Votre question

Spyware secure, security center intempestif

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
22 Juin 2008 10:13:45

J'ai vu que ce probleme est arrivé a beaucoup de personne du forum pouvez vous m'aider a partir de zero à enlever ces pub spyware secure etc.. il y a aussi des icones auquels je n'oserais pas cliquer qui apparraissent sans arret sur mon bureau.
Merci d'avance :hello: 

Autres pages sur : spyware secure security center intempestif

22 Juin 2008 10:28:38

bonjour

1

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

2

Télécharge Navilog1.exe (IL-MAFIOSO)
Enregistre-le sur ton Bureau.
Lance l'installation en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
[#ff0000]! N'utilise pas l'option 2, 3 et 4 sans notre accord ![/#f]
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :

-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse


NOTE : Le rapport se trouve également ici : C:\fixnavi.txt

22 Juin 2008 10:32:37

Rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:33:13, on 22/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\TF1Vision\TF1vision.exe
C:\Program Files\pspvideo9\pspVideo9.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Windows\RtHDVCpl.exe
C:\Sys17D7.exe
C:\Sys1806.exe
C:\Sys1844.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Users\Matt\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\GrabIt\GrabIt.exe
C:\Program Files\GrabIt\external\unrar\unrar.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jeuxvideo.com/etajvbis.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [e-TF1] C:\Program Files\TF1Vision\TF1vision.exe
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Sys1789.exe] C:\Sys1789.exe
O4 - HKLM\..\Run: [Sys17D7.exe] C:\Sys17D7.exe
O4 - HKLM\..\Run: [Sys1806.exe] C:\Sys1806.exe
O4 - HKLM\..\Run: [Sys1844.exe] C:\Sys1844.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Matt\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [e] ˆexe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB5203] command /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD612] cmd /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB551] command /c del "C:\Program Files\Everest Poker\gvcrt.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8944] cmd /c del "C:\Program Files\Everest Poker\gvcrt.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7577] command /c del "C:\Program Files\Everest Poker\gvmain.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8186] cmd /c del "C:\Program Files\Everest Poker\gvmain.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6854] command /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD183] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4326] command /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1677] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7433] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3923] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1068] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7744] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7030] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3144] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9231] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3158] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5180] command /c del "C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD636] cmd /c del "C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9827] command /c del "C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2567] cmd /c del "C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{62F2D224-FF6A-436F-8617-2EDC58693E7F}: NameServer = 212.27.32.176,212.27.32.177
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe

--
End of file - 10997 bytes
Contenus similaires
22 Juin 2008 10:36:11

Au démarage de navilog je choisi f pour français il y a veuillez patienter puis une fenetre apparait GetPaths.exe a cessé de fonctionner et navilog ferme
22 Juin 2008 10:40:17

re
C'est Vista...

avant de recommencer, tu vas redémarrer pour que Spybot (que tu as lancé termine ce qu'il faisait)

puis:
désinstalle ta version de Navilog1 et supprime:
C:\Program Files\Navilog1

Installation :

Désactive l'UAC-User Account Control -contrôle des comptes utilisateurs (surtout, bien penser à le réactiver après la désinfection).
  • Démarrer > Panneau de Configuration
  • Double clique sur l'icône Comptes d'utilisateurs
  • Clique ensuite sur Désactiver et valide.

  • Télécharge maintenant Navilog1 depuis-ce lien :

    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

  • Clique-droit sur le lien ci-dessus et choisis Enregistrer la cible (du lien) sous... et range le sur ton Bureau.
  • Clique-droit sur navilog1.exe et choisis "Exécuter en tant que... Administrateur" pour l'installer.
  • Attends la fin de l'installation.

    ======================================

    Option #1 :

    Assure-toi que l'UAC-User Account Control -contrôle des comptes utilisateurs est bien désactivé.

    Clique-droit sur le raccourci Navilog1 sur le Bureau et choisis "Exécuter en tant que... Administrateur".
  • Sur le menu principal, choisis 1.
  • Suis les instructions et patiente.
  • Patiente jusqu'au message *** Analyse terminée le ….*** (il se peut que ça prenne un certain temps).
  • Appuie sur une touche ainsi que demandé.
  • Un document du Bloc-notes est créé : fixnavi.txt.
  • Copie/colle le contenu de ce compte-rendu dans ta prochaine réponse.
  • Referme le Bloc-notes.
    Le rapport fixnavi.txt est également sauvegardé dans %systemdrive%. (en général C:\)
    22 Juin 2008 11:02:37

    gnc.exe a cessé de fonctionner cette foi mais ça ne ferme pas navilog
    22 Juin 2008 11:03:25

    Search Navipromo version 3.5.8 commencé le 22/06/2008 à 9:54:27,78

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1
    Session actuelle : "Matt"

    Mise à jour le 06.06.2008 à 18h00 par IL-MAFIOSO

    Microsoft Windows Vista 6.0.6001
    Internet Explorer : 7.0.6001.18000
    Système de fichiers : NTFS

    Recherche executé en mode normal

    *** Recherche Programmes installés ***


    *** Recherche dossiers dans "C:\Windows" ***


    *** Recherche dossiers dans "C:\Program Files" ***


    *** Recherche dossiers dans "C:\ProgramData" ***


    *** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***


    *** Recherche dossiers dans "c:\users\matt\appdata\roaming\micros~1\windows\startm~1\programs" ***


    *** Recherche dossiers dans "C:\Users\Matt\AppData\Local\virtualstore\Program Files" ***


    *** Recherche dossiers dans "C:\Users\Matt\AppData\Roaming" ***

    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net

    Aucun Fichier trouvé


    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans "C:\Windows\system32" *

    * Recherche dans "C:\Users\Matt\AppData\Local\Microsoft" *

    * Recherche dans "C:\Users\Matt\AppData\Local\virtualstore\windows\system32" *

    * Recherche dans "C:\Users\Matt\AppData\Local" *



    *** Recherche fichiers ***



    *** Recherche clés spécifiques dans le Registre ***


    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :


    2)Recherche Heuristique :

    * Dans "C:\Windows\system32" :


    * Dans "C:\Users\Matt\AppData\Local\Microsoft" :


    * Dans "C:\Users\Matt\AppData\Local\virtualstore\windows\system32" :


    * Dans "C:\Users\Matt\AppData\Local" :


    3)Recherche Certificats :

    Certificat Egroup absent !
    Certificat Electronic-Group absent !
    Certificat OOO-Favorit absent !
    Certificat Sunny-Day-Design-Ltd absent !

    4)Recherche fichiers connus :



    *** Analyse terminée le 22/06/2008 à 10:06:12,20 ***

    22 Juin 2008 11:05:19

    re

    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs :
    ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    ajoute un nouveau rapport Hijackthis.
    22 Juin 2008 11:41:27

    Combofix :

    ComboFix 08-06-20.4 - Matt 2008-06-22 10:21:27.3 - NTFSx86
    Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.1.1033.18.1232 [GMT 1:00]
    Running from: C:\Users\Matt\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((( Files Created from 2008-05-22 to 2008-06-22 )))))))))))))))))))))))))))))))
    .

    2058-03-30 12:11 . 2058-03-30 12:11 <REP> d-------- C:\Program Files\Guitar Pro 5
    2008-06-22 09:55 . 2008-06-16 17:18 3,262 --a------ C:\Windows\System32\sex2.ico
    2008-06-22 09:53 . 2008-06-22 10:06 <REP> d-------- C:\Program Files\Navilog1
    2008-06-22 09:51 . 2008-06-16 17:18 31,744 --a------ C:\Sys880C.exe
    2008-06-22 09:51 . 2008-06-16 17:18 31,744 --a------ C:\Sys8174.exe
    2008-06-22 09:51 . 2008-06-16 17:18 31,744 --a------ C:\Sys8116.exe
    2008-06-22 09:51 . 2008-06-16 17:18 30,208 --a------ C:\Sys824F.exe
    2008-06-22 09:51 . 2008-06-16 17:18 3,262 --a------ C:\Windows\System32\sex1.ico
    2008-06-21 22:23 . 2008-06-21 22:23 944 --a------ C:\Windows\wininit.ini
    2008-06-21 22:04 . 2008-06-21 22:24 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
    2008-06-21 22:04 . 2008-06-21 22:24 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
    2008-06-21 22:04 . 2008-06-21 22:04 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-06-21 18:42 . 2008-06-21 18:42 <REP> d-------- C:\Users\All Users\Yahoo! Companion
    2008-06-21 18:42 . 2008-06-21 18:42 <REP> d-------- C:\ProgramData\Yahoo! Companion
    2008-06-21 12:39 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
    2008-06-21 12:39 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
    2008-06-21 12:39 . 2008-05-29 09:35 86,528 --a------ C:\Windows\System32\VACFix.exe
    2008-06-21 12:39 . 2008-05-18 21:40 82,944 --a------ C:\Windows\System32\IEDFix.exe
    2008-06-21 12:39 . 2008-06-15 15:28 81,920 --a------ C:\Windows\System32\IEDFix.C.exe
    2008-06-21 12:39 . 2008-05-23 18:21 81,920 --a------ C:\Windows\System32\404Fix.exe
    2008-06-21 12:39 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe
    2008-06-21 12:39 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
    2008-06-21 12:39 . 2008-06-21 12:39 3,774 --a------ C:\Windows\System32\tmp.reg
    2008-06-21 12:35 . 2008-06-21 12:35 <REP> d-------- C:\Program Files\Trend Micro
    2008-06-21 12:09 . 2008-06-21 12:09 <REP> d-------- C:\Program Files\Yahoo!
    2008-06-21 11:55 . 2008-06-21 11:55 <REP> d-------- C:\PerfLogs
    2008-06-21 10:22 . 2008-06-21 10:22 <REP> d-------- C:\Program Files\VAV
    2008-06-21 10:22 . 2008-06-21 10:22 <REP> d-------- C:\Program Files\PCHealthCenter
    2008-06-21 10:22 . 2008-06-16 17:18 31,744 --a------ C:\Sys17D7.exe
    2008-06-21 10:22 . 2008-06-16 17:18 31,744 --a------ C:\Sys1789.exe
    2008-06-21 10:22 . 2008-06-16 17:18 30,720 --a------ C:\Sys1844.exe
    2008-06-21 10:22 . 2008-06-16 17:18 30,208 --a------ C:\Sys1806.exe
    2008-06-21 09:58 . 2007-11-14 15:18 553 -r------- C:\Windows\USetup.iss
    2008-06-21 09:56 . 2008-06-21 09:56 <REP> d-------- C:\Program Files\Realtek
    2008-06-21 09:54 . 2008-06-21 09:54 <REP> d-------- C:\Medion
    2008-06-15 05:40 . 2008-04-23 05:42 428,544 --a------ C:\Windows\System32\EncDec.dll
    2008-06-15 05:40 . 2008-04-23 05:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
    2008-06-15 05:40 . 2008-04-23 05:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
    2008-06-15 05:40 . 2008-01-19 08:33 80,896 --a------ C:\Windows\System32\MSNP.ax
    2008-06-15 05:40 . 2008-01-19 08:33 69,632 --a------ C:\Windows\System32\Mpeg2Data.ax
    2008-06-15 05:39 . 2008-04-23 05:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
    2008-06-14 16:31 . 2008-06-14 16:31 <REP> d-------- C:\pandora
    2008-06-11 11:31 . 2008-04-25 03:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
    2008-06-11 11:31 . 2008-04-26 09:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
    2008-06-11 11:31 . 2008-04-25 05:35 826,880 --a------ C:\Windows\System32\wininet.dll
    2008-06-11 11:31 . 2008-05-10 02:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
    2008-06-10 21:26 . 2008-06-21 10:24 <REP> d-------- C:\Program Files\Trials 2 Second Edition
    2008-06-10 17:23 . 2008-06-10 17:26 <REP> d-------- C:\wamp
    2008-06-04 17:10 . 2008-06-04 18:19 <REP> d-------- C:\Users\Matt\AppData\Roaming\Notepad++
    2008-06-04 17:10 . 2008-06-04 17:10 <REP> d-------- C:\Program Files\Notepad++
    2008-06-04 12:24 . 2008-06-04 12:26 <REP> d-------- C:\Users\Matt\Fonts
    2008-06-01 16:08 . 2008-06-01 16:08 <REP> d-------- C:\Windows\PixArt
    2008-05-31 23:40 . 2008-05-31 23:59 <REP> d-------- C:\Users\All Users\FLEXnet
    2008-05-31 23:40 . 2008-05-31 23:59 <REP> d-------- C:\ProgramData\FLEXnet
    2008-05-31 23:30 . 2008-05-31 23:30 <REP> d-------- C:\Program Files\Bonjour
    2008-05-31 23:21 . 2008-05-31 23:21 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared
    2008-05-31 23:18 . 2008-01-19 08:43 3,600,440 --a------ C:\Windows\System32\ntkrnlpa.exe
    2008-05-31 23:18 . 2008-01-19 08:43 3,548,728 --a------ C:\Windows\System32\ntoskrnl.exe
    2008-05-31 23:18 . 2008-01-19 08:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe
    2008-05-31 23:18 . 2008-01-19 08:36 1,541,120 --a------ C:\Windows\System32\onex.dll
    2008-05-31 23:18 . 2008-01-19 08:42 51,768 --a------ C:\Windows\System32\PSHED.DLL
    2008-05-31 23:16 . 2008-01-19 08:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
    2008-05-31 23:15 . 2008-01-19 08:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
    2008-05-31 23:14 . 2008-01-19 07:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
    2008-05-31 23:13 . 2008-01-19 08:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
    2008-05-31 23:13 . 2008-01-05 12:31 145,455 --a------ C:\Windows\System32\perfmon.msc
    2008-05-31 23:13 . 2008-01-05 12:32 120,458 --a------ C:\Windows\System32\secpol.msc
    2008-05-31 23:13 . 2008-01-05 12:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
    2008-05-31 23:12 . 2008-01-19 08:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
    2008-05-31 23:12 . 2008-01-19 08:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
    2008-05-31 23:12 . 2008-01-19 08:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
    2008-05-31 23:11 . 2008-01-19 08:34 305,152 --a------ C:\Windows\System32\msdelta.dll
    2008-05-31 23:11 . 2008-01-19 08:34 258,560 --a------ C:\Windows\System32\dpx.dll
    2008-05-31 23:11 . 2008-01-19 08:34 246,784 --a------ C:\Windows\System32\drvstore.dll
    2008-05-31 23:11 . 2008-01-19 08:36 218,624 --a------ C:\Windows\System32\wdscore.dll
    2008-05-31 23:11 . 2008-01-19 08:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
    2008-05-31 23:11 . 2008-01-19 08:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
    2008-05-31 22:40 . 2008-05-31 22:40 <REP> d-------- C:\Program Files\LaBoiteACouleurs
    2008-05-28 11:47 . 2008-03-08 03:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-05-28 11:47 . 2008-03-08 05:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
    2008-05-26 22:12 . 2008-05-26 22:14 <REP> d-------- C:\Program Files\Dofus

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-22 08:51 --------- d-----w C:\Users\Matt\AppData\Roaming\OpenOffice.org2
    2008-06-22 08:39 --------- d-----w C:\Users\Matt\AppData\Roaming\GrabIt
    2008-06-21 11:05 --------- d-----w C:\ProgramData\NVIDIA
    2008-06-21 11:04 174 --sha-w C:\Program Files\desktop.ini
    2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Sidebar
    2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Photo Gallery
    2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Mail
    2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Journal
    2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Defender
    2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Collaboration
    2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Calendar
    2008-06-21 10:29 82,432 ----a-w C:\Windows\System32\axaltocm.dll
    2008-06-21 10:29 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
    2008-06-21 08:56 319,456 ----a-w C:\Windows\DIFxAPI.dll
    2008-06-21 08:56 315,392 ----a-w C:\Windows\HideWin.exe
    2008-06-21 08:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-14 09:05 --------- d-----w C:\ProgramData\TrackMania
    2008-06-11 20:45 --------- d-----w C:\Users\Matt\AppData\Roaming\FileZilla
    2008-06-11 05:19 --------- d-----w C:\Program Files\Common Files\Steam
    2008-06-10 20:26 --------- d-----w C:\Program Files\OpenAL
    2008-06-10 16:44 --------- d-----w C:\Users\Matt\AppData\Roaming\Azureus
    2008-05-31 22:30 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-05-30 19:47 --------- d-----w C:\Users\Matt\AppData\Roaming\teamspeak2
    2008-05-27 16:32 --------- d-----w C:\Users\Matt\AppData\Roaming\skypePM
    2008-05-27 16:32 --------- d-----w C:\Users\Matt\AppData\Roaming\Skype
    2008-05-21 19:41 --------- d-----w C:\Program Files\Savage 2 - A Tortured Soul
    2008-05-20 08:59 28 ------r C:\Windows\system32\drivers\VERSION.DAT
    2008-05-19 20:21 --------- d-----w C:\Program Files\AGEIA Technologies
    2008-05-19 20:20 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-05-19 19:58 --------- d-----w C:\Program Files\d3
    2008-05-18 20:17 --------- d-----w C:\Users\Matt\AppData\Roaming\mIRC
    2008-05-16 16:42 --------- d-----w C:\Program Files\MSXML 4.0
    2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
    2008-05-15 17:53 --------- d-----w C:\ProgramData\Pinnacle VideoSpin
    2008-05-15 17:51 --------- d-----w C:\ProgramData\VideoSpin
    2008-05-15 17:51 --------- d-----w C:\Program Files\Pinnacle
    2008-05-15 17:51 --------- d-----w C:\Program Files\Common Files\Yahoo!
    2008-05-15 17:48 --------- d-----w C:\ProgramData\Pinnacle
    2008-05-15 17:41 --------- d-----w C:\Program Files\Movie Maker 2.6
    2008-05-15 16:47 --------- d-----w C:\Program Files\DVDVideoSoft
    2008-05-15 16:47 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
    2008-05-14 16:04 --------- d-----w C:\Program Files\pspvideo9
    2008-05-14 16:04 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-05-14 06:08 --------- d-----w C:\ProgramData\Codemasters
    2008-05-13 20:34 444,952 ----a-w C:\Windows\System32\wrap_oal.dll
    2008-05-13 20:34 109,080 ----a-w C:\Windows\System32\OpenAL32.dll
    2008-05-13 20:25 --------- d-----w C:\Program Files\Codemasters
    2008-05-07 18:22 2,134,424 ----a-w C:\Windows\system32\drivers\RTKVHDA.sys
    2008-05-07 15:19 694,784 ----a-w C:\Windows\System32\RtkPgExt.dll
    2008-05-07 15:19 6,139,904 ----a-w C:\Windows\RtHDVCpl.exe
    2008-05-07 15:17 2,172,928 ----a-w C:\Windows\System32\RtkAPO.dll
    2008-05-06 14:29 31,232 ----a-w C:\Windows\System32\RtkCoInst.dll
    2008-05-01 10:52 --------- d-----w C:\Program Files\Azureus
    2008-04-30 23:19 --------- d-----w C:\Program Files\adslTV
    2008-04-30 22:53 --------- d-----w C:\Users\Matt\AppData\Roaming\vlc
    2008-04-30 11:18 159,744 ----a-w C:\Windows\System32\MaxxAudioAPO20.dll
    2008-04-29 13:55 1,933,312 ----a-w C:\Windows\System32\MaxxAudioEQ.dll
    2008-04-29 13:55 1,777,664 ----a-w C:\Windows\System32\WavesLib.dll
    2008-04-28 11:29 805,400 ----a-r C:\Windows\System32\tmpC749.tmp
    2008-04-28 11:29 805,400 ----a-r C:\Windows\System32\tmpC69C.tmp
    2008-04-21 15:21 143,360 ----a-w C:\Windows\System32\FMAPO.dll
    2008-04-10 14:06 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
    2008-04-10 14:06 22,328 ----a-w C:\Users\Matt\AppData\Roaming\PnkBstrK.sys
    2008-04-10 14:06 2,337,865 ----a-w C:\Windows\System32\pbsvc.exe
    2008-04-10 14:06 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
    2008-04-09 21:24 988,216 ----a-w C:\Windows\System32\winload.exe
    2008-04-09 21:24 927,288 ----a-w C:\Windows\System32\winresume.exe
    2008-04-09 21:24 615,992 ----a-w C:\Windows\System32\ci.dll
    2008-04-09 21:24 6,656 ----a-w C:\Windows\System32\kbd106n.dll
    2008-04-09 21:24 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
    2008-04-09 21:24 40,960 ----a-w C:\Windows\System32\srclient.dll
    2008-04-09 21:24 378,368 ----a-w C:\Windows\System32\srcore.dll
    2008-04-09 21:24 318,464 ----a-w C:\Windows\System32\rstrui.exe
    2008-04-09 21:24 19,000 ----a-w C:\Windows\System32\kd1394.dll
    2008-04-09 21:24 14,848 ----a-w C:\Windows\System32\srdelayed.exe
    2008-04-09 21:23 295,936 ----a-w C:\Windows\System32\gdi32.dll
    2008-04-09 21:23 2,032,128 ----a-w C:\Windows\System32\win32k.sys
    2008-04-02 08:27 1,196,032 ----a-w C:\Windows\RtlUpd.exe
    2008-03-30 10:08 1,871 ----a-w C:\Windows\Web\def.htm.vir
    2008-03-29 20:10 32 ----a-w C:\Users\All Users\ezsid.dat
    2008-03-29 20:10 32 ----a-w C:\ProgramData\ezsid.dat
    2008-03-28 09:59 285,216 ----a-w C:\Windows\System32\RtkApoApi.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-06-21_12.58.26.79 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-06-21 11:49:59 67,584 --s-a-w C:\Windows\bootstat.dat
    + 2008-06-22 08:50:52 67,584 --s-a-w C:\Windows\bootstat.dat
    - 2008-06-21 11:50:00 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2008-06-22 08:50:53 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2008-06-21 11:50:00 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2008-06-22 08:50:53 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2008-06-21 11:51:00 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-06-22 08:52:57 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-06-22 08:52:57 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
    - 2008-06-21 11:50:54 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-06-22 08:52:52 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-06-22 08:52:52 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    - 2008-06-21 11:46:59 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-06-22 09:20:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-06-21 11:46:59 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-06-22 09:20:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-06-21 11:46:59 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-06-22 09:20:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-06-21 11:07:32 104,742 ----a-w C:\Windows\System32\perfc009.dat
    + 2008-06-22 08:58:45 104,742 ----a-w C:\Windows\System32\perfc009.dat
    - 2008-06-21 11:07:32 127,318 ----a-w C:\Windows\System32\perfc00C.dat
    + 2008-06-22 08:58:45 127,318 ----a-w C:\Windows\System32\perfc00C.dat
    - 2008-06-21 11:07:32 595,308 ----a-w C:\Windows\System32\perfh009.dat
    + 2008-06-22 08:58:45 595,308 ----a-w C:\Windows\System32\perfh009.dat
    - 2008-06-21 11:07:32 676,850 ----a-w C:\Windows\System32\perfh00C.dat
    + 2008-06-22 08:58:45 676,850 ----a-w C:\Windows\System32\perfh00C.dat
    - 2008-06-21 11:52:00 5,982 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2077877471-3655646624-3498813986-1000_UserData.bin
    + 2008-06-21 12:31:01 6,140 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2077877471-3655646624-3498813986-1000_UserData.bin
    - 2008-06-21 11:52:00 48,624 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-06-21 12:31:01 48,758 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-06-21 11:51:54 31,398 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-06-21 21:28:49 32,510 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 08:36 2153472 C:\Windows\System32\oobefldr.dll]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
    "RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 14:58 495616]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-03-21 09:30 486856]
    "Steam"="C:\Program Files\Valve\Steam\Steam.exe" [2008-03-30 15:59 1271032]
    "Octoshape Streaming Services"="C:\Users\Matt\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2006-02-13 17:33 214648]
    "e"="ˆexe" []
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 00:19 79224]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
    "XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 19:05 734264]
    "e-TF1"="C:\Program Files\TF1Vision\TF1vision.exe" [2008-03-05 13:47 397312]
    "PSPVideo9"="C:\Program Files\pspvideo9\pspVideo9.exe" [2005-10-30 01:56 606208]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "Monitor"="C:\Windows\PixArt\PAC207\Monitor.exe" [2006-11-03 11:01 319488]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 16:19 6139904 C:\Windows\RtHDVCpl.exe]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 18:06 81920]
    "Sys880C.exe"="C:\Sys880C.exe" [2008-06-16 17:18 31744]

    C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3acm"= l3codecp.acm
    "vidc.mjpg"= pvmjpg30.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{7B586D61-E263-42C4-982F-CBD8D80339A8}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{E6179681-68CD-4DDC-A696-EC301B01879E}"= UDP:C:\Program Files\Jeux\Sega\Universe At War Earth Assault\UAWEA.exe:Universe at War Earth Assault
    "{F7F7C64D-C0DF-4154-9F7C-3A8D781A886F}"= TCP:C:\Program Files\Jeux\Sega\Universe At War Earth Assault\UAWEA.exe:Universe at War Earth Assault
    "{D0186287-43F2-4CDE-A6BB-AE347599BD9C}"= UDP:C:\Program Files\Jeux\THQ\Juiced2_HIN\Juiced2_HIN.exe:Juiced2_HIN
    "{8465163C-6400-46E9-9542-1C4C02EEBD82}"= TCP:C:\Program Files\Jeux\THQ\Juiced2_HIN\Juiced2_HIN.exe:Juiced2_HIN
    "TCP Query User{1A14D1F0-6472-4810-8C93-FC31E93F1BEE}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{126DFC70-6620-40BA-82E4-7EADB12CE6C7}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
    "TCP Query User{D6438CDC-75B5-4764-B540-148BBEE7C7DD}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
    "UDP Query User{92E9D729-E4FF-49C0-8F35-C3C8331369DF}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
    "{E0B60AB5-5191-4018-895C-2BCB1C11429E}"= UDP:C:\Program Files\PKR\pkr.exe:p lay PKR
    "{C45136A1-7CCD-4929-8D57-BE5754E1BBCF}"= TCP:C:\Program Files\PKR\pkr.exe:p lay PKR
    "TCP Query User{DD295F2B-A6AF-41DB-BB70-5A4C0C552DE3}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
    "UDP Query User{A93AAF3B-0CD5-4850-AD14-450269541C2C}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
    "TCP Query User{6F3730BD-A8F7-43F6-9A0C-31C0B7A621A1}C:\\program files\\valve\\steam\\steamapps\\mattkiller7\\counter-strike\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\mattkiller7\counter-strike\hl.exe:Half-Life Launcher
    "UDP Query User{4C9CFD61-3F96-412E-B7F6-A821880F272F}C:\\program files\\valve\\steam\\steamapps\\mattkiller7\\counter-strike\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\mattkiller7\counter-strike\hl.exe:Half-Life Launcher
    "TCP Query User{07236ED9-4F52-4A59-A5D6-07D4B0D7C850}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
    "UDP Query User{ECD1D14C-6C78-4F59-8484-B903CBA79FE3}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
    "TCP Query User{DB75EC1C-A68B-4FAA-98A0-0AF9A76A55E7}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
    "UDP Query User{11F88FD4-D66B-4693-B25D-17A151AD379E}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
    "TCP Query User{590B3ED6-AA5C-4CF2-A07C-AC5FC7E80ADF}C:\\program files\\valve\\steam\\steamapps\\mattkiller7\\condition zero\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\mattkiller7\condition zero\hl.exe:Half-Life Launcher
    "UDP Query User{44A7D384-925A-43B6-B28A-DBBAD3D27445}C:\\program files\\valve\\steam\\steamapps\\mattkiller7\\condition zero\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\mattkiller7\condition zero\hl.exe:Half-Life Launcher
    "TCP Query User{EA63027B-7CD6-465E-ABA9-0F6163A8D146}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
    "UDP Query User{61E7B1D9-1101-44F2-BF97-849C50D707DF}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
    "TCP Query User{85D75DF0-3664-41A5-A8CD-579690D0FDC9}C:\\program files\\valve\\steam\\steamapps\\mattkiller7\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\mattkiller7\counter-strike source\hl2.exe:hl2
    "UDP Query User{FA933BCB-44B3-44DB-82FD-B8845E7C0F49}C:\\program files\\valve\\steam\\steamapps\\mattkiller7\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\mattkiller7\counter-strike source\hl2.exe:hl2
    "TCP Query User{9F55431F-F391-4C3A-ADD3-A2EAA8258A00}C:\\program files\\valve\\steam\\steamapps\\daude13\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\daude13\counter-strike source\hl2.exe:hl2
    "UDP Query User{C24DACD8-7BC2-4787-AC8A-1F286295F2F1}C:\\program files\\valve\\steam\\steamapps\\daude13\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\daude13\counter-strike source\hl2.exe:hl2
    "{92AFF84E-D42A-4B22-818A-81C1519BB1AC}"= UDP:C:\Windows\System32\PnkBstrA.exe:p nkBstrA
    "{3698746D-2FBE-4FBF-BB89-F5EC1F4806B1}"= TCP:C:\Windows\System32\PnkBstrA.exe:p nkBstrA
    "{860CDA12-86A1-46B6-A25B-752CDC75BD81}"= UDP:C:\Windows\System32\PnkBstrB.exe:p nkBstrB
    "{D8172CA5-18C7-486E-B711-4C31A89735B2}"= TCP:C:\Windows\System32\PnkBstrB.exe:p nkBstrB
    "{9AFF18EF-9BC5-4F7B-8A3B-F83A6AF95F2E}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
    "{972C8765-AB99-4E57-8F2A-57A9C536442B}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
    "{505EAA90-EA35-47C2-BA9A-8D51FFEC711B}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
    "{5240C1B1-1E1C-4B1D-819C-4285B7024F56}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
    "TCP Query User{CAE6277B-2FD2-45CA-81B9-FF62D1BDDC0D}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever
    "UDP Query User{272C9F65-752D-451B-B761-C5A10D98209C}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever
    "TCP Query User{F007F1E6-1495-4E10-8D5F-890D0BDC6DD1}C:\\users\\matt\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= UDP:C:\users\matt\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe:o ctoshapeclient.exe
    "UDP Query User{B4EA1A8E-1C8E-45C7-AD50-9579C1C15267}C:\\users\\matt\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= TCP:C:\users\matt\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe:o ctoshapeclient.exe
    "TCP Query User{4FD436DA-34BA-4B3E-A2F7-8B46D3588F3E}C:\\program files\\adsltv\\adsltv.exe"= UDP:C:\program files\adsltv\adsltv.exe:adsltv
    "UDP Query User{A63B0633-2F64-4853-9AD1-6D05BFEE3AC9}C:\\program files\\adsltv\\adsltv.exe"= TCP:C:\program files\adsltv\adsltv.exe:adsltv
    "TCP Query User{E13A7EA1-D87B-4098-B793-182B3E80D850}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
    "UDP Query User{3EF1FC25-01DE-4A9A-83C4-513836EED15B}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
    "{DBB81B0C-5D2D-4EFA-B139-5FA53E52B3B2}"= UDP:C:\Program Files\Codemasters\GRID Demo\GRID.exe:GRID Demo
    "{C778ACC5-C1EA-4EF6-8083-D7C346B466F4}"= TCP:C:\Program Files\Codemasters\GRID Demo\GRID.exe:GRID Demo
    "TCP Query User{82273AB4-6C31-45A4-BB50-7F0630D5809B}C:\\users\\matt\\appdata\\locallow\\garagegames\\iaplayer\\products\\5000\\install\\screwjumperpc.exe"= UDP:C:\users\matt\appdata\locallow\garagegames\iaplayer\products\5000\install\screwjumperpc.exe:screwjumperpc.exe
    "UDP Query User{233472B0-A002-4EFF-8BAE-0168C9638A91}C:\\users\\matt\\appdata\\locallow\\garagegames\\iaplayer\\products\\5000\\install\\screwjumperpc.exe"= TCP:C:\users\matt\appdata\locallow\garagegames\iaplayer\products\5000\install\screwjumperpc.exe:screwjumperpc.exe
    "{E0A7B9FF-2807-45B7-A22D-928C6F1E91BF}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
    "{3688F6EB-D355-4EB6-8D87-FD00126ABF9C}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
    "{01697CD4-48F6-4360-969B-204EE5E55B8E}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:p MSRegisterFile
    "{0A16CA36-9254-47F2-A5A8-8864166AFD85}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:p MSRegisterFile
    "{B1597868-F18C-49BD-AD67-7438AC69EEB3}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:umi
    "{48993F2A-33A9-47B2-B01A-895E3E8D98AA}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:umi
    "{3DF5794C-604F-49B9-A908-DFF869418BC8}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:p innacle VideoSpin
    "{B2653C09-E448-4B95-A1FF-5DD340F3E959}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:p innacle VideoSpin
    "TCP Query User{F3ED59D0-EE9A-43D9-9CFC-A5BFB07BD092}C:\\program files\\savage 2 - a tortured soul\\savage2.exe"= UDP:C:\program files\savage 2 - a tortured soul\savage2.exe:savage2
    "UDP Query User{A0070EB7-A348-4086-9F62-EA00F59ED9D1}C:\\program files\\savage 2 - a tortured soul\\savage2.exe"= TCP:C:\program files\savage 2 - a tortured soul\savage2.exe:savage2
    "TCP Query User{9732088F-9118-4BBC-BFE0-C36D8714224D}C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= UDP:C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:Apache HTTP Server
    "UDP Query User{101EE57F-4AC4-42A1-B066-A8EF2BE8AAF8}C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= TCP:C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:Apache HTTP Server

    R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 00:20]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 00:16]
    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 00:18]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
    S3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 11:34]
    S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-06-10 19:13]
    S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice []
    S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe wampmysqld []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{276be7d8-fb30-11dc-bc69-001617e6b829}]
    \shell\AutoRun\command - I:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43e73afe-f92d-11dc-b5af-806e6f6e6963}]
    \shell\AutoRun\command - E:\Lance.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4542a2ce-318d-11dd-b35a-001617e6b829}]
    \shell\AutoRun\command - K:\LaunchU3.exe -a

    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-22 10:23:08
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\Windows\Explorer.exe
    -> C:\Program Files\RocketDock\RocketDock.dll
    .
    Completion time: 2008-06-22 10:24:03
    ComboFix-quarantined-files.txt 2008-06-22 09:23:59
    ComboFix2.txt 2008-06-21 11:58:50

    Pre-Run: 86,702,063,616 octets libres
    Post-Run: 86,660,624,384 octets libres

    340 --- E O F --- 2008-06-21 10:32:10

    22 Juin 2008 11:42:38

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:45:22, on 22/06/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    C:\Program Files\TF1Vision\TF1vision.exe
    C:\Program Files\pspvideo9\pspVideo9.exe
    C:\Windows\PixArt\Pac207\Monitor.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Users\Matt\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\Windows\System32\wsqmcons.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jeuxvideo.com/etajvbis.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
    O4 - HKLM\..\Run: [e-TF1] C:\Program Files\TF1Vision\TF1vision.exe
    O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Sys8AEA.exe] C:\Sys8AEA.exe
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Matt\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
    O4 - HKCU\..\Run: [e] ˆexe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O13 - Gopher Prefix:
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{62F2D224-FF6A-436F-8617-2EDC58693E7F}: NameServer = 212.27.32.176,212.27.32.177
    O17 - HKLM\System\CS1\Services\Tcpip\..\{62F2D224-FF6A-436F-8617-2EDC58693E7F}: NameServer = 212.27.32.176,212.27.32.177
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe

    --
    End of file - 8019 bytes
    22 Juin 2008 12:09:05

    alor ?
    22 Juin 2008 13:25:33

    Je croi que c'est bon enfaite merci bcp y til une autre étape ?
    22 Juin 2008 16:40:09

    Svp repondre a ma question précédente ^^ .
    22 Juin 2008 22:02:32

    re

    tu peux être patient? j'ai une vie...

    1

    Copie (Ctrl+C) le texte ci-dessous :
    File::
    C:\Windows\System32\sex2.ico
    C:\Sys880C.exe
    C:\Sys8174.exe
    C:\Sys8116.exe
    C:\Sys824F.exe
    C:\Windows\System32\sex1.ico
    C:\Sys17D7.exe
    C:\Sys1789.exe
    C:\Sys1844.exe
    C:\Sys1806.exe

    Folder::
    C:\Program Files\VAV
    C:\Program Files\PCHealthCenter

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "e"=-
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sys880C.exe"=-



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    2

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM



    23 Juin 2008 20:17:29

    dsl

    ComboFix 08-06-20.4 - Matt 2008-06-23 18:52:53.4 - NTFSx86
    Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.1.1033.18.1152 [GMT 1:00]
    Running from: C:\Users\Matt\Desktop\ComboFix.exe
    Command switches used :: C:\Users\Matt\Desktop\CFScript.txt
    * Created a new restore point

    FILE ::
    C:\Sys1789.exe
    C:\Sys17D7.exe
    C:\Sys1806.exe
    C:\Sys1844.exe
    C:\Sys8116.exe
    C:\Sys8174.exe
    C:\Sys824F.exe
    C:\Sys880C.exe
    C:\Windows\System32\sex1.ico
    C:\Windows\System32\sex2.ico
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\PCHealthCenter
    C:\Program Files\PCHealthCenter\0.exe
    C:\Program Files\PCHealthCenter\0.gif
    C:\Program Files\PCHealthCenter\1.exe
    C:\Program Files\PCHealthCenter\1.gif
    C:\Program Files\PCHealthCenter\2.exe
    C:\Program Files\PCHealthCenter\2.gif
    C:\Program Files\PCHealthCenter\3.exe
    C:\Program Files\PCHealthCenter\3.gif
    C:\Program Files\PCHealthCenter\4.exe
    C:\Program Files\PCHealthCenter\5.exe
    C:\Program Files\PCHealthCenter\sc.html
    C:\Program Files\PCHealthCenter\sex1.ico
    C:\Program Files\PCHealthCenter\sex2.ico
    C:\Program Files\VAV
    C:\Program Files\VAV\vav.cpl
    C:\Program Files\VAV\vav.exe
    C:\Program Files\VAV\vav.ooo
    C:\Program Files\VAV\vav0.dat
    C:\Program Files\VAV\vav1.dat
    C:\Sys1789.exe
    C:\Sys17D7.exe
    C:\Sys1806.exe
    C:\Sys1844.exe
    C:\Sys8116.exe
    C:\Sys880C.exe
    C:\Windows\System32\sex1.ico
    C:\Windows\System32\sex2.ico

    .
    ((((((((((((((((((((((((( Files Created from 2008-05-23 to 2008-06-23 )))))))))))))))))))))))))))))))
    .

    2058-03-30 12:11 . 2058-03-30 12:11 <REP> d-------- C:\Program Files\Guitar Pro 5
    2008-06-23 18:51 . 2008-06-23 18:52 <REP> d-------- C:\327882R2FWJFW
    2008-06-23 06:56 . 2008-06-23 06:56 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2008-06-23 06:29 . 2008-06-16 17:18 31,744 --a------ C:\Sys7F03.exe
    2008-06-22 18:23 . 2008-06-16 17:18 31,744 --a------ C:\Sys8869.exe
    2008-06-22 10:28 . 2008-06-16 17:18 31,744 --a------ C:\Sys8AEA.exe
    2008-06-22 09:53 . 2008-06-22 10:06 <REP> d-------- C:\Program Files\Navilog1
    2008-06-21 22:23 . 2008-06-21 22:23 944 --a------ C:\Windows\wininit.ini
    2008-06-21 22:04 . 2008-06-22 18:25 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
    2008-06-21 22:04 . 2008-06-22 18:25 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
    2008-06-21 18:42 . 2008-06-21 18:42 <REP> d-------- C:\Users\All Users\Yahoo! Companion
    2008-06-21 18:42 . 2008-06-21 18:42 <REP> d-------- C:\ProgramData\Yahoo! Companion
    2008-06-21 12:39 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
    2008-06-21 12:39 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
    2008-06-21 12:39 . 2008-05-29 09:35 86,528 --a------ C:\Windows\System32\VACFix.exe
    2008-06-21 12:39 . 2008-05-18 21:40 82,944 --a------ C:\Windows\System32\IEDFix.exe
    2008-06-21 12:39 . 2008-06-15 15:28 81,920 --a------ C:\Windows\System32\IEDFix.C.exe
    2008-06-21 12:39 . 2008-05-23 18:21 81,920 --a------ C:\Windows\System32\404Fix.exe
    2008-06-21 12:39 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe
    2008-06-21 12:39 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
    2008-06-21 12:39 . 2008-06-21 12:39 3,774 --a------ C:\Windows\System32\tmp.reg
    2008-06-21 12:35 . 2008-06-21 12:35 <REP> d-------- C:\Program Files\Trend Micro
    2008-06-21 12:09 . 2008-06-21 12:09 <REP> d-------- C:\Program Files\Yahoo!
    2008-06-21 11:55 . 2008-06-21 11:55 <REP> d-------- C:\PerfLogs
    2008-06-21 09:58 . 2007-11-14 15:18 553 -r------- C:\Windows\USetup.iss
    2008-06-21 09:56 . 2008-06-21 09:56 <REP> d-------- C:\Program Files\Realtek
    2008-06-21 09:54 . 2008-06-21 09:54 <REP> d-------- C:\Medion
    2008-06-15 05:40 . 2008-04-23 05:42 428,544 --a------ C:\Windows\System32\EncDec.dll
    2008-06-15 05:40 . 2008-04-23 05:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
    2008-06-15 05:40 . 2008-04-23 05:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
    2008-06-15 05:40 . 2008-01-19 08:33 80,896 --a------ C:\Windows\System32\MSNP.ax
    2008-06-15 05:40 . 2008-01-19 08:33 69,632 --a------ C:\Windows\System32\Mpeg2Data.ax
    2008-06-15 05:39 . 2008-04-23 05:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
    2008-06-14 16:31 . 2008-06-14 16:31 <REP> d-------- C:\pandora
    2008-06-11 11:31 . 2008-04-25 03:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
    2008-06-11 11:31 . 2008-04-26 09:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
    2008-06-11 11:31 . 2008-04-25 05:35 826,880 --a------ C:\Windows\System32\wininet.dll
    2008-06-11 11:31 . 2008-05-10 02:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
    2008-06-10 21:26 . 2008-06-21 10:24 <REP> d-------- C:\Program Files\Trials 2 Second Edition
    2008-06-10 17:23 . 2008-06-10 17:26 <REP> d-------- C:\wamp
    2008-06-04 17:10 . 2008-06-04 18:19 <REP> d-------- C:\Users\Matt\AppData\Roaming\Notepad++
    2008-06-04 17:10 . 2008-06-04 17:10 <REP> d-------- C:\Program Files\Notepad++
    2008-06-04 12:24 . 2008-06-04 12:26 <REP> d-------- C:\Users\Matt\Fonts
    2008-06-01 16:08 . 2008-06-01 16:08 <REP> d-------- C:\Windows\PixArt
    2008-05-31 23:40 . 2008-05-31 23:59 <REP> d-------- C:\Users\All Users\FLEXnet
    2008-05-31 23:40 . 2008-05-31 23:59 <REP> d-------- C:\ProgramData\FLEXnet
    2008-05-31 23:30 . 2008-05-31 23:30 <REP> d-------- C:\Program Files\Bonjour
    2008-05-31 23:21 . 2008-05-31 23:21 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared
    2008-05-31 23:18 . 2008-01-19 08:43 3,600,440 --a------ C:\Windows\System32\ntkrnlpa.exe
    2008-05-31 23:18 . 2008-01-19 08:43 3,548,728 --a------ C:\Windows\System32\ntoskrnl.exe
    2008-05-31 23:18 . 2008-01-19 08:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe
    2008-05-31 23:18 . 2008-01-19 08:36 1,541,120 --a------ C:\Windows\System32\onex.dll
    2008-05-31 23:18 . 2008-01-19 08:42 51,768 --a------ C:\Windows\System32\PSHED.DLL
    2008-05-31 23:16 . 2008-01-19 08:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
    2008-05-31 23:15 . 2008-01-19 08:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
    2008-05-31 23:14 . 2008-01-19 07:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
    2008-05-31 23:13 . 2008-01-19 08:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
    2008-05-31 23:13 . 2008-01-05 12:31 145,455 --a------ C:\Windows\System32\perfmon.msc
    2008-05-31 23:13 . 2008-01-05 12:32 120,458 --a------ C:\Windows\System32\secpol.msc
    2008-05-31 23:13 . 2008-01-05 12:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
    2008-05-31 23:12 . 2008-01-19 08:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
    2008-05-31 23:12 . 2008-01-19 08:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
    2008-05-31 23:12 . 2008-01-19 08:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
    2008-05-31 23:11 . 2008-01-19 08:34 305,152 --a------ C:\Windows\System32\msdelta.dll
    2008-05-31 23:11 . 2008-01-19 08:34 258,560 --a------ C:\Windows\System32\dpx.dll
    2008-05-31 23:11 . 2008-01-19 08:34 246,784 --a------ C:\Windows\System32\drvstore.dll
    2008-05-31 23:11 . 2008-01-19 08:36 218,624 --a------ C:\Windows\System32\wdscore.dll
    2008-05-31 23:11 . 2008-01-19 08:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
    2008-05-31 23:11 . 2008-01-19 08:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
    2008-05-31 22:40 . 2008-05-31 22:40 <REP> d-------- C:\Program Files\LaBoiteACouleurs
    2008-05-28 11:47 . 2008-03-08 03:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-05-28 11:47 . 2008-03-08 05:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
    2008-05-26 22:12 . 2008-05-26 22:14 <REP> d-------- C:\Program Files\Dofus

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-23 05:30 --------- d-----w C:\Users\Matt\AppData\Roaming\OpenOffice.org2
    2008-06-22 11:29 --------- d-----w C:\Users\Matt\AppData\Roaming\GrabIt
    2008-06-21 11:05 --------- d-----w C:\ProgramData\NVIDIA
    2008-06-21 11:04 174 --sha-w C:\Program Files\desktop.ini
    2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Sidebar
    2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Photo Gallery
    2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Mail
    2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Journal
    2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Defender
    2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Collaboration
    2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Calendar
    2008-06-21 10:29 82,432 ----a-w C:\Windows\System32\axaltocm.dll
    2008-06-21 10:29 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
    2008-06-21 08:56 319,456 ----a-w C:\Windows\DIFxAPI.dll
    2008-06-21 08:56 315,392 ----a-w C:\Windows\HideWin.exe
    2008-06-21 08:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-14 09:05 --------- d-----w C:\ProgramData\TrackMania
    2008-06-11 20:45 --------- d-----w C:\Users\Matt\AppData\Roaming\FileZilla
    2008-06-11 05:19 --------- d-----w C:\Program Files\Common Files\Steam
    2008-06-10 20:26 --------- d-----w C:\Program Files\OpenAL
    2008-06-10 16:44 --------- d-----w C:\Users\Matt\AppData\Roaming\Azureus
    2008-05-31 22:30 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-05-30 19:47 --------- d-----w C:\Users\Matt\AppData\Roaming\teamspeak2
    2008-05-27 16:32 --------- d-----w C:\Users\Matt\AppData\Roaming\skypePM
    2008-05-27 16:32 --------- d-----w C:\Users\Matt\AppData\Roaming\Skype
    2008-05-21 19:41 --------- d-----w C:\Program Files\Savage 2 - A Tortured Soul
    2008-05-20 08:59 28 ------r C:\Windows\system32\drivers\VERSION.DAT
    2008-05-19 20:21 --------- d-----w C:\Program Files\AGEIA Technologies
    2008-05-19 20:20 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-05-19 19:58 --------- d-----w C:\Program Files\d3
    2008-05-18 20:17 --------- d-----w C:\Users\Matt\AppData\Roaming\mIRC
    2008-05-16 16:42 --------- d-----w C:\Program Files\MSXML 4.0
    2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
    2008-05-15 17:53 --------- d-----w C:\ProgramData\Pinnacle VideoSpin
    2008-05-15 17:51 --------- d-----w C:\ProgramData\VideoSpin
    2008-05-15 17:51 --------- d-----w C:\Program Files\Pinnacle
    2008-05-15 17:51 --------- d-----w C:\Program Files\Common Files\Yahoo!
    2008-05-15 17:48 --------- d-----w C:\ProgramData\Pinnacle
    2008-05-15 17:41 --------- d-----w C:\Program Files\Movie Maker 2.6
    2008-05-15 16:47 --------- d-----w C:\Program Files\DVDVideoSoft
    2008-05-15 16:47 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
    2008-05-14 16:04 --------- d-----w C:\Program Files\pspvideo9
    2008-05-14 16:04 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-05-14 06:08 --------- d-----w C:\ProgramData\Codemasters
    2008-05-13 20:34 444,952 ----a-w C:\Windows\System32\wrap_oal.dll
    2008-05-13 20:34 109,080 ----a-w C:\Windows\System32\OpenAL32.dll
    2008-05-13 20:25 --------- d-----w C:\Program Files\Codemasters
    2008-05-07 18:22 2,134,424 ----a-w C:\Windows\system32\drivers\RTKVHDA.sys
    2008-05-07 15:19 694,784 ----a-w C:\Windows\System32\RtkPgExt.dll
    2008-05-07 15:19 6,139,904 ----a-w C:\Windows\RtHDVCpl.exe
    2008-05-07 15:17 2,172,928 ----a-w C:\Windows\System32\RtkAPO.dll
    2008-05-06 14:29 31,232 ----a-w C:\Windows\System32\RtkCoInst.dll
    2008-05-01 10:52 --------- d-----w C:\Program Files\Azureus
    2008-04-30 23:19 --------- d-----w C:\Program Files\adslTV
    2008-04-30 22:53 --------- d-----w C:\Users\Matt\AppData\Roaming\vlc
    2008-04-30 11:18 159,744 ----a-w C:\Windows\System32\MaxxAudioAPO20.dll
    2008-04-29 13:55 1,933,312 ----a-w C:\Windows\System32\MaxxAudioEQ.dll
    2008-04-29 13:55 1,777,664 ----a-w C:\Windows\System32\WavesLib.dll
    2008-04-28 11:29 805,400 ----a-r C:\Windows\System32\tmpC749.tmp
    2008-04-28 11:29 805,400 ----a-r C:\Windows\System32\tmpC69C.tmp
    2008-04-21 15:21 143,360 ----a-w C:\Windows\System32\FMAPO.dll
    2008-04-10 14:06 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
    2008-04-10 14:06 22,328 ----a-w C:\Users\Matt\AppData\Roaming\PnkBstrK.sys
    2008-04-10 14:06 2,337,865 ----a-w C:\Windows\System32\pbsvc.exe
    2008-04-10 14:06 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
    2008-04-09 21:24 988,216 ----a-w C:\Windows\System32\winload.exe
    2008-04-09 21:24 927,288 ----a-w C:\Windows\System32\winresume.exe
    2008-04-09 21:24 615,992 ----a-w C:\Windows\System32\ci.dll
    2008-04-09 21:24 6,656 ----a-w C:\Windows\System32\kbd106n.dll
    2008-04-09 21:24 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
    2008-04-09 21:24 40,960 ----a-w C:\Windows\System32\srclient.dll
    2008-04-09 21:24 378,368 ----a-w C:\Windows\System32\srcore.dll
    2008-04-09 21:24 318,464 ----a-w C:\Windows\System32\rstrui.exe
    2008-04-09 21:24 19,000 ----a-w C:\Windows\System32\kd1394.dll
    2008-04-09 21:24 14,848 ----a-w C:\Windows\System32\srdelayed.exe
    2008-04-09 21:23 295,936 ----a-w C:\Windows\System32\gdi32.dll
    2008-04-09 21:23 2,032,128 ----a-w C:\Windows\System32\win32k.sys
    2008-04-02 08:27 1,196,032 ----a-w C:\Windows\RtlUpd.exe
    2008-03-30 10:08 1,871 ----a-w C:\Windows\Web\def.htm.vir
    2008-03-29 20:10 32 ----a-w C:\Users\All Users\ezsid.dat
    2008-03-29 20:10 32 ----a-w C:\ProgramData\ezsid.dat
    2008-03-28 09:59 285,216 ----a-w C:\Windows\System32\RtkApoApi.dll
    .

    ((((((((((((((((((((((((((((( snapshot_2008-06-22_10.23.42,39 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-06-22 08:50:52 67,584 --s-a-w C:\Windows\bootstat.dat
    + 2008-06-23 05:28:53 67,584 --s-a-w C:\Windows\bootstat.dat
    - 2008-06-22 08:50:53 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2008-06-23 05:28:54 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2008-06-22 08:50:53 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2008-06-23 05:28:54 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2008-06-22 08:52:57 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-06-23 06:15:04 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-06-23 06:15:04 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
    - 2008-06-22 08:52:52 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-06-23 05:29:57 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-06-23 05:29:57 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    - 2008-06-22 09:20:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-06-23 17:33:18 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-06-22 09:20:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-06-23 17:33:18 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-06-22 09:20:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-06-23 17:33:18 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-06-22 08:58:45 104,742 ----a-w C:\Windows\System32\perfc009.dat
    + 2008-06-23 06:16:04 104,742 ----a-w C:\Windows\System32\perfc009.dat
    - 2008-06-22 08:58:45 127,318 ----a-w C:\Windows\System32\perfc00C.dat
    + 2008-06-23 06:16:04 127,318 ----a-w C:\Windows\System32\perfc00C.dat
    - 2008-06-22 08:58:45 595,308 ----a-w C:\Windows\System32\perfh009.dat
    + 2008-06-23 06:16:04 595,308 ----a-w C:\Windows\System32\perfh009.dat
    - 2008-06-22 08:58:45 676,850 ----a-w C:\Windows\System32\perfh00C.dat
    + 2008-06-23 06:16:04 676,850 ----a-w C:\Windows\System32\perfh00C.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 08:36 2153472 C:\Windows\System32\oobefldr.dll]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
    "RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 14:58 495616]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-03-21 09:30 486856]
    "Steam"="C:\Program Files\Valve\Steam\Steam.exe" [2008-03-30 15:59 1271032]
    "Octoshape Streaming Services"="C:\Users\Matt\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2006-02-13 17:33 214648]
    "Sys7F03.exe"="C:\Sys7F03.exe" [2008-06-16 17:18 31744]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 00:19 79224]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
    "XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 19:05 734264]
    "e-TF1"="C:\Program Files\TF1Vision\TF1vision.exe" [2008-03-05 13:47 397312]
    "PSPVideo9"="C:\Program Files\pspvideo9\pspVideo9.exe" [2005-10-30 01:56 606208]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "Monitor"="C:\Windows\PixArt\PAC207\Monitor.exe" [2006-11-03 11:01 319488]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 16:19 6139904 C:\Windows\RtHDVCpl.exe]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 18:06 81920]
    "Sys7F03.exe"="C:\Sys7F03.exe" [2008-06-16 17:18 31744]

    C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3acm"= l3codecp.acm
    "vidc.mjpg"= pvmjpg30.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{7B586D61-E263-42C4-982F-CBD8D80339A8}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{E6179681-68CD-4DDC-A696-EC301B01879E}"= UDP:C:\Program Files\Jeux\Sega\Universe At War Earth Assault\UAWEA.exe:Universe at War Earth Assault
    "{F7F7C64D-C0DF-4154-9F7C-3A8D781A886F}"= TCP:C:\Program Files\Jeux\Sega\Universe At War Earth Assault\UAWEA.exe:Universe at War Earth Assault
    "{D0186287-43F2-4CDE-A6BB-AE347599BD9C}"= UDP:C:\Program Files\Jeux\THQ\Juiced2_HIN\Juiced2_HIN.exe:Juiced2_HIN
    "{8465163C-6400-46E9-9542-1C4C02EEBD82}"= TCP:C:\Program Files\Jeux\THQ\Juiced2_HIN\Juiced2_HIN.exe:Juiced2_HIN
    "TCP Query User{1A14D1F0-6472-4810-8C93-FC31E93F1BEE}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{126DFC70-6620-40BA-82E4-7EADB12CE6C7}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
    "TCP Query User{D6438CDC-75B5-4764-B540-148BBEE7C7DD}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
    "UDP Query User{92E9D729-E4FF-49C0-8F35-C3C8331369DF}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
    "{E0B60AB5-5191-4018-895C-2BCB1C11429E}"= UDP:C:\Program Files\PKR\pkr.exe:p lay PKR
    "{C45136A1-7CCD-4929-8D57-BE5754E1BBCF}"= TCP:C:\Program Files\PKR\pkr.exe:p lay PKR
    "TCP Query User{DD295F2B-A6AF-41DB-BB70-5A4C0C552DE3}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
    "UDP Query User{A93AAF3B-0CD5-4850-AD14-450269541C2C}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
    "TCP Query User{6F3730BD-A8F7-43F6-9A0C-31C0B7A621A1}C:\\program files\\valve\\steam\\steamapps\\mattkiller7\\counter-strike\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\mattkiller7\counter-strike\hl.exe:Half-Life Launcher
    "UDP Query User{4C9CFD61-3F96-412E-B7F6-A821880F272F}C:\\program files\\valve\\steam\\steamapps\\mattkiller7\\counter-strike\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\mattkiller7\counter-strike\hl.exe:Half-Life Launcher
    "TCP Query User{07236ED9-4F52-4A59-A5D6-07D4B0D7C850}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
    "UDP Query User{ECD1D14C-6C78-4F59-8484-B903CBA79FE3}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
    "TCP Query User{DB75EC1C-A68B-4FAA-98A0-0AF9A76A55E7}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
    "UDP Query User{11F88FD4-D66B-4693-B25D-17A151AD379E}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
    "TCP Query User{590B3ED6-AA5C-4CF2-A07C-AC5FC7E80ADF}C:\\program files\\valve\\steam\\steamapps\\mattkiller7\\condition zero\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\mattkiller7\condition zero\hl.exe:Half-Life Launcher
    "UDP Query User{44A7D384-925A-43B6-B28A-DBBAD3D27445}C:\\program files\\valve\\steam\\steamapps\\mattkiller7\\condition zero\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\mattkiller7\condition zero\hl.exe:Half-Life Launcher
    "TCP Query User{EA63027B-7CD6-465E-ABA9-0F6163A8D146}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
    "UDP Query User{61E7B1D9-1101-44F2-BF97-849C50D707DF}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
    "TCP Query User{85D75DF0-3664-41A5-A8CD-579690D0FDC9}C:\\program files\\valve\\steam\\steamapps\\mattkiller7\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\mattkiller7\counter-strike source\hl2.exe:hl2
    "UDP Query User{FA933BCB-44B3-44DB-82FD-B8845E7C0F49}C:\\program files\\valve\\steam\\steamapps\\mattkiller7\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\mattkiller7\counter-strike source\hl2.exe:hl2
    "TCP Query User{9F55431F-F391-4C3A-ADD3-A2EAA8258A00}C:\\program files\\valve\\steam\\steamapps\\daude13\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\daude13\counter-strike source\hl2.exe:hl2
    "UDP Query User{C24DACD8-7BC2-4787-AC8A-1F286295F2F1}C:\\program files\\valve\\steam\\steamapps\\daude13\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\daude13\counter-strike source\hl2.exe:hl2
    "{92AFF84E-D42A-4B22-818A-81C1519BB1AC}"= UDP:C:\Windows\System32\PnkBstrA.exe:p nkBstrA
    "{3698746D-2FBE-4FBF-BB89-F5EC1F4806B1}"= TCP:C:\Windows\System32\PnkBstrA.exe:p nkBstrA
    "{860CDA12-86A1-46B6-A25B-752CDC75BD81}"= UDP:C:\Windows\System32\PnkBstrB.exe:p nkBstrB
    "{D8172CA5-18C7-486E-B711-4C31A89735B2}"= TCP:C:\Windows\System32\PnkBstrB.exe:p nkBstrB
    "{9AFF18EF-9BC5-4F7B-8A3B-F83A6AF95F2E}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
    "{972C8765-AB99-4E57-8F2A-57A9C536442B}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
    "{505EAA90-EA35-47C2-BA9A-8D51FFEC711B}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
    "{5240C1B1-1E1C-4B1D-819C-4285B7024F56}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
    "TCP Query User{CAE6277B-2FD2-45CA-81B9-FF62D1BDDC0D}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever
    "UDP Query User{272C9F65-752D-451B-B761-C5A10D98209C}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever
    "TCP Query User{F007F1E6-1495-4E10-8D5F-890D0BDC6DD1}C:\\users\\matt\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= UDP:C:\users\matt\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe:o ctoshapeclient.exe
    "UDP Query User{B4EA1A8E-1C8E-45C7-AD50-9579C1C15267}C:\\users\\matt\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= TCP:C:\users\matt\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe:o ctoshapeclient.exe
    "TCP Query User{4FD436DA-34BA-4B3E-A2F7-8B46D3588F3E}C:\\program files\\adsltv\\adsltv.exe"= UDP:C:\program files\adsltv\adsltv.exe:adsltv
    "UDP Query User{A63B0633-2F64-4853-9AD1-6D05BFEE3AC9}C:\\program files\\adsltv\\adsltv.exe"= TCP:C:\program files\adsltv\adsltv.exe:adsltv
    "TCP Query User{E13A7EA1-D87B-4098-B793-182B3E80D850}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
    "UDP Query User{3EF1FC25-01DE-4A9A-83C4-513836EED15B}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
    "{DBB81B0C-5D2D-4EFA-B139-5FA53E52B3B2}"= UDP:C:\Program Files\Codemasters\GRID Demo\GRID.exe:GRID Demo
    "{C778ACC5-C1EA-4EF6-8083-D7C346B466F4}"= TCP:C:\Program Files\Codemasters\GRID Demo\GRID.exe:GRID Demo
    "TCP Query User{82273AB4-6C31-45A4-BB50-7F0630D5809B}C:\\users\\matt\\appdata\\locallow\\garagegames\\iaplayer\\products\\5000\\install\\screwjumperpc.exe"= UDP:C:\users\matt\appdata\locallow\garagegames\iaplayer\products\5000\install\screwjumperpc.exe:screwjumperpc.exe
    "UDP Query User{233472B0-A002-4EFF-8BAE-0168C9638A91}C:\\users\\matt\\appdata\\locallow\\garagegames\\iaplayer\\products\\5000\\install\\screwjumperpc.exe"= TCP:C:\users\matt\appdata\locallow\garagegames\iaplayer\products\5000\install\screwjumperpc.exe:screwjumperpc.exe
    "{E0A7B9FF-2807-45B7-A22D-928C6F1E91BF}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
    "{3688F6EB-D355-4EB6-8D87-FD00126ABF9C}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
    "{01697CD4-48F6-4360-969B-204EE5E55B8E}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:p MSRegisterFile
    "{0A16CA36-9254-47F2-A5A8-8864166AFD85}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:p MSRegisterFile
    "{B1597868-F18C-49BD-AD67-7438AC69EEB3}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:umi
    "{48993F2A-33A9-47B2-B01A-895E3E8D98AA}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:umi
    "{3DF5794C-604F-49B9-A908-DFF869418BC8}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:p innacle VideoSpin
    "{B2653C09-E448-4B95-A1FF-5DD340F3E959}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:p innacle VideoSpin
    "TCP Query User{F3ED59D0-EE9A-43D9-9CFC-A5BFB07BD092}C:\\program files\\savage 2 - a tortured soul\\savage2.exe"= UDP:C:\program files\savage 2 - a tortured soul\savage2.exe:savage2
    "UDP Query User{A0070EB7-A348-4086-9F62-EA00F59ED9D1}C:\\program files\\savage 2 - a tortured soul\\savage2.exe"= TCP:C:\program files\savage 2 - a tortured soul\savage2.exe:savage2
    "TCP Query User{9732088F-9118-4BBC-BFE0-C36D8714224D}C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= UDP:C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:Apache HTTP Server
    "UDP Query User{101EE57F-4AC4-42A1-B066-A8EF2BE8AAF8}C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= TCP:C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:Apache HTTP Server

    R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 00:20]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 00:16]
    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 00:18]
    S3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 11:34]
    S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-06-10 19:13]
    S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice []
    S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe wampmysqld []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{276be7d8-fb30-11dc-bc69-001617e6b829}]
    \shell\AutoRun\command - I:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43e73afe-f92d-11dc-b5af-806e6f6e6963}]
    \shell\AutoRun\command - E:\Lance.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4542a2ce-318d-11dd-b35a-001617e6b829}]
    \shell\AutoRun\command - K:\LaunchU3.exe -a

    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-23 18:56:26
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-06-23 18:57:29
    ComboFix-quarantined-files.txt 2008-06-23 17:57:25
    ComboFix2.txt 2008-06-22 09:24:04
    ComboFix3.txt 2008-06-21 11:58:50

    Pre-Run: 80,369,319,936 octets libres
    Post-Run: 80,225,427,456 octets libres

    363 --- E O F --- 2008-06-21 10:32:10
    24 Juin 2008 00:26:38

    bonsoir

    1

    Copie (Ctrl+C) le texte ci-dessous :
    File::
    C:\Sys7F03.exe
    C:\Sys8869.exe
    C:\Sys8AEA.exe

    Folder::
    C:\327882R2FWJFW



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    2
    Passe MalwareByte's Anti-Malware comme je te l'ai demandé dans mon post précédent.
    24 Juin 2008 12:24:25

    Malwarebytes' Anti-Malware 1.18
    Version de la base de données: 883

    11:27:35 24/06/2008
    mbam-log-6-24-2008 (11-27-35).txt

    Type de recherche: Examen complet (A:\|C:\|D:\|E:\|G:\|H:\|I:\|J:\|)
    Eléments examinés: 360354
    Temps écoulé: 1 hour(s), 14 minute(s), 0 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 3
    Valeur(s) du Registre infectée(s): 6
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 21

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\Interface\{09797a7f-36ba-468b-bc71-b65e061783de} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{5e5c9077-0e64-4a3c-bd42-f9d8fc2b6dd7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{5b886f01-527a-4f05-90e2-14eacd2f8870} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Sys7C44.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Sys7C44.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Sys802C.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Sys802C.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Sys84D0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Sys84D0.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Sys7C44.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Sys802C.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Sys84D0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Sys7F03.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Sys8869.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Sys8AEA.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Sys9162.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Sys9376.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\SysBCD7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\SysBEDB.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Sys1789.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Sys17D7.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Sys1844.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Sys8116.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Sys880C.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\1.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\2.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\4.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Program Files\VAV\vav.exe.vir (Rogue.VistaAntivirus) -> Quarantined and deleted successfully.
    C:\Users\Matt\Downloads\Firefox\Patch_Redlynx.Trials.2.Second.Edition.v1.07.exe.part (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    D:\Documents and Settings\Matthieu.L\BureauRoyalhack\RoyalHack v1.0d\Public-1d.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    24 Juin 2008 17:06:06

    bonjour

    le rapport combofix?
    29 Juin 2008 01:41:37

    erreur avec combofix écran bleu et redémarage du pc
    29 Juin 2008 19:38:06

    bonjour
    reposte un log hijackthis stp
    1 Juillet 2008 12:55:06

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:54, on 2008-07-01
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    C:\Windows\PixArt\Pac207\Monitor.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jeuxvideo.com/etajvbis.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: gxvpsafm - {8205021C-E7BC-4D51-AB19-A4C500F01720} - C:\Windows\gxvpsafm.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
    O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O13 - Gopher Prefix:
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{62F2D224-FF6A-436F-8617-2EDC58693E7F}: NameServer = 212.27.32.176,212.27.32.177
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe

    --
    End of file - 6353 bytes
    2 Juillet 2008 15:17:01

    bonjour
    tu as réussi à te prendre une nouvelle infection. je suppose que tu sais comment tu l'as attrapé celle là...

    ~Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.

    ~Lance Hijackthis comme suit:
    clic-droit sur Hijackthis.exe et choisir "Exécuter en tant qu'administrateur" puis:
    Do a system scan only.
    Coche les lignes qui suivent si encore présentes et uniquement celles-là.

    O3 - Toolbar: gxvpsafm - {8205021C-E7BC-4D51-AB19-A4C500F01720} - C:\Windows\gxvpsafm.dll
    O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe




    Clique sur Fix checked (en bas à gauche)


    Sélectionne TOUS les emplacements en gras ci-dessous :

    C:\Windows\gxvpsafm.dll
    C:\Program Files\Antivirus 2008 PRO


    ---> Clique-droit puis Copier (ou Ctrl+C)

    Double-clique sur OTMoveIt.exe afin de le lancer.
    Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
    Clique maintenant sur MoveIt![/#f]

    [#ff0e00]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.

    Accepte en cliquant sur YES.

    Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log


    2 Juillet 2008 19:05:27

    C:\Windows\gxvpsafm.dll unregistered successfully.
    C:\Windows\gxvpsafm.dll moved successfully.
    C:\Program Files\Antivirus 2008 PRO\Suspicious moved successfully.
    C:\Program Files\Antivirus 2008 PRO\Infected moved successfully.
    C:\Program Files\Antivirus 2008 PRO moved successfully.

    OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07022008_180126

    Merci énormément de ton aide.
    2 Juillet 2008 21:56:48

    re

    supprime:
    C:\QooBox
    C:\_OTMoveIt

    Voilà ce que je te propose, tu vas remplacer Avast! par Antivir, qui est gratuit aussi mais beaucoup plus efficace, tu vas faire un scan avec et poster le rapport. :) 


    Désinstalle correctement Avast!


    Pour le remplacer par Antivir.

    -->Tuto<--


    Pourquoi changer ? : Avast! vs Antivir
    mais aussi:
    14 antivirus au banc d'essai
    Citation :
    Antivir : le plus efficace des gratuits


    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS