Votre question

Virus - Trojan, pub, ect ...

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
31 Juillet 2009 16:45:44

Bonjour,

Voila, depuis quelque temps mon pc à beaucoup de bugs, je soupsonne un ou plusieurs virus ...

Sur google, lors d'une recherche, mes liens sont redirigés vers un : main.exoclick

Sur certain site, il m'est expliquer que mon ordi produit des attaques de DOS, et qu'il faut que je telecharge un logiciel. ( WiniFighter )

Lorsque que je surf sur internet, j'ai des fenetres qui s'ouvre avec un message me conseillant d'installer une protection windows.

AUCUNE mise a jour fonctionne. ( Anti-virus, Instalshield ... )

J'obtient un blue Screen lorsque je fait une analyse antivirus et le Pc redémarre ( Mon anti-virus : Avira Antivir Free version )

Windows bloque au démarrage.

Voila, je pense avoir détailler au mieu mon problème.

Cordialement,

No thanks.

Autres pages sur : virus trojan pub ect

a c 296 8 Sécurité
a b 9 Windows
31 Juillet 2009 17:01:27

Bonjour,

Je connais cette infection.

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
    (Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit.
    31 Juillet 2009 17:27:02

    Re,

    Voila le log.txt :

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Nothanks at 2009-07-31 17:03:09
    Microsoft® Windows Vista™ Édition Familiale Premium
    System drive C: has 113 GB (49%) free of 230 GB
    Total RAM: 1022 MB (34% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:03:49, on 31/07/2009
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16851)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Users\jawed\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Common Files\aol\1136148254\ee\aolsoftware.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\tsnp2std.exe
    C:\Windows\vsnp2std.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\Windows\System32\rundll32.exe
    C:\Users\khalida\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
    C:\Windows\ehome\ehmsas.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\WiniFighter Software\WiniFighter\WiniFighterSvc.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Users\khalida\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe
    C:\Program Files\OrangeHSS\Launcher\Launcher.exe
    C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
    C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
    C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
    C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\1\FTCOMModule.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\explorer.exe
    C:\Users\khalida\Downloads\RSIT.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\trend micro\khalida.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plusnetwork.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: VirtualCamera IEMenu Class - {0246A1A7-820A-469A-85A7-7B7F01EB808C} - C:\Program Files\VirtualCamera\VirtualCameraMenu.dll (file missing)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
    O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: snappyads browser enhancer - {75ED6216-05EA-367A-7EF5-624E804A5301} - C:\Windows\system32\gnduugtqrjix.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
    O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
    O2 - BHO: EoBHO - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (file missing)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136148254\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe
    O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
    O4 - HKLM\..\Run: [pivazlxzrsnat] C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\gnduugtqrjix.dll"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
    O4 - HKLM\..\RunOnce: [SoftwareHelper] C:\Users\jawed\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe -runonce
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    O4 - HKCU\..\Run: [CAMP SHIM EXIT HECK] "C:\ProgramData\up drv bore.k8fmqyt"
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: Outil de notification Live Search.lnk = C:\Users\khalida\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
    O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: OFFICE One Startup v7.lnk = ?
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: Voir les cookies - C:\Windows\web\showcookies.htm
    O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O13 - Gopher Prefix:
    O15 - Trusted Zone: http://www.orange.fr
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7D0D8D89-E526-41E1-B2A1-C9D37C8E8267}: NameServer = 85.255.112.184,85.255.112.75
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9A57FA04-365F-4F65-93E2-0641C1FC37FB}: NameServer = 85.255.112.184,85.255.112.75
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.184,85.255.112.75
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.184,85.255.112.75
    O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.184,85.255.112.75
    O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 85.255.112.184,85.255.112.75
    O17 - HKLM\System\CS6\Services\Tcpip\Parameters: NameServer = 85.255.112.184,85.255.112.75
    O17 - HKLM\System\CS7\Services\Tcpip\Parameters: NameServer = 85.255.112.184,85.255.112.75
    O17 - HKLM\System\CS8\Services\Tcpip\Parameters: NameServer = 85.255.112.184,85.255.112.75
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.184,85.255.112.75
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    O23 - Service: CameraServer - Unknown owner - C:\FlyCam\CameraServer.exe (file missing)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: COM Host (comHost) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Unknown owner - C:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (file missing)
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
    O23 - Service: Symantec AppCore Service (SymAppCore) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (file missing)
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.32\bin\mysqld.exe
    O23 - Service: WiniFighter Security Service (WiniFighterSvc) - Unknown owner - C:\Program Files\WiniFighter Software\WiniFighter\WiniFighterSvc.exe

    --
    End of file - 17501 bytes

    ======Scheduled tasks folder======

    C:\Windows\tasks\Extension de garantie.job
    C:\Windows\tasks\Norton Security Scan.job
    C:\Windows\tasks\NSSstub.job
    C:\Windows\tasks\Recovery DVD Creator.job
    C:\Windows\tasks\User_Feed_Synchronization-{3B04291C-74BF-4CD2-A0FF-5135F350E890}.job
    C:\Windows\tasks\User_Feed_Synchronization-{E3AAEEFA-0C41-428C-82DE-EFE16196CFF2}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0246A1A7-820A-469A-85A7-7B7F01EB808C}]
    VirtualCamera IEMenu Class - C:\Program Files\VirtualCamera\VirtualCameraMenu.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
    Windows Live OneCare Family Safety Browser Helper Class - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll [2007-12-17 56360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
    IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll [2009-05-25 68112]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2009-02-06 73072]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
    Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75ED6216-05EA-367A-7EF5-624E804A5301}]
    snappyads browser enhancer - C:\Windows\system32\gnduugtqrjix.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-02 259696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-24 669168]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
    IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2008-06-23 110592]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}]
    EoBHO Class - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
    Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-06-02 470512]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Ask.com Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
    FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll [2009-05-25 264720]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll []
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-02 259696]
    {D4027C7F-154A-4066-A1AD-4243D8127440} - Ask.com Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll []

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-25 1006264]
    "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-11-09 3784704]
    "HostManager"=C:\Program Files\Common Files\AOL\1136148254\ee\AOLSoftware.exe [2006-11-14 50736]
    ""= []
    "RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2006-11-20 228088]
    "ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2005-08-11 249856]
    "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
    "ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe []
    "osCheck"=C:\Program Files\Norton Internet Security\osCheck.exe []
    "SystrayORAHSS"=C:\Program Files\OrangeHSS\Systray\SystrayApp.exe [2007-09-25 94208]
    "fssui"=C:\Program Files\Windows Live\Family Safety\fsui.exe -autorun []
    "Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe /a /m C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll []
    "ORAHSSSessionManager"=C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe [2007-09-25 102400]
    "NvSvc"=C:\Windows\system32\nvsvc.dll [2007-09-12 86016]
    "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-09-12 8497696]
    "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-09-12 81920]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
    "tsnp2std"=C:\Windows\tsnp2std.exe [2007-05-10 270336]
    "snp2std"=C:\Windows\vsnp2std.exe [2007-09-28 344064]
    "pivazlxzrsnat"=C:\Windows\System32\regsvr32.exe [2006-11-02 14336]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]
    "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
    "ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-12-08 1173384]
    "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-05-25 303376]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SoftwareHelper"=C:\Users\jawed\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe [2008-12-09 368224]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-25 1232896]
    "SmpcSys"=C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe [2006-10-23 1092152]
    "CAMP SHIM EXIT HECK"=C:\ProgramData\up drv bore.k8fmqyt []
    "ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11 249856]
    ""= []
    "msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
    "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    Contrôleur de calendrier Ulead.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
    OFFICE One Startup v7.lnk - C:\Program Files\OFFICE One v7\OFFICE One Startup v7\oostartupv7.exe

    C:\Users\khalida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    Outil de notification Live Search.lnk - C:\Users\khalida\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    C:\Windows\system32\klogon.dll [2009-05-25 219664]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "LogonHoursAction"=2
    "DontDisplayLogonHoursWarnings"=1

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "EnableLUA"=0
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
    shell\AutoRun\command - J:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e77b98c-4389-11de-bbbb-00038a000015}]
    shell\Auto\command - Start.exe
    shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c39c973-9aa4-11dd-a0d4-00038a000015}]
    shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\copy.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29f7387c-938e-11dd-b35a-00038a000015}]
    shell\AutoRun\command - J:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9c96062-d4a5-11dc-83da-00038a000015}]
    shell\AutoRun\command - I:\ClickMe.exe


    ======File associations======

    .bat - edit - %SystemRoot%\System32\NOTEPAD.EXE %1"
    .ini - open - %SystemRoot%\System32\NOTEPAD.EXE %1"
    .reg - open - "regedit.exe" "%1"
    .scr - open -
    .scr - install -
    .scr - config -

    ======List of files/folders created in the last 1 months======

    2009-12-28 06:23:46 ----A---- C:\Windows\50238trojz97.exe
    2009-12-27 11:35:58 ----A---- C:\Windows\system32\29612worm1fz5.exe
    2009-12-25 19:38:48 ----A---- C:\Windows\21aezddwar92519.dll
    2009-12-24 08:13:00 ----A---- C:\Windows\system32\58z79troj598.exe
    2009-12-23 11:40:55 ----A---- C:\Windows\system32\7d075h9ef2z71.exe
    2009-12-20 12:14:53 ----A---- C:\Windows\553zd95nloader1818.exe
    2009-12-17 07:46:35 ----A---- C:\Windows\system32\6556spar9e6z1.exe
    2009-12-11 13:37:48 ----A---- C:\Windows\system32\16459spambzt4775.dll
    2009-12-09 01:34:11 ----A---- C:\Windows\5e9bstea93156z.exe
    2009-12-05 10:10:30 ----A---- C:\Windows\system32\21z96worm6715.dll
    2009-12-04 09:27:15 ----A---- C:\Windows\system32\22015trojz69.dll
    2009-12-01 22:41:18 ----A---- C:\Windows\94bestezl235.dll
    2009-12-01 11:35:31 ----A---- C:\Windows\7343not-a-zir591f0.exe
    2009-11-27 18:45:17 ----A---- C:\Windows\14693v9rzs1ba5.dll
    2009-11-23 21:34:53 ----A---- C:\Windows\system32\235csp5rse1z93.dll
    2009-11-23 15:16:37 ----A---- C:\Windows\system32\79acspywar5z156.dll
    2009-11-22 09:38:00 ----A---- C:\Windows\4912zr5j529.dll
    2009-11-21 02:40:46 ----A---- C:\Windows\system32\297zvi5711.dll
    2009-11-20 15:39:41 ----A---- C:\Windows\system32\935265irus2z7.dll
    2009-11-19 19:10:20 ----A---- C:\Windows\system32\98f5bazkdoor1306.dll
    2009-11-19 01:21:38 ----A---- C:\Windows\31955troj4cz.dll
    2009-11-14 22:13:43 ----A---- C:\Windows\system32\780d9parsz16855.dll
    2009-11-11 08:24:31 ----A---- C:\Windows\117295ot-a-virus5z8.dll
    2009-11-08 08:43:02 ----A---- C:\Windows\system32\1111spyw5r92z46.dll
    2009-11-07 16:05:40 ----A---- C:\Windows\59581tzoj759.dll
    2009-11-07 12:48:55 ----A---- C:\Windows\system32\515ad9warez203.dll
    2009-11-06 13:07:59 ----A---- C:\Windows\system32\356219acztool441.exe
    2009-11-05 19:09:46 ----A---- C:\Windows\system32\13959v5r9s5z6.exe
    2009-11-04 21:13:09 ----A---- C:\Windows\system32\169dzddw5re953.exe
    2009-11-01 08:42:36 ----A---- C:\Windows\433fd5wnl9adez593.dll
    2009-11-01 02:20:50 ----A---- C:\Windows\5043s9arsez445.exe
    2009-10-23 08:48:21 ----A---- C:\Windows\z1540w9rm589.dll
    2009-10-22 02:02:48 ----A---- C:\Windows\system32\90a1t5iefz976.exe
    2009-10-20 23:18:11 ----A---- C:\Windows\9z650w5rm749.dll
    2009-10-12 21:46:06 ----A---- C:\Windows\z5e19hreat22214.exe
    2009-10-11 16:36:39 ----A---- C:\Windows\4z1aad5ware2379.exe
    2009-09-28 17:20:33 ----A---- C:\Windows\system32\600fspyw95e14z9.exe
    2009-09-28 03:41:20 ----A---- C:\Windows\31z18spam5ot489.dll
    2009-09-25 23:03:09 ----A---- C:\Windows\95f6spyware2566z.dll
    2009-09-23 07:16:52 ----A---- C:\Windows\4z49t9re5t11906.dll
    2009-09-22 04:26:18 ----A---- C:\Windows\686zspywar92150.dll
    2009-09-19 09:00:45 ----A---- C:\Windows\2db6s9y5arz2175.dll
    2009-09-19 08:42:43 ----A---- C:\Windows\25325wozm1f29.dll
    2009-09-19 08:14:21 ----A---- C:\Windows\25693s9y5zc.exe
    2009-09-18 17:46:25 ----A---- C:\Windows\7595zteal1502.exe
    2009-09-18 06:36:38 ----A---- C:\Windows\5e89vzr16195.dll
    2009-09-10 01:03:10 ----A---- C:\Windows\5b9zsteal589.exe
    2009-09-05 14:06:23 ----A---- C:\Windows\5ec8t5reat92966z.exe
    2009-09-05 06:27:34 ----A---- C:\Windows\b59spyzare2879.dll
    2009-08-28 12:09:29 ----A---- C:\Windows\5220thr5az14698.exe
    2009-08-27 18:05:38 ----A---- C:\Windows\92e5backzoor2051.exe
    2009-08-25 16:26:04 ----A---- C:\Windows\49d7addwaze571.exe
    2009-08-24 06:44:03 ----A---- C:\Windows\system32\5e2caddz9re8.dll
    2009-08-23 20:04:48 ----A---- C:\Windows\8z97spy18d5.dll
    2009-08-18 18:56:37 ----A---- C:\Windows\153b5pa9se902z.dll
    2009-08-13 09:50:16 ----A---- C:\Windows\159229ot-a-zirus45d.dll
    2009-08-10 19:48:01 ----A---- C:\Windows\60195zief2220.dll
    2009-08-06 05:55:45 ----A---- C:\Windows\22z29sp5759.exe
    2009-08-04 08:03:57 ----A---- C:\Windows\zc35d5wnloader24139.exe
    2009-08-02 00:37:19 ----A---- C:\Windows\7c0baddwaze92695.dll
    2009-07-31 17:03:11 ----D---- C:\Program Files\trend micro
    2009-07-31 17:03:09 ----D---- C:\rsit
    2009-07-29 19:50:51 ----AD---- C:\Program Files\SystemRequirementsLab
    2009-07-29 19:50:39 ----AD---- C:\Users\khalida\AppData\Roaming\SystemRequirementsLab
    2009-07-29 19:47:42 ----AD---- C:\ProgramData\ma-config.com
    2009-07-29 19:47:42 ----AD---- C:\Program Files\ma-config.com
    2009-07-29 14:26:57 ----A---- C:\Windows\system32\7a4zdownl5ader2297.dll
    2009-07-29 14:26:56 ----A---- C:\Windows\system32\21964tr5j7z.dll
    2009-07-29 14:26:56 ----A---- C:\Windows\9086threatz3555.dll
    2009-07-29 14:26:56 ----A---- C:\Windows\10291troj659z.dll
    2009-07-29 14:26:49 ----A---- C:\Windows\73579pzrse1761.exe
    2009-07-29 14:26:25 ----A---- C:\Windows\system32\z26vir953c4.exe
    2009-07-29 14:26:25 ----A---- C:\Windows\system32\1z147s592bc.dll
    2009-07-29 14:26:24 ----A---- C:\Windows\6524h9ckzool4fc.dll
    2009-07-29 14:26:23 ----A---- C:\Windows\system32\ae4addza5e2359.exe
    2009-07-29 14:26:22 ----A---- C:\Windows\391875rojbdz.exe
    2009-07-29 14:26:21 ----A---- C:\Windows\1517zhacktool4595.exe
    2009-07-29 14:26:20 ----A---- C:\Windows\6915stealz101.dll
    2009-07-29 14:26:20 ----A---- C:\Windows\457zsp5rse1945.exe
    2009-07-29 14:26:20 ----A---- C:\Windows\234815ot-a9vzrus6a.dll
    2009-07-29 14:26:18 ----A---- C:\Windows\z328th5eat24892.dll
    2009-07-29 14:26:17 ----A---- C:\Windows\system32\15188virzs5a9.dll
    2009-07-29 14:26:17 ----A---- C:\Windows\system32\12149wormz57.exe
    2009-07-29 14:26:16 ----A---- C:\Windows\z7981v5ru9145.exe
    2009-07-29 14:26:15 ----A---- C:\Windows\system32\39ebsteal95z1.exe
    2009-07-29 14:26:14 ----AD---- C:\Program Files\WiniFighter Software
    2009-07-29 14:26:14 ----A---- C:\Windows\system32\2c2fsp9r5e80z.dll
    2009-07-29 14:26:13 ----A---- C:\Windows\356zvi92715.exe
    2009-07-29 14:26:12 ----A---- C:\Windows\system32\598z9py653.dll
    2009-07-29 14:26:12 ----A---- C:\Windows\291zwor95ee.exe
    2009-07-29 14:26:11 ----A---- C:\Windows\system32\48cz5hreat8981.dll
    2009-07-29 14:26:10 ----A---- C:\Windows\system32\597zsp56c9.dll
    2009-07-29 14:26:10 ----A---- C:\Windows\45b9backdooz2893.exe
    2009-07-29 14:26:09 ----A---- C:\Windows\system32\669959czdoor1596.exe
    2009-07-29 14:26:08 ----A---- C:\Windows\system32\19227spambzt6359.exe
    2009-07-29 14:26:07 ----A---- C:\Windows\7c5fviz489.dll
    2009-07-29 14:26:06 ----A---- C:\Windows\50458sp9z00.dll
    2009-07-29 14:26:06 ----A---- C:\Windows\31969zpy355.exe
    2009-07-29 14:26:06 ----A---- C:\Windows\24z9backdoo5357.dll
    2009-07-29 14:26:05 ----A---- C:\Windows\system32\492sp5warez690.dll
    2009-07-29 14:26:04 ----A---- C:\Windows\system32\73z49pam5ot239.dll
    2009-07-29 14:26:03 ----A---- C:\Windows\system32\7efeb5c9doorz878.exe
    2009-07-29 14:26:02 ----A---- C:\Windows\33c5b5czd9or657.exe
    2009-07-29 14:26:00 ----A---- C:\Windows\z93789orm556.dll
    2009-07-29 14:26:00 ----A---- C:\Windows\system32\z712s5ambot291.exe
    2009-07-29 14:26:00 ----A---- C:\Windows\3z7aad9w5re2129.dll
    2009-07-29 14:25:59 ----A---- C:\Windows\system32\z649pambot6c5.dll
    2009-07-27 15:21:55 ----AD---- C:\ProgramData\Kaspersky Lab
    2009-07-27 15:21:55 ----AD---- C:\Program Files\Kaspersky Lab
    2009-07-27 14:52:33 ----AD---- C:\ProgramData\Kaspersky Lab Setup Files
    2009-07-25 21:32:17 ----AD---- C:\Program Files\Common Files\PC Tools
    2009-07-25 21:32:09 ----AD---- C:\Users\khalida\AppData\Roaming\PC Tools
    2009-07-25 21:32:09 ----AD---- C:\ProgramData\PC Tools
    2009-07-25 21:32:09 ----AD---- C:\Program Files\Spyware Doctor
    2009-07-24 15:24:28 ----AD---- C:\ProgramData\Avira
    2009-07-24 10:31:16 ----A---- C:\Windows\z2742vir5s2e69.dll
    2009-07-24 10:16:10 ----D---- C:\Users\khalida\AppData\Roaming\Nero
    2009-07-23 23:54:04 ----A---- C:\Windows\system32\377zad5ware390.exe
    2009-07-23 21:36:13 ----A---- C:\Windows\system32\javaws.exe
    2009-07-23 21:36:13 ----A---- C:\Windows\system32\javaw.exe
    2009-07-23 21:36:11 ----A---- C:\Windows\system32\java.exe
    2009-07-23 01:26:37 ----A---- C:\Windows\system32\pncrt.dll
    2009-07-23 01:25:23 ----AD---- C:\Program Files\FreeTime
    2009-07-19 13:09:17 ----A---- C:\Windows\211z5troj598.dll
    2009-07-18 17:07:12 ----A---- C:\Windows\system32\NCTVideoFile.dll
    2009-07-18 17:07:12 ----A---- C:\Windows\system32\NCTVideoCompress.dll
    2009-07-18 17:07:12 ----A---- C:\Windows\system32\NCTQuickTimeFile.dll
    2009-07-18 17:07:12 ----A---- C:\Windows\system32\mcdvd_32.dll
    2009-07-18 17:07:11 ----A---- C:\Windows\system32\NCTWMVFile.dll
    2009-07-18 17:07:11 ----A---- C:\Windows\system32\NCTVideoCoreU.dll
    2009-07-18 17:07:11 ----A---- C:\Windows\system32\NCTVideoCoreM.dll
    2009-07-18 17:07:11 ----A---- C:\Windows\system32\NCTRMFile.dll
    2009-07-18 17:07:11 ----A---- C:\Windows\system32\NCTAVIFile.dll
    2009-07-18 17:07:11 ----A---- C:\Windows\system32\NCTAudioFile2.dll
    2009-07-18 17:07:10 ----A---- C:\Windows\system32\NCTAudioCompress3.dll
    2009-07-18 17:07:10 ----A---- C:\Windows\system32\NCTAudioCompress2.dll
    2009-07-18 17:07:10 ----A---- C:\Windows\system32\lame_enc.dll
    2009-07-18 13:24:36 ----AD---- C:\Users\khalida\AppData\Roaming\Red Kawa
    2009-07-15 15:37:01 ----A---- C:\Windows\812zn5t-a-virus359.exe
    2009-07-15 09:26:06 ----A---- C:\Windows\system32\t2embed.dll
    2009-07-15 09:26:06 ----A---- C:\Windows\system32\fontsub.dll
    2009-07-15 09:26:05 ----A---- C:\Windows\system32\lpk.dll
    2009-07-15 09:26:05 ----A---- C:\Windows\system32\dciman32.dll
    2009-07-15 09:26:05 ----A---- C:\Windows\system32\atmlib.dll
    2009-07-15 09:26:05 ----A---- C:\Windows\system32\atmfd.dll
    2009-07-14 13:15:24 ----AD---- C:\Users\khalida\AppData\Roaming\dvdcss
    2009-07-14 11:50:43 ----AD---- C:\Users\khalida\AppData\Roaming\vlc
    2009-07-12 05:05:45 ----A---- C:\Windows\system32\12954woz93.dll
    2009-07-05 20:23:51 ----A---- C:\Windows\system32\z908tro9535.exe
    2009-07-04 11:41:59 ----AD---- C:\Users\khalida\AppData\Roaming\MessengerDiscovery 2
    2009-07-02 13:55:09 ----A---- C:\Windows\system32\73bd59dware78z.exe
    2009-07-01 16:48:47 ----D---- C:\Program Files\DNA

    ======List of files/folders modified in the last 1 months======

    2009-07-31 17:03:11 ----D---- C:\Program Files
    2009-07-31 17:03:01 ----D---- C:\Windows\Temp
    2009-07-31 16:21:57 ----D---- C:\Windows\Prefetch
    2009-07-31 15:35:20 ----AD---- C:\ProgramData\TEMP
    2009-07-31 15:17:06 ----AD---- C:\Program Files\Mozilla Firefox
    2009-07-31 15:11:10 ----D---- C:\Windows\system32\drivers
    2009-07-30 23:32:16 ----D---- C:\Windows\Minidump
    2009-07-30 23:32:03 ----D---- C:\Windows
    2009-07-29 20:52:04 ----D---- C:\Windows\system32\catroot2
    2009-07-29 20:03:04 ----SHD---- C:\System Volume Information
    2009-07-29 19:58:03 ----D---- C:\Windows\System32
    2009-07-29 19:58:02 ----D---- C:\Windows\inf
    2009-07-29 19:58:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2009-07-29 19:56:10 ----D---- C:\Windows\system32\catroot
    2009-07-29 19:48:05 ----SHD---- C:\Windows\Installer
    2009-07-29 19:47:42 ----D---- C:\ProgramData
    2009-07-29 18:18:39 ----A---- C:\Windows\ntbtlog.txt
    2009-07-27 16:30:46 ----AD---- C:\Program Files\Common Files\DVDVideoSoft
    2009-07-27 16:30:28 ----AD---- C:\Program Files\DVDVideoSoft
    2009-07-27 15:15:25 ----D---- C:\Program Files\Symantec
    2009-07-27 15:11:09 ----D---- C:\Program Files\Norton Internet Security
    2009-07-27 15:10:17 ----D---- C:\Program Files\Common Files\Symantec Shared
    2009-07-27 15:08:35 ----D---- C:\ProgramData\Symantec
    2009-07-27 15:08:17 ----D---- C:\Windows\Tasks
    2009-07-27 13:31:29 ----D---- C:\Windows\system32\Macromed
    2009-07-25 21:32:17 ----D---- C:\Program Files\Common Files
    2009-07-24 15:45:41 ----D---- C:\Program Files\Avira
    2009-07-24 15:10:19 ----D---- C:\Windows\system32\Tasks
    2009-07-24 12:51:54 ----AD---- C:\Windows\system32\Adobe
    2009-07-24 11:18:54 ----HD---- C:\Windows\system32\GroupPolicyUsers
    2009-07-24 11:06:07 ----AD---- C:\Program Files\MessengerDiscovery 2
    2009-07-24 10:21:26 ----D---- C:\Program Files\Image-Line
    2009-07-23 21:35:42 ----D---- C:\Program Files\Java
    2009-07-23 01:50:25 ----A---- C:\Windows\win.ini
    2009-07-23 01:40:54 ----D---- C:\Program Files\Avidemux 2.4
    2009-07-23 00:19:48 ----AD---- C:\Program Files\StuffPlug3
    2009-07-20 12:18:25 ----D---- C:\Windows\winsxs
    2009-07-20 12:05:18 ----D---- C:\Program Files\Windows Mail
    2009-07-19 13:45:24 ----AD---- C:\Program Files\CamStudio
    2009-07-15 13:28:22 ----AD---- C:\Program Files\AviSynth 2.5
    2009-07-13 12:13:16 ----D---- C:\Program Files\Messenger Plus! Live
    2009-07-07 17:10:56 ----A---- C:\Windows\system32\mrt.exe
    2009-07-05 10:49:06 ----D---- C:\Users\khalida\AppData\Roaming\LimeWire

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
    R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
    R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080508.002\IDSvix86.sys [2008-02-13 261680]
    R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2009-05-24 128016]
    R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2009-07-27 280592]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2009-05-15 21008]
    R1 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-12-01 279088]
    R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-12-01 43696]
    R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
    R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2008-10-03 187952]
    R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
    R2 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2007-10-17 43816]
    R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\fetnd6v.sys [2008-12-04 43520]
    R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-04-11 25280]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-11-08 1647976]
    R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2009-05-16 19472]
    R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080509.004\NAVENG.SYS [2008-04-17 82256]
    R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080509.004\NAVEX15.SYS [2008-04-17 895408]
    R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-09-12 7623968]
    R3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys [2006-11-28 27072]
    R3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\Windows\system32\DRIVERS\snp2sxp.sys [2007-09-05 12212864]
    R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-01-06 124464]
    R3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2006-11-01 33588]
    R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
    S2 FLYCAM;FlyCam, WDM Video Capture; C:\Windows\system32\DRIVERS\flycam.sys [2006-01-12 705408]
    S2 VirtualCam;VirtualCamera; C:\Windows\system32\DRIVERS\VirtualCam.sys [2007-02-21 192512]
    S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder PSP Edition\SysInfo.sys []
    S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2009-05-29 14336]
    S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
    S3 dump_wmimmc;dump_wmimmc; \??\C:\Program Files\Gpotato.eu\Street Gears\GameGuard\dump_wmimmc.sys []
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
    S3 FETNDIS;Service de pilote de carte VIA famille Rhine 10/100Mo Fast Ethernet; C:\Windows\system32\DRIVERS\fetnd5.sys [2006-11-02 45568]
    S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\Windows\system32\DRIVERS\ManyCam.sys []
    S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
    S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
    S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
    S3 NPPTNT2;NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [2005-01-04 4682]
    S3 PCAMp50;PCAMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCAMp50.sys [2006-11-28 28224]
    S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
    S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-12-01 317616]
    S3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2008-10-03 12848]
    S3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2008-10-03 146096]
    S3 SYMIDS;SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [2008-10-03 39984]
    S3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2008-10-03 37936]
    S3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2008-10-03 27696]
    S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
    S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-03-14 607576]
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
    R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-05-11 185089]
    R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
    R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe [2007-09-25 65536]
    R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-12-05 935208]
    R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-20 166648]
    R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
    R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560]
    R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
    R2 WiniFighterSvc;WiniFighter Security Service; C:\Program Files\WiniFighter Software\WiniFighter\WiniFighterSvc.exe [2009-07-16 41472]
    R3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-20 887544]
    R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-05-25 303376]
    S2 CameraServer;CameraServer; C:\FlyCam\CameraServer.exe []
    S2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
    S2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
    S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
    S2 fsssvc;Windows Live OneCare Contrôle parental; C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe [2007-12-17 523816]
    S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
    S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe /m C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll []
    S2 SQLWriter;Enregistreur VSS SQL Server; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
    S2 SymAppCore;Symantec AppCore Service; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe []
    S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe []
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-05-13 651720]
    S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-02 182768]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
    S3 ISPwdSvc;Validation de mot de passe Symantec IS; C:\Program Files\Norton Internet Security\isPwdSvc.exe []
    S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-05-29 234864]
    S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2009-03-19 2739229]
    S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
    S3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe []
    S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2006-11-02 22016]
    S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe [2008-12-10 24636]
    S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.1.32\bin\mysqld.exe [2009-02-15 6558336]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

    -----------------EOF-----------------


    Et le info.txt :

    info.txt logfile of random's system information tool 1.06 2009-07-31 17:04:00

    ======Uninstall list======

    -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    -->C:\Program Files\OrangeHSS\Uninstall\Bas_Debit_CustoUpdate\Shell.exe MainUninstall.shl
    -->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
    -->MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
    -->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
    -->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
    -->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
    -->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
    -->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
    -->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
    1.0-->"C:\Program Files\gPotato.eu\Street Gears\unins000.exe"
    Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 8.1.6 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
    Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
    AOL - Assistant de désinstallation-->C:\Program Files\Common Files\AOL\uninstaller.exe
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
    Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
    Autodesk License Manager 1.0.31-->MsiExec.exe /I{CE5EB718-FCD1-410F-AC69-2EDCF63119BE}
    Avidemux 2.4-->C:\Program Files\Avidemux 2.4\uninstall.exe
    Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
    AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
    AVS Music Mix version 3.8-->"C:\Program Files\AVS4YOU\AVSMusicMix\unins000.exe"
    AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManger\unins000.exe"
    AVS Video Editor 4-->"C:\Program Files\AVS4YOU\AVSVideoEditor4\unins000.exe"
    AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
    CamStudio 2.0 Fr-->"C:\Program Files\CamStudio\unins000.exe"
    Cheat Engine 5.5-->"C:\Program Files\Cheat Engine\unins000.exe"
    Ciel Devis Factures 6.0-->MsiExec.exe /I{F29DDAD0-447D-4BDB-80CB-4276B4D5C9A7}
    Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe
    Creator 9-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *CREATOR9*
    DFX for Windows Media Player-->C:\Program Files\DFX\uninstall_WMP.exe
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Dragonica(FR)-->C:\Program Files\gPotato.eu\Dragonica\FR\uninst.exe
    Easy GIF Animator 4.9-->"C:\Program Files\Easy GIF Animator\unins000.exe"
    Extracteur d'icônes version 3.1-->"C:\Program Files\ExtracteurIcones31\unins000.exe"
    Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français)-->MsiExec.exe /X{3380F354-C5F7-4E71-8F51-EEE6C3F06C62}
    FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
    FormatFactory 2.00-->C:\Program Files\FreeTime\FormatFactory\uninst.exe
    Free YouTube Download 2.2-->"C:\Program Files\DVDVideoSoft\Free YouTube Download jawed\unins000.exe"
    Free YouTube to Mp3 Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
    Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
    GIMP 2.6.6-->"C:\Users\jawed\Documents\Serveur\Modification serveur\GIMP-2.0\setup\unins000.exe"
    Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
    Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
    Hamachi 1.0.2.5-->C:\Program Files\Hamachi\uninstall.exe
    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)-->C:\Windows\system32\msiexec.exe /package {D8087907-E255-3A41-A46D-D0F798709C71} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)-->C:\Windows\system32\msiexec.exe /package {D8087907-E255-3A41-A46D-D0F798709C71} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)-->C:\Windows\system32\msiexec.exe /package {D8087907-E255-3A41-A46D-D0F798709C71} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)-->C:\Windows\system32\msiexec.exe /package {D8087907-E255-3A41-A46D-D0F798709C71} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)-->C:\Windows\system32\msiexec.exe /package {D8087907-E255-3A41-A46D-D0F798709C71} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)-->C:\Windows\system32\msiexec.exe /package {D8087907-E255-3A41-A46D-D0F798709C71} /uninstall /qb+ REBOOTPROMPT=""
    Infocentre Rev. 2.0-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Infocentre*
    Inno Setup version 5.2.3-->"C:\Program Files\Inno Setup 5\unins000.exe"
    Java(TM) 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    Kaspersky Anti-Virus 2010-->MsiExec.exe /I{943B6738-4801-4982-90EC-0442EF7AEB16}
    Kaspersky Anti-Virus 2010-->MsiExec.exe /I{943B6738-4801-4982-90EC-0442EF7AEB16}
    L0phtCrack 6-->C:\Program Files\L0phtCrack 6\uninstall.exe
    LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
    Ma-Config.com-->MsiExec.exe /X{6C4D4FC0-467B-4BD7-8D11-50E49B2770D2}
    Maya 2009-->MsiExec.exe /I{2F05CEAF-A575-41E5-B3D0-FE4CEF83CA0A}
    Mega Manager-->C:\Program Files\InstallShield Installation Information\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}\setup.exe -runfromtemp -l0x0009 -removeonly
    Messenger Plus! Live & Sponsor (CiD)-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
    Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
    Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
    Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
    Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
    Microsoft Office 2000 SR-1 Professional-->MsiExec.exe /I{0001040C-78E1-11D2-B60F-006097C998E7}
    Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
    Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
    Microsoft SQL Server 2008 Management Objects-->MsiExec.exe /I{F5E87B12-3C27-452F-8E78-21D42164FD83}
    Microsoft SQL Server 2008 Setup Support Files (English)-->MsiExec.exe /X{9D6D76A6-4328-49E8-97A7-531A74841DA5}
    Microsoft SQL Server Compact 3.5 Design Tools FRA-->MsiExec.exe /X{043ECF7B-4724-4F7B-8A9D-BC22719E95F7}
    Microsoft SQL Server Compact 3.5 FRA-->MsiExec.exe /I{BE361597-42AC-4513-9BA6-FFAB310038FB}
    Microsoft SQL Server Native Client-->MsiExec.exe /I{9C7E944F-4502-40B8-A0AB-66B2FA9EE829}
    Microsoft SQL Server VSS Writer-->MsiExec.exe /I{75FF1600-6330-43FA-9022-E0835BF20778}
    Microsoft Visual C# 2008 Express Edition - FRA-->MsiExec.exe /X{68E06C07-FD33-33F7-8672-ED39128A419A}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2008 Express Edition - FRA-->MsiExec.exe /X{15473D70-D791-3B5E-B174-2FD19EC0D017}
    Microsoft Visual C++ 2008 Express Edition with SP1 - ENU-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual C++ 2008 Express Edition with SP1 - ENU\setup.exe
    Microsoft Visual C++ 2008 Express Edition with SP1 - ENU-->MsiExec.exe /X{D8087907-E255-3A41-A46D-D0F798709C71}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}
    Microsoft Visual C# 2008 Express - Français-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual C# 2008 Express Edition - FRA\setup.exe
    Microsoft Visual C++ 2008 Express - Français-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual C++ 2008 Express Edition - FRA\setup.exe
    Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework-->MsiExec.exe /X{AB47EEE8-507B-331F-AA28-B7C7257F014C}
    Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries-->MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu-->MsiExec.exe /X{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32-->MsiExec.exe /X{044F9133-B8D7-4d11-BF39-803FA20F5C8B}
    Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
    Mozilla Firefox (3.0.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MySQL Connector/ODBC 5.1-->MsiExec.exe /I{29042B1C-0713-4575-B7CA-5C8E7B0899D4}
    Navigateur Orange-->C:\Program Files\OrangeHSS\Uninstall\Browser\Shell.exe MainUninstall.shl
    Nero 9 Trial-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="8M01-A098-TC9C-CZPE-8HE4-T757-014K-1C1T"
    neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
    NIS2007-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *NIS2007_FR*
    No-IP.com DUC (remove only)-->"C:\Program Files\No-IP\DUC20.exe" -uninstall
    Norton Internet Security-->MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
    Norton Security Scan-->MsiExec.exe /I{1A8A214F-6BAC-4E01-A27D-25C19A484908}
    Norton™ Security Scan-->MsiExec.exe /I{DA15D535-5E1D-4076-B520-8571346D6238}
    Notepad++-->C:\Program Files\Notepad++\uninstall.exe
    NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
    OFFICE One 150 Templates v7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA147801-8946-4BBE-BE17-A2199CE52C81}\setup.exe" -l0x40c -removeonly
    OFFICE One 7.0-->MsiExec.exe /I{1EF377AC-035A-48BE-8EF7-D18D36308CE9}
    OFFICE One ClipArt v7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8F3555E-B918-445E-97D1-BC4861C4EF59}\setup.exe" -l0x40c -removeonly
    OFFICE One Fonts v7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC0C788C-7C68-47A9-BFBF-0DF7B205B4CC}\setup.exe" -l0x40c -removeonly
    OFFICE One License v7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E1A7B28B-AA31-442C-A4FA-598B65A7F5DA}\setup.exe" -l0x40c -removeonly
    OFFICE One Menu v7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85C5827E-106F-4497-8066-B7CFEBBEA91D}\setup.exe" -l0x40c -removeonly
    OFFICE One Notes v7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D2683BE-2C44-4DB5-BECD-87B324077A7F}\setup.exe" -l0x40c -removeonly
    OFFICE One QuickZip v7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87DEF84E-51A5-4A0E-91C2-E012E92DE69B}\setup.exe" -l0x40c -removeonly
    OFFICE One Safety-Box v7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B243ABE9-57C2-4B97-BA6B-37DF6C0208ED}\setup.exe" -l0x40c -removeonly
    OFFICE One Startup v7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FEC30F06-A382-47D1-B828-859AC641EB1D}\setup.exe" -l0x40c -removeonly
    Office One-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *OFFICE*
    Orange - Logiciels Internet-->C:\Program Files\OrangeHSS\installation\core\Installgui.exe -u
    Packard Bell Updator-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Updator*
    Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F}
    Pcsx2 0.9.6-->MsiExec.exe /I{0E2B767B-EA6A-489B-BF83-8083FE1DB661}
    Pegasus Imaging PICVideo Motion JPEG 4.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{5E02E45F-FC60-459C-9A5A-E1EB190B6DBD}
    Performance Dashboard Snappyads-->C:\Windows\system32\jxcserdodsunctpc.exe
    PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
    Picas
    Contenus similaires
    31 Juillet 2009 17:31:09

    Ps : Je tien a préciser que je ne suis pas le seul a utiliser cette ordi et qu'il existe 3 session, dont une qui a été supprimer récemment.
    Car au démarrage de cette section , elle bloque.

    J'ai également estimer la date de mon infection et il se peut qu'elle soit du 23/07/09 .



    Ps : Désoler du double post. je ne voulait pas meler se post a l'autre si dessus.

    Cordialement,

    Nothanks.
    a c 296 8 Sécurité
    a b 9 Windows
    31 Juillet 2009 17:35:38

  • Désactive l'UAC le temps de la désinfection.

    [#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Clique droit sur ComboFix.exe (le .exe n'est pas forcément visible) et choisis Exécuter en tant qu'administrateur.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix

    Si ComboFix ne se lance pas, renomme-le en IDN puis relance-le.
    31 Juillet 2009 19:42:37

    Voila le ComboFix.txt :

    ComboFix 09-07-29.04 - khalida 31/07/2009 18:05.1.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.1022.375 [GMT 2:00]
    Running from: c:\users\khalida\Desktop\IDN.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\$recycle.bin\S-1-5-21-1064510554-2561449835-89481721-500
    c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
    c:\progra~2\Microsoft\Network\Downloader\qmgr0.dat
    c:\progra~2\Microsoft\Network\Downloader\qmgr1.dat
    c:\program files\WiniFighter Software
    c:\program files\WiniFighter Software\WiniFighter\data.bin
    c:\program files\WiniFighter Software\WiniFighter\license.txt
    c:\program files\WiniFighter Software\WiniFighter\uninstall.exe
    c:\program files\WiniFighter Software\WiniFighter\WiniFighterSvc.exe
    c:\users\jawed\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp1A36.tmp
    c:\users\jawed\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp2D99.tmp
    c:\users\jawed\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp5F50.tmp
    c:\users\jawed\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp6010.tmp
    c:\users\jawed\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp625C.tmp
    c:\users\jawed\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp638.tmp
    c:\users\jawed\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp73A1.tmp
    c:\users\jawed\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp74F5.tmp
    c:\users\jawed\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp77AE.tmp
    c:\users\jawed\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp9673.tmp
    c:\users\jawed\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmpAD35.tmp
    c:\users\jawed\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmpBDA7.tmp
    c:\users\jawed\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmpD2CF.tmp
    c:\users\jawed\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmpD4FF.tmp
    c:\users\jawed\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmpE884.tmp
    c:\users\jawed\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmpF9E5.tmp
    c:\users\khalida\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp21AD.tmp
    c:\users\khalida\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp2950.tmp
    c:\users\khalida\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp376C.tmp
    c:\users\khalida\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp3848.tmp
    c:\users\khalida\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp3A17.tmp
    c:\users\khalida\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp3AB3.tmp
    c:\users\khalida\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp3F23.tmp
    c:\users\khalida\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp4141.tmp
    c:\users\khalida\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp496C.tmp
    c:\users\khalida\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp5EE0.tmp
    c:\users\khalida\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp70A8.tmp
    c:\users\khalida\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp70DF.tmp
    c:\users\khalida\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp8163.tmp
    c:\users\khalida\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp8B2E.tmp
    c:\users\khalida\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp9010.tmp
    c:\users\khalida\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp9471.tmp
    c:\users\khalida\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp9A90.tmp
    c:\users\khalida\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp9B0C.tmp
    c:\users\khalida\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp9CA3.tmp
    c:\users\khalida\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmpA04C.tmp
    c:\users\khalida\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmpB1FB.tmp
    c:\users\khalida\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmpB237.tmp
    c:\users\khalida\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmpD26F.tmp
    c:\users\khalida\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmpD628.tmp
    c:\users\khalida\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmpD634.tmp
    c:\users\khalida\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmpDB.tmp
    c:\users\khalida\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmpEF55.tmp
    c:\users\khalida\AppData\Local\qycyje.dat
    c:\users\khalida\AppData\Local\qycyje_nav.dat
    c:\users\khalida\AppData\Local\qycyje_navps.dat
    c:\users\khalida\AppData\Local\qycyje_navup.dat
    c:\users\khalida\AppData\Roaming\MessengerSkinner
    c:\users\khalida\AppData\Roaming\MessengerSkinner\Userdata\pack1.cab
    c:\users\Zazou\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmpA2A8.tmp
    c:\windows\10291troj659z.dll
    c:\windows\10506notza-vi9us5b.bin
    c:\windows\106est9a5940z.cpl
    c:\windows\1093sp5zse9121.ocx
    c:\windows\10969ha5ztool737.bin
    c:\windows\10zvir559.dll
    c:\windows\11314wormz9f5.bin
    c:\windows\117295ot-a-virus5z8.dll
    c:\windows\118555irus499z.ocx
    c:\windows\12195spy4z9.dll
    c:\windows\12390hac5tool91z.cpl
    c:\windows\124045izu955c.ocx
    c:\windows\12820hac9tzol9f5.ocx
    c:\windows\12z63spambo915e.bin
    c:\windows\1321zvi5us6d39.cpl
    c:\windows\1354vzrus1789.ocx
    c:\windows\138z4not-a-vir5s7b9.cpl
    c:\windows\144fs5ywarz1928.cpl
    c:\windows\14693v9rzs1ba5.dll
    c:\windows\14d0b5ckdo9r2346z.bin
    c:\windows\1517zhacktool4595.exe
    c:\windows\153b5pa9se902z.dll
    c:\windows\15507not-z-virus29f.exe
    c:\windows\159229ot-a-zirus45d.dll
    c:\windows\15940z5ambot24a.bin
    c:\windows\15df9zr2382.cpl
    c:\windows\15e79teal204z5.dll
    c:\windows\15zv9r885.exe
    c:\windows\16120wo5mze9.bin
    c:\windows\1617zd9ware20295.cpl
    c:\windows\164209orm695z.bin
    c:\windows\16707hacztool595.ocx
    c:\windows\16919worm5c3z.exe
    c:\windows\17038not-a-9i5uszd4.bin
    c:\windows\17290zro5dc.cpl
    c:\windows\17491ha9ztool78b5.ocx
    c:\windows\17496not5z-vir9sfd.ocx
    c:\windows\175abackdoorz1379.cpl
    c:\windows\17719pyw5re1132z.bin
    c:\windows\17870wozm4995.ocx
    c:\windows\17994szy6a5.ocx
    c:\windows\18895not-z-5irus9e.ocx
    c:\windows\189155py6cbz.bin
    c:\windows\18985troj949z.cpl
    c:\windows\18ab5ckd9zr855.bin
    c:\windows\18e5spz5are429.bin
    c:\windows\1909spyw5re1z19.ocx
    c:\windows\19356spyz0.ocx
    c:\windows\19565p9mbot5ze.cpl
    c:\windows\19828not-a-virz94ce5.cpl
    c:\windows\1982backdo5r2z98.dll
    c:\windows\19905zorm12.ocx
    c:\windows\19923vzru5960.exe
    c:\windows\19954szy4c9.cpl
    c:\windows\19c15hreat9z02.cpl
    c:\windows\19d8th95f113z.cpl
    c:\windows\19f4thi5f194z.bin
    c:\windows\19z175irus795.cpl
    c:\windows\19z44vir5s28e.exe
    c:\windows\19zat5ief45.cpl
    c:\windows\1b94spywa5e207z.dll
    c:\windows\1cz5vir994.cpl
    c:\windows\1e92bazkdoo514829.dll
    c:\windows\1fffsp95aze1850.ocx
    c:\windows\1z655not-a-vi9us771.exe
    c:\windows\1z689hacktoo5e3.bin
    c:\windows\1z959ir2151.cpl
    c:\windows\20018szy5c59.bin
    c:\windows\2058szy915.ocx
    c:\windows\21088troz59e.cpl
    c:\windows\211z5troj598.dll
    c:\windows\21527sz5mbot47e9.dll
    c:\windows\2195zir2697.cpl
    c:\windows\21aezddwar92519.dll
    c:\windows\22197woz95fc.exe
    c:\windows\22657not-a-vi59s169z.dll
    c:\windows\22f6backdo9r59z3.ocx
    c:\windows\22z0thi5f1920.cpl
    c:\windows\22z29sp5759.exe
    c:\windows\234815ot-a9vzrus6a.dll
    c:\windows\234dba5kdozr2989.exe
    c:\windows\23c7sparsz5219.cpl
    c:\windows\23z2s9y5are2961.cpl
    c:\windows\2460sze5l1992.ocx
    c:\windows\2475zteal9265.cpl
    c:\windows\24z9backdoo5357.dll
    c:\windows\25325wozm1f29.dll
    c:\windows\25498zpy57c9.dll
    c:\windows\25593not-azviru559c.cpl
    c:\windows\255dz5r935.dll
    c:\windows\25693s9y5zc.exe
    c:\windows\25790troj5z.ocx
    c:\windows\2579z9dware4845.exe
    c:\windows\2586ad5warez0209.exe
    c:\windows\25870hazkto5l91f.dll
    c:\windows\265359roj5z15.ocx
    c:\windows\26652zorm6bc9.bin
    c:\windows\268not-a-5iru9z34.exe
    c:\windows\269zsp5ware3227.cpl
    c:\windows\270335irus99z.bin
    c:\windows\28203spam9otz905.ocx
    c:\windows\28596w5rm1z89.bin
    c:\windows\28917notza-vi9us753.ocx
    c:\windows\29015ddwzre2958.dll
    c:\windows\29111viruz1759.ocx
    c:\windows\291zwor95ee.exe
    c:\windows\29251virus1ebz.exe
    c:\windows\292fspzw5re2313.ocx
    c:\windows\29396v5ruz61c.bin
    c:\windows\2991tro557bz.exe
    c:\windows\29951sp5mbzt241.exe
    c:\windows\29z29spy560.cpl
    c:\windows\2ac9th5zf2363.exe
    c:\windows\2az2spyw9r52559.ocx
    c:\windows\2b159hief139z.ocx
    c:\windows\2c1a9tealz885.dll
    c:\windows\2cf5bzckdoor9109.bin
    c:\windows\2db6s9y5arz2175.dll
    c:\windows\2ez9spars51518.ocx
    c:\windows\2f969parse5875z.ocx
    c:\windows\2z638vi5us59f.cpl
    c:\windows\2z929spy57a.dll
    c:\windows\30145hzck59ol183.cpl
    c:\windows\301659acktooz1f.bin
    c:\windows\30885z5oj1c49.ocx
    c:\windows\31728no5-a-viz9se1.exe
    c:\windows\31955troj4cz.dll
    c:\windows\31969zpy355.exe
    c:\windows\31e5a5dwarz2935.cpl
    c:\windows\31z18spam5ot489.dll
    c:\windows\320z2sp95d2.cpl
    c:\windows\32125t9zj5de.exe
    c:\windows\32499z9rusf5.bin
    c:\windows\33c5b5czd9or657.exe
    c:\windows\33ddo9nloadez596.ocx
    c:\windows\33z5vi9u56d9.exe
    c:\windows\3452spa9ze2842.bin
    c:\windows\3523vzr13949.bin
    c:\windows\3543dowzlo9der2107.bin
    c:\windows\356zvi92715.exe
    c:\windows\35bzthrea913276.dll
    c:\windows\35f8steaz9447.bin
    c:\windows\3690za5ktool511.exe
    c:\windows\391875rojbdz.exe
    c:\windows\3969ba9kdooz28195.cpl
    c:\windows\3994worm15az.exe
    c:\windows\3beezhi9f525.cpl
    c:\windows\3dczthi9f5962.ocx
    c:\windows\3z353v5rus994.cpl
    c:\windows\3z7aad9w5re2129.dll
    c:\windows\3z91spyware554.exe
    c:\windows\41a5zh9ef3116.bin
    c:\windows\41z9worm520.ocx
    c:\windows\433fd5wnl9adez593.dll
    c:\windows\4361w9rm6za5.ocx
    c:\windows\4373th9ez516337.ocx
    c:\windows\43795ownloader1978z.cpl
    c:\windows\43f9s9ea510z.cpl
    c:\windows\440bs5yware829z.ocx
    c:\windows\451evzr9755.exe
    c:\windows\45299hreat9z29.ocx
    c:\windows\4557spambot97z.cpl
    c:\windows\45655or97zf.exe
    c:\windows\457zsp5rse1945.exe
    c:\windows\45b9backdooz2893.exe
    c:\windows\4605dzwnloader539.ocx
    c:\windows\46c9dowzloade51189.cpl
    c:\windows\46z2vi9us535.cpl
    c:\windows\46z7vir995.cpl
    c:\windows\486e9o5nloader2541z.bin
    c:\windows\4912zr5j529.dll
    c:\windows\4915virus67az.cpl
    c:\windows\4953spaz5e1168.cpl
    c:\windows\4956spywa9z2261.cpl
    c:\windows\49c9spaz5e718.bin
    c:\windows\49d7addwaze571.exe
    c:\windows\4a5dthrzat13199.ocx
    c:\windows\4az9t59eat38.cpl
    c:\windows\4b7downl95zer1010.ocx
    c:\windows\4cz6do9nloader2534.exe
    c:\windows\4d95z9d5are1255.bin
    c:\windows\4dz9th5ef999.ocx
    c:\windows\4z179ownloader205.ocx
    c:\windows\4z1aad5ware2379.exe
    c:\windows\4z49t9re5t11906.dll
    c:\windows\4ze15i91154.ocx
    c:\windows\50238trojz97.exe
    c:\windows\5043s9arsez445.exe
    c:\windows\50458sp9z00.dll
    c:\windows\5097vir243z.ocx
    c:\windows\5099b5ckd9or1z06.exe
    c:\windows\5099no9-a-zirus59.bin
    c:\windows\50adown5zade91061.ocx
    c:\windows\5131sp92z8.cpl
    c:\windows\513addwar9z6915.ocx
    c:\windows\51539hacktoolzb0.dll
    c:\windows\515v9ruz3ba.dll
    c:\windows\519s9y455z.exe
    c:\windows\5220thr5az14698.exe
    c:\windows\52396no9-a-virzs1aa.exe
    c:\windows\5249zpy4a7.ocx
    c:\windows\53253tz9j591.bin
    c:\windows\53ev5r1z999.ocx
    c:\windows\53f7backd9or227z.ocx
    c:\windows\5499zddw5re999.ocx
    c:\windows\54ebspzrse2492.ocx
    c:\windows\5522thzef659.exe
    c:\windows\552zv9r1825.exe
    c:\windows\5536zo9m781.cpl
    c:\windows\553zd95nloader1818.exe
    c:\windows\5584dzw9loader3129.bin
    c:\windows\55d5tzr9at18211.cpl
    c:\windows\55e4th9eat15335z.cpl
    c:\windows\561baddw9rez068.dll
    c:\windows\5658sp9rsz356.dll
    c:\windows\566asteal9z9.exe
    c:\windows\5705thz9f16185.bin
    c:\windows\57394szy19e.cpl
    c:\windows\574e9zreat15086.bin
    c:\windows\5797zparse30995.exe
    c:\windows\57ddz9nl5ader295.dll
    c:\windows\58ebbackdoorz699.cpl
    c:\windows\5905threat155z.ocx
    c:\windows\5908spz7b6.bin
    c:\windows\593219pamboz3b1.ocx
    c:\windows\5939thizf2739.dll
    c:\windows\593zthr9at25691.ocx
    c:\windows\59581tzoj759.dll
    c:\windows\5960s5yware1960z.bin
    c:\windows\5960szy5aa9.ocx
    c:\windows\59957viruz284.dll
    c:\windows\599adownload5r29z5.dll
    c:\windows\59abspz5se1438.cpl
    c:\windows\59b89irz2755.dll
    c:\windows\59c5zr2639.cpl
    c:\windows\59c9threatz7000.dll
    c:\windows\59d8zhr95t2513.ocx
    c:\windows\59d8zhreat2323.exe
    c:\windows\59dt5reat39z37.bin
    c:\windows\59zdspyw5re1193.ocx
    c:\windows\5a3bb9czdoor52.bin
    c:\windows\5a4d9parse25z1.bin
    c:\windows\5a59b5ckdoor9z37.exe
    c:\windows\5b52spyzare23529.cpl
    c:\windows\5b5z9parse497.cpl
    c:\windows\5b9zsteal589.exe
    c:\windows\5c8adzware2901.cpl
    c:\windows\5cfdv9rz515.exe
    c:\windows\5e89vzr16195.dll
    c:\windows\5e9bstea93156z.exe
    c:\windows\5ec8t5reat92966z.exe
    c:\windows\5ez1spar591319.dll
    c:\windows\5ez69ir5996.cpl
    c:\windows\5f79b9zkdoor2175.ocx
    c:\windows\5f949ir2184z.dll
    c:\windows\5ff9backdo591z85.cpl
    c:\windows\5z0thi9f1212.bin
    c:\windows\5z14spy549.ocx
    c:\windows\5zf29ddware2266.bin
    c:\windows\60195zief2220.dll
    c:\windows\6088th9ef1z085.ocx
    c:\windows\60z2backdo5r15259.ocx
    c:\windows\6163downlzade59132.ocx
    c:\windows\62ecv9r1z305.ocx
    c:\windows\62zbdownloader3945.ocx
    c:\windows\6359thief2908z.ocx
    c:\windows\64359ot-z-virus546.ocx
    c:\windows\6524h9ckzool4fc.dll
    c:\windows\6553sze9l1279.cpl
    c:\windows\6569steal100z.exe
    c:\windows\6655v9rz11.cpl
    c:\windows\66c6dowzloade529509.dll
    c:\windows\6799a5dware210z.bin
    c:\windows\67f0z9ckdoor1975.ocx
    c:\windows\67f9thr5zt25779.ocx
    c:\windows\686zspywar92150.dll
    c:\windows\6915stealz101.dll
    c:\windows\691bspars52579z.ocx
    c:\windows\6952back9oorz245.cpl
    c:\windows\6963sp9war5z785.exe
    c:\windows\696zt5reat9179.dll
    c:\windows\69bsp59se7z6.bin
    c:\windows\69d5threat24338z.exe
    c:\windows\6a965pzrse2969.bin
    c:\windows\6be8ad5wa9e43z.ocx
    c:\windows\6cdzbac5door1999.dll
    c:\windows\6dd1thiefz905.bin
    c:\windows\6z99spamb5t748.cpl
    c:\windows\72bdt5ief1739z.dll
    c:\windows\7343not-a-zir591f0.exe
    c:\windows\73579pzrse1761.exe
    c:\windows\7496downl9adz5407.cpl
    c:\windows\74e9do5nloazer910.exe
    c:\windows\74zcbac5door6959.bin
    c:\windows\74zeback5o9r275.ocx
    c:\windows\755dthreat25z95.dll
    c:\windows\7595zteal1502.exe
    c:\windows\7611thie5289z.ocx
    c:\windows\7755szam9ot2b0.ocx
    c:\windows\7845vi5uz29b9.exe
    c:\windows\7936stzal595.exe
    c:\windows\79f0thr5at6z17.dll
    c:\windows\79z89parse5686.ocx
    c:\windows\7ac3doznloa9er2375.ocx
    c:\windows\7c0baddwaze92695.dll
    c:\windows\7c5fviz489.dll
    c:\windows\7c93t9ze51336.bin
    c:\windows\7f019zreat10957.bin
    c:\windows\7fces9eal5971z.ocx
    c:\windows\812zn5t-a-virus359.exe
    c:\windows\84cste9l1557z.cpl
    c:\windows\8f8bzck95or1651.dll
    c:\windows\8z97spy18d5.dll
    c:\windows\90653sp54z2.bin
    c:\windows\9086threatz3555.dll
    c:\windows\9139zirus685.cpl
    c:\windows\9286v5rz95a4.cpl
    c:\windows\92e5backzoor2051.exe
    c:\windows\9345spy9z.ocx
    c:\windows\935zthreat2652.dll
    c:\windows\93910sp5785z.dll
    c:\windows\94526spambot45z.dll
    c:\windows\9458spyware24z6.ocx
    c:\windows\94bestezl235.dll
    c:\windows\94f85tealz474.ocx
    c:\windows\94f9sparsz4115.ocx
    c:\windows\9521s956za.dll
    c:\windows\95652trojaz.ocx
    c:\windows\95781spam5ot1cz.exe
    c:\windows\Installer\501c2.msi
    c:\windows\system32\drivers\ESQULfqdgomdiuxrgyuetgbkhxcwnnjheegjc.sys
    c:\windows\System32\ESQULtsfslirrefpmxcraqogcghvdkbdaovfs.dll
    c:\windows\system32\ESQULyeqcvclbybustmmdlvrtcldvqwxoyhjk.dll
    c:\windows\system32\ESQULzcounter
    c:\windows\system32\nnypxsiysfz.dll-uninst.exe
    c:\windows\system32\nvs2.inf

    ----- BITS: Possible infected sites -----

    hxxp://91.203.93.6
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_ESQULserv.sys
    -------\Service_ESQULserv.sys
    -------\Service_WiniFighterSvc


    ((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-31 )))))))))))))))))))))))))))))))
    .

    2009-12-27 09:35 . 2009-12-27 09:35 16277 ----a-w- c:\windows\system32\29612worm1fz5.exe
    2009-12-25 06:25 . 2009-12-25 06:25 5596 ----a-w- c:\windows\system32\6892backdooz26975.bin
    2009-12-24 06:13 . 2009-12-24 06:13 16664 ----a-w- c:\windows\system32\58z79troj598.exe
    2009-12-23 09:40 . 2009-12-23 09:40 11205 ----a-w- c:\windows\system32\7d075h9ef2z71.exe
    2009-12-20 13:14 . 2009-12-20 13:14 8317 ----a-w- c:\windows\system32\1074ha95tozl736.bin
    2009-12-17 05:46 . 2009-12-17 05:46 11418 ----a-w- c:\windows\system32\6556spar9e6z1.exe
    2009-12-14 16:17 . 2009-12-14 16:17 13809 ----a-w- c:\windows\system32\551dbazkdo9r4555.bin
    2009-12-11 11:37 . 2009-12-11 11:37 13779 ----a-w- c:\windows\system32\16459spambzt4775.dll
    2009-12-05 08:10 . 2009-12-05 08:10 10270 ----a-w- c:\windows\system32\21z96worm6715.dll
    2009-12-04 07:27 . 2009-12-04 07:27 17211 ----a-w- c:\windows\system32\22015trojz69.dll
    2009-11-23 19:34 . 2009-11-23 19:34 15222 ----a-w- c:\windows\system32\235csp5rse1z93.dll
    2009-11-23 13:16 . 2009-11-23 13:16 17667 ----a-w- c:\windows\system32\79acspywar5z156.dll
    2009-11-21 05:45 . 2009-11-21 05:45 10560 ----a-w- c:\windows\system32\5495stezl10229.bin
    2009-11-21 00:40 . 2009-11-21 00:40 8002 ----a-w- c:\windows\system32\297zvi5711.dll
    2009-11-20 13:39 . 2009-11-20 13:39 15626 ----a-w- c:\windows\system32\935265irus2z7.dll
    2009-11-19 17:10 . 2009-11-19 17:10 18172 ----a-w- c:\windows\system32\98f5bazkdoor1306.dll
    2009-11-14 20:13 . 2009-11-14 20:13 4250 ----a-w- c:\windows\system32\780d9parsz16855.dll
    2009-11-08 06:43 . 2009-11-08 06:43 5314 ----a-w- c:\windows\system32\1111spyw5r92z46.dll
    2009-11-07 10:48 . 2009-11-07 10:48 5915 ----a-w- c:\windows\system32\515ad9warez203.dll
    2009-11-06 11:07 . 2009-11-06 11:07 2524 ----a-w- c:\windows\system32\356219acztool441.exe
    2009-11-05 17:09 . 2009-11-05 17:09 5997 ----a-w- c:\windows\system32\13959v5r9s5z6.exe
    2009-11-04 19:13 . 2009-11-04 19:13 14175 ----a-w- c:\windows\system32\169dzddw5re953.exe
    2009-10-24 22:29 . 2009-10-24 22:29 3664 ----a-w- c:\windows\system32\81fzhie9529.bin
    2009-10-23 06:48 . 2009-10-23 06:48 4131 ----a-w- c:\windows\z1540w9rm589.dll
    2009-10-22 00:02 . 2009-10-22 00:02 13917 ----a-w- c:\windows\system32\90a1t5iefz976.exe
    2009-10-20 21:18 . 2009-10-20 21:18 7333 ----a-w- c:\windows\9z650w5rm749.dll
    2009-10-20 16:22 . 2009-10-20 16:22 10617 ----a-w- c:\windows\system32\5ft95ef3260z.bin
    2009-10-14 09:12 . 2009-10-14 09:12 17725 ----a-w- c:\windows\system32\15949spyz0.bin
    2009-10-12 19:46 . 2009-10-12 19:46 8418 ----a-w- c:\windows\z5e19hreat22214.exe
    2009-10-12 05:14 . 2009-10-12 05:14 16248 ----a-w- c:\windows\system32\31179h9ckzool3e75.bin
    2009-09-28 15:20 . 2009-09-28 15:20 15930 ----a-w- c:\windows\system32\600fspyw95e14z9.exe
    2009-09-25 21:03 . 2009-09-25 21:03 13936 ----a-w- c:\windows\95f6spyware2566z.dll
    2009-09-25 10:14 . 2009-09-25 10:14 7739 ----a-w- c:\windows\system32\25c7vzr94765.bin
    2009-09-24 14:29 . 2009-09-24 14:29 4574 ----a-w- c:\windows\system32\55e9spy9ar51z0.bin
    2009-09-21 00:13 . 2009-09-21 00:13 15293 ----a-w- c:\windows\system32\55419pambot7fz.bin
    2009-09-16 20:09 . 2009-09-16 20:09 3074 ----a-w- c:\windows\system32\999vizus254.bin
    2009-09-07 03:16 . 2009-09-07 03:16 13793 ----a-w- c:\windows\z195addware564.bin
    2009-09-05 04:27 . 2009-09-05 04:27 15163 ----a-w- c:\windows\b59spyzare2879.dll
    2009-08-26 23:53 . 2009-08-26 23:53 2745 ----a-w- c:\windows\9f7athr5zt23290.bin
    2009-08-24 04:44 . 2009-08-24 04:44 17782 ----a-w- c:\windows\system32\5e2caddz9re8.dll
    2009-08-15 00:25 . 2009-08-15 00:25 9753 ----a-w- c:\windows\system32\113259acktool51z.bin
    2009-08-04 06:03 . 2009-08-04 06:03 7275 ----a-w- c:\windows\zc35d5wnloader24139.exe
    2009-08-01 23:27 . 2009-08-01 23:27 11285 ----a-w- c:\windows\system32\30529virus12z.bin
    2009-07-31 16:44 . 2009-07-31 16:54 -------- d-----w- c:\users\khalida\AppData\Local\temp
    2009-07-31 16:44 . 2009-07-31 16:44 -------- d-----w- c:\users\Zazou\AppData\Local\temp
    2009-07-31 16:44 . 2009-07-31 16:44 -------- d-----w- c:\users\jawed\AppData\Local\temp
    2009-07-31 15:03 . 2009-07-31 15:03 -------- d-----w- c:\program files\trend micro
    2009-07-31 15:03 . 2009-07-31 15:04 -------- d-----w- C:\rsit
    2009-07-29 17:55 . 2008-12-04 19:11 43520 ----a-w- c:\windows\system32\drivers\fetnd6v.sys
    2009-07-29 17:50 . 2009-07-29 17:51 -------- d---a-w- c:\program files\SystemRequirementsLab
    2009-07-29 17:50 . 2009-07-29 17:50 -------- d---a-w- c:\users\khalida\AppData\Roaming\SystemRequirementsLab
    2009-07-29 17:50 . 2009-07-29 17:50 207872 ----a-w- c:\users\khalida\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4.dll
    2009-07-29 17:50 . 2009-07-29 17:50 207872 ----a-w- c:\users\khalida\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_3.dll
    2009-07-29 17:50 . 2009-07-29 17:50 207872 ----a-w- c:\users\khalida\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_2.dll
    2009-07-29 17:50 . 2009-07-29 17:50 207872 ----a-w- c:\users\khalida\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_1.dll
    2009-07-29 17:47 . 2009-07-29 17:48 -------- d---a-w- c:\program files\ma-config.com
    2009-07-29 17:47 . 2009-07-29 17:47 -------- d---a-w- c:\progra~2\ma-config.com
    2009-07-29 12:25 . 2009-07-29 12:25 11267 ----a-w- c:\windows\system32\z649pambot6c5.dll
    2009-07-27 20:16 . 2009-07-27 20:16 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
    2009-07-27 13:23 . 2009-07-27 13:23 94643 ----a-w- c:\windows\system32\drivers\klick.dat
    2009-07-27 13:23 . 2009-07-27 13:23 105395 ----a-w- c:\windows\system32\drivers\klin.dat
    2009-07-27 13:21 . 2009-07-27 14:58 -------- d---a-w- c:\progra~2\Kaspersky Lab
    2009-07-27 13:21 . 2009-07-27 13:21 -------- d---a-w- c:\program files\Kaspersky Lab
    2009-07-27 12:52 . 2009-07-27 12:52 -------- d---a-w- c:\progra~2\Kaspersky Lab Setup Files
    2009-07-25 19:32 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2009-07-25 19:32 . 2009-04-03 09:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2009-07-25 19:32 . 2008-12-18 10:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2009-07-25 19:32 . 2009-07-25 19:34 -------- d---a-w- c:\program files\Common Files\PC Tools
    2009-07-25 19:32 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2009-07-25 19:32 . 2009-07-26 12:09 -------- d---a-w- c:\program files\Spyware Doctor
    2009-07-25 19:32 . 2009-07-25 19:32 -------- d---a-w- c:\users\khalida\AppData\Roaming\PC Tools
    2009-07-25 19:32 . 2009-07-25 19:32 -------- d---a-w- c:\progra~2\PC Tools
    2009-07-24 13:24 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2009-07-24 13:24 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-07-24 13:24 . 2009-07-24 13:24 -------- d---a-w- c:\progra~2\Avira
    2009-07-24 08:31 . 2009-07-24 08:31 12109 ----a-w- c:\windows\z2742vir5s2e69.dll
    2009-07-24 08:16 . 2009-07-24 08:16 -------- d-----w- c:\users\khalida\AppData\Roaming\Nero
    2009-07-23 21:54 . 2009-07-23 21:54 5656 ----a-w- c:\windows\system32\377zad5ware390.exe
    2009-07-22 23:25 . 2009-07-22 23:25 -------- d---a-w- c:\program files\FreeTime
    2009-07-18 16:09 . 2009-07-18 16:09 -------- d-----w- c:\users\jawed\AppData\Local\Broad Intelligence
    2009-07-18 15:03 . 2009-07-18 16:09 -------- d---a-w- c:\users\jawed\AppData\Roaming\Broad Intelligence
    2009-07-18 15:02 . 2009-07-18 15:02 -------- d---a-w- c:\users\jawed\AppData\Roaming\Red Kawa
    2009-07-18 11:24 . 2009-07-18 11:24 -------- d---a-w- c:\users\khalida\AppData\Roaming\Red Kawa
    2009-07-18 10:44 . 2009-07-18 10:44 -------- d---a-w- c:\users\Zazou\AppData\Roaming\Red Kawa
    2009-07-17 17:40 . 2009-07-17 17:40 -------- d-----w- c:\users\Zazou\AppData\Roaming\Broad Intelligence
    2009-07-16 17:29 . 2009-07-16 17:29 -------- d---a-w- c:\users\jawed\AppData\Roaming\Regensoft
    2009-07-15 07:26 . 2009-06-15 15:29 156160 ----a-w- c:\windows\system32\t2embed.dll
    2009-07-15 07:26 . 2009-06-15 15:22 72704 ----a-w- c:\windows\system32\fontsub.dll
    2009-07-15 07:26 . 2009-06-15 15:23 24064 ----a-w- c:\windows\system32\lpk.dll
    2009-07-15 07:26 . 2009-06-15 15:21 10240 ----a-w- c:\windows\system32\dciman32.dll
    2009-07-15 07:26 . 2009-06-15 15:20 34304 ----a-w- c:\windows\system32\atmlib.dll
    2009-07-15 07:26 . 2009-06-15 13:03 289792 ----a-w- c:\windows\system32\atmfd.dll
    2009-07-14 11:15 . 2009-07-27 21:55 -------- d---a-w- c:\users\khalida\AppData\Roaming\dvdcss
    2009-07-14 09:50 . 2009-07-14 11:51 -------- d---a-w- c:\users\khalida\AppData\Roaming\vlc
    2009-07-13 13:20 . 2009-07-13 13:20 15240 ----a-w- c:\users\Zazou\AppData\Roaming\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll
    2009-07-12 09:56 . 2009-07-12 09:56 -------- d---a-w- c:\users\Zazou\AppData\Local\Mozilla
    2009-07-12 03:05 . 2009-07-12 03:05 6267 ----a-w- c:\windows\system32\12954woz93.dll
    2009-07-05 18:23 . 2009-07-05 18:23 10866 ----a-w- c:\windows\system32\z908tro9535.exe
    2009-07-05 15:07 . 2009-07-17 09:07 -------- d---a-w- c:\users\Zazou\AppData\Roaming\MessengerDiscovery 2
    2009-07-04 09:41 . 2009-07-23 20:55 -------- d---a-w- c:\users\khalida\AppData\Roaming\MessengerDiscovery 2
    2009-07-03 12:05 . 2009-07-03 12:05 8241 ----a-w- c:\windows\system32\5212zroj594.bin
    2009-07-02 11:55 . 2009-07-02 11:55 9223 ----a-w- c:\windows\system32\73bd59dware78z.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-07-29 17:58 . 2006-01-02 05:30 715414 ----a-w- c:\windows\system32\perfh00C.dat
    2009-07-29 17:58 . 2006-01-02 05:30 127310 ----a-w- c:\windows\system32\perfc00C.dat
    2009-07-29 13:45 . 2008-04-11 18:06 1356 ----a-w- c:\users\khalida\AppData\Local\d3d9caps.dat
    2009-07-27 14:30 . 2008-11-13 12:25 -------- d---a-w- c:\program files\Common Files\DVDVideoSoft
    2009-07-27 14:30 . 2008-11-13 12:25 -------- d---a-w- c:\program files\DVDVideoSoft
    2009-07-27 13:15 . 2006-01-01 20:49 -------- d-----w- c:\program files\Symantec
    2009-07-27 13:11 . 2006-01-01 20:50 -------- d-----w- c:\program files\Norton Internet Security
    2009-07-27 13:10 . 2006-01-01 20:49 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2009-07-27 13:08 . 2006-01-01 20:49 -------- d-----w- c:\progra~2\Symantec
    2009-07-24 13:45 . 2008-07-05 16:50 -------- d-----w- c:\program files\Avira
    2009-07-24 09:06 . 2009-06-30 18:52 -------- d---a-w- c:\program files\MessengerDiscovery 2
    2009-07-24 08:21 . 2009-04-04 14:13 -------- d-----w- c:\program files\Image-Line
    2009-07-23 21:06 . 2009-07-01 14:48 -------- d-----w- c:\program files\DNA
    2009-07-23 19:58 . 2009-07-01 14:48 -------- d-----w- c:\users\jawed\AppData\Roaming\DNA
    2009-07-23 19:35 . 2008-07-06 15:45 -------- d-----w- c:\program files\Java
    2009-07-22 23:43 . 2009-03-08 11:47 -------- d-----w- c:\users\jawed\AppData\Roaming\avidemux
    2009-07-22 23:40 . 2009-03-08 11:47 -------- d-----w- c:\program files\Avidemux 2.4
    2009-07-22 22:19 . 2009-06-11 10:35 -------- d---a-w- c:\program files\StuffPlug3
    2009-07-22 22:17 . 2009-06-30 18:58 -------- d---a-w- c:\users\jawed\AppData\Roaming\MessengerDiscovery 2
    2009-07-21 21:49 . 2009-05-24 15:47 -------- d-----w- c:\users\jawed\AppData\Roaming\LimeWire
    2009-07-21 15:05 . 2009-06-29 11:39 -------- d---a-w- c:\users\jawed\AppData\Roaming\dvdcss
    2009-07-20 10:05 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2009-07-20 00:12 . 2008-12-29 09:14 -------- d-----w- c:\users\jawed\AppData\Roaming\Skype
    2009-07-19 22:13 . 2009-06-28 11:18 -------- d-----w- c:\users\jawed\AppData\Roaming\skypePM
    2009-07-19 11:45 . 2009-03-08 15:27 -------- d---a-w- c:\program files\CamStudio
    2009-07-15 11:28 . 2008-11-11 16:07 -------- d---a-w- c:\program files\AviSynth 2.5
    2009-07-13 10:13 . 2008-01-24 19:48 -------- d-----w- c:\program files\Messenger Plus! Live
    2009-07-06 15:54 . 2009-03-18 14:25 -------- d---a-w- c:\users\Zazou\AppData\Roaming\LimeWire
    2009-07-05 08:49 . 2008-07-06 15:59 -------- d-----w- c:\users\khalida\AppData\Roaming\LimeWire
    2009-07-01 05:46 . 2009-07-01 05:46 7561 ----a-w- c:\windows\system32\6795viz299.bin
    2009-06-28 11:18 . 2009-06-28 11:18 56 ---ha-w- c:\windows\system32\ezsidmv.dat
    2009-06-28 11:14 . 2009-06-28 11:14 -------- d-----r- c:\program files\Skype
    2009-06-28 11:14 . 2009-06-28 11:13 -------- d-----w- c:\progra~2\Skype
    2009-06-28 11:14 . 2009-06-28 11:14 -------- d-----w- c:\program files\Common Files\Skype
    2009-06-27 19:34 . 2009-06-27 15:26 -------- d---a-w- c:\program files\SupraASCIIArt
    2009-06-25 17:04 . 2009-06-25 17:04 10132 ----a-w- c:\windows\system32\15130spy6e9z.dll
    2009-06-23 21:10 . 2009-06-23 21:10 3828 ----a-w- c:\windows\system32\685zsparse1695.bin
    2009-06-21 15:50 . 2009-06-18 09:52 -------- d---a-w- c:\users\jawed\AppData\Roaming\Nero
    2009-06-21 10:05 . 2009-06-21 10:01 -------- d---a-w- c:\program files\Cheat Engine
    2009-06-20 12:48 . 2009-06-20 12:48 -------- d---a-w- c:\program files\L0phtCrack 6
    2009-06-18 18:13 . 2009-04-11 17:52 -------- d---a-w- c:\users\jawed\AppData\Roaming\Hamachi
    2009-06-18 17:50 . 2009-06-18 17:45 29696 ----a-w- c:\windows\mickey32.dll
    2009-06-18 17:50 . 2009-06-18 17:45 232784 ----a-w- c:\windows\Matrix Code.scr
    2009-06-18 17:50 . 2009-06-18 17:45 2285222 ----a-w- c:\windows\Matrix Code.exe
    2009-06-18 05:59 . 2009-06-18 05:13 -------- d---a-w- c:\program files\Common Files\Nero
    2009-06-18 05:39 . 2009-06-18 05:14 -------- d---a-w- c:\program files\Nero
    2009-06-18 05:38 . 2009-04-22 14:41 -------- d---a-w- c:\users\jawed\AppData\Roaming\codeblocks
    2009-06-18 05:28 . 2009-06-18 05:13 -------- d---a-w- c:\progra~2\Nero
    2009-06-17 17:39 . 2006-01-01 20:42 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-06-17 17:16 . 2009-06-17 17:16 -------- d---a-w- c:\program files\Common Files\Pegasus Imaging
    2009-06-16 20:40 . 2009-06-16 20:40 10386 ----a-w- c:\windows\system32\3950viz305.dll
    2009-06-16 16:37 . 2009-05-28 11:02 -------- d-----w- c:\users\jawed\AppData\Roaming\vlc
    2009-06-15 10:46 . 2008-07-15 12:36 -------- d-----w- c:\program files\DivX
    2009-06-15 10:45 . 2009-06-15 10:44 -------- d---a-w- c:\program files\Common Files\DivX Shared
    2009-06-15 04:37 . 2009-06-15 04:37 9529 ----a-w- c:\windows\system32\5046downlo9der2z70.exe
    2009-06-14 16:24 . 2009-06-14 16:24 -------- d---a-w- c:\program files\MultiProxy
    2009-06-13 21:55 . 2009-06-13 21:55 11685 ----a-w- c:\windows\system32\10c5bazkd9or2847.bin
    2009-06-11 12:29 . 2009-06-11 12:29 9756 ----a-w- c:\windows\system32\69549tezl956.exe
    2009-06-11 06:09 . 2009-06-11 06:09 16756 ----a-w- c:\windows\system32\11482spambo54cz9.bin
    2009-06-10 02:29 . 2009-06-10 02:29 10487 ----a-w- c:\windows\9dfzt5ief3092.exe
    2009-06-09 21:39 . 2009-06-09 21:39 9689 ----a-w- c:\windows\system32\15779zac5t9ol7d0.dll
    2009-06-09 11:06 . 2009-06-07 15:58 -------- d---a-w- c:\program files\Beast
    2009-06-07 23:20 . 2009-06-07 23:20 9592 ----a-w- c:\windows\z051sp5598.bin
    2009-06-05 13:20 . 2009-06-05 13:20 8867 ----a-w- c:\windows\zb65spyware689.exe
    2009-06-03 19:11 . 2009-06-03 19:11 12862 ----a-r- c:\users\jawed\AppData\Roaming\Microsoft\Installer\{0E2B767B-EA6A-489B-BF83-8083FE1DB661}\_1EEFFF72773535163E4216.exe
    2009-06-03 19:11 . 2009-06-03 19:10 -------- d---a-w- c:\program files\Pcsx2
    2009-06-02 16:20 . 2008-12-21 17:00 -------- d-----w- c:\program files\Google
    2009-05-31 15:02 . 2009-05-30 18:27 222864 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
    2009-05-31 15:02 . 2007-08-19 17:25 8224 ----a-w- c:\users\khalida\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-05-31 09:41 . 2008-12-22 17:40 222864 ----a-w- c:\users\Zazou\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-05-30 18:27 . 2008-12-21 16:47 8224 ----a-w- c:\users\jawed\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-05-25 03:21 . 2009-05-25 03:21 219664 ----a-w- c:\windows\system32\klogon.dll
    2009-05-25 03:18 . 2009-05-25 03:18 27507 ----a-w- c:\windows\system32\drivers\klopp.dat
    2009-05-24 13:30 . 2009-05-24 13:30 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
    2009-05-22 20:22 . 2009-05-22 20:22 446976 ----a-w- c:\windows\system32\ShellMPD.dll
    2009-05-21 09:33 . 2008-12-21 17:14 410984 ----a-w- c:\windows\system32\deploytk.dll
    2009-05-20 10:52 . 2009-05-20 10:53 27 ----a-w- c:\windows\Moin120Mo.vbs
    2009-05-17 17:14 . 2009-05-17 17:14 3328 ----a-w- c:\windows\system32\5420sp9m5otza.bin
    2009-05-16 18:59 . 2009-05-16 18:59 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
    2009-05-15 16:50 . 2009-05-15 16:50 21008 ----a-w- c:\windows\system32\drivers\klim6.sys
    2009-05-10 02:18 . 2009-05-10 02:18 11659 ----a-w- c:\windows\9653not-a9vi5us78ez.exe
    2009-05-08 13:42 . 2009-05-08 13:42 5363 ----a-w- c:\windows\system32\449d9h5eat3z597.bin
    2009-05-07 07:43 . 2009-05-07 07:43 3786 ----a-w- c:\windows\system32\1c3bdo9nload5r68z.exe
    2009-05-02 23:11 . 2009-05-02 23:11 14322 ----a-w- c:\windows\system32\2635sparze2199.bin
    2009-07-22 17:39 . 2009-02-01 18:22 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
    2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CAMP SHIM EXIT HECK"="c:\programdata\up drv bore.k8fmqyt" [X]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-25 1232896]
    "SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2006-10-23 1092152]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
    "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-25 1006264]
    "HostManager"="c:\program files\Common Files\AOL\1136148254\ee\AOLSoftware.exe" [2006-11-14 50736]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-20 228088]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-08-11 249856]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
    "SystrayORAHSS"="c:\program files\OrangeHSS\Systray\SystrayApp.exe" [2007-09-25 94208]
    "ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-09-25 102400]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-12 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-12 8497696]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-12 81920]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "tsnp2std"="c:\windows\tsnp2std.exe" [2007-05-10 270336]
    "snp2std"="c:\windows\vsnp2std.exe" [2007-09-28 344064]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
    "avp"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-05-25 303376]
    "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-09 3784704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "SoftwareHelper"="c:\users\jawed\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe" [2008-12-09 368224]

    c:\users\khalida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Outil de notification Live Search.lnk - c:\users\khalida\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-7-10 152616]

    c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
    Contr“leur de calendrier Ulead.lnk - c:\program files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2008-10-27 69632]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
    OFFICE One Startup v7.lnk - c:\program files\OFFICE One v7\OFFICE One Startup v7\oostartupv7.exe [2006-1-1 713728]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{10B6C2D4-A469-4509-AD25-4CB8FD522E56}"= UDP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Autoconnect
    "{506D562E-D479-4456-9292-4B0B4C44ECAE}"= TCP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Autoconnect
    "{3402E81F-36F6-4FEE-B0F2-19DE68C825E3}"= UDP:c:\program files\Common Files\aol\acs\AOLacsd.exe:module de connexion AOL
    "{10ED7B7E-3090-42B9-A8EA-9DC0FE366441}"= TCP:c:\program files\Common Files\aol\acs\AOLacsd.exe:module de connexion AOL
    "{9DBFDF74-DD6D-4AAA-B16F-BF042986C0B6}"= UDP:c:\program files\AOL 9.0 VR\waol.exe:AOL
    "{7FD2355E-68FF-4A4F-AEB1-9D042925BC40}"= TCP:c:\program files\AOL 9.0 VR\waol.exe:AOL
    "{9DD6CE0D-CF70-4342-8CA3-10A9382E8098}"= UDP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
    "{C9F68B1E-64C5-46FC-8B73-F67E68A48BB4}"= TCP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
    "{655FB7C5-31C3-436F-87C6-F3670EB42B89}"= UDP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
    "{B8393477-4A14-4306-9216-5DBB0CFFA428}"= TCP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
    "{02305D9D-85BA-449F-985D-50C0DDA60521}"= UDP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
    "{80BED819-853A-4C46-B1E4-C0A28417949A}"= TCP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
    "{4892CD96-2676-433F-831B-BCF59DB26C05}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{7169E952-42F4-417A-AB7A-1FA695EACA1F}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
    "{D54A58A5-7001-480D-9326-7E84BFE0B8B2}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
    "{DC1EEF48-2FCB-4B9C-99C7-057931A1AB09}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
    "{1038CE5A-7E72-4264-B4CA-3C9561AFA37F}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
    "{6280F056-73B4-4FBC-969E-12BAEEB297D8}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{70413727-2598-4641-911C-FA5BDDCAE6AD}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{803284F8-BD3D-4503-A56B-CADF10984ED1}"= UDP:c:\program files\DNA\btdna.exe:D NA (TCP-In)
    "{DA888A24-78F6-41E9-ADBD-90451D9A99A3}"= TCP:c:\program files\DNA\btdna.exe:D NA (UDP-In)
    "{49243953-AF0D-43B6-8A92-671927787784}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{5E9AE0DD-7583-4A34-822D-BD370819FEC2}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
    "{CC1D5C9C-4C94-46A3-966D-B2BA1C6AD958}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
    "{1D98D78D-1086-43D0-A576-A893EAB1B74C}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
    "{B92C64A3-494D-4F55-8B84-7A1B93CED20D}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

    R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [15/12/2008 20:41 33808]
    R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [25/07/2009 21:32 130936]
    R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20080508.002\IDSvix86.sys [09/05/2008 06:55 261680]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [15/05/2009 18:50 21008]
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [24/07/2009 15:24 108289]
    R2 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [24/01/2008 17:51 43816]
    R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\System32\drivers\fetnd6v.sys [29/07/2009 19:55 43520]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\System32\drivers\klmouflt.sys [16/05/2009 20:59 19472]
    S2 CameraServer;CameraServer;c:\flycam\CameraServer.exe --> c:\flycam\CameraServer.exe [?]
    S2 FLYCAM;FlyCam, WDM Video Capture;c:\windows\System32\drivers\flycam.sys [27/01/2006 04:33 705408]
    S2 fsssvc;Windows Live OneCare Contrôle parental;c:\program files\Windows Live\Contrôle parental\fsssvc.exe [17/12/2007 12:13 523816]
    S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [24/01/2008 17:23 28224]
    S3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [03/10/2008 15:14 37936]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - COMHOST
    *Deregistered* - mchInjDrv
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{75ED6216-05EA-367A-7EF5-624E804A5301} - c:\windows\system32\gnduugtqrjix.dll
    BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
    Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
    WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
    HKLM-Run-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
    HKLM-Run-osCheck - c:\program files\Norton Internet Security\osCheck.exe
    HKLM-Run-fssui - c:\program files\Windows Live\Family Safety\fsui.exe
    HKLM-Run-Symantec PIF AlertEng - c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    HKLM-Run-pivazlxzrsnat - c:\windows\system32\gnduugtqrjix.dll


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.plusnetwork.com
    mStart Page = hxxp://www.google.com
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Voir les cookies - c:\windows\web\showcookies.htm
    LSP: c:\windows\system32\wpclsp.dll
    Trusted Zone: orange.fr\www
    FF - ProfilePath - c:\users\khalida\AppData\Roaming\Mozilla\Firefox\Profiles\4619tljs.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.plusnetwork.com
    FF - prefs.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=
    FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: browser.search.defaultenginename - Yoog Search
    FF - user.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
    FF - user.js: browser.search.selectedEngine - Yoog Search
    FF - user.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=
    FF - user.js: keyword.enabled - true
    .
    .
    ------- File Associations -------
    .
    inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-07-31 18:56
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(5200)
    c:\program files\Spyware Doctor\pctgmhk.dll
    c:\windows\system32\authui.dll
    c:\program files\OrangeHSS\Launcher\Inactivity.Dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\System32\audiodg.exe
    c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\aol\acs\AOLacsd.exe
    c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
    c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    c:\program files\Spyware Doctor\pctsSvc.exe
    c:\windows\System32\rundll32.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\windows\System32\WUDFHost.exe
    c:\windows\ehome\ehmsas.exe
    c:\users\khalida\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
    c:\windows\System32\rundll32.exe
    c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    c:\windows\System32\conime.exe
    c:\windows\System32\wbem\unsecapp.exe
    c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
    c:\program files\OrangeHSS\Launcher\Launcher.exe
    c:\progra~1\COMMON~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe
    c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe
    c:\program files\OrangeHSS\Deskboard\Deskboard.exe
    c:\program files\OrangeHSS\Connectivity\corecom\CoreCom.exe
    c:\program files\OrangeHSS\Connectivity\corecom\OraConfigRecover.exe
    c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\1\FTCOMModule.exe
    c:\program files\Mozilla Firefox\firefox.exe
    .
    **************************************************************************
    .
    Completion time: 2009-07-31 19:37 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-07-31 17:37

    Pre-Run: 117 902 229 504 octets libres
    Post-Run: 120 494 714 880 octets libres

    Current=1 Default=1 Failed=0 LastKnownGood=8 Sets=1,3,4,5,6,7,8
    816 --- E O F --- 2009-07-29 18:05
    a c 296 8 Sécurité
    a b 9 Windows
    31 Juillet 2009 19:56:31

    En effet :D 

  • Refais un scan RSIT (en choisissant 3 months cette fois) et poste le rapport log.
    31 Juillet 2009 20:07:43

    ^^ RSIT le rapport log de3 mois plus tard :

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by khalida at 2009-07-31 20:04:37
    Microsoft® Windows Vista™ Édition Familiale Premium
    System drive C: has 115 GB (50%) free of 230 GB
    Total RAM: 1022 MB (40% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:05:08, on 31/07/2009
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16851)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Dwm.exe
    C:\Users\jawed\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\Common Files\aol\1136148254\ee\aolsoftware.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Windows\tsnp2std.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\Windows\system32\svchost.exe
    C:\Users\khalida\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Users\khalida\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
    C:\Program Files\OrangeHSS\Launcher\Launcher.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe
    C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
    C:\Program Files\OrangeHSS\systray\systrayapp.exe
    C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
    C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
    C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\1\FTCOMModule.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\Explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\khalida\Desktop\RSIT.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\trend micro\khalida.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plusnetwork.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
    O2 - BHO: VirtualCamera IEMenu Class - {0246A1A7-820A-469A-85A7-7B7F01EB808C} - C:\Program Files\VirtualCamera\VirtualCameraMenu.dll (file missing)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
    O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
    O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
    O2 - BHO: EoBHO - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (file missing)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136148254\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe
    O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\RunOnce: [SoftwareHelper] C:\Users\jawed\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe -runonce
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    O4 - HKCU\..\Run: [CAMP SHIM EXIT HECK] "C:\ProgramData\up drv bore.k8fmqyt"
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - Startup: Outil de notification Live Search.lnk = C:\Users\khalida\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
    O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: OFFICE One Startup v7.lnk = ?
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: Voir les cookies - C:\Windows\web\showcookies.htm
    O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O13 - Gopher Prefix:
    O15 - Trusted Zone: http://www.orange.fr
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    O23 - Service: CameraServer - Unknown owner - C:\FlyCam\CameraServer.exe (file missing)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: COM Host (comHost) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Unknown owner - C:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (file missing)
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
    O23 - Service: Symantec AppCore Service (SymAppCore) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (file missing)
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.32\bin\mysqld.exe

    --
    End of file - 14818 bytes

    ======Scheduled tasks folder======

    C:\Windows\tasks\Extension de garantie.job
    C:\Windows\tasks\Norton Security Scan.job
    C:\Windows\tasks\NSSstub.job
    C:\Windows\tasks\Recovery DVD Creator.job
    C:\Windows\tasks\User_Feed_Synchronization-{3B04291C-74BF-4CD2-A0FF-5135F350E890}.job
    C:\Windows\tasks\User_Feed_Synchronization-{E3AAEEFA-0C41-428C-82DE-EFE16196CFF2}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0246A1A7-820A-469A-85A7-7B7F01EB808C}]
    VirtualCamera IEMenu Class - C:\Program Files\VirtualCamera\VirtualCameraMenu.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
    Windows Live OneCare Family Safety Browser Helper Class - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll [2007-12-17 56360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
    IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll [2009-05-25 68112]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2009-02-06 73072]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
    Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-02 259696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-24 669168]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
    IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2008-06-23 110592]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}]
    EoBHO Class - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
    Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-06-02 470512]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
    FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll [2009-05-25 264720]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll []
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-02 259696]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-25 1006264]
    "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-11-09 3784704]
    "HostManager"=C:\Program Files\Common Files\AOL\1136148254\ee\AOLSoftware.exe [2006-11-14 50736]
    "RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2006-11-20 228088]
    "ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2005-08-11 249856]
    "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
    "SystrayORAHSS"=C:\Program Files\OrangeHSS\Systray\SystrayApp.exe [2007-09-25 94208]
    "ORAHSSSessionManager"=C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe [2007-09-25 102400]
    "NvSvc"=C:\Windows\system32\nvsvc.dll [2007-09-12 86016]
    "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-09-12 8497696]
    "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-09-12 81920]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
    "tsnp2std"=C:\Windows\tsnp2std.exe [2007-05-10 270336]
    "snp2std"=C:\Windows\vsnp2std.exe [2007-09-28 344064]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]
    "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
    "ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-12-08 1173384]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SoftwareHelper"=C:\Users\jawed\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe [2008-12-09 368224]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-25 1232896]
    "SmpcSys"=C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe [2006-10-23 1092152]
    "CAMP SHIM EXIT HECK"=C:\ProgramData\up drv bore.k8fmqyt []
    "ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11 249856]
    "msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
    "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    Contrôleur de calendrier Ulead.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
    OFFICE One Startup v7.lnk - C:\Program Files\OFFICE One v7\OFFICE One Startup v7\oostartupv7.exe

    C:\Users\khalida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    Outil de notification Live Search.lnk - C:\Users\khalida\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    C:\Windows\system32\klogon.dll [2009-05-25 219664]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "EnableLUA"=0
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    ======File associations======

    .bat - edit - %SystemRoot%\System32\NOTEPAD.EXE %1"
    .ini - open - %SystemRoot%\System32\NOTEPAD.EXE %1"
    .scr - config -

    ======List of files/folders created in the last 3 months======

    2009-12-27 11:35:58 ----A---- C:\Windows\system32\29612worm1fz5.exe
    2009-12-24 08:13:00 ----A---- C:\Windows\system32\58z79troj598.exe
    2009-12-23 11:40:55 ----A---- C:\Windows\system32\7d075h9ef2z71.exe
    2009-12-17 07:46:35 ----A---- C:\Windows\system32\6556spar9e6z1.exe
    2009-12-11 13:37:48 ----A---- C:\Windows\system32\16459spambzt4775.dll
    2009-12-05 10:10:30 ----A---- C:\Windows\system32\21z96worm6715.dll
    2009-12-04 09:27:15 ----A---- C:\Windows\system32\22015trojz69.dll
    2009-11-23 21:34:53 ----A---- C:\Windows\system32\235csp5rse1z93.dll
    2009-11-23 15:16:37 ----A---- C:\Windows\system32\79acspywar5z156.dll
    2009-11-21 02:40:46 ----A---- C:\Windows\system32\297zvi5711.dll
    2009-11-20 15:39:41 ----A---- C:\Windows\system32\935265irus2z7.dll
    2009-11-19 19:10:20 ----A---- C:\Windows\system32\98f5bazkdoor1306.dll
    2009-11-14 22:13:43 ----A---- C:\Windows\system32\780d9parsz16855.dll
    2009-11-08 08:43:02 ----A---- C:\Windows\system32\1111spyw5r92z46.dll
    2009-11-07 12:48:55 ----A---- C:\Windows\system32\515ad9warez203.dll
    2009-11-06 13:07:59 ----A---- C:\Windows\system32\356219acztool441.exe
    2009-11-05 19:09:46 ----A---- C:\Windows\system32\13959v5r9s5z6.exe
    2009-11-04 21:13:09 ----A---- C:\Windows\system32\169dzddw5re953.exe
    2009-10-23 08:48:21 ----A---- C:\Windows\z1540w9rm589.dll
    2009-10-22 02:02:48 ----A---- C:\Windows\system32\90a1t5iefz976.exe
    2009-10-20 23:18:11 ----A---- C:\Windows\9z650w5rm749.dll
    2009-10-12 21:46:06 ----A---- C:\Windows\z5e19hreat22214.exe
    2009-09-28 17:20:33 ----A---- C:\Windows\system32\600fspyw95e14z9.exe
    2009-09-25 23:03:09 ----A---- C:\Windows\95f6spyware2566z.dll
    2009-09-05 06:27:34 ----A---- C:\Windows\b59spyzare2879.dll
    2009-08-24 06:44:03 ----A---- C:\Windows\system32\5e2caddz9re8.dll
    2009-08-04 08:03:57 ----A---- C:\Windows\zc35d5wnloader24139.exe
    2009-07-31 19:38:02 ----A---- C:\ComboFix.txt
    2009-07-31 19:35:09 ----ASHD---- C:\$RECYCLE.BIN
    2009-07-31 17:54:02 ----SD---- C:\IDN
    2009-07-31 17:49:02 ----A---- C:\Windows\NIRCMD.exe
    2009-07-31 17:49:01 ----A---- C:\Windows\zip.exe
    2009-07-31 17:49:01 ----A---- C:\Windows\SWXCACLS.exe
    2009-07-31 17:49:01 ----A---- C:\Windows\SWSC.exe
    2009-07-31 17:49:01 ----A---- C:\Windows\SWREG.exe
    2009-07-31 17:49:01 ----A---- C:\Windows\sed.exe
    2009-07-31 17:49:01 ----A---- C:\Windows\PEV.exe
    2009-07-31 17:49:01 ----A---- C:\Windows\grep.exe
    2009-07-31 17:48:47 ----D---- C:\Windows\ERDNT
    2009-07-31 17:46:46 ----D---- C:\Qoobox
    2009-07-31 17:03:11 ----D---- C:\Program Files\trend micro
    2009-07-31 17:03:09 ----D---- C:\rsit
    2009-07-29 19:50:51 ----AD---- C:\Program Files\SystemRequirementsLab
    2009-07-29 19:50:39 ----AD---- C:\Users\khalida\AppData\Roaming\SystemRequirementsLab
    2009-07-29 19:47:42 ----AD---- C:\ProgramData\ma-config.com
    2009-07-29 19:47:42 ----AD---- C:\Program Files\ma-config.com
    2009-07-29 14:26:57 ----A---- C:\Windows\system32\7a4zdownl5ader2297.dll
    2009-07-29 14:26:56 ----A---- C:\Windows\system32\21964tr5j7z.dll
    2009-07-29 14:26:25 ----A---- C:\Windows\system32\z26vir953c4.exe
    2009-07-29 14:26:25 ----A---- C:\Windows\system32\1z147s592bc.dll
    2009-07-29 14:26:23 ----A---- C:\Windows\system32\ae4addza5e2359.exe
    2009-07-29 14:26:18 ----A---- C:\Windows\z328th5eat24892.dll
    2009-07-29 14:26:17 ----A---- C:\Windows\system32\15188virzs5a9.dll
    2009-07-29 14:26:17 ----A---- C:\Windows\system32\12149wormz57.exe
    2009-07-29 14:26:16 ----A---- C:\Windows\z7981v5ru9145.exe
    2009-07-29 14:26:15 ----A---- C:\Windows\system32\39ebsteal95z1.exe
    2009-07-29 14:26:14 ----A---- C:\Windows\system32\2c2fsp9r5e80z.dll
    2009-07-29 14:26:12 ----A---- C:\Windows\system32\598z9py653.dll
    2009-07-29 14:26:11 ----A---- C:\Windows\system32\48cz5hreat8981.dll
    2009-07-29 14:26:10 ----A---- C:\Windows\system32\597zsp56c9.dll
    2009-07-29 14:26:09 ----A---- C:\Windows\system32\669959czdoor1596.exe
    2009-07-29 14:26:08 ----A---- C:\Windows\system32\19227spambzt6359.exe
    2009-07-29 14:26:05 ----A---- C:\Windows\system32\492sp5warez690.dll
    2009-07-29 14:26:04 ----A---- C:\Windows\system32\73z49pam5ot239.dll
    2009-07-29 14:26:03 ----A---- C:\Windows\system32\7efeb5c9doorz878.exe
    2009-07-29 14:26:00 ----A---- C:\Windows\z93789orm556.dll
    2009-07-29 14:26:00 ----A---- C:\Windows\system32\z712s5ambot291.exe
    2009-07-29 14:25:59 ----A---- C:\Windows\system32\z649pambot6c5.dll
    2009-07-27 15:21:55 ----AD---- C:\ProgramData\Kaspersky Lab
    2009-07-27 15:21:55 ----AD---- C:\Program Files\Kaspersky Lab
    2009-07-27 14:52:33 ----AD---- C:\ProgramData\Kaspersky Lab Setup Files
    2009-07-25 21:32:17 ----AD---- C:\Program Files\Common Files\PC Tools
    2009-07-25 21:32:09 ----AD---- C:\Users\khalida\AppData\Roaming\PC Tools
    2009-07-25 21:32:09 ----AD---- C:\ProgramData\PC Tools
    2009-07-25 21:32:09 ----AD---- C:\Program Files\Spyware Doctor
    2009-07-24 15:24:28 ----AD---- C:\ProgramData\Avira
    2009-07-24 10:31:16 ----A---- C:\Windows\z2742vir5s2e69.dll
    2009-07-24 10:16:10 ----D---- C:\Users\khalida\AppData\Roaming\Nero
    2009-07-23 23:54:04 ----A---- C:\Windows\system32\377zad5ware390.exe
    2009-07-23 21:36:13 ----A---- C:\Windows\system32\javaws.exe
    2009-07-23 21:36:13 ----A---- C:\Windows\system32\javaw.exe
    2009-07-23 21:36:11 ----A---- C:\Windows\system32\java.exe
    2009-07-23 01:26:37 ----A---- C:\Windows\system32\pncrt.dll
    2009-07-23 01:25:23 ----AD---- C:\Program Files\FreeTime
    2009-07-18 17:07:12 ----A---- C:\Windows\system32\NCTVideoFile.dll
    2009-07-18 17:07:12 ----A---- C:\Windows\system32\NCTVideoCompress.dll
    2009-07-18 17:07:12 ----A---- C:\Windows\system32\NCTQuickTimeFile.dll
    2009-07-18 17:07:12 ----A---- C:\Windows\system32\mcdvd_32.dll
    2009-07-18 17:07:11 ----A---- C:\Windows\system32\NCTWMVFile.dll
    2009-07-18 17:07:11 ----A---- C:\Windows\system32\NCTVideoCoreU.dll
    2009-07-18 17:07:11 ----A---- C:\Windows\system32\NCTVideoCoreM.dll
    2009-07-18 17:07:11 ----A---- C:\Windows\system32\NCTRMFile.dll
    2009-07-18 17:07:11 ----A---- C:\Windows\system32\NCTAVIFile.dll
    2009-07-18 17:07:11 ----A---- C:\Windows\system32\NCTAudioFile2.dll
    2009-07-18 17:07:10 ----A---- C:\Windows\system32\NCTAudioCompress3.dll
    2009-07-18 17:07:10 ----A---- C:\Windows\system32\NCTAudioCompress2.dll
    2009-07-18 17:07:10 ----A---- C:\Windows\system32\lame_enc.dll
    2009-07-18 13:24:36 ----AD---- C:\Users\khalida\AppData\Roaming\Red Kawa
    2009-07-15 09:26:06 ----A---- C:\Windows\system32\t2embed.dll
    2009-07-15 09:26:06 ----A---- C:\Windows\system32\fontsub.dll
    2009-07-15 09:26:05 ----A---- C:\Windows\system32\lpk.dll
    2009-07-15 09:26:05 ----A---- C:\Windows\system32\dciman32.dll
    2009-07-15 09:26:05 ----A---- C:\Windows\system32\atmlib.dll
    2009-07-15 09:26:05 ----A---- C:\Windows\system32\atmfd.dll
    2009-07-14 13:15:24 ----AD---- C:\Users\khalida\AppData\Roaming\dvdcss
    2009-07-14 11:50:43 ----AD---- C:\Users\khalida\AppData\Roaming\vlc
    2009-07-12 05:05:45 ----A---- C:\Windows\system32\12954woz93.dll
    2009-07-05 20:23:51 ----A---- C:\Windows\system32\z908tro9535.exe
    2009-07-04 11:41:59 ----AD---- C:\Users\khalida\AppData\Roaming\MessengerDiscovery 2
    2009-07-02 13:55:09 ----A---- C:\Windows\system32\73bd59dware78z.exe
    2009-07-01 16:48:47 ----D---- C:\Program Files\DNA
    2009-06-30 20:52:04 ----AD---- C:\Program Files\MessengerDiscovery 2
    2009-06-28 13:14:37 ----D---- C:\Program Files\Common Files\Skype
    2009-06-28 13:14:34 ----RD---- C:\Program Files\Skype
    2009-06-28 13:13:59 ----D---- C:\ProgramData\Skype
    2009-06-27 17:26:59 ----AD---- C:\Program Files\SupraASCIIArt
    2009-06-25 19:04:25 ----A---- C:\Windows\system32\15130spy6e9z.dll
    2009-06-21 12:01:15 ----A---- C:\Windows\system32\d3dx9.dll
    2009-06-21 12:01:15 ----A---- C:\Windows\system32\D3DX81ab.dll
    2009-06-21 12:01:14 ----AD---- C:\Program Files\Cheat Engine
    2009-06-20 14:48:12 ----AD---- C:\Program Files\L0phtCrack 6
    2009-06-18 19:45:24 ----A---- C:\Windows\mickey32.dll
    2009-06-18 19:45:24 ----A---- C:\Windows\Matrix Code.exe
    2009-06-18 11:55:46 ----A---- C:\Windows\NeroDigital.ini
    2009-06-18 07:40:17 ----A---- C:\Windows\Irremote.ini
    2009-06-18 07:14:37 ----AD---- C:\Program Files\Nero
    2009-06-18 07:13:46 ----AD---- C:\ProgramData\Nero
    2009-06-18 07:13:42 ----AD---- C:\Program Files\Common Files\Nero
    2009-06-18 07:13:07 ----A---- C:\Windows\system32\d3dx9_30.dll
    2009-06-17 19:16:09 ----AD---- C:\Program Files\Common Files\Pegasus Imaging
    2009-06-16 22:40:47 ----A---- C:\Windows\system32\3950viz305.dll
    2009-06-15 12:44:25 ----AD---- C:\Program Files\Common Files\DivX Shared
    2009-06-15 06:37:13 ----A---- C:\Windows\system32\5046downlo9der2z70.exe
    2009-06-14 18:24:44 ----AD---- C:\Program Files\MultiProxy
    2009-06-13 19:03:50 ----A---- C:\Windows\system32\EncDec.dll
    2009-06-13 19:03:48 ----A---- C:\Windows\system32\psisdecd.dll
    2009-06-13 19:03:44 ----A---- C:\Windows\system32\mcmde.dll
    2009-06-12 18:15:24 ----A---- C:\Windows\system32\localspl.dll
    2009-06-12 18:15:00 ----A---- C:\Windows\system32\mshtml.dll
    2009-06-12 18:14:59 ----A---- C:\Windows\system32\mstime.dll
    2009-06-12 18:14:57 ----A---- C:\Windows\system32\ieframe.dll
    2009-06-12 18:14:55 ----A---- C:\Windows\system32\urlmon.dll
    2009-06-12 18:14:53 ----A---- C:\Windows\system32\iedkcs32.dll
    2009-06-12 18:14:52 ----A---- C:\Windows\system32\wininet.dll
    2009-06-12 18:14:51 ----A---- C:\Windows\system32\iertutil.dll
    2009-06-12 18:14:51 ----A---- C:\Windows\system32\dxtmsft.dll
    2009-06-12 18:14:49 ----A---- C:\Windows\system32\occache.dll
    2009-06-12 18:14:49 ----A---- C:\Windows\system32\msfeeds.dll
    2009-06-12 18:14:48 ----A---- C:\Windows\system32\mshtmled.dll
    2009-06-12 18:14:48 ----A---- C:\Windows\system32\ieaksie.dll
    2009-06-12 18:14:47 ----A---- C:\Windows\system32\ieencode.dll
    2009-06-12 18:14:47 ----A---- C:\Windows\system32\icardie.dll
    2009-06-12 18:14:47 ----A---- C:\Windows\system32\dxtrans.dll
    2009-06-12 18:14:45 ----A---- C:\Windows\system32\jsproxy.dll
    2009-06-12 18:14:45 ----A---- C:\Windows\system32\advpack.dll
    2009-06-12 18:14:45 ----A---- C:\Windows\system32\admparse.dll
    2009-06-12 18:14:44 ----A---- C:\Windows\system32\ieui.dll
    2009-06-12 18:14:43 ----A---- C:\Windows\system32\iesetup.dll
    2009-06-12 18:14:43 ----A---- C:\Windows\system32\iernonce.dll
    2009-06-12 18:14:43 ----A---- C:\Windows\system32\ie4uinit.exe
    2009-06-12 18:14:42 ----A---- C:\Windows\system32\pngfilt.dll
    2009-06-12 18:14:42 ----A---- C:\Windows\system32\ieUnatt.exe
    2009-06-12 18:14:41 ----A---- C:\Windows\system32\mshtmler.dll
    2009-06-12 18:14:41 ----A---- C:\Windows\system32\ieakui.dll
    2009-06-12 18:14:40 ----A---- C:\Windows\system32\ieapfltr.dll
    2009-06-12 18:14:01 ----A---- C:\Windows\system32\rpcrt4.dll
    2009-06-11 14:29:46 ----A---- C:\Windows\system32\69549tezl956.exe
    2009-06-11 12:35:07 ----AD---- C:\Program Files\StuffPlug3
    2009-06-10 04:29:36 ----A---- C:\Windows\9dfzt5ief3092.exe
    2009-06-09 23:39:43 ----A---- C:\Windows\system32\15779zac5t9ol7d0.dll
    2009-06-07 18:51:23 ----A---- C:\Windows\WORDPAD.INI
    2009-06-07 17:58:47 ----AD---- C:\Program Files\Beast
    2009-06-05 15:20:37 ----A---- C:\Windows\zb65spyware689.exe
    2009-06-03 21:10:47 ----AD---- C:\Program Files\Pcsx2
    2009-05-31 19:21:26 ----AD---- C:\Program Files\No-IP
    2009-05-30 21:35:24 ----AD---- C:\Program Files\Microsoft Synchronization Services
    2009-05-28 12:59:01 ----D---- C:\Program Files\VideoLAN
    2009-05-27 18:06:43 ----AD---- C:\Program Files\Beyond Compare 3
    2009-05-25 05:21:48 ----A---- C:\Windows\system32\klogon.dll
    2009-05-24 17:11:22 ----D---- C:\Program Files\SQLyog Community
    2009-05-24 16:23:19 ----A---- C:\Windows\system32\libmysql_d.dll
    2009-05-24 16:23:15 ----D---- C:\Program Files\PremiumSoft
    2009-05-24 14:24:29 ----A---- C:\Windows\ODBCINST.INI
    2009-05-24 14:24:28 ----D---- C:\Program Files\MySQL
    2009-05-23 13:58:25 ----AD---- C:\Program Files\Notepad++
    2009-05-22 22:22:17 ----A---- C:\Windows\system32\ShellMPD.dll
    2009-05-22 22:21:32 ----AD---- C:\ProgramData\RockEnFolie le Player
    2009-05-21 14:34:44 ----AD---- C:\Windows\Sun
    2009-05-20 12:53:19 ----A---- C:\Windows\Moin120Mo.vbs
    2009-05-16 21:34:18 ----AD---- C:\Program Files\Easy GIF Animator
    2009-05-16 20:48:35 ----AD---- C:\Windows\system32\IOSUBSYS
    2009-05-13 20:50:25 ----D---- C:\Program Files\Common Files\Macrovision Shared
    2009-05-13 20:50:24 ----D---- C:\flexlm
    2009-05-13 20:42:43 ----AD---- C:\Program Files\Common Files\Alias Shared
    2009-05-13 20:42:43 ----AD---- C:\Program Files\Autodesk
    2009-05-13 20:34:54 ----A---- C:\Windows\system32\d3dx9_36.dll
    2009-05-13 20:31:12 ----AD---- C:\ProgramData\Autodesk
    2009-05-13 20:31:12 ----AD---- C:\Program Files\Common Files\Autodesk Shared
    2009-05-12 18:31:25 ----D---- C:\Program Files\Cinéma 4D
    2009-05-10 04:18:02 ----A---- C:\Windows\9653not-a9vi5us78ez.exe
    2009-05-07 09:43:21 ----A---- C:\Windows\system32\1c3bdo9nload5r68z.exe
    2009-05-02 20:17:21 ----D---- C:\Program Files\ExtracteurIcones31
    2009-05-02 19:37:07 ----D---- C:\Program Files\Inno Setup 5
    2009-05-02 16:20:11 ----A---- C:\Windows\ntbtlog.txt
    2009-05-01 23:02:28 ----A---- C:\Windows\system32\dpl100.dll
    2009-05-01 23:02:26 ----A---- C:\Windows\system32\divx_xx16.dll
    2009-05-01 23:02:26 ----A---- C:\Windows\system32\divx_xx11.dll
    2009-05-01 23:02:26 ----A---- C:\Windows\system32\divx_xx0c.dll
    2009-05-01 23:02:26 ----A---- C:\Windows\system32\divx_xx0a.dll
    2009-05-01 23:02:26 ----A---- C:\Windows\system32\divx_xx07.dll
    2009-05-01 23:02:26 ----A---- C:\Windows\system32\DivX.dll

    ======List of files/folders modified in the last 3 months======

    2009-07-31 20:05:07 ----D---- C:\Windows\Temp
    2009-07-31 20:04:54 ----D---- C:\Windows\Prefetch
    2009-07-31 19:38:20 ----D---- C:\Windows\system32\fr-FR
    2009-07-31 19:38:20 ----D---- C:\Windows\System32
    2009-07-31 19:38:19 ----D---- C:\Windows\system32\drivers
    2009-07-31 19:35:49 ----AD---- C:\Program Files\Mozilla Firefox
    2009-07-31 19:05:37 ----AD---- C:\ProgramData\TEMP
    2009-07-31 18:55:52 ----D---- C:\Windows
    2009-07-31 18:55:52 ----A---- C:\Windows\system.ini
    2009-07-31 18:46:17 ----SHD---- C:\boot
    2009-07-31 18:46:17 ----D---- C:\Windows\system32\config
    2009-07-31 18:43:04 ----D---- C:\Program Files
    2009-07-31 18:42:58 ----SHD---- C:\Windows\Installer
    2009-07-31 18:30:34 ----D---- C:\Windows\AppPatch
    2009-07-31 18:30:32 ----D---- C:\Program Files\Common Files
    2009-07-30 23:32:16 ----D---- C:\Windows\Minidump
    2009-07-29 20:52:04 ----D---- C:\Windows\system32\catroot2
    2009-07-29 20:03:04 ----SHD---- C:\System Volume Information
    2009-07-29 19:58:02 ----D---- C:\Windows\inf
    2009-07-29 19:58:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2009-07-29 19:56:10 ----D---- C:\Windows\system32\catroot
    2009-07-29 19:47:42 ----D---- C:\ProgramData
    2009-07-27 16:30:46 ----AD---- C:\Program Files\Common Files\DVDVideoSoft
    2009-07-27 16:30:28 ----AD---- C:\Program Files\DVDVideoSoft
    2009-07-27 15:15:25 ----D---- C:\Program Files\Symantec
    2009-07-27 15:11:09 ----D---- C:\Program Files\Norton Internet Security
    2009-07-27 15:10:17 ----D---- C:\Program Files\Common Files\Symantec Shared
    2009-07-27 15:08:35 ----D---- C:\ProgramData\Symantec
    2009-07-27 15:08:17 ----D---- C:\Windows\Tasks
    2009-07-27 13:31:29 ----D---- C:\Windows\system32\Macromed
    2009-07-24 15:45:41 ----D---- C:\Program Files\Avira
    2009-07-24 15:10:19 ----D---- C:\Windows\system32\Tasks
    2009-07-24 12:51:54 ----AD---- C:\Windows\system32\Adobe
    2009-07-24 11:18:54 ----HD---- C:\Windows\system32\GroupPolicyUsers
    2009-07-24 10:21:26 ----D---- C:\Program Files\Image-Line
    2009-07-23 21:35:42 ----D---- C:\Program Files\Java
    2009-07-23 01:50:25 ----A---- C:\Windows\win.ini
    2009-07-23 01:40:54 ----D---- C:\Program Files\Avidemux 2.4
    2009-07-20 12:18:25 ----D---- C:\Windows\winsxs
    2009-07-20 12:05:18 ----D---- C:\Program Files\Windows Mail
    2009-07-19 13:45:24 ----AD---- C:\Program Files\CamStudio
    2009-07-15 13:28:22 ----AD---- C:\Program Files\AviSynth 2.5
    2009-07-13 12:13:16 ----D---- C:\Program Files\Messenger Plus! Live
    2009-07-07 17:10:56 ----A---- C:\Windows\system32\mrt.exe
    2009-07-05 10:49:06 ----D---- C:\Users\khalida\AppData\Roaming\LimeWire
    2009-06-27 15:36:10 ----D---- C:\Windows\system32\WDI
    2009-06-17 19:39:34 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-06-17 19:16:31 ----D---- C:\Windows\Help
    2009-06-17 19:08:43 ----D---- C:\Windows\Downloaded Installations
    2009-06-17 18:19:54 ----D---- C:\TEMP
    2009-06-17 18:19:42 ----D---- C:\Program Files\Movie Maker
    2009-06-15 12:46:49 ----D---- C:\Program Files\DivX
    2009-06-14 13:07:39 ----D---- C:\Windows\Microsoft.NET
    2009-06-14 13:05:55 ----RSD---- C:\Windows\assembly
    2009-06-14 11:31:29 ----D---- C:\Windows\ehome
    2009-06-14 11:31:20 ----D---- C:\Program Files\Internet Explorer
    2009-06-14 11:31:19 ----D---- C:\Windows\system32\migration
    2009-06-12 18:49:15 ----SD---- C:\Windows\Downloaded Program Files
    2009-06-02 18:20:21 ----D---- C:\Program Files\Google
    2009-06-02 17:40:12 ----D---- C:\ProgramData\Google
    2009-06-01 10:15:50 ----A---- C:\Windows\ODBC.INI
    2009-05-30 21:35:40 ----D---- C:\ProgramData\Microsoft
    2009-05-30 21:35:39 ----AD---- C:\Program Files\Microsoft Visual Studio 9.0
    2009-05-30 21:35:23 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
    2009-05-30 21:34:17 ----AD---- C:\ProgramData\Microsoft Help
    2009-05-30 21:29:01 ----D---- C:\Program Files\Common Files\microsoft shared
    2009-05-30 20:00:13 ----RSD---- C:\Windows\Fonts
    2009-05-21 11:33:57 ----A---- C:\Windows\system32\deploytk.dll
    2009-05-18 16:59:46 ----AD---- C:\Users\khalida\AppData\Roaming\EoRezo
    2009-05-16 20:43:51 ----A---- C:\Windows\ulead32.ini
    2009-05-13 12:44:21 ----D---- C:\Program Files\Gpotato.eu
    2009-05-09 21:48:24 ----D---- C:\Program Files\Teamspeak2_RC22
    2009-05-08 11:57:55 ----D---- C:\wamp

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
    R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
    R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080508.002\IDSvix86.sys [2008-02-13 261680]
    R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2009-05-24 128016]
    R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2009-07-27 280592]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2009-05-15 21008]
    R1 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-12-01 279088]
    R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-12-01 43696]
    R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
    R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2008-10-03 187952]
    R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
    R2 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2007-10-17 43816]
    R3 catchme;catchme; \??\C:\Users\khalida\AppData\Local\Temp\catchme.sys []
    R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\fetnd6v.sys [2008-12-04 43520]
    R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-04-11 25280]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-11-08 1647976]
    R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2009-05-16 19472]
    R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080509.004\NAVENG.SYS [2008-04-17 82256]
    R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080509.004\NAVEX15.SYS [2008-04-17 895408]
    R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-09-12 7623968]
    R3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys [2006-11-28 27072]
    R3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\Windows\system32\DRIVERS\snp2sxp.sys [2007-09-05 12212864]
    R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-01-06 124464]
    R3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2006-11-01 33588]
    R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
    S2 FLYCAM;FlyCam, WDM Video Capture; C:\Windows\system32\DRIVERS\flycam.sys [2006-01-12 705408]
    S2 VirtualCam;VirtualCamera; C:\Windows\system32\DRIVERS\VirtualCam.sys [2007-02-21 192512]
    S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder PSP Edition\SysInfo.sys []
    S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2009-05-29 14336]
    S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
    S3 dump_wmimmc;dump_wmimmc; \??\C:\Program Files\Gpotato.eu\Street Gears\GameGuard\dump_wmimmc.sys []
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
    S3 FETNDIS;Service de pilote de carte VIA famille Rhine 10/100Mo Fast Ethernet; C:\Windows\system32\DRIVERS\fetnd5.sys [2006-11-02 45568]
    S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\Windows\system32\DRIVERS\ManyCam.sys []
    S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
    S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
    S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
    S3 NPPTNT2;NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [2005-01-04 4682]
    S3 PCAMp50;PCAMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCAMp50.sys [2006-11-28 28224]
    S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
    S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-12-01 317616]
    S3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2008-10-03 12848]
    S3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2008-10-03 146096]
    S3 SYMIDS;SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [2008-10-03 39984]
    S3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2008-10-03 37936]
    S3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2008-10-03 27696]
    S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
    S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-03-14 607576]
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
    R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-05-11 185089]
    R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
    R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-05-25 303376]
    R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe [2007-09-25 65536]
    R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-12-05 935208]
    R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-20 166648]
    R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560]
    R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
    R3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-20 887544]
    S2 CameraServer;CameraServer; C:\FlyCam\CameraServer.exe []
    S2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
    S2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
    S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
    S2 fsssvc;Windows Live OneCare Contrôle parental; C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe [2007-12-17 523816]
    S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
    S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe /m C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll []
    S2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
    S2 SQLWriter;Enregistreur VSS SQL Server; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
    S2 SymAppCore;Symantec AppCore Service; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe []
    S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe []
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-05-13 651720]
    S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-02 182768]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
    S3 ISPwdSvc;Validation de mot de passe Symantec IS; C:\Program Files\Norton Internet Security\isPwdSvc.exe []
    S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-05-29 234864]
    S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2009-03-19 2739229]
    S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
    S3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe []
    S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2006-11-02 22016]
    S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe [2008-12-10 24636]
    S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.1.32\bin\mysqld.exe [2009-02-15 6558336]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

    -----------------EOF-----------------
    a c 296 8 Sécurité
    a b 9 Windows
    31 Juillet 2009 20:08:59

    Citation :
    2009-05-10 04:18:02 ----A---- C:\Windows\9653not-a9vi5us78ez.exe
    2009-05-07 09:43:21 ----A---- C:\Windows\system32\1c3bdo9nload5r68z.exe

    --> L'infection était déjà là en mai. Pourquoi avoir attendu tout ce temps ?
    31 Juillet 2009 20:17:44

    Car je ne savait meme pas que j'etait infecter en mai ! :o 

    C'est juste que depuis le 23/07/09 J'ai eu beaucoup de bug.
    Et que je me suis dit ... Pourquoi pas demander de l'aide ici .
    a c 296 8 Sécurité
    a b 9 Windows
    31 Juillet 2009 20:20:09

    Je te réponds plus tard.

    Déjà, tu peux naviguer plus facilement.
    31 Juillet 2009 20:21:40

    D'accord, ouii c'est beaucoup mieu deja comme sa.

    A plus tard,

    Cordialement,

    Nothanks.
    a c 296 8 Sécurité
    a b 9 Windows
    31 Juillet 2009 21:55:34

    /!\ Seul nothanks peut suivre cette procédure /!\

    Désactive toute protection résidente (Antivirus...) !

    ---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :

    KillAll::

    File::
    C:\Windows\system32\29612worm1fz5.exe
    C:\Windows\system32\58z79troj598.exe
    C:\Windows\system32\7d075h9ef2z71.exe
    C:\Windows\system32\6556spar9e6z1.exe
    C:\Windows\system32\16459spambzt4775.dll
    C:\Windows\system32\21z96worm6715.dll
    C:\Windows\system32\22015trojz69.dll
    C:\Windows\system32\235csp5rse1z93.dll
    C:\Windows\system32\79acspywar5z156.dll
    C:\Windows\system32\297zvi5711.dll
    C:\Windows\system32\935265irus2z7.dll
    C:\Windows\system32\98f5bazkdoor1306.dll
    C:\Windows\system32\780d9parsz16855.dll
    C:\Windows\system32\1111spyw5r92z46.dll
    C:\Windows\system32\515ad9warez203.dll
    C:\Windows\system32\356219acztool441.exe
    C:\Windows\system32\13959v5r9s5z6.exe
    C:\Windows\system32\169dzddw5re953.exe
    C:\Windows\z1540w9rm589.dll
    C:\Windows\system32\90a1t5iefz976.exe
    C:\Windows\9z650w5rm749.dll
    C:\Windows\z5e19hreat22214.exe
    C:\Windows\system32\600fspyw95e14z9.exe
    C:\Windows\95f6spyware2566z.dll
    C:\Windows\b59spyzare2879.dll
    C:\Windows\system32\5e2caddz9re8.dll
    C:\Windows\zc35d5wnloader24139.exe
    C:\Windows\system32\7a4zdownl5ader2297.dll
    C:\Windows\system32\21964tr5j7z.dll
    C:\Windows\system32\z26vir953c4.exe
    C:\Windows\system32\1z147s592bc.dll
    C:\Windows\system32\ae4addza5e2359.exe
    C:\Windows\z328th5eat24892.dll
    C:\Windows\system32\15188virzs5a9.dll
    C:\Windows\system32\12149wormz57.exe
    C:\Windows\z7981v5ru9145.exe
    C:\Windows\system32\39ebsteal95z1.exe
    C:\Windows\system32\2c2fsp9r5e80z.dll
    C:\Windows\system32\598z9py653.dll
    C:\Windows\system32\48cz5hreat8981.dll
    C:\Windows\system32\597zsp56c9.dll
    C:\Windows\system32\669959czdoor1596.exe
    C:\Windows\system32\19227spambzt6359.exe
    C:\Windows\system32\492sp5warez690.dll
    C:\Windows\system32\73z49pam5ot239.dll
    C:\Windows\system32\7efeb5c9doorz878.exe
    C:\Windows\z93789orm556.dll
    C:\Windows\system32\z712s5ambot291.exe
    C:\Windows\system32\z649pambot6c5.dll
    C:\Windows\z2742vir5s2e69.dll
    C:\Windows\system32\377zad5ware390.exe
    C:\Windows\system32\12954woz93.dll
    C:\Windows\system32\z908tro9535.exe
    C:\Windows\system32\73bd59dware78z.exe
    C:\Windows\system32\15130spy6e9z.dll
    C:\Windows\Matrix Code.exe
    C:\Windows\system32\3950viz305.dll
    C:\Windows\system32\5046downlo9der2z70.exe
    C:\Windows\system32\69549tezl956.exe
    C:\Windows\9dfzt5ief3092.exe
    C:\Windows\system32\15779zac5t9ol7d0.dll
    C:\Windows\zb65spyware689.exe
    C:\Windows\9653not-a9vi5us78ez.exe
    C:\Windows\system32\1c3bdo9nload5r68z.exe

    Folder::
    C:\Users\khalida\AppData\Roaming\EoRezo
    C:\Program Files\EoRezo
    C:\Users\jawed\AppData\Roaming\EoRezo

    Registry::
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SoftwareHelper"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "CAMP SHIM EXIT HECK"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=-

    ---> Ouvre le Bloc-notes : Démarrer > Tous les programmes > Accessoires > Bloc-notes

    - Colle (CTRL+V) le texte dans le Bloc-notes.
    - Enregistre ce fichier dans : Bureau
    - Nom du fichier : CFScript
    - Type du fichier : tous les fichiers !!
    - Clique sur Enregistrer.
    - Quitte le Bloc-notes.

    ---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



  • Cela va relancer Combofix : au message qui apparaît, accepte.
  • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
  • Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.
  • Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt

    ;) 
    1 Août 2009 12:09:37

    Voila le log :

    ComboFix 09-07-29.04 - khalida 01/08/2009 1:58.2.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.1022.177 [GMT 2:00]
    Running from: c:\users\khalida\Desktop\ComboFix.exe
    Command switches used :: c:\users\khalida\Desktop\CFScript.txt

    FILE ::
    "c:\windows\95f6spyware2566z.dll"
    "c:\windows\9653not-a9vi5us78ez.exe"
    "c:\windows\9dfzt5ief3092.exe"
    "c:\windows\9z650w5rm749.dll"
    "c:\windows\b59spyzare2879.dll"
    "c:\windows\Matrix Code.exe"
    "c:\windows\system32\1111spyw5r92z46.dll"
    "c:\windows\system32\12149wormz57.exe"
    "c:\windows\system32\12954woz93.dll"
    "c:\windows\system32\13959v5r9s5z6.exe"
    "c:\windows\system32\15130spy6e9z.dll"
    "c:\windows\system32\15188virzs5a9.dll"
    "c:\windows\system32\15779zac5t9ol7d0.dll"
    "c:\windows\system32\16459spambzt4775.dll"
    "c:\windows\system32\169dzddw5re953.exe"
    "c:\windows\system32\19227spambzt6359.exe"
    "c:\windows\system32\1c3bdo9nload5r68z.exe"
    "c:\windows\system32\1z147s592bc.dll"
    "c:\windows\system32\21964tr5j7z.dll"
    "c:\windows\system32\21z96worm6715.dll"
    "c:\windows\system32\22015trojz69.dll"
    "c:\windows\system32\235csp5rse1z93.dll"
    "c:\windows\system32\29612worm1fz5.exe"
    "c:\windows\system32\297zvi5711.dll"
    "c:\windows\system32\2c2fsp9r5e80z.dll"
    "c:\windows\system32\356219acztool441.exe"
    "c:\windows\system32\377zad5ware390.exe"
    "c:\windows\system32\3950viz305.dll"
    "c:\windows\system32\39ebsteal95z1.exe"
    "c:\windows\system32\48cz5hreat8981.dll"
    "c:\windows\system32\492sp5warez690.dll"
    "c:\windows\system32\5046downlo9der2z70.exe"
    "c:\windows\system32\515ad9warez203.dll"
    "c:\windows\system32\58z79troj598.exe"
    "c:\windows\system32\597zsp56c9.dll"
    "c:\windows\system32\598z9py653.dll"
    "c:\windows\system32\5e2caddz9re8.dll"
    "c:\windows\system32\600fspyw95e14z9.exe"
    "c:\windows\system32\6556spar9e6z1.exe"
    "c:\windows\system32\669959czdoor1596.exe"
    "c:\windows\system32\69549tezl956.exe"
    "c:\windows\system32\73bd59dware78z.exe"
    "c:\windows\system32\73z49pam5ot239.dll"
    "c:\windows\system32\780d9parsz16855.dll"
    "c:\windows\system32\79acspywar5z156.dll"
    "c:\windows\system32\7a4zdownl5ader2297.dll"
    "c:\windows\system32\7d075h9ef2z71.exe"
    "c:\windows\system32\7efeb5c9doorz878.exe"
    "c:\windows\system32\90a1t5iefz976.exe"
    "c:\windows\system32\935265irus2z7.dll"
    "c:\windows\system32\98f5bazkdoor1306.dll"
    "c:\windows\system32\ae4addza5e2359.exe"
    "c:\windows\system32\z26vir953c4.exe"
    "c:\windows\system32\z649pambot6c5.dll"
    "c:\windows\system32\z712s5ambot291.exe"
    "c:\windows\system32\z908tro9535.exe"
    "c:\windows\z1540w9rm589.dll"
    "c:\windows\z2742vir5s2e69.dll"
    "c:\windows\z328th5eat24892.dll"
    "c:\windows\z5e19hreat22214.exe"
    "c:\windows\z7981v5ru9145.exe"
    "c:\windows\z93789orm556.dll"
    "c:\windows\zb65spyware689.exe"
    "c:\windows\zc35d5wnloader24139.exe"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\jawed\AppData\Roaming\EoRezo
    c:\users\jawed\AppData\Roaming\EoRezo\cache
    c:\users\jawed\AppData\Roaming\EoRezo\cmhost.cyp
    c:\users\jawed\AppData\Roaming\EoRezo\ConfMedia.cyp
    c:\users\jawed\AppData\Roaming\EoRezo\eoDesktop\config.xml
    c:\users\jawed\AppData\Roaming\EoRezo\eoDesktop\eoDesktop.html
    c:\users\jawed\AppData\Roaming\EoRezo\eoDesktop\userConfig.xml
    c:\users\jawed\AppData\Roaming\EoRezo\eoStats\eoStats.txt
    c:\users\jawed\AppData\Roaming\EoRezo\host.cyp
    c:\users\jawed\AppData\Roaming\EoRezo\SoftwareUpdate\help_config.cyp
    c:\users\jawed\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdate.exe
    c:\users\jawed\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
    c:\users\jawed\AppData\Roaming\EoRezo\SoftwareUpdate\unins000.dat
    c:\users\jawed\AppData\Roaming\EoRezo\SoftwareUpdate\unins000.exe
    c:\users\jawed\AppData\Roaming\EoRezo\SoftwareUpdate\user_config.cyp
    c:\users\jawed\AppData\Roaming\EoRezo\SoftwareUpdate\user_profil.cyp
    c:\users\jawed\AppData\Roaming\EoRezo\user.cyp
    c:\users\khalida\AppData\Roaming\EoRezo
    c:\users\khalida\AppData\Roaming\EoRezo\cmhost.cyp
    c:\users\khalida\AppData\Roaming\EoRezo\ConfMedia.cyp
    c:\users\khalida\AppData\Roaming\EoRezo\eoDesktop\config.xml
    c:\users\khalida\AppData\Roaming\EoRezo\eoDesktop\eoDesktop.html
    c:\users\khalida\AppData\Roaming\EoRezo\eoDesktop\userConfig.xml
    c:\users\khalida\AppData\Roaming\EoRezo\eoStats\eoStats.txt
    c:\users\khalida\AppData\Roaming\EoRezo\host.cyp
    c:\users\khalida\AppData\Roaming\EoRezo\user.cyp
    c:\windows\95f6spyware2566z.dll
    c:\windows\95fbaddware67z.cpl
    c:\windows\962csparze5081.exe
    c:\windows\96435virus56z.ocx
    c:\windows\9653not-a9vi5us78ez.exe
    c:\windows\96947sz5314.cpl
    c:\windows\96evir5104z.bin
    c:\windows\98310hackzool550.bin
    c:\windows\98a1s5ealz475.cpl
    c:\windows\99158not-a-vzrus7cf.bin
    c:\windows\992ad5war9z940.cpl
    c:\windows\99605worz49.cpl
    c:\windows\9b53stzal2239.cpl
    c:\windows\9dfzt5ief3092.exe
    c:\windows\9f7athr5zt23290.bin
    c:\windows\9fzdaddwa5e3053.bin
    c:\windows\9z650w5rm749.dll
    c:\windows\a3zddwar919795.ocx
    c:\windows\b59spyzare2879.dll
    c:\windows\bz9t9reat32565.exe
    c:\windows\d4dth9e5z383.cpl
    c:\windows\e5bthreatz9099.cpl
    c:\windows\ecs9ar5ez182.exe
    c:\windows\Matrix Code.exe
    c:\windows\system32\10199spam9ot455z.exe
    c:\windows\system32\105629py554z.cpl
    c:\windows\system32\1074ha95tozl736.bin
    c:\windows\system32\10c5bazkd9or2847.bin
    c:\windows\system32\1111spyw5r92z46.dll
    c:\windows\system32\11219zi5us7c9.dll
    c:\windows\system32\113259acktool51z.bin
    c:\windows\system32\11482spambo54cz9.bin
    c:\windows\system32\11898wormz53.exe
    c:\windows\system32\12149wormz57.exe
    c:\windows\system32\1220t5oj198z.ocx
    c:\windows\system32\12499wo5m688z.dll
    c:\windows\system32\12954woz93.dll
    c:\windows\system32\136not9a-5izus1ac.bin
    c:\windows\system32\1393s9ar5e25z4.dll
    c:\windows\system32\13959v5r9s5z6.exe
    c:\windows\system32\1425959cktzol14d.cpl
    c:\windows\system32\14656n9t-a-zirus5e4.bin
    c:\windows\system32\15027v9ru5385z.cpl
    c:\windows\system32\15057vir9s417z.exe
    c:\windows\system32\15130spy6e9z.dll
    c:\windows\system32\15188virzs5a9.dll
    c:\windows\system32\1519spa9se1z10.dll
    c:\windows\system32\1541s9eaz1692.cpl
    c:\windows\system32\15624zor9755.bin
    c:\windows\system32\1570s9zrse3173.cpl
    c:\windows\system32\15722zirus579.dll
    c:\windows\system32\157619izus6a5.dll
    c:\windows\system32\15779zac5t9ol7d0.dll
    c:\windows\system32\15949spyz0.bin
    c:\windows\system32\15995worz5ef.dll
    c:\windows\system32\15e3stealz419.exe
    c:\windows\system32\16459spambzt4775.dll
    c:\windows\system32\16497z9rus554.bin
    c:\windows\system32\16620hackto59z9b.ocx
    c:\windows\system32\169dzddw5re953.exe
    c:\windows\system32\173dthi9f26z45.ocx
    c:\windows\system32\17629wor9459z.ocx
    c:\windows\system32\179035acktozl64.cpl
    c:\windows\system32\18060zorm6905.cpl
    c:\windows\system32\18257not5a-z9rus517.cpl
    c:\windows\system32\1828zsp5mbot59b9.ocx
    c:\windows\system32\18450spamb9z4d.bin
    c:\windows\system32\1892hacktoo56fz.cpl
    c:\windows\system32\19001tro5z959.bin
    c:\windows\system32\19227spambzt6359.exe
    c:\windows\system32\193945roz9c6.cpl
    c:\windows\system32\19498tr9j5z5.bin
    c:\windows\system32\19587z5rm4f9.bin
    c:\windows\system32\19922szambo94e5.ocx
    c:\windows\system32\19abazdware4905.cpl
    c:\windows\system32\1a2a9o5nlozder1136.dll
    c:\windows\system32\1b9595reat5607z.bin
    c:\windows\system32\1c3bdo9nload5r68z.exe
    c:\windows\system32\1f669zr1955.cpl
    c:\windows\system32\1z147s592bc.dll
    c:\windows\system32\1z72thre5911372.bin
    c:\windows\system32\1z92backdoor30865.dll
    c:\windows\system32\1z975ir814.cpl
    c:\windows\system32\1zc9v593227.bin
    c:\windows\system32\1zd6ste9l3559.ocx
    c:\windows\system32\20562worm79az.ocx
    c:\windows\system32\2059159cktool19z.bin
    c:\windows\system32\206499ot-a-5irzs6d1.cpl
    c:\windows\system32\20678not-a-vi5zs9b9.cpl
    c:\windows\system32\21107noz-a5viru930f.dll
    c:\windows\system32\21556w9rm6z3.bin
    c:\windows\system32\21964tr5j7z.dll
    c:\windows\system32\21eead5warz7359.cpl
    c:\windows\system32\21z96worm6715.dll
    c:\windows\system32\22015trojz69.dll
    c:\windows\system32\22864w5rm49z.exe
    c:\windows\system32\22945py9z.ocx
    c:\windows\system32\22b29ddzare559.dll
    c:\windows\system32\22zdd5wnloader1952.cpl
    c:\windows\system32\235csp5rse1z93.dll
    c:\windows\system32\2369dow9loa5zr2103.exe
    c:\windows\system32\23acthr9a521820z.cpl
    c:\windows\system32\23z55troj7599.cpl
    c:\windows\system32\23z59parse1192.ocx
    c:\windows\system32\24099wo9z125.ocx
    c:\windows\system32\2457tro9z99.bin
    c:\windows\system32\24629spam5oz569.ocx
    c:\windows\system32\24938sp57z7.cpl
    c:\windows\system32\25085wozm399.cpl
    c:\windows\system32\2536addware99z5.ocx
    c:\windows\system32\253bzddware2579.ocx
    c:\windows\system32\25705spy5z09.ocx
    c:\windows\system32\25c7vzr94765.bin
    c:\windows\system32\2635sparze2199.bin
    c:\windows\system32\268th5eat9184z.bin
    c:\windows\system32\2693zvi5us14f9.exe
    c:\windows\system32\26997vi5us57z.ocx
    c:\windows\system32\27269wo5m307z.exe
    c:\windows\system32\27313spamzo54559.bin
    c:\windows\system32\2798spywa5z2099.cpl
    c:\windows\system32\28513tzoj29c.ocx
    c:\windows\system32\2914zvi9us54a.ocx
    c:\windows\system32\29409spyz95.cpl
    c:\windows\system32\29557v9rus503z.exe
    c:\windows\system32\29559spy25z.exe
    c:\windows\system32\29612worm1fz5.exe
    c:\windows\system32\296zth5ef2946.bin
    c:\windows\system32\297ddowz9oader500.ocx
    c:\windows\system32\297zvi5711.dll
    c:\windows\system32\29ffdow5loazer8059.exe
    c:\windows\system32\29z96spy65a5.ocx
    c:\windows\system32\2b31doznload951254.bin
    c:\windows\system32\2bb6ba9kdooz1385.ocx
    c:\windows\system32\2c2fsp9r5e80z.dll
    c:\windows\system32\2e98doz5loader848.bin
    c:\windows\system32\2ez9sp5rse2998.cpl
    c:\windows\system32\2f7fdow5load9r63z.ocx
    c:\windows\system32\2z116spy459.bin
    c:\windows\system32\2z385s5ambot93c.ocx
    c:\windows\system32\2z5995roj423.exe
    c:\windows\system32\30092not-a-vz5us96.cpl
    c:\windows\system32\30529virus12z.bin
    c:\windows\system32\3066z5orm697.cpl
    c:\windows\system32\308405rojz9e.ocx
    c:\windows\system32\30925not-a-vizu91695.dll
    c:\windows\system32\309d5ackdoorz123.exe
    c:\windows\system32\31179h9ckzool3e75.bin
    c:\windows\system32\3273tr5j5z99.exe
    c:\windows\system32\3278t5iz92371.bin
    c:\windows\system32\32fzthrea530059.cpl
    c:\windows\system32\33e359dzare1118.bin
    c:\windows\system32\341caddw9re594z.exe
    c:\windows\system32\3498spazse5210.cpl
    c:\windows\system32\35497virusez.bin
    c:\windows\system32\3550spyzc9.bin
    c:\windows\system32\35535hrzat97652.cpl
    c:\windows\system32\356219acztool441.exe
    c:\windows\system32\35z4hackt9ol405.exe
    c:\windows\system32\365asteal1z97.ocx
    c:\windows\system32\377zad5ware390.exe
    c:\windows\system32\37c5b9ckdooz1530.ocx
    c:\windows\system32\38dzspyw59e1365.cpl
    c:\windows\system32\3950steal91z.cpl
    c:\windows\system32\3950viz305.dll
    c:\windows\system32\39889ro55f9z.cpl
    c:\windows\system32\39ebsteal95z1.exe
    c:\windows\system32\3ac8backdoor5796z.dll
    c:\windows\system32\3ea5thie92631z.cpl
    c:\windows\system32\3ezfbackd5o92265.exe
    c:\windows\system32\3f90steal75z5.ocx
    c:\windows\system32\40e9down5oazer2727.dll
    c:\windows\system32\42e5threat39z9.cpl
    c:\windows\system32\4309ste9529z5.bin
    c:\windows\system32\449d9h5eat3z597.bin
    c:\windows\system32\4590s5yware993z.ocx
    c:\windows\system32\459bthreat8337z.cpl
    c:\windows\system32\45f9baczdo593191.exe
    c:\windows\system32\4622z5ambot9fe.bin
    c:\windows\system32\475bdownloa9er1210z.ocx
    c:\windows\system32\47c3sparse9z195.cpl
    c:\windows\system32\48cz5hreat8981.dll
    c:\windows\system32\492sp5warez690.dll
    c:\windows\system32\4992a5dwaz9385.ocx
    c:\windows\system32\49z5no9-a-virus5d8.exe
    c:\windows\system32\4a19pars5554z.ocx
    c:\windows\system32\4aabsz9r5e1734.exe
    c:\windows\system32\4adzba9kdoo51765.dll
    c:\windows\system32\4c00zp95are617.ocx
    c:\windows\system32\4ebathre5t3z089.ocx
    c:\windows\system32\4ef5szy9are5671.cpl
    c:\windows\system32\4z1dadd9are3165.dll
    c:\windows\system32\5038zr9j75e.exe
    c:\windows\system32\5046downlo9der2z70.exe
    c:\windows\system32\504athreat95z34.exe
    c:\windows\system32\5078z9yware5451.ocx
    c:\windows\system32\515ad9warez203.dll
    c:\windows\system32\5195thiez255.ocx
    c:\windows\system32\519zthief2367.exe
    c:\windows\system32\51zt9ie51490.cpl
    c:\windows\system32\5212zroj594.bin
    c:\windows\system32\52497virus5z9.dll
    c:\windows\system32\52511zi9us95.cpl
    c:\windows\system32\52622troj1z09.cpl
    c:\windows\system32\53457vir9szf.bin
    c:\windows\system32\5367wo9mzd5.cpl
    c:\windows\system32\536fvzr989.ocx
    c:\windows\system32\5420sp9m5otza.bin
    c:\windows\system32\542509orm1dz.cpl
    c:\windows\system32\545bspywaze1938.ocx
    c:\windows\system32\54742troj19fz.bin
    c:\windows\system32\5495stezl10229.bin
    c:\windows\system32\5495wzrm7c4.exe
    c:\windows\system32\54c9parse15z5.ocx
    c:\windows\system32\55140not9azvirus325.ocx
    c:\windows\system32\551dbazkdo9r4555.bin
    c:\windows\system32\55419pambot7fz.bin
    c:\windows\system32\557e9pyware248z5.bin
    c:\windows\system32\55ddzh9ef1695.ocx
    c:\windows\system32\55e9spy9ar51z0.bin
    c:\windows\system32\5639zpy1c9.dll
    c:\windows\system32\57639hreat81z4.ocx
    c:\windows\system32\587athie91785z.bin
    c:\windows\system32\58beszarse5249.ocx
    c:\windows\system32\58z79troj598.exe
    c:\windows\system32\59085pywa9e1903z.exe
    c:\windows\system32\5909vzrus654.ocx
    c:\windows\system32\5912stezl573.ocx
    c:\windows\system32\59185zrus508.dll
    c:\windows\system32\594z9h5eat28602.ocx
    c:\windows\system32\5955szyware995.bin
    c:\windows\system32\597zsp56c9.dll
    c:\windows\system32\598z9py653.dll
    c:\windows\system32\5997szarse57.ocx
    c:\windows\system32\59ethreaz19039.exe
    c:\windows\system32\59z6spyware12919.bin
    c:\windows\system32\59zvir9405.cpl
    c:\windows\system32\5a3dbackdoo920z7.ocx
    c:\windows\system32\5a50spars59z28.exe
    c:\windows\system32\5a9zad9ware9455.bin
    c:\windows\system32\5b05dzwnlo9der2645.dll
    c:\windows\system32\5c15b9zkdoor1456.ocx
    c:\windows\system32\5cba9dware729z.ocx
    c:\windows\system32\5e2caddz9re8.dll
    c:\windows\system32\5e7s9eal1195z.bin
    c:\windows\system32\5e925p9rse99z.ocx
    c:\windows\system32\5ea3ba9kdozr1599.exe
    c:\windows\system32\5f7aaddwaz93080.ocx
    c:\windows\system32\5fd2zo9nload5r213.ocx
    c:\windows\system32\5ft95ef3260z.bin
    c:\windows\system32\5z5spambo9782.ocx
    c:\windows\system32\5z64addware5889.bin
    c:\windows\system32\5z995py161.bin
    c:\windows\system32\5zc5addw9re426.cpl
    c:\windows\system32\600fspyw95e14z9.exe
    c:\windows\system32\61df9ackdoo5100z.cpl
    c:\windows\system32\6226nz9-5-virus662.cpl
    c:\windows\system32\62f5thzef9722.ocx
    c:\windows\system32\633e9ackdoorz254.ocx
    c:\windows\system32\63c9backdzor3559.exe
    c:\windows\system32\6556spar9e6z1.exe
    c:\windows\system32\65bz9ir518.ocx
    c:\windows\system32\6691sz5rse2428.exe
    c:\windows\system32\669959czdoor1596.exe
    c:\windows\system32\66fc9zarse5275.ocx
    c:\windows\system32\673cvi93059z.cpl
    c:\windows\system32\6793v5rusze.ocx
    c:\windows\system32\6795viz299.bin
    c:\windows\system32\679a5hief150z.dll
    c:\windows\system32\67e3zi51090.ocx
    c:\windows\system32\685zsparse1695.bin
    c:\windows\system32\6892backdooz26975.bin
    c:\windows\system32\691zs5ywa9e168.ocx
    c:\windows\system32\69549tezl956.exe
    c:\windows\system32\6azfthrea930547.cpl
    c:\windows\system32\6c1caddwar59z80.ocx
    c:\windows\system32\6e9dspywzre32645.ocx
    c:\windows\system32\6fzcthie91058.bin
    c:\windows\system32\6z08ste9l5031.cpl
    c:\windows\system32\729bv5r10z2.ocx
    c:\windows\system32\7338ste5l2z549.ocx
    c:\windows\system32\73bd59dware78z.exe
    c:\windows\system32\73z49pam5ot239.dll
    c:\windows\system32\7459viz393.ocx
    c:\windows\system32\755aszywa9e2147.bin
    c:\windows\system32\759abaczdoor1623.exe
    c:\windows\system32\75z0vi52910.bin
    c:\windows\system32\75z9backdoor639.bin
    c:\windows\system32\780d9parsz16855.dll
    c:\windows\system32\7953v9rusz5.dll
    c:\windows\system32\79acspywar5z156.dll
    c:\windows\system32\7a4zdownl5ader2297.dll
    c:\windows\system32\7b19down5oa9er1z19.dll
    c:\windows\system32\7d075h9ef2z71.exe
    c:\windows\system32\7efeb5c9doorz878.exe
    c:\windows\system32\800tro529z.dll
    c:\windows\system32\81fzhie9529.bin
    c:\windows\system32\8235s9yzfb.cpl
    c:\windows\system32\83759irus51z5.bin
    c:\windows\system32\86535pambo921z.dll
    c:\windows\system32\86785pambzt993.dll
    c:\windows\system32\9019zi5us298.ocx
    c:\windows\system32\90334spambz548c.exe
    c:\windows\system32\9085zworm65a.dll
    c:\windows\system32\90a1t5iefz976.exe
    c:\windows\system32\90aspz9a5e3222.cpl
    c:\windows\system32\9115aczdo9r1385.bin
    c:\windows\system32\9273zroj559.ocx
    c:\windows\system32\935265irus2z7.dll
    c:\windows\system32\95390spz19c.ocx
    c:\windows\system32\95540spy1zd.ocx
    c:\windows\system32\95541worm3dz.dll
    c:\windows\system32\95755h5cztool1c0.cpl
    c:\windows\system32\9577thief252z.cpl
    c:\windows\system32\9586spz5se1462.bin
    c:\windows\system32\958sp5warez7.bin
    c:\windows\system32\96144spyzc5.cpl
    c:\windows\system32\9699zvirus55e.ocx
    c:\windows\system32\988665zcktool43.bin
    c:\windows\system32\98f5bazkdoor1306.dll
    c:\windows\system32\98f6dow5zoader2240.dll
    c:\windows\system32\993esparsez650.dll
    c:\windows\system32\999vizus254.bin
    c:\windows\system32\9cbzback5oor1065.exe
    c:\windows\system32\9df5downloadez5441.cpl
    c:\windows\system32\9z40worm95.ocx
    c:\windows\system32\9zb5thief2815.exe
    c:\windows\system32\ae4addza5e2359.exe
    c:\windows\system32\d19zi52223.ocx
    c:\windows\system32\dd0zhr9at23552.exe
    c:\windows\system32\z060addwar5859.dll
    c:\windows\system32\z0653worm39f.cpl
    c:\windows\system32\z26vir953c4.exe
    c:\windows\system32\z291threat26587.ocx
    c:\windows\system32\z45spar9e510.cpl
    c:\windows\system32\z49spa9se952.exe
    c:\windows\system32\z5819pambot31c.exe
    c:\windows\system32\z5e5backdo9r1315.bin
    c:\windows\system32\z5fdow5loa9er2133.bin
    c:\windows\system32\z649pambot6c5.dll
    c:\windows\system32\z67dow59oader850.ocx
    c:\windows\system32\z6965virus655.cpl
    c:\windows\system32\z698th9e52778.cpl
    c:\windows\system32\z69worm7e5.cpl
    c:\windows\system32\z712s5ambot291.exe
    c:\windows\system32\z8599w5rm2a.dll
    c:\windows\system32\z8977not-a-9iru5165.ocx
    c:\windows\system32\z908tro9535.exe
    c:\windows\system32\z93c5hr9at16779.ocx
    c:\windows\system32\z93estea52049.cpl
    c:\windows\system32\za89thief28115.dll
    c:\windows\system32\zb6abac5door9759.cpl
    c:\windows\system32\zea9spy5are1992.cpl
    c:\windows\system32\zfcspa5se2995.bin
    c:\windows\z051sp5598.bin
    c:\windows\z1540w9rm589.dll
    c:\windows\z186hackto9l4995.dll
    c:\windows\z195addware564.bin
    c:\windows\z2439s9y5255.exe
    c:\windows\z2742vir5s2e69.dll
    c:\windows\z328th5eat24892.dll
    c:\windows\z354s9y56c.dll
    c:\windows\z40959ambot1a.bin
    c:\windows\z467d9wnlo5der2910.bin
    c:\windows\z4961sp9mbot4ea5.cpl
    c:\windows\z49v9r3155.exe
    c:\windows\z56estea92199.ocx
    c:\windows\z5aa5i91871.exe
    c:\windows\z5e19hreat22214.exe
    c:\windows\z6129wo95bb.bin
    c:\windows\z689vir5s37e.dll
    c:\windows\z7981v5ru9145.exe
    c:\windows\z93599orm53e.ocx
    c:\windows\z93789orm556.dll
    c:\windows\zb635ddware3189.exe
    c:\windows\zb65spyware689.exe
    c:\windows\zc35d5wnloader24139.exe
    c:\windows\ze6spywa9e2159.exe

    .
    ((((((((((((((((((((((((( Files Created from 2009-07-01 to 2009-08-01 )))))))))))))))))))))))))))))))
    .

    2009-08-01 00:24 . 2009-08-01 00:33 -------- d-----w- c:\users\khalida\AppData\Local\temp
    2009-08-01 00:24 . 2009-08-01 00:24 -------- d-----w- c:\users\Zazou\AppData\Local\temp
    2009-08-01 00:24 . 2009-08-01 00:24 -------- d-----w- c:\users\jawed\AppData\Local\temp
    2009-07-31 23:42 . 2009-07-31 23:48 -------- d---a-w- C:\32788R22FWJFW
    2009-07-31 15:54 . 2009-07-31 17:38 -------- d-s---w- C:\IDN
    2009-07-31 15:03 . 2009-07-31 18:04 -------- d-----w- c:\program files\trend micro
    2009-07-31 15:03 . 2009-07-31 15:04 -------- d-----w- C:\rsit
    2009-07-29 17:55 . 2008-12-04 19:11 43520 ----a-w- c:\windows\system32\drivers\fetnd6v.sys
    2009-07-29 17:50 . 2009-07-29 17:51 -------- d---a-w- c:\program files\SystemRequirementsLab
    2009-07-29 17:50 . 2009-07-29 17:50 -------- d---a-w- c:\users\khalida\AppData\Roaming\SystemRequirementsLab
    2009-07-29 17:50 . 2009-07-29 17:50 207872 ----a-w- c:\users\khalida\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4.dll
    2009-07-29 17:50 . 2009-07-29 17:50 207872 ----a-w- c:\users\khalida\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_3.dll
    2009-07-29 17:50 . 2009-07-29 17:50 207872 ----a-w- c:\users\khalida\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_2.dll
    2009-07-29 17:50 . 2009-07-29 17:50 207872 ----a-w- c:\users\khalida\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_1.dll
    2009-07-29 17:47 . 2009-07-29 17:48 -------- d---a-w- c:\program files\ma-config.com
    2009-07-29 17:47 . 2009-07-29 17:47 -------- d---a-w- c:\progra~2\ma-config.com
    2009-07-27 20:16 . 2009-07-27 20:16 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
    2009-07-27 13:23 . 2009-07-27 13:23 94643 ----a-w- c:\windows\system32\drivers\klick.dat
    2009-07-27 13:23 . 2009-07-27 13:23 105395 ----a-w- c:\windows\system32\drivers\klin.dat
    2009-07-27 13:21 . 2009-07-31 22:32 -------- d---a-w- c:\progra~2\Kaspersky Lab
    2009-07-27 13:21 . 2009-07-27 13:21 -------- d---a-w- c:\program files\Kaspersky Lab
    2009-07-27 12:52 . 2009-07-27 12:52 -------- d---a-w- c:\progra~2\Kaspersky Lab Setup Files
    2009-07-25 19:32 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2009-07-25 19:32 . 2009-04-03 09:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2009-07-25 19:32 . 2008-12-18 10:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2009-07-25 19:32 . 2009-07-25 19:34 -------- d---a-w- c:\program files\Common Files\PC Tools
    2009-07-25 19:32 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2009-07-25 19:32 . 2009-07-31 17:06 -------- d---a-w- c:\program files\Spyware Doctor
    2009-07-25 19:32 . 2009-07-25 19:32 -------- d---a-w- c:\users\khalida\AppData\Roaming\PC Tools
    2009-07-25 19:32 . 2009-07-25 19:32 -------- d---a-w- c:\progra~2\PC Tools
    2009-07-24 13:24 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2009-07-24 13:24 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-07-24 13:24 . 2009-07-24 13:24 -------- d---a-w- c:\progra~2\Avira
    2009-07-24 08:16 . 2009-07-24 08:16 -------- d-----w- c:\users\khalida\AppData\Roaming\Nero
    2009-07-22 23:25 . 2009-07-22 23:25 -------- d---a-w- c:\program files\FreeTime
    2009-07-18 16:09 . 2009-07-18 16:09 -------- d-----w- c:\users\jawed\AppData\Local\Broad Intelligence
    2009-07-18 15:03 . 2009-07-18 16:09 -------- d---a-w- c:\users\jawed\AppData\Roaming\Broad Intelligence
    2009-07-18 15:02 . 2009-07-18 15:02 -------- d---a-w- c:\users\jawed\AppData\Roaming\Red Kawa
    2009-07-18 11:24 . 2009-07-18 11:24 -------- d---a-w- c:\users\khalida\AppData\Roaming\Red Kawa
    2009-07-18 10:44 . 2009-07-18 10:44 -------- d---a-w- c:\users\Zazou\AppData\Roaming\Red Kawa
    2009-07-17 17:40 . 2009-07-17 17:40 -------- d-----w- c:\users\Zazou\AppData\Roaming\Broad Intelligence
    2009-07-16 17:29 . 2009-07-16 17:29 -------- d---a-w- c:\users\jawed\AppData\Roaming\Regensoft
    2009-07-15 07:26 . 2009-06-15 15:29 156160 ----a-w- c:\windows\system32\t2embed.dll
    2009-07-15 07:26 . 2009-06-15 15:22 72704 ----a-w- c:\windows\system32\fontsub.dll
    2009-07-15 07:26 . 2009-06-15 15:23 24064 ----a-w- c:\windows\system32\lpk.dll
    2009-07-15 07:26 . 2009-06-15 15:21 10240 ----a-w- c:\windows\system32\dciman32.dll
    2009-07-15 07:26 . 2009-06-15 15:20 34304 ----a-w- c:\windows\system32\atmlib.dll
    2009-07-15 07:26 . 2009-06-15 13:03 289792 ----a-w- c:\windows\system32\atmfd.dll
    2009-07-14 11:15 . 2009-07-27 21:55 -------- d---a-w- c:\users\khalida\AppData\Roaming\dvdcss
    2009-07-14 09:50 . 2009-07-14 11:51 -------- d---a-w- c:\users\khalida\AppData\Roaming\vlc
    2009-07-13 13:20 . 2009-07-13 13:20 15240 ----a-w- c:\users\Zazou\AppData\Roaming\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll
    2009-07-12 09:56 . 2009-07-12 09:56 -------- d---a-w- c:\users\Zazou\AppData\Local\Mozilla
    2009-07-05 15:07 . 2009-07-17 09:07 -------- d---a-w- c:\users\Zazou\AppData\Roaming\MessengerDiscovery 2
    2009-07-04 09:41 . 2009-07-23 20:55 -------- d---a-w- c:\users\khalida\AppData\Roaming\MessengerDiscovery 2

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-07-29 17:58 . 2006-01-02 05:30 715414 ----a-w- c:\windows\system32\perfh00C.dat
    2009-07-29 17:58 . 2006-01-02 05:30 127310 ----a-w- c:\windows\system32\perfc00C.dat
    2009-07-29 13:45 . 2008-04-11 18:06 1356 ----a-w- c:\users\khalida\AppData\Local\d3d9caps.dat
    2009-07-27 14:30 . 2008-11-13 12:25 -------- d---a-w- c:\program files\Common Files\DVDVideoSoft
    2009-07-27 14:30 . 2008-11-13 12:25 -------- d---a-w- c:\program files\DVDVideoSoft
    2009-07-27 13:15 . 2006-01-01 20:49 -------- d-----w- c:\program files\Symantec
    2009-07-27 13:11 . 2006-01-01 20:50 -------- d-----w- c:\program files\Norton Internet Security
    2009-07-27 13:10 . 2006-01-01 20:49 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2009-07-27 13:08 . 2006-01-01 20:49 -------- d-----w- c:\progra~2\Symantec
    2009-07-24 13:45 . 2008-07-05 16:50 -------- d-----w- c:\program files\Avira
    2009-07-24 09:06 . 2009-06-30 18:52 -------- d---a-w- c:\program files\MessengerDiscovery 2
    2009-07-24 08:21 . 2009-04-04 14:13 -------- d-----w- c:\program files\Image-Line
    2009-07-23 21:06 . 2009-07-01 14:48 -------- d-----w- c:\program files\DNA
    2009-07-23 19:58 . 2009-07-01 14:48 -------- d-----w- c:\users\jawed\AppData\Roaming\DNA
    2009-07-23 19:35 . 2008-07-06 15:45 -------- d-----w- c:\program files\Java
    2009-07-22 23:43 . 2009-03-08 11:47 -------- d-----w- c:\users\jawed\AppData\Roaming\avidemux
    2009-07-22 23:40 . 2009-03-08 11:47 -------- d-----w- c:\program files\Avidemux 2.4
    2009-07-22 22:19 . 2009-06-11 10:35 -------- d---a-w- c:\program files\StuffPlug3
    2009-07-22 22:17 . 2009-06-30 18:58 -------- d---a-w- c:\users\jawed\AppData\Roaming\MessengerDiscovery 2
    2009-07-21 21:49 . 2009-05-24 15:47 -------- d-----w- c:\users\jawed\AppData\Roaming\LimeWire
    2009-07-21 15:05 . 2009-06-29 11:39 -------- d---a-w- c:\users\jawed\AppData\Roaming\dvdcss
    2009-07-20 10:05 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2009-07-20 00:12 . 2008-12-29 09:14 -------- d-----w- c:\users\jawed\AppData\Roaming\Skype
    2009-07-19 22:13 . 2009-06-28 11:18 -------- d-----w- c:\users\jawed\AppData\Roaming\skypePM
    2009-07-19 11:45 . 2009-03-08 15:27 -------- d---a-w- c:\program files\CamStudio
    2009-07-15 11:28 . 2008-11-11 16:07 -------- d---a-w- c:\program files\AviSynth 2.5
    2009-07-13 10:13 . 2008-01-24 19:48 -------- d-----w- c:\program files\Messenger Plus! Live
    2009-07-06 15:54 . 2009-03-18 14:25 -------- d---a-w- c:\users\Zazou\AppData\Roaming\LimeWire
    2009-07-05 08:49 . 2008-07-06 15:59 -------- d-----w- c:\users\khalida\AppData\Roaming\LimeWire
    2009-06-28 11:18 . 2009-06-28 11:18 56 ---ha-w- c:\windows\system32\ezsidmv.dat
    2009-06-28 11:14 . 2009-06-28 11:14 -------- d-----r- c:\program files\Skype
    2009-06-28 11:14 . 2009-06-28 11:13 -------- d-----w- c:\progra~2\Skype
    2009-06-28 11:14 . 2009-06-28 11:14 -------- d-----w- c:\program files\Common Files\Skype
    2009-06-27 19:34 . 2009-06-27 15:26 -------- d---a-w- c:\program files\SupraASCIIArt
    2009-06-21 15:50 . 2009-06-18 09:52 -------- d---a-w- c:\users\jawed\AppData\Roaming\Nero
    2009-06-21 10:05 . 2009-06-21 10:01 -------- d---a-w- c:\program files\Cheat Engine
    2009-06-20 12:48 . 2009-06-20 12:48 -------- d---a-w- c:\program files\L0phtCrack 6
    2009-06-18 18:13 . 2009-04-11 17:52 -------- d---a-w- c:\users\jawed\AppData\Roaming\Hamachi
    2009-06-18 17:50 . 2009-06-18 17:45 29696 ----a-w- c:\windows\mickey32.dll
    2009-06-18 17:50 . 2009-06-18 17:45 232784 ----a-w- c:\windows\Matrix Code.scr
    2009-06-18 05:59 . 2009-06-18 05:13 -------- d---a-w- c:\program files\Common Files\Nero
    2009-06-18 05:39 . 2009-06-18 05:14 -------- d---a-w- c:\program files\Nero
    2009-06-18 05:38 . 2009-04-22 14:41 -------- d---a-w- c:\users\jawed\AppData\Roaming\codeblocks
    2009-06-18 05:28 . 2009-06-18 05:13 -------- d---a-w- c:\progra~2\Nero
    2009-06-17 17:39 . 2006-01-01 20:42 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-06-17 17:16 . 2009-06-17 17:16 -------- d---a-w- c:\program files\Common Files\Pegasus Imaging
    2009-06-16 16:37 . 2009-05-28 11:02 -------- d-----w- c:\users\jawed\AppData\Roaming\vlc
    2009-06-15 10:46 . 2008-07-15 12:36 -------- d-----w- c:\program files\DivX
    2009-06-15 10:45 . 2009-06-15 10:44 -------- d---a-w- c:\program files\Common Files\DivX Shared
    2009-06-14 16:24 . 2009-06-14 16:24 -------- d---a-w- c:\program files\MultiProxy
    2009-06-09 11:06 . 2009-06-07 15:58 -------- d---a-w- c:\program files\Beast
    2009-06-03 19:11 . 2009-06-03 19:11 12862 ----a-r- c:\users\jawed\AppData\Roaming\Microsoft\Installer\{0E2B767B-EA6A-489B-BF83-8083FE1DB661}\_1EEFFF72773535163E4216.exe
    2009-06-03 19:11 . 2009-06-03 19:10 -------- d---a-w- c:\program files\Pcsx2
    2009-06-02 16:20 . 2008-12-21 17:00 -------- d-----w- c:\program files\Google
    2009-05-31 15:02 . 2009-05-30 18:27 222864 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
    2009-05-31 15:02 . 2007-08-19 17:25 8224 ----a-w- c:\users\khalida\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-05-31 09:41 . 2008-12-22 17:40 222864 ----a-w- c:\users\Zazou\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-05-30 18:27 . 2008-12-21 16:47 8224 ----a-w- c:\users\jawed\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-05-25 03:21 . 2009-05-25 03:21 219664 ----a-w- c:\windows\system32\klogon.dll
    2009-05-25 03:18 . 2009-05-25 03:18 27507 ----a-w- c:\windows\system32\drivers\klopp.dat
    2009-05-24 13:30 . 2009-05-24 13:30 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
    2009-05-22 20:22 . 2009-05-22 20:22 446976 ----a-w- c:\windows\system32\ShellMPD.dll
    2009-05-21 09:33 . 2008-12-21 17:14 410984 ----a-w- c:\windows\system32\deploytk.dll
    2009-05-20 10:52 . 2009-05-20 10:53 27 ----a-w- c:\windows\Moin120Mo.vbs
    2009-05-16 18:59 . 2009-05-16 18:59 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
    2009-05-15 16:50 . 2009-05-15 16:50 21008 ----a-w- c:\windows\system32\drivers\klim6.sys
    2009-07-22 17:39 . 2009-02-01 18:22 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
    2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-07-31_16.55.45 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2006-11-02 07:33 . 2006-11-02 07:33 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.18294_none_f3103c28ba6bf764\mshtmler.dll
    + 2009-04-15 16:44 . 2008-01-19 07:33 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18294_none_add4d775070b44af\admparse.dll
    + 2009-06-12 16:14 . 2009-04-11 06:28 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18071_none_0384bbed9f313b6d\WininetPlugin.dll
    + 2009-06-12 16:14 . 2009-04-11 06:28 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18071_none_0384bbed9f313b6d\jsproxy.dll
    + 2008-04-09 10:24 . 2008-02-22 05:01 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18294_none_018ba925a2186d09\WininetPlugin.dll
    + 2006-01-01 21:06 . 2009-08-01 00:32 86776 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 13:05 . 2009-08-01 00:33 69348 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2007-08-25 19:51 . 2009-08-01 00:33 14814 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1331331636-2896911738-3615633392-1002_UserData.bin
    - 2007-08-19 17:19 . 2009-07-31 16:49 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2007-08-19 17:19 . 2009-08-01 00:31 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2007-08-19 17:19 . 2009-08-01 00:31 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2007-08-19 17:19 . 2009-07-31 16:49 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-08-01 00:26 . 2009-08-01 00:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-07-31 16:48 . 2009-07-31 16:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2008-08-14 11:07 . 2008-01-19 07:34 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18294_none_64452247ae64646c\ieui.dll
    + 2008-10-16 15:35 . 2008-01-19 07:36 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18294_none_474660018cc98b66\sqmapi.dll
    + 2006-11-02 07:27 . 2006-11-02 09:39 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18294_none_add4d775070b44af\ieakui.dll
    + 2007-08-19 17:19 . 2009-08-01 00:31 131072 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2007-08-19 17:19 . 2009-07-31 16:49 131072 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2006-11-02 10:22 . 2009-07-31 23:28 6291456 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
    - 2006-11-02 10:22 . 2009-07-29 18:06 6291456 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
    + 2008-02-14 06:39 . 2009-07-31 18:36 221861521 c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-25 1232896]
    "SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2006-10-23 1092152]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
    "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-25 1006264]
    "HostManager"="c:\program files\Common Files\AOL\1136148254\ee\AOLSoftware.exe" [2006-11-14 50736]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-20 228088]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-08-11 249856]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
    "SystrayORAHSS"="c:\program files\OrangeHSS\Systray\SystrayApp.exe" [2007-09-25 94208]
    "ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-09-25 102400]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-12 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-12 8497696]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-12 81920]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "tsnp2std"="c:\windows\tsnp2std.exe" [2007-05-10 270336]
    "snp2std"="c:\windows\vsnp2std.exe" [2007-09-28 344064]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
    "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-09 3784704]

    c:\users\khalida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Outil de notification Live Search.lnk - c:\users\khalida\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-7-10 152616]

    c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
    Contr“leur de calendrier Ulead.lnk - c:\program files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2008-10-27 69632]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
    OFFICE One Startup v7.lnk - c:\program files\OFFICE One v7\OFFICE One Startup v7\oostartupv7.exe [2006-1-1 713728]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{10B6C2D4-A469-4509-AD25-4CB8FD522E56}"= UDP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Autoconnect
    "{506D562E-D479-4456-9292-4B0B4C44ECAE}"= TCP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Autoconnect
    "{3402E81F-36F6-4FEE-B0F2-19DE68C825E3}"= UDP:c:\program files\Common Files\aol\acs\AOLacsd.exe:module de connexion AOL
    "{10ED7B7E-3090-42B9-A8EA-9DC0FE366441}"= TCP:c:\program files\Common Files\aol\acs\AOLacsd.exe:module de connexion AOL
    "{9DBFDF74-DD6D-4AAA-B16F-BF042986C0B6}"= UDP:c:\program files\AOL 9.0 VR\waol.exe:AOL
    "{7FD2355E-68FF-4A4F-AEB1-9D042925BC40}"= TCP:c:\program files\AOL 9.0 VR\waol.exe:AOL
    "{9DD6CE0D-CF70-4342-8CA3-10A9382E8098}"= UDP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
    "{C9F68B1E-64C5-46FC-8B73-F67E68A48BB4}"= TCP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
    "{655FB7C5-31C3-436F-87C6-F3670EB42B89}"= UDP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
    "{B8393477-4A14-4306-9216-5DBB0CFFA428}"= TCP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
    "{02305D9D-85BA-449F-985D-50C0DDA60521}"= UDP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
    "{80BED819-853A-4C46-B1E4-C0A28417949A}"= TCP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
    "{4892CD96-2676-433F-831B-BCF59DB26C05}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{7169E952-42F4-417A-AB7A-1FA695EACA1F}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
    "{D54A58A5-7001-480D-9326-7E84BFE0B8B2}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
    "{DC1EEF48-2FCB-4B9C-99C7-057931A1AB09}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
    "{1038CE5A-7E72-4264-B4CA-3C9561AFA37F}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
    "{6280F056-73B4-4FBC-969E-12BAEEB297D8}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{70413727-2598-4641-911C-FA5BDDCAE6AD}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{803284F8-BD3D-4503-A56B-CADF10984ED1}"= UDP:c:\program files\DNA\btdna.exe:D NA (TCP-In)
    "{DA888A24-78F6-41E9-ADBD-90451D9A99A3}"= TCP:c:\program files\DNA\btdna.exe:D NA (UDP-In)
    "{49243953-AF0D-43B6-8A92-671927787784}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{5E9AE0DD-7583-4A34-822D-BD370819FEC2}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
    "{CC1D5C9C-4C94-46A3-966D-B2BA1C6AD958}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
    "{1D98D78D-1086-43D0-A576-A893EAB1B74C}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
    "{B92C64A3-494D-4F55-8B84-7A1B93CED20D}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

    R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [15/12/2008 20:41 33808]
    R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [25/07/2009 21:32 130936]
    R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20080508.002\IDSvix86.sys [09/05/2008 06:55 261680]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [15/05/2009 18:50 21008]
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [24/07/2009 15:24 108289]
    R2 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [24/01/2008 17:51 43816]
    R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [25/07/2009 21:32 348752]
    R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\System32\drivers\fetnd6v.sys [29/07/2009 19:55 43520]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\System32\drivers\klmouflt.sys [16/05/2009 20:59 19472]
    S2 CameraServer;CameraServer;c:\flycam\CameraServer.exe --> c:\flycam\CameraServer.exe [?]
    S2 FLYCAM;FlyCam, WDM Video Capture;c:\windows\System32\drivers\flycam.sys [27/01/2006 04:33 705408]
    S2 fsssvc;Windows Live OneCare Contrôle parental;c:\program files\Windows Live\Contrôle parental\fsssvc.exe [17/12/2007 12:13 523816]
    S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 17:13 234864]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [24/01/2008 17:23 28224]
    S3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [03/10/2008 15:14 37936]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - COMHOST
    *Deregistered* - mchInjDrv
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.plusnetwork.com
    mStart Page = hxxp://www.google.com
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Voir les cookies - c:\windows\web\showcookies.htm
    LSP: c:\windows\system32\wpclsp.dll
    Trusted Zone: orange.fr\www
    FF - ProfilePath - c:\users\khalida\AppData\Roaming\Mozilla\Firefox\Profiles\4619tljs.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
    FF - prefs.js: browser.search.selectedEngine - Yoog Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.plusnetwork.com
    FF - prefs.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=
    FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: browser.search.defaultenginename - Yoog Search
    FF - user.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
    FF - user.js: browser.search.selectedEngine - Yoog Search
    FF - user.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=
    FF - user.js: keyword.enabled - true
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-01 02:32
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(4960)
    c:\program files\Spyware Doctor\pctgmhk.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\System32\audiodg.exe
    c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\aol\acs\AOLacsd.exe
    c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
    c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    c:\program files\Spyware Doctor\pctsSvc.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\windows\System32\WUDFHost.exe
    c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    c:\windows\System32\conime.exe
    c:\windows\System32\rundll32.exe
    c:\windows\System32\wbem\unsecapp.exe
    c:\windows\System32\rundll32.exe
    c:\windows\ehome\ehmsas.exe
    c:\users\khalida\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
    c:\progra~1\COMMON~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe
    c:\program files\OrangeHSS\Deskboard\Deskboard.exe
    c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe
    c:\program files\OrangeHSS\Connectivity\corecom\CoreCom.exe
    c:\program files\OrangeHSS\Connectivity\corecom\OraConfigRecover.exe
    c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\1\FTCOMModule.exe
    .
    **************************************************************************
    .
    Completion time: 2009-08-01 3:11 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-08-01 01:11

    Pre-Run: 122 275 184 640 octets libres
    Post-Run: 122 232 729 600 octets libres

    Current=1 Default=1 Failed=0 LastKnownGood=2 Sets=1,2,3,4,5,6,7,8
    821 --- E O F --- 2009-07-31 18:47
    a c 296 8 Sécurité
    a b 9 Windows
    1 Août 2009 15:54:58

    Pas mal.

  • Télécharge Lop S&D sur ton Bureau.
  • Double-clique dessus pour lancer l'installation.
  • Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau.
    (Sous Vista, il faut cliquer droit sur le raccourci Lop S&D et choisir Exécuter en tant qu'administrateur)
  • Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche) .
  • Patiente jusqu'à la fin du scan.
  • Poste le rapport généré (C:\lopR.txt).
    1 Août 2009 18:47:20

    Et voila le LopR.txt :D  :


    --------------------\\ Lop S&D 4.2.5-0 XP/Vista

    Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
    X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz )
    BIOS : Phoenix - AwardBIOS v6.00PG
    USER : khalida ( Not Administrator ! )
    BOOT : Normal boot
    C:\ (Local Disk) - NTFS - Total:224 Go (Free:113 Go)
    D:\ (CD or DVD)
    E:\ (USB)
    F:\ (USB)
    G:\ (USB)
    H:\ (USB)

    "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
    Option : [1] ( 01/08/2009|18:37 )

    [ UAC => 1 ]

    --------------------\\ Listing des dossiers dans Local

    [19/08/2007|19:25] C:\Users\khalida\AppData\Local\AOL
    [19/08/2007|19:24] C:\Users\khalida\AppData\Local\Application Data
    [13/11/2008|22:41] C:\Users\khalida\AppData\Local\ApplicationHistory
    [18/02/2008|16:58] C:\Users\khalida\AppData\Local\Apps
    [29/07/2009|15:45] C:\Users\khalida\AppData\Local\d3d9caps.dat
    [01/08/2009|15:21] C:\Users\khalida\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [20/11/2008|16:05] C:\Users\khalida\AppData\Local\Deployment
    [14/07/2008|20:02] C:\Users\khalida\AppData\Local\DFX
    [24/01/2008|17:49] C:\Users\khalida\AppData\Local\fusioncache.dat
    [01/08/2009|12:23] C:\Users\khalida\AppData\Local\GDIPFONTCACHEV1.DAT
    [03/06/2009|10:25] C:\Users\khalida\AppData\Local\Google
    [19/08/2007|19:24] C:\Users\khalida\AppData\Local\Historique
    [01/08/2009|15:30] C:\Users\khalida\AppData\Local\IconCache.db
    [31/07/2009|18:55] C:\Users\khalida\AppData\Local\Microsoft
    [26/08/2007|01:55] C:\Users\khalida\AppData\Local\Microsoft Games
    [26/09/2007|16:20] C:\Users\khalida\AppData\Local\MicroVision Applications
    [01/02/2009|20:22] C:\Users\khalida\AppData\Local\Mozilla
    [02/04/2009|13:02] C:\Users\khalida\AppData\Local\Sony
    [01/08/2009|18:37] C:\Users\khalida\AppData\Local\temp
    [19/08/2007|19:24] C:\Users\khalida\AppData\Local\Temporary Internet Files
    [27/08/2007|14:24] C:\Users\khalida\AppData\Local\VirtualStore
    [14/07/2008|20:23] C:\Users\khalida\AppData\Local\Wyzo

    --------------------\\ Tâches planifiées dans C:\Windows\tasks

    [24/07/2009 18:10][--a------] C:\Windows\tasks\NSSstub.job
    [01/08/2009 18:35][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{3B04291C-74BF-4CD2-A0FF-5135F350E890}.job
    [03/07/2009 15:00][--a------] C:\Windows\tasks\Norton Security Scan.job
    [31/07/2009 23:12][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{E3AAEEFA-0C41-428C-82DE-EFE16196CFF2}.job
    [01/08/2009 18:30][--a------] C:\Windows\tasks\Extension de garantie.job
    [01/08/2009 18:30][--a------] C:\Windows\tasks\Recovery DVD Creator.job
    [01/08/2009 17:32][--ah-----] C:\Windows\tasks\SA.DAT
    [01/08/2009 15:31][--a------] C:\Windows\tasks\SCHEDLGU.TXT

    --------------------\\ Listing des dossiers dans C:\ProgramData

    [05/01/2009|18:55] C:\ProgramData\Adobe
    [04/04/2009|12:56] C:\ProgramData\aHisoft
    [01/01/2006|22:46] C:\ProgramData\AOL
    [02/11/2006|15:02] C:\ProgramData\Application Data
    [20/05/2009|17:23] C:\ProgramData\Autodesk
    [24/07/2009|15:24] C:\ProgramData\Avira
    [04/04/2009|15:17] C:\ProgramData\AVS4YOU
    [19/08/2007|19:20] C:\ProgramData\Bureau
    [01/01/2006|22:54] C:\ProgramData\Ciel
    [02/11/2006|15:02] C:\ProgramData\Desktop
    [14/07/2008|20:01] C:\ProgramData\DFX
    [02/11/2006|15:02] C:\ProgramData\Documents
    [26/03/2009|14:28] C:\ProgramData\EmailNotifier
    [19/08/2007|19:20] C:\ProgramData\Favoris
    [02/11/2006|15:02] C:\ProgramData\Favorites
    [02/06/2009|17:40] C:\ProgramData\Google
    [14/02/2008|22:39] C:\ProgramData\HotbarSA
    [01/01/2006|22:49] C:\ProgramData\InstallShield
    [01/08/2009|17:37] C:\ProgramData\Kaspersky Lab
    [27/07/2009|14:52] C:\ProgramData\Kaspersky Lab Setup Files
    [14/03/2008|21:29] C:\ProgramData\Lavasoft
    [29/07/2009|19:47] C:\ProgramData\ma-config.com
    [26/03/2009|14:28] C:\ProgramData\Megaupload
    [19/08/2007|19:20] C:\ProgramData\Menu D‚marrer
    [24/01/2008|21:53] C:\ProgramData\Messenger Plus!
    [30/05/2009|21:35] C:\ProgramData\Microsoft
    [30/05/2009|21:34] C:\ProgramData\Microsoft Help
    [19/08/2007|19:20] C:\ProgramData\ModŠles
    [18/06/2009|07:28] C:\ProgramData\Nero
    [01/08/2009|11:47] C:\ProgramData\ntuser.pol
    [05/09/2008|07:01] C:\ProgramData\NVIDIA
    [01/01/2006|23:01] C:\ProgramData\OFFICE One v7
    [25/07/2009|21:32] C:\ProgramData\PC Tools
    [22/05/2009|22:22] C:\ProgramData\RockEnFolie le Player
    [26/09/2007|18:17] C:\ProgramData\Roxio
    [28/06/2009|13:14] C:\ProgramData\Skype
    [01/01/2006|22:48] C:\ProgramData\Sonic
    [31/03/2009|13:48] C:\ProgramData\Sony
    [02/11/2006|15:02] C:\ProgramData\Start Menu
    [27/07/2009|15:08] C:\ProgramData\Symantec
    [01/08/2009|18:04] C:\ProgramData\TEMP
    [02/11/2006|15:02] C:\ProgramData\Templates
    [22/03/2009|13:47] C:\ProgramData\Ulead Systems
    [01/01/2006|22:45] C:\ProgramData\Viewpoint
    [03/04/2009|21:44] C:\ProgramData\WLInstaller

    --------------------\\ Listing des dossiers dans C:\Program Files

    [05/01/2009|18:54] C:\Program Files\Adobe
    [01/01/2006|22:46] C:\Program Files\AOL 9.0 VR
    [04/04/2009|17:34] C:\Program Files\Audacity
    [13/05/2009|20:42] C:\Program Files\Autodesk
    [23/07/2009|01:40] C:\Program Files\Avidemux 2.4
    [24/07/2009|15:45] C:\Program Files\Avira
    [15/07/2009|13:28] C:\Program Files\AviSynth 2.5
    [08/04/2009|19:44] C:\Program Files\AVS4YOU
    [09/06/2009|13:06] C:\Program Files\Beast
    [27/05/2009|18:07] C:\Program Files\Beyond Compare 3
    [19/07/2009|13:45] C:\Program Files\CamStudio
    [21/06/2009|12:05] C:\Program Files\Cheat Engine
    [12/05/2009|18:32] C:\Program Files\Cin‚ma 4D
    [22/04/2009|16:41] C:\Program Files\CodeBlocks
    [01/08/2009|02:11] C:\Program Files\Common Files
    [14/07/2008|20:01] C:\Program Files\DFX
    [15/06/2009|12:46] C:\Program Files\DivX
    [23/07/2009|23:06] C:\Program Files\DNA
    [27/07/2009|16:30] C:\Program Files\DVDVideoSoft
    [16/05/2009|21:34] C:\Program Files\Easy GIF Animator
    [15/04/2009|14:09] C:\Program Files\EasyPHP 3.0
    [02/05/2009|20:17] C:\Program Files\ExtracteurIcones31
    [19/08/2007|19:20] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
    [10/04/2009|20:39] C:\Program Files\Flyff
    [23/07/2009|01:25] C:\Program Files\FreeTime
    [02/06/2009|18:20] C:\Program Files\Google
    [13/05/2009|12:44] C:\Program Files\Gpotato.eu
    [11/04/2009|19:52] C:\Program Files\Hamachi
    [24/07/2009|10:21] C:\Program Files\Image-Line
    [02/05/2009|19:37] C:\Program Files\Inno Setup 5
    [17/06/2009|19:39] C:\Program Files\InstallShield Installation Information
    [14/06/2009|11:31] C:\Program Files\Internet Explorer
    [19/01/2008|16:44] C:\Program Files\Inventel
    [01/01/2006|22:58] C:\Program Files\ISSENDIS
    [23/07/2009|21:35] C:\Program Files\Java
    [27/07/2009|15:21] C:\Program Files\Kaspersky Lab
    [20/06/2009|14:48] C:\Program Files\L0phtCrack 6
    [14/03/2008|21:27] C:\Program Files\Lavasoft
    [29/07/2009|19:48] C:\Program Files\ma-config.com
    [26/03/2009|14:27] C:\Program Files\Megaupload
    [13/07/2009|12:13] C:\Program Files\Messenger Plus! Live
    [24/07/2009|11:06] C:\Program Files\MessengerDiscovery 2
    [03/04/2009|18:29] C:\Program Files\Microsoft
    [02/11/2006|14:37] C:\Program Files\Microsoft Games
    [06/03/2009|21:19] C:\Program Files\Microsoft Games for Windows - LIVE
    [07/05/2008|17:00] C:\Program Files\Microsoft Office
    [18/04/2009|14:53] C:\Program Files\Microsoft SDKs
    [02/03/2009|21:19] C:\Program Files\Microsoft Silverlight
    [20/04/2009|16:44] C:\Program Files\Microsoft SQL Server
    [30/05/2009|21:35] C:\Program Files\Microsoft SQL Server Compact Edition
    [30/05/2009|21:35] C:\Program Files\Microsoft Synchronization Services
    [30/05/2009|21:35] C:\Program Files\Microsoft Visual Studio 9.0
    [20/04/2009|16:46] C:\Program Files\Microsoft.NET
    [17/06/2009|18:19] C:\Program Files\Movie Maker
    [01/08/2009|12:06] C:\Program Files\Mozilla Firefox
    [02/11/2006|14:37] C:\Program Files\MSBuild
    [02/11/2006|14:37] C:\Program Files\MSN
    [14/06/2009|18:24] C:\Program Files\MultiProxy
    [24/05/2009|14:24] C:\Program Files\MySQL
    [18/06/2009|07:39] C:\Program Files\Nero
    [31/05/2009|19:22] C:\Program Files\No-IP
    [27/07/2009|15:11] C:\Program Files\Norton Internet Security
    [26/12/2008|16:00] C:\Program Files\Norton Security Scan
    [23/05/2009|14:12] C:\Program Files\Notepad++
    [01/01/2006|23:02] C:\Program Files\OFFICE ONE 7.0
    [01/01/2006|23:01] C:\Program Files\OFFICE One v7
    [26/08/2008|18:23] C:\Program Files\OrangeHSS
    [04/04/2009|16:17] C:\Program Files\Outsim
    [01/01/2006|23:02] C:\Program Files\Packard Bell
    [06/02/2008|21:31] C:\Program Files\Packard Bell Pulse & Pulse FM
    [15/04/2009|21:27] C:\Program Files\Paint.NET
    [10/04/2009|21:41] C:\Program Files\Password maker
    [03/06/2009|21:11] C:\Program Files\Pcsx2
    [18/03/2009|15:31] C:\Program Files\PhotoFiltre
    [24/05/2009|16:23] C:\Program Files\PremiumSoft
    [01/01/2006|22:42] C:\Program Files\Realtek
    [02/11/2006|14:37] C:\Program Files\Reference Assemblies
    [01/01/2006|22:48] C:\Program Files\Roxio
    [28/06/2009|13:14] C:\Program Files\Skype
    [04/04/2009|14:49] C:\Program Files\SLD Codec Pack
    [31/03/2009|13:47] C:\Program Files\Sony
    [31/03/2009|13:39] C:\Program Files\Sony Setup
    [01/08/2009|13:33] C:\Program Files\Spyware Doctor
    [24/05/2009|17:11] C:\Program Files\SQLyog Community
    [23/07/2009|00:19] C:\Program Files\StuffPlug3
    [27/06/2009|21:34] C:\Program Files\SupraASCIIArt
    [27/07/2009|15:15] C:\Program Files\Symantec
    [29/07/2009|19:51] C:\Program Files\SystemRequirementsLab
    [21/12/2008|00:32] C:\Program Files\Teamspeak2_RC2
    [09/05/2009|21:48] C:\Program Files\Teamspeak2_RC22
    [31/07/2009|20:04] C:\Program Files\trend micro
    [22/03/2009|13:45] C:\Program Files\Ulead Systems
    [28/05/2009|12:59] C:\Program Files\VideoLAN
    [01/01/2006|22:45] C:\Program Files\Viewpoint
    [04/04/2009|16:18] C:\Program Files\VstPlugins
    [02/10/2008|07:15] C:\Program Files\Windows Calendar
    [02/01/2006|07:32] C:\Program Files\Windows Collaboration
    [25/01/2008|08:42] C:\Program Files\Windows Defender
    [02/01/2006|07:32] C:\Program Files\Windows Journal
    [04/04/2009|13:38] C:\Program Files\Windows Live
    [21/07/2008|14:12] C:\Program Files\Windows Live Safety Center
    [20/07/2009|12:05] C:\Program Files\Windows Mail
    [12/03/2009|13:05] C:\Program Files\Windows Media Player
    [19/08/2007|19:20] C:\Program Files\Windows NT
    [02/01/2006|07:32] C:\Program Files\Windows Photo Gallery
    [25/01/2008|08:42] C:\Program Files\Windows Sidebar
    [20/06/2008|16:52] C:\Program Files\WinRAR

    --------------------\\ Listing des dossiers dans C:\Program Files\Common Files

    [05/01/2009|18:55] C:\Program Files\Common Files\Adobe
    [13/05/2009|20:49] C:\Program Files\Common Files\Alias Shared
    [20/11/2008|16:00] C:\Program Files\Common Files\aol
    [01/01/2006|22:45] C:\Program Files\Common Files\aolshare
    [13/05/2009|20:31] C:\Program Files\Common Files\Autodesk Shared
    [04/04/2009|15:17] C:\Program Files\Common Files\AVSMedia
    [01/01/2006|22:54] C:\Program Files\Common Files\Ciel
    [07/05/2008|17:02] C:\Program Files\Common Files\Designer
    [14/07/2008|20:01] C:\Program Files\Common Files\DFX
    [15/06/2009|12:45] C:\Program Files\Common Files\DivX Shared
    [27/07/2009|16:30] C:\Program Files\Common Files\DVDVideoSoft
    [24/01/2008|17:20] C:\Program Files\Common Files\France Telecom
    [27/01/2008|22:18] C:\Program Files\Common Files\INCA Shared
    [27/10/2008|09:48] C:\Program Files\Common Files\InstallShield
    [06/07/2008|17:45] C:\Program Files\Common Files\Java
    [13/05/2009|20:50] C:\Program Files\Common Files\Macrovision Shared
    [20/04/2009|16:28] C:\Program Files\Common Files\Merge Modules
    [30/05/2009|21:29] C:\Program Files\Common Files\microsoft shared
    [01/01/2006|22:54] C:\Program Files\Common Files\MSSoap
    [18/06/2009|07:59] C:\Program Files\Common Files\Nero
    [01/01/2006|22:45] C:\Program Files\Common Files\Nullsoft
    [25/07/2009|21:34] C:\Program Files\Common Files\PC Tools
    [17/06/2009|19:16] C:\Program Files\Common Files\Pegasus Imaging
    [15/07/2008|14:39] C:\Program Files\Common Files\PX Storage Engine
    [01/01/2006|22:48] C:\Program Files\Common Files\Roxio Shared
    [02/11/2006|13:18] C:\Program Files\Common Files\Services
    [28/06/2009|13:14] C:\Program Files\Common Files\Skype
    [15/01/2009|12:04] C:\Program Files\Common Files\snp2std
    [01/01/2006|22:48] C:\Program Files\Common Files\Sonic Shared
    [02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
    [01/01/2006|22:48] C:\Program Files\Common Files\SureThing Shared
    [27/07/2009|15:10] C:\Program Files\Common Files\Symantec Shared
    [07/05/2008|17:01] C:\Program Files\Common Files\System
    [13/11/2008|22:28] C:\Program Files\Common Files\Windows Live
    [24/01/2008|17:47] C:\Program Files\Common Files\WindowsLiveInstaller
    [14/03/2008|21:25] C:\Program Files\Common Files\Wise Installation Wizard

    --------------------\\ Process

    ( 83 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE


    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-01 18:38:16
    Windows 6.0.6000 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 220

    --------------------\\ Recherche d'autres infections

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters]
    NameServer REG_SZ 85.255.112.184,85.255.112.75
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters]
    NameServer REG_SZ 85.255.112.184,85.255.112.75
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\Tcpip\Parameters]
    NameServer REG_SZ 85.255.112.184,85.255.112.75
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\Tcpip\Parameters]
    NameServer REG_SZ 85.255.112.184,85.255.112.75
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\Tcpip\Parameters]
    NameServer REG_SZ 85.255.112.184,85.255.112.75
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{7D0D8D89-E526-41E1-B2A1-C9D37C8E8267}]
    NameServer REG_SZ 85.255.112.184,85.255.112.75
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{9A57FA04-365F-4F65-93E2-0641C1FC37FB}]
    NameServer REG_SZ 85.255.112.184,85.255.112.75
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\..\{7D0D8D89-E526-41E1-B2A1-C9D37C8E8267}]
    NameServer REG_SZ 85.255.112.184,85.255.112.75
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\..\{9A57FA04-365F-4F65-93E2-0641C1FC37FB}]
    NameServer REG_SZ 85.255.112.184,85.255.112.75
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\..\{7D0D8D89-E526-41E1-B2A1-C9D37C8E8267}]
    NameServer REG_SZ 85.255.112.184,85.255.112.75
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\..\{9A57FA04-365F-4F65-93E2-0641C1FC37FB}]
    NameServer REG_SZ 85.255.112.184,85.255.112.75
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\..\{7D0D8D89-E526-41E1-B2A1-C9D37C8E8267}]
    NameServer REG_SZ 85.255.112.184,85.255.112.75
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\..\{9A57FA04-365F-4F65-93E2-0641C1FC37FB}]
    NameServer REG_SZ 85.255.112.184,85.255.112.75
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\..\{7D0D8D89-E526-41E1-B2A1-C9D37C8E8267}]
    NameServer REG_SZ 85.255.112.184,85.255.112.75
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\..\{9A57FA04-365F-4F65-93E2-0641C1FC37FB}]
    NameServer REG_SZ 85.255.112.184,85.255.112.75
    ==> WAREOUT <==

    --------------------\\ Cracks & Keygens ..

    C:\Users\khalida\Desktop\Ad-aware\jawed\Documents\FlyFF Fantasy\Client\Sound\PcSkillD-Burstcrack.wav
    C:\Users\khalida\Desktop\Ad-aware\jawed\Documents\GTA San andreas\data\Decision\Craig\crack1.ped
    C:\Users\khalida\Desktop\Ad-aware\jawed\Documents\OsaFlyff\osaflyff compiled\db\npcdata\EN\[English]By CodeCrack.txt
    C:\Users\khalida\Desktop\Ad-aware\jawed\Documents\Serveur\Client jeux\SFX\sfx_sklassknuburstcrack01.sfx
    C:\Users\khalida\Desktop\Ad-aware\jawed\Documents\Serveur\Client jeux\Sound\PcSkillD-Burstcrack.wav
    C:\Users\khalida\Desktop\Ad-aware\jawed\Documents\Serveur\JEUX V11\SFX\sfx_sklassknuburstcrack01.sfx
    C:\Users\khalida\Desktop\Ad-aware\jawed\Documents\Serveur\JEUX V11\Sound\PcSkillD-Burstcrack.wav
    C:\Users\khalida\Desktop\Ad-aware\jawed\Music\Eminem Feat Dr. Dre & 50 Cent - Crack A Bottle.mp3
    C:\Users\khalida\Documents\LimeWire\Incomplete\T-239903-flyff charmood [+ crack and keymaker by CORE].zip



    [F:24][D:4]-> C:\Users\khalida\AppData\Local\Temp
    [F:23][D:1]-> C:\Users\khalida\AppData\Roaming\MICROS~1\Windows\Cookies
    [F:413][D:4]-> C:\Users\khalida\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
    [F:7][D:1]-> C:\$Recycle.Bin

    1 - "C:\Lop SD\LopR_1.txt" - 01/08/2009|18:24 - Option : [1]
    2 - "C:\Lop SD\LopR_2.txt" - 01/08/2009|18:43 - Option : [1]

    --------------------\\ Fin du rapport a 18:43:31
    [ UAC => 1 ]

    a c 296 8 Sécurité
    a b 9 Windows
    1 Août 2009 19:24:24

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher. L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    1 Août 2009 20:17:21

    Rapornt MBAM :

    Malwarebytes' Anti-Malware 1.39
    Version de la base de données: 2541
    Windows 6.0.6000

    01/08/2009 19:42:09
    mbam-log-2009-08-01 (19-42-09).txt

    Type de recherche: Examen rapide
    Eléments examinés: 98406
    Temps écoulé: 11 minute(s), 16 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 5
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 7
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 2

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\jxcserdodsunctpc (Adware.SnappyAds) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{60422bd5-70f0-4edf-9aef-3267c4db3770} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{731b8592-4001-46d4-b1a5-33ec792b4501} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{731b8682-4001-46d4-b1a5-33ec792b4501} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.Search) -> Bad: (http://www.iesearch.com/) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.184,85.255.112.75 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7d0d8d89-e526-41e1-b2a1-c9d37c8e8267}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.184,85.255.112.75 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{9a57fa04-365f-4f65-93e2-0641c1fc37fb}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.184,85.255.112.75 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.184,85.255.112.75 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{7d0d8d89-e526-41e1-b2a1-c9d37c8e8267}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.184,85.255.112.75 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{9a57fa04-365f-4f65-93e2-0641c1fc37fb}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.184,85.255.112.75 -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    c:\Windows\System32\jxcserdodsunctpc.exe (Adware.SnappyAds) -> Quarantined and deleted successfully.
    c:\Windows\System32\mpeg2dmx.ax (Backdoor.Bot) -> Quarantined and deleted successfully.
    a c 296 8 Sécurité
    a b 9 Windows
    1 Août 2009 20:46:11

  • Relance MBAM, va dans Quarantaine et supprime tout.

  • Télécharge Ad-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

    /!\ Déconnecte-toi et ferme toutes applications en cours /!\

  • Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
  • Double-clique sur le raccourci d'Ad-Remover situé sur ton Bureau pour le lancer.
    (Sous Vista, il faut cliquer droit sur le raccourci d'Ad-Remover et choisir Exécuter en tant qu'administrateur)
  • Choisis la langue F pour français.
  • Au menu principal, choisis l'option S.

    /!\ Laisse travailler l'outil /!\

  • Poste le rapport qui apparaît à la fin (C:\Ad-Report-SCAN.log).

    (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

    Note : "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
    1 Août 2009 22:21:12

    Voila le log :

    .
    ======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
    .
    Mit à jour par C_XX le 24/06/2009 à 7:10 PM
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 21:17:37, 01/08/2009 | Mode Normal | Option: SCAN
    Exécuté de: C:\Program Files\Ad-remover\
    Système d'exploitation: Microsoft® Windows Vista™ Home Premium v6.0.6000
    Nom du PC: PC-DE-KHALIDA | Utilisateur actuel: khalida
    .
    Administrateur: Administrateur *Desactive*
    N'est pas administrateur: Invité *Desactive*
    Administrateur: khalida
    N'est pas administrateur: Zazou
    .
    ============== ÉLÉMENT(S) TROUVÉ(S) ==============
    .
    .
    HKCR\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
    HKCR\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    HKCR\AppID\EoRezoBHO.DLL
    HKCR\AppID\GenericAskToolbar.DLL
    HKCU\Software\EoRezo
    HKLM\Software\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
    HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    HKLM\Software\Classes\AppID\EoRezoBHO.DLL
    HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
    HKU\S-1-5-21-1331331636-2896911738-3615633392-1002\Software\Eorezo
    HKCU\Software\AppDataLow\software\{DE8B472B-C309-78B2-0454-9AEFE6405299}
    a c 296 8 Sécurité
    a b 9 Windows
    1 Août 2009 22:26:58

    Le rapport est incomplet.
    1 Août 2009 22:27:42

    Ah bon ? Qu'est qui a pu se passer ?
    a c 296 8 Sécurité
    a b 9 Windows
    1 Août 2009 23:02:06

    Je ne sais pas.

    /!\ Déconnecte-toi et ferme toutes applications en cours /!\

  • Double-clique sur le raccourci d'Ad-Remover pour le lancer.
    (Sous Vista, il faut cliquer droit sur le raccourci d'Ad-Remover et choisir Exécuter en tant qu'administrateur)
  • Choisis la langue F pour français.
  • Au menu principal, choisis l'option L et tape sur [Entrée] pour valider.

    /!\ Laisse travailler l'outil et ne touche à rien /!\

  • Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log)

    (CTRL+A pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller)

    Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
    2 Août 2009 16:24:40

    Voila, le Ad-report ^^ ( complet j'espere ) :

    .
    ======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
    .
    Mit à jour par C_XX le 24/06/2009 à 7:10 PM
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 15:16:35, 02/08/2009 | Mode Normal | Option: CLEAN
    Exécuté de: C:\Program Files\Ad-remover\
    Système d'exploitation: Microsoft® Windows Vista™ Home Premium v6.0.6000
    Nom du PC: PC-DE-KHALIDA | Utilisateur actuel: khalida
    .
    Administrateur: Administrateur *Desactive*
    N'est pas administrateur: Invité *Desactive*
    Administrateur: khalida
    N'est pas administrateur: Zazou
    .
    ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
    .
    .
    HKCR\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
    HKCR\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    HKCR\AppID\EoRezoBHO.DLL
    HKCR\AppID\GenericAskToolbar.DLL
    HKCU\Software\EoRezo
    HKCU\Software\AppDataLow\software\{DE8B472B-C309-78B2-0454-9AEFE6405299}
    .
    C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Snappyads Games Collection\Bob and Bill adventures - Wild Hunting.lnk
    C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Snappyads Games Collection\Lines.lnk
    C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Snappyads Games Collection\Video Pool.lnk
    C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Snappyads Games Collection
    C:\Users\khalida\AppData\Roaming\Mozilla\Firefox\Profiles\4619tljs.default\searchplugins\Yoog Search.xml
    C:\Users\Zazou\AppData\Roaming\Eorezo\ConfMedia.cyp
    C:\Users\Zazou\AppData\Roaming\Eorezo\db
    C:\Users\Zazou\AppData\Roaming\Eorezo\eoDesktop
    C:\Users\Zazou\AppData\Roaming\Eorezo\eoStats
    C:\Users\Zazou\AppData\Roaming\Eorezo\host.cyp
    C:\Users\Zazou\AppData\Roaming\Eorezo\user.cyp
    C:\Users\Zazou\AppData\Roaming\Eorezo\eoDesktop\config.xml
    C:\Users\Zazou\AppData\Roaming\Eorezo\eoDesktop\eoDesktop.html
    C:\Users\Zazou\AppData\Roaming\Eorezo\eoDesktop\userConfig.xml
    C:\Users\Zazou\AppData\Roaming\Eorezo\eoStats\eoStats.txt
    C:\Users\Zazou\AppData\Roaming\Eorezo
    C:\Windows\Prefetch\SOFTWAREUPDATEHP.EXE-F5655960.pf
    C:\Users\khalida\AppData\Roaming\MICROS~1\Windows\Cookies\khalida@eorezo[1].txt
    C:\Users\jawed\AppData\Roaming\Microsoft\Windows\Cookies\jawed@ads.eorezo[2].txt
    C:\Users\jawed\AppData\Roaming\Microsoft\Windows\Cookies\jawed@dl.eorezo[2].txt
    C:\Users\jawed\AppData\Roaming\Microsoft\Windows\Cookies\jawed@eorezo[2].txt
    C:\Users\jawed\AppData\Roaming\Microsoft\Windows\Cookies\Low\jawed@eorezo[2].txt
    C:\Users\jawed\AppData\Roaming\Microsoft\Windows\Cookies\jawed@zwinky[2].txt
    C:\Users\Zazou\AppData\Roaming\Microsoft\Windows\Cookies\zazou@fcg.casino770[2].txt
    C:\Users\Zazou\AppData\Roaming\Microsoft\Windows\Cookies\zazou@www.casino770[2].txt
    C:\Users\Zazou\AppData\Roaming\Microsoft\Windows\Cookies\zazou@ads.eorezo[1].txt
    C:\Users\Zazou\AppData\Roaming\Microsoft\Windows\Cookies\zazou@eorezo[1].txt
    C:\Users\Zazou\AppData\Roaming\Microsoft\Windows\Cookies\Low\zazou@eorezo[1].txt

    (!) -- Fichiers temporaires supprimés.

    .
    ============== Scan additionnel ==============
    .

    * Mozilla FireFox Version 3.0.12 *

    Nom du profil: 4619tljs.default (khalida)
    .
    (Prefs.js) user_pref("browser.search.defaultenginename", "Yoog Search");
    (Prefs.js) user_pref("browser.search.selectedEngine", "Google");
    (Prefs.js) user_pref("browser.search.defaulturl", "hxxp://www15.yoog.com/search.php?q=");
    (Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.plusnetwork.com");
    (Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.12");
    (User.js) user_pref("browser.search.defaultenginename", "Yoog Search");
    (User.js) user_pref("browser.search.selectedEngine", "Yoog Search");
    (User.js) user_pref("browser.search.defaulturl", "hxxp://www15.yoog.com/search.php?q=");
    .
    (prefs.js) EFFACÉ: user_pref("browser.search.defaultenginename", "Yoog Search");
    (prefs.js) EFFACÉ: user_pref("browser.search.defaulturl", "hxxp://www15.yoog.com/search.php?q=");
    (prefs.js) EFFACÉ: user_pref("keyword.URL", "hxxp://www15.yoog.com/search.php?q=");
    (user.js) EFFACÉ: user_pref("browser.search.defaultenginename", "Yoog Search");
    (user.js) EFFACÉ: user_pref("browser.search.defaulturl", "hxxp://www15.yoog.com/search.php?q=");
    (user.js) EFFACÉ: user_pref("browser.search.selectedEngine", "Yoog Search");
    (user.js) EFFACÉ: user_pref("keyword.URL", "hxxp://www15.yoog.com/search.php?q=");
    .

    * Internet Explorer Version 7.0.6000.16851 *

    [HKEY_CURRENT_USER\..\Internet Explorer\Main]

    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...

    [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search bar: hxxp://search.msn.com/spbasic.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://fr.msn.com/

    [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

    Tabs: res://ieframe.dll/tabswelcome.htm
    a c 296 8 Sécurité
    a b 9 Windows
    2 Août 2009 16:29:27

  • Désinstalle Ad-Remover, Java 6 Update 6 et Java 6 Update 7.

  • Mets à jour Java.

  • Mets à jour Adobe Reader.

  • Refais un scan RSIT et poste le rapport log.
    2 Août 2009 17:32:30

    Voila le scan RSIT de "1 month" :

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by khalida at 2009-08-02 17:29:02
    Microsoft® Windows Vista™ Édition Familiale Premium
    System drive C: has 115 GB (50%) free of 230 GB
    Total RAM: 1022 MB (26% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:29:35, on 02/08/2009
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16851)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
    C:\Windows\vsnp2std.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\Users\khalida\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\OrangeHSS\Launcher\Launcher.exe
    C:\Users\khalida\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
    C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
    C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
    C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\1\FTCOMModule.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
    C:\Users\khalida\Desktop\RSIT.exe
    C:\Program Files\trend micro\khalida.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
    O2 - BHO: VirtualCamera IEMenu Class - {0246A1A7-820A-469A-85A7-7B7F01EB808C} - C:\Program Files\VirtualCamera\VirtualCameraMenu.dll (file missing)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
    O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
    O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (file missing)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - Startup: Outil de notification Live Search.lnk = C:\Users\khalida\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
    O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: Voir les cookies - C:\Windows\web\showcookies.htm
    O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O13 - Gopher Prefix:
    O15 - Trusted Zone: http://www.orange.fr
    O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 85.255.112.184,85.255.112.75
    O17 - HKLM\System\CS6\Services\Tcpip\Parameters: NameServer = 85.255.112.184,85.255.112.75
    O17 - HKLM\System\CS7\Services\Tcpip\Parameters: NameServer = 85.255.112.184,85.255.112.75
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    O23 - Service: CameraServer - Unknown owner - C:\FlyCam\CameraServer.exe (file missing)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: COM Host (comHost) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Unknown owner - C:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (file missing)
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
    O23 - Service: Symantec AppCore Service (SymAppCore) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (file missing)
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.32\bin\mysqld.exe

    --
    End of file - 11560 bytes

    ======Scheduled tasks folder======

    C:\Windows\tasks\Extension de garantie.job
    C:\Windows\tasks\Norton Security Scan.job
    C:\Windows\tasks\NSSstub.job
    C:\Windows\tasks\Recovery DVD Creator.job
    C:\Windows\tasks\Uniblue SpeedUpMyPC Nag.job
    C:\Windows\tasks\Uniblue SpeedUpMyPC.job
    C:\Windows\tasks\User_Feed_Synchronization-{3B04291C-74BF-4CD2-A0FF-5135F350E890}.job
    C:\Windows\tasks\User_Feed_Synchronization-{E3AAEEFA-0C41-428C-82DE-EFE16196CFF2}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0246A1A7-820A-469A-85A7-7B7F01EB808C}]
    VirtualCamera IEMenu Class - C:\Program Files\VirtualCamera\VirtualCameraMenu.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
    Windows Live OneCare Family Safety Browser Helper Class - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll [2007-12-17 56360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
    IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll [2009-05-25 68112]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2009-02-06 73072]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
    Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-02 259696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-24 669168]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
    IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2008-06-23 110592]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
    Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-06-02 470512]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-02 41368]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
    FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll [2009-05-25 264720]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll []
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-02 259696]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-25 1006264]
    "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-11-09 3784704]
    "RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2006-11-20 228088]
    "ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2005-08-11 249856]
    "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
    "SystrayORAHSS"=C:\Program Files\OrangeHSS\Systray\SystrayApp.exe [2007-09-25 94208]
    "ORAHSSSessionManager"=C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe [2007-09-25 102400]
    "NvSvc"=C:\Windows\system32\nvsvc.dll [2007-09-12 86016]
    "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-09-12 8497696]
    "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-09-12 81920]
    "snp2std"=C:\Windows\vsnp2std.exe [2007-09-28 344064]
    "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
    "avp"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-05-25 303376]
    "MSConfig"=C:\Windows\system32\msconfig.exe [2006-11-02 222208]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-02 148888]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-25 1232896]
    "SmpcSys"=C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe [2006-10-23 1092152]
    "ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11 249856]
    "msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
    "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
    "Uniblue SpeedUpMyPC"= []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
    C:\Program Files\Common Files\AOL\1136148254\ee\AOLSoftware.exe [2006-11-14 50736]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
    C:\Program Files\Spyware Doctor\pctsTray.exe [2008-12-08 1173384]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
    C:\Windows\tsnp2std.exe [2007-05-10 270336]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UniblueSpeedUpMyPC]
    C:\Program Files\Uniblue\SpeedUpMyPC\Launcher.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
    C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [2000-01-21 65588]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OFFICE One Startup v7.lnk]
    C:\PROGRA~1\OFFICE~1\OF2AAE~1\OOSTAR~1.EXE [2006-12-01 713728]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    Contrôleur de calendrier Ulead.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe

    C:\Users\khalida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    Outil de notification Live Search.lnk - C:\Users\khalida\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    C:\Windows\system32\klogon.dll [2009-05-25 219664]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    ======File associations======

    .bat - edit - %SystemRoot%\System32\NOTEPAD.EXE %1"
    .ini - open - %SystemRoot%\System32\NOTEPAD.EXE %1"
    .scr - config -

    ======List of files/folders created in the last 1 months======

    2009-08-02 17:16:35 ----D---- C:\Program Files\Common Files\Adobe
    2009-08-02 17:16:35 ----D---- C:\Program Files\Adobe
    2009-08-02 17:15:12 ----SHD---- C:\Config.Msi
    2009-08-02 17:09:24 ----A---- C:\Windows\system32\javaws.exe
    2009-08-02 17:09:23 ----A---- C:\Windows\system32\javaw.exe
    2009-08-02 17:09:23 ----A---- C:\Windows\system32\java.exe
    2009-08-02 17:08:10 ----D---- C:\Program Files\Java
    2009-08-02 15:14:50 ----D---- C:\Windows\pss
    2009-08-02 13:34:20 ----AD---- C:\Users\khalida\AppData\Roaming\uniblue
    2009-08-02 13:32:00 ----AHDC---- C:\ProgramData\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
    2009-08-01 21:16:52 ----AD---- C:\Program Files\Ad-remover
    2009-08-01 19:28:48 ----AD---- C:\Users\khalida\AppData\Roaming\Malwarebytes
    2009-08-01 19:28:23 ----AD---- C:\ProgramData\Malwarebytes
    2009-08-01 18:37:41 ----A---- C:\lopR.txt
    2009-08-01 18:16:31 ----AD---- C:\Lop SD
    2009-08-01 03:11:59 ----A---- C:\ComboFix.txt
    2009-08-01 02:32:19 ----SHD---- C:\$RECYCLE.BIN
    2009-08-01 02:24:00 ----D---- C:\Windows\temp
    2009-08-01 01:42:46 ----AD---- C:\32788R22FWJFW
    2009-07-31 17:54:02 ----SD---- C:\IDN
    2009-07-31 17:49:02 ----A---- C:\Windows\NIRCMD.exe
    2009-07-31 17:49:01 ----A---- C:\Windows\zip.exe
    2009-07-31 17:49:01 ----A---- C:\Windows\SWXCACLS.exe
    2009-07-31 17:49:01 ----A---- C:\Windows\SWSC.exe
    2009-07-31 17:49:01 ----A---- C:\Windows\SWREG.exe
    2009-07-31 17:49:01 ----A---- C:\Windows\sed.exe
    2009-07-31 17:49:01 ----A---- C:\Windows\PEV.exe
    2009-07-31 17:49:01 ----A---- C:\Windows\grep.exe
    2009-07-31 17:48:47 ----D---- C:\Windows\ERDNT
    2009-07-31 17:46:46 ----D---- C:\Qoobox
    2009-07-31 17:03:11 ----D---- C:\Program Files\trend micro
    2009-07-31 17:03:09 ----D---- C:\rsit
    2009-07-29 19:50:51 ----AD---- C:\Program Files\SystemRequirementsLab
    2009-07-29 19:50:39 ----AD---- C:\Users\khalida\AppData\Roaming\SystemRequirementsLab
    2009-07-29 19:47:42 ----AD---- C:\ProgramData\ma-config.com
    2009-07-29 19:47:42 ----AD---- C:\Program Files\ma-config.com
    2009-07-27 15:21:55 ----AD---- C:\ProgramData\Kaspersky Lab
    2009-07-27 15:21:55 ----AD---- C:\Program Files\Kaspersky Lab
    2009-07-27 14:52:33 ----AD---- C:\ProgramData\Kaspersky Lab Setup Files
    2009-07-25 21:32:17 ----AD---- C:\Program Files\Common Files\PC Tools
    2009-07-25 21:32:09 ----AD---- C:\Users\khalida\AppData\Roaming\PC Tools
    2009-07-25 21:32:09 ----AD---- C:\ProgramData\PC Tools
    2009-07-25 21:32:09 ----AD---- C:\Program Files\Spyware Doctor
    2009-07-24 15:24:28 ----AD---- C:\ProgramData\Avira
    2009-07-24 10:16:10 ----D---- C:\Users\khalida\AppData\Roaming\Nero
    2009-07-23 01:26:37 ----A---- C:\Windows\system32\pncrt.dll
    2009-07-23 01:25:23 ----AD---- C:\Program Files\FreeTime
    2009-07-18 17:07:12 ----A---- C:\Windows\system32\NCTVideoFile.dll
    2009-07-18 17:07:12 ----A---- C:\Windows\system32\NCTVideoCompress.dll
    2009-07-18 17:07:12 ----A---- C:\Windows\system32\NCTQuickTimeFile.dll
    2009-07-18 17:07:12 ----A---- C:\Windows\system32\mcdvd_32.dll
    2009-07-18 17:07:11 ----A---- C:\Windows\system32\NCTWMVFile.dll
    2009-07-18 17:07:11 ----A---- C:\Windows\system32\NCTVideoCoreU.dll
    2009-07-18 17:07:11 ----A---- C:\Windows\system32\NCTVideoCoreM.dll
    2009-07-18 17:07:11 ----A---- C:\Windows\system32\NCTRMFile.dll
    2009-07-18 17:07:11 ----A---- C:\Windows\system32\NCTAVIFile.dll
    2009-07-18 17:07:11 ----A---- C:\Windows\system32\NCTAudioFile2.dll
    2009-07-18 17:07:10 ----A---- C:\Windows\system32\NCTAudioCompress3.dll
    2009-07-18 17:07:10 ----A---- C:\Windows\system32\NCTAudioCompress2.dll
    2009-07-18 17:07:10 ----A---- C:\Windows\system32\lame_enc.dll
    2009-07-18 13:24:36 ----AD---- C:\Users\khalida\AppData\Roaming\Red Kawa
    2009-07-15 09:26:06 ----A---- C:\Windows\system32\t2embed.dll
    2009-07-15 09:26:06 ----A---- C:\Windows\system32\fontsub.dll
    2009-07-15 09:26:05 ----A---- C:\Windows\system32\lpk.dll
    2009-07-15 09:26:05 ----A---- C:\Windows\system32\dciman32.dll
    2009-07-15 09:26:05 ----A---- C:\Windows\system32\atmlib.dll
    2009-07-15 09:26:05 ----A---- C:\Windows\system32\atmfd.dll
    2009-07-14 13:15:24 ----AD---- C:\Users\khalida\AppData\Roaming\dvdcss
    2009-07-14 11:50:43 ----AD---- C:\Users\khalida\AppData\Roaming\vlc
    2009-07-04 11:41:59 ----AD---- C:\Users\khalida\AppData\Roaming\MessengerDiscovery 2

    ======List of files/folders modified in the last 1 months======

    2009-08-02 17:18:23 ----SHD---- C:\Windows\Installer
    2009-08-02 17:18:14 ----D---- C:\ProgramData\Adobe
    2009-08-02 17:16:35 ----D---- C:\Program Files\Common Files
    2009-08-02 17:16:35 ----D---- C:\Program Files
    2009-08-02 17:13:41 ----D---- C:\Windows\System32
    2009-08-02 17:13:24 ----SHD---- C:\System Volume Information
    2009-08-02 17:08:18 ----A---- C:\Windows\system32\deploytk.dll
    2009-08-02 17:08:03 ----D---- C:\Windows\system32\catroot2
    2009-08-02 16:28:48 ----D---- C:\Windows\system32\drivers
    2009-08-02 16:17:39 ----D---- C:\Windows\Prefetch
    2009-08-02 15:14:50 ----D---- C:\Windows
    2009-08-02 14:49:40 ----AD---- C:\ProgramData\TEMP
    2009-08-02 14:10:47 ----D---- C:\Windows\Tasks
    2009-08-02 14:10:47 ----D---- C:\Windows\system32\Tasks
    2009-08-02 13:32:00 ----D---- C:\ProgramData
    2009-08-01 12:06:13 ----AD---- C:\Program Files\Mozilla Firefox
    2009-08-01 06:00:53 ----D---- C:\Windows\system32\fr-FR
    2009-08-01 02:33:11 ----A---- C:\Windows\system.ini
    2009-08-01 02:11:05 ----D---- C:\Windows\AppPatch
    2009-07-31 20:37:04 ----D---- C:\Windows\system32\catroot
    2009-07-31 20:36:43 ----D---- C:\Windows\winsxs
    2009-07-31 18:46:17 ----SHD---- C:\boot
    2009-07-31 18:46:17 ----D---- C:\Windows\system32\config
    2009-07-30 23:32:16 ----D---- C:\Windows\Minidump
    2009-07-29 19:58:02 ----D---- C:\Windows\inf
    2009-07-29 19:58:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2009-07-29 18:18:39 ----A---- C:\Windows\ntbtlog.txt
    2009-07-27 16:30:46 ----AD---- C:\Program Files\Common Files\DVDVideoSoft
    2009-07-27 16:30:28 ----AD---- C:\Program Files\DVDVideoSoft
    2009-07-27 15:15:25 ----D---- C:\Program Files\Symantec
    2009-07-27 15:11:09 ----D---- C:\Program Files\Norton Internet Security
    2009-07-27 15:10:17 ----D---- C:\Program Files\Common Files\Symantec Shared
    2009-07-27 15:08:35 ----D---- C:\ProgramData\Symantec
    2009-07-27 13:31:29 ----D---- C:\Windows\system32\Macromed
    2009-07-24 15:45:41 ----D---- C:\Program Files\Avira
    2009-07-24 12:51:54 ----AD---- C:\Windows\system32\Adobe
    2009-07-24 11:18:54 ----HD---- C:\Windows\system32\GroupPolicyUsers
    2009-07-24 11:06:07 ----AD---- C:\Program Files\MessengerDiscovery 2
    2009-07-24 10:21:26 ----D---- C:\Program Files\Image-Line
    2009-07-23 23:06:42 ----D---- C:\Program Files\DNA
    2009-07-23 01:50:25 ----A---- C:\Windows\win.ini
    2009-07-23 01:40:54 ----D---- C:\Program Files\Avidemux 2.4
    2009-07-23 00:19:48 ----AD---- C:\Program Files\StuffPlug3
    2009-07-20 12:05:18 ----D---- C:\Program Files\Windows Mail
    2009-07-19 13:45:24 ----AD---- C:\Program Files\CamStudio
    2009-07-15 13:28:22 ----AD---- C:\Program Files\AviSynth 2.5
    2009-07-13 12:13:16 ----D---- C:\Program Files\Messenger Plus! Live
    2009-07-07 17:10:56 ----A---- C:\Windows\system32\mrt.exe
    2009-07-05 10:49:06 ----D---- C:\Users\khalida\AppData\Roaming\LimeWire

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
    R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
    R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080508.002\IDSvix86.sys [2008-02-13 261680]
    R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2009-08-01 128016]
    R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2009-08-01 280592]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2009-05-15 21008]
    R1 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-12-01 279088]
    R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-12-01 43696]
    R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
    R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2008-10-03 187952]
    R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
    R2 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2007-10-17 43816]
    R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\fetnd6v.sys [2008-12-04 43520]
    R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-04-11 25280]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-11-08 1647976]
    R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2009-05-16 19472]
    R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080509.004\NAVENG.SYS [2008-04-17 82256]
    R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080509.004\NAVEX15.SYS [2008-04-17 895408]
    R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-09-12 7623968]
    R3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys [2006-11-28 27072]
    R3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\Windows\system32\DRIVERS\snp2sxp.sys [2007-09-05 12212864]
    R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-01-06 124464]
    R3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2006-11-01 33588]
    R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
    S2 FLYCAM;FlyCam, WDM Video Capture; C:\Windows\system32\DRIVERS\flycam.sys [2006-01-12 705408]
    S2 VirtualCam;VirtualCamera; C:\Windows\system32\DRIVERS\VirtualCam.sys [2007-02-21 192512]
    S3 catchme;catchme; \??\C:\Users\khalida\AppData\Local\Temp\catchme.sys []
    S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder PSP Edition\SysInfo.sys []
    S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2009-05-29 14336]
    S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
    S3 FETNDIS;Service de pilote de carte VIA famille Rhine 10/100Mo Fast Ethernet; C:\Windows\system32\DRIVERS\fetnd5.sys [2006-11-02 45568]
    S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\Windows\system32\DRIVERS\ManyCam.sys []
    S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
    S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
    S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
    S3 PCAMp50;PCAMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCAMp50.sys [2006-11-28 28224]
    S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
    S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-12-01 317616]
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
    S3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2008-10-03 12848]
    S3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2008-10-03 146096]
    S3 SYMIDS;SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [2008-10-03 39984]
    S3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2008-10-03 37936]
    S3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2008-10-03 27696]
    S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
    S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
    R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-05-11 185089]
    R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-05-25 303376]
    R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe [2007-09-25 65536]
    R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
    S2 CameraServer;CameraServer; C:\FlyCam\CameraServer.exe []
    S2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
    S2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
    S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
    S2 fsssvc;Windows Live OneCare Contrôle parental; C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe [2007-12-17 523816]
    S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
    S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe /m C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll []
    S2 SQLWriter;Enregistreur VSS SQL Server; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
    S2 SymAppCore;Symantec AppCore Service; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe []
    S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe []
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-05-13 651720]
    S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-02 182768]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
    S3 ISPwdSvc;Validation de mot de passe Symantec IS; C:\Program Files\Norton Internet Security\isPwdSvc.exe []
    S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-05-29 234864]
    S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2009-03-19 2739229]
    S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
    S3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe []
    S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2006-11-02 22016]
    S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe [2008-12-10 24636]
    S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.1.32\bin\mysqld.exe [2009-02-15 6558336]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S4 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-03-14 607576]
    S4 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
    S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-12-05 935208]
    S4 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-20 887544]
    S4 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-20 166648]
    S4 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
    S4 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560]

    -----------------EOF-----------------
    a c 296 8 Sécurité
    a b 9 Windows
    2 Août 2009 17:43:17

  • Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) sur ton Bureau.

  • Clique droit sur SmitfraudFix.exe et choisis Exécuter en tant qu'administrateur.

  • Choisis l'option 5 puis Entrée.

  • Réponds Oui et poste le rapport.
    6 Août 2009 14:44:15

    Voila le rapport :

    SmitFraudFix v2.423

    Scan done at 14:41:31,87, 06/08/2009
    Run from C:\Users\khalida\Downloads\SmitfraudFix
    OS: Microsoft Windows [version 6.0.6000] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix

    Description: VIA Rhine II Fast Ethernet Adapter
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{9A57FA04-365F-4F65-93E2-0641C1FC37FB}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{9A57FA04-365F-4F65-93E2-0641C1FC37FB}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{9A57FA04-365F-4F65-93E2-0641C1FC37FB}: DhcpNameServer=192.168.1.1

    »»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix

    Description: VIA Rhine II Fast Ethernet Adapter
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{9A57FA04-365F-4F65-93E2-0641C1FC37FB}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{9A57FA04-365F-4F65-93E2-0641C1FC37FB}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{9A57FA04-365F-4F65-93E2-0641C1FC37FB}: DhcpNameServer=192.168.1.1

    a c 296 8 Sécurité
    a b 9 Windows
    6 Août 2009 14:55:03

  • Supprime SmitfraudFix.

  • Supprime les traces de Norton avec ceci.

  • Refais un scan RSIT et poste le rapport log.
    6 Août 2009 15:45:47

    J'ai supprimer les trace de Norton et voila le log RSIT :

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by khalida at 2009-08-06 15:41:29
    Microsoft® Windows Vista™ Édition Familiale Premium
    System drive C: has 117 GB (51%) free of 230 GB
    Total RAM: 1022 MB (16% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:42:04, on 06/08/2009
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16890)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\vsnp2std.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Users\khalida\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\mobsync.exe
    C:\Users\khalida\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\OrangeHSS\Launcher\Launcher.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
    C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
    C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\1\FTCOMModule.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\VideoLAN\VLC\vlc.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\khalida\Desktop\RSIT.exe
    C:\Program Files\trend micro\khalida.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: VirtualCamera IEMenu Class - {0246A1A7-820A-469A-85A7-7B7F01EB808C} - C:\Program Files\VirtualCamera\VirtualCameraMenu.dll (file missing)
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
    O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
    O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (file missing)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - Startup: Outil de notification Live Search.lnk = C:\Users\khalida\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
    O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: Voir les cookies - C:\Windows\web\showcookies.htm
    O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O13 - Gopher Prefix:
    O15 - Trusted Zone: http://www.orange.fr
    O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 85.255.112.184,85.255.112.75
    O17 - HKLM\System\CS6\Services\Tcpip\Parameters: NameServer = 85.255.112.184,85.255.112.75
    O17 - HKLM\System\CS7\Services\Tcpip\Parameters: NameServer = 85.255.112.184,85.255.112.75
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    O23 - Service: CameraServer - Unknown owner - C:\FlyCam\CameraServer.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.32\bin\mysqld.exe

    --
    End of file - 11575 bytes

    ======Scheduled tasks folder======

    C:\Windows\tasks\Extension de garantie.job
    C:\Windows\tasks\Norton Security Scan.job
    C:\Windows\tasks\NSSstub.job
    C:\Windows\tasks\Recovery DVD Creator.job
    C:\Windows\tasks\Uniblue SpeedUpMyPC Nag.job
    C:\Windows\tasks\Uniblue SpeedUpMyPC.job
    C:\Windows\tasks\User_Feed_Synchronization-{3B04291C-74BF-4CD2-A0FF-5135F350E890}.job
    C:\Windows\tasks\User_Feed_Synchronization-{E3AAEEFA-0C41-428C-82DE-EFE16196CFF2}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0246A1A7-820A-469A-85A7-7B7F01EB808C}]
    VirtualCamera IEMenu Class - C:\Program Files\VirtualCamera\VirtualCameraMenu.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    &Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
    Windows Live OneCare Family Safety Browser Helper Class - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll [2007-12-17 56360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
    IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll [2009-05-25 68112]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2009-02-06 73072]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
    Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-02 259696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-24 669168]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
    IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2008-06-23 110592]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
    Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-06-02 470512]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-02 41368]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
    FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll [2009-05-25 264720]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
    HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll []
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-02 259696]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-25 1006264]
    "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-11-09 3784704]
    "RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2006-11-20 228088]
    "ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2005-08-11 249856]
    "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
    "SystrayORAHSS"=C:\Program Files\OrangeHSS\Systray\SystrayApp.exe [2007-09-25 94208]
    "ORAHSSSessionManager"=C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe [2007-09-25 102400]
    "NvSvc"=C:\Windows\system32\nvsvc.dll [2007-09-12 86016]
    "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-09-12 8497696]
    "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-09-12 81920]
    "snp2std"=C:\Windows\vsnp2std.exe [2007-09-28 344064]
    "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
    "avp"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-05-25 303376]
    "MSConfig"=C:\Windows\system32\msconfig.exe [2006-11-02 222208]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-02 148888]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
    "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
    "hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-08-20 150016]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-25 1232896]
    "SmpcSys"=C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe [2006-10-23 1092152]
    "ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11 249856]
    "msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
    "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
    "Uniblue SpeedUpMyPC"= []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
    C:\Program Files\Common Files\AOL\1136148254\ee\AOLSoftware.exe [2006-11-14 50736]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
    C:\Program Files\Spyware Doctor\pctsTray.exe [2008-12-08 1173384]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
    C:\Windows\tsnp2std.exe [2007-05-10 270336]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UniblueSpeedUpMyPC]
    C:\Program Files\Uniblue\SpeedUpMyPC\Launcher.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
    C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [2000-01-21 65588]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OFFICE One Startup v7.lnk]
    C:\PROGRA~1\OFFICE~1\OF2AAE~1\OOSTAR~1.EXE [2006-12-01 713728]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    Contrôleur de calendrier Ulead.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Users\khalida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    Outil de notification Live Search.lnk - C:\Users\khalida\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    C:\Windows\system32\klogon.dll [2009-05-25 219664]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96680d6f-4e76-11dc-a49c-806e6f6e6963}]
    shell\AutoRun\command - D:\setup.exe


    ======File associations======

    .bat - edit - %SystemRoot%\System32\NOTEPAD.EXE %1"
    .ini - open - %SystemRoot%\System32\NOTEPAD.EXE %1"
    .scr - config -

    ======List of files/folders created in the last 1 months======

    2009-08-06 14:57:54 ----D---- C:\ProgramData\NortonInstaller
    2009-08-06 14:41:31 ----A---- C:\rapport.txt
    2009-08-06 14:40:19 ----A---- C:\Windows\system32\WS2Fix.exe
    2009-08-06 14:40:19 ----A---- C:\Windows\system32\VACFix.exe
    2009-08-06 14:40:19 ----A---- C:\Windows\system32\o4Patch.exe
    2009-08-06 14:40:19 ----A---- C:\Windows\system32\IEDFix.exe
    2009-08-06 14:40:19 ----A---- C:\Windows\system32\IEDFix.C.exe
    2009-08-06 14:40:19 ----A---- C:\Windows\system32\Agent.OMZ.Fix.exe
    2009-08-06 14:40:19 ----A---- C:\Windows\system32\404Fix.exe
    2009-08-06 14:40:18 ----A---- C:\Windows\system32\VCCLSID.exe
    2009-08-06 14:40:18 ----A---- C:\Windows\system32\swxcacls.exe
    2009-08-06 14:40:18 ----A---- C:\Windows\system32\swsc.exe
    2009-08-06 14:40:18 ----A---- C:\Windows\system32\swreg.exe
    2009-08-06 14:40:18 ----A---- C:\Windows\system32\SrchSTS.exe
    2009-08-06 14:40:18 ----A---- C:\Windows\system32\Process.exe
    2009-08-06 14:40:18 ----A---- C:\Windows\system32\dumphive.exe
    2009-08-03 17:31:53 ----D---- C:\ProgramData\Yahoo! Companion
    2009-08-03 13:53:43 ----D---- C:\ProgramData\WEBREG
    2009-08-03 13:48:12 ----D---- C:\Users\khalida\AppData\Roaming\HP
    2009-08-03 13:45:31 ----D---- C:\ProgramData\Hewlett-Packard
    2009-08-03 13:43:27 ----D---- C:\Users\khalida\AppData\Roaming\Yahoo!
    2009-08-03 13:43:24 ----D---- C:\Program Files\Yahoo!
    2009-08-03 13:38:03 ----D---- C:\ProgramData\HP Product Assistant
    2009-08-03 13:37:25 ----D---- C:\Program Files\Hewlett-Packard
    2009-08-03 13:37:15 ----D---- C:\Program Files\Common Files\Hewlett-Packard
    2009-08-03 13:36:14 ----D---- C:\Program Files\Common Files\HP
    2009-08-03 13:34:54 ----A---- C:\Windows\system32\hpzids01.dll
    2009-08-03 13:34:41 ----A---- C:\Windows\system32\hpzll5mu.dll
    2009-08-03 13:34:01 ----A---- C:\Windows\system32\hppldcoi.dll
    2009-08-03 13:33:59 ----A---- C:\Windows\system32\hpowiax7.dll
    2009-08-03 13:33:56 ----A---- C:\Windows\system32\hpotscl6.dll
    2009-08-03 13:33:51 ----A---- C:\Windows\system32\hpovst15.dll
    2009-08-03 13:31:20 ----D---- C:\Program Files\HP
    2009-08-03 13:31:12 ----HD---- C:\Config.Msi
    2009-08-03 13:25:43 ----D---- C:\ProgramData\HP
    2009-08-02 17:16:35 ----D---- C:\Program Files\Common Files\Adobe
    2009-08-02 17:16:35 ----D---- C:\Program Files\Adobe
    2009-08-02 17:09:24 ----A---- C:\Windows\system32\javaws.exe
    2009-08-02 17:09:23 ----A---- C:\Windows\system32\javaw.exe
    2009-08-02 17:09:23 ----A---- C:\Windows\system32\java.exe
    2009-08-02 17:08:10 ----D---- C:\Program Files\Java
    2009-08-02 15:14:50 ----D---- C:\Windows\pss
    2009-08-02 13:34:20 ----AD---- C:\Users\khalida\AppData\Roaming\uniblue
    2009-08-02 13:32:00 ----AHDC---- C:\ProgramData\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
    2009-08-01 21:16:52 ----AD---- C:\Program Files\Ad-remover
    2009-08-01 19:28:48 ----AD---- C:\Users\khalida\AppData\Roaming\Malwarebytes
    2009-08-01 19:28:23 ----AD---- C:\ProgramData\Malwarebytes
    2009-08-01 18:37:41 ----A---- C:\lopR.txt
    2009-08-01 18:16:31 ----AD---- C:\Lop SD
    2009-08-01 03:11:59 ----A---- C:\ComboFix.txt
    2009-08-01 02:32:19 ----SHD---- C:\$RECYCLE.BIN
    2009-08-01 02:24:00 ----D---- C:\Windows\temp
    2009-08-01 01:42:46 ----AD---- C:\32788R22FWJFW
    2009-07-31 20:43:33 ----A---- C:\Windows\system32\mshtml.dll
    2009-07-31 20:43:22 ----A---- C:\Windows\system32\ieframe.dll
    2009-07-31 20:43:20 ----A---- C:\Windows\system32\mstime.dll
    2009-07-31 20:43:19 ----A---- C:\Windows\system32\ieapfltr.dll
    2009-07-31 20:43:18 ----A---- C:\Windows\system32\urlmon.dll
    2009-07-31 20:43:15 ----A---- C:\Windows\system32\iedkcs32.dll
    2009-07-31 20:43:14 ----A---- C:\Windows\system32\wininet.dll
    2009-07-31 20:43:13 ----A---- C:\Windows\system32\occache.dll
    2009-07-31 20:43:13 ----A---- C:\Windows\system32\msfeeds.dll
    2009-07-31 20:43:13 ----A---- C:\Windows\system32\iertutil.dll
    2009-07-31 20:43:13 ----A---- C:\Windows\system32\dxtmsft.dll
    2009-07-31 20:43:11 ----A---- C:\Windows\system32\ieaksie.dll
    2009-07-31 20:43:10 ----A---- C:\Windows\system32\mshtmled.dll
    2009-07-31 20:43:09 ----A---- C:\Windows\system32\icardie.dll
    2009-07-31 20:43:08 ----A---- C:\Windows\system32\dxtrans.dll
    2009-07-31 20:43:06 ----A---- C:\Windows\system32\ieencode.dll
    2009-07-31 20:43:04 ----A---- C:\Windows\system32\jsproxy.dll
    2009-07-31 20:43:02 ----A---- C:\Windows\system32\advpack.dll
    2009-07-31 20:43:02 ----A---- C:\Windows\system32\admparse.dll
    2009-07-31 20:43:01 ----A---- C:\Windows\system32\ieui.dll
    2009-07-31 20:42:58 ----A---- C:\Windows\system32\iesetup.dll
    2009-07-31 20:42:58 ----A---- C:\Windows\system32\iernonce.dll
    2009-07-31 20:42:57 ----A---- C:\Windows\system32\ieUnatt.exe
    2009-07-31 20:42:57 ----A---- C:\Windows\system32\ie4uinit.exe
    2009-07-31 20:42:56 ----A---- C:\Windows\system32\pngfilt.dll
    2009-07-31 20:42:51 ----A---- C:\Windows\system32\ieakui.dll
    2009-07-31 20:42:49 ----A---- C:\Windows\system32\mshtmler.dll
    2009-07-31 17:54:02 ----SD---- C:\IDN
    2009-07-31 17:49:02 ----A---- C:\Windows\NIRCMD.exe
    2009-07-31 17:49:01 ----A---- C:\Windows\zip.exe
    2009-07-31 17:49:01 ----A---- C:\Windows\SWXCACLS.exe
    2009-07-31 17:49:01 ----A---- C:\Windows\SWSC.exe
    2009-07-31 17:49:01 ----A---- C:\Windows\SWREG.exe
    2009-07-31 17:49:01 ----A---- C:\Windows\sed.exe
    2009-07-31 17:49:01 ----A---- C:\Windows\PEV.exe
    2009-07-31 17:49:01 ----A---- C:\Windows\grep.exe
    2009-07-31 17:48:47 ----D---- C:\Windows\ERDNT
    2009-07-31 17:46:46 ----D---- C:\Qoobox
    2009-07-31 17:03:11 ----D---- C:\Program Files\trend micro
    2009-07-31 17:03:09 ----D---- C:\rsit
    2009-07-29 19:50:51 ----AD---- C:\Program Files\SystemRequirementsLab
    2009-07-29 19:50:39 ----AD---- C:\Users\khalida\AppData\Roaming\SystemRequirementsLab
    2009-07-29 19:47:42 ----AD---- C:\ProgramData\ma-config.com
    2009-07-29 19:47:42 ----AD---- C:\Program Files\ma-config.com
    2009-07-27 15:21:55 ----AD---- C:\ProgramData\Kaspersky Lab
    2009-07-27 15:21:55 ----AD---- C:\Program Files\Kaspersky Lab
    2009-07-27 14:52:33 ----AD---- C:\ProgramData\Kaspersky Lab Setup Files
    2009-07-25 21:32:17 ----AD---- C:\Program Files\Common Files\PC Tools
    2009-07-25 21:32:09 ----AD---- C:\Users\khalida\AppData\Roaming\PC Tools
    2009-07-25 21:32:09 ----AD---- C:\ProgramData\PC Tools
    2009-07-25 21:32:09 ----AD---- C:\Program Files\Spyware Doctor
    2009-07-24 15:24:28 ----AD---- C:\ProgramData\Avira
    2009-07-24 10:16:10 ----D---- C:\Users\khalida\AppData\Roaming\Nero
    2009-07-23 01:26:37 ----A---- C:\Windows\system32\pncrt.dll
    2009-07-23 01:25:23 ----AD---- C:\Program Files\FreeTime
    2009-07-18 17:07:12 ----A---- C:\Windows\system32\NCTVideoFile.dll
    2009-07-18 17:07:12 ----A---- C:\Windows\system32\NCTVideoCompress.dll
    2009-07-18 17:07:12 ----A---- C:\Windows\system32\NCTQuickTimeFile.dll
    2009-07-18 17:07:12 ----A---- C:\Windows\system32\mcdvd_32.dll
    2009-07-18 17:07:11 ----A---- C:\Windows\system32\NCTWMVFile.dll
    2009-07-18 17:07:11 ----A---- C:\Windows\system32\NCTVideoCoreU.dll
    2009-07-18 17:07:11 ----A---- C:\Windows\system32\NCTVideoCoreM.dll
    2009-07-18 17:07:11 ----A---- C:\Windows\system32\NCTRMFile.dll
    2009-07-18 17:07:11 ----A---- C:\Windows\system32\NCTAVIFile.dll
    2009-07-18 17:07:11 ----A---- C:\Windows\system32\NCTAudioFile2.dll
    2009-07-18 17:07:10 ----A---- C:\Windows\system32\NCTAudioCompress3.dll
    2009-07-18 17:07:10 ----A---- C:\Windows\system32\NCTAudioCompress2.dll
    2009-07-18 17:07:10 ----A---- C:\Windows\system32\lame_enc.dll
    2009-07-18 13:24:36 ----AD---- C:\Users\khalida\AppData\Roaming\Red Kawa
    2009-07-15 09:26:06 ----A---- C:\Windows\system32\t2embed.dll
    2009-07-15 09:26:06 ----A---- C:\Windows\system32\fontsub.dll
    2009-07-15 09:26:05 ----A---- C:\Windows\system32\lpk.dll
    2009-07-15 09:26:05 ----A---- C:\Windows\system32\dciman32.dll
    2009-07-15 09:26:05 ----A---- C:\Windows\system32\atmlib.dll
    2009-07-15 09:26:05 ----A---- C:\Windows\system32\atmfd.dll
    2009-07-14 13:15:24 ----AD---- C:\Users\khalida\AppData\Roaming\dvdcss
    2009-07-14 11:50:43 ----AD---- C:\Users\khalida\AppData\Roaming\vlc

    ======List of files/folders modified in the last 1 months======

    2009-08-06 15:34:15 ----AD---- C:\Program Files\Mozilla Firefox
    2009-08-06 15:18:32 ----D---- C:\Windows\system32\drivers
    2009-08-06 15:18:31 ----D---- C:\ProgramData\Symantec
    2009-08-06 15:14:03 ----SHD---- C:\Windows\Installer
    2009-08-06 14:58:11 ----D---- C:\Program Files
    2009-08-06 14:57:54 ----D---- C:\ProgramData
    2009-08-06 14:40:19 ----D---- C:\Windows\System32
    2009-08-04 09:15:52 ----SHD---- C:\System Volume Information
    2009-08-03 17:20:00 ----D---- C:\Windows
    2009-08-03 16:39:39 ----D---- C:\Windows\Prefetch
    2009-08-03 13:47:37 ----A---- C:\Windows\win.ini
    2009-08-03 13:44:27 ----D---- C:\Windows\twain_32
    2009-08-03 13:40:14 ----D---- C:\Windows\winsxs
    2009-08-03 13:37:15 ----D---- C:\Program Files\Common Files
    2009-08-03 13:35:09 ----D---- C:\Windows\inf
    2009-08-03 10:27:55 ----D---- C:\Program Files\Microsoft Silverlight
    2009-08-03 10:17:52 ----D---- C:\Program Files\Internet Explorer
    2009-08-03 10:17:51 ----D---- C:\Windows\system32\migration
    2009-08-03 10:17:47 ----D---- C:\Windows\AppPatch
    2009-08-02 17:18:14 ----D---- C:\ProgramData\Adobe
    2009-08-02 17:08:18 ----A---- C:\Windows\system32\deploytk.dll
    2009-08-02 17:08:03 ----D---- C:\Windows\system32\catroot2
    2009-08-02 14:49:40 ----AD---- C:\ProgramData\TEMP
    2009-08-02 14:10:47 ----D---- C:\Windows\Tasks
    2009-08-02 14:10:47 ----D---- C:\Windows\system32\Tasks
    2009-08-01 06:00:53 ----D---- C:\Windows\system32\fr-FR
    2009-08-01 02:33:11 ----A---- C:\Windows\system.ini
    2009-07-31 20:37:04 ----D---- C:\Windows\system32\catroot
    2009-07-31 18:46:17 ----SHD---- C:\boot
    2009-07-31 18:46:17 ----D---- C:\Windows\system32\config
    2009-07-30 23:32:16 ----D---- C:\Windows\Minidump
    2009-07-29 19:58:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2009-07-29 18:18:39 ----A---- C:\Windows\ntbtlog.txt
    2009-07-27 16:30:46 ----AD---- C:\Program Files\Common Files\DVDVideoSoft
    2009-07-27 16:30:28 ----AD---- C:\Program Files\DVDVideoSoft
    2009-07-27 15:10:17 ----D---- C:\Program Files\Common Files\Symantec Shared
    2009-07-27 13:31:29 ----D---- C:\Windows\system32\Macromed
    2009-07-24 15:45:41 ----D---- C:\Program Files\Avira
    2009-07-24 12:51:54 ----AD---- C:\Windows\system32\Adobe
    2009-07-24 11:18:54 ----HD---- C:\Windows\system32\GroupPolicyUsers
    2009-07-24 11:06:07 ----AD---- C:\Program Files\MessengerDiscovery 2
    2009-07-24 10:21:26 ----D---- C:\Program Files\Image-Line
    2009-07-23 23:06:42 ----D---- C:\Program Files\DNA
    2009-07-23 22:55:12 ----AD---- C:\Users\khalida\AppData\Roaming\MessengerDiscovery 2
    2009-07-23 01:40:54 ----D---- C:\Program Files\Avidemux 2.4
    2009-07-23 00:19:48 ----AD---- C:\Program Files\StuffPlug3
    2009-07-20 12:05:18 ----D---- C:\Program Files\Windows Mail
    2009-07-19 13:45:24 ----AD---- C:\Program Files\CamStudio
    2009-07-15 13:28:22 ----AD---- C:\Program Files\AviSynth 2.5
    2009-07-13 12:13:16 ----D---- C:\Program Files\Messenger Plus! Live
    2009-07-07 17:10:56 ----A---- C:\Windows\system32\mrt.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
    R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
    R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2009-08-01 128016]
    R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2009-08-01 280592]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2009-05-15 21008]
    R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
    R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
    R2 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2007-10-17 43816]
    R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\fetnd6v.sys [2008-12-04 43520]
    R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-04-11 25280]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-11-08 1647976]
    R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2009-05-16 19472]
    R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-09-12 7623968]
    R3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys [2006-11-28 27072]
    R3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\Windows\system32\DRIVERS\snp2sxp.sys [2007-09-05 12212864]
    R3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2006-11-01 33588]
    S2 FLYCAM;FlyCam, WDM Video Capture; C:\Windows\system32\DRIVERS\flycam.sys [2006-01-12 705408]
    S2 VirtualCam;VirtualCamera; C:\Windows\system32\DRIVERS\VirtualCam.sys [2007-02-21 192512]
    S3 catchme;catchme; \??\C:\Users\khalida\AppData\Local\Temp\catchme.sys []
    S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder PSP Edition\SysInfo.sys []
    S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2006-11-02 131584]
    S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2006-11-02 16384]
    S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2006-11-02 36864]
    S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2009-05-29 14336]
    S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
    S3 FETNDIS;Service de pilote de carte VIA famille Rhine 10/100Mo Fast Ethernet; C:\Windows\system32\DRIVERS\fetnd5.sys [2006-11-02 45568]
    S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\Windows\system32\DRIVERS\ManyCam.sys []
    S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
    S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
    S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
    S3 PCAMp50;PCAMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCAMp50.sys [2006-11-28 28224]
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
    S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
    S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
    S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
    R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-05-11 185089]
    R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-05-25 303376]
    R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe [2007-09-25 65536]
    R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2006-11-02 22016]
    R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]
    R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]
    R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
    R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2006-11-02 22016]
    S2 CameraServer;CameraServer; C:\FlyCam\CameraServer.exe []
    S2 fsssvc;Windows Live OneCare Contrôle parental; C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe [2007-12-17 523816]
    S2 SQLWriter;Enregistreur VSS SQL Server; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-05-13 651720]
    S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-02 182768]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
    S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-05-29 234864]
    S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2009-03-19 2739229]
    S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
    S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2006-11-02 22016]
    S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe [2008-12-10 24636]
    S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.1.32\bin\mysqld.exe [2009-02-15 6558336]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S4 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-03-14 607576]
    S4 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
    S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-12-05 935208]
    S4 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-20 887544]
    S4 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-20 166648]
    S4 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
    S4 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560]

    -----------------EOF-----------------
    a c 296 8 Sécurité
    a b 9 Windows
    6 Août 2009 16:11:44

    Tu as Kaspersky et AntiVir, il faut en désinstaller un.

  • Télécharge WORT (de dj QUIOU) sur ton Bureau.
  • Double-clique sur le fichier WORT.exe (le .exe n'est pas forcément visible).
    (Sous Vista, il faut cliquer droit sur WORT et choisir Exécuter en tant qu'administrateur)
  • Sélectionne le Bureau à l'aide du bouton Browse.
  • Suis les instructions et double-clique sur le fichier WareOut_Removal_Tool.bat qui vient d'être créé sur le Bureau.
    (Sous Vista, il faut cliquer droit sur WareOut_Removal_Tool.bat et choisir Exécuter en tant qu'administrateur)
  • Sélectionne l'option 1 et valide avec la touche Entrée.
  • A la fin de l'analyse, poste le rapport qui s'affiche à l'écran.
    6 Août 2009 17:01:02

    J'ai déinstaller Kapersky, et voila le rapport :

    ===== Rapport WareOut Removal Tool =====

    version 3.6.2

    analyse effectuée le 06/08/2009 à 16:56:29,32

    Résultats de l'analyse :
    ========================

    ~~~~ Recherche d'infections dans C:\ ~~~~


    ~~~~ Recherche d'infections dans C:\Program Files\ ~~~~


    ~~~~ Recherche d'infections dans C:\Windows\system\ ~~~~


    ~~~~ Recherche d'infections dans C:\Windows\system32\ ~~~~


    ~~~~ Recherche d'infections dans C:\Windows\system32\drivers\ ~~~~


    ~~~~ Recherche d'infections dans C:\Users\khalida\AppData\Roaming\ ~~~~


    ~~~~ Recherche d'infections dans C:\Users\khalida\Bureau\ ~~~~


    ~~~~ Recherche de détournement de DNS ~~~~



    ~~~~ Recherche de Rootkits ~~~~

    _______________________________________________________________________

    catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-06 16:56:37
    Windows 6.0.6000 NTFS

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    _______________________________________________________________________

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    System REG_SZ



    ~~~~ Recherche d'infections dans C:\Users\khalida\AppData\Local\Temp\ ~~~~


    ~~~~ Recherche d'infections dans C:\Users\khalida\Start Menu\Programs\ ~~~~


    ~~~~ Nettoyage du registre ~~~~


    ~~~~ Tentative de réparation des entrées suivantes: ~~~~

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] = "System"

    [HKLM\SYSTEM\CurrentControlSet\Services\Windows Tribute Service]
    [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_Windows Tribute Service]

    ~~~~ Vérification: ~~~~

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    System REG_SZ



    _________________________________

    développé par http://pc-system.fr
    _________________________________
    a c 296 8 Sécurité
    a b 9 Windows
    6 Août 2009 18:58:48

    Peux-tu refaire cette manip' en mode sans échec ?
    6 Août 2009 19:40:01

    Voila la manipulation cette fois exucuter en Mode sans Echec :

    ===== Rapport WareOut Removal Tool =====

    version 3.6.2

    analyse effectuée le 06/08/2009 à 19:30:14,62

    Résultats de l'analyse :
    ========================

    ~~~~ Recherche d'infections dans C:\ ~~~~


    ~~~~ Recherche d'infections dans C:\Program Files\ ~~~~


    ~~~~ Recherche d'infections dans C:\Windows\system\ ~~~~


    ~~~~ Recherche d'infections dans C:\Windows\system32\ ~~~~


    ~~~~ Recherche d'infections dans C:\Windows\system32\drivers\ ~~~~


    ~~~~ Recherche d'infections dans C:\Users\khalida\AppData\Roaming\ ~~~~


    ~~~~ Recherche d'infections dans C:\Users\khalida\Bureau\ ~~~~


    ~~~~ Recherche de détournement de DNS ~~~~



    ~~~~ Recherche de Rootkits ~~~~

    _______________________________________________________________________

    catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-06 19:30:23
    Windows 6.0.6000 NTFS

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    _______________________________________________________________________

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    System REG_SZ



    ~~~~ Recherche d'infections dans C:\Users\khalida\AppData\Local\Temp\ ~~~~


    ~~~~ Recherche d'infections dans C:\Users\khalida\Start Menu\Programs\ ~~~~


    ~~~~ Nettoyage du registre ~~~~


    ~~~~ Tentative de réparation des entrées suivantes: ~~~~

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] = "System"

    [HKLM\SYSTEM\CurrentControlSet\Services\Windows Tribute Service]
    [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_Windows Tribute Service]

    ~~~~ Vérification: ~~~~

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    System REG_SZ



    _________________________________

    développé par http://pc-system.fr
    _________________________________
    a c 296 8 Sécurité
    a b 9 Windows
    6 Août 2009 19:42:19

    As-tu un fichier report.txt dans le dossier WORT ?
    6 Août 2009 20:36:31

    non J'ai le dossier installer sur le bureau et un dossier sur dans c:\WORT mais aucun report.txt
    a c 296 8 Sécurité
    a b 9 Windows
    7 Août 2009 16:13:50

    Ok, mets à jour Malwarebytes' Anti-Malware et refais un scan rapide.
    9 Août 2009 16:35:34

    Voila le scan rapide :

    Malwarebytes' Anti-Malware 1.40
    Version de la base de données: 2585
    Windows 6.0.6000

    09/08/2009 16:21:57
    mbam-log-2009-08-09 (16-21-57).txt

    Type de recherche: Examen rapide
    Eléments examinés: 97595
    Temps écoulé: 7 minute(s), 20 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 1

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Users\khalida\Local Settings\Temporary Internet Files\pse_350_fra.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    a c 296 8 Sécurité
    a b 9 Windows
    9 Août 2009 18:01:17

    On a bientôt fini.

  • Télécharge OTM (OldTimer) sur ton Bureau.
  • Clique droit sur OTM.exe et choisis Exécuter en tant qu'administrateur.
  • Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\System\ControlSet005\Services\Tcpip\Parameters]
    "NameServer"=""
    [HKEY_LOCAL_MACHINE\SYSTEM\System\ControlSet006\Services\Tcpip\Parameters]
    "NameServer"=""
    [HKEY_LOCAL_MACHINE\SYSTEM\System\ControlSet007\Services\Tcpip\Parameters]
    "NameServer"=""

    :commands
    [purity]
    [emptytemp]
    [reboot]

  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTM.

    ---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

  • Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
    ---> Le nom du rapport correspond au moment de sa création : date_heure.log
    9 Août 2009 19:13:44

    Voila le log :

    All processes killed
    ========== PROCESSES ==========
    No active process named explorer.exe was found!
    ========== REGISTRY ==========
    HKEY_LOCAL_MACHINE\SYSTEM\System\ControlSet005\Services\Tcpip\Parameters\\"NameServer"|"" /E : value set successfully!
    HKEY_LOCAL_MACHINE\SYSTEM\System\ControlSet006\Services\Tcpip\Parameters\\"NameServer"|"" /E : value set successfully!
    HKEY_LOCAL_MACHINE\SYSTEM\System\ControlSet007\Services\Tcpip\Parameters\\"NameServer"|"" /E : value set successfully!
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: jawed
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 98089446 bytes
    ->Java cache emptied: 16298013 bytes
    ->FireFox cache emptied: 45305266 bytes

    User: khalida
    ->Temp folder emptied: 95633203 bytes
    ->Temporary Internet Files folder emptied: 212719687 bytes
    ->Java cache emptied: 14070136 bytes
    ->FireFox cache emptied: 65588932 bytes

    User: Public

    User: Zazou
    ->Temp folder emptied: 36862 bytes
    ->Temporary Internet Files folder emptied: 83326122 bytes
    ->Java cache emptied: 7617538 bytes
    ->FireFox cache emptied: 83229885 bytes

    %systemdrive% .tmp files removed: 0 bytes
    C:\Windows\DA15D5355E1D4076B5208571346D6238.TMP folder deleted successfully.
    C:\Windows\msdownld.tmp folder deleted successfully.
    %systemroot% .tmp files removed: 106496 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2585103 bytes
    RecycleBin emptied: 386080141 bytes

    Total Files Cleaned = 1059,27 mb


    OTM by OldTimer - Version 3.0.0.6 log created on 08092009_185337

    Files moved on Reboot...

    Registry entries deleted on Reboot...
    a c 296 8 Sécurité
    a b 9 Windows
    9 Août 2009 19:18:19

  • Refais un scan RSIT et poste le rapport log.
    10 Août 2009 14:53:30

    Voila le log :

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by khalida at 2009-08-10 14:50:51
    Microsoft® Windows Vista™ Édition Familiale Premium
    System drive C: has 115 GB (50%) free of 230 GB
    Total RAM: 1022 MB (20% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:51:17, on 10/08/2009
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16890)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\vsnp2std.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Users\khalida\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\OrangeHSS\Launcher\Launcher.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Users\khalida\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
    C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
    C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
    C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\1\FTCOMModule.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\VideoLAN\VLC\vlc.exe
    C:\Users\khalida\Desktop\RSIT.exe
    C:\Program Files\trend micro\khalida.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: VirtualCamera IEMenu Class - {0246A1A7-820A-469A-85A7-7B7F01EB808C} - C:\Program Files\VirtualCamera\VirtualCameraMenu.dll (file missing)
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
    O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
    O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (file missing)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - Startup: Outil de notification Live Search.lnk = C:\Users\khalida\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
    O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: Voir les cookies - C:\Windows\web\showcookies.htm
    O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O13 - Gopher Prefix:
    O15 - Trusted Zone: http://www.orange.fr
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: CameraServer - Unknown owner - C:\FlyCam\CameraServer.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.32\bin\mysqld.exe

    --
    End of file - 10247 bytes

    ======Scheduled tasks folder======

    C:\Windows\tasks\Extension de garantie.job
    C:\Windows\tasks\Norton Security Scan.job
    C:\Windows\tasks\NSSstub.job
    C:\Windows\tasks\Recovery DVD Creator.job
    C:\Windows\tasks\Uniblue SpeedUpMyPC Nag.job
    C:\Windows\tasks\Uniblue SpeedUpMyPC.job
    C:\Windows\tasks\User_Feed_Synchronization-{3B04291C-74BF-4CD2-A0FF-5135F350E890}.job
    C:\Windows\tasks\User_Feed_Synchronization-{E3AAEEFA-0C41-428C-82DE-EFE16196CFF2}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0246A1A7-820A-469A-85A7-7B7F01EB808C}]
    VirtualCamera IEMenu Class - C:\Program Files\VirtualCamera\VirtualCameraMenu.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    &Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
    Windows Live OneCare Family Safety Browser Helper Class - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll [2007-12-17 56360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2009-02-06 73072]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
    Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-02 259696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-24 669168]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
    IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2008-06-23 110592]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
    Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-06-02 470512]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-02 41368]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
    HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll []
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-02 259696]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-25 1006264]
    "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-11-09 3784704]
    "RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2006-11-20 228088]
    "ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2005-08-11 249856]
    "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
    "SystrayORAHSS"=C:\Program Files\OrangeHSS\Systray\SystrayApp.exe [2007-09-25 94208]
    "ORAHSSSessionManager"=C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe [2007-09-25 102400]
    "NvSvc"=C:\Windows\system32\nvsvc.dll [2007-09-12 86016]
    "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-09-12 8497696]
    "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-09-12 81920]
    "snp2std"=C:\Windows\vsnp2std.exe [2007-09-28 344064]
    "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
    "MSConfig"=C:\Windows\system32\msconfig.exe [2006-11-02 222208]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-02 148888]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
    "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
    "hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-08-20 150016]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-25 1232896]
    "SmpcSys"=C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe [2006-10-23 1092152]
    "ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11 249856]
    "msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
    "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
    "Uniblue SpeedUpMyPC"= []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
    C:\Program Files\Common Files\AOL\1136148254\ee\AOLSoftware.exe [2006-11-14 50736]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
    C:\Program Files\Spyware Doctor\pctsTray.exe [2008-12-08 1173384]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
    C:\Windows\tsnp2std.exe [2007-05-10 270336]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UniblueSpeedUpMyPC]
    C:\Program Files\Uniblue\SpeedUpMyPC\Launcher.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
    C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [2000-01-21 65588]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OFFICE One Startup v7.lnk]
    C:\PROGRA~1\OFFICE~1\OF2AAE~1\OOSTAR~1.EXE [2006-12-01 713728]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    Contrôleur de calendrier Ulead.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Users\khalida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    Outil de notification Live Search.lnk - C:\Users\khalida\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96680d6f-4e76-11dc-a49c-806e6f6e6963}]
    shell\AutoRun\command - D:\setup.exe


    ======File associations======

    .bat - edit - %SystemRoot%\System32\NOTEPAD.EXE %1"
    .ini - open - %SystemRoot%\System32\NOTEPAD.EXE %1"
    .scr - config -

    ======List of files/folders created in the last 1 months======

    2009-08-09 18:53:37 ----D---- C:\_OTM
    2009-08-06 19:29:20 ----D---- C:\WORT
    2009-08-06 14:57:54 ----D---- C:\ProgramData\NortonInstaller
    2009-08-06 14:40:19 ----A---- C:\Windows\system32\WS2Fix.exe
    2009-08-06 14:40:19 ----A---- C:\Windows\system32\VACFix.exe
    2009-08-06 14:40:19 ----A---- C:\Windows\system32\o4Patch.exe
    2009-08-06 14:40:19 ----A---- C:\Windows\system32\IEDFix.exe
    2009-08-06 14:40:19 ----A---- C:\Windows\system32\IEDFix.C.exe
    2009-08-06 14:40:19 ----A---- C:\Windows\system32\Agent.OMZ.Fix.exe
    2009-08-06 14:40:19 ----A---- C:\Windows\system32\404Fix.exe
    2009-08-06 14:40:18 ----A---- C:\Windows\system32\VCCLSID.exe
    2009-08-06 14:40:18 ----A---- C:\Windows\system32\swxcacls.exe
    2009-08-06 14:40:18 ----A---- C:\Windows\system32\swsc.exe
    2009-08-06 14:40:18 ----A---- C:\Windows\system32\swreg.exe
    2009-08-06 14:40:18 ----A---- C:\Windows\system32\SrchSTS.exe
    2009-08-06 14:40:18 ----A---- C:\Windows\system32\Process.exe
    2009-08-06 14:40:18 ----A---- C:\Windows\system32\dumphive.exe
    2009-08-03 17:31:53 ----D---- C:\ProgramData\Yahoo! Companion
    2009-08-03 13:53:43 ----D---- C:\ProgramData\WEBREG
    2009-08-03 13:48:12 ----D---- C:\Users\khalida\AppData\Roaming\HP
    2009-08-03 13:45:31 ----D---- C:\ProgramData\Hewlett-Packard
    2009-08-03 13:43:27 ----D---- C:\Users\khalida\AppData\Roaming\Yahoo!
    2009-08-03 13:43:24 ----D---- C:\Program Files\Yahoo!
    2009-08-03 13:38:03 ----D---- C:\ProgramData\HP Product Assistant
    2009-08-03 13:37:25 ----D---- C:\Program Files\Hewlett-Packard
    2009-08-03 13:37:15 ----D---- C:\Program Files\Common Files\Hewlett-Packard
    2009-08-03 13:36:14 ----D---- C:\Program Files\Common Files\HP
    2009-08-03 13:34:54 ----A---- C:\Windows\system32\hpzids01.dll
    2009-08-03 13:34:41 ----A---- C:\Windows\system32\hpzll5mu.dll
    2009-08-03 13:34:01 ----A---- C:\Windows\system32\hppldcoi.dll
    2009-08-03 13:33:59 ----A---- C:\Windows\system32\hpowiax7.dll
    2009-08-03 13:33:56 ----A---- C:\Windows\system32\hpotscl6.dll
    2009-08-03 13:33:51 ----A---- C:\Windows\system32\hpovst15.dll
    2009-08-03 13:31:20 ----D---- C:\Program Files\HP
    2009-08-03 13:31:12 ----HD---- C:\Config.Msi
    2009-08-03 13:25:43 ----D---- C:\ProgramData\HP
    2009-08-02 17:16:35 ----D---- C:\Program Files\Common Files\Adobe
    2009-08-02 17:16:35 ----D---- C:\Program Files\Adobe
    2009-08-02 17:09:24 ----A---- C:\Windows\system32\javaws.exe
    2009-08-02 17:09:23 ----A---- C:\Windows\system32\javaw.exe
    2009-08-02 17:09:23 ----A---- C:\Windows\system32\java.exe
    2009-08-02 17:08:10 ----D---- C:\Program Files\Java
    2009-08-02 15:14:50 ----D---- C:\Windows\pss
    2009-08-02 13:34:20 ----AD---- C:\Users\khalida\AppData\Roaming\uniblue
    2009-08-02 13:32:00 ----AHDC---- C:\ProgramData\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
    2009-08-01 21:16:52 ----AD---- C:\Program Files\Ad-remover
    2009-08-01 19:28:48 ----AD---- C:\Users\khalida\AppData\Roaming\Malwarebytes
    2009-08-01 19:28:23 ----AD---- C:\ProgramData\Malwarebytes
    2009-08-01 18:37:41 ----A---- C:\lopR.txt
    2009-08-01 18:16:31 ----AD---- C:\Lop SD
    2009-08-01 03:11:59 ----A---- C:\ComboFix.txt
    2009-08-01 02:32:19 ----SHD---- C:\$RECYCLE.BIN
    2009-08-01 02:24:00 ----D---- C:\Windows\temp
    2009-08-01 01:42:46 ----AD---- C:\32788R22FWJFW
    2009-07-31 20:43:33 ----A---- C:\Windows\system32\mshtml.dll
    2009-07-31 20:43:22 ----A---- C:\Windows\system32\ieframe.dll
    2009-07-31 20:43:20 ----A---- C:\Windows\system32\mstime.dll
    2009-07-31 20:43:19 ----A---- C:\Windows\system32\ieapfltr.dll
    2009-07-31 20:43:18 ----A---- C:\Windows\system32\urlmon.dll
    2009-07-31 20:43:15 ----A---- C:\Windows\system32\iedkcs32.dll
    2009-07-31 20:43:14 ----A---- C:\Windows\system32\wininet.dll
    2009-07-31 20:43:13 ----A---- C:\Windows\system32\occache.dll
    2009-07-31 20:43:13 ----A---- C:\Windows\system32\msfeeds.dll
    2009-07-31 20:43:13 ----A---- C:\Windows\system32\iertutil.dll
    2009-07-31 20:43:13 ----A---- C:\Windows\system32\dxtmsft.dll
    2009-07-31 20:43:11 ----A---- C:\Windows\system32\ieaksie.dll
    2009-07-31 20:43:10 ----A---- C:\Windows\system32\mshtmled.dll
    2009-07-31 20:43:09 ----A---- C:\Windows\system32\icardie.dll
    2009-07-31 20:43:08 ----A---- C:\Windows\system32\dxtrans.dll
    2009-07-31 20:43:06 ----A---- C:\Windows\system32\ieencode.dll
    2009-07-31 20:43:04 ----A---- C:\Windows\system32\jsproxy.dll
    2009-07-31 20:43:02 ----A---- C:\Windows\system32\advpack.dll
    2009-07-31 20:43:02 ----A---- C:\Windows\system32\admparse.dll
    2009-07-31 20:43:01 ----A---- C:\Windows\system32\ieui.dll
    2009-07-31 20:42:58 ----A---- C:\Windows\system32\iesetup.dll
    2009-07-31 20:42:58 ----A---- C:\Windows\system32\iernonce.dll
    2009-07-31 20:42:57 ----A---- C:\Windows\system32\ieUnatt.exe
    2009-07-31 20:42:57 ----A---- C:\Windows\system32\ie4uinit.exe
    2009-07-31 20:42:56 ----A---- C:\Windows\system32\pngfilt.dll
    2009-07-31 20:42:51 ----A---- C:\Windows\system32\ieakui.dll
    2009-07-31 20:42:49 ----A---- C:\Windows\system32\mshtmler.dll
    2009-07-31 17:54:02 ----SD---- C:\IDN
    2009-07-31 17:49:02 ----A---- C:\Windows\NIRCMD.exe
    2009-07-31 17:49:01 ----A---- C:\Windows\zip.exe
    2009-07-31 17:49:01 ----A---- C:\Windows\SWXCACLS.exe
    2009-07-31 17:49:01 ----A---- C:\Windows\SWSC.exe
    2009-07-31 17:49:01 ----A---- C:\Windows\SWREG.exe
    2009-07-31 17:49:01 ----A---- C:\Windows\sed.exe
    2009-07-31 17:49:01 ----A---- C:\Windows\PEV.exe
    2009-07-31 17:49:01 ----A---- C:\Windows\grep.exe
    2009-07-31 17:48:47 ----D---- C:\Windows\ERDNT
    2009-07-31 17:46:46 ----D---- C:\Qoobox
    2009-07-31 17:03:11 ----D---- C:\Program Files\trend micro
    2009-07-31 17:03:09 ----D---- C:\rsit
    2009-07-29 19:50:51 ----AD---- C:\Program Files\SystemRequirementsLab
    2009-07-29 19:50:39 ----AD---- C:\Users\khalida\AppData\Roaming\SystemRequirementsLab
    2009-07-29 19:47:42 ----AD---- C:\ProgramData\ma-config.com
    2009-07-29 19:47:42 ----AD---- C:\Program Files\ma-config.com
    2009-07-27 15:21:55 ----AD---- C:\ProgramData\Kaspersky Lab
    2009-07-25 21:32:17 ----AD---- C:\Program Files\Common Files\PC Tools
    2009-07-25 21:32:09 ----AD---- C:\Users\khalida\AppData\Roaming\PC Tools
    2009-07-25 21:32:09 ----AD---- C:\ProgramData\PC Tools
    2009-07-25 21:32:09 ----AD---- C:\Program Files\Spyware Doctor
    2009-07-24 15:24:28 ----AD---- C:\ProgramData\Avira
    2009-07-24 10:16:10 ----D---- C:\Users\khalida\AppData\Roaming\Nero
    2009-07-23 01:26:37 ----A---- C:\Windows\system32\pncrt.dll
    2009-07-23 01:25:23 ----AD---- C:\Program Files\FreeTime
    2009-07-18 17:07:12 ----A---- C:\Windows\system32\NCTVideoFile.dll
    2009-07-18 17:07:12 ----A---- C:\Windows\system32\NCTVideoCompress.dll
    2009-07-18 17:07:12 ----A---- C:\Windows\system32\NCTQuickTimeFile.dll
    2009-07-18 17:07:12 ----A---- C:\Windows\system32\mcdvd_32.dll
    2009-07-18 17:07:11 ----A---- C:\Windows\system32\NCTWMVFile.dll
    2009-07-18 17:07:11 ----A---- C:\Windows\system32\NCTVideoCoreU.dll
    2009-07-18 17:07:11 ----A---- C:\Windows\system32\NCTVideoCoreM.dll
    2009-07-18 17:07:11 ----A---- C:\Windows\system32\NCTRMFile.dll
    2009-07-18 17:07:11 ----A---- C:\Windows\system32\NCTAVIFile.dll
    2009-07-18 17:07:11 ----A---- C:\Windows\system32\NCTAudioFile2.dll
    2009-07-18 17:07:10 ----A---- C:\Windows\system32\NCTAudioCompress3.dll
    2009-07-18 17:07:10 ----A---- C:\Windows\system32\NCTAudioCompress2.dll
    2009-07-18 17:07:10 ----A---- C:\Windows\system32\lame_enc.dll
    2009-07-18 13:24:36 ----AD---- C:\Users\khalida\AppData\Roaming\Red Kawa
    2009-07-15 09:26:06 ----A---- C:\Windows\system32\t2embed.dll
    2009-07-15 09:26:06 ----A---- C:\Windows\system32\fontsub.dll
    2009-07-15 09:26:05 ----A---- C:\Windows\system32\lpk.dll
    2009-07-15 09:26:05 ----A---- C:\Windows\system32\dciman32.dll
    2009-07-15 09:26:05 ----A---- C:\Windows\system32\atmlib.dll
    2009-07-15 09:26:05 ----A---- C:\Windows\system32\atmfd.dll
    2009-07-14 13:15:24 ----AD---- C:\Users\khalida\AppData\Roaming\dvdcss
    2009-07-14 11:50:43 ----AD---- C:\Users\khalida\AppData\Roaming\vlc

    ======List of files/folders modified in the last 1 months======

    2009-08-10 14:50:59 ----D---- C:\Windows\Prefetch
    2009-08-10 11:26:35 ----D---- C:\Windows\system32\ras
    2009-08-10 11:26:35 ----D---- C:\Windows\system32\icsxml
    2009-08-10 11:26:35 ----D---- C:\Windows\system32\drivers
    2009-08-10 11:26:35 ----D---- C:\Windows\System32
    2009-08-10 11:26:35 ----D---- C:\Windows\inf
    2009-08-10 11:26:35 ----D---- C:\Program Files\Windows Calendar
    2009-08-10 11:26:33 ----D---- C:\Windows\system32\migration
    2009-08-10 11:04:02 ----D---- C:\Windows\winsxs
    2009-08-10 10:56:12 ----SHD---- C:\System Volume Information
    2009-08-09 18:56:11 ----D---- C:\Program Files
    2009-08-09 18:54:51 ----D---- C:\Windows
    2009-08-06 19:30:21 ----A---- C:\Windows\ntbtlog.txt
    2009-08-06 16:52:17 ----SHD---- C:\Windows\Installer
    2009-08-06 16:49:38 ----D---- C:\ProgramData
    2009-08-06 16:49:06 ----D---- C:\Windows\system32\catroot
    2009-08-06 15:34:15 ----AD---- C:\Program Files\Mozilla Firefox
    2009-08-06 15:18:31 ----D---- C:\ProgramData\Symantec
    2009-08-03 13:47:37 ----A---- C:\Windows\win.ini
    2009-08-03 13:44:27 ----D---- C:\Windows\twain_32
    2009-08-03 13:37:15 ----D---- C:\Program Files\Common Files
    2009-08-03 10:27:55 ----D---- C:\Program Files\Microsoft Silverlight
    2009-08-03 10:17:52 ----D---- C:\Program Files\Internet Explorer
    2009-08-03 10:17:47 ----D---- C:\Windows\AppPatch
    2009-08-02 17:18:14 ----D---- C:\ProgramData\Adobe
    2009-08-02 17:08:18 ----A---- C:\Windows\system32\deploytk.dll
    2009-08-02 17:08:03 ----D---- C:\Windows\system32\catroot2
    2009-08-02 14:49:40 ----AD---- C:\ProgramData\TEMP
    2009-08-02 14:10:47 ----D---- C:\Windows\Tasks
    2009-08-02 14:10:47 ----D---- C:\Windows\system32\Tasks
    2009-08-01 06:00:53 ----D---- C:\Windows\system32\fr-FR
    2009-08-01 02:33:11 ----A---- C:\Windows\system.ini
    2009-07-31 18:46:17 ----SHD---- C:\boot
    2009-07-31 18:46:17 ----D---- C:\Windows\system32\config
    2009-07-30 23:32:16 ----D---- C:\Windows\Minidump
    2009-07-29 19:58:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2009-07-27 16:30:46 ----AD---- C:\Program Files\Common Files\DVDVideoSoft
    2009-07-27 16:30:28 ----AD---- C:\Program Files\DVDVideoSoft
    2009-07-27 15:10:17 ----D---- C:\Program Files\Common Files\Symantec Shared
    2009-07-27 13:31:29 ----D---- C:\Windows\system32\Macromed
    2009-07-24 15:45:41 ----D---- C:\Program Files\Avira
    2009-07-24 12:51:54 ----AD---- C:\Windows\system32\Adobe
    2009-07-24 11:18:54 ----HD---- C:\Windows\system32\GroupPolicyUsers
    2009-07-24 11:06:07 ----AD---- C:\Program Files\MessengerDiscovery 2
    2009-07-24 10:21:26 ----D---- C:\Program Files\Image-Line
    2009-07-23 23:06:42 ----D---- C:\Program Files\DNA
    2009-07-23 22:55:12 ----AD---- C:\Users\khalida\AppData\Roaming\MessengerDiscovery 2
    2009-07-23 01:40:54 ----D---- C:\Program Files\Avidemux 2.4
    2009-07-23 00:19:48 ----AD---- C:\Program Files\StuffPlug3
    2009-07-20 12:05:18 ----D---- C:\Program Files\Windows Mail
    2009-07-19 13:45:24 ----AD---- C:\Program Files\CamStudio
    2009-07-15 13:28:22 ----AD---- C:\Program Files\AviSynth 2.5
    2009-07-13 12:13:16 ----D---- C:\Program Files\Messenger Plus! Live

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
    R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
    R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
    R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
    R2 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2007-10-17 43816]
    R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\fetnd6v.sys [2008-12-04 43520]
    R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-04-11 25280]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-11-08 1647976]
    R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-09-12 7623968]
    R3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys [2006-11-28 27072]
    R3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\Windows\system32\DRIVERS\snp2sxp.sys [2007-09-05 12212864]
    R3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2006-11-01 33588]
    S2 FLYCAM;FlyCam, WDM Video Capture; C:\Windows\system32\DRIVERS\flycam.sys [2006-01-12 705408]
    S2 VirtualCam;VirtualCamera; C:\Windows\system32\DRIVERS\VirtualCam.sys [2007-02-21 192512]
    S3 catchme;catchme; \??\C:\Users\khalida\AppData\Local\Temp\catchme.sys []
    S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder PSP Edition\SysInfo.sys []
    S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2006-11-02 131584]
    S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2006-11-02 16384]
    S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2006-11-02 36864]
    S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2009-05-29 14336]
    S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
    S3 FETNDIS;Service de pilote de carte VIA famille Rhine 10/100Mo Fast Ethernet; C:\Windows\system32\DRIVERS\fetnd5.sys [2006-11-02 45568]
    S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\Windows\system32\DRIVERS\ManyCam.sys []
    S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
    S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
    S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
    S3 PCAMp50;PCAMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCAMp50.sys [2006-11-28 28224]
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
    S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
    S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
    S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
    R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-05-11 185089]
    R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe [2007-09-25 65536]
    R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2006-11-02 22016]
    R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]
    R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]
    R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
    R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2006-11-02 22016]
    S2 CameraServer;CameraServer; C:\FlyCam\CameraServer.exe []
    S2 fsssvc;Windows Live OneCare Contrôle parental; C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe [2007-12-17 523816]
    S2 SQLWriter;Enregistreur VSS SQL Server; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-05-13 651720]
    S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-02 182768]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
    S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-05-29 234864]
    S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2009-03-19 2739229]
    S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
    S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2006-11-02 22016]
    S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe [2008-12-10 24636]
    S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.1.32\bin\mysqld.exe [2009-02-15 6558336]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S4 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-03-14 607576]
    S4 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
    S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-12-05 935208]
    S4 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-20 887544]
    S4 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-20 166648]
    S4 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
    S4 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560]

    -----------------EOF-----------------
    a c 296 8 Sécurité
    a b 9 Windows
    10 Août 2009 14:56:09

    Ok, ça a fonctionné.

    Pourquoi Vista n'est pas à jour ?
    10 Août 2009 16:00:02

    Je ne sais pas. Comment faire pour que je le mette a jour ?
    a c 296 8 Sécurité
    a b 9 Windows
    10 Août 2009 16:03:18

    En installant le SP1 puis SP2.
    10 Août 2009 16:24:02

    Est ou est que je peut les telecharger ?
    10 Août 2009 18:50:20

    Les telechargement sont finis, j'aimerais savoir SP1 et SP2 servent a quoi ?
    Il améliore Windows ?
    a c 296 8 Sécurité
    a b 9 Windows
    10 Août 2009 18:56:04

    Oui.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS