valve\Steam\Steam.exe:*:Enabled:Steam"
    "C:\Program Files\KONAMI\Pro Evolution Soccer 6\PES6.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 6\PES6.exe:*:Enabled:p es6.exe"
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:p ro Evolution Soccer 2009"
    "C:\Documents and Settings\moi\Bureau\PortChkPES2009EUPC_103\PortChkPES2009EUPC.exe"="C:\Documents and Settings\moi\Bureau\PortChkPES2009EUPC_103\PortChkPES2009EUPC.exe:*:Enabled:p ort Checker"
    "C:\Program Files\adslTV\adsltv.exe"="C:\Program Files\adslTV\adsltv.exe:*:D isabled:adsl TV"
    "C:\Program Files\Sipru\sipru.exe"="C:\Program Files\Sipru\sipru.exe:*:D isabled:sipru"
    "C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:D isabled:SopCast"
    "C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:D isabled:SopCast Adver"
    "C:\Program Files\Tvants\Tvants.exe"="C:\Program Files\Tvants\Tvants.exe:*:D isabled:Tvants"
    "C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
    "C:\Program Files\Saints Row 2\SR2_pc.exe"="C:\Program Files\Saints Row 2\SR2_pc.exe:*:Enabled:SR2_pc"
    "C:\Program Files\Qtracker\qtracker.exe"="C:\Program Files\Qtracker\qtracker.exe:*:Enabled:Qtracker"
    "C:\Documents and Settings\moi\Application Data\Facebook\facebook.exe"="C:\Documents and Settings\moi\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:D isabled:Windows Live Messenger (Phone)"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\Documents and Settings\moi\Bureau\PES6ONLINEvn1\PES6ONLINEvn\CODE\GoalServer6.exe"="C:\Documents and Settings\moi\Bureau\PES6ONLINEvn1\PES6ONLINEvn\CODE\GoalServer6.exe:*:Enabled:GoalServer6"
    "C:\Documents and Settings\moi\Bureau\PSL_GS6_v1.20\GoalServer6.exe"="C:\Documents and Settings\moi\Bureau\PSL_GS6_v1.20\GoalServer6.exe:*:Enabled:GoalServer6 Alpha"
    "C:\Documents and Settings\moi\Bureau\Outpes6server\GoalServer6.exe"="C:\Documents and Settings\moi\Bureau\Outpes6server\GoalServer6.exe:*:Enabled:GoalServer6"
    "C:\Program Files\fluffy\WinStun\WinStun.exe"="C:\Program Files\fluffy\WinStun\WinStun.exe:*:Enabled:STUN Client"
    "C:\Program Files\Wippien\Wippien.exe"="C:\Program Files\Wippien\Wippien.exe:*:Enabled:Wippien"
    "C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi"
    "C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe"="C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe:*:Enabled:p hilips Intelligent Agent"
    "C:\Documents and Settings\moi\Bureau\PES6_STARTER\GoalServer6.exe"="C:\Documents and Settings\moi\Bureau\PES6_STARTER\GoalServer6.exe:*:Enabled:GoalServer6"
    "C:\Program Files\Neuf\Media Center\httpd\httpd.exe"="C:\Program Files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
    "C:\Documents and Settings\secours\Bureau\pour sabrina\eMule\emule.exe"="C:\Documents and Settings\secours\Bureau\pour sabrina\eMule\emule.exe:*:Enabled:eMule"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    shell\AutoRun\command - D:\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{721eb3e9-f13c-11dc-822e-001143228d4c}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76a91040-669e-11db-bd6d-00038a000015}]
    shell\AutoRun\command - E:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c85b53c-f472-11da-bc42-00038a000015}]
    shell\AutoRun\command - F:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ed4eb38-543e-11da-ba74-00038a000015}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs


    ======List of files/folders created in the last 1 months======

    2009-08-18 13:13:56 ----SHD---- C:\$RECYCLE.BIN
    2009-08-16 02:50:51 ----A---- C:\WINDOWS\system32\msword98.exe
    2009-08-14 10:39:57 ----A---- C:\WINDOWS\CA533A.INI
    2009-08-13 21:10:14 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
    2009-08-13 21:10:14 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
    2009-08-13 21:10:13 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
    2009-08-13 21:09:56 ----D---- C:\WINDOWS\system32\xlive
    2009-08-13 21:09:55 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
    2009-08-13 21:09:15 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
    2009-08-13 21:09:15 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
    2009-08-13 21:09:14 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
    2009-08-13 21:09:10 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
    2009-08-13 21:09:10 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
    2009-08-13 21:09:06 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
    2009-08-13 21:09:03 ----A---- C:\WINDOWS\system32\xinput1_3.dll
    2009-08-13 20:07:47 ----D---- C:\Program Files\Street Fighter IV
    2009-08-13 10:55:49 ----D---- C:\Program Files\Simulateur de conduite 3D
    2009-07-23 13:53:57 ----D---- C:\Program Files\DkZ Studio
    2009-07-15 17:02:41 ----D---- C:\Documents and Settings\moi\Application Data\ArcSoft
    2009-07-15 16:41:20 ----A---- C:\WINDOWS\PCDLIB32.DLL
    2009-07-15 16:38:51 ----A---- C:\WINDOWS\system32\CoInst.dll
    2009-07-15 16:38:50 ----A---- C:\WINDOWS\system32\SPC230NC.INI
    2009-07-15 16:38:47 ----D---- C:\WINDOWS\Philips
    2009-06-27 17:51:22 ----D---- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2009-06-27 17:49:01 ----D---- C:\Program Files\Windows Live
    2009-06-12 11:40:29 ----D---- C:\Documents and Settings\moi\Application Data\Download Manager
    2009-06-03 15:24:33 ----D---- C:\Program Files\Runtime Software
    2009-04-27 00:21:52 ----D---- C:\Program Files\WinamaxPoker
    2009-04-21 23:20:44 ----A---- C:\WINDOWS\system32\xlivefnt.dll
    2009-04-21 23:20:44 ----A---- C:\WINDOWS\system32\xlive.dll
    2009-04-21 23:19:06 ----A---- C:\WINDOWS\system32\xlive.dll.cat
    2009-04-13 22:47:46 ----D---- C:\Documents and Settings\moi\Application Data\Dealio
    2009-03-31 20:44:07 ----D---- C:\WINDOWS\system32\athan
    2009-03-31 20:44:04 ----D---- C:\Program Files\Athan
    2009-03-14 01:53:36 ----D---- C:\Documents and Settings\moi\Application Data\Wippien
    2009-03-04 20:36:16 ----D---- C:\Program Files\JPEG Compression
    2009-03-02 19:02:03 ----D---- C:\Program Files\Cheat 'O Matic
    2009-02-02 17:12:18 ----D---- C:\Documents and Settings\moi\Application Data\Facebook
    2009-01-30 02:58:36 ----A---- C:\WINDOWS\Robota.INI
    2009-01-30 02:56:04 ----D---- C:\Documents and Settings\moi\Application Data\MAGIX
    2009-01-30 02:54:08 ----A---- C:\WINDOWS\system32\mpg4c32.dll
    2009-01-30 02:52:52 ----A---- C:\WINDOWS\system32\msxml4a.dll
    2009-01-30 02:52:50 ----A---- C:\WINDOWS\system32\mgxasio2.dll
    2009-01-30 02:52:49 ----A---- C:\WINDOWS\system32\TTIC32.dll
    2009-01-30 02:52:49 ----A---- C:\WINDOWS\system32\TTI32.dll
    2009-01-30 02:52:49 ----A---- C:\WINDOWS\system32\STRING32.dll
    2009-01-30 02:52:49 ----A---- C:\WINDOWS\system32\MXRestore.exe
    2009-01-30 02:52:49 ----A---- C:\WINDOWS\system32\mgxcdr.txt
    2009-01-30 02:52:49 ----A---- C:\WINDOWS\system32\DLLTPO32.dll
    2009-01-30 02:52:49 ----A---- C:\WINDOWS\system32\DLLRES32.dll
    2009-01-30 02:52:48 ----A---- C:\WINDOWS\system32\DLLRD32.dll
    2009-01-30 02:52:48 ----A---- C:\WINDOWS\system32\DLLPTL32.dll
    2009-01-30 02:52:48 ----A---- C:\WINDOWS\system32\DLLPRJ32.dll
    2009-01-30 02:52:48 ----A---- C:\WINDOWS\system32\DLLPRF32.dll
    2009-01-30 02:52:48 ----A---- C:\WINDOWS\system32\DLLPNT32.dll
    2009-01-30 02:52:48 ----A---- C:\WINDOWS\system32\DLLMSC32.dll
    2009-01-30 02:52:48 ----A---- C:\WINDOWS\system32\DLLIX.dll
    2009-01-30 02:52:47 ----A---- C:\WINDOWS\system32\DLLISO32.dll
    2009-01-30 02:52:47 ----A---- C:\WINDOWS\system32\DLLIO32.dll
    2009-01-30 02:52:47 ----A---- C:\WINDOWS\system32\DLLIMG32.dll
    2009-01-30 02:52:47 ----A---- C:\WINDOWS\system32\DLLDRV32.dll
    2009-01-30 02:52:47 ----A---- C:\WINDOWS\system32\DLLDIR32.dll
    2009-01-30 02:52:47 ----A---- C:\WINDOWS\system32\DLLDEV32.dll
    2009-01-30 02:52:47 ----A---- C:\WINDOWS\system32\DLLCPY32.dll
    2009-01-30 02:52:47 ----A---- C:\WINDOWS\system32\DLLCDF32.dll
    2009-01-30 02:52:47 ----A---- C:\WINDOWS\system32\DLLCDA32.dll
    2009-01-30 02:52:47 ----A---- C:\WINDOWS\system32\DLLAV32.dll
    2009-01-30 02:51:46 ----D---- C:\Documents and Settings\All Users\Application Data\MAGIX
    2009-01-30 02:51:05 ----D---- C:\Program Files\MAGIX
    2009-01-30 02:51:05 ----A---- C:\WINDOWS\system32\DLLDEV32i.dll
    2009-01-30 02:50:41 ----D---- C:\WINDOWS\system32\MAGIX
    2009-01-30 02:50:41 ----A---- C:\WINDOWS\system32\mgxoschk.dll
    2009-01-30 02:50:41 ----A---- C:\WINDOWS\mgxoschk.ini
    2009-01-30 02:48:11 ----D---- C:\Documents and Settings\moi\Application Data\invibes
    2009-01-30 02:48:02 ----D---- C:\Program Files\Micro Application
    2009-01-30 01:05:08 ----A---- C:\log.txt
    2009-01-30 01:04:02 ----D---- C:\Program Files\Qtracker
    2009-01-30 00:57:38 ----D---- C:\Documents and Settings\moi\Application Data\Hamachi
    2009-01-26 10:16:42 ----D---- C:\Program Files\Activision
    2009-01-26 10:12:12 ----SHD---- C:\WINDOWS\ftpcache
    2009-01-24 15:27:45 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
    2009-01-24 15:27:45 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
    2009-01-24 15:27:44 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
    2009-01-24 15:27:42 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
    2009-01-24 15:27:42 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
    2009-01-24 15:27:41 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
    2009-01-24 15:10:46 ----D---- C:\WINDOWS\nview
    2009-01-24 15:10:46 ----D---- C:\WINDOWS\NV28082812.TMP
    2009-01-24 15:10:46 ----A---- C:\WINDOWS\system32\nvudisp.exe
    2009-01-24 15:08:46 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
    2008-12-31 14:46:21 ----D---- C:\Program Files\MSXML 6.0
    2008-12-31 14:10:18 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
    2008-12-31 14:10:18 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
    2008-12-31 14:10:17 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
    2008-12-31 14:10:14 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
    2008-12-31 14:10:12 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
    2008-12-31 14:10:12 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
    2008-12-31 14:10:09 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
    2008-12-31 14:10:05 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
    2008-12-31 14:09:53 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
    2008-12-31 14:09:38 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
    2008-12-31 14:09:27 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
    2008-12-31 14:09:05 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
    2008-12-31 14:09:05 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
    2008-12-31 14:09:03 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
    2008-12-31 14:07:25 ----D---- C:\WINDOWS\Logs
    2008-12-31 14:07:23 ----A---- C:\WINDOWS\system32\spmsg.dll
    2008-12-31 11:24:12 ----RHD---- C:\Documents and Settings\moi\Application Data\SecuROM
    2008-12-31 02:08:17 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
    2008-12-31 02:05:22 ----D---- C:\Program Files\MSBuild
    2008-12-31 02:02:00 ----D---- C:\WINDOWS\system32\XPSViewer
    2008-12-31 02:01:57 ----D---- C:\WINDOWS\system32\en-us
    2008-12-31 02:00:57 ----D---- C:\Program Files\Reference Assemblies
    2008-12-31 02:00:37 ----A---- C:\WINDOWS\system32\spmsg2.dll
    2008-12-31 01:56:47 ----D---- C:\Documents and Settings\moi\Application Data\DAEMON Tools
    2008-12-31 01:56:46 ----D---- C:\Documents and Settings\moi\Application Data\DAEMON Tools Pro
    2008-12-31 01:55:24 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    2008-12-31 01:55:15 ----D---- C:\Program Files\DAEMON Tools Lite
    2008-12-31 01:47:51 ----D---- C:\Documents and Settings\moi\Application Data\DAEMON Tools Lite
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nwiz.exe
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwss.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrszht.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrszhc.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrstr.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsth.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrssv.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrssl.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrssk.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsru.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsptb.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrspt.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrspl.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsno.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsnl.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsko.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsja.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsit.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrshu.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrshe.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsfr.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsfi.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsesm.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrses.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrseng.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsel.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsde.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsda.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrscs.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsar.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwimg.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwddi.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvvitvs.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvsvc32.exe
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvshell.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrszht.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrszhc.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrstr.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsth.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrssv.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrssl.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrssk.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsru.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsptb.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrspt.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrspl.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsno.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsnl.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsko.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsja.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsit.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrshu.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrshe.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsfr.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsfi.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsesm.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrses.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrseng.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsel.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsde.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsda.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrscs.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsar.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvoglnt.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvmobls.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvmctray.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvmccss.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvmccsrs.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvmccs.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nview.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvgames.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvdspsch.exe
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvdisps.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvcuda.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvcpl.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvcolor.exe
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvcodins.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvcod.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvappbar.exe
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvapi.dll
    2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\keystone.exe
    2008-12-03 19:29:33 ----A---- C:\log_lobby_dumper.txt
    2008-12-03 19:29:33 ----A---- C:\log_lobby.txt
    2008-11-29 17:54:45 ----A---- C:\WINDOWS\system32\SET17C3.tmp
    2008-11-29 17:54:44 ----A---- C:\WINDOWS\system32\SET17B5.tmp
    2008-11-29 17:54:44 ----A---- C:\WINDOWS\system32\SET17B0.tmp
    2008-11-29 17:54:43 ----A---- C:\WINDOWS\system32\SET17AD.tmp
    2008-11-29 17:50:46 ----A---- C:\WINDOWS\SETC14.tmp
    2008-11-29 17:50:36 ----A---- C:\WINDOWS\system32\SETBEA.tmp
    2008-11-29 17:50:34 ----A---- C:\WINDOWS\system32\SETBE8.tmp
    2008-11-29 17:50:33 ----A---- C:\WINDOWS\system32\SETBE5.tmp
    2008-11-29 17:50:32 ----A---- C:\WINDOWS\system32\SETBE2.tmp
    2008-11-29 17:50:31 ----A---- C:\WINDOWS\system32\SETBE0.tmp
    2008-11-29 17:50:30 ----A---- C:\WINDOWS\system32\SETBDD.tmp
    2008-11-29 17:50:30 ----A---- C:\WINDOWS\system32\SETBD8.tmp
    2008-11-29 17:50:29 ----A---- C:\WINDOWS\system32\SETBD3.tmp
    2008-11-29 17:50:29 ----A---- C:\WINDOWS\system32\SETBD2.tmp
    2008-11-29 17:50:29 ----A---- C:\WINDOWS\system32\SETBCF.tmp
    2008-11-29 17:50:28 ----A---- C:\WINDOWS\system32\SETBCE.tmp
    2008-11-29 17:50:28 ----A---- C:\WINDOWS\system32\SETBCD.tmp
    2008-11-29 17:50:28 ----A---- C:\WINDOWS\system32\SETBC8.tmp
    2008-11-29 17:50:27 ----A---- C:\WINDOWS\system32\SETBC7.tmp
    2008-11-29 17:50:26 ----A---- C:\WINDOWS\system32\SETBC1.tmp
    2008-11-29 17:50:26 ----A---- C:\WINDOWS\system32\SETBBF.tmp
    2008-11-29 17:50:25 ----A---- C:\WINDOWS\system32\SETBBC.tmp
    2008-11-29 17:50:25 ----A---- C:\WINDOWS\system32\SETBB9.tmp
    2008-11-29 17:50:24 ----A---- C:\WINDOWS\system32\SETBB4.tmp
    2008-11-29 17:50:24 ----A---- C:\WINDOWS\system32\SETBAE.tmp
    2008-11-29 17:50:23 ----A---- C:\WINDOWS\system32\SETBA6.tmp
    2008-11-29 17:50:23 ----A---- C:\WINDOWS\system32\SETBA5.tmp
    2008-11-29 17:50:22 ----A---- C:\WINDOWS\system32\SETBA0.tmp
    2008-11-29 17:50:22 ----A---- C:\WINDOWS\system32\SETB9E.tmp
    2008-11-29 17:50:21 ----A---- C:\WINDOWS\system32\SETB9B.tmp
    2008-11-29 17:50:21 ----A---- C:\WINDOWS\system32\SETB99.tmp
    2008-11-29 17:50:20 ----A---- C:\WINDOWS\system32\SETB98.tmp
    2008-11-29 17:50:20 ----A---- C:\WINDOWS\system32\SETB96.tmp
    2008-11-29 17:50:20 ----A---- C:\WINDOWS\system32\SETB94.tmp
    2008-11-29 17:50:19 ----A---- C:\WINDOWS\system32\SETB93.tmp
    2008-11-29 17:50:19 ----A---- C:\WINDOWS\system32\SETB92.tmp
    2008-11-29 17:50:19 ----A---- C:\WINDOWS\system32\SETB91.tmp
    2008-11-29 17:50:18 ----A---- C:\WINDOWS\system32\SETB8F.tmp
    2008-11-29 17:50:18 ----A---- C:\WINDOWS\system32\SETB8E.tmp
    2008-11-29 17:50:18 ----A---- C:\WINDOWS\system32\SETB8D.tmp
    2008-11-29 17:50:17 ----A---- C:\WINDOWS\system32\SETB86.tmp
    2008-11-29 17:50:13 ----A---- C:\WINDOWS\system32\SETB5A.tmp
    2008-11-29 17:50:13 ----A---- C:\WINDOWS\system32\SETB59.tmp
    2008-11-29 17:50:12 ----A---- C:\WINDOWS\system32\SETB49.tmp
    2008-11-29 17:50:11 ----A---- C:\WINDOWS\system32\SETB3E.tmp
    2008-11-29 17:50:09 ----A---- C:\WINDOWS\system32\SETB30.tmp
    2008-11-29 17:50:09 ----A---- C:\WINDOWS\system32\SETB2F.tmp
    2008-11-29 17:50:09 ----A---- C:\WINDOWS\system32\SETB2E.tmp
    2008-11-29 17:50:08 ----A---- C:\WINDOWS\system32\SETB2C.tmp
    2008-11-29 17:50:08 ----A---- C:\WINDOWS\system32\SETB26.tmp
    2008-11-29 17:50:07 ----A---- C:\WINDOWS\system32\SETB18.tmp
    2008-11-29 17:50:06 ----A---- C:\WINDOWS\system32\SETB11.tmp
    2008-11-29 17:50:06 ----A---- C:\WINDOWS\system32\SETB0D.tmp
    2008-11-29 17:50:05 ----A---- C:\WINDOWS\system32\SETB08.tmp
    2008-11-29 17:50:04 ----A---- C:\WINDOWS\system32\SETAFB.tmp
    2008-11-29 17:50:04 ----A---- C:\WINDOWS\system32\SETAF5.tmp
    2008-11-29 17:50:03 ----A---- C:\WINDOWS\system32\SETAEE.tmp
    2008-11-29 17:50:03 ----A---- C:\WINDOWS\system32\SETAED.tmp
    2008-11-29 17:50:03 ----A---- C:\WINDOWS\system32\SETAEC.tmp
    2008-11-29 17:50:02 ----A---- C:\WINDOWS\system32\SETAE9.tmp
    2008-11-29 17:50:02 ----A---- C:\WINDOWS\system32\SETAE1.tmp
    2008-11-29 17:49:58 ----A---- C:\WINDOWS\system32\SETAB5.tmp
    2008-11-29 17:49:58 ----A---- C:\WINDOWS\system32\SETAB0.tmp
    2008-11-29 17:49:57 ----A---- C:\WINDOWS\system32\SETAA9.tmp
    2008-11-29 17:49:57 ----A---- C:\WINDOWS\system32\SETAA7.tmp
    2008-11-29 17:49:56 ----A---- C:\WINDOWS\system32\SETAA5.tmp
    2008-11-29 17:49:56 ----A---- C:\WINDOWS\system32\SETAA1.tmp
    2008-11-29 17:49:54 ----A---- C:\WINDOWS\system32\SETA89.tmp
    2008-11-29 17:49:54 ----A---- C:\WINDOWS\system32\SETA87.tmp
    2008-11-29 17:49:53 ----A---- C:\WINDOWS\system32\SETA7A.tmp
    2008-11-29 17:49:52 ----A---- C:\WINDOWS\system32\SETA78.tmp
    2008-11-29 17:49:52 ----A---- C:\WINDOWS\system32\SETA72.tmp
    2008-11-29 17:49:52 ----A---- C:\WINDOWS\system32\SETA70.tmp
    2008-11-29 17:49:51 ----A---- C:\WINDOWS\system32\SETA64.tmp
    2008-11-29 17:49:50 ----A---- C:\WINDOWS\system32\SETA60.tmp
    2008-11-29 17:49:50 ----A---- C:\WINDOWS\system32\SETA5F.tmp
    2008-11-29 17:49:49 ----A---- C:\WINDOWS\system32\SETA5C.tmp
    2008-11-29 17:49:48 ----A---- C:\WINDOWS\system32\SETA4D.tmp
    2008-11-29 17:49:48 ----A---- C:\WINDOWS\system32\SETA46.tmp
    2008-11-29 17:49:47 ----A---- C:\WINDOWS\system32\SETA44.tmp
    2008-11-29 17:49:47 ----A---- C:\WINDOWS\system32\SETA42.tmp
    2008-11-29 17:49:47 ----A---- C:\WINDOWS\system32\SETA3A.tmp
    2008-11-29 17:49:46 ----A---- C:\WINDOWS\system32\SETA39.tmp
    2008-11-29 17:49:46 ----A---- C:\WINDOWS\system32\SETA37.tmp
    2008-11-29 17:49:46 ----A---- C:\WINDOWS\system32\SETA34.tmp
    2008-11-29 17:49:46 ----A---- C:\WINDOWS\system32\SETA32.tmp
    2008-11-29 17:49:46 ----A---- C:\WINDOWS\system32\SETA31.tmp
    2008-11-29 17:49:45 ----A---- C:\WINDOWS\system32\SETA2F.tmp
    2008-11-29 17:49:44 ----A---- C:\WINDOWS\system32\SETA24.tmp
    2008-11-29 17:49:43 ----A---- C:\WINDOWS\system32\SETA20.tmp
    2008-11-29 17:49:43 ----A---- C:\WINDOWS\system32\SETA1B.tmp
    2008-11-29 17:49:42 ----A---- C:\WINDOWS\system32\SETA18.tmp
    2008-11-29 17:49:42 ----A---- C:\WINDOWS\system32\SETA14.tmp
    2008-11-29 17:49:42 ----A---- C:\WINDOWS\system32\SETA13.tmp
    2008-11-29 17:49:42 ----A---- C:\WINDOWS\system32\SETA12.tmp
    2008-11-29 17:49:41 ----A---- C:\WINDOWS\system32\SETA11.tmp
    2008-11-29 17:49:41 ----A---- C:\WINDOWS\system32\SETA0D.tmp
    2008-11-29 17:49:40 ----A---- C:\WINDOWS\system32\SETA06.tmp
    2008-11-29 17:49:40 ----A---- C:\WINDOWS\system32\SETA05.tmp
    2008-11-29 17:49:40 ----A---- C:\WINDOWS\system32\SETA03.tmp
    2008-11-29 17:49:40 ----A---- C:\WINDOWS\system32\SETA02.tmp
    2008-11-29 17:49:39 ----A---- C:\WINDOWS\system32\SET9F5.tmp
    2008-11-29 17:49:38 ----A---- C:\WINDOWS\system32\SET9F3.tmp
    2008-11-29 17:49:37 ----A---- C:\WINDOWS\system32\SET9EE.tmp
    2008-11-29 17:49:37 ----A---- C:\WINDOWS\system32\SET9ED.tmp
    2008-11-29 17:49:37 ----A---- C:\WINDOWS\system32\SET9EB.tmp
    2008-11-29 17:49:36 ----A---- C:\WINDOWS\system32\SET9E6.tmp
    2008-11-29 17:49:35 ----A---- C:\WINDOWS\system32\SET9D9.tmp
    2008-11-29 17:49:34 ----A---- C:\WINDOWS\system32\SET9CF.tmp
    2008-11-29 17:49:34 ----A---- C:\WINDOWS\system32\SET9C7.tmp
    2008-11-29 17:49:33 ----A---- C:\WINDOWS\system32\SET9C4.tmp
    2008-11-29 17:49:33 ----A---- C:\WINDOWS\system32\SET9C3.tmp
    2008-11-29 17:49:33 ----A---- C:\WINDOWS\system32\SET9BF.tmp
    2008-11-29 17:49:32 ----A---- C:\WINDOWS\system32\SET9B4.tmp
    2008-11-29 17:49:32 ----A---- C:\WINDOWS\system32\SET9B3.tmp
    2008-11-29 17:49:31 ----A---- C:\WINDOWS\system32\SET9AC.tmp
    2008-11-29 17:49:31 ----A---- C:\WINDOWS\system32\SET9A7.tmp
    2008-11-29 17:49:30 ----A---- C:\WINDOWS\system32\SET9A2.tmp
    2008-11-29 17:49:29 ----A---- C:\WINDOWS\system32\SET99C.tmp
    2008-11-29 17:49:29 ----A---- C:\WINDOWS\system32\SET999.tmp
    2008-11-29 17:49:29 ----A---- C:\WINDOWS\system32\SET998.tmp
    2008-11-29 17:49:29 ----A---- C:\WINDOWS\system32\SET997.tmp
    2008-11-29 17:49:28 ----A---- C:\WINDOWS\system32\SET98C.tmp
    2008-11-29 17:49:28 ----A---- C:\WINDOWS\system32\SET98A.tmp
    2008-11-29 17:49:27 ----A---- C:\WINDOWS\system32\SET988.tmp
    2008-11-29 17:49:26 ----A---- C:\WINDOWS\system32\SET97E.tmp
    2008-11-29 17:49:26 ----A---- C:\WINDOWS\system32\SET97B.tmp
    2008-11-29 17:49:25 ----A---- C:\WINDOWS\system32\SET977.tmp
    2008-11-29 17:49:25 ----A---- C:\WINDOWS\system32\SET976.tmp
    2008-11-29 17:49:25 ----A---- C:\WINDOWS\system32\SET975.tmp
    2008-11-29 17:49:25 ----A---- C:\WINDOWS\system32\SET96F.tmp
    2008-11-29 17:49:24 ----A---- C:\WINDOWS\system32\SET96D.tmp
    2008-11-29 17:49:24 ----A---- C:\WINDOWS\system32\SET96B.tmp
    2008-11-29 17:49:24 ----A---- C:\WINDOWS\system32\SET962.tmp
    2008-11-29 17:49:23 ----A---- C:\WINDOWS\system32\SET961.tmp
    2008-11-29 17:49:23 ----A---- C:\WINDOWS\system32\SET95C.tmp
    2008-11-29 17:49:23 ----A---- C:\WINDOWS\system32\SET958.tmp
    2008-11-29 17:49:23 ----A---- C:\WINDOWS\system32\SET957.tmp
    2008-11-29 17:49:22 ----A---- C:\WINDOWS\system32\SET953.tmp
    2008-11-29 17:49:22 ----A---- C:\WINDOWS\system32\SET952.tmp
    2008-11-29 17:49:21 ----A---- C:\WINDOWS\system32\SET941.tmp
    2008-11-29 17:49:21 ----A---- C:\WINDOWS\system32\SET93F.tmp
    2008-11-29 17:49:19 ----A---- C:\WINDOWS\system32\SET927.tmp
    2008-11-29 17:49:18 ----A---- C:\WINDOWS\system32\SET90E.tmp
    2008-11-29 17:49:17 ----A---- C:\WINDOWS\system32\SET902.tmp
    2008-11-29 17:49:17 ----A---- C:\WINDOWS\system32\SET8FE.tmp
    2008-11-29 17:49:16 ----A---- C:\WINDOWS\system32\SET8F5.tmp
    2008-11-29 17:49:16 ----A---- C:\WINDOWS\system32\SET8F4.tmp
    2008-11-29 17:49:15 ----A---- C:\WINDOWS\system32\SET8DD.tmp
    2008-11-29 17:49:12 ----A---- C:\WINDOWS\system32\SET8B7.tmp
    2008-11-29 17:49:12 ----A---- C:\WINDOWS\system32\SET8B5.tmp
    2008-11-29 17:49:12 ----A---- C:\WINDOWS\system32\SET8B4.tmp
    2008-11-29 17:49:12 ----A---- C:\WINDOWS\system32\SET8B2.tmp
    2008-11-29 17:49:11 ----A---- C:\WINDOWS\system32\SET8AF.tmp
    2008-11-29 17:49:10 ----A---- C:\WINDOWS\system32\SET896.tmp
    2008-11-29 17:49:09 ----A---- C:\WINDOWS\system32\SET888.tmp
    2008-11-29 17:49:08 ----A---- C:\WINDOWS\system32\SET885.tmp
    2008-11-29 17:49:08 ----A---- C:\WINDOWS\system32\SET882.tmp
    2008-11-29 17:49:08 ----A---- C:\WINDOWS\system32\SET87D.tmp
    2008-11-29 17:49:07 ----A---- C:\WINDOWS\system32\SET86E.tmp
    2008-11-29 17:49:07 ----A---- C:\WINDOWS\system32\SET86B.tmp
    2008-11-29 17:49:06 ----A---- C:\WINDOWS\system32\SET85D.tmp
    2008-11-29 17:49:05 ----A---- C:\WINDOWS\system32\SET85B.tmp
    2008-11-29 17:49:05 ----A---- C:\WINDOWS\system32\SET859.tmp
    2008-11-29 17:49:04 ----A---- C:\WINDOWS\system32\SET844.tmp
    2008-11-29 17:49:03 ----A---- C:\WINDOWS\system32\SET841.tmp
    2008-11-29 17:49:03 ----A---- C:\WINDOWS\system32\SET840.tmp
    2008-11-29 17:49:03 ----A---- C:\WINDOWS\system32\SET836.tmp
    2008-11-29 17:49:02 ----A---- C:\WINDOWS\system32\SET82D.tmp
    2008-11-29 17:49:01 ----A---- C:\WINDOWS\system32\SET81B.tmp
    2008-11-29 17:49:01 ----A---- C:\WINDOWS\system32\SET819.tmp
    2008-11-29 17:49:00 ----A---- C:\WINDOWS\system32\SET809.tmp
    2008-11-29 17:48:58 ----A---- C:\WINDOWS\system32\SET800.tmp
    2008-11-29 17:48:58 ----A---- C:\WINDOWS\system32\SET7FB.tmp
    2008-11-29 17:48:57 ----A---- C:\WINDOWS\system32\SET7ED.tmp
    2008-11-29 17:48:56 ----A---- C:\WINDOWS\system32\SET7E2.tmp
    2008-11-29 17:48:56 ----A---- C:\WINDOWS\system32\SET7DF.tmp
    2008-11-29 17:48:55 ----A---- C:\WINDOWS\system32\SET7CC.tmp
    2008-11-29 17:48:52 ----A---- C:\WINDOWS\system32\SET782.tmp
    2008-11-29 17:48:51 ----A---- C:\WINDOWS\system32\SET778.tmp
    2008-11-29 17:48:51 ----A---- C:\WINDOWS\system32\SET777.tmp
    2008-11-29 17:48:51 ----A---- C:\WINDOWS\system32\SET774.tmp
    2008-11-29 17:48:50 ----A---- C:\WINDOWS\system32\SET76F.tmp
    2008-11-29 17:48:50 ----A---- C:\WINDOWS\system32\SET76B.tmp
    2008-11-29 17:48:50 ----A---- C:\WINDOWS\system32\SET76A.tmp
    2008-11-29 17:48:46 ----A---- C:\WINDOWS\system32\SET720.tmp
    2008-11-29 17:48:44 ----A---- C:\WINDOWS\system32\SET6FF.tmp
    2008-11-29 17:48:44 ----A---- C:\WINDOWS\system32\SET6FE.tmp
    2008-11-29 17:48:41 ----A---- C:\WINDOWS\system32\SET6B4.tmp
    2008-11-29 17:48:40 ----A---- C:\WINDOWS\system32\SET6B2.tmp
    2008-11-29 17:48:39 ----A---- C:\WINDOWS\system32\SET69A.tmp
    2008-11-29 17:48:38 ----A---- C:\WINDOWS\system32\SET68A.tmp
    2008-11-29 17:48:38 ----A---- C:\WINDOWS\system32\SET680.tmp
    2008-11-29 17:48:36 ----A---- C:\WINDOWS\system32\SET64A.tmp
    2008-11-29 17:48:34 ----A---- C:\WINDOWS\system32\SET633.tmp
    2008-11-29 17:48:34 ----A---- C:\WINDOWS\system32\SET627.tmp
    2008-11-29 17:48:33 ----A---- C:\WINDOWS\system32\SET600.tmp
    2008-11-29 17:48:32 ----A---- C:\WINDOWS\system32\SET5D9.tmp
    2008-11-29 17:48:30 ----A---- C:\WINDOWS\system32\SET5AC.tmp
    2008-11-29 17:48:29 ----A---- C:\WINDOWS\system32\SET58E.tmp
    2008-11-29 17:48:28 ----A---- C:\WINDOWS\system32\SET589.tmp
    2008-11-29 17:48:28 ----A---- C:\WINDOWS\system32\SET588.tmp
    2008-11-29 17:48:27 ----A---- C:\WINDOWS\system32\SET558.tmp
    2008-11-29 17:48:26 ----A---- C:\WINDOWS\system32\SET555.tmp
    2008-11-29 17:48:26 ----A---- C:\WINDOWS\system32\SET551.tmp
    2008-11-29 17:48:24 ----A---- C:\WINDOWS\system32\SET52B.tmp
    2008-11-29 17:48:17 ----A---- C:\WINDOWS\system32\SET462.tmp
    2008-11-29 17:48:15 ----A---- C:\WINDOWS\system32\SET437.tmp
    2008-11-29 17:48:15 ----A---- C:\WINDOWS\system32\SET432.tmp
    2008-11-29 17:48:15 ----A---- C:\WINDOWS\system32\SET42B.tmp
    2008-11-29 17:48:14 ----A---- C:\WINDOWS\system32\SET420.tmp
    2008-11-29 17:48:13 ----A---- C:\WINDOWS\system32\SET3F3.tmp
    2008-11-29 17:48:12 ----A---- C:\WINDOWS\system32\SET3E2.tmp
    2008-11-29 17:48:05 ----A---- C:\WINDOWS\system32\SET325.tmp
    2008-11-29 17:48:03 ----A---- C:\WINDOWS\system32\SET2E0.tmp
    2008-11-29 17:48:01 ----A---- C:\WINDOWS\system32\SET2A6.tmp
    2008-11-29 17:47:57 ----A---- C:\WINDOWS\system32\SET236.tmp
    2008-11-29 17:47:56 ----A---- C:\WINDOWS\system32\SET233.tmp
    2008-11-29 17:47:55 ----A---- C:\WINDOWS\system32\SET21F.tmp
    2008-11-29 17:47:55 ----A---- C:\WINDOWS\system32\SET207.tmp
    2008-11-29 17:47:52 ----A---- C:\WINDOWS\system32\SET1E8.tmp
    2008-11-29 17:47:51 ----A---- C:\WINDOWS\system32\SET1D0.tmp
    2008-11-29 17:47:51 ----A---- C:\WINDOWS\system32\SET1CE.tmp
    2008-11-29 17:47:50 ----A---- C:\WINDOWS\system32\SET1B6.tmp
    2008-11-29 17:47:49 ----A---- C:\WINDOWS\system32\SET1AD.tmp
    2008-11-29 17:47:49 ----A---- C:\WINDOWS\system32\SET1A5.tmp
    2008-11-29 17:47:47 ----A---- C:\WINDOWS\system32\SET182.tmp
    2008-11-29 17:47:46 ----A---- C:\WINDOWS\system32\SET178.tmp
    2008-11-29 17:47:46 ----A---- C:\WINDOWS\system32\SET16D.tmp
    2008-11-29 17:47:44 ----A---- C:\WINDOWS\system32\SET155.tmp
    2008-11-29 17:47:44 ----A---- C:\WINDOWS\system32\SET152.tmp
    2008-11-29 17:47:43 ----A---- C:\WINDOWS\system32\SET14E.tmp
    2008-11-29 17:47:43 ----A---- C:\WINDOWS\system32\SET14C.tmp
    2008-11-29 17:47:42 ----A---- C:\WINDOWS\system32\SET14B.tmp
    2008-11-29 17:45:47 ----A---- C:\WINDOWS\002731_.tmp
    2008-11-29 16:31:22 ----A---- C:\WINDOWS\system32\_003902_.tmp.dll
    2008-11-29 16:30:24 ----A---- C:\WINDOWS\system32\_003900_.tmp.dll
    2008-11-29 16:30:23 ----A---- C:\WINDOWS\system32\_003895_.tmp.dll
    2008-11-29 16:30:23 ----A---- C:\WINDOWS\system32\_003894_.tmp.dll
    2008-11-29 16:30:23 ----A---- C:\WINDOWS\system32\_003893_.tmp.dll
    2008-11-29 16:30:23 ----A---- C:\WINDOWS\system32\_003892_.tmp.dll
    2008-11-29 16:30:23 ----A---- C:\WINDOWS\system32\_003891_.tmp.dll
    2008-11-29 16:30:23 ----A---- C:\WINDOWS\system32\_003888_.tmp.dll
    2008-11-29 16:30:23 ----A---- C:\WINDOWS\system32\_003887_.tmp.dll
    2008-11-29 16:30:23 ----A---- C:\WINDOWS\system32\_003886_.tmp.dll
    2008-11-29 16:30:22 ----A---- C:\WINDOWS\system32\_003885_.tmp.dll
    2008-11-29 16:30:22 ----A---- C:\WINDOWS\system32\_003883_.tmp.dll
    2008-11-29 16:30:22 ----A---- C:\WINDOWS\system32\_003880_.tmp.dll
    2008-11-29 16:30:22 ----A---- C:\WINDOWS\system32\_003878_.tmp.dll
    2008-11-29 16:30:22 ----A---- C:\WINDOWS\system32\_003877_.tmp.dll
    2008-11-29 16:30:22 ----A---- C:\WINDOWS\system32\_003873_.tmp.dll
    2008-11-29 16:30:22 ----A---- C:\WINDOWS\system32\_003872_.tmp.dll
    2008-11-29 16:30:21 ----A---- C:\WINDOWS\system32\_003868_.tmp.dll
    2008-11-29 16:30:21 ----A---- C:\WINDOWS\system32\_003866_.tmp.dll
    2008-11-29 16:30:21 ----A---- C:\WINDOWS\system32\_003865_.tmp.dll
    2008-11-29 16:30:21 ----A---- C:\WINDOWS\system32\_003859_.tmp.dll
    2008-11-29 16:30:21 ----A---- C:\WINDOWS\system32\_003853_.tmp.dll
    2008-11-29 16:30:21 ----A---- C:\WINDOWS\system32\_003851_.tmp.dll
    2008-11-29 16:30:21 ----A---- C:\WINDOWS\system32\_003845_.tmp.dll
    2008-11-29 16:30:21 ----A---- C:\WINDOWS\system32\_003844_.tmp.dll
    2008-11-29 16:30:20 ----A---- C:\WINDOWS\system32\_003840_.tmp.dll
    2008-11-29 16:30:20 ----A---- C:\WINDOWS\system32\_003838_.tmp.dll
    2008-11-29 16:30:20 ----A---- C:\WINDOWS\system32\_003835_.tmp.dll
    2008-11-29 16:30:20 ----A---- C:\WINDOWS\system32\_003784_.tmp.dll
    2008-11-29 16:30:20 ----A---- C:\WINDOWS\system32\_003779_.tmp.dll
    2008-11-29 16:30:20 ----A---- C:\WINDOWS\system32\_003762_.tmp.dll
    2008-11-29 16:30:19 ----A---- C:\WINDOWS\system32\_003754_.tmp.dll
    2008-11-28 23:36:35 ----D---- C:\Documents and Settings\moi\Application Data\Desktopicon
    2008-11-28 23:36:34 ----D---- C:\Program Files\Unlocker
    2008-11-12 03:00:42 ----D---- C:\Program Files\MSXML 4.0
    2008-10-25 21:25:53 ----A---- C:\WINDOWS\system32\_003869_.tmp.dll
    2008-10-25 21:25:53 ----A---- C:\WINDOWS\system32\_003864_.tmp.dll
    2008-10-25 21:25:52 ----A---- C:\WINDOWS\system32\_003863_.tmp.dll
    2008-10-25 21:25:52 ----A---- C:\WINDOWS\system32\_003862_.tmp.dll
    2008-10-25 21:25:52 ----A---- C:\WINDOWS\system32\_003861_.tmp.dll
    2008-10-25 21:25:52 ----A---- C:\WINDOWS\system32\_003860_.tmp.dll
    2008-10-25 21:25:52 ----A---- C:\WINDOWS\system32\_003857_.tmp.dll
    2008-10-25 21:25:52 ----A---- C:\WINDOWS\system32\_003856_.tmp.dll
    2008-10-25 21:25:52 ----A---- C:\WINDOWS\system32\_003855_.tmp.dll
    2008-10-25 21:25:52 ----A---- C:\WINDOWS\system32\_003854_.tmp.dll
    2008-10-25 21:25:52 ----A---- C:\WINDOWS\system32\_003852_.tmp.dll
    2008-10-25 21:25:51 ----A---- C:\WINDOWS\system32\_003849_.tmp.dll
    2008-10-25 21:25:51 ----A---- C:\WINDOWS\system32\_003847_.tmp.dll
    2008-10-25 21:25:51 ----A---- C:\WINDOWS\system32\_003846_.tmp.dll
    2008-10-25 21:25:51 ----A---- C:\WINDOWS\system32\_003842_.tmp.dll
    2008-10-25 21:25:51 ----A---- C:\WINDOWS\system32\_003841_.tmp.dll
    2008-10-25 21:25:51 ----A---- C:\WINDOWS\system32\_003836_.tmp.dll
    2008-10-25 21:25:50 ----A---- C:\WINDOWS\system32\_003834_.tmp.dll
    2008-10-25 21:25:50 ----A---- C:\WINDOWS\system32\_003833_.tmp.dll
    2008-10-25 21:25:50 ----A---- C:\WINDOWS\system32\_003827_.tmp.dll
    2008-10-25 21:25:50 ----A---- C:\WINDOWS\system32\_003821_.tmp.dll
    2008-10-25 21:25:50 ----A---- C:\WINDOWS\system32\_003819_.tmp.dll
    2008-10-25 21:25:50 ----A---- C:\WINDOWS\system32\_003813_.tmp.dll
    2008-10-25 21:25:50 ----A---- C:\WINDOWS\system32\_003812_.tmp.dll
    2008-10-25 21:25:50 ----A---- C:\WINDOWS\system32\_003808_.tmp.dll
    2008-10-25 21:25:50 ----A---- C:\WINDOWS\system32\_003806_.tmp.dll
    2008-10-25 21:25:49 ----A---- C:\WINDOWS\system32\_003803_.tmp.dll
    2008-10-25 21:25:49 ----A---- C:\WINDOWS\system32\_003752_.tmp.dll
    2008-10-25 21:25:49 ----A---- C:\WINDOWS\system32\_003747_.tmp.dll
    2008-10-25 21:25:49 ----A---- C:\WINDOWS\system32\_003730_.tmp.dll
    2008-10-25 21:25:49 ----A---- C:\WINDOWS\system32\_003722_.tmp.dll
    2008-10-25 20:10:54 ----D---- C:\Program Files\Windows Resource Kits
    2008-10-25 10:57:28 ----A---- C:\WINDOWS\system32\_003839_.tmp.dll
    2008-10-25 10:56:27 ----A---- C:\WINDOWS\system32\_003837_.tmp.dll
    2008-10-25 10:56:27 ----A---- C:\WINDOWS\system32\_003832_.tmp.dll
    2008-10-25 10:56:27 ----A---- C:\WINDOWS\system32\_003831_.tmp.dll
    2008-10-25 10:56:27 ----A---- C:\WINDOWS\system32\_003830_.tmp.dll
    2008-10-25 10:56:27 ----A---- C:\WINDOWS\system32\_003829_.tmp.dll
    2008-10-25 10:56:27 ----A---- C:\WINDOWS\system32\_003828_.tmp.dll
    2008-10-25 10:56:26 ----A---- C:\WINDOWS\system32\_003825_.tmp.dll
    2008-10-25 10:56:26 ----A---- C:\WINDOWS\system32\_003824_.tmp.dll
    2008-10-25 10:56:26 ----A---- C:\WINDOWS\system32\_003823_.tmp.dll
    2008-10-25 10:56:26 ----A---- C:\WINDOWS\system32\_003822_.tmp.dll
    2008-10-25 10:56:26 ----A---- C:\WINDOWS\system32\_003820_.tmp.dll
    2008-10-25 10:56:26 ----A---- C:\WINDOWS\system32\_003817_.tmp.dll
    2008-10-25 10:56:26 ----A---- C:\WINDOWS\system32\_003815_.tmp.dll
    2008-10-25 10:56:26 ----A---- C:\WINDOWS\system32\_003814_.tmp.dll
    2008-10-25 10:56:25 ----A---- C:\WINDOWS\system32\_003810_.tmp.dll
    2008-10-25 10:56:25 ----A---- C:\WINDOWS\system32\_003809_.tmp.dll
    2008-10-25 10:56:25 ----A---- C:\WINDOWS\system32\_003804_.tmp.dll
    2008-10-25 10:56:25 ----A---- C:\WINDOWS\system32\_003802_.tmp.dll
    2008-10-25 10:56:25 ----A---- C:\WINDOWS\system32\_003801_.tmp.dll
    2008-10-25 10:56:25 ----A---- C:\WINDOWS\system32\_003795_.tmp.dll
    2008-10-25 10:56:25 ----A---- C:\WINDOWS\system32\_003789_.tmp.dll
    2008-10-25 10:56:25 ----A---- C:\WINDOWS\system32\_003787_.tmp.dll
    2008-10-25 10:56:24 ----A---- C:\WINDOWS\system32\_003781_.tmp.dll
    2008-10-25 10:56:24 ----A---- C:\WINDOWS\system32\_003780_.tmp.dll
    2008-10-25 10:56:24 ----A---- C:\WINDOWS\system32\_003776_.tmp.dll
    2008-10-25 10:56:24 ----A---- C:\WINDOWS\system32\_003774_.tmp.dll
    2008-10-25 10:56:24 ----A---- C:\WINDOWS\system32\_003771_.tmp.dll
    2008-10-25 10:56:23 ----A---- C:\WINDOWS\system32\_003720_.tmp.dll
    2008-10-25 10:56:23 ----A---- C:\WINDOWS\system32\_003715_.tmp.dll
    2008-10-25 10:56:23 ----A---- C:\WINDOWS\system32\_003699_.tmp.dll
    2008-10-25 10:56:23 ----A---- C:\WINDOWS\system32\_003691_.tmp.dll
    2008-10-17 01:17:16 ----D---- C:\WINDOWS\NV10841364.TMP
    2008-10-15 23:14:31 ----D---- C:\Documents and Settings\All Users\Application Data\KONAMI
    2008-10-15 10:34:52 ----D---- C:\Documents and Settings\moi\Application Data\InstallShield
    2008-10-11 09:04:21 ----A---- C:\WINDOWS\system32\thawbrkr.dll
    2008-10-11 09:04:19 ----A---- C:\WINDOWS\system32\c_iscii.dll
    2008-10-11 09:04:17 ----A---- C:\WINDOWS\system32\kbdusa.dll
    2008-10-11 09:04:08 ----A---- C:\WINDOWS\system32\ftlx041e.dll
    2008-10-06 08:07:41 ----A---- C:\WINDOWS\system32\_003807_.tmp.dll
    2008-10-06 08:07:05 ----A---- C:\WINDOWS\system32\_003805_.tmp.dll
    2008-10-06 08:07:05 ----A---- C:\WINDOWS\system32\_003800_.tmp.dll
    2008-10-06 08:07:05 ----A---- C:\WINDOWS\system32\_003799_.tmp.dll
    2008-10-06 08:07:05 ----A---- C:\WINDOWS\system32\_003798_.tmp.dll
    2008-10-06 08:07:05 ----A---- C:\WINDOWS\system32\_003797_.tmp.dll
    2008-10-06 08:07:05 ----A---- C:\WINDOWS\system32\_003796_.tmp.dll
    2008-10-06 08:07:04 ----A---- C:\WINDOWS\system32\_003793_.tmp.dll
    2008-10-06 08:07:04 ----A---- C:\WINDOWS\system32\_003792_.tmp.dll
    2008-10-06 08:07:04 ----A---- C:\WINDOWS\system32\_003791_.tmp.dll
    2008-10-06 08:07:04 ----A---- C:\WINDOWS\system32\_003790_.tmp.dll
    2008-10-06 08:07:04 ----A---- C:\WINDOWS\system32\_003788_.tmp.dll
    2008-10-06 08:07:04 ----A---- C:\WINDOWS\system32\_003785_.tmp.dll
    2008-10-06 08:07:04 ----A---- C:\WINDOWS\system32\_003783_.tmp.dll
    2008-10-06 08:07:04 ----A---- C:\WINDOWS\system32\_003782_.tmp.dll
    2008-10-06 08:07:04 ----A---- C:\WINDOWS\system32\_003778_.tmp.dll
    2008-10-06 08:07:04 ----A---- C:\WINDOWS\system32\_003777_.tmp.dll
    2008-10-06 08:07:04 ----A---- C:\WINDOWS\system32\_003772_.tmp.dll
    2008-10-06 08:07:04 ----A---- C:\WINDOWS\system32\_003770_.tmp.dll
    2008-10-06 08:07:04 -
    Contenus similaires
    a c 296 8 Sécurité
    a b 9 Windows
    19 Août 2009 23:20:44

    Tu as une belle infection.

    [#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    20 Août 2009 00:04:02

    j'ai fais ce que tu ma demander,mais ca ma redemarrer le pc et ensuite j'ai pu entrer dans ma session mais en une minute meme pas je ne pouvais plus ouvrir aucun probleme

    peut etre qu'au moment ou le logiciel redemarre mon pc je dois entrer dans ma session en mode sans echec non ?

    je suis dsl de vous embeter mais c'est tres important pour moi

    merci
    20 Août 2009 00:27:08

    voila voici le log j'ai redemarrer en mode sans echec

    le log :
    ComboFix 09-08-18.04 - moi 11/01/2005 17:42.2.1 - NTFSx86 NETWORK
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.2558.2222 [GMT 1:00]
    Running from: c:\documents and settings\moi\Bureau\ComboFix.exe
    AV: avast! antivirus 4.8.1335 [VPS 090815-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\husycunak.ban
    c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\nolej.db
    c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\wituvoz.com
    c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\yruqi._sy
    c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
    c:\documents and settings\moi\oashdihasidhasuidhiasdhiashdiuasdhasd
    c:\program files\PC_Antispyware2010
    c:\program files\PC_Antispyware2010\AVEngn.dll
    c:\program files\PC_Antispyware2010\data\daily.cvd
    c:\program files\PC_Antispyware2010\htmlayout.dll
    c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
    c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll
    c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll
    c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll
    c:\program files\PC_Antispyware2010\PC_Antispyware2010.cfg
    c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe
    c:\program files\PC_Antispyware2010\pthreadVC2.dll
    c:\program files\PC_Antispyware2010\Uninstall.exe
    c:\program files\PC_Antispyware2010\wscui.cpl
    c:\windows\system32\_scui.cpl
    c:\windows\system32\braviax.exe
    c:\windows\system32\dllcache\figaro.sys
    c:\windows\system32\wisdstr.exe
    .
    ---- Previous Run -------
    .
    c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\edigyraw.ban
    c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\izyhuxat.ban
    c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\oriqamim.dat
    c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\rolomajape.scr
    c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
    c:\documents and settings\moi\Application Data\inst.exe
    c:\documents and settings\moi\Application Data\wiaserva.log
    c:\documents and settings\moi\oashdihasidhasuidhiasdhiashdiuasdhasd
    c:\program files\PC_Antispyware2010\data\daily.cvd
    c:\program files\PC_Antispyware2010\htmlayout.dll
    c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
    c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll
    c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll
    c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll
    c:\program files\PC_Antispyware2010\PC_Antispyware2010.cfg
    c:\program files\PC_Antispyware2010\pthreadVC2.dll
    c:\program files\PC_Antispyware2010\wscui.cpl
    C:\test.txt
    c:\windows\010112010146120114.xe
    c:\windows\0101120101464949.xe
    c:\windows\acdddl.dll
    c:\windows\braviax.exe
    c:\windows\Installer\ecb8c.msi
    c:\windows\ld12.exe
    c:\windows\prxid93ps.dat
    c:\windows\system32\_003584_.tmp.dll
    c:\windows\system32\_003585_.tmp.dll
    c:\windows\system32\_003586_.tmp.dll
    c:\windows\system32\_003587_.tmp.dll
    c:\windows\system32\_003592_.tmp.dll
    c:\windows\system32\_003593_.tmp.dll
    c:\windows\system32\_003594_.tmp.dll
    c:\windows\system32\_003595_.tmp.dll
    c:\windows\system32\_003596_.tmp.dll
    c:\windows\system32\_003597_.tmp.dll
    c:\windows\system32\_003598_.tmp.dll
    c:\windows\system32\_003599_.tmp.dll
    c:\windows\system32\_003600_.tmp.dll
    c:\windows\system32\_003601_.tmp.dll
    c:\windows\system32\_003602_.tmp.dll
    c:\windows\system32\_003603_.tmp.dll
    c:\windows\system32\_003604_.tmp.dll
    c:\windows\system32\_003605_.tmp.dll
    c:\windows\system32\_003606_.tmp.dll
    c:\windows\system32\_003607_.tmp.dll
    c:\windows\system32\_003608_.tmp.dll
    c:\windows\system32\_003609_.tmp.dll
    c:\windows\system32\_003610_.tmp.dll
    c:\windows\system32\_003611_.tmp.dll
    c:\windows\system32\_003612_.tmp.dll
    c:\windows\system32\_003613_.tmp.dll
    c:\windows\system32\_003614_.tmp.dll
    c:\windows\system32\_003615_.tmp.dll
    c:\windows\system32\_003616_.tmp.dll
    c:\windows\system32\_003617_.tmp.dll
    c:\windows\system32\_003618_.tmp.dll
    c:\windows\system32\_003619_.tmp.dll
    c:\windows\system32\_003620_.tmp.dll
    c:\windows\system32\_003621_.tmp.dll
    c:\windows\system32\_003622_.tmp.dll
    c:\windows\system32\_003623_.tmp.dll
    c:\windows\system32\_003624_.tmp.dll
    c:\windows\system32\_003625_.tmp.dll
    c:\windows\system32\_003626_.tmp.dll
    c:\windows\system32\_003627_.tmp.dll
    c:\windows\system32\_003628_.tmp.dll
    c:\windows\system32\_003629_.tmp.dll
    c:\windows\system32\_003630_.tmp.dll
    c:\windows\system32\_003631_.tmp.dll
    c:\windows\system32\_003632_.tmp.dll
    c:\windows\system32\_003633_.tmp.dll
    c:\windows\system32\_003634_.tmp.dll
    c:\windows\system32\_003635_.tmp.dll
    c:\windows\system32\_003636_.tmp.dll
    c:\windows\system32\_003637_.tmp.dll
    c:\windows\system32\_003638_.tmp.dll
    c:\windows\system32\_003639_.tmp.dll
    c:\windows\system32\_003640_.tmp.dll
    c:\windows\system32\_003641_.tmp.dll
    c:\windows\system32\_003642_.tmp.dll
    c:\windows\system32\_003643_.tmp.dll
    c:\windows\system32\_003644_.tmp.dll
    c:\windows\system32\_003645_.tmp.dll
    c:\windows\system32\_003646_.tmp.dll
    c:\windows\system32\_003647_.tmp.dll
    c:\windows\system32\_003648_.tmp.dll
    c:\windows\system32\_003649_.tmp.dll
    c:\windows\system32\_003650_.tmp.dll
    c:\windows\system32\_003651_.tmp.dll
    c:\windows\system32\_003652_.tmp.dll
    c:\windows\system32\_003653_.tmp.dll
    c:\windows\system32\_003654_.tmp.dll
    c:\windows\system32\_003655_.tmp.dll
    c:\windows\system32\_003656_.tmp.dll
    c:\windows\system32\_003657_.tmp.dll
    c:\windows\system32\_003658_.tmp.dll
    c:\windows\system32\_003659_.tmp.dll
    c:\windows\system32\_003660_.tmp.dll
    c:\windows\system32\_003661_.tmp.dll
    c:\windows\system32\_003662_.tmp.dll
    c:\windows\system32\_003663_.tmp.dll
    c:\windows\system32\_003664_.tmp.dll
    c:\windows\system32\_003665_.tmp.dll
    c:\windows\system32\_003666_.tmp.dll
    c:\windows\system32\_003667_.tmp.dll
    c:\windows\system32\_003668_.tmp.dll
    c:\windows\system32\_003669_.tmp.dll
    c:\windows\system32\_003670_.tmp.dll
    c:\windows\system32\_003671_.tmp.dll
    c:\windows\system32\_003672_.tmp.dll
    c:\windows\system32\_003673_.tmp.dll
    c:\windows\system32\_003674_.tmp.dll
    c:\windows\system32\_003675_.tmp.dll
    c:\windows\system32\_003676_.tmp.dll
    c:\windows\system32\_003677_.tmp.dll
    c:\windows\system32\_003678_.tmp.dll
    c:\windows\system32\_003679_.tmp.dll
    c:\windows\system32\_003680_.tmp.dll
    c:\windows\system32\_003681_.tmp.dll
    c:\windows\system32\_003682_.tmp.dll
    c:\windows\system32\_003683_.tmp.dll
    c:\windows\system32\_003684_.tmp.dll
    c:\windows\system32\_003685_.tmp.dll
    c:\windows\system32\_003686_.tmp.dll
    c:\windows\system32\_003687_.tmp.dll
    c:\windows\system32\_003688_.tmp.dll
    c:\windows\system32\_003689_.tmp.dll
    c:\windows\system32\_003690_.tmp.dll
    c:\windows\system32\_003691_.tmp.dll
    c:\windows\system32\_003692_.tmp.dll
    c:\windows\system32\_003693_.tmp.dll
    c:\windows\system32\_003694_.tmp.dll
    c:\windows\system32\_003695_.tmp.dll
    c:\windows\system32\_003696_.tmp.dll
    c:\windows\system32\_003697_.tmp.dll
    c:\windows\system32\_003698_.tmp.dll
    c:\windows\system32\_003699_.tmp.dll
    c:\windows\system32\_003700_.tmp.dll
    c:\windows\system32\_003701_.tmp.dll
    c:\windows\system32\_003702_.tmp.dll
    c:\windows\system32\_003703_.tmp.dll
    c:\windows\system32\_003704_.tmp.dll
    c:\windows\system32\_003705_.tmp.dll
    c:\windows\system32\_003706_.tmp.dll
    c:\windows\system32\_003707_.tmp.dll
    c:\windows\system32\_003708_.tmp.dll
    c:\windows\system32\_003709_.tmp.dll
    c:\windows\system32\_003710_.tmp.dll
    c:\windows\system32\_003711_.tmp.dll
    c:\windows\system32\_003712_.tmp.dll
    c:\windows\system32\_003713_.tmp.dll
    c:\windows\system32\_003714_.tmp.dll
    c:\windows\system32\_003715_.tmp.dll
    c:\windows\system32\_003716_.tmp.dll
    c:\windows\system32\_003717_.tmp.dll
    c:\windows\system32\_003718_.tmp.dll
    c:\windows\system32\_003719_.tmp.dll
    c:\windows\system32\_003720_.tmp.dll
    c:\windows\system32\_003721_.tmp.dll
    c:\windows\system32\_003722_.tmp.dll
    c:\windows\system32\_003723_.tmp.dll
    c:\windows\system32\_003724_.tmp.dll
    c:\windows\system32\_003725_.tmp.dll
    c:\windows\system32\_003726_.tmp.dll
    c:\windows\system32\_003727_.tmp.dll
    c:\windows\system32\_003728_.tmp.dll
    c:\windows\system32\_003729_.tmp.dll
    c:\windows\system32\_003730_.tmp.dll
    c:\windows\system32\_003731_.tmp.dll
    c:\windows\system32\_003732_.tmp.dll
    c:\windows\system32\_003733_.tmp.dll
    c:\windows\system32\_003734_.tmp.dll
    c:\windows\system32\_003735_.tmp.dll
    c:\windows\system32\_003736_.tmp.dll
    c:\windows\system32\_003737_.tmp.dll
    c:\windows\system32\_003738_.tmp.dll
    c:\windows\system32\_003739_.tmp.dll
    c:\windows\system32\_003740_.tmp.dll
    c:\windows\system32\_003741_.tmp.dll
    c:\windows\system32\_003742_.tmp.dll
    c:\windows\system32\_003743_.tmp.dll
    c:\windows\system32\_003744_.tmp.dll
    c:\windows\system32\_003745_.tmp.dll
    c:\windows\system32\_003746_.tmp.dll
    c:\windows\system32\_003747_.tmp.dll
    c:\windows\system32\_003748_.tmp.dll
    c:\windows\system32\_003749_.tmp.dll
    c:\windows\system32\_003750_.tmp.dll
    c:\windows\system32\_003751_.tmp.dll
    c:\windows\system32\_003752_.tmp.dll
    c:\windows\system32\_003753_.tmp.dll
    c:\windows\system32\_003754_.tmp.dll
    c:\windows\system32\_003755_.tmp.dll
    c:\windows\system32\_003756_.tmp.dll
    c:\windows\system32\_003757_.tmp.dll
    c:\windows\system32\_003758_.tmp.dll
    c:\windows\system32\_003759_.tmp.dll
    c:\windows\system32\_003760_.tmp.dll
    c:\windows\system32\_003761_.tmp.dll
    c:\windows\system32\_003762_.tmp.dll
    c:\windows\system32\_003763_.tmp.dll
    c:\windows\system32\_003764_.tmp.dll
    c:\windows\system32\_003765_.tmp.dll
    c:\windows\system32\_003766_.tmp.dll
    c:\windows\system32\_003767_.tmp.dll
    c:\windows\system32\_003768_.tmp.dll
    c:\windows\system32\_003769_.tmp.dll
    c:\windows\system32\_003770_.tmp.dll
    c:\windows\system32\_003771_.tmp.dll
    c:\windows\system32\_003772_.tmp.dll
    c:\windows\system32\_003773_.tmp.dll
    c:\windows\system32\_003774_.tmp.dll
    c:\windows\system32\_003775_.tmp.dll
    c:\windows\system32\_003776_.tmp.dll
    c:\windows\system32\_003777_.tmp.dll
    c:\windows\system32\_003778_.tmp.dll
    c:\windows\system32\_003779_.tmp.dll
    c:\windows\system32\_003780_.tmp.dll
    c:\windows\system32\_003781_.tmp.dll
    c:\windows\system32\_003782_.tmp.dll
    c:\windows\system32\_003783_.tmp.dll
    c:\windows\system32\_003784_.tmp.dll
    c:\windows\system32\_003785_.tmp.dll
    c:\windows\system32\_003787_.tmp.dll
    c:\windows\system32\_003788_.tmp.dll
    c:\windows\system32\_003789_.tmp.dll
    c:\windows\system32\_003790_.tmp.dll
    c:\windows\system32\_003791_.tmp.dll
    c:\windows\system32\_003792_.tmp.dll
    c:\windows\system32\_003793_.tmp.dll
    c:\windows\system32\_003795_.tmp.dll
    c:\windows\system32\_003796_.tmp.dll
    c:\windows\system32\_003797_.tmp.dll
    c:\windows\system32\_003798_.tmp.dll
    c:\windows\system32\_003799_.tmp.dll
    c:\windows\system32\_003800_.tmp.dll
    c:\windows\system32\_003801_.tmp.dll
    c:\windows\system32\_003802_.tmp.dll
    c:\windows\system32\_003803_.tmp.dll
    c:\windows\system32\_003804_.tmp.dll
    c:\windows\system32\_003805_.tmp.dll
    c:\windows\system32\_003806_.tmp.dll
    c:\windows\system32\_003807_.tmp.dll
    c:\windows\system32\_003808_.tmp.dll
    c:\windows\system32\_003809_.tmp.dll
    c:\windows\system32\_003810_.tmp.dll
    c:\windows\system32\_003812_.tmp.dll
    c:\windows\system32\_003813_.tmp.dll
    c:\windows\system32\_003814_.tmp.dll
    c:\windows\system32\_003815_.tmp.dll
    c:\windows\system32\_003817_.tmp.dll
    c:\windows\system32\_003819_.tmp.dll
    c:\windows\system32\_003820_.tmp.dll
    c:\windows\system32\_003821_.tmp.dll
    c:\windows\system32\_003822_.tmp.dll
    c:\windows\system32\_003823_.tmp.dll
    c:\windows\system32\_003824_.tmp.dll
    c:\windows\system32\_003825_.tmp.dll
    c:\windows\system32\_003827_.tmp.dll
    c:\windows\system32\_003828_.tmp.dll
    c:\windows\system32\_003829_.tmp.dll
    c:\windows\system32\_003830_.tmp.dll
    c:\windows\system32\_003831_.tmp.dll
    c:\windows\system32\_003832_.tmp.dll
    c:\windows\system32\_003833_.tmp.dll
    c:\windows\system32\_003834_.tmp.dll
    c:\windows\system32\_003835_.tmp.dll
    c:\windows\system32\_003836_.tmp.dll
    c:\windows\system32\_003837_.tmp.dll
    c:\windows\system32\_003838_.tmp.dll
    c:\windows\system32\_003839_.tmp.dll
    c:\windows\system32\_003840_.tmp.dll
    c:\windows\system32\_003841_.tmp.dll
    c:\windows\system32\_003842_.tmp.dll
    c:\windows\system32\_003844_.tmp.dll
    c:\windows\system32\_003845_.tmp.dll
    c:\windows\system32\_003846_.tmp.dll
    c:\windows\system32\_003847_.tmp.dll
    c:\windows\system32\_003849_.tmp.dll
    c:\windows\system32\_003851_.tmp.dll
    c:\windows\system32\_003852_.tmp.dll
    c:\windows\system32\_003853_.tmp.dll
    c:\windows\system32\_003854_.tmp.dll
    c:\windows\system32\_003855_.tmp.dll
    c:\windows\system32\_003856_.tmp.dll
    c:\windows\system32\_003857_.tmp.dll
    c:\windows\system32\_003859_.tmp.dll
    c:\windows\system32\_003860_.tmp.dll
    c:\windows\system32\_003861_.tmp.dll
    c:\windows\system32\_003862_.tmp.dll
    c:\windows\system32\_003863_.tmp.dll
    c:\windows\system32\_003864_.tmp.dll
    c:\windows\system32\_003865_.tmp.dll
    c:\windows\system32\_003866_.tmp.dll
    c:\windows\system32\_003868_.tmp.dll
    c:\windows\system32\_003869_.tmp.dll
    c:\windows\system32\_003872_.tmp.dll
    c:\windows\system32\_003873_.tmp.dll
    c:\windows\system32\_003877_.tmp.dll
    c:\windows\system32\_003878_.tmp.dll
    c:\windows\system32\_003880_.tmp.dll
    c:\windows\system32\_003883_.tmp.dll
    c:\windows\system32\_003885_.tmp.dll
    c:\windows\system32\_003886_.tmp.dll
    c:\windows\system32\_003887_.tmp.dll
    c:\windows\system32\_003888_.tmp.dll
    c:\windows\system32\_003891_.tmp.dll
    c:\windows\system32\_003892_.tmp.dll
    c:\windows\system32\_003893_.tmp.dll
    c:\windows\system32\_003894_.tmp.dll
    c:\windows\system32\_003895_.tmp.dll
    c:\windows\system32\_003900_.tmp.dll
    c:\windows\system32\_003902_.tmp.dll
    c:\windows\system32\_scui.cpl
    c:\windows\system32\braviax.exe
    c:\windows\system32\cru629.dat
    c:\windows\system32\DelSelf.bat
    c:\windows\system32\winitn.dll

    Infected copy of c:\windows\system32\mspmsnsv.dll was found and disinfected
    Restored copy from - c:\windows\system32\dllcache\MsPMSNSv.dll

    Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected
    Restored copy from - c:\i386\BEEP.SYS

    Infected copy of c:\windows\system32\mspmsnsv.dll was found and disinfected
    Restored copy from - c:\windows\system32\dllcache\mspmsnsv.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_BOONTY_GAMES
    -------\Service_Boonty Games


    ((((((((((((((((((((((((( Files Created from 2004-12-11 to 2005-01-11 )))))))))))))))))))))))))))))))
    .

    2009-08-16 01:50 . 2005-01-10 16:08 136 ----a-w- c:\documents and settings\moi\delself.bat
    2009-08-16 01:50 . 2009-08-16 01:50 26686 ----a-w- c:\windows\system32\msword98.exe
    2009-08-16 01:50 . 2009-08-16 01:50 26686 ----a-w- c:\documents and settings\moi\msword98.exe
    2009-08-14 09:39 . 2002-10-21 10:37 515803 ----a-w- c:\windows\system32\drivers\CA533AV.SYS
    2009-08-14 09:39 . 2002-07-25 10:19 10986 ----a-w- c:\windows\system32\drivers\Bulk533.sys
    2009-08-13 20:58 . 2009-08-13 20:58 -------- d-----w- c:\documents and settings\moi\Local Settings\Application Data\CAPCOM
    2009-08-13 20:10 . 2008-03-05 14:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
    2009-08-13 20:10 . 2008-02-05 22:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
    2009-08-13 20:10 . 2008-03-05 14:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
    2009-08-13 20:09 . 2009-08-13 20:09 -------- d-----w- c:\windows\system32\xlive
    2009-08-13 20:09 . 2009-08-13 20:10 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
    2009-08-13 20:09 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
    2009-08-13 20:09 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
    2009-08-13 20:09 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
    2009-08-13 20:09 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2009-08-13 20:09 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
    2009-08-13 20:09 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
    2009-08-13 20:09 . 2007-04-04 17:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
    2009-08-13 19:07 . 2009-08-13 20:08 -------- d-----w- c:\program files\Street Fighter IV
    2009-08-13 09:55 . 2009-08-15 14:02 -------- d-----w- c:\program files\Simulateur de conduite 3D
    2009-08-10 14:06 . 2009-08-10 14:07 -------- d-----w- c:\documents and settings\secours\Application Data\OpenOffice.org2
    2009-07-23 12:53 . 2009-08-14 09:39 -------- d-----w- c:\program files\DkZ Studio
    2009-07-15 17:12 . 2009-07-19 10:35 230432 ----a-w- C:\SPC230NC.DAT
    2009-07-15 16:02 . 2009-07-15 16:02 -------- d-----w- c:\documents and settings\moi\Application Data\ArcSoft
    2009-07-15 15:58 . 2009-07-15 15:58 -------- d-----w- c:\documents and settings\secours\Application Data\ArcSoft
    2009-07-15 15:41 . 1995-08-01 02:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
    2009-07-15 15:38 . 2007-09-26 12:28 8576 ----a-w- c:\windows\system32\drivers\PAEAFLT.sys
    2009-07-15 15:38 . 2007-12-31 14:19 461056 ----a-w- c:\windows\system32\drivers\SPC230NC.SYS
    2009-07-15 15:38 . 2007-11-02 09:07 6656 ----a-w- c:\windows\system32\CoInst.dll
    2009-07-15 15:38 . 2009-07-15 15:38 -------- d-----w- c:\windows\Philips
    2009-06-27 16:51 . 2009-06-27 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
    2009-06-27 16:49 . 2009-06-27 16:49 -------- d-----w- c:\program files\Windows Live
    2009-06-20 19:31 . 2009-06-20 19:31 -------- d-----w- c:\documents and settings\moi\Local Settings\Application Data\Downloaded Installations
    2009-06-12 10:40 . 2009-06-12 10:48 -------- d-----w- c:\documents and settings\moi\Application Data\Download Manager
    2009-06-03 14:24 . 2009-06-03 14:24 -------- d-----w- c:\program files\Runtime Software
    2009-04-26 23:24 . 2009-04-26 23:24 -------- d-----w- c:\documents and settings\moi\OngameNetwork
    2009-04-26 23:21 . 2009-07-05 11:08 -------- d-----w- c:\program files\WinamaxPoker
    2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w- c:\windows\system32\xlive.dll
    2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
    2009-04-13 21:47 . 2009-04-13 21:47 1190400 ----a-w- c:\documents and settings\moi\Application Data\Dealio\dinstallhelper.ABD4F0A8EE06459FAC3887CF92695D6B.dll
    2009-04-13 21:47 . 2009-04-13 21:47 -------- d-----w- c:\documents and settings\moi\Application Data\Dealio
    2009-03-31 19:44 . 2009-03-31 19:44 -------- d-----w- c:\windows\system32\athan
    2009-03-31 19:44 . 2009-06-03 14:12 -------- d-----w- c:\program files\Athan
    2009-03-16 17:11 . 2009-03-16 17:11 -------- d-----w- c:\documents and settings\secours\Application Data\Wippien
    2009-03-14 00:53 . 2009-06-23 18:01 -------- d-----w- c:\documents and settings\moi\Application Data\Wippien
    2009-03-14 00:53 . 2008-12-30 22:43 23480 ----a-w- c:\windows\system32\drivers\wip0204.sys
    2009-03-04 19:36 . 2009-08-01 12:42 -------- d-----w- c:\program files\JPEG Compression
    2009-03-02 18:02 . 2009-08-16 10:45 -------- d-----w- c:\program files\Cheat 'O Matic
    2009-02-02 16:12 . 2009-02-02 17:02 -------- d-----w- c:\documents and settings\moi\Application Data\Facebook
    2009-01-30 17:25 . 2009-01-30 17:25 -------- d-----w- c:\documents and settings\secours\Application Data\MAGIX
    2009-01-30 01:56 . 2009-01-30 01:56 -------- d-----w- c:\documents and settings\moi\Application Data\MAGIX
    2009-01-30 01:54 . 2001-05-11 12:18 420240 ----a-w- c:\windows\system32\mpg4c32.dll
    2009-01-30 01:51 . 2009-02-12 17:16 -------- d-----w- c:\documents and settings\All Users\Application Data\MAGIX
    2009-01-30 01:51 . 2009-02-12 17:16 -------- d-----w- c:\program files\MAGIX
    2009-01-30 01:51 . 2007-04-27 08:43 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
    2009-01-30 01:50 . 2009-02-12 17:16 -------- d-----w- c:\windows\system32\MAGIX
    2009-01-30 01:50 . 2008-04-15 14:14 700416 ----a-w- c:\windows\system32\mgxoschk.dll
    2009-01-30 01:48 . 2009-01-30 01:48 2048 ----a-w- c:\documents and settings\moi\Application Data\invibes\gdiplusfont.dll
    2009-01-30 01:48 . 2009-01-30 01:48 -------- d-----w- c:\documents and settings\moi\Application Data\invibes
    2009-01-30 01:48 . 2009-01-30 01:48 -------- d-----w- c:\program files\Micro Application
    2009-01-30 00:04 . 2009-01-30 01:34 -------- d-----w- c:\program files\Qtracker
    2009-01-29 23:57 . 2009-07-19 20:44 -------- d-----w- c:\documents and settings\moi\Application Data\Hamachi
    2009-01-29 23:56 . 2009-03-10 10:50 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
    2009-01-26 09:16 . 2009-01-26 09:16 -------- d-----w- c:\program files\Activision
    2009-01-26 09:12 . 2009-01-26 09:12 -------- d-sh--w- c:\windows\ftpcache
    2009-01-24 14:27 . 2008-07-31 09:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
    2009-01-24 14:27 . 2008-07-31 09:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
    2009-01-24 14:27 . 2008-07-31 09:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
    2009-01-24 14:27 . 2008-07-12 07:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
    2009-01-24 14:27 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
    2009-01-24 14:27 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
    2009-01-24 14:10 . 2009-01-24 14:14 -------- d-----w- c:\windows\NV28082812.TMP
    2009-01-24 14:10 . 2009-01-24 14:10 -------- d-----w- c:\windows\nview
    2009-01-24 14:10 . 2008-12-25 23:08 453152 ----a-w- c:\windows\system32\nvudisp.exe
    2009-01-24 14:08 . 2008-12-23 20:58 453152 ----a-w- c:\windows\system32\NVUNINST.EXE
    2009-01-24 11:42 . 2009-01-24 11:42 -------- d-----w- c:\documents and settings\moi\Local Settings\Application Data\THQ
    2009-01-15 17:05 . 2009-01-15 17:05 -------- d-----w- c:\documents and settings\secours\Application Data\Samsung
    2008-12-31 16:48 . 2008-12-31 16:48 -------- d--h--r- c:\documents and settings\secours\Application Data\SecuROM
    2008-12-31 13:46 . 2008-12-31 13:46 -------- d-----w- c:\program files\MSXML 6.0
    2008-12-31 13:10 . 2008-05-30 13:19 507400 ----a-w- c:\windows\system32\XAudio2_1.dll
    2008-12-31 13:10 . 2008-05-30 13:17 65032 ----a-w- c:\windows\system32\XAPOFX1_0.dll
    2008-12-31 13:10 . 2008-05-30 13:18 238088 ----a-w- c:\windows\system32\xactengine3_1.dll
    2008-12-31 13:10 . 2008-05-30 13:17 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
    2008-12-31 13:10 . 2008-05-30 13:11 467984 ----a-w- c:\windows\system32\d3dx10_38.dll
    2008-12-31 13:10 . 2008-05-30 13:11 1491992 ----a-w- c:\windows\system32\D3DCompiler_38.dll
    2008-12-31 13:10 . 2008-05-30 13:11 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
    2008-12-31 13:10 . 2008-03-05 15:03 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
    2008-12-31 13:09 . 2008-03-05 15:03 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
    2008-12-31 13:09 . 2008-03-05 15:00 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll
    2008-12-31 13:09 . 2007-10-22 02:39 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
    2008-12-31 13:09 . 2007-10-12 14:14 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
    2008-12-31 13:09 . 2007-10-02 08:56 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
    2008-12-31 13:09 . 2007-10-12 14:14 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
    2008-12-31 13:07 . 2008-12-31 13:07 -------- d-----w- c:\windows\Logs
    2008-12-31 10:24 . 2008-12-31 10:24 -------- d--h--r- c:\documents and settings\moi\Application Data\SecuROM
    2008-12-31 01:05 . 2008-12-31 01:05 -------- d-----w- c:\program files\MSBuild
    2008-12-31 01:05 . 2009-01-02 18:28 722088 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2008-12-31 01:02 . 2008-12-31 01:07 -------- d-----w- c:\windows\system32\XPSViewer
    2008-12-31 01:00 . 2008-12-31 01:00 -------- d-----w- c:\program files\Reference Assemblies
    2008-12-31 01:00 . 2006-06-29 12:07 14048 ----a-w- c:\windows\system32\spmsg2.dll
    2008-12-31 00:56 . 2008-12-31 00:56 -------- d-----w- c:\documents and settings\moi\Application Data\DAEMON Tools
    2008-12-31 00:56 . 2008-12-31 00:56 -------- d-----w- c:\documents and settings\moi\Application Data\DAEMON Tools Pro
    2008-12-31 00:55 . 2008-12-31 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
    2008-12-31 00:55 . 2008-12-31 00:55 -------- d-----w- c:\program files\DAEMON Tools Lite
    2008-12-31 00:47 . 2008-12-31 00:57 -------- d-----w- c:\documents and settings\moi\Application Data\DAEMON Tools Lite
    2008-12-20 17:56 . 2008-12-20 17:57 -------- d-----w- c:\documents and settings\secours\Application Data\DeepBurner
    2008-11-29 16:43 . 2004-08-19 19:58 124800 -c--a-w- c:\windows\system32\dllcache\fltmgr.sys
    2008-11-29 16:43 . 2004-08-19 19:58 124800 ----a-w- c:\windows\system32\drivers\fltMgr.sys
    2008-11-29 16:42 . 2004-08-03 22:10 17024 ----a-w- c:\windows\system32\drivers\ccdecode.sys
    2008-11-29 16:42 . 2004-08-03 22:10 85376 ----a-w- c:\windows\system32\drivers\nabtsfec.sys
    2008-11-29 16:42 . 2004-08-03 21:58 5504 ----a-w- c:\windows\system32\drivers\mstee.sys
    2008-11-29 16:42 . 2004-08-03 22:10 19328 ----a-w- c:\windows\system32\drivers\wstcodec.sys
    2008-11-29 16:42 . 2004-08-03 22:07 59264 ----a-w- c:\windows\system32\drivers\usbaudio.sys
    2008-11-29 15:30 . 2004-08-05 12:00 71040 ----a-w- c:\windows\system32\drivers\_003640_.tmp.dll
    2008-11-28 22:36 . 2008-11-28 22:36 -------- d-----w- c:\documents and settings\moi\Application Data\Desktopicon
    2008-11-28 22:36 . 2008-11-29 16:21 -------- d-----w- c:\program files\Unlocker
    2008-11-12 02:00 . 2008-11-12 02:00 -------- d-----w- c:\program files\MSXML 4.0
    2008-10-25 20:25 . 2004-08-05 12:00 71040 ----a-w- c:\windows\system32\drivers\_003630_.tmp.dll
    2008-10-25 19:10 . 2008-10-25 19:11 -------- d-----w- c:\program files\Windows Resource Kits
    2008-10-25 09:56 . 2004-08-05 12:00 71040 ----a-w- c:\windows\system32\drivers\_003622_.tmp.dll
    2008-10-17 00:17 . 2008-10-17 00:20 -------- d-----w- c:\windows\NV10841364.TMP
    2008-10-15 22:14 . 2008-10-15 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI
    2008-10-15 09:34 . 2008-10-15 09:34 -------- d-----w- c:\documents and settings\moi\Application Data\InstallShield
    2008-10-11 08:04 . 2004-08-05 12:00 185344 -c--a-w- c:\windows\system32\dllcache\thawbrkr.dll
    2008-10-11 08:04 . 2004-08-05 12:00 185344 ----a-w- c:\windows\system32\thawbrkr.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-14 09:42 . 2005-03-23 17:53 -------- d-----w- c:\program files\Fichiers communs\Real
    2008-06-24 16:12 . 2006-10-18 19:47 295936 ----a-w- c:\windows\system32\wmpeffects.dll
    2008-04-14 02:33 . 2008-04-14 02:33 6144 ----a-w- c:\windows\system32\SETACB.tmp
    2008-04-14 02:32 . 2008-04-14 02:32 5632 ----a-w- c:\windows\system32\SET5A2.tmp
    2008-04-14 02:32 . 2008-04-14 02:32 5632 ----a-w- c:\windows\system32\SET333.tmp
    2008-04-14 02:32 . 2008-04-14 02:32 5632 ----a-w- c:\windows\system32\SET263.tmp
    2008-04-14 02:32 . 2008-04-14 02:32 5632 ----a-w- c:\windows\system32\SET227.tmp
    2008-04-14 02:32 . 2008-04-14 02:32 5632 ----a-w- c:\windows\system32\SET1F1.tmp
    2008-04-14 02:32 . 2008-04-14 02:32 5632 ----a-w- c:\windows\system32\SET1D5.tmp
    2008-04-14 02:32 . 2008-04-14 02:32 5632 ----a-w- c:\windows\system32\SET170.tmp
    2008-04-14 02:32 . 2008-04-14 02:32 5632 ----a-w- c:\windows\system32\SET15A.tmp
    2008-04-14 02:31 . 2008-04-14 02:31 290816 ----a-w- c:\windows\system32\SET9DD.tmp
    2008-04-14 02:31 . 2008-04-14 02:31 290816 ----a-w- c:\windows\system32\SET7BF.tmp
    2008-04-14 02:31 . 2008-04-14 02:31 3584 ----a-w- c:\windows\system32\SET639.tmp
    2008-04-14 02:31 . 2008-04-14 02:31 3584 ----a-w- c:\windows\system32\SET4F6.tmp
    2008-04-14 02:31 . 2008-04-14 02:31 16896 ----a-w- c:\windows\system32\SETAF6.tmp
    2008-04-14 02:31 . 2008-04-14 02:31 16896 ----a-w- c:\windows\system32\SET9D0.tmp
    2008-04-14 02:31 . 2008-04-14 02:31 16896 ----a-w- c:\windows\system32\SET8EB.tmp
    2008-04-14 02:31 . 2008-04-14 02:31 16896 ----a-w- c:\windows\system32\SET7EE.tmp
    2008-04-14 02:31 . 2008-04-14 02:31 16896 ----a-w- c:\windows\system32\SET6FD.tmp
    2008-04-14 02:31 . 2008-04-14 02:31 16896 ----a-w- c:\windows\system32\SET5F5.tmp
    2008-04-14 02:31 . 2008-04-14 02:31 16896 ----a-w- c:\windows\system32\SET533.tmp
    2008-04-14 02:31 . 2008-04-14 02:31 16896 ----a-w- c:\windows\system32\SET505.tmp
    2008-04-14 02:02 . 2008-04-14 02:02 50688 ----a-w- c:\windows\system32\SETA15.tmp
    2008-04-14 02:02 . 2008-04-14 02:02 50688 ----a-w- c:\windows\system32\SET8DA.tmp
    2008-04-14 02:02 . 2008-04-14 02:02 50688 ----a-w- c:\windows\system32\SET7FF.tmp
    2008-04-14 02:02 . 2008-04-14 02:02 50688 ----a-w- c:\windows\system32\SET616.tmp
    2008-04-14 02:00 . 2008-04-14 02:00 572416 ----a-w- c:\windows\system32\SET7EC.tmp
    2008-04-14 02:00 . 2008-04-14 02:00 572416 ----a-w- c:\windows\system32\SET66B.tmp
    2008-04-14 02:00 . 2008-04-14 02:00 572416 ----a-w- c:\windows\system32\SET5D6.tmp
    2008-04-14 02:00 . 2008-04-14 02:00 572416 ----a-w- c:\windows\system32\SET3B6.tmp
    2008-04-14 02:00 . 2008-04-14 02:00 572416 ----a-w- c:\windows\system32\SET2F1.tmp
    2008-04-14 01:57 . 2008-04-14 01:57 70144 ----a-w- c:\windows\system32\SETB06.tmp
    2008-04-14 01:57 . 2008-04-14 01:57 70144 ----a-w- c:\windows\system32\SET9E0.tmp
    2008-04-14 01:57 . 2008-04-14 01:57 70144 ----a-w- c:\windows\system32\SET8FB.tmp
    2008-04-14 01:57 . 2008-04-14 01:57 70144 ----a-w- c:\windows\system32\SET70D.tmp
    2008-04-14 01:57 . 2008-04-14 01:57 70144 ----a-w- c:\windows\system32\SET543.tmp
    2008-04-14 01:57 . 2008-04-14 01:57 70144 ----a-w- c:\windows\system32\SET522.tmp
    2008-04-13 18:36 . 2008-04-13 18:36 2986496 ----a-w- c:\windows\system32\SET1700.tmp
    2008-04-13 18:36 . 2008-04-13 18:36 2986496 ----a-w- c:\windows\system32\SET15DA.tmp
    2008-04-13 18:36 . 2008-04-13 18:36 2986496 ----a-w- c:\windows\system32\SET14F5.tmp
    2008-04-13 18:36 . 2008-04-13 18:36 2986496 ----a-w- c:\windows\system32\SET13F6.tmp
    2008-04-13 18:36 . 2008-04-13 18:36 2986496 ----a-w- c:\windows\system32\SET1305.tmp
    2008-04-13 18:36 . 2008-04-13 18:36 2986496 ----a-w- c:\windows\system32\SET11FD.tmp
    2008-04-13 18:36 . 2008-04-13 18:36 2986496 ----a-w- c:\windows\system32\SET1154.tmp
    2008-04-13 18:36 . 2008-04-13 18:36 2986496 ----a-w- c:\windows\system32\SET113A.tmp
    2008-04-13 18:33 . 2008-11-29 16:50 44544 ----a-w- c:\windows\system32\SETBE0.tmp
    2008-04-13 18:32 . 2008-11-29 16:47 5632 ----a-w- c:\windows\system32\SET1A5.tmp
    2008-04-13 18:31 . 2008-11-29 16:50 16896 ----a-w- c:\windows\system32\SETBB9.tmp
    2008-04-13 18:30 . 2008-04-13 18:30 61440 ----a-w- c:\windows\system32\SET630.tmp
    2008-04-13 18:30 . 2008-04-13 18:30 61440 ----a-w- c:\windows\system32\SET546.tmp
    2008-04-13 18:30 . 2008-04-13 18:30 61440 ----a-w- c:\windows\system32\SET309.tmp
    2008-04-13 17:26 . 2008-04-13 17:26 12288 ----a-w- c:\windows\system32\SET987.tmp
    2008-04-13 16:26 . 2008-04-13 16:26 1351168 ----a-w- c:\windows\system32\SET973.tmp
    2008-04-13 16:26 . 2008-04-13 16:26 1351168 ----a-w- c:\windows\system32\SET57E.tmp
    2008-04-13 16:23 . 2008-04-13 16:23 48128 ----a-w- c:\windows\system32\SET959.tmp
    2008-04-13 16:23 . 2008-04-13 16:23 48128 ----a-w- c:\windows\system32\SET821.tmp
    2008-04-13 16:23 . 2008-04-13 16:23 48128 ----a-w- c:\windows\system32\SET751.tmp
    2008-04-13 16:23 . 2008-04-13 16:23 48128 ----a-w- c:\windows\system32\SET640.tmp
    2008-04-13 16:23 . 2008-04-13 16:23 48128 ----a-w- c:\windows\system32\SET563.tmp
    2008-04-13 16:23 . 2008-04-13 16:23 48128 ----a-w- c:\windows\system32\SET3FC.tmp
    2008-04-13 16:23 . 2008-04-13 16:23 48128 ----a-w- c:\windows\system32\SET3BC.tmp
    2008-04-13 16:23 . 2008-04-13 16:23 48128 ----a-w- c:\windows\system32\SET31E.tmp
    2008-04-13 15:42 . 2008-04-13 15:42 16896 ----a-w- c:\windows\system32\SET767.tmp
    2008-04-13 15:42 . 2008-04-13 15:42 16896 ----a-w- c:\windows\system32\SET5A3.tmp
    2008-04-13 15:42 . 2008-04-13 15:42 16896 ----a-w- c:\windows\system32\SET53A.tmp
    2008-04-13 15:42 . 2008-04-13 15:42 16896 ----a-w- c:\windows\system32\SET30F.tmp
    2008-04-13 15:39 . 2008-04-13 15:39 884736 ----a-w- c:\windows\system32\SET966.tmp
    2008-04-13 15:39 . 2008-04-13 15:39 884736 ----a-w- c:\windows\system32\SET82E.tmp
    2008-04-13 15:39 . 2008-04-13 15:39 884736 ----a-w- c:\windows\system32\SET75D.tmp
    2008-04-13 15:39 . 2008-04-13 15:39 884736 ----a-w- c:\windows\system32\SET651.tmp
    2008-04-13 15:39 . 2008-04-13 15:39 884736 ----a-w- c:\windows\system32\SET573.tmp
    2008-04-13 15:39 . 2008-04-13 15:39 884736 ----a-w- c:\windows\system32\SET40C.tmp
    2008-04-13 15:39 . 2008-04-13 15:39 884736 ----a-w- c:\windows\system32\SET3C7.tmp
    2008-04-13 15:39 . 2008-04-13 15:39 884736 ----a-w- c:\windows\system32\SET32A.tmp
    2008-04-13 10:36 . 2008-11-29 16:54 2986496 ----a-w- c:\windows\system32\SET17C3.tmp
    2008-04-13 10:30 . 2008-11-29 16:49 61440 ----a-w- c:\windows\system32\SET9EB.tmp
    2008-04-13 09:37 . 2008-11-29 16:50 138752 ----a-w- c:\windows\system32\SETB3E.tmp
    2008-04-13 09:37 . 2008-11-29 16:49 208384 ----a-w- c:\windows\system32\SET87D.tmp
    2008-04-13 09:26 . 2008-11-29 16:49 12288 ----a-w- c:\windows\system32\SETA34.tmp
    2008-04-13 09:26 . 2008-11-29 16:49 12288 ----a-w- c:\windows\system32\SET953.tmp
    2008-04-13 08:23 . 2008-11-29 16:49 48128 ----a-w- c:\windows\system32\SETA02.tmp
    2008-04-13 07:39 . 2008-11-29 16:49 884736 ----a-w- c:\windows\system32\SETA11.tmp
    2007-09-16 13:42 . 2005-03-23 17:50 -------- d-----w- c:\program files\Java
    2007-06-17 12:51 . 2005-03-23 17:51 -------- d-----w- c:\program files\Sonic
    2007-04-29 16:07 . 2005-03-23 17:53 -------- d-----w- c:\program files\Fichiers communs\AOL
    2007-04-29 16:07 . 2005-03-23 17:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
    2007-04-18 21:07 . 2009-01-30 01:52 53248 ----a-w- c:\windows\system32\mgxasio2.dll
    2007-03-28 04:56 . 2008-11-29 16:49 98304 ----a-w- c:\windows\system32\SET957.tmp
    2007-03-28 04:56 . 2008-11-29 16:49 24576 ----a-w- c:\windows\system32\SETA06.tmp
    2007-02-09 08:20 . 2008-04-08 18:10 25548 ----a-w- c:\windows\Fonts\Pokemon Solid.ttf
    2007-02-09 08:20 . 2008-04-08 18:10 42828 ----a-w- c:\windows\Fonts\Pokemon Hollow.ttf
    2007-01-12 01:18 . 2004-09-28 05:38 114688 -c--a-w- c:\windows\system32\wmatimer.dll
    2007-01-01 19:25 . 2007-01-01 19:25 461672 ----a-w- c:\windows\Fonts\SETB5A.tmp
    2007-01-01 19:25 . 2007-01-01 19:25 461672 ----a-w- c:\windows\Fonts\SETA34.tmp
    2007-01-01 19:25 . 2007-01-01 19:25 461672 ----a-w- c:\windows\Fonts\SET94F.tmp
    2007-01-01 19:25 . 2007-01-01 19:25 461672 ----a-w- c:\windows\Fonts\SET852.tmp
    2007-01-01 19:25 . 2007-01-01 19:25 461672 ----a-w- c:\windows\Fonts\SET761.tmp
    2007-01-01 19:25 . 2007-01-01 19:25 461672 ----a-w- c:\windows\Fonts\SET659.tmp
    2007-01-01 19:25 . 2007-01-01 19:25 461672 ----a-w- c:\windows\Fonts\SET597.tmp
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msword98"="c:\documents and settings\moi\msword98.exe" [2009-08-16 26686]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
    "msword98"="c:\windows\system32\msword98.exe" [2009-08-16 26686]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 86016]
    "nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2008-12-25 1657376]
    "SRFirstRun"="srclient.dll" - c:\windows\SYSTEM32\srclient.dll [2004-08-19 67584]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

    c:\documents and settings\secours\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2005-12-14 61440]

    c:\documents and settings\moi\Menu D‚marrer\Programmes\D‚marrage\
    ikowin32.exe [2004-8-5 24064]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 9.0 Icône AOL.lnk
    backup=c:\windows\pss\AOL 9.0 Icône AOL.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL Compagnon.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL Compagnon.lnk
    backup=c:\windows\pss\AOL Compagnon.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sipru.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Sipru.lnk
    backup=c:\windows\pss\Sipru.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SkyMessager.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\SkyMessager.lnk
    backup=c:\windows\pss\SkyMessager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^moi^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
    path=c:\documents and settings\moi\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
    backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Apple Mobile Device"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "FirewallDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\SYSTEM32\\RTCSHARE.EXE"=
    "c:\\Valve\\Steam\\SteamApps\\kash_e2\\counter-strike\\hl.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
    "c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Valve\\Steam\\Steam.exe"=
    "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
    "c:\\Program Files\\BitComet\\BitComet.exe"=
    "c:\documents and settings\moi\Application Data\Facebook\facebook.exe"= c:\documents and settings\moi\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\program files\Neuf\Media Center\httpd\httpd.exe"= c:\program files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6346:TCP"= 6346:TCP:*:D isabled:Shareaza
    "6346:UDP"= 6346:UDP:*:D isabled:Shareaza
    "26180:TCP"= 26180:TCP:neuf telecom
    "26181:TCP"= 26181:TCP:neuf telecom
    "9876:TCP"= 9876:TCP:neuf telecom
    "26190:UDP"= 26190:UDP:*:D isabled:SesamTV PVR
    "31336:TCP"= 31336:TCP:*:D isabled:adsl tv
    "31336:UDP"= 31336:UDP:*:D isabled:adsl tv
    "10625:TCP"= 10625:TCP:*:D isabled:SHAREAZA
    "10625:UDP"= 10625:UDP:*:D isabled:SHAREAZA
    "3128:TCP"= 3128:TCP:*:D isabled:ffff
    "3128:UDP"= 3128:UDP:*:D isabled:ffff
    "7080:TCP"= 7080:TCP:*:D isabled:max tv
    "21:UDP"= 21:UDP:*:D isabled:ultras
    "3900:TCP"= 3900:TCP:*:D isabled:Sopcast
    "3920:TCP"= 3920:TCP:*:D isabled:Sopcast
    "28464:TCP"= 28464:TCP:emule tcp
    "25140:UDP"= 25140:UDP:emule udp
    "16800:TCP"= 16800:TCP:*:D isabled:tvants
    "16800:UDP"= 16800:UDP:*:D isabled:tvants
    "5739:UDP"= 5739:UDP:p es2009
    "5730:UDP"= 5730:UDP:p es2009
    "5729:UDP"= 5729:UDP:p es2009
    "27588:TCP"= 27588:TCP:BitComet 27588 TCP
    "27588:UDP"= 27588:UDP:BitComet 27588 UDP
    "20085:TCP"= 20085:TCP:p es2009
    "20030:TCP"= 20030:TCP:p es2009
    "20020:TCP"= 20020:TCP:p es2009
    "20010:TCP"= 20010:TCP:p es2009
    "443:TCP"= 443:TCP:p es2009
    "8800:TCP"= 8800:TCP:p es2009
    "8899:TCP"= 8899:TCP:p es2009
    "14020:TCP"= 14020:TCP:p es2009

    S1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [01/04/2008 16:35 114768]
    S2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [01/04/2008 16:35 20560]
    S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\SYSTEM32\DRIVERS\CA533AV.SYS [14/08/2009 10:39 515803]
    S2 Vcs;Vcs support;c:\windows\SYSTEM32\DRIVERS\Vcs.sys [10/11/2005 20:40 6852]
    S3 3xHybrid;Pinnacle PCTV 110i service;c:\windows\SYSTEM32\DRIVERS\3xHybrid.sys [09/09/2006 22:26 827008]
    S3 gAGP440p;gAGP440p;\??\c:\docume~1\moi\LOCALS~1\Temp\gAGP440p.sys --> c:\docume~1\moi\LOCALS~1\Temp\gAGP440p.sys [?]
    S3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\SYSTEM32\DRIVERS\HCWBT8XX.sys [21/09/2006 14:55 472644]
    S3 PAEAFLT.sys;USB Composite Device;c:\windows\SYSTEM32\DRIVERS\PAEAFLT.sys [15/07/2009 16:38 8576]
    S3 SPC230NC;Philips SPC230NC Webcam;c:\windows\SYSTEM32\DRIVERS\SPC230NC.SYS [15/07/2009 16:38 461056]
    S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\SYSTEM32\DRIVERS\Bulk533.sys [14/08/2009 10:39 10986]
    S3 wip0204;Wippien Network Adapter 2.4;c:\windows\SYSTEM32\DRIVERS\wip0204.sys [14/03/2009 01:53 23480]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-PC Antispyware 2010 - c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe
    HKLM-Run-Regedit32 - c:\windows\system32\regedit.exe
    HKLM-Run-braviax - (no file)
    HKU-Default-Run-braviax - (no file)
    Notify-dimsntfy - (no file)


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mDefault_Search_URL = hxxp://www.google.com/ie
    mSearch Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = local
    mSearchAssistant = hxxp://www.google.com
    IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: Download with Rapget - c:\documents and settings\moi\Bureau\RapGet [Wawa-Mania][By i_love_sexe]\RapGet [Wawa-Mania][By i_love_sexe]\rapget.htm
    DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2005-01-11 17:54
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    c:\windows\system32\wisdstr.exe 190539 bytes executable
    c:\windows\system32\braviax.exe 11264 bytes executable

    scan completed successfully
    hidden files: 2

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-2668168583-2325841571-3812231592-1006\Software\SecuROM\License information*]
    "datasecu"=hex:3f,d1,93,2d,fe,a6,3f,96,b3,f3,7b,fe,d3,ee,97,c8,fc,76,79,16,d5,
    85,99,77,42,82,c5,91,c9,5a,ee,0e,34,ae,c9,7d,92,8c,9f,12,c8,db,19,87,0b,9a,\
    "rkeysecu"=hex:13,8c,e1,93,9d,8f,37,b3,15,e1,55,5d,4a,e3,a8,9a

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,57,98,68,e1,72,
    29,f2,59,c8,28,51,af,b0,29,a3,98,a8,8c,50,70,37,27,61,5f,e2,63,26,f1,3f,c8,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,b4,9b,4c,76,a6,
    33,33,f1,71,3b,04,66,8b,46,0d,96,92,a9,ed,24,b5,da,b7,14,6a,9c,d6,61,af,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,9c,21,80,53,69,
    fb,22,a3,25,da,ec,7e,55,20,c9,26,a8,92,fb,f7,81,77,94,85,ff,7c,85,e0,43,d4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,42,63,21,5e,77,
    57,7d,00,3e,1e,9e,e0,57,5a,93,61,54,2e,ee,e2,ce,73,db,ad,86,8c,21,01,be,91,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,fc,18,42,eb,82,
    72,e1,cf,cd,44,cd,b9,a6,33,6c,cd,94,de,66,78,8c,b1,f7,60,f5,1d,4d,73,a8,13,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:D f,20,58,62,78,6b,cf,c8,d1,ba,99,2e,6c,
    3d,69,08,b0,18,ed,a7,3f,8d,37,a4,92,c3,15,fd,2e,2c,c8,7f,df,20,58,62,78,6b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,44,e3,5f,5e,d0,
    fa,c6,a8,31,77,e1,ba,b1,f8,68,02,37,d4,52,5e,34,c0,47,1b,fb,a7,78,e6,12,2f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,ee,83,0d,eb,04,
    27,6b,d8,83,6c,56,8b,a0,85,96,ab,93,0e,df,da,bc,8d,3c,df,01,3a,48,fc,e8,04,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,91,6e,f7,a6,5d,
    4d,86,35,51,fa,6e,91,28,9e,14,cc,9a,d3,1d,7a,77,0d,4b,35,f6,0f,4e,58,98,5b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,05,95,79,48,3f,
    85,ec,43,b1,cd,45,5a,a8,c4,f8,b9,35,34,2d,94,24,b9,c4,9f,3d,ce,ea,26,2d,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,5a,50,a3,78,4f,
    e4,11,57,e3,0e,66,d5,eb,bc,2f,6b,f7,d4,9e,a2,ae,78,b3,32,2a,b7,cc,b5,b9,7f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,28,d2,16,d8,d9,
    ed,d0,48,fa,ea,66,7f,d4,3b,6b,70,c5,35,30,50,95,47,27,49,6c,43,2d,1e,aa,22,\

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\SYSTEM32\braviax.exe
    .
    **************************************************************************
    .
    Completion time: 2005-01-11 18:01 - machine was rebooted
    ComboFix-quarantined-files.txt 2005-01-11 17:00

    Pre-Run: 37 925 355 520 octets libres
    Post-Run: 37 917 396 992 octets libres

    841 --- E O F --- 2009-07-31 15:31
    20 Août 2009 11:48:28

    sayé je viens de telecharger sur le lien que tu ma donner,quand tu me dit que je dois deplacer ce fichier sur combofix ca ve dire que je dois le deplacer dans c:/combofix ?


    MERCI
    20 Août 2009 12:52:34

    pour info je n'ai pa de lecteur de disquette

    de plus,quand je vais dans c : je ne trouve plus combofix ! je ne trouve qu'un fichier combofix.txt

    de meme quands je vais sur c : programmes files je ne trouve meme plus combofix

    croyez moi je suis vraiment desoler d'etre aussi chiant pour mon pc mais j'en ai absolument besoin

    merci bcp
    a c 296 8 Sécurité
    a b 9 Windows
    20 Août 2009 15:32:19

    Citation :
    c:\documents and settings\moi\Bureau\ComboFix.exe

    --> ComboFix est sur ton Bureau.

    Citation :
    quand tu me dit que je dois deplacer ce fichier sur combofix ca ve dire que je dois le deplacer dans c:/combofix ?

    --> Le déplacer comme ceci :

    20 Août 2009 16:54:38

    sayé je vien de le deplacer

    j'ai un message warning voici le screen :
    a c 296 8 Sécurité
    a b 9 Windows
    20 Août 2009 17:00:16

    Il a détecté qu'Avast était en route.
    20 Août 2009 17:31:44

    pourtant je suis en mode sans echec avec prise en charge du reseau et avast n'est pas activer
    a c 296 8 Sécurité
    a b 9 Windows
    20 Août 2009 17:33:12

    Continue quand même.
    20 Août 2009 17:38:45

    donc je fais quoi maintenant lol,je continue au moment ou j'ai le message warning c'est ca ??

    je vous jure je suis vraiment dsl d'etre aussi chiant !
    a c 296 8 Sécurité
    a b 9 Windows
    20 Août 2009 17:50:00

    Oui.
    20 Août 2009 18:17:08

    voici le log :
    ComboFix 09-08-19.0C - moi 20/08/2009 17:55.3.1 - NTFSx86 NETWORK
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.2558.2253 [GMT 2:00]
    Running from: c:\documents and settings\moi\Bureau\65604-CF.exe
    AV: avast! antivirus 4.8.1335 [VPS 090815-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\agyg._sy
    c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\arymuj.dat
    c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\cuhig.bat
    c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\ilecazilu.com
    c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\okek.scr
    c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\opajan.db
    c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\opilijuv.ban
    c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\tubodixoj.dat
    c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\ureqa.pif
    c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\vaze.bin
    c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\wiguhozojy._sy
    c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\wymejuqemy._sy
    c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\ybamijisez.reg
    c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\ybihyjod.dll
    c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\ynohyb.db
    c:\documents and settings\moi\Application Data\wiaserva.log
    c:\documents and settings\moi\oashdihasidhasuidhiasdhiashdiuasdhasd
    c:\program files\PC_Antispyware2010
    c:\program files\PC_Antispyware2010\AVEngn.dll
    c:\program files\PC_Antispyware2010\data\daily.cvd
    c:\program files\PC_Antispyware2010\htmlayout.dll
    c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
    c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll
    c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll
    c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll
    c:\program files\PC_Antispyware2010\PC_Antispyware2010.cfg
    c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe
    c:\program files\PC_Antispyware2010\pthreadVC2.dll
    c:\program files\PC_Antispyware2010\Uninstall.exe
    c:\program files\PC_Antispyware2010\wscui.cpl
    c:\windows\braviax.exe
    c:\windows\cru629.dat
    c:\windows\system32\_scui.cpl
    c:\windows\system32\404Fix.exe
    c:\windows\system32\Agent.OMZ.Fix.exe
    c:\windows\system32\braviax.exe
    c:\windows\system32\cru629.dat
    c:\windows\system32\dllcache\figaro.sys
    c:\windows\system32\dumphive.exe
    c:\windows\system32\IEDFix.C.exe
    c:\windows\system32\IEDFix.exe
    c:\windows\system32\o4Patch.exe
    c:\windows\system32\Process.exe
    c:\windows\system32\SrchSTS.exe
    c:\windows\system32\tmp.reg
    c:\windows\system32\VACFix.exe
    c:\windows\system32\VCCLSID.exe
    c:\windows\system32\wisdstr.exe
    c:\windows\system32\WS2Fix.exe

    Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected
    Restored copy from - c:\i386\BEEP.SYS

    .
    ((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 )))))))))))))))))))))))))))))))
    .

    2009-08-16 01:50 . 2005-01-12 08:17 26686 ----a-w- c:\documents and settings\moi\msword98.exe
    2009-08-14 09:39 . 2002-10-21 10:37 515803 ----a-w- c:\windows\system32\drivers\CA533AV.SYS
    2009-08-14 09:39 . 2002-07-25 10:19 10986 ----a-w- c:\windows\system32\drivers\Bulk533.sys
    2009-08-13 20:58 . 2009-08-13 20:58 -------- d-----w- c:\documents and settings\moi\Local Settings\Application Data\CAPCOM
    2009-08-13 20:10 . 2008-03-05 14:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
    2009-08-13 20:10 . 2008-02-05 22:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
    2009-08-13 20:10 . 2008-03-05 14:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
    2009-08-13 20:09 . 2009-08-13 20:09 -------- d-----w- c:\windows\system32\xlive
    2009-08-13 20:09 . 2009-08-13 20:10 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
    2009-08-13 20:09 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
    2009-08-13 20:09 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
    2009-08-13 20:09 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
    2009-08-13 20:09 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2009-08-13 20:09 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
    2009-08-13 20:09 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
    2009-08-13 20:09 . 2007-04-04 17:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
    2009-08-13 19:07 . 2009-08-13 20:08 -------- d-----w- c:\program files\Street Fighter IV
    2009-08-13 09:55 . 2009-08-15 14:02 -------- d-----w- c:\program files\Simulateur de conduite 3D
    2009-08-10 14:06 . 2009-08-10 14:07 -------- d-----w- c:\documents and settings\secours\Application Data\OpenOffice.org2
    2009-07-23 12:53 . 2009-08-14 09:39 -------- d-----w- c:\program files\DkZ Studio

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-20 16:08 . 2009-08-20 16:08 190539 ----a-w- c:\windows\system32\wisdstr.exe
    2009-08-20 16:08 . 2009-08-20 16:08 11264 ----a-w- c:\windows\system32\braviax.exe
    2009-08-20 16:08 . 2005-01-12 08:22 29184 ----a-w- c:\windows\system32\drivers\beep.sys
    2009-08-16 10:45 . 2009-03-02 18:02 -------- d-----w- c:\program files\Cheat 'O Matic
    2009-08-15 16:19 . 2007-08-28 19:29 -------- d-----w- c:\program files\eMule
    2009-08-15 12:18 . 2006-01-07 16:23 -------- d-----w- c:\documents and settings\moi\Application Data\OpenOffice.org2
    2009-08-14 09:48 . 2007-02-27 12:47 -------- d-----w- c:\program files\SopCast
    2009-08-14 09:48 . 2007-02-01 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
    2009-08-14 09:42 . 2005-03-23 17:53 -------- d-----w- c:\program files\Fichiers communs\Real
    2009-08-14 09:40 . 2008-03-06 09:07 -------- d-----w- c:\program files\mIRC
    2009-08-03 12:36 . 2005-01-12 06:04 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-08-03 12:36 . 2005-01-12 06:04 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-08-01 12:44 . 2007-08-03 20:51 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-08-01 12:42 . 2009-03-04 19:36 -------- d-----w- c:\program files\JPEG Compression
    2009-07-19 20:44 . 2009-01-29 23:57 -------- d-----w- c:\documents and settings\moi\Application Data\Hamachi
    2009-07-19 10:35 . 2009-07-15 17:12 230432 ----a-w- C:\SPC230NC.DAT
    2009-07-15 16:02 . 2009-07-15 16:02 -------- d-----w- c:\documents and settings\moi\Application Data\ArcSoft
    2009-07-15 15:58 . 2009-07-15 15:58 -------- d-----w- c:\documents and settings\secours\Application Data\ArcSoft
    2009-07-14 13:39 . 2008-05-25 12:10 -------- d-----w- c:\program files\Messenger Plus! Live
    2009-07-14 13:39 . 2007-04-30 09:13 -------- d-----w- c:\program files\MSN Messenger
    2009-07-14 11:42 . 2005-11-08 15:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2009-07-05 11:08 . 2009-04-26 23:21 -------- d-----w- c:\program files\WinamaxPoker
    2009-06-27 16:51 . 2009-06-27 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
    2009-06-27 16:49 . 2009-06-27 16:49 -------- d-----w- c:\program files\Windows Live
    2009-06-23 18:01 . 2009-03-14 00:53 -------- d-----w- c:\documents and settings\moi\Application Data\Wippien
    2005-01-12 08:28 . 2005-01-12 08:28 18873 ----a-w- c:\program files\Fichiers communs\ehepexe.dl
    2005-01-12 08:28 . 2005-01-12 08:28 13574 ----a-w- c:\program files\Fichiers communs\qyqa._sy
    2005-01-12 08:28 . 2005-01-12 08:28 13125 ----a-w- c:\program files\Fichiers communs\xycak.ban
    2005-01-12 07:08 . 2005-01-12 07:08 19071 ----a-w- c:\program files\Fichiers communs\xice.dat
    2005-01-12 07:08 . 2005-01-12 07:08 18217 ----a-w- c:\program files\Fichiers communs\ijad.pif
    2005-01-12 07:08 . 2005-01-12 07:08 17575 ----a-w- c:\program files\Fichiers communs\ecykow.inf
    2005-01-12 07:08 . 2005-01-12 07:08 11794 ----a-w- c:\program files\Fichiers communs\yrihak.db
    2005-01-11 17:02 . 2005-01-11 17:02 15747 ----a-w- c:\program files\Fichiers communs\ejufijafa._sy
    2005-01-11 17:02 . 2005-01-11 17:02 14540 ----a-w- c:\program files\Fichiers communs\loherif._sy
    2005-01-11 17:02 . 2005-01-11 17:02 10981 ----a-w- c:\program files\Fichiers communs\cahypihig.exe
    2005-01-11 16:41 . 2005-01-11 16:41 13114 ----a-w- c:\program files\Fichiers communs\ihytavo.bat
    2005-01-11 16:41 . 2005-01-11 16:41 10572 ----a-w- c:\program files\Fichiers communs\ykilumyc.bat
    2005-01-10 16:33 . 2005-01-10 16:33 19327 ----a-w- c:\program files\Fichiers communs\adogiz.db
    2005-01-10 16:33 . 2005-01-10 16:33 19049 ----a-w- c:\program files\Fichiers communs\owijer.vbs
    2005-01-10 16:33 . 2005-01-10 16:33 19042 ----a-w- c:\program files\Fichiers communs\sygigibihe.bat
    2005-01-10 16:33 . 2005-01-10 16:33 18729 ----a-w- c:\program files\Fichiers communs\ynaho.ban
    2005-01-10 16:33 . 2005-01-10 16:33 17714 ----a-w- c:\program files\Fichiers communs\venuba.bin
    2005-01-10 16:33 . 2005-01-10 16:33 14201 ----a-w- c:\program files\Fichiers communs\okafid._sy
    2006-06-17 07:05 . 2006-06-16 16:33 88 -csha-r- c:\windows\SYSTEM32\D0D0DC084F.sys
    .

    ------- Sigcheck -------

    [-] 2009-08-20 16:08 29184 03578D7FAEB514545F3AB36FFA0790CA c:\windows\SYSTEM32\DLLCACHE\beep.sys
    [-] 2009-08-20 16:08 29184 03578D7FAEB514545F3AB36FFA0790CA c:\windows\SYSTEM32\DRIVERS\beep.sys

    [-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
    [-] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ntfs.sys
    [7] 2004-08-19 20:03 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\SYSTEM32\DLLCACHE\ntfs.sys
    [-] 2005-01-11 16:23 619200 5D407322AA69AC6E7B17C81B48DEB327 c:\windows\SYSTEM32\DRIVERS\ntfs.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-19 160768]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

    c:\documents and settings\secours\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2005-12-14 61440]

    c:\documents and settings\moi\Menu D‚marrer\Programmes\D‚marrage\
    ikowin32.exe [2004-8-5 24064]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 9.0 Icône AOL.lnk
    backup=c:\windows\pss\AOL 9.0 Icône AOL.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL Compagnon.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL Compagnon.lnk
    backup=c:\windows\pss\AOL Compagnon.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sipru.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Sipru.lnk
    backup=c:\windows\pss\Sipru.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SkyMessager.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\SkyMessager.lnk
    backup=c:\windows\pss\SkyMessager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^moi^Menu Démarrer^Programmes^Démarrage^ikowin32.exe]
    path=c:\documents and settings\moi\Menu Démarrer\Programmes\Démarrage\ikowin32.exe
    backup=c:\windows\pss\ikowin32.exeStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^moi^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
    path=c:\documents and settings\moi\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
    backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Apple Mobile Device"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "FirewallDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\SYSTEM32\\RTCSHARE.EXE"=
    "c:\\Valve\\Steam\\SteamApps\\kash_e2\\counter-strike\\hl.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
    "c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Valve\\Steam\\Steam.exe"=
    "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
    "c:\\Program Files\\BitComet\\BitComet.exe"=
    "c:\documents and settings\moi\Application Data\Facebook\facebook.exe"= c:\documents and settings\moi\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\program files\Neuf\Media Center\httpd\httpd.exe"= c:\program files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6346:TCP"= 6346:TCP:*:D isabled:Shareaza
    "6346:UDP"= 6346:UDP:*:D isabled:Shareaza
    "26180:TCP"= 26180:TCP:neuf telecom
    "26181:TCP"= 26181:TCP:neuf telecom
    "9876:TCP"= 9876:TCP:neuf telecom
    "26190:UDP"= 26190:UDP:*:D isabled:SesamTV PVR
    "31336:TCP"= 31336:TCP:*:D isabled:adsl tv
    "31336:UDP"= 31336:UDP:*:D isabled:adsl tv
    "10625:TCP"= 10625:TCP:*:D isabled:SHAREAZA
    "10625:UDP"= 10625:UDP:*:D isabled:SHAREAZA
    "3128:TCP"= 3128:TCP:*:D isabled:ffff
    "3128:UDP"= 3128:UDP:*:D isabled:ffff
    "7080:TCP"= 7080:TCP:*:D isabled:max tv
    "21:UDP"= 21:UDP:*:D isabled:ultras
    "3900:TCP"= 3900:TCP:*:D isabled:Sopcast
    "3920:TCP"= 3920:TCP:*:D isabled:Sopcast
    "28464:TCP"= 28464:TCP:emule tcp
    "25140:UDP"= 25140:UDP:emule udp
    "16800:TCP"= 16800:TCP:*:D isabled:tvants
    "16800:UDP"= 16800:UDP:*:D isabled:tvants
    "5739:UDP"= 5739:UDP:p es2009
    "5730:UDP"= 5730:UDP:p es2009
    "5729:UDP"= 5729:UDP:p es2009
    "27588:TCP"= 27588:TCP:BitComet 27588 TCP
    "27588:UDP"= 27588:UDP:BitComet 27588 UDP
    "20085:TCP"= 20085:TCP:p es2009
    "20030:TCP"= 20030:TCP:p es2009
    "20020:TCP"= 20020:TCP:p es2009
    "20010:TCP"= 20010:TCP:p es2009
    "443:TCP"= 443:TCP:p es2009
    "8800:TCP"= 8800:TCP:p es2009
    "8899:TCP"= 8899:TCP:p es2009
    "14020:TCP"= 14020:TCP:p es2009

    S1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [01/04/2008 17:35 114768]
    S2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [01/04/2008 17:35 20560]
    S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\SYSTEM32\DRIVERS\CA533AV.SYS [14/08/2009 11:39 515803]
    S2 Vcs;Vcs support;c:\windows\SYSTEM32\DRIVERS\Vcs.sys [10/11/2005 21:40 6852]
    S3 3xHybrid;Pinnacle PCTV 110i service;c:\windows\SYSTEM32\DRIVERS\3xHybrid.sys [09/09/2006 23:26 827008]
    S3 gAGP440p;gAGP440p;\??\c:\docume~1\moi\LOCALS~1\Temp\gAGP440p.sys --> c:\docume~1\moi\LOCALS~1\Temp\gAGP440p.sys [?]
    S3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\SYSTEM32\DRIVERS\HCWBT8XX.sys [21/09/2006 15:55 472644]
    S3 PAEAFLT.sys;USB Composite Device;c:\windows\SYSTEM32\DRIVERS\PAEAFLT.sys [15/07/2009 17:38 8576]
    S3 SPC230NC;Philips SPC230NC Webcam;c:\windows\SYSTEM32\DRIVERS\SPC230NC.SYS [15/07/2009 17:38 461056]
    S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\SYSTEM32\DRIVERS\Bulk533.sys [14/08/2009 11:39 10986]
    S3 wip0204;Wippien Network Adapter 2.4;c:\windows\SYSTEM32\DRIVERS\wip0204.sys [14/03/2009 02:53 23480]
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-Regedit32 - c:\windows\system32\regedit.exe
    HKLM-Run-braviax - (no file)
    HKU-Default-Run-braviax - (no file)


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    mDefault_Search_URL = hxxp://www.google.com/ie
    mSearch Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = local
    mSearchAssistant = hxxp://www.google.com
    IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: Download with Rapget - c:\documents and settings\moi\Bureau\RapGet [Wawa-Mania][By i_love_sexe]\RapGet [Wawa-Mania][By i_love_sexe]\rapget.htm
    DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-20 18:07
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    c:\windows\system32\wisdstr.exe 190539 bytes executable
    c:\windows\system32\braviax.exe 11264 bytes executable

    scan completed successfully
    hidden files: 2

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-2668168583-2325841571-3812231592-1006\Software\SecuROM\License information*]
    "datasecu"=hex:3f,d1,93,2d,fe,a6,3f,96,b3,f3,7b,fe,d3,ee,97,c8,fc,76,79,16,d5,
    85,99,77,42,82,c5,91,c9,5a,ee,0e,34,ae,c9,7d,92,8c,9f,12,c8,db,19,87,0b,9a,\
    "rkeysecu"=hex:13,8c,e1,93,9d,8f,37,b3,15,e1,55,5d,4a,e3,a8,9a

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,57,98,68,e1,72,
    29,f2,59,c8,28,51,af,b0,29,a3,98,a8,8c,50,70,37,27,61,5f,e2,63,26,f1,3f,c8,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,b4,9b,4c,76,a6,
    33,33,f1,71,3b,04,66,8b,46,0d,96,92,a9,ed,24,b5,da,b7,14,6a,9c,d6,61,af,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,9c,21,80,53,69,
    fb,22,a3,25,da,ec,7e,55,20,c9,26,a8,92,fb,f7,81,77,94,85,ff,7c,85,e0,43,d4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,42,63,21,5e,77,
    57,7d,00,3e,1e,9e,e0,57,5a,93,61,54,2e,ee,e2,ce,73,db,ad,86,8c,21,01,be,91,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,fc,18,42,eb,82,
    72,e1,cf,cd,44,cd,b9,a6,33,6c,cd,94,de,66,78,8c,b1,f7,60,f5,1d,4d,73,a8,13,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:D f,20,58,62,78,6b,cf,c8,d1,ba,99,2e,6c,
    3d,69,08,b0,18,ed,a7,3f,8d,37,a4,92,c3,15,fd,2e,2c,c8,7f,df,20,58,62,78,6b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,44,e3,5f,5e,d0,
    fa,c6,a8,31,77,e1,ba,b1,f8,68,02,37,d4,52,5e,34,c0,47,1b,fb,a7,78,e6,12,2f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,ee,83,0d,eb,04,
    27,6b,d8,83,6c,56,8b,a0,85,96,ab,93,0e,df,da,bc,8d,3c,df,01,3a,48,fc,e8,04,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,91,6e,f7,a6,5d,
    4d,86,35,51,fa,6e,91,28,9e,14,cc,9a,d3,1d,7a,77,0d,4b,35,f6,0f,4e,58,98,5b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,05,95,79,48,3f,
    85,ec,43,b1,cd,45,5a,a8,c4,f8,b9,35,34,2d,94,24,b9,c4,9f,3d,ce,ea,26,2d,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,5a,50,a3,78,4f,
    e4,11,57,e3,0e,66,d5,eb,bc,2f,6b,f7,d4,9e,a2,ae,78,b3,32,2a,b7,cc,b5,b9,7f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,28,d2,16,d8,d9,
    ed,d0,48,fa,ea,66,7f,d4,3b,6b,70,c5,35,30,50,95,47,27,49,6c,43,2d,1e,aa,22,\

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\SYSTEM32\braviax.exe
    .
    **************************************************************************
    .
    Completion time: 2009-08-20 18:13 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-08-20 16:13
    ComboFix2.txt 2005-01-11 17:01

    Pre-Run: 38 203 994 112 octets libres
    Post-Run: 38 207 787 008 octets libres

    377 --- E O F --- 2009-07-31 15:31
    a c 296 8 Sécurité
    a b 9 Windows
    20 Août 2009 18:24:03

    La console de récupération n'est pas installée, l'infection est toujours là.
    20 Août 2009 18:27:54

    je dois faire quoi alors ??
    a c 296 8 Sécurité
    a b 9 Windows
    20 Août 2009 18:34:49

    Tu as bien déplacé le fichier WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe sur ComboFix ?
    20 Août 2009 18:44:10

    je le refais pour en etre sure donc je vais fair une nouvelle analyse c'est ca ?
    a c 296 8 Sécurité
    a b 9 Windows
    20 Août 2009 18:46:59

    Que se passe-t-il quand tu déposes le fichier sur ComboFix ?
    20 Août 2009 18:59:08

    ben j'ai un message qui me demande si je veux executer combofix,je met executer ensuite j'ai une barre avec ecris combofix qui se remplis,et juste apres ca j'ai ce message d'erreur : http://img208.imageshack.us/img208/5412/combm.jpg" />
    a c 296 8 Sécurité
    a b 9 Windows
    20 Août 2009 19:04:53

    Et quand tu double-cliques directement sur ComboFix, il ne te propose pas d'installer la console de récupération ?
    20 Août 2009 19:10:48

    non meme pas,j'ai toujours la meme fenetre warning,il me la proposer qu'une seul fois quand tu ma demander de l'installer hier soir
    a c 296 8 Sécurité
    a b 9 Windows
    20 Août 2009 19:12:09

    Ok, je vais en parler avec quelqu'un.

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher. L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    20 Août 2009 19:41:06

    j'ai fais ce que tu ma dit et voici le message que j'ai eu :

    je ne sais donc pas si je dois redemarrer ou pas




    sinon voici le rapport de mbam :

    Malwarebytes' Anti-Malware 1.40
    Version de la base de données: 2665
    Windows 5.1.2600 Service Pack 2 (Safe Mode)

    20/08/2009 19:32:42
    mbam-log-2009-08-20 (19-32-42).txt

    Type de recherche: Examen rapide
    Eléments examinés: 119647
    Temps écoulé: 8 minute(s), 24 second(s)

    Processus mémoire infecté(s): 2
    Module(s) mémoire infecté(s): 4
    Clé(s) du Registre infectée(s): 2
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 3
    Dossier(s) infecté(s): 3
    Fichier(s) infecté(s): 25

    Processus mémoire infecté(s):
    C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe (Rogue.Multiple) -> Unloaded process successfully.
    C:\WINDOWS\SYSTEM32\braviax.exe (Trojan.FakeAlert) -> Unloaded process successfully.

    Module(s) mémoire infecté(s):
    C:\Program Files\PC_Antispyware2010\htmlayout.dll (Rogue.AntiVirusPro2009) -> Delete on reboot.
    C:\WINDOWS\SYSTEM32\_scui.cpl (Rogue.HomeAntiVirus) -> Delete on reboot.
    C:\Program Files\PC_Antispyware2010\AVEngn.dll (Rogue.PC_Antispyware2010) -> Delete on reboot.
    C:\Program Files\PC_Antispyware2010\pthreadVC2.dll (Rogue.PC_Antispyware2010) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pc_antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pc antispyware 2010 (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Delete on reboot.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\Program Files\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
    C:\Program Files\PC_Antispyware2010\data (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
    C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\PC_Antispyware2010\htmlayout.dll (Rogue.AntiVirusPro2009) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\wisdstr.exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\_scui.cpl (Rogue.HomeAntiVirus) -> Delete on reboot.
    C:\WINDOWS\SYSTEM32\DRIVERS\beep.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
    C:\WINDOWS\meta4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\PC_Antispyware2010\AVEngn.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
    C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.cfg (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
    C:\Program Files\PC_Antispyware2010\pthreadVC2.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
    C:\Program Files\PC_Antispyware2010\Uninstall.exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
    C:\Program Files\PC_Antispyware2010\wscui.cpl (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
    C:\Program Files\PC_Antispyware2010\data\daily.cvd (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
    C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
    C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
    C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
    C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\braviax.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\DLLCACHE\beep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\DLLCACHE\figaro.sys (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\moi\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\izyzuzef.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.
    C:\Documents and Settings\moi\Menu Démarrer\Programmes\Démarrage\ikowin32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\moi\msword98.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SYSTEM32\msword98.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    a c 296 8 Sécurité
    a b 9 Windows
    20 Août 2009 19:47:37

    Oui, redémarre.

  • Relance MBAM, va dans Quarantaine et supprime tout.

  • Refais un scan avec ComboFix.
    21 Août 2009 02:58:00

    je suis dsl de ne repondre que maintenant,j'ai eu un gros soucis privé qui m'a empeché d'etre present sur le pc

    donc j'ai fait comme demandé,j'ai suprimer les quarantaine dans MBAM et j'ai refais un scan avec combofix

    voici le rapport log :

    ComboFix 09-08-19.08 - moi 21/08/2009 2:36.4.1 - NTFSx86 NETWORK
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.2558.2139 [GMT 2:00]
    Running from: c:\documents and settings\moi\Bureau\ComboFix.exe
    AV: avast! antivirus 4.8.1335 [VPS 090815-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\jesi.bin
    c:\program files\PC_Antispyware2010
    c:\program files\PC_Antispyware2010\AVEngn.dll
    c:\program files\PC_Antispyware2010\htmlayout.dll
    c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe
    c:\program files\PC_Antispyware2010\pthreadVC2.dll
    c:\windows\system32\_scui.cpl
    c:\windows\system32\braviax.exe

    .
    ((((((((((((((((((((((((( Files Created from 2009-07-21 to 2009-08-21 )))))))))))))))))))))))))))))))
    .

    2009-08-21 00:15 . 2009-08-21 00:15 19869 ----a-w- c:\windows\osahyw.dll
    2009-08-21 00:15 . 2009-08-21 00:15 19817 ----a-w- c:\windows\ucecuty.bat
    2009-08-21 00:15 . 2009-08-21 00:15 17531 ----a-w- c:\windows\system32\toduj.pif
    2009-08-21 00:15 . 2009-08-21 00:15 16215 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\zahem.reg
    2009-08-21 00:15 . 2009-08-21 00:15 14685 ----a-w- c:\windows\system32\milydu.pif
    2009-08-21 00:15 . 2009-08-21 00:15 12727 ----a-w- c:\documents and settings\LocalService\Application Data\ibuco.bat
    2009-08-21 00:15 . 2009-08-21 00:15 11984 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\tokola.com
    2009-08-21 00:15 . 2009-08-21 00:15 10504 ----a-w- c:\windows\system32\uwaryx.pif
    2009-08-20 17:17 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-08-20 17:17 . 2009-08-20 17:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-08-20 17:17 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-08-20 17:07 . 2009-08-20 17:07 -------- d-s---w- C:\65604-CF
    2009-08-14 09:39 . 2002-10-21 10:37 515803 ----a-w- c:\windows\system32\drivers\CA533AV.SYS
    2009-08-14 09:39 . 2002-07-25 10:19 10986 ----a-w- c:\windows\system32\drivers\Bulk533.sys
    2009-08-13 20:58 . 2009-08-13 20:58 -------- d-----w- c:\documents and settings\moi\Local Settings\Application Data\CAPCOM
    2009-08-13 20:10 . 2008-03-05 14:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
    2009-08-13 20:10 . 2008-02-05 22:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
    2009-08-13 20:10 . 2008-03-05 14:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
    2009-08-13 20:09 . 2009-08-13 20:09 -------- d-----w- c:\windows\system32\xlive
    2009-08-13 20:09 . 2009-08-13 20:10 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
    2009-08-13 20:09 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
    2009-08-13 20:09 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
    2009-08-13 20:09 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
    2009-08-13 20:09 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2009-08-13 20:09 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
    2009-08-13 20:09 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
    2009-08-13 20:09 . 2007-04-04 17:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
    2009-08-13 19:07 . 2009-08-13 20:08 -------- d-----w- c:\program files\Street Fighter IV
    2009-08-13 09:55 . 2009-08-15 14:02 -------- d-----w- c:\program files\Simulateur de conduite 3D
    2009-08-10 14:06 . 2009-08-10 14:07 -------- d-----w- c:\documents and settings\secours\Application Data\OpenOffice.org2
    2009-07-23 12:53 . 2009-08-14 09:39 -------- d-----w- c:\program files\DkZ Studio

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-21 00:15 . 2009-08-21 00:15 19353 ----a-w- c:\documents and settings\LocalService\Application Data\nekepepade.bin
    2009-08-21 00:15 . 2009-08-21 00:15 12015 ----a-w- c:\documents and settings\LocalService\Application Data\ehog.dat
    2009-08-20 16:11 . 2005-03-23 17:42 86774 ----a-w- c:\windows\system32\perfc00C.dat
    2009-08-20 16:11 . 2005-03-23 17:42 514278 ----a-w- c:\windows\system32\perfh00C.dat
    2009-08-16 10:45 . 2009-03-02 18:02 -------- d-----w- c:\program files\Cheat 'O Matic
    2009-08-15 16:19 . 2007-08-28 19:29 -------- d-----w- c:\program files\eMule
    2009-08-15 12:18 . 2006-01-07 16:23 -------- d-----w- c:\documents and settings\moi\Application Data\OpenOffice.org2
    2009-08-14 09:48 . 2007-02-27 12:47 -------- d-----w- c:\program files\SopCast
    2009-08-14 09:48 . 2007-02-01 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
    2009-08-14 09:42 . 2005-03-23 17:53 -------- d-----w- c:\program files\Fichiers communs\Real
    2009-08-14 09:40 . 2008-03-06 09:07 -------- d-----w- c:\program files\mIRC
    2009-08-01 12:44 . 2007-08-03 20:51 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-08-01 12:42 . 2009-03-04 19:36 -------- d-----w- c:\program files\JPEG Compression
    2009-07-19 20:44 . 2009-01-29 23:57 -------- d-----w- c:\documents and settings\moi\Application Data\Hamachi
    2009-07-19 10:35 . 2009-07-15 17:12 230432 ----a-w- C:\SPC230NC.DAT
    2009-07-15 16:02 . 2009-07-15 16:02 -------- d-----w- c:\documents and settings\moi\Application Data\ArcSoft
    2009-07-15 15:58 . 2009-07-15 15:58 -------- d-----w- c:\documents and settings\secours\Application Data\ArcSoft
    2009-07-14 13:39 . 2008-05-25 12:10 -------- d-----w- c:\program files\Messenger Plus! Live
    2009-07-14 13:39 . 2007-04-30 09:13 -------- d-----w- c:\program files\MSN Messenger
    2009-07-14 11:42 . 2005-11-08 15:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2009-07-05 11:08 . 2009-04-26 23:21 -------- d-----w- c:\program files\WinamaxPoker
    2009-06-27 16:51 . 2009-06-27 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
    2009-06-27 16:49 . 2009-06-27 16:49 -------- d-----w- c:\program files\Windows Live
    2009-06-23 18:01 . 2009-03-14 00:53 -------- d-----w- c:\documents and settings\moi\Application Data\Wippien
    2005-01-12 08:28 . 2005-01-12 08:28 18873 ----a-w- c:\program files\Fichiers communs\ehepexe.dl
    2005-01-12 08:28 . 2005-01-12 08:28 13574 ----a-w- c:\program files\Fichiers communs\qyqa._sy
    2005-01-12 08:28 . 2005-01-12 08:28 13125 ----a-w- c:\program files\Fichiers communs\xycak.ban
    2005-01-12 07:08 . 2005-01-12 07:08 19071 ----a-w- c:\program files\Fichiers communs\xice.dat
    2005-01-12 07:08 . 2005-01-12 07:08 18217 ----a-w- c:\program files\Fichiers communs\ijad.pif
    2005-01-12 07:08 . 2005-01-12 07:08 17575 ----a-w- c:\program files\Fichiers communs\ecykow.inf
    2005-01-12 07:08 . 2005-01-12 07:08 11794 ----a-w- c:\program files\Fichiers communs\yrihak.db
    2005-01-11 17:02 . 2005-01-11 17:02 15747 ----a-w- c:\program files\Fichiers communs\ejufijafa._sy
    2005-01-11 17:02 . 2005-01-11 17:02 14540 ----a-w- c:\program files\Fichiers communs\loherif._sy
    2005-01-11 17:02 . 2005-01-11 17:02 10981 ----a-w- c:\program files\Fichiers communs\cahypihig.exe
    2005-01-11 16:41 . 2005-01-11 16:41 13114 ----a-w- c:\program files\Fichiers communs\ihytavo.bat
    2005-01-11 16:41 . 2005-01-11 16:41 10572 ----a-w- c:\program files\Fichiers communs\ykilumyc.bat
    2005-01-10 16:33 . 2005-01-10 16:33 19327 ----a-w- c:\program files\Fichiers communs\adogiz.db
    2005-01-10 16:33 . 2005-01-10 16:33 19049 ----a-w- c:\program files\Fichiers communs\owijer.vbs
    2005-01-10 16:33 . 2005-01-10 16:33 19042 ----a-w- c:\program files\Fichiers communs\sygigibihe.bat
    2005-01-10 16:33 . 2005-01-10 16:33 18729 ----a-w- c:\program files\Fichiers communs\ynaho.ban
    2005-01-10 16:33 . 2005-01-10 16:33 17714 ----a-w- c:\program files\Fichiers communs\venuba.bin
    2005-01-10 16:33 . 2005-01-10 16:33 14201 ----a-w- c:\program files\Fichiers communs\okafid._sy
    2006-06-17 07:05 . 2006-06-16 16:33 88 -csha-r- c:\windows\SYSTEM32\D0D0DC084F.sys
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-08-20_16.07.47 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-08-20 16:14 . 2009-08-20 16:14 13794 c:\windows\yjyw.vbs
    + 2009-08-20 16:14 . 2009-08-20 16:14 16118 c:\windows\SYSTEM32\qibaze.dat
    + 2009-08-20 16:14 . 2009-08-20 16:14 13490 c:\windows\SYSTEM32\qeweluveho.exe
    + 2005-03-23 17:42 . 2009-08-20 16:11 72936 c:\windows\SYSTEM32\PERFC009.DAT
    - 2005-03-23 17:42 . 2005-01-12 05:45 72936 c:\windows\SYSTEM32\PERFC009.DAT
    + 2009-08-20 16:14 . 2009-08-20 16:14 10247 c:\windows\naxityduge.bat
    + 2009-08-20 16:14 . 2009-08-20 16:14 10769 c:\windows\kivo.exe
    + 2009-08-20 16:14 . 2009-08-20 16:14 10771 c:\windows\ireqedyta.dll
    + 2009-08-20 16:14 . 2009-08-20 16:14 12131 c:\windows\cepy.vbs
    + 2009-08-20 16:14 . 2009-08-20 16:14 16438 c:\windows\bosip.bat
    - 2005-03-23 17:42 . 2005-01-12 05:45 444708 c:\windows\SYSTEM32\PERFH009.DAT
    + 2005-03-23 17:42 . 2009-08-20 16:11 444708 c:\windows\SYSTEM32\PERFH009.DAT
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-19 160768]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

    c:\documents and settings\secours\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2005-12-14 61440]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 9.0 Icône AOL.lnk
    backup=c:\windows\pss\AOL 9.0 Icône AOL.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL Compagnon.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL Compagnon.lnk
    backup=c:\windows\pss\AOL Compagnon.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sipru.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Sipru.lnk
    backup=c:\windows\pss\Sipru.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SkyMessager.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\SkyMessager.lnk
    backup=c:\windows\pss\SkyMessager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^moi^Menu Démarrer^Programmes^Démarrage^ikowin32.exe]
    path=c:\documents and settings\moi\Menu Démarrer\Programmes\Démarrage\ikowin32.exe
    backup=c:\windows\pss\ikowin32.exeStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^moi^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
    path=c:\documents and settings\moi\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
    backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Apple Mobile Device"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\SYSTEM32\\RTCSHARE.EXE"=
    "c:\\Valve\\Steam\\SteamApps\\kash_e2\\counter-strike\\hl.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
    "c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Valve\\Steam\\Steam.exe"=
    "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
    "c:\\Program Files\\BitComet\\BitComet.exe"=
    "c:\documents and settings\moi\Application Data\Facebook\facebook.exe"= c:\documents and settings\moi\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\program files\Neuf\Media Center\httpd\httpd.exe"= c:\program files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6346:TCP"= 6346:TCP:*:D isabled:Shareaza
    "6346:UDP"= 6346:UDP:*:D isabled:Shareaza
    "26180:TCP"= 26180:TCP:neuf telecom
    "26181:TCP"= 26181:TCP:neuf telecom
    "9876:TCP"= 9876:TCP:neuf telecom
    "26190:UDP"= 26190:UDP:*:D isabled:SesamTV PVR
    "31336:TCP"= 31336:TCP:*:D isabled:adsl tv
    "31336:UDP"= 31336:UDP:*:D isabled:adsl tv
    "10625:TCP"= 10625:TCP:*:D isabled:SHAREAZA
    "10625:UDP"= 10625:UDP:*:D isabled:SHAREAZA
    "3128:TCP"= 3128:TCP:*:D isabled:ffff
    "3128:UDP"= 3128:UDP:*:D isabled:ffff
    "7080:TCP"= 7080:TCP:*:D isabled:max tv
    "21:UDP"= 21:UDP:*:D isabled:ultras
    "3900:TCP"= 3900:TCP:*:D isabled:Sopcast
    "3920:TCP"= 3920:TCP:*:D isabled:Sopcast
    "28464:TCP"= 28464:TCP:emule tcp
    "25140:UDP"= 25140:UDP:emule udp
    "16800:TCP"= 16800:TCP:*:D isabled:tvants
    "16800:UDP"= 16800:UDP:*:D isabled:tvants
    "5739:UDP"= 5739:UDP:p es2009
    "5730:UDP"= 5730:UDP:p es2009
    "5729:UDP"= 5729:UDP:p es2009
    "27588:TCP"= 27588:TCP:BitComet 27588 TCP
    "27588:UDP"= 27588:UDP:BitComet 27588 UDP
    "20085:TCP"= 20085:TCP:p es2009
    "20030:TCP"= 20030:TCP:p es2009
    "20020:TCP"= 20020:TCP:p es2009
    "20010:TCP"= 20010:TCP:p es2009
    "443:TCP"= 443:TCP:p es2009
    "8800:TCP"= 8800:TCP:p es2009
    "8899:TCP"= 8899:TCP:p es2009
    "14020:TCP"= 14020:TCP:p es2009

    S1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [01/04/2008 17:35 114768]
    S2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [01/04/2008 17:35 20560]
    S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\SYSTEM32\DRIVERS\CA533AV.SYS [14/08/2009 11:39 515803]
    S2 Vcs;Vcs support;c:\windows\SYSTEM32\DRIVERS\Vcs.sys [10/11/2005 21:40 6852]
    S3 3xHybrid;Pinnacle PCTV 110i service;c:\windows\SYSTEM32\DRIVERS\3xHybrid.sys [09/09/2006 23:26 827008]
    S3 gAGP440p;gAGP440p;\??\c:\docume~1\moi\LOCALS~1\Temp\gAGP440p.sys --> c:\docume~1\moi\LOCALS~1\Temp\gAGP440p.sys [?]
    S3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\SYSTEM32\DRIVERS\HCWBT8XX.sys [21/09/2006 15:55 472644]
    S3 PAEAFLT.sys;USB Composite Device;c:\windows\SYSTEM32\DRIVERS\PAEAFLT.sys [15/07/2009 17:38 8576]
    S3 SPC230NC;Philips SPC230NC Webcam;c:\windows\SYSTEM32\DRIVERS\SPC230NC.SYS [15/07/2009 17:38 461056]
    S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\SYSTEM32\DRIVERS\Bulk533.sys [14/08/2009 11:39 10986]
    S3 wip0204;Wippien Network Adapter 2.4;c:\windows\SYSTEM32\DRIVERS\wip0204.sys [14/03/2009 02:53 23480]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = local
    IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: Download with Rapget - c:\documents and settings\moi\Bureau\RapGet [Wawa-Mania][By i_love_sexe]\RapGet [Wawa-Mania][By i_love_sexe]\rapget.htm
    DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-21 02:44
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-2668168583-2325841571-3812231592-1006\Software\SecuROM\License information*]
    "datasecu"=hex:3f,d1,93,2d,fe,a6,3f,96,b3,f3,7b,fe,d3,ee,97,c8,fc,76,79,16,d5,
    85,99,77,42,82,c5,91,c9,5a,ee,0e,34,ae,c9,7d,92,8c,9f,12,c8,db,19,87,0b,9a,\
    "rkeysecu"=hex:13,8c,e1,93,9d,8f,37,b3,15,e1,55,5d,4a,e3,a8,9a

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,57,98,68,e1,72,
    29,f2,59,c8,28,51,af,b0,29,a3,98,a8,8c,50,70,37,27,61,5f,e2,63,26,f1,3f,c8,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,b4,9b,4c,76,a6,
    33,33,f1,71,3b,04,66,8b,46,0d,96,92,a9,ed,24,b5,da,b7,14,6a,9c,d6,61,af,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,9c,21,80,53,69,
    fb,22,a3,25,da,ec,7e,55,20,c9,26,a8,92,fb,f7,81,77,94,85,ff,7c,85,e0,43,d4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,42,63,21,5e,77,
    57,7d,00,3e,1e,9e,e0,57,5a,93,61,54,2e,ee,e2,ce,73,db,ad,86,8c,21,01,be,91,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,fc,18,42,eb,82,
    72,e1,cf,cd,44,cd,b9,a6,33,6c,cd,94,de,66,78,8c,b1,f7,60,f5,1d,4d,73,a8,13,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:D f,20,58,62,78,6b,cf,c8,d1,ba,99,2e,6c,
    3d,69,08,b0,18,ed,a7,3f,8d,37,a4,92,c3,15,fd,2e,2c,c8,7f,df,20,58,62,78,6b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,44,e3,5f,5e,d0,
    fa,c6,a8,31,77,e1,ba,b1,f8,68,02,37,d4,52,5e,34,c0,47,1b,fb,a7,78,e6,12,2f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,ee,83,0d,eb,04,
    27,6b,d8,83,6c,56,8b,a0,85,96,ab,93,0e,df,da,bc,8d,3c,df,01,3a,48,fc,e8,04,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,91,6e,f7,a6,5d,
    4d,86,35,51,fa,6e,91,28,9e,14,cc,9a,d3,1d,7a,77,0d,4b,35,f6,0f,4e,58,98,5b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,05,95,79,48,3f,
    85,ec,43,b1,cd,45,5a,a8,c4,f8,b9,35,34,2d,94,24,b9,c4,9f,3d,ce,ea,26,2d,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,5a,50,a3,78,4f,
    e4,11,57,e3,0e,66,d5,eb,bc,2f,6b,f7,d4,9e,a2,ae,78,b3,32,2a,b7,cc,b5,b9,7f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,28,d2,16,d8,d9,
    ed,d0,48,fa,ea,66,7f,d4,3b,6b,70,c5,35,30,50,95,47,27,49,6c,43,2d,1e,aa,22,\

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    Completion time: 2009-08-21 2:47
    ComboFix-quarantined-files.txt 2009-08-21 00:46
    ComboFix2.txt 2009-08-20 16:13
    ComboFix3.txt 2005-01-11 17:01

    Pre-Run: 38 159 691 776 octets libres
    Post-Run: 38 188 920 832 octets libres

    329 --- E O F --- 2009-07-31 15:31
    a c 296 8 Sécurité
    a b 9 Windows
    21 Août 2009 03:06:33

    L'infection n'a plus l'air de se relancer.


    /!\ Seul corsy peut suivre cette procédure /!\

    Désactive toute protection résidente (Antivirus...) !

    ---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :

    KillAll::

    Driver::
    gAGP440p

    File::
    c:\documents and settings\moi\Menu Démarrer\Programmes\Démarrage\ikowin32.exe
    c:\windows\yjyw.vbs
    c:\windows\SYSTEM32\qibaze.dat
    c:\windows\SYSTEM32\qeweluveho.exe
    c:\windows\naxityduge.bat
    c:\windows\kivo.exe
    c:\windows\ireqedyta.dll
    c:\windows\cepy.vbs
    c:\windows\bosip.bat
    c:\program files\Fichiers communs\ehepexe.dl
    c:\program files\Fichiers communs\qyqa._sy
    c:\program files\Fichiers communs\xycak.ban
    c:\program files\Fichiers communs\xice.dat
    c:\program files\Fichiers communs\ijad.pif
    c:\program files\Fichiers communs\ecykow.inf
    c:\program files\Fichiers communs\yrihak.db
    c:\program files\Fichiers communs\ejufijafa._sy
    c:\program files\Fichiers communs\loherif._sy
    c:\program files\Fichiers communs\cahypihig.exe
    c:\program files\Fichiers communs\ihytavo.bat
    c:\program files\Fichiers communs\ykilumyc.bat
    c:\program files\Fichiers communs\adogiz.db
    c:\program files\Fichiers communs\owijer.vbs
    c:\program files\Fichiers communs\sygigibihe.bat
    c:\program files\Fichiers communs\ynaho.ban
    c:\program files\Fichiers communs\venuba.bin
    c:\program files\Fichiers communs\okafid._sy
    c:\documents and settings\LocalService\Application Data\nekepepade.bin
    c:\documents and settings\LocalService\Application Data\ehog.dat
    c:\windows\osahyw.dll
    c:\windows\ucecuty.bat
    c:\windows\system32\toduj.pif
    c:\documents and settings\LocalService\Local Settings\Application Data\zahem.reg
    c:\windows\system32\milydu.pif
    c:\documents and settings\LocalService\Application Data\ibuco.bat
    c:\documents and settings\LocalService\Local Settings\Application Data\tokola.com
    c:\windows\system32\uwaryx.pif

    Registry::
    [-HKLM\~\startupfolder\C:^Documents and Settings^moi^Menu Démarrer^Programmes^Démarrage^ikowin32.exe]

    ---> Ouvre le Bloc-notes : Démarrer > Tous les programmes > Accessoires > Bloc-notes.

    - Colle (CTRL+V) le texte dans le Bloc-notes.
    - Enregistre ce fichier dans : Bureau
    - Nom du fichier : CFScript
    - Type du fichier : tous les fichiers !!
    - Clique sur Enregistrer.
    - Quitte le Bloc-notes.

    ---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



  • Cela va relancer Combofix : au message qui apparaît, accepte.
  • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
  • Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.
  • Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt

    ;) 
    21 Août 2009 03:36:29

    merci !!

    voila j'ai fais ce que tu ma demandé,voici le resultat du log :

    ComboFix 09-08-19.08 - moi 21/08/2009 3:16.5.1 - NTFSx86 NETWORK
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.2558.2260 [GMT 2:00]
    Running from: c:\documents and settings\moi\Bureau\ComboFix.exe
    Command switches used :: c:\documents and settings\moi\Bureau\CFScript.txt
    AV: avast! antivirus 4.8.1335 [VPS 090815-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    "c:\documents and settings\LocalService\Application Data\ehog.dat"
    "c:\documents and settings\LocalService\Application Data\ibuco.bat"
    "c:\documents and settings\LocalService\Application Data\nekepepade.bin"
    "c:\documents and settings\LocalService\Local Settings\Application Data\tokola.com"
    "c:\documents and settings\LocalService\Local Settings\Application Data\zahem.reg"
    "c:\documents and settings\moi\Menu Démarrer\Programmes\Démarrage\ikowin32.exe"
    "c:\program files\Fichiers communs\adogiz.db"
    "c:\program files\Fichiers communs\cahypihig.exe"
    "c:\program files\Fichiers communs\ecykow.inf"
    "c:\program files\Fichiers communs\ehepexe.dl"
    "c:\program files\Fichiers communs\ejufijafa._sy"
    "c:\program files\Fichiers communs\ihytavo.bat"
    "c:\program files\Fichiers communs\ijad.pif"
    "c:\program files\Fichiers communs\loherif._sy"
    "c:\program files\Fichiers communs\okafid._sy"
    "c:\program files\Fichiers communs\owijer.vbs"
    "c:\program files\Fichiers communs\qyqa._sy"
    "c:\program files\Fichiers communs\sygigibihe.bat"
    "c:\program files\Fichiers communs\venuba.bin"
    "c:\program files\Fichiers communs\xice.dat"
    "c:\program files\Fichiers communs\xycak.ban"
    "c:\program files\Fichiers communs\ykilumyc.bat"
    "c:\program files\Fichiers communs\ynaho.ban"
    "c:\program files\Fichiers communs\yrihak.db"
    "c:\windows\bosip.bat"
    "c:\windows\cepy.vbs"
    "c:\windows\ireqedyta.dll"
    "c:\windows\kivo.exe"
    "c:\windows\naxityduge.bat"
    "c:\windows\osahyw.dll"
    "c:\windows\system32\milydu.pif"
    "c:\windows\SYSTEM32\qeweluveho.exe"
    "c:\windows\SYSTEM32\qibaze.dat"
    "c:\windows\system32\toduj.pif"
    "c:\windows\system32\uwaryx.pif"
    "c:\windows\ucecuty.bat"
    "c:\windows\yjyw.vbs"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\LocalService\Application Data\ehog.dat
    c:\documents and settings\LocalService\Application Data\ibuco.bat
    c:\documents and settings\LocalService\Application Data\nekepepade.bin
    c:\documents and settings\LocalService\Local Settings\Application Data\tokola.com
    c:\documents and settings\LocalService\Local Settings\Application Data\zahem.reg
    c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\ikidok._dl
    c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\oxek._dl
    c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
    c:\program files\Fichiers communs\adogiz.db
    c:\program files\Fichiers communs\cahypihig.exe
    c:\program files\Fichiers communs\ecykow.inf
    c:\program files\Fichiers communs\ehepexe.dl
    c:\program files\Fichiers communs\ejufijafa._sy
    c:\program files\Fichiers communs\ihytavo.bat
    c:\program files\Fichiers communs\ijad.pif
    c:\program files\Fichiers communs\loherif._sy
    c:\program files\Fichiers communs\okafid._sy
    c:\program files\Fichiers communs\owijer.vbs
    c:\program files\Fichiers communs\qyqa._sy
    c:\program files\Fichiers communs\sygigibihe.bat
    c:\program files\Fichiers communs\venuba.bin
    c:\program files\Fichiers communs\xice.dat
    c:\program files\Fichiers communs\xycak.ban
    c:\program files\Fichiers communs\ykilumyc.bat
    c:\program files\Fichiers communs\ynaho.ban
    c:\program files\Fichiers communs\yrihak.db
    c:\program files\PC_Antispyware2010
    c:\program files\PC_Antispyware2010\AVEngn.dll
    c:\program files\PC_Antispyware2010\data\daily.cvd
    c:\program files\PC_Antispyware2010\htmlayout.dll
    c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
    c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll
    c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll
    c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll
    c:\program files\PC_Antispyware2010\PC_Antispyware2010.cfg
    c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe
    c:\program files\PC_Antispyware2010\pthreadVC2.dll
    c:\program files\PC_Antispyware2010\Uninstall.exe
    c:\program files\PC_Antispyware2010\wscui.cpl
    c:\windows\bosip.bat
    c:\windows\cepy.vbs
    c:\windows\ireqedyta.dll
    c:\windows\kivo.exe
    c:\windows\naxityduge.bat
    c:\windows\osahyw.dll
    c:\windows\system32\_scui.cpl
    c:\windows\system32\braviax.exe
    c:\windows\system32\dllcache\figaro.sys
    c:\windows\system32\milydu.pif
    c:\windows\SYSTEM32\qeweluveho.exe
    c:\windows\SYSTEM32\qibaze.dat
    c:\windows\system32\toduj.pif
    c:\windows\system32\uwaryx.pif
    c:\windows\system32\wisdstr.exe
    c:\windows\ucecuty.bat
    c:\windows\yjyw.vbs

    Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected
    Restored copy from - c:\i386\BEEP.SYS

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_GAGP440P
    -------\Service_gAGP440p


    ((((((((((((((((((((((((( Files Created from 2009-07-21 to 2009-08-21 )))))))))))))))))))))))))))))))
    .

    2009-08-21 01:00 . 2009-08-21 01:00 19938 ----a-w- c:\windows\system32\tivelebo.com
    2009-08-21 01:00 . 2009-08-21 01:00 16844 ----a-w- c:\windows\atazaqiwum.reg
    2009-08-21 01:00 . 2009-08-21 01:00 14678 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\omap.bat
    2009-08-21 01:00 . 2009-08-21 01:00 14405 ----a-w- c:\windows\ehyf.sys
    2009-08-21 01:00 . 2009-08-21 01:00 13685 ----a-w- c:\documents and settings\LocalService\Application Data\yvurov.exe
    2009-08-21 01:00 . 2009-08-21 01:00 12641 ----a-w- c:\documents and settings\All Users\Application Data\hoqivu.sys
    2009-08-21 01:00 . 2009-08-21 01:00 12592 ----a-w- c:\windows\system32\ogez.dat
    2009-08-21 01:00 . 2009-08-21 01:00 10852 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\bixeru.bin
    2009-08-21 01:00 . 2009-08-21 01:00 17615 ----a-w- c:\program files\Fichiers communs\baciwum.sys
    2009-08-21 01:00 . 2009-08-21 01:00 11469 ----a-w- c:\windows\ikanyxyv.com
    2009-08-21 00:55 . 2009-08-21 00:55 29184 -c--a-w- c:\windows\system32\dllcache\beep.sys
    2009-08-21 00:55 . 2004-08-05 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
    2009-08-20 17:17 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-08-20 17:17 . 2009-08-20 17:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-08-20 17:17 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-08-20 17:07 . 2009-08-20 17:07 -------- d-s---w- C:\65604-CF
    2009-08-20 16:14 . 2009-08-20 16:14 18903 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\asamelabi.bin
    2009-08-20 16:14 . 2009-08-20 16:14 17488 ----a-w- c:\program files\Fichiers communs\musyr.pif
    2009-08-20 16:14 . 2009-08-20 16:14 15424 ----a-w- c:\program files\Fichiers communs\exonejuju.dll
    2009-08-20 16:14 . 2009-08-20 16:14 14067 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\ynacigifa.sys
    2009-08-20 16:14 . 2009-08-20 16:14 13170 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\gihoki.bat
    2009-08-14 09:39 . 2002-10-21 10:37 515803 ----a-w- c:\windows\system32\drivers\CA533AV.SYS
    2009-08-14 09:39 . 2002-07-25 10:19 10986 ----a-w- c:\windows\system32\drivers\Bulk533.sys
    2009-08-13 20:58 . 2009-08-13 20:58 -------- d-----w- c:\documents and settings\moi\Local Settings\Application Data\CAPCOM
    2009-08-13 20:10 . 2008-03-05 14:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
    2009-08-13 20:10 . 2008-02-05 22:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
    2009-08-13 20:10 . 2008-03-05 14:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
    2009-08-13 20:09 . 2009-08-13 20:09 -------- d-----w- c:\windows\system32\xlive
    2009-08-13 20:09 . 2009-08-13 20:10 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
    2009-08-13 20:09 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
    2009-08-13 20:09 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
    2009-08-13 20:09 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
    2009-08-13 20:09 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2009-08-13 20:09 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
    2009-08-13 20:09 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
    2009-08-13 20:09 . 2007-04-04 17:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
    2009-08-13 19:07 . 2009-08-13 20:08 -------- d-----w- c:\program files\Street Fighter IV
    2009-08-13 09:55 . 2009-08-15 14:02 -------- d-----w- c:\program files\Simulateur de conduite 3D
    2009-08-10 14:06 . 2009-08-10 14:07 -------- d-----w- c:\documents and settings\secours\Application Data\OpenOffice.org2
    2009-07-23 12:53 . 2009-08-14 09:39 -------- d-----w- c:\program files\DkZ Studio

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-21 01:28 . 2009-08-21 01:28 189791 ----a-w- c:\windows\system32\wisdstr.exe
    2009-08-21 01:28 . 2009-08-21 01:28 11264 ----a-w- c:\windows\system32\braviax.exe
    2009-08-21 01:00 . 2009-08-21 01:00 19176 ----a-w- c:\program files\Fichiers communs\rifelarary._dl
    2009-08-21 01:00 . 2009-08-21 01:00 16502 ----a-w- c:\program files\Fichiers communs\ifugeg._sy
    2009-08-20 16:14 . 2009-08-20 16:14 15471 ----a-w- c:\program files\Fichiers communs\hatuzaxupy.inf
    2009-08-20 16:14 . 2009-08-20 16:14 14954 ----a-w- c:\documents and settings\All Users\Application Data\sijyz.dat
    2009-08-20 16:14 . 2009-08-20 16:14 11886 ----a-w- c:\documents and settings\LocalService\Application Data\byzod.dat
    2009-08-20 16:14 . 2009-08-20 16:14 11294 ----a-w- c:\program files\Fichiers communs\jyjoxi.db
    2009-08-20 16:11 . 2005-03-23 17:42 86774 ----a-w- c:\windows\system32\perfc00C.dat
    2009-08-20 16:11 . 2005-03-23 17:42 514278 ----a-w- c:\windows\system32\perfh00C.dat
    2009-08-16 10:45 . 2009-03-02 18:02 -------- d-----w- c:\program files\Cheat 'O Matic
    2009-08-15 16:19 . 2007-08-28 19:29 -------- d-----w- c:\program files\eMule
    2009-08-15 12:18 . 2006-01-07 16:23 -------- d-----w- c:\documents and settings\moi\Application Data\OpenOffice.org2
    2009-08-14 09:48 . 2007-02-27 12:47 -------- d-----w- c:\program files\SopCast
    2009-08-14 09:48 . 2007-02-01 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
    2009-08-14 09:42 . 2005-03-23 17:53 -------- d-----w- c:\program files\Fichiers communs\Real
    2009-08-14 09:40 . 2008-03-06 09:07 -------- d-----w- c:\program files\mIRC
    2009-08-01 12:44 . 2007-08-03 20:51 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-08-01 12:42 . 2009-03-04 19:36 -------- d-----w- c:\program files\JPEG Compression
    2009-07-19 20:44 . 2009-01-29 23:57 -------- d-----w- c:\documents and settings\moi\Application Data\Hamachi
    2009-07-19 10:35 . 2009-07-15 17:12 230432 ----a-w- C:\SPC230NC.DAT
    2009-07-15 16:02 . 2009-07-15 16:02 -------- d-----w- c:\documents and settings\moi\Application Data\ArcSoft
    2009-07-15 15:58 . 2009-07-15 15:58 -------- d-----w- c:\documents and settings\secours\Application Data\ArcSoft
    2009-07-14 13:39 . 2008-05-25 12:10 -------- d-----w- c:\program files\Messenger Plus! Live
    2009-07-14 13:39 . 2007-04-30 09:13 -------- d-----w- c:\program files\MSN Messenger
    2009-07-14 11:42 . 2005-11-08 15:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2009-07-05 11:08 . 2009-04-26 23:21 -------- d-----w- c:\program files\WinamaxPoker
    2009-06-27 16:51 . 2009-06-27 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
    2009-06-27 16:49 . 2009-06-27 16:49 -------- d-----w- c:\program files\Windows Live
    2009-06-23 18:01 . 2009-03-14 00:53 -------- d-----w- c:\documents and settings\moi\Application Data\Wippien
    2006-06-17 07:05 . 2006-06-16 16:33 88 -csha-r- c:\windows\SYSTEM32\D0D0DC084F.sys
    .

    ------- Sigcheck -------

    [-] 2009-08-21 01:28 29184 03578D7FAEB514545F3AB36FFA0790CA c:\windows\SYSTEM32\DLLCACHE\beep.sys
    [-] 2009-08-21 01:28 29184 03578D7FAEB514545F3AB36FFA0790CA c:\windows\SYSTEM32\DRIVERS\beep.sys

    [-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
    [-] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ntfs.sys
    [7] 2004-08-19 20:03 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\SYSTEM32\DLLCACHE\ntfs.sys
    [-] 2005-01-11 16:23 619200 5D407322AA69AC6E7B17C81B48DEB327 c:\windows\SYSTEM32\DRIVERS\ntfs.sys
    .
    ((((((((((((((((((((((((((((( SnapShot@2009-08-20_16.07.47 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2005-03-23 17:42 . 2005-01-12 05:45 72936 c:\windows\SYSTEM32\PERFC009.DAT
    + 2005-03-23 17:42 . 2009-08-20 16:11 72936 c:\windows\SYSTEM32\PERFC009.DAT
    + 2005-03-23 17:42 . 2009-08-20 16:11 444708 c:\windows\SYSTEM32\PERFH009.DAT
    - 2005-03-23 17:42 . 2005-01-12 05:45 444708 c:\windows\SYSTEM32\PERFH009.DAT
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-19 160768]
    "Regedit32"="c:\windows\system32\regedit.exe" [BU]
    "braviax"="" [BU]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
    "braviax"="" [BU]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

    c:\documents and settings\secours\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2005-12-14 61440]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 9.0 Icône AOL.lnk
    backup=c:\windows\pss\AOL 9.0 Icône AOL.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL Compagnon.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL Compagnon.lnk
    backup=c:\windows\pss\AOL Compagnon.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sipru.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Sipru.lnk
    backup=c:\windows\pss\Sipru.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SkyMessager.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\SkyMessager.lnk
    backup=c:\windows\pss\SkyMessager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^moi^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
    path=c:\documents and settings\moi\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
    backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Apple Mobile Device"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "FirewallDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\SYSTEM32\\RTCSHARE.EXE"=
    "c:\\Valve\\Steam\\SteamApps\\kash_e2\\counter-strike\\hl.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
    "c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Valve\\Steam\\Steam.exe"=
    "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
    "c:\\Program Files\\BitComet\\BitComet.exe"=
    "c:\documents and settings\moi\Application Data\Facebook\facebook.exe"= c:\documents and settings\moi\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\program files\Neuf\Media Center\httpd\httpd.exe"= c:\program files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6346:TCP"= 6346:TCP:*:D isabled:Shareaza
    "6346:UDP"= 6346:UDP:*:D isabled:Shareaza
    "26180:TCP"= 26180:TCP:neuf telecom
    "26181:TCP"= 26181:TCP:neuf telecom
    "9876:TCP"= 9876:TCP:neuf telecom
    "26190:UDP"= 26190:UDP:*:D isabled:SesamTV PVR
    "31336:TCP"= 31336:TCP:*:D isabled:adsl tv
    "31336:UDP"= 31336:UDP:*:D isabled:adsl tv
    "10625:TCP"= 10625:TCP:*:D isabled:SHAREAZA
    "10625:UDP"= 10625:UDP:*:D isabled:SHAREAZA
    "3128:TCP"= 3128:TCP:*:D isabled:ffff
    "3128:UDP"= 3128:UDP:*:D isabled:ffff
    "7080:TCP"= 7080:TCP:*:D isabled:max tv
    "21:UDP"= 21:UDP:*:D isabled:ultras
    "3900:TCP"= 3900:TCP:*:D isabled:Sopcast
    "3920:TCP"= 3920:TCP:*:D isabled:Sopcast
    "28464:TCP"= 28464:TCP:emule tcp
    "25140:UDP"= 25140:UDP:emule udp
    "16800:TCP"= 16800:TCP:*:D isabled:tvants
    "16800:UDP"= 16800:UDP:*:D isabled:tvants
    "5739:UDP"= 5739:UDP:p es2009
    "5730:UDP"= 5730:UDP:p es2009
    "5729:UDP"= 5729:UDP:p es2009
    "27588:TCP"= 27588:TCP:BitComet 27588 TCP
    "27588:UDP"= 27588:UDP:BitComet 27588 UDP
    "20085:TCP"= 20085:TCP:p es2009
    "20030:TCP"= 20030:TCP:p es2009
    "20020:TCP"= 20020:TCP:p es2009
    "20010:TCP"= 20010:TCP:p es2009
    "443:TCP"= 443:TCP:p es2009
    "8800:TCP"= 8800:TCP:p es2009
    "8899:TCP"= 8899:TCP:p es2009
    "14020:TCP"= 14020:TCP:p es2009

    S1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [01/04/2008 17:35 114768]
    S2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [01/04/2008 17:35 20560]
    S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\SYSTEM32\DRIVERS\CA533AV.SYS [14/08/2009 11:39 515803]
    S2 Vcs;Vcs support;c:\windows\SYSTEM32\DRIVERS\Vcs.sys [10/11/2005 21:40 6852]
    S3 3xHybrid;Pinnacle PCTV 110i service;c:\windows\SYSTEM32\DRIVERS\3xHybrid.sys [09/09/2006 23:26 827008]
    S3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\SYSTEM32\DRIVERS\HCWBT8XX.sys [21/09/2006 15:55 472644]
    S3 PAEAFLT.sys;USB Composite Device;c:\windows\SYSTEM32\DRIVERS\PAEAFLT.sys [15/07/2009 17:38 8576]
    S3 SPC230NC;Philips SPC230NC Webcam;c:\windows\SYSTEM32\DRIVERS\SPC230NC.SYS [15/07/2009 17:38 461056]
    S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\SYSTEM32\DRIVERS\Bulk533.sys [14/08/2009 11:39 10986]
    S3 wip0204;Wippien Network Adapter 2.4;c:\windows\SYSTEM32\DRIVERS\wip0204.sys [14/03/2009 02:53 23480]
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-PC Antispyware 2010 - c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    mDefault_Search_URL = hxxp://www.google.com/ie
    mSearch Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = local
    mSearchAssistant = hxxp://www.google.com
    IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: Download with Rapget - c:\documents and settings\moi\Bureau\RapGet [Wawa-Mania][By i_love_sexe]\RapGet [Wawa-Mania][By i_love_sexe]\rapget.htm
    DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-21 03:26
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    c:\windows\system32\braviax.exe 11264 bytes executable

    scan completed successfully
    hidden files: 1

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-2668168583-2325841571-3812231592-1006\Software\SecuROM\License information*]
    "datasecu"=hex:3f,d1,93,2d,fe,a6,3f,96,b3,f3,7b,fe,d3,ee,97,c8,fc,76,79,16,d5,
    85,99,77,42,82,c5,91,c9,5a,ee,0e,34,ae,c9,7d,92,8c,9f,12,c8,db,19,87,0b,9a,\
    "rkeysecu"=hex:13,8c,e1,93,9d,8f,37,b3,15,e1,55,5d,4a,e3,a8,9a

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,57,98,68,e1,72,
    29,f2,59,c8,28,51,af,b0,29,a3,98,a8,8c,50,70,37,27,61,5f,e2,63,26,f1,3f,c8,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,b4,9b,4c,76,a6,
    33,33,f1,71,3b,04,66,8b,46,0d,96,92,a9,ed,24,b5,da,b7,14,6a,9c,d6,61,af,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,9c,21,80,53,69,
    fb,22,a3,25,da,ec,7e,55,20,c9,26,a8,92,fb,f7,81,77,94,85,ff,7c,85,e0,43,d4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,42,63,21,5e,77,
    57,7d,00,3e,1e,9e,e0,57,5a,93,61,54,2e,ee,e2,ce,73,db,ad,86,8c,21,01,be,91,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,fc,18,42,eb,82,
    72,e1,cf,cd,44,cd,b9,a6,33,6c,cd,94,de,66,78,8c,b1,f7,60,f5,1d,4d,73,a8,13,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:D f,20,58,62,78,6b,cf,c8,d1,ba,99,2e,6c,
    3d,69,08,b0,18,ed,a7,3f,8d,37,a4,92,c3,15,fd,2e,2c,c8,7f,df,20,58,62,78,6b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,44,e3,5f,5e,d0,
    fa,c6,a8,31,77,e1,ba,b1,f8,68,02,37,d4,52,5e,34,c0,47,1b,fb,a7,78,e6,12,2f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,ee,83,0d,eb,04,
    27,6b,d8,83,6c,56,8b,a0,85,96,ab,93,0e,df,da,bc,8d,3c,df,01,3a,48,fc,e8,04,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,91,6e,f7,a6,5d,
    4d,86,35,51,fa,6e,91,28,9e,14,cc,9a,d3,1d,7a,77,0d,4b,35,f6,0f,4e,58,98,5b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,05,95,79,48,3f,
    85,ec,43,b1,cd,45,5a,a8,c4,f8,b9,35,34,2d,94,24,b9,c4,9f,3d,ce,ea,26,2d,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,5a,50,a3,78,4f,
    e4,11,57,e3,0e,66,d5,eb,bc,2f,6b,f7,d4,9e,a2,ae,78,b3,32,2a,b7,cc,b5,b9,7f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,28,d2,16,d8,d9,
    ed,d0,48,fa,ea,66,7f,d4,3b,6b,70,c5,35,30,50,95,47,27,49,6c,43,2d,1e,aa,22,\

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(592)
    c:\windows\system32\browselc.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
    c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\SYSTEM32\braviax.exe
    c:\windows\SYSTEM32\notepad.exe
    .
    **************************************************************************
    .
    Completion time: 2009-08-21 3:32 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-08-21 01:32
    ComboFix2.txt 2009-08-21 00:47
    ComboFix3.txt 2009-08-20 16:13
    ComboFix4.txt 2005-01-11 17:01

    Pre-Run: 38 194 036 736 octets libres
    Post-Run: 38 086 213 632 octets libres

    445 --- E O F --- 2009-07-31 15:31
    a c 296 8 Sécurité
    a b 9 Windows
    21 Août 2009 03:40:06

    Mauvaise nouvelle, c'est revenu, je vais te faire une autre manip' pour remplacer les deux fichiers systèmes infectés.

    Tu restes là ou tu vas dormir ?
    21 Août 2009 03:41:14

    je restes là ;) 
    a c 296 8 Sécurité
    a b 9 Windows
    21 Août 2009 03:52:45

    /!\ Seul corsy peut suivre cette procédure /!\

  • Télécharge les fichiers ntfs.sys et beep.sys sur ton Bureau.

    Désactive toute protection résidente (Antivirus...) !

    ---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :

    KillAll::

    FCOPY::
    c:\documents and settings\moi\Bureau\beep.sys|c:\windows\SYSTEM32\DLLCACHE\beep.sys
    c:\documents and settings\moi\Bureau\beep.sys|c:\windows\SYSTEM32\DRIVERS\beep.sys
    c:\documents and settings\moi\Bureau\ntfs.sys|c:\windows\SYSTEM32\DLLCACHE\ntfs.sys
    c:\documents and settings\moi\Bureau\ntfs.sys|c:\windows\SYSTEM32\DRIVERS\ntfs.sys

    File::
    c:\windows\system32\tivelebo.com
    c:\windows\atazaqiwum.reg
    c:\documents and settings\LocalService\Local Settings\Application Data\omap.bat
    c:\windows\ehyf.sys
    c:\documents and settings\LocalService\Application Data\yvurov.exe
    c:\documents and settings\All Users\Application Data\hoqivu.sys
    c:\windows\system32\ogez.dat
    c:\documents and settings\LocalService\Local Settings\Application Data\bixeru.bin
    c:\program files\Fichiers communs\baciwum.sys
    c:\windows\ikanyxyv.com
    c:\documents and settings\LocalService\Local Settings\Application Data\asamelabi.bin
    c:\program files\Fichiers communs\musyr.pif
    c:\program files\Fichiers communs\exonejuju.dll
    c:\documents and settings\LocalService\Local Settings\Application Data\ynacigifa.sys
    c:\documents and settings\LocalService\Local Settings\Application Data\gihoki.bat
    c:\windows\system32\wisdstr.exe
    c:\windows\system32\braviax.exe
    c:\program files\Fichiers communs\rifelarary._dl
    c:\program files\Fichiers communs\ifugeg._sy
    c:\program files\Fichiers communs\hatuzaxupy.inf
    c:\documents and settings\All Users\Application Data\sijyz.dat
    c:\documents and settings\LocalService\Application Data\byzod.dat
    c:\program files\Fichiers communs\jyjoxi.db

    ---> Ouvre le Bloc-notes : Démarrer > Tous les programmes > Accessoires > Bloc-notes.

    - Colle (CTRL+V) le texte dans le Bloc-notes.
    - Enregistre ce fichier dans : Bureau
    - Nom du fichier : CFScript
    - Type du fichier : tous les fichiers !!
    - Clique sur Enregistrer.
    - Quitte le Bloc-notes.

    ---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



  • Cela va relancer Combofix : au message qui apparaît, accepte.
  • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
  • Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.
  • Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt

    ;) 
    21 Août 2009 04:27:22

    voila le scan mon ami ;) 

    ComboFix 09-08-19.08 - moi 21/08/2009 4:08:08.6.1 - NTFSx86 NETWORK
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.2558.2210 [GMT 2:00]
    Running from: C:\Documents and Settings\moi\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\moi\Bureau\CFScript.txt
    AV: avast! antivirus 4.8.1335 [VPS 090815-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    "c:\documents and settings\All Users\Application Data\hoqivu.sys"
    "c:\documents and settings\All Users\Application Data\sijyz.dat"
    "c:\documents and settings\LocalService\Application Data\byzod.dat"
    "c:\documents and settings\LocalService\Application Data\yvurov.exe"
    "c:\documents and settings\LocalService\Local Settings\Application Data\asamelabi.bin"
    "c:\documents and settings\LocalService\Local Settings\Application Data\bixeru.bin"
    "c:\documents and settings\LocalService\Local Settings\Application Data\gihoki.bat"
    "c:\documents and settings\LocalService\Local Settings\Application Data\omap.bat"
    "c:\documents and settings\LocalService\Local Settings\Application Data\ynacigifa.sys"
    "c:\program files\Fichiers communs\baciwum.sys"
    "c:\program files\Fichiers communs\exonejuju.dll"
    "c:\program files\Fichiers communs\hatuzaxupy.inf"
    "c:\program files\Fichiers communs\ifugeg._sy"
    "c:\program files\Fichiers communs\jyjoxi.db"
    "c:\program files\Fichiers communs\musyr.pif"
    "c:\program files\Fichiers communs\rifelarary._dl"
    "c:\windows\atazaqiwum.reg"
    "c:\windows\ehyf.sys"
    "c:\windows\ikanyxyv.com"
    "c:\windows\system32\braviax.exe"
    "c:\windows\system32\ogez.dat"
    "c:\windows\system32\tivelebo.com"
    "c:\windows\system32\wisdstr.exe"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\hoqivu.sys
    c:\documents and settings\All Users\Application Data\sijyz.dat
    c:\documents and settings\LocalService\Application Data\byzod.dat
    c:\documents and settings\LocalService\Application Data\yvurov.exe
    c:\documents and settings\LocalService\Local Settings\Application Data\asamelabi.bin
    c:\documents and settings\LocalService\Local Settings\Application Data\bixeru.bin
    c:\documents and settings\LocalService\Local Settings\Application Data\gihoki.bat
    c:\documents and settings\LocalService\Local Settings\Application Data\omap.bat
    c:\documents and settings\LocalService\Local Settings\Application Data\ynacigifa.sys
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\anawyz._sy
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\esil.lib
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\ojoluhore.dll
    C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
    c:\program files\Fichiers communs\baciwum.sys
    c:\program files\Fichiers communs\exonejuju.dll
    c:\program files\Fichiers communs\hatuzaxupy.inf
    c:\program files\Fichiers communs\ifugeg._sy
    c:\program files\Fichiers communs\jyjoxi.db
    c:\program files\Fichiers communs\musyr.pif
    c:\program files\Fichiers communs\rifelarary._dl
    C:\Program Files\PC_Antispyware2010
    C:\Program Files\PC_Antispyware2010\AVEngn.dll
    C:\Program Files\PC_Antispyware2010\data\daily.cvd
    C:\Program Files\PC_Antispyware2010\htmlayout.dll
    C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
    C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll
    C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll
    C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll
    C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.cfg
    C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe
    C:\Program Files\PC_Antispyware2010\pthreadVC2.dll
    C:\Program Files\PC_Antispyware2010\Uninstall.exe
    C:\Program Files\PC_Antispyware2010\wscui.cpl
    c:\windows\atazaqiwum.reg
    c:\windows\ehyf.sys
    c:\windows\ikanyxyv.com
    C:\WINDOWS\system32\_scui.cpl
    C:\WINDOWS\system32\braviax.exe
    C:\WINDOWS\system32\dllcache\figaro.sys
    c:\windows\system32\ogez.dat
    c:\windows\system32\tivelebo.com
    c:\windows\system32\wisdstr.exe

    .
    --------------- FCopy ---------------

    c:\documents and settings\moi\Bureau\beep.sys --> c:\windows\SYSTEM32\DLLCACHE\beep.sys
    c:\documents and settings\moi\Bureau\beep.sys --> c:\windows\SYSTEM32\DRIVERS\beep.sys
    c:\documents and settings\moi\Bureau\ntfs.sys --> c:\windows\SYSTEM32\DLLCACHE\ntfs.sys
    c:\documents and settings\moi\Bureau\ntfs.sys --> c:\windows\SYSTEM32\DRIVERS\ntfs.sys
    .
    ((((((((((((((((((((((((( Files Created from 2009-07-21 to 2009-08-21 )))))))))))))))))))))))))))))))
    .

    2009-08-21 01:34:28 . 2009-08-21 01:34:28 19997 ----a-w- C:\Program Files\Fichiers communs\ocasuveja.exe
    2009-08-21 01:34:28 . 2009-08-21 01:34:28 19497 ----a-w- C:\Documents and Settings\LocalService\Local Settings\Application Data\zininyxo.dat
    2009-08-21 01:34:28 . 2009-08-21 01:34:28 17895 ----a-w- C:\Program Files\Fichiers communs\anupuwopam.dat
    2009-08-21 01:34:28 . 2009-08-21 01:34:28 16958 ----a-w- C:\Documents and Settings\All Users\Application Data\uhorowax.com
    2009-08-21 01:34:28 . 2009-08-21 01:34:28 14602 ----a-w- C:\WINDOWS\system32\aqyra.dat
    2009-08-21 01:34:28 . 2009-08-21 01:34:28 12926 ----a-w- C:\WINDOWS\ribevasev.scr
    2009-08-21 01:34:28 . 2009-08-21 01:34:28 12739 ----a-w- C:\WINDOWS\byrot.bin
    2009-08-21 01:34:28 . 2009-08-21 01:34:28 10700 ----a-w- C:\Documents and Settings\LocalService\Local Settings\Application Data\ucaru.bin
    2009-08-21 01:34:28 . 2009-08-21 01:34:28 10444 ----a-w- C:\Documents and Settings\LocalService\Application Data\tiqofuzow.exe
    2009-08-21 00:55:08 . 2009-08-21 02:04:56 4224 -c--a-w- C:\WINDOWS\system32\dllcache\beep.sys
    2009-08-21 00:55:08 . 2009-08-21 02:04:56 4224 ----a-w- C:\WINDOWS\system32\drivers\beep.sys
    2009-08-20 17:17:42 . 2009-08-03 11:36:28 38160 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2009-08-20 17:17:41 . 2009-08-20 17:17:45 0 d-----w- C:\Program Files\Malwarebytes' Anti-Malware
    2009-08-20 17:17:41 . 2009-08-03 11:36:06 19096 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
    2009-08-20 17:07:37 . 2009-08-20 17:07:38 0 d-s---w- C:\65604-CF
    2009-08-14 09:39:57 . 2002-10-21 10:37:16 515803 ----a-w- C:\WINDOWS\system32\drivers\CA533AV.SYS
    2009-08-14 09:39:57 . 2002-07-25 10:19:48 10986 ----a-w- C:\WINDOWS\system32\drivers\Bulk533.sys
    2009-08-13 20:58:12 . 2009-08-13 20:58:12 0 d-----w- C:\Documents and Settings\moi\Local Settings\Application Data\CAPCOM
    2009-08-13 20:10:14 . 2008-03-05 14:56:58 1420824 ----a-w- C:\WINDOWS\system32\D3DCompiler_37.dll
    2009-08-13 20:10:14 . 2008-02-05 22:07:36 462864 ----a-w- C:\WINDOWS\system32\d3dx10_37.dll
    2009-08-13 20:10:13 . 2008-03-05 14:56:58 3786760 ----a-w- C:\WINDOWS\system32\D3DX9_37.dll
    2009-08-13 20:09:56 . 2009-08-13 20:09:56 0 d-----w- C:\WINDOWS\system32\xlive
    2009-08-13 20:09:55 . 2009-08-13 20:10:17 0 d-----w- C:\Program Files\Microsoft Games for Windows - LIVE
    2009-08-13 20:09:15 . 2009-03-09 13:27:22 453456 ----a-w- C:\WINDOWS\system32\d3dx10_41.dll
    2009-08-13 20:09:15 . 2009-03-09 13:27:22 1846632 ----a-w- C:\WINDOWS\system32\D3DCompiler_41.dll
    2009-08-13 20:09:14 . 2009-03-09 13:27:22 4178264 ----a-w- C:\WINDOWS\system32\D3DX9_41.dll
    2009-08-13 20:09:10 . 2009-03-16 12:18:32 69448 ----a-w- C:\WINDOWS\system32\XAPOFX1_3.dll
    2009-08-13 20:09:10 . 2009-03-16 12:18:32 517448 ----a-w- C:\WINDOWS\system32\XAudio2_4.dll
    2009-08-13 20:09:06 . 2009-03-16 12:18:32 235352 ----a-w- C:\WINDOWS\system32\xactengine3_4.dll
    2009-08-13 20:09:03 . 2007-04-04 17:53:42 81768 ----a-w- C:\WINDOWS\system32\xinput1_3.dll
    2009-08-13 19:07:47 . 2009-08-13 20:08:20 0 d-----w- C:\Program Files\Street Fighter IV
    2009-08-13 09:55:49 . 2009-08-15 14:02:18 0 d-----w- C:\Program Files\Simulateur de conduite 3D
    2009-08-10 14:06:55 . 2009-08-10 14:07:01 0 d-----w- C:\Documents and Settings\secours\Application Data\OpenOffice.org2
    2009-07-23 12:53:57 . 2009-08-14 09:39:18 0 d-----w- C:\Program Files\DkZ Studio

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-21 02:04:44 . 2004-08-19 20:03:11 574976 ----a-w- C:\WINDOWS\system32\drivers\ntfs.sys
    2009-08-21 01:34:28 . 2009-08-21 01:34:28 16175 ----a-w- C:\Program Files\Fichiers communs\meso._dl
    2009-08-20 16:11:24 . 2005-03-23 17:42:26 86774 ----a-w- C:\WINDOWS\system32\perfc00C.dat
    2009-08-20 16:11:24 . 2005-03-23 17:42:26 514278 ----a-w- C:\WINDOWS\system32\perfh00C.dat
    2009-08-16 10:45:08 . 2009-03-02 18:02:03 0 d-----w- C:\Program Files\Cheat 'O Matic
    2009-08-15 16:19:25 . 2007-08-28 19:29:25 0 d-----w- C:\Program Files\eMule
    2009-08-15 12:18:59 . 2006-01-07 16:23:39 0 d-----w- C:\Documents and Settings\moi\Application Data\OpenOffice.org2
    2009-08-14 09:48:33 . 2007-02-27 12:47:50 0 d-----w- C:\Program Files\SopCast
    2009-08-14 09:48:02 . 2007-02-01 20:13:25 0 d-----w- C:\Documents and Settings\All Users\Application Data\Skype
    2009-08-14 09:42:25 . 2005-03-23 17:53:43 0 d-----w- C:\Program Files\Fichiers communs\Real
    2009-08-14 09:40:43 . 2008-03-06 09:07:52 0 d-----w- C:\Program Files\mIRC
    2009-08-01 12:44:37 . 2007-08-03 20:51:32 0 d--h--w- C:\Program Files\InstallShield Installation Information
    2009-08-01 12:42:27 . 2009-03-04 19:36:16 0 d-----w- C:\Program Files\JPEG Compression
    2009-07-19 20:44:23 . 2009-01-29 23:57:38 0 d-----w- C:\Documents and Settings\moi\Application Data\Hamachi
    2009-07-19 10:35:55 . 2009-07-15 17:12:27 230432 ----a-w- C:\SPC230NC.DAT
    2009-07-15 16:02:41 . 2009-07-15 16:02:41 0 d-----w- C:\Documents and Settings\moi\Application Data\ArcSoft
    2009-07-15 15:58:23 . 2009-07-15 15:58:23 0 d-----w- C:\Documents and Settings\secours\Application Data\ArcSoft
    2009-07-14 13:39:13 . 2008-05-25 12:10:22 0 d-----w- C:\Program Files\Messenger Plus! Live
    2009-07-14 13:39:12 . 2007-04-30 09:13:10 0 d-----w- C:\Program Files\MSN Messenger
    2009-07-14 11:42:39 . 2005-11-08 15:54:23 0 d-----w- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2009-07-05 11:08:10 . 2009-04-26 23:21:52 0 d-----w- C:\Program Files\WinamaxPoker
    2009-06-27 16:51:22 . 2009-06-27 16:51:22 0 d-----w- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2009-06-27 16:49:01 . 2009-06-27 16:49:01 0 d-----w- C:\Program Files\Windows Live
    2009-06-23 18:01:17 . 2009-03-14 00:53:36 0 d-----w- C:\Documents and Settings\moi\Application Data\Wippien
    2006-06-17 07:05:35 . 2006-06-16 16:33:07 88 -csha-r- C:\WINDOWS\SYSTEM32\D0D0DC084F.sys
    .

    ------- Sigcheck -------

    [-] 2007-02-09 11:23:36 574976 05AB81909514BFD69CBB1F2C147CF6B9 C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
    [-] 2008-04-13 19:15:53 574976 78A08DD6A8D65E697C18E1DB01C5CDCA C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ntfs.sys
    [-] 2009-08-21 02:04:44 574976 78A08DD6A8D65E697C18E1DB01C5CDCA C:\WINDOWS\SYSTEM32\DLLCACHE\ntfs.sys
    [-] 2009-08-21 02:04:44 574976 78A08DD6A8D65E697C18E1DB01C5CDCA C:\WINDOWS\SYSTEM32\DRIVERS\ntfs.sys
    .
    ((((((((((((((((((((((((((((( SnapShot@2009-08-20_16.07.47 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-08-21 02:15:17 . 2009-08-21 02:15:17 16384 C:\WINDOWS\temp\Perflib_Perfdata_788.dat
    + 2005-03-23 17:42:26 . 2009-08-20 16:11:23 72936 C:\WINDOWS\SYSTEM32\PERFC009.DAT
    - 2005-03-23 17:42:26 . 2005-01-12 05:45:13 72936 C:\WINDOWS\SYSTEM32\PERFC009.DAT
    + 2005-03-23 17:42:26 . 2009-08-20 16:11:24 444708 C:\WINDOWS\SYSTEM32\PERFH009.DAT
    - 2005-03-23 17:42:26 . 2005-01-12 05:45:13 444708 C:\WINDOWS\SYSTEM32\PERFH009.DAT
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-19 20:01:11 160768]
    "PC Antispyware 2010"="C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe" [BU]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 19:57:14 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 20:08:47 44544]

    C:\Documents and Settings\secours\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-12-14 61440]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 9.0 Icône AOL.lnk
    backup=C:\WINDOWS\pss\AOL 9.0 Icône AOL.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL Compagnon.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL Compagnon.lnk
    backup=C:\WINDOWS\pss\AOL Compagnon.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sipru.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Sipru.lnk
    backup=C:\WINDOWS\pss\Sipru.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SkyMessager.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\SkyMessager.lnk
    backup=C:\WINDOWS\pss\SkyMessager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^moi^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
    path=C:\Documents and Settings\moi\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
    backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Apple Mobile Device"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\SYSTEM32\\RTCSHARE.EXE"=
    "C:\\Valve\\Steam\\SteamApps\\kash_e2\\counter-strike\\hl.exe"=
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
    "C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Valve\\Steam\\Steam.exe"=
    "C:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
    "C:\\Program Files\\BitComet\\BitComet.exe"=
    "C:\Documents and Settings\moi\Application Data\Facebook\facebook.exe"= C:\Documents and Settings\moi\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\Program Files\Neuf\Media Center\httpd\httpd.exe"= C:\Program Files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6346:TCP"= 6346:TCP:*:D isabled:Shareaza
    "6346:UDP"= 6346:UDP:*:D isabled:Shareaza
    "26180:TCP"= 26180:TCP:neuf telecom
    "26181:TCP"= 26181:TCP:neuf telecom
    "9876:TCP"= 9876:TCP:neuf telecom
    "26190:UDP"= 26190:UDP:*:D isabled:SesamTV PVR
    "31336:TCP"= 31336:TCP:*:D isabled:adsl tv
    "31336:UDP"= 31336:UDP:*:D isabled:adsl tv
    "10625:TCP"= 10625:TCP:*:D isabled:SHAREAZA
    "10625:UDP"= 10625:UDP:*:D isabled:SHAREAZA
    "3128:TCP"= 3128:TCP:*:D isabled:ffff
    "3128:UDP"= 3128:UDP:*:D isabled:ffff
    "7080:TCP"= 7080:TCP:*:D isabled:max tv
    "21:UDP"= 21:UDP:*:D isabled:ultras
    "3900:TCP"= 3900:TCP:*:D isabled:Sopcast
    "3920:TCP"= 3920:TCP:*:D isabled:Sopcast
    "28464:TCP"= 28464:TCP:emule tcp
    "25140:UDP"= 25140:UDP:emule udp
    "16800:TCP"= 16800:TCP:*:D isabled:tvants
    "16800:UDP"= 16800:UDP:*:D isabled:tvants
    "5739:UDP"= 5739:UDP:p es2009
    "5730:UDP"= 5730:UDP:p es2009
    "5729:UDP"= 5729:UDP:p es2009
    "27588:TCP"= 27588:TCP:BitComet 27588 TCP
    "27588:UDP"= 27588:UDP:BitComet 27588 UDP
    "20085:TCP"= 20085:TCP:p es2009
    "20030:TCP"= 20030:TCP:p es2009
    "20020:TCP"= 20020:TCP:p es2009
    "20010:TCP"= 20010:TCP:p es2009
    "443:TCP"= 443:TCP:p es2009
    "8800:TCP"= 8800:TCP:p es2009
    "8899:TCP"= 8899:TCP:p es2009
    "14020:TCP"= 14020:TCP:p es2009

    S1 aswSP;avast! Self Protection;C:\WINDOWS\SYSTEM32\DRIVERS\aswSP.sys [01/04/2008 17:35:07 114768]
    S2 aswFsBlk;aswFsBlk;C:\WINDOWS\SYSTEM32\DRIVERS\aswFsBlk.sys [01/04/2008 17:35:07 20560]
    S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\SYSTEM32\DRIVERS\CA533AV.SYS [14/08/2009 11:39:57 515803]
    S2 Vcs;Vcs support;C:\WINDOWS\SYSTEM32\DRIVERS\Vcs.sys [10/11/2005 21:40:30 6852]
    S3 3xHybrid;Pinnacle PCTV 110i service;C:\WINDOWS\SYSTEM32\DRIVERS\3xHybrid.sys [09/09/2006 23:26:44 827008]
    S3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\SYSTEM32\DRIVERS\HCWBT8XX.sys [21/09/2006 15:55:40 472644]
    S3 PAEAFLT.sys;USB Composite Device;C:\WINDOWS\SYSTEM32\DRIVERS\PAEAFLT.sys [15/07/2009 17:38:52 8576]
    S3 SPC230NC;Philips SPC230NC Webcam;C:\WINDOWS\SYSTEM32\DRIVERS\SPC230NC.SYS [15/07/2009 17:38:51 461056]
    S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\SYSTEM32\DRIVERS\Bulk533.sys [14/08/2009 11:39:57 10986]
    S3 wip0204;Wippien Network Adapter 2.4;C:\WINDOWS\SYSTEM32\DRIVERS\wip0204.sys [14/03/2009 02:53:35 23480]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = local
    IE: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    IE: Download with Rapget - C:\Documents and Settings\moi\Bureau\RapGet [Wawa-Mania][By i_love_sexe]\RapGet [Wawa-Mania][By i_love_sexe]\rapget.htm
    DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    .
    a c 296 8 Sécurité
    a b 9 Windows
    21 Août 2009 04:34:18

    Ça a l'air pas mal.


    /!\ Seul corsy peut suivre cette procédure /!\

    Désactive toute protection résidente (Antivirus...) !

    ---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :

    KillAll::

    File::
    C:\Program Files\Fichiers communs\ocasuveja.exe
    C:\Documents and Settings\LocalService\Local Settings\Application Data\zininyxo.dat
    C:\Program Files\Fichiers communs\anupuwopam.dat
    C:\Documents and Settings\All Users\Application Data\uhorowax.com
    C:\WINDOWS\system32\aqyra.dat
    C:\WINDOWS\ribevasev.scr
    C:\WINDOWS\byrot.bin
    C:\Documents and Settings\LocalService\Local Settings\Application Data\ucaru.bin
    C:\Documents and Settings\LocalService\Application Data\tiqofuzow.exe
    C:\Program Files\Fichiers communs\meso._dl

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PC Antispyware 2010"=-

    ---> Ouvre le Bloc-notes : Démarrer > Tous les programmes > Accessoires > Bloc-notes.

    - Colle (CTRL+V) le texte dans le Bloc-notes.
    - Enregistre ce fichier dans : Bureau
    - Nom du fichier : CFScript
    - Type du fichier : tous les fichiers !!
    - Clique sur Enregistrer.
    - Quitte le Bloc-notes.

    ---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



  • Cela va relancer Combofix : au message qui apparaît, accepte.
  • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
  • Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.
  • Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt

    ;) 
    21 Août 2009 04:53:14

    merci pour ton aide

    voici le rapport log :


    ComboFix 09-08-19.08 - moi 21/08/2009 4:35.7.1 - NTFSx86 NETWORK
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.2558.2243 [GMT 2:00]
    Running from: c:\documents and settings\moi\Bureau\ComboFix.exe
    Command switches used :: c:\documents and settings\moi\Bureau\CFScript.txt
    AV: avast! antivirus 4.8.1335 [VPS 090815-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    "c:\documents and settings\All Users\Application Data\uhorowax.com"
    "c:\documents and settings\LocalService\Application Data\tiqofuzow.exe"
    "c:\documents and settings\LocalService\Local Settings\Application Data\ucaru.bin"
    "c:\documents and settings\LocalService\Local Settings\Application Data\zininyxo.dat"
    "c:\program files\Fichiers communs\anupuwopam.dat"
    "c:\program files\Fichiers communs\meso._dl"
    "c:\program files\Fichiers communs\ocasuveja.exe"
    "c:\windows\byrot.bin"
    "c:\windows\ribevasev.scr"
    "c:\windows\system32\aqyra.dat"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\uhorowax.com
    c:\documents and settings\LocalService\Application Data\tiqofuzow.exe
    c:\documents and settings\LocalService\Local Settings\Application Data\ucaru.bin
    c:\documents and settings\LocalService\Local Settings\Application Data\zininyxo.dat
    c:\program files\Fichiers communs\anupuwopam.dat
    c:\program files\Fichiers communs\meso._dl
    c:\program files\Fichiers communs\ocasuveja.exe
    c:\windows\byrot.bin
    c:\windows\ribevasev.scr
    c:\windows\system32\aqyra.dat

    .
    ((((((((((((((((((((((((( Files Created from 2009-07-21 to 2009-08-21 )))))))))))))))))))))))))))))))
    .

    2009-08-21 00:55 . 2009-08-21 02:04 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys
    2009-08-21 00:55 . 2009-08-21 02:04 4224 ----a-w- c:\windows\system32\drivers\beep.sys
    2009-08-20 17:17 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-08-20 17:17 . 2009-08-20 17:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-08-20 17:17 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-08-20 17:07 . 2009-08-20 17:07 -------- d-s---w- C:\65604-CF
    2009-08-14 09:39 . 2002-10-21 10:37 515803 ----a-w- c:\windows\system32\drivers\CA533AV.SYS
    2009-08-14 09:39 . 2002-07-25 10:19 10986 ----a-w- c:\windows\system32\drivers\Bulk533.sys
    2009-08-13 20:58 . 2009-08-13 20:58 -------- d-----w- c:\documents and settings\moi\Local Settings\Application Data\CAPCOM
    2009-08-13 20:10 . 2008-03-05 14:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
    2009-08-13 20:10 . 2008-02-05 22:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
    2009-08-13 20:10 . 2008-03-05 14:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
    2009-08-13 20:09 . 2009-08-13 20:09 -------- d-----w- c:\windows\system32\xlive
    2009-08-13 20:09 . 2009-08-13 20:10 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
    2009-08-13 20:09 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
    2009-08-13 20:09 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
    2009-08-13 20:09 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
    2009-08-13 20:09 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2009-08-13 20:09 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
    2009-08-13 20:09 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
    2009-08-13 20:09 . 2007-04-04 17:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
    2009-08-13 19:07 . 2009-08-13 20:08 -------- d-----w- c:\program files\Street Fighter IV
    2009-08-13 09:55 . 2009-08-15 14:02 -------- d-----w- c:\program files\Simulateur de conduite 3D
    2009-08-10 14:06 . 2009-08-10 14:07 -------- d-----w- c:\documents and settings\secours\Application Data\OpenOffice.org2
    2009-07-23 12:53 . 2009-08-14 09:39 -------- d-----w- c:\program files\DkZ Studio

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-21 02:04 . 2004-08-19 20:03 574976 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2009-08-20 16:11 . 2005-03-23 17:42 86774 ----a-w- c:\windows\system32\perfc00C.dat
    2009-08-20 16:11 . 2005-03-23 17:42 514278 ----a-w- c:\windows\system32\perfh00C.dat
    2009-08-16 10:45 . 2009-03-02 18:02 -------- d-----w- c:\program files\Cheat 'O Matic
    2009-08-15 16:19 . 2007-08-28 19:29 -------- d-----w- c:\program files\eMule
    2009-08-15 12:18 . 2006-01-07 16:23 -------- d-----w- c:\documents and settings\moi\Application Data\OpenOffice.org2
    2009-08-14 09:48 . 2007-02-27 12:47 -------- d-----w- c:\program files\SopCast
    2009-08-14 09:48 . 2007-02-01 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
    2009-08-14 09:42 . 2005-03-23 17:53 -------- d-----w- c:\program files\Fichiers communs\Real
    2009-08-14 09:40 . 2008-03-06 09:07 -------- d-----w- c:\program files\mIRC
    2009-08-01 12:44 . 2007-08-03 20:51 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-08-01 12:42 . 2009-03-04 19:36 -------- d-----w- c:\program files\JPEG Compression
    2009-07-19 20:44 . 2009-01-29 23:57 -------- d-----w- c:\documents and settings\moi\Application Data\Hamachi
    2009-07-19 10:35 . 2009-07-15 17:12 230432 ----a-w- C:\SPC230NC.DAT
    2009-07-15 16:02 . 2009-07-15 16:02 -------- d-----w- c:\documents and settings\moi\Application Data\ArcSoft
    2009-07-15 15:58 . 2009-07-15 15:58 -------- d-----w- c:\documents and settings\secours\Application Data\ArcSoft
    2009-07-14 13:39 . 2008-05-25 12:10 -------- d-----w- c:\program files\Messenger Plus! Live
    2009-07-14 13:39 . 2007-04-30 09:13 -------- d-----w- c:\program files\MSN Messenger
    2009-07-14 11:42 . 2005-11-08 15:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2009-07-05 11:08 . 2009-04-26 23:21 -------- d-----w- c:\program files\WinamaxPoker
    2009-06-27 16:51 . 2009-06-27 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
    2009-06-27 16:49 . 2009-06-27 16:49 -------- d-----w- c:\program files\Windows Live
    2009-06-23 18:01 . 2009-03-14 00:53 -------- d-----w- c:\documents and settings\moi\Application Data\Wippien
    2006-06-17 07:05 . 2006-06-16 16:33 88 -csha-r- c:\windows\SYSTEM32\D0D0DC084F.sys
    .

    ------- Sigcheck -------

    [-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
    [-] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ntfs.sys
    [-] 2009-08-21 02:04 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\SYSTEM32\DLLCACHE\ntfs.sys
    [-] 2009-08-21 02:04 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\SYSTEM32\DRIVERS\ntfs.sys
    .
    ((((((((((((((((((((((((((((( SnapShot@2009-08-20_16.07.47 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-08-21 02:41 . 2009-08-21 02:41 16384 c:\windows\temp\Perflib_Perfdata_784.dat
    + 2005-03-23 17:42 . 2009-08-20 16:11 72936 c:\windows\SYSTEM32\PERFC009.DAT
    - 2005-03-23 17:42 . 2005-01-12 05:45 72936 c:\windows\SYSTEM32\PERFC009.DAT
    + 2005-03-23 17:42 . 2009-08-20 16:11 444708 c:\windows\SYSTEM32\PERFH009.DAT
    - 2005-03-23 17:42 . 2005-01-12 05:45 444708 c:\windows\SYSTEM32\PERFH009.DAT
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-19 160768]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

    c:\documents and settings\secours\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2005-12-14 61440]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 9.0 Icône AOL.lnk
    backup=c:\windows\pss\AOL 9.0 Icône AOL.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL Compagnon.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL Compagnon.lnk
    backup=c:\windows\pss\AOL Compagnon.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sipru.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Sipru.lnk
    backup=c:\windows\pss\Sipru.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SkyMessager.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\SkyMessager.lnk
    backup=c:\windows\pss\SkyMessager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^moi^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
    path=c:\documents and settings\moi\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
    backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Apple Mobile Device"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\SYSTEM32\\RTCSHARE.EXE"=
    "c:\\Valve\\Steam\\SteamApps\\kash_e2\\counter-strike\\hl.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
    "c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Valve\\Steam\\Steam.exe"=
    "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
    "c:\\Program Files\\BitComet\\BitComet.exe"=
    "c:\documents and settings\moi\Application Data\Facebook\facebook.exe"= c:\documents and settings\moi\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\program files\Neuf\Media Center\httpd\httpd.exe"= c:\program files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6346:TCP"= 6346:TCP:*:D isabled:Shareaza
    "6346:UDP"= 6346:UDP:*:D isabled:Shareaza
    "26180:TCP"= 26180:TCP:neuf telecom
    "26181:TCP"= 26181:TCP:neuf telecom
    "9876:TCP"= 9876:TCP:neuf telecom
    "26190:UDP"= 26190:UDP:*:D isabled:SesamTV PVR
    "31336:TCP"= 31336:TCP:*:D isabled:adsl tv
    "31336:UDP"= 31336:UDP:*:D isabled:adsl tv
    "10625:TCP"= 10625:TCP:*:D isabled:SHAREAZA
    "10625:UDP"= 10625:UDP:*:D isabled:SHAREAZA
    "3128:TCP"= 3128:TCP:*:D isabled:ffff
    "3128:UDP"= 3128:UDP:*:D isabled:ffff
    "7080:TCP"= 7080:TCP:*:D isabled:max tv
    "21:UDP"= 21:UDP:*:D isabled:ultras
    "3900:TCP"= 3900:TCP:*:D isabled:Sopcast
    "3920:TCP"= 3920:TCP:*:D isabled:Sopcast
    "28464:TCP"= 28464:TCP:emule tcp
    "25140:UDP"= 25140:UDP:emule udp
    "16800:TCP"= 16800:TCP:*:D isabled:tvants
    "16800:UDP"= 16800:UDP:*:D isabled:tvants
    "5739:UDP"= 5739:UDP:p es2009
    "5730:UDP"= 5730:UDP:p es2009
    "5729:UDP"= 5729:UDP:p es2009
    "27588:TCP"= 27588:TCP:BitComet 27588 TCP
    "27588:UDP"= 27588:UDP:BitComet 27588 UDP
    "20085:TCP"= 20085:TCP:p es2009
    "20030:TCP"= 20030:TCP:p es2009
    "20020:TCP"= 20020:TCP:p es2009
    "20010:TCP"= 20010:TCP:p es2009
    "443:TCP"= 443:TCP:p es2009
    "8800:TCP"= 8800:TCP:p es2009
    "8899:TCP"= 8899:TCP:p es2009
    "14020:TCP"= 14020:TCP:p es2009

    S1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [01/04/2008 17:35 114768]
    S2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [01/04/2008 17:35 20560]
    S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\SYSTEM32\DRIVERS\CA533AV.SYS [14/08/2009 11:39 515803]
    S2 Vcs;Vcs support;c:\windows\SYSTEM32\DRIVERS\Vcs.sys [10/11/2005 21:40 6852]
    S3 3xHybrid;Pinnacle PCTV 110i service;c:\windows\SYSTEM32\DRIVERS\3xHybrid.sys [09/09/2006 23:26 827008]
    S3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\SYSTEM32\DRIVERS\HCWBT8XX.sys [21/09/2006 15:55 472644]
    S3 PAEAFLT.sys;USB Composite Device;c:\windows\SYSTEM32\DRIVERS\PAEAFLT.sys [15/07/2009 17:38 8576]
    S3 SPC230NC;Philips SPC230NC Webcam;c:\windows\SYSTEM32\DRIVERS\SPC230NC.SYS [15/07/2009 17:38 461056]
    S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\SYSTEM32\DRIVERS\Bulk533.sys [14/08/2009 11:39 10986]
    S3 wip0204;Wippien Network Adapter 2.4;c:\windows\SYSTEM32\DRIVERS\wip0204.sys [14/03/2009 02:53 23480]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = local
    IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: Download with Rapget - c:\documents and settings\moi\Bureau\RapGet [Wawa-Mania][By i_love_sexe]\RapGet [Wawa-Mania][By i_love_sexe]\rapget.htm
    DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-21 04:44
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-2668168583-2325841571-3812231592-1006\Software\SecuROM\License information*]
    "datasecu"=hex:3f,d1,93,2d,fe,a6,3f,96,b3,f3,7b,fe,d3,ee,97,c8,fc,76,79,16,d5,
    85,99,77,42,82,c5,91,c9,5a,ee,0e,34,ae,c9,7d,92,8c,9f,12,c8,db,19,87,0b,9a,\
    "rkeysecu"=hex:13,8c,e1,93,9d,8f,37,b3,15,e1,55,5d,4a,e3,a8,9a

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,57,98,68,e1,72,
    29,f2,59,c8,28,51,af,b0,29,a3,98,a8,8c,50,70,37,27,61,5f,e2,63,26,f1,3f,c8,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,b4,9b,4c,76,a6,
    33,33,f1,71,3b,04,66,8b,46,0d,96,92,a9,ed,24,b5,da,b7,14,6a,9c,d6,61,af,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,9c,21,80,53,69,
    fb,22,a3,25,da,ec,7e,55,20,c9,26,a8,92,fb,f7,81,77,94,85,ff,7c,85,e0,43,d4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,42,63,21,5e,77,
    57,7d,00,3e,1e,9e,e0,57,5a,93,61,54,2e,ee,e2,ce,73,db,ad,86,8c,21,01,be,91,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,fc,18,42,eb,82,
    72,e1,cf,cd,44,cd,b9,a6,33,6c,cd,94,de,66,78,8c,b1,f7,60,f5,1d,4d,73,a8,13,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:D f,20,58,62,78,6b,cf,c8,d1,ba,99,2e,6c,
    3d,69,08,b0,18,ed,a7,3f,8d,37,a4,92,c3,15,fd,2e,2c,c8,7f,df,20,58,62,78,6b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,44,e3,5f,5e,d0,
    fa,c6,a8,31,77,e1,ba,b1,f8,68,02,37,d4,52,5e,34,c0,47,1b,fb,a7,78,e6,12,2f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,ee,83,0d,eb,04,
    27,6b,d8,83,6c,56,8b,a0,85,96,ab,93,0e,df,da,bc,8d,3c,df,01,3a,48,fc,e8,04,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,91,6e,f7,a6,5d,
    4d,86,35,51,fa,6e,91,28,9e,14,cc,9a,d3,1d,7a,77,0d,4b,35,f6,0f,4e,58,98,5b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,05,95,79,48,3f,
    85,ec,43,b1,cd,45,5a,a8,c4,f8,b9,35,34,2d,94,24,b9,c4,9f,3d,ce,ea,26,2d,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,5a,50,a3,78,4f,
    e4,11,57,e3,0e,66,d5,eb,bc,2f,6b,f7,d4,9e,a2,ae,78,b3,32,2a,b7,cc,b5,b9,7f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,28,d2,16,d8,d9,
    ed,d0,48,fa,ea,66,7f,d4,3b,6b,70,c5,35,30,50,95,47,27,49,6c,43,2d,1e,aa,22,\

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(520)
    c:\windows\system32\shdoclc.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Internet Explorer\IEXPLORE.EXE
    .
    **************************************************************************
    .
    Completion time: 2009-08-21 4:50 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-08-21 02:50
    ComboFix2.txt 2009-08-21 02:23
    ComboFix3.txt 2009-08-21 01:32
    ComboFix4.txt 2009-08-21 00:47
    ComboFix5.txt 2009-08-21 02:35

    Pre-Run: 38 064 140 288 octets libres
    Post-Run: 38 022 868 992 octets libres

    330 --- E O F --- 2009-07-31 15:31
    a c 296 8 Sécurité
    a b 9 Windows
    21 Août 2009 04:56:39

    Refais un scan avec Malwarebytes' Anti-Malware.
    21 Août 2009 05:08:57

    c'est fait

    j'ai eu deux fichiers infecter,dois je les suprimés ?

    voici le rapport :

    Malwarebytes' Anti-Malware 1.40
    Version de la base de données: 2665
    Windows 5.1.2600 Service Pack 2 (Safe Mode)

    21/08/2009 05:06:31
    mbam-log-2009-08-21 (05-06-28).txt

    Type de recherche: Examen rapide
    Eléments examinés: 117760
    Temps écoulé: 6 minute(s), 38 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> No action taken.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    a c 296 8 Sécurité
    a b 9 Windows
    21 Août 2009 05:10:41

    Oui.

    Ton PC démarre en mode normal ?
    21 Août 2009 05:32:04

    MERCIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII

    oui mon pc demarre en mode normal tout fonctionne comme avant !!

    je ne sais pas comment te remercier mais sincerement du fond du coeur merci beacoup pour avoir pris de ton temps et de m'avoir aider a regler ce probleme

    je te souhaite pleins de bonne choses dans ta vie

    encore merci !
    a c 296 8 Sécurité
    a b 9 Windows
    21 Août 2009 05:33:47

  • Menu Démarrer > Exécuter > Tape combofix /u et valide.

  • Relance MBAM, va dans Quarantaine et supprime tout.

  • Refais un scan RSIT et poste le rapport log.
    21 Août 2009 05:57:12

    voicile rapport log :

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by moi at 2009-08-21 05:53:53
    Microsoft Windows XP Édition familiale Service Pack 2
    System drive C: has 34 GB (46%) free of 73 GB
    Total RAM: 2558 MB (80% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 05:54:01, on 21/08/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Documents and Settings\moi\Bureau\RSIT.exe
    C:\Program Files\trend micro\moi.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
    O3 - Toolbar: (no name) - {00000000-5736-4205-0008-781cd0e19f00} - (no file)
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download with Rapget - C:\Documents and Settings\moi\Bureau\RapGet [Wawa-Mania][By i_love_sexe]\RapGet [Wawa-Mania][By i_love_sexe]\rapget.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 6354 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {BA52B914-B692-46c4-B683-905236F6F655}
    {EF99BD32-C1FB-11D2-892F-0090271D4F88}
    {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}
    {00000000-5736-4205-0008-781cd0e19f00}
    {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "MSConfig"=C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [2004-08-19 160768]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-12-26 13680640]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
    C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe [2008-11-18 2356088]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Athan]
    C:\Program Files\Athan\Athan.exe [2007-09-06 1003520]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\braviax]
    C:\WINDOWS\system32\msword98.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    C:\Program Files\DAEMON Tools\daemon.exe -lang 1036 []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
    C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2004-09-15 86016]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -k []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
    c:\PROGRA~1\mcafee.com\agent\McAgent.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
    C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
    C:\PROGRA~1\mcafee.com\agent\McUpdate.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msword98]
    C:\WINDOWS\system32\msword98.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetCruiser Proxy]
    C:\Program Files\NetCruiser\NCProxy.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    C:\WINDOWS\system32\NvCpl.dll [2008-12-26 13680640]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    C:\WINDOWS\system32\NvMcTray.dll [2008-12-26 86016]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Antispyware 2010]
    C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe /hide []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Philips Intelligent Agent]
    C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe /SILENT []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
    C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]
    C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\QTTask.exe -atboottime []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regedit32]
    C:\WINDOWS\system32\regedit.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
    C:\Program Files\Shareaza\Shareaza.exe -tray []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPC_Monitor]
    C:\WINDOWS\Philips\SPC230NC\Monitor.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
    C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vcs4diamond]
    C:\Program Files\AV Vcs 4.0\Vcs4Core.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
    C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
    c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
    c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe /checktask []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wippien]
    C:\Program Files\Wippien\Wippien.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WireLessKeyboard]
    C:\Program Files\Multimedia Keyboard Driver\StartAutorun.exe PS2USBKbdDrv.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WireLessMouse]
    C:\Program Files\Office Mouse Driver\StartAutorun.exe MouseDrv.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]
    C:\PROGRA~1\AOL9~1.0\aoltray.exe -check []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL Compagnon.lnk]
    C:\PROGRA~1\AOLCOM~1\COMPAN~1.EXE /s []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sipru.lnk]
    C:\PROGRA~1\Sipru\sipru.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SkyMessager.lnk]
    C:\Program Files\SkyMessager\skymess.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^moi^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
    C:\PROGRA~1\OPENOF~1.0\program\QUICKS~1.EXE [2005-12-14 61440]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Apple Mobile Device"=2

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\WINDOWS\SYSTEM32\RTCSHARE.EXE"="C:\WINDOWS\SYSTEM32\RTCSHARE.EXE:*:D isabled:p artage de l'application RTC"
    "C:\Valve\Steam\SteamApps\kash_e2\counter-strike\hl.exe"="C:\Valve\Steam\SteamApps\kash_e2\counter-strike\hl.exe:*:D isabled:Half-Life Launcher"
    "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:D isabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:D isabled:Windows Messenger"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
    "C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:D isabled:Windows Media Player"
    "C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\HelpCtr.exe"="C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\HelpCtr.exe:*:D isabled:Assistance à distance - Windows Messenger et voix"
    "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
    "C:\Valve\Steam\Steam.exe"="C:\Valve\Steam\Steam.exe:*:Enabled:Steam"
    "C:\Program Files\KONAMI\Pro Evolution Soccer 6\PES6.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 6\PES6.exe:*:Enabled:p es6.exe"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:p ro Evolution Soccer 2009"
    "C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
    "C:\Documents and Settings\moi\Application Data\Facebook\facebook.exe"="C:\Documents and Settings\moi\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\Program Files\Neuf\Media Center\httpd\httpd.exe"="C:\Program Files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    ======List of files/folders created in the last 1 months======

    2009-08-21 05:52:41 ----SHD---- C:\RECYCLER
    2009-08-21 05:30:25 ----A---- C:\WINDOWS\system32\msisip.dll
    2009-08-21 05:30:25 ----A---- C:\WINDOWS\system32\msimsg.dll
    2009-08-21 05:30:25 ----A---- C:\WINDOWS\system32\msihnd.dll
    2009-08-21 05:30:25 ----A---- C:\WINDOWS\system32\msiexec.exe
    2009-08-21 05:30:25 ----A---- C:\WINDOWS\system32\msi.dll
    2009-08-21 05:30:24 ----DC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
    2009-08-21 05:29:45 ----D---- C:\WINDOWS\ServicePackFiles
    2009-08-21 05:29:42 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
    2009-08-21 05:28:03 ----D---- C:\WINDOWS\LastGood
    2009-08-21 04:50:42 ----D---- C:\WINDOWS\temp
    2009-08-21 04:50:40 ----A---- C:\ComboFix.txt
    2009-08-20 19:17:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-08-20 19:07:37 ----SD---- C:\65604-CF
    2009-08-14 11:39:57 ----A---- C:\WINDOWS\CA533A.INI
    2009-08-13 22:10:14 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
    2009-08-13 22:10:14 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
    2009-08-13 22:10:13 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
    2009-08-13 22:09:56 ----D---- C:\WINDOWS\system32\xlive
    2009-08-13 22:09:55 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
    2009-08-13 22:09:15 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
    2009-08-13 22:09:15 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
    2009-08-13 22:09:14 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
    2009-08-13 22:09:10 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
    2009-08-13 22:09:10 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
    2009-08-13 22:09:06 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
    2009-08-13 22:09:03 ----A---- C:\WINDOWS\system32\xinput1_3.dll
    2009-08-13 21:07:47 ----D---- C:\Program Files\Street Fighter IV
    2009-08-13 11:55:49 ----D---- C:\Program Files\Simulateur de conduite 3D
    2009-07-23 14:53:57 ----D---- C:\Program Files\DkZ Studio

    ======List of files/folders modified in the last 1 months======

    2009-08-21 05:54:01 ----D---- C:\WINDOWS\Prefetch
    2009-08-21 05:53:54 ----D---- C:\Program Files\trend micro
    2009-08-21 05:52:36 ----D---- C:\WINDOWS
    2009-08-21 05:52:29 ----D---- C:\WINDOWS\SYSTEM32
    2009-08-21 05:52:20 ----SHD---- C:\System Volume Information
    2009-08-21 05:52:20 ----D---- C:\WINDOWS\system32\Restore
    2009-08-21 05:52:16 ----D---- C:\WINDOWS\ERDNT
    2009-08-21 05:52:11 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-08-21 05:30:42 ----RSHDC---- C:\WINDOWS\system32\DLLCACHE
    2009-08-21 05:30:42 ----D---- C:\WINDOWS\system32\CatRoot
    2009-08-21 05:30:39 ----HD---- C:\WINDOWS\INF
    2009-08-21 05:28:05 ----HD---- C:\WINDOWS\$hf_mig$
    2009-08-21 05:27:01 ----SH---- C:\boot.ini
    2009-08-21 05:27:01 ----A---- C:\WINDOWS\WIN.INI
    2009-08-21 05:27:01 ----A---- C:\WINDOWS\system.ini
    2009-08-21 05:24:26 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-08-21 05:17:02 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-08-21 05:14:37 ----D---- C:\WINDOWS\system32\DRIVERS
    2009-08-21 05:14:05 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-08-21 04:40:29 ----D---- C:\Program Files\Fichiers communs
    2009-08-21 04:38:44 ----D---- C:\WINDOWS\AppPatch
    2009-08-21 04:13:47 ----RD---- C:\Program Files
    2009-08-21 03:24:55 ----D---- C:\WINDOWS\system32\CONFIG
    2009-08-17 18:10:20 ----A---- C:\WINDOWS\system32\aswBoot.exe
    2009-08-16 12:45:08 ----D---- C:\Program Files\Cheat 'O Matic
    2009-08-15 18:19:25 ----D---- C:\Program Files\eMule
    2009-08-15 15:28:58 ----D---- C:\WINDOWS\system32\FxsTmp
    2009-08-15 14:18:59 ----D---- C:\Documents and Settings\moi\Application Data\OpenOffice.org2
    2009-08-14 11:48:33 ----D---- C:\Program Files\SopCast
    2009-08-14 11:48:02 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
    2009-08-14 11:42:25 ----D---- C:\Program Files\Fichiers communs\Real
    2009-08-14 11:40:43 ----D---- C:\Program Files\mIRC
    2009-08-13 22:10:15 ----D---- C:\WINDOWS\system32\DirectX
    2009-08-01 14:44:37 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-08-01 14:42:27 ----D---- C:\Program Files\JPEG Compression
    2009-08-01 14:41:23 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
    R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
    R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
    R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-19 40320]
    R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-19 14848]
    R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]
    R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
    R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
    R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-05-21 5632]
    R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-19 12032]
    R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
    R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
    R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
    R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
    R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
    R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
    R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2271]
    R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
    R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
    R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
    R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
    R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
    R2 Vcs;Vcs support; \??\C:\WINDOWS\system32\Drivers\Vcs.sys []
    R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
    R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2003-09-26 44032]
    R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-10 25280]
    R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-19 9600]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-19 12288]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-12-26 6301344]
    R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2008-03-12 47360]
    R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
    R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-10-29 260096]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-19 26624]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-19 57600]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-19 20480]
    S2 Ca533av;Icatch(IV) Video Camera Device; C:\WINDOWS\System32\Drivers\Ca533av.sys [2002-10-21 515803]
    S3 3xHybrid;Pinnacle PCTV 110i service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-09-01 827008]
    S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
    S3 DSDrv4;DSDrv4; \??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys []
    S3 E100B;Pilote de carte Intel (R) PRO; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-23 117760]
    S3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys []
    S3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver; C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2006-01-25 472644]
    S3 HWIONT;HWIONT; \??\C:\Documents and Settings\moi\Bureau\moretv\HWIONT.sys []
    S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-19 15360]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-19 10880]
    S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-19 40320]
    S3 nocashio;nocashio; C:\WINDOWS\system32\drivers\nocashio.sys [2007-12-05 4096]
    S3 PAEAFLT.sys;USB Composite Device; C:\WINDOWS\system32\DRIVERS\PAEAFLT.sys [2007-09-26 8576]
    S3 Pcatip;Pcatip; C:\WINDOWS\System32\DRIVERS\Pcatip.sys [2006-03-28 68960]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-19 11136]
    S3 SPC230NC;Philips SPC230NC Webcam; C:\WINDOWS\system32\DRIVERS\SPC230NC.SYS [2007-12-31 461056]
    S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
    S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
    S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-19 15360]
    S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
    S3 USBCamera;Icatch(IV) Still Camera Device; C:\WINDOWS\System32\Drivers\Bulk533.sys [2002-07-25 10986]
    S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-19 31616]
    S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-19 26496]
    S3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys [2006-07-23 223128]
    S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
    S3 wip0204;Wippien Network Adapter 2.4; C:\WINDOWS\system32\DRIVERS\wip0204.sys [2008-12-31 23480]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2005-01-28 18944]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2008-07-16 380528]
    R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
    R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-12-26 163908]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]
    R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
    R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
    R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
    S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-19 268800]
    S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
    S3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe []
    S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe []
    S3 UMWdf;Infrastructure de pilote-mode utilisateur Windows; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

    -----------------EOF-----------------
    a c 296 8 Sécurité
    a b 9 Windows
    21 Août 2009 06:09:02

    Il reste des traces de l'infection.


    1/

  • Lance ce fichier : C:\Program Files\trend micro\moi.exe
  • Choisis Do a system scan only.
  • Coche les cases qui sont devant les lignes suivantes :

    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)

    O3 - Toolbar: (no name) - {00000000-5736-4205-0008-781cd0e19f00} - (no file)

    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)

    O8 - Extra context menu item: Download with Rapget - C:\Documents and Settings\moi\Bureau\RapGet [Wawa-Mania][By i_love_sexe]\RapGet [Wawa-Mania][By i_love_sexe]\rapget.htm

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

  • Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.
  • Ferme HijackThis.


    2/

  • Télécharge OTM (OldTimer) sur ton Bureau.
  • Double-clique sur OTM.exe afin de le lancer.
  • Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :reg
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\braviax]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msword98]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Antispyware 2010]

    :commands
    [purity]
    [emptytemp]

  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTM.

    ---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

  • Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
    ---> Le nom du rapport correspond au moment de sa création : date_heure.log
    21 Août 2009 06:22:25

    le logiciel ma demander de redemarrer

    voici le rapport :

    All processes killed
    ========== PROCESSES ==========
    No active process named explorer.exe was found!
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\braviax\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msword98\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Antispyware 2010\ deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrateur
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->FireFox cache emptied: 699307 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: LocalService
    ->Temp folder emptied: 65984 bytes
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: moi
    ->Temp folder emptied: 36529528 bytes
    ->Temporary Internet Files folder emptied: 40916089 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 36971769 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: secours
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 27548 bytes
    ->FireFox cache emptied: 118393173 bytes

    User: ya et she
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32835 bytes

    User: ya et she.DELL
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 1025802 bytes
    ->FireFox cache emptied: 11084276 bytes

    %systemdrive% .tmp files removed: 1073741824 bytes
    C:\WINDOWS\NV10841364.TMP folder deleted successfully.
    C:\WINDOWS\NV28082812.TMP folder deleted successfully.
    C:\WINDOWS\NV33643368.TMP folder deleted successfully.
    C:\WINDOWS\NV38603864.TMP folder deleted successfully.
    %systemroot% .tmp files removed: 62176794 bytes
    %systemroot%\System32 .tmp files removed: 618856844 bytes
    File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_78c.dat scheduled to be deleted on reboot.
    Windows Temp folder emptied: 17048 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1907,89 mb


    OTM by OldTimer - Version 3.0.0.6 log created on 08212009_061324

    Files moved on Reboot...
    File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
    File C:\WINDOWS\temp\Perflib_Perfdata_78c.dat not found!

    Registry entries deleted on Reboot...
    a c 296 8 Sécurité
    a b 9 Windows
    21 Août 2009 06:22:46

    Je vais dormir. Je te conseille de changer d'antivirus.

  • Désinstalle Avast.

  • Installe AntiVir et mets-le à jour.
  • Double-clique sur l'icône d'AntiVir (Parapluie) dans la barre des tâches.
  • Dans AntiVir, choisis Outils puis Configuration.
  • Coche Mode Expert et coche Rech. Rootkit au dém. de la recherche à droite dans Autres réglages puis valide.
  • Fais un scan complet, clique sur Tout réparer si AntiVir trouve quelque chose et poste le rapport.

    Tutoriel : Scanner le(s) disque(s) dur(s)
    21 Août 2009 06:24:50

    ok je vais aussi dormir,je fais ca demain matin

    merci pour tout
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS