Se connecter / S'enregistrer
Votre question

probleme virus alert! [résolu]

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
10 Août 2008 13:01:47

bonjour,

j'ai été infecté il y a quelques jours par un programme que je connais pas. J'ai virus alert! qui est écrit dans la barre de tâche, le menu démarrer a été modifié, et une page rouge avec un message écrit dessus a pris la place de mon fond d'écran. J'ai regardé partout et essayer plein de prog (ccleaner, spybot,...) mais ça change rien.
Est-ce que quelqu'un peut m'aider à résoudre cette m"@#& ?
merci d'avance

voici le log de hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59: VIRUS ALERT!, on 10/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\monitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\LaCie\Backup Software\LaCieBackup.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.metacrawl.ws
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.metacrawl.ws
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 69.57.152.127 auto.search.msn.es
O1 - Hosts: 69.57.152.127 pagead2.googlesyndication.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D789CE4F-DDF0-4DF7-A2BF-B2867BA16AFF} - C:\WINDOWS\system32\urqPfGXR.dll
O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [KIT3] C:\WINDOWS\system32\spool\hpprintqueue.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows] C:\DOCUME~1\IVANOV~1\LOCALS~1\Temp\Setup_ver1.1400.0.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA5623] command /c del "C:\WINDOWS\tfnslopk.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8386] cmd /c del "C:\WINDOWS\tfnslopk.dll_old"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\monitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\RunOnce: [SpybotDeletingB5731] command /c del "C:\WINDOWS\tfnslopk.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5356] cmd /c del "C:\WINDOWS\tfnslopk.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB6F7303-B601-43F3-AD0B-B7FFB987451B}: NameServer = 212.68.193.110,192.168.0.1
O18 - Protocol: biblioscape - (no CLSID) - (no file)
O20 - Winlogon Notify: urqPfGXR - C:\WINDOWS\SYSTEM32\urqPfGXR.dll
O21 - SSODL: tfnslopk - {E956D10E-F102-44B2-A6B6-09F83DBA1B0A} - C:\WINDOWS\tfnslopk.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 15060 bytes

Autres pages sur : probleme virus alert resolu

10 Août 2008 13:45:45

Bonjour,

Je vais m'occuper de toi. Merci de prendre en compte que je suis bénévole, que j'ai une vie privée et que j'aide plusieurs internautes à la fois, donc merci d'être patient. Cependant, je ne lâche jamais un internaute tant que son PC n'est pas propre ;) 

Télécharge SmitfraudFix (de S!ri).

  • Enregistre le sur ton Bureau.
  • Lance-le en double cliquant sur SmitfraudFix.exe
  • Appuie sur une touche comme demandé.
  • Exécute l’option 1, un rapport va apparaître, poste le.

    Le rapport se trouve ici : C:\rapport.txt

    ;) 
    10 Août 2008 14:07:44

    merci pour ton aide, voici le rapport de smitfraud :

    SmitFraudFix v2.334

    Rapport fait à 14:05:04,03, dim. 10/08/2008
    Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\DU Meter\DUMeter.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
    C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\monitor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\LaCie\Backup Software\LaCieBackup.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\SmitfraudFix\Policies.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    Fichier hosts corrompu !

    127.0.0.1 www.legal-at-spybot.info
    127.0.0.1 legal-at-spybot.info

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ivanovski


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ivanovski\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\IVANOV~1\Favoris


    »»»»»»»»»»»»»»»»»»»»»»»» Bureau


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"


    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Rustock



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Intel(R) PRO/Wireless 2200BG Network Connection - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 212.68.193.110
    DNS Server Search Order: 192.168.0.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{CB6F7303-B601-43F3-AD0B-B7FFB987451B}: NameServer=212.68.193.110,192.168.0.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{CB6F7303-B601-43F3-AD0B-B7FFB987451B}: NameServer=212.68.193.110,192.168.0.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{CB6F7303-B601-43F3-AD0B-B7FFB987451B}: NameServer=212.68.193.110,192.168.0.1


    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    Contenus similaires
    10 Août 2008 15:54:39

    Re,

    Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.
    NB : Tu dois être connecté avec des droits d'Administrateur.
  • ferme toutes les applications et fenêtres
  • double-clique sur dss.exe pour le lancer et suis les instructions ci-dessous
    Attention, il est conseillé de stopper temporairement les logiciels résidents de protection (pare-feu, antivirus, etc.)
  • s'il s'agit d'une première utilisation ou d'une nouvelle version de DSS :
  • tu devras cliquer 2 fois sur le OK des boîtes de dialogue
    Attention, si tu tardes trop, la réponse Abandon sera automatiquement validée
  • quand le traitement est terminé (clique sur OK), deux fichiers texte s'affichent :
    main.txt <- ouvert en premier plan et en plein écran
    extra.txt <- ouvert en second plan et en fenêtré (regarde la barre des taches)
    S'il s'agit d'une utilisation supplémentaire de DSS :
  • tu n'auras pas de boîte de dialogue (pas de OK)
  • quand le traitement est terminé, un fichier texte s'affiche :
    main.txt <- ouvert en premier plan et en plein écran

  • copie (Ctrl+A puis Ctrl+C) et colle (Ctrl+V) le contenu de main.txt dans ton prochain post
  • copie de même le contenu de extra.txt dans ton prochain post, si tu as ce fichier (première utilisation)
  • n'oublie pas de réactiver les protections si elles ont été stoppées.



    Ce que fait DSS :
  • crée un point de restauration dans Windows XP et Vista
  • nettoie les fichiers temporaires, DPF-Downloaded Program Files et le Cache Internet, vide la Corbeille de tous les lecteurs
  • vérifie quelques zones importantes de ton système et établit un rapport pour examen par ton conseiller en sécurité. DSS lance automatiquement HijackThis pour toi; il va aussi créer un raccourci HijackThis sur ton Bureau si tu n'as pas déjà HijackThis d'installé.

    ;) 
    10 Août 2008 18:28:41

    voila j'ai les rapports de main.txt et extra.txt mais entre temps, et je ne sais pas par quel miracle, mais je n'ai plus le message à coté de l'horloge windows, mon menu démarrer est comme avant et le fond d'écran aussi. Tout semble être rentré dans l'ordre. Si c'est réglé, un tout grand merci.
    mais au cas où voici les rapports dss:
    main :

    Deckard's System Scanner v20071014.68
    Run by Ivanovski on 2008-08-10 15:58:33
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 4 Restore Point(s) --
    4: 2008-08-10 13:58:40 UTC - RP637 - Deckard's System Scanner Restore Point
    3: 2008-08-09 17:09:15 UTC - RP636 - Point de vérification système
    2: 2008-08-08 17:02:14 UTC - RP635 - Software Distribution Service 3.0
    1: 2008-08-08 16:45:55 UTC - RP634 - Removed The Movies(TM)


    Backed up registry hives.
    Performed disk cleanup.

    System Drive C: has 5.87 GiB (less than 15%) free.


    -- HijackThis (run as Ivanovski.exe) -------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:03:42, on 10/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\DU Meter\DUMeter.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
    C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\monitor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\LaCie\Backup Software\LaCieBackup.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Ivanovski\Bureau\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Ivanovski.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.metacrawl.ws
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.metacrawl.ws
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O1 - Hosts: 69.57.152.127 auto.search.msn.es
    O1 - Hosts: 69.57.152.127 pagead2.googlesyndication.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {D789CE4F-DDF0-4DF7-A2BF-B2867BA16AFF} - C:\WINDOWS\system32\urqPfGXR.dll
    O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing)
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [KIT3] C:\WINDOWS\system32\spool\hpprintqueue.exe
    O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Windows] C:\DOCUME~1\IVANOV~1\LOCALS~1\Temp\Setup_ver1.1400.0.exe
    O4 - HKLM\..\RunOnce: [SpybotDeletingA5623] command /c del "C:\WINDOWS\tfnslopk.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC8386] cmd /c del "C:\WINDOWS\tfnslopk.dll_old"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
    O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\monitor.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CB6F7303-B601-43F3-AD0B-B7FFB987451B}: NameServer = 212.68.193.110,192.168.0.1
    O18 - Protocol: biblioscape - (no CLSID) - (no file)
    O20 - Winlogon Notify: urqPfGXR - C:\WINDOWS\SYSTEM32\urqPfGXR.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    --
    End of file - 14440 bytes

    -- File Associations -----------------------------------------------------------

    .reg - regfile - shell\open\command - "regedit.exe" "%1"


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
    R2 ACEDRV07 - c:\windows\system32\drivers\acedrv07.sys <Not Verified; Protect Software GmbH; >
    R2 atksgt - c:\windows\system32\drivers\atksgt.sys
    R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
    R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
    R3 ElbyCDFL - c:\windows\system32\drivers\elbycdfl.sys <Not Verified; Elaborate Bytes AG; CloneCD>
    R3 ezplay (VSO Software ezplay) - c:\windows\system32\drivers\ezplay.sys <Not Verified; VSO Software; autoplay Application>
    R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

    S0 VClone - c:\windows\system32\drivers\vclone.sys (file missing)
    S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing)
    S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing)
    S2 DS1410D - c:\windows\system32\drivers\ds1410d.sys (file missing)
    S3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys (file missing)
    S3 nenum13E - c:\docume~1\ivanov~1\locals~1\temp\nenum13e.sys (file missing)
    S3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys (file missing)
    S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing)


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\apps\powercinema\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
    R2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\apps\powercinema\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>
    R2 CyberLink Media Library Service - "c:\program files\cyberlink\shared files\clml_ntservice\clmlserver.exe" <Not Verified; Cyberlink; Cyberlink Media Library Server>
    R2 GenericHidService (Generic Service for HID Keyboard Input Collections) - c:\apps\hidservice\hidservice.exe
    R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>

    S3 iPod Service (Service de l'iPod) - "c:\program files\ipod\bin\ipodservice.exe" (file missing)
    S3 MySqlInventime - c:\mysql\bin\mysqld-max-nt mysqlinventime


    -- Device Manager: Disabled ----------------------------------------------------

    No disabled devices found.


    -- Scheduled Tasks -------------------------------------------------------------

    2008-08-05 21:03:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


    -- Files created between 2008-07-10 and 2008-08-10 -----------------------------

    2008-08-10 14:05:20 4026 --a------ C:\WINDOWS\system32\tmp.reg
    2008-08-10 14:04:46 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
    2008-08-10 14:04:46 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
    2008-08-10 14:04:46 82432 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
    2008-08-10 14:04:45 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-08-10 14:04:45 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
    2008-08-10 14:04:45 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
    2008-08-10 14:04:45 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
    2008-08-10 14:04:45 51200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-08-10 01:42:56 0 d-------- C:\Program Files\Trend Micro
    2008-08-09 14:11:48 34176 --a------ C:\WINDOWS\system32\opnlJdcc.dll
    2008-08-09 14:11:47 34176 --a------ C:\WINDOWS\system32\rqRIaXOG.dll
    2008-08-09 14:01:40 34176 --a------ C:\WINDOWS\system32\vtUnlMff.dll
    2008-08-09 14:01:39 34176 --a------ C:\WINDOWS\system32\pmnmjHba.dll
    2008-08-09 14:00:46 0 d-------- C:\Documents and Settings\Ivanovski\Application Data\TmpRecentIcons
    2008-08-09 13:51:53 34176 --a------ C:\WINDOWS\system32\ssqQkICT.dll
    2008-08-09 13:51:06 34176 --a------ C:\WINDOWS\system32\awtuuUom.dll
    2008-08-09 12:25:02 34176 --a------ C:\WINDOWS\system32\pmnnOGWm.dll
    2008-08-09 12:21:38 34176 --a------ C:\WINDOWS\system32\urqPfGXR.dll
    2008-08-09 12:08:15 86016 --a------ C:\WINDOWS\lnvegaow.exe
    2008-08-09 12:08:15 139264 --a------ C:\WINDOWS\ewdx.exe
    2008-08-07 14:51:02 0 d-------- C:\Program Files\SopCast
    2008-08-07 11:09:32 0 d-------- C:\Program Files\TVAnts
    2008-08-04 23:07:38 0 d-------- C:\Program Files\FIBA Basketball Manager 2008
    2008-08-04 17:34:47 0 d-------- C:\Documents and Settings\Ivanovski\Application Data\Lionhead Studios
    2008-08-04 17:32:00 0 d--hs---- C:\WINDOWS\ftpcache
    2008-08-04 17:22:32 0 d-------- C:\Program Files\Lionhead Studios Ltd
    2008-08-01 01:30:11 0 d-------- C:\Documents and Settings\Ivanovski\Application Data\Skype
    2008-08-01 01:30:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
    2008-07-23 11:16:12 0 d-------- C:\Documents and Settings\Ivanovski\Application Data\Applied Acoustics Systems
    2008-07-23 11:14:01 0 d-------- C:\Program Files\Fichiers communs\Digidesign
    2008-07-23 11:13:57 0 d-------- C:\Program Files\AAS
    2008-07-23 09:44:33 0 d-------- C:\Program Files\Boxing Manager


    -- Find3M Report ---------------------------------------------------------------

    2008-08-10 11:41:24 0 d-------- C:\Program Files\Fichiers communs
    2008-08-10 11:40:32 8405015 --a------ C:\WINDOWS\TempFile
    2008-08-09 14:26:46 0 d-------- C:\Documents and Settings\Ivanovski\Application Data\Azureus
    2008-08-09 14:21:21 0 d-------- C:\Documents and Settings\Ivanovski\Application Data\U3
    2008-08-08 18:56:23 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-08-08 17:18:48 0 d-------- C:\Program Files\Celtx
    2008-08-07 15:09:03 0 d-------- C:\Program Files\Fichiers communs\Symantec Shared
    2008-08-04 10:44:48 0 d-------- C:\Program Files\Java
    2008-08-02 16:19:16 0 d-------- C:\Program Files\GCH Guitar academy
    2008-07-30 20:13:34 0 d-------- C:\Documents and Settings\Ivanovski\Application Data\dvdcss
    2008-07-23 11:14:00 0 d-------- C:\Program Files\VstPlugins
    2008-07-15 16:09:20 0 d-------- C:\Documents and Settings\Ivanovski\Application Data\gtk-2.0
    2008-07-13 15:50:38 0 d-------- C:\Documents and Settings\Ivanovski\Application Data\Mozilla
    2008-07-11 16:01:29 0 d-------- C:\Documents and Settings\Ivanovski\Application Data\Momindum Studio
    2008-07-11 16:01:10 0 d-------- C:\Program Files\Momindum Studio
    2008-07-06 23:09:10 0 d--h----- C:\Program Files\Zero G Registry
    2008-07-06 22:58:05 0 d-------- C:\Program Files\Sports Interactive
    2008-07-06 22:52:25 0 d-------- C:\Documents and Settings\Ivanovski\Application Data\Sports Interactive
    2008-07-05 19:28:37 0 d-------- C:\Program Files\Fichiers communs\Adobe
    2008-07-05 19:26:33 0 d-------- C:\Documents and Settings\Ivanovski\Application Data\AdobeUM
    2008-07-05 17:12:54 0 d-------- C:\Program Files\GameShadow
    2008-07-03 15:00:21 0 d-------- C:\Program Files\GIMP-2.0
    2008-07-03 13:03:07 0 d-------- C:\Program Files\Azureus
    2008-06-27 22:38:08 0 d-------- C:\Documents and Settings\Ivanovski\Application Data\Bioshock
    2008-06-19 17:25:38 0 d-------- C:\Documents and Settings\Ivanovski\Application Data\Winamp
    2008-06-15 20:35:50 0 d-------- C:\Program Files\FrameForge 3D Studio 2 Demo


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D789CE4F-DDF0-4DF7-A2BF-B2867BA16AFF}]
    09/08/2008 12:24 34176 --a------ C:\WINDOWS\system32\urqPfGXR.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [05/08/2004 14:00]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [05/08/2004 14:00]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [05/08/2004 14:00]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [07/01/2005 17:07 C:\WINDOWS\system32\HdAShCut.exe]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [05/08/2005 21:05]
    "RTHDCPL"="RTHDCPL.EXE" [25/05/2005 15:37 C:\WINDOWS\RTHDCPL.EXE]
    "Alcmtr"="ALCMTR.EXE" [03/05/2005 18:43 C:\WINDOWS\Alcmtr.exe]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [20/06/2005 11:50]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27]
    "AGRSMMSG"="AGRSMMSG.exe" [11/05/2005 13:12 C:\WINDOWS\AGRSMMSG.exe]
    "PCMService"="c:\Apps\Powercinema\PCMService.exe" [11/05/2005 13:48]
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [12/04/2005 13:39]
    "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [20/08/2006 00:48]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [15/08/2006 13:18]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [12/11/2006 12:48]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [20/01/2007 09:09]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [25/09/2006 10:12]
    "KIT3"="C:\WINDOWS\system32\spool\hpprintqueue.exe" [13/04/2007 03:01]
    "Device Detector"="DevDetect.exe" []
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [16/05/2008 01:19]
    "DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [27/11/2006 16:19]
    "CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [02/11/2002 08:33]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [16/01/2008 00:54]
    "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
    "Windows"="C:\DOCUME~1\IVANOV~1\LOCALS~1\Temp\Setup_ver1.1400.0.exe" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [03/09/2005 15:18]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [05/08/2004 14:00]
    "Gestionnaire Antidote.exe"="C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe" [07/11/2002 15:48]
    "Advanced Uninstaller PRO Installation Monitor"="C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\monitor.exe" [05/12/2006 16:52]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 12:34]
    "LaCie Backup"="C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe" [06/07/2006 11:30]
    "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [22/12/2007 09:20]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [19/06/2008 15:15]
    "@"="" []

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
    "SpybotDeletingA5623"=command /c del "C:\WINDOWS\tfnslopk.dll_old"
    "SpybotDeletingC8386"=cmd /c del "C:\WINDOWS\tfnslopk.dll_old"

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/04/2008 3:38:16]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{D789CE4F-DDF0-4DF7-A2BF-B2867BA16AFF}"= C:\WINDOWS\system32\urqPfGXR.dll [09/08/2008 12:24 34176]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqPfGXR]
    urqPfGXR.dll 09/08/2008 12:24 34176 C:\WINDOWS\system32\urqPfGXR.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "AOL ACS"=2 (0x2)


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    AutoRun\command- D:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
    AutoRun\command- I:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e261330-edf5-11db-a46f-00038a000015}]
    Auto\command- H:\AdobeR.exe e
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86da5912-a015-11db-a410-00038a000015}]
    AutoRun\command- F:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3d419c4-6f48-11db-a398-00038a000015}]
    AutoRun\command- E:\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e27ac333-c67f-11dc-ae24-0013ce5f310e}]
    Shell00\Command- G:\Start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e27ac334-c67f-11dc-ae24-0013ce5f310e}]
    AutoRun\command- toyvoejl.exe
    explore\Command- toyvoejl.exe
    open\Command- toyvoejl.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1f7379a-16d9-11dd-ae89-0013ce5f310e}]
    AutoRun\command- explorer.exe




    -- Hosts -----------------------------------------------------------------------

    69.57.152.127 auto.search.msn.es
    69.57.152.127 pagead2.googlesyndication.com
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com

    8774 more entries in hosts file.


    -- End of Deckard's System Scanner: finished at 2008-08-10 16:04:47 ------------


    extra :
    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft Windows XP Édition familiale (build 2600) SP 2.0
    Architecture: X86; Language: French

    CPU 0: Intel(R) Pentium(R) M processor 1.86GHz
    Percentage of Memory in Use: 73%
    Physical Memory (total/avail): 1022.05 MiB / 271.05 MiB
    Pagefile Memory (total/avail): 2456.02 MiB / 1747.97 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1936.63 MiB

    C: is Fixed (NTFS) - 74.52 GiB total, 5.87 GiB free.
    D: is CDROM (UDF)
    E: is CDROM (No Media)
    F: is CDROM (No Media)
    G: is CDROM (No Media)
    H: is CDROM (No Media)

    \\.\PHYSICALDRIVE0 - HTS541080G9SA00 - 74.53 GiB - 1 partition
    \PARTITION0 (bootable) - Système de fichiers installable - 74.52 GiB - C:



    -- Security Center -------------------------------------------------------------

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is disabled.

    FirstRunDisabled is set.
    AntiVirusDisableNotify is set.
    FirewallDisableNotify is set.

    FW: Norton Internet Security v2005 (Symantec Corporation)
    AV: Norton Internet Security v2005 (Symantec Corporation) Outdated
    AV: avast! antivirus 4.8.1201 [VPS 080731-0] v4.8.1201 (ALWIL Software) Disabled Outdated

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
    "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
    "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\APPS\\Inventime\\my.exe"="C:\\APPS\\Inventime\\my.exe:*:Enabled:INVENTIME"
    "C:\\WINDOWS\\system32\\msnmsgr.exe"="C:\\WINDOWS\\system32\\msnmsgr.exe:*:Enabled:msnmsgr"
    "C:\\Documents and Settings\\Ivanovski\\Local Settings\\Temp\\~osAA.tmp\\ossproxy.exe"="C:\\Documents and Settings\\Ivanovski\\Local Settings\\Temp\\~osAA.tmp\\ossproxy.exe:*:Enabled:o ssproxy.exe"
    "C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet"
    "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:D isabled:AOL"
    "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:D isabled:AOL"
    "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:D isabled:AOL"
    "C:\\Program Files\\AOL 9.0\\aol.exe"="C:\\Program Files\\AOL 9.0\\aol.exe:*:D isabled:AOL"
    "C:\\Program Files\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"="C:\\Program Files\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe:*:D isabled:p ANDORA"
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008"
    "C:\\APPS\\skype\\phone\\Skype.exe"="C:\\APPS\\skype\\phone\\Skype.exe:*:Enabled:Skype"


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\Ivanovski\Application Data
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Fichiers communs
    COMPUTERNAME=IVAN
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Ivanovski
    LOGONSERVER=\\IVAN
    MOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Documents and Settings\Ivanovski\Application Data\Mozilla\Firefox\Crash Reports
    MOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exe
    MOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\crashreporter-override.ini
    NUMBER_OF_PROCESSORS=1
    OS=Windows_NT
    Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\PROGRA~1\FICHIE~1\SONICS~1\;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\QuickTime\QTSystem\;C:\PROGRA~1\Druide\Antidote\Antidote;C:\Program Files\Druide\Antidote\Antidote
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=0d08
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\IVANOV~1\LOCALS~1\Temp
    TMP=C:\DOCUME~1\IVANOV~1\LOCALS~1\Temp
    USERDOMAIN=IVAN
    USERNAME=Ivanovski
    USERPROFILE=C:\Documents and Settings\Ivanovski
    windir=C:\WINDOWS
    __COMPAT_LAYER=EnableNXShowUI


    -- User Profiles ---------------------------------------------------------------

    Ivanovski (admin)


    -- Add/Remove Programs ---------------------------------------------------------

    --> "c:\apps\skype\phone\unins000.exe"
    --> "C:\Program Files\Fichiers communs\aolshare\Coach\AolCInUn.exe" -lang="fr-fr"
    --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
    --> agrsmdel
    --> C:\PROGRA~1\FICHIE~1\AOL\ACS\AcsUninstall.exe /c
    --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{406A5ABF-CA65-4E11-95C7-52228FE48F58} /l1036
    --> C:\Program Files\Fichiers communs\AOL\Screensaver\uninst_ygpss.exe
    --> C:\Program Files\Fichiers communs\aolshare\Aolunins_fr.exe
    --> C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    --> C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    --> C:\Program Files\Fichiers communs\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
    --> C:\Program Files\Fichiers communs\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
    --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
    --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
    --> C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
    --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
    --> MsiExec.exe /I{0CDCA5CD-C404-41FD-9216-9B4B3D24A7AA}
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.EXE" -uninstall
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AFA4872-16B2-419E-ADCA-8E96E739115D}\setup.exe" -l0x40c
    --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly
    --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
    2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    ACDSee 9 Photo Manager --> MsiExec.exe /X{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}
    Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
    Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
    Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1437-443D-B06E-79A00FE45110}
    Antidote --> "C:\Program Files\Druide\Antidote\IsStub32.exe" -f"C:\Program Files\Druide\Antidote\DeIsL1.isu" -c"C:\Program Files\Druide\Antidote\_ISREG32.DLL"
    AP Tuner 3.06 --> "C:\Program Files\AP Tuner\AP Tuner 3.06\uninstall.exe"
    Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
    Applied Acoustics Systems - Strum Acoustic GS-1 Demo v1.0 --> C:\Program Files\AAS\Strum Acoustic GS-1 Demo\Uninstall.exe
    Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe
    ASIO4ALL --> C:\Program Files\ASIO4ALL v2\uninstall.exe
    Assistant de connexion Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
    ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
    ATI Catalyst Control Center --> MsiExec.exe /I{2032106E-8826-4E6F-8D7B-854C53461317}
    ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:D ISPLAY -clean
    Audacity 1.2.4 --> "C:\Program Files\Audacity\unins000.exe"
    Auralia 3 Demo --> MsiExec.exe /X{87A2DB30-E53B-45DB-B9BB-0CE42BD174F9}
    avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
    BitComet 0.96 --> C:\Program Files\BitComet\uninst.exe
    BlindWrite 6 --> "C:\Program Files\VSO\BlindWrite6\unins000.exe"
    Boxing Manager --> "C:\Program Files\Boxing Manager\unins000.exe"
    Canon Camera Support Core Library --> C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{B9B9863A-32FD-4133-ADB7-46244ED77694} /l1036
    CC_ccProxyExt --> MsiExec.exe /I{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}
    ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
    CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
    ccPxyCore --> MsiExec.exe /I{FC08587A-4F01-4188-819F-F55880022917}
    Celtx (1.0) --> C:\Program Files\Celtx\uninstall\helper.exe
    Chessmaster 10ème édition fr --> "C:\Program Files\BoontyGames\Chessmaster 10ème édition\unins000.exe"
    CloneCD --> "C:\Program Files\Elaborate Bytes\CloneCD\ccd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneCD"
    Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe
    Compel Adaptec WinASPI --> "C:\Program Files\WinASPI\unins000.exe"
    Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007 --> MsiExec.exe /X{90120000-00B2-040C-0000-0000000FF1CE}
    Correctif pour Lecteur Windows Media 11 (KB939683) --> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB896256) --> "C:\WINDOWS\$NtUninstallKB896256$\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB935448) --> "C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
    Correctif Windows XP - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
    Correctif Windows XP - KB885250 --> C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
    Correctif Windows XP - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
    Correctif Windows XP - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
    Correctif Windows XP - KB885884 --> C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
    Correctif Windows XP - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
    Correctif Windows XP - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
    Correctif Windows XP - KB887742 --> C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
    Correctif Windows XP - KB888113 --> C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
    Correctif Windows XP - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
    Correctif Windows XP - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
    Correctif Windows XP - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
    DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
    DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Dramatica Pro 4.0 Demo --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Screenplay Systems\Dramatica Pro Demo\Uninst.isu"
    DU Meter --> "C:\Program Files\DU Meter\unins000.exe"
    DV Network Software --> C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{C219D284-F161-4731-AC0E-D89814ACEABE} /l1036 anything
    DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
    DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
    EPSON Logiciel imprimante --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
    ffdshow --> "C:\Program Files\ffdshow\uninstall.exe"
    Final Draft 7 --> MsiExec.exe /I{78D62D17-D970-42DA-B8CF-5E5576293B33}
    FL Studio 8 --> C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
    Football Manager 2008 --> "C:\Program Files\Sports Interactive\Football Manager 2008\Uninstall_Football Manager 2008\Uninstall Football Manager 2008.exe"
    FrameForge 3D Studio 2 Demo --> C:\Program Files\FrameForge 3D Studio 2 Demo\uninstall demo.exe
    Free Mp3 Wma Converter V 1.7.2 --> "C:\Program Files\Free Audio Pack\unins000.exe"
    GameShadow --> MsiExec.exe /I{6AEAD38B-383B-46FF-8A5D-00A822ADA77A}
    GCH Guitar academy --> C:\Program Files\GCH Guitar academy\uninstall.exe
    GIMP 2.4.6 --> "C:\Program Files\GIMP-2.0\setup\unins000.exe"
    GiveMeTac 1.1 --> "C:\Program Files\GiveMeTac 1.1\unins000.exe"
    Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
    HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    HP USB Disk Storage Format Tool --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9
    IL Download Manager --> C:\Program Files\Image-Line\Downloader\uninstall.exe
    J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
    J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
    Java 2 Runtime Environment, SE v1.4.2_05 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
    Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    Java(TM) 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    LaCie Backup Software v1.5.2378 --> MsiExec.exe /I{5967A03E-3B74-4DF1-B591-2D89CA26BDC9}
    LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
    Macromedia Shockwave Player --> MsiExec.exe /X{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}
    Magic ISO Maker v5.3 (build 0214) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
    Magic ISO Maker v5.4 (build 0247) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
    MediaMonkey 2.5 Language Pack 1.3 --> "C:\Program Files\MediaMonkey\unins000.exe"
    MetaCrawl.WS Toolbar --> regsvr32 /u /s "C:\Program Files\IEToolbar\metacrawl.ws.dll"
    Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Office Access MUI (French) 2007 --> MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
    Microsoft Office Excel MUI (French) 2007 --> MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (French) 2007 --> MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
    Microsoft Office Language Pack 2007 Service Pack 1 (SP1) --> msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
    Microsoft Office Outlook MUI (French) 2007 --> MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007 --> MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office Professional Plus 2007 --> "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
    Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
    Microsoft Office Proof (Arabic) 2007 --> MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007 --> MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007 --> MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (French) 2007 --> MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
    Microsoft Office Shared MUI (French) 2007 --> MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007 --> MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Works --> MsiExec.exe /I{A059DE09-1B49-4450-B340-7AE097EC3F04}
    Mise à jour de sécurité pour Lecteur Windows Media (KB911564) --> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) --> "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) --> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Step by Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Step by Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB893066) --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB931768) --> "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB933566) --> "C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB937143) --> "C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB939653) --> "C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB942615) --> "C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB944338) --> "C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB944533) --> "C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB947864) --> "C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950749) --> "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950759) --> "C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950760) --> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950762) --> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376-v2) --> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376) --> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951698) --> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951748) --> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB930916) --> "C
    10 Août 2008 19:55:37

    c'était trop beau pour être vrai, j'ai des icones d'alertes dans ma barre de tache maintenant et des fenetres de pub qui se lancent dans internet explorer et spybot n'arrête pas de détecter des modifications du registre. En gros, je crois que tout n'a pas disparu.
    11 Août 2008 00:21:17

    Re,

    Citation :
    c'était trop beau pour être vrai, j'ai des icones d'alertes dans ma barre de tache maintenant et des fenetres de pub qui se lancent dans internet explorer et spybot n'arrête pas de détecter des modifications du registre. En gros, je crois que tout n'a pas disparu.


    Il ne me semble pas t'avoir dit que la manip' avec DSS allait résoudre ton problème :D 

    Je te le ferai savoir quand ce sera bon.

    Télécharge Combofix à partir d'**ICI** ou bien **ICI** et enregistre-le sur ton bureau.

    **Note 1 : Dans le cas où tu aurais déjà une version de combofix, il faudra que tu en télécharges une autre, la toute dernière. De plus il est très important de le sauvegarder directement sur ton bureau.**

  • Merci de ne jamais renommer Combofix, sauf si cela t'es expressément demandé.
  • Ferme toutes les fenêtres en cours, sans exception.
  • Désactive toutes les protections résidentes de tous tes logiciels antivirus, antispyware etc. afin que ces derniers n'interfèrent pas avec le bonfonctionnement de Combofix.
    Très important : Désactive temporairement toutes tes protections résidentes de tous tes logiciels de sécurité avant de lancer un scan avec Combofix. Ils risqueraient d'altérer le bon déroulement du scan de Combofix, ce qui pourrait avoir des conséquences imprévues et désastreuses.
  • Clique sur ce lien pour voir une liste de programmes qui devraient systématiquement être désactivés avant l'utilisation de combofix. A noter que la liste n'est pas exhaustive. Si ton logiciel de sécurité n'est pas dans cette liste et que tu ne sais pas comment le désactiver, ou que tu ne comprends pas l'anglais :p  , merci de me poser la question.
  • ATTENTION : Combofix va automatiquement te déconnecter d'internet dès que le scan débute.
  • Merci ne pas essayer de reconnecter ta machine à internet tant que combofix n'a pas fini son travail.
  • Si jamais tu n'arrives plus à te connecter à internet après l'utilisation de combofix, redémarre ton PC pour restaurer la connexion à internet.
  • Double clique sur combofix.exe et suis les instructions qui s'affichent.
  • Quand le scan sera fini, un rapport devrait normalement s'afficher à l'écran.
  • Merci de poster le rapport suivant, "C:\ComboFix.txt" , dans votre prochaine réponse, accompagné d'un nouveau rapport HiJackThis.

    **Note 2 : Ne pas cliquer dans la fenêtre de combofix pendant qu'il travaille. Tu risquerais de planter le PC et de causer d'importants dommages.**

    ;) 
    11 Août 2008 10:48:50

    alors, voici le rapport de combofix:

    ComboFix 08-08-10.02 - Ivanovski 2008-08-11 10:40:00.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.400 [GMT 2:00]
    Endroit: C:\Documents and Settings\Ivanovski\Bureau\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Ivanovski\Bureau\Vista Antivirus 2008.lnk
    .
    ---- Previous Run -------
    .
    C:\Documents and Settings\Ivanovski\Bureau\Error Cleaner.url
    C:\Documents and Settings\Ivanovski\Bureau\Privacy Protector.url
    C:\Documents and Settings\Ivanovski\Bureau\Spyware&Malware Protection.url
    C:\Documents and Settings\Ivanovski\Favoris\Error Cleaner.url
    C:\Documents and Settings\Ivanovski\Favoris\Privacy Protector.url
    C:\Documents and Settings\Ivanovski\Favoris\Spyware&Malware Protection.url
    C:\Program Files\Dynamic Toolbar
    C:\Program Files\Dynamic Toolbar\batch.bat
    C:\Program Files\Dynamic Toolbar\Cache\go.bmp
    C:\Program Files\Dynamic Toolbar\Cache\home.bmp
    C:\Program Files\Dynamic Toolbar\Cache\logo_pb.bmp
    C:\Program Files\Dynamic Toolbar\Cache\parent_off.bmp
    C:\Program Files\Dynamic Toolbar\Cache\parent_on.bmp
    C:\Program Files\Dynamic Toolbar\Cache\pbfrv2tb0200.cfg
    C:\Program Files\Dynamic Toolbar\Cache\popup_off.bmp
    C:\Program Files\Dynamic Toolbar\Cache\popup_on.bmp
    C:\Program Files\Dynamic Toolbar\Cache\search.bmp
    C:\Program Files\Dynamic Toolbar\Cache\services.bmp
    C:\Program Files\Dynamic Toolbar\Cache\skin.bmp
    C:\Program Files\Dynamic Toolbar\Cache\skin1.bmp
    C:\Program Files\Dynamic Toolbar\Cache\skin2.bmp
    C:\Program Files\Dynamic Toolbar\Cache\skin3.bmp
    C:\Program Files\Dynamic Toolbar\Cache\skin4.bmp
    C:\Program Files\Dynamic Toolbar\Cache\skin5.bmp
    C:\Program Files\Dynamic Toolbar\Cache\store.bmp
    C:\Program Files\Dynamic Toolbar\Cache\style.css
    C:\Program Files\Dynamic Toolbar\Cache\support.bmp
    C:\Program Files\Dynamic Toolbar\Cache\ticker.xml
    C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\_Ticker_ticker.txt
    C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\ErrorLog.txt
    C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\go.bmp
    C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\home.bmp
    C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\logo_pb.bmp
    C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\parent_off.bmp
    C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\parent_on.bmp
    C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\pbfrv2tb0200.cfg
    C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\popup_off.bmp
    C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\popup_on.bmp
    C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\search.bmp
    C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\services.bmp
    C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\skin.bmp
    C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\skin1.bmp
    C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\skin2.bmp
    C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\skin3.bmp
    C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\skin4.bmp
    C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\skin5.bmp
    C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\store.bmp
    C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\style.css
    C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\support.bmp
    C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\ticker.xml
    C:\Program Files\Dynamic Toolbar\unins000.dat
    C:\Program Files\Dynamic Toolbar\unins000.exe
    C:\Program Files\IEToolbar
    C:\Program Files\IEToolbar\basis.xml
    C:\Program Files\IEToolbar\icons.bmp
    C:\Program Files\IEToolbar\inst.bat
    C:\Program Files\IEToolbar\metacrawl.ws.crc
    C:\Program Files\IEToolbar\metacrawl.ws.inf
    C:\Program Files\IEToolbar\metacrawlit.bmp
    C:\Program Files\IEToolbar\version.txt
    C:\Program Files\PCHealthCenter
    C:\Program Files\PCHealthCenter\0.exe
    C:\Program Files\PCHealthCenter\0.gif
    C:\Program Files\PCHealthCenter\1.exe
    C:\Program Files\PCHealthCenter\1.gif
    C:\Program Files\PCHealthCenter\2.exe
    C:\Program Files\PCHealthCenter\2.gif
    C:\Program Files\PCHealthCenter\3.exe
    C:\Program Files\PCHealthCenter\3.gif
    C:\Program Files\PCHealthCenter\4.exe
    C:\Program Files\PCHealthCenter\5.exe
    C:\Program Files\PCHealthCenter\7.exe
    C:\Program Files\PCHealthCenter\sex1.ico
    C:\Program Files\PCHealthCenter\sex2.ico
    C:\Program Files\VAV
    C:\Program Files\VAV\vav.cpl
    C:\Program Files\VAV\vav.ooo
    C:\Program Files\VAV\vav0.dat
    C:\Program Files\VAV\vav1.dat
    C:\WINDOWS\bgrqfetx.dll
    C:\WINDOWS\edlb.exe
    C:\WINDOWS\ewdx.exe
    C:\WINDOWS\lnvegaow.exe
    C:\WINDOWS\privacy_danger
    C:\WINDOWS\privacy_danger\images\capt.gif
    C:\WINDOWS\privacy_danger\images\danger.jpg
    C:\WINDOWS\privacy_danger\images\down.gif
    C:\WINDOWS\privacy_danger\images\spacer.gif
    C:\WINDOWS\privacy_danger\index.htm
    C:\WINDOWS\system32\awtqnkhe.dll
    C:\WINDOWS\system32\awtuuUom.dll
    C:\WINDOWS\system32\fccbARIa.dll
    C:\WINDOWS\system32\MSINET.oca
    C:\WINDOWS\system32\opnlJdcc.dll
    C:\WINDOWS\system32\pmnmjHba.dll
    C:\WINDOWS\system32\pmnnOGWm.dll
    C:\WINDOWS\system32\rqRIaXOG.dll
    C:\WINDOWS\system32\sex1.ico
    C:\WINDOWS\system32\sex2.ico
    C:\WINDOWS\system32\ssqQkICT.dll
    C:\WINDOWS\system32\uninstall.exe
    C:\WINDOWS\system32\urqPfGXR.dll
    C:\WINDOWS\system32\vtUnlMff.dll
    C:\WINDOWS\tfnslopk.dll
    C:\WINDOWS\wnlmdakqlag.dll
    C:\WINDOWS\xokvrpwg.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-07-11 to 2008-08-11 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-10 15:58 . 2008-08-10 15:58 <REP> d-------- C:\Deckard
    2008-08-10 14:05 . 2008-08-10 14:05 4,026 --a------ C:\WINDOWS\system32\tmp.reg
    2008-08-10 14:04 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-08-10 14:04 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-08-10 14:04 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-08-10 14:04 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-08-10 14:04 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
    2008-08-10 14:04 . 2008-08-09 15:37 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
    2008-08-10 14:04 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-08-10 14:04 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-08-10 14:04 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-08-10 12:46 . 2008-08-10 12:46 84 --a------ C:\WINDOWS\wininit.ini
    2008-08-10 01:42 . 2008-08-10 01:42 <REP> d-------- C:\Program Files\Trend Micro
    2008-08-07 14:51 . 2008-08-07 14:54 <REP> d-------- C:\Program Files\SopCast
    2008-08-07 11:09 . 2008-08-07 11:11 <REP> d-------- C:\Program Files\TVAnts
    2008-08-04 23:07 . 2008-08-09 15:09 <REP> d-------- C:\Program Files\FIBA Basketball Manager 2008
    2008-08-04 17:34 . 2008-08-08 18:46 <REP> d-------- C:\Documents and Settings\Ivanovski\Application Data\Lionhead Studios
    2008-08-04 17:32 . 2008-08-04 17:32 <REP> d--hs---- C:\WINDOWS\ftpcache
    2008-08-04 17:22 . 2008-08-04 17:22 <REP> d-------- C:\Program Files\Lionhead Studios Ltd
    2008-08-04 08:29 . 2008-08-04 09:41 4,681,428,992 --a------ C:\printemps été.ISO
    2008-08-01 01:30 . 2008-08-01 01:30 <REP> d-------- C:\Documents and Settings\Ivanovski\Application Data\Skype
    2008-08-01 01:30 . 2008-08-01 01:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
    2008-07-23 11:16 . 2008-07-23 11:16 <REP> d-------- C:\Documents and Settings\Ivanovski\Application Data\Applied Acoustics Systems
    2008-07-23 11:14 . 2008-07-23 11:14 <REP> d-------- C:\Program Files\Fichiers communs\Digidesign
    2008-07-23 11:13 . 2008-07-23 11:13 <REP> d-------- C:\Program Files\AAS
    2008-07-23 09:44 . 2008-07-23 09:46 <REP> d-------- C:\Program Files\Boxing Manager

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-09 12:26 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\Azureus
    2008-08-09 12:21 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\U3
    2008-08-08 17:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-08-08 16:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-08 15:18 --------- d-----w C:\Program Files\Celtx
    2008-08-07 13:09 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-08-04 08:44 --------- d-----w C:\Program Files\Java
    2008-08-04 06:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-08-02 14:19 --------- d-----w C:\Program Files\GCH Guitar academy
    2008-07-30 18:13 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\dvdcss
    2008-07-23 09:14 --------- d-----w C:\Program Files\VstPlugins
    2008-07-15 14:09 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\gtk-2.0
    2008-07-11 14:01 --------- d-----w C:\Program Files\Momindum Studio
    2008-07-11 14:01 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\Momindum Studio
    2008-07-06 21:09 --------- d--h--w C:\Program Files\Zero G Registry
    2008-07-06 20:58 --------- d-----w C:\Program Files\Sports Interactive
    2008-07-06 20:52 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\Sports Interactive
    2008-07-05 17:28 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-07-05 17:26 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\AdobeUM
    2008-07-05 15:12 --------- d-----w C:\Program Files\GameShadow
    2008-07-04 00:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-07-03 23:35 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-07-03 13:00 --------- d-----w C:\Program Files\GIMP-2.0
    2008-07-03 11:03 --------- d-----w C:\Program Files\Azureus
    2008-06-27 20:38 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\Bioshock
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
    2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
    2008-06-19 15:25 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\Winamp
    2008-06-15 18:35 --------- d-----w C:\Program Files\FrameForge 3D Studio 2 Demo
    2008-06-15 18:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Common Resources
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-14 10:58 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
    2007-06-21 10:36 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    2007-04-28 15:34 87,608 -c--a-w C:\Documents and Settings\Ivanovski\Application Data\ezpinst.exe
    2007-04-28 15:34 47,360 -c--a-w C:\Documents and Settings\Ivanovski\Application Data\pcouffin.sys
    2006-10-16 15:45 94,080 -c--a-w C:\Documents and Settings\Ivanovski\Application Data\ezplay.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18 94208]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "Gestionnaire Antidote.exe"="C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe" [2002-11-07 15:48 143360]
    "Advanced Uninstaller PRO Installation Monitor"="C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\monitor.exe" [2006-12-05 16:52 1180672]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
    "LaCie Backup"="C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe" [2006-07-06 11:30 2596864]
    "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 09:20 222080]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-06-19 15:15 3664944]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 14:00 208952]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 14:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 14:00 455168]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 11:50 729178]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
    "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 13:48 127118]
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-04-12 13:39 58992]
    "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-08-20 00:48 100056]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-15 13:18 180269]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-01-20 09:09 200704]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12 90112]
    "KIT3"="C:\WINDOWS\system32\spool\hpprintqueue.exe" [2007-04-13 03:01 0]
    "DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2006-11-27 16:19 1582616]
    "CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 08:33 45056]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2005-05-25 15:37 14477312 C:\WINDOWS\RTHDCPL.EXE]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-05-11 13:12 88204 C:\WINDOWS\AGRSMMSG.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3acm"= l3codecp.acm
    "vidc.mpng"= C:\Program Files\t@b\0.956\686\tabdec.dll
    "vidc.mjpg"= C:\Program Files\t@b\0.956\686\tabdec.dll
    "vidc.mvjp"= C:\Program Files\t@b\0.956\686\tabdec.dll
    "vidc.444p"= C:\Program Files\t@b\0.956\686\tabdec.dll
    "VIDC.ACDV"= ACDV.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-02-16 10:54 282624 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "AOL ACS"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\APPS\\Inventime\\my.exe"=
    "C:\\Program Files\\BitComet\\BitComet.exe"=
    "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
    "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
    "C:\\Program Files\\AOL 9.0\\waol.exe"=
    "C:\\Program Files\\AOL 9.0\\aol.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
    "C:\\APPS\\skype\\phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "49153:TCP"= 49153:TCP:BitComet 49153 TCP
    "49153:UDP"= 49153:UDP:BitComet 49153 UDP
    "55437:TCP"= 55437:TCP:BitComet 55437 TCP
    "55437:UDP"= 55437:UDP:BitComet 55437 UDP

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
    S3 nenum13E;nenum13E;C:\DOCUME~1\IVANOV~1\LOCALS~1\Temp\nenum13E.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - D:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
    \Shell\AutoRun\command - I:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86da5912-a015-11db-a410-00038a000015}]
    \Shell\AutoRun\command - F:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3d419c4-6f48-11db-a398-00038a000015}]
    \Shell\AutoRun\command - E:\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e27ac333-c67f-11dc-ae24-0013ce5f310e}]
    \Shell\Shell00\Command - G:\Start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e27ac334-c67f-11dc-ae24-0013ce5f310e}]
    \Shell\AutoRun\command - toyvoejl.exe
    \Shell\explore\Command - toyvoejl.exe
    \Shell\open\Command - toyvoejl.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1f7379a-16d9-11dd-ae89-0013ce5f310e}]
    \Shell\AutoRun\command - explorer.exe
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

    2008-08-05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 15:42]
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{D789CE4F-DDF0-4DF7-A2BF-B2867BA16AFF} - (no file)
    HKLM-Run-Device Detector - DevDetect.exe
    Notify-urqPfGXR - (no file)
    MSConfigStartUp-MsnMsgr - C:\Program Files\MSN Messenger\msnmsgr.exe


    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\Ivanovski\Application Data\Mozilla\Firefox\Profiles\mw204z4f.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
    FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
    FF -: plugin - C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
    FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
    FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll


    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-11 10:43:49
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MySqlInventime]
    "ImagePath"="c:\mysql\bin\mysqld-max-nt MySqlInventime"
    .
    Temps d'accomplissement: 2008-08-11 10:45:21
    ComboFix-quarantined-files.txt 2008-08-11 08:45:17

    Pre-Run: 5,720,334,336 octets libres
    Post-Run: 5,697,941,504 octets libres

    329 --- E O F --- 2008-08-08 17:19:46


    et celui de hijackthis:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:46:18, on 11/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Fichiers communs\ACD Systems\EN\DevDetect.exe
    C:\Program Files\DU Meter\DUMeter.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
    C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\monitor.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\LaCie\Backup Software\LaCieBackup.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.metacrawl.ws
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing)
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [KIT3] C:\WINDOWS\system32\spool\hpprintqueue.exe
    O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
    O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\monitor.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CB6F7303-B601-43F3-AD0B-B7FFB987451B}: NameServer = 212.68.193.110,192.168.0.1
    O18 - Protocol: biblioscape - (no CLSID) - (no file)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    --
    End of file - 13569 bytes
    11 Août 2008 12:31:44

    :hello: 

    Désactive toute protection résidente ( antivirus…) ! <------- Pense-y !

    Copie le texte se situant dans le cadre ci-dessous : ( Ctrl + C )

    Citation :
    Driver::
    nenum13E

    File::
    C:\WINDOWS\wininit.ini

    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000000
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000000
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000000
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"=dword:00000000
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86da5912-a015-11db-a410-00038a000015}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3d419c4-6f48-11db-a398-00038a000015}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e27ac333-c67f-11dc-ae24-0013ce5f310e}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e27ac334-c67f-11dc-ae24-0013ce5f310e}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1f7379a-16d9-11dd-ae89-0013ce5f310e}]


    => Ouvre le Bloc Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes

    - Colles y le texte (CTRL + V)
    - Enregistre ce fichier dans : Bureau
    - Nom du fichier : CFScript
    - Type du fichier : tous les fichiers !!
    - Clique sur Enregistrer
    - Quitte le Bloc Notes

    Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



    * Cela va relancer Combofix : au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
    * Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher : Copie/Colle son contenue sur le forum.
    Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt
    * Poste un nouveau rapport hijackthis.

    ;) 
    11 Août 2008 15:22:38

    j'ai effectué ce que tu m'as dit de faire avec le fichier cfscript mais il n'y a pas eu de message qui est apparu dans combofix me demandant d'appuyer sur un chiffre et de valider, combofix s'est mis en route et à redémarrer l'ordi après sa tâche.
    J'ai recommencé ensuite pcq je n'avais de fichier log qui était apparu après. J'ai aussi fait attention à ce que mes antivirus ne soient pas activé mais je suis pas sur qu'ils étaient complètement inactifs.

    Voici le rapport que j'ai eu la deuxième fois :

    ComboFix 08-08-10.02 - Ivanovski 2008-08-11 15:03:35.4 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.486 [GMT 2:00]
    Endroit: C:\Documents and Settings\Ivanovski\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Ivanovski\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    FILE ::
    C:\WINDOWS\wininit.ini
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\WINDOWS\wininit.ini

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NENUM13E
    -------\Service_nenum13E


    ((((((((((((((((((((((((((((( Fichiers créés 2008-07-11 to 2008-08-11 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-10 15:58 . 2008-08-10 15:58 <REP> d-------- C:\Deckard
    2008-08-10 14:05 . 2008-08-10 14:05 4,026 --a------ C:\WINDOWS\system32\tmp.reg
    2008-08-10 14:04 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-08-10 14:04 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-08-10 14:04 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-08-10 14:04 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-08-10 14:04 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
    2008-08-10 14:04 . 2008-08-09 15:37 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
    2008-08-10 14:04 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-08-10 14:04 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-08-10 14:04 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-08-10 01:42 . 2008-08-10 01:42 <REP> d-------- C:\Program Files\Trend Micro
    2008-08-07 14:51 . 2008-08-07 14:54 <REP> d-------- C:\Program Files\SopCast
    2008-08-07 11:09 . 2008-08-07 11:11 <REP> d-------- C:\Program Files\TVAnts
    2008-08-04 23:07 . 2008-08-09 15:09 <REP> d-------- C:\Program Files\FIBA Basketball Manager 2008
    2008-08-04 17:34 . 2008-08-08 18:46 <REP> d-------- C:\Documents and Settings\Ivanovski\Application Data\Lionhead Studios
    2008-08-04 17:32 . 2008-08-04 17:32 <REP> d--hs---- C:\WINDOWS\ftpcache
    2008-08-04 17:22 . 2008-08-04 17:22 <REP> d-------- C:\Program Files\Lionhead Studios Ltd
    2008-08-04 08:29 . 2008-08-04 09:41 4,681,428,992 --a------ C:\printemps été.ISO
    2008-08-01 01:30 . 2008-08-01 01:30 <REP> d-------- C:\Documents and Settings\Ivanovski\Application Data\Skype
    2008-08-01 01:30 . 2008-08-01 01:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
    2008-07-23 11:16 . 2008-07-23 11:16 <REP> d-------- C:\Documents and Settings\Ivanovski\Application Data\Applied Acoustics Systems
    2008-07-23 11:14 . 2008-07-23 11:14 <REP> d-------- C:\Program Files\Fichiers communs\Digidesign
    2008-07-23 11:13 . 2008-07-23 11:13 <REP> d-------- C:\Program Files\AAS
    2008-07-23 09:44 . 2008-07-23 09:46 <REP> d-------- C:\Program Files\Boxing Manager

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-11 12:35 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\Azureus
    2008-08-09 12:21 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\U3
    2008-08-08 17:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-08-08 16:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-08 15:18 --------- d-----w C:\Program Files\Celtx
    2008-08-07 13:09 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-08-04 08:44 --------- d-----w C:\Program Files\Java
    2008-08-04 06:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-08-02 14:19 --------- d-----w C:\Program Files\GCH Guitar academy
    2008-07-30 18:13 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\dvdcss
    2008-07-23 09:14 --------- d-----w C:\Program Files\VstPlugins
    2008-07-15 14:09 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\gtk-2.0
    2008-07-11 14:01 --------- d-----w C:\Program Files\Momindum Studio
    2008-07-11 14:01 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\Momindum Studio
    2008-07-06 21:09 --------- d--h--w C:\Program Files\Zero G Registry
    2008-07-06 20:58 --------- d-----w C:\Program Files\Sports Interactive
    2008-07-06 20:52 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\Sports Interactive
    2008-07-05 17:28 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-07-05 17:26 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\AdobeUM
    2008-07-05 15:12 --------- d-----w C:\Program Files\GameShadow
    2008-07-04 00:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-07-03 23:35 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-07-03 13:00 --------- d-----w C:\Program Files\GIMP-2.0
    2008-07-03 11:03 --------- d-----w C:\Program Files\Azureus
    2008-06-27 20:38 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\Bioshock
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
    2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
    2008-06-19 15:25 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\Winamp
    2008-06-15 18:35 --------- d-----w C:\Program Files\FrameForge 3D Studio 2 Demo
    2008-06-15 18:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Common Resources
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-14 10:58 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
    2007-06-21 10:36 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    2007-04-28 15:34 87,608 -c--a-w C:\Documents and Settings\Ivanovski\Application Data\ezpinst.exe
    2007-04-28 15:34 47,360 -c--a-w C:\Documents and Settings\Ivanovski\Application Data\pcouffin.sys
    2006-10-16 15:45 94,080 -c--a-w C:\Documents and Settings\Ivanovski\Application Data\ezplay.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-08-11_10.44.58.37 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE
    + 2008-08-11 12:55:16 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_200.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18 94208]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "Gestionnaire Antidote.exe"="C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe" [2002-11-07 15:48 143360]
    "Advanced Uninstaller PRO Installation Monitor"="C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\monitor.exe" [2006-12-05 16:52 1180672]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
    "LaCie Backup"="C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe" [2006-07-06 11:30 2596864]
    "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 09:20 222080]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-06-19 15:15 3664944]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 14:00 208952]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 14:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 14:00 455168]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 11:50 729178]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
    "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 13:48 127118]
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-04-12 13:39 58992]
    "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-08-20 00:48 100056]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-15 13:18 180269]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-01-20 09:09 200704]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12 90112]
    "KIT3"="C:\WINDOWS\system32\spool\hpprintqueue.exe" [2007-04-13 03:01 0]
    "DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2006-11-27 16:19 1582616]
    "CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 08:33 45056]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2005-05-25 15:37 14477312 C:\WINDOWS\RTHDCPL.EXE]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-05-11 13:12 88204 C:\WINDOWS\AGRSMMSG.exe]
    "Device Detector"="DevDetect.exe" [BU]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqPfGXR]
    [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3acm"= l3codecp.acm
    "vidc.mpng"= C:\Program Files\t@b\0.956\686\tabdec.dll
    "vidc.mjpg"= C:\Program Files\t@b\0.956\686\tabdec.dll
    "vidc.mvjp"= C:\Program Files\t@b\0.956\686\tabdec.dll
    "vidc.444p"= C:\Program Files\t@b\0.956\686\tabdec.dll
    "VIDC.ACDV"= ACDV.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-02-16 10:54 282624 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "AOL ACS"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\APPS\\Inventime\\my.exe"=
    "C:\\Program Files\\BitComet\\BitComet.exe"=
    "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
    "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
    "C:\\Program Files\\AOL 9.0\\waol.exe"=
    "C:\\Program Files\\AOL 9.0\\aol.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
    "C:\\APPS\\skype\\phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "49153:TCP"= 49153:TCP:BitComet 49153 TCP
    "49153:UDP"= 49153:UDP:BitComet 49153 UDP
    "55437:TCP"= 55437:TCP:BitComet 55437 TCP
    "55437:UDP"= 55437:UDP:BitComet 55437 UDP

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - D:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
    \Shell\AutoRun\command - I:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3d419c4-6f48-11db-a398-00038a000015}]
    \Shell\AutoRun\command - E:\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e27ac333-c67f-11dc-ae24-0013ce5f310e}]
    \Shell\Shell00\Command - G:\Start.exe
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

    2008-08-05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 15:42]
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{D789CE4F-DDF0-4DF7-A2BF-B2867BA16AFF} - (no file)


    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-11 15:07:26
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MySqlInventime]
    "ImagePath"="c:\mysql\bin\mysqld-max-nt MySqlInventime"
    .
    Temps d'accomplissement: 2008-08-11 15:10:03
    ComboFix-quarantined-files.txt 2008-08-11 13:09:13
    ComboFix2.txt 2008-08-11 08:45:22

    Pre-Run: 5,574,615,040 octets libres
    Post-Run: 5,552,726,016 octets libres

    209 --- E O F --- 2008-08-08 17:19:46

    le rapport hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:11:17, on 11/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Fichiers communs\ACD Systems\EN\DevDetect.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
    C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\monitor.exe
    C:\Program Files\LaCie\Backup Software\LaCieBackup.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.metacrawl.ws
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {D789CE4F-DDF0-4DF7-A2BF-B2867BA16AFF} - (no file)
    O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing)
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [KIT3] C:\WINDOWS\system32\spool\hpprintqueue.exe
    O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
    O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\monitor.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CB6F7303-B601-43F3-AD0B-B7FFB987451B}: NameServer = 212.68.193.110,192.168.0.1
    O18 - Protocol: biblioscape - (no CLSID) - (no file)
    O20 - Winlogon Notify: urqPfGXR - C:\WINDOWS\
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    --
    End of file - 13802 bytes
    11 Août 2008 18:17:33

    Re,

    Tu as deux antivirus.

    Tu as plusieurs logiciels de protections (antivirus ou antispywares).
    Pour rappel : un seul antivirus et un seul antispyware par ordinateur

    Cela ne te protège pas forcemment mieux mais ce qui est certains c'est que ça te ralenti l'ordinateur voir peu occasionner des plantages, plus d'infos : http://forum.malekal.com/viewtopic.php?f=45&t=4650

    Fais du ménage dans les programes de protections installés.

    Supprime en un et poste-moi un nouveau rapport HijackThis.

    ;) 
    12 Août 2008 09:41:40

    salut,

    je ne suis pas parvenu à désinstaller norton qui était fourni avec mon pc portable à l'origine (j'ai essayé decrapifier mais ça n'a pas marché) alors j'ai retiré avast et spybot avec succès.
    Après la désinstallation et le reboot, j'ai essayé de lancer hijackthis mais maintenant il ne veut pas démarrer.
    12 Août 2008 12:00:10

    :hello:  Bonjour,

    Curieux tout cela...

    Citation :
    j'ai essayé de lancer hijackthis mais maintenant il ne veut pas démarrer.


    Désinstalle-le, réinstalle-le et réessaye.

    ;) 
    12 Août 2008 12:51:34

    pas moyen de le désinstaller, même pas avec decrapifier
    13 Août 2008 00:23:21

    Re,

    As-tu essayé en mode sans échec ?

    ;) 
    13 Août 2008 10:01:10

    salut,

    je ne parviens toujours pas à lancer hijackthis ni à le désinstaller, et en mode sans échec non plus. Le seul programme de ceux que tu m'as conseillé d'installer (dss, combofix, hijacthis et smitfraufix) qui fonctionne est smitfraudfix, les autres ne se lancent pas.
    13 Août 2008 12:44:01

    Re,

    On va effectuer une réparation du système. Pour cela procède comme suit :

  • Insère ton CD de windows dans ton lecteur ( il faut que le CD corresponde à ta version de windows ).
  • Ferme toutes les programmes, fenêtres et applications en cours.
  • Déconnecte-toi d'internet.
  • Menu démarrer > exécuter.
  • Dans la fenêtre qui apparaît, tape : sfc /scannow puis valide par entrée.
  • Le PC va travailler, laisse-le tourner, cela peut prendre un bon moment.
  • Reviens me dire quand cela est fait.

    ;) 
    15 Août 2008 16:24:33

    salut,

    voila je viens d'effectuer le scannow. ça s'est passé sans accro.

    16 Août 2008 12:30:31

    :hello:  Bonjour,

    Arrives-tu maintenant à désinstaller/supprimer HijackTHis ?

    ;) 
    16 Août 2008 18:13:34

    salut,

    oui j'y suis parvenu. Voici le rapport d'hijackthis.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:12:30, on 16/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\DU Meter\DUMeter.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Fichiers communs\ACD Systems\EN\DevDetect.exe
    C:\WINDOWS\system32\buritos.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
    C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\monitor.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\LaCie\Backup Software\LaCieBackup.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NSMdtr.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O3 - Toolbar: bgrqfetx - {892B88A3-DC94-4A1F-A75A-9AA50061A683} - C:\WINDOWS\bgrqfetx.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [KIT3] C:\WINDOWS\system32\spool\hpprintqueue.exe
    O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [buritos] buritos.exe
    O4 - HKLM\..\Run: [a8e692a6] rundll32.exe "C:\WINDOWS\system32\wqraqluv.dll",b
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
    O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\monitor.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [AnumanLive] C:\Documents and Settings\Ivanovski\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CB6F7303-B601-43F3-AD0B-B7FFB987451B}: NameServer = 212.68.193.110,192.168.0.1
    O18 - Protocol: biblioscape - (no CLSID) - (no file)
    O20 - AppInit_DLLs: karina.dat dqnxxb.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    --
    End of file - 11340 bytes
    16 Août 2008 23:32:23

    Re,

    En voilà une bonne nouvelle :super:

    L'infection est revenue, ou plutôt je dirais qu'il y en a maintenant une nouvelle... et plutôt méchante celle-là :/ 

    Mais on va nettoyer tout ça ;) 

    En attendant, clique sur le lien dans ma signature pour en savoir ;) 

    EDIT: En fait je crois que c'est de ma faute si elle est revenue, j'avais oublié un fichier :) 


    Je te conseille de désinstaller et de supprimer tous tes logiciels de p2p : 50% de ce que tu télécharges via p2p est piégé. Le p2p est le premier vecteur d'infection de nos jours.
    Plus d'informations disponibles en cliquant sur le lien suivant : Cracks / P2P

    On commence par ça :

    Cette procédure doit être imprimée pour que tu puisses l’avoir sous les yeux quand tu seras en mode sans échec.

    Télécharge SDFix (d’Andy Manchesta)

  • Enregistre le sur ton le bureau.
  • Lance le.
  • Fais install afin qu’il puisse s’extraire.
    Fais redémarrer ton ordinateur en mode sans échec
    - Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
    -- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
    --- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
    ---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.
  • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\
  • Double clique sur RunThis.bat (L’extension bat peut ne pas apparaître)
  • Appuie sur Y pour le lancer.
  • Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
  • Il est probable que le redémarrage soit un peu plus long que d’habitude.
  • Une fois l’apparition de ton Bureau, il affichera Finished
  • Appuie sur une touche.
  • Un rapport est généré , poste le dans ta réponse.

    Il se trouve également. dans le dossier SDFix >Report.txt<

    Note : Si SDFix ne se lance pas (ça arrive!)

    * Démarrer->Exécuter
    * Copie/colle ceci:
    Citation :
    %systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

    * Clique sur ok, et valide.
    * Redémarre et essaye de nouveau de lancer SDFix.

    Aide : Comment faire démarrer son ordinateur en mode sans échec.

    ;) 
    21 Août 2008 09:18:52

    Bonjour,

    :hello: 

    voici le rapport sdfix :


    SDFix: Version 1.216
    Run by Administrateur on 21/08/2008 at 00:24

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\SDFix

    Checking Services :


    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\WINDOWS\system32\urqOFuVn.dll - Deleted
    C:\WINDOWS\EDLB.EXE - Deleted
    C:\Program Files\PCHealthCenter\0.exe - Deleted
    C:\Program Files\PCHealthCenter\0.gif - Deleted
    C:\Program Files\PCHealthCenter\1.exe - Deleted
    C:\Program Files\PCHealthCenter\1.gif - Deleted
    C:\Program Files\PCHealthCenter\2.exe - Deleted
    C:\Program Files\PCHealthCenter\2.gif - Deleted
    C:\Program Files\PCHealthCenter\3.exe - Deleted
    C:\Program Files\PCHealthCenter\3.gif - Deleted
    C:\Program Files\PCHealthCenter\4.exe - Deleted
    C:\Program Files\PCHealthCenter\5.exe - Deleted
    C:\Program Files\PCHealthCenter\7.exe - Deleted
    C:\Program Files\PCHealthCenter\sc.html - Deleted
    C:\Program Files\PCHealthCenter\sex1.ico - Deleted
    C:\Program Files\PCHealthCenter\sex2.ico - Deleted
    C:\Program Files\VAV\vav.cpl - Deleted
    C:\Program Files\VAV\vav.exe - Deleted
    C:\Program Files\VAV\vav.ooo - Deleted
    C:\Program Files\VAV\vav0.dat - Deleted
    C:\Program Files\VAV\vav1.dat - Deleted
    C:\WINDOWS\system32\sex1.ico - Deleted
    C:\WINDOWS\system32\sex2.ico - Deleted
    C:\WINDOWS\wnlmdakqlag.dll - Deleted
    C:\WINDOWS\bgrqfetx.dll - Deleted
    C:\WINDOWS\buritos.exe - Deleted
    C:\WINDOWS\lnvegaow.exe - Deleted
    C:\WINDOWS\system32\braviax.exe - Deleted
    C:\WINDOWS\system32\buritos.exe - Deleted
    C:\WINDOWS\system32\spool\hpprintqueue.exe - Deleted
    C:\WINDOWS\system32\winivstr.exe - Deleted
    C:\WINDOWS\tfnslopk.dll - Deleted
    C:\WINDOWS\xokvrpwg.dll - Deleted
    C:\WINDOWS\system32\dllcache\figaro.sys - Deleted



    Folder C:\Program Files\PCHealthCenter - Removed
    Folder C:\Program Files\VAV - Removed


    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-21 00:52:06
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "h0"=dword:00000000
    "ujdew"=hex:67,50,53,f5,b9,2b,76,0e,14,a0,6f,44,9a,88,15,e6,f4,93,9a,6a,6a,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000001
    "khjeh"=hex:D 2,d6,c9,03,a6,98,73,9c,00,c5,05,a8,c5,fc,fa,6a,4e,1b,a8,e7,28,..
    "p0"="C:\Program Files\DAEMON Tools\"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,66,fb,f0,7e,ef,8c,45,2b,d2,33,4f,57,f6,fe,14,48,08,..
    "khjeh"=hex:a2,09,d4,34,94,17,cd,01,b8,c1,71,34,25,63,33,d6,b0,a6,7c,6c,39,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:D c,bd,50,c1,19,aa,96,21,cf,b4,8e,e1,de,cc,fb,d1,82,71,53,cb,65,..
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2bd223f7
    "s2"=dword:91c1b4ae
    "h0"=dword:00000002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "h0"=dword:00000000
    "ujdew"=hex:0f,36,4f,e4,02,2b,c0,a8,72,be,98,01,67,bf,f3,c4,42,b7,2f,fa,f1,..
    "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000001
    "khjeh"=hex:D 2,d6,c9,03,a6,98,73,9c,00,c5,05,a8,c5,fc,fa,6a,4e,1b,a8,e7,28,..
    "p0"="C:\Program Files\DAEMON Tools\"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,66,fb,f0,7e,ef,8c,45,2b,d2,33,4f,57,f6,fe,14,48,08,..
    "khjeh"=hex:82,f1,0d,1b,4a,22,fb,81,df,8a,ed,0b,ed,85,5f,38,87,77,85,5e,d7,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:60,9b,ae,0b,10,90,8b,66,e7,a2,5f,a6,ea,e1,ae,4f,e7,29,16,3d,12,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
    "khjeh"=hex:49,f4,44,92,a8,e6,1d,06,52,5b,b8,f3,70,1d,73,87,0c,fb,7d,12,7c,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "h0"=dword:00000000
    "ujdew"=hex:0f,36,4f,e4,02,2b,c0,a8,72,be,98,01,67,bf,f3,c4,42,b7,2f,fa,f1,..
    "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000001
    "khjeh"=hex:D 2,d6,c9,03,a6,98,73,9c,00,c5,05,a8,c5,fc,fa,6a,4e,1b,a8,e7,28,..
    "p0"="C:\Program Files\DAEMON Tools\"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,66,fb,f0,7e,ef,8c,45,2b,d2,33,4f,57,f6,fe,14,48,08,..
    "khjeh"=hex:82,f1,0d,1b,4a,22,fb,81,df,8a,ed,0b,ed,85,5f,38,87,77,85,5e,d7,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:60,9b,ae,0b,10,90,8b,66,e7,a2,5f,a6,ea,e1,ae,4f,e7,29,16,3d,12,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
    "khjeh"=hex:49,f4,44,92,a8,e6,1d,06,52,5b,b8,f3,70,1d,73,87,0c,fb,7d,12,7c,..

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\APPS\\Inventime\\my.exe"="C:\\APPS\\Inventime\\my.exe:*:Enabled:INVENTIME"
    "C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet"
    "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:D isabled:AOL"
    "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:D isabled:AOL"
    "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:D isabled:AOL"
    "C:\\Program Files\\AOL 9.0\\aol.exe"="C:\\Program Files\\AOL 9.0\\aol.exe:*:D isabled:AOL"
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008"
    "C:\\APPS\\skype\\Phone\\Skype.exe"="C:\\APPS\\skype\\Phone\\Skype.exe:*:Enabled:Skype"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
    "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
    "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    Remaining Files :


    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Tue 15 Aug 2006 215 A.SHR --- "C:\BOOT.BAK"
    Fri 21 Dec 2007 24 ..SH. --- "C:\WINDOWS\S2217C9CF.tmp"
    Tue 31 May 2005 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
    Tue 31 May 2005 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
    Tue 31 May 2005 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
    Wed 22 Jun 2005 45,568 A.SHR --- "C:\Program Files\Replay Converter\cygz.dll"
    Mon 2 Oct 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Tue 15 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
    Mon 28 Aug 2006 9,238 A..H. --- "C:\Program Files\Microsoft Office\Office\Barra degli strumenti\Off2.tmp"
    Fri 18 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT3.tmp"
    Sat 24 May 2008 24,064 ...H. --- "C:\Documents and Settings\Ivanovski\Application Data\Microsoft\Word\~WRL0357.tmp"
    Sat 6 Jan 2007 36,864 ...H. --- "C:\Documents and Settings\Ivanovski\Application Data\Microsoft\Word\~WRL{7B69CF7F-AE87-4D56-9D48-C63D4DFF4287}.tmp"
    Fri 27 Jun 2008 6,297 ...HR --- "C:\Documents and Settings\Ivanovski\Application Data\SecuROM\UserData\securom_v7_01.bak"
    Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\Ivanovski\Application Data\U3\temp\Launchpad Removal.exe"
    Tue 15 Jul 2008 27,136 ...H. --- "C:\Documents and Settings\Ivanovski\Mes documents\Ivan\Cr‚ation de sc‚nario\~WRL1175.tmp"
    Thu 26 Jun 2008 23,040 ...H. --- "C:\Documents and Settings\Ivanovski\Mes documents\Ivan\Papiers importants\~WRL0001.tmp"
    Tue 31 May 2005 106,496 A..H. --- "C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll"
    Sun 3 Sep 2006 6,838 A..H. --- "C:\Documents and Settings\Ivanovski\Application Data\Microsoft\Office\Shortcut Bar\Off2.tmp"
    Tue 29 Apr 2008 34,816 ...H. --- "C:\Documents and Settings\Ivanovski\Mes documents\Ivan\ELICIT\M‚moire\~WRL0200.tmp"
    Mon 13 Aug 2007 26,765 ...H. --- "C:\Documents and Settings\Ivanovski\Mes documents\Ivan\ELICIT\Travaux\~WRL1222.tmp"
    Sat 16 Aug 2008 32,768 ...H. --- "C:\Documents and Settings\Ivanovski\Mes documents\Ivan\ELICIT\Travaux en cours\~WRL0526.tmp"
    Tue 29 Apr 2008 30,720 ...H. --- "C:\Documents and Settings\Ivanovski\Mes documents\Ivan\ELICIT\Travaux en cours\~WRL1363.tmp"
    Thu 25 May 2006 22,016 A..H. --- "C:\Documents and Settings\Ivanovski\Mes documents\Ivan\Langues et litt‚ratures\theorie de la litt 2\~WRL0743.tmp"
    Thu 25 May 2006 19,968 A..H. --- "C:\Documents and Settings\Ivanovski\Mes documents\Ivan\Langues et litt‚ratures\theorie de la litt 2\~WRL1745.tmp"
    Thu 25 May 2006 65,024 A..H. --- "C:\Documents and Settings\Ivanovski\Mes documents\Ivan\Langues et litt‚ratures\theorie de la litt 2\~WRL2674.tmp"

    Finished!

    21 Août 2008 11:53:42

    :hello:  Bonjour,

    Citation :
    C:\WINDOWS\system32\spool\hpprintqueue.exe - Deleted


    Voilà le fichier que j'avais oublié :) 

    Peux-tu me poster un nouveau rapport DSS scan, main.txt ?

    ;) 
    21 Août 2008 13:54:44

    slt,

    voici le main.txt :

    Deckard's System Scanner v20071014.68
    Run by Ivanovski on 2008-08-21 13:51:35
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    System Drive C: has 10.7 GiB (less than 15%) free.


    -- HijackThis (run as Ivanovski.exe) -------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:51:54, on 21/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\DU Meter\DUMeter.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Fichiers communs\ACD Systems\EN\DevDetect.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
    C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\monitor.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\LaCie\Backup Software\LaCieBackup.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\MediaMonkey\MediaMonkey.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Ivanovski\Bureau\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\IVANOV~1.EXE

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {F69462FD-F66F-4EE5-B2F2-1BFECC48BB2C} - C:\WINDOWS\system32\ljJDVoMf.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [a8e692a6] rundll32.exe "C:\WINDOWS\system32\sofftdxo.dll",b
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
    O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\monitor.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [AnumanLive] C:\Documents and Settings\Ivanovski\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
    O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CB6F7303-B601-43F3-AD0B-B7FFB987451B}: NameServer = 212.68.193.110,192.168.0.1
    O18 - Protocol: biblioscape - (no CLSID) - (no file)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: karina.dat dqnxxb.dll hckfiu.dll gtzsqp.dll qfwksm.dll fjpqjq.dll
    O20 - Winlogon Notify: urqPfGXR - C:\WINDOWS\
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    --
    End of file - 11484 bytes

    -- Files created between 2008-07-21 and 2008-08-21 -----------------------------

    2008-08-21 00:08:23 0 d-------- C:\WINDOWS\ERUNT
    2008-08-20 21:33:53 0 d-------- C:\Program Files\Eidos
    2008-08-20 17:54:24 131840 --a------ C:\WINDOWS\system32\fjpqjq.dll
    2008-08-20 17:52:13 131840 --a------ C:\WINDOWS\system32\qxpqwgkl.dll
    2008-08-20 17:47:49 100352 --a------ C:\WINDOWS\system32\sofftdxo.dll
    2008-08-19 17:46:26 131840 --a------ C:\WINDOWS\system32\vfcokjip.dll
    2008-08-19 17:46:26 131840 --a------ C:\WINDOWS\system32\qfwksm.dll
    2008-08-19 11:54:40 0 d-------- C:\Program Files\Fiddler2
    2008-08-19 11:53:56 0 d-------- C:\Program Files\Audiosurf
    2008-08-18 17:49:07 132352 --a------ C:\WINDOWS\system32\gtzsqp.dll
    2008-08-18 17:48:58 132352 --a------ C:\WINDOWS\system32\qeerceyj.dll
    2008-08-17 17:47:49 131328 --a------ C:\WINDOWS\system32\hckfiu.dll
    2008-08-17 17:47:43 131328 --a------ C:\WINDOWS\system32\oplhiewd.dll
    2008-08-17 17:44:55 98688 --a------ C:\WINDOWS\system32\viuqfkuc.dll
    2008-08-17 07:50:53 131328 --a------ C:\WINDOWS\system32\dxwuai.dll
    2008-08-17 07:50:50 131328 --a------ C:\WINDOWS\system32\jpeojbov.dll
    2008-08-16 18:54:17 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
    2008-08-16 18:54:12 0 d-------- C:\Documents and Settings\Ivanovski\Application Data\skypePM
    2008-08-16 18:51:03 0 d-------- C:\Program Files\Fichiers communs\Skype
    2008-08-16 00:16:10 131328 --a------ C:\WINDOWS\system32\dqnxxb.dll
    2008-08-16 00:16:09 131328 --a------ C:\WINDOWS\system32\cbobqika.dll
    2008-08-15 00:15:04 120448 --a------ C:\WINDOWS\system32\yyezwu.dll
    2008-08-15 00:15:01 120448 --a------ C:\WINDOWS\system32\suejjrao.dll
    2008-08-13 20:16:19 0 d-------- C:\Documents and Settings\Ivanovski\Graphisoft
    2008-08-13 20:16:19 0 d-------- C:\Documents and Settings\Ivanovski\Application Data\Graphisoft
    2008-08-13 09:46:50 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Macromedia
    2008-08-13 09:46:50 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Leadertech
    2008-08-13 09:46:50 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Identities
    2008-08-13 09:46:50 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Help
    2008-08-13 09:46:50 0 d-------- C:\Documents and Settings\Administrateur\Application Data\CyberLink
    2008-08-13 09:46:49 0 dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
    2008-08-13 09:46:49 0 d--h----- C:\Documents and Settings\Administrateur\Local Settings
    2008-08-13 09:46:49 0 dr------- C:\Documents and Settings\Administrateur\Favoris
    2008-08-13 09:46:49 0 d---s---- C:\Documents and Settings\Administrateur\Cookies
    2008-08-13 09:46:49 0 dr------- C:\Documents and Settings\Administrateur\Bureau
    2008-08-13 09:46:49 0 dr-h----- C:\Documents and Settings\Administrateur\Application Data
    2008-08-13 09:46:49 0 d-------- C:\Documents and Settings\Administrateur\Application Data\You've Got Pictures Screensaver
    2008-08-13 09:46:49 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
    2008-08-13 09:46:49 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Sun
    2008-08-13 09:46:49 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Sonic
    2008-08-13 09:46:49 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Real
    2008-08-13 09:46:49 0 d---s---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
    2008-08-13 09:46:48 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
    2008-08-13 09:46:48 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-08-13 09:46:48 0 dr-h----- C:\Documents and Settings\Administrateur\SendTo
    2008-08-13 09:46:48 0 dr-h----- C:\Documents and Settings\Administrateur\Recent
    2008-08-13 09:46:48 1048576 --ah----- C:\Documents and Settings\Administrateur\NTUSER.DAT
    2008-08-13 09:46:48 0 d--h----- C:\Documents and Settings\Administrateur\Modèles
    2008-08-13 09:46:48 0 dr------- C:\Documents and Settings\Administrateur\Mes documents
    2008-08-12 17:49:36 0 d-------- C:\Program Files\Graphisoft
    2008-08-12 17:36:16 0 d-------- C:\Program Files\Sweet Home 3D
    2008-08-12 17:35:24 0 d-------- C:\Documents and Settings\Ivanovski\Application Data\Anuman Interactive
    2008-08-11 17:13:47 327534 --ahs---- C:\WINDOWS\system32\fMoVDJjl.ini2
    2008-08-11 17:13:42 323328 --a------ C:\WINDOWS\system32\ljJDVoMf.dll
    2008-08-11 17:05:20 34176 --a------ C:\WINDOWS\system32\opnnmMGy.dll
    2008-08-11 17:05:19 34176 --a------ C:\WINDOWS\system32\cbXPjIyX.dll
    2008-08-11 16:30:55 34176 --a------ C:\WINDOWS\system32\awtutuUk.dll
    2008-08-11 16:30:03 0 d-------- C:\Documents and Settings\Ivanovski\Application Data\TmpRecentIcons
    2008-08-11 10:18:27 68096 --a------ C:\WINDOWS\zip.exe
    2008-08-11 10:18:27 49152 --a------ C:\WINDOWS\VFind.exe
    2008-08-11 10:18:27 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
    2008-08-11 10:18:27 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
    2008-08-11 10:18:27 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
    2008-08-11 10:18:27 98816 --a------ C:\WINDOWS\sed.exe
    2008-08-11 10:18:27 80412 --a------ C:\WINDOWS\grep.exe
    2008-08-11 10:18:27 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
    2008-08-10 14:05:20 3620 --a------ C:\WINDOWS\system32\tmp.reg
    2008-08-10 01:42:56 0 d-------- C:\Program Files\Trend Micro
    2008-08-07 14:51:02 0 d-------- C:\Program Files\SopCast
    2008-08-07 11:09:32 0 d-------- C:\Program Files\TVAnts
    2008-08-04 17:34:47 0 d-------- C:\Documents and Settings\Ivanovski\Application Data\Lionhead Studios
    2008-08-04 17:32:00 0 d--hs---- C:\WINDOWS\ftpcache
    2008-08-04 17:22:32 0 d-------- C:\Program Files\Lionhead Studios Ltd
    2008-08-01 01:30:11 0 d-------- C:\Documents and Settings\Ivanovski\Application Data\Skype
    2008-08-01 01:30:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
    2008-07-23 11:16:12 0 d-------- C:\Documents and Settings\Ivanovski\Application Data\Applied Acoustics Systems
    2008-07-23 11:14:01 0 d-------- C:\Program Files\Fichiers communs\Digidesign
    2008-07-23 11:13:57 0 d-------- C:\Program Files\AAS
    2008-07-23 09:44:33 0 d-------- C:\Program Files\Boxing Manager


    -- Find3M Report ---------------------------------------------------------------

    2008-08-21 08:17:28 0 d-------- C:\Program Files\Fichiers communs
    2008-08-21 08:14:57 8405015 --a------ C:\WINDOWS\TempFile
    2008-08-20 23:10:18 0 d-------- C:\Program Files\Azureus
    2008-08-20 21:33:13 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-08-20 21:05:43 0 d-------- C:\Documents and Settings\Ivanovski\Application Data\Azureus
    2008-08-19 11:10:33 0 d-------- C:\Documents and Settings\Ivanovski\Application Data\SystemRequirementsLab
    2008-08-17 09:31:56 0 d-------- C:\Program Files\Fichiers communs\Symantec Shared
    2008-08-09 14:21:21 0 d-------- C:\Documents and Settings\Ivanovski\Application Data\U3
    2008-08-08 17:18:48 0 d-------- C:\Program Files\Celtx
    2008-08-04 10:44:48 0 d-------- C:\Program Files\Java
    2008-08-02 16:19:16 0 d-------- C:\Program Files\GCH Guitar academy
    2008-07-30 20:13:34 0 d-------- C:\Documents and Settings\Ivanovski\Application Data\dvdcss
    2008-07-23 11:14:00 0 d-------- C:\Program Files\VstPlugins
    2008-07-15 16:09:20 0 d-------- C:\Documents and Settings\Ivanovski\Application Data\gtk-2.0
    2008-07-13 15:50:38 0 d-------- C:\Documents and Settings\Ivanovski\Application Data\Mozilla
    2008-07-11 16:01:29 0 d-------- C:\Documents and Settings\Ivanovski\Application Data\Momindum Studio
    2008-07-11 16:01:10 0 d-------- C:\Program Files\Momindum Studio
    2008-07-06 23:09:10 0 d--h----- C:\Program Files\Zero G Registry
    2008-07-06 22:58:05 0 d-------- C:\Program Files\Sports Interactive
    2008-07-06 22:52:25 0 d-------- C:\Documents and Settings\Ivanovski\Application Data\Sports Interactive
    2008-07-05 19:28:37 0 d-------- C:\Program Files\Fichiers communs\Adobe
    2008-07-05 19:26:33 0 d-------- C:\Documents and Settings\Ivanovski\Application Data\AdobeUM
    2008-07-05 17:12:54 0 d-------- C:\Program Files\GameShadow
    2008-07-03 15:00:21 0 d-------- C:\Program Files\GIMP-2.0
    2008-06-27 22:38:08 0 d-------- C:\Documents and Settings\Ivanovski\Application Data\Bioshock


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F69462FD-F66F-4EE5-B2F2-1BFECC48BB2C}]
    11/08/2008 17:13 323328 --a------ C:\WINDOWS\system32\ljJDVoMf.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [05/08/2004 14:00]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [05/08/2004 14:00]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [05/08/2004 14:00]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [07/01/2005 17:07 C:\WINDOWS\system32\HdAShCut.exe]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [05/08/2005 21:05]
    "RTHDCPL"="RTHDCPL.EXE" [25/05/2005 15:37 C:\WINDOWS\RTHDCPL.EXE]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [20/06/2005 11:50]
    "AGRSMMSG"="AGRSMMSG.exe" [11/05/2005 13:12 C:\WINDOWS\AGRSMMSG.exe]
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [12/04/2005 13:39]
    "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [20/08/2006 00:48]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [15/08/2006 13:18]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [12/11/2006 12:48]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [20/01/2007 09:09]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [25/09/2006 10:12]
    "DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [27/11/2006 16:19]
    "CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [02/11/2002 08:33]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [16/01/2008 00:54]
    "Device Detector"="DevDetect.exe" []
    "Alcmtr"="ALCMTR.EXE" [03/05/2005 18:43 C:\WINDOWS\Alcmtr.exe]
    "a8e692a6"="C:\WINDOWS\system32\sofftdxo.dll" [20/08/2008 17:47]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [03/09/2005 15:18]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [05/08/2004 14:00]
    "Gestionnaire Antidote.exe"="C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe" [07/11/2002 15:48]
    "Advanced Uninstaller PRO Installation Monitor"="C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\monitor.exe" [05/12/2006 16:52]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 12:34]
    "LaCie Backup"="C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe" [06/07/2006 11:30]
    "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [22/12/2007 09:20]
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [19/06/2008 15:15]
    "AnumanLive"="C:\Documents and Settings\Ivanovski\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe" [12/08/2008 17:30]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "HideLegacyLogonScripts"=0 (0x0)
    "HideLogoffScripts"=0 (0x0)
    "RunLogonScriptSync"=1 (0x1)
    "RunStartupScriptSync"=0 (0x0)
    "HideStartupScripts"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "HideLegacyLogonScripts"=0 (0x0)
    "HideLogoffScripts"=0 (0x0)
    "RunLogonScriptSync"=1 (0x1)
    "RunStartupScriptSync"=0 (0x0)
    "HideStartupScripts"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqPfGXR]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=karina.dat dqnxxb.dll hckfiu.dll gtzsqp.dll qfwksm.dll fjpqjq.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\ljJDVoMf

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "AOL ACS"=2 (0x2)


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
    AutoRun\command- I:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3d419c4-6f48-11db-a398-00038a000015}]
    AutoRun\command- E:\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e27ac332-c67f-11dc-ae24-0013ce5f310e}]
    AutoRun\command- jfvkcsy.bat
    explore\Command- jfvkcsy.bat
    open\Command- jfvkcsy.bat

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e27ac333-c67f-11dc-ae24-0013ce5f310e}]
    Shell00\Command- G:\Start.exe




    -- End of Deckard's System Scanner: finished at 2008-08-21 13:53:28 ------------

    21 Août 2008 14:07:50

    Re,

    Supprime les cracks de ton PC et arrête le p2p, sinon l'infection reviendra continuellement ! Tu viens de te réinfecter... :/ 

    Télécharge Combofix à partir d'**ICI** ou bien **ICI** et enregistre-le sur ton bureau.

    **Note 1 : Dans le cas où tu aurais déjà une version de combofix, il faudra que tu en télécharges une autre, la toute dernière. De plus il est très important de le sauvegarder directement sur ton bureau.**

  • Merci de ne jamais renommer Combofix, sauf si cela t'es expressément demandé.
  • Ferme toutes les fenêtres en cours, sans exception.
  • Désactive toutes les protections résidentes de tous tes logiciels antivirus, antispyware etc. afin que ces derniers n'interfèrent pas avec le bonfonctionnement de Combofix.
    Très important : Désactive temporairement toutes tes protections résidentes de tous tes logiciels de sécurité avant de lancer un scan avec Combofix. Ils risqueraient d'altérer le bon déroulement du scan de Combofix, ce qui pourrait avoir des conséquences imprévues et désastreuses.
  • Clique sur ce lien pour voir une liste de programmes qui devraient systématiquement être désactivés avant l'utilisation de combofix. A noter que la liste n'est pas exhaustive. Si ton logiciel de sécurité n'est pas dans cette liste et que tu ne sais pas comment le désactiver, ou que tu ne comprends pas l'anglais :p  , merci de me poser la question.
  • ATTENTION : Combofix va automatiquement te déconnecter d'internet dès que le scan débute.
  • Merci ne pas essayer de reconnecter ta machine à internet tant que combofix n'a pas fini son travail.
  • Si jamais tu n'arrives plus à te connecter à internet après l'utilisation de combofix, redémarre ton PC pour restaurer la connexion à internet.
  • Double clique sur combofix.exe et suis les instructions qui s'affichent.
  • Quand le scan sera fini, un rapport devrait normalement s'afficher à l'écran.
  • Merci de poster le rapport suivant, "C:\ComboFix.txt" , dans votre prochaine réponse, accompagné d'un nouveau rapport HiJackThis.

    **Note 2 : Ne pas cliquer dans la fenêtre de combofix pendant qu'il travaille. Tu risquerais de planter le PC et de causer d'importants dommages.**

    ;) 
    21 Août 2008 19:58:55

    salut,

    j'espère que cette fois j'ai bien retiré toute trace de p2p et que l'antivirus était bien désactivé...

    ComboFix 08-08-19.06 - Ivanovski 2008-08-21 19:31:52.5 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.469 [GMT 2:00]
    Endroit: C:\Documents and Settings\Ivanovski\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
    C:\Documents and Settings\Ivanovski\Application Data\macromedia\Flash Player\#SharedObjects\7FSC7BQD\static.youku.com
    C:\Documents and Settings\Ivanovski\Application Data\macromedia\Flash Player\#SharedObjects\7FSC7BQD\static.youku.com\v1.0.0312\v\swf\qplayer.swf\qplayer.sol
    C:\Documents and Settings\Ivanovski\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com
    C:\Documents and Settings\Ivanovski\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol
    C:\Documents and Settings\Ivanovski\Cookies\ivanovski@wwwapps.qmiiowppcem1[1].txt
    C:\WINDOWS\system32\awtutuUk.dll
    C:\WINDOWS\system32\bcurqnpl.ini
    C:\WINDOWS\system32\cbobqika.dll
    C:\WINDOWS\system32\cbXPjIyX.dll
    C:\WINDOWS\system32\cukfquiv.ini
    C:\WINDOWS\system32\dqnxxb.dll
    C:\WINDOWS\system32\dxwuai.dll
    C:\WINDOWS\system32\fjpqjq.dll
    C:\WINDOWS\system32\fMoVDJjl.ini
    C:\WINDOWS\system32\fMoVDJjl.ini2
    C:\WINDOWS\system32\gaysnd.dll
    C:\WINDOWS\system32\gtzsqp.dll
    C:\WINDOWS\system32\hckfiu.dll
    C:\WINDOWS\system32\jpeojbov.dll
    C:\WINDOWS\system32\ljbdmune.ini
    C:\WINDOWS\system32\lrhhltkj.ini
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\mmfenmdg.ini
    C:\WINDOWS\system32\oekntpho.ini
    C:\WINDOWS\system32\ohptnkeo.dll
    C:\WINDOWS\system32\oplhiewd.dll
    C:\WINDOWS\system32\opnnmMGy.dll
    C:\WINDOWS\system32\oxdtffos.ini
    C:\WINDOWS\system32\qeerceyj.dll
    C:\WINDOWS\system32\qfwksm.dll
    C:\WINDOWS\system32\qxpqwgkl.dll
    C:\WINDOWS\system32\sofftdxo.dll
    C:\WINDOWS\system32\suejjrao.dll
    C:\WINDOWS\system32\vfcokjip.dll
    C:\WINDOWS\system32\viuqfkuc.dll
    C:\WINDOWS\system32\vulqarqw.ini
    C:\WINDOWS\system32\xgijnraa.dll
    C:\WINDOWS\system32\yfrjgdpn.ini
    C:\WINDOWS\system32\yyezwu.dll

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-21 to 2008-08-21 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-21 00:08 . 2008-08-21 00:09 <REP> d-------- C:\WINDOWS\ERUNT
    2008-08-20 23:54 . 2008-08-21 00:58 <REP> d-------- C:\SDFix
    2008-08-20 21:33 . 2008-08-20 21:33 <REP> d-------- C:\Program Files\Eidos
    2008-08-19 11:54 . 2008-08-19 11:54 <REP> d-------- C:\Program Files\Fiddler2
    2008-08-19 11:53 . 2008-08-19 16:32 <REP> d-------- C:\Program Files\Audiosurf
    2008-08-16 18:54 . 2008-08-21 19:02 <REP> d-------- C:\Documents and Settings\Ivanovski\Application Data\skypePM
    2008-08-16 18:54 . 2008-08-16 18:54 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
    2008-08-16 18:51 . 2008-08-16 18:51 <REP> d-------- C:\Program Files\Fichiers communs\Skype
    2008-08-15 16:21 . 2004-08-04 00:54 116,736 --a------ C:\WINDOWS\system32\dllcache\xrxwiadr.dll
    2008-08-15 16:21 . 2001-08-23 17:47 27,648 --a------ C:\WINDOWS\system32\dllcache\xrxftplt.exe
    2008-08-15 16:21 . 2001-08-23 17:47 23,040 --a------ C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
    2008-08-15 16:21 . 2001-08-23 17:47 17,408 --a------ C:\WINDOWS\system32\dllcache\xrxscnui.dll
    2008-08-15 16:19 . 2001-08-17 21:28 701,386 --a------ C:\WINDOWS\system32\dllcache\wdhaalba.sys
    2008-08-15 16:18 . 2001-08-17 21:28 794,654 --a------ C:\WINDOWS\system32\dllcache\usr1801.sys
    2008-08-15 16:17 . 2001-08-23 17:47 525,568 --a------ C:\WINDOWS\system32\dllcache\tridxp.dll
    2008-08-15 16:16 . 2001-08-17 22:01 241,664 --a------ C:\WINDOWS\system32\dllcache\tosdvd02.sys
    2008-08-15 16:15 . 2001-08-23 16:57 286,848 --a------ C:\WINDOWS\system32\dllcache\stlnata.sys
    2008-08-15 16:14 . 2004-08-05 14:00 466,944 --a------ C:\WINDOWS\system32\dllcache\smtpsvc.dll
    2008-08-15 16:13 . 2001-08-23 17:46 386,560 --a------ C:\WINDOWS\system32\dllcache\sgiul50.dll
    2008-08-15 16:12 . 2001-08-23 17:47 495,616 --a------ C:\WINDOWS\system32\dllcache\sblfx.dll
    2008-08-15 16:11 . 2004-08-04 00:54 397,056 --a------ C:\WINDOWS\system32\dllcache\s3gnb.dll
    2008-08-15 16:10 . 2001-08-23 17:18 899,914 --a------ C:\WINDOWS\system32\dllcache\r2mdkxga.sys
    2008-08-15 16:09 . 2001-08-17 22:05 351,616 --a------ C:\WINDOWS\system32\dllcache\ovcodek2.sys
    2008-08-15 16:08 . 2004-08-04 00:54 4,274,816 --a------ C:\WINDOWS\system32\dllcache\nv4_disp.dll
    2008-08-15 16:07 . 2004-08-04 00:47 132,695 --a------ C:\WINDOWS\system32\dllcache\netwlan5.sys
    2008-08-15 16:06 . 2004-08-04 00:54 1,737,856 --a------ C:\WINDOWS\system32\dllcache\mtxparhd.dll
    2008-08-15 16:05 . 2001-08-17 21:28 802,683 --a------ C:\WINDOWS\system32\dllcache\ltsm.sys
    2008-08-15 16:04 . 2001-08-23 17:47 242,688 --a------ C:\WINDOWS\system32\dllcache\kdsusd.dll
    2008-08-15 16:03 . 2004-08-03 22:41 1,041,536 --a------ C:\WINDOWS\system32\dllcache\hsfdpsp2.sys
    2008-08-15 16:02 . 2001-08-17 21:28 542,879 --a------ C:\WINDOWS\system32\dllcache\hsf_msft.sys
    2008-08-15 16:01 . 2001-08-23 17:46 1,733,120 --a------ C:\WINDOWS\system32\dllcache\g400d.dll
    2008-08-15 16:00 . 2001-08-23 17:16 630,016 --a------ C:\WINDOWS\system32\dllcache\eqn.sys
    2008-08-15 15:59 . 2001-08-17 20:14 952,007 --a------ C:\WINDOWS\system32\dllcache\diwan.sys
    2008-08-15 15:58 . 2001-08-23 17:47 622,621 --a------ C:\WINDOWS\system32\dllcache\digiview.exe
    2008-08-15 15:57 . 2001-08-23 17:04 980,034 --a------ C:\WINDOWS\system32\dllcache\cicap.sys
    2008-08-15 15:56 . 2004-08-04 00:54 870,784 --a------ C:\WINDOWS\system32\dllcache\ati3d1ag.dll
    2008-08-15 15:55 . 2004-05-13 00:39 876,653 --a------ C:\WINDOWS\system32\dllcache\fp4awel.dll
    2008-08-13 20:16 . 2008-08-13 20:17 <REP> d-------- C:\Documents and Settings\Ivanovski\Graphisoft
    2008-08-13 20:16 . 2008-08-13 20:16 <REP> d-------- C:\Documents and Settings\Ivanovski\Application Data\Graphisoft
    2008-08-13 09:46 . 2004-08-16 17:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
    2008-08-13 09:46 . 2004-08-16 17:55 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-08-13 09:46 . 2004-08-16 17:55 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
    2008-08-13 09:46 . 2006-08-15 16:18 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
    2008-08-13 09:46 . 2004-08-16 17:55 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
    2008-08-13 09:46 . 2006-08-15 13:36 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
    2008-08-13 09:46 . 2006-08-15 13:16 <REP> dr------- C:\Documents and Settings\Administrateur\Bureau
    2008-08-13 09:46 . 2006-08-15 13:25 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\You've Got Pictures Screensaver
    2008-08-13 09:46 . 2006-08-15 13:19 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
    2008-08-13 09:46 . 2006-08-15 15:28 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sonic
    2008-08-13 09:46 . 2006-08-15 15:27 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Leadertech
    2008-08-13 09:46 . 2006-08-15 15:27 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\CyberLink
    2008-08-13 09:46 . 2008-08-13 09:46 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-08-12 17:52 . 2008-08-12 17:52 7,358 --a------ C:\WINDOWS\vpd.properties
    2008-08-12 17:49 . 2008-08-12 17:49 <REP> d-------- C:\Program Files\Graphisoft
    2008-08-12 17:36 . 2008-08-12 17:36 <REP> d-------- C:\Program Files\Sweet Home 3D
    2008-08-12 17:35 . 2008-08-12 17:35 <REP> d-------- C:\Documents and Settings\Ivanovski\Application Data\Anuman Interactive
    2008-08-11 17:13 . 2008-08-11 17:13 323,328 --a------ C:\WINDOWS\system32\ljJDVoMf.dll
    2008-08-11 17:05 . 2004-08-05 14:00 4,224 --a------ C:\WINDOWS\system32\dllcache\beep.sys
    2008-08-10 15:58 . 2008-08-10 15:58 <REP> d-------- C:\Deckard
    2008-08-10 14:05 . 2008-08-12 19:03 3,620 --a------ C:\WINDOWS\system32\tmp.reg
    2008-08-10 01:42 . 2008-08-10 01:42 <REP> d-------- C:\Program Files\Trend Micro
    2008-08-07 14:51 . 2008-08-07 14:54 <REP> d-------- C:\Program Files\SopCast
    2008-08-07 11:09 . 2008-08-07 11:11 <REP> d-------- C:\Program Files\TVAnts
    2008-08-04 17:34 . 2008-08-19 20:36 <REP> d-------- C:\Documents and Settings\Ivanovski\Application Data\Lionhead Studios
    2008-08-04 17:32 . 2008-08-04 17:32 <REP> d--hs---- C:\WINDOWS\ftpcache
    2008-08-04 17:22 . 2008-08-04 17:22 <REP> d-------- C:\Program Files\Lionhead Studios Ltd
    2008-08-04 08:29 . 2008-08-04 09:41 4,681,428,992 --a------ C:\printemps ‚t‚.ISO
    2008-08-01 01:30 . 2008-08-21 19:21 <REP> d-------- C:\Documents and Settings\Ivanovski\Application Data\Skype
    2008-08-01 01:30 . 2008-08-16 18:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
    2008-07-23 11:16 . 2008-07-23 11:16 <REP> d-------- C:\Documents and Settings\Ivanovski\Application Data\Applied Acoustics Systems
    2008-07-23 11:14 . 2008-07-23 11:14 <REP> d-------- C:\Program Files\Fichiers communs\Digidesign
    2008-07-23 11:13 . 2008-07-23 11:13 <REP> d-------- C:\Program Files\AAS
    2008-07-23 09:44 . 2008-07-23 09:46 <REP> d-------- C:\Program Files\Boxing Manager

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-21 17:27 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-08-21 15:45 --------- d-----w C:\Program Files\BitComet
    2008-08-20 19:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-20 19:05 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\Azureus
    2008-08-19 09:10 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\SystemRequirementsLab
    2008-08-12 07:26 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-08-12 07:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-08-09 12:21 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\U3
    2008-08-08 17:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-08-08 15:18 --------- d-----w C:\Program Files\Celtx
    2008-08-04 08:44 --------- d-----w C:\Program Files\Java
    2008-08-04 06:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-08-02 14:19 --------- d-----w C:\Program Files\GCH Guitar academy
    2008-07-30 18:13 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\dvdcss
    2008-07-23 09:14 --------- d-----w C:\Program Files\VstPlugins
    2008-07-15 14:09 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\gtk-2.0
    2008-07-11 14:01 --------- d-----w C:\Program Files\Momindum Studio
    2008-07-11 14:01 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\Momindum Studio
    2008-07-06 21:09 --------- d--h--w C:\Program Files\Zero G Registry
    2008-07-06 20:58 --------- d-----w C:\Program Files\Sports Interactive
    2008-07-06 20:52 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\Sports Interactive
    2008-07-05 17:28 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-07-05 17:26 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\AdobeUM
    2008-07-05 15:12 --------- d-----w C:\Program Files\GameShadow
    2008-07-03 13:00 --------- d-----w C:\Program Files\GIMP-2.0
    2008-06-27 20:38 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\Bioshock
    2007-06-21 10:36 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    2007-04-28 15:34 87,608 -c--a-w C:\Documents and Settings\Ivanovski\Application Data\ezpinst.exe
    2007-04-28 15:34 47,360 -c--a-w C:\Documents and Settings\Ivanovski\Application Data\pcouffin.sys
    2006-10-16 15:45 94,080 -c--a-w C:\Documents and Settings\Ivanovski\Application Data\ezplay.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-08-11_10.44.58.37 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE
    + 2008-08-07 14:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
    + 2008-08-20 22:09:44 811,008 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
    + 2008-08-20 22:09:44 12,288 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
    + 2008-08-07 14:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
    + 2008-08-20 22:09:16 811,008 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
    + 2008-08-20 22:09:16 12,288 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
    + 2004-08-03 21:10:08 53,248 ----a-w C:\WINDOWS\system32\dllcache\1394bus.sys
    + 2001-08-17 20:06:48 11,264 ----a-w C:\WINDOWS\system32\dllcache\1394vdbg.sys
    + 2001-08-17 19:28:00 762,780 ----a-w C:\WINDOWS\system32\dllcache\3cwmcru.sys
    + 2001-08-23 15:46:44 689,216 ----a-w C:\WINDOWS\system32\dllcache\3dfxvs.dll
    + 2001-08-17 18:48:32 148,352 ----a-w C:\WINDOWS\system32\dllcache\3dfxvsm.sys
    + 2004-08-03 21:00:04 12,288 ----a-w C:\WINDOWS\system32\dllcache\4mmdat.sys
    + 2001-08-23 15:46:44 38,400 ----a-w C:\WINDOWS\system32\dllcache\8514a.dll
    + 2001-08-23 15:46:58 98,304 ----a-w C:\WINDOWS\system32\dllcache\a3d.dll
    + 2001-08-23 15:46:58 462,848 ----a-w C:\WINDOWS\system32\dllcache\a3dapi.dll
    + 2004-08-05 12:00:00 26,624 ----a-w C:\WINDOWS\system32\dllcache\aaaamon.dll
    + 2001-08-17 19:52:00 23,552 ----a-w C:\WINDOWS\system32\dllcache\abp480n5.sys
    + 2004-08-03 20:32:22 231,552 ----a-w C:\WINDOWS\system32\dllcache\ac97ali.sys
    + 2001-08-17 18:20:04 96,256 ----a-w C:\WINDOWS\system32\dllcache\ac97intc.sys
    + 2001-08-17 18:20:16 297,728 ----a-w C:\WINDOWS\system32\dllcache\ac97sis.sys
    + 2004-08-03 20:32:32 84,480 ----a-w C:\WINDOWS\system32\dllcache\ac97via.sys
    + 2004-08-05 12:00:00 72,192 ----a-w C:\WINDOWS\system32\dllcache\acctres.dll
    + 2004-08-05 12:00:00 189,952 ----a-w C:\WINDOWS\system32\dllcache\accwiz.exe
    + 2001-08-23 15:46:58 61,952 ----a-w C:\WINDOWS\system32\dllcache\acerscad.dll
    + 2004-08-05 12:00:00 1,852,416 ----a-w C:\WINDOWS\system32\dllcache\acgenral.dll
    + 2004-08-05 12:00:00 450,048 ----a-w C:\WINDOWS\system32\dllcache\aclayers.dll
    + 2004-08-05 12:00:00 135,680 ----a-w C:\WINDOWS\system32\dllcache\acledit.dll
    + 2004-08-05 12:00:00 137,728 ----a-w C:\WINDOWS\system32\dllcache\aclua.dll
    + 2004-08-05 12:00:00 119,296 ----a-w C:\WINDOWS\system32\dllcache\aclui.dll
    + 2004-08-05 12:00:00 188,672 ----a-w C:\WINDOWS\system32\dllcache\acpi.sys
    + 2004-08-05 12:00:00 12,032 ----a-w C:\WINDOWS\system32\dllcache\acpiec.sys
    + 2004-08-05 12:00:00 244,736 ----a-w C:\WINDOWS\system32\dllcache\acspecfc.dll
    + 2004-08-05 12:00:00 194,048 ----a-w C:\WINDOWS\system32\dllcache\activeds.dll
    + 2004-08-05 12:00:00 4,096 ----a-w C:\WINDOWS\system32\dllcache\actmovie.exe
    + 2004-08-05 12:00:00 101,888 ----a-w C:\WINDOWS\system32\dllcache\actxprxy.dll
    + 2004-08-05 12:00:00 116,224 ----a-w C:\WINDOWS\system32\dllcache\acxtrnal.dll
    + 2001-08-17 19:53:02 7,424 ----a-w C:\WINDOWS\system32\dllcache\adicvls.sys
    + 2001-08-17 18:11:18 20,160 ----a-w C:\WINDOWS\system32\dllcache\adm8511.sys
    + 2001-08-17 18:19:10 584,448 ----a-w C:\WINDOWS\system32\dllcache\adm8810.sys
    + 2001-08-17 18:19:14 553,984 ----a-w C:\WINDOWS\system32\dllcache\adm8820.sys
    + 2001-08-17 18:19:14 747,392 ----a-w C:\WINDOWS\system32\dllcache\adm8830.sys
    + 2003-03-24 13:52:04 20,540 ----a-w C:\WINDOWS\system32\dllcache\admin.dll
    + 2003-03-24 13:52:04 16,439 ----a-w C:\WINDOWS\system32\dllcache\admin.exe
    + 2004-08-03 20:32:24 10,880 ----a-w C:\WINDOWS\system32\dllcache\admjoy.sys
    + 2004-08-05 12:00:00 61,440 ----a-w C:\WINDOWS\system32\dllcache\admparse.dll
    + 2004-08-05 12:00:00 26,112 ----a-w C:\WINDOWS\system32\dllcache\adptif.dll
    + 2001-08-17 18:11:16 46,112 ----a-w C:\WINDOWS\system32\dllcache\adptsf50.sys
    + 2001-08-17 20:07:32 101,888 ----a-w C:\WINDOWS\system32\dllcache\adpu160m.sys
    + 2004-08-05 12:00:00 175,616 ----a-w C:\WINDOWS\system32\dllcache\adsldp.dll
    + 2004-08-05 12:00:00 143,360 ----a-w C:\WINDOWS\system32\dllcache\adsldpc.dll
    + 2004-08-05 12:00:00 68,096 ----a-w C:\WINDOWS\system32\dllcache\adsmsext.dll
    + 2004-08-05 12:00:00 263,680 ----a-w C:\WINDOWS\system32\dllcache\adsnt.dll
    + 2004-08-03 22:54:22 4,255 ----a-w C:\WINDOWS\system32\dllcache\adv01nt5.dll
    + 2004-08-03 22:54:22 3,967 ----a-w C:\WINDOWS\system32\dllcache\adv02nt5.dll
    + 2004-08-03 22:54:22 3,615 ----a-w C:\WINDOWS\system32\dllcache\adv05nt5.dll
    + 2004-08-03 22:54:22 3,647 ----a-w C:\WINDOWS\system32\dllcache\adv07nt5.dll
    + 2004-08-03 22:54:22 3,135 ----a-w C:\WINDOWS\system32\dllcache\adv08nt5.dll
    + 2004-08-03 22:54:22 3,711 ----a-w C:\WINDOWS\system32\dllcache\adv09nt5.dll
    + 2004-08-03 22:54:22 3,775 ----a-w C:\WINDOWS\system32\dllcache\adv11nt5.dll
    + 2004-08-05 12:00:00 685,056 ----a-w C:\WINDOWS\system32\dllcache\advapi32.dll
    + 2004-08-05 12:00:00 101,888 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
    + 2004-08-05 12:00:00 24,064 ----a-w C:\WINDOWS\system32\dllcache\agentanm.dll
    + 2004-08-05 12:00:00 214,016 ----a-w C:\WINDOWS\system32\dllcache\agentctl.dll
    + 2004-08-05 12:00:00 49,152 ----a-w C:\WINDOWS\system32\dllcache\agentmpx.dll
    + 2004-08-05 12:00:00 24,064 ----a-w C:\WINDOWS\system32\dllcache\agentpsh.dll
    + 2004-08-05 12:00:00 44,032 ----a-w C:\WINDOWS\system32\dllcache\agentsr.dll
    + 2004-08-03 21:07:42 42,368 ----a-w C:\WINDOWS\system32\dllcache\agp440.sys
    + 2004-08-03 21:07:44 44,928 ----a-w C:\WINDOWS\system32\dllcache\agpcpq.sys
    + 2004-08-05 12:00:00 19,456 ----a-w C:\WINDOWS\system32\dllcache\agt0404.dll
    + 2004-08-05 12:00:00 19,456 ----a-w C:\WINDOWS\system32\dllcache\agt0405.dll
    + 2004-08-05 12:00:00 19,456 ----a-w C:\WINDOWS\system32\dllcache\agt0406.dll
    + 2004-08-05 12:00:00 21,504 ----a-w C:\WINDOWS\system32\dllcache\agt0407.dll
    + 2004-08-05 12:00:00 22,016 ----a-w C:\WINDOWS\system32\dllcache\agt0408.dll
    + 2004-08-05 12:00:00 19,456 ----a-w C:\WINDOWS\system32\dllcache\agt0409.dll
    + 2004-08-05 12:00:00 19,456 ----a-w C:\WINDOWS\system32\dllcache\agt040b.dll
    + 2004-08-05 12:00:00 21,504 ----a-w C:\WINDOWS\system32\dllcache\agt040c.dll
    + 2004-08-05 12:00:00 19,968 ----a-w C:\WINDOWS\system32\dllcache\agt040e.dll
    + 2004-08-05 12:00:00 20,992 ----a-w C:\WINDOWS\system32\dllcache\agt0410.dll
    + 2004-08-05 12:00:00 19,456 ----a-w C:\WINDOWS\system32\dllcache\agt0411.dll
    + 2004-08-05 12:00:00 19,456 ----a-w C:\WINDOWS\system32\dllcache\agt0412.dll
    + 2004-08-05 12:00:00 20,992 ----a-w C:\WINDOWS\system32\dllcache\agt0413.dll
    + 2004-08-05 12:00:00 19,456 ----a-w C:\WINDOWS\system32\dllcache\agt0414.dll
    + 2004-08-05 12:00:00 19,456 ----a-w C:\WINDOWS\system32\dllcache\agt0415.dll
    + 2004-08-05 12:00:00 20,480 ----a-w C:\WINDOWS\system32\dllcache\agt0416.dll
    + 2004-08-05 12:00:00 19,456 ----a-w C:\WINDOWS\system32\dllcache\agt0419.dll
    + 2004-08-05 12:00:00 19,456 ----a-w C:\WINDOWS\system32\dllcache\agt041d.dll
    + 2004-08-05 12:00:00 19,456 ----a-w C:\WINDOWS\system32\dllcache\agt041f.dll
    + 2004-08-05 12:00:00 19,456 ----a-w C:\WINDOWS\system32\dllcache\agt0804.dll
    + 2004-08-05 12:00:00 20,992 ----a-w C:\WINDOWS\system32\dllcache\agt0816.dll
    + 2004-08-05 12:00:00 20,480 ----a-w C:\WINDOWS\system32\dllcache\agt0c0a.dll
    + 2004-08-05 12:00:00 24,064 ----a-w C:\WINDOWS\system32\dllcache\agtintl.dll
    + 2001-08-17 19:52:02 12,800 ----a-w C:\WINDOWS\system32\dllcache\aha154x.sys
    + 2004-08-05 12:00:00 98,304 ----a-w C:\WINDOWS\system32\dllcache\ahui.exe
    + 2001-08-17 20:07:36 55,168 ----a-w C:\WINDOWS\system32\dllcache\aic78u2.sys
    + 2001-08-17 20:07:38 56,960 ----a-w C:\WINDOWS\system32\dllcache\aic78xx.sys
    + 2004-08-05 12:00:00 44,544 ----a-w C:\WINDOWS\system32\dllcache\alg.exe
    + 2001-08-17 18:11:18 27,678 ----a-w C:\WINDOWS\system32\dllcache\ali5261.sys
    + 2001-08-17 19:49:02 26,624 ----a-w C:\WINDOWS\system32\dllcache\alifir.sys
    + 2001-08-17 19:51:56 5,248 ----a-w C:\WINDOWS\system32\dllcache\aliide.sys
    + 2004-08-03 21:07:42 42,752 ----a-w C:\WINDOWS\system32\dllcache\alim1541.sys
    + 2004-08-05 12:00:00 17,408 ----a-w C:\WINDOWS\system32\dllcache\alrsvc.dll
    + 2001-08-17 18:11:20 16,969 ----a-w C:\WINDOWS\system32\dllcache\amb8002.sys
    + 2004-08-03 21:07:44 43,008 ----a-w C:\WINDOWS\system32\dllcache\amdagp.sys
    + 2004-08-05 12:00:00 41,216 ----a-w C:\WINDOWS\system32\dllcache\amdk6.sys
    + 2004-08-05 12:00:00 41,600 ----a-w C:\WINDOWS\system32\dllcache\amdk7.sys
    + 2001-08-17 19:52:04 12,032 ----a-w C:\WINDOWS\system32\dllcache\amsint.sys
    + 2004-08-05 12:00:00 70,656 ----a-w C:\WINDOWS\system32\dllcache\amstream.dll
    + 2004-08-03 20:31:20 36,224 ----a-w C:\WINDOWS\system32\dllcache\an983.sys
    + 2004-08-05 12:00:00 9,037 ----a-w C:\WINDOWS\system32\dllcache\ansi.sys
    + 2004-08-05 12:00:00 102,912 ----a-w C:\WINDOWS\system32\dllcache\apcups.dll
    + 2001-08-17 19:47:22 6,272 ----a-w C:\WINDOWS\system32\dllcache\apmbatt.sys
    + 2004-08-05 12:00:00 12,642 ----a-w C:\WINDOWS\system32\dllcache\append.exe
    + 2004-08-05 12:00:00 126,976 ----a-w C:\WINDOWS\system32\dllcache\apphelp.dll
    + 2004-08-05 12:00:00 334,336 ----a-w C:\WINDOWS\system32\dllcache\aqueue.dll
    + 2004-08-05 12:00:00 19,968 ----a-w C:\WINDOWS\system32\dllcache\arp.exe
    + 2004-08-05 12:00:00 60,800 ----a-w C:\WINDOWS\system32\dllcache\arp1394.sys
    + 2001-08-17 19:52:00 26,496 ----a-w C:\WINDOWS\system32\dllcache\asc.sys
    + 2001-08-17 19:52:04 22,400 ----a-w C:\WINDOWS\system32\dllcache\asc3350p.sys
    + 2001-08-17 19:51:58 14,848 ----a-w C:\WINDOWS\system32\dllcache\asc3550.sys
    + 2001-08-17 18:12:34 97,354 ----a-w C:\WINDOWS\system32\dllcache\aspndis3.sys
    + 2004-08-05 12:00:00 65,024 ----a-w C:\WINDOWS\system32\dllcache\asycfilt.dll
    + 2004-08-05 12:00:00 14,336 ----a-w C:\WINDOWS\system32\dllcache\asyncmac.sys
    + 2004-08-05 12:00:00 25,088 ----a-w C:\WINDOWS\system32\dllcache\at.exe
    + 2004-08-03 20:59:44 95,360 ----a-w C:\WINDOWS\system32\dllcache\atapi.sys
    + 2001-08-23 15:46:44 96,128 ----a-w C:\WINDOWS\system32\dllcache\ati.dll
    + 2001-08-23 14:59:32 77,824 ----a-w C:\WINDOWS\system32\dllcache\ati.sys
    + 2004-08-03 20:29:30 56,623 ----a-w C:\WINDOWS\system32\dllcache\ati1btxx.sys
    + 2004-08-03 20:29:30 11,615 ----a-w C:\WINDOWS\system32\dllcache\ati1mdxx.sys
    + 2004-08-03 20:29:30 12,047 ----a-w C:\WINDOWS\system32\dllcache\ati1pdxx.sys
    + 2004-08-03 20:29:32 30,671 ----a-w C:\WINDOWS\system32\dllcache\ati1raxx.sys
    + 2004-08-03 20:29:32 63,663 ----a-w C:\WINDOWS\system32\dllcache\ati1rvxx.sys
    + 2004-08-03 20:29:32 26,367 ----a-w C:\WINDOWS\system32\dllcache\ati1snxx.sys
    + 2004-08-03 20:29:32 21,343 ----a-w C:\WINDOWS\system32\dllcache\ati1ttxx.sys
    + 2004-08-03 20:29:32 36,463 ----a-w C:\WINDOWS\system32\dllcache\ati1tuxx.sys
    + 2004-08-03 20:29:32 29,455 ----a-w C:\WINDOWS\system32\dllcache\ati1xbxx.sys
    + 2004-08-03 20:29:32 34,735 ----a-w C:\WINDOWS\system32\dllcache\ati1xsxx.sys
    + 2004-08-03 22:54:22 377,984 ----a-w C:\WINDOWS\system32\dllcache\ati2dvaa.dll
    + 2004-08-03 22:38:42 327,168 ----a-w C:\WINDOWS\system32\dllcache\ati2mtaa.sys
    + 2001-08-17 18:49:04 46,464 ----a-w C:\WINDOWS\system32\dllcache\atibt829.sys
    + 2001-08-23 15:46:44 382,592 ----a-w C:\WINDOWS\system32\dllcache\atidrab.dll
    + 2001-08-23 15:46:44 137,216 ----a-w C:\WINDOWS\system32\dllcache\atidrae.dll
    + 2001-08-23 15:46:44 268,160 ----a-w C:\WINDOWS\system32\dllcache\atidvai.dll
    + 2001-08-23 15:47:26 37,376 ----a-w C:\WINDOWS\system32\dllcache\atievxx.exe
    + 2001-08-23 14:59:36 289,920 ----a-w C:\WINDOWS\system32\dllcache\atimpab.sys
    + 2001-08-23 14:59:36 75,392 ----a-w C:\WINDOWS\system32\dllcache\atimpae.sys
    + 2001-08-23 14:59:38 281,728 ----a-w C:\WINDOWS\system32\dllcache\atimtai.sys
    + 2004-08-03 20:29:28 57,856 ----a-w C:\WINDOWS\system32\dllcache\atinbtxx.sys
    + 2004-08-03 20:29:30 13,824 ----a-w C:\WINDOWS\system32\dllcache\atinmdxx.sys
    + 2004-08-03 20:29:30 14,336 ----a-w C:\WINDOWS\system32\dllcache\atinpdxx.sys
    + 2004-08-03 20:29:30 52,224 ----a-w C:\WINDOWS\system32\dllcache\atinraxx.sys
    + 2004-08-03 20:29:32 104,960 ----a-w C:\WINDOWS\system32\dllcache\atinrvxx.sys
    + 2004-08-03 20:29:32 28,672 ----a-w C:\WINDOWS\system32\dllcache\atinsnxx.sys
    + 2004-08-03 20:29:32 13,824 ----a-w C:\WINDOWS\system32\dllcache\atinttxx.sys
    + 2004-08-03 20:29:32 73,216 ----a-w C:\WINDOWS\system32\dllcache\atintuxx.sys
    + 2004-08-03 20:29:32 31,744 ----a-w C:\WINDOWS\system32\dllcache\atinxbxx.sys
    + 2004-08-03 20:29:32 63,488 ----a-w C:\WINDOWS\system32\dllcache\atinxsxx.sys
    + 2001-08-17 18:49:36 10,240 ----a-w C:\WINDOWS\system32\dllcache\atipcxxx.sys
    + 2001-08-23 15:46:44 104,832 ----a-w C:\WINDOWS\system32\dllcache\atiraged.dll
    + 2001-08-23 14:59:40 70,784 ----a-w C:\WINDOWS\system32\dllcache\atiragem.sys
    + 2001-08-17 18:49:12 49,920 ----a-w C:\WINDOWS\system32\dllcache\atirtcap.sys
    + 2001-08-17 18:49:18 26,880 ----a-w C:\WINDOWS\system32\dllcache\atirtsnd.sys
    + 2001-08-17 18:49:22 17,152 ----a-w C:\WINDOWS\system32\dllcache\atitunep.sys
    + 2001-08-17 18:49:28 17,152 ----a-w C:\WINDOWS\system32\dllcache\atitvsnd.sys
    + 2001-08-17 18:49:38 9,472 ----a-w C:\WINDOWS\system32\dllcache\ativmdcd.sys
    + 2004-08-03 22:54:22 32,768 ----a-w C:\WINDOWS\system32\dllcache\ativtmxx.dll
    + 2001-08-17 18:49:44 19,456 ----a-w C:\WINDOWS\system32\dllcache\ativttxx.sys
    + 2001-08-17 18:49:48 26,624 ----a-w C:\WINDOWS\system32\dllcache\ativxbar.sys
    + 2001-08-17 18:49:34 23,552 ----a-w C:\WINDOWS\system32\dllcache\atixbar.sys
    + 2004-08-05 12:00:00 14,336 ----a-w C:\WINDOWS\system32\dllcache\atkctrs.dll
    + 2004-08-05 12:00:00 58,880 ----a-w C:\WINDOWS\system32\dllcache\atl.dll
    + 2004-08-05 12:00:00 11,264 ----a-w C:\WINDOWS\system32\dllcache\atmadm.exe
    + 2004-08-05 12:00:00 59,904 ----a-w C:\WINDOWS\system32\dllcache\atmarpc.sys
    + 2004-08-05 12:00:00 31,360 ----a-w C:\WINDOWS\system32\dllcache\atmepvc.sys
    + 2004-08-05 12:00:00 285,696 ----a-w C:\WINDOWS\system32\dllcache\atmfd.dll
    + 2004-08-05 12:00:00 55,936 ----a-w C:\WINDOWS\system32\dllcache\atmlane.sys
    + 2004-08-05 12:00:00 30,208 ----a-w C:\WINDOWS\system32\dllcache\atmlib.dll
    + 2004-08-05 12:00:00 34,816 ----a-w C:\WINDOWS\system32\dllcache\atmpvcno.dll
    + 2004-08-05 12:00:00 352,256 ----a-w C:\WINDOWS\system32\dllcache\atmuni.sys
    + 2004-08-05 12:00:00 11,264 ----a-w C:\WINDOWS\system32\dllcache\atrace.dll
    + 2004-08-05 12:00:00 11,264 ----a-w C:\WINDOWS\system32\dllcache\attrib.exe
    + 2004-08-03 22:54:22 21,183 ----a-w C:\WINDOWS\system32\dllcache\atv01nt5.dll
    + 2004-08-03 22:54:22 11,359 ----a-w C:\WINDOWS\system32\dllcache\atv02nt5.dll
    + 2004-08-03 22:54:22 25,471 ----a-w C:\WINDOWS\system32\dllcache\atv04nt5.dll
    + 2004-08-03 22:54:22 14,143 ----a-w C:\WINDOWS\system32\dllcache\atv06nt5.dll
    + 2004-08-03 22:54:22 17,279 ----a-w C:\WINDOWS\system32\dllcache\atv10nt5.dll
    + 2004-08-05 12:00:00 42,496 ----a-w C:\WINDOWS\system32\dllcache\audiosrv.dll
    + 2004-08-05 12:00:00 14,336 ----a-w C:\WINDOWS\system32\dllcache\auditusr.exe
    + 2001-08-17 19:59:44 3,072 ----a-w C:\WINDOWS\system32\dllcache\audstub.sys
    + 2003-03-24 13:52:04 20,540 ----a-w C:\WINDOWS\system32\dllcache\author.dll
    + 2003-03-24 13:52:04 16,439 ----a-w C:\WINDOWS\system32\dllcache\author.exe
    + 2005-03-02 18:10:36 56,832 ----a-w C:\WINDOWS\system32\dllcache\authz.dll
    + 2004-08-05 12:00:00 625,152 ----a-w C:\WINDOWS\system32\dllcache\autochk.exe
    + 2004-08-05 12:00:00 638,976 ----a-w C:\WINDOWS\system32\dllcache\autoconv.exe
    + 2004-08-05 12:00:00 81,408 ----a-w C:\WINDOWS\system32\dllcache\autodisc.dll
    + 2004-08-05 12:00:00 616,960 ----a-w C:\WINDOWS\system32\dllcache\autofmt.exe
    + 2004-08-05 12:00:00 11,264 ----a-w C:\WINDOWS\system32\dllcache\autolfn.exe
    + 2001-08-17 20:01:12 36,096 ----a-w C:\WINDOWS\system32\dllcache\avcaudio.sys
    + 2004-08-03 21:10:00 13,696 ----a-w C:\WINDOWS\system32\dllcache\avcstrm.sys
    + 2004-08-05 12:00:00 70,352 ----a-w C:\WINDOWS\system32\dllcache\avicap.dll
    + 2004-08-05 12:00:00 66,048 ----a-w C:\WINDOWS\system32\dllcache\avicap32.dll
    + 2004-08-05 12:00:00 85,504 ----a-w C:\WINDOWS\system32\dllcache\avifil32.dll
    + 2004-08-05 12:00:00 109,568 ----a-w C:\WINDOWS\system32\dllcache\avifile.dll
    + 2001-08-23 15:46:58 87,552 ----a-w C:\WINDOWS\system32\dllcache\avmcoxp.dll
    + 2001-08-23 15:46:58 144,384 ----a-w C:\WINDOWS\system32\dllcache\avmenum.dll
    + 2004-08-05 12:00:00 16,384 ----a-w C:\WINDOWS\system32\dllcache\avmeter.dll
    + 2001-08-17 18:13:48 37,568 ----a-w C:\WINDOWS\system32\dllcache\avmwan.sys
    + 2004-08-05 12:00:00 232,960 ----a-w C:\WINDOWS\system32\dllcache\avtapi.dll
    + 2004-08-05 12:00:00 73,216 ----a-w C:\WINDOWS\system32\dllcache\avwav.dll
    + 2001-08-17 18:19:16 36,992 ----a-w C:\WINDOWS\system32\dllcache\aztw2320.sys
    + 2001-08-17 18:13:56 89,952 ----a-w C:\WINDOWS\system32\dllcache\b1cbase.sys
    + 2001-08-23 15:00:08 97,248 ----a-w C:\WINDOWS\system32\dllcache\b57xp32.sys
    + 2001-08-23 15:46:44 342,336 ----a-w C:\WINDOWS\system32\dllcache\banshee.dll
    + 2001-08-17 18:48:28 36,128 ----a-w C:\WINDOWS\system32\dllcache\banshee.sys
    + 2004-08-05 12:00:00 52,736 ----a-w C:\WINDOWS\system32\dllcache\basesrv.dll
    + 2004-08-05 12:00:00 28,672 ----a-w C:\WINDOWS\system32\dllcache\batmeter.dll
    + 2004-08-05 12:00:00 8,704 ----a-w C:\WINDOWS\system32\dllcache\batt.dll
    + 2001-08-17 19:57:54 14,080 ----a-w C:\WINDOWS\system32\dllcache\battc.sys
    + 2004-08-05 12:00:00 1,817,687 ----a-w C:\WINDOWS\system32\dllcache\bckgres.dll
    + 2001-08-17 18:11:28 66,557 ----a-w C:\WINDOWS\system32\dllcache\bcm42u.sys
    + 2001-08-17 18:11:26 54,271 ----a-w C:\WINDOWS\system32\dllcache\bcm42xx5.sys
    + 2001-08-17 18:11:30 26,568 ----a-w C:\WINDOWS\system32\dllcache\bcm4e5.sys
    + 2001-08-17 19:28:00 871,388 ----a-w C:\WINDOWS\system32\dllcache\bcmdm.sys
    + 2004-08-03 21:10:14 11,776 ----a-w C:\WINDOWS\system32\dllcache\bdasup.sys
    + 2004-08-05 12:00:00 17,408 ----a-w C:\WINDOWS\system32\dllcache\bidispl.dll
    + 2001-08-23 15:46:58 105,472 ----a-w C:\WINDOWS\system32\dllcache\binlsvc.dll
    + 2004-08-05 12:00:00 8,192 ----a-w C:\WINDOWS\system32\dllcache\bitsprx2.dll
    + 2004-08-05 12:00:00 7,168 ----a-w C:\WINDOWS\system32\dllcache\bitsprx3.dll
    + 2004-08-05 12:00:00 71,680 ----a-w C:\WINDOWS\system32\dllcache\blastcln.exe
    + 2004-08-05 12:00:00 361,472 ----a-w C:\WINDOWS\system32\dllcache\blue_ss.dll
    + 2004-08-05 12:00:00 152,576 ----a-w C:\WINDOWS\system32\dllcache\bnts.dll
    + 2004-08-05 12:00:00 4,608 ----a-w C:\WINDOWS\system32\dllcache\bootok.exe
    + 2004-08-05 12:00:00 12,288 ----a-w C:\WINDOWS\system32\dllcache\bootvid.dll
    + 2004-08-05 12:00:00 5,120 ----a-w C:\WINDOWS\system32\dllcache\bootvrfy.exe
    + 2001-08-23 15:46:58 19,456 ----a-w C:\WINDOWS\system32\dllcache\brbidiif.dll
    + 2001-08-23 15:46:58 9,728 ----a-w C:\WINDOWS\system32\dllcache\brcoinst.dll
    + 2001-08-23 15:46:58 12,800 ----a-w C:\WINDOWS\system32\dllcache\brevif.dll
    + 2001-08-17 19:12:12 2,944 ----a-w C:\WINDOWS\system32\dllcache\brfilt.sys
    + 2001-08-17 19:12:22 12,160 ----a-w C:\WINDOWS\system32\dllcache\brfiltlo.sys
    + 2001-08-17 19:12:24 3,968 ----a-w C:\WINDOWS\system32\dllcache\brfiltup.sys
    + 2004-08-05 12:00:00 71,552 ----a-w C:\WINDOWS\system32\dllcache\bridge.sys
    + 2001-08-23 15:46:58 15,360 ----a-w C:\WINDOWS\system32\dllcache\brmfbidi.dll
    + 2001-08-23 15:46:58 81,920 ----a-w C:\WINDOWS\system32\dllcache\brmfcwia.dll
    + 2001-08-23 15:46:58 29,696 ----a-w C:\WINDOWS\system32\dllcache\brmflpt.dll
    + 2001-08-23 15:47:30 32,256 ----a-w C:\WINDOWS\system32\dllcache\brmfrsmg.exe
    + 2001-08-23 15:46:58 41,472 ----a-w C:\WINDOWS\system32\dllcache\brmfusb.dll
    + 2004-08-05 12:00:00 70,144 ----a-w C:\WINDOWS\system32\dllcache\browselc.dll
    + 2004-08-05 12:00:00 77,312 ----a-w C:\WINDOWS\system32\dllcache\browser.dll
    + 2004-08-05 12:00:00 78,336 ----a-w C:\WINDOWS\system32\dllcache\browsewm.dll
    + 2001-08-17 19:12:24 3,168 ----a-w C:\WINDOWS\system32\dllcache\brparimg.sys
    + 2001-08-23 15:01:54 39,808 ----a-w C:\WINDOWS\system32\dllcache\brparwdm.sys
    + 2004-08-05 12:00:00 21,504 ----a-w C:\WINDOWS\system32\dllcache\brpinfo.dll
    + 2001-08-23 15:46:58 5,120 ----a-w C:\WINDOWS\system32\dllcache\brscnrsm.dll
    + 2001-08-23 15:46:58 9,728 ----a-w C:\WINDOWS\system32\dllcache\brserif.dll
    + 2001-08-17 19:12:20 60,416 ----a-w C:\WINDOWS\system32\dllcache\brserwdm.sys
    + 2001-08-17 19:12:20 11,008 ----a-w C:\WINDOWS\system32\dllcache\brusbmdm.sys
    + 2001-08-17 19:12:22 10,368 ----a-w C:\WINDOWS\system32\dllcache\brusbscn.sys
    + 2001-08-17 18:11:24 31,529 ----a-w C:\WINDOWS\system32\dllcache\brzwlan.sys
    + 2004-08-05 12:00:00 20,992 ----a-w C:\WINDOWS\system32\dllcache\bthci.dll
    + 2004-08-03 21:10:40 17,024 ----a-w C:\WINDOWS\system32\dllcache\bthenum.sys
    + 2004-08-03 21:10:40 38,016 ----a-w C:\WINDOWS\system32\dllcache\bthmodem.sys
    + 2004-08-03 20:58:40 100,992 ----a-w C:\WINDOWS\system32\dllcache\bthpan.sys
    + 2004-08-03 21:10:38 35,456 ----a-w C:\WINDOWS\system32\dllcache\bthprint.sys
    + 2004-08-05 12:00:00 30,208 ----a-w C:\WINDOWS\system32\dllcache\bthserv.dll
    + 2004-08-03 21:10:36 18,944 ----a-w C:\WINDOWS\system32\dllcache\bthusb.sys
    + 2004-08-05 12:00:00 50,688 ----a-w C:\WINDOWS\system32\dllcache\btpanui.dll
    + 2001-08-23 15:02:02 14,080 ----a-w C:\WINDOWS\system32\dllcache\bulltlp3.sys
    + 2004-08-05 12:00:00 59,904 ----a-w C:\WINDOWS\system32\dllcache\cabinet.dll
    + 2004-08-05 12:00:00 85,504 ----a-w C:\WINDOWS\system32\dllcache\cabview.dll
    + 2004-08-05 12:00:00 19,456 ----a-w C:\WINDOWS\system32\dllcache\cacls.exe
    + 2001-08-17 20:05:48 314,752 ----a-w C:\WINDOWS\system32\dllcache\camdro21.sys
    + 2001-08-17 20:04:46 223,232 ----a-w C:\WINDOWS\system32\dllcache\camdrv21.sys
    + 2001-08-17 20:04:48 171,264 ----a-w C:\WINDOWS\system32\dllcache\camdrv30.sys
    + 2001-08-23 15:47:00 74,240 ----a-w C:\WINDOWS\system32\dllcache\camexo20.dll
    + 2001-08-23 15:47:00 236,032 ----a-w C:\WINDOWS\system32\dllcache\camext20.dll
    + 2001-08-23 15:47:00 119,296 ----a-w C:\WINDOWS\system32\dllcache\camext30.dll
    + 2004-08-05 12:00:00 50,688 ----a-w C:\WINDOWS\system32\dllcache\camocx.dll
    + 2004-08-05 12:00:00 54,528 ----a-w C:\WINDOWS\system32\dllcache\cap7146.sys
    + 2004-08-05 12:00:00 146,432 ----a-w C:\WINDOWS\system32\dllcache\capesnpn.dll
    + 2004-08-05 12:00:00 359,936 ----a-w C:\WINDOWS\system32\dllcache\cards.dll
    + 2005-07-26 04:39:54 225,792 ----a-w C:\WINDOWS\system32\dllcache\catsrv.dll
    + 2004-08-05 12:00:00 85,504 ----a-w C:\WINDOWS\system32\dllcache\catsrvps.dll
    + 2005-07-26 04:39:54 625,152 ----a-w C:\WINDOWS\system32\dllcache\catsrvut.dll
    + 2001-08-17 18:12:16 37,916 ----a-w C:\WINDOWS\system32\dllcache\cb102.sys
    + 2001-08-17 18:12:42 39,680 ----a-w C:\WINDOWS\system32\dllcache\cb325.sys
    + 2001-08-17 18:13:14 46,108 ----a-w C:\WINDOWS\system32\dllcache\cben5.sys
    + 2001-08-17 19:52:08 13,952 ----a-w C:\WINDOWS\system32\dllcache\cbidf2k.sys
    + 2001-08-23 15:03:10 715,466 ----a-w C:\WINDOWS\system32\dllcache\cbmdmkxx.sys
    + 2004-08-05 12:00:00 27,648 ----a-w C:\WINDOWS\system32\dllcache\ccfgnt.dll
    + 2001-08-17 19:52:06 7,680 ----a-w C:\WINDOWS\system32\dllcache\cd20xrnt.sys
    + 2004-08-05 12:00:00 18,688 ----a-w C:\WINDOWS\system32\dllcache\cdaudio.sys
    + 2004-08-05 12:00:00 63,744 ----a-w C:\WINDOWS\system32\dllcache\cdfs.sys
    + 2004-08-05 12:00:00 15,872 ----a-w C:\WINDOWS\system32\dllcache\cdmodem.dll
    + 2005-09-10 01:55:14 2,067,968 ----a-w C:\WINDOWS\system32\dllcache\cdosys.dll
    + 2004-08-05 12:00:00 49,536 ----a-w C:\WINDOWS\system32\dllcache\cdrom.sys
    + 2001-08-23 15:03:18 21,530 ----a-w C:\WINDOWS\system32\dllcache\ce2n5.sys
    + 2001-08-23 15:03:18 27,164 ----a-w C:\WINDOWS\system32\dllcache\ce3n5.sys
    + 2001-08-23 15:03:18 22,556 ----a-w C:\WINDOWS\system32\dllcache\cem28n5.sys
    + 2001-08-23 15:03:20 22,556 ----a-w C:\WINDOWS\system32\dllcache\cem33n5.sys
    + 2001-08-23 15:03:20 49,182 ----a-w C:\WINDOWS\system32\dllcache\cem56n5.sys
    + 2004-08-05 12:00:00 200,192 ----a-w C:\WINDOWS\system32\dllcache\certcli.dll
    + 2004-08-05 12:00:00 467,968 ----a-w C:\WINDOWS\system32\dllcache\certmgr.dll
    + 2004-08-05 12:00:00 39,424 ----a-w C:\WINDOWS\system32\dllcache\cfgbkend.dll
    + 2004-08-05 12:00:00 16,896 ----a-w C:\WINDOWS\system32\dllcache\cfgmgr32.dll
    + 2003-03-24 13:52:04 188,480 ----a-w C:\WINDOWS\system32\dllcache\cfgwiz.exe
    + 2004-08-03 22:54:24 15,423 ----a-w C:\WINDOWS\system32\dllcache\ch7xxnt5.dll
    + 2004-08-05 12:00:00 10,240 ----a-w C:\WINDOWS\system32\dllcache\change.exe
    + 2004-08-03 21:00:14 8,192 ----a-w C:\WINDOWS\system32\dllcache\changer.sys
    + 2004-08-05 12:00:00 80,896 ----a-w C:\WINDOWS\system32\dllcache\charmap.exe
    + 2004-08-05 12:00:00 13,824 ----a-w C:\WINDOWS\system32\dllcache\chglogon.exe
    + 2004-08-05 12:00:00 15,872 ----a-w C:\WINDOWS\system32\dllcache\chgport.exe
    + 2004-08-05 12:00:00 14,848 ----a-w C:\WINDOWS\system32\dllcache\chgusr.exe
    + 2004-08-05 12:00:00 11,776 ----a-w C:\WINDOWS\system32\dllcache\chkdsk.exe
    + 2004-08-05 12:00:00 11,264 ----a-w C:\WINDOWS\system32\dllcache\chkntfs.exe
    + 2004-08-05 12:00:00 781,397 ----a-w C:\WINDOWS\system32\dllcache\chkrres.dll
    + 2004-08-05 12:00:00 1,677,824 ----a-w C:\WINDOWS\system32\dllcache\chsbrkr.dll
    + 2004-08-05 12:00:00 838,144 ----a-w C:\WINDOWS\system32\dllcache\chtbrkr.dll
    + 2004-08-05 12:00:00 97,792 ----a-w C:\WINDOWS\system32\dllcache\chtmbx.dll
    + 2004-08-05 12:00:00 56,320 ----a-w C:\WINDOWS\system32\dllcache\chtskdic.dll
    + 2004-08-05 12:00:00 173,568 ----a-w C:\WINDOWS\system32\dllcache\chtskf.dll
    + 2004-08-05 12:00:00 166,400 ----a-w C:\WINDOWS\system32\dllcache\ciadmin.dll
    + 2004-08-05 12:00:00 109,568 ----a-w C:\WINDOWS\system32\dllcache\cic.dll
    + 2004-08-05 12:00:00 8,192 ----a-w C:\WINDOWS\system32\dllcache\cidaemon.exe
    + 2004-08-05 12:00:00 1,352,704 ----a-w C:\WINDOWS\system32\dllcache\cimwin32.dll
    + 2001-08-23 15:04:06 272,640 ----a-w C:\WINDOWS\system32\dllcache\cinemclc.sys
    + 2004-08-05 12:00:00 262,528 ----a-w C:\WINDOWS\system32\dllcache\cinemst2.sys
    + 2001-08-23 15:46:44 91,264 ----a-w C:\WINDOWS\system32\dllcache\cirrus.dll
    + 2001-08-17 19:57:16 45,696 ----a-w C:\WINDOWS\system32\dllcache\cirrus.sys
    + 2004-08-05 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\cisvc.exe
    + 2004-08-05 12:00:00 7,680 ----a-w C:\WINDOWS\system32\dllcache\ckcnv.exe
    + 2001-08-23 15:46:44 111,232 ----a-w C:\WINDOWS\system32\dllcache\cl5465.dll
    + 2001-08-23 15:46:44 170,880 ----a-w C:\WINDOWS\system32\dllcache\cl546x.dll
    + 2001-08-17 19:57:36 248,064 ----a-w C:\WINDOWS\system32\dllcache\cl546xm.sys
    + 2004-08-05 12:00:00 49,664 ----a-w C:\WINDOWS\system32\dllcache\classpnp.sys
    + 2004-08-05 12:00:00 11,264 ----a-w C:\WINDOWS\system32\dllcache\clb.dll
    + 2005-07-26 04:39:56 110,080 ----a-w C:\WINDOWS\system32\dllcache\clbcatex.dll
    + 2005-07-26 04:39:56 498,688 ----a-w C:\WINDOWS\system32\dllcache\clbcatq.dll
    + 2004-08-05 12:00:00 65,536 ----a-w C:\WINDOWS\system32\dllcache\cleanmgr.exe
    + 2004-08-05 12:00:00 104,448 ----a-w C:\WINDOWS\system32\dllcache\clipbrd.exe
    + 2004-08-05 12:00:00 33,280 ----a-w C:\WINDOWS\system32\dllcache\clipsrv.exe
    + 2004-08-05 12:00:00 57,856 ----a-w C:\WINDOWS\system32\dllcache\clusapi.dll
    + 2004-08-03 21:07:40 14,080 ----a-w C:\WINDOWS\system32\dllcache\cmbatt.sys
    + 2001-08-23 15:04:40 20,864 ----a-w C:\WINDOWS\system32\dllcache\cmbp0wdm.sys
    + 2004-08-05 12:00:00 15,872 ----a-w C:\WINDOWS\system32\dllcache\cmcfg32.dll
    + 2004-08-05 12:00:00 400,896 ----a-w C:\WINDOWS\system32\dllcache\cmd.exe
    + 2004-08-05 12:00:00 352,256 ----a-w C:\WINDOWS\system32\dllcache\cmdial32.dll
    + 2001-08-23 15:04:44 6,656 ----a-w C:\WINDOWS\system32\dllcache\cmdide.sys
    + 2004-08-05 12:00:00 47,104 ----a-w C:\WINDOWS\system32\dllcache\cmdl32.exe
    + 2004-08-05 12:00:00 40,448 ----a-w C:\WINDOWS\system32\dllcache\cmmon32.exe
    + 2004-08-05 12:00:00 14,336 ----a-w C:\WINDOWS\system32\dllcache\cmpbk32.dll
    + 2004-08-05 12:00:00 191,488 ----a-w C:\WINDOWS\system32\dllcache\cmprops.dll
    + 2004-08-05 12:00:00 13,824 ----a-w C:\WINDOWS\system32\dllcache\cmsetacl.dll
    + 2004-08-05 12:00:00 65,536 ----a-w C:\WINDOWS\system32\dllcache\cmstp.exe
    + 2004-08-05 12:00:00 40,960 ----a-w C:\WINDOWS\system32\dllcache\cmutil.dll
    + 2004-08-05 12:00:00 50,688 ----a-w C:\WINDOWS\system32\dllcache\cnbjmon.dll
    + 2004-08-05 12:00:00 32,768 ----a-w C:\WINDOWS\system32\dllcache\cnetcfg.dll
    + 2001-08-23 15:47:00 44,544 ----a-w C:\WINDOWS\system32\dllcache\cnusd.dll
    + 2004-08-05 12:00:00 26,624 ----a-w C:\WINDOWS\system32\dllcache\cnvfat.dll
    + 2001-08-17 18:11:42 39,936 ----a-w C:\WINDOWS\system32\dllcache\cnxt1803.sys
    + 2005-07-26 04:39:56 60,416 ----a-w C:\WINDOWS\system32\dllcache\colbact.dll
    + 2004-08-05 12:00:00 25,600 ----a-w C:\WINDOWS\system32\dllcache\comaddin.dll
    + 2004-08-05 12:00:00 3,584 ----a-w C:\WINDOWS\system32\dllcache\comcat.dll
    + 2004-08-05 12:00:00 281,088 ----a-w C:\WINDOWS\system32\dllcache\comdlg32.dll
    + 2004-08-05 12:00:00 15,872 ----a-w C:\WINDOWS\system32\dllcache\comp.exe
    + 2004-08-05 12:00:00 18,432 ----a-w C:\WINDOWS\system32\dllcache\compact.exe
    + 2004-08-05 12:00:00 253,440 ----a-w C:\WINDOWS\system32\dllcache\compatui.dll
    + 2001-08-17 19:58:00 9,344 ----a-w C:\WINDOWS\system32\dllcache\compbatt.sys
    + 2004-08-05 12:00:00 30,160 ----a-w C:\WINDOWS\system32\dllcache\compobj.dll
    + 2004-08-05 12:00:00 230,912 ----a-w C:\WINDOWS\system32\dllcache\compstui.dll
    + 2005-07-26 04:39:56 97,792 ----a-w C:\WINDOWS\system32\dllcache\comrepl.dll
    + 2004-08-05 12:00:00 851,968 ----a-w C:\WINDOWS\system32\dllcache\comres.dll
    + 2004-08-05 12:00:00 259,584 ----a-w C:\WINDOWS\system32\dllcache\comsetup.dll
    + 2004-08-05 12:00:00 147,456 ----a-w C:\WINDOWS\system32\dllcache\comsnap.dll
    + 2005-07-26 04:39:58 1,267,200 ----a-w C:\WINDOWS\system32\dllcache\comsvcs.dll
    + 2005-07-26 04:39:58 540,160 ----a-w C:\WINDOWS\system32\dllcache\comuid.dll
    + 2004-08-05 12:00:00 1,044,480 ----a-w C:\WINDOWS\system32\dllcache\conf.exe
    + 2004-08-05 12:00:00 346,112 ----a-w C:\WINDOWS\system32\dllcache\confmsp.dll
    + 2004-08-05 12:00:00 27,648 ----a-w C:\WINDOWS\system32\dllcache\conime.exe
    + 2004-08-05 12:00:00 67,072 ----a-w C:\WINDOWS\system32\dllcache\console.dll
    + 2004-08-05 12:00:00 8,192 ----a-w C:\WINDOWS\system32\dllcache\control.exe
    + 2004-08-05 12:00:00 13,824 ----a-w C:\WINDOWS\system32\dllcache\convert.exe
    + 2004-08-05 12:00:00 35,328 ----a-w C:\WINDOWS\system32\dllcache\corpol.dll
    + 2004-08-05 12:00:00 27,097 ----a-w C:\WINDOWS\system32\dllcache\country.sys
    + 2004-08-05 12:00:00 57,399 ----a-w C:\WINDOWS\system32\dllcache\cplexe.exe
    + 2001-08-17 19:52:06 14,976 ----a-w C:\WINDOWS\system32\dllcache\cpqarray.sys
    + 2004-08-05 12:00:00 11,776 ----a-w C:\WINDOWS\system32\dllcache\cpqdap01.sys
    + 2001-08-23 15:07:28 21,533 ----a-w C:\WINDOWS\system32\dllcache\cpqndis5.sys
    + 2001-08-23 15:07:28 61,194 ----a-w C:\WINDOWS\system32\dllcache\cpqtrnd5.sys
    + 2004-08-05 12:00:00 19,456 ----a-w C:\WINDOWS\system32\dllcache\cprofile.exe
    + 2001-08-23 15:47:00 216,576 ----a-w C:\WINDOWS\system32\dllcache\cpscan.dll
    + 2004-08-05 12:00:00 165,888 ----a-w C:\WINDOWS\system32\dllcache\credui.dll
    + 2001-08-17 18:19:18 42,112 ----a-w C:\WINDOWS\system32\dllcache\crtaud.sys
    + 2004-08-05 12:00:00 149,019 ----a-w C:\WINDOWS\system32\dllcache\crtdll.dll
    + 2004-08-05 12:00:00 40,704 ----a-w C:\WINDOWS\system32\dllcache\crusoe.sys
    + 2004-08-05 12:00:00 604,672 ----a-w C:\WINDOWS\system32\dllcache\crypt32.dll
    + 2004-08-05 12:00:00 75,776 ----a-w C:\WINDOWS\system32\dllcache\cryptdlg.dll
    + 2004-08-05 12:00:00 33,280 ----a-w C:\WINDOWS\system32\dllcache\cryptdll.dll
    + 2004-08-05 12:00:00 54,784 ----a-w C:\WINDOWS\system32\dllcache\cryptext.dll
    + 2004-08-05 12:00:00 63,488 ----a-w C:\WINDOWS\system32\dllcache\cryptnet.dll
    + 2004-08-05 12:00:00 60,416 ----a-w C:\WINDOWS\system32\dllcache\cryptsvc.dll
    + 2004-08-05 12:00:00 530,432 ----a-w C:\WINDOWS\system32\dllcache\cryptui.dll
    + 2001-08-23 15:47:00 175,104 ----a-w C:\WINDOWS\system32\dllcache\csamsp.dll
    + 2004-08-05 12:00:00 102,912 ----a-w C:\WINDOWS\system32\dllcache\cscdll.dll
    + 2004-08-05 12:00:00 98,304 ----a-w C:\WINDOWS\system32\dllcache\cscript.exe
    + 2004-08-05 12:00:00 337,920 ----a-w C:\WINDOWS\system32\dllcache\cscui.dll
    + 2004-08-05 12:00:00 32,768 ----a-w C:\WINDOWS\system32\dllcache\csrsrv.dll
    + 2004-08-05 12:00:00 6,144 ----a-w C:\WINDOWS\system32\dllcache\csrss.exe
    + 2004-08-05 12:00:00 73,728 ----a-w C:\WINDOWS\system32\dllcache\csseqchk.dll
    + 2004-08-05 12:00:00 15,360 ----a-w C:\WINDOWS\system32\dllcache\ctfmon.exe
    + 2004-08-05 12:00:00 27,136 ----a-w C:\WINDOWS\system32\dllcache\ctl3d32.dll
    + 2004-08-05 12:00:00 27,200 ----a-w C:\WINDOWS\system32\dllcache\ctl3dv2.dll
    + 2001-08-17 18:19:28 6,912 ----a-w C:\WINDOWS\system32\dllcache\ctlfacem.sys
    + 2001-08-17 18:19:20 3,712 ----a-w C:\WINDOWS\system32\dllcache\ctljystk.sys
    + 2001-08-17 18:19:20 96,256 ----a-w C:\WINDOWS\system32\dllcache\ctlsb16.sys
    + 2004-08-03 22:54:24 252,416 ----a-w C:\WINDOWS\system32\dllcache\ctmasetp.dll
    + 2001-08-23 15:47:00 4,096 ----a-w C:\WINDOWS\system32\dllcache\ctwdm32.dll
    + 2001-08-17 18:19:24 3,072 ----a-w C:\WINDOWS\system32\dllcache\cwbase.sys
    + 2001-08-17 18:19:26 3,072 ----a-w C:\WINDOWS\system32\dllcache\cwbmidi.sys
    + 2001-08-17 18:19:28 72,832 ----a-w C:\WINDOWS\system32\dllcache\cwbwdm.sys
    + 2001-08-17 18:19:30 3,584 ----a-w C:\WINDOWS\system32\dllcache\cwcosnt5.sys
    + 2001-08-17 18:19:36 111,872 ----a-w C:\WINDOWS\system32\dllcache\cwcspud.sys
    + 2001-08-17 18:19:48 93,952 ----a-w C:\WINDOWS\system32\dllcache\cwcwdm.sys
    + 2004-08-03 20:32:26 48,640 ----a-w C:\WINDOWS\system32\dllcache\cwrwdm.sys
    + 2001-08-23 15:08:38 17,536 ----a-w C:\WINDOWS\system32\dllcache\cyclad-z.sys
    + 2001-08-23 15:08:38 15,104 ----a-w C:\WINDOWS\system32\dllcache\cyclom-y.sys
    + 2001-08-23 15:47:00 29,184 ----a-w C:\WINDOWS\system32\dllcache\cyycoins.dll
    + 2001-08-23 15:08:40 50,944 ----a-w C:\WINDOWS\system32\dllcache\cyyport.sys
    + 2001-08-23 15:47:00 28,160 ----a-w C:\WINDOWS\system32\dllcache\cyyports.dll
    + 2001-08-23 15:47:00 28,160 ----a-w C:\WINDOWS\system32\dllcache\cyzcoins.dll
    + 2001-08-23 15:08:42 50,688 ----a-w C:\WINDOWS\system32\dllcache\cyzport.sys
    + 2001-08-23 15:47:00 28,160 ----a-w C:\WINDOWS\system32\dllcache\cyzports.dll
    + 2001-08-23 15:08:44 117,760 ----a-w C:\WINDOWS\system32\dllcache\d100ib5.sys
    + 2004-08-05 12:00:00 1,179,648 ----a-w C:\WINDOWS\system32\dllcache\d3d8.dll
    + 2004-08-05 12:00:00 8,192 ----a-w C:\WINDOWS\system32\dllcache\d3d8thk.dll
    + 2004-08-05 12:00:00 1,689,088 ----a-w C:\WINDOWS\system32\dllcache\d3d9.dll
    + 2004-08-05 12:00:00 436,224 ----a-w C:\WINDOWS\system32\dllcache\d3dim.dll
    + 2004-08-05 12:00:00 825,344 ----a-w C:\WINDOWS\system32\dllcache\d3dim700.dll
    + 2004-08-05 12:00:00 47,616 ----a-w C:\WINDOWS\system32\dllcache\d3dxof.dll
    + 2001-08-17 19:52:16 179,584 ----a-w C:\WINDOWS\system32\dllcache\dac2w2k.sys
    + 2001-08-17 19:52:16 14,720 ----a-w C:\WINDOWS\system32\dllcache\dac960nt.sys
    + 2004-08-05 12:00:00 55,296 ----a-w C:\WINDOWS\system32\dllcache\dataclen.dll
    + 2004-08-05 12:00:00 25,088 ----a-w C:\WINDOWS\system32\dllcache\davclnt.dll
    + 2004-08-05 12:00:00 847,872 ----a-w C:\WINDOWS\system32\dllcache\dbgeng.dll
    + 2004-08-05 12:00:00 640,000 ----a-w C:\WINDOWS\system32\dllcache\dbghelp.dll
    + 2001-08-23 15:47:00 25,600 ----a-w C:\WINDOWS\system32\dllcache\dc210_32.dll
    + 2001-08-23 15:47:00 82,432 ----a-w C:\WINDOWS\system32\dllcache\dc210usd.dll
    + 2001-08-17 18:12:02 63,208 ----a-w C:\WINDOWS\system32\dllcache\dc21x4.sys
    + 2001-08-23 15:47:00 87,552 ----a-w C:\WINDOWS\system32\dllcache\dc240usd.dll
    + 2001-08-23 15:47:00 112,128 ----a-w C:\WINDOWS\system32\dllcache\dc260usd.dll
    + 2004-08-05 12:00:00 8,704 ----a-w C:\WINDOWS\system32\dllcache\dciman32.dll
    + 2004-08-05 12:00:00 39,424 ----a-w C:\WINDOWS\system32\dllcache\ddeml.dll
    + 2004-08-05 12:00:00 266,240 ----a-w C:\WINDOWS\system32\dllcache\ddraw.dll
    + 2004-08-05 12:00:00 27,136 ----a-w C:\WINDOWS\system32\dllcache\ddrawex.dll
    + 2001-08-17 19:52:58 7,424 ----a-w C:\WINDOWS\system32\dllcache\ddsmc.sys
    + 2001-08-17 18:11:44 20,928 ----a-w C:\WINDOWS\system32\dllcache\defpa.sys
    + 2004-08-05 12:00:00 25,088 ----a-w C:\WINDOWS\system32\dllcache\defrag.exe
    + 2001-08-23 15:47:00 256,512 ----a-w C:\WINDOWS\system32\dllcache\devcon32.dll
    + 2004-08-05 12:00:00 59,904 ----a-w C:\WINDOWS\system32\dllcache\devenum.dll
    + 2001-08-23 15:47:34 24,064 ----a-w C:\WINDOWS\system32\dllcache\devldr32.exe
    + 2004-08-05 12:00:00 290,816 ----a-w C:\WINDOWS\system32\dllcache\devmgr.dll
    + 2001-08-17 18:11:48 24,648 ----a-w C:\WINDOWS\system32\dllcache\dfe650.sys
    + 2001-08-17 18:11:48 24,649 ----a-w C:\WINDOWS\system32\dllcache\dfe650d.sys
    + 2004-08-05 12:00:00 104,960 ----a-w C:\WINDOWS\system32\dllcache\dfrgntfs.exe
    + 2004-08-05 12:00:00 55,808 ----a-w C:\WINDOWS\system32\dllcache\dfrgres.dll
    + 2004-08-05 12:00:00 28,672 ----a-w C:\WINDOWS\system32\dllcache\dfsshlex.dll
    + 2001-08-23 15:09:48 29,691 ----a-w C:\WINDOWS\system32\dllcache\dgapci.sys
    + 2001-08-23 15:47:00 422,429 ----a-w C:\WINDOWS\system32\dllcache\dgconfig.dll
    + 2001-08-17 18:13:48 164,923 ----a-w C:\WINDOWS\system32\dllcache\diapi2.sys
    + 2001-08-23 15:47:02 32,256 ----a-w C:\WINDOWS\system32\dllcache\diapi2NT.dll
    + 2001-08-23 15:47:02 65,622 ----a-w C:\WINDOWS\system32\dllcache\digiasyn.dll
    + 2001-08-23 15:10:10 37,927 ----a-w C:\WINDOWS\system32\dllcache\digiasyn.sys
    + 2001-08-23 15:47:02 135,252 ----a-w C:\WINDOWS\system32\dllcache\digidbp.dll
    + 2001-08-23 15:10:10 103,492 ----a-w C:\WINDOWS\system32\dllcache\digidxb.sys
    + 2001-08-23 15:10:12 90,685 ----a-w C:\WINDOWS\system32\dllcache\digifep5.sys
    + 2001-08-23 15:47:02 229,462 ----a-w C:\WINDOWS\system32\dllcache\digifwrk.dll
    + 2001-08-23 15:47:02 159,828 ----a-w C:\WINDOWS\system32\dllcache\digihlc.dll
    + 2001-08-23 15:47:02 102,484 ----a-w C:\WINDOWS\system32\dllcache\digiinf.dll
    + 2001-08-23 15:47:02 41,046 ----a-w C:\WINDOWS\system32\dllcache\digiisdn.dll
    + 2001-08-17 18:14:44 21,606 ----a-w C:\WINDOWS\system32\dllcache\digiisdn.sys
    + 2001-08-23 15:47:02 110,621 ----a-w C:\WINDOWS\system32\dllcache\digirlpt.dll
    + 2001-08-23 15:10:16 42,656 ----a-w C:\WINDOWS\system32\dllcache\digirlpt.sys
    + 2001-08-17 18:13:52 91,305 ----a-w C:\WINDOWS\system32\dllcache\dimaint.sys
    + 2004-08-05 12:00:00 165,376 ----a-w C:\WINDOWS\system32\dllcache\dinput.dll
    + 2004-08-05 12:00:00 187,904 ----a-w C:\WINDOWS\system32\dllcache\dinput8.dll
    + 2004-08-05 12:00:00 36,352 ----a-w C:\WINDOWS\system32\dllcache\disk.sys
    + 2004-08-05 12:00:00 1,502,208 ----a-w C:\WINDOWS\system32\dllcache\diskcopy.dll
    + 2004-08-05 12:00:00 14,208 ----a-w C:\WINDOWS\system32\dllcache\diskdump.sys
    + 2004-08-05 12:00:00 45,083 ----a-w C:\WINDOWS\system32\dllcache\dispex.dll
    + 2001-08-23 15:47:02 6,729 ----a-w C:\WINDOWS\system32\dllcache\disrvci.dll
    + 2001-08-23 15:47:02 31,817 ----a-w C:\WINDOWS\system32\dllcache\disrvpp.dll
    + 2001-08-23 15:47:02 38,985 ----a-w C:\WINDOWS\system32\dllcache\disrvsu.dll
    + 2001-08-23 15:47:34 236,060 ----a-w C:\WINDOWS\system32\dllcache\ditrace.exe
    + 2001-08-23 15:47:02 6,216 ----a-w C:\WINDOWS\system32\dllcache\divaci.dll
    + 2001-08-23 15:47:02 37,962 ----a-w C:\WINDOWS\system32\dllcache\divaprop.dll
    + 2001-08-23 15:47:02 29,768 ----a-w C:\WINDOWS\system32\dllcache\divasu.dll
    + 2001-08-17 18:11:44 26,698 ----a-w C:\WINDOWS\system32\dllcache\dlh5xnd5.sys
    + 2004-08-05 12:00:00 5,120 ----a-w C:\WINDOWS\system32\dllcache\dllhost.exe
    + 2004-08-03 21:00:06 8,320 ----a-w C:\WINDOWS\system32\dllcache\dlttape.sys
    + 2001-08-17 18:11:42 29,696 ----a-w C:\WINDOWS\system32\dllcache\dm9pci5.sys
    + 2004-08-05 12:00:00 225,280 ----a-w C:\WINDOWS\system32\dllcache\dmadmin.exe
    + 2004-08-05 12:00:00 800,256 ----a-w C:\WINDOWS\system32\dllcache\dmboot.sys
    + 2004-08-05 12:00:00 181,248 ----a-w C:\WINDOWS\system32\dllcache\dmime.dll
    + 2004-08-05 12:00:00 154,496 ----a-w C:\WINDOWS\system32\dllcache\dmio.sys
    + 2004-08-05 12:00:00 5,888 ----a-w C:\WINDOWS\system32\dllcache\dmload.sys
    + 2004-08-05 12:00:00 35,840 ----a-w C:\WINDOWS\system32\dllcache\dmloader.dll
    + 2004-08-05 12:00:00 19,456 ----a-w C:\WINDOWS\system32\dllcache\dmocx.dll
    + 2004-08-05 12:00:00 103,424 ----a-w C:\WINDOWS\system32\dllcache\dmsynth.dll
    + 2004-08-05 12:00:00 104,448 ----a-w C:\WINDOWS\system32\dllcache\dmusic.dll
    + 2004-08-05 12:00:00 47,616 ----a-w C:\WINDOWS\system32\dllcache\docprop.dll
    + 2004-08-05 12:00:00 48,640 ----a-w C:\WINDOWS\system32\dllcache\docprop2.dll
    + 2004-08-05 12:00:00 54,080 ----a-w C:\WINDOWS\system32\dllcache\dosx.exe
    + 2004-08-03 20:58:30 207,360 ----a-w C:\WINDOWS\system32\dllcache\dot4.sys
    + 2001-08-17 19:47:32 12,928 ----a-w C:\WINDOWS\system32\dllcache\dot4prt.sys
    + 2001-08-17 19:47:32 8,704 ----a-w C:\WINDOWS\system32\dllcache\dot4scan.sys
    + 2001-08-23 15:11:02 24,064 ----a-w C:\WINDOWS\system32\dllcache\dot4usb.sys
    + 2001-08-17 18:12:32 28,062 ----a-w C:\WINDOWS\system32\dllcache\dp83820.sys
    + 2004-08-05 12:00:00 97,792 ----a-w C:\WINDOWS\system32\dllcache\dpcdll.dll
    + 2004-08-05 12:00:00 60,928 ----a-w C:\WINDOWS\system32\dllcache\dpnhupnp.dll
    + 2001-08-17 20:07:44 20,192 ----a-w C:\WINDOWS\system32\dllcache\dpti2o.sys
    + 2004-08-05 12:00:00 14,336 ----a-w C:\WINDOWS\system32\dllcache\drprov.dll
    + 2004-08-05 12:00:00 47,104 ----a-w C:\WINDOWS\system32\dllcache\drwtsn32.exe
    + 2004-08-05 12:00:00 4,656 ----a-w C:\WINDOWS\system32\dllcache\ds16gt.dll
    + 2001-08-17 18:20:18 334,208 ----a-w C:\WINDOWS\system32\dllcache\ds1wdm.sys
    + 2004-08-05 12:00:00 16,384 ----a-w C:\WINDOWS\system32\dllcache\ds32gt.dll
    + 2004-08-05 12:00:00 181,760 ----a-w C:\WINDOWS\system32\dllcache\dsdmo.dll
    + 2004-08-05 12:00:00 93,696 ----a-w C:\WINDOWS\system32\dllcache\dskquota.dll
    + 2004-08-05 12:00:00 150,016 ----a-w C:\WINDOWS\system32\dllcache\dskquoui.dll
    + 2004-08-05 12:00:00 367,616 ----a-w C:\WINDOWS\system32\dllcache\dsound.dll
    + 2004-08-05 12:00:00 137,216 ----a-w C:\WINDOWS\system32\dllcache\dssenh.dll
    + 2004-08-05 12:00:00 10,752 ----a-w C:\WINDOWS\system32\dllcache\dumprep.exe
    + 2004-08-05 12:00:00 304,128 ----a-w C:\WINDOWS\system32\dllcache\duser.dll
    + 2004-08-05 12:00:00 59,728 ----a-w C:\WINDOWS\system32\dllcache\dwil1036.dll
    + 2004-08-05 12:00:00 180,224 ----a-w C:\WINDOWS\system32\dllcache\dwwin.exe
    + 2004-08-05 12:00:00 10,496 ----a-w C:\WINDOWS\system32\dllcache\dxapi.sys
    + 2004-08-05 12:00:00 2,113,536 ----a-w C:\WINDOWS\system32\dllcache\dxdiagn.dll
    + 2004-08-05 12:00:00 71,040 ----a-w C:\WINDOWS\system32\dllcache\dxg.sys
    + 2004-08-05 12:00:00 3,328 ----a-w C:\WINDOWS\system32\dllcache\dxgthk.sys
    + 2001-08-23 15:12:50 51,743 ----a-w C:\WINDOWS\system32\dllcache\e1000nt5.sys
    + 2001-08-23 15:12:50 117,760 ----a-w C:\WINDOWS\system32\dllcache\e100b325.sys
    + 2001-08-17 18:12:12 19,594 ----a-w C:\WINDOWS\system32\dllcache\e100isa4.sys
    + 2004-08-05 12:00:00 514,587 ----a-w C:\WINDOWS\system32\dllcache\edb500.dll
    + 2001-08-23 15:13:26 44,615 ----a-w C:\WINDOWS\system32\dllcache\el515.sys
    + 2001-08-17 18:10:56 55,999 ----a-w C:\WINDOWS\system32\dllcache\el556nd5.sys
    + 2001-08-17 18:10:56 24,653 ----a-w C:\WINDOWS\system32\dllcache\el574nd4.sys
    + 2001-08-17 18:10:58 69,692 ----a-w C:\WINDOWS\system32\dllcache\el575nd5.sys
    + 2001-08-17 18:10:52 26,141 ----a-w C:\WINDOWS\system32\dllcache\el589nd5.sys
    + 2001-08-17 18:11:00 69,194 ----a-w C:\WINDOWS\system32\dllcache\el656cd5.sys
    + 2001-08-23 15:13:28 634,166 ----a-w C:\WINDOWS\system32\dllcache\el656ct5.sys
    + 2001-08-17 18:11:00 77,386 ----a-w C:\WINDOWS\system32\dllcache\el656nd5.sys
    + 2001-08-23 15:13:30 241,238 ----a-w C:\WINDOWS\system32\dllcache\el656se5.sys
    + 2001-08-17 18:11:06 66,591 ----a-w C:\WINDOWS\system32\dllcache\el90xbc5.sys
    + 2001-08-23 15:13:30 153,631 ----a-w C:\WINDOWS\system32\dllcache\el90xnd5.sys
    + 2001-08-23 15:13:30 455,711 ----a-w C:\WINDOWS\system32\dllcache\el985n51.sys
    + 2001-08-17 18:11:04 70,174 ----a-w C:\WINDOWS\system32\dllcache\el98xn5.sys
    + 2001-08-23 15:13:32 175,104 ----a-w C:\WINDOWS\system32\dllcache\el99xn51.sys
    + 2001-08-17 19:53:02 7,296 ----a-w C:\WINDOWS\system32\dllcache\elmsmc.sys
    + 2001-08-17 18:10:52 25,159 ----a-w C:\WINDOWS\system32\dllcache\elnk3.sys
    + 2001-08-17 18:10:54 19,996 ----a-w C:\WINDOWS\system32\dllcache\em556n4.sys
    + 2001-08-17 18:19:26 283,904 ----a-w C:\WINDOWS\system32\dllcache\emu10k1m.sys
    + 2001-08-17 19:46:40 6,400 ----a-w C:\WINDOWS\system32\dllcache\enum1394.sys
    + 2001-08-17 19:50:20 144,896 ----a-w C:\WINDOWS\system32\dllcache\epcfw2k.sys
    + 2001-08-17 18:12:08 18,503 ----a-w C:\WINDOWS\system32\dllcache\epro4.sys
    + 2001-08-17 19:50:20 114,944 ----a-w C:\WINDOWS\system32\dllcache\epstw2k.sys
    + 2001-08-23 15:47:34 53,760 ----a-w C:\WINDOWS\system32\dllcache\eqndiag.exe
    + 2001-08-23 15:47:34 51,712 ----a-w C:\WINDOWS\system32\dllcache\eqnlogr.exe
    + 2001-08-23 15:47:34 62,464 ----a-w C:\WINDOWS\system32\dllcache\eqnloop.exe
    + 2004-08-05 12:00:00 23,040 ----a-w C:\WINDOWS\system32\dllcache\ersvc.dll
    + 2005-07-26 04:39:58 243,200 ----a-w C:\WINDOWS\system32\dllcache\es.dll
    + 2001-08-17 18:19:38 37,120 ----a-w C:\WINDOWS\system32\dllcache\es1370mp.sys
    + 2001-08-17 18:19:34 40,704 ----a-w C:\WINDOWS\system32\dllcache\es1371mp.sys
    + 2001-08-17 18:19:58 72,192 ----a-w C:\WINDOWS\system32\dllcache\es1969.sys
    + 2001-08-17 18:19:48 174,464 ----a-w C:\WINDOWS\system32\dllcache\es198x.sys
    + 2001-08-23 15:16:04 596,319 ----a-w C:\WINDOWS\system32\dllcache\es56cvmp.sys
    + 2001-08-23 15:16:06 594,910 ----a-w C:\WINDOWS\system32\dllcache\es56hpi.sys
    + 2001-08-23 15:16:06 348,222 ----a-w C:\WINDOWS\system32\dllcache\es56tpi.sys
    + 2005-10-20 22:25:54 1,097,728 ----a-w C:\WINDOWS\system32\dllcache\esent.dll
    + 2001-08-17 18:19:56 63,360 ----a-w C:\WINDOWS\system32\dllcache\ess.sys
    + 2004-08-05 12:00:00 247,808 ----a-w C:\WINDOWS\system32\dllcache\esscli.dll
    + 2004-08-03 20:32:28 137,088 ----a-w C:\WINDOWS\system32\dllcache\essm2e.sys
    + 2001-08-23 15:47:04 43,008 ----a-w C:\WINDOWS\system32\dllcache\esucm.dll
    + 2004-08-05 12:00:00 31,744 ----a-w C:\WINDOWS\system32\dllcache\esucmd.dll
    + 2001-08-23 15:47:04 34,816 ----a-w C:\WINDOWS\system32\dllcache\esuimg.dll
    + 2004-08-05 12:00:00 57,856 ----a-w C:\WINDOWS\system32\dllcache\esuimgd.dll
    + 2001-08-23 15:47:04 46,080 ----a-w C:\WINDOWS\system32\dllcache\esuni.dll
    + 2001-08-23 15:47:04 46,080 ----a-w C:\WINDOWS\system32\dllcache\esunib.dll
    + 2004-08-05 12:00:00 45,568 ----a-w C:\WINDOWS\system32\dllcache\esunid.dll
    + 2004-08-05 12:00:00 25,856 ----a-w C:\WINDOWS\system32\dllcache\et4000.sys
    + 2004-08-05 12:00:00 55,808 ----a-w C:\WINDOWS\system32\dllcache\eventlog.dll
    + 2004-08-05 12:00:00 109,568 ----a-w C:\WINDOWS\system32\dllcache\evntagnt.dll
    + 2004-08-05 12:00:00 26,112 ----a-w C:\WINDOWS\system32\dllcache\evntcmd.exe
    + 2004-08-05 12:00:00 94,720 ----a-w C:\WINDOWS\system32\dllcache\evntwin.exe
    + 2001-08-17 18:12:08 16,998 ----a-w C:\WINDOWS\system32\dllcache\ex10.sys
    + 2001-08-17 19:52:48 7,040 ----a-w C:\WINDOWS\system32\dllcache\exabyte2.sys
    + 2001-08-23 15:46:58 5,632 ----a-w C:\WINDOWS\system32\dllcache\EXCH_adsiisex.dll
    + 2001-08-23 15:46:58 45,056 ----a-w C:\WINDOWS\system32\dllcache\EXCH_aqadmin.dll
    + 2001-08-23 15:47:04 43,520 ----a-w C:\WINDOWS\system32\dllcache\EXCH_fcachdll.dll
    + 2001-08-23 15:47:06 65,536 ----a-w C:\WINDOWS\system32\dllcache\EXCH_mailmsg.dll
    + 2001-08-23 15:47:16 38,912 ----a-w C:\WINDOWS\system32\dllcache\EXCH_ntfsdrv.dll
    + 2001-08-23 15:47:44 23,040 ----a-w C:\WINDOWS\system32\dllcache\EXCH_regtrace.exe
    + 2001-08-23 15:47:16 57,856 ----a-w C:\WINDOWS\system32\dllcache\EXCH_scripto.dll
    + 2001-08-23 15:47:18 26,112 ----a-w C:\WINDOWS\system32\dllcache\EXCH_seos.dll
    + 2001-08-23 15:47:18 12,800 ----a-w C:\WINDOWS\system32\dllcache\EXCH_smtpctrs.dll
    + 2001-08-23 15:47:18 7,168 ----a-w C:\WINDOWS\system32\dllcache\EXCH_snprfdll.dll
    + 2004-08-05 12:00:00 121,856 ----a-w C:\WINDOWS\system32\dllcache\exts.dll
    + 2001-08-17 18:11:54 12,362 ----a-w C:\WINDOWS\system32\dllcache\f3ab18xi.sys
    + 2001-08-17 18:11:56 11,850 ----a-w C:\WINDOWS\system32\dllcache\f3ab18xj.sys
    + 2001-08-17 18:12:32 16,074 ----a-w C:\WINDOWS\system32\dllcache\fa312nd5.sys
    + 2001-08-17 18:12:32 24,618 ----a-w C:\WINDOWS\system32\dllcache\fa410nd5.sys
    + 2004-08-05 12:00:00 143,360 ----a-w C:\WINDOWS\system32\dllcache\fastfat.sys
    + 2004-08-05 12:00:00 472,064 ----a-w C:\WINDOWS\system32\dllcache\fastprox.dll
    + 2004-08-05 12:00:00 80,896 ----a-w C:\WINDOWS\system32\dllcache\faultrep.dll
    + 2004-08-05 12:00:00 27,392 ----a-w C:\WINDOWS\system32\dllcache\fdc.sys
    + 2004-08-05 12:00:00 21,504 ----a-w C:\WINDOWS\system32\dllcache\feclient.dll
    + 2001-08-17 18:10:54 22,090 ----a-w C:\WINDOWS\system32\dllcache\fem556n5.sys
    + 2001-08-17 18:13:08 27,165 ----a-w C:\WINDOWS\system32\dllcache\fetnd5.sys
    + 2004-08-05 12:00:00 35,072 ----a-w C:\WINDOWS\system32\dllcache\fips.sys
    + 2004-08-05 12:00:00 3,072 ----a-w C:\WINDOWS\system32\dllcache\fixmapi.exe
    + 2004-08-05 12:00:00 15,360 ----a-w C:\WINDOWS\system32\dllcache\flattemp.exe
    + 2004-08-05 12:00:00 88,064 ----a-w C:\WINDOWS\system32\dllcache\fldrclnr.dll
    + 2004-08-05 12:00:00 20,480 ----a-w C:\WINDOWS\system32\dllcache\flpydisk.sys
    + 2001-08-23 15:47:04 72,192 ----a-w C:\WINDOWS\system32\dllcache\fnfilter.dll
    + 2004-08-05 12:00:00 386,560 ----a-w C:\WINDOWS\system32\dllcache\fontext.dll
    + 2005-10-17 21:21:08 80,896 ----a-w C:\WINDOWS\system32\dllcache\fontsub.dll
    + 2004-08-05 12:00:00 21,504 ----a-w C:\WINDOWS\system32\dllcache\fontview.exe
    + 2004-08-03 20:31:24 34,173 ----a-w C:\WINDOWS\system32\dllcache\forehe.sys
    + 2004-08-05 12:00:00 32,828 ----a-w C:\WINDOWS\system32\dllcache\fp40ext.dll
    + 2004-05-12 22:39:48 184,435 ----a-w C:\WINDOWS\system32\dllcache\fp4amsft.dll
    + 2003-03-24 13:52:04 82,035 ----a-w C:\WINDOWS\system32\dllcache\fp4anscp.dll
    + 2003-03-24 13:52:04 147,513 ----a-w C:\WINDOWS\system32\dllcache\fp4apws.dll
    + 2003-03-24 13:52:04 49,210 ----a-w C:\WINDOWS\system32\dllcache\fp4areg.dll
    + 2003-03-24 13:52:04 102,509 ----a-w C:\WINDOWS\system32\dllcache\fp4atxt.dll
    + 2003-03-24 13:52:04 41,020 ----a-w C:\WINDOWS\system32\dllcache\fp4avnb.dll
    + 2003-03-24 13:52:04 32,826 ----a-w C:\WINDOWS\system32\dllcache\fp4avss.dll
    + 2003-03-24 13:52:04 49,212 ----a-w C:\WINDOWS\system32\dllcache\fp4awebs.dll
    + 2002-05-14 11:08:54 14,608 ----a-w C:\WINDOWS\system32\dllcache\fp98sadm.exe
    + 2002-05-14 11:08:54 109,328 ----a-w C:\WINDOWS\system32\dllcache\fp98swin.exe
    + 2003-03-24 13:52:04 24,632 ----a-w C:\WINDOWS\system32\dllcache\fpadmcgi.exe
    + 2003-03-24 13:52:04 20,541 ----a-w C:\WINDOWS\system32\dllcache\fpadmdll.dll
    + 2001-08-17 18:14:24 444,416 ----a-w C:\WINDOWS\system32\dllcache\fpcibase.sys
    + 2001-08-17 18:14:44 441,728 ----a-w C:\WINDOWS\system32\dllcache\fpcmbase.sys
    + 2003-03-24 13:52:04 188,494 ----a-w C:\WINDOWS\system32\dllcache\fpcount.exe
    + 2002-05-14 11:08:54 94,208 ----a-w C:\WINDOWS\system32\dllcache\fpencode.dll
    + 2003-03-24 13:52:04 20,541 ----a-w C:\WINDOWS\system32\dllcache\fpexedll.dll
    + 2004-05-12 22:39:48 598,071 ----a-w C:\WINDOWS\system32\dllcache\fpmmc.dll
    + 2003-04-14 18:29:34 217,088 ----a-w C:\WINDOWS\system32\dllcache\fpmmcsat.dll
    + 2001-08-17 18:15:02 442,240 ----a-w C:\WINDOWS\system32\dllcache\fpnpbase.sys
    + 2003-03-24 13:52:04 20,538 ----a-w C:\WINDOWS\system32\dllcache\fpremadm.exe
    + 2004-08-05 12:00:00 185,856 ----a-w C:\WINDOWS\system32\dllcache\framedyn.dll
    + 2004-08-05 12:00:00 55,808 ----a-w C:\WINDOWS\system32\dllcache\freecell.exe
    + 2004-08-05 12:00:00 7,936 ----a-w C:\WINDOWS\system32\dllcache\fs_rec.sys
    + 2004-08-05 12:00:00 12,416 ----a-w C:\WINDOWS\system32\dllcache\fsvga.sys
    + 2001-08-23 15:17:30 126,080 ----a-w C:\WINDOWS\system32\dllcache\ftdisk.sys
    + 2001-08-17 18:15:22 455,680 ----a-w C:\WINDOWS\system32\dllcache\fus2base.sys
    + 2001-08-17 18:15:38 455,296 ----a-w C:\WINDOWS\system32\dllcache\fusbbase.sys
    + 2001-08-23 15:47:04 92,672 ----a-w C:\WINDOWS\system32\dllcache\fuusd.dll
    + 2004-08-05 12:00:00 452,096 ----a-w C:\WINDOWS\system32\dllcache\fxsapi.dll
    + 2004-08-05 12:00:00 113,664 ----a-w C:\WINDOWS\system32\dllcache\fxscfgwz.dll
    + 2004-08-05 12:00:00 143,360 ----a-w C:\WINDOWS\system32\dllcache\fxsclnt.exe
    + 2004-08-05 12:00:00 141,312 ----a-w C:\WINDOWS\system32\dllcache\fxsclntr.dll
    + 2004-08-05 12:00:00 72,192 ----a-w C:\WINDOWS\system32\dllcache\fxscom.dll
    + 2004-08-05 12:00:00 285,184 ----a-w C:\WINDOWS\system32\dllcache\fxscomex.dll
    + 2004-08-05 12:00:00 238,592 ----a-w C:\WINDOWS\system32\dllcache\fxscover.exe
    + 2004-08-05 12:00:00 27,136 ----a-w C:\WINDOWS\system32\dllcache\fxsdrv.dll
    + 2004-08-05 12:00:00 66,048 ----a-w C:\WINDOWS\system32\dllcache\fxsevent.dll
    + 2004-08-05 12:00:00 23,552 ----a-w C:\WINDOWS\system32\dllcache\fxsext32.dll
    + 2004-08-05 12:00:00 24,064 ----a-w C:\WINDOWS\system32\dllcache\fxsmon.dll
    + 2004-08-05 12:00:00 132,608 ----a-w C:\WINDOWS\system32\dllcache\fxsocm.dll
    + 2004-08-05 12:00:00 8,704 ----a-w C:\WINDOWS\system32\dllcache\fxsperf.dll
    + 2004-08-05 12:00:00 7,168 ----a-w C:\WINDOWS\system32\dllcache\fxsres.dll
    + 2004-08-05 12:00:00 31,744 ----a-w C:\WINDOWS\system32\dllcache\fxsroute.dll
    + 2004-08-05 12:00:0
    21 Août 2008 20:18:44

    Re,

    Le rapport est incomplet.

    De plus, tu t'es réinfecté(e) avec vundo, je présume donc que tu n'as pas supprimé les cracks de ton PC et tout ce que tu as téléchargé via p2p. Je vais donc te demander de le faire maintenant avant de poursuivre toute désinfection.

    Tu es infecté(e) par "Vundo". Supprime tous les cracks de ton PC s'ils sont présents car sinon ils relanceront l'infection.

    Je te conseille de désinstaller et de supprimer tous tes logiciels de p2p : 50% de ce que tu télécharges via p2p est piégé. Le p2p est le premier vecteur d'infection de nos jours.
    Plus d'informations disponibles en cliquant sur le lien suivant : Cracks / P2P

    Poste-moi le rapport en entier, pour cela tu peux l'uploader sur madiafire. Et fais ensuite ce que je t'ai demandé ;) 

    Uploader un fichier sur mediafire :

  • Rends-toi sur ce lien : http://www.mediafire.com/
  • Clique en haut sur "Upload files To Media fire". Choisis ensuite "I want to upload without an account"
  • Une fenêtre de ton explorateur windows va s'ouvrir. Navigue jusqu'au rapport que je te demande d'uploader, sélectionne-le puis clique sur "ouvrir".
  • Clique ensuite sur "Upload".
  • A droite de l'écran, choisis : "upload to a new folder". Laisse le nom par défaut ( = la date )
  • Valide et laisse l'upload se faire.
  • Clique sur "Vieuw uploaded file" et copie-moi l'url ( = le lien ) du nouvel onglet ou de la nouvelle fenêtre qui va s'ouvrir dans ton prochain message. Ainsi, je pourrais télécharger le rapport demandé.

    ;) 
    23 Août 2008 10:54:07

    salut,

    je ne peux pas sélectionner l'option upload without an account sur mediafire, il est en gris. Je dois absolument en créer un. Alors, voici le rapport hijackthis de ce matin :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:47:14, on 23/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\DU Meter\DUMeter.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
    C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\monitor.exe
    C:\Program Files\LaCie\Backup Software\LaCieBackup.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
    O4 - HKLM\..\Run: [a8e692a6] rundll32.exe "C:\WINDOWS\system32\mynnscrd.dll",b
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
    O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\monitor.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [AnumanLive] C:\Documents and Settings\Ivanovski\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
    O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CB6F7303-B601-43F3-AD0B-B7FFB987451B}: NameServer = 212.68.193.110,192.168.0.1
    O18 - Protocol: biblioscape - (no CLSID) - (no file)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: lfgjcp.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    --
    End of file - 10905 bytes
    23 Août 2008 12:40:05

    Citation :
    je ne peux pas sélectionner l'option upload without an account sur mediafire, il est en gris. Je dois absolument en créer un.


    Et bien crée un compte et upload-moi le rapport demandé.

    ;) 
    24 Août 2008 18:35:02

    Re,

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM

    ;) 
    27 Août 2008 22:22:33

    bonsoir,

    j'ai un petit souci. J'ai utilisé le programme malware en suivant ttes les consignes. Mais voilà, le rapport n'apparait pas sur le bureau ni nulle part ailleurs, donc pas moyen de le poster. J'ai effectué un deuxième scan mais même chose, j'enregistre le fichier rapport sur le bureau mais après avoir redémarré le fichier n'est plus sur le bureau...
    30 Août 2008 11:23:28

    :hello:  Bonjour,

    Regarde dans les répertoire de MBAM s'il n'y est pas.

    ;) 
    31 Août 2008 02:03:12

    Salut !

    J'ai exactement le même problème avec mon ordinateur. À coté de l'heure il y a toujours "VIRUS ALERT" qui est marqué...

    Mon menu démarré aussi a été modifié. J'ai perdu des logiciels ainsi que mon disque dur C et mon lecteur CD D: , tout a disparu. J'ai envoyé mon ordinateur chez le réparateur et maintenant il n'y a plus de virus, sauf que le Virus Alert reste. Comment faire pour l'enlevé ? Est-ce que je peux retrouvé mon disque dur C et faire reconnaitre mon lecteur CD sur mon ordi ?

    Seul petit problème : J'Ai Window 2000. Vraiment vieux, mais de plus, j'peux pas resté plus de 1h30 dessus car il "fond". Disons que mon ordinateur a plusieurs pièces de tout âge, des très vieilles et des très récentes. Dans l'intérieur de la tour, il y a une petite pièce qui surchauffe si je reste longtemps, et ça fond sur les plaquettes de l'ordinateur. Ce n'est pas que le ventilateur ne marche, c'est simplement que ça devient vieux.. Enfin bref.

    J'voudrais savoir s'il y a un moyen de se débarassé de ça, de retrouvé mon disque dur et mon lecteur CD sans que ça prennent des heures ?

    J'ai vraiment besoin de votre aide.. ;) 
    1 Septembre 2008 13:21:36

    salut,

    voila j'ai trouvé deux rapports de malware, je ne sais pas trop ce qu'ils valent, mais je les mets sur mediafire :

    http://www.mediafire.com/?sharekey=0c512aa80edc1c90d2db...


    aussi, j'ai un petit souci avec un autre portable, internet est super lent et parfois l'accès à n'importe quel site ne s'effectue pas du tout alors que msn fonctionne sans problème. voici le rapport hijackthis:
    encore un grand merci.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:19:35, on 1/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\System Control Manager\edd.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\o2flash.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\System Control Manager\MGSysCtrl.exe
    C:\Program Files\MSI\Live Update 3\LMonitor.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Microsoft Reference\Bibliorom Larousse 2.0\QShlf2f.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
    O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: QuickShelf Fr.lnk = C:\Program Files\Microsoft Reference\Bibliorom Larousse 2.0\QShlf2f.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.03\AMVConverter\grab.html
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.03\MediaManager\grab.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.msi.com.tw
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall....
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe

    --
    End of file - 8260 bytes
    6 Septembre 2008 12:18:03

    bonjour,

    y aurait-il quelqu'un pour m'aider ? Me dire si tous les virus ont bien disparu de mon pc ? Je crois que oui mais je ne suis pas sûr car je n'arrive pas à me connecter à un réseau sans fil. Peut-être que le problème est ailleurs...
    6 Septembre 2008 14:08:28

    bonjour
    Egwene est absent pour le moment, je le remplace. :) 

    le dernier rapport de ComboFix montre encore plusieurs traces d'infection.

    Notamment une qui se propage via tes supports amovibles:
    http://www.prevx.com/filenames/61134892967544011-X1/JFV...



    1

    Télécharge Flash Disinfector
    Connectes tes supports amovibles sur ton PC. (lecteur mp3, DD externe, clé USB...)
    Connecte tous les périphériques externes ( DD , USB , ..... )
    Double clique sur Flash Disinfector et laisse toi guider

    2
    Il est préférable de travailler avec les dernières versions des outils.

    Désinstalle combofix en suivant cette procédure:

  • Menu démarrer puis exécuter
  • Tape maintenant Combofix /u dans la fenêtre que apparaît puis valide par OK. Veille à bien laisser un espace entre le X et le /U, car cela est nécessaire ici.


    3

    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs :
    ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    4

    ajoute un nouveau rapport Hijackthis.

    16 Septembre 2008 18:21:16

    bonjour

    voici le rapport combofix :

    ComboFix 08-09-15.02 - Ivanovski 2008-09-16 18:03:22.7 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.417 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\Ivanovski\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Autorun.inf

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-16 au 2008-09-16 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-11 15:03 . 2008-09-11 16:05 4,681,492,480 --a------ C:\DVD_VIDEO.ISO
    2008-09-06 11:40 . 2008-09-06 12:33 4,681,449,472 --a------ C:\LE_DECALOGUE_3.ISO
    2008-08-24 19:45 . 2008-08-24 19:45 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-08-24 19:40 . 2008-08-24 19:40 <REP> d-------- C:\Documents and Settings\Ivanovski\Application Data\Malwarebytes
    2008-08-24 19:39 . 2008-08-24 19:40 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-24 19:39 . 2008-08-24 19:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-24 19:39 . 2008-08-17 15:05 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-24 19:39 . 2008-08-17 15:05 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-08-21 00:08 . 2008-08-21 00:09 <REP> d-------- C:\WINDOWS\ERUNT
    2008-08-20 21:33 . 2008-08-20 21:33 <REP> d-------- C:\Program Files\Eidos
    2008-08-19 11:54 . 2008-08-19 11:54 <REP> d-------- C:\Program Files\Fiddler2
    2008-08-16 18:54 . 2008-09-15 16:03 <REP> d-------- C:\Documents and Settings\Ivanovski\Application Data\skypePM
    2008-08-16 18:54 . 2008-08-16 18:54 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
    2008-08-16 18:51 . 2008-08-16 18:51 <REP> d-------- C:\Program Files\Fichiers communs\Skype

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-15 15:28 --------- d-----w C:\Program Files\Celtx
    2008-09-15 15:26 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\Skype
    2008-09-11 12:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-09-09 20:49 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\dvdcss
    2008-09-01 08:06 --------- d-----w C:\Program Files\Symantec
    2008-09-01 07:49 --------- d-----w C:\Program Files\Sonic
    2008-08-26 04:21 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-08-23 17:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-08-22 21:49 --------- d-----w C:\Program Files\GCH Guitar academy
    2008-08-21 19:30 --------- d-----w C:\Program Files\maximes
    2008-08-20 19:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-20 19:05 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\Azureus
    2008-08-19 18:36 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\Lionhead Studios
    2008-08-19 09:10 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\SystemRequirementsLab
    2008-08-16 16:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
    2008-08-13 18:16 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\Graphisoft
    2008-08-12 17:03 3,620 ----a-w C:\WINDOWS\system32\tmp.reg
    2008-08-12 15:49 --------- d-----w C:\Program Files\Graphisoft
    2008-08-12 15:36 --------- d-----w C:\Program Files\Sweet Home 3D
    2008-08-12 15:35 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\Anuman Interactive
    2008-08-12 07:26 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-08-12 07:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-08-09 23:42 --------- d-----w C:\Program Files\Trend Micro
    2008-08-09 12:21 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\U3
    2008-08-07 12:54 --------- d-----w C:\Program Files\SopCast
    2008-08-07 09:11 --------- d-----w C:\Program Files\TVAnts
    2008-08-04 08:44 --------- d-----w C:\Program Files\Java
    2008-07-23 09:16 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\Applied Acoustics Systems
    2008-07-23 09:14 --------- d-----w C:\Program Files\VstPlugins
    2008-07-23 09:14 --------- d-----w C:\Program Files\Fichiers communs\Digidesign
    2008-07-23 09:13 --------- d-----w C:\Program Files\AAS
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
    2008-06-23 15:39 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
    2008-06-23 15:39 1,056,768 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
    2008-06-23 15:39 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
    2008-06-23 09:49 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
    2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
    2007-06-21 10:36 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    2007-04-28 15:34 87,608 -c--a-w C:\Documents and Settings\Ivanovski\Application Data\ezpinst.exe
    2007-04-28 15:34 47,360 -c--a-w C:\Documents and Settings\Ivanovski\Application Data\pcouffin.sys
    2006-10-16 15:45 94,080 -c--a-w C:\Documents and Settings\Ivanovski\Application Data\ezplay.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
    "Gestionnaire Antidote.exe"="C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe" [2002-11-07 143360]
    "Advanced Uninstaller PRO Installation Monitor"="C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\monitor.exe" [2006-12-05 1180672]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
    "LaCie Backup"="C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe" [2006-07-06 2596864]
    "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080]
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-06-19 3664944]
    "AnumanLive"="C:\Documents and Settings\Ivanovski\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe" [2008-08-12 347648]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 729178]
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-04-12 58992]
    "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-08-20 100056]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-15 180269]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-01-20 200704]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
    "DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2006-11-27 1582616]
    "CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 45056]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 37376]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2005-05-25 C:\WINDOWS\RTHDCPL.EXE]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-05-11 C:\WINDOWS\AGRSMMSG.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=lfgjcp.dll wwbkgj.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3acm"= l3codecp.acm
    "vidc.mpng"= C:\Program Files\t@b\0.956\686\tabdec.dll
    "vidc.mjpg"= C:\Program Files\t@b\0.956\686\tabdec.dll
    "vidc.mvjp"= C:\Program Files\t@b\0.956\686\tabdec.dll
    "vidc.444p"= C:\Program Files\t@b\0.956\686\tabdec.dll
    "VIDC.ACDV"= ACDV.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll schannel.dll digest.dll msnsspc.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-02-16 10:54 282624 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "AOL ACS"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\APPS\\Inventime\\my.exe"=
    "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
    "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
    "C:\\Program Files\\AOL 9.0\\waol.exe"=
    "C:\\Program Files\\AOL 9.0\\aol.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
    "C:\\APPS\\skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "49153:TCP"= 49153:TCP:BitComet 49153 TCP
    "49153:UDP"= 49153:UDP:BitComet 49153 UDP
    "55437:TCP"= 55437:TCP:BitComet 55437 TCP
    "55437:UDP"= 55437:UDP:BitComet 55437 UDP


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
    \Shell\AutoRun\command - I:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
    \Shell\AutoRun\command - J:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3d419c4-6f48-11db-a398-00038a000015}]
    \Shell\AutoRun\command - E:\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e27ac332-c67f-11dc-ae24-0013ce5f310e}]
    \Shell\AutoRun\command - K:\jfvkcsy.bat
    \Shell\explore\Command - K:\jfvkcsy.bat
    \Shell\open\Command - K:\jfvkcsy.bat

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e27ac333-c67f-11dc-ae24-0013ce5f310e}]
    \Shell\Shell00\Command - G:\Start.exe
    .
    Contenu du dossier 'Tâches planifiées'
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKLM-Run-Device Detector - DevDetect.exe
    Notify-urqPfGXR - (no file)


    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - C:\Documents and Settings\Ivanovski\Application Data\Mozilla\Firefox\Profiles\mw204z4f.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
    FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
    FF -: plugin - C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
    FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
    FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-16 18:08:17
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MySqlInventime]
    "ImagePath"="c:\mysql\bin\mysqld-max-nt MySqlInventime"
    .
    Heure de fin: 2008-09-16 18:10:53
    ComboFix-quarantined-files.txt 2008-09-16 16:10:03
    ComboFix2.txt 2008-08-23 17:36:41

    Avant-CF: 20,278,652,928 octets libres
    AprŠs-CF: 20,272,406,528 octets libres

    202 --- E O F --- 2008-08-23 17:40:31

    et le rapport hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:20:22, on 16/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\DU Meter\DUMeter.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Fichiers communs\ACD Systems\EN\DevDetect.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
    C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\monitor.exe
    C:\Program Files\LaCie\Backup Software\LaCieBackup.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
    O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\monitor.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [AnumanLive] C:\Documents and Settings\Ivanovski\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
    O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CB6F7303-B601-43F3-AD0B-B7FFB987451B}: NameServer = 212.68.193.110,192.168.0.1
    O18 - Protocol: biblioscape - (no CLSID) - (no file)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: lfgjcp.dll wwbkgj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    --
    End of file - 10719 bytes

    Merci d'avance
    16 Septembre 2008 22:02:45

    bonsoir

    Copie (Ctrl+C) le texte ci-dessous :
    File::
    K:\jfvkcsy.bat

    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=""
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e27ac332-c67f-11dc-ae24-0013ce5f310e}]



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    +++++++++++++++++++

    ~Fais une analyse antivirus en ligne sur le site de Kaspersky
    http://www.kaspersky.com/kos/eng/partner/default/kavweb...

    * Clique sur Accept
    * Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
    * clique une nouvelle fois sur "Accept"
    * Les bases de mises à jour vont s'installer, patiente un moment
    * Clique sur Next.
    * Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.
    * Poste le rapport de scan.
    2 Octobre 2008 17:12:45

    voila,

    je poste ici le rapport combofix suite au dernier message et je vais scanner avec kaspersky online.

    ComboFix 08-10-01.05 - Ivanovski 2008-10-02 16:49:06.8 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.377 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\Ivanovski\Bureau\ComboFix.exe
    Commutateurs utilisés :: C:\Documents and Settings\Ivanovski\Bureau\CFScript.txt
    * Un nouveau point de restauration a été créé

    FILE ::
    K:\jfvkcsy.bat
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-02 au 2008-10-02 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-02 16:42 . 2008-10-02 16:42 400,896 --a------ C:\WINDOWS\system32\cmd.cfexe
    2008-10-02 16:40 . 2008-10-02 16:40 <REP> d-------- C:\WINDOWS\LastGood
    2008-09-19 19:38 . 2008-07-17 14:40 109,952 --a------ C:\WINDOWS\system32\drivers\Rtnicxp.sys
    2008-09-19 19:38 . 2008-07-16 22:35 9,728 --a------ C:\WINDOWS\system32\RtNicProp32.dll
    2008-09-11 15:03 . 2008-09-11 16:05 4,681,492,480 --a------ C:\DVD_VIDEO.ISO
    2008-09-06 11:40 . 2008-09-06 12:33 4,681,449,472 --a------ C:\LE_DECALOGUE_3.ISO

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-15 15:28 --------- d-----w C:\Program Files\Celtx
    2008-09-15 15:26 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\Skype
    2008-09-15 14:03 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\skypePM
    2008-09-11 12:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-09-09 20:49 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\dvdcss
    2008-09-01 08:06 --------- d-----w C:\Program Files\Symantec
    2008-09-01 07:49 --------- d-----w C:\Program Files\Sonic
    2008-08-26 04:21 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-08-24 17:45 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-08-24 17:40 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-24 17:40 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\Malwarebytes
    2008-08-24 17:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-23 17:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-08-22 21:49 --------- d-----w C:\Program Files\GCH Guitar academy
    2008-08-20 19:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-20 19:33 --------- d-----w C:\Program Files\Eidos
    2008-08-20 19:05 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\Azureus
    2008-08-19 18:36 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\Lionhead Studios
    2008-08-19 09:54 --------- d-----w C:\Program Files\Fiddler2
    2008-08-19 09:10 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\SystemRequirementsLab
    2008-08-17 13:05 38,472 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-17 13:05 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
    2008-08-16 16:51 --------- d-----w C:\Program Files\Fichiers communs\Skype
    2008-08-16 16:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
    2008-08-13 18:16 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\Graphisoft
    2008-08-12 17:03 3,620 ----a-w C:\WINDOWS\system32\tmp.reg
    2008-08-12 15:49 --------- d-----w C:\Program Files\Graphisoft
    2008-08-12 15:36 --------- d-----w C:\Program Files\Sweet Home 3D
    2008-08-12 15:35 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\Anuman Interactive
    2008-08-12 07:26 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-08-12 07:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-08-09 23:42 --------- d-----w C:\Program Files\Trend Micro
    2008-08-09 12:21 --------- d-----w C:\Documents and Settings\Ivanovski\Application Data\U3
    2008-08-07 12:54 --------- d-----w C:\Program Files\SopCast
    2008-08-07 09:11 --------- d-----w C:\Program Files\TVAnts
    2008-08-04 08:44 --------- d-----w C:\Program Files\Java
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
    2007-06-21 10:36 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    2007-04-28 15:34 87,608 -c--a-w C:\Documents and Settings\Ivanovski\Application Data\ezpinst.exe
    2007-04-28 15:34 47,360 -c--a-w C:\Documents and Settings\Ivanovski\Application Data\pcouffin.sys
    2006-10-16 15:45 94,080 -c--a-w C:\Documents and Settings\Ivanovski\Application Data\ezplay.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-09-16_18.09.40.62 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-07-30 17:19:20 92,504 ----a-w C:\WINDOWS\LastGood\system32\cdm.dll
    + 2007-07-30 17:19:36 549,720 ----a-w C:\WINDOWS\LastGood\system32\wuapi.dll
    + 2007-07-30 17:19:16 53,080 ----a-w C:\WINDOWS\LastGood\system32\wuauclt.exe
    + 2007-07-30 17:19:42 1,712,984 ----a-w C:\WINDOWS\LastGood\system32\wuaueng.dll
    + 2007-07-30 17:19:32 325,976 ----a-w C:\WINDOWS\LastGood\system32\wucltui.dll
    + 2007-07-30 17:18:40 33,624 ----a-w C:\WINDOWS\LastGood\system32\wups.dll
    + 2007-07-30 17:19:12 43,352 ----a-w C:\WINDOWS\LastGood\system32\wups2.dll
    + 2007-07-30 17:19:28 203,096 ----a-w C:\WINDOWS\LastGood\system32\wuweb.dll
    + 2005-03-04 09:10:26 74,496 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\Rtlnicxp.sys
    + 2008-07-18 20:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
    + 2008-07-18 20:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
    "Gestionnaire Antidote.exe"="C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe" [2002-11-07 143360]
    "Advanced Uninstaller PRO Installation Monitor"="C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\monitor.exe" [2006-12-05 1180672]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
    "LaCie Backup"="C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe" [2006-07-06 2596864]
    "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080]
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-06-19 3664944]
    "AnumanLive"="C:\Documents and Settings\Ivanovski\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe" [2008-08-12 347648]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 729178]
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-04-12 58992]
    "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-08-20 100056]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-15 180269]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-01-20 200704]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
    "DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2006-11-27 1582616]
    "CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 45056]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 37376]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2005-05-25 C:\WINDOWS\RTHDCPL.EXE]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-05-11 C:\WINDOWS\AGRSMMSG.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3acm"= l3codecp.acm
    "vidc.mpng"= C:\Program Files\t@b\0.956\686\tabdec.dll
    "vidc.mjpg"= C:\Program Files\t@b\0.956\686\tabdec.dll
    "vidc.mvjp"= C:\Program Files\t@b\0.956\686\tabdec.dll
    "vidc.444p"= C:\Program Files\t@b\0.956\686\tabdec.dll
    "VIDC.ACDV"= ACDV.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll schannel.dll digest.dll msnsspc.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-02-16 10:54 282624 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "AOL ACS"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\APPS\\Inventime\\my.exe"=
    "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
    "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
    "C:\\Program Files\\AOL 9.0\\waol.exe"=
    "C:\\Program Files\\AOL 9.0\\aol.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
    "C:\\APPS\\skype\\Phone\\Skype.exe"=


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
    \Shell\AutoRun\command - J:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3d419c4-6f48-11db-a398-00038a000015}]
    \Shell\AutoRun\command - E:\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e27ac333-c67f-11dc-ae24-0013ce5f310e}]
    \Shell\Shell00\Command - G:\Start.exe
    .
    Contenu du dossier 'Tâches planifiées'
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-02 16:53:59
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MySqlInventime]
    "ImagePath"="c:\mysql\bin\mysqld-max-nt MySqlInventime"
    .
    Heure de fin: 2008-10-02 16:55:39
    ComboFix-quarantined-files.txt 2008-10-02 14:55:32
    ComboFix2.txt 2008-09-16 16:10:55
    ComboFix3.txt 2008-08-23 17:36:41

    Avant-CF: 20.040.491.008 octets libres
    Après-CF: 20,019,789,824 octets libres

    185 --- E O F --- 2008-08-23 17:40:31
    2 Octobre 2008 18:41:58

    bonsoir
    15 jours de délai... ça me laisse dubitatif sur ce qu'on va y trouver...
    6 Octobre 2008 17:32:10

    slt,

    le rapport de kasperski :

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7 REPORT
    Thursday, October 2, 2008
    Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Thursday, October 02, 2008 12:39:10
    Records in database: 1283091
    --------------------------------------------------------------------------------

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\

    Scan statistics:
    Files scanned: 109945
    Threat name: 5
    Infected objects: 25
    Suspicious objects: 0
    Duration of the scan: 02:06:56


    File name / Threat name / Threats count
    C:\Documents and Settings\Ivanovski\Bureau\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
    C:\Documents and Settings\Ivanovski\Bureau\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
    C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0BDA1466.dat Infected: Backdoor.Win32.Small.eug 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\187D42D1.dat Infected: Backdoor.Win32.Small.eug 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1F9C5D6C.dat Infected: Backdoor.Win32.Small.eug 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2C8C0C92.dat Infected: Backdoor.Win32.Small.eug 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\32513192.dat Infected: Backdoor.Win32.Small.eug 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\39BB1882.dat Infected: Backdoor.Win32.Small.eug 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3B4575B9.dat Infected: Backdoor.Win32.Small.eug 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3B672278.exe Infected: Trojan-Dropper.Win32.Small.apl 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3DD50024.exe Infected: Trojan-Dropper.Win32.Small.apl 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\52B464D2.dat Infected: Backdoor.Win32.Small.eug 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5E4520D0.dat Infected: Backdoor.Win32.Small.eug 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6390050F.dat Infected: Backdoor.Win32.Small.eug 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7ABC6B17.dat Infected: Backdoor.Win32.Small.eug 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7AC23F0F.dat Infected: Backdoor.Win32.Small.eug 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7AC6690C.dat Infected: Backdoor.Win32.Small.eug 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7AC91308.dat Infected: Backdoor.Win32.Small.eug 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7AD06701.dat Infected: Backdoor.Win32.Small.eug 1
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7F3024A3.dat Infected: Backdoor.Win32.Small.eug 1
    C:\QooBox\Quarantine\C\autorun.inf.vir Infected: Trojan-PSW.Win32.OnLineGames.acgu 1
    C:\WINDOWS\system32\drivers\etc\hosts.20080704-022742.backup Infected: Trojan.Win32.Qhost.hi 1
    C:\WINDOWS\system32\drivers\etc\HOSTS.BAK Infected: Trojan.Win32.Qhost.hi 1
    C:\WINDOWS\system32\drivers\etc\hosts.msn Infected: Trojan.Win32.Qhost.hi 1

    The selected area was scanned.


    merci d'avance
    6 Octobre 2008 20:25:28

    bonsoir
    supprime:

    C:\WINDOWS\system32\drivers\etc\hosts.20080704-022742.backup
    C:\WINDOWS\system32\drivers\etc\HOSTS.BAK
    C:\WINDOWS\system32\drivers\etc\hosts.msn
    C:\QooBox

    ~Télécharge le programme R-Hosts (de S!RI)
    http://siri.urz.free.fr/Softs/RHosts.exe

    ~Lance R-Hosts.exe puis clique sur Restaurer.
    Valide la modification en appuyant sur OK.



    comment se comporte ton pc?
    8 Octobre 2008 14:33:48

    salut,

    j'ai lancé la restauration et tout semble fonctionner correctement.
    8 Octobre 2008 22:31:08

    bonsoir

    Supprime tous les programmes installés pour la désinfection.


    Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



    Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

    Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.

    ~Edite ton premier message (en cliquant sur la gomme) et marque [résolu] dans le titre.

    :hello: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS